Configuring an 802.1Q Tunneling Port

Configuring Layer 2 Tunneling Characteristics

Beginning in privileged EXEC mode, follow these steps to configure a port for Layer 2 protocol tunneling:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Enter the interface configuration mode and the interface to be configured as a tunnel port. This should be the edge port in the service-provider network that connects to the customer switch. Valid interfaces include physical interfaces and port-channel logical interfaces (port channels 1 to 64).
Step 3	switchport mode access or switchport mode dot1q-tunnel	Configure the interface as an access port or an 802.1Q tunnel port.
Step 4	l2protocol-tunnel {cdp | vtp | stp}	Enable protocol tunneling for the desired protocol.
Step 5	l2protocol-tunnel shutdown-threshold {cdp | vtp | stp}	(Optional) Configure the threshold for incoming Layer 2 PDUs to be received and encapsulated. The port is disabled if the configured threshold is exceeded. The range is 1 to 1000. The default is to have no threshold configured.
Step 6	exit	Return to global configuration mode.
Step 7	errdisable recovery cause l2ptguard	(Optional) Configure the recovery mechanism from a Layer 2 maximum rate error so that the interface can be brought out of the disabled state and allowed to try again. You can also set the time interval. Errdisable recovery is disabled by default; when enabled, the default time interval is 300 seconds.
Step 8	l2protocol-tunnel cos value	(Optional) Configure the CoS value for all tunneled Layer 2 PDUs. The range is 0 to 7; the default is the default COS value for the interface. If none is configured, the default is 5.
Step 9	end	Return to privileged EXEC mode.
Step 10	show l2protocol	Display the Layer 2 tunnel ports on the switch, including the protocols configured, the threshold, and the counters.
Step 11	copy running-config startup-config	(Optional) Save your entries in the configuration file.

This example shows how to configure Layer 2 protocol tunneling for STP and CDP and verify the configuration.

Switch(config)# interface gigabitethernet0/7

Switch(config-if)# l2protocol-tunnel stp

Switch(config-if)# l2protocol-tunnel cdp

Switch(config-if)# l2protocol-tunnel shutdown-threshold 400

Switch(config-if)# exit

Switch(config)# l2protocol-tunnel cos 6

Switch(config)# end

Switch# show l2protocol

Port   Protocol        Shutdown Threshold  Counters

                       (cos/cdp/stp/vtp)   (cdp/stp/vtp/decap)

--------------------------------------------------------------

Gi0/7   cdp stp         6/400 /400 /400     0/0/0/0

Monitoring and Maintaining Tunneling Status

Table 13-2 shows the privileged EXEC commands for monitoring and maintaining 802.1Q and Layer 2 protocol tunneling.

Table 13-2 Commands for Monitoring and Maintaining Tunneling

Command	Purpose
clear l2protocol-tunnel counters	Clear the protocol counters on Layer 2 protocol tunneling ports.
show dot1q-tunnel	Display 802.1Q tunnel ports on the switch.
show dot1q-tunnel interface interface-id	Verify if a specific interface is a tunnel port.
show l2protocol-tunnel	Display information about Layer 2 protocol tunneling ports.
show errdisable recovery	Verify if the recovery timer from a Layer 2 protocol-tunnel error disable state is enabled.
show l2protocol-tunnel interface interface-id	Display information about a specific Layer 2 protocol tunneling port.
show l2protocol-tunnel summary	Display only Layer 2 protocol summary information.
show vlan dot1q native	Display the status of native VLAN tagging on the switch.

For detailed information about these displays, refer to the Catalyst 3550 Multilayer Switch Command Reference for this release.

This example shows how to display the 802.1Q tunnel ports on the switch:

Switch# show dot1qtunnel

Port

-----

Gi0/1

Gi0/2

Gi0/3

Gi0/6

Po2

This example shows how to display the status of native VLAN tagging on the switch:

Switch# show vlan dot1q tag native

dot1q native vlan tagging is enabled

This example shows how to display information about the Layer 2 protocol tunneling on the switch:

Switch# show l2protocol-tunnel

Port   Protocol        Shutdown Threshold  Counters

                       (cos/cdp/stp/vtp)   (cdp/stp/vtp/decap)

--------------------------------------------------------------

Gi0/1   cdp vtp         5/10  /100 /5       0/0/0/0

Gi0/2   cdp stp vtp     5/----/----/----    0/0/0/0

Gi0/3   cdp stp vtp     5/----/----/----    0/0/0/0

Gi0/4   cdp stp vtp     5/----/----/----    4/173/0/5

Gi0/5   cdp stp vtp     5/----/----/----    0/0/0/11

Gi0/6   cdp stp vtp     5/----/----/----    0/0/0/0

Gi0/7   cdp vtp         5/----/----/----    0/0/0/0

Gi0/8   cdp stp vtp     5/----/----/----    0/0/0/0

Gi0/11  cdp stp vtp     5/----/----/----    0/0/0/0

Po2     cdp stp vtp     5/1000/1000/1000    8500/14855375/397/18391

This example shows how to display Layer 2 protocol tunneling summary information :

Switch# show l2protocol-tunnel summary

Port   Protocol        Shutdown Threshold

                       (cos/cdp/stp/vtp)

----------------------------------------

Gi0/1   cdp vtp         5/10  /100 /5

Gi0/2   cdp stp vtp     5/----/----/----

Gi0/3   cdp stp vtp     5/----/----/----

Gi0/4   cdp stp vtp     5/----/----/----

Gi0/5   cdp stp vtp     5/----/----/----

Gi0/6   cdp stp vtp     5/----/----/----

Gi0/7   cdp vtp         5/----/----/----

Gi0/8   cdp stp vtp     5/----/----/----

Gi0/11  cdp stp vtp     5/----/----/----

Po2     cdp stp vtp     5/1000/1000/1000

This example shows how to verify if the recovery timer from a Layer 2 protocol tunnel-error-disable state is enabled:

Switch# show errdisable recovery

ErrDisable Reason    Timer Status

-----------------    --------------

udld                 Disabled

bpduguard            Disabled

channel-misconfig    Disabled

pagp-flap            Disabled

dtp-flap             Disabled

link-flap            Disabled

l2ptguard            Enabled

psecure-violation    Disabled

gbic-invalid         Disabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout: