Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2PT guard

Hello,

I have this situation:

SWITCH1---SWITCH2---ROUTER

SWITCH1 port toward SWITCH2 has configuration:

Interface GigabitEthernet1/0/1

switchport access vlan 333

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

SWITCH2 port toward ROUTER has configuration:

Interface GigabitEthernet 1/0/2

switchport access vlan 222

switchport mode dot1q-tunnel

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

When ROUTER connects to SWITCH2

with interface configuration:

Interface GigabitEthernet0/1.10

encapsulation dot1q 10

ip address 10.0.0.1 255.255.255.0

then port on SWITCH1 goes to error disable state:

%PM-4-ERR_DISABLE: l2ptguard error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state.

Everything works only when l2ptprotocol commands are removed either from SWITCH1 or SWITCH2.

Can anyone give me explanation for this behavior.

Thanks in advance,

A

2 REPLIES
Cisco Employee

Re: L2PT guard

Hi Antonio,

It's an expected behavior as switch 1 detects a Loop condition:

from http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swtunnel.html#wp1006657

"

If an encapsulated PDU (with the proprietary destination MAC address) is received from a tunnel port or access port with Layer 2 tunneling enabled, the tunnel port is shut down to prevent loops.

"

You can't tunnel twice those protocols. It's not supported.

HTH

Laurent.

New Member

Re: L2PT guard

thanks Laurent.

A

5763
Views
5
Helpful
2
Replies
CreatePlease to create content