In this lesson, we’ll take a look at DTP (Dynamic Trunking Protocol) negotiation. DTP is normally used on Cisco IOS switches to negotiate if the interface should become an access port or trunk.
By default, DTP is enabled, and the interfaces of your switches will be in “dynamic auto” or “dynamic desirable” mode. This means that your interface will be in trunk mode whenever you receive a DTP packet that requests to form a trunk. If you are unfamiliar with DTP and the different interface settings, then you might want to read my “How to configure Trunk on Cisco Catalyst Switch” lesson before continuing.
Let’s take a look at DTP negotiation and how to disable it. I’ll be using two switches for this:
I didn’t configure anything on my switches. Let’s see what the default settings are:
SW1#show interfaces fa0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
SW2#show interfaces fastEthernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: OnWithout configuring anything on the interfaces, we are using dynamic auto mode, and as a result, the interfaces are in access mode.
There are two ways to disable DTP negotiation:
- Configure the interface for access mode.
- Use the
switchport nonegotiatecommand on the interface.
Configuring the interface for trunking does not disable DTP negotiation. Let me give you an example. First, we’ll configure the interfaces for access mode:
SW1(config)#interface fastEthernet 0/24
SW1(config-if)#switchport mode accessSW2(config)#interface fastEthernet 0/24
SW2(config-if)#switchport mode access When we look again at the switchport settings, we can see that DTP negotiation is now disabled:
SW1#show interfaces fastEthernet 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: OffSo configuring an interface yourself to use access mode disables DTP negotiation. How about creating a trunk ourselves?
Thanks Rene very useful
Dear René,
Is it to avoid a security issue that we disable DTP ? If someone bring a rogue switch and plug it et voilà we negociate a trunk ?
Thks,
Prince
Hi Prince,
That’s correct, this could be dangerous if your interface is configured for “dynamic auto” or “dynamic desirable”.
If you configured the interface in static “access” or “trunk” then negotiatin can’t change it anymore but you are still sending DTP packets which is a bit pointless, better to just disable them.
Rene
Thanks for the reply René,
Prince
Rene,
Watching you switching videos and I like the background of your terminal. Tale me, which terminal program and font are you using. I would like to use such a background.