From: swm@emanon.com
Date: Thu Feb 19 2009 - 11:49:52 ARST
That would be very true. So thinking through that...
SW1 --- SW2 --- SW3 --- SW4
If our end goal is to have SW1 and SW4 trunking together. SW1 and SW4 are
configured as normal trunk ports. Remember that this tunneling thing is
invisible to them.
SW2 and SW3 will have the dot1q-tunnel mode enabled. But ONLY on the ports
towards SW1 and SW4 respectively. From there, they are placing all that
traffic into a particular VLAN #.
That means that the link between SW2 and SW3 is a regular trunk port, and
preferably the only place that transporting VLAN is carried. That same VLAN #
(# being important) may well exist on SW1 and SW4 but it's to be treated as a
separate occurrence, meaning it can never talk with the OTHER vlan of the same
number.
The thinking for dot1q tunneling is that you are a service provider and
therefore your network is separate from your clients' network. Keep it that
way.
HTH,
Scott
---- Message from joe_astorino@comcast.net at 2009-02-19 04:26:53 ------
>Hmmmmmmmmm this may shed some light on this topic:
>
>From 3550 config guide:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12
.1_11_ea1/configuration/guide/swtunnel.html
>
>" If an encapsulated PDU (with the proprietary destination MAC address) is
received from a tunnel port or access port with Layer 2 tunneling enabled, the
tunnel port is shut down to prevent loops. The port also shuts down when a
configured shutdown threshold for the protocol is reached. You can manually
re-enable the port (by issuing a shutdown , no shutdown command sequence) or
if errdisable recovery is enabled, the operation is retried after a specified
time interval."
>
>I think that if I am reading this correctly it means that you can not have
ALL dot1q-tunnel mode ports in the topology and must mix and match. Not
entirely sure how this prevents loops but at least it is a start
>
>
>----- Original Message -----
>From: "joe astorino" <joe_astorino@comcast.net>
>To: "CCIE R/S, Groupstudy" <ccielab@groupstudy.com>
>Sent: Wednesday, February 18, 2009 9:54:17 PM GMT -05:00 US/Canada Eastern
>Subject: L2protocol-tunnel: Difference between access mode and dot1q-tunnel
>
>Hi guys,
>
>I am having a difficult time understanding why I am getting this problem.
Basically, I am working on IPexpert volume 1, lab 5 which is L2 tunneling.
Part of this lab involves tunneling a trunk from Cat1 --> Cat4 --> Cat2 -->
Cat3. If I set up my tunneling ports as access ports everything works fine (I
have already pruned the access vlan I am using from all other trunks).
However, if I change the ports to dot1q-tunnel mode instead of being access
ports, I keep getting ports going err-disabled due to loop detection. Nothing
else has changed in my configuration so I am confused.
>
>I understand the fundamental difference I think. I know dot1q-tunnel uses q-q
technology to encapsulate a tag inside another tag -- usually used in SP
environments. I just don't understand why this would cause a loop but the
access port mode does not, when nothing else has changed. Here is a rough
picture of what I have. All switches are dual connected to all other switches
over fa0/19-24
>
>
>Cat1-----------------------Cat3
>| |
>| |
>| |
>| |
>Cat2-----------------------Cat4
>
>
>I don't know how else to show it, but also Cat1/Cat4 are connected and
Cat2/Cat3 are connected.
>
>Cat1: Fa0/19-20 ---> Cat4
>Cat1: Fa0/21-22 ---> Cat3
>Cat1: Fa0/23-24 ---> Cat2
>
>Cat2: Fa0/19-20 ---> Cat3
>Cat2: Fa0/21-22 ---> Cat4
>Cat2: Fa0/23-24 ---> Cat1
>
>Cat3: Fa0/19-20 ---> Cat2
>Cat3: Fa0/21-22 ---> Cat1
>Cat3: Fa0/23-24 ---> Cat4
>
>Cat4: Fa0/19-20 ---> Cat1
>Cat4: Fa0/21-22 ---> Cat2
>Cat4: Fa0/23-24 ---> Cat3
>
>So the basic idea for this task is to make Cat1 trunk to Cat3 by taking the
path Cat1 Fa0/19 ---> Cat4 Fa0/19 ---> Cat2 Fa0/22 ---> Cat3 Fa0/19
>
>The VLAN I chose to add for tunneling was VLAN 13. I added it only on Cat2
and Cat4. It is ONLY trunked on fa0/22 between Cat2 and Cat4.
>
>If I make Cat1 fa0/19 and Cat3 fa0/19 static 802.1q trunk ports and make
Cat4/Cat2 ports Fa0/19 and Fa0/22 access ports in VLAN 13 with also
l2protocol-tunnel turned on, it accomplishes the task!
>
>However, if I change NOTHING else and make Cat4/Cat2 Fa0/19 and Fa0/22
dot1q-tunnel instead of access I get Fa0/19 on Cat4 and Cat2 going
err-disabled due to loop detection. I am utterly confused!
>
>- Joe A
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST