Careful design and consideration should be taken when implementing VLAN
trunks because they can add to overall network congestion and can also present
security challenges. These are general best practices for trunk implementation
in the Campus Infrastructure module:
- VLAN1 should be removed from the trunks to ensure that no user data
propagates among the switches on VLAN1. While each Catalyst switch requires
VLAN1 on the actual switch and it is not possible to remove, it is possible to
remove VLAN1 from trunk links.
- Limit the trunk link to only the intended VLANs required for Layer 2 access
and connectivity. This improves bandwidth utilization by restricting unwanted
VLAN traffic from the link. Explicitly permitting or denying VLANs to a
specific trunk link creates a simple, deterministic Layer 2 switched domain
with fewer variables to complicate troubleshooting. This also facilitates
correct operation of VLAN interfaces.
- DTP should not be required. Trunk links, encapsulation types, and access
ports should be statically configured across specific links according to the
network design and requirements.
- Cisco is now migrating to use 802.1Q as the recommended trunking protocol
because of the interoperability and compatibility between the Layer 2 and Layer
3 prioritization methods. The IEEE 802.1Q/p standard provides architectural
advantages over ISL; these include widely excepted QoS classification and
marking standards and the ability to carry frames that are not tagged with a
VID.