L2PT guard

Unanswered Question
Sep 18th, 2009
User Badges:

Hello,


I have this situation:


SWITCH1---SWITCH2---ROUTER


SWITCH1 port toward SWITCH2 has configuration:

Interface GigabitEthernet1/0/1

switchport access vlan 333

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp


SWITCH2 port toward ROUTER has configuration:

Interface GigabitEthernet 1/0/2

switchport access vlan 222

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp


When ROUTER connects to SWITCH2

with interface configuration:

Interface GigabitEthernet0/1.10

encapsulation dot1q 10

ip address 10.0.0.1 255.255.255.0

then port on SWITCH1 goes to error disable state:

%PM-4-ERR_DISABLE: l2ptguard error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state.


Everything works only when l2ptprotocol commands are removed either from SWITCH1 or SWITCH2.


Can anyone give me explanation for this behavior.


Thanks in advance,

A

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Laurent Aubert Fri, 09/18/2009 - 06:28
User Badges:
  • Cisco Employee,

Hi Antonio,


It's an expected behavior as switch 1 detects a Loop condition:


from http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swtunnel.html#wp1006657


"

If an encapsulated PDU (with the proprietary destination MAC address) is received from a tunnel port or access port with Layer 2 tunneling enabled, the tunnel port is shut down to prevent loops.

"


You can't tunnel twice those protocols. It's not supported.


HTH


Laurent.

Actions

This Discussion