about L2VPN and BPDU transport

Unanswered Question
May 17th, 2007

Hi folks,

my topology is like that:

vlan 30 - router A & B - mpls cloud (no vlans) - router C & D - vlan 30

I've created two xconnect tunnels (A-C and B-D), but the first is working, the second is for a cold backup.

How could I use both at the same time? Maybe I've to transport the BPDUs, to loop prevention, but how? Any advice will be appreciated



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
ariela Thu, 05/17/2007 - 12:11

Hi Swaroop,

thanks for your answer. Could I use L2PT over MPLS cloud? Could you explain me that?

thanks for your support


swaroop.potdar Thu, 05/17/2007 - 21:36

Switch(config)# interface gigabitethernet1/0/2

Switch(config-if)# Description Customer Facing Trunk

Switch(config-if)# l2protocol-tunnel stp

Switch(config-if)# switchport mode dot1q-tunnel

Switch(config-if)# switchport access vlan 30

Switch(config)# end


Switch(config)# interface vlan30

Switch(config-if)# mpls l2transport route

You may try it this way, modifying the config as per your existing setup.



ariela Fri, 06/15/2007 - 04:42

Hi Swaroop,

thanks for your answer, I've tried but I've a problem with BPDU transport.

In effect, I see both PE root bridge for vlan30, so I think BPDU transport doesn't work


PE-TEST-A would be the root bridge:

spanning-tree vlan 30 priority 24576

the tunnel is up, the SVI is up, but the sh span sum says both are the root bridge (my expectation was "Root port" on PE-TEST-B)!

Any advice will be appreciated

Thanks again


rajju Fri, 06/15/2007 - 10:56

Hi Swaroop:

L2PT sounds really interesting!!

I wanted to create a scenario to learn it better.

What I am thinking is to connect a router(acting as a host) to a 3550 and the 3550 to a MPLS PE(3640) router, across to the other side and similiar setup on the other side.

Does it make any sense?


ariela Fri, 06/15/2007 - 13:30


I don't think 3550 supports that ... Please check the FN.



swaroop.potdar Fri, 06/15/2007 - 16:38

Niraj & Andrea, the 3550 supports QinQ with L2Protocol Tunneling.

Here is the feature configuration guide.


Andrea, Customer STP can be transported across the MetroCore encapsulated in the L2Prot_Tunnel end-to-end,

can you illustrate or explain your topology and the objective, so we can understand the problem.



ariela Sat, 06/16/2007 - 15:00

hi Swaroop,

first of all, thanks for your support, it is very appreciated.

Well, about the shows in my last post, the topology of my first lab was like this:

all 3750-ME


CE-TEST-A and CE-TEST-B connected to PEs, and on vlan 30; l2transport between PEs.

I've changed the priority on PE-TEST-A, so that PE could be the root bridge for the vlan 30. But when all is ok, I see both PEs root bridges for the same vlan 30. My expectation was PE-TEST-B with a 'root port' instead of 'designated port', correct?

Thanks again


swaroop.potdar Sat, 06/16/2007 - 23:59

Andrea, you should do a QinQ with L2Tunnel to transport the BPDU of the customer transparently via the core to the other customer end.(CE-MetroE Core-CE)

Your core should be transparent to the SP core as a best practise, to avoid complications with you VLAN addressing and your STP design.

So if your CE is connected to your PE on vlan 30 then on the port connecting to the CE on the PE you do a QinQ and do a L2transport for the SP vlan and also a L2protocol transport on the interface, so it carries the L2 protocol frames received from your CE to the other side CE.

If you want to do something else apart from transporting BPDU's from the CE then do elaborate.



ariela Sun, 06/17/2007 - 01:18

Hi Swaroop,

thanks for your answer, I've forgotten, and maybe it's important: I work for this SP, so PEs and P are on my hand ... the MPLS core hasn't vlans, all is label based. So, is it possible to create this?

The configuration that I've applied is like this:

(example: PE-TEST-A)

interface gigabitethernet1/0/1

Description L2-TEST

l2protocol-tunnel stp

switchport mode dot1q-tunnel

switchport access vlan 30


interface vlan30

mpls l2transport route 30

Any advice will be appreciated

Thanks again


swaroop.potdar Sun, 06/17/2007 - 09:01

Andrea, yes definately this will work.

This will transport the customer L2 protocol packets to the other side including the STP.

So the CE's at each end can run STP between themselves. PE's wont be involved in this STP at all. So do not enable STP for vlan 30 on the PE's. As they are just carrier Vlans.



ariela Mon, 06/18/2007 - 02:08

Hi Swaroop,

so, if I've well understood, is it normal that I see on PEs both ports "designated" and not "des/root"? I've to check the STP on CEs, and not on PEs. How could I check if the STP works correctly at each end?

Thanks again for your support



swaroop.potdar Mon, 06/18/2007 - 04:33

Andrea, since you are using a L2transport, the PE's would be L3 peers, so do not enable STP between the PE's.

And if you are seeing a designated port then its normal, as each PE will consider itself the root for Vlan which it is transporting to the other side.

Designated-Root role in your topology means a problem, which will signify some one else is the root.

Now coming to your CE, to check STP is working fine or not try to manipulate the STP Bridge priority and see the effect for common Vlans spanning tree root ID. the root ID shoudl be the bridge ID of the switch whose priority you reduced.

Please do let me know if you have any more questions.



ariela Mon, 06/18/2007 - 09:20


thanks for your support.

So, maybe a stupid question, but ... if I change the STP priority on vlan 30 "A side", I'll see something on STP vlan 30 "B side"?



swaroop.potdar Mon, 06/18/2007 - 14:52

Andrea, Yes if you change the root parameters on CE-A side you should see the effect on CE-B side.

If you dont see this happening then check you L2protocol tunneling once again.




This Discussion