07-15-2011 09:24 AM
Hello Cisco,
It seems i cannot disable the sending of DTP packets on a FEX port:
Switch(config-if)# switchport ?
<CR>
access Set access mode characteristics of the interface
autostate Include or exclude this port from vlan link up calculation
block Block specified outbound traffic for all VLANs
description Enter description of maximum 80 characters
host Set port host
mode Enter the port mode
monitor Configures an interface as span-destination
trunk Configure trunking parameters on an interface
Switch(config-if)# switchport
---> There is no "switchport nonegotiate" ??
--> Anyway, even when the port is configured with "switchport mode access", it still keep sending DTP packets (this is normal), however
it sends them with status 0x04, which means "switchport mode desirable auto". This is a security issue.
Dynamic Trunking Protocol
Version: 0x01
Domain:
Type: Domain (0x0001)
Length: 5
Domain:
Status: 0x04
Type: Status (0x0002)
Length: 5
Status: 0x04
Dtptype: 0x45
Type: Type (0x0003)
Length: 5
Dtptype: 0x45
Neighbor: 40:55:39:e7:6b:40
Type: Neighbor (0x0004)
Length: 10
Neighbor: Cisco_e7:6b:40 (40:55:39:e7:6b:40)
See:
I am running version NXOS 5.0(2)N2(1)
07-15-2011 10:12 AM
I havn't tried to disable DTP...guess I just forgot about it. Does 'switchport host' turn it off? I don't have a sniffer handy to test at the moment, but can try Monday if you aren't able to do so.
07-17-2011 02:26 PM
I have tried "switchport host".No effect, stil DTP packets received (verified with Sniffer), at least with the NXOS version i used (see above)
07-18-2011 12:57 PM
Does nexus 2k support DTP?
Sent from Cisco Technical Support iPad App
07-18-2011 02:14 PM
I don't know. I just see DTP packets coming out of the ports and i want to prevent that a user uses these packets to
create a trunk and starts sending tagged packets to other vlans (one of the reasons DTP is turned off on host ports usually)
10-01-2013 02:56 AM
DTP is not supported on any Nexus platform. This extends to the FEXs as well. Hence the lack of 'switchport nonegotiate' commands on the Nexus interface-config CLI options. DTP is still supported on Catalyst switches so you should still disable it on all Ethernet interfaces on those switches.
Justin
03-19-2018 02:09 AM
The Command looks a little different. {no negotiate auto} i did this under the nexus 9k and the 2k. the speed setting is also required.
interface Ethernet1/36
switchport
switchport mode trunk
speed 1000
no negotiate auto
no shutdown
sh int result below
admin state is up, Dedicated Interface
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 1000 Mb/s, media type is 1G
Auto-Negotiation is turned off, FEC mode is Auto
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide