DTP/VTP (Cisco Proprietary)

Dynamic Trunking Protocol / VLAN Trunking Protocol

DTP (Dynamic Trunking Protocol)

  • DTP is a Cisco proprietary protocol that allows Cisco switches to dynamically determine their interface status (access or trunk) without manual configuration.

  • DTP is enabled by default on all Cisco switch interfaces

    • So far we have manually configured configured switchports using either

      • switchport mode access

      • switchport mode trunk

If we used DTP we wouldn't need to issue these commands, but for security purposes, manual configuration is recommended. DTP should be disabled on all switch-ports

  • Dynamic desirable = will actively try to form a trunk with other Cisco switches if other switchport is in the following modes:

    • switchport mode trunk

    • switchport mode dynamic desirable

    • switchport mode dynamic auto

Here DTP is actively trying to form trunks in the following scenarios:

static access = access port belonging to a single VLAN. (there is also 'dynamic static' where a server automatically assigns the VLAN based on the MAC address on the connected device - out of scope for CCNA)

  • Dynamic auto = will NOT try to form a trunk with other Cisco switches, however it will form a trunk if the switch connected to it IS actively trying to form a trunk

    • switchport mode trunk

    • switchport dynamically desirable

Remember: DTP will not form a trunk with a router, PC etc. The switchport will be in access mode

On older switches, switchport mode dynamic desirable is the default administrative mode On newer switches, switchport mode dynamic auto is the default administrative mode

You can disable DTP negotiation on an interface with this command: switchport nonegotiate The interface will then STOP sending DTP frames

Configuring an access port with switchport mode access also disables DTP negotiation on an interface Its recommended to disable DTP on all switchports and manually configure them as access or trunk ports: Check using show interface <interface>switchport

Switches that use both ISL and 802.1q trunk encapsulations can use DTP to negotiate the encapsulation they will use.The negotiation is enabled by default as the default trunk encapsulation mode is switchport trunk encapsulation negotiate and if both switches support ISL, it will be selected.

DTP frames are sent in VLAN 1 when using ISL, or in the NATIVE VLAN if using 802.1q

VTP (VLAN TRUNKING PROTOCOL)

VTP allows you to configure VLAN's on a central server and other switches (VTP clients) will synchronise their VLAN database to this server.| It was designed for large networks with many VLAN's so that you don't have to configure each VLAN on every switch

Its rarely used and is recommended NOT to use it !

There are 3 versions of VTP 1, 2 and 3. Most switches support all three but older versions might only have versions 1 and 2

There are 3 VTP modes and all Cisco switches operate in SERVER mode by default

  • VTP Server

    • Can modify/add/delete VLAN's

    • Stores VLAN database in NVRAM

    • Will increase the revision number every time a VLAN is added/modified/deleted

    • Will advertise the latest version of the VLAN database on trunk interfaces and the VTP clients will synchronise their VLAN database to it

    • VTP Servers also function as VTP Clients - ie they will synchronise their database to another VTP servers who has a HIGHER (or newer) revision number than themselves

  • VTP Client

    • Cannot modify/add/delete VLAN's

    • Do not store VLAN database in NVRAM (in VTP v3 they do)

    • Will synchronise their VLAN database to the server with the highest revision number in their VTP domain

    • Will advertise their VLAN database and forward VTP advertisements to other clients over their trunk ports

If we want VTP to synchronise across the switches 1- 4 above, then a Domain name has to be configured across all 4 switches. The domain name has to be the same for all. The configuration revision here is 0, but as soon as a VLAN has been modified, added or deleted this revision will increment by 1 and SW1 will advertise this to all switches within the same domain name. If it receives an advertisement from another server with a higher revision, it will the synchronise with this server and update the revision number to be the same as that server

SW1(config)# vtp domain name cisco SW1(config)# vlan 10 SW1(config-vlan)# name enginering SW1(config-vlan)# exit SW1#show vtp status --> Domain name=cisco, existing vlans up to 6 and revision # to 1 ----- SW2# show vlan brief ---> will see VLAN 10 added (Engineering)

As can be seen on SW2, it has received the VTP update and updated its database as can be seen that the VTP domain has been updated, VLAN 10 added This has happened across all switches in this lab.

REMEMBER!!! - if a switch with NO VTP domain (domain NULL) receives a VTP advertisement WITH a VTP domain name, it will automatically join that VTP domain

ONE danger of VTP - if you introduce an old switch into the network which has a HIGHER revision as e as the SAME VTP domain name - ALL switches in that domain WILL sync their databases with this 'old' switch and mess up all your VLAN's !!

  • VTP Transparent

    • Does NOT participate in the VTP domain (it does not sync its VLAN database)

    • Maintains its OWN VLAN database in NVRAM

    • It can modify/add/delete VLAN's but they wont be advertised to other switches

    • It will forward VTP advertisements that are in the same domain as it

  • SW2 was changed to 'client' and could see that we could not add in a VLAN

  • SW3 changed domain name to show it cannot forward advertisements if in a different domain

  • SW1 added in VLAN 20 with name "Sales"

Revision has changed to 4 and existing VLAN's up to 7

On SW3 (VTP Transparent) we can see that no VLAN 20 was added , configuration revision is 0

Changing the VTP domain to an unused domain will reset the revision number to 0 Changing the VTP mode to 'transparent' will also reset the the revision number to 0

We can see that SW3 has a different VTP domain(juniper) and if we check on SW4 we can see that it hasn't received the updated from SW3. Let's change the VTP domain to Cisco on SW3 (it will also reset the revision number to 0) and then should pass on those VTP advertisements from SW2 ro SW4.

VTP Version - no real difference between v1 and v2. VTPv2 has support for Token Ring VLAN's otherwise no reason to use VTP v2 VTP V3 beyond CCNA course

SW1(config)# vtp version 2 ---- changing VTP version SW1# show vtp status

LAB

SW1#sh run
Building configuration...

Current configuration : 1077 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
---------------------------------------
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
end

Newer switches as the Administrative Mode is dynamic auto and NOT dynamic desirable so switches remain as static access

Commands used:

switchport trunk encapsulation negotiate --------------- disable DTP OR switchport nonegotiate SW1 int gi0/1 switchport trunk show int gi0/1 switchport switchport nonegotiate do sh vtp status SW2 sh int gi0/1 status sh int gi0/ switchport switchport mode trunk switchport nonegotiate sh vlan brief SW1 vtp domain CCNA

PreviousVLANSNextSTP - Classic

Last updated