Table Of Contents
Release Notes for the
Catalyst 3750 Metro Switch,
Cisco IOS Release 12.1(14)AX1Finding the Software Version and Feature Set
Upgrading a Switch by Using the CLI
Recovering from a Software Failure
Cisco IOS Limitations and Restrictions
Understanding Layer 2 Protocol Tunneling
Configuring Layer 2 Protocol Tunneling
Configuring Layer 2 Tunneling for EtherChannels
Configuring the Service-Provider Edge Switch
Configuring the Customer Switch
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Release Notes for the
Catalyst 3750 Metro Switch,
Cisco IOS Release 12.1(14)AX1
April 2004
The Cisco IOS Release 12.1(14)AX1 runs on all Catalyst 3750 Metro switches.
These release notes include important information about this Cisco IOS release and any limitations, restrictions, and caveats that apply to it. Verify that these release notes are correct for your switch:
•
If you are installing a new switch, refer to the Cisco IOS release label on the rear panel of your switch.
•
•
For the complete list of switch documentation, see the "Related Documentation" section.
You can download the switch software from these sites:
•
(for registered Cisco.com users with a login password)
•
(for nonregistered Cisco.com users)
This software release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future software releases become available, they will be posted to Cisco.com (previously Cisco Connection Online [CCO]) in the Cisco IOS software area.
Contents
This information is in the release notes:
•
•
•
•
•
•
•
Hardware Supported
Table 1 lists the hardware supported by this software release.
Table 1 Supported Hardware
Catalyst 3750 Metro 24-AC switch
24 10/100 Ethernet ports, 2 1000X standard SFP1 module slots, 2 1000X ES2 SFP slots, and field-replaceable AC power supply
Catalyst 3750 Metro 24-DC switch
24 10/100 Ethernet ports, 2 1000X standard SFP module slots, 2 1000X ES SFP slots, and field-replaceable DC power supply
SFP modules
1000BASE-T, 1000BASE-SX, 1000BASE-LX, 1000BASE-ZX, and CWDM3
1 Small form-factor pluggable
2 Enhanced services
3 Coarse Wave Division Multiplexer
Downloading Software
These are the procedures for downloading software:
•
•
•
•
Note
Finding the Software Version and Feature Set
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release. The image is stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Deciding Which Files to Use
The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains the Cisco IOS image file. To upgrade the switch through the command-line interface (CLI), use the tar file and the archive download-sw privileged EXEC command.
Table 2 lists the software filename for this software release.
Upgrading a Switch by Using the CLI
This procedure is for copying the tar file to the switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.
Download the software from Cisco.com to your management station by following these steps:
Step 1
Step 2
•
http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml
•
http://www.cisco.com/public/sw-center/sw-lan.shtml
To download the files, click the link for your switch platform, and then follow the links on the page to select the correct tar image file.
Step 3
For more information, refer to Appendix B in the software configuration guide for this release.
Step 4
Step 5
Step 6
archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name.tarThe /overwrite option overwrites the software image in flash memory with the downloaded one.
The /reload option reloads the system after downloading the image unless the configuration has been changed and not been saved.
For //location, specify the IP address of the TFTP server.
For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.
This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:
Switch# archive download-sw /overwrite tftp://198.30.20.19/c3750me-i5-tar.121-14.AX1.tarYou can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.
Recovering from a Software Failure
Switch software can be corrupted during an upgrade, by downloading the wrong file to the switch, and by deleting the image file. In all of these cases, the switch does not pass the power-on self-test (POST), and there is no connectivity. You can use the Xmodem protocol to recover from these failures.
For detailed recovery procedures, refer to the "Troubleshooting" chapter in the software configuration guide for this release.
Installation Notes
You can assign IP information to your switch by using these methods:
•
•
•
•
New Features
These are the new supported hardware and the new software features provided this release:
•
•
New Hardware Features
For a list of all supported hardware, including new SFP module support, see the "Hardware Supported" section.
New Software Features
The switch now supports point-to-point Layer 2 protocol tunneling. For information about this feature, see the "Documentation Updates" section.
Limitations and Restrictions
You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.
Cisco IOS Limitations and Restrictions
These limitations apply to Cisco IOS configuration:
•
•
•
•
•
•
•
•
This problem occurs under these conditions:
–
–
–
The workaround is to reconfigure the static IP address. (CSCea71176)
•
•
•
•
•
•
The workaround is to set an ARP timeout value higher than 120 seconds. (CSCea21674)
•
•
•
•
•
•
In all cases, normal traffic is not affected; the degradation limits only how much of the original source stream can be egress-spanned. If fallback bridging and multicast routing are disabled, egress-SPAN is not degraded. There is no workaround. If possible, disable fallback bridging and multicast routing. If possible, use ingress-SPAN to observe the same traffic. (CSCeb01216)
•
•
•
•
•
•
•
•
•
•
•
•
Open Caveats
These are the open Cisco IOS configuration caveats:
•
When multicast VLAN registration (MVR) groups are added or deleted, the receiver port that joined the groups after the addition still receives traffic even after the group is deleted. The correct behavior is that MVR data traffic to the group should stop flowing to the receiver port immediately after the no mvr group ip-address global configuration command is entered.
The workaround is to disable MVR by using the no mvr global configuration command and then to re-enable it by using the mvr command. Add and delete the groups that have problems by using the mvr group ip-address and the no mvr group ip-address global configuration commands.
•
Under these conditions, the switch might report a false security violation after an 802.1x supplicant is authenticated and assigned a new VLAN by the RADIUS server:
–
–
–
This problem does not prevent traffic from being forwarded to the 802.1x client, but the show port-security privileged EXEC command output might show that the port is SecureDown when it is actually SecureUp and forwarding traffic correctly.
The workaround is to restart the interfaces that appear to be out of sync by using the shutdown and then the no shutdown interface configuration commands.
•
The switch might not be able to pass Vine (Advanced Research Projects Agency) ARPA frames over bridge groups.
The workaround is to use Subnetwork Access Protocol (SNAP) frames.
•
DVMRP does not correctly forward packets.
There is no workaround.
•
After starting up a switch that has more than 300 VLANs and the maximum number of static Etherchannel groups (12), all interfaces that are part of an Etherchannel might stay down. This occurs because the remote switch detects an Etherchannel misconfiguration and disables its ports. This problem can occur in either per-VLAN-spanning-tree plus (PVST+) or rapid-PVST+ mode.
The workaround is to restart the EtherChannel ports or to configure automatic recovery:
–
–
•
On a voice VLAN port with both 802.1x and port security enabled, dynamic secure addresses might not get deleted when the port is changed from multihost mode to single-host mode. This means that addresses learned in the multihost mode are still allowed after changing to single-host mode. This problem occurs under these conditions:
–
–
–
The workaround is to disable and then re-enable port security on the port.
•
The switch does not work with the User Registration Tool (URT). The PC attempting to connect to the network can login successfully, but is not allowed to pass traffic after the port is moved to the user VLAN. The MAC address for that device shows BLOCKED.
There is no workaround.
•
If an interface on the switch is mapped to queue-set 2, and you disable and then re-enable multilayer QoS globally by using the mls qos global configuration command, the interface is no longer mapped to the correct egress queue-set.
The workaround is to reconfigure the interface queue-set by using the no queue-set interface configuration command followed by the queue-set 2 interface configuration command.
•
If an 802.1x port is configured for forced-unauthorized port control mode and voice VLAN, after you remove the voice VLAN and disable 802.1x on the port, the port no longer passes traffic.
The workaround is to restart the port by using the shutdown and then the no shutdown interface configuration commands.
•
The CISCO-CLASS-BASED-QOS-MIB cbQosPoliceCfgTable shows two policers when only one has been created. This happens only when creating a single-rate policer.
There is no workaround.
•
The cbQosREDCfg, cbQosREDClassCfg and cbQosREDClassStats tables in CISCO-CLASS-BASED-QOS-MIB are unsupported.
The workaround is to use the random-detect policy-map class configuration command to configure Weighted Random Early Detection (WRED) and the show policy-map user EXEC command to monitor WRED.
•
The etherHistoryUtilization object reports incorrect network utilization values for interfaces.
There is no workaround.
•
When a switch boots without a configuration file, you are prompted for a Yes or No response to the Continue with configuration dialog? [yes/no] question. Even after you enter a response, pressing the Mode button for up to 2 seconds puts the switch in Express Setup mode and erases any configuration information that has been entered.
The workaround is to not enter Express Setup mode after configuration information has been entered.
•
The no setup express global configuration command does not appear in the CLI menu when you enter the no ? command.
The workaround is to enter the no setup express global configuration command.
•
A port configured with the dot1x port-control auto interface configuration command can be also configured in a channel group, even though these options are mutually exclusive.
There is no workaround.
•
If you change the ingress priority queue settings for queue 2 by using the mls qos srr-queue input priority-queue 2 bandwidth weight global configuration command, the show running-config user EXEC command display contains an extra input keyword, for example, mls qos srr-queue input priority-queue input 2 bandwidth weight. This causes subsequent problems if the command is saved and if the switch reloaded.
The workaround is to edit the generated configuration file (config.text) and remove the extra input keyword before reloading the switch.
•
When automatic QoS (auto-QoS) is configured on an interface and that interface is changed from routed mode to switched mode or switched mode to routed mode, the trust policies displayed by the show running-config user EXEC command and the show mls qos interface user EXEC command are incorrect for the new interface type.
The workaround is to disable auto-QoS on the interface by using the no auto qos voip [cisco-phone | trust] interface configuration command, to change the interface to routed or switched mode, and then to reconfigure auto-QoS by using the auto qos voip {cisco-phone | trust} interface configuration command.
•
Changing the STP mode from PVST to MST (by using the spanning-tree mode mst global configuration command) or from MST to PVST (by using the spanning-tree mode pvst global configuration command) causes the LEDs for Layer 3 interfaces to turn amber, even though the ports are up.
The workaround is to use the shutdown and then the no shutdown interface configuration commands on each Layer 3 interface to force the LEDs back into sync.
•
The port bandwidth limit displayed by show mls qos interface user EXEC command is 100 minus the configured value. For example, if the configured value is 70, the display shows 30.
There is no workaround.
•
When the switchport voice vlan {vlan-id | dot1p | none | untagged} interface configuration command and the spanning-tree bpduguard {disable | enable} interface configuration command are configured together on an interface connected to another Catalyst 3750 Metro switch, the interface does not go into an error-disabled state (BPDU guard does not work).
There is no workaround.
•
The switch does not link up with some media converters running at 100 Mbps. This problem occurs on 10/100BASE-T interfaces.
There is no workaround.
•
Layer 2 protocol tunneling does not function reliably on EtherChannel interfaces.
There is no workaround.
•
You cannot disable MAC address aging on a secure port. When port security is enabled on an interface, the recommended procedure to disable secure MAC address aging on the port is to set the aging time to zero. However, when you enter the switchport port-security aging time 0 interface configuration command, the switch does not accept 0 as a valid entry even though the CLI help string indicates that it is a valid setting.
There is no workaround.
•
When an ES port is configured as an ISL trunk port, sending jumbo frames through the ES port causes the connected link to receive fragments and cyclic redundancy check (CRC) errors on a high percentage of the traffic. After a prolonged traffic run, the ES ports might stop forwarding traffic.
The workaround is to use 802.1Q encapsulation on ES ports when the switch supports jumbo frames.
•
When an ES port is configured as an ISL trunk port, the interface counters count ISL packets that are within the system MTU size (1500 bytes) as giant packets that were discarded because they exceeded the system MTU.
The workaround is to configure the ES port as an 802.1Q trunk port.
•
When you change the MPLS router ID by entering the mpls ldp router-id [loopback value] force global configuration command, the local router ID is changed, but the label distribution protocol (LDP) does not bind with the LDP neighbor until the loopback interface is shut down and brought back up.
The workaround is to enter a shutdown and then a no shutdown interface configuration command on the loopback interface after you change the MPLS router ID.
•
An EtherChannel configured for 802.1Q tunneling and either the Port Aggregation Protocol (PAgP) or the Link Aggregation Control Protocol (LACP) does not come up.
The workaround is to use channel-group channel-group-number mode on interface configuration command.
•
When two Catalyst 3750 Metro switches that have at least one interface tunneled to each other using port-based EoMPLS are connected over multiple equal-cost paths, the internal implementation of port-based EoMPLS causes a Layer 2 loop to form, and network traffic is disrupted. An example of this configuration would be if Gigabit Ethernet interface 1/1/1 on each Catalyst 3750 Metro switch is connected to one router, and Gigabit Ethernet 1/1/2 on each switch is connected to a different router.
There is no workaround. This configuration is not supported.
•
When Intermediate System-to-Intermediate System (IS-IS) is configured on a switch virtual interface (SVI), it does not establish an adjacency with its neighbor.
The workaround is to force IS-IS to establish an adjacency with its neighbor by doing these steps:
1.
Switch(config)# interface Vlan2Switch(config-if)# ip address 10.0.0.4 255.255.255.0Switch(config-if)# ip router isis ispSwitch(config-if)# clns mtu 1497Switch(config-if)# clns router isis ispSwitch(config-if)# isis circuit-type level-12.
Resolved Caveats
These caveats are resolved in Cisco IOS Release 12.1(14)AX1:
•
When MPLS traffic has been running long enough for the MPLS byte counters to roll over, entering the show mpls forwarding-table user EXEC command no longer results in a display with large negative bytes.
•
A switch running Routing Information Protocol (RIP) version 1 no longer discards RIP packets destined for directed broadcast addresses.
•
If you paste a configuration that has a large ACL into the running configuration of the switch, the console no longer halts, and the switch no longer reboots.
•
A switch configured to send DHCP unicast requests to a specified DHCP server no longer reloads when it tries to boot up.
•
Address Resolution Protocol (ARP) responses destined to the switch CPU that are received on a Layer 2 interface that has a MAC access list applied to it are no longer dropped, and ARP learning works correctly.
•
The switch no longer reloads when you add an aggregate policer to a new policy map. In previous releases, this happened if the aggregate policer had previously been used in a policy map that was attached to an interface, even if that policy map had been detached and removed from the interface.
•
The switch no longer times out the source and multicast group address (S, G) entries when passing low traffic (such as 3 packets per minute) from the source.
•
The switch now communicates correctly with media converters running at 10 Mbps.
•
The spanning-tree algorithm now blocks a Layer 2 loop if you change the native VLAN or a trunk port to a VLAN that you have not yet created.
•
When you enter the ip default-network global configuration command, all packets that match the default route are no longer sent to the CPU.
•
When using SNMP to poll a switch, the ifHCInOctets and ifHCOutOctets are no longer 0 for Gigabit EtherChannel interfaces.
•
The switch no longer pauses indefinitely when 1-byte frames are received.
•
The dynamic MAC address of the Hot Standby Router Protocol (HSRP) group is now relearned on the standby switch even if several interfaces have the same HSRP standby group.
•
The switch no longer allows Telnet sessions to the device from unauthorized hosts when you apply an access class to inbound vty lines.
•
If there are multiple aggregate policers configured on a switch and one of the policers is used in a policy map that has been applied to an interface, the switch no longer fails if you remove the aggregate policer without first detaching it from the policy map. In previous releases, this occurred when you first applied the command or after you saved the configuration and then reloaded the switch.
•
When the MPLS label range is set to the default, the switch no longer rejects MPLS traffic with a label greater than 8192.
•
MPLS now functions correctly on switch virtual interfaces (SVIs).
•
Converting a Layer 2 port to a Layer 3 port by using the no switchport interface command no longer causes a remote ACL that is applied to the switch SVI to be removed from the ternary content addressable memory (TCAM).
•
You can now set the CLNS MTU to more than 1497 on a routed interface.
•
Layer 2 protocol tunneling packets received through an ES interface are now forwarded correctly.
•
When the switch is running an Any Transport over MPLS (AToM) process and an LDP session starts or stops, the switch no longer experiences a slow memory leak or has to be reloaded.
Documentation Updates
The switch now supports point-to-point Layer 2 protocol tunneling, which was not documented in the software documentation. These are the documentation updates for this release.
Software Configuration Guide
These are the documentation updates for the Catalyst 3750 Metro Switch Software Configuration Guide. This information is part of Chapter 13, "Configuring IEEE802.1Q and Layer 2 Protocol Tunneling." For the complete chapter (minus these updates), go to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/12114ax/3750mscg/swtunnel.htm
The new information applies to the indicated section.
Understanding Layer 2 Protocol Tunneling
In a service-provider network, you can use Layer 2 protocol tunneling to enhance the creation of EtherChannels by emulating a point-to-point network topology. When you enable Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) protocol tunneling on the service-provider switch, remote customer switches receive the protocol data units (PDUs) and can negotiate the automatic creation of EtherChannels.
For example, in Figure 1, Customer A has two switches in the same VLAN that are connected through the service-provider network. When the network tunnels PDUs, switches on the far ends of the network can negotiate the automatic creation of EtherChannels without needing dedicated lines. See the "Configuring Layer 2 Tunneling for EtherChannels" section for instructions on configuring Layer 2 protocol tunneling for EtherChannels.
Figure 1 Layer 2 Protocol Tunneling for EtherChannels
Configuring Layer 2 Protocol Tunneling
For emulated point-to-point network topologies, the switch supports PAgP, LACP, and UniDirectional Link Detection (UDLD) protocols.
Caution
Configuration Guidelines
These are configuration guidelines for PAgP, LACP, and UDLD protocol tunneling:
•
•
•
Configuring Layer 2 Tunneling for EtherChannels
Note
To configure Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels, you need to configure both the service-provider edge switch and the customer switch.
Configuring the Service-Provider Edge Switch
Beginning in privileged EXEC mode, follow these steps to configure a service-provider edge switch for Layer 2 protocol tunneling for EtherChannels:
Use the no l2protocol-tunnel [point-to-point [pagp | lacp | udld]] interface configuration command to disable point-to-point protocol tunneling for one of the Layer 2 protocols or for all three. Use the no l2protocol-tunnel shutdown-threshold [point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings.
Configuring the Customer Switch
After configuring the service-provider edge switch, begin in privileged EXEC mode, and follow these steps to configure a customer switch for Layer 2 protocol tunneling for EtherChannels:
Use the no switchport mode trunk, the no udld enable, and the no channel group channel-group-number mode desirable interface configuration commands to return the interface to the default settings.
For EtherChannels, you need to configure both the service-provider edge switches and the customer switches for Layer 2 protocol tunneling.
This example shows how to configure the service provider edge Switch A and edge Switch B in the example in Figure 1. VLANs 17, 18, 19, and 20 are the access VLANs, Fast Ethernet ports 1 and 2 are point-to-point tunnel ports with PAgP and UDLD enabled, the drop threshold is 1000, and Fast Ethernet port 3 is a trunk port.
Service-provider edge Switch A configuration:
Switch(config)# interface fastethernet1/0/1Switch(config-if)# switchport access vlan 17Switch(config-if)# switchport mode dot1q-tunnelSwitch(config-if)# l2protocol-tunnel point-to-point pagpSwitch(config-if)# l2protocol-tunnel point-to-point udldSwitch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000Switch(config-if)# exitSwitch(config)# interface fastethernet1/0/2Switch(config-if)# switchport access vlan 18Switch(config-if)# switchport mode dot1q-tunnelSwitch(config-if)# l2protocol-tunnel point-to-point pagpSwitch(config-if)# l2protocol-tunnel point-to-point udldSwitch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000Switch(config-if)# exitSwitch(config)# interface fastethernet1/0/3Switch(config-if)# switchport trunk encapsulation islSwitch(config-if)# switchport mode trunkService-provider edge Switch B configuration:
Switch(config)# interface fastethernet1/0/1Switch(config-if)# switchport access vlan 19Switch(config-if)# switchport mode dot1q-tunnelSwitch(config-if)# l2protocol-tunnel point-to-point pagpSwitch(config-if)# l2protocol-tunnel point-to-point udldSwitch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000Switch(config-if)# exitSwitch(config)# interface fastethernet1/0/2Switch(config-if)# switchport access vlan 20Switch(config-if)# switchport mode dot1q-tunnelSwitch(config-if)# l2protocol-tunnel point-to-point pagpSwitch(config-if)# l2protocol-tunnel point-to-point udldSwitch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000Switch(config-if)# exitSwitch(config)# interface fastethernet1/0/3Switch(config-if)# switchport trunk encapsulation islSwitch(config-if)# switchport mode trunkThis example shows how to configure the customer switch at Site 1. Fast Ethernet ports 1, 2, 3, and 4 are set for 802.1Q trunking, UDLD is enabled, EtherChannel group 1 is enabled, and the port channel is shut down and then enabled to activate the EtherChannel configuration.
Switch(config)# interface fastethernet1/0/1Switch(config-if)# switchport trunk encapsulation dot1qSwitch(config-if)# switchport mode trunkSwitch(config-if)# udld enableSwitch(config-if)# channel-group 1 mode desirableSwitch(config-if)# exitSwitch(config)# interface fastethernet1/0/2Switch(config-if)# switchport trunk encapsulation dot1qSwitch(config-if)# switchport mode trunkSwitch(config-if)# udld enableSwitch(config-if)# channel-group 1 mode desirableSwitch(config-if)# exitSwitch(config)# interface fastethernet1/0/3Switch(config-if)# switchport trunk encapsulation dot1qSwitch(config-if)# switchport mode trunkSwitch(config-if)# udld enableSwitch(config-if)# channel-group 1 mode desirableSwitch(config-if)# exitSwitch(config)# interface fastethernet1/0/4Switch(config-if)# switchport trunk encapsulation dot1qSwitch(config-if)# switchport mode trunkSwitch(config-if)# udld enableSwitch(config-if)# channel-group 1 mode desirableSwitch(config-if)# exitSwitch(config)# interface port-channel 1Switch(config-if)# shutdownSwitch(config-if)# no shutdownSwitch(config-if)# exitCommand Reference
In the Catalyst 3750 Metro Switch Command Reference, the l2protocol-tunnel interface configuration command has been modified to include support for point-to-point tunneling.
l2protocol-tunnel
Use the l2protocol-tunnel interface configuration command to enable tunneling of Layer 2 protocols on an access or 802.1Q tunnel port. You can enable tunneling for Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking Protocol (VTP) packets, or configure the maximum number of incoming Layer 2 protocol packets to be received before the port is disabled or the interface drops packets. You can also enable point-to-point tunneling for Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), or UniDirectional Link Detection (UDLD) packets. If no keyword is entered, tunneling is enabled for all three Layer 2 protocols. Use the no form of this command to disable tunneling on the interface, to return to having no shutdown threshold, or to return to having no drop threshold.
l2protocol-tunnel [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] | [shutdown-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value] | [drop-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value]
no l2protocol-tunnel [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] | [shutdown-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value] | [drop-threshold [cdp | stp | vtp] [point-to-point [pagp | lacp | udld]] value]
Syntax Description
Defaults
The default is that no Layer 2 protocol packets are tunneled.
If you enter the command with no keyword, the default is to tunnel CDP, STP, and VTP packets.
The default is to have no shutdown threshold for the number of Layer 2 protocol packets.
The default is to have no drop threshold for the number of Layer 2 protocol packets.
Command Modes
Interface configuration
Command History
12.1(14)AX
This command was introduced.
12.1(14)AX1
The [point-to-point [pagp | lacp | udld]] keywords were added.
Usage Guidelines
You must enter this command, with or without protocol types, to tunnel Layer 2 protocol packets.
Layer 2 protocol tunneling across a service-provider network ensures that Layer 2 protocol information is propagated across the network to all customer locations. When protocol tunneling is enabled, protocol packets are encapsulated with a well-known Cisco multicast address for transmission across the network. When the packets reach their destination, this address is replaced by the Layer 2 protocol MAC address.
When Layer 2 protocol tunneling is enabled on ingress ports on a switch, egress trunk ports forward the tunneled packets with a special encapsulation. If you also enable Layer 2 protocol tunneling on the egress trunk port, this behavior is bypassed, and the switch forwards control protocol data units (PDUs) without any processing or modification. The Layer 2 protocol-tunnel bypass feature can provide interoperability with third-party vendors. Bypass mode transparently forwards control PDUs to vendor switches that have different ways of controlling protocol tunneling.
You can enable Layer 2 protocol tunneling individually for CDP, STP, VTP, or for all three protocols.
You can enable Layer 2 protocol tunneling on ports that are configured as access ports, 802.1Q tunnel ports, or trunk ports. You cannot enable Layer 2 protocol tunneling on ports configured with switchport mode dynamic auto or dynamic desirable.
EtherChannel port groups are compatible with tunnel ports if the 802.1Q configuration is consistent within an EtherChannel port group.
In a service-provider network, you can use Layer 2 protocol tunneling to enhance the creation of EtherChannels by emulating a point-to-point network topology. When protocol tunneling is enabled on the service-provider switch for PAgP or LACP, remote customer switches receive the PDUs and can negotiate automatic creation of EtherChannels.
To enable tunneling of PAgP, LACP, and UDLD packets, you must have a point-to-point network topology. To decrease the link-down detection time, you should also enable UDLD on the interface when you enable tunneling of PAgP or LACP packets.
You can enable point-to-point protocol tunneling individually for PAgP, LACP, UDLD, or for all three protocols.
Caution
Dynamic Trunking Protocol (DTP) is not compatible with Layer 2 protocol tunneling because you must manually configure asymmetric links with tunnel ports and trunk ports.
Edge switches on the outbound side of the service-provider network restore the proper Layer 2 protocol and MAC address information and forward the packets to all tunnel, access, and Layer 2 protocol-enabled trunk ports in the same metro VLAN.
Enter the shutdown-threshold keyword to control the number of protocol packets per second that are received on an interface before it shuts down. When no protocol option is specified with the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.
When the shutdown threshold is reached, the interface is error-disabled. If you enabled error recovery by entering the errdisable recovery cause l2ptguard global configuration command, the interface is brought out of the error-disabled state and allowed to retry the operation when all the causes have timed out. If the error recovery mechanism is not enabled for l2ptguard, the interface stays in the error-disabled state until you enter the shutdown and no shutdown interface configuration commands.
Enter the drop-threshold keyword to control the number of protocol packets per second that are received on an interface before it drops packets. When no protocol option is specified with a keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a shutdown threshold on the interface, the drop-threshold value must be less than or equal to the shutdown-threshold value.
When the drop threshold is reached, the interface drops Layer 2 protocol packets until the rate at which they are received is below the drop threshold.
The configuration is saved in NVRAM.
Note
Examples
This example shows how to enable protocol tunneling for CDP packets and to configure the shutdown threshold as 50 packets per second:
Switch(config-if)# l2protocol-tunnel cdpSwitch(config-if)# l2protocol-tunnel shutdown-threshold cdp 50This example shows how to enable protocol tunneling for STP packets and to configure the drop threshold as 400 packets per second:
Switch(config-if)# l2protocol-tunnel stpSwitch(config-if)# l2protocol-tunnel drop-threshold stp 400This example shows how to enable point-to-point protocol tunneling for PAgP and UDLD packets and to configure the PAgP drop threshold as 1000 packets per second:
Switch(config-if)# l2protocol-tunnel point-to-point pagpSwitch(config-if)# l2protocol-tunnel point-to-point udldSwitch(config-if)# l2protocol-tunnel drop-threshold point-to-point pagp 1000Related Commands
Hardware Installation Guide
The Preface for the Catalyst 3750 Metro Switch Hardware Installation Guide does not include the translations for the Warning symbol and explanation (Statement 1071) or a change to the Warning statement about installation for short-circuit (overcurrent) protection (Statement 1005-Circuit Breaker) in Appendix E, "Translated Safety Warnings."
This information is in the Release Notes for the Catalyst 3750 Metro Switch, Cisco IOS Release 12.1(14) AX at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/12114ax/ol464601.htm#35851
Related Documentation
These documents provide information about the switch and are available from this Cisco.com site:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750m/index.htm
You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the "Obtaining Documentation" section.
•
•
•
•
•
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/index.shtml
•
Documentation Feedback
You can submit e-mail comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.
Cisco TAC Website
The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:
http://www.cisco.com/tac/caseopen
For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
http://cisco.com/univercd/cc/td/doc/pcat/
•
•
•
http://www.cisco.com/go/iqmagazine
•
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0402R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Guest
