Chapter 13
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
Configuring Layer 2 Protocol Tunneling
Figure 13-6 Virtual Network Topology without BPDU Tunneling
Customer X
virtual network
VLANs 1 to 100
Configuring Layer 2 Protocol Tunneling
You enable Layer 2 protocol tunneling (by protocol) on the ports that are connected to the customer in
the edge switches of the service-provider network. Edge-switch tunnel ports are connected to customer
802.1Q trunk ports; edge-switch access ports are connected to customer access ports. The edge switches
connected to the customer switch perform the tunneling process.
You can enable Layer 2 protocol tunneling on ports that are configured as access ports, tunnel ports, or
trunk ports. You cannot enable Layer 2 protocol tunneling on ports configured with switchport mode
dynamic auto or dynamic desirable. The switch supports Layer 2 protocol tunneling for CDP, STP, and
VTP.
When the Layer 2 PDUs that entered the inbound edge switch through a Layer 2 protocol-enabled port
exit the switch through the trunk port into the service-provider network, the switch overwrites the
customer PDU-destination MAC address with a well-known Cisco proprietary multicast address
(01-00-0c-cd-cd-d0). If 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the
customer metro tag and the inner tag is the customer VLAN tag. The core switches ignore the inner tags
and forward the packet to all trunk ports in the same metro VLAN. The edge switches on the outbound
side restore the proper Layer 2 protocol and MAC address information and forward the packets to all
tunnel ports, access ports, and Layer 2 protocol-enabled trunk ports in the same metro VLAN. Therefore,
the Layer 2 PDUs are kept intact and delivered across the service-provider infrastructure to the other side
of the customer network.
See
Figure
13-5, with Customer X and Customer Y in access VLANs 30 and 40, respectively.
Asymmetric links connect the customers in Site 1 to edge switches in the service-provider network. The
Layer 2 PDUs (for example, BPDUs) coming into Switch B from Customer Y in Site 1 are forwarded to
the infrastructure as double-tagged packets with the well-known MAC address as the destination MAC
address. These double-tagged packets have the outer VLAN tag of 40 as well as an inner VLAN tag (for
example, VLAN 100). When the double-tagged packets reach Switch D, the outer VLAN tag 40 is
removed, the well-known MAC address is replaced with the respective Layer 2 protocol MAC address,
and the packet is sent to Customer Y on Site 2 as a single-tagged frame in VLAN 100.
You can also enable Layer 2 protocol tunneling on access or trunk ports on the edge switch connected
to access or trunk ports on the customer switch. In this case, the encapsulation and de-encapsulation
behavior is the same as described in the previous paragraph, except that the packets are not
double-tagged in the service-provider network. The single tag is the customer-specific access VLAN tag.
Catalyst 3750 Metro Switch Software Configuration Guide
13-12
78-15870-01