ICND2 200-105

ICND2 200-105

Dynamic Trunking Protocol (DTP) Configuration

So we've seen the static trunking configuration, switchport mode trunk. Now let's look at the other methods. By default, it will either be auto or desirable, which are Dynamic Trunking Protocol methods. What does auto state mean? Let's define the methods in the following table where you can easily spot what will be the result based on the ports' configuration.

 switchport mode dynamic autoswitchport mode dynamic desirableswitchport mode trunkswitchport mode trunk
switchport nonegotiate
switchport mode access
switchport mode dynamic auto Access Trunk Trunk Limited Connectivity Access
switchport mode dynamic desirable Trunk Trunk Trunk Limited Connectivity Access
switchport mode trunk Trunk Trunk Trunk Trunk Limited Connectivity
switchport mode trunkswitchport nonegotiate Limited Connectivity Limited Connectivity Trunk Trunk Limited Connectivity
switchport mode access Access Access Limited Connectivity Limited Connectivity Access

Auto states wait patiently for DTP messages, Dynamic Trunking Protocol messages, to arrive, asking you to form a trunk. Do not seek or try to form a trunk unless someone explicitly asks you using DTP.

Dynamic desirable states aggressively, form a trunk link. Do your best using DTP to form a trunk with the other side of that link. Trunk, we've seen. You are a trunk. But if I just type in switchport mode trunk, does that shut off DTP or am I still using DTP?

DTP is left on. There are only two effective ways to remove it. If you want the port to be a trunk port but not have DTP action take place, we say switchport nonegotiate. And so we can see that in the fourth column here, two separate commands, switchport mode trunk to be forceful and then nonegotiate, that means we won't listen but we also won't speak DTP as a language. And in some discussions that is the preferred and ideal configuration, run it forcefully as a trunk and remove any question with DTP and we see that in security courses. I'm perfectly happy with switchport mode trunk, that's the one command that I'm going to do. I've no objection to switchport nonegotiate. Now the other way to turn off DTP is just to say switchport mode access and then we are certainly not expecting that port to need the DTP protocol, so we don't run it. So there are some situations that could have some unexpected consequences based on these interactions. If you do this in the real world, avoid these unexpected consequences by just setting both sides to be the same and know the impact of setting both sides as let's say switchport mode dynamic auto. If we do that, switchport mode dynamic auto, got it on both sides. auto, hey let's form a trunk, right?

No, no, not at all, and the majority of the switches that I deal with on a regular basis are automatically set to dynamic auto from the manufacturer being Cisco. So what does that mean?

Well look at the output on this chart, it says switchport dynamic auto. With switchport dynamic auto, find the two headings there in our columns and our rows and then join them up, and what do you find? Access, access what? It means we're an access port. That's what that's referring to. Why? Well remember, what dynamic auto does, auto says wait for DTP messages to ask you to form a trunk. So if one side is waiting and the other side is waiting, is anybody sending DTP messages? No trunk being formed. And with this being the method that's set by default on your switches, most times when you plug switches together, you're not going to form a trunk automatically. Older switches were usually set to dynamic desirable by default, so trunks would just form wherever they want. Plug two switches together, boom, we have our trunk, but neither one seemed to be set to dynamic auto to make sure that the trunk doesn't form automatically. So if I can't have dynamic auto on both sides, I need at least dynamic desirable or trunk set on the other side.

Both will tip the scales because both will ask the other side and they still run DTP. What wouldn't happen is if you then tacked on nonegotiate because then you would have no communication to tip the scales for the auto side or even if it was desirable on the other side. Both auto and desirable would demand seeing some DTP from the other side and nonegotiate turns that off. Let's think for a moment about limited connectivity for just a brief moment in time. What does limited connectivity even mean? Well basically, it means that the only VLAN that can communicate is the native VLAN. We would only have one VLAN be able to work and that's still even questionable, because in that case, the native VLAN of the trunking side would have to match the access mode VLAN of the nontrunking side. So wherever you see Limited connectivity, one side is trunking, the other side is not. And so, you are going to get some pretty undesirable behavior as a result of that misconfiguration. You would never want to see that in a real-world network.

So take the time to review the different consequences based on the method you choose here to form your trunk. Majority of the time you'll successfully form a trunk, but there are those odd situations where you'll either stay as an access port and not form a trunk or you'll have limited connectivity.