Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 6500 - Making a switch port invisible

I have a customer that insists we are either blocking STP BPDU traffic, and in wireshark traces our switches are mixing BPDU traffic with theirs.  My goal is to configure a transparent switch port that allows everything, customer can send anything end-to-end thus making our switch invisible.  Also, I wish to constrain this to there port only.

Network:
Two Cisco 6500 switches running IOS

Customer:
Using port Fa6/7 on Cisco6500-LOCA to port Fa6/7 on Cisco6500-LOCZ

Question;

Will the configuration below work?  Has anybody done this?  My reference is http://packetlife.net/blog/2010/apr/15/invisible-catalyst-switch/

Configuration:
On Cisco6500-LOCA
interface fa6/7
description Facing LOCA
switchport mode dot1q-tunnel
switchport access vlan 201
speed 100
duplex full
mtu 9216
no cdp enable
switchport nonegotiate
no keepalive
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
l2protocol-tunnel point-to-point pagp
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel point-to-point udld
end
interface gig 1/1
description Trunk between Cisco6500-LOCA and Cisco6500-LOCZ
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 201,800-850
mtu 9216
end


On Cisco6500-LOCZ
interface fa6/7
description Facing LOCZ
switchport mode dot1q-tunnel
switchport access vlan 201
speed 100
duplex full
mtu 9216
no cdp enable
switchport nonegotiate
no keepalive
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
l2protocol-tunnel point-to-point pagp
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel point-to-point udld
end
interface gig 1/1
description Trunk between Cisco6500-LOCZ and Cisco6500-LOCA
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 201,800-850
mtu 9216
end

-Mn

2 REPLIES
Cisco Employee

Re: Cisco 6500 - Making a switch port invisible

Mn,

Yes that should work.

I am assuming that 6/7 is the end points going to your customer. Also make sure that your have "dot1q tag native".

Jayakrishna

Re: Cisco 6500 - Making a switch port invisible

Add under interfaces

vlan dot1q tag native

and in global configuration add :

errdisable recovery cause l2ptguard

HTH

Hitesh Vinzoda

Pls rate useful posts

1237
Views
0
Helpful
2
Replies