RE: L2protocol-tunnel: Difference between access mode and

From: Scott Morris (smorris@internetworkexpert.com)
Date: Thu Feb 19 2009 - 17:25:00 ARST

• Next message: Scott Morris: "RE: CCIE#23529"
• Previous message: Pierre-Alex GUANEL: "Re: OT-Presale engineer hitches?"
• Maybe in reply to: joe_astorino@comcast.net: "L2protocol-tunnel: Difference between access mode and"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

No worries. Glad I could help. No matter which uniform I was wearing. ;)

Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
JNCI-M/JNCI-ER
Senior CCIE Instructor

smorris@internetworkexpert.com
 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344

Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
joe_astorino@comcast.net
Sent: Thursday, February 19, 2009 1:13 PM
To: swm@emanon.com
Cc: Groupstudy CCIE R/S
Subject: Re: L2protocol-tunnel: Difference between access mode and
dot1q-tunnel

Scott,

This all make a whole lot more sense at this point :) Yea, I have had the
chance to watch ALL those videos from that one other company. They are very
good btw, I really enjoyed your work on those. Excellent job! OK, I am going
to wipe out my switches and just start some more basic configurations now
that I have a better understanding. Thanks for all your help!

- Joe
----- Original Message -----
From: swm@emanon.com
To: "joe astorino" <joe_astorino@comcast.net>
Cc: "Groupstudy CCIE R/S" <ccielab@groupstudy.com>
Sent: Thursday, February 19, 2009 8:56:35 AM GMT -05:00 US/Canada Eastern
Subject: Re: L2protocol-tunnel: Difference between access mode and
dot1q-tunnel

See my earlier message about where to configure dot1q-tunnel mode. Perhaps
you have too many?

If you've cleaned up the tags or native part and are SURE you have no other
places that transit VLAN is going, then I'd guess you had too many tunneled
ports configured and were irritating the switches. :)

Try looking at "show spanning-tree vlan (transit#)" on every switch and see
if there's anything you missed.

Have you had a chance to look at the video I did on the dot1q tunneling
exercises while I was back at that older company? That walks through a lot
of the details and shows what's going on.

I have not yet updated information like that where I currently am, but am
planning on it.

Scott

---- Message from joe_astorino@comcast.net at 2009-02-19 05:46:58 ------
>Scott,
>
>As a followup, I did go ahead and try changing the native vlan to 13 and
got the same result. I also tried adding the dot1q tag native vlan command
on both cat1 and cat4 to no avail :(
>
>- Joe
>
>
>----- Original Message -----
>From: "joe astorino" <joe_astorino@comcast.net>
>To: swm@emanon.com
>Cc: "Groupstudy CCIE R/S" <ccielab@groupstudy.com>
>Sent: Thursday, February 19, 2009 12:04:22 AM GMT -05:00 US/Canada Eastern
>Subject: Re: L2protocol-tunnel: Difference between access mode and
dot1q-tunnel
>
>Thank you for the response Scott! It's certainly nice to have the
opportunity to talk to the guy that WROTE the lab : ) That always helps. You
are correct in that I did NOT tag the native VLAN. The native VLAN is just
the default (VLAN 1). I suppose this makes sense since I believe CDP, STP
and others run on VLAN 1. I thought I tried making the native VLAN different
on all links just for fun, and had the same issue, but I did not make that
native VLAN the same one that was pruned everywhere else....it was just some
arbitrary other VLAN. I'll play some more with it. Right now I am reading
what I have found to be the best paper on the subject so far: The section of
the 3550 config guide related to dot1q tunneling and l2protocol-tunnel at
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/1
2.1_11_ea1/configuration/guide/swtunnel.html#wp1010798
>
>One thing that strikes me there is this sentence: " If an encapsulated PDU
(with the proprietary destination MAC address) is received from a tunnel
port or access port with Layer 2 tunneling enabled, the tunnel port is shut
down to prevent loops."
>
>I kind of don't get that. I mean isn't that what we are doing with the
solution that WORKS?! Cat1 sends the frame out a trunk port and it arrives
on an L2TP access port on Cat4. When Cat4 sends it out it's Q-Q L2TP port I
presume it is encapsulated with this proprietary MAC address. Then, Cat2
receives it on a Q-Q L2TP port and sends it off to Cat3 after decapsulation.
So when Cat2 receives it from Cat4 is it not receiving an encapulated PDU
from a tunnel port? It seems like things should be shut down based on that
description, but in fact this is the situation where it is working (ey yi
yi!)
>
>- Joe
>----- Original Message -----
>From: swm@emanon.com
>To: "joe astorino" <joe_astorino@comcast.net>, "Groupstudy CCIE R/S"
<ccielab@groupstudy.com>
>Sent: Wednesday, February 18, 2009 11:34:13 PM GMT -05:00 US/Canada Eastern

>Subject: Re: L2protocol-tunnel: Difference between access mode and
dot1q-tunnel
>
>It's not so much that access-mode works but dot1q tunnel mode doesn't...
What's happening is some broadcast/multicast is getting forwarded.
>
>You did the right thing by removing the access vlan from any other trunk
links/switches so there would be no loop.
>
>But looking at your configuration, did you perhaps NOT use the dot1q tag
native vlan command set? If you aren't tagging them, the intermediary
switches will receive and interpret the frames rather than double tagging
them. Try adding that and see what happens. Or equally, you may change your
native vlan to that same vlan which does not go across other trunk
ports/switches, and that may accomplish the same thing.
>
>Keep in mind I'm just going from memory from when I wrote that lab. While
it was quite fun, I have no idea if anything was changed since my departure.

>
>Cheers,
>
>Scott
>
>
>---- Message from joe_astorino@comcast.net at 2009-02-19 02:54:17 ------
>>Hi guys,
>>
>>I am having a difficult time understanding why I am getting this problem.
Basically, I am working on IPexpert volume 1, lab 5 which is L2 tunneling.
Part of this lab involves tunneling a trunk from Cat1 --> Cat4 --> Cat2 -->
Cat3. If I set up my tunneling ports as access ports everything works fine
(I have already pruned the access vlan I am using from all other trunks).
However, if I change the ports to dot1q-tunnel mode instead of being access
ports, I keep getting ports going err-disabled due to loop detection.
Nothing else has changed in my configuration so I am confused.
>>
>>I understand the fundamental difference I think. I know dot1q-tunnel uses
q-q technology to encapsulate a tag inside another tag -- usually used in SP
environments. I just don't understand why this would cause a loop but the
access port mode does not, when nothing else has changed. Here is a rough
picture of what I have. All switches are dual connected to all other
switches over fa0/19-24
>>
>>
>>Cat1-----------------------Cat3
>>| |
>>| |
>>| |
>>| |
>>Cat2-----------------------Cat4
>>
>>
>>I don't know how else to show it, but also Cat1/Cat4 are connected and
Cat2/Cat3 are connected.
>>
>>Cat1: Fa0/19-20 ---> Cat4
>>Cat1: Fa0/21-22 ---> Cat3
>>Cat1: Fa0/23-24 ---> Cat2
>>
>>Cat2: Fa0/19-20 ---> Cat3
>>Cat2: Fa0/21-22 ---> Cat4
>>Cat2: Fa0/23-24 ---> Cat1
>>
>>Cat3: Fa0/19-20 ---> Cat2
>>Cat3: Fa0/21-22 ---> Cat1
>>Cat3: Fa0/23-24 ---> Cat4
>>
>>Cat4: Fa0/19-20 ---> Cat1
>>Cat4: Fa0/21-22 ---> Cat2
>>Cat4: Fa0/23-24 ---> Cat3
>>
>>So the basic idea for this task is to make Cat1 trunk to Cat3 by taking
the path Cat1 Fa0/19 ---> Cat4 Fa0/19 ---> Cat2 Fa0/22 ---> Cat3 Fa0/19
>>
>>The VLAN I chose to add for tunneling was VLAN 13. I added it only on Cat2
and Cat4. It is ONLY trunked on fa0/22 between Cat2 and Cat4.
>>
>>If I make Cat1 fa0/19 and Cat3 fa0/19 static 802.1q trunk ports and make
Cat4/Cat2 ports Fa0/19 and Fa0/22 access ports in VLAN 13 with also
l2protocol-tunnel turned on, it accomplishes the task!
>>
>>However, if I change NOTHING else and make Cat4/Cat2 Fa0/19 and Fa0/22
dot1q-tunnel instead of access I get Fa0/19 on Cat4 and Cat2 going
err-disabled due to loop detection. I am utterly confused!
>>
>>- Joe A
>>
>>
>>Blogs and organic groups at http://www.ccie.net
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Scott Morris: "RE: CCIE#23529"
• Previous message: Pierre-Alex GUANEL: "Re: OT-Presale engineer hitches?"
• Maybe in reply to: joe_astorino@comcast.net: "L2protocol-tunnel: Difference between access mode and"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST