Cisco DTP (Dynamic Trunking Protocol) Negotiation

In this lesson, we’ll take a look at DTP (Dynamic Trunking Protocol) negotiation. DTP is normally used on Cisco IOS switches to negotiate if the interface should become an access port or trunk.

By default, DTP is enabled, and the interfaces of your switches will be in “dynamic auto” or “dynamic desirable” mode. This means that your interface will be in trunk mode whenever you receive a DTP packet that requests to form a trunk. If you are unfamiliar with DTP and the different interface settings, then you might want to read my “How to configure Trunk on Cisco Catalyst Switch” lesson before continuing.




Let’s take a look at DTP negotiation and how to disable it. I’ll be using two switches for this:

Cisco SW1 SW2 802.1Q Trunk

I didn’t configure anything on my switches. Let’s see what the default settings are:

SW1#show interfaces fa0/24 switchport        
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
SW2#show interfaces fastEthernet 0/24 switchport 
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On

Without configuring anything on the interfaces, we are using dynamic auto mode, and as a result, the interfaces are in access mode.

Depending on the switch model and IOS version, the default might be “dynamic auto” or “dynamic desirable”. The switches in my example are Cisco Catalyst 3560 switches.

There are two ways to disable DTP negotiation:

  • Configure the interface for access mode.
  • Use the switchport nonegotiate command on the interface.

Configuring the interface for trunking does not disable DTP negotiation. Let me give you an example. First, we’ll configure the interfaces for access mode:

SW1(config)#interface fastEthernet 0/24
SW1(config-if)#switchport mode access
SW2(config)#interface fastEthernet 0/24
SW2(config-if)#switchport mode access 

When we look again at the switchport settings, we can see that DTP negotiation is now disabled:

SW1#show interfaces fastEthernet 0/24 switchport 
Name: Fa0/24
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off

So configuring an interface yourself to use access mode disables DTP negotiation. How about creating a trunk ourselves?

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

560 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Thanks Rene very useful

  2. Dear René,

    Is it to avoid a security issue that we disable DTP ? If someone bring a rogue switch and plug it et voilà we negociate a trunk ?

    Thks,

    Prince

     

  3. Hi Prince,

    That’s correct, this could be dangerous if your interface is configured for “dynamic auto” or “dynamic desirable”.

    If you configured the interface in static “access” or “trunk” then negotiatin can’t change it anymore but you are still sending DTP packets which is a bit pointless, better to just disable them.

    Rene

  4. Thanks for the reply René,

     

    Prince

  5. Rene,

    Watching you switching videos and I like the background of your terminal. Tale me, which terminal program and font are you using. I would like to use such a background.

     

28 more replies! Ask a question or join the discussion by visiting our Community Forum