# Tunnel L2 Protocols over VPLS

Load **vpls.l2.tunneling.cfg**

```
#IOS-XE (R1-R6, CE1-3)
config replace flash:vpls.l2.tunneling.cfg
```

Configure VPLS with BGP for autodiscovery and signaling for CE1, CE2 and CE3. BGP l2vpn/vpls is already configured in the core.

Configure the PEs so that CDP is terminated on the PEs themselves, and LLDP is tunneled through VPLS. All CEs should see one CDP neighbor (the PE), and two LLDP neighbors (two CEs).

CDP and LLDP is already configured on the CEs. CDP is already configured globally on the PEs.

## Answer <a href="#id-25fbaa2e-8441-4b0e-9253-1648588e84ef" id="id-25fbaa2e-8441-4b0e-9253-1648588e84ef"></a>

```
#R1
l2vpn vfi context VPLS1
 vpn id 10
 l2protocol forward lldp
 autodiscovery bgp signaling bgp
  ve id 1
!
int gi4
 cdp enable
 service instance 10 eth
  encapsulation default
  l2protocol forward lldp
 exit
!
bridge-domain 10
 member gi4 service-instance 10
 member vfi VPLS1

#R3
l2vpn vfi context VPLS1
 vpn id 10
 l2protocol forward lldp
 autodiscovery bgp signaling bgp
  ve id 3
!
int gi6
 cdp enable
 service instance 10 eth
  encapsulation default
  l2protocol forward lldp
 exit
!
bridge-domain 10
 member gi6 service-instance 10
 member vfi VPLS1

#R5
l2vpn vfi context VPLS1
 vpn id 10
 l2protocol forward lldp
 autodiscovery bgp signaling bgp
  ve id 5
!
int gi6
 cdp enable
 service instance 10 eth
  encapsulation default
  l2protocol forward lldp
 exit
!
bridge-domain 10
 member gi6 service-instance 10
 member vfi VPLS1
```

## Explanation <a href="#id-3da1506d-8515-409f-ba03-03830b0640fc" id="id-3da1506d-8515-409f-ba03-03830b0640fc"></a>

Because VPLS is a layer 2 service, you may want to sometimes tunnel L2 protocols and sometimes terminate them on the PE. For example, perhaps you want to tunnel STP, CDP or VTP through, but terminate LACP on the PE directly.

It appears that by default the router will not tunnel any L2 protocols when using an EFP. You can change this behavior under the service instance using the command **l2protocol forward|peer&#x20;*****protocol***. It seems that when using the physical port instead of a service instance, all l2protocols are tunneled.

Additionally, you have to apply this to the VFI in VPLS, since the VFI is somewhat like another port in the bridge-domain. You apply this using the same command but the only option is **forward**.

```
l2vpn vfi context VPLS1
 l2protocol forward protocol
```

As a shortcut, it seems you can simply use **l2protocol forward** to forward all L2 protocols.

## Verification <a href="#b5e5d59e-4fa6-4bf6-a27a-6a08300f0c1e" id="b5e5d59e-4fa6-4bf6-a27a-6a08300f0c1e"></a>

Each CE should see the local PE as the only CDP neighbor, and the two other CEs as LLDP neighbors:

<div align="left"><figure><img src="/files/zcQUpUvPvHWs3xPwgqb0" alt=""><figcaption></figcaption></figure></div>

We can verify the router is forwarding LLDP on the EFP using this show command:

<div align="left"><figure><img src="/files/hI9qu8lM8BS2McsOrMxM" alt=""><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ccie-sp.gitbook.io/ccie-spv5.1-labs/labs/vpls/tunnel-l2-protocols-over-vpls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.