2.5 Configure, verify, and troubleshoot interswitch connectivity

2.0 LAN Switching Technologies 4 Minutes

2.5.a Trunk ports

To configure a trunk port choose the encapsulation then specify the mode:

IOU1(config-if)#switchport trunk encapsulation ?
 dot1q Interface uses only 802.1q trunking encapsulation when trunking
 isl Interface uses only ISL trunking encapsulation when trunking
 negotiate Device will negotiate trunking encapsulation with peer on
 interface

“dot1q” (802.1q) is the most common with some switches only supporting this protocol.

Next configure the negotiation mode:

IOU1(config-if)#switchport mode ?
 access Set trunking mode to ACCESS unconditionally
 dot1q-tunnel set trunking mode to TUNNEL unconditionally
 dynamic Set trunking mode to dynamically negotiate access or trunk mode
 private-vlan Set private-vlan mode
 trunk Set trunking mode to TRUNK unconditionally

If you choose “dynamic” you have two options:

IOU1(config-if)#switchport mode dynamic ?
 auto Set trunking mode dynamic negotiation parameter to AUTO
 desirable Set trunking mode dynamic negotiation parameter to DESIRABLE

IOU1(config-if)#

If you want a trunk to form and you chose “dynamic auto”  mode you will need to set the other switch to “trunk” for “dynamic desirable” mode. Otherwise neither switch will initiate a trunk port.

To verify trunking use the “show” commands:

IOU1#show int trunk

Port Mode Encapsulation Status Native vlan
Et0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Et0/1 1-4094

Port Vlans allowed and active in management domain
Et0/1 1,10,1006

Port Vlans in spanning tree forwarding state and not pruned
Et0/1 1,10,1006
IOU1#show interface switchport 

Name: Et0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Appliance trust: none

In order for a switch to send traffic through a trunk port the VLAN must be in the VLAN database of all switches in the traffic’s path:

IOU1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/2, Et0/3, Et1/0, Et1/1
                                                Et1/2, Et1/3
10   VLAN0010                         active    Et0/0
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
1006 VLAN1006                         active    Et0/0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   
1006 enet  101006     1500  -      -      -        -    -        0      0   

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

2.5.b Add and remove VLANs on a trunk

VLANs can be added or removed from the trunk port:

IOU1(config-if)#switchport trunk ?
 allowed Set allowed VLAN characteristics when interface is in trunking
 mode

Use the various commands to add or remove VLANs:

IOU1(config-if)#switchport trunk allowed vlan ?
 WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
 add add VLANs to the current list
 all all VLANs
 except all VLANs except the following
 none no VLANs
 remove remove VLANs from the current list

2.5.c DTP, VTP (v1&v2), and 802.1Q

DTP ( Dynamic Trunking Protocol ) is used to negotiate trunks between switches when “dynamic desirable” and “dynamic auto” are set. To disable DTP use the “switchport nonegotiate” or “switchport mode trunk” commands.

VTP is the VLAN Trunking Protocol. It is a Cisco proprietary protocol that is used to share VLAN database information between switches.

To configure VTP on a switch:

IOU1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOU1(config)#vtp mode server
Device mode already VTP Server for VLANS.
IOU1(config)#vtp domain foobar
Domain name already set to foobar.
IOU1(config)#vtp password secret
Setting device VTP password to secret
IOU1(config)#vtp pruning
Pruning already switched on
IOU1(config)#^Z

On the neighboring switch enter the commands. It is recommended to only have one VTP server to simplify configuration. Configure the next switch as a client:

IOU2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IOU2(config)#vtp mode client
Device mode already VTP Client for VLANS.
IOU2(config)#vtp domain foobar
Domain name already set to foobar.
IOU2(config)#vtp password secret
Setting device VTP password to secret
IOU2(config)#^Z

To troubleshoot use the following commands:

Verify that a operation trunk exists and that switches can see each other (VTP needs a trunk port):

IOU1#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, 
                  D - Remote, C - CVTA, M - Two-port Mac Relay 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
IOU2             Eth 0/1           143             R S I  Linux Uni Eth 0/1

Total cdp entries displayed : 1
IOU1#show int trun

Port        Mode             Encapsulation  Status        Native vlan
Et0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Et0/1       1-4094

Port        Vlans allowed and active in management domain
Et0/1       1,10,100-101,200,202,1000,1006

Port        Vlans in spanning tree forwarding state and not pruned
Et0/1       1,10,1006
IOU1#

Also check that the domain, password and MD5 digest match on the neighboring switches.

To troubleshoot 802.1Q trunking verify the following:

  1. L2 connectivity (duplex/speed)
  2. One switch must have either “switchport mode trunk” or “switchport mode dynamic desirable” to form a trunk with a switch with “switchport mode dynamic auto”
  3. Both switches are using the same encapsulation
  4. Check both switches have the VLANs entered in the VLAN database. Missing VLANs will not be processed.
  5. Check the native VLANs match

2.5.d Native VLAN

The native VLAN is simply a VLAN that is forwarded over the trunk without the 802.1Q tag inserted.

It can be configured with the following:

IOU1(config-if)#switchport trunk native ?
 vlan Set native VLAN when interface is in trunking mode

Mismatched native VLANS will result in connectivity issues as some traffic will be tagged in one direction but not in the other.

Published by Wilyarti

Published

Leave a comment