Connecting VLAN Trunks with 802.1Q
Problem
You want to connect an 802.1Q VLAN trunk directly to your router.
Solution
To connect an 802.1Q trunk to your router, use the following set of commands:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface FastEthernet1/0 Router2(config-if)#no ip address Router2(config-if)#speed 100 Router2(config-if)#full-duplex Router2(config-if)#exit Router2(config)#interface FastEthernet1/0.1 Router2(config-subif)#encapsulation dot1Q 1 native Router2(config-subif)#ip address 172.25.1.47 255.255.255.0 Router2(config-subif)#exit Router2(config)#interface FastEthernet1/0.2 Router2(config-subif)#encapsulation dot1Q 2 Router2(config-subif)#ip address 172.25.22.4 255.255.255.0 Router2(config-subif)#exit Router2(config)#interface FastEthernet1/0.3 Router2(config-subif)#encapsulation dot1Q 548 Router2(config-subif)#ip address 172.20.1.1 255.255.255.0 Router2(config-subif)#exit Router2(config)#end Router2#
Please note that to support 802.1Q features, your router must have an IOS level of at least 12.0(5)T, with the IP Plus feature set.
Discussion
The configuration for 802.1Q trunks is almost identically to the ISL configuration we discussed in Recipe 16.12. Please refer to that recipe for a more detailed discussion of trunking in general.
The most important difference between ISL and 802.1Q trunks is that 802.1Q is an IEEE open standard. If all of your switches and routers were manufactured by Cisco, you can easily use ISL without fear of conflict. However, if you ever need to connect a trunk link to a piece of equipment from a different vendor, you may find that 802.1Q is the only option. Further, many organizations prefer to use open standard protocols as a matter of policy, even if all of their equipment happens to come from the same vendor.
One of the important but subtle differences between ISL and 802.1Q is the number of VLANs supported. ISL supports VLAN ID numbers 1 through 1000, while 802.1Q allows values from 1 through 4095. While it is unlikely that you will ever run out of VLAN numbers with either scheme, some early IOS versions, and many early switch versions, implemented 802.1Q as if it were ISL under the covers. The result is that some older devices may only support 802.1Q VLAN ID numbers between 1 and 1000. So you may find that you are not able to use any of the higher range of values. This limitation does not exist on newer versions of Cisco equipment, but we recommend being careful to avoid interoperability problems.
You configure 802.1Q by creating subinterfaces and using the encapsulation command with the dot1Q keyword to assign the subinterface to a particular VLAN:
Router2(config)#interface FastEthernet1/0.2 Router2(config-subif)#encapsulation dot1Q 2 Router2(config-subif)#ip address 172.25.22.4 255.255.255.0
The number after the dot1Q keyword is the VLAN number that you wish to associate with this subinterface.
The only tricky part of configuring 802.1Q is defining the native VLAN. This often causes problems for network administrators. The native VLAN is the master VLAN assigned to the interface, and it must match the native VLAN configured on the switch. The native VLAN is the only VLAN whose frames do not contain an 802.1Q VLAN tag in their Layer 2 frame headers. So if you connect two devices through an 802.1Q trunk, and they don't agree on which is the native VLAN, you will effectively merge the two native VLANs together, which is almost certainly not what you want to do.
In our example, VLAN 1 is the native VLAN, which we define using the native keyword, as follows:
Router2(config)#interface FastEthernet1/0.1 Router2(config-subif)#encapsulation dot1Q 1 native
The default native VLAN on many switches is VLAN number 1. But, you can easily configure a different native VLAN. For example, we could use the following set of commands to reconfigure VLAN number 2 as the native VLAN:
Router2(config)#interface FastEthernet1/0.1 Router2(config-subif)#encapsulation dot1Q 1 Router2(config-subif)#exit Router2(config)#interface FastEthernet1/0.2 Router2(config-subif)#encapsulation dot1Q 2 native Router2(config-subif)#exit
It's important to remember that there can only be one native VLAN at a time, and that whatever you configure on the router must match what is configured on the switch. It is not safe to simply assume that VLAN number 1 will always be the native VLAN.
You can use the show vlans command to see information about all VLANs configured on your router:
Router2#show vlans Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet1/0.1 This is configured as native Vlan for the following interface(s) : FastEthernet1/0 Protocols Configured: Address: Received: Transmitted: IP 172.25.1.47 4974 3149 Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet1/0.2 Protocols Configured: Address: Received: Transmitted: IP 172.25.22.4 548 617 Virtual LAN ID: 548 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet1/0.3 Protocols Configured: Address: Received: Transmitted: IP 172.20.1.1 0 613 Router2#
This command output shows the configured VLANs and identifies which VLAN is defined as native. To view a specific 802.1Q subinterface, use the show interface command:
Router2#show interface FastEthernet1/0.1 FastEthernet1/0.1 is up, line protocol is up Hardware is AmdFE, address is 00e0.1e84.5131 (bia 00e0.1e84.5131) Internet address is 172.25.1.47/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation 802.1Q Virtual LAN, Vlan ID 1. ARP type: ARPA, ARP Timeout 04:00:00 Router2#
See Also
Recipe 16.12