Understanding DTP (Dynamic Trunking Protocol) Modes: Which Mode Actively Attempts to Form a Trunk Link?

By /

Listen to this Post

The correct answer to the question “Which of the following DTP (Dynamic Trunking Protocol) modes actively attempts to form a trunk link?” is:

B) Dynamic Desirable

Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol used to negotiate trunking on a link between two VLAN-aware switches. DTP has several modes that determine how a switch port behaves when forming a trunk.

DTP Modes Explained:

  1. Dynamic Auto: Listens for DTP frames but does not initiate trunk negotiation. A trunk forms only if the other end is set to Dynamic Desirable or Trunk.
  2. Dynamic Desirable: Actively sends DTP frames to negotiate a trunk. Forms a trunk if the other end is in Dynamic Desirable, Dynamic Auto, or Trunk mode.
  3. Access: Forces the port to remain in access mode (non-trunk).

4. Nonegotiate: Disables DTP, requiring manual trunk configuration.

You Should Know: Practical DTP Configuration & Verification

1. Configuring DTP Modes on Cisco Switches

To set a switch port to Dynamic Desirable (actively attempts trunking):

Switch(config) interface gigabitethernet 0/1 
Switch(config-if) switchport mode dynamic desirable

To verify DTP status:

Switch show dtp interface gigabitethernet 0/1

2. Disabling DTP (Security Best Practice)

Manually configuring trunking is more secure:

Switch(config-if) switchport mode trunk 
Switch(config-if) switchport nonegotiate

3. Checking Trunk Status

Switch show interfaces trunk

4. Linux Equivalent (For VLAN Tagging)

On Linux, use `vconfig` or `ip` commands for VLAN trunking:

sudo ip link add link eth0 name eth0.10 type vlan id 10 
sudo ip link set eth0.10 up

5. Windows PowerShell (Network Adapter VLAN Tagging)

Set-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "VLAN ID" -DisplayValue "10"

What Undercode Say

DTP simplifies trunk negotiation but poses security risks (e.g., VLAN hopping attacks). Best practices include:
– Disabling DTP (nonegotiate) in production.
– Manually configuring trunks where needed.
– Using `show` commands to verify configurations.
– Applying VLAN filtering on firewalls (ASA/FortiGate).

For network automation, consider Python scripts with Netmiko to bulk-configure ports:

from netmiko import ConnectHandler 
switch = { 
'device_type': 'cisco_ios', 
'host': '192.168.1.1', 
'username': 'admin', 
'password': 'password', 
} 
commands = ['interface gig0/1', 'switchport mode trunk', 'switchport nonegotiate'] 
with ConnectHandler(switch) as conn: 
conn.send_config_set(commands)

Expected Output:

  • Dynamic Desirable actively forms trunks.
  • Always verify with `show dtp interface` and show interfaces trunk.
  • Disable DTP in secure environments.

(No irrelevant URLs or comments included.)

References:

Reported By: Nasir Amin – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: