Back to course

Trunk Configuration and DTP

CCNA: 0 to Hero - Comprehensive Network Engineering Bootcamp

Lesson 26: Trunk Configuration and DTP

Configuring a Trunk Port

We must explicitly define the interface as a trunk and specify the encapsulation protocol (802.1Q is the standard).

ios Switch(config)# interface GigabitEthernet 0/24 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation dot1q

! Optional: Prune allowed VLANs (Security best practice) Switch(config-if)# switchport trunk allowed vlan 10,20,99

! Optional: Change the Native VLAN (Security best practice) Switch(config-if)# switchport trunk native vlan 99

Dynamic Trunking Protocol (DTP)

DTP is a Cisco proprietary protocol that allows switches to dynamically negotiate whether a link should become an access port or a trunk port. While convenient, it can pose a security risk if not managed.

DTP Modes:

  • dynamic desirable: Actively tries to become a trunk.
  • dynamic auto: Willing to become a trunk if the neighbor requests it.
  • trunk: Forces the port into permanent trunking mode (Recommended).
  • access: Forces the port into permanent access mode (Recommended).

Security Tip: Always set unused ports to switchport mode access and disable them (shutdown). Set production trunk ports to switchport mode trunk.