DTP - best practice to disable

In most cases, it is considered best practice to disable DTP when deploying switches. Although DTP can be useful, it can present security issues.

For example, a switchport with DTP enabled will remain in access mode if a PC is connected to that port. But what if a malicious user plugs in a switch on that port and causes the switchport to change to trunk mode? That user will now potentially have access to all the trunks configured on the switch.

So it is more of a security issue rather than simply eliminating DTP messages from the network.




Links to this page: