Configuring Layer 2 Protocol Tunneling - Cisco Catalyst 4500 Series Configuration Manual

Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling

Configuring Layer 2 Protocol Tunneling

Figure 27-7 Layer 2 Network Topology without Proper Convergence
Customer A
virtual network
VLANs 1 to 100
Configuring Layer 2 Protocol Tunneling
You can enable Layer 2 protocol tunneling (by protocol) on access ports, tunnel ports, or trunk ports that
are connected to the customer in the edge switches of the service provider network. The service provider
edge switches connected to the customer switch perform the tunneling process. Edge-switch tunnel ports
or normal trunk ports can be connected to customer 802.1Q trunk ports. Edge-switch access ports are
connected to customer access ports.
When the Layer 2 PDUs that entered the service provider inbound edge switch through the tunnel port
or the access port exit through its the trunk port into the service provider network, the switch overwrites
the customer PDU-destination MAC address with a well-known Cisco proprietary multicast address
(01-00-0c-cd-cd-d0). If 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the
customer metro tag, and the inner tag is the customer's VLAN tag. The core switches ignore the inner
tags and forward the packet to all trunk ports in the same metro VLAN. The edge switches on the
outbound side restore the proper Layer 2 protocol and MAC address information and forward the packets
to all tunnel or access ports in the same metro VLAN. This section includes these topics. The Layer 2
PDUs remain intact and are delivered across the service provider network to the other side of the
customer network.
Figure 27-6 shows Customer A and Customer B in access VLANs 30 and 40. Asymmetric links connect
the Customers in Site 1 to edge switches in the service provider network. The Layer 2 PDUs (for
example, BPDUs) coming into Switch 2 from Customer B in Site 1 are forwarded to the infrastructure
as double-tagged packets with the well-known MAC address as the destination MAC address. These
double-tagged packets have the metro VLAN tag of 40, as well as an inner VLAN tag (for example,
VLAN 100). When the double-tagged packets enter Switch 4, the metro VLAN tag 40 is removed. The
well-known MAC address is replaced with the respective Layer 2 protocol MAC address, and the packet
is sent to Customer B on Site 2 as a single-tagged frame in VLAN 100.
You can also enable Layer 2 protocol tunneling on access ports on the edge switch connected to access
ports on the customer switch. The encapsulation and de-encapsulation process is the same as described
in the previous paragraph, except that the packets are not double-tagged in the service provider network.
The single tag is the customer-specific access VLAN tag.
This section contains the following subsections:
• Default Layer 2 Protocol Tunneling Configuration, page 27-16
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
27-15
OL-25340-01