As we use TRUNK port to pass multiple VLAN traffic (tagged) through single physical port. By default, TRUNK port allow all VLAN’s traffic to pass through it. TRUNK ports can be configured to allow only specific VLAN traffic to pass.
Starting with how to configure TRUNK port below are the commands:
Switch# configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk encapsulation {dot1q | isl}
Switch(config-if)#switchport mode trunk
In above configuration Port will allow every VLAN to pass traffic, we can restrict that and can configure Port to allow traffic for specific VLAN’s with below command.
Switch# configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan vlan-id,vlan-id,vlan-id
Now, sometime in production requirement raise to just add one more VLAN through the pre-defined Trunk port. If you add VLAN with above command it will erase all the previously defined VLAN’s and only keep VLAN ID which you added at last. So, there are two ways to add VLAN
- Re-write all the VLANs in the command “switchport trunk allowed vlan vlan-id,vlan-id,vlan-id “ including the new VLAN and paste it on the interface.
- Better way is to add VLAN with below command which will just add the new VLAN into trunk port and keep all the old one’s.
Switch# configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan add vlan-id,vlan-id,vlan-id
Same way to remove VLAN from pre-configured Trunk port use below commands:
Switch# configure terminal
Switch(config)#interface interface-id
Switch(config-if)#switchport trunk allowed vlan remove vlan-id,vlan-id,vlan-id
Verify:
To verify what VLANs are configured use following command:
Switch# show interfaces trunk
To Verify more details on the interface regarding encapsulation, mode use below command:
Switch# show interfaces interface-id switchport
Name: interface-id
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none