Configure VLAN Trunks on Cisco Switches

Before VLANs, each network connection required a separate corresponding physical connection, so using VLAN trunks reduces networking costs by reducing the need for expensive phycial connections and conserving the number of ports used on switches and servers. The trunk connection can be passed between two switches or between a switch and a computer.

Configuring VLAN trunks on Cisco switches and routers only takes a few steps.

First verify that the VLANs are created on both switches that are to be connected. For an in-depth look at creating vlans, look at Understanding VLANs on Cisco Switches.

Verify VLANs are created with the show vlan command.

Step 1: Verify VLANS
switchA>show vlan

VLAN Name Status Ports
---- -------------------------------- ---------
5 Accounting active fa0/1
10 Marketing active fa0/2

switchB>show vlan

VLAN Name Status Ports
---- -------------------------------- ---------
5 Accounting active fa0/1
10 Marketing active fa0/2

In the output above, we see that vlans 5 and 10 are configured on the switches and enabled on ports. A VLAN trunk between the two switches will allow devices on ports 1 on each switch to communicate and allow devices on ports 2 to communicate. A router is needed for all of the devices to talk to each other.

Step 2: Configure the trunk interfaces
For this example, the gigabit interfaces are used for the trunk links.

Switch A
switchA(config)#interface gigbbit 0/1
switchA(config-if)#switchport mode trunk

Switch B
switchB(config)#interface gigbbit 0/1
switchB(config-if)#switchport mode trunk

At this point, the two networks should start communicating across switches once the gigabit interfaces are connected, but it is a good practice to manually configure a few parameters to improve the stability and reliability of the trunk connection.

Switch A
switchA(config)#interface gigabit 0/1
switchA(config-if)#switchport trunk encapsulation dot1q

This command specifies the protocol that the two switches will use to communicate vlan information in the data that is transfered rather than leaving it to auto-negotiate. Two Cisco switches will negotiate to ISL (Interswitch Switch Link) protocol which is Cisco proprietary rather than 802.1x, a recognized standard that is compatible with almost all switches and servers.

switchA(config-if)#switchport trunk native vlan 5

The native vlan command specifies the vlan that will be transmitted without VLAN tag information. It does not mtter which vlan is used, but both switches must agree for the link to operate properly. If a native vlan is not specified, then the switches will use vlan 1 by default. Using vlan 1 can cause problems because it is used as the default for so many other things in a switch network.

switchA(config-if)#switchport trunk allowed vlan 5,10
The allowed vlan command specifies which VLANs will be allowed to communicte over the trunk link. Otherwise, unnecessary traffic may go over the link.

Switch B
switchB(config)#interface gigbbit 0/1
switchB(config-if)#switchport trunk encapsulation dot1q
switchB(config-if)#switchport trunk native vlan 5
switchB(config-if)#switchport trunk allowed vlan 5,10

Adding or removing a VLAN
If VLAN 15 was configured on the switches, then it would need to be added to the trunk port on each switch.

Switch A
switchA(config)#interface gigbbit 0/1
switchA(config-if)#switchport trunk allowed vlan add 15

Switch B
switchB(config)#interface gigbbit 0/1
switchB(config-if)#switchport trunk allowed vlan add 15

A VLAN can be removed with a similar command:

Switch A
switchA(config)#interface gigbbit 0/1
switchA(config-if)#switchport trunk allowed vlan remove 15

Switch B
switchB(config)#interface gigbbit 0/1
switchB(config-if)#switchport trunk allowed vlan remove 15

Be Careful
Verify that you used the add or remove option in the command or it will overwrite the allowed VLANS with only the VLAN that was to be added and communication between the other VLANs wil be broken.

For more detailed information, visit Cisco's technical article on configuring VLAN trunks.