i already has enabled port mode to tunnel port.

Additionaly we have same configuration working for other tunnel, but failed to add another tunnel.

sw-customer:

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

sw-provider:

interface GigabitEthernet1/0/10

switchport access vlan 100

switchport mode dot1q-tunnel

l2protocol-tunnel point-to-point pagp

l2protocol-tunnel point-to-point lacp

l2protocol-tunnel point-to-point udld

no cdp enable

and same config for other end.

Trik is where you enable udld port on sw-customer , on both ends.

After few seconds udld disable port , becouse can't see neighbor response. But can see neighbor cdp name!!!!

can anyone tell me what a tunnel port is, and why we would use them ?

cheers

from cisco.com :

Using the 802.1Q tunneling feature, service providers can use a single VLAN to support customers who

have multiple VLANs. Customer VLAN IDs are preserved, and traffic from different customers is

segregated within the service-provider network, even when they appear to be in the same VLAN. Using

802.1Q tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy and retagging the tagged

packets. A port configured to support 802.1Q tunneling is called a tunnel port

can you expand on this ? I have never seen this ?, is this more for isp's

This is not only for ISP's.

We are not ISP. This feature particularly useful

when you need to tunnel other L2 traffic over your existing L2 network.

For example when you need to expand DMZ zone over physically different segments in your LAN.

Instead of using ordinary VLAN , we can use tunnel VLAN to tunnel DMZ traffic , because DMZ can consist many other VLAN's , and can have self vtp domain.

This is not good example , because DMZ must comply with most strong security policy , but if you have no choice , and use PVLAN in DMZ , i think this is possible.