Trunk Tagging and Frame Tagging Explained

By default, switch ports work within a single VLAN. If a switch port receives a frame, it forwards that frame only from ports that belong to the VLAN configured on it. If you want a port to send or receive frames from multiple VLANs, you must change its mode to trunk.

A trunk port works with multiple VLANs. It adds VLAN information to each frame before forwarding it. The process of adding VLAN information to frames is called trunk tagging, frame tagging, or VLAN tagging. By default, switches forward broadcast messages. When a switch receives a broadcast message on a port, it forwards it to all other ports.

Let us take an example. An 8-port switch receives a broadcast message on port 1. It forwards the broadcast message from ports 2, 3, 4, 5, 6, 7, and 8.

Switch broadcast default VLANs

VLANs create boundaries for broadcast messages. It allows you to define ports that can share broadcast messages. The following image shows how the switch will forward broadcast messages in the preceding example if you create two VLANs and assign ports 1, 2, 3, and 4 to the first VLAN and ports 5, 6, 7, and 8 to the second VLAN.

Switch broadcast in two VLANs

If you create and use VLANs only on a single switch, you do not need trunk tagging. However, if you create VLANs across multiple switches, you must configure a trunk protocol on the ports connecting the switches.

Let us take another example. The following image shows a network. It has two switches: Switch A and Switch B. The first switch's port 8 connects it to the second switch on port 8. You configure VLAN 10 and VLAN 20 on both switches. However, you do not make any changes on port 8. With the default configuration, all switchports work in access mode. In access mode, a switchport sends and receives traffic of a single VLAN.

VLANs in two switches

PC A generates a broadcast message. The broadcast message reaches Switch A on port 1. The switch checks the configured VLAN on port 1. It belongs to VLAN 10. It forwards the broadcast message from all ports having VLAN ID 10. Ports 2 and 3 have VLAN ID 10. It forwards the broadcast message from these ports. Since port 8 does not belong to VLAN 10, it does not forward the message from that port.

Switch broadcast in two VLANs

The same thing happens when PC D generates a broadcast message. The message reaches Switch A on port 4. The switch takes the same steps and forwards the message from ports 5 and 6. Since port 8 does not belong to VLAN 20, it does not forward the message from port 8.

Switch broadcast in two VLANs

This way, broadcast messages from both VLANs do not reach VLAN members available on another switch. Broadcast messages will get them only if you change the default VLAN of port 8. However, if you make this change, it creates another problem. A switch port can belong to only one VLAN at a time. If you change the default VLAN to VLAN 10, the switch will forward broadcast messages from VLAN 10. If you change it to VLAN 20, it will forward broadcast messages from VLAN 20. You can make port 8 a member of either VLAN 10 or VLAN 20. You can not make it a member of both VLANs at the same time.

A trunk port solves this problem. A switch port can work in two modes: access and trunk. Access mode has the limitation of one VLAN at a time. It is the default mode on all switch ports. Because of this, a switch port can become a member of one VLAN at a time. Trunk mode does not have this limitation. A switch port in trunk mode automatically becomes a member of all VLANs. For example, if a switch has 20 VLANs, the port becomes a member of all 20 VLANs when you change the port's mode to trunk mode.

Trunk tagging concepts

In the preceding example, instead of changing the default VLAN on port 8, you can change the default switch port mode to trunk mode on both switches. Since a trunk port belongs to all VLANs, it forwards broadcast messages of all VLANs. It keeps the VLAN traffic separate, so frames in VLAN 10 would not go to devices in VLAN 20, and vice versa. It identifies each frame by its VLAN ID as it crosses the trunk. It adds VLAN information to each frame before forwarding it. On the other end, it uses the attached VLAN information to identify the VLAN ID of each frame. It removes VLA information from the frame before forwarding it from the ports associated with the frame's VLAN.

Let us understand it through the preceding example.

PC A generates a broadcast. The broadcast reaches Switch A on port 1. The switch checks the configured VLAN on port 1. It belongs to VLAN 10. It forwards the broadcast message from all ports having VLAN 10. Ports 2, 3, and 8 (a trunk port is a member of all VLAN) have VLAN 10. Since ports 2 and 3 are access ports, they forward the message in its original state. However, port 8 does not send it in its original state. Since it is a trunk port, it adds VLAN information to the frame before forwarding it. It adds a header containing the VLAN ID to the frame. Only trunk ports understand the modified frames. Switch B receives this modified frame on port 8. Port 8 is a trunk port. It reads the frame's header to find the VLAN ID. After learning the VLAN ID, it removes the header and forwards the frame from ports belonging to the frame's VLAN.

Broadcast with trunk

VLAN Trunking Protocols

Cisco switches support two trunking protocols: Inter-Switch Link (ISL) and IEEE 802.1Q. Cisco created the ISL before 802.1Q. It created 802.1Q to support modern infrastructure. It addresses all the shortcomings of the ISL. Today, 802.1Q is the default protocol on Cisco Switches. Cisco has removed ISL from its new switch models.

Key points:-

  • VLAN is a switch-only feature.
  • A switch forwards broadcast messages inside the VLANs.
  • A switch port can work in two modes: access mode and trunk mode.
  • Access mode is the default mode.
  • In access mode, a switch port can be a member of a single VLAN.
  • In trunk mode, a switch port becomes a member of all VLANs.
  • In trunk mode, the port adds VLAN information to every frame before forwarding it.
  • Only a trunk port understands the information added by another trunk port.
  • You can not connect a trunk port to an access port.
  • To connect two switches, you must use trunk ports on both.

This tutorial is part of the tutorial VLAN, VTP, and DTP Concepts and Configurations on Cisco Routers.. Other parts of this tutorial are as follows:

Chapter 01  VLAN Basic Concepts Explained with Examples
Chapter 02   Advantages and Disadvantages of VLANs
Chapter 03   Static and Dynamic VLAN Membership Explained
Chapter 04   Access Link and Trunk Link Explained
Chapter 05   VLAN Tagging Explained with DTP Protocol
Chapter 06   DTP Modes and Protocol Explained
Chapter 07   802.1Q Native VLAN concept Explained
Chapter 08   Cisco Inter-Switch Link (ISL) Explained
Chapter 09   Trunk Tagging and Frame Tagging Explained
Chapter 10   VTP Modes and VTP Protocol Explained
Chapter 11   VTP Pruning on switches Explained
Chapter 12   VLAN Practice Lab Setup in Packet Tracer
Chapter 13   Configure VTP Server and Client in Switch
Chapter 14   VLAN Configuration Commands Step by Step Explained
Chapter 15   Router on Stick Configuration Explained

Conclusion

Switches modify frames to share their VLAN information. Trunk tagging is a mechanism that allows switches to exchange modified frames. This tutorial described this concept and explained how it works in a network.

By ComputerNetworkingNotes Updated on 2026-04-18

ComputerNetworkingNotes CCNA Study Guide Trunk Tagging and Frame Tagging Explained

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com