DTP is a means for switch ports to automatically form and negotiate trunks. Another feature that you don’t see used very often in large enterprise networks, but it still needs to be covered.
If you buy two new 2960s from Cisco and plug them together with a patch cable they will automatically form a trunk. How does this happen? Because the default port setting on all interfaces for a new switch is …
switchport mode dynamic desirable
Here’s a table that shows the different DTP configuration options…
Being a Cisco Protocol, DTP will first try to negotiate ISL. If it can’t it will then fall back to dot1q. It’s pretty straight forward so Im not going to beat the horse but here are a couple of other quick notes on DTP.
-You can disable DTP entirely with the ‘switchport nonnegotiate’ command. This is very common to see on hard coded trunk ports
-Ports that are configured in access mode (switchport mode access) have DTP disabled. There is no need to use the ‘switchport nonnegotiate’ command on access ports. Note: I previosuly had this wrong based on info from the CCIE R&S fourth edition cert guide. The chart on page 53 clearly states that access ports will still send DTP unless you disable it with the nonnegotiate command. Thanks to a reader for catching this!
Hey. Love the blog — been reading for a while now.
One correction to the last paragraph though: when you put a switchport into static access mode (switchport mode access) DTP is automatically disabled regardless of the addition of the ‘switchport nonegotiate’ command or not. I’ve been caught before by this little quirk, and I’m pretty sure the documentation for this is wrong.
And as a disclaimer, I’ve only tested this on a 3560 since that’s what I have in my home lab. If you’re using a 2960, as your post seems to indicate, then you certainly may be correct after all. But since the 3560 is the current CCIE R&S lab switch I’m of the opinion that that is all that matters 🙂
Hey! I’ve been reading your blog for a long time too! A favorite in my RSS feed.
That’s an interesting point. I was actually just taking the CCIE R&S cert guide at their word when they said that (Page 53, chart). I’m going to have to check now and see… Thanks for pointing that out. You also bring up a good point, I should probably be studying on 3560s…. Im using a combination of 2960s and 3750s currently.
Yeh that’s a little lesson I learned a while back on this CCIE experience is ALWAYS VERIFY! Most of the time you hear people saying that about lab tasks, but it holds true for everything you read as well. If you have your own gear then run a packet sniffer on everything you do. Watch and verify that the commands you run do what the book says (and it’s good SPAN proactice). And learn the debugs for when you’re in the lab and need to troubleshoot without a packet sniffer. These are the things that will save you come Lab day. 🙂
re: 3560’s, if you have 3750’s at your disposal then you’re doing OK. Those 2 models have very few differences… Stacking being an unimportant one.
Just confirmed myself that switchport mode access will prevent DTP advertisements on the port using Wireshark (dtp protocol filter enabled) and switching port mode to-from access dynamic desirable (default mode).
Very interesting…Thanks for the additional info Jon!