Cisco 6500 - Making a switch port invisible

Unanswered Question
Jul 15th, 2010

I have a customer that insists we are either blocking STP BPDU traffic, and in wireshark traces our switches are mixing BPDU traffic with theirs.  My goal is to configure a transparent switch port that allows everything, customer can send anything end-to-end thus making our switch invisible.  Also, I wish to constrain this to there port only.

Network:
Two Cisco 6500 switches running IOS

Customer:
Using port Fa6/7 on Cisco6500-LOCA to port Fa6/7 on Cisco6500-LOCZ

Question;

Will the configuration below work?  Has anybody done this?  My reference is http://packetlife.net/blog/2010/apr/15/invisible-catalyst-switch/

Configuration:
On Cisco6500-LOCA
interface fa6/7
description Facing LOCA
switchport mode dot1q-tunnel
switchport access vlan 201
speed 100
duplex full
mtu 9216
no cdp enable
switchport nonegotiate
no keepalive
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
l2protocol-tunnel point-to-point pagp
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel point-to-point udld
end
interface gig 1/1
description Trunk between Cisco6500-LOCA and Cisco6500-LOCZ
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 201,800-850
mtu 9216
end


On Cisco6500-LOCZ
interface fa6/7
description Facing LOCZ
switchport mode dot1q-tunnel
switchport access vlan 201
speed 100
duplex full
mtu 9216
no cdp enable
switchport nonegotiate
no keepalive
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
l2protocol-tunnel point-to-point pagp
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel point-to-point udld
end
interface gig 1/1
description Trunk between Cisco6500-LOCZ and Cisco6500-LOCA
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 201,800-850
mtu 9216
end

-Mn

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jayakrishna Mada Fri, 07/30/2010 - 01:15

Mn,

Yes that should work.

I am assuming that 6/7 is the end points going to your customer. Also make sure that your have "dot1q tag native".

Jayakrishna

Hitesh Vinzoda Fri, 07/30/2010 - 03:31

Add under interfaces

vlan dot1q tag native

and in global configuration add :

errdisable recovery cause l2ptguard

HTH

Hitesh Vinzoda

Pls rate useful posts

Actions

This Discussion