Connecting VLAN Trunks with 802.1Q

Connecting VLAN Trunks with 802.1Q

Problem

You want to connect an 802.1Q VLAN trunk directly to your router.

Solution

To connect an 802.1Q trunk to your router, use the following set of commands:

Router2#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet1/0
Router2(config-if)#no ip address
Router2(config-if)#speed 100
Router2(config-if)#full-duplex
Router2(config-if)#exit
Router2(config)#interface FastEthernet1/0.1
Router2(config-subif)#encapsulation dot1Q 1 native
Router2(config-subif)#ip address 172.25.1.47 255.255.255.0
Router2(config-subif)#exit
Router2(config)#interface FastEthernet1/0.2
Router2(config-subif)#encapsulation dot1Q 2
Router2(config-subif)#ip address 172.25.22.4 255.255.255.0
Router2(config-subif)#exit
Router2(config)#interface FastEthernet1/0.3
Router2(config-subif)#encapsulation dot1Q 548
Router2(config-subif)#ip address 172.20.1.1 255.255.255.0
Router2(config-subif)#exit
Router2(config)#end
Router2#

Please note that to support 802.1Q features, your router must have an IOS level of at least 12.0(5)T, with the IP Plus feature set.

Discussion

The configuration for 802.1Q trunks is almost identically to the ISL configuration we discussed in Recipe 16.12. Please refer to that recipe for a more detailed discussion of trunking in general.

The most important difference between ISL and 802.1Q trunks is that 802.1Q is an IEEE open standard. If all of your switches and routers were manufactured by Cisco, you can easily use ISL without fear of conflict. However, if you ever need to connect a trunk link to a piece of equipment from a different vendor, you may find that 802.1Q is the only option. Further, many organizations prefer to use open standard protocols as a matter of policy, even if all of their equipment happens to come from the same vendor.

One of the important but subtle differences between ISL and 802.1Q is the number of VLANs supported. ISL supports VLAN ID numbers 1 through 1000, while 802.1Q allows values from 1 through 4095. While it is unlikely that you will ever run out of VLAN numbers with either scheme, some early IOS versions, and many early switch versions, implemented 802.1Q as if it were ISL under the covers. The result is that some older devices may only support 802.1Q VLAN ID numbers between 1 and 1000. So you may find that you are not able to use any of the higher range of values. This limitation does not exist on newer versions of Cisco equipment, but we recommend being careful to avoid interoperability problems.

You configure 802.1Q by creating subinterfaces and using the encapsulation command with the dot1Q keyword to assign the subinterface to a particular VLAN:

Router2(config)#interface FastEthernet1/0.2
Router2(config-subif)#encapsulation dot1Q 2
Router2(config-subif)#ip address 172.25.22.4 255.255.255.0

The number after the dot1Q keyword is the VLAN number that you wish to associate with this subinterface.

The only tricky part of configuring 802.1Q is defining the native VLAN. This often causes problems for network administrators. The native VLAN is the master VLAN assigned to the interface, and it must match the native VLAN configured on the switch. The native VLAN is the only VLAN whose frames do not contain an 802.1Q VLAN tag in their Layer 2 frame headers. So if you connect two devices through an 802.1Q trunk, and they don't agree on which is the native VLAN, you will effectively merge the two native VLANs together, which is almost certainly not what you want to do.

In our example, VLAN 1 is the native VLAN, which we define using the native keyword, as follows:

Router2(config)#interface FastEthernet1/0.1
Router2(config-subif)#encapsulation dot1Q 1 native

The default native VLAN on many switches is VLAN number 1. But, you can easily configure a different native VLAN. For example, we could use the following set of commands to reconfigure VLAN number 2 as the native VLAN:

Router2(config)#interface FastEthernet1/0.1
Router2(config-subif)#encapsulation dot1Q 1
Router2(config-subif)#exit
Router2(config)#interface FastEthernet1/0.2
Router2(config-subif)#encapsulation dot1Q 2 native
Router2(config-subif)#exit

It's important to remember that there can only be one native VLAN at a time, and that whatever you configure on the router must match what is configured on the switch. It is not safe to simply assume that VLAN number 1 will always be the native VLAN.

You can use the show vlans command to see information about all VLANs configured on your router:

Router2#show vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet1/0.1

This is configured as native Vlan for the following interface(s) :
FastEthernet1/0

Protocols Configured: Address: Received: Transmitted:
IP 172.25.1.47 4974 3149

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet1/0.2

Protocols Configured: Address: Received: Transmitted:
IP 172.25.22.4 548 617

Virtual LAN ID: 548 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet1/0.3

Protocols Configured: Address: Received: Transmitted:
IP 172.20.1.1 0 613

Router2#

This command output shows the configured VLANs and identifies which VLAN is defined as native. To view a specific 802.1Q subinterface, use the show interface command:

Router2#show interface FastEthernet1/0.1
FastEthernet1/0.1 is up, line protocol is up
Hardware is AmdFE, address is 00e0.1e84.5131 (bia 00e0.1e84.5131)
Internet address is 172.25.1.47/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1.
ARP type: ARPA, ARP Timeout 04:00:00
Router2#

See Also