VLAN Tagging Explained with DTP Protocol

In VLAN configuration a switch port can operate in two mode; access and trunk. In access
mode it can carry only single VLAN information while in trunk mode it can carry multiple
VLANs information. Access mode is used to connect the port with end devices while trunk
mode is used to connect two switching devices.

Access Link and Trunk Link

An access link can carry single VLAN information while trunk link can carry multiple
VLANs information. Configuring VLANs on single switch does not require trunk link.
It is required only when you configure VLANs across the multiple switches.

For example if we do not connect all switches in our network, we do not require to
configure the trunk link. In this case PC0, PC2 and PC4 cannot communicate with
each other. Although they all belongs to same VLAN group but they have no link to
share this information.

Trunk link connections are used to connect multiple switches sharing same VLANs
information.

You may think why we cannot use access link to connect these switches. Of course
we can use access link to connect these switches but in that case we need to use a
separate link for each VLAN. If we have two VLANs we need two links.

With this implementation we need links equal to VLANs that does not scale very well.
For example if our design require 30 VLANs, we will have to use 30 links to connect
switches.

In short

 An access link can carry single VLAN information.

 Theoretically we can use access link to connect switches.
 If we use access link to connect switches, we have to use links equal to VLANs.
 Due to scalability we do not use access link to connect the switches.
 A trunk link can carry multiple VLAN information.
 Practically we use trunk links to connect switches.

VLAN Tagging

Trunk links use VLAN tagging to carry the multiple VLANs traffic separately.

In VLAN tagging process sender switch add a VLAN identifier header to the original
Ethernet frame. Receiver switch read VLAN information from this header and remove
it before forwarding to the associate ports. Thus original Ethernet frame remains
unchanged. Destination PC receives it in its original shape.

VLAN Tagging process with example

 PC1 generates a broadcast frame.

 Office1 switch receives it and know that it is a broadcast frame for VLAN20.
 It will forward this frame from all of its port associated with VLAN20 including trunk links.
 While forwarding frame from access links, switch does not make any change in original
frame. So any other port having same VLAN ID in switch will receive this frame in original
shape.
 While forwarding frame from trunk links, switch adds a VLAN identifier header to the original
frame. In our case switch will add a header indicating that this frame belongs to VLAN20
before forwarding it from trunk link.
 Office2 switch will receive this frame from trunk link.
 It will read VLAN identifier header to know the VLAN information.
 From header it will learn that this is a broadcast frame and belong to VLAN20.
 It will remove header after learning the VLAN information.
 Once header is removed, switch will have original broadcast frame.
 Now office2 switch has original broadcast frame with necessary VLAN information.
 Office2 Switch will forward this frame from all of its ports associated with VLAN20 including
trunk links. For trunk link same process will be repeated.
 Any device connected in ports having VLAN20 ID in Office2 switch will receive original frame.

Now we know that in VLAN tagging process sender switch adds VLAN identifier
header to the original frame while receive switch removes it after getting necessary
VLAN information. Switches use VLAN trunking protocol for VLAN tagging process.

VLAN Trunking Protocol

Cisco switches supports two types of trunking protocols ISL and 802.1Q
 ISL
ISL (Inter-Switch Link) is a Cisco proprietary protocol. It was developed a long time before
the 802.1Q. It adds a 26-byte header (containing a 15-bit VLAN identifier) and a 4-byte CRC
trailer to the frame.

802.1Q
It is an open standard protocol developed by IEEE. It inserts 4 byte tag in original
Ethernet frame. Over the time 802.1Q becomes more popular trunking protocols.

Key difference between ISL and 802.1Q

 ISL was developed Cisco while 802.1Q was developed by IEEE.

 ISL is a proprietary protocol. It will works only in Cisco switches. 802.1Q is an open standard
based protocol. It will works on all switches.
 ISL adds 26 bytes header and 4 byte trailer to the frame.
 802.1Q inserts 4 byte tag in original frame.

802.1Q is a lightweight and advance protocol with several enhanced security

features. Even Cisco has adopted it as a standard protocol for tagging in newer
switches. 2960 Switch supports only 802.1Q tagging protocol.

VLAN Trunk Configuration

We can configure trunking in Cisco switches by two ways statically or dynamically. In

static method we need to configure trunking in interface statically while in dynamic
mode it automatically done by a DTP trunking protocol.

Dynamic Trunking Protocol

DTP [Dynamic Trunking Protocol] is a Cisco proprietary protocol. It automatically

configures trunking on necessary ports. It operates in five modes.

DTP Modes
DTP Mode ON

In ON mode interface is set to trunk, regardless remote end supports trunking or not.
On mode cause interface to generate DTP messages and tag frames based on trunk
type.
DTP Mode Desirable

In Desirable mode interface will generate the DTP messages and send them to other
end. Interface will work as access link until it get replies from remote end. If reply
messages indicate that remote device is trunking capable, DTP will change
connection link in trunk from access link. If other end does not respond to DTP
message, the interface will work as access link connection.

DTP Mode Auto

In auto mode interface works as access link and passively listen for DTP messages.
Interface will change connection link to trunk, if it receives a DTP message from
remote end.

DTP Mode No-Negotiate

In No-Negotiate mode interface is set as trunk connection. Interface will tag frames
but it will not generate DTP messages. DTP is a Cisco's proprietary protocol, thus a
non Cisco device will not understand it. This mode is used to trunk connection
between Cisco device and a non Cisco device.

DTP Mode OFF

In off mode interface is configured as access-link. No DTP message will be generated

nor frames will be tagged.

In our topology we need to configure trunk on following interfaces

Switch Interfaces
Office 1 Gig0/2, F0/2, F0/1
Office 2 Gig0/1, Gig0/2, F0/2, F0/1
Office 3 Gig0/1, F0/1,F0/2

By default all interface on switch starts as access link . switchport mode

trunk command is used to change connection link in trunk. Run this command from
interface mode. In next section we will change all necessary interfaces [given in
above table] connection link in trunk.

Office 1 Switch
s1(config)#int gig0/2
s1(config-if)#switchport mode trunk

s1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state
to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state

to up

s1(config-if)#exit

Office 2 Switch
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s2
s2(config)#int gig0/2
s2(config-if)#switchport mode trunk
s2(config-if)#exit
s2(config)#int gig0/1
s2(config-if)#switchport mode trunk

s2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state
to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state

to up

Office 3 Switch

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname 2
2(config)#int gig0/1
2(config-if)#switchport mode trunk
2(config-if)#
VTP Server and Client in Switch

In our network we only have three switches. We can easily add or remove VLAN
manually on all three switches. However this process could be more tedious and
difficult if we have 50 switches. In a large network, we might make a mistake in VLAN
configuration. We might forget to add VLAN on one of the switch, or we may assign
wrong VLAN number. Vice versa we may forget to remove VLAN on one of the
switch, while removing VLANs.

VTP is a life saver protocol in this situation. With VTP we can add or remove VLANs
on one switch and this switch will propagate VLAN information to all other switches
in network.

VTP Messages

VTP share VLANs information via VTP messages. VTP messages can only be
propagate through the trunk connections. So we need to set up trunk connection
between switches. VTP messages are propagated as layer 2 multicast frames.

VTP Domain

VTP domain is a group of switches that share same VLAN information. A switch can
have a single domain. VTP messages include domain name. Switch only update VLAN
information if it receive VTP message from same domain.
VTP Mode
VTP can be configured in three different modes.

1. Server
2. Transparent
3. Client

VTP Server Mode

VTP Server can add, modify, and delete VLANs. It will propagate a VTP message
containing all the changes from all of its trunk ports. If server receives a VTP
message, it will incorporate the change and forward the message from all remaining
trunk ports.

VTP Transparent Mode

VTP Transparent switch can also make change in VLANs but it will not propagate
these changes to other switches. If transparent switch receives a VTP message, it will
not incorporate the change and forward the message as it receives, from all
remaining trunk ports.

VTP Client Mode

VTP client switch cannot change the VLAN configurations itself. It can only update its
VLAN configuration through the VTP messages that it receive from VTP server. When
it receives a VTP message, it incorporates with the change and then forwards it from
remaining trunk ports.

Configure VTP Server

We will configure Office 1 Switch as VTP Server. Double click on Office 1
Switch and Click CLI menu item and press Enter key to start CLI session.
 By default all switches work as VTP server so we only need few commands to
configure it. In following commands we will

 Set hostname to S1
 Set domain name to example
 Set password to haldia. (Password is case sensitive)

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s1
s1(config)#vtp mode server
Device mode already VTP SERVER.
s1(config)#vtp domain example
Changing VTP domain name from NULL to example
s1(config)#vtp password haldia
Setting device VLAN database password to haldia
s1(config)#

Configure VTP Client

We will configure Office 2 Switch and Office 3 Switch as VTP client switch.
Access CLI prompts of Office 2 Switch and execute following commands

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s2
s2(config)#vtp mode client
Setting device to VTP CLIENT mode.
s2(config)#vtp domain exaple
Changing VTP domain name from NULL to exaple
s2(config)#vtp password haldia
Setting device VLAN database password to haldia
Now access CLI prompts of Office 3 Switch and enter following commands

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s3
s3(config)#vtp mode client
Setting device to VTP CLIENT mode.
s3(config)#vtp domain example
Changing VTP domain name from NULL to example
s3(config)#vtp password haldia
Setting device VLAN database password to haldia
s3(config)#

We have configured VTP server and VTP client. At this moment VTP client will not receive
VTP messages from server.