In my previous articles about VTP I mentioned that frames are sent over all trunk ports and when utilising VLANs on switches to segment a network you need to use trunk ports to transport frames from each VLAN between network devices. But how do you configure a trunk port?
There are 2 ways to configure a trunk port. You can statically set the port as a trunk by using the interface subcommand switchport mode trunk, or you can use Dynamic Trunking Protocol (DTP). Well you can use DTP as long as you are on a Cisco device at least as it is a Cisco proprietary feature.
As the name suggests, DTP is a way for switches to talk to each other and determine if the port should be an access port, or a trunk port. It does this by sending out DTP messages every 30 seconds. DTP messages are sent to the well known multicast address 0100.0ccc.cccc. There are 3 modes for DTP to configure a port as a trunk or access port
- Trunk: This is a statically configured trunk port using the command switchport mode trunk. DTP will actively try to establish a trunk port in this mode.
- Dynamic desirable: When using this mode DTP will actively try to establish a trunk port but will act as an access port if no DTP messages are heard. If DTP messages are received on a dynamic desirable port, a trunk will be established.
- Dynamic auto: This type of port acts like an access port and will not actively try to establish a trunk port, but will respond to DTP messages from other switches that are configured as either on or dynamic desirable.
The below table shows how each port configuration type will result regarding trunk negotiation.
|Trunk||Dynamic desirable||Dynamic auto|
DTP is enabled on cisco switches by default and all ports will actively try to establish a trunk without needing any intervention from a network engineer. You can disable DTP on a port by port basis using the command switchport nonegotiate.
When you configure DTP on a switch you must also ensure that the VTP domains on both switches match. If it does not DTP will not negotiate. Let's take a look at configuring the various DTP modes. I have 2 switches that I am connecting together first with the default configuration on each port of DTP dynamic auto so no trunk should be established.
To verify a switch ports DTP status, use the shown command show interface <interface> switchport.
Now that we have verified the status of DTP, let's connect a patch lead between SW2 and SW3 on port G1/0/24 on both devices and check the switchport status.
Note the error about VTP. I purposely did that to show that DTP will not negotiate if the VTP domains are not the same. DTP packets contain the VTP domain in the header information as shown below.
To show that this will not work, because it's impossible to tell using Dynamic Auto DTP mode, I've configure SW2 to use DTP Dynamic Desirable mode with the VTP domain miss match.
notice the port actually shut down and came back up. Now let's change the VTP domain on SW2 and reset the interface to dynamic auto again and check the DTP status.
Okay, so we have a port in dynamic auto mode and is a static access port which is expected. Let's change SW3 G1/0/24 port to be dynamic desirable and see what happens.
Again we can see that the port correctly negotiated to become a trunk port with SW3 configured as dynamic desirable. Now let's configure SW32as dynamic desirable as well and confirmed that the port is still a trunk port.
Note that the administrative trunking encapsulation is set to dot1q, if the switches both support ISL (Inter-Switch Link) trunking, then ISL would be used.
This time, we will disable DTP on SW3 by using the interface configuration subcommand switchport nonegotiate.
When I tried to disable DTP on the port, I received an error about the operating status of the port. This is because the port is by default configured in dynamic mode. In order for you to disable DTP on a port, you need to manually configure the port as either an Access port or a Trunk port. I will configure the port as a Trunk port and then disable DTP using the command switchport nonegotiate.
Without the command switchport nonegotiate the switch still sends DTP information and Negotiation of Trunking is still on.