18-10
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter18 Configuring 802.1Q and Layer 2 Protocol Tunneling
Configuring Layer 2 Protocol Tunneling
Layer 2 Protocol Tunneling Configuration Guidelines
These are some configuration guidelines and operating chara cteristics of Layer 2 protocol tunneling:
The switch supports tunneling of CDP, STP, including multiple STP (MSTP), and VTP. Protocol
tunneling is disabled by default but can be enabled for the individual protocols on 802.1Q tunnel
ports or on access ports.
Dynamic Trunking Protocol (DTP) is not compatible with Layer 2 protoc ol tunneling because you
must manually configure asymmetric links with tunnel ports and trunk ports.
Tunneling is not supported on trunk ports. If you enter the l2protocol-tunnel interface configuration
command on a trunk port, the command is accepted, but Layer 2 tunnelin g does not take affect unless
you change the port to a tunnel port or an access port.
EtherChannel port groups are compatible with tunnel port s when the 802.1Q configuration is
consistent within an EtherChannel port group.
If an encapsulated PDU (with the proprietary destination MAC address) is received from a tunnel
port or an access port with Layer 2 tunneling enabled, the tu nnel port is shut down to prevent loops.
The port also shuts down when a configured shutdown threshold for the protocol is reache d. You can
manually re-enable the port (by entering a shutdown and a no shutdown command sequence). If
errdisable recovery is enabled, the operation is retried after a specified time interval.
Only decapsulated PDUs are forwarded to the customer network. The spanning-tree instance
running on the Service Provider network does not forward BPDUs to tunnel ports. CDP packets are
not forwarded from tunnel ports.
When protocol tunneling is enabled on an interface, you can set a per-protocol, per-port, shutdown
threshold for the PDUs generated by the customer network. If the limit is exceeded, the port shuts
down. You can also limit the BPDU rate by using QoS ACLs and policy maps on a tunnel port.
When protocol tunneling is enabled on an interface, you can set a per-protocol, per-port, drop
threshold for the PDUs generated by the customer network. If the limit is exceeded, the port drops
PDUs until the rate at which it receives them is below the drop threshold.
Because tunneled PDUs (especially STP BPDUs) must be delivered to all remote sites so that the
customer virtual network operates properly, you can give PDUs higher priority within the Service
Provider network than data packets received from the same tunnel port. By default, the PDUs use
the same CoS value as data packets.
Configuring Layer 2 Tunneling
To configure a port for Layer 2 protocol tunneling, perform this task:
Command Purpose
Step1 Switch# configure terminal Enters global configuration mode.
Step2 Switch(config)# interface
interface-id
Enters interface configuration mode, and enter the interface to be
configured as a tunnel port. This should be the edge port in the Service
Provider network that connects to the customer switch. Valid interfaces can
be physical interfaces and port-channel logical interfaces (port channels 1
to 64).