How to configure trunk on Cisco Catalyst Switch

mohammed.eisa21 · January 18, 2016, 6:30am

Dear Rene

what about gns3 with IOU and virtual box if I can’t buy real switch?

BR;

Mohamed Khalil

ReneMolenaar · January 19, 2016, 10:27am

Hi Mohamed,

IOU will work, the L2 image supports most of the switching commands. VLANs and trunking is no problem.

Rene

ReneMolenaar · January 19, 2016, 11:41am

Hi Jeffery,

I would suggest the Cisco Catalyst 2950, 2960, 3550, 3560 and 3750 switches for CCNA/CCNP. You can find the differences between these switches here:

Recommended lab equipment for CCNA

Cisco CCNP SWITCH Lab Equipment

Rene

jmwalker24 · March 15, 2016, 5:46pm

Glad you made a video for this topic. Your classes are a life saver.

ssb9538 · March 25, 2016, 3:16pm

This was one of the best explanations i saw online! Thanks a lot!

bookgoddess66 · April 10, 2016, 3:03am

Watching you configure a link with all combinations of access/trunk/dynamic auto/dynamic desirable and fill in the chart was extremely helpful. That chart is a great study tool and reminder, in case I forget. Thanks!

ReneMolenaar · April 10, 2016, 8:21am

Good to hear it was useful Teressa!

Rene

vikki1990agarwal12 · April 16, 2016, 6:06pm

Hi Rene,

I have 2 doubts:

I tried this on Packet Tracer.

One side of the link between the 2 switches, I set one side as TRUNK and other side as ACCESS.
Wen I do show trunk, it does show me a trunk on one side and not on the other.
Also I didnt see any port inconsistent state message.
What must be the error

If one side is set to manual TRUNK and the other side to AUTO, how does the trunk link even form ? who is sending out negotiation packets in this case ???

ReneMolenaar · April 17, 2016, 12:30pm

Hi Vikas,

If one side is set to trunk and the other as access then you do have a mismatch. It’s possible that packet tracer doesn’t report this, it’s an emulator after all.

Even if you use static trunk or access mode, negotiation still takes place. This is done by DTP. Take a look at this lesson:

Cisco DTP (Dynamic Trunking Protocol)

Rene

andrew · May 1, 2016, 12:59am

Nicholas,
Your left hand side description is correct. Since the incoming tag matches the native vlan of the trunk, the tag gets discarded. I suspect, however, that your scenario would break if you told your switch “switchport trunk native vlan tag” which means that even the native vlan keeps the tag. Since almost all PCs have no idea what a vlan tag is, it would discard the packet.

For your right hand side, I suspect the problem is not knowing what the access port VLAN is for connection from Switch 5 to Switch 6. If it is not vlan 10, this would explain the failure.

rxpc · July 22, 2016, 4:33am

I was reading an article that mentioned a VLAN must not be tagged twice. When do we say the VLAN is tagged? If on cisco I use command vlan 30 name test. Than it just creates a pass thru vlan - this should not be tagging. If I assign an interface to it and give an IP address, is that called tagging? or If I just mention interface vlan 30 description test — is this the tagging. To summarize:

#vlan 30
#name Test Is this tagging

#interface vlan 30
#description TEST Is this tagging

config gi0/1

rxpc · July 22, 2016, 4:36am

in continuation to previous mail:

config int gi0/1
swtichport mode access vlan 30 Is this tagging?

lagapidis · July 22, 2016, 8:26pm

Hello Pankaj.

Tagging occurs when a frame exits a switch on a trunk port. If you have a trunk port with VLANs 10 and 20 allowed on it for example, and you send a frame from VLAN 10 through that trunk, as it exits the physical port, a tag of “10” will be placed in the header of the frame.

So in none of your above examples is tagging being configured. The following configuration configures a trunk:

interface fastethernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20

These commands tell the switch that frames that exit fastethernet 0/1 must be tagged with the appropriate VLAN tag.

Now you mention that you read that you should not tag a frame twice. The article you read is probably referring to double tagging as a method of attacking networked resources to gain access to traffic on other VLANs that would normally not be accessible. This is a security issue that you can read more about here: https://supportforums.cisco.com/discussion/12304791/double-tagging-through-access-ports-why

There are cases where you do want to have two tags such as when you use q-in-q. You can read more about it in Rene’s lessons here: https://networklessons.com/switching/802-1q-tunneling-q-q-configuration-example/

I hope this has been helpful!

Laz

adave1103 · August 5, 2016, 5:34pm

very nice article rene.
If I am connecting a router (lets say ASR1000) with a switch (lets say 3750)…what will be the port type on switch ?
and what config is needed on both router and switch.

Many thanks

andrew · August 5, 2016, 10:12pm

Abhishek,
This question can’t be answered generically. How you configure the switchport is entirely dependent on your environment and what you are trying to do. It could be either an access layer port or a trunk port.

The more interesting of the two cases would be when you have multiple VLANs, and you are using the router as a “Router on a stick.” In the example below, we are using two VLANs, 2 (data) and 3 (phones).

Router Config (partial)

interface GigabitEthernet0/0.2
 description DATA
 encapsulation dot1Q 2
 ip address 10.10.2.254 255.255.255.0
!
interface GigabitEthernet0/0.3
 description PHONES
 encapsulation dot1Q 3
 ip address 10.10.3.254 255.255.255.0

Switch Config (partial)

vlan 2
 name DATA
!
vlan 3
 name PHONES
!
interface GigabitEthernet0/3
 description Connection-To-Router-Gig0/0
 switchport trunk allowed vlan 2,3
 switchport mode trunk

mzamjad · August 10, 2016, 12:49pm

Thanks Awesome really appropriate you effort.

SwitchA(config)#interface fa0/14
SwitchA(config-if)#switchport mode dynamic auto
SwitchA(config)#interface fa0/14
SwitchB(config-if)#switchport mode dynamic auto

In the above need very small correction NO 3 should be SwitchB

SwitchB(config)#interface fa0/14

shantel · December 20, 2016, 10:09pm

19 posts were merged into an existing topic: How to configure trunk on Cisco Catalyst Switch

alexhouskee · March 4, 2018, 2:15am

Following your guide step by step on two Catalyst 2950s, when I connect the two switches together I am getting: Operational Mode down. I have tested both the cable and ports to make sure they are operational and both ports are “no shut”. Any suggestions?

ReneMolenaar · March 5, 2018, 3:47pm

Hello Rachael,

Operational mode down means that interface itself is down. If you look at the interface status, what does it say?

SW1#show interfaces GigabitEthernet 0/1
GigabitEthernet0/1 is down, line protocol is down (notconnect)

If it shows up as down, are you sure you used a crossover cable between the 2950 switches? They don’t support autosensing so it has to be a crossover cable:

Rene

jag187 · June 18, 2018, 5:14pm

I have a question. I have created the trunks like the tutorial, my issue is I cannot get Switch A to talk my laptop that is connected to switch A in a real lab situation. I have statically set my laptop to have the ip address 192.168.1.1 255.255.255.0 and I have connected the other end of the ethernet cable to port 0/1 on the switch, I have set the switch to be in access mode on vlan 50. If I ping 192.168.1.1 from the switch the pings fail and device is not showing in the mac table, although the interface is up up. Could you recommend any check I can preform between the switch and the PC.