Re: CDP tunneling: why doesn't far end switch show near end

From: Nate Cielieska (ncielieska@gmail.com)
Date: Wed Aug 06 2008 - 15:06:15 ART

• Next message: Joseph Brunner: "RE: Multicast Question"
• Previous message: Lee Glenn (leglenn): "Multicast Question"
• Maybe in reply to: Jonathan Greenwood II: "Re: CDP tunneling: why doesn't far end switch show near end"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hobbs,

The way the docCD tells us it works is that the moment you configure
l2protocol on that ingress port.. the switch does not process that traffic
but sends it down that vlan that is configured on your port (in this case
vlan 100), or a trunk with a special MAC address (i need to lab this up to
find the exact mac, if it even is available). Any time a switch sees the L2
tunneled mac address it does not process it but forwards it down its
trunk/vlan ports. Your access port below is configured with
l2protocol-tunnel cdp as well so the mac-address is stripped and the cdp
destination mac address is restored and sent to the destination on the other
end of port f0/1 (SW2).

If you use 802.1Q tunneling.. you can completely segment your "edge"
switches from your "core" switches.. otherwise this traffic is mismashed
into the provider network.

Regards,
Nate

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swtunnel.html#wp1005050

On Wed, Aug 6, 2008 at 12:47 PM, Hobbs <deadheadblues@gmail.com> wrote:

> Jonathan, it is a question. I am not looking for a command to make it work.
> it is working. please read the entire email. If my question doesn't make
> sense, I can try and rephrase.
>
> On Wed, Aug 6, 2008 at 10:42 AM, Jonathan Greenwood II <gwood83@gmail.com
> >wrote:
>
> > Just turn off cdp on that particular port on CAT1 connecting to BB1. "no
> > cdp enable"
> >
> >
> > On Wed, Aug 6, 2008 at 11:37 AM, Hobbs <deadheadblues@gmail.com> wrote:
> >
> >> Thank you for the reply, but I am not having any configuration issues.
> It
> >> is only a question. I don't want CAT1 to see BB1 as a neighbor, I am
> just
> >> trying to understand why it doesn't.
> >>
> >> I am not doing dot1q tunneling
> >>
> >>
> >> On Wed, Aug 6, 2008 at 10:32 AM, Jonathan Greenwood II <
> gwood83@gmail.com
> >> > wrote:
> >>
> >>> You need to change the switchport mode from access to dot1q-tunnel.
> >>>
> >>> On Wed, Aug 6, 2008 at 11:27 AM, Hobbs <deadheadblues@gmail.com
> >wrote:
> >>>
> >>>> Hello,
> >>>>
> >>>> I am trying get my head around a semi-complex protocol tunneling task,
> >>>> but I
> >>>> have some questions on the basics.
> >>>>
> >>>> Here's the topology
> >>>>
> >>>> "Near end host": BB1
> >>>> "Far end switch": CAT2
> >>>>
> >>>> [BB1]f0/1-----f0/11[CAT1]f0/23-----dot1q
> >>>> trunk-----f0/23[CAT2]f0/1-----f0/1[R1]
> >>>>
> >>>> To get cdp tunneling to work (and it does work) I enable this on CAT1
> >>>> and
> >>>> CAT2 access ports:
> >>>>
> >>>> CAT1:
> >>>> interface f0/11
> >>>> switchport mode access
> >>>> switchport access vlan 100
> >>>> l2protocol-tunneling cdp
> >>>> no cdp enable
> >>>>
> >>>> CAT2:
> >>>> interface f0/1
> >>>> switchport mode access
> >>>> switchport access vlan 100
> >>>> l2protocol-tunneling cdp
> >>>> no cdp enable
> >>>>
> >>>> The trunk between CAT1 and CAT2 carries vlan 100 as well as others.
> >>>>
> >>>> This is what I understand so far:
> >>>>
> >>>> BB1 sends a multicast CDP packet on it's port to CAT1.
> >>>> Since CAT1 has cdp tunneling enabled, it forwards it rather than
> >>>> processes
> >>>> it. Is this correct?
> >>>> CAT1 sends this packet out all trunk links that have vlan 100 allowed
> >>>> AND
> >>>> any access ports on VLAN100. Is this correct?
> >>>> The packet still has the cisco CDP destination MAC. Is this correct?
> >>>> The packet is dot1q tagged and sent out port fa0/23 and still has
> cisco
> >>>> CDP
> >>>> destination MAC address. Is this correct?
> >>>>
> >>>> Question:
> >>>>
> >>>> CAT2 doesn't have tunneling on port fa0/23.
> >>>> Why doesn't CAT2 now process this CDP packet and show BB1 has a CDP
> >>>> neighbor
> >>>> on fa0/23?
> >>>> Does trunking override this behavior?
> >>>> Does CAT2 treat this packet differently because it is a tagged CDP
> >>>> packet?
> >>>>
> >>>> Thanks,
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Joseph Brunner: "RE: Multicast Question"
• Previous message: Lee Glenn (leglenn): "Multicast Question"
• Maybe in reply to: Jonathan Greenwood II: "Re: CDP tunneling: why doesn't far end switch show near end"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:29 ART