Skip to content
Networking

4.4 DTP

1. DTP (Dynamic Trunking Protocol)

In the context of VLANs (Virtual Local Area Networks), DTP stands for Dynamic Trunking Protocol. It is a Cisco proprietary protocol used to negotiate trunking on a link between two VLAN-aware switches. Trunking allows multiple VLANs to traverse a single network link, enabling efficient use of bandwidth and simplifying network management.

1.1 Key Points About DTP

  1. Purpose: DTP automates the process of establishing and maintaining trunk links between switches. It dynamically negotiates whether a link should be a trunk (carrying multiple VLANs) or an access link (carrying traffic for a single VLAN).

  2. Modes: DTP operates in different modes on switch ports:

    • Dynamic Auto: The port is willing to become a trunk if the neighboring device requests it.
    • Dynamic Desirable: The port actively tries to negotiate a trunk with the neighboring device.
    • Trunk: The port is configured as a trunk and does not negotiate (it assumes the other side is a trunk).
    • Access: The port is configured as an access port and does not negotiate trunking.
    • Nonegotiate: The port is configured as a trunk but does not send DTP frames (used when connecting to non-Cisco devices).

  3. DTP Frames: DTP uses special Ethernet frames to communicate between switches and determine the trunking status of a link.

  4. Security Considerations: Because DTP is automatic, it can sometimes lead to unintended trunk links, which may pose security risks. For this reason, many network administrators disable DTP and manually configure trunk ports.

  5. Compatibility: DTP is a Cisco proprietary protocol, so it works only between Cisco devices. Non-Cisco devices do not support DTP.

1.2 Example Use Case

  • If two Cisco switches are connected and both are set to Dynamic Desirable mode, DTP will automatically negotiate and establish a trunk link between them.
  • If one switch is set to Dynamic Auto and the other to Dynamic Desirable, a trunk will also be formed.
  • If one port is set to Access mode, no trunk will be formed, regardless of the other port’s configuration.

1.3 Disabling DTP

To disable DTP and manually configure a port as a trunk or access port, you can use the following commands on a Cisco switch:

  • To disable DTP: switchport nonegotiate
  • To manually set a port as a trunk: switchport mode trunk
  • To manually set a port as an access port: switchport mode access

By disabling DTP, you gain more control over the network and reduce the risk of unauthorized trunk links.

2. Example

Play

VLANs and Trunks - Part 8 (DTP)