Re: dmz tunnel ports 3750 > 6509

carl_townshend · ‎05-22-2013

Hi all

I have q in q tunneling setup on my core 3750 switch which connects to a dmz switch to tunnel the traffic over the wan.

At the moment the tunnel port on my core which connects to the dmz switch is as follows

description **TO DMZ SWITCH**

switchport access vlan 4050

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 13,1351,1355,1361-1363,1365,4000

switchport mode dot1q-tunnel

switchport nonegotiate

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

l2protocol-tunnel point-to-point udld

no cdp enable

However I am swapping the switch for a cat 6509, and it seems all the l2protocol-tunnel commands wont work on the 6509, the only command it allows me to do is the "switchport mode dot1q-tunnel"

Will this still work ok?

also, the vlans on my DMZ switch are 13,1351,1355,1361-1363,1365,4000

Am I right in saying that these vlans do not need to configured on the interface above, and only the access vlan 4050 needs to be configured ? on the core, but on the actual DMZ switch, do I make the port a trunk still and allow all the vlans ?

cheers

Carl

Reza Sharifi · ‎05-22-2013

Hi,

However I am swapping the switch for a cat 6509, and it seems all the l2protocol-tunnel commands wont work on the 6509, the only command it allows me to do is the "switchport mode dot1q-tunnel"

All the commands that you have on the 3750 are also available on the 6500. The only command that is not available on the 6500 is:

l2protocol-tunnel point-to-point udld

which should not effect your Q in Q config.

see below sample config:

interface GigabitEthernet2/1/1

switchport