Pproblem with layer2 protocol tunneling

Unanswered Question
Mar 13th, 2007


We have 3 switches connected with each other and formed a ring topology.

When i try to make l2 point-to-point tunnel , one of my edge switch (where i try to up dot1q trunk and udld port) can view another one ( udld protocol up for few second and cdp say name of the neighbor) but this "another one" can't see anything!

But in same time ordinary l2 tunnel (not point-to-point) work fine.

Where is a problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Mon, 03/19/2007 - 11:24

Tunneling is not supported on trunk ports. If you enter the l2protocol-tunnel interface configuration command on a trunk port, the command is accepted, but Layer 2 tunneling does not take affect unless you change the port to a tunnel port or access port.

rvv Mon, 03/19/2007 - 22:03

i already has enabled port mode to tunnel port.

Additionaly we have same configuration working for other tunnel, but failed to add another tunnel.


interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk


interface GigabitEthernet1/0/10

switchport access vlan 100

switchport mode dot1q-tunnel

l2protocol-tunnel point-to-point pagp

l2protocol-tunnel point-to-point lacp

l2protocol-tunnel point-to-point udld

no cdp enable

and same config for other end.

Trik is where you enable udld port on sw-customer , on both ends.

After few seconds udld disable port , becouse can't see neighbor response. But can see neighbor cdp name!!!!

rvv Tue, 03/20/2007 - 04:25

from cisco.com :

Using the 802.1Q tunneling feature, service providers can use a single VLAN to support customers who

have multiple VLANs. Customer VLAN IDs are preserved, and traffic from different customers is

segregated within the service-provider network, even when they appear to be in the same VLAN. Using

802.1Q tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy and retagging the tagged

packets. A port configured to support 802.1Q tunneling is called a tunnel port

rvv Tue, 03/20/2007 - 21:44

This is not only for ISP's.

We are not ISP. This feature particularly useful

when you need to tunnel other L2 traffic over your existing L2 network.

For example when you need to expand DMZ zone over physically different segments in your LAN.

Instead of using ordinary VLAN , we can use tunnel VLAN to tunnel DMZ traffic , because DMZ can consist many other VLAN's , and can have self vtp domain.

This is not good example , because DMZ must comply with most strong security policy , but if you have no choice , and use PVLAN in DMZ , i think this is possible.


This Discussion