This post is part of a series of revision notes I put together and used for studying CCNP Switch concepts. I am now writing them up on this website so that they might be useful to others.
They formed a part of my notes intended to explain concepts in simple terms. I hope they come in use, but as a reminder, please do not use these notes as any indication of what is sufficient for CCNP level understanding.
Let’s get started.
What It Is
- Known as Dynamic Trunking Protocol
- It is a way for Trunk links to be dynamically formed without manual configuration
- Essentially a way for Switches to decide if a link should be an Access Link or a Trunk Link
How It Works
Trunking Encapsulation
2 types of Trunking Encapsulations are supported:
- ISL (Cisco Proprietary)
- DOT1q (Open Standard)
Modes
DTP has 2 modes, we can set a port to be either of these modes and depending on the combination, either an Access Link or Trunk Link will form
Here are the modes:
- Dynamic Auto
- This is where the port prefers to be an Access Link
- Dynamic Desirable
- In this mode, the port prefers to be a Trunk Link
Mode Combinations
These are the outcomes when different port combinations are used:
| Port Configurations | Resulting Link |
|---|---|
| Dynamic Auto + Dynamic Auto | Access |
| Dynamic Auto + Dynamic Desirable | Trunk |
| Dynamic Desirable + Dynamic Desirable | Trunk |
Note that if you combine an above mode with ANY statically configured port, the link will always become what is statically configured.
As below:
Dynamic Auto/Desirable + Trunk = Trunk Link
Dynamic Auto/Desirable + Access = Access Link
Security Concerns
Although DTP seems like a handy way to allow Trunk links to form dynamically, think about the consequences of this on a network.
The DTP protocol itself does not have any method of authentication, meaning an attacker could send fake DTP packets. If our real Switch has a port configured as Dynamic Auto, then an attacker just needs to send a DTP Dynamic Desirable packet to form a Trunk Link. With the Trunk link now in place, the attacker would then have access to all VLANs allowed on the Trunk (all by default).
It is for this reason that many Network Administrators explicitly turn off DTP on ports entirely.
Configuration
Configuring a port to be in the Dynamic Auto state:
Switch(config)# interface [INTERFACE NUMBER]
Switch(config-if)# switchport mode dynamic desirableConfiguring a port to be in the Dynamic Desirable state:
Switch(config)# interface [INTERFACE NUMBER]
Switch(config-if)# switchport mode dynamic autoStatically configuring a Trunk port:
Switch(config)# interface [INTERFACE NUMBER]
Switch(config-if)# switchport mode trunkStatically configuring an Access port:
Switch(config)# interface [INTERFACE NUMBER]
Switch(config-if)# switchport mode accessTurning Off DTP:
Switch(config)# interface [INTERFACE NUMBER]
Switch(config-if)# switchport nonegociateRevision Flashcard
Last but not least, I have put together a digital flashcard based on my notes.
Please be aware that neither this post nor this flashcard is to be taken as all the information you need to know for DTP, it just contains the basics and is intended to be used as a supplement to your own notes and studies.
I hope it helps.
