Cisco 802.1Q Trunk Configuration on Switch-to-Switch Links
Configure 802.1Q trunk ports on Cisco switches. Learn CLI commands, verification, and troubleshooting in this step-by-step lab.
Introduction
When connecting multiple Cisco switches, you need a way for multiple VLANs to pass through a single physical link. That’s precisely what 802.1Q trunking does: it tags Ethernet frames so that traffic from different VLANs can traverse a single connection.
In this tutorial, you’ll configure and verify trunk ports using GigabitEthernet0/0 (g0/0) interfaces on Cisco switches.
You’ll also learn how to check trunk status, disable DTP, and troubleshoot common issues.
You’ll Learn:
- How to configure trunk ports using 802.1Q encapsulation
- How to set native and allowed VLANs
- How to disable DTP for security
- How to verify and troubleshoot trunk links
Network Topology
This lab focuses on trunking between two Cisco switches using g0/0 interfaces.
Lab Requirements
- Two Cisco switches (e.g., Catalyst 2960, 3850, or virtual in CML / EVE-NG / Packet Tracer)
- Cisco IOS 15.x or later
- Interfaces:
GigabitEthernet0/0On each switch - VLANs are already created or preconfigured.
Step 1: Configure Trunk on Switch-1
Configure the g0/0 interface as a trunk port using 802.1Q encapsulation.
Switch1# configure terminal
Switch1(config)# interface g0/0
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk allowed vlan all
Switch1(config-if)# switchport trunk native vlan 99
Switch1(config-if)# description *** Trunk link to Switch2 ***
Switch1(config-if)# end
Switch1# write memory
Step 2: Configure Trunk on Switch-2
Repeat the process for the g0/0 port on the second switch.
Switch2# configure terminal
Switch2(config)# interface g0/0
Switch2(config-if)# switchport trunk encapsulation dot1q
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk allowed vlan all
Switch2(config-if)# switchport trunk native vlan 99
Switch2(config-if)# description *** Trunk link to Switch1 ***
Switch2(config-if)# end
Switch2# write memory
Note: The native VLAN and allowed VLANs must match on both switches to avoid warnings or traffic drops.
Step 3: Disable DTP (Optional but Recommended)
Dynamic Trunking Protocol (DTP) automatically negotiates trunking. In most production environments, it’s best to disable it for security.
Switch1(config)# interface g0/0
Switch1(config-if)# switchport nonegotiate
Switch2(config)# interface g0/0
Switch2(config-if)# switchport nonegotiate
Security Note: Disabling DTP helps prevent VLAN hopping attacks and ensures predictable link behavior.
Step 4: Verify the Trunk Configuration
Check Trunk Status
Switch# show interfaces trunk
Expected Output:
Port Mode Encapsulation Status Native vlan
Gi0/0 on 802.1q trunking 99
Port Vlans allowed on trunk
Gi0/0 1-4094
Port Vlans allowed and active in management domain
Gi0/0 10,20,30
Check Switchport Details
Switch# show interfaces g0/0 switchport
Key Lines to Look For:
Administrative Mode: trunk
Operational Mode: trunk
Trunking Encapsulation: dot1q
Trunking Native Mode VLAN: 99
Administrative Native VLAN tagging: enabled
Step 5: Troubleshooting Common Trunk Issues
“Command rejected” error
If you see:
Command rejected: An interface whose trunk encapsulation is "Auto" cannot be configured to trunk mode.
Fix:
Set encapsulation before enabling trunking.
switchport trunk encapsulation dot1q
VLAN mismatch warning
If you see a “Native VLAN mismatch” in show interfaces trunk:
Fix:
Make sure both switches use the same native VLAN (e.g., VLAN 99).
switchport trunk native vlan 99
Trunk not active
If trunk status shows “not-trunking”:
Fix:
Check that both sides are configured as trunk.
switchport mode trunk
Pro Tip: You can verify DTP negotiation with:
show dtp interface g0/0
Summary
You’ve successfully configured 802.1Q trunking on Cisco switches using the g0/0 interfaces.
This allows multiple VLANs to traverse a single link while maintaining VLAN separation.
You learned how to:
- Configure trunk ports using 802.1Q encapsulation
- Modify native VLANs
- Disable DTP for security
- Verify and troubleshoot trunk connections
