Scribd
Upload
458 views8 pages

DTP (Dynamic Trunking Protocol)

DTP is a Cisco proprietary protocol that dynamically negotiates trunking between Cisco switches. It allows switches to automatically form trunk links without manual configuration. DTP has various modes including dynamic desirable, dynamic auto, trunk, and access that determine whether a link will be a trunk or access port depending on the mode of the neighboring interface. Static trunks can also be manually configured.

Uploaded by

Ahmad Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
458 views8 pages

DTP (Dynamic Trunking Protocol)

DTP is a Cisco proprietary protocol that dynamically negotiates trunking between Cisco switches. It allows switches to automatically form trunk links without manual configuration. DTP has various modes including dynamic desirable, dynamic auto, trunk, and access that determine whether a link will be a trunk or access port depending on the mode of the neighboring interface. Static trunks can also be manually configured.

Uploaded by

Ahmad Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

DTP (Dynamic Trunking Protocol):

o DTP Cisco proprietary protocol which stand for Dynamic Trunking Protocol.
o DTP is point-to-protocol negotiates common trunking mode between Switches.
o DTP is used to dynamically build trunk links between the two Cisco Switches.
o Which is used to automatically negotiate trunks between the Cisco Switches.
o DTP is used to negotiate & form trunk connection between switches dynamically.
o DTP can also be used for negotiating encapsulation type of either IEEE 802.1Q or ISL.
o Dynamic Trunking Protocol is Layer 2 (Data Link) protocol and is enabled by default.
o The default mode can be “Dynamic Auto” or “Dynamic Desirable” depend on Switches.
o A Non-Cisco Switches does not support Dynamic Trunking Protocol (DTP) only Cisco.
o Port configures as nonegotiate prevents generating Dynamic Trunking Protocol frames.
o DTP has two default timers that cannot be changed one is Hello & other is the timeout.
o Dynamic Trunking Protocol Hello frames being sent every 30 seconds to remote peer.
o And Dynamically formed Trunks via DTP will timeout after 300 seconds of the inactivity.
o We can configure the trunking in Cisco switches by two ways statically or dynamically.
o In static trunking method we need to configure trunking in interface statically.
o While in dynamic trunking mode it automatically done by a DTP trunking protocol.

Trunking Modes:
There are five different trunking modes or methods supported by Cisco Switches.
Access:
o The Access mode Puts the switch interface into permanent non-trunking mode.
o The Access mode negotiates to convert the link into a non-trunk link or interface.
o Interface becomes nontrunk even if neighboring interface does not agree to change.
Trunk:
o The Trunk mode puts the interface into permanent trunking mode in Switches.
o Th Trunk mode negotiates to convert the link or port into a trunk link or interface.
o Interface becomes a trunk even if neighboring interface does not agree to change.
Nonegotiation:
o Puts interface into permanent trunking mode but prevents interface sending DTP.
o Must configure neighboring interface manually trunk interface to establish trunk.
o Use this mode when connecting to a device that does not support DTP or non-Cisco.
o This mode is used to trunk connection between Cisco device and a non-Cisco device.
Dynamic Desirable:
o Interface will generate the DTP messages and send them to other end of switch.
o Interface will work as access link until it get replies from remote end of switch.
o If other end does not respond to DTP message, interface work as access link.
o If other end support DTP will change connection link in trunk from access link.
o The interface becomes a trunk interface if the neighboring interface is set to trunk.
o Interface becomes trunk if neighboring interface is set to desirable, or auto mode.

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Dynamic Auto:
o In auto mode interface works as access link and passively listen for DTP messages.
o Dynamic Auto mode makes the interface willing to convert the link to a trunk link.
o The interface becomes a trunk interface if the neighboring interface is set to trunk
o The interface becomes a trunk interface if neighboring link set to desirable mode.
o Normally, this is the default mode for all Ethernet interfaces in Cisco IOS Switches.

DTP On Mode:
o In ON mode interface is set to trunk, regardless remote end supports trunking or not.
o On mode cause interface to generate DTP messages & tag frames based on trunk type.
o Even if the neighboring ports are trunk or not that is why it is called DTP mode ON.

DTP Off Mode:


o DTP Off mode puts the Cisco switch interface into permanent non trunking mode.
o Whether the neighboring interface is trunk port or trying to become a trunk port.
o In DTP Off mode Cisco Switch port become a dedicated layer 2 access port or link.
o In Dynamic Trunking Protocol (DTP) off mode interface is configured as access-link.
o No Dynamic Trunking Protocol message will be generated, nor frames will be tagged.

Switchport Mode Dynamic Desirable Dynamic Auto Trunk Access


Dynamic Desirable trunk trunk trunk access
Dynamic auto trunk access trunk access
Trunk trunk trunk trunk Limited
Access access access Limited access

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Manual (Static) Trunk Configuration:
o Manual configuration of trunk is performed by issuing the switchport mode trunk
o Interface configuration command on the desired Cisco switch port or Interface.
o This Switch command forces the port into a permanent (Static) trunking mode.
o Although Static configuration of a trunk link forces the switch to establish a trunk.
o Dynamic ISL & Dynamic Trunking Protocol packets will still be sent out of interface.
o Statically configured trunk link can establish trunk with neighboring that is using DTP.

S1(config)#interface Ethernet0/1
S1(config-if)#switchport
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


To turn off DTP on a switch port apply the following command under the interface commands.
S1(config)#interface e0/0
S1(config-if)#switchport nonegotiate

Dynamic Trunk Configuration:


o While in dynamic trunking mode it automatically done by a DTP trunking protocol.
o Interface will generate the DTP messages and send them to other end of switch.
o Interface becomes trunk if one side is set to desirable & other side set to auto mode.
o Interface becomes trunk if one side is set to desirable & other side is also desirable.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


VLAN Hopping Attack:
o Attacker connects to a VLAN to gain access to traffic on other VLANs.
o Attacker send spoofed trunk negotiation & interface configured as a trunked.
o Disable any automated trunk negotiation (DTP) on Cisco Switches.
o Never leave a port in "dynamic desirable", "dynamic auto" or "trunk" mode.
o Hardcode all the access ports as access port and disable DTP everywhere.
o Shutdown all the interfaces in Cisco Switches which are not in use.

Open Yersinia from Terminal type root@kali:~# yersinia -G and lunch attack.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


LAB Time:

Both Switches Dynamic Desirable


S1(config)#interface e0/0
S1(config-if)#switchport mode dynamic desirable
S1#show interfaces trunk
S2(config)#interface e0/0
S2(config-if)#switchport mode dynamic desirable
S2#show interfaces trunk

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Both Switches Dynamic Auto
S3(config)#interface e0/0
S3(config-if)#switchport mode dynamic auto
S3#show interfaces trunk
S3#show interfaces e0/0 switchport
S4(config)#interface e0/0
S4(config-if)#switchport mode dynamic auto
S4#show interfaces trunk
S4#show interfaces e0/0 switchport

S5 Dynamic Desirable & S6 Dynamic Auto


S5(config)#interface e0/0
S5(config-if)#switchport mode dynamic desirable
S5#show interfaces trunk
S5#show interfaces e0/0 switchport
S6(config)#interface e0/0
S6(config-if)#switchport mode dynamic auto
S6#show interfaces trunk
S6#show interfaces e0/0 switchport

7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


S7 Dynamic Desirable & S8 Trunk
S7(config)#interface e0/0
S7(config-if)#switchport mode dynamic desirable
S7#show interfaces trunk
S7#show interfaces e0/0 switchport
S8(config)#interface e0/0
S8(config-if)#switchport trunk encapsulation dot1q
S8(config-if)#switchport mode trunk
S8#show interfaces trunk
S8#show interfaces e0/0 switchport

S9 Dynamic Auto & S10 Trunk


S9(config)#interface e0/0
S9(config-if)#switchport mode dynamic auto
S9#show interfaces trunk
S9#show interfaces e0/0 switchport
S10(config)#interface e0/0
S10(config-if)#switchport trunk encapsulation dot1q
S10(config-if)#switchport mode trunk
S10#show interfaces trunk
S10#show interfaces e0/0 switchport

8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

You might also like