From: joe_astorino@comcast.net
Date: Thu Feb 19 2009 - 02:26:53 ARST
Hmmmmmmmmm this may shed some light on this topic:
From 3550 config guide: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_11_ea1/configuration/guide/swtunnel.html
" If an encapsulated PDU (with the proprietary destination MAC address) is received from a tunnel port or access port with Layer 2 tunneling enabled, the tunnel port is shut down to prevent loops. The port also shuts down when a configured shutdown threshold for the protocol is reached. You can manually re-enable the port (by issuing a shutdown , no shutdown command sequence) or if errdisable recovery is enabled, the operation is retried after a specified time interval."
I think that if I am reading this correctly it means that you can not have ALL dot1q-tunnel mode ports in the topology and must mix and match. Not entirely sure how this prevents loops but at least it is a start
----- Original Message -----
From: "joe astorino" <joe_astorino@comcast.net>
To: "CCIE R/S, Groupstudy" <ccielab@groupstudy.com>
Sent: Wednesday, February 18, 2009 9:54:17 PM GMT -05:00 US/Canada Eastern
Subject: L2protocol-tunnel: Difference between access mode and dot1q-tunnel
Hi guys,
I am having a difficult time understanding why I am getting this problem. Basically, I am working on IPexpert volume 1, lab 5 which is L2 tunneling. Part of this lab involves tunneling a trunk from Cat1 --> Cat4 --> Cat2 --> Cat3. If I set up my tunneling ports as access ports everything works fine (I have already pruned the access vlan I am using from all other trunks). However, if I change the ports to dot1q-tunnel mode instead of being access ports, I keep getting ports going err-disabled due to loop detection. Nothing else has changed in my configuration so I am confused.
I understand the fundamental difference I think. I know dot1q-tunnel uses q-q technology to encapsulate a tag inside another tag -- usually used in SP environments. I just don't understand why this would cause a loop but the access port mode does not, when nothing else has changed. Here is a rough picture of what I have. All switches are dual connected to all other switches over fa0/19-24
Cat1-----------------------Cat3
| |
| |
| |
| |
Cat2-----------------------Cat4
I don't know how else to show it, but also Cat1/Cat4 are connected and Cat2/Cat3 are connected.
Cat1: Fa0/19-20 ---> Cat4
Cat1: Fa0/21-22 ---> Cat3
Cat1: Fa0/23-24 ---> Cat2
Cat2: Fa0/19-20 ---> Cat3
Cat2: Fa0/21-22 ---> Cat4
Cat2: Fa0/23-24 ---> Cat1
Cat3: Fa0/19-20 ---> Cat2
Cat3: Fa0/21-22 ---> Cat1
Cat3: Fa0/23-24 ---> Cat4
Cat4: Fa0/19-20 ---> Cat1
Cat4: Fa0/21-22 ---> Cat2
Cat4: Fa0/23-24 ---> Cat3
So the basic idea for this task is to make Cat1 trunk to Cat3 by taking the path Cat1 Fa0/19 ---> Cat4 Fa0/19 ---> Cat2 Fa0/22 ---> Cat3 Fa0/19
The VLAN I chose to add for tunneling was VLAN 13. I added it only on Cat2 and Cat4. It is ONLY trunked on fa0/22 between Cat2 and Cat4.
If I make Cat1 fa0/19 and Cat3 fa0/19 static 802.1q trunk ports and make Cat4/Cat2 ports Fa0/19 and Fa0/22 access ports in VLAN 13 with also l2protocol-tunnel turned on, it accomplishes the task!
However, if I change NOTHING else and make Cat4/Cat2 Fa0/19 and Fa0/22 dot1q-tunnel instead of access I get Fa0/19 on Cat4 and Cat2 going err-disabled due to loop detection. I am utterly confused!
- Joe A
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST