Dynamic Trunking Protocol DTP

abgelegt unter: Protokolle

Bei Cisco wird ein Link, der Frames von mehr als einem VLAN überträgt als Trunk bezeichnet. Bei Frames die auf einem Trunk übertragen werden, muss die VLAN-Zugehörigkeit gekennzeichnet werden. Dafür kommen ISL und IEEE 802.1q zum Einsatz. Über das Dynamic Trunking Protocol (DTP) können zwei Cisco-Switches automatisch einen Trunk aufbauen.

Gigabit-Interface mit aktiviertem DTP

CISCO-IOS-SWITCH#sh run interface gigabitEthernet 0/4
Building configuration...

Current configuration : 97 bytes
!
interface GigabitEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
end

show interfaces mit aktiviertem DTP

CISCO-SWITCH#sh interfaces gigabitEthernet 0/4 switchport
Name: Gi0/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Gigabit-Interface mit deaktiviertem DTP

CISCO-SWITCH#sh run interface gigabitEthernet 0/5
Building configuration...

Current configuration : 121 bytes
!
interface GigabitEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
end

show interfaces mit deaktiviertem DTP

CISCO-SWITCH#sh interfaces gigabitEthernet 0/7 switchport
Name: Gi0/7
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Beispiel für einen DTP-Frame (aufgezeichnet mit Ethereal)

ISL
    Destination: 01000C0000
    0000 .... = Type: Ethernet (0)
    .... 0000 = User: Best effort (default priority) (0)
    Source: Cisco_5f:44:a0 (00:0a:b7:5f:44:a0)
    Length: 76
    DSAP: 0xAA
    SSAP: 0xAA
    Control: 0x3
    HSA: 0x00000c
    0000 0000 0000 001. = VLAN ID: 0x0001
    .... .... .... ...1 = BPDU: Yes
    Index: 0
IEEE 802.3 Ethernet 
    Destination: CDP/VTP (01:00:0c:cc:cc:cc)
    Source: Cisco_5f:44:a0 (00:0a:b7:5f:44:a0)
    Length: 46
    Frame check sequence: 0x3017503b [correct]
Logical-Link Control
    DSAP: SNAP (0xaa)
    IG Bit: Individual
    SSAP: SNAP (0xaa)
    CR Bit: Command
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information (0x00)
        .... ..11 = Frame type: Unnumbered frame (0x03)
    Organization Code: Cisco (0x00000c)
    PID: DTP (0x2004)
Dynamic Trunking Protocol
    Version: 0x01
    Trunk Name: Distribution
        Type: Trunk Name (0x0001)
        Length: 17
        Trunk Name: Distribution
    Type 2: 0x03
        Type: Type 2 (0x0002)
        Length: 5
        Type 2: 0x03
    Type 3: 0x40
        Type: Type 3 (0x0003)
        Length: 5
        Type 3: 0x40
    Some MAC: 00:0a:b7:5f:44:a0
        Type: Some MAC (0x0004)
        Length: 10
        Some MAC: Cisco_5f:44:a0 (00:0a:b7:5f:44:a0)

Auf Switchports hat Cisco DTP per default aktiviert. Aus Sicherheitsgründen sollte DTP an Edge-Ports deaktiviert werden.

geschrieben am 10.04.2006 von Mirko Kulpa

Dynamic Trunking Protocol DTP

Gigabit-Interface mit aktiviertem DTP

show interfaces mit aktiviertem DTP

Gigabit-Interface mit deaktiviertem DTP

show interfaces mit deaktiviertem DTP

Beispiel für einen DTP-Frame (aufgezeichnet mit Ethereal)

Site

Kategorien

Archiv

Projekte

Webtools



Dynamic Trunking Protocol DTP abgelegt unter: Protokolle Bei Cisco wird ein Link, der Frames von mehr als einem VLAN überträgt als Trunk bezeichnet. Bei Frames die auf einem Trunk übertragen werden, muss die VLAN-Zugehörigkeit gekennzeichnet werden. Dafür kommen ISL und IEEE 802.1q zum Einsatz. Über das Dynamic Trunking Protocol (DTP) können zwei Cisco-Switches automatisch einen Trunk aufbauen. Gigabit-Interface mit aktiviertem DTP CISCO-IOS-SWITCH#sh run interface gigabitEthernet 0/4 Building configuration... Current configuration : 97 bytes ! interface GigabitEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk end show interfaces mit aktiviertem DTP CISCO-SWITCH#sh interfaces gigabitEthernet 0/4 switchport Name: Gi0/4 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Gigabit-Interface mit deaktiviertem DTP CISCO-SWITCH#sh run interface gigabitEthernet 0/5 Building configuration... Current configuration : 121 bytes ! interface GigabitEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate end show interfaces mit deaktiviertem DTP CISCO-SWITCH#sh interfaces gigabitEthernet 0/7 switchport Name: Gi0/7 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Beispiel für einen DTP-Frame (aufgezeichnet mit Ethereal) ISL Destination: 01000C0000 0000 .... = Type: Ethernet (0) .... 0000 = User: Best effort (default priority) (0) Source: Cisco_5f:44:a0 (00:0a:b7:5f:44:a0) Length: 76 DSAP: 0xAA SSAP: 0xAA Control: 0x3 HSA: 0x00000c 0000 0000 0000 001. = VLAN ID: 0x0001 .... .... .... ...1 = BPDU: Yes Index: 0 IEEE 802.3 Ethernet Destination: CDP/VTP (01:00:0c:cc:cc:cc) Source: Cisco_5f:44:a0 (00:0a:b7:5f:44:a0) Length: 46 Frame check sequence: 0x3017503b [correct] Logical-Link Control DSAP: SNAP (0xaa) IG Bit: Individual SSAP: SNAP (0xaa) CR Bit: Command Control field: U, func=UI (0x03) 000. 00.. = Command: Unnumbered Information (0x00) .... ..11 = Frame type: Unnumbered frame (0x03) Organization Code: Cisco (0x00000c) PID: DTP (0x2004) Dynamic Trunking Protocol Version: 0x01 Trunk Name: Distribution Type: Trunk Name (0x0001) Length: 17 Trunk Name: Distribution Type 2: 0x03 Type: Type 2 (0x0002) Length: 5 Type 2: 0x03 Type 3: 0x40 Type: Type 3 (0x0003) Length: 5 Type 3: 0x40 Some MAC: 00:0a:b7:5f:44:a0 Type: Some MAC (0x0004) Length: 10 Some MAC: Cisco_5f:44:a0 (00:0a:b7:5f:44:a0) Auf Switchports hat Cisco DTP per default aktiviert. Aus Sicherheitsgründen sollte DTP an Edge-Ports deaktiviert werden. geschrieben am 10.04.2006 von Mirko Kulpa	Site Home Impressum Kategorien Protokolle Tools Techniken Security Hardware Archiv Februar 2008 November 2006 Oktober 2006 Juli 2006 Juni 2006 Mai 2006 April 2006 Projekte Netzwerkservice network lab netzikon RFID-Informationen Webtools DNS Stuff Web-Sniffer