802.1Q Trunking Protocol - CCNP ENCOR Infrastructure Guide

802.1Q Trunking Protocol - Complete Guide

Why 802.1Q Trunking is Important

802.1Q trunking is a fundamental technology in modern network infrastructure. Understanding it is critical for CCNP ENCOR because:

• VLAN Extension: Allows VLANs to span multiple switches across network infrastructure
• Network Scalability: Enables efficient use of link bandwidth by carrying multiple VLANs over a single physical connection
• Trunk Efficiency: Reduces the number of physical cables needed between switches
• Multi-Access Networks: Essential for enterprise networks requiring VLAN segregation across multiple devices
• Exam Relevance: Frequently tested in CCNP ENCOR for practical network implementation scenarios

What is 802.1Q Trunking?

802.1Q trunking is an IEEE standard that defines how Virtual LAN (VLAN) information is carried across network links. It allows a single physical connection between switches to carry traffic from multiple VLANs simultaneously.

Key Definition: A trunk is a point-to-point link that carries frames from multiple VLANs by inserting a 4-byte VLAN tag into each frame's header.

Core Concepts:

• VLAN Tagging: Each frame traversing a trunk is tagged with a VLAN identifier (VLAN ID)
• Native VLAN: An untagged VLAN on a trunk, typically used for management traffic
• Tagged Frames: Frames carrying VLAN information across trunk links
• Trunk Ports: Switch ports configured to operate in trunking mode

How 802.1Q Trunking Works

The VLAN Tag Structure

When 802.1Q is enabled, a 4-byte tag is inserted into the Ethernet frame:

• TPID (Tag Protocol Identifier): 2 bytes identifying the frame as a tagged frame (value: 0x8100)
• TCI (Tag Control Information): 2 bytes containing priority and VLAN ID information
• Priority Code Point (PCP): 3 bits for QoS marking (0-7)
• Canonical Format Indicator (CFI): 1 bit
• VLAN ID (VID): 12 bits identifying the VLAN (0-4094)

Frame Processing on Trunks

Ingress Processing (Receiving):

• Switch receives untagged frame on access port
• Switch adds VLAN tag based on port's assigned VLAN
• Tagged frame is sent across trunk

Trunk Processing (Transmission):

• Switch receives tagged frame on trunk port
• Examines VLAN ID in the tag
• Forwards frame out appropriate egress ports for that VLAN

Egress Processing (Sending):

• For access ports: Tag is removed before transmission
• For trunk ports: Tag is maintained for transmission
• Native VLAN frames may be untagged on trunk

Native VLAN Behavior

The native VLAN is a special VLAN on trunk links:

• Default Native VLAN: VLAN 1 by default on Cisco switches
• Untagged Frames: Frames from the native VLAN are sent untagged on the trunk
• Reception: Untagged frames received on a trunk are assigned to the native VLAN
• Configuration: Can be changed per trunk link using switchport trunk native vlan command
• Best Practice: Match native VLAN on both sides of trunk to avoid security issues

Allowed VLANs on Trunks

By default, a trunk carries all VLANs (1-4094). You can restrict which VLANs traverse a trunk:

• Default Behavior: All VLANs are allowed on the trunk
• Configuration: Use switchport trunk allowed vlan command
• Pruning: Restrict traffic to specific VLANs for bandwidth optimization and security

Practical Implementation Examples

Basic Trunk Configuration

Example: Configuring a trunk between two switches

Switch A (Interface Fa0/1):

interface FastEthernet0/1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,20,30
end

Switch B (Interface Fa0/1):

interface FastEthernet0/1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,20,30
end

Access Port Configuration

Example: Configuring an access port in VLAN 10

interface FastEthernet0/2
switchport mode access
switchport access vlan 10
end

Key Technical Details

Trunk Negotiation Protocols

• DTP (Dynamic Trunking Protocol): Cisco proprietary protocol for dynamic trunk negotiation
• Static Configuration: Manually configuring switchport mode trunk (recommended)
• Negotiation Modes:
  • auto: Passively waits for trunk negotiation
  • desirable: Actively negotiates trunk status
  • trunk: Forces trunk mode (no negotiation)
  • access: Forces access mode (no negotiation)

Common Issues and Troubleshooting

• Native VLAN Mismatch: Can cause connectivity issues and security vulnerabilities; always verify matching native VLANs
• VLAN Not Allowed: Ensure VLAN is in the allowed list on the trunk
• Trunk Negotiation Failures: Use static trunk configuration (switchport mode trunk) to avoid DTP issues
• Frame Size: Trunked links must support larger frame sizes due to added VLAN tag (maximum 1522 bytes)

Exam Tips: Answering Questions on 802.1Q Trunking Protocols

Tip 1: Understand VLAN ID vs. Native VLAN

Common Misconception: Confusing the VLAN ID field with the native VLAN setting.
Exam Application: When asked about trunking behavior, remember that the native VLAN is untagged on the trunk, while all other VLANs are tagged. Questions often test this distinction.

Tip 2: Recognize DTP and Static Trunking Differences

Key Distinction: DTP is dynamic negotiation; static trunking is manual configuration.
Exam Strategy: Best practice questions typically favor static trunk configuration (switchport mode trunk). When a question asks about reliability or security, static configuration is usually the correct answer.

Tip 3: Remember Frame Format Changes

Critical Detail: 802.1Q adds a 4-byte header to each frame.
Exam Question Type: Watch for questions about maximum frame size, MTU settings, or troubleshooting frame-related issues. The answer often involves accounting for the extra 4 bytes.

Tip 4: Allowed VLAN Configuration

Command Knowledge: Know the difference between:

• switchport trunk allowed vlan: Restricts which VLANs can traverse the trunk
• switchport trunk native vlan: Designates the untagged VLAN

Exam Application: Scenario-based questions often require you to determine why a VLAN is not communicating across a trunk—frequently the answer involves checking the allowed VLAN list.

Tip 5: Distinguish Between Access and Trunk Modes

Clear Definition:

• Access Mode: Carries frames from a single VLAN; removes tags before transmission
• Trunk Mode: Carries frames from multiple VLANs; maintains tags for transmission

Exam Strategy: When presented with a network diagram, quickly identify which ports should be access (end devices, servers) and which should be trunk (switch-to-switch connections).

Tip 6: Recognize Configuration Errors in Scenarios

Common Scenarios:

• Scenario: Two switches connected, VLAN 20 traffic not passing between them
  Solution Path: Check: (1) Is trunk configured? (2) Is VLAN 20 in allowed list? (3) Do both sides have matching native VLAN?
• Scenario: All traffic suddenly stops between two switches
  Solution Path: Check: (1) Is trunk status active? (2) Are native VLANs matching? (3) Is there a VLAN mismatch issue?

Tip 7: Master the Configuration Sequence

Recommended Order for Trunk Configuration:

1. Enter interface configuration mode
2. Set switchport mode to trunk (or use manual configuration)
3. Configure native VLAN (if different from default)
4. Configure allowed VLANs (if restricting)
5. Verify configuration with show commands

Tip 8: Use Verification Commands Strategically

Essential Commands for Exam Scenarios:

• show interfaces trunk: Displays trunk status, native VLAN, allowed VLANs
• show vlan: Shows VLAN membership and port assignments
• show interfaces switchport: Displays mode (access/trunk) and VLAN configuration
• show dtp: Shows DTP status and negotiation results

Exam Tip: When troubleshooting in case studies, always verify configuration before assuming a problem exists.

Tip 9: Understand Security Implications

Security Consideration: Native VLAN mismatch can allow VLAN hopping attacks.
Exam Application: Questions about hardening switch security often include ensuring matching native VLANs across all trunk links. Some exam questions test whether you understand that mismatched native VLANs create vulnerabilities.

Tip 10: Practice Diagram Interpretation

Exam Strategy: Network diagrams in the exam may show:

• Multiple switches with various VLAN assignments
• Trunk links between switches
• End devices on access ports

Your Approach: Quickly identify the trunk links, note which VLANs are present, and determine the native VLAN. This mental model helps you answer configuration and troubleshooting questions rapidly.

Study Checklist for 802.1Q Trunking

• Understand the 4-byte 802.1Q tag structure (TPID, PCP, CFI, VID)
• Know the difference between tagged and untagged frames
• Master native VLAN behavior and configuration
• Understand allowed VLAN configuration and filtering
• Distinguish between DTP modes and static trunking
• Recognize common trunk configuration errors
• Practice trunk troubleshooting scenarios
• Know relevant show commands and their outputs
• Understand security implications of misconfigurations
• Practice configuration commands on lab equipment or simulators

Conclusion

802.1Q trunking is a cornerstone of VLAN technology and is heavily tested in CCNP ENCOR. By understanding the tag structure, native VLAN behavior, and common configuration scenarios, you'll be well-prepared to answer both theoretical and practical exam questions. Focus on the distinction between access and trunk modes, master the configuration commands, and practice troubleshooting scenarios to solidify your knowledge.