18-9
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter18 Configuring 802.1 Q and Layer 2 Protocol Tunneling
Configuring Layer 2 Protocol Tunneling
Configuring Layer 2 Protocol Tunneling
You can enable Layer 2 protocol tunneling (by protocol) on the access ports or tunne l ports that are
connected to the customer in the edge switches of the Service Provider network. The Service Provider
edge switches connected to the customer switch perform the tunneling process. Edge-switch tunnel ports
are connected to customer 802.1Q trunk ports. Edge-switch access ports are connected to customer
access ports.
When the Layer 2 PDUs that entered the Service Provider inbound edge switch through the tunnel port
or the access port exit through its the trunk port into the Service Provider network, the switch overwrites
the customer PDU-destination MAC address with a well-known Cisco proprietary multicast address
(01-00-0c-cd-cd-d0). If 802.1Q tunneling is enabled, packets are also double-ta gged; the outer tag is the
customer metro tag, and the inner tag is the customer’s VLAN tag. The core switches ignore the inner
tags and forward the packet to all trunk ports in the same metro VLAN. The edge switches on the
outbound side restore the proper Layer 2 protocol and MAC address infor mation and forward the packets
to all tunnel or access ports in the same metro VLAN. Therefore, the Layer 2 PDUs remain intact and
are delivered across the Service Provider network to the other side of the customer network.
See Figure 18-4, with Customer A and Customer B in access VLANs 30 and 40, respectively.
Asymmetric links connect the Customers in Site 1 to edge switches in the Service Provider network. The
Layer 2 PDUs (for example, BPDUs) coming into Switch 2 from Customer B in Site 1 are forwarded to
the infrastructure as double-tagged packets with the well-known MAC address as the destination MAC
address. These double-tagged packets have the metro VLAN tag of 40, as well as an inner VLAN tag
(for example, VLAN 100). When the double-tagged packets enter Switch 4, the metro VLAN tag 40 is
removed. The well-known MAC address is replaced with the respective Layer 2 protocol MAC address,
and the packet is sent to Customer B on Site 2 as a single-tagged frame in VLAN 100.
You can also enable Layer 2 protocol tunneling on access ports on the edge switch connected to access
ports on the customer switch. In this case, the encapsulation and de-encapsulation process is the same
as described in the previous paragraph, except that the packets a re not double-tagged in the Service
Provider network. The single tag is the customer-specific access VLAN tag.
This section contains the following subsections:
Default Layer 2 Protocol Tunneling Configuration, page 18-9
Layer 2 Protocol Tunneling Configuration Guidelines, page 18-10
Configuring Layer 2 Tunneling, page 18-10

Default Layer 2 Protocol Tunneling Configuration

Table18-1 shows the de fault configuration for Layer 2 protocol tunneling.
Table18-1 Default Layer 2 Ethernet Interface VLAN Configuration
Feature Default Setting
Layer 2 protocol tunneling Disabled.
Shutdown threshold None set.
Drop threshold None set.
CoS value If a CoS value is configured on the interface for data packets, that
value is the default used for Layer 2 PDUs. If none is configured, the
default is 5.