Chapter 14
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
•
•
•
•
•
•
•
•
•
Configuring 802.1Q Tunneling
These sections describe 802.1Q tunneling configuration:
•
•
•
Ensure that only the appropriate tunnel ports are in any VLAN used for tunneling and that one VLAN is
Caution
used for each tunnel. Incorrect assignment of tunnel ports to VLANs can forward traffic inappropriately.
78-14099-04
Trunks require no special configuration to carry tunnel VLANs.
We recommend that you use ISL trunks to carry tunnel traffic between devices that do not have
tunnel ports. Because of the 802.1Q native VLAN feature, using 802.1Q trunks requires that you be
very careful when you configure tunneling: a mistake might direct tunnel traffic to a non-tunnel port.
Ensure that the native VLAN of the 802.1Q trunk port in an asymmetrical link carries no traffic.
Because traffic in the native VLAN is untagged, it cannot be tunneled correctly. Alternatively, you
can enter the global vlan dot1q tag native command to tag native VLAN egress traffic and drop
untagged native VLAN ingress traffic.
The following Layer 2 protocols work between devices connected by an asymmetrical link:
CDP
–
UniDirectional Link Detection (UDLD)
–
Port Aggregation Protocol (PAgP)
–
Link Aggregation Control Protocol (LACP)
–
With Release 12.1(13)E and later releases, PortFast BPDU filtering is enabled automatically on
tunnel ports. With releases earlier than Release 12.1(13)E, you can manually enable PortFast BPDU
filtering on tunnel ports (see the
With Release 12.1(13)E and later releases, CDP is automatically disabled on tunnel ports. With
releases earlier than Release 12.1(13)E, you can manually disable CDP when you enable 802.1Q
tunneling (see the
"Enabling CDP on a Port" section on page
To configure an EtherChannel as an asymmetrical link, all ports in the EtherChannel must have the
same tunneling configuration. Because the Layer 3 packet within the Layer 2 frame cannot be
identified, you must configure the EtherChannel to use MAC-address-based frame distribution.
Because all the BPDUs are being dropped, spanning tree PortFast can be enabled on Layer 2
protocol tunnel ports as follows:
Router(config-if)# spanning-tree portfast trunk
If the service provider does not want the customer to see its switches, CDP should be disabled on
the 802.1Q tunnel port as follows:
Router(config-if)# no cdp enable
Preconfiguration Tasks, page 14-6
Configuring 802.1Q Tunnel Ports, page 14-6
Configuring the Switch to Tag Native VLAN Traffic, page 14-7
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
"Enabling PortFast BPDU Filtering" section on page
Configuring 802.1Q Tunneling
16-10).
30-2).
14-5