Tuesday, December 9, 2008

L2protocol Tunneling - An STP Example

This is a short lab designed to help me get familiar with l2protocol tunneling, specifically tunneling STP. We are also going tunnel CDP and VTP. What's neat about this is that we will alter the STP topology without using priority or changing mac addresses. Also, SW1 will see two switches as CDP neighbors on one port.

Here is the topolgy:

Currently SW4 is root with SW2 is blocking f0/16. This works best with SW4 or SW3 as root.

SW2# show spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0001 Fa0/16
Number of blocked ports (segments) in the system : 1

We can use l2protocol tunneling to create a logical loop between SW1, SW3 and SW4 and force the link between SW3 and SW4 to block. Logically that would look like this:

Physically we would have this, with SW2 not being a part of the VTP domain, any CDP relationship or STP topology:

This might be a practical case where SW2 was a service provider switch/cloud. SW1, SW3, and SW4 would then be remote switches with SW3 and SW4 having a backdoor connection.

Now for the configuration. SW1, SW3 and SW4 configure their links as trunks:

SW1(config)#int f0/13
SW1(config-if)#sw t e d
SW1(config-if)#sw mo t
SW1(config-if)#no shut

Repeat this on ports f0/16 and f0/19 of SW3 and SW4. SW2 has the following configuration:

SW2(config-if)#int rang f0/13, f0/16, f0/19
SW2(config-if-range)#swit mode dot1q-tunnel
SW2(config-if-range)#l2protocol-tunnel cdp
SW2(config-if-range)#l2protocol-tunnel stp
SW2(config-if-range)#l2protocol-tunnel vtp

Now let's verify some things. First, we can see SW3 and SW4 as CDP neighbors to SW1:

SW1#show cdp ne | be De
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW4 Fas 0/13 156 S I WS-C3550-2Fas 0/16
SW3 Fas 0/13 158 S I WS-C3550-2Fas 0/16
R1 Fas 0/1 129 R S I 3640 Eth 0/0

Notice they are both on interface f0/13.
No SW2 in sight! Now let's see who's blocking between SW3 or SW4:

SW3# show spanning-tree blockedports | be VLAN
VLAN0001 Fa0/19
Number of blocked ports (segments) in the system : 1

SW3 is blocking the connection between SW4. Perfect, just what we wanted.

This lab is designed as a little confidence booster. L2protocol tunneling is one of my weaknesses. I think because I recognize how complex it can get and it makes me worry (Ever since doing IPexpert V10 Volume 1 Lab 5). Practicing labs like this can help build confidence and gain familiarity with the configurations as well.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.