DTP/VTP (Cisco Proprietary)
Dynamic Trunking Protocol / VLAN Trunking Protocol
Last updated
Dynamic Trunking Protocol / VLAN Trunking Protocol
Last updated
DTP is a Cisco proprietary protocol that allows Cisco switches to dynamically determine their interface status (access or trunk) without manual configuration.
DTP is enabled by default on all Cisco switch interfaces
So far we have manually configured configured switchports using either
switchport mode access
switchport mode trunk
If we used DTP we wouldn't need to issue these commands, but for security purposes, manual configuration is recommended. DTP should be disabled on all switch-ports
Dynamic desirable = will actively try to form a trunk with other Cisco switches if other switchport is in the following modes:
switchport mode trunk
switchport mode dynamic desirable
switchport mode dynamic auto
Here DTP is actively trying to form trunks in the following scenarios:
static access = access port belonging to a single VLAN. (there is also 'dynamic static' where a server automatically assigns the VLAN based on the MAC address on the connected device - out of scope for CCNA)
Dynamic auto = will NOT try to form a trunk with other Cisco switches, however it will form a trunk if the switch connected to it IS actively trying to form a trunk
switchport mode trunk
switchport dynamically desirable
Remember: DTP will not form a trunk with a router, PC etc. The switchport will be in access mode
On older switches, switchport mode dynamic desirable is the default administrative mode On newer switches, switchport mode dynamic auto is the default administrative mode
You can disable DTP negotiation on an interface with this command: switchport nonegotiate The interface will then STOP sending DTP frames
Configuring an access port with switchport mode access also disables DTP negotiation on an interface
Its recommended to disable DTP on all switchports and manually configure them as access or trunk ports:
Check using show interface <interface>switchport
Switches that use both ISL and 802.1q trunk encapsulations can use DTP to negotiate the encapsulation they will use.The negotiation is enabled by default as the default trunk encapsulation mode is switchport trunk encapsulation negotiate and if both switches support ISL, it will be selected.
DTP frames are sent in VLAN 1 when using ISL, or in the NATIVE VLAN if using 802.1q
VTP allows you to configure VLAN's on a central server and other switches (VTP clients) will synchronise their VLAN database to this server.| It was designed for large networks with many VLAN's so that you don't have to configure each VLAN on every switch
Its rarely used and is recommended NOT to use it !
There are 3 versions of VTP 1, 2 and 3. Most switches support all three but older versions might only have versions 1 and 2
There are 3 VTP modes and all Cisco switches operate in SERVER mode by default
VTP Server
Can modify/add/delete VLAN's
Stores VLAN database in NVRAM
Will increase the revision number every time a VLAN is added/modified/deleted
Will advertise the latest version of the VLAN database on trunk interfaces and the VTP clients will synchronise their VLAN database to it
VTP Servers also function as VTP Clients - ie they will synchronise their database to another VTP servers who has a HIGHER (or newer) revision number than themselves
VTP Client
Cannot modify/add/delete VLAN's
Do not store VLAN database in NVRAM (in VTP v3 they do)
Will synchronise their VLAN database to the server with the highest revision number in their VTP domain
Will advertise their VLAN database and forward VTP advertisements to other clients over their trunk ports
If we want VTP to synchronise across the switches 1- 4 above, then a Domain name has to be configured across all 4 switches. The domain name has to be the same for all. The configuration revision here is 0, but as soon as a VLAN has been modified, added or deleted this revision will increment by 1 and SW1 will advertise this to all switches within the same domain name. If it receives an advertisement from another server with a higher revision, it will the synchronise with this server and update the revision number to be the same as that server
SW1(config)# vtp domain name cisco
SW1(config)# vlan 10
SW1(config-vlan)# name enginering
SW1(config-vlan)# exit
SW1#show vtp status --> Domain name=cisco, existing vlans up to 6 and revision # to 1
-----
SW2# show vlan brief ---> will see VLAN 10 added (Engineering)
As can be seen on SW2, it has received the VTP update and updated its database as can be seen that the VTP domain has been updated, VLAN 10 added This has happened across all switches in this lab.
REMEMBER!!! - if a switch with NO VTP domain (domain NULL) receives a VTP advertisement WITH a VTP domain name, it will automatically join that VTP domain
ONE danger of VTP - if you introduce an old switch into the network which has a HIGHER revision as e as the SAME VTP domain name - ALL switches in that domain WILL sync their databases with this 'old' switch and mess up all your VLAN's !!
VTP Transparent
Does NOT participate in the VTP domain (it does not sync its VLAN database)
Maintains its OWN VLAN database in NVRAM
It can modify/add/delete VLAN's but they wont be advertised to other switches
It will forward VTP advertisements that are in the same domain as it
SW2 was changed to 'client' and could see that we could not add in a VLAN
SW3 changed domain name to show it cannot forward advertisements if in a different domain
SW1 added in VLAN 20 with name "Sales"
Revision has changed to 4 and existing VLAN's up to 7
On SW3 (VTP Transparent) we can see that no VLAN 20 was added , configuration revision is 0
Changing the VTP domain to an unused domain will reset the revision number to 0 Changing the VTP mode to 'transparent' will also reset the the revision number to 0
We can see that SW3 has a different VTP domain(juniper) and if we check on SW4 we can see that it hasn't received the updated from SW3. Let's change the VTP domain to Cisco on SW3 (it will also reset the revision number to 0) and then should pass on those VTP advertisements from SW2 ro SW4.
VTP Version - no real difference between v1 and v2. VTPv2 has support for Token Ring VLAN's otherwise no reason to use VTP v2 VTP V3 beyond CCNA course
SW1(config)# vtp version 2 ---- changing VTP version
SW1# show vtp status
Newer switches as the Administrative Mode is dynamic auto and NOT dynamic desirable so switches remain as static access
switchport trunk encapsulation negotiate --------------- disable DTP OR
switchport nonegotiate
SW1
int gi0/1 switchport trunk
show int gi0/1 switchport
switchport nonegotiate
do sh vtp status
SW2
sh int gi0/1 status
sh int gi0/ switchport
switchport mode trunk
switchport nonegotiate
sh vlan brief
SW1
vtp domain CCNA
