Configuring 802.1Q Tunneling
•
•
•
•
•
•
•
•
•
•
Configuring an 802.1Q Tunneling Port
Beginning in privileged EXEC mode, follow these steps to configure a port as an 802.1Q tunnel port:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
no shutdown
Step 4
switchport access vlan vlan-id
Step 5
switchport mode dot1q-tunnel
Step 6
exit
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
13-6
A tunnel port cannot be a routed port.
IP routing is not supported on a VLAN that includes 802.1Q tunnel ports. Packets received from a
tunnel port are forwarded based only on Layer 2 information. If routing is enabled on a switch
virtual interface (SVI) that includes tunnel ports, untagged IP packets received from the tunnel port
are recognized and routed by the switch. Customers can access the internet through its native VLAN.
If this access is not needed, you should not configure SVIs on VLANs that include tunnel ports.
Tunnel ports do not support IP access control lists (ACLs).
Layer 3 quality of service (QoS) ACLs and other QoS features related to Layer 3 information are
not supported on tunnel ports. MAC-based QoS is supported on tunnel ports.
EtherChannel port groups are compatible with tunnel ports as long as the 802.1Q configuration is
consistent within an EtherChannel port group.
UniDirectional Link Detection (UDLD) is supported on 802.1Q tunnel ports.
Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) are supported
only on 802.1Q tunnel ports that are network node interfaces (NNIs) or enhanced network interfaces
(ENIs). UNIs do not support PAgP and LACP.
Loopback detection is supported on 802.1Q tunnel ports.
When an NNI or ENI port is configured as an 802.1Q tunnel port, spanning-tree bridge protocol data
unit (BPDU) filtering is automatically enabled on the interface, and the Cisco Discovery Protocol
(CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface.
UNIs do not support BPDU filtering, CDP, or LLDP.
In a UNI-ENI isolated VLAN, 802.1Q tunneled access ports are isolated from each other, but in a
UNI-ENI community VLAN, local switching occurs between these ports. For more information
about UNI-ENI VLANs, see
Purpose
Enter global configuration mode.
Enter interface configuration mode for the interface to be configured as a
tunnel port. This should be the edge port in the service-provider network
that connects to the customer switch. Valid interfaces include physical
interfaces and port-channel logical interfaces (port channels 1 to 48).
Enable the port, if necessary. By default, UNIs and ENIs are disabled, and
NNIs are enabled.
Specify the default VLAN, which is used if the interface stops trunking.
This VLAN ID is specific to the particular customer.
Note
Set the interface as an 802.1Q tunnel port.
Return to global configuration mode.
Chapter 13
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
Chapter 11, "Configuring VLANs."
If the VLAN is a UNI-ENI isolated VLAN, local switching does
not occur between UNIs and ENIs on the switch. If the VLAN is
a UNI-ENI community VLAN, local switching is allowed.
OL-9639-07