Default port states

I have a lab work book for BCMSN and it states that

dynamic auto

should be the default port state for switches (3560 and 2960)

I have some 3550 and 2950 and they default to dynamic desireable...

Is this a fundamental difference between the two switch types?

Thanks

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

lildeezul

The default port state is not dynamic auto... it is dynamic desirable.

think about it, if the defualt port state was dynamic auto, then the switches will not form a trunk, becuase both will be waiting for a DTP packet to be sent

tiersten

Read the documentation for the newer switches. It states that the default is now dynamic auto instead of dynamic desirable.

tiersten

lildeezul wrote:

think about it, if the defualt port state was dynamic auto, then the switches will not form a trunk, becuase both will be waiting for a DTP packet to be sent

Yes. Cisco changed the default and that is what happens now if you just plug two switches together with defaults set.

Netwurk

Dynamic auto makes more sense as a default, since automatically forming trunks could potentially cause VTP and/or STP problems

lildeezul

wow.. news to me... Thanks for the info..

i guess is does make since, so make it dynamic auto for security reasons, such as rouge switches..

thanks again for the update.

mikearama

I don't get how that's any improvement. So if I have a rogue switch, all I have to do is have my uplink port set to desirable, so it sends DTP packets, and I've got a trunk? Well that's tough to configure. NOT. I wonder who the big-earner at cisco is who thought that's more secure than nonegotiate (or even better... OFF) as a default.

Mrock4

I think it's more of to prevent you from mistakingly hooking up a switch with a lower STP priority causing an election, or from blowing away your VLAN assignments with a switch that has a high revision number. At least with it set to auto, you have to consciously want it to trunk, not just plug it in, and say "oops..network is down". I've seen this, I've done this, you don't want this.

FYI, I love the movie "you don't mess with the zohan"

JavonR

Mrock4 wrote:

I think it's more of to prevent you from mistakingly hooking up a switch with a lower STP priority causing an election, or from blowing away your VLAN assignments with a switch that has a high revision number. At least with it set to auto, you have to consciously want it to trunk, not just plug it in, and say "oops..network is down". I've seen this, I've done this, you don't want this.

FYI, I love the movie "you don't mess with the zohan"

LOL. Nice.

mikearama

Great movie... especially if you're from Haustralia!

lildeezul

yeah especially when the part when the zohan was going to take the son to the disco party, and he said... wait i will **** your mother 1 more time and then we will go....

ahahah thats the greeatest.

dtlokee

Not totally sure why Cisco changed it but the 3550 defaults to dynamic desirable and the 3560 defaults to dynamic auto. It could be a security issue but if somone plugs in a rogue switch that switch can still become the spanning tree root for the access vlan on the port it is plugged into, using something like BPDU Guard and Root guard are better choices for preventing rogue switches from becoming the root.

Netwurk

I think they try to balance letting the switches work right out of the box versus making sure they are secure.

Otherwise they would just ship them with all ports admin down (shut)