In VLAN configurations, trunking allows multiple VLANs to be transmitted over a single physical link between switches. Trunking can be set up using static trunking or dynamic trunking.
1. Static Trunking
Static trunking means manually configuring a switch port as a trunk. This ensures that the port remains in trunk mode, allowing multiple VLANs to pass through it.
Advantages of Static Trunking
✅ More secure (prevents unauthorized devices from negotiating trunks).
✅ No risk of dynamic negotiation failures.
✅ Preferred in enterprise networks for stability.
Configuration of Static Trunking (Cisco Switch Example)
bashCopyEditinterface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
switchport trunk native vlan 99
exit
👉 This command sets GigabitEthernet0/1 as a static trunk, allowing VLANs 10, 20, and 30, and setting VLAN 99 as the native VLAN.
2. Dynamic Trunking (DTP – Dynamic Trunking Protocol)
Dynamic trunking allows ports to negotiate whether to become a trunk or remain an access port. Cisco switches use DTP (Dynamic Trunking Protocol) to automate trunk formation.
DTP Modes
| Mode | Behavior |
|---|---|
| Access | Forces the port into access mode (no trunking). |
| Trunk | Forces the port into trunk mode (like static trunking). |
| Dynamic Auto | Waits for the other side to initiate trunking but does not actively negotiate. |
| Dynamic Desirable | Actively tries to negotiate trunking with the other device. |
Configuration of Dynamic Trunking (Cisco Example)
interface GigabitEthernet0/2
switchport mode dynamic desirable
exit
👉 The desirable mode will actively try to establish a trunk if the other side supports it.
interface GigabitEthernet0/3
switchport mode dynamic auto
exit
👉 The auto mode waits for the other side to initiate trunking. If both sides are set to auto, the trunk will not form.
3. Key Differences: Static vs. Dynamic Trunking
| Feature | Static Trunking | Dynamic Trunking (DTP) |
|---|---|---|
| Configuration | Manually set to trunk mode | Uses DTP to negotiate trunking |
| Security | More secure | Less secure (vulnerable to VLAN hopping attacks) |
| Stability | Always trunk | May fail to negotiate a trunk |
| Best Use Cases | Enterprise networks, high-security environments | Simple setups or mixed vendor environments |
Best Practice Recommendation
🔹 Disable DTP on all trunk ports and configure static trunking for security.
🔹 Use switchport nonegotiate to prevent DTP from running:
interface GigabitEthernet0/4
switchport mode trunk
switchport nonegotiate
exit
The Lazy Networker 
Leave a comment