.svg?sv=2022-11-02&spr=https&st=2024-09-19T01%3A15%3A33Z&se=2024-09-19T01%3A25%3A33Z&sr=c&sp=r&sig=9tKxf2cjfCEqu8q8E6hlXYsnKVPqsldk7rc46b0MKr4%3D){kind=logo}
Using Layer-2 Protocol Tunneling
- 09 Aug 2024
- 12 Minutes to read
- Contributors
- Print
- PDF
Using Layer-2 Protocol Tunneling
- Updated on 09 Aug 2024
- 12 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The Layer-2 Protocol Tunneling (L2PT) function provides a set of rules that can be used to process the Layer-2 Control Protocol (L2CP) frames.
Each L2PT rule can be configured to process a specific type of L2CP frame with either one of the following behaviors:
- Forward: The frames are sent unaltered from the incoming to the outgoing port.
- Drop: The frames matching the specific rule are dropped.
- Peer: The frames are sent to software layers for further processing.
- Tunnel: The frames matching the specific rule are transported transparently through the network.
The first three actions (Forward, Drop, and Peer) are defined in the MEF technical standards.
The last action (Tunnel) allows to forward the L2CP frames through the network using a technique that will prevent them from interfering with other network equipment. For example, the tunneling operates by replacing the protocol's specific destination MAC address with a multicast address that allows the frames to be transparently transported by the transit equipment. The original destination MAC is reinserted when the traffic reaches the destination equipment.
The L2PT rules use filters to select the traffic to be processed. Each incoming frame is tested against the L2PT rules to find a match. When there is a match, the frame is processed according to the mode of operation configured in the rule (Drop, Forward, Peer, or Tunnel). If there is no match with any rule, the frame is discarded.
In tunneling mode, VLAN tags are unconditionally pushed on the processed frames, with user-configurable fields for VLAN ID, VLAN type (TPID), PCP, and CFI/DEI.
In forwarding mode, the following VLAN tagging options are supported:
- None: The frames are forwarded unmodified.
- Push: The frames are forwarded with an extra VLAN tag added. The tag is defined by the VLAN ID, PCP and CFI fields, and the VLAN type (TPID) is set to the value specified in the VLAN Ethertype field.
- Pop: The frames are forwarded with the VLAN tag stripped. This mode is only available
when VLAN Filtering is enabled as tags cannot be removed from untagged frames. - Replace: The frames are forwarded with their VLAN tag replaced. The replacement tag is
defined by the VLAN ID, PCP and CFI fields, and the VLAN type (TPID) is set to the value specified in the VLAN Ethertype field. This mode is only available when VLAN Filtering is enabled as tags cannot be replaced in untagged frames.
To view a list of all existing L2PT rules, access the Traffic ▶ L2PT ▶ Configuration page. For an example of the display, see the figure below. For more information on specific parameters, see "L2PT Configuration (Traffic ▶ L2PT ▶ Configuration) ".
Traffic ▶ L2PT ▶ Configuration
To view statistics for all L2PT rules, access the Traffic ▶ L2PT ▶ Statistics page. Statistics for all rules in the system are displayed in a grid.
For more information on specific parameters, refer to the following table.
Layer-2 Protocol Tunneling Packet Statistics (Traffic ▶ L2PT ▶ Statistics)
Viewing Statistics for L2PT Rules
| Parameter | Description |
|---|---|
| Name | The unique name assigned to the rule. |
| Dropped | The total number of dropped frames by this rule since its creation. This counter is incremented under the following circumstances:
|
| Tunneled | The total number of tunneled frames by this rule since its creation. This counter is incremented under the following circumstance: The rule is set for tunnel operation mode and a matching frame was received on the incoming port and tunneled (had its destination MAC replaced, had the required VLAN tags added and was sent to the outgoing port). Note: If there are multiple VLAN groups in the VLAN list, this counter is incremented for each frame transmitted on the outgoing port. |
| De-tunneled | The total number of de-tunneled frames by this rule since its creation. This counter is incremented when the following event occurs: The rule is set for tunnel operation,and a matching frame was received on the outgoing port then de-tunneled (i.e. restored to its original state and sent to the incoming port). |
| Forwarded | The total number of frames forwarded by this rule since its creation. This counter is incremented under the following circumstance: The rule is set for forward operation and a matching frame was received on the incoming port and forwarded, unmodified, to the outgoing port. |
| Peered | The total number of frames peered by this rule since its creation. This counter is incremented under the following circumstance: The rule is set for peer operation and a matching frame was received on the incoming port and sent to the software layers for further processing. |
Setting Up L2PT Rules
L2PT can be enabled on a per-port basis, as described below. If L2PT is disabled on a port, the L2CP frames are processed by the Traffic Policies, like any service frame. Up to 254 L2PT rules can be defined system wide.
If an L2PT rule is configured to operate in tunneling mode, the tunneled L2CP frames entering the unit via the rule’s Outgoing Port (using the VID configured in the rule) will be processed as described in the rule and de-tunneled. If the tunneled frames do not match the tunneling rule, they will be treated as regular service frames.
To enable L2PT on a port
Access the Traffic ▶ L2PT ▶ Configuration page.
The L2PT Configuration page appears. All ports are listed in the Layer-2 Protocol Tunneling Port States frame at the top of the page.For each port on which you want to enable L2PT, check the corresponding box.
Click Apply.
To add or edit an L2PT rule
Access the Traffic ▶ L2PT ▶ Configuration page.
The tunneling rules are displayed in a grid.Click the Add button to add a new L2PT rule or click the Name of an existing rule to edit
its settings. The L2PT rule configuration page appears.Complete all required fields, then click Apply.
For more information on specific parameters, refer to the following table.
L2PT Configuration (Traffic ▶ L2PT ▶ Configuration)
| Parameter | Description |
|---|---|
| Enable L2PT Rule | Select this box to enable the processing of the L2CP frames according to L2PT rules. Use this field to enable or disable a rule without deleting it. |
| Catchall Rule | Select this box to make this L2PT rule a catchall rule. Catchall rules operate on all frames that were not matched by a specific rule and can be set for either the Forward or Drop operation modes. |
| L2PT Rule Name | The name assigned to the L2PT rule. |
| Operation Mode | This parameter controls how the L2PT rule handles traffic associated with the specified protocol. The operation mode you select can be one of the following:
|
| Protocol | Use the drop-down list to select a specific Layer-2 Control Protocol to be processed by the rule:
|
| Replacement MAC | The multicast MAC address to use as a replacement when protocol tunneling is performed. The following replacement MAC addresses can be used:
|
| Incoming Port | Indicate which incoming port the rule will use by making a selection from the drop-down list. This is the port where the L2CP frames are received. |
| Outgoing Port | Indicate which outgoing port the rule will use by making a selection from the drop-down list. This is the port where the tunneled frames are placed on the network. |
| Unique ID | Select the ID of a rule to use when performing tunneling by making a selection from the drop-down list. This value is used when building the replacement destination MAC address if the Accedian multicast address is used. Note: The same ID value must be used on both sides when performing tunneling between a pair of units. |
VLAN Filtering
| Parameter | Description |
|---|---|
| Enable | Select this box to enable the filtering of incoming frames with matching VLAN ID and Ethertype (TPID) for this L2PT rule. Only the frames with VLAN parameters matching the ones specified in the VLAN ID range, PCP, CFI and Ethertype are accepted. |
| Ethertype | The VLAN type (or TPID) accepted by this specific rule in the inbound L2CP frames. |
| VLAN ID Range | Indicate the VLAN IDs that this specific rule accepts in the inbound L2CP frames. If you want to filter on a single VID, enter the same value in both the From and To fields. |
| PCP | Indicate the Priority Code Point that this rule accepts in the inbound L2CP frames by making a selection from the drop-down list.
|
| CFI | Indicate the CFI bit (or DEI) that this rule accepts in the inbound L2CP frames by making a selection from the drop-down list.
|
EVC Mapping
| Parameter | Description |
|---|---|
| EVC Mapping Mode | Note: Only applies to the "Forward" operation mode. Select a mapping mode from the drop-down list:
|
| VLAN Ethertype | Note: Only applies to the "Forward" operation mode. Select the Ethertype (TPID) of the tag inserted in the forwarded frame by making a selection from the drop-down list. |
| VLAN 1 Ethertype | Note: Only applies to the "Forward" operation mode. Select the Ethertype (TPID) of the first tag inserted in the tunneled frame by making a selection from the drop-down list. |
| VLAN 2 Ethertype | Note: Only applies to the "Forward" operation mode. Select the Ethertype (TPID) of the second tag inserted in the tunneled frame (for Q-in-Q) by making a selection from the drop-down list. |
| VLAN List | Note: Only applies to the "Tunnel" operation mode. Indicate the VLAN tags to insert in the tunneled frames. The syntax is a list of comma-separated groups formatted as vlan1:vlan2. Entry of the second tag (Q-in-Q) is optional. For example, if you wanted to single-tag tunneled frames with VLAN ID 3, and double-tag frames with VLAN IDs 5–6 and 22–88, you would specify: 3, 5:6, 22:88. The frames are duplicated for each entry in the VLAN list. In the example above, three frames would be transmitted on the network port for each incoming frame matching the rule on the client port. There should be at least one entry in the list as tunneling untagged frames is currently not supported. |
| VLAN ID | Note: Only applies to the "Forward" operation mode. The VLAN tags to insert in the forwarded frames when the mode is set to Pop or Replace. |
CoS Mapping
| Parameter | Description |
|---|---|
| Mode | Note: Only applies to the "Tunnel" operation mode, or to the "Forward" operation mode when the EVC mapping mode is set to "Push". This field allows you to control the PCP and CFI fields of the forwarding and tunneling rules. The following operations are supported:
|
| PCP | Indicate the Priority Code Point (PCP) mapped to the processed frame in CoS Map mode by making a selection from the drop-down list. Range: 0–7. Note: Only applies to the "Tunnel" operation mode, or to the "Forward" operation mode when the EVC mapping mode is set to "Push". |
| CFI | Indicate the Canonical Format Indicator (CFI) mapped to the processed frame in CoS Map mode by making a selection from the drop-down list. The CFI is defined by one bit in the VLAN tag. Note: Only applies to the "Tunnel" operation mode, or to the "Forward" operation mode when the EVC mapping mode is set to "Push". |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?