Feb
05

Within the scope of Metro Ethernet services, it is often beneficial to provide customers “point-to-point” VLAN service, where VLAN (multipoint service in essence) is effectively set up to emulate ethernet “pseudowire”, by disabling MAC-address learning. The benefit comes from saving metro switches CAM tables address space, thus improving overall scalability (which is far from perfect with Ethernet). There is special command, mac address-table learning available on Cisco Metro swtiches (e.g. ME 3400) which allows to disable MAC-address learning per specific VLAN. However, many commonly used switches does not have this feature implemented. Still, there is a way to disable MAC-address learning on a group of ports, by using RSPAN VLAN feature. By it’s functional design, RSPAN VLAN does not learn MAC addresses. However, we are not allowed to assign this type of VLAN directy to switch access ports. Still, we may overcome this issue by configuring switchports as trunk with a single allowed VLAN (RSPAN VLAN) which is also configured as native:

vtp mode transparent
!
vlan 555
 remote-span
!
interface range Fa 0/1 - 3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 555
 switchport trunk native vlan 555

This configuration is applicable to any switch that supports RSPAN functionality. Specifically, it was verified on Catalyst 3550 series.

About Petr Lapukhov, 4xCCIE/CCDE:

Petr Lapukhov's career in IT begain in 1988 with a focus on computer programming, and progressed into networking with his first exposure to Novell NetWare in 1991. Initially involved with Kazan State University's campus network support and UNIX system administration, he went through the path of becoming a networking consultant, taking part in many network deployment projects. Petr currently has over 12 years of experience working in the Cisco networking field, and is the only person in the world to have obtained four CCIEs in under two years, passing each on his first attempt. Petr is an exceptional case in that he has been working with all of the technologies covered in his four CCIE tracks (R&S, Security, SP, and Voice) on a daily basis for many years. When not actively teaching classes, developing self-paced products, studying for the CCDE Practical & the CCIE Storage Lab Exam, and completing his PhD in Applied Mathematics.

Find all posts by Petr Lapukhov, 4xCCIE/CCDE | Visit Website


You can leave a response, or trackback from your own site.

14 Responses to “Turning Switch into Hub”

 
  1. CiscoSpot says:

    It’s a nice idea!

  2. dknov says:

    Wouldn’t that cause constant flooding?

  3. to: dknov

    Well, just as with any “classic” hub, all ports get flooded with frames received on any other ports in the same VLAN. Nice to have, if you like to know what your peers are doing ;) But seriously, the only real benefit is getting rid of mac-address learning and CAM table blowup. This kind of service applies perfectly to “port-to-port” services, where mac-address learning is unnecessary.

  4. JOHN says:

    what about the cisco 3500XL layer 2 switch? it is the same configuration i need to perform? I really appreciate if you can answer this for me. thanks.

  5. To: JOHN

    This method would work with any switch supporting RSPAN VLANs. AFAIK 3500XL/2900XL do not support RSPAN functionality, so you won’t be able to use this trick there.

  6. Cisco Guy says:

    Dear Petr,
    Thanks for the tips on your post. Ofcourse its better to use the ME3400 metro ethernet series since they provide many other features directed for metro ethernet access, specifically some security features if you will use the switch in multidueling buildings.

  7. Ivan says:

    The “mac address-table learning” feature you referred to is now available on the 2960, 3560 and 3750 from version 12.2.46SE1.

  8. Attila says:

    This is also very useful when you need to mirror the traffic of a small DMZ to an IDS for example and no more free SPAN sessions left.

  9. pushpendra says:

    very great idea.
    I was searching for the same.
    Thanks…

  10. Alexei Monastyrnyi says:

    Hi folks.
    Wouldn’t it be logical to turn off DTP on such a switchport?

    Just a thought.

    A.

    • Indra says:

      Chris: The DHCP server did ineded get moved in the switch migration, but I actually didn’t mention it in the post for some reason. Silly me. It’s included now.I haven’t tried LLDP but I’m sure we’ll all have to deal with it sooner or later. I’ll check it out; thanks for the info!

  11. lost-carrier says:

    This solution works in all cases except when you terminate a QinQ tunnel on a 3550. It is seen as access port and you cannot configure it like a trunk with native vlan (because incoming tagged frames will dropped – or accepted but not put into the QinQ vlan).

    @Alexei: yes, I usually use this commands on such ports:

    no cdp enable
    switchport nonegotiate
    l2protocol-tunnel
    l2protocol-tunnel point-to-point

  12. greg says:

    Can u turn an older netgear FS108 into a hub to use for wireshark capture. You cannot find ethernet hubs anymore they quit making them 10 yrs ago but everyone thinks a hub is a switch and it is not. Im in school learning about this about this stuff and trying to find the older equipment is difficult. if an older switch can be modified to a hub i would like to know how

 

Leave a Reply

Categories

CCIE Bloggers