Guest

Cisco Catalyst 6000 Series Switches

Configuring 802.1Q Trunking Between a Catalyst 3550/3560/3750 and Catalyst Switches That Run Cisco IOS Software

Document ID: 10599

Updated: Dec 12, 2006

   Print

Introduction

This document provides a sample configuration of IEEE 802.1Q (dot1q) trunking between a Cisco Catalyst 3550/3560/3750 switch that runs Cisco IOS® Software and a Catalyst 6500/6000 series switch or Catalyst 4500/4000 series switch that runs Cisco IOS Software. Trunking is a way to carry traffic from several VLANs over a point-to-point link between the two devices.

Two ways in which you can implement Ethernet trunking are:

  • Inter-Switch Link Protocol (ISL)—A Cisco proprietary protocol

  • 802.1Q—An IEEE standard

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Knowledge of IEEE 802.1Q trunking

  • Knowledge of the configuration of Catalyst 3560 and Catalyst 6500/6000 series switches with use of command-line interface (CLI)

Components Used

The information in this document is based on these software and hardware versions:

  • Catalyst 3560 switch that runs Cisco IOS Software Release 12.2(25)SEA

  • Catalyst 6509 switch that runs Cisco IOS Software Release 12.1(26)E1

The Catalyst 3560 configuration in this document is also applicable to Catalyst 3550/3750 switches that run Cisco IOS Software. The Catalyst 6500/6000 configuration in this document is also applicable to Catalyst 4500/4000 series switches that run Cisco IOS Software.

Note: Refer to this document to learn about the trunking methods that are supported by various Catalyst switches:

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Note: This document includes only the configuration files from the switches and the output from the related sample show commands. For details on how to configure an 802.1Q trunk between Catalyst switches, refer to these documents:

Background Theory

IEEE 802.1Q uses an internal tagging mechanism. The trunking device inserts a 4-byte tag in order to identify the VLAN to which a frame belongs and then recomputes the frame check sequence (FCS). For more information, refer to these documents:

Note: Here are some important notes to remember during this configuration:

  • Any Ethernet interface on a Catalyst 3550/3560/3750 series switch can support 802.1Q and ISL encapsulation. The Ethernet interface on a Catalyst 3550 switch is a Layer 2 (L2) port, by default.

  • Any Ethernet port on a Catalyst 6500/6000 series switch can support 802.1Q and ISL encapsulation.

  • By default, the Catalyst 4500 series switch that runs Cisco IOS Software supports both ISL and 802.1Q trunking modes. The support is on all interfaces except blocking Gigabit ports on the WS-X4418-GB and WS-X4412-2GB-T modules. These ports do not support ISL and only support 802.1Q trunking. Ports 3 through 18 are blocking Gigabit ports on the WS-X4418-GB module. Ports 1 through 12 are blocking Gigabit ports on the WS-X4412-2GB-T module.

    Note: A port is a blocking port if its connection to the backplane is oversubscribed.

  • The main difference between the Catalyst 6500/6000 and the Catalyst 4500 platforms is the default interface configuration. The Catalyst 6500/6000 switch that runs Cisco IOS Software has interfaces in shutdown mode that are Layer 3 (L3) routed ports by default. The Catalyst 4500/4000 switch that runs Cisco IOS Software has all the interfaces enabled. The interfaces are L2 switch ports by default.

  • When 802.1Q encapsulation is used on a trunk interface on the Catalyst 3750 Switches, runts can be seen on show interface output because valid 802.1Q encapsulated packets which are 61-64 bytes including the q-tag are counted by the Catalyst 3750 Switch as undersized frames, even though these packets are forwarded correctly. Refer to Cisco bug ID CSCec14238 (registered customers only) for more details.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

Note: The Gigabit Ethernet interface on the Catalyst 3560 is a 10/100/1000 Mbps negotiated Ethernet interface. Therefore, the Gigabit port on the Catalyst 3560 is connected to a Fast Ethernet (100 Mbps) port on the Catalyst 6500 in this network diagram.

88-a.gif

Configurations

This document uses these configurations:

Catalyst 3560 Switch

!--- Note: This example creates VLAN 1 and VLAN 2
!--- and sets the VLAN Trunk Protocol (VTP) mode to transparent. Use your
!--- network as a basis and set the VTP mode accordingly. For more details,
!--- refer to Configuring VLANs.


 version 12.2 
 no service pad 
 service timestamps debug uptime 
 service timestamps log uptime 
 no service password-encryption 
 ! 
 hostname 3560 
 ! 

!--- This is the privileged mode password for the example.

 enable password mysecret
 ! 
 ip subnet-zero  
 ! 
 vtp mode transparent
 ! 

!--- VLAN 2 is created. This is visible only when you set VTP mode 
!--- to transparent.


 vlan 2
 !

 ! 

!--- The Gigabit Ethernet interface on the Catalyst 3560 is a 10/100/1000 Mbps
!--- negotiated Ethernet interface. Therefore, the Gigabit port on the
!--- Catalyst 3560 is connected to a Fast Ethernet port on the Catalyst 6500.
!--- Configure the trunk on the Gigabit Ethernet 0/1 interface.

 interface GigabitEthernet0/1 

!--- Configure trunk encapsulation as dot1q.
!--- For details on trunking, refer to Configuring VLANs.

 switchport trunk encapsulation dot1q 

!--- Enable trunking on the interface.

 switchport mode trunk 
 no ip address 
 snmp trap link-status 
 !
 !

!--- Interfaces Gigabit Ethernet 0/2 through 0/5 are placed in VLAN 1.
!--- In order to configure the interface as an L2 port, 
!--- refer to the Configuring Ethernet Interfaces section
!--- of Configuring Interface Characteristics. All L2 ports are placed
!--- in VLAN 1, by default.

 interface GigabitEthernet0/2 
 switchport mode access
 no ip address 
 snmp trap link-status 
 ! 
 interface GigabitEthernet0/3
 switchport mode access
 no ip address 
 snmp trap link-status 
 !
 !
 interface GigabitEthernet0/4 
 switchport mode access 
 no ip address 
 snmp trap link-status 
 ! 
 interface GigabitEthernet0/5 
 switchport mode access 
 no ip address 
 snmp trap link-status 
 ! 
 !

!--- Interfaces Gigabit Ethernet 0/6 through 0/12 are placed in VLAN 2.

 interface GigabitEthernet0/6 
 switchport access vlan 2 
 switchport mode access
 no ip address 
 snmp trap link-status 
 ! 
 
!--- Output suppressed.

 ! 
 interface GigabitEthernet0/12 
 switchport access vlan 2 
 switchport mode access 
 no ip address 
 snmp trap link-status 
 ! 
 interface Vlan1

!--- This is the IP address for management.

 ip address 10.1.1.1 255.255.255.0 
 ! 
 ip classless 
 ip http server 
 ! 
 ! 
 line con 0 
 transport input none 
 line vty 0 4 

!--- This is the privileged mode password for the example.

 password mysecret
 login 
 line vty 5 15 
 login 
 ! 
 end

Catalyst 6500 Switch

!--- Note: This example creates VLAN 1 and VLAN 2 and sets
!--- the VTP mode to transparent. Use your network as a basis and set the VTP 
!--- mode accordingly. For more details, refer to Configuring VLANs.


 Current configuration : 4812 bytes
 version 12.1 
 service timestamps debug uptime 
 service timestamps log uptime 
 no service password-encryption 
 ! 
 hostname Cat6500 
 ! 
 vtp mode transparent
 ip subnet-zero
 !
 !
 mls flow ip destination 
 mls flow ipx destination 
 !

!--- This is the privileged mode password for the example.

 enable password mysecret
 ! 
 redundancy 
 mode rpr-plus
 main-cpu 
 auto-sync running-config
 auto-sync standard 
  
 ! 
 ! 

!--- This enables VLAN 2.

 vlan 2
 !
 !

 
 interface GigabitEthernet1/1 
 no ip address 
 shutdown 
 ! 
 interface GigabitEthernet1/2 
 no ip address 
 shutdown 
 ! 

!--- The Gigabit Ethernet interface on the Catalyst 3560 is a 10/100/1000 Mbps 
!--- negotiated Ethernet interface. Therefore, the Gigabit port on the Catalyst 3560
!--- is connected to a Fast Ethernet port on the Catalyst 6500.

 interface FastEthernet3/1 
 no ip address 

!--- You must issue the switchport command once,
!--- without any keywords, in order to configure the interface as an L2 port for the 
!--- Catalyst 6500 series switch that runs Cisco IOS Software.
 
!--- On a Catalyst 4500 series switch that runs Cisco IOS Software, all ports are L2
!--- ports by default. Therefore, if you do not change the default configuration,
!--- you do not need to issue the switchport command.
!--- For more details, refer to Configuring Layer 2 Ethernet Interfaces 
!--- for the Catalyst 4500 series switch that runs Cisco IOS Software.


 switchport 

!--- Configure trunk encapsulation as dot1q.
!--- For more details on trunking, refer to  
!--- Configuring LAN Ports for Layer 2 Switching for the Catalyst 6500 series switch
!--- that runs Cisco IOS Software, or Configuring Layer 2 Ethernet Interfaces
!--- for the Catalyst 4500/4000 series switch that runs Cisco IOS Software.

 switchport trunk encapsulation dot1q 


!--- Enable trunking on the interface.


 switchport mode trunk 
 ! 

!--- Configure interfaces Fast Ethernet 3/2 through 3/24 to be in access mode.
!--- By default, all access ports are configured in VLAN 1.
!--- For more details, refer to Configuring LAN Ports for Layer 2 Switching
!--- for the Catalyst 6500 series switch that runs Cisco IOS Software, or 
!--- Configuring Layer 2 Ethernet Interfaces for the Catalyst 4500/4000 series
!--- switch that runs Cisco IOS Software.

 interface FastEthernet3/2
 no ip address
 switchport
 switchport mode access
 ! 
 

!--- Output suppressed.

 !
 interface FastEthernet3/24
 no ip address 
 switchport 
 switchport mode access
 !

!--- Fast Ethernet 3/25 through 3/48 are placed in VLAN 2.
!--- For more details, refer to Configuring LAN Ports for Layer 2 Switching 
!--- for the Catalyst 6500 series switch that runs Cisco IOS Software, 
!--- or Configuring Layer 2 Ethernet Interfaces for the Catalyst 4500/4000 
!--- series switch that runs Cisco IOS Software.

 interface FastEthernet3/25
 no ip address 
 switchport 
 switchport access vlan 2 
 switchport mode access 
 ! 
  

!--- Output suppressed.

 ! 
 interface FastEthernet3/48
 no ip address 
 switchport 
 switchport access vlan 2 
 switchport mode access 
 ! 
 ! 
 interface Vlan1 

!--- This is the IP address for management.

 ip address 10.1.1.2 255.255.255.0 
 ! 
 !
 ip classless 
 no ip http server 
 ! 
 ! 
 ip classless
 ip http server
 ! 
 line con 0 
 exec-timeout 0 0 
 transport input none 
 line vty 0 4 

!--- This is the Telnet password for the example.

 password mysecret
 login 
 
 ! 
 end 

Note: If you assign an interface to a VLAN that does not exist, the interface shuts down until you create the VLAN in the VLAN database. For details, refer to the Creating or Modifying an Ethernet VLAN section of Configuring VLANs.

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

On Catalyst 3550/3560/3750/6500/4500 switches, use these commands:

  • show interfaces interface_type module/port trunk

  • show interfaces interface_type module/port switchport

  • show vlan

  • show vtp status

Sample show Command Output

Catalyst 3560 Switch

  • show interfaces interface_type module/port trunk —This command displays the trunk configuration of the interface along with the VLAN numbers for which traffic is able to be carried over the trunk.

    3560# show interface gigabitethernet 0/1 trunk
     
    Port      Mode         Encapsulation  Status        Native vlan
    Gi0/1     on           802.1q         trunking      1
     
    Port      Vlans allowed on trunk
    Gi0/1     1 4094
     
    Port      Vlans allowed and active in management domain
    Gi0/1     1-2
     
    Port      Vlans in spanning tree forwarding state and not pruned
    Gi0/1     1-2
  • show interfaces interface_type module/port switchport —This command displays the switch port configuration of the interface.

    In the display, check the Operational Mode and the Operational Trunking Encapsulation fields.

    3560# show interface gigabitethernet 0/1 switchport
    Name: Gi0/1
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Voice VLAN: none
    Administrative private-vlan host-association: none 
    Administrative private-vlan mapping: none 
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL  
    Protected: false
    Unknown unicast blocked: disabled
    Unknown multicast blocked: disabled
    Appliance trust : none 
  • show vlan —This command gives information about the VLANs and the ports that belong to a particular VLAN.

    3560# show vlan
     
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Gi0/2, Gi0/3, Gi0/4, Gi0/5
    2    VLAN0002                         active    Gi0/6, Gi0/7, Gi0/8, Gi0/9
                                                                Gi0/10, Gi0/11, Gi0/12
    
    1002 fddi-default                     act/unsup
    1003 token-ring-default               act/unsup
    1004 fddinet-default                  act/unsup
    1005 trnet-default                    act/unsup
    
    !--- Output suppressed.
    
    

    Note: The ports that are displayed in the output are only access ports. But the ports that are configured to be trunk and that are in the 'notconnected' status also show up in the show vlan output.

  • show vtp status —This command displays general information about the VTP management domain, status, and counters.

    3560# show vtp status
    VTP Version : 2 
    Configuration Revision : 0 
    Maximum VLANs supported locally : 1005 
    Number of existing VLANs : 6 
    VTP Operating Mode : Transparent      
    VTP Domain Name : 
    VTP Pruning Mode : Disabled 
    VTP V2 Mode : Disabled 
    VTP Traps Generation : Disabled 
    MD5 digest : 0x4A 0x55 0x17 0x84 0xDB 0x99 0x3F 0xD1 
    Configuration last modified by 10.1.1.1 at 0-0-00 00:00:00
    
    3560# ping 10.1.1.2 
    Type escape sequence to abort. 
    Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: 
    !!!!! 
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms 
    3560#

Catalyst 6500 Switch

  • show interfaces interface_type module/port trunk —This command displays the trunk configuration of the interface along with the VLAN numbers for which traffic is able to be carried over the trunk.

    Cat6500# show interfaces fastethernet 3/1 trunk
     
    Port      Mode         Encapsulation  Status        Native vlan
    Fa3/1     on           802.1q         trunking      1
     
    Port      Vlans allowed on trunk
    Fa3/1     1 4094
     
    Port      Vlans allowed and active in management domain
    Fa3/1     1-2
     
    Port      Vlans in spanning tree forwarding state and not pruned
    Fa3/1     1-2
  • show interfaces interface_type module/port switchport —This command displays the switch port configuration of the interface.

    In the display, check the Operational Mode and the Operational Trunking Encapsulation fields.

    cat6500# show interface fastethernet 3/1 switchport 
    Name: Fa3/1
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Voice VLAN: none
    Administrative private-vlan host-association: none 
    Administrative private-vlan mapping: none 
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk private VLANs: none
    Operational private-vlan: none
    Trunking VLANs Enabled: ALL
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
  • show vlan —This command gives information about the VLANs and the ports that belong to a particular VLAN.

    Cat6500# show vlan
     
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa3/2, Fa3/3, Fa3/4, Fa3/5
                                                    Fa3/6, Fa3/7, Fa3/8, Fa3/9
                                                    Fa3/10, Fa3/11, Fa3/12, Fa3/13
                                                    Fa3/14, Fa3/15, Fa3/16, Fa3/17
                                                    Fa3/18, Fa3/19, Fa3/20, Fa3/21
                                                    Fa3/22, Fa3/23, Fa3/24
    2    VLAN0002                         active    Fa3/25, Fa3/26, Fa3/27, Fa3/28
                                                    Fa3/29, Fa3/30, Fa3/31, Fa3/32
                                                    Fa3/33, Fa3/34, Fa3/35, Fa3/36
                                                    Fa3/37, Fa3/38, Fa3/39, Fa3/40
                                                    Fa3/41, Fa3/42, Fa3/43, Fa3/44
                                                    Fa3/45, Fa3/46, Fa3/47, Fa3/48
    1002 fddi-default                      act/unsup
    1003 token-ring-default                act/unsup
    1004 fddinet-default                   act/unsup
    1005 trnet-default                     act/unsup
    
    
    !--- Output suppressed.
    
    

    Note: The ports that display are only those ports that you have configured as Layer 2 nontrunk (access) ports. The ports that are configured to be trunk and that are in the 'notconnected' status also show up in the show vlan output. For details, refer to the Configuring LAN Interfaces for Layer 2 Switching section of Configuring LAN Ports for Layer 2 Switching.

  • show vtp status —This command displays general information about the VTP management domain, status, and counters.

    Cat6500# show vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 6
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    MD5 digest                      : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70
    Configuration last modified by 10.1.1.2 at 0-0-00 00:00:00
  • ping

    Cat6500# ping 10.1.1.1
     
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Troubleshoot

There is currently no specific troubleshooting information available for this configuration. For common problems that relate to trunking and 802.1Q configuration, refer to the Common Errors section of the document Trunking Between Catalyst 4500/4000, 5500/5000, and 6500/6000 Series Switches Using 802.1Q Encapsulation with Cisco CatOS System Software.

Related Information

Updated: Dec 12, 2006
Document ID: 10599