Cisco Systems 3560 Configuring Layer 2 Protocol Tunneling

16-12

Catalyst 3560 Switch Software Configuration Guide

OL-8553-06

Chapter 16 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling

Configuring Layer 2 Protocol Tunneling

• For interoperability with third-party vendor switches, the switch supports a Layer 2 protocol-tunnel

bypass feature. Bypass mode transparently forwards control PDUs to vendor switches that have

different ways of controlling protocol tunneling.When Layer 2 protocol tunneling is enabled on

ingress ports on a switch, egress trunk ports forward the tunneled packets with a special

encapsulation. If you also enable Layer 2 protocol tunneling on the egress trunk port, this behavior

is bypassed, and the switch forwards control PDUs without any processing or modification.

• The switch supports PAgP, LACP, and UDLD tunneling for emulated point-to-point network

topologies. Protocol tunneling is disabled by default but can be enabled for the individual protocols

on IEEE 802.1Q tunnel ports or on access ports.

• If you enable PAgP or LACP tunneling, we recommend that you also enable UDLD on the interface

for faster link-failure detection.

• Loopback detection is not supported on Layer 2 protocol tunneling of PAgP, LACP, or UDLD

packets.

• EtherChannel port groups are compatible with tunnel ports when the IEEE 802.1Q configuration is

consistent within an EtherChannel port group.

• If an encapsulated PDU (with the proprietary destination MAC address) is received from a tunnel

port or an access port with Layer 2 tunneling enabled, the tunnel port is shut down to prevent loops.

The port also shuts down when a configured shutdown threshold for the protocol is reached. You can

manually re-enable the port (by entering a shutdown and a no shutdown command sequence). If

errdisable recovery is enabled, the operation is retried after a specified time interval.

• Only decapsulated PDUs are forwarded to the customer network. The spanning-tree instance

running on the service-provider network does not forward BPDUs to tunnel ports. CDP packets are

not forwarded from tunnel ports.

• When protocol tunneling is enabled on an interface, you can set a per-protocol, per-port, shutdown

threshold for the PDUs generated by the customer network. If the limit is exceeded, the port shuts

down. You can also limit BPDU rate by using QoS ACLs and policy maps on a tunnel port.

• When protocol tunneling is enabled on an interface, you can set a per-protocol, per-port, drop

threshold for the PDUs generated by the customer network. If the limit is exceeded, the port drops

PDUs until the rate at which it receives them is below the drop threshold.

• Because tunneled PDUs (especially STP BPDUs) must be delivered to all remote sites so that the

customer virtual network operates properly, you can give PDUs higher priority within the

service-provider network than data packets received from the same tunnel port. By default, the

PDUs use the same CoS value as data packets.

Configuring Layer 2 Protocol Tunneling

Beginning in privileged EXEC mode, follow these steps to configure a port for Layer 2 protocol

tunneling:

Command Purpose

Step 1 configure terminal Enter global configuration mode.

Step 2 interface interface-id Enter interface configuration mode, and enter the interface to be configured

as a tunnel port. This should be the edge port in the service-provider

network that connects to the customer switch. Valid interfaces can be

physical interfaces and port-channel logical interfaces (port channels 1 to

48).