DTP & VTP

darrenriley5 · ‎07-03-2009

I'm planning to remove VTP from our LAN by changing the VTP clients to transparent, change the vtp domain on each switch then remove the unused vlans from each switch. I plan to do 1 switch stack every week.

I've recently come across the following.

"Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Therefore, if you have two ends of a link that belong to different VTP domains, the trunk does not come up if you use DTP. In this special case, you must configure the trunk mode as on or nonegotiate, on both sides, in order to allow the trunk to come up without DTP negotiation agreement."

All out trunks are just configured with

switchport trunk encapsulation dot1q

switchport mode trunk

As the switch stack will be on a different vtp domain to the core switches for a short time do I need to use the nonnegotiate command?

Jon Marshall · ‎07-03-2009

Darren

Yes you should add the following to each trunk configuration -

"switchport nonegotiate"

Alternatively you could just keep the same VTP domain on all switches but still use transparent mode which is what i would probably do.

Jon

dario.didio · ‎07-03-2009

Hi,

you could do this but it is not mandatory.

Because you have configured your connection in mode trunk (switchport mode trunk), your trunk is fixed configured, it will just form a trunk with a switch that is configured for DTP.

take a look at following matrix:

Mode

Function

switchport mode access

Puts the LAN port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The LAN port becomes a nontrunk port even if the neighboring LAN port does not agree to the change.

switchport mode dynamic desirable

Makes the LAN port actively attempt to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk, desirable, or auto mode. This is the default mode for all LAN ports.

switchport mode dynamic auto

Makes the LAN port willing to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk or desirable mode.

switchport mode trunk

Puts the LAN port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not agree to the change.

switchport nonegotiate

Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link.

Verify your setup using

show int trunk

that all trunks are mode "on" qnd not "desirable".

HTH.

BR,

Dario

darrenriley5 · ‎07-03-2009

What's recommended, are there any benefits from using the nonegotiate command?

Also we have a few very old switches which don't support DTP (3524's) but I presume this wouldn't be a problem.

Jon Marshall · ‎07-03-2009

Darren

"switchport mode trunk" does not disable the use of DTP. If you want to be sure that DTP is not having any effect in your network then add the "switchport nonegotiate" option.

Jon

dario.didio · ‎07-03-2009

Hi,

because you are not using DTP (now and in the future), why not turn it off. It will save resources and bandwidth...

The only downsite is that when a you connect a port that is configured for DTP (using "switchport mode dynamic desirable" which is the default port mode) to a port "switchport mode trunk" + "switchport nonegotiate", the trunk will not come up, where it will come up like it is configured now.

Personally, I would turn it off, but as said before, it is not mandatory.

HTH,

Dario

davy.timmermans · ‎07-03-2009

When trunking mode of a switchport is set to TRUNK and the VTP domain name of the switch is different from that of the neighboring switch, messages indicating VTP domain mismatch and the inability to perform trunk negotiation is printed eventhough the trunk link is established.

This is because DTP packets are exchanged unless they are explicitly blocked. The DTP packets exchanged finds that the domain name mismatches and hence prints the message that trunking is not possible.

This can be fixed as already said by

switchport nonegotiate

If the encapsulation and trunk mode is fixed you shouldn't worry.

darrenriley5 · ‎07-03-2009

Thanks. Come to think of it I have seen the domain mistmatch errors before when part of the LAN was using a different VTP domain. I will apply the switchport nonegotiate command.