Trunk Tagging and Frame Tagging Explained

By default, switch ports work within a single VLAN. If a switch port receives a frame, it forwards that frame only from ports that belong to the VLAN configured on it. If you want a port to send or receive frames from multiple VLANs, you need to change the mode of that port to the trunk.

A trunk port works with multiple VLANs. It adds VLAN information to each frame before forwarding it. The process of adding VLAN information to frames is called trunk tagging, frame tagging, or VLAN tagging.

By default, switches forward broadcast messages. When a switch receives a broadcast message on a port, it forwards that from all other ports.

Let us take an example.

An 8-port switch receives a broadcast message on port 1. It forwards the broadcast message from ports 2, 3, 4, 5, 6, 7, and 8.

switch broadcast default VLANs

VLANs create boundaries for broadcast messages. It allows you to define ports that can share broadcast messages. The following image shows how the switch will forward broadcast messages in the preceding example if we create two VLANs and assign ports 1, 2, 3, and 4 to the first VLAN and ports 5, 6, 7, and 8 to the second VLAN.

switch broadcast in two VLANs

If you only create and use VLANs on a single switch and don't provide connectivity between different VLANs, you don't need to bother about trunk tagging.

But if you want to create the same VLAN on multiple switches or provide connectivity between different VLANs, you need to use trunk tagging on the ports that connect switches.

Let us take an example.

The following image shows a network. It has two switches. Switch A's port-8 is connected to switch B's port-8. The administrator configured VLAN 10 and VLAN 20 on Switch A and Switch B. He assigned ports 1, 2, and 3 to VLAN 10 and ports 4, 5, and 6 to VLAN 20 on both switches. He did not make any changes on port 8.

VLANs in two switches

PC A generates a broadcast message. The broadcast message reaches Switch A on port 1. The switch checks the configured VLAN on the port. VLAN 10 is configured on port 1. It checks the configured VLAN on all ports and forwards the broadcast message from all ports having VLAN 10. Ports 2 and 3 have VLAN 10. It forwards the broadcast message from these ports. Since port 8 does not belong to VLAN 10, it does not forward the message from it.

switch broadcast in two vlans

The same thing happens when PC D generates a broadcast message. The message reaches Switch A on port 4. The switch takes the same steps and forwards the message from ports 5 and 6. Since port 8 does not belong to VLAN 20, it does not forward the message from port 8.

switch broadcast in two vlans

This way, broadcast messages from both VLANs do not reach VLAN members available on the other switch. Broadcast messages will reach them only if the administrator changes the default VLAN of port 8.

Here, the administrator has another problem. A switch port can belong to only VLAN at a time. If he changes the default VLAN to VLAN 10, the switch will forward broadcast messages from VLAN 10. If he changes the default VLAN to VLAN 20, it will forward broadcast messages from VLAN 20. He can make port 8 a member of either VLAN 10 or VLAN 20. He can not it a member of both VLANs at the same time.

A trunk port solves this problem. A switch port can work in two modes: access and trunk. Access mode has the limitation of one VLAN at a time. This is the default mode on all switch ports. Because of this, a switch port can become a member of one VLAN at a time.

Trunk mode does not have this limitation. A switch port in trunk mode automatically becomes a member of all VLANs. For example, if a switch has 20 VLANs, the port becomes a member of all 20 VLANs as soon as you change the port's mode to trunk mode.

Trunk tagging concepts

In the preceding example, instead of changing the default VLAN on port 8, the administrator changes the default switch port mode to trunk mode on both switches.

Since a trunk port belongs to all VLANs, it forwards broadcast messages of all VLANs. It keeps the VLAN traffic separate, so frames in VLAN 10 would not go to devices in VLAN 20, and vice versa, because each frame is identified by VLAN number as it crosses the trunk.

A trunk port adds VLAN information to each frame before forwarding it.

On the other end, it uses the attached VLAN information to identify the VLAN of each frame. It removes VLAN information from the frame before forwarding it from the ports associated with the frame's VLAN.

Let us understand it through our example.

PC A generates a broadcast message. The broadcast message reaches Switch A on port 1. The switch checks the configured VLAN on the port. VLAN 10 is configured on port 1. It checks the configured VLAN on all ports and forwards the broadcast message from all ports having VLAN 10. Ports 2, 3, and 8 (a trunk port is a member of all VLAN) have VLAN 10. Since ports 2 and 3 are access ports, they forward the message in its original state.

But port 8 does not send it in its original state. Since it is a trunk port, it adds VLAN information to the frame before forwarding it. It adds a header containing VLAN ID to the frame.

Switch B receives this modified frame on port 8. Port 8 is a trunk port. Here, you need to remember one important thing, only trunk ports understand the modified frames. If you keep port 8 in its default mode that is access mode, it will drop the frame. It will accept the frame only if it is a trunk port.

Since it is a trunk port, it accepts the frame. It reads the frame's header to find the frame's VLAN. After learning the frame's VLAN, it removes the header and forwards the frame from the ports that belong to the frame's VLAN.

broadcast with trunk

VLAN Trunking Protocols

Cisco has supported two trunking protocols: Inter-Switch Link (ISL) and IEEE 802.1Q. Cisco created the ISL before 802.1Q. Cisco created 802.1Q to support modern infrastructure. It addresses all glitches administrators faced with the ISL. Today, 802.1Q is the default protocol on Cisco Switches. Cisco has removed ISL from its new switch models.

Key points: -

  • VLAN is a switch-only feature.
  • A switch forwards broadcast messages inside the VLANs.
  • A switch port can work in two modes: access mode and trunk mode. Access mode is the default mode.
  • In access mode, a switch port can be a member of a single VLAN.
  • In trunk mode, a switch port becomes a member of all VLANs.
  • In trunk mode, the port adds VLAN information to every frame before forwarding them.
  • Only a trunk port understands the information added by another trunk port.
  • You can not connect a trunk port to an access port.
  • To connect two switches, you need to use trunk ports on both.

This tutorial is a part of the tutorial series on VLAN, VTP, and DTP Concepts and Configurations on Cisco Routers. Other parts of this series are the following.

Chapter 01 VLAN Basic Concepts Explained with Examples

Chapter 02 Advantages and Disadvantages of VLANs

Chapter 03 Static and Dynamic VLAN Membership Explained

Chapter 04 Access Link and Trunk Link Explained

Chapter 05 VLAN Tagging Explained with DTP Protocol

Chapter 06 DTP Modes and Protocol Explained

Chapter 07 802.1Q Native VLAN concept Explained

Chapter 08 Cisco Inter-Switch Link (ISL) Explained

Chapter 09 Trunk Tagging and Frame Tagging Explained

Chapter 10 VTP Modes and VTP Protocol Explained

Chapter 11 VTP Pruning on switches Explained

Chapter 12 VLAN Practice Lab Setup in Packet Tracer

Chapter 13 Configure VTP Server and Client in Switch

Chapter 14 VLAN Configuration Commands Step by Step Explained

Chapter 15 Router on Stick Configuration Explained

By ComputerNetworkingNotes Updated on 2023-09-08 03:41:11 IST

ComputerNetworkingNotes CCNA Study Guide Trunk Tagging and Frame Tagging Explained

Cisco Inter-Switch Link (ISL) Explained
Access Link and Trunk Link Explained