Trunking VLAN Communication Between Switches

Trunking (VLAN Communication Between Switches)

📌 What is Trunking?

A trunk port is a switch port that carries traffic for multiple VLANs using 802.1Q tagging.

👉 Simple:

“One cable, multiple VLANs”

🎯 What You Will Learn

• VLAN communication across switches
• 802.1Q tagging
• Access vs Trunk port difference

🧪 Lab Setup (Build in Cisco Packet Tracer)

🔹 Topology

• 2 Switches (2960)
• 4 PCs

🔹 VLAN Plan

⚙️ Step 1: Assign IP Addresses

⚙️ Step 2: Create VLANs on BOTH Switches

Do this on Switch0 and Switch1

enable
configure terminal

vlan 10
name HR

vlan 20
name IT

exit

switch 0

switch 1

⚙️ Step 3: Assign Access Ports

🔹 Switch0

interface fa0/1
switchport mode access
switchport access vlan 10

interface fa0/2
switchport mode access
switchport access vlan 20

🔹 Switch1

interface fa0/1
switchport mode access
switchport access vlan 10

interface fa0/2
switchport mode access
switchport access vlan 20

⚙️ Step 4: Configure Trunk Port (MOST IMPORTANT)

Assume connection between switches is:

• Switch0 → Fa0/24
• Switch1 → Fa0/24

🔹 On BOTH switches:

interface fa0/24
switchport mode trunk

🧪 Step 5: Test Connectivity

✅ Same VLAN Across Switches (Should Work)

From PC0:

ping 192.168.10.2

✔ Success

❌ Different VLAN (Should Fail)

From PC0:

ping 192.168.20.2

❌ Failed (no routing yet)

If still facing issue 

✅ Step-by-Step Fix

🔌 1. Check Physical Connection (MOST IMPORTANT)

Make sure:

👉 You connected:

Switch0 Fa0/24 → Switch1 Fa0/24

✔ Use Copper Straight-Through

👉 If unsure:

• Delete cable
• Reconnect properly

🔄 2. Check Both Sides

Both ends must be connected:

• Switch0 Fa0/24 ✅
• Switch1 Fa0/24 ✅

👉 If one side is not connected → port stays DOWN

⚙️ 3. Enable Port (Just in case)

Run on BOTH switches:

• enable
• configure terminal
• interface fa0/24
• no shutdown

🔍 What Happens Internally?

• PC0 sends packet → Switch0
• Switch0 adds VLAN tag (802.1Q)
• Packet goes through trunk
• Switch1 reads VLAN tag
• Forwards to correct VLAN port

⚠️ Key Concepts (Very Important)

🔹 Access Port

Carries one VLAN only

🔹 Trunk Port

Carries multiple VLANs

🔹 VLAN Tagging

• Switch adds VLAN ID inside frame
• Helps identify which VLAN packet belongs to

⚠️ Common Mistakes

• ❌ VLAN not created on both switches
• ❌ Trunk not configured on both sides
• ❌ Wrong port numbers
• ❌ IP mismatch

❓ What protocol is used?

👉 IEEE 802.1Q

❓ Difference between access & trunk?

Access → single VLAN

Trunk → multiple VLANs

❓ Why trunking is needed?

👉 To connect multiple switches while maintaining VLAN separation

🧠 Real-World Example

Company has:

• Multiple floors
• Multiple switches

👉 VLANs must travel between switches

➡️ Trunking is used

NOTE - In Cisco Packet Tracer labs and real-world configurations, VLAN 99 is a common industry-standard placeholder used for two specific administrative purposes:

1. Management VLAN: It is frequently used to host the switch's Management IP address. By moving management traffic (SSH, Telnet, SNMP) to a dedicated VLAN like 99, you keep it separate from regular user data, which is a major security best practice.
2. Native VLAN: It is often designated as the Native VLAN on trunk links. The Native VLAN is responsible for handling all "untagged" traffic that passes through a trunk port.

Why use 10 and 20 instead of the default?

By default, Cisco switches use VLAN 1 for both management and native traffic. However, using the default is considered a security risk because:

1. VLAN Hopping: Attackers can exploit the default VLAN 1 to jump between different networks.
2. Control Traffic: Standard control protocols (like CDP or VTP) often use VLAN 1. Moving user and management data to a different ID like 99 prevents these streams from mixing.

Key Rules for VLAN 10 and 20

• Consistency: If you set VLAN 99 as the native VLAN on one switch, you must set it on the other side of the trunk as well. If they don't match, you will see a native VLAN mismatch error, which can cause connectivity issues.
• Logical ID: There is nothing "magic" about the number 99; it is just a common convention. You could technically use 100, 777, or any other valid ID.

✅ Why ping 192.168.10.2 WORKS

Because:

👉 PC0 and PC2 are in same VLAN (VLAN 10)

Even though they are on different switches:

• Trunk carries VLAN 10 traffic
• Switches forward frames based on MAC
• No routing needed

✔ So it works

❌ Why ping 192.168.20.2 FAILS from PC0

Because:

• 👉 PC0 is in VLAN 10
• 👉 PC3 is in VLAN 20

These are different networks

🔥 Simple Analogy (Very Important)

Think like this:

VLAN 10 = Room A

VLAN 20 = Room B

• 👉 Switch = hallway
• 👉 Trunk = connecting hallway between buildings

Case 1 (Working)

PC0 → PC2

Room A → Room A

✔ Allowed

Case 2 (Failing)

PC0 → PC3

Room A → Room B

❌ Door is closed (no router)

🎯 Core Rule

• 👉 Switch = Layer 2 → only works inside same VLAN
• 👉 Router = Layer 3 → required between VLANs

NOTE - Now the question is if “PC1 (192.168.20.1) is in same switch as PC0, so why not ping?”

• 👉 Same switch does NOT matter
• 👉 VLAN matters

So: 

Why ping between VLANs fails?

Answer:

Because switches operate at Layer 2 and cannot route traffic between different VLANs. Inter-VLAN routing requires a Layer 3 device like a router.

✅ What You Need to Do

To make this work:

👉 You must configure Inter-VLAN Routing so for this visit our another blog.

Disclaimer