Re: DTP

From: hulbertj@comcast.net
Date: Mon May 23 2005 - 14:26:47 GMT-3

• Next message: Mihai Petcu: "RE: PPPoE testing"
• Previous message: PhiL: "Re: CCIE Lab Re-cert Lower Level Certs"
• Maybe in reply to: sumit.kumar@comcast.net: "DTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I know this is late, just catching up on email's.

Agree with Anothony's last email, but also want to stress (been burned by it once) that if you configure

switchport trunk encapsulation (dot1q or isl)
and
switchport mode trunk

the port will still be sending DTP frames. You have to add switchport nonnegotiate to disable these frames in trunking mode.

Verify this by the show interface 0/X switchport
or
run debug dtp
or
attach a sniffer and take a look at the capture.

Jerry

-------------- Original message --------------

> Upon further investigation - there is no need for switchport
> nonegotiate on an access port (switch mode access) because it appears
> that negotiation turns off anyways!
>
> So even though the IOS lets you input the command - you are wasting time.
>
> Rack1SW1#show run int gi0/9
> Building configuration...
>
> Current configuration : 75 bytes
> !
> interface GigabitEthernet0/9
> switchport mode access
> no ip address
> end
>
> Rack1SW1#show int gi0/9 switchport
> Name: Gi0/9
> Switchport: Enabled
> Administrative Mode: static access
> Operational Mode: static access
> Administrative Trunking Encapsulation: negotiate
> Operational Trunking Encapsulation: native
> Negotiation of Trunking: Off
>
> On 5/22/05, Anthony Sequeira wrote:
> > You can indeed use the switchport nonegotiate command in conjunction
> > with switchport mode access. Here is the show int switchport output
> > that results as well as a look at the configuration on the port.
> > Notice that negotiation of trunking is no longer operational! Kind of
> > interesting since you have told the port that it can NEVER be a trunk
> > anyways!
> >
> > So in summation - it looks like if you want to prevent DTP activities
> > on a port - use switchport nonegotiate.
> >
> > NOTE: You cannot use the switchport nonegotiate command in conjunction
> > with switchport dynamic - and this should make perfect sense! The
> > switch gets a bit confused when you say - let's use DTP - AND let's
> > NOT use DTP!
> >
> > show run int gi0/9
> > Building configuration...
> >
> > Current configuration : 99 bytes
> > !
> > interface GigabitEthernet0/9
> > switchport mode access
> > switchport nonegotiate
> > no ip address
> > end
> >
> > Rack1SW1#show int gi0/9 switch
> > Name: Gi0/9
> > Switchport: Enabled
> > Administrative Mode: static access
> > Operational Mode: static access
> > Administrative Trunking Encapsulation: negotiate
> > Operational Trunking Encapsulation: native
> > Negotiation of Trunking: Off
> > ...
> >
> >
> > On 5/21/05, B Kim wrote:
> > > Hi,
> > >
> > > I think that even in access mode, DTP is running unless it is explicitly
> > > disabled. Hope someone can verify this, if incorrect.
> > >
> > > BKim
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > > Wang, Ting (Taylor)
> > > Sent: Saturday, May 21, 2005 9:02 PM
> > > To: ccielab@groupstudy.com
> > > Subject: RE: DTP
> > >
> > > Hi ,
> > > I 'm not sure if only use " sw mode access" can work. In access mode,
> > > how will DTP work?
> > > Taylor
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of B
> > > Kim
> > > Sent: 2005?5?22? 7:51
> > > To: sumit.kumar@comcast.net; ccielab@groupstudy.com
> > > Subject: RE: DTP
> > >
> > >
> > > Hi
> > >
> > > As far as I know, the "switch nonegotiate" is the only way to disable
> > > DTP between switch ports.
> > >
> > > Rgds.
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > > sumit.kumar@comcast.net
> > > Sent: Saturday, May 21, 2005 6:32 PM
> > > To: ccielab@groupstudy.com
> > > Subject: DTP
> > >
> > > Mates,
> > >
> > > I have seen a lot of threads on this but for final verification to -
> > > Disable DTP completely on the switch - the best bet is to use
> > > "switchport nonnegotiate " on all trunk ports or there's any othr way of
> > > doing it?
> > >
> > > thanks !!
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mihai Petcu: "RE: PPPoE testing"
• Previous message: PhiL: "Re: CCIE Lab Re-cert Lower Level Certs"
• Maybe in reply to: sumit.kumar@comcast.net: "DTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:00 GMT-3