Pada artikel sebelumnya telah di bahas tentang konsep Trunk dan di artikel ini akan dibahas wacana konfigurasi trunk di switch Cisco.
Pada sebuah topologi terdapat 2 buah switch dimana pada masing-masing switch terdapat 3 VLAN : 10, 20, 30 dan 6 PC yang IP nya sudah dikonfig sesuai topologi. Kita akan konfigurasi VLAN trunking dengan skenario sebagai berikut :
VLAN 10
PC1 ke Switch1 port fa0/1
PC5 ke Switch2 port fa0/2
VLAN 20
PC2 ke Switch1 port fa0/2
PC6 ke Switch2 port fa0/3
VLAN 30
PC3 ke Switch1 port fa0/3
PC4 ke Switch2 port fa0/1
Trunk di port fa0/4 pada masing-masing switch
Trunk encapsulation : dot1q
Native VLAN : 90
Berikut ialah switchport status default pada switch Cisco.
Switch1#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Pada switch Cisco, berikut ialah status switchport default pada interface :
- Administrative Mode.
Merupakan switchport mode default yaitu dynamic auto.
- Administrative Trunking Encapsulation.
Merupakan enkapsulasi default yaitu dot1q.
- Trunking Native Mode VLAN.
Native VLAN default menggunakan VLAN 1.
- Capture VLANs Allowed
Secara default, semua VLAN dibolehkan masuk ke trunk port. Namun anda sanggup menciptakan limitasi VLAN mana saja yang diperbolehkan masuk ke trunk port.
Berikut ialah langkah-langkah konfigurasi trunk :
- Konfigurasi VLAN membership.
Tambahkan VLAN 10, 20, dan 30 di masing-masing switch serta VLAN 90 untuk native VLAN.
Switch1
Switch1(config)#vlan 10
Switch1(config-vlan)#name VLAN10
Switch1(config-vlan)#vlan 20
Switch1(config-vlan)#name VLAN20
Switch1(config-vlan)#vlan 30
Switch1(config-vlan)#name VLAN30
Switch1(config-vlan)#vlan 90
Switch1(config-vlan)#name native90
Switch2
Switch2(config)#vlan 10
Switch2(config-vlan)#name VLAN10
Switch2(config-vlan)#vlan 20
Switch2(config-vlan)#name VLAN20
Switch2(config-vlan)#vlan 30
Switch2(config-vlan)#name VLAN30
Switch2(config-vlan)#vlan 90
Switch2(config-vlan)#name native90
Daftarkan interface ke masing-masing VLAN.
Switch1
Switch1(config)#interface fa0/1
Switch2 Switch2(config)#interface fa0/2
- Konfigurasi Trunk port. Ubah port mode interface fa0/4 menjadi mode trunk. Gunakan command switchport mode trunk pada interface level configuration submode.
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
Akan muncul pesan log yang menerangkan bahwa line protocol status nya menjadi up, artinya trunk sudah establish dengan Switch2. Di Switch2 tidak perlu di konfig juga trunk port nya, alasannya port fa0/4 di Switch2 masih dalam port mode default yaitu dynamic auto. Port mode dynamic auto akan menjadi trunk jikalau port switch lawan nya mode trunk. Untuk perundingan trunk port secara dynamic sanggup menggunakan DTP (Dynamic Trunking Protocol) dengan command switchport mode dynamic [auto || desirable]
Switch1(config-if)#int fa0/4
Switch1(config-if)#switchport mode dynamic ?
auto Set trunking mode dynamic negotiation parameter to AUTO
desirable Set trunking mode dynamic negotiation parameter to DESIRABLE
- Konfigurasi Native VLAN.
Native VLAN default pada switch Cisco ialah VLAN 1. Untuk mengubah native VLAN, gunakan command switchport trunk native vlan [VLAN_ID] pada interface configuration mode.
Switch1
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport trunk native vlan 90
Lakukan hal yang sama di Switch2. Native VLAN antar kedua switch harus sama. Jika tidak, maka akan muncul pesan error log CDP :
CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/4 (90), with Switch2 FastEthernet0/4 (1).
yang artinya native VLAN antar kedua switch tidak sama yang akan menyebabkan untagged traffictidak akan sanggup melewati trunk link.
Verifikasi :
- Interface switchport status.
Operational mode sudah trunk, berarti trunk sudah aktif antar kedua switch.
Switch1 :
Switch1#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 90 (native90)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2 :
Switch2#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 90 (native90)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
- Trunk status.
Status nya trunking dan semua VLAN dibolehkan masuk ke trunk.
Switch1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 90
Port Vlans allowed on trunk
Fa0/4 1-1005
Port Vlans allowed and active in management domain
Fa0/4 1,10,20,30,90
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,10,20,30
Interface fa0/4 tidak akan ada di VLAN brief, alasannya interface tersubut sudah menjadi trunk.
Switch1#show vlan brief
VLAN Name Status Ports
---- --------------------------- ------ ---------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9,Fa0/11,Fa0/12,
Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18,
Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 VLAN10 active Fa0/1
20 VLAN20 active Fa0/2
30 VLAN30 active Fa0/3
90 native90 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
- Tes koneksi.
Dari PC1 (192.168.10.11 VLAN 10) sanggup ping ke PC5 (192.168.10.12 VLAN 10) yang ada di Switch2.
Begitu juga dengan PC6 (192.168.20.12 VLAN 20) sanggup ping ke PC2 (192.168.20.11 VLAN 20) yang ada di Switch1.
Hal di atas memperlihatkan bahwa trunk port sanggup membawa lebih dari satu VLAN.
- Limitasi VLAN di Trunk port.
Secara default, semua VLAN diperbolehkan masuk ke trunk port. Namun kita juga sanggup membatasi VLAN mana saja yang boleh masuk ke trunk tersebut dengan memakai command switchport trunk allowed vlan [vlan_id || add || all || except || none || remove] pada interface level. Konfigurasi ini dilakukan di kedua switch.
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Berikut klarifikasi masing-masing command :
- WORD => untuk memilih VLAN mana saja yang boleh masuk ke trunk port. Untuk banyak VLAN sanggup memakai notasi comma "," atau dash "-", contohnya 10,20,30-40,42-44
- add => Menambah VLAN tertentu di allowed VLAN list.
- all => Memperbolehkan semua VLAN masuk di allowed VLAN list.
- except => Memperbolehkan semua VLAN kecuali VLAN yang di except.
- none => tidak memperbolehkan semua VLAN.
- remove => menghapus VLAN tertentu di allowed VLAN list.
di sini kita akan mencoba hapus VLAN 10 di trunk port sehingga traffic dari VLAN 10 ini tidak dibolehkan masuk ke trunk.
Switch1(config-if)#switchport trunk allowed vlan remove 10
Pada trunk status, terlihat bahwa VLAN 10 sudah tidak ada di allowed VLANs.
Switch1(config-if)#do show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 90
Port Vlans allowed on trunk
Fa0/4 1-9,11-1005
Port Vlans allowed and active in management domain
Fa0/4 1,20,30
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,20,30
CATATAN :
- biar untagged traffic sanggup melewati trunk port, maka pastikan native VLAN masuk di allowed VLAN. Dari PC1 (192.168.10.11 VLAN 10) kini tidak sanggup ping ke PC5 (192.168.10.12 VLAN 10) yang ada di Switch2 alasannya VLAN 10 tidak dibolehkan masuk ke trunk.
Untuk menonaktifkan DTP pada interface yang di set ke mode trunk, sanggup memakai command switchport nonegotiate. Interface dengan command ini akan mengabaikan DTP advertisement dari switch2. Makara interface switch2 harus di ubah secara manual ke switchport mode trunk untuk sanggup mengaktifkan trunk pada interface ini.
Switch1(config)#interface fa0/4 Switch1(config-if)#switchport nonegotiate
Latihan lab :
- Lab 1
- Lab 2
- Jawaban Lab 1
- Jawaban Lab 2
Pada sebuah topologi terdapat 2 buah switch dimana pada masing-masing switch terdapat 3 VLAN : 10, 20, 30 dan 6 PC yang IP nya sudah dikonfig sesuai topologi. Kita akan konfigurasi VLAN trunking dengan skenario sebagai berikut :
VLAN 10
PC1 ke Switch1 port fa0/1
PC5 ke Switch2 port fa0/2
VLAN 20
PC2 ke Switch1 port fa0/2
PC6 ke Switch2 port fa0/3
VLAN 30
PC3 ke Switch1 port fa0/3
PC4 ke Switch2 port fa0/1
Trunk di port fa0/4 pada masing-masing switch
Trunk encapsulation : dot1q
Native VLAN : 90
Berikut ialah switchport status default pada switch Cisco.
Name: Fa0/4
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
- Administrative Mode.
Merupakan switchport mode default yaitu dynamic auto.
- Administrative Trunking Encapsulation.
Merupakan enkapsulasi default yaitu dot1q.
- Trunking Native Mode VLAN.
Native VLAN default menggunakan VLAN 1.
- Capture VLANs Allowed
Secara default, semua VLAN dibolehkan masuk ke trunk port. Namun anda sanggup menciptakan limitasi VLAN mana saja yang diperbolehkan masuk ke trunk port.
Berikut ialah langkah-langkah konfigurasi trunk :
- Konfigurasi VLAN membership.
Tambahkan VLAN 10, 20, dan 30 di masing-masing switch serta VLAN 90 untuk native VLAN.
Switch1
Switch1(config)#vlan 10
Switch1(config-vlan)#name VLAN10
Switch1(config-vlan)#vlan 20
Switch1(config-vlan)#name VLAN20
Switch1(config-vlan)#vlan 30
Switch1(config-vlan)#name VLAN30
Switch1(config-vlan)#vlan 90
Switch1(config-vlan)#name native90
Switch2
Switch2(config)#vlan 10
Switch2(config-vlan)#name VLAN10
Switch2(config-vlan)#vlan 20
Switch2(config-vlan)#name VLAN20
Switch2(config-vlan)#vlan 30
Switch2(config-vlan)#name VLAN30
Switch2(config-vlan)#vlan 90
Switch2(config-vlan)#name native90
Daftarkan interface ke masing-masing VLAN.
Switch1
Switch1(config)#interface fa0/1
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 10
Switch1(config-if)#interface fa0/2
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 20
Switch1(config-if)#interface fa0/3
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 30
Switch2
Switch2(config)#interface fa0/2
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 10
Switch2(config-if)#interface fa0/3
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 20
Switch2(config-if)#interface fa0/1
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 30
- Konfigurasi Trunk port.
Ubah port mode interface fa0/4 menjadi mode trunk. Gunakan command switchport mode trunk pada interface level configuration submode.- Konfigurasi Trunk port.
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
Akan muncul pesan log yang menerangkan bahwa line protocol status nya menjadi up, artinya trunk sudah establish dengan Switch2. Di Switch2 tidak perlu di konfig juga trunk port nya, alasannya port fa0/4 di Switch2 masih dalam port mode default yaitu dynamic auto. Port mode dynamic auto akan menjadi trunk jikalau port switch lawan nya mode trunk. Untuk perundingan trunk port secara dynamic sanggup menggunakan DTP (Dynamic Trunking Protocol) dengan command switchport mode dynamic [auto || desirable]
Switch1(config-if)#int fa0/4
Switch1(config-if)#switchport mode dynamic ?
auto Set trunking mode dynamic negotiation parameter to AUTO
desirable Set trunking mode dynamic negotiation parameter to DESIRABLE
Native VLAN default pada switch Cisco ialah VLAN 1. Untuk mengubah native VLAN, gunakan command switchport trunk native vlan [VLAN_ID] pada interface configuration mode.
Switch1
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport trunk native vlan 90
Lakukan hal yang sama di Switch2. Native VLAN antar kedua switch harus sama. Jika tidak, maka akan muncul pesan error log CDP :
CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/4 (90), with Switch2 FastEthernet0/4 (1).
yang artinya native VLAN antar kedua switch tidak sama yang akan menyebabkan untagged traffictidak akan sanggup melewati trunk link.
Verifikasi :
- Interface switchport status.
Operational mode sudah trunk, berarti trunk sudah aktif antar kedua switch.
Switch1 :
Switch1#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 90 (native90)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2 :
Switch2#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 90 (native90)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
- Trunk status.
Status nya trunking dan semua VLAN dibolehkan masuk ke trunk.
Switch1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 90
Port Vlans allowed on trunk
Fa0/4 1-1005
Port Vlans allowed and active in management domain
Fa0/4 1,10,20,30,90
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,10,20,30
Interface fa0/4 tidak akan ada di VLAN brief, alasannya interface tersubut sudah menjadi trunk.
Switch1#show vlan brief
VLAN Name Status Ports
---- --------------------------- ------ ---------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9,Fa0/11,Fa0/12,
Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18,
Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 VLAN10 active Fa0/1
20 VLAN20 active Fa0/2
30 VLAN30 active Fa0/3
90 native90 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
- Tes koneksi.
Dari PC1 (192.168.10.11 VLAN 10) sanggup ping ke PC5 (192.168.10.12 VLAN 10) yang ada di Switch2.
Begitu juga dengan PC6 (192.168.20.12 VLAN 20) sanggup ping ke PC2 (192.168.20.11 VLAN 20) yang ada di Switch1.
Hal di atas memperlihatkan bahwa trunk port sanggup membawa lebih dari satu VLAN.
- Limitasi VLAN di Trunk port.
Secara default, semua VLAN diperbolehkan masuk ke trunk port. Namun kita juga sanggup membatasi VLAN mana saja yang boleh masuk ke trunk tersebut dengan memakai command switchport trunk allowed vlan [vlan_id || add || all || except || none || remove] pada interface level. Konfigurasi ini dilakukan di kedua switch.
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Berikut klarifikasi masing-masing command :
- WORD => untuk memilih VLAN mana saja yang boleh masuk ke trunk port. Untuk banyak VLAN sanggup memakai notasi comma "," atau dash "-", contohnya 10,20,30-40,42-44
- add => Menambah VLAN tertentu di allowed VLAN list.
- all => Memperbolehkan semua VLAN masuk di allowed VLAN list.
- except => Memperbolehkan semua VLAN kecuali VLAN yang di except.
- none => tidak memperbolehkan semua VLAN.
- remove => menghapus VLAN tertentu di allowed VLAN list.
di sini kita akan mencoba hapus VLAN 10 di trunk port sehingga traffic dari VLAN 10 ini tidak dibolehkan masuk ke trunk.
Switch1(config-if)#switchport trunk allowed vlan remove 10
Pada trunk status, terlihat bahwa VLAN 10 sudah tidak ada di allowed VLANs.
Switch1(config-if)#do show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 90
Port Vlans allowed on trunk
Fa0/4 1-9,11-1005
Port Vlans allowed and active in management domain
Fa0/4 1,20,30
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,20,30
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport trunk native vlan 90
Lakukan hal yang sama di Switch2. Native VLAN antar kedua switch harus sama. Jika tidak, maka akan muncul pesan error log CDP :
CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/4 (90), with Switch2 FastEthernet0/4 (1).
yang artinya native VLAN antar kedua switch tidak sama yang akan menyebabkan untagged traffictidak akan sanggup melewati trunk link.
Verifikasi :
- Interface switchport status.
Operational mode sudah trunk, berarti trunk sudah aktif antar kedua switch.
Switch1 :
Switch1#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 90 (native90)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2 :
Switch2#show interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 90 (native90)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
- Trunk status.
Status nya trunking dan semua VLAN dibolehkan masuk ke trunk.
Switch1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 90
Port Vlans allowed on trunk
Fa0/4 1-1005
Port Vlans allowed and active in management domain
Fa0/4 1,10,20,30,90
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,10,20,30
Interface fa0/4 tidak akan ada di VLAN brief, alasannya interface tersubut sudah menjadi trunk.
Switch1#show vlan brief
VLAN Name Status Ports
---- --------------------------- ------ ---------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9,Fa0/11,Fa0/12,
Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18,
Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
10 VLAN10 active Fa0/1
20 VLAN20 active Fa0/2
30 VLAN30 active Fa0/3
90 native90 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
- Tes koneksi.
Dari PC1 (192.168.10.11 VLAN 10) sanggup ping ke PC5 (192.168.10.12 VLAN 10) yang ada di Switch2.
Hal di atas memperlihatkan bahwa trunk port sanggup membawa lebih dari satu VLAN.
Secara default, semua VLAN diperbolehkan masuk ke trunk port. Namun kita juga sanggup membatasi VLAN mana saja yang boleh masuk ke trunk tersebut dengan memakai command switchport trunk allowed vlan [vlan_id || add || all || except || none || remove] pada interface level. Konfigurasi ini dilakukan di kedua switch.
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Berikut klarifikasi masing-masing command :
- WORD => untuk memilih VLAN mana saja yang boleh masuk ke trunk port. Untuk banyak VLAN sanggup memakai notasi comma "," atau dash "-", contohnya 10,20,30-40,42-44
- add => Menambah VLAN tertentu di allowed VLAN list.
- all => Memperbolehkan semua VLAN masuk di allowed VLAN list.
- except => Memperbolehkan semua VLAN kecuali VLAN yang di except.
- none => tidak memperbolehkan semua VLAN.
- remove => menghapus VLAN tertentu di allowed VLAN list.
di sini kita akan mencoba hapus VLAN 10 di trunk port sehingga traffic dari VLAN 10 ini tidak dibolehkan masuk ke trunk.
Switch1(config-if)#switchport trunk allowed vlan remove 10
Pada trunk status, terlihat bahwa VLAN 10 sudah tidak ada di allowed VLANs.
Switch1(config-if)#do show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 90
Port Vlans allowed on trunk
Fa0/4 1-9,11-1005
Port Vlans allowed and active in management domain
Fa0/4 1,20,30
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,20,30
CATATAN :
- biar untagged traffic sanggup melewati trunk port, maka pastikan native VLAN masuk di allowed VLAN.
Untuk menonaktifkan DTP pada interface yang di set ke mode trunk, sanggup memakai command switchport nonegotiate. Interface dengan command ini akan mengabaikan DTP advertisement dari switch2. Makara interface switch2 harus di ubah secara manual ke switchport mode trunk untuk sanggup mengaktifkan trunk pada interface ini.
Switch1(config)#interface fa0/4
Switch1(config-if)#switchport nonegotiate
Latihan lab :
- Lab 1
- Lab 2
- Jawaban Lab 1
- Jawaban Lab 2
0 Komentar untuk "Latihan 4 Konfigurasi Trunk Pada Switch Cisco"