Guest

Virtual LANs/VLAN Trunking Protocol (VLANs/VTP)

Configuring ISL Trunks on Cisco Routers

Document ID: 17051

Updated: Aug 30, 2005

   Print

Introduction

This document discusses the configuration of Inter-Switch Link Protocol (ISL) trunks on external Cisco routers like the 7500/7000, 3600, 4500, or 2500 series. This document does not discuss the configuration of ISL trunks on Layer 2 (L2)/Layer 3 (L3) switches like the Cisco Catalyst 6500 or 4500.

For information on configuring ISL and 802.1Q trunks between Catalyst L2 and L3 switches that run Catalyst OS (CatOS) or Cisco IOS® Software, refer to either of these:

Related Cisco Support Community Discussions section of this document

  • The LAN Product Support Pages

  • Prerequisites

    Requirements

    Readers of this document should have knowledge of these topics:

    • ISL support on Catalyst switches

      ISL support is hardware-dependent for Catalyst switches. When you connect an external router to a Catalyst 6500/6000, 5500/5000 or 4500/4000 switch, use one of these commands to determine the encapsulation support per module:

      • CatOS—show port capabilities

      • Cisco IOS Software—show interfaces capabilities

    • ISL support on Cisco routers

      In Cisco IOS Software Release 11.2 and later, only a Plus feature set is necessary. The Plus feature set is either IP Plus or Desktop Plus. Any Fast Ethernet or Gigabit Ethernet interface on the routers supports ISL VLAN trunking.

      In Cisco IOS Software Release 11.3 and earlier, only IP and Internetwork Packet Exchange (IPX) with an IEEE 802.3 (Novell-Ether) encapsulation have support over ISL. Cisco IOS Software Release 11.3 added additional encapsulations and protocols.

    Components Used

    This document is not restricted to specific software and hardware versions.

    Conventions

    For more information on document conventions, refer to the Cisco Technical Tips Conventions.

    Background Information

    A VLAN is a logical broadcast domain. In order to allow data to traverse between two VLANs, or broadcast domains, you must use an L3 device to route between the VLANs. The seven-layer Open System Interconnection (OSI) model defines this rule. Any of these devices can accomplish this routing:

    • An external router, such as the 2500, 4000, or 7000

    • An internal router, such as a Multilayer Switch Feature Card (MSFC)

    • An external device with routing software, like a UNIX host that runs routed or gated

    The original method was to connect a different physical port on the router to each individual VLAN. This method becomes very expensive as the number of VLANs increases. But there is a better method. The network administrators can decide to use VLAN trunking to assign multiple VLANs to a single routed interface instead. Only routers with 100 MB or faster Ethernet ports can do VLAN trunking.

    VLAN trunking allows 100 MB Fast Ethernet or 1000 MB Gigabit Ethernet interfaces to place a tag on the packet that identifies the VLAN to which the packet belongs. When the other end of the ISL trunk receives this tagged packet, the ISL trunk places the packet in the correct VLAN. The ISL tag is a 30-byte header that is added around the Fast Ethernet frame. Therefore, ISL is a point-to-point technology and only works between two Cisco switches or routers that support ISL on the 100 MB Fast Ethernet or 1000 MB Gigabit Ethernet interfaces.

    This figure provides a visual description of ISL trunks:

    24a.gif

    Configurations

    Complete these steps:

    1. Connect the router to the switch with ISL-capable ports with use of the appropriate cables.

      Use either straight-through Category 5 or fiber-optic cables.

    2. Make sure that you have created the VLANs on the Catalyst switch side and that you have configured the switch port to be an ISL trunk port.

      Note: Remember that Cisco routers cannot negotiate Dynamic Trunking Protocol (DTP) or Dynamic Interswitch Link Protocol (DISL) frames. Therefore, you must configure the trunk mode to be nonegotiate on the switch side. Refer to�the document Configuring ISL and 802.1q Trunking Between a CatOS Switch and an External Router (InterVLAN Routing) or the Related Information section of this document.

    3. Begin to define the VLANs on the router.

      Make sure that you know what L2 and L3 information to configure for each VLAN. This includes the IP address, IPX network number, and other information.

    version 11.3
    no service password-encryption
    !
    hostname lt-4500-static
    !
    enable secret 5 $1$XqiP$3ADCgrFMC21pwyVQIkith.
    !
    no ip domain-lookup
    appletalk routing
    ipx routing 0000.0c0b.f2f5
    !
    !
    interface FastEthernet0              
    
    !--- Only Layer 1 is configured here.
    
     no ip address
     full-duplex             
    !
    interface FastEthernet0.1            
    
    !--- All L2 and L3 are on subinterfaces.
    
     encapsulation isl 1                 
    
    !--- This defines ISL encapsulation and the VLAN number.
    
     ip address 10.6.1.220 255.255.255.0
     no ip redirects           
     appletalk cable-range 100-100 100.149
     appletalk zone cisco
     ipx network ABC encapsulation SAP
    !
    interface FastEthernet0.2
     encapsulation isl 2
     ip address 10.7.1.220 255.255.255.0
     no ip redirects
     appletalk cable-range 200-200 200.135
     appletalk zone cisco1
     ipx network DEADBEEF encapsulation ARPA
    !
    interface FastEthernet0.3
     encapsulation isl 3
     ip address 10.8.1.220 255.255.255.0
     no ip redirects
     appletalk cable-range 300-300 300.69
     appletalk zone cisco2
     ipx network 1234 encapsulation SNAP
    !
    ip classless
    !
    line con 0
    line aux 0
    line vty 0 4
     password cisco
     login
    !
    end

    You need to configure the encapsulation isl vlan# command before you configure any other L2 or L3 information. The subinterface does not have to match the VLAN ID number. However, a match makes the administration and troubleshoot of VLAN issues easier.

    You must use subinterfaces to avoid a violation of the split-horizon rule. The split horizon rule prohibits the advertisement of a route by a router through an interface that the router itself is using to reach the destination. This approach is very similar to use of point-to-point subinterfaces with Frame Relay in a WAN environment.

    Debug and Troubleshoot

    Once you have verified that your configuration, Cisco IOS Software, and hardware platform are correct, you need to verify that things work correctly. Use the commands in this section to verify operation and troubleshoot problems.

    Note: Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

    Note: Before issuing debug commands, refer to Important Information on Debug Commands.

    • show vlan—This command tells you what L2 or L3 information is configured for each VLAN.

      lt-4500-static# show vlan
      Virtual LAN ID:  1 (Inter Switch Link Encapsulation)
      vLAN Trunk Interface:   FastEthernet0.1       
         Protocols Configured:   Address:              Received:        Transmitted:
                 IP              10.6.1.220                   0                   0
             IPX (SAP)        ABC.0000.0c0b.f2f5              0                   8
               AppleTalk           100.149                    0                  22
      Virtual LAN ID:  2 (Inter Switch Link Encapsulation)
      vLAN Trunk Interface:   FastEthernet0.2       
         Protocols Configured:   Address:              Received:        Transmitted:
                 IP              10.7.1.220                   0                   0
          IPX (ARPA)     DEADBEEF.0000.0c0b.f2f5              0                   8
               AppleTalk           200.135                    0                  22
      Virtual LAN ID:  3 (Inter Switch Link Encapsulation)
      vLAN Trunk Interface:   FastEthernet0.3       
         Protocols Configured:   Address:              Received:        Transmitted:
                 IP              10.8.1.220                   0                   0
             IPX (SNAP)      1234.0000.0c0b.f2f5              0                   9
               AppleTalk           300.69                     0                  23
      
    • show interface—This command tells you the state of the interface and subinterfaces, as well as the VLAN color of the subinterfaces. The VLAN color is the same as the VLAN number.

      lt-4500-static# show interface
      FastEthernet0 is up, line protocol is up 
        Hardware is DEC21140, address is 0000.0c0b.f2f5 (bia 0000.0c0b.f2f5)
        MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
        Encapsulation ARPA, loopback not set, keepalive set (10 sec)
        Full-duplex, 100Mb/s, 100BaseTX/FX
        ARP type: ARPA, ARP Timeout 04:00:00
        Last input 00:00:00, output 00:00:03, output hang never
        Last clearing of "show interface" counters 00:04:25
        Queueing strategy: fifo
        Output queue 0/40, 0 drops; input queue 0/75, 0 drops
        5 minute input rate 0 bits/sec, 1 packets/sec
        5 minute output rate 0 bits/sec, 0 packets/sec
           415 packets input, 25392 bytes, 0 no buffer
           Received 415 broadcasts, 0 runts, 0 giants, 0 throttles
           0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
           0 watchdog, 0 multicast
           0 input packets with dribble condition detected
           137 packets output, 12378 bytes, 0 underruns
           0 output errors, 0 collisions, 0 interface resets
           0 babbles, 0 late collision, 0 deferred
           0 lost carrier, 0 no carrier
           0 output buffer failures, 0 output buffers swapped out
      FastEthernet0.1 is up, line protocol is up 
        Hardware is DEC21140, address is 0000.0c0b.f2f5 (bia 0000.0c0b.f2f5)
        Internet address is 10.6.1.220/24
        MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
        Encapsulation ISL Virtual LAN, Color 1.
        ARP type: ARPA, ARP Timeout 04:00:00
      FastEthernet0.2 is up, line protocol is up 
        Hardware is DEC21140, address is 0000.0c0b.f2f5 (bia 0000.0c0b.f2f5)
        Internet address is 10.7.1.220/24
        MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
        Encapsulation ISL Virtual LAN, Color 2.
        ARP type: ARPA, ARP Timeout 04:00:00
      FastEthernet0.3 is up, line protocol is up 
        Hardware is DEC21140, address is 0000.0c0b.f2f5 (bia 0000.0c0b.f2f5)
        Internet address is 10.8.1.220/24
        MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
        Encapsulation ISL Virtual LAN, Color 3.
        ARP type: ARPA, ARP Timeout 04:00:00
      
    • show {ip | ipx | appletalk} route—This command tells you that the correct ISL subinterface is learning or sending the routing information.

      lt-4500-static# show ip route
      Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
             D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
             N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
             E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
             i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
             U - per-user static route, o - ODR
      Gateway of last resort is not set
            10.0.0.0/24 is subnetted, 3 subnets
      C       10.8.1.0 is directly connected, FastEthernet0.3
      C       10.7.1.0 is directly connected, FastEthernet0.2
      C       10.6.1.0 is directly connected, FastEthernet0.1
      
      lt-4500-static# show appletalk route
      Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP
             S - static  P - proxy 
      3 routes in internet
      The first zone listed for each entry is its default (primary) zone.
      C Net 100-100 directly connected, Fa0.1, zone cisco
      C Net 200-200 directly connected, Fa0.2, zone cisco1
      C Net 300-300 directly connected, Fa0.3, zone cisco2
      
      lt-4500-static# show ipx route
      Codes: C - Connected primary network,    c - Connected secondary network
             S - Static, F - Floating static, L - Local (internal), W - IPXWAN
             R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate
             s - seconds, u - uses, U - Per-user static
      3 Total IPX routes. Up to 1 parallel paths and 16 hops allowed.
      No default route known.
      C        ABC (ISL vLAN),      Fa0.1
      C       1234 (ISL vLAN),      Fa0.3
      C   DEADBEEF (ISL vLAN),      Fa0.2
      
    • debug vlan packet—This command tells you if there is a misconfiguration of the packets on the ISL trunk or if the wrong ISL subinterface is sending or receiving the packets.

      caution Caution: Always be careful when you use any debug command. The debug commands can cause severe performance issues on the router. To disable debugging, issue the undebug all command.

      lt-4500-static# debug vlan packet
      Virtual LAN packet information debugging is on
      lt-4500-static#
      vLAN: Received ISL encapsulated UNKNOWN packet bearing colour ID 2
            on interface FastEthernet0.2 which is not configured to
            route or bridge this packet type.
      vLAN: Received ISL encapsulated UNKNOWN packet bearing colour ID 1
            on interface FastEthernet0.1 which is not configured to
            route or bridge this packet type.
      vLAN: Received ISL encapsulated UNKNOWN packet bearing colour ID 3
            on interface FastEthernet0.3 which is not configured to
            route or bridge this packet type.
      vLAN: ISL packet received bearing colour ID 4 on FastEthernet0
            which has no subinterface configured to route or bridge ID 4.
      vLAN: ISL packet received bearing colour ID 5 on FastEthernet0
            which has no subinterface configured to route or bridge ID 5.
      vLAN: Received ISL encapsulated UNKNOWN packet bearing colour ID 1
            on interface FastEthernet0.1 which is not configured to
            route or bridge this packet type.
      vLAN: Received ISL encapsulated UNKNOWN packet bearing colour ID 2
            on interface FastEthernet0.2 which is not configured to
            route or bridge this packet type.

    Related Information

    Updated: Aug 30, 2005
    Document ID: 17051