April 5, 2009


1. Layer 2 switchport modes:

a. Access – one Vlan
b. Trunk – multiple Vlans
c. Tunnel – Transparent Layer 2 VPN
d. Dynamic (3560 dynamic auto, 3550 dynamic desirable) – DTP negotiation

*3560 and 3550 are both layer-3 switches: ip routing

2. Layer 3 Ports:

a. Switched Virtual Interface (SVI) => vlan interfaces
b. Native routed interfaces => Fast Ethernet interfaces

3. Example:

3550# sh run int f0/1
interface FastEthernet0/1
switchport mode dynamic desirable
no ip address

3550# sh int f0/1 switchport
Name: Fa0/1
Administrative Mode: dynamic desirable
Switchport: Enable <= running layer 2
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On

3550# sh cdp nei
Device ID Local Intrfce Holdtme Capability Platform Port ID
3550 Fas 0/1 172 S I WS-C3550-2 Fas 0/1

3560# sh int f0/5
Name: Fa0/5
Switchport: Enable
Administrative Mode: dynamic auto
Operational Mode: static access <= the other side didn’t initiate trunk, so it fell back to access mode
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On <= via DTP

4. Layer 2 Trunking

a. ISL – Cisco proprietary, all traffic tagged with ISL
b. 802.1q – Open standard, “Native” Vlan sent untagged => native vlan has to match on all switches and routers
c. DTP – Dynamic Trunking Protocol

*The goal of setting vlan is to separate broadcast domain.

5. Example:

3560# sh int trunk
Port Mode Encapsulation Status Natvie vlan
Fa0/5 desirable n-isl trunking 1
Fa0/6 auto n-isl trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/5 1-4094 <= means not doing any filtering by default
Fa0/6 1-4094

Port Vlans allowed and active in management domain
Fa0/5 1
Fa0/6 1

Port Vlans allowed and active in management domain
Fa0/1 1

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1 <= forwarding state
Fa0/5 none <= blocking state
Fa0/6 none <= blocking state

3560(config)#int f0/5
3560(config-if)#switchport trunk encapsulation dot1q

3560(config)#sh int trunk | in 802.1q
Fa0/4 auto n-802.1q trunking 1
Fa0/5 desirable n-802.1q trunking 1

*Vlan 1 can’t be removed from “Vlans allowed on trunk list”.

6. You can tag vlan 1 if other devices do not support untagged traffic:

SW1(config)# vlan dot1q tag native


