Default IEEE 802.1Q Tunneling ConfigurationBydefault, IEEE 802.1Q tunneling is disabled because the default switchport mode is dynamic auto. Tagging
ofIEEE 802.1Q nativeVLAN packets on all IEEE 802.1Q trunkports isalso disabled.
Layer 2 Protocol Tunneling OverviewCustomersat different sites connected across a service-provider network need to use various Layer 2 protocols
toscale their topologies to include all remote sites, as well as the local sites. STP must run properly, and every
VLANshould builda proper spanning treethat includes the local site and all remote sites across the
service-providernetwork. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from
localand remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration
throughoutall sites inthe customer network.
Whenprotocol tunneling is enabled, edge switches on the inbound side of the service-provider network
encapsulateLayer 2 protocol packets with a special MAC address and send them across the service-provider
network.Core switches in the network do not process these packets but forward them as normal packets.
Layer2 protocol data units (PDUs) for CDP, STP,or VTP cross the service-provider network and are delivered
tocustomer switches on the outbound side of the service-provider network. Identical packets are received by
allcustomer ports onthe same VLANs withthese results:
•Userson each of a customer’s sites can properly run STP, and every VLAN can build a correct spanning
treebased on parameters from all sites and not just from the local site.
•CDPdiscovers andshows information about theother Cisco devices connectedthrough the
service-providernetwork.
•VTPprovides consistentVLAN configuration throughout the customernetwork, propagating to all
switchesthrough the serviceprovider.
Toprovide interoperability with third-party vendors, you can use the Layer 2 protocol-tunnel bypass
feature.Bypass mode transparentlyforwards control PDUs tovendor switchesthat have differentways
ofcontrolling protocol tunneling. You implement bypass mode by enabling Layer 2 protocol tunneling
onthe egress trunk port. When Layer 2 protocol tunneling is enabled on the trunk port, the encapsulated
tunnelMAC address is removedand the protocol packets have their normal MAC address.
Note
Layer2 protocoltunneling can be used independentlyor can enhance IEEE 802.1Q tunneling.If protocol
tunnelingis not enabledon IEEE 802.1Q tunnelingports, remote switches at the receivingend of the
service-providernetwork do not receive the PDUs and cannot properly run STP, CDP, and VTP.When
protocoltunneling is enabled, Layer 2 protocols within each customer’s networkare totally separate from
thoserunning withinthe service-provider network. Customerswitches on different sites that send traffic
throughthe service-providernetwork with IEEE 802.1Qtunneling achieve complete knowledge ofthe
customer’sVLAN. If IEEE802.1Q tunneling is notused, you canstill enable Layer 2 protocoltunneling by
connectingto the customer switch through access ports and by enabling tunneling on the service-provider
accessport.
Forexample, in the following figure (Layer 2 Protocol Tunneling), Customer X has four switches in the same
VLAN,that are connected through the service-provider network. If the network does not tunnel PDUs, switches
onthe far ends of the network cannot properly run STP, CDP, and VTP.For example, STP for a VLAN on
Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29440-01 129
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
Default IEEE 802.1Q Tunneling Configuration