A port configure in dynamic mode, will become either an access or a trunk port, depending on the negotiation with the other pot it is connected to.
DTP is used to negotiate Dynamic Trunks.
To configure a port as dynamic, use the following command:
Here’s how the ports will end up in a dynamic configuration:
This side\The other side
Access
Trunk
Dynamic Auto
Dynamic Desirable
Access
access\access
access\trunk
acces\access
access\access
Trunk
trunk\access
trunk\trunk
trunk\trunk
trunk\trunk
Dynamic Auto
access\access
trunk\trunk
access\access
trunk\trunk
Dynamic Desirable
access\access
trunk\trunk
trunk\trunk
trunk\trunk
DTP works by default, even if the port is configured as a static trunk. This is needed so that the other end of the connection could negotiate to become a trunk.
DTP is disabled if the port is set in the acccess mode or if the following command is used:
1
Sw(config-if)# switchport nonegotiate
Copied!
This is usually used when a static trunk is created with a neighbor that does not support DTP (like a router or a firewall).
DTP negociation will fail if the devices are in different VTP domains.
Q-in-Q tunnels are used to carry frames tagged with 802.1q by a customer over a provider’s network. Customer traffic is encapsulated within another 802.1q tag (metro tag) which is used inside the provider network.
An asymmetric link must be configured, where the port on the customer switch will be set as Trunk port, and the port on the Provider switch will be set as Tunnel Port.
Configure the Customer Switch
To configure the customer switch, use:
1
SwC(config-if)# switchport mode trunk
Copied!
Configure the Provider Switch
1
SwP(config-if)# switchport access vlan VLAN-ID
2
! VLAN-ID is the metro tag, specific to each customer
3
SwP(config-if)# switchport mode dot1q-tunnel
4
! Will also disable CDP on the port
Copied!
Since Q-in-Q tunnels add an additional dot1Q header, the MTU of the frames can reach 1504 Bytes. The switch will warn when a port is configured for dot1q tunneling that the default MTU of the switch (1500) should be changed. This change should be done on all provider switches:
1
Sw(config)# system mtu 1504
2
! Requires a reload
Copied!
To test that the provider network can accomodate such frames, you can try:
1
SwC# ping IP-ADDR size 1500 df-bit
Copied!
Native VLAN on Dot1q Tunnels
Since trunk belonging to the native VLAN is normally sent untagged, this could end up in problems inside the provider network. To prevent this use one of the following:
Use ISL encapsulation inside the provider network
Make sure the native VLAN on the customer/provider edge is not within the customer VLAN range.
Tag the native VLAN:
1
Sw(config)# vlan dot1q tag native
Copied!
Tunneling L2 Protocols
Normally traffic for VTP, CDP, STP, PAgP, LACP, UDLD is not switched. It is interpreted by each device on a per-link basis.
To enable L2 Protocl Tunneling, use the following config on the provider switch:
1
SwP(config-if)# l2protocol-tunnel [cdp|stp|vtp]
Copied!
To tunnel protocols used over point-to-point connections, use the following command to emmulate such a connection: