-
Catalyst 6500 Series Software Configuration Guide, 8.7
-
Catalyst 6500 Series Switch Software Configuration Guide (Full-book PDF)
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2/PFC3
-
Configuring MLS
-
Configuring Access Control
-
Configuring NDE
-
Configuring GVRP
-
Configuring MVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Configuring Online Diagnostics
-
Administering the Switch
-
Configuring Redundancy
-
Configuring NSF with SSO MSFC Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring DHCP Snooping and IP Source Guard
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring Switch Access Using AAA
-
Configuring 802.1x Authentication
-
Configuring MAC Authentication Bypass
-
Configuring Web-Based Proxy Authentication
-
Tracking Host Aging
-
Configuring Network Admission Control
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN, RSPAN and the Mini Protocol Analyzer
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Configuring aCEF
-
Configuring MSFC IOS Features
-
Acronyms
-
Table Of Contents
Configuring Ethernet VLAN Trunks
Understanding How VLAN Trunks Work
Trunking Modes and Encapsulation Type
802.1Q Trunk Configuration Guidelines and Restrictions
Configuring an ISL/802.1Q Negotiating Trunk Port
Defining the Allowed VLANs on a Trunk
Enabling 802.1Q Tagging of Native VLAN Traffic
Disabling 802.1Q Tagging on Specific Ports
Specifying a Custom 802.1Q EtherType Field
Returning a Custom 802.1Q EtherType Field to the Standard EtherType
Example VLAN Trunk Configurations
ISL Trunk Configuration Example
ISL Trunk Over EtherChannel Link Example
802.1Q Trunk Over EtherChannel Link Example
Load-Sharing VLAN Traffic Over Parallel Trunks Example
Configuring Ethernet VLAN Trunks
This chapter describes how to configure Ethernet VLAN trunks on the Catalyst 6500 series switches.
Note
For complete information on configuring VLANs, see Chapter 11, "Configuring VLANs."
Note
This chapter consists of these sections:
•
•
Understanding How VLAN Trunks Work
These sections describe how VLAN trunks work on the Catalyst 6500 series switches:
•
•
Trunking Overview
A trunk is a point-to-point link between one or more Ethernet switch ports and another networking device such as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.
Two trunking encapsulations are available on all Ethernet ports:
•
•
You can configure a trunk on a single Ethernet port or on an EtherChannel bundle. For more information about EtherChannel, see Chapter 6, "Configuring EtherChannel."
Ethernet trunk ports support five different trunking modes (see Table 5-1). In addition, you can specify whether the trunk will use ISL encapsulation, 802.1Q encapsulation, or whether the encapsulation type will be autonegotiated.
For trunking to be autonegotiated, the ports must be in the same VLAN Trunking Protocol (VTP) domain. However, you can use the on or nonegotiate mode to force a port to become a trunk, even if it is in a different domain. For more information on VTP domains, see Chapter 10, "Configuring VTP."
Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP). DTP supports autonegotiation of both ISL and 802.1Q trunks.
Trunking Modes and Encapsulation Type
Note
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/relnotes/index.htmTable 5-1 lists the trunking modes that are used with the set trunk command and describes how they function on Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet ports.
Table 5-2 lists the encapsulation types that are used with the set trunk command and describes how they function on Ethernet ports. You can enter the show port capabilities command to determine which encapsulation types that a particular port supports.
The trunking mode, the trunk encapsulation type, and the hardware capabilities of the two connected ports determine whether a trunk link comes up and the type of trunk the link becomes. Table 5-3 shows the result of the possible trunking configurations.
Table 5-3 Results of Possible Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Trunk Configurations
isl or dot1q
isl
isl
isl
dot1q
dot1q
dot1q
negotiate
negotiateoff
isl or dot1qLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
1Q trunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
Nontrunkon
islLocal:
NontrunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
1Q trunk1Neighbor:
ISL trunk1Local:
NontrunkNeighbor:
ISL trunkLocal:
NontrunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkdesirable
islLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
1Q trunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkauto
islLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
NontrunkNeighbor:
NontrunkLocal:
1Q trunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
NontrunkNeighbor:
Nontrunkon
dot1qLocal:
NontrunkNeighbor:
1Q trunkLocal:
ISL trunk1Neighbor:
1Q trunk1Local:
NontrunkNeighbor:
1Q trunkLocal:
NontrunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkdesirable
dot1qLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkauto
dot1qLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
NontrunkNeighbor:
NontrunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
NontrunkNeighbor:
NontrunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
NontrunkNeighbor:
Nontrunkdesirable negotiate
Local:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkauto
negotiateLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
NontrunkNeighbor:
NontrunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
1Q trunkNeighbor:
1Q trunkLocal:
NontrunkNeighbor:
NontrunkLocal:
ISL trunkNeighbor:
ISL trunkLocal:
NontrunkNeighbor:
Nontrunk
1 Using this configuration can result in spanning tree loops and is not recommended.
Note
802.1Q Trunk Configuration Guidelines and Restrictions
The following configuration guidelines and restrictions apply when using 802.1Q trunks and impose some limitations on the trunking strategy for a network:
•
•
•
•
When you connect a Cisco switch to a non-Cisco switch, the CST is always on VLAN 1. The Cisco switch sends an untagged IEEE BDPU (01-80-C2-00-00-00) on VLAN 1 for the CST. On the native VLAN, the Cisco switch sends an untagged Cisco BPDU (01-00-0C-CC-CC-CC) which the non-Cisco switch forwards but does not act on (the IEEE BPDU is not forwarded on the native VLAN).
•
•
•
Default Trunk Configuration
Table 5-4 shows the default Ethernet trunk configuration.
Table 5-4 Default Ethernet Trunk Configuration
Trunk mode
auto
Trunk encapsulation
negotiate
Allowed VLAN range
VLANs 1-1005, 1025-40941
1 With software release 8.3(1) and later releases, instead of reserved VLANs, we now have only user and internal VLANs. VLAN manager no longer permanently sets aside VLANs for features that require them; they are now dynamically assigned as needed. The entire VLAN range (1 to 4094) is now available for user (and internal) VLANs.
Configuring a Trunk Link
These sections describe how to configure a trunk link on Ethernet ports and how to define the allowed VLAN range on a trunk:
•
•
•
•
•
•
Configuring an ISL Trunk
To configure an ISL trunk, perform this task in privileged mode:
Step 1
Configure an ISL trunk.
set trunk mod/port [on | off | desirable | auto | nonegotiate] isl
Step 2
Verify the trunking configuration.
show trunk [mod/port]
This example shows how to configure a port as a trunk and verify the trunk configuration. This example assumes that the neighboring port is in auto mode:
Console> (enable) set trunk 1/1 onPort(s) 1/1 trunk mode set to on.Console> (enable) 06/16/1998,22:16:39:DTP-5:Port 1/1 has become isl trunk06/16/1998,22:16:40:PAGP-5:Port 1/1 left bridge port 1/1.06/16/1998,22:16:40:PAGP-5:Port 1/1 joined bridge port 1/1.Console> (enable) show trunkPort Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------1/1 on isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------1/1 1-1005, 1025-4094Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------1/1 1,521-524Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------1/1Console> (enable)This example shows how to place a port in desirable mode and verify the trunk configuration. This example assumes that the neighboring port is in auto mode:
Console> (enable) set trunk 1/2 desirablePort(s) 1/2 trunk mode set to desirable.Console> (enable) 06/16/1998,22:20:16:DTP-5:Port 1/2 has become isl trunk06/16/1998,22:20:16:PAGP-5:Port 1/2 left bridge port 1/2.06/16/1998,22:20:16:PAGP-5:Port 1/2 joined bridge port 1/2.Console> (enable) show trunk 1/2Port Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------1/2 desirable isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------1/2 1-1005, 1025-4094Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------1/2 1,521-524Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------1/2Console> (enable)Configuring an 802.1Q Trunk
To configure an 802.1Q trunk, perform this task in privileged mode:
Step 1
Configure an 802.1Q trunk.
set trunk mod/port [on | off | desirable | auto | nonegotiate] dot1q
Step 2
Verify the trunking configuration.
show trunk [mod/port]
This example shows how to configure an 802.1Q trunk and verify the trunk configuration:
Console> (enable) set trunk 2/9 desirable dot1qPort(s) 2/9 trunk mode set to desirable.Port(s) 2/9 trunk type set to dot1q.Console> (enable) 07/02/1998,18:22:25:DTP-5:Port 2/9 has become dot1q trunkConsole> (enable) show trunkPort Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------2/9 desirable dot1q trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------2/9 1-1005, 1025-4094Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------2/9 1,5,10-32,101-120,150,200,250,300,400,500,600,700,800,900,1000Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------2/9 5,10-32,101-120,150,200,250,300,400,500,600,700,800,900,1000Console> (enable)Configuring an ISL/802.1Q Negotiating Trunk Port
To configure a trunk port to negotiate the trunk encapsulation type (either ISL or 802.1Q), perform this task in privileged mode:
This example shows how to configure a port to negotiate the encapsulation type and verify the trunk configuration. This example assumes that the neighboring port is in auto mode with encapsulation set to isl or negotiate.
Console> (enable) set trunk 4/11 desirable negotiatePort(s) 4/11 trunk mode set to desirable.Port(s) 4/11 trunk type set to negotiate.Console> (enable) show trunk 4/11Port Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------4/11 desirable n-isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------4/11 1-1005,1025-4094Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------4/11 1,5,10-32,55,101-120,998-1000Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------4/11 1,5,10-32,55,101-120,998-1000Console> (enable)Defining the Allowed VLANs on a Trunk
When you configure a trunk port, all VLANs are added to the allowed VLANs list for that trunk. However, you can remove VLANs from the allowed list to prevent traffic for those VLANs from passing over the trunk.
Note
In software releases prior to software release 8.3(1), to define the allowed VLANs list for a trunk port, perform this task in privileged mode:
This example shows how to define the allowed VLANs list to allow VLANs 1-100, VLANs 500-1005, and VLAN 2500 on trunk port 1/1 and verify the allowed VLAN list for the trunk:
Console> (enable) clear trunk 1/1 101-499Removing Vlan(s) 101-499 from allowed list.Port 1/1 allowed vlans modified to 1-100,500-1005.Console> (enable) set trunk 1/1 2500Adding vlans 2500 to allowed list.Port(s) 1/1 allowed vlans modified to 1-100,500-1005,2500.Console> (enable) show trunk 1/1Port Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------1/1 desirable isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------1/1 1-100, 500-1005,2500Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------1/1 1,521-524Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------1/1 1,521-524Console> (enable)In software release 8.3(1) and later releases, if you want to configure a trunk but do not want to allow any VLANs on the trunk, enter the none keyword as follows:
Console> (enable) set trunk 7/1 on none dot1qRemoving Vlan(s) 1-4094 from allowed list.Port 7/1 allowed vlans modified to none.Port(s) 7/1 trunk mode set to on.Port(s) 7/1 trunk type set to dot1q.Console> (enable)Disabling a Trunk Port
To turn off trunking on a port, perform this task in privileged mode:
Step 1
Turn off trunking on a port.
set trunk mod/port off
Step 2
Verify the trunking configuration.
show trunk [mod/port]
To return a port to the default trunk type and mode for that port type, perform this task in privileged mode:
Step 1
Return the port to the default trunking type and mode for that port type.
clear trunk mod/port
Step 2
Verify the trunking configuration.
show trunk [mod/port]
Disabling VLAN 1 on Trunks
On the Catalyst 6500 series switches, VLAN 1 is enabled by default to allow control protocols to transmit and receive packets across the network topology. However, when VLAN 1 is enabled on trunk links in a large complex network, the impact of broadcast storms increases. Because spanning tree applies to the entire network, spanning-tree loops might increase when you enable VLAN 1 on all trunk links. To prevent this scenario, you can disable VLAN 1 on trunk interfaces.
When you disable VLAN 1 on a trunk interface, no user traffic is transmitted and received across that trunk interface, but the supervisor engine continues to transmit and receive packets from control protocols such as Cisco Discovery Protocol (CDP), VTP, Port Aggregation Protocol (PAgP), and DTP.
When a trunk port with VLAN 1 disabled becomes a nontrunk port, it is added to the native VLAN. If the native VLAN is VLAN 1, the port is enabled and added to VLAN 1.
To disable VLAN 1 on a trunk interface, perform this task in privileged mode:
Step 1
Disable VLAN 1 on the trunk interface.
clear trunk mod/port [vlan-range]
Step 2
Verify the allowed VLAN list for the trunk.
show trunk [mod/port]
This example shows how to disable VLAN 1 on a trunk link and verify the configuration:
Console> (enable) clear trunk 8/1 1Removing Vlan(s) 1 from allowed list.Port 8/1 allowed vlans modified to 2-1005. Console> (enable) show trunk 8/1Port Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------8/1 on isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------8/1 2-1005, 1025-4094Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------8/1 2-6,10,20,50,100,152,200,300,400,500,521,524,570,776,801-802,850,917,999,1003,1005Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------8/1 2-6,10,20,50,100,152,200,300,400,500,521,524,570,776,802,850,917,999,1003,1005Console> (enable) show configEnabling 802.1Q Tagging of Native VLAN Traffic
The set dot1q-all-tagged enable command is a global command that configures a switch to forward all frames from 802.1Q trunks with 802.1Q tagging, including traffic in the native VLAN (default VLAN), and admit only 802.1Q tagged frames on 802.1Q trunks, dropping any untagged traffic, including untagged traffic in the native VLAN. You can enter this command on any switch that needs to support 802.1Q tunneling with 802.1Q trunks.
To configure the switch to forward all 802.1Q tagged frames on 802.1Q trunks, perform this task in privileged mode:
Step 1
Enable the switch to forward all 802.1Q tagged frames.
set dot1q-all-tagged [enable | disable]
Step 2
Verify the configuration.
show dot1q-all-tagged
This example shows how to enable the switch to forward all 802.1Q traffic and verify the configuration:
Console> (enable) set dot1q-all-tagged enableDot1q-all-tagged feature enabled globally.Console> (enable) show dot1q-all-taggedDot1q-all-tagged feature globally enabled.Console> (enable)Disabling 802.1Q Tagging on Specific Ports
The set port dot1q-all-tagged mod/port enable | disable command allows you to disable 802.1Q tagging on specific ports. Enter the set port dot1q-all-tagged disable command to selectively disable 802.1Q tagging on ports that connect to the devices that do not support 802.1Q tagged traffic. If you enable or disable 802.1Q tagging on an EtherChannel port, the configuration is applied to all ports in the channel.
Note
If you entered the global set dot1q-all-tagged enable command, the per-port setting controls whether frames are tagged.
Note
To disable the forwarding of 802.1Q tagged frames on specific ports, perform this task in privileged mode:
This example shows how to disable the forwarding of 802.1Q tagged frames on port 3/2 and verify the configuration:
Console> (enable) set port dot1q-all-tagged 3/2 disablePackets on native vlan will not be tagged on port 3/2.Console> (enable) show port dot1q-all-taggedDot1q-all-tagged feature globally enabled.Port Dot1q-all-tagged mode---- ---------------------2/1 enable2/2 enable3/1 enable3/2 disable3/3 enable3/4 enable3/5 enable<output truncated>Specifying a Custom 802.1Q EtherType Field
Note
Note
Note
Note
By specifying a custom EtherType field, your network can support Cisco and non-Cisco switches that do not use the standard 0x8100 EtherType to identify 802.1Q-tagged frames. When you specify a custom EtherType field, you can identify 802.1Q tagged frames and switch the frames to a specified VLAN. The two bytes immediately following the EtherType are interpreted as a standard 802.1Q tag. Specify the value of the two-byte EtherType field in hexadecimal. The default value is 8100.
To specify a custom 802.1Q EtherType value in the 802.1Q tag, perform this task in privileged mode:
Step 1
Specify a custom EtherType field for a port.
set port dot1q-ethertype mod/port {value | default}
Step 2
Verify the configuration.
show port dot1q-ethertype [mod | mod/port]
This example shows how to set the 802.1Q EtherType to 0x1234 on port 2/1 and verify the configuration:
Console> (enable) set port dot1q-ethertype 2/1 1234All the group ports 2/1-2 associated with port 2/1 will be modified.Do you want to continue (y/n) [n]?yDot1q Ethertype value set to 0x1234 on ports 2/1-2.Console> (enable)Console> (enable) show port dot1q-ethertype 2/1Port Dot1q ethertype value---- ---------------------2/1 1234Console> (enable)Returning a Custom 802.1Q EtherType Field to the Standard EtherType
The set port dot1q-ethertype mod/port {value | default} command is the only command that is required to return the custom 802.1Q EtherType field to the standard EtherType field (0x8100).
To return the custom EtherType field to the default value (0x8100), perform this task in privileged mode:
This example shows how to return the 802.1Q EtherType field to the standard EtherType field (0x8100) on port 2/1 and verify the configuration:
Console> (enable) set port dot1q-ethertype 2/1 defaultAll the group ports 2/1-2 associated with port 2/1 will be modified.Do you want to continue (y/n) [n]?yDot1q Ethertype value set to 0x8100 on ports 2/1-2.Console> (enable)Console> (enable) show port dot1q-ethertype 2/1Port Dot1q ethertype value---- ---------------------2/1 8100Console> (enable)Example VLAN Trunk Configurations
This section contains example VLAN trunk configurations:
•
•
•
•
ISL Trunk Configuration Example
This example shows how to configure an ISL trunk between two switches and limit the allowed VLANs on the trunk to VLAN 1 and VLANs 520-530.
In this example, port 1/1 on Switch 1 is connected to a Fast Ethernet port on another switch. Both ports are in their default state, with the trunk mode set to auto (for more information, see the "Default Trunk Configuration" section).
To configure an ISL trunk between two switches and limit the allowed VLANs on the trunk to VLAN 1 and VLANs 520-530, perform these steps:
Step 1
Switch1> (enable) set trunk 1/1 desirablePort(s) 1/1 trunk mode set to desirable.Switch1> (enable) 06/18/1998,12:20:23:DTP-5:Port 1/1 has become isl trunk06/18/1998,12:20:23:PAGP-5:Port 1/1 left bridge port 1/1.06/18/1998,12:20:23:PAGP-5:Port 1/1 joined bridge port 1/1.Switch1> (enable)Step 2
Switch1> (enable) show trunk 1/1Port Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------1/1 desirable isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------1/1 1-1005, 1025-4094Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------1/1 1,521-524Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------1/1Switch1> (enable)Step 3
Switch1> (enable) clear trunk 1/1 2-519Removing Vlan(s) 2-519 from allowed list.Port 1/1 allowed vlans modified to 1,520-1005.Switch1> (enable) clear trunk 1/1 531-1005Removing Vlan(s) 531-1005 from allowed list.Port 1/1 allowed vlans modified to 1,520-530.Switch1> (enable) show trunk 1/1Port Mode Encapsulation Status Native vlan-------- ----------- ------------- ------------ -----------1/1 desirable isl trunking 1Port Vlans allowed on trunk-------- ---------------------------------------------------------------------1/1 1,520-530Port Vlans allowed and active in management domain-------- ---------------------------------------------------------------------1/1 1,521-524Port Vlans in spanning tree forwarding state and not pruned-------- ---------------------------------------------------------------------1/1 1,521-524Switch1> (enable)Step 4
Switch1> (enable) ping switch2switch2 is aliveSwitch1> (enable)
ISL Trunk Over EtherChannel Link Example
This example shows how to configure an ISL trunk over an EtherChannel link between two switches.
Figure 5-1 shows two switches that are connected through two 100BASE-TX Fast Ethernet ports.
Figure 5-1 ISL Trunk Over Fast EtherChannel Link
To configure the switches to form a two-port EtherChannel bundle and then configure the EtherChannel bundle as an ISL trunk link, perform these steps:
Step 1
Switch_A> (enable) show port channelNo ports channellingSwitch_A> (enable) show trunkNo ports trunking.Switch_A> (enable)Switch_B> (enable) show port channelNo ports channellingSwitch_B> (enable) show trunkNo ports trunking.Switch_B> (enable)Step 2
Switch_A> (enable) set port channel 1/1-2 desirablePort(s) 1/1-2 channel mode set to desirable.Switch_A> (enable) %PAGP-5-PORTFROMSTP:Port 1/1 left bridge port 1/1%PAGP-5-PORTFROMSTP:Port 1/2 left bridge port 1/2%PAGP-5-PORTFROMSTP:Port 1/2 left bridge port 1/2%PAGP-5-PORTTOSTP:Port 1/1 joined bridge port 1/1-2%PAGP-5-PORTTOSTP:Port 1/2 joined bridge port 1/1-2Switch_B> (enable) %PAGP-5-PORTFROMSTP:Port 3/1 left bridge port 3/1%PAGP-5-PORTFROMSTP:Port 3/2 left bridge port 3/2%PAGP-5-PORTFROMSTP:Port 3/2 left bridge port 3/2%PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1-2%PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/1-2Step 3
Switch_A> (enable) show port channel
