The Cisco Catalyst 9200 series is a powerful line of switches designed for enterprise networks, offering robust features like VLAN support and flexible port configurations. One key task for network admins is setting up trunk ports to carry traffic between switches or devices across multiple VLANs. In this post, we’ll walk through how to configure a trunk port on a Cisco 9200 switch and clarify the difference between trunk and access ports—two fundamental concepts in switching.
What Are Trunk and Access Ports?
Before diving into configuration, let’s define these terms:
- Access Port:
- Purpose: Connects end devices (e.g., PCs, printers, IP phones) to the network.
- VLAN Support: Carries traffic for only one VLAN. Traffic is untagged—meaning no VLAN tag is added to the Ethernet frame—since the device typically doesn’t understand VLANs.
- Use Case: Ideal for user-facing ports where a single VLAN is assigned (e.g., a workstation in VLAN 10).
- Behavior: The switch assigns the port to a specific VLAN, and all traffic to/from that port belongs to that VLAN.
- Trunk Port:
- Purpose: Connects switches, routers, or devices that need to handle multiple VLANs over a single link.
- VLAN Support: Carries traffic for multiple VLANs. Traffic is tagged with VLAN IDs (using IEEE 802.1Q by default on modern Cisco switches) unless it’s the native VLAN, which remains untagged.
- Use Case: Essential for inter-switch links or connecting to a router for inter-VLAN routing (e.g., router-on-a-stick).
- Behavior: The switch tags frames with VLAN IDs to differentiate traffic, allowing VLANs to span the network.
Key Difference: Access ports are single-VLAN, untagged, and device-facing, while trunk ports are multi-VLAN, tagged, and link switches or VLAN-aware devices.
Visual Suggestion: Add a diagram showing an access port connecting a PC to a switch (one VLAN) versus a trunk port linking two switches (multiple VLANs with tags). Create this in Canva or use a stock image from Pixabay (search “VLAN diagram”).
Configuring a Trunk Port on a Cisco Catalyst 9200
Let’s configure a trunk port on a Cisco 9200 switch to connect it to another switch, carrying VLANs 10 (Staff) and 20 (Guests). We’ll use GigabitEthernet1/0/1 as our interface.
Step 1: Access the Switch and Enter Configuration Mode
Connect to the switch via console, SSH, or Telnet, then enter privileged EXEC mode and global configuration mode:
Switch> enable Switch# configure terminal Switch(config)#
Step 2: Select the Interface
Specify the port you want to configure as a trunk:
Switch(config)# interface GigabitEthernet1/0/1 Switch(config-if)#
Step 3: Set the Port to Trunk Mode
On the Cisco 9200, the default encapsulation is IEEE 802.1Q (dot1q), so you can directly set the mode to trunk:
Switch(config-if)# switchport mode trunk
- This command forces the port into trunking mode without negotiation (disabling Dynamic Trunking Protocol, or DTP, by default on modern IOS versions).
- If you need DTP negotiation (e.g., with older switches), use switchport mode dynamic desirable instead, but static trunking is more secure and predictable.
Step 4: (Optional) Restrict Allowed VLANs
By default, a trunk carries all VLANs (1-4094). To limit it to VLANs 10 and 20:
Switch(config-if)# switchport trunk allowed vlan 10,20
- This ensures only specified VLANs traverse the link, reducing unnecessary traffic and enhancing security.
Step 5: (Optional) Set a Native VLAN
The native VLAN carries untagged traffic. By default, it’s VLAN 1, but for security, change it (e.g., to VLAN 99):
Switch(config-if)# switchport trunk native vlan 99
- Ensure the native VLAN matches on both ends of the trunk to avoid issues.
Step 6: Exit and Save
Exit the interface and save the configuration:
Switch(config-if)# exit Switch(config)# exit Switch# write memory
Step 7: Verify the Configuration
Check the trunk status:
Switch# show interfaces trunk
Sample output:
Port Mode Encapsulation Status Native vlan Gi1/0/1 on 802.1q trunking 99 Port Vlans allowed on trunk Gi1/0/1 10,20
- This confirms the port is trunking, using 802.1Q, with VLANs 10 and 20 allowed and VLAN 99 as native.
Visual Suggestion: Include a screenshot of the show interfaces trunk output. Capture this from a lab setup (e.g., Cisco Packet Tracer) or mock it up in a text editor with a code block style.
Example Scenario
Imagine two Cisco 9200 switches: Switch A (staff area) and Switch B (guest area). You connect Gi1/0/1 on Switch A to Gi1/0/1 on Switch B. Configure both ports as trunks with VLANs 10 and 20 allowed. A staff PC on Switch A (VLAN 10) and a guest laptop on Switch B (VLAN 20) can now communicate through their respective VLANs across the trunk.
Visual Suggestion: A topology diagram with two switches, a trunk link, and devices in VLAN 10 and 20. Use Cisco Packet Tracer to design this or grab a similar image from a free resource like Unsplash (search “network topology”).
Trunk vs. Access in Practice
- Access Port Example: If Gi1/0/2 on Switch A connects to a staff PC, configure it as:
Switch(config)# interface GigabitEthernet1/0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 - This port only handles VLAN 10 traffic, untagged, for the PC.
- Trunk Port Example: The Gi1/0/1 trunk between switches carries both VLAN 10 and 20, tagged, enabling VLAN extension.
Visual Suggestion: Side-by-side comparison image of an access port (PC to switch) and a trunk port (switch to switch), with labels for VLANs and tagging. Create in PowerPoint or find on a site like GeeksforGeeks.
Final Tips
- Security: Avoid using VLAN 1 as the native VLAN to prevent VLAN hopping attacks.
- Consistency: Match encapsulation (802.1Q) and native VLANs on both ends of the trunk.
- Troubleshooting: Use show interfaces switchport for detailed port settings if show interfaces trunk doesn’t show the port (indicating it’s not trunking).
Configuring trunk ports on a Cisco 9200 is straightforward once you grasp the distinction between trunk and access ports. Whether linking switches or extending VLANs, trunking is a cornerstone of scalable network design.