Читать книгу CCNP Enterprise Certification Study Guide: Implementing and Operating Cisco Enterprise Network Core Technologies - Ben Piper, David Higby Clinton - Страница 59

If you don't want to depend on DTP to negotiate a trunk on a specific interface, you can create a manual or unconditional 802.1Q trunk. To do this, you must first explicitly set the encapsulation type:

! Set the encapsulation type to 802.1Q SW4(config-if)#switchport trunk encapsulation dot1q

Thereafter, you can create the unconditional trunk:

SW4(config-if)#switchport mode trunk

If one interface is configured as dynamic auto or dynamic desirable and the other end is configured as an unconditional trunk, both switches will form a trunk.

In order for the trunk to be truly unconditional, both switches must have this configuration. To verify, use the show interfaces command:

SW4#show interfaces gi0/0 switchport Name: Gi0/0 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On

Administrative Mode is now trunk. What may surprise you is that Negotiation of Trunking is set to On. Creating an unconditional trunk doesn't disable DTP. If the switch on the other end of the link attempts to negotiate a trunk—that is, if its interface is in dynamic desirable mode—both switches will still negotiate a trunk. If you're concerned about trunks forming unexpectedly, you can disable DTP as follows:

SW4(config-if)#switchport nonegotiate SW4(config-if)#do show interface gi0/0 switchport | i Negotiation Negotiation of Trunking: Off

It's perfectly safe to disable DTP on all interfaces and explicitly create your unconditional trunks instead. Also, it's a wise idea to disable DTP on interfaces that will connect to end-user devices. If a malicious attacker is able to connect a device and form a trunk, they can potentially sniff traffic traversing all VLANs active on that trunk.