DTP is cisco’s proprietary protocol for negotiating trunking mode between two switches. A trunk link can only be negotiated between two switches if both belong to the same VTP management domain or if anyone or both do not have their VTP domain defined, i.e., their domain is NULL. Firewalls and routers do not participate in DTP; the recommendation is to disable DTP on these interfaces.
If the two switches are in different VTP domains, the best option is to set the ports to on or nonegotiate mode. These options force the establishment of a trunk link.
By default, the ports of a layer2 switch are not trunked and operate as access links. Remember that the trunk ports of Cisco switches can work with ISL or 802.1Q; by default, if DTP is enabled ISL encapsulation is preferred.
With the switchport mode command you can set the trunking mode for each port. The modes are as follows:
- Trunk (on): this mode is generally used to establish a trunk link unconditionally. Therefore, the corresponding switch port at the other end of the link must be configured similarly. If the port at the other end is configured in trunk, dynamic desirable, or dynamic auto mode, the trunk link is negotiated successfully. In this way, both switches always expect the trunk link to be operational without any negotiation. You must also manually configure the encapsulation mode to remove its negotiation. This mode is still DTP enabled.
- Dynamic desirable (default on some catalyst): The port actively sends DTP packets to establish a trunk. If the other end port is configured as trunk, dynamic desirable or dynamic auto, the trunk is successfully negotiated.
- Dynamic auto (default on some catalyst): The port remains in a passive state; the port can become a trunk link, but only if the other switch requests it to become a trunk. Therefore, if the far-end switch port is configured in trunk or dynamic desirable mode if the trunk link is negotiated, due to the passive negotiation behavior, the link never becomes trunk if both ends of the link are left in dynamic auto.
- Non-negotiable: Disables DTP.
DTP sends frames every 30 seconds to keep neighboring switch ports informed; the timeout is 300 seconds. It is recommended to manually configure the trunk and access ports at both ends (switchport mode trunk and switchport mode access) to eliminate any problems with link operation.
The DTP modes of the switch ports are configured with the following command:
Switch(config-if)# switchport mode trunk | dynamic {desirable | auto }
The default switches are configured to negotiate the encapsulation of the trunk interface with the following command, which is not visible in the configuration:
switchport trunk encapsulation nogotiate
Because the port is in auto (negotiate) mode with the above command, setting the switchport mode trunk command sends the following error message:
Switch(config-if)# switchport mode trunk Command rejected: an interface whose trunk encapsulation is "Auto" con not be configured to "trunk" mode
To use the switchport mode trunk command, it is necessary to define the encapsulation mode first with the following command:
Switch(config-if)# switchport trunk encapsulation isl | dot1q | negotiate
After defining the encapsulation mode we can configure the trunk mode on the port.
Configuration commands used to define the VTP mode and attributes of a trunk link:
Switch(config)# interface type member/module/number
Switch(config-if)# switchport
Switch(config-if)# switchport trunk encapsulation isl | dot1q | negotiate
Switch(config-if)# switchport trunk native vlan vlan-id
Switch(config-if)# switchport trunk allowed vlan { vlan-list | all | { add | except | remove } vlan-list }
Switch(config-if)# switchport mode { trunk | dynamic {desirable | auto }}
DTP verification commands:
#show dtp [interface type member/module/number] !Example 1: See general information DTP Switch# show dtp Global DTP information Sending DTP Hello packets every 30 seconds Dynamic Trunk timeout is 300 seconds 1 interface using DTP !Example 2: View DTP on an interface Switch# show dtp interface gigabitEthernet 1/1 DTP information for GigabitEthernet1/1: TOS/TAS/TNS: TRUNK/ON/TRUNK TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q Neighbor address 1: F8B7E2310112 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): 16/RUNNING Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S6:TRUNK # times multi & trunk 0 Enabled: yes In STP: no Statistics ---------- 683072 packets received (683072 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 682938 packets output (682938 good) 682938 native, 0 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 0 link ups 2 link downs, last link down on Wed Sep 23 2015, 16:57:01
Other verification commands:
Switch# show interface type member/module/number trunk Switch# show interface type member/module/number switchport !Example: Switch# show interfaces gigabitEthernet 1/1 switchport Name: Gi1/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk (member of bundle Po2) Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Operational Dot1q Ethertype: 0x8100 Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Operational Native VLAN tagging: disabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Unknown unicast blocked: disabled Unknown multicast blocked: disabled
In the output of the show interfaces gigabitEthernet 1/1 switchport command, we can validate the configurations and DTP negotiations, for example:
Switchport: Enabled //Indicates that the port is operating as layer 2
Administrative Mode: trunk //Mode in which the port is configured
Operational Mode: trunk //Mode in which the port is operates because of the DTP negotiation.
Administrative Trunking Encapsulation: dot1q //Mode of encapsulation configured on the port
Operational Trunking Encapsulation: dot1q //Mode in which it is operating because of the negotiation or encapsulation that has been specified.
Negotiation of Trunking: On //Indicates whether DTP is enabled
The above command gives us a lot of information about the operation of the port at layer 2.
For more information:
