<\/p>\n\n\n\n
Trunking allows us to carry traffic for multiple VLANs across a single physical link between Cisco switches. This is achieved by encapsulating VLAN information within the Ethernet frame using protocols like 802.1Q.<\/p>\n\n\n\n
In this post, we’ll explore configuring Trunk on Cisco switches using Packet Tracer to enable communication between VLANs. Before we dive in, make sure to check out this post<\/a> if you want to learn about VLAN configuration. Additionally, we talk about Manual Trunking and Dynamic Trunking Protocol (DTP).<\/p>\n\n\n\n<\/p>\n\n\n\nManual Trunking vs. Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nBoth manual trunking and DTP (Dynamic Trunking Protocol) allow you to configure switch ports for carrying traffic from multiple VLANs, but they achieve this in different ways:<\/p>\n\n\n\n<\/p>\n\n\n\nManual Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\n\nOffers more granular control over the trunking configuration.<\/li>\n\n\n\nRequires explicit configuration on both switch ports involved in the trunk.<\/li>\n<\/ul>\n\n\n\n<\/p>\n\n\n\nDynamic Trunking Protocol (DTP)<\/h3>\n\n\n\n<\/p>\n\n\n\n\nAutomates trunk negotiation between Cisco devices.<\/li>\n\n\n\nSimplifies configuration but can lead to unexpected behavior if not carefully managed.<\/li>\n<\/ul>\n\n\n\nDTP have many negation mode available:<\/p>\n\n\n\n\nDesirable (default)<\/strong>: Attempts to establish a trunk but falls back to access mode if negotiation.<\/li>\n\n\n\nOn (trunking mode)<\/strong>: Forces the port into trunk mode, potentially causing issues if the other device doesn’t support DTP.<\/li>\n\n\n\nAuto<\/strong>: Only initiates trunk negotiation, requiring the other device to also be in auto or desirable.<\/li>\n\n\n\nNonnegotiate<\/strong>: Disables DTP negotiation altogether.<\/li>\n<\/ul>\n\n\n\nThere are many cases when we use DTP. For instance, in this case, if we have a DTP <\/strong>port set to Dynamic-Auto<\/strong> on Switch 1<\/strong>, when connect that port to Switch 2<\/strong> also set as Dynamic-Auto<\/strong>, DTP <\/strong>port, we will automatically have Access link <\/strong>between two switches.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nHowever, in this case, if we have one end of the switch (Switch 1<\/strong>) to be set to Dynamic-Auto<\/strong> and the other end (Switch 2<\/strong>) is set to Dynamic-Desirable<\/strong>, we will have an automatic Trunk link <\/strong>and add all VLANs to it.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nAnd in this case, we have a trunk port<\/strong> manually configured on Switch 1<\/strong>, and on Switch 2<\/strong> is set to Dynamic-Auto<\/strong>, DTP<\/strong>, we will automatically have a Trunk link <\/strong>between two switches.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nBelow is the summary of DTP Possibilities:<\/p>\n\n\n\nScenario (Switch 1 \/ Switch 2)<\/strong><\/td>Result<\/strong><\/td>Security Risk<\/strong><\/td><\/tr>Trunk \/ Trunk (DTP on)<\/td>Trunk Link Established<\/td>High – Forced trunking, bypasses negotiation<\/td><\/tr>Desirable \/ Trunk<\/td>Trunk Link Established (if both support DTP)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Desirable \/ Desirable (Default)<\/td>Trunk Link Established (if both support DTP) or Fallback to Access Mode<\/strong> (if negotiation fails)<\/td>Low – Negotiation prevents accidental trunking<\/td><\/tr>Desirable \/ Auto<\/td>Trunk Link Established (if both initiate negotiation)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Auto \/ Auto<\/td>Fallback to Access Mode<\/strong> (unless both initiate negotiation simultaneously)<\/td>None – Requires specific timing for trunk formation<\/td><\/tr>Nonegotiate \/ Any Mode<\/td>Switch with nonegotiate remains in Access Mode<\/strong><\/td>None – Prevents accidental trunking<\/td><\/tr>Desirable \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Desirable switch falls back to Down<\/strong><\/td>Moderate (Desirable switch) – Potential configuration error or security measure<\/td><\/tr>Auto \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Auto switch falls back to Down<\/strong><\/td>Low (Auto switch) – Requires manual intervention<\/td><\/tr>Auto \/ Trunk<\/td>Trunk Link Established (if Auto switch responds to Trunk initiation)<\/td>Moderate (depends on switch configuration) – Potential for unintended trunking<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<\/p>\n\n\n\nRecommendation<\/h3>\n\n\n\n<\/p>\n\n\n\nDTP can be useful for quick setups in controlled environments where all devices are Cisco switches. However, you should perform manual trunking for its security and control benefits. Trunk link can give access to all VLANs in the network, so a misconfigured trunk could expose sensitive data if unauthorized access occurs.<\/p>\n\n\n\n<\/p>\n\n\n\nLab 1: Manual Trunking<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nHere is the network topology:<\/p>\n\n\n\n<\/figure><\/div>\n\n\n\nOn Switch 1<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong> <\/li>\n\n\n\nOn Switch 2<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong><\/li>\n\n\n\nVLAN 10<\/strong> is named “HR<\/strong>” and VLAN 20 <\/strong>is named “Marketing<\/strong>“<\/li>\n\n\n\nWe configure the Trunk link on F0\/24<\/strong> on both switches<\/li>\n<\/ul>\n\n\n\n<\/p>\n\n\n\nCreate VLANs on Switch 1 and Switch 2<\/h3>\n\n\n\n<\/p>\n\n\n\nFirst, we check the running configuration on Switch 1<\/strong> with the command “show running-config<\/strong>“. We should see port F0\/1 <\/strong>and F0\/4<\/strong> currently don’t have any configuration on them. <\/p>\n\n\n\nSwitch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Both manual trunking and DTP (Dynamic Trunking Protocol) allow you to configure switch ports for carrying traffic from multiple VLANs, but they achieve this in different ways:<\/p>\n\n\n\n
DTP have many negation mode available:<\/p>\n\n\n\n
There are many cases when we use DTP. For instance, in this case, if we have a DTP <\/strong>port set to Dynamic-Auto<\/strong> on Switch 1<\/strong>, when connect that port to Switch 2<\/strong> also set as Dynamic-Auto<\/strong>, DTP <\/strong>port, we will automatically have Access link <\/strong>between two switches.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nHowever, in this case, if we have one end of the switch (Switch 1<\/strong>) to be set to Dynamic-Auto<\/strong> and the other end (Switch 2<\/strong>) is set to Dynamic-Desirable<\/strong>, we will have an automatic Trunk link <\/strong>and add all VLANs to it.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nAnd in this case, we have a trunk port<\/strong> manually configured on Switch 1<\/strong>, and on Switch 2<\/strong> is set to Dynamic-Auto<\/strong>, DTP<\/strong>, we will automatically have a Trunk link <\/strong>between two switches.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nBelow is the summary of DTP Possibilities:<\/p>\n\n\n\nScenario (Switch 1 \/ Switch 2)<\/strong><\/td>Result<\/strong><\/td>Security Risk<\/strong><\/td><\/tr>Trunk \/ Trunk (DTP on)<\/td>Trunk Link Established<\/td>High – Forced trunking, bypasses negotiation<\/td><\/tr>Desirable \/ Trunk<\/td>Trunk Link Established (if both support DTP)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Desirable \/ Desirable (Default)<\/td>Trunk Link Established (if both support DTP) or Fallback to Access Mode<\/strong> (if negotiation fails)<\/td>Low – Negotiation prevents accidental trunking<\/td><\/tr>Desirable \/ Auto<\/td>Trunk Link Established (if both initiate negotiation)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Auto \/ Auto<\/td>Fallback to Access Mode<\/strong> (unless both initiate negotiation simultaneously)<\/td>None – Requires specific timing for trunk formation<\/td><\/tr>Nonegotiate \/ Any Mode<\/td>Switch with nonegotiate remains in Access Mode<\/strong><\/td>None – Prevents accidental trunking<\/td><\/tr>Desirable \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Desirable switch falls back to Down<\/strong><\/td>Moderate (Desirable switch) – Potential configuration error or security measure<\/td><\/tr>Auto \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Auto switch falls back to Down<\/strong><\/td>Low (Auto switch) – Requires manual intervention<\/td><\/tr>Auto \/ Trunk<\/td>Trunk Link Established (if Auto switch responds to Trunk initiation)<\/td>Moderate (depends on switch configuration) – Potential for unintended trunking<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<\/p>\n\n\n\nRecommendation<\/h3>\n\n\n\n<\/p>\n\n\n\nDTP can be useful for quick setups in controlled environments where all devices are Cisco switches. However, you should perform manual trunking for its security and control benefits. Trunk link can give access to all VLANs in the network, so a misconfigured trunk could expose sensitive data if unauthorized access occurs.<\/p>\n\n\n\n<\/p>\n\n\n\nLab 1: Manual Trunking<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nHere is the network topology:<\/p>\n\n\n\n<\/figure><\/div>\n\n\n\nOn Switch 1<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong> <\/li>\n\n\n\nOn Switch 2<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong><\/li>\n\n\n\nVLAN 10<\/strong> is named “HR<\/strong>” and VLAN 20 <\/strong>is named “Marketing<\/strong>“<\/li>\n\n\n\nWe configure the Trunk link on F0\/24<\/strong> on both switches<\/li>\n<\/ul>\n\n\n\n<\/p>\n\n\n\nCreate VLANs on Switch 1 and Switch 2<\/h3>\n\n\n\n<\/p>\n\n\n\nFirst, we check the running configuration on Switch 1<\/strong> with the command “show running-config<\/strong>“. We should see port F0\/1 <\/strong>and F0\/4<\/strong> currently don’t have any configuration on them. <\/p>\n\n\n\nSwitch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
However, in this case, if we have one end of the switch (Switch 1<\/strong>) to be set to Dynamic-Auto<\/strong> and the other end (Switch 2<\/strong>) is set to Dynamic-Desirable<\/strong>, we will have an automatic Trunk link <\/strong>and add all VLANs to it.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nAnd in this case, we have a trunk port<\/strong> manually configured on Switch 1<\/strong>, and on Switch 2<\/strong> is set to Dynamic-Auto<\/strong>, DTP<\/strong>, we will automatically have a Trunk link <\/strong>between two switches.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nBelow is the summary of DTP Possibilities:<\/p>\n\n\n\nScenario (Switch 1 \/ Switch 2)<\/strong><\/td>Result<\/strong><\/td>Security Risk<\/strong><\/td><\/tr>Trunk \/ Trunk (DTP on)<\/td>Trunk Link Established<\/td>High – Forced trunking, bypasses negotiation<\/td><\/tr>Desirable \/ Trunk<\/td>Trunk Link Established (if both support DTP)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Desirable \/ Desirable (Default)<\/td>Trunk Link Established (if both support DTP) or Fallback to Access Mode<\/strong> (if negotiation fails)<\/td>Low – Negotiation prevents accidental trunking<\/td><\/tr>Desirable \/ Auto<\/td>Trunk Link Established (if both initiate negotiation)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Auto \/ Auto<\/td>Fallback to Access Mode<\/strong> (unless both initiate negotiation simultaneously)<\/td>None – Requires specific timing for trunk formation<\/td><\/tr>Nonegotiate \/ Any Mode<\/td>Switch with nonegotiate remains in Access Mode<\/strong><\/td>None – Prevents accidental trunking<\/td><\/tr>Desirable \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Desirable switch falls back to Down<\/strong><\/td>Moderate (Desirable switch) – Potential configuration error or security measure<\/td><\/tr>Auto \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Auto switch falls back to Down<\/strong><\/td>Low (Auto switch) – Requires manual intervention<\/td><\/tr>Auto \/ Trunk<\/td>Trunk Link Established (if Auto switch responds to Trunk initiation)<\/td>Moderate (depends on switch configuration) – Potential for unintended trunking<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<\/p>\n\n\n\nRecommendation<\/h3>\n\n\n\n<\/p>\n\n\n\nDTP can be useful for quick setups in controlled environments where all devices are Cisco switches. However, you should perform manual trunking for its security and control benefits. Trunk link can give access to all VLANs in the network, so a misconfigured trunk could expose sensitive data if unauthorized access occurs.<\/p>\n\n\n\n<\/p>\n\n\n\nLab 1: Manual Trunking<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nHere is the network topology:<\/p>\n\n\n\n<\/figure><\/div>\n\n\n\nOn Switch 1<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong> <\/li>\n\n\n\nOn Switch 2<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong><\/li>\n\n\n\nVLAN 10<\/strong> is named “HR<\/strong>” and VLAN 20 <\/strong>is named “Marketing<\/strong>“<\/li>\n\n\n\nWe configure the Trunk link on F0\/24<\/strong> on both switches<\/li>\n<\/ul>\n\n\n\n<\/p>\n\n\n\nCreate VLANs on Switch 1 and Switch 2<\/h3>\n\n\n\n<\/p>\n\n\n\nFirst, we check the running configuration on Switch 1<\/strong> with the command “show running-config<\/strong>“. We should see port F0\/1 <\/strong>and F0\/4<\/strong> currently don’t have any configuration on them. <\/p>\n\n\n\nSwitch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
And in this case, we have a trunk port<\/strong> manually configured on Switch 1<\/strong>, and on Switch 2<\/strong> is set to Dynamic-Auto<\/strong>, DTP<\/strong>, we will automatically have a Trunk link <\/strong>between two switches.<\/p>\n\n\n\n<\/figure><\/div>\n\n\nBelow is the summary of DTP Possibilities:<\/p>\n\n\n\nScenario (Switch 1 \/ Switch 2)<\/strong><\/td>Result<\/strong><\/td>Security Risk<\/strong><\/td><\/tr>Trunk \/ Trunk (DTP on)<\/td>Trunk Link Established<\/td>High – Forced trunking, bypasses negotiation<\/td><\/tr>Desirable \/ Trunk<\/td>Trunk Link Established (if both support DTP)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Desirable \/ Desirable (Default)<\/td>Trunk Link Established (if both support DTP) or Fallback to Access Mode<\/strong> (if negotiation fails)<\/td>Low – Negotiation prevents accidental trunking<\/td><\/tr>Desirable \/ Auto<\/td>Trunk Link Established (if both initiate negotiation)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Auto \/ Auto<\/td>Fallback to Access Mode<\/strong> (unless both initiate negotiation simultaneously)<\/td>None – Requires specific timing for trunk formation<\/td><\/tr>Nonegotiate \/ Any Mode<\/td>Switch with nonegotiate remains in Access Mode<\/strong><\/td>None – Prevents accidental trunking<\/td><\/tr>Desirable \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Desirable switch falls back to Down<\/strong><\/td>Moderate (Desirable switch) – Potential configuration error or security measure<\/td><\/tr>Auto \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Auto switch falls back to Down<\/strong><\/td>Low (Auto switch) – Requires manual intervention<\/td><\/tr>Auto \/ Trunk<\/td>Trunk Link Established (if Auto switch responds to Trunk initiation)<\/td>Moderate (depends on switch configuration) – Potential for unintended trunking<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<\/p>\n\n\n\nRecommendation<\/h3>\n\n\n\n<\/p>\n\n\n\nDTP can be useful for quick setups in controlled environments where all devices are Cisco switches. However, you should perform manual trunking for its security and control benefits. Trunk link can give access to all VLANs in the network, so a misconfigured trunk could expose sensitive data if unauthorized access occurs.<\/p>\n\n\n\n<\/p>\n\n\n\nLab 1: Manual Trunking<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nHere is the network topology:<\/p>\n\n\n\n<\/figure><\/div>\n\n\n\nOn Switch 1<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong> <\/li>\n\n\n\nOn Switch 2<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong><\/li>\n\n\n\nVLAN 10<\/strong> is named “HR<\/strong>” and VLAN 20 <\/strong>is named “Marketing<\/strong>“<\/li>\n\n\n\nWe configure the Trunk link on F0\/24<\/strong> on both switches<\/li>\n<\/ul>\n\n\n\n<\/p>\n\n\n\nCreate VLANs on Switch 1 and Switch 2<\/h3>\n\n\n\n<\/p>\n\n\n\nFirst, we check the running configuration on Switch 1<\/strong> with the command “show running-config<\/strong>“. We should see port F0\/1 <\/strong>and F0\/4<\/strong> currently don’t have any configuration on them. <\/p>\n\n\n\nSwitch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Below is the summary of DTP Possibilities:<\/p>\n\n\n\nScenario (Switch 1 \/ Switch 2)<\/strong><\/td>Result<\/strong><\/td>Security Risk<\/strong><\/td><\/tr>Trunk \/ Trunk (DTP on)<\/td>Trunk Link Established<\/td>High – Forced trunking, bypasses negotiation<\/td><\/tr>Desirable \/ Trunk<\/td>Trunk Link Established (if both support DTP)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Desirable \/ Desirable (Default)<\/td>Trunk Link Established (if both support DTP) or Fallback to Access Mode<\/strong> (if negotiation fails)<\/td>Low – Negotiation prevents accidental trunking<\/td><\/tr>Desirable \/ Auto<\/td>Trunk Link Established (if both initiate negotiation)<\/td>Moderate – Unintended trunking on desirable switch<\/td><\/tr>Auto \/ Auto<\/td>Fallback to Access Mode<\/strong> (unless both initiate negotiation simultaneously)<\/td>None – Requires specific timing for trunk formation<\/td><\/tr>Nonegotiate \/ Any Mode<\/td>Switch with nonegotiate remains in Access Mode<\/strong><\/td>None – Prevents accidental trunking<\/td><\/tr>Desirable \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Desirable switch falls back to Down<\/strong><\/td>Moderate (Desirable switch) – Potential configuration error or security measure<\/td><\/tr>Auto \/ Nonegotiate<\/td>Switch with nonegotiate remains in Access Mode<\/strong>, Auto switch falls back to Down<\/strong><\/td>Low (Auto switch) – Requires manual intervention<\/td><\/tr>Auto \/ Trunk<\/td>Trunk Link Established (if Auto switch responds to Trunk initiation)<\/td>Moderate (depends on switch configuration) – Potential for unintended trunking<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<\/p>\n\n\n\nRecommendation<\/h3>\n\n\n\n<\/p>\n\n\n\nDTP can be useful for quick setups in controlled environments where all devices are Cisco switches. However, you should perform manual trunking for its security and control benefits. Trunk link can give access to all VLANs in the network, so a misconfigured trunk could expose sensitive data if unauthorized access occurs.<\/p>\n\n\n\n<\/p>\n\n\n\nLab 1: Manual Trunking<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nHere is the network topology:<\/p>\n\n\n\n<\/figure><\/div>\n\n\n\nOn Switch 1<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong> <\/li>\n\n\n\nOn Switch 2<\/strong>, we’ll configure F0\/1<\/strong> on VLAN 10<\/strong> and F0\/4<\/strong> on VLAN 20<\/strong><\/li>\n\n\n\nVLAN 10<\/strong> is named “HR<\/strong>” and VLAN 20 <\/strong>is named “Marketing<\/strong>“<\/li>\n\n\n\nWe configure the Trunk link on F0\/24<\/strong> on both switches<\/li>\n<\/ul>\n\n\n\n<\/p>\n\n\n\nCreate VLANs on Switch 1 and Switch 2<\/h3>\n\n\n\n<\/p>\n\n\n\nFirst, we check the running configuration on Switch 1<\/strong> with the command “show running-config<\/strong>“. We should see port F0\/1 <\/strong>and F0\/4<\/strong> currently don’t have any configuration on them. <\/p>\n\n\n\nSwitch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
DTP can be useful for quick setups in controlled environments where all devices are Cisco switches. However, you should perform manual trunking for its security and control benefits. Trunk link can give access to all VLANs in the network, so a misconfigured trunk could expose sensitive data if unauthorized access occurs.<\/p>\n\n\n\n
Here is the network topology:<\/p>\n\n\n
First, we check the running configuration on Switch 1<\/strong> with the command “show running-config<\/strong>“. We should see port F0\/1 <\/strong>and F0\/4<\/strong> currently don’t have any configuration on them. <\/p>\n\n\n\nSwitch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1>enable\nSwitch1#show running-config\nBuilding configuration...\n\nCurrent configuration : 1080 bytes\n!\ninterface FastEthernet0\/1\n!\ninterface FastEthernet0\/4<\/pre>\n\n\n\nNext, we configure the VLANs<\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Next, we configure the VLANs<\/p>\n\n\n\n
Switch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#vlan 10\nSwitch1(config-vlan)#name HR\nSwitch1(config-vlan)#exit\nSwitch1(config)#vlan 20\nSwitch1(config-vlan)#name Marketing\nSwitch1(config-vlan)#exit\nSwitch1(config)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2\n10 HR active \n20 Marketing active <\/pre>\n\n\n\nAfter that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
After that, assign ports to VLAN 10<\/strong> and VLAN 20<\/strong><\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1>enable\nSwitch1#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/1\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 10\nSwitch1(config-if)#exit\nSwitch1(config)#int f0\/4\nSwitch1(config-if)#switchport mode access\nSwitch1(config-if)#switchport access vlan 20\nSwitch1(config-if)#do show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/2, Fa0\/3, Fa0\/5, Fa0\/6\n Fa0\/7, Fa0\/8, Fa0\/9, Fa0\/10\n Fa0\/11, Fa0\/12, Fa0\/13, Fa0\/14\n Fa0\/15, Fa0\/16, Fa0\/17, Fa0\/18\n Fa0\/19, Fa0\/20, Fa0\/21, Fa0\/22\n Fa0\/23, Fa0\/24, Gig0\/1, Gig0\/2\n10 HR active Fa0\/1\n20 Marketing active Fa0\/4<\/pre>\n\n\n\nWe have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
We have finished creating VLANs on Switch 1<\/strong>, you should repeat the same steps above for Switch 2<\/strong>. When you done, move on to the next section. <\/p>\n\n\n\n<\/p>\n\n\n\nEnabling Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nFor testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
For testing purpose, before configuring the trunk link, we won’t be able to ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nNow let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Now let’s build the trunk link. We will configure port F0\/24<\/strong>. In this case, we choose Switch 1<\/strong> to configure the trunk link: <\/p>\n\n\n\nSwitch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n\nEnter interface configuration mode: “int f0\/24<\/strong>“<\/li>\n\n\n\nSet interface mode to trunk: “switchport mode trunk<\/strong>“<\/li>\n\n\n\nAllow specific VLANs on the trunk: “switchport trunk allow vlan 10,20<\/strong>“<\/li>\n<\/ul>\n\n\n\nAs you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1#enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode trunk\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#switchport trunk allow vlan 10,20\nSwitch1(config-if)#exit<\/pre>\n\n\n\n
As you can see, after configuring F0\/24<\/strong> as a trunk port and allowing VLANs 10<\/strong> and 20 <\/strong>on the trunk, the interface goes through a state change (“up<\/strong>” and “down<\/strong>“) due to the configuration changes being applied. This is indicated by the %LINEPROTO-5-UPDOWN <\/strong>message.<\/p>\n\n\n\n<\/p>\n\n\n\nVerify Trunking<\/h3>\n\n\n\n<\/p>\n\n\n\nTo look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
To look at the status of that trunk link, we use the command “show interfaces trunk<\/strong>“. The output shows that interface Fa0\/24<\/strong> is configured as a trunk port, allowing VLANs 10 <\/strong>and 20 <\/strong>to traverse the trunk. It also indicates that both VLANs are currently active and forwarding traffic. The Mode is “on<\/strong>” indicates that the interface is in trunking mode.<\/p>\n\n\n\nSwitch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 10,20<\/pre>\n\n\n\nIf you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
If you use command “show running-config<\/strong>“, you will see the configuration for port F0\/24 <\/strong>also<\/p>\n\n\n\nSwitch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1#show running-config \nBuilding configuration...\n\nCurrent configuration : 1242 bytes\n!\ninterface FastEthernet0\/24\n switchport trunk allowed vlan 10,20\n switchport mode trunk<\/pre>\n\n\n\nWe have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
We have finished configuring trunk port on Switch 1<\/strong>. Now let’s take a look at Switch 2<\/strong> trunk status<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2>enable\nSwitch2#show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1,10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1,10,20<\/pre>\n\n\n\nYou will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
You will notice that the Dynamic Trunking Protocol (DTP)<\/strong> automatically figure out F0\/24<\/strong> is a trunk port with the Mode is “auto<\/strong>“, meaning the switch will negotiate the trunking mode with its neighboring device. Also, VLANs 1 <\/strong>through 1005 <\/strong>are allowed on the trunk port. This is the default behavior when using the “auto<\/strong>” mode for trunk negotiation.<\/p>\n\n\n\nNext, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Next, use command “show running-config<\/strong>” to see the configuration for port F0\/24<\/strong> on Switch 2<\/strong><\/p>\n\n\n\nSwitch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2#show running-config \nBuilding configuration...\n\nCurrent configuration : 1183 bytes\n!\ninterface FastEthernet0\/24<\/pre>\n\n\n\nYou will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
You will see that although the trunk link is configured automatically, the configuration for port F0\/24<\/strong> on Switch 2<\/strong> is blank. Dynamic Trunking Protocol (DTP) is used to negotiate trunking with the neighboring device.<\/p>\n\n\n\nLet’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Let’s manually configure interface F0\/24<\/strong> as trunk port on Switch 2<\/strong>. This is a preferable method since we have full control over its configuration.<\/p>\n\n\n\nSwitch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2#configure terminal \nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int f0\/24\nSwitch2(config-if)#switchport mode trunk\nSwitch2(config-if)#switchport trunk allow vlan 10,20\nSwitch2(config-if)#do show interfaces trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 on 802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 10,20\n\nPort Vlans allowed and active in management domain\nFa0\/24 10,20\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 20<\/pre>\n\n\n\nNow you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Now you can see only VLAN 10<\/strong> and 20 <\/strong>is allowed on the trunk link on Switch 2<\/strong>. Next, let’s test to see if we can ping PC2 <\/strong>(10.0.0.11, VLAN 10) on Switch 2<\/strong> from PC1 <\/strong>(10.0.0.10, VLAN 10) on Switch 1<\/strong>. The ping should be successful:<\/p>\n\n\n\n<\/figure>\n\n\n\nThe ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
The ping will also be successful if we ping PC4 <\/strong>(172.16.0.11, VLAN 20) on Switch 2<\/strong> from PC3 <\/strong>(172.16.0.10, VLAN 20) on Switch 1<\/strong>.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/p>\n\n\n\nLab 2: Dynamic Trunking Protocol (DTP)<\/h2>\n\n\n\n<\/p>\n\n\n\nNetwork Topology<\/h3>\n\n\n\n<\/p>\n\n\n\nLet’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n\nF0\/24<\/strong> on Switch 2<\/strong> will have no configuration on it, meaning that F0\/24<\/strong> is DTP port by default<\/li>\n\n\n\nWe modify Switch 1<\/strong> to go through different possibilities<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\nOn Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Let’s examine the DTP behavior with this lab 2. We will configure some switches and go through some possibilities.<\/p>\n\n\n\n
On Switch 2<\/strong>, use commands “show int trunk<\/strong>” and “show interface f0\/24 switchport<\/strong>“, we should see no trunk port configure yet.<\/p>\n\n\n\nSwitch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2>enable\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\nFrom the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
From the output, we see that F0\/24<\/strong> is under VLAN 1<\/strong>, meaning that F0\/24<\/strong> is an access port. If you use “show vlan brief<\/strong>“, you can see F0\/24<\/strong> belong to VLAN 1<\/strong> either.<\/p>\n\n\n\nSwitch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nDo the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Do the same commands on Switch 1<\/strong>, you will notice that F0\/24<\/strong> is also an access port, no configuration on it.<\/p>\n\n\n\nSwitch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1>enable\nSwitch1#show int trunk\n\n\nSwitch1#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: dynamic auto\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: On\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)\n\nSwitch1#show vlan brief\n\nVLAN Name Status Ports\n---- -------------------------------- --------- -------------------------------\n1 default active Fa0\/1, Fa0\/2, Fa0\/3, Fa0\/4\n Fa0\/5, Fa0\/6, Fa0\/7, Fa0\/8\n Fa0\/9, Fa0\/10, Fa0\/11, Fa0\/12\n Fa0\/13, Fa0\/14, Fa0\/15, Fa0\/16\n Fa0\/17, Fa0\/18, Fa0\/19, Fa0\/20\n Fa0\/21, Fa0\/22, Fa0\/23, Fa0\/24\n Gig0\/1, Gig0\/2<\/pre>\n\n\n\nSo, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
So, we can see that both ends at the moment are configured as DTP Dynamic-Auto<\/strong>, it means we have an access link<\/strong> between the two switches. In other words, we are connected with VLAN 1<\/strong> between Switch 1<\/strong> and Switch 2<\/strong>. <\/p>\n\n\n\n<\/p>\n\n\n\nChange from Dynamic-Auto to Dynamic-Desirable on Switch 1<\/h3>\n\n\n\n<\/p>\n\n\n\nOn Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
On Switch 1<\/strong>, to change the port to be Dynamic-Desirable<\/strong>, the command is “switchport mode dynamic desirable<\/strong>“: <\/p>\n\n\n\nSwitch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1>enable\nSwitch1#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch1(config)#int f0\/24\nSwitch1(config-if)#switchport mode dynamic desirable\n\nSwitch1(config-if)#\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to down\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/24, changed state to up\n\nSwitch1(config-if)#exit<\/pre>\n\n\n\nNow, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Now, we take a look at the port status of Switch 1<\/strong>. Notice that port F0\/24<\/strong> has a trunking status configured automatically:<\/p>\n\n\n\nSwitch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch1#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 desirable n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\nYou should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
You should see the same result in the Switch 2<\/strong>, with F0\/24<\/strong> operate as trunk port:<\/p>\n\n\n\nSwitch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2#show int trunk\nPort Mode Encapsulation Status Native vlan\nFa0\/24 auto n-802.1q trunking 1\n\nPort Vlans allowed on trunk\nFa0\/24 1-1005\n\nPort Vlans allowed and active in management domain\nFa0\/24 1\n\nPort Vlans in spanning tree forwarding state and not pruned\nFa0\/24 1<\/pre>\n\n\n\n<\/p>\n\n\n\nTurning off DTP<\/h3>\n\n\n\n<\/p>\n\n\n\nIn reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
In reality, you should restrict VLAN 1<\/strong> from traversing the trunk because of security risk. Trunk ports give an end user a lot of access to the network. Also, we don’t want our ports to be automatically configured for trunk ports without any administration.<\/p>\n\n\n\nLet’s turn off DTP on Switch 2:<\/p>\n\n\n\nSwitch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Let’s turn off DTP on Switch 2:<\/p>\n\n\n\n
Switch2#configure terminal\nEnter configuration commands, one per line. End with CNTL\/Z.\nSwitch2(config)#int range f0\/1 - 24 , g0\/1 - 2\nSwitch2(config-if-range)#switchport mode access\nSwitch2(config-if-range)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0\/24 VLAN1.\n\n%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0\/24 on VLAN0001. Inconsistent port type.\n\n\nSwitch2(config-if-range)#switchport nonegotiate\nSwitch2(config-if-range)#exit<\/pre>\n\n\n\nNext, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Next, we check the port status of Switch 2<\/strong>, notice that negotiation of Trunking is Off<\/strong> , and there is no trunk port configured under output of command “show int trunk<\/strong>“:<\/p>\n\n\n\nSwitch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Switch2#show int trunk\n\n\nSwitch2#show interface f0\/24 switchport\nName: Fa0\/24\nSwitchport: Enabled\nAdministrative Mode: static access\nOperational Mode: static access\nAdministrative Trunking Encapsulation: dot1q\nOperational Trunking Encapsulation: native\nNegotiation of Trunking: Off\nAccess Mode VLAN: 1 (default)\nTrunking Native Mode VLAN: 1 (default)<\/pre>\n\n\n\n<\/p>\n\n\n\nConclusion<\/h2>\n\n\n\n<\/p>\n\n\n\nTo sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
To sum up, while DTP offers convenience for quick setups, understanding its limitations and potential security risks is crucial. For secure and controlled multi-VLAN communication, manual trunking is the recommended approach.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Learn how to configure trunking on Cisco switch for efficient communication between VLANs. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[6,7],"tags":[57,58,55],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-it","category-networking","tag-packet-tracer","tag-trunking","tag-vlan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/comments?post=1262"}],"version-history":[{"count":124,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1399,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/posts\/1262\/revisions\/1399"}],"wp:attachment":[{"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/media?parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/categories?post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlensfocus.com\/index.php\/wp-json\/wp\/v2\/tags?post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/05.DTP1_-1.png\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/06.DTP2_-1.png\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/07.DTP3_.png\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/01.lab_.png\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/02.ping-test1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/03.ping-test2.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/04.pingtest3.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/techlensfocus.com\/wp-content\/uploads\/2024\/04\/09.Lab2_.png\")
<\/figure><\/div>\n\n\n