07-15-2010 07:15 AM - edited 03-06-2019 12:02 PM
I have a customer that insists we are either blocking STP BPDU traffic, and in wireshark traces our switches are mixing BPDU traffic with theirs. My goal is to configure a transparent switch port that allows everything, customer can send anything end-to-end thus making our switch invisible. Also, I wish to constrain this to there port only.
Network:
Two Cisco 6500 switches running IOS
Customer:
Using port Fa6/7 on Cisco6500-LOCA to port Fa6/7 on Cisco6500-LOCZ
Question;
Will the configuration below work? Has anybody done this? My reference is http://packetlife.net/blog/2010/apr/15/invisible-catalyst-switch/
Configuration:
On Cisco6500-LOCA
interface fa6/7
description Facing LOCA
switchport mode dot1q-tunnel
switchport access vlan 201
speed 100
duplex full
mtu 9216
no cdp enable
switchport nonegotiate
no keepalive
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
l2protocol-tunnel point-to-point pagp
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel point-to-point udld
end
interface gig 1/1
description Trunk between Cisco6500-LOCA and Cisco6500-LOCZ
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 201,800-850
mtu 9216
end
On Cisco6500-LOCZ
interface fa6/7
description Facing LOCZ
switchport mode dot1q-tunnel
switchport access vlan 201
speed 100
duplex full
mtu 9216
no cdp enable
switchport nonegotiate
no keepalive
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
l2protocol-tunnel point-to-point pagp
l2protocol-tunnel point-to-point lacp
l2protocol-tunnel point-to-point udld
end
interface gig 1/1
description Trunk between Cisco6500-LOCZ and Cisco6500-LOCA
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 201,800-850
mtu 9216
end
-Mn
07-30-2010 01:15 AM
Mn,
Yes that should work.
I am assuming that 6/7 is the end points going to your customer. Also make sure that your have "dot1q tag native".
Jayakrishna
07-30-2010 03:31 AM
Add under interfaces
vlan dot1q tag native
and in global configuration add :
errdisable recovery cause l2ptguard
HTH
Hitesh Vinzoda
Pls rate useful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide