Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

l2protocol-tunnel as an access port?


We use L2TP for trunking other customer's vlans across our infrastructure. Now we have a need to make use of one of our customer's links to get a device to a remote part of our campus.

Is it possible for them to provide a 'dark vlan' extension to our network (and can we provide the same service to others )? such that;

Local Switch [Access Port] <-local-patch-> [L2TP-encap or equiv] Tunnel entry switch [L2TP] <-dark-vlan-tunnel-> [L2TP] Tunnel exit switch [L2TP-decap or equiv] <-remote-patch-> [Access device] Remote PC

  or do we need to provide a 'Trunked Tunnel'? i.e.

Local Switch [Trunk] <-local-patch-> [L2TP-encap] Tunnel entry switch [L2TP] <-dark-vlan-tunnel-> [L2TP] Tunnel exit switch [L2TP-decap] <-remote-patch-> [Trunk] Remote Switch [Access Port] <-remote-patch-> [Access device] Remote PC

Obviously the aim of the former is to have the management of the access port local to our equipment rooms where we have physical access, and reduce the cost of having to deploy a remote switch in order to control the access to our network.

If the former is possible, is there any different config that our customer will need to configure compared with a standarl l2protocol-tunnel?



New Member

Re: l2protocol-tunnel as an access port?


Still working on this (but without a lab to play with). Attaching a piccie to help with the concept if it helps anyone.

The main issue is one of control. Can we ensure that the end point Access Device is just that, a single device (e.g. using port security maximums as it's an access port), or would it be possible for a switch / hub to be placed on the end, connecting multiple devices to our vlan (i.e. we'd need a switch at the remote end such as solution B in order to manage it).

Thanks for looking, any suggestions appreciated.



l2protocol-tunnel as an access port?

L2TP is a tunneling protocol from what I know, and is used for tunneling VPN connections. Trunking on switchports is different (industry standard is IEE802.1Q).

In Solution A the ports that are connected to PC (hosts) are usualy configured as access ports. The ports between switches are trunk ports that facilitates forwarding of all VLANs traffic in your network. If you have all switch ports in access mode you can have only one vlan in the network.

In Solution A you can configure that Access Device to be in a VLAN on it on and you can control what it can access in your network.

Hope this helps


CreatePlease to create content