As we mentioned previously, DTP was preceded by DISL, which created the structure and basic protocol operations in use today. Originally this required explicit configuration to enable the feature, but runs as the default on Cisco switch Ethernet interfaces today. Basic operation of DTP is as follows:
Since DTP is a Layer 2 protocol, one end of the connection initiates the process by sending configuration information in an Ethernet frame with the destination address of 01-00-0c-cc-cc-cc, which Cisco uses frequently for many of its proprietary mechanisms. To designate DTP, the protocol ID field is set to 0x2004, unlike CDP which uses the value of 0x2000. Three frames are sent (one per second) with the trunking status and encapsulation settings. Depending on the configuration on the opposite end, the trunk may or may not be negotiated. After the initial frames are sent, subsequent frames are transmitted in thirty second intervals.
DTP Interface Settings
A wide range of settings exist to modify the behavior of DTP, affecting the outcome of the negotiation process and even to disable the protocol. The sheer number of these configuration commands can appear confusing and far from intuitive, fueling many certification exam questions and mystifying engineers.
We will examine the five modes first and detail the correct combinations to produce the desired results.
DTP Mode Settings
Desirable (Default Setting)
Cisco Ethernet interfaces have default settings, which begins the discussion of DTP modes, since the default is desirable. In this mode, an interface will actively initiate the process of trunk negotiation and send/receive DTP frames. To restore this configuration mode, use the default interface <type> <slot/port> or switchport mode dynamic desirable commands. Think of this as a very active process.
In order to operate in auto mode, the technician needs to issue the interface-level command switchport mode dynamic auto. Auto mode may sound similar to desirable but it operates differently. In this mode, an interface will respond to DTP frame and requests for negotiations, but will not initiate it. Think of this as a passive process.
On older catalyst switches using CatOS an option existed to set the trunking mode to on, which enabled trunking manually on the port it’s configured on (if an encapsulation type is specified). DTP is still operations, but depending on the settings on the opposite end, can still form a trunk. The interface-level command to enable this is switchport mode trunk and switchport trunk encapsulation <isl | dot1q | dynamic>.
As with the on mode, the off mode is part of the older legacy configuration method that used set commands to accomplish tasks. On modern catalyst switches, setting trunking to off is accomplished by manually setting the port to access mode, preventing any type of trunk being created. The command syntax for this is switchport mode access and switchport access vlan <VLAN-id>. DTP frames are not typically sent if trunking is off.
Actually an additional configuration command, the nonegotiate option completely disables DTP frame processing. Used in conjunction with the switchport mode trunk command, this sets the mode to static configuration with no negotiation whatsoever, as the name suggests. Command syntax is simply switchport nonegotiate command on the desired interface.
DTP Mode Combinations
To manually enable trunking and disable any DTP negotiation, simply set the interfaces on both sides to switchport mode trunk and designate the appropriate encapsulation settings. To disable DTP, simply add the switchport nonegotiate command to both interfaces as well.
To allow DTP to negotiate the process of creating trunks on connected links, you can use several combinations on either end to enable the process effectively:
- Desirable <–– ––> Desirable
- Desirable <–– ––> On
- Desirable <–– ––> Auto
- Auto <–– ––> Desirable
Several combinations exist that will not result in any type of trunk being formed using DTP:
- Auto <–– ––> Auto
- Use of the nonegotiate command
- One end configured statically for access mode
- Both ends configured for access
Dynamic Trunking Protocol is often a confusing landscape of commands, modes, and results that can discourage many a network engineer. While certainly a topic for certifications exams and interview questions, use of the protocol in a production environment can actually introduce security vulnerabilities by allowing potential attackers to gain access to the core of a switched network. While an important topic and engineering skill, DTP is not typically recommended for use in most production networks.