A trunk link is a Layer 2 connection that carries traffic from multiple VLANs between switches.
Without trunking, each VLAN would be confined to the switch in which it was created.Why Trunking Is Needed
To understand why trunking is important, let’s look at a simple example.
Below, two VLANs are created on two switches.
PC1 and PC3 belong to VLAN 10, but they are connected to different switches.
Figure 1 – VLANs on Different Switches
Even though both devices belong to VLAN 10, they still cannot communicate because they are located on separate switches.
To allow communication between these two devices, we need two things:
A physical link connects the switches.
802.1Q trunking is enabled on that link.
Figure 2 – Trunk Link Between Switches
Enabling trunking allows VLAN 10 and VLAN 20 traffic to pass through the inter-switch link.
This means that each VLAN can now extend beyond a single switch. For example, VLAN 10 on SW1 can reach VLAN 10 on SW2.How the Trunk Link Connects VLANs
Let’s walk through an example to see this in action.
PC1 send traffic to PC3.
SW1 receives the frame on interface F0/1, which is an access port in VLAN 10.
Since PC3 is connected to another switch, SW1 forwards the frame to SW2 over the trunk link.
Figure 3 – VLAN Tagging with 802.1Q Trunking
SW2 receives the frame, identifies it as part of VLAN 10, and forwards it to PC3.
From the user’s perspective, both PCs appear to be on the same local network, even though they are on different switches.The purpose of trunking is to extend VLANs across multiple switches while keeping the traffic of each VLAN logically separate.
Now that we understand what trunking involves, the next step is to examine how VLAN information is added to, transported through and removed from frames as they cross the trunk.Answer the question below
What type of link carries multiple VLANs between SW1 and SW2?
In this example, I have kept VLAN 10 and our switch.
As you can see, PC1 wants to send data to PC3. To do this, PC1 sends the traffic via SW1.
Figure 4 – VLAN Tagging Process on a Trunk Link
Let's take a look step by step.
Step 1 – Frame Ingress on SW1
PC1 belongs to VLAN 10. When PC1 sends a frame, it arrives at SW1’s F0/1 access port, which is also assigned to VLAN 10.
Once inside the switch, the frame is associated with VLAN 10. The Ethernet frame does not yet have a VLAN tag.Step 2 – Tagging for the Trunk
As the destination (PC3) is on a different switch, SW1 must send the frame via the trunk link to SW2.
Before doing so, SW1 adds an 802.1Q header to the frame, a 4-byte field inserted just after the source MAC address.
This header identifies the VLAN to which the frame belongs. This enable multiple VLANs to safely share a single physical link.
Figure 5 – 802.1Q Frame Structure with VLAN Tag
The IEEE 802.1Q protocol defines this tagging method. It’s a vendor-neutral standard that replaced Cisco’s older ISL protocol.
The 802.1Q header includes:
12 bits for the VLAN ID (1–4094; 0 and 4095 are reserved)
3 bits for priority marking (802.1p QoS)
1 bit called the CFI or DEI bit (not required at CCNA level)
In this example, SW1 sets the VLAN ID (VID) to 10, marking the frame as belonging to VLAN 10.
Figure 6 – VLAN Tag with VID Set to 10 in 802.1Q Frame
Step 3 – Transit over the trunk
The tagged frame now travels across the trunk link, retaining its VLAN ID (10). Each switch along the path can read this tag and use it to separate VLAN 10's traffic from that of other VLANs, such as VLAN 20.
Figure 7 – Trunk Frame Transit and Egress
Step 4 – Frame egress on SW2
When the frame reaches SW2’s trunk port, the switch removes the 802.1Q header, restoring the original Ethernet frame.
Because the tag indicates VLAN 10, SW2 forwards the frame out of its G0/1 access port toward PC3.At this point, communication between PC1 and PC3 is complete.
This entire process, ingress, tagging, trunk transport, un-tagging, and delivery happens in a fraction of a second.
This process allows VLAN 10 to extend across multiple switches while keeping all VLANs logically isolated.Answer the question below
How many bits are reserved in an 802.1Q tag for the VLAN ID?
Now that you understand how trunking works, let's look at how to configure it on Cisco switches.
In this example, we’ll create a trunk link between SW1 and SW2 so VLAN 10 and VLAN 20 can communicate between switches.
Figure 8 – Initial Topology for 802.1Q Trunk Configuration
Before we begin, remember this:
Access ports carry traffic for a single VLAN (they connect to end devices).
Trunk ports carry traffic for multiple VLANs between switches.
This separation keeps broadcast domains isolated while still allowing VLANs to extend across multiple switches.
Step 1 – Configure the Trunk on SW1
Let’s start with SW1, which connects to SW2 through interface GigabitEthernet0/0.
Enter interface configuration mode
SW1# configure terminal SW1(config)# interface G0/1Enable trunking mode on the port
SW1(config-if)# switchport mode trunkAt this point, the interface is officially acting as a trunk link and will tag outgoing frames with the appropriate VLAN ID.
Limit VLANs allowed on the trunk
SW1(config-if)# switchport trunk allowed vlan 10,20By default, a trunk carries all VLANs. However, it’s a best practice to restrict it to the VLANs that actually need to pass through, in this case, VLANs 10 and 20.
Step 2 – Verify Trunk Status on SW1
Use the following command to confirm that the trunk is active and properly configured:
SW1# show interface trunk Port Mode Encapsulation Status Native vlan Gig0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Gig0/1 10,20 Port Vlans allowed and active in management domain Gig0/1 10,20 Port Vlans in spanning tree forwarding state and not pruned Gig0/1 10,20If the Status column shows trunking, your link is operational.
Step 3 – Mirror the Configuration on SW2
Now, repeat the same configuration on SW2, using the interface connected to SW1 (GigabitEthernet0/0):
SW2# configure terminal SW2(config)# interface G0/1 SW2(config-if)# switchport mode trunk SW2(config-if)# switchport trunk allowed vlan 10,20Then verify with:
SW2# show interfaces trunk Port Mode Encapsulation Status Native vlan G0/1 on 802.1q trunking 1 Port Vlans allowed on trunk G0/1 10,20 Port Vlans in spanning tree forwarding state and not pruned G0/1 10,20At this point, both switches share VLAN 10 and VLAN 20 through the trunk link.
Devices in VLAN 10 can now communicate across SW1 and SW2, and the same applies to VLAN 20.Step 4 – Quick Recap
Let’s summarize what you have done:
Command
Purpose
switchport mode trunkEnables trunking on the interface
switchport trunk allowed vlan 10,20Restricts VLANs allowed on the trunk
show interfaces trunkVerifies trunk status and VLANs
Table 1 - 802.1Q Trunking Configuration Commands
Now that your trunk is operational, the next step is to explore the Dynamic Trunking Protocol (DTP), the mechanism that can automatically negotiate trunking between switches.
Answer the question below
Which command is used to enable trunk mode on an interface?
802.1Q Trunking
A trunk link is a connection that carries traffic from multiple VLANs between switches. In this lesson, you’ll learn how 802.1Q tagging makes this possible.