.svg?sv=2022-11-02&spr=https&st=2024-09-19T22%3A11%3A18Z&se=2024-09-19T22%3A21%3A18Z&sr=c&sp=r&sig=DwSAfEtar0cxP%2BTn96jWkMGsjwmQ4AePtwj0AaiV4mM%3D){kind=logo}
Using Layer-2 Protocol Tunneling
- 09 Aug 2024
- 12 Minutes to read
- Contributors
- Print
- PDF
Using Layer-2 Protocol Tunneling
- Updated on 09 Aug 2024
- 12 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can use the Layer-2 Protocol Tunneling function to allow the client’s Layer-2 Control Protocol (L2CP) frames to be transparently transported (or to perform other actions such as dropping and/or forwarding traffic) across an EVC without interfering with the carrier/operator network and equipment.
For example, the protocol tunneling operates by replacing the protocol's specific destination MAC address with a multicast address that is transparently transported by the transit equipment and reinserted in the original destination MAC when the traffic reaches the destination equipment.
Accedian and the MEF do not use the term tunneling to refer to the same concept:
- For the MEF, tunneling means that frames are transparently passed to a given EVC for transport across the MEN to the destination UNI port(s). This concept is referred to as forwarding within the framework of Accedian’s L2CP terminology.
- At Accedian, tunneling occurs when the destination MAC is replaced with the wellknown Cisco MAC (or Accedian's equivalent). This concept is not covered by the MEF, and thus no equivalent exists.
The Protocol Tunneling function works with rules to filter traffic being processed. Each incoming frame is tested against each rule in order until it finds a match. When there is a match, the frame is processed according to the mode of operation (Drop, Forwarding, Tunneling or Peering). If there is no match with any rule, the frame is discarded.
In tunneling mode, tags are unconditionally pushed to processed frames, with userconfigurable fields for Ethertype, VLAN tags and PCP/CFI. When the unit is in forwarding mode, you can set it to perform VLAN tagging on the processed frames. In forwarding mode, the following operations are supported:
- None: frames are forwarded unmodified.
- Push: frames are forwarded with an extra VLAN tag added. The tag is defined by the VLAN ID, PCP and CFI fields and the Ethernet type is set to the value specified by the VLAN Ethertype field.
- Pop: frames are forwarded with the VLAN tag stripped. This mode is only available when VLAN Filtering is enabled as tags cannot be removed from non-tagged frames.
- Replace: frames are forwarded with their VLAN tag replaced. The replacement tag is defined by the VLAN ID, PCP and CFI fields and the Ethernet type is set to the value specified by the VLAN Ethertype field. This mode is only available when VLAN Filtering is enabled as tags cannot be replaced in non-tagged frames.
To view a list of all existing L2PT rules Access the page Traffic ▶L2PT ▶Configuration. For an example of the display, see the figure below. For more information on specific parameters, see "L2PT Configuration (Traffic ▶L2PT ▶Configuration) ".
Traffic ▶L2PT ▶Configuration
To view statistics for all L2PT rules
- Access the page Traffic ▶L2PT ▶Statistics.
Statistics for all rules in the system are displayed in a grid.
For more information on specific parameters, refer to the following table.
Layer-2 Protocol Tunneling Frame Statistics (Traffic ▶L2PT ▶Statistics)
Viewing Statistics for Layer-2 Tunnel Rules
| Parameter | Description |
|---|---|
| Name | The unique name assigned to the rule. |
| Dropped | The total number of dropped frames by this rule since its creation. This counter is incremented under the following circumstances:
|
| Tunneled | The total number of tunneled frames by this rule since its creation. This counter is incremented under the following circumstance: The rule is set for tunnel operation mode and a matching frame was received on the incoming port and tunneled (had its destination MAC replaced, had the required VLAN tags added and was sent to the outgoing port). Note: If there are multiple VLAN groups in the VLAN list, this counter is incremented for each frame transmitted on the outgoing port. |
| De-tunneled | The total number of de-tunneled frames by this rule since its creation. This counter is incremented when the following event occurs: The rule is set for tunnel operation,and a matching frame was received on the outgoing port then de-tunneled (i.e. restored to its original state and sent to the incoming port). |
| Forwarded | The total number of frames forwarded by this rule since its creation. This counter is incremented under the following circumstance: The rule is set for forward operation and a matching frame was received on the incoming port and forwarded, unmodified, to the outgoing port. |
| Peered | The total number of frames peered by this rule since its creation. This counter is incremented under the following circumstance: The rule is set for peer operation and a matching frame was received on the incoming port and sent to the software layers for further processing. |
Setting Up a Layer-2 Tunnel
You can define up to 254 Layer-2 Protocol Tunneling (L2PT) rules. L2PT is configurable on a per-port basis, as described below.
L2PT frames are transported transparently if the unit does not have a Tunneling rule for the service. If an L2PT rule with the Operation Mode set to Tunnel has been created, the L2PT frames entering the unit via the rule’s Outgoing Port (using the VID configured in the rule) will be terminated and forwarded for processing as described in the rule. If not, these frames are treated as service traffic.
To specify the ports to which L2PT applies
Access the page Traffic ▶L2PT ▶Configuration.
The L2PT Configuration page appears. All ports are listed in the Layer-2 Protocol Tunneling Port States frame at the top of the page.For each port on which you want to enable L2PT, select its corresponding box by clicking it.
Note: You can select both traffic ports and management ports.Click Apply.
To add or edit an L2PT rule
Access the page Traffic ▶L2PT ▶Configuration.
The tunneling rules are displayed in a grid.Click the Add button to add a new L2PT rule or click the Name of an existing rule to edit its settings.
The L2PT Configuration page appears.Complete all required fields, then click Apply.
For more information on specific parameters, refer to the following table.
L2PT Configuration (Traffic ▶L2PT ▶Configuration)
| Parameter | Description |
|---|---|
| Enable L2PT Rule | Select this box to enable the processing of the Layer-2 Control Protocols according to L2PT rules. Use this field to enable or disable a rule without actually deleting it. |
| Catchall Rule | Select this box to make this L2PT rule a catchall rule. Catchall rules operate on all frames that were not matched by a specific rule and can be set for either the Forward or Drop operation modes. |
| L2PT Rule Name | The name assigned to the L2PT rule. |
| Operation Mode | This parameter controls how the L2PT rule handles traffic associated with the specified protocol. The operation mode you select can be one of the following:
|
| Protocol | Indicate the Layer-2 Control Protocol to be processed by a specific rule by making a selection from the drop-down list:
|
| Replacement MAC | The multicast MAC address to use as a replacement when protocol tunneling is performed. The following replacement MAC addresses can be used:
|
| Incoming Port | Indicate which incoming port the rule will use by making a selection in the drop-down list. The incoming port is considered to be the port where the Layer-2 control protocols will be received. |
| Outgoing Port | Indicate which outgoing port the rule will use by making a selection in the drop-down list. The outgoing port is considered to be the port where the tunneled frames. Those containing a replacement destination MAC address, will be transmitted. |
| Unique ID | Select the ID of a rule to use when performing tunneling by making a selection in the drop-down list. This value is used when building the replacement destination MAC address if the Accedian multicast address is used. Note: The same ID value must be used on both sides when performing tunneling between a pair of units. |
VLAN Filtering
| Parameter | Description |
|---|---|
| Enable | Select this box to enable the filtering of incoming frames with matching VLAN ID and Ethertype for this L2PT rule. Only the frames with a VLAN ID and Ethertype matching the ones specified in the VLAN ID range, PCP, CFI and Ethertype are accepted. |
| Ethertype | The VLAN Ethertype accepted by this specific rule in the inbound Layer-2 Control Protocol frames. |
| VLAN ID Range | Indicate the VLAN IDs that this specific rule accepts in the inbound Layer-2 Control Protocol frames. If you want to filter on a single VID, enter the same value in both the From and To fields. |
| PCP | Indicate the Priority Code Point that this rule accepts in the inbound Layer-2 Control Protocol frames by making a selection in the drop-down list.
|
| CFI | Indicate the Canonical Format Indicator that this rule accepts in the inbound Layer-2 Control Protocol frames by making a selection in the drop-down list.
|
EVC Mapping
| Parameter | Description |
|---|---|
| EVC Mapping Mode | Note: Only applies to the "Forward" operation mode. Select a mapping mode by making a selection in the dropdown list:
|
| VLAN Ethertype | Note: Only applies to the "Forward" operation mode. Select the Ethertype of the tag inserted in the forwarded frame by making a selection in the drop-down list. |
| VLAN 1 Ethertype | Note: Only applies to the "Forward" operation mode. Select the Ethertype of the first tag inserted in the tunneled frame by making a selection in the drop-down list. |
| VLAN 2 Ethertype | Note: Only applies to the "Forward" operation mode. Select the Ethertype of the second tag inserted in the tunneled frame (for Q-in-Q) by making a selection in the drop-down list. |
| VLAN List | Note: Only applies to the "Tunnel" operation mode. Indicate the VLAN tags to insert in the tunneled frames. The syntax is a list of comma-separated groups formatted as vlan1:vlan2. Entry of the second tag (Q-in-Q) is optional. For example, if you wanted to single-tag tunneled frames with VLAN ID 3, and double-tag frames with VLAN IDs 5–6 and 22–88, you would specify: 3, 5:6, 22:88. The frames are duplicated for each entry in the VLAN list. In the example above, three frames would be transmitted on the network port for each incoming frame matching the rule on the client port. There should be at least one entry in the list as tunneling untagged frames is currently not supported. |
| VLAN ID | Note: Only applies to the "Forward" operation mode. The VLAN tags to insert in the forwarded frames when the mode is set to Pop or Replace. |
CoS Mapping
| Parameter | Description |
|---|---|
| Mode | Note: Only applies to the "Tunnel" operation mode, or to the "Forward" operation mode when the EVC mapping mode is set to "Push". This field allows you to control the PCP and CFI fields of the forwarding and tunneling rules. The following operations are supported:
|
| PCP | Indicate the Priority Code Point (PCP) mapped to the processed frame in CoS Map mode by making a selection in the drop-down list. Range: 0–7. Note: Only applies to the "Tunnel" operation mode, or to the "Forward" operation mode when the EVC mapping mode is set to "Push". |
| CFI | Indicate the Canonical Format Indicator (CFI) mapped to the processed frame in CoS Map mode by making a selection in the drop-down list. The CFI is defined by 1 bit in the Ethernet frame. Note: Only applies to the "Tunnel" operation mode, or to the "Forward" operation mode when the EVC mapping mode is set to "Push". |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?