elephant-trunk-girls-face

And so the Elephant begins the Trunking negotiation with the humans face!

First I will tackle both modes and encapsulation types using IOS help, review as I go along, and a quick summary to wrap up both Modes and Encapsulations:

SW2(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dot1q-tunnel set trunking mode to TUNNEL unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
private-vlan Set private-vlan mode
trunk Set trunking mode to TRUNK unconditionally

Really there are really two “Trunk Modes” at this level, as “dynamic” continues on two the sub-commands shown below, “trunk” statically sets the port to actively Trunk with whatever it is plugged into, and “Access” mode configuration is a non-Trunk port which makes it a static or hard coded Access Port.

The two sub-commands for dynamic mode are illustrated here:

SW2(config-if)#switchport mode dynamic ?
auto Set trunking mode dynamic negotiation parameter to AUTO
desirable Set trunking mode dynamic negotiation parameter to DESIRABLE

As you will see in example just below this review, “Auto” is the default mode for a Dynamic Trunk interface which will only negotiate a Trunk if the remote side initiates, while “Desirable” will attempt to dynamically negotiate a Trunk with all “Trunk Types” except of course “Access” and the final mode “Nonegotiate” shown here:

SW1(config-if)#switchport ?
access Set access mode characteristics of the interface
autostate Include or exclude this port from vlan link up calculation

nonegotiate Device will not engage in negotiation protocol on this
interface
port-security Security related command

<cr>

This is actually considered to be a DTP mode, as its a function that turns off negotiation of Trunks on the local interface, however I’ve seen it called a 5th Trunking mode as well whereas it is also the 5th DTP mode as well (Auto, On, Off, Desirable, and Nonegotiate).

More on DTP in a future post all about it!

So to review modes:

  • “switchport mode access” configures interface as an access port, turns off trunking, not sure why this is even taught to be a trunking state in some materials
  • “switchport mode trunk” statically sets active Trunking on the interface, nothing dynamic about it, WILL form a Trunk with both Dynamic, Trunk, AND NoNegotiate interfaces
  • “switchport mode dynamic auto” is the default Trunking mode of the interface, more on that explained below
  • “switchport mode dynamic desirable” will dynamically attempt to negotiate Trunks with remote devices, will only form a Trunk if remote end is in a Dynamic mode (desirable or auto) or is in static Trunk mode
  • “switchport nonegotiate” turns off DTP but still allows Trunks to form if statically set to “Trunk” mode on both devices!

 

IMPORTANT TRUNKING BEHAVIORS BETWEEN DIFFERENT MODES:

 

With SW1 configured in static “Trunk” mode and SW2 set to Auto mode, I configured “switchport nonegotiate” on SW1s interface and found the following:

SW1(config-if)#switchport nonegotiate
SW1(config-if)#do sh int trunk

Port       Mode    Encapsulation     Status       Native vlan
Fa1/0/1    on           802.1q              Trunking     1

Port Vlans allowed on trunk
Fa1/0/1 1-4094

Port Vlans allowed and active in management domain
Fa1/0/1 1

Port Vlans in spanning tree forwarding state and not pruned
Fa1/0/1 1
SW1(config-if)#
ASR#2
[Resuming connection 2 to sw2 … ]
SW2(config-if)#
SW2(config-if)#do sh int trunk

Port         Mode     Encapsulation       Status        Native vlan
Fa1/0/1     auto             802.1q              trunking         1

It did not tear down the Trunk, even though the remote side is set to a Dynamic mode, because the negotiation is over and the Trunk is already formed.

However, if I shut / no shut the interface on SW2, we see some trouble:

SW2(config-if)#shut
SW2(config-if)#no shut
*Mar 1 00:53:00.565: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:53:02.537: %LINK-5-CHANGED: Interface FastEthernet1/0/1, changed state to administratively down
*Mar 1 00:53:03.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down
SW2(config-if)#
*Mar 1 00:53:07.796: %LINK-3-UPDOWN: Interface FastEthernet1/0/1, changed state to up
*Mar 1 00:53:11.462: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up
*Mar 1 00:53:11.554: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet1/0/1 VLAN1.
*Mar 1 00:53:11.554: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet1/0/1 on VLAN0001. Inconsistent port type.
SW2(config-if)#do sh int trunk
SW2(config-if)#

I highlighted in red the message you will see on the local switch in two scenarios:

  • Scenario A: The remote side is running in “switchport nonegotiate” and the local side is Dynamic (does not happen if Trunk is already formed / negotiatied)
  • Scenario B: The local side is set to “switchport mode access” – This causes it to bounce immediately with the error

I also highlighted in blue that there is now no Trunk interface on this side of the switch, however on SW1s side:

SW1(config-if)#shut
SW1(config-if)#no shut
SW1(config-if)#
*Mar 1 01:05:44.566: %LINK-3-UPDOWN: Interface FastEthernet1/0/1, changed state to down
*Mar 1 01:05:45.573: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down
*Mar 1 01:05:47.636: %LINK-3-UPDOWN: Interface FastEthernet1/0/1, changed state to up
*Mar 1 01:05:48.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up
SW1(config-if)#do sh int trunk

Port           Mode     Encapsulation    Status         Native vlan
Fa1/0/1         on            802.1q               trunking        1

This side will always show Fa1/0/1 in “trunking” Status and its mode as “On” even with the connected interface on the remote device set as an Access Port – This is due to it being configured with static “Trunk” mode and not a behavior of the “nonegotiate” config.

Also when working with these modes, interfaces configured in static “Trunk” mode will not appear in the VLAN table, so as long as the interface is configured with “switchport mode trunk” it will not be seen there.

On SW2 if either Scenario A or B from above happens, the interface is placed back into the VLAN table under its configured (or the default) VLAN, whether it is a Dynamic mode trunk that got rejected by its peer due to “nonegotiate” or whether it was made an Access port shown here:

SW1

SW1(config-if)#do sh vlan brief

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/2, Fa1/0/3, Fa1/0/4

SW2

SW2(config-if)#do sh vlan brief

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3

So that is something to keep in mind come exam day, as you may see a dynamic trunk configuration in running configuration output, but it may still have that interface sitting in a VLAN if no Trunk is formed on that interface!

 

Now to take a look at Trunking Encapsulation Types and Behaviors

 

First a quick review of the encapsulation types available for use via IOS help:

SW1(config-if)#switchport trunk encap ?
dot1q Interface uses only 802.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
negotiate Device will negotiate trunking encapsulation with peer on
interface

  • Dot1q – Industry Standard Trunking Encapsulation
  • ISL – Cisco Proprietary Trunking Encapsulation
  • Negotiate – Configured for interface configured with a dynamic “Mode” to negotiate the encapsulation type to be used (details below)

I removed all configs from both switch interfaces and will be starting new for this demo:

SW1(config-if)#
SW1(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.
SW1(config-if)#

Whoops! I did this on accident but demonstrates a good point! Before the “static” mode Trunk can be configured on an interface, it must have a “static” encapsulation type to use, which is either ISL or Dot1q.

You cannot configure the switchport in static “Trunk” mode after configuring the “negotiate” encapsulation type:

SW1(config-if)#switchport trunk encap negotiate
SW1(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.

All 3 of them can be set on an interface configured with a Dynamic mode, however if the other side is statically set to a different type of Trunk encapsulation there will be problems as demonstrated here between SW1 and SW2:

At first it forms the Trunk because SW2 is in “Auto” mode by default

SW1(config-if)#switchport trunk encap isl
SW1(config-if)#switchport mode trunk
SW1(config-if)#
ASR#2
[Resuming connection 2 to sw2 … ]

SW2(config-if)#do sh int trunk

Port         Mode    Encapsulation   Status        Native vlan
Fa1/0/1     auto           n-isl                 trunking          1

***Note the “n-” under Encapsulation means this side negotiated its encapsulation being used for this Trunk***

Now if I ruin this party by changing the Encapsulation on SW2 to Dot1q:

SW2(config-if)#switchport trunk encap dot1q
SW2(config-if)#
*Mar 1 02:02:34.342: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 02:02:35.324: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down
*Mar 1 02:02:38.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up
*Mar 1 02:03:04.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
SW2(config-if)#do sh int trunk
SW2(config-if)#

Note that it immediately drops the interface and brings it back up, and when it comes back up the interface is no longer forming a Trunk, and is back in its VLAN in the “sh vlan brief” table (I will spare the output to verify this).

So if you see an output with an interface configured in a Dynamic Mode with a Static Encapsulation set, be very wary of how you approach the question!

To correct this, simply set the interface Encapsulation to “negotiate” and you are back in business:

SW2(config-if)#switchport trunk encap negotiate
SW2(config-if)#
*Mar 1 02:11:22.791: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down
*Mar 1 02:11:24.997: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 02:11:25.794: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up
*Mar 1 02:11:54.819: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
SW2(config-if)#do sh int trunk

Port         Mode  Encapsulation   Status       Native vlan
Fa1/0/1     auto         n-isl                 trunking      1

It may take a few seconds for the interface to come back up, but it does eventually, with one exception to this which should be CCNA level knowledge but for the sake of being thorough – If both switches are in “Dynamic Auto” mode neither will initiate the Trunking process so no Trunk will form them. One side needs a different Trunk mode!

 

A  VERY useful Trunk verification command, “sh int (int #) switchport”

 

First I want to remove the Trunk configs from the interfaces again, and review the default output for an interface with the command “sh int (int #) switchport” :

SW2#sh int fa1/0/1 switchport
Name: Fa1/0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

 

 

  • Switchport Status – If the port is operational
  • Administrative Mode – This is currently the default (dynamic auto) but will change if configured differently to dynamic desirable, access, trunk, etc
  • Operational Mode – Its current “mode” of operation, currently an Access Port
  • Admin and Operational Encap – Shows the default Encapsulation type is “negotiate” and the current Encapsulation type “native” is also default
  • Trunking VLANs – Which VLANs are configured for the Trunk, which unless you filter any VLANs will be all of them by default
  • Voice VLANs – For later study, but is good to know it can be verified here
  • Pruning VLANs – STP related, also for later study, but in here as well

A few things here, first I wanted to demonstrate that the ideal way to skip directly to the interface you need is by using a pipe or | and the modifier “begin” which means begin the output matching the following criteria – That is why fa1/0/1 didn’t produce output because the interface is “Fa1/0/1” in the output.

When I say in the output, I mean if you type “sh int switchport” by itself it will list this information for every single interface, familiarizing one self with the pipe modifier to show commands is a good idea when labbing!

Now I highlighted in red the information we are looking at now, but also left the rest of the output, as in articles down the line I want it to be shown you can see voice vlan / private vlan / etc information with this command as well.

 

One final note for this section and I am done for the night!

 

One last thing I wanted to demonstrate to help you extract only info you need both in the real world and exam, some of these output modifiers will and will not work on certain devices, but I wanted to show you a list of ways to view any “show (something)” command and only view certain information:

SW2#sh run | ?
append Append redirected output to URL (URLs supporting append operation
only)
begin Begin with the line that matches
count Count number of lines which match regexp
exclude Exclude lines that match
format Format the output using the specified spec file
include Include lines that match
redirect Redirect output to URL
section Filter a section of output
tee Copy output to URL

SW2#sh run | section ?
LINE Regular Expression
exclude Exclude entire section(s) of output
include Include entire section(s) of output

SW2#sh run | section (something)

This may not work on exam day, so I wouldn’t fight with it during a simulation or simlet if its not returning output, I would advise just using the command to spill out all output onto the screen and manually jump to the segment you need.

Being that Dynamic Trunking Protocol (DTP) is what allows Dynamic Trunk negotiation to work, I will be hitting that in my next post, for more Cisco Switching fun!