Even though you may have configured VLAN on your switch by default only one VLAN may pass through an interface at a time. This is the entire idea behind VLANs, creating new broadcast domain, and providing a layer of security.
DTP is not secured since a device can send a false DTP packet pretending to be a switch and sniff traffic going across all VLANs. It is best practice to disable this feature.
There are two modes for DTP Dynamic Auto and Dynamic Desirable. depending on the combination of these two will determine mode for ports connected.
- Dynamic auto + Dynamic auto = access
- Dynamic desirable + Dynamic auto = trunk
- Dynamic desirable + Dynamic desirable = trunk
- Dynamic desirable or Dynamic auto + trunk = trunk
- Dynamic desirable or Dynamic auto + access= access
Configuring DTP
DTP can be configured with one command
Switchport mode dynamic auto or switchport mode dynamic desirable
In the example below I will set both auto and desirable
No comments:
Post a Comment