Five interface modes of DTP protocol

Today we will consolidate the most basic Cisco DTP protocol in detail.

The Cisco Dynamic Trunking Protocol DTP is all the protocols of Cisco in the  VLAN group. It is mainly used to negotiate the trunking process and trunk encapsulation 802.1Q type on the link between two devices. DTP is cisco's proprietary protocol. It can only be used to establish trunk links between switches and send DTP frames every 30s.

DTP uses negotiation to decide whether to configure the interface as a trunk. When a trunk link is required, the interface mode is usually manually configured statically, and the trunk encapsulation protocol is manually specified. 

When the switch is connected to the interface of the switch, most of them need to be configured in Trunk mode; when the switch is connected to the host, they need to be configured in access mode.

There are many different types of relay protocols. If the port is set to  Trunk  port, then the port has automatic trunking function, and in some cases, even has the function of negotiating port trunk type. This process of negotiating the relay method with other devices is called dynamic relay technology.

First of all, it is best for both ends of the relay link to understand that they are relay ports, otherwise they will treat relay frames as normal frames. The terminal workstation cannot understand the additional label information added in the information frame header, and its driver cannot recognize the label information, thereby causing the terminal system to lock or crash. To solve this problem, Cisco introduced a protocol for switches to achieve communication purposes.

The first version launched is VTP, the VLAN trunking protocol, which works together with ISL. The latest version, the Dynamic Relay Protocol (DTP), can also work with 802.1q.

There are five configurable interface modes:

1. ON

Manually configured as Trunk, and will also actively initiate DTP information to the other party, requiring the other party to also work in Trunk mode. No matter what mode the neighbor is in, he will always work in Trunk mode.

2. Desirable

This mode is DTP active mode. The interface working in this mode will actively initiate DTP information to the other party, requesting the other party to also work in Trunk mode. If the other party replies to agree to work in Trunk mode, it will work in Trunk mode. If there is no DTP reply, then Work in access mode.

3. Auto

This mode is DTP passive mode. The interface working in this mode will not initiate DTP information actively, but will only wait for the other party to initiate DTP information actively. If it receives the DTP message from the other party and requests to work in Trunk mode, it will reply to the other party and agree to work in Trunk. Mode, the last mode is Trunk, if DTP passive mode can not receive the information that DTP requires to work in Trunk, it works in access mode.

4, nonegotiate

Stop DTP negotiation is to prohibit the negotiation mode, the port is only allowed to be in one state, either access or trunk

In other words, if the port on one end has the non-negotiation mode enabled as trunk and the other end is adaptive, then it cannot communicate.

5, access

Access mode, a mode used to connect to the user's computer, only used to access the link. For example: When a port belongs to VLAN 10, the data frame with VLAN 10 will be sent to the port of the switch.

Precautions:

1. Both parties to start DTP negotiation must be in the same VTP domain, otherwise the negotiation will not succeed.

2. The default DTP mode will be different for different switch models.

3. After manually configuring the interface into Trunk mode, you can turn off DTP information to save network resources.

4. If both parties manually configure the trunk, even if the domain names are inconsistent, a trunk can be established.

DTP attack:

DTP uses Layer 2 relay frames to communicate between the directly connected ports of two switches. DTP packets are limited to the communication between two directly connected ports, maintaining the link type and Ethernet encapsulation type of the two directly connected ports. If the switch is enabled with DTP protocol, the attacker fakes the switch to send Dynamic desirable packets to the target switch, then the target port will be turned into a trunking port, which means that we can enter any VLAN by modifying the local configuration, and at the same time can be VLAN hopping attack To monitor all data.

The above is the news sharing from the PASSHOT. I hope it can be inspired you. If you think today' s content is not too bad, you are welcome to share it with other friends. There are more latest Linux dumps, CCNA 200-301 dumps, CCNP Written dumps and CCIE Written dumps waiting for you.