Solved: VLAN trunking - how to see if a both side is being trunk already

SJ K · ‎05-11-2015

Hi all,

As the topic mentioned, I have a L3 switch which I have assigned fa0/1 as the trunk port and a L2 switch which I have also assigned fa0/1 as the trunk port.

To play around, I set the switchport mode to access on the L2 fa0/1 and does the following on the L3 switch fa0/1

S3(config-if)# switchport trunk encapsulation dot1q

switchport mode trunk

When I do a show interfaces trunk on L3 switch, i see that fa0/1 status i already trunking. But on the L2 switch, I do not see any interfaces when i issue show interface trunk. -- This is normal because i set the L2 switch fa0/1 to access mode already.

========================================================

q1) On such event, how do I know if trunking is being setup successfully ? is there any debug command to check and see the negotiation happening between the switchports ?

q2) When a trunk is setup, does the default adds all the VLANs in to the allowed list of the trunk ?

Regards,

Noob

Mark Malone · ‎05-11-2015

debug sw-vlan vtp

use the show int fa0/1 switchport command as well see what the ports acting as trunk/access

As default all vlans are allowed if just trunk is setup switch-switch , you can use the switchport trunk vlan allowed statement to narrow down whats specifically allowed , vlan 1 will always be allowed no matter what you cannot block it , but you can shut it down to segregate management traffic from production as vlan 1 carries vtp,cdp traffic etc and its default native vlan for Cisco for all untagged traffic

View solution in original post

Bilal Nawaz · ‎05-11-2015

1) I guess you could check with "show interface trunk" - but won't always show all configured trunks, I think it wont show trunks that are down. This command shows you information if the switch is trunking on a port, the vlans allowed on the trunk, vlan's that are allowed, vlan's that are in spanning-tree forwarding state and that arent pruned. For little more detail on the switchport you could use "show int fax/x switchport"

It is a good Question actually, i'm not sure how to debug this, apart from vtp "debug sw-vlan vtp events" even one of Cisco's documents has a section called "debug and show commands" but doesn't actually give us any debugs. Only verification commands which most people use.

2) All vlan's are trunked by default. They are all in the "allowed" list 1 - 4094. But it wont show this in config as it is default. If you want to limit it, use switchport trunk allowed vlan xx, as vivek has mentioned already.

Hope this helps.

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

vivek srivastava · ‎05-11-2015

1) not used any such debug command so no idea, but i think you can see some similer logs on the L3-switch

2) Yes, by default all VLANs are allowed on trunk untill you use "switchport trunk allowed vlan xxx" command

Mark Malone · ‎05-11-2015

debug sw-vlan vtp

use the show int fa0/1 switchport command as well see what the ports acting as trunk/access

As default all vlans are allowed if just trunk is setup switch-switch , you can use the switchport trunk vlan allowed statement to narrow down whats specifically allowed , vlan 1 will always be allowed no matter what you cannot block it , but you can shut it down to segregate management traffic from production as vlan 1 carries vtp,cdp traffic etc and its default native vlan for Cisco for all untagged traffic

Bilal Nawaz · ‎05-11-2015

Ah, sorry mark, didn't realise you posted this. I had pushed reply and didn't see that you had answered.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Mark Malone · ‎05-11-2015

No problem Bilal :)

SJ K · ‎05-11-2015

Dear all,

Thanks for the reply.

Just to clear my own confusion, due to the debug sw-vlan vtp command

-> does VTP have relationship to do with the setting up of a trunk ? - as from my understanding that VTP is to enable vlan information sharing through trunk links though but it is not related to trunks

or VTP is essential in the setting up of trunking ?

Regards,
Noob

Mark Malone · ‎05-11-2015

vtp is not essential in setting up trunks some people dont even use it due to the security flaws in version 1 and 2 , you can run it manually but if you want to see any type of debugs you could try that debug sw-vlan or debug dtp packets there the only ones i can think of anyway that might show something useful . probably 2nd command if your not using vtp

Bilal Nawaz · ‎05-11-2015

1) I guess you could check with "show interface trunk" - but won't always show all configured trunks, I think it wont show trunks that are down. This command shows you information if the switch is trunking on a port, the vlans allowed on the trunk, vlan's that are allowed, vlan's that are in spanning-tree forwarding state and that arent pruned. For little more detail on the switchport you could use "show int fax/x switchport"

It is a good Question actually, i'm not sure how to debug this, apart from vtp "debug sw-vlan vtp events" even one of Cisco's documents has a section called "debug and show commands" but doesn't actually give us any debugs. Only verification commands which most people use.

2) All vlan's are trunked by default. They are all in the "allowed" list 1 - 4094. But it wont show this in config as it is default. If you want to limit it, use switchport trunk allowed vlan xx, as vivek has mentioned already.

Hope this helps.

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.