07-03-2009 05:37 AM - edited 03-06-2019 06:34 AM
I'm planning to remove VTP from our LAN by changing the VTP clients to transparent, change the vtp domain on each switch then remove the unused vlans from each switch. I plan to do 1 switch stack every week.
I've recently come across the following.
"Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Therefore, if you have two ends of a link that belong to different VTP domains, the trunk does not come up if you use DTP. In this special case, you must configure the trunk mode as on or nonegotiate, on both sides, in order to allow the trunk to come up without DTP negotiation agreement."
All out trunks are just configured with
switchport trunk encapsulation dot1q
switchport mode trunk
As the switch stack will be on a different vtp domain to the core switches for a short time do I need to use the nonnegotiate command?
07-03-2009 05:43 AM
Darren
Yes you should add the following to each trunk configuration -
"switchport nonegotiate"
Alternatively you could just keep the same VTP domain on all switches but still use transparent mode which is what i would probably do.
Jon
07-03-2009 05:48 AM
Hi,
you could do this but it is not mandatory.
Because you have configured your connection in mode trunk (switchport mode trunk), your trunk is fixed configured, it will just form a trunk with a switch that is configured for DTP.
take a look at following matrix:
Mode
Function
switchport mode access
Puts the LAN port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The LAN port becomes a nontrunk port even if the neighboring LAN port does not agree to the change.
switchport mode dynamic desirable
Makes the LAN port actively attempt to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk, desirable, or auto mode. This is the default mode for all LAN ports.
switchport mode dynamic auto
Makes the LAN port willing to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk or desirable mode.
switchport mode trunk
Puts the LAN port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not agree to the change.
switchport nonegotiate
Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link.
Verify your setup using
show int trunk
that all trunks are mode "on" qnd not "desirable".
HTH.
BR,
Dario
07-03-2009 06:08 AM
What's recommended, are there any benefits from using the nonegotiate command?
Also we have a few very old switches which don't support DTP (3524's) but I presume this wouldn't be a problem.
07-03-2009 06:12 AM
Darren
"switchport mode trunk" does not disable the use of DTP. If you want to be sure that DTP is not having any effect in your network then add the "switchport nonegotiate" option.
Jon
07-03-2009 06:16 AM
Hi,
because you are not using DTP (now and in the future), why not turn it off. It will save resources and bandwidth...
The only downsite is that when a you connect a port that is configured for DTP (using "switchport mode dynamic desirable" which is the default port mode) to a port "switchport mode trunk" + "switchport nonegotiate", the trunk will not come up, where it will come up like it is configured now.
Personally, I would turn it off, but as said before, it is not mandatory.
HTH,
Dario
07-03-2009 07:06 AM
When trunking mode of a switchport is set to TRUNK and the VTP domain name of the switch is different from that of the neighboring switch, messages indicating VTP domain mismatch and the inability to perform trunk negotiation is printed eventhough the trunk link is established.
This is because DTP packets are exchanged unless they are explicitly blocked. The DTP packets exchanged finds that the domain name mismatches and hence prints the message that trunking is not possible.
This can be fixed as already said by
switchport nonegotiate
If the encapsulation and trunk mode is fixed you shouldn't worry.
07-03-2009 07:39 AM
Thanks. Come to think of it I have seen the domain mistmatch errors before when part of the LAN was using a different VTP domain. I will apply the switchport nonegotiate command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide