Cisco DTP (Dynamic Trunking Protocol) Negotiation

ReneMolenaar · December 26, 2016, 10:30pm

This topic is to discuss the following lesson:

system · March 11, 2014, 10:06pm

Thanks Rene very useful

aelwahid · October 6, 2015, 12:22pm

Dear René,

Is it to avoid a security issue that we disable DTP ? If someone bring a rogue switch and plug it et voilà we negociate a trunk ?

Thks,

Prince

ReneMolenaar · October 6, 2015, 8:53pm

Hi Prince,

That’s correct, this could be dangerous if your interface is configured for “dynamic auto” or “dynamic desirable”.

If you configured the interface in static “access” or “trunk” then negotiatin can’t change it anymore but you are still sending DTP packets which is a bit pointless, better to just disable them.

Rene

aelwahid · October 7, 2015, 10:11am

Thanks for the reply René,

Prince

jg1 · December 4, 2015, 5:38pm

Rene,

Watching you switching videos and I like the background of your terminal. Tale me, which terminal program and font are you using. I would like to use such a background.

ReneMolenaar · December 7, 2015, 5:06pm

Hi Jesse,

Which video did you see?

For a long time I used Linux Mint (Mate edition) with the mate-terminal to record these videos. It was the default font, not sure which one that was.

Nowadays I use secureCRT configured to use the same colors as Pycharm’s darcula (I liked their colors):

Here’s a screenshot of what my SecureCRT looks like:

I’m not sure if this is the best for videos but it’s easy on the eyes, even after hours of hardcore Cisco console work

Rene

nav.amazing · April 21, 2016, 2:26am

Very good information.

hussien.samer · October 24, 2016, 3:53pm

thank you
Rene
your wonderful

maher1 · October 29, 2016, 11:05am

You are welcome Hussein.

a.sanghani · January 30, 2017, 6:47pm

Hi Rene,

Can you explain me what does it mean Trunking negotiation is ON does it means that this particular mode is set to send DTP frames . to the my knowledge only Dynamic desirable and ON mode will send out DTP frames and other modes are doesn’t (Dynamic Auto and Access)

lagapidis · February 3, 2017, 8:32am

Hello Ankit

When we say that DTP negotiation is ON, it means that the port is in a state where, if the proper DTP packets are sent/received, the port may change its trunking functionality. Negotiation is ON in the following states: Dynamic Desirable, Dynamic Auto or Trunk.

DTP negotiation is OFF when a port is in one of the following states: Access or Non-negotiate.

As for the exchanging of DTP frames, these are sent when a port is in the following states: Dynamic Desirable and Trunk.

DTP frames are NOT sent when a port is configured as Dynamic Auto, Non-negotiate or Access.

So, even if a port is in Dynamic Auto and doesn’t send DTP frames, it is still considered Negotiation ON because it can be affected by the DTP frames it receives.

I hope this has been helpful!

Laz

Moeedeng · August 5, 2020, 2:55pm

We use Switchport no negotiate only on Trunks ? Or we use it on access ports as well ?
Thanks

lagapidis · August 6, 2020, 8:01am

Hello Abdul

When you configure a port to function as a trunk using the switchport mode trunk command, you are hardwiring that port to function as a trunk. However, it will still send out DTP messages to the other side of the link, and if that side of the link is configured to listen and respond to DTP messages (set to dynamic auto or desireable) it will automatically become a trunk.

By using the switchport nonegotiate command, you disable the sending of any DTP messages completely.

I hope this has been helpful!

Laz

lagapidis · August 7, 2020, 8:28am

Hello Abdul

The switchport nonegotiate command is only applied on trunk ports. DTP is automatically disabled on ports that are manually configured as access ports.

I hope this has been helpful!

Laz

pradyumnayadavgla · August 14, 2020, 9:43pm

Hi Rene/Laz,

If we are having trunk mode both side but DTP is disabled means trunking is off, is that mean frame received by switch will be normal frame not tagged one then how frames will be processed by switches b/w each other?

lagapidis · August 17, 2020, 6:08am

Hello Pradyumna

If you disable DTP, this doesn’t mean that trunking is off. This means that trunk negotiation is off. You can still manually configure a port to function as a trunk simply by using the switchport trunk command.

Whether or not a frame on a particular link will have a tag or not depends on the state in which the link finds itself. If DTP is off, then it depends on the configured switchport mode on the egress port. If DTP is on, then it depends on the result of the negotiation.

I hope this has been helpful!

Laz

pradyumnayadavgla · September 9, 2020, 2:06pm

Hi Laz,

If we hard coding the interface as a trunk on both side and disable DTP then how interfaces will react as trunk or access and if we are disabling DTP when interfaces are in trunk mode why is this required?

lagapidis · September 13, 2020, 5:59am

Hello Pradyumna

There are only two ways to disable DTP:

configure the port for access mode
use the switchport nonegotiate command

If you configure a port as a trunk, you are not disabling DTP. You are hard coding the port to trunk, but the port will still send out DTP messages to the other end saying “I’m a trunk, please become a trunk too!” This means that if there is a port on the other end where DTP has not been disabled, and where it has not been manually configured, it will automatically become a trunk.

I hope this has been helpful!

Laz

pradyumnayadavgla · September 13, 2020, 12:17pm

Mean when port the port is hardcoded Trunk as well as DTP disabled, port will always be Trunk port but we have to configure it at both sides.