Pages

network cisco ccna gns3 certification arteq

network cisco ccna gns3 certification arteq
a network runs through it

Search insearchofthecert

Sunday, January 22, 2012

does dtp ever stop...

there's this idea floating around that if nonegotiate is NOT used along with the sw mode access command, that somehow dtp will still leak through trunks or vlans, or osmosis, or something to the access port...  ok... not sure if dtp is that stealthy...


sw2950_02#sh run int fa0/19
Building configuration...

Current configuration : 58 bytes
!
interface FastEthernet0/19
 speed 100
 duplex full
end

sw2950_02#sh int fa0/19 sw
Name: Fa0/19
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On

notice the administrative mode and operational mode...

sw2950_02#
1d10h: DTP-pkt:Fa0/2:  ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
1d10h: DTP-pkt:Fa0/19:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/19:  TOS/TAS = ACCESS/DESIRABLE ../dyntrk/dyntrk_process.c:12
38
1d10h: DTP-pkt:Fa0/19:  TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_process.c:1241
1d10h: DTP-pkt:Fa0/19:datagram_out ../dyntrk/dyntrk_process.c:1273
1d10h: DTP-pkt:Fa0/19:datagram_out encap ../dyntrk/dyntrk_process.c:1285
sw2950_02#
1d10h: DTP-pkt:Fa0/18:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/18:  TOS/TA

now we turn on sw mode access explicitly

sw2950_02(config)#int fa0/19
sw2950_02(config-if)#sw mode access
sw2950_02(config-if)#do sh run int fa0/19
Building configuration...

Current configuration : 82 bytes
!
interface FastEthernet0/19
 switchport mode access
 speed 100

sw2950_02(config-if)#do sh int fa0/19 sw
Name: Fa0/19
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none

sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/2:  ID: 0009B752D784 ../dyntrk/dyntrk_core.c:1462
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/18:Sending packet ../dyntrk/dyntrk_process.c:1235
1d10h: DTP-pkt:Fa0/18:  TOS/TAS = ACCESS/DESIRABLE ../dyntrk/dyntrk_process.c:12
38
1d10h: DTP-pkt:Fa0/18:  TOT/TAT = 802.1Q/802.1Q ../dyntrk/dyntrk_process.c:1241
1d10h: DTP-pkt:Fa0/18:datagram_out ../dyntrk/dyntrk_process.c:1273
1d10h: DTP-pkt:Fa0/18:datagram_out encap ../dyntrk/dyntrk_process.c:1285
sw2950_02(config-if)#
1d10h: DTP-pkt:Fa0/2:Sending packet ../dyntrk/

no more dtp packets...

and this...

sw2950_02(config-if)#do sh dtp int fa0/19
DTP information for FastEthernet0/19:
  TOS/TAS/TNS:                              ACCESS/OFF/ACCESS
  TOT/TAT/TNT:                              NATIVE/802.1Q/NATIVE
  Neighbor address 1:                       000000000000
  Neighbor address 2:                       000000000000
  Hello timer expiration (sec/state):       never/STOPPED
  Access timer expiration (sec/state):      never/STOPPED
  Negotiation timer expiration (sec/state): never/STOPPED
  Multidrop timer expiration (sec/state):   never/STOPPED
  FSM state:                                S1:OFF
  # times multi & trunk                     0
  Enabled:                                  no
  In STP:                                   no

sw2950_02(config)#do sh run int fa0/18
Building configuration...

Current configuration : 58 bytes
!
interface FastEthernet0/18
 speed 100
 duplex full
end

sw2950_02(config)#do sh dtp int fa0/18
DTP information for FastEthernet0/18:
  TOS/TAS/TNS:                              ACCESS/DESIRABLE/ACCESS
  TOT/TAT/TNT:                              NATIVE/802.1Q/802.1Q
  Neighbor address 1:                       000000000000
  Neighbor address 2:                       000000000000
  Hello timer expiration (sec/state):       28/RUNNING
  Access timer expiration (sec/state):      never/STOPPED
  Negotiation timer expiration (sec/state): never/STOPPED
  Multidrop timer expiration (sec/state):   never/STOPPED
  FSM state:                                S2:ACCESS
  # times multi & trunk                     0
  Enabled:                                  yes

sw2950_02(config)#do sh int fa0/18 sw
Name: Fa0/18
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
  In STP:                                   no

dtp stops when put in access mode explicitly, so i don't know what that guy is talking about with nonegotiate



Posted by arteq at Sunday, January 22, 2012
Labels: , , ,

2 comments:

  1. NagyjocĆ³June 18, 2012 at 2:58 AM

    Did you get a wireshark output to see, whether DTP has been really stopped?

    ReplyDelete
  2. arteqJune 18, 2012 at 2:05 PM

    actually, no... that might be worth the effort... ultimately, i just wish dtp would go away...

    ReplyDelete

Subscribe to: Post Comments (Atom)