DTP is enabled by default in Cisco devices, ready to negotiate in every switch port. However, it is necessary to know how to negotiate DTP in order to establish a trunk. DTP specification is Cisco proprietary (not public), which makes it more difficult. Therefore, the authors of the article were forced to use reverse engineering of traffic between two switches setting up a trunk in order to find out what the DTP format is.
DTP negotiates both trunk activation and encapsulation type used to send and receive traffic through a given port. The most common encapsulation is IEEE 802.1Q (supported by most Cisco switches). Its specification is a public standard.
On the other hand, ISL can just as well be used, which is a Cisco proprietary protocol supported only by high-end Cisco devices. The main reason for using encapsulation is tagging the packets with their proper VLAN tag. This helps the switches to know where to send the packet.
DTP uses no sender authentication, and, as we already mentioned, it's enabled by default on all ports. The only condition is whether we are able to negotiate DTP. If so, we can have access to other VLANs. In order to learn how to negotiate DTP it's first necessary to know the DTP packet format:
- Domain (32 bytes): ASCII string identical to the configured VTP domain,
- Status (1 byte): shows port status: on, off, desirable or auto; by default: desirable - we can start to negotiate DTP,
- Type (1 byte): encapsulation type supported: ISL, 802.1Q, negotiated (ISL or 802.1Q) or native.
- Neighbor-ID (6 bytes): identifies the device sending the packet; usually: MAC address of the port.
DTP port status from the switch console
zipi# sh dtp int Fa0/10
DTP information for FastEthernet0/10:
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Thanks to the work done with Yersinia, Wireshark added DTP support.