In order to troubleshoot trunking Protocols. The first step is to understand the use case for trunking and the difference between static and dynamic trunking protocols.
Trunking is a feature that enables multiple vlans to be forwarded between two or more switches. There is an industry-standard trunking protocol call IEEE 802.1q. The prime purpose of this protocol is to enable all vendors to apply the same standards to multiple vlans when forwarding vlans to a directly-connected network device. This could be a switch, router, firewall, load balancer, server etc.
We will try to better understand this concept using 2 switches directly connected labelled switch 1 and switch 2.
Cisco also has its own proprietary trunking protocol call ISL (inter-switch Link) which means it only works with Cisco network devices.
Cisco uses a protocol called DTP (Dynamic Trunking Protocol). This protocol is installed as default on some of the Cisco Catalyst switches. This protocol enables trunk links to form automatically or with minimal configuration. The downside to this is that it is a very chatty protocol and causes increased traffic on the network. For security reasons and better network efficiency, it is a good idea to disable any unwanted chatter on the network.
By having a trunked interface This will mean that a broadcast on one switch will be extending across the trunk link to another switch creating a larger broadcast domain.
This all happens at layer 2 of the OSI model.
All vlans that traverse the link need to be tagged with the correct vlan. Once the adjoining switch takes receipt of the vlan. It will untag the vlan and forward it to the required switch port interface.
when configuring trunk interfaces. you need to ensure that you have a good understanding of the difference between the vlan you configure and the default native vlan. The native vlan carries untagged traffic and can be changed from the default to another vlan number for security and network efficiency.
so to summarise.
we have two trunking standards ISL & 802.1q. They can both form links using the dynamically dynamic trunking protocol DTP.
The first key point to recognise is that for the purpose of our study, we always want our switches to trunk with the industry-standard protocol 802.1q.
DTP manages trunk negotiation only if the port on the neighbour switch is configured in a trunk mode that supports DTP.
A trunk can be configured on a single interface or on a group of interfaces.
The following switch port mode settings exist:
- Access — Puts the Ethernet port into permanent non trunking mode and negotiates to convert the link into a nontrunk link. The Ethernet port becomes a nontrunk port even if the neighbouring port does not agree to the change.
- Trunk — Puts the Ethernet port into permanent trunking mode and negotiates to convert the link into a trunk link. The port becomes a trunk port even if the neighbouring port does not agree to the change.
- Dynamic Auto — Makes the Ethernet port willing to convert the link to a trunk link. The port becomes a trunk port if the neighbouring port is set to trunk or dynamic desirable mode. This is the default mode for some switch ports.
- Dynamic Desirable — Makes the port actively attempt to convert the link to a trunk link. The port becomes a trunk port if the neighbouring Ethernet port is set to trunk, dynamic desirable or dynamic auto mode.
- No–negotiate — Disables DTP. The port will not send out DTP frames or be affected by any incoming DTP frames. If you want to set a trunk between two switches when DTP is disabled, you must manually configure trunking using the (switchport mode trunk)
DTP advertises itself to its neighbour every 30 seconds
Trouble shooting Trunk Port
Scenario 1
The hosts have been configured with IP addresses( PC1 to PC4) but are not assigned to any vlan. No configuration has been added to the link between Switch 1 and Switch 2.
All devices are connect and just switched on
Switch1#sh run int gi0/1
Building configuration...
Current configuration : 71 bytes
!
interface GigabitEthernet0/1
media-type rj45
negotiation auto
end
Switch1#sh int gig0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is iGbE, address is 0ca8.9dd0.b201 (bia 0ca8.9dd0.b201)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is unknown media type
output flow-control is unsupported, input flow-control is unsupported
Auto-duplex, Auto-speed, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
1406 packets output, 106440 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Switch2#sh run int gi0/2
Building configuration...
Current configuration : 71 bytes
!
interface GigabitEthernet0/2
media-type rj45
negotiation auto
end
Switch1#sh int gig0/2
GigabitEthernet0/2 is up, line protocol is up (connected)
Hardware is iGbE, address is 0ca8.9dd0.b202 (bia 0ca8.9dd0.b202)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is unknown media type
output flow-control is unsupported, input flow-control is unsupported
Auto-duplex, Auto-speed, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
1446 packets output, 109662 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped outSwitch1#sh int gig1/1
GigabitEthernet1/1 is up, line protocol is up (connected)
Hardware is iGbE, address is 0ca8.9dd0.b205 (bia 0ca8.9dd0.b205)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is unknown media type
output flow-control is unsupported, input flow-control is unsupported
Auto-duplex, Auto-speed, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:18, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1417 packets input, 96630 bytes, 0 no buffer
Received 1418 broadcasts (1418 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1418 multicast, 0 pause input
245 packets output, 35733 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Switch2#sh int gig1/1
GigabitEthernet1/1 is up, line protocol is up (connected)
Hardware is iGbE, address is 0ca8.9d07.2605 (bia 0ca8.9d07.2605)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Unknown, Unknown, link type is auto, media type is unknown media type
output flow-control is unsupported, input flow-control is unsupported
Auto-duplex, Auto-speed, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:26, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
362 packets input, 51497 bytes, 0 no buffer
Received 363 broadcasts (363 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 363 multicast, 0 pause input
2223 packets output, 164920 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
you can see from the text highlighted in red that just switching on the devices they are all in auto mode.
we are able to ping both sides
PC1> ping 10.0.0.3
84 bytes from 10.0.0.3 icmp_seq=1 ttl=64 time=25.540 ms
84 bytes from 10.0.0.3 icmp_seq=2 ttl=64 time=12.574 ms
84 bytes from 10.0.0.3 icmp_seq=3 ttl=64 time=15.337 ms
84 bytes from 10.0.0.3 icmp_seq=4 ttl=64 time=20.585 ms
84 bytes from 10.0.0.3 icmp_seq=5 ttl=64 time=13.241 ms
PC3> ping 10.0.0.1
84 bytes from 10.0.0.1 icmp_seq=1 ttl=64 time=17.735 ms
84 bytes from 10.0.0.1 icmp_seq=2 ttl=64 time=12.881 ms
84 bytes from 10.0.0.1 icmp_seq=3 ttl=64 time=18.011 ms
84 bytes from 10.0.0.1 icmp_seq=4 ttl=64 time=19.077 ms
84 bytes from 10.0.0.1 icmp_seq=5 ttl=64 time=28.111 ms
You can see from the output below that we can run the show dtp int command to see if dtp is enabled. This is coloured in red.
Switch1#sh dtp int gi0/1
DTP information for GigabitEthernet0/1:
TOS/TAS/TNS: ACCESS/AUTO/ACCESS
TOT/TAT/TNT: NATIVE/NEGOTIATE/NATIVE
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 0/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S2:ACCESS
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
348 packets output (348 good)
174 native, 174 software encap isl, 0 isl hardware native
0 output errors
Switch1#sh dtp int gi0/2
DTP information for GigabitEthernet0/2:
TOS/TAS/TNS: ACCESS/AUTO/ACCESS
TOT/TAT/TNT: NATIVE/NEGOTIATE/NATIVE
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 12/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S2:ACCESS
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
350 packets output (350 good)
175 native, 175 software encap isl, 0 isl hardware native
0 output errors
Switch1#sh dtp int gi1/1
DTP information for GigabitEthernet1/1:
TOS/TAS/TNS: ACCESS/AUTO/ACCESS
TOT/TAT/TNT: NATIVE/NEGOTIATE/NATIVE
Neighbor address 1: 0CA89D072605
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 5/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S2:ACCESS
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
174 packets received (174 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
350 packets output (350 good)
175 native, 175 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Sat Feb 06 2021, 01:02:11
0 link downs
Switch1#
We can use the command show int gi1/1 switchport for the trunk link on both switches
Switch1#show int g1/1 sw
Switch1#show int g1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2#sh int gi1/1 sw
Switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
we can see that straight out of the box both switches boot up dynamic auto and form a link. Even though ports are connected the switch is currently in access mode. we can see this from the term operational mode.
Switch1#sh int gi1/1 trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 auto negotiate not-trunking 1
Port Vlans allowed on trunk
Gi1/1 1
Port Vlans allowed and active in management domain
Gi1/1 1
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1
Switch2#show int gi1/1 trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 auto negotiate not-trunking 1
Port Vlans allowed on trunk
Gi1/1 1
Port Vlans allowed and active in management domain
Gi1/1 1
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1
Switch2Scenario 2.
We will now create 2 vlans on each switch and see if this changes anything
Both switches are now configured in the output with vlan 10 and vlan 192 but the trunk port is still not-trunking. Vlans will still be able to get across the switch by using the default native vlan 1.
Switch1#sh run int gi0/1
Building configuration...
Current configuration : 122 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
media-type rj45
negotiation auto
end
Switch1#sh run int gi0/2
Building configuration...
Current configuration : 123 bytes
!
interface GigabitEthernet0/2
switchport access vlan 192
switchport mode access
media-type rj45
negotiation auto
end
Switch1#sh run int gi1/1
Building configuration...
Current configuration : 71 bytes
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
end
Switch1#sh int gi1/1 sw
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Switch1#sh int gi1/1 trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 auto negotiate not-trunking 1
Port Vlans allowed on trunk
Gi1/1 1
Port Vlans allowed and active in management domain
Gi1/1 1
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1
Switch2#sh run int gi0/1
Building configuration...
Current configuration : 122 bytes
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
media-type rj45
negotiation auto
end
Switch2#sh run int gi0/2
Building configuration...
Current configuration : 123 bytes
!
interface GigabitEthernet0/2
switchport access vlan 192
switchport mode access
media-type rj45
negotiation auto
end
Switch2#sh run int gi1/1
Building configuration...
Current configuration : 71 bytes
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
end
Switch2#
The two switches in scenario 2 above were able to communicate, but they were not using the dot1q protocol and the trunk link was an access operational mode.
Scenario 3
we are going to try the same scenario again with both switches interface gi1/1 configured to dynamic auto. The only difference is we will hard code the trunking 802.1q protocol into the switch.
The configuration below has Switch 1 interface gi1/1 as dynamic auto and Switch 2 interface g1/1 as dynamic auto. This proves that dynamic auto is the default command when only switchport trunk encapsulation dot1q is applied as we did not input that command.
The output below shows that both devices in dynamic auto will not form a trunk and the link will stay as access ports
Switch1#sh run int gi1/1
Building configuration...
Current configuration : 109 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
media-type rj45
negotiation auto
end
Switch1#sh int gi1/1 sw
Switch1#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch1#
Switch2#sh run int gi1/1
Building configuration...
Current configuration : 112 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
media-type rj45
no negotiation auto
end
Switch2#sh run int gi1/1
Building configuration...
Current configuration : 109 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
media-type rj45
negotiation auto
end
Switch2#sh int gi1/1 sw
Switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2#
Scenario 4
we will keep switch 1 as dynamic auto and switch 2 as dynamic desirable and see what happens.
Switch 2 interface gi1/1 has now been configured output below. you notice than even though one side is dynamic auto it does not appear to show.
Switch1#sh run int gi1/1
Building configuration...
Current configuration : 109 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
media-type rj45
negotiation auto
end
Switch1#
Switch2#sh run int gi1/1
Building configuration...
Current configuration : 144 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
media-type rj45
negotiation auto
end
Switch2#
By changing one side to dynamic desirable we successfully formed a operational trunk link. The output below proves this.
Switch1#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch1#
Switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2#
Scenario 5
We will now change both sides to dynamic desirable and see if we can still have an operational Trunk link.
Switch1#sh run int gi1/1
Building configuration...
Current configuration : 144 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
media-type rj45
negotiation auto
end
Switch1#sh int gi1/1 sw
Switch1#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch1#
Switch2#sh run int gi1/1
Building configuration...
Current configuration : 144 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
media-type rj45
negotiation auto
end
Switch2#sh int gi1/1 sw
Switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch2#
Scenario 6
In this scenario we will use the command no negotiate on Switch1 to stop any negotiation with DTP. Switch 2 will remain the same.
Switch1(config-if)#switchport nonegotiate
Command rejected: Conflict between 'nonegotiate' and 'dynamic' status on this interface: Gi1/1
Switch1(config-if)#
The above output shows we cannot have the dynamic command and the no negotiate on the switchport at the same time.
After some trial and error, I realised that you can only configure non negiote on trunk link when you are statically configuring the trunk link like the example below.
SWITCH1
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
media-type rj45
no negotiation auto
!
Lets look at some more commands on switch1
Switch1#sh int gi1/1 sw
Switch1#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch1#sh int gi1/1 trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-4094
Port Vlans allowed and active in management domain
Gi1/1 1,10,192
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1,10,192
Although Switch 1 configuration looked good, Switch 2 would not form a trunk with Switch 1. This is an expected outcome as we have it set switch 1 to non negotiate and the dynamic desirable will not be able to exchange information with an interface which is unwilling to negotiate.
switch2#sh run int gi1/1
Building configuration...
Current configuration : 144 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
media-type rj45
negotiation auto
end
switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
scenario 7
We will now simply take off the nonegiotate and see if the trunk link comes up on Switch 2. from the output below we can see that our logic worked and switch 2 formed a trunk.
switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Scenario 8
As the trunk is now working lets see if it works if we switch from desirable to auto on switch 2 whist leaving switch 1 the same. It worked which proves the effctiveness of nonegiote on a switch.
switch2#sh run int gi1/1
Building configuration...
Current configuration : 109 bytes
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
media-type rj45
negotiation auto
end
switch2#sh int gi1/1 sw
switch2#sh int gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
switch2#
Summary.
Always ensure that you are using the right protocol ISL or 801.q protocol. Ensure that nonegiotae is on if you do not want to form trunks with dynamic interfaces. A dynamic auto interface will not form a trunk with another dynamic auto interface.
The best command to troubleshoot DTP interfaces is
Show interface Gi x/y switchport
Reference
https://en.wikipedia.org/wiki/Dynamic_Trunking_Protocol
Follow me on Social media:
