Understanding Layer 2 Protocol Tunneling on EX Series Switches
Layer 2 protocol tunneling (L2PT) allows you to send Layer 2 protocol data units (PDUs) across a service provider network and deliver them to Juniper Networks EX Series Ethernet Switches that are not part of the local broadcast domain. This feature is useful when you want to run Layer 2 protocols on a network that includes switches located at remote sites that are connected across a service provider network.
This topic includes:
Layer 2 Protocols Supported by L2PT on EX Series Switches
L2PT on EX Series switches supports the following Layer 2 protocols:
- 802.1X authentication
- 802.3ah Operation, Administration, and Maintenance (OAM)
link fault management (LFM)
Note: If you enable L2PT for untagged OAM LFM packets, do not configure LFM on the corresponding access interface.
- Cisco Discovery Protocol (CDP)
- Ethernet local management interface (E-LMI)
- GARP VLAN Registration Protocol (GVRP)
- Link Aggregation Control Protocol (LACP)
Note: If you enable L2PT for untagged LACP packets, do not configure LACP on the corresponding access interface.
- Link Layer Discovery Protocol (LLDP)
- Multiple MAC Registration Protocol (MMRP)
- Multiple VLAN Registration Protocol (MVRP)
- Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP)
- VLAN Spanning Tree Protocol (VSTP)
- VLAN Trunking Protocol (VTP)
| Note: CDP and VTP cannot be configured on EX Series switches. L2PT does, however, tunnel CDP and VTP PDUs. |
How L2PT Works
L2PT works by encapsulating Layer 2 PDUs, tunneling them across a service provider network, and decapsulating them for delivery to their destination switches. L2PT encapsulates Layer 2 PDUs by enabling the ingress provider edge (PE) device to rewrite the PDUs’ destination media access control (MAC) addresses before forwarding them onto the service provider network. The devices in the service provider network treat these encapsulated PDUs as multicast Ethernet packets. Upon receipt of these PDUs, the egress PE devices decapsulate them by replacing the destination MAC addresses with the address of the Layer 2 protocol that is being tunneled before forwarding the PDUs to their destination switches.
L2PT Basics on EX Series Switches
L2PT is enabled on a per-VLAN basis. When you enable L2PT on a VLAN, all access interfaces are considered to be customer-facing interfaces, all trunk interfaces are considered to be service provider network-facing interfaces, and the specified Layer 2 protocol is disabled on the access interfaces. L2PT only acts on logical interfaces of the family ethernet-switching.
| Note: Access interfaces in an L2PT-enabled VLAN should not receive L2PT-tunneled PDUs. If an access interface does receive L2PT-tunneled PDUs, it might mean that there is a loop in the network. As a result, the interface will be shut down. |
L2PT is configured under the [edit vlans vlan-name dot1q-tunneling] hierarchy level, meaning Q-in-Q tunneling is (and must be) enabled. If L2PT is not enabled, Layer 2 PDUs are handled in the same way they were handled before L2PT was enabled.
| Note: If the switch receives untagged or priority-tagged Layer 2 control PDUs to be tunnelled, then you must configure the switch to map untagged and priority-tagged packets to an L2PT-enabled VLAN. For more information on assigning untagged and priority-tagged packets to VLANs, see Understanding Q-in-Q Tunneling on EX Series Switches and Configuring Q-in-Q Tunneling (CLI Procedure). |
