VLANs & Trunking

A VLAN is a logical broadcast domain. Trunks carry many VLANs between switches using 802.1Q tags.

// 802.1Q trunk

SW1

VLAN 10VLAN 20

802.1Q trunk

VLAN 10,20,30 · native 99

SW2

VLAN 10VLAN 20

One physical link carries many VLANs — each frame tagged with its VLAN ID (native VLAN travels untagged).

// VLAN ID ranges

0, 4095	Reserved — never use
1	Default VLAN (all ports)
2–1001	Normal range
1002–1005	Legacy Token Ring / FDDI
1006–4094	Extended range

// trunking facts

802.1Q inserts a 4-byte tag — 12-bit ID = 4094 usable VLANs
Native VLAN crosses a trunk untagged (default 1)
Access port = 1 VLAN · trunk = many VLANs
Inter-VLAN routing: router-on-a-stick or L3 SVI
VTP modes: server / client / transparent
Native VLAN must match on both trunk ends

vlan & trunk · cisco ios

vlan 100
 name Engineering
!
interface Gi0/1
 switchport mode access
 switchport access vlan 100
 switchport voice vlan 150
!
interface Gi0/24
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20-30
 switchport trunk native vlan 99
!
interface vlan100
 ip address 192.168.100.1 255.255.255.0

verify

show vlan brief
show interfaces trunk
show interfaces switchport
show vtp status

// Q-in-Q (802.1ad) — VLAN stacking

DST/SRC MAC

S-Tag
provider

C-Tag
customer

Type / Payload

Two stacked 802.1Q tags: the outer S-Tag is added by the provider, the inner C-Tag is the customer original.

// facts

802.1ad (Q-in-Q) stacks two 802.1Q VLAN tags
Outer S-Tag = provider VLAN · inner C-Tag = customer VLAN
Carries an entire customer VLAN range transparently across a provider
Adds 4 more bytes per tag — mind the MTU
Also called VLAN stacking or provider bridging