Supporting Multiple VLANs on a Single Trunk
Using trunking protocols in the Campus Infrastructure module

Careful design and consideration should be taken when implementing VLAN trunks because they can add to overall network congestion and can also present security challenges. These are general best practices for trunk implementation in the Campus Infrastructure module:

  • VLAN1 should be removed from the trunks to ensure that no user data propagates among the switches on VLAN1. While each Catalyst switch requires VLAN1 on the actual switch and it is not possible to remove, it is possible to remove VLAN1 from trunk links.
  • Limit the trunk link to only the intended VLANs required for Layer 2 access and connectivity. This improves bandwidth utilization by restricting unwanted VLAN traffic from the link. Explicitly permitting or denying VLANs to a specific trunk link creates a simple, deterministic Layer 2 switched domain with fewer variables to complicate troubleshooting. This also facilitates correct operation of VLAN interfaces.
  • DTP should not be required. Trunk links, encapsulation types, and access ports should be statically configured across specific links according to the network design and requirements.
  • Cisco is now migrating to use 802.1Q as the recommended trunking protocol because of the interoperability and compatibility between the Layer 2 and Layer 3 prioritization methods. The IEEE 802.1Q/p standard provides architectural advantages over ISL; these include widely excepted QoS classification and marking standards and the ability to carry frames that are not tagged with a VID.