What is a trunk port, and how do they help your network?
Relevant CCNA Topics Covered: Interconnecting Cisco Networking Devices Part 1 (100-105) Section 2.0
A trunk port is a port that has the ability to switch frames on multiple vlans. Switchports assigned to only one vlan are called access ports, and can be statically assigned this status with the interface command cmd#switchport mode access & cmd#switchport access vlan <vlan id>. Trunk ports can be statically assigned, as well as negotiated with DTP (Dynamic Trunking Protocol). IEEE 802.1Q trunks insert a 4-Byte tag into the frame to identify the vlan in which traffic is being sent/received. Let’s examine and discuss a trunk port connecting two switches. We’ll assume for now that both ports involved are statically configured as trunk ports with the cmd#switchport mode trunk. When I connect the cable to both switches, whether straight-through or crossover (more info on why a straight-through will work click here), both ports should come up as trunk ports. Now let’s say that I have two vlans, five and ten, configured on both switches with a host in each vlan per switch as indicated below.
When PC1 sends a packet towards PC3 it is encapsulated in a standard 802.2 Ethernet frame and handed off to Switch 1. Once the switchport on SW1 receives the frame it searches it’s CAM table for the destination MAC address of PC3 which should have an entry pointing to the 802.1Q trunk port. If there is no entry in the cam table, the frame is flooded out of all ports operating within vlan 5 which includes the trunk port. Once SW1 decides to switch the frame out of the trunk port it injects a 4-Byte tag containing the vlan id it wishes SW2 to use once it receives the frame. SW2, upon receipt of the frame, inspects the vlan id contained in the tag, removes the tag from the frame, and search it’s cam table within vlan 5 for the destination MAC. Once it finds the entry it switches the packet to the port for PC3.
Switches that strictly operate at layer 2 cannot switch packets between vlans. With the topology I have built above, assuming both switches are operating at layer 2 only, if PC1 wanted to communicate with PC4 or PC2 it would be unable to do so. There would need to be a layer 3 device in the topology to facilitate the inter-vlan communication. Generally each vlan or broadcast domain will have it’s own unique IP subnet allotted for intra-vlan communication. The default gateway for these devices would be the layer 3 device on the lan that would facilitate this inter-vlan communication. This layer 3 device, whether it be a router or layer 3 switch is responsible for the layer 2 rewrite required for the inter-vlan communication. Meaning when PC1 goes to send a packet to PC4 it will set the destination mac address in the frame to the default gateway indicated in its IP configuration. The router or switch will receive this packet on a trunk port with a 802.1Q tag for vlan 5, then de-encapsulate the frame inspecting the IP packet within for the destination IP address. It will then re-encapsulate the packet with a new frame which has the destination mac address for PC4, and insert an 802.1q tag for vlan 10. This is the layer 2 rewrite process which can only be done by a layer 3 device.
I hope this post helped you to understand the role of 802.1q trunk ports within the lan, let me know if you have any questions!
-Eric