Cycle Logo

VLAN Trunking and Inter-Switch Communication

VLANs (Virtual Local Area Networks) allow networks to be logically segmented, improving security, efficiency, and traffic management. However, VLANs only work within a single switch by default. So how do VLANs communicate across multiple switches?

This is where VLAN trunking comes in. Trunking enables multiple VLANs to share a single physical link, ensuring that VLAN traffic can pass between switches while keeping each VLAN's traffic isolated.

In this guide, we'll break down how VLAN trunking works, how to configure it, and best practices for troubleshooting VLAN communication issues.

What is VLAN Trunking?

VLAN trunking allows multiple VLANs to be carried over a single network link between switches. Without trunking, each VLAN would require a dedicated physical connection for inter-switch communication, leading to excessive cabling and port consumption.

How VLAN Trunking Works

  • A trunk port is a switch port that can carry traffic from multiple VLANs.
  • VLANs are tagged using the IEEE 802.1Q standard, allowing switches to identify VLAN traffic.
  • When a switch receives VLAN-tagged traffic, it forwards the frames to the appropriate VLAN based on the tag.

Without VLAN tagging, switches would have no way of knowing which VLAN a packet belongs to, causing network segmentation issues.

Understanding Trunk Ports vs. Access Ports

Port TypeFunctionVLAN SupportTraffic Tagging
Access PortConnects to an endpoint (PC, printer, etc.)Supports one VLANUntagged
Trunk PortConnects switches and carries VLAN trafficSupports multiple VLANsTagged (802.1Q)

How VLAN Tags Work (802.1Q)

  • A VLAN tag (4-byte header) is added to Ethernet frames when they are sent over a trunk.
  • The receiving switch reads the tag and forwards the traffic to the correct VLAN.
  • When frames exit the trunk port onto an access port, the tag is removed, and the device receives normal Ethernet frames.

Native VLAN on a Trunk Port

A Native VLAN is used for untagged traffic on a trunk link.

  • By default, most switches use VLAN 1 as the native VLAN.
  • If untagged traffic is received on a trunk port, it is assigned to the native VLAN.
  • Best practice: Change the native VLAN from VLAN 1 to a dedicated VLAN to prevent VLAN hopping attacks.

Inter-Switch Communication with VLAN Trunking

When switches need to communicate VLAN traffic across multiple switches, they use trunk links.

How VLANs Pass Between Switches

  1. Switch A assigns VLAN tags to outgoing frames before sending them over the trunk link.
  2. Switch B receives the frames, reads the VLAN tag, and forwards the traffic to the correct VLAN.
  3. If the frame is untagged (native VLAN traffic), the switch assigns it to the native VLAN.

Example Topology with VLAN Trunking

[PC1 - VLAN 10] ---- [Switch A] ==== [Switch B] ---- [PC2 - VLAN 10]
                                (Trunk Port)

In this setup, VLAN 10 traffic from PC1 can reach PC2, even though they are on different switches, because of the trunk link.

Configuring VLAN Trunking (802.1Q) on Managed Switches

Cisco Switch Configuration

🔹 Step 1: Create VLANs on both switches

Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit
 
Switch(config)# vlan 20
Switch(config-vlan)# name IT
Switch(config-vlan)# exit

🔹 Step 2: Configure trunk ports

Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# switchport trunk native vlan 99  # Set a non-default native VLAN
Switch(config-if)# exit

🔹 Step 3: Verify trunking status

Switch# show interfaces trunk

Other Managed Switches (Generic 802.1Q Configuration)

interface gigabitethernet1/0/1
   switchport mode trunk
   switchport trunk allowed vlan 10,20

💡 Best Practice: Always define which VLANs are allowed on the trunk to avoid unnecessary traffic.

Common VLAN Trunking Issues & Troubleshooting

🔹 VLAN Mismatch Errors

  • If switches have different VLAN configurations, VLAN traffic won't pass correctly.
  • Fix: Ensure VLANs exist on both switches and are correctly allowed on the trunk.

🔹 Native VLAN Mismatch

  • If the native VLAN is different on both sides of a trunk, it can cause connectivity issues and VLAN hopping attacks.
  • Fix: Run the following command to check native VLAN settings: 
    show interfaces trunk
    Then, ensure both sides have matching native VLAN configurations.

🔹 Spanning Tree Protocol (STP) Blocking Trunks

  • If Spanning Tree detects a loop, it may disable the trunk link.
  • Fix: Use the show spanning-tree command to check if the trunk port is blocked.

🔹 Incorrect Port Mode

  • A switch port in access mode won't forward VLAN-tagged traffic.
  • Fix: Make sure ports are in trunk mode using: 
    show interfaces switchport

Key Takeaways

VLAN trunking is critical for inter-switch communication, allowing multiple VLANs to be transported over a single physical link while maintaining segmentation and security.

✔ Trunk ports carry multiple VLANs, while access ports carry only one.
✔ 802.1Q tagging ensures VLAN traffic is correctly identified across switches.
✔ Native VLAN settings must match on both ends of a trunk link.
✔ Troubleshooting tools like show interfaces trunk help diagnose VLAN communication issues.

We use cookies to enhance your experience. You can manage your preferences below.