Monday, August 4, 2008

L2-Tunnels

This weekend was a bit more productive than last one! I was able to finish Day 1 of IPExpert CCIE R&S Blended Learning Solutions, plus, I got time to do some reading through Doyle´s TCP/IP Book! That was cool! I just need to keep my notes all together, and made that "understandable" to blog it!

Let´s start with L2-Tunnels, I still having some Switching notes I want to blog about, but, I´ll work a little more on them before it! In the mean time, L2-Tunneling, that was kind of "unknown" topic for me, seens quite simple now, as usual, there are some tricks to be aware about (like looping in our topology) and everything else like that!

L2Tunnel

Let say you want (or even better, your lab task want) you to have R1 and R2 showing each other as neighbors in CDP, without any action, using our topology above, if I type show cdp neighbors in R1, it´ll show me SW1 as a neighbor, same goes to R2, that will show SW2 as neighbor...

So, how to accomplish?! Using L2-Tunnels. L2-Tunnels are used to get the  switches in the middle (in our case SW1 and SW2) to tunnel L2 information and passes it to the other device (R1 and R2), even if we know the normal behavior of a switch is to process CDP, PaGP, STP packets locally, they´ll tunnel it (according to what we actually configure in the switch), and just forward to the other end.

Keep in mind that switch ports cannot be in "dynamic" mode, they must be in "access" or "dot1q-tunnel". Otherwise our L2-Tunnel will not work.

Configuration to complete this task is really straight-forward (those commands apply to both switches SW1 and SW2 edge ports - connected to the routers R1 and R2 in this case):

int f0/5
switchport mode access
switchport access vlan 12
no cdp enable
L2protocol-tunnel cdp

Now, VLAN 12 is "trunked" through switches! All switches in the middle are just "L2 Trunks" that will carry information normally from one side to another.

Another thing to keep in mind is: Multicast (and broadcasts) are flooded to all available ports, so make sure VLAN 12 (in our case) used for carrying L2 Tunnel does not come back to original end switches, because Loopguard will disable ports if so. Use switchport trunk allowed to filter it. This is very important!!!!

If, you want that R1 shows SW1 and R2 as CDP Neighbors, just enable CDP in the switch fastethernet port (cdp enable), and that´s it!

3 comments:

Unknown said...

Hi,
Can you please explain that paragraph:
"Another thing to keep in mind is: Multicast (and broadcasts) are flooded to all available ports, so make sure VLAN 12 (in our case) used for carrying L2 Tunnel does not come back to original end switches, because Loopguard will disable ports if so. Use switchport trunk allowed to filter it. This is very important!!!!" in more details?

thx,

Unknown said...

that's the first time i came across that possible concern about loopguard

Anonymous said...

If you have STP enabled that will take care of the loop problem.
Don't understand the loopguard issue youre describing.