Configure VLAN Sub-Interfaces
Sub-interfaces are logical interfaces created on a hardware interface. These software-defined interfaces allow for segregation of traffic into separate logical channels on a single hardware interface as well as allowing for better utilization of the available bandwidth on the physical interface.
Sub-interfaces are distinguished from one another by adding an extension on the end of the interface name and designation. For instance, the Ethernet sub-interface 23 on the physical interface designated TenGigE 0/1/0/0 would be indicated by TenGigE 0/1/0/0.23.
Before a sub-interface is allowed to pass traffic, it must have a valid tagging protocol encapsulation and VLAN identifier assigned. All Ethernet sub-interfaces always default to the 802.1Q VLAN encapsulation. However, the VLAN identifier must be explicitly defined.
The sub-interface Maximum Transmission Unit (MTU) is inherited from the physical interface with 4 bytes allowed for the 802.1Q VLAN tag.
The following modes of VLAN sub-interface configuration are supported:
-
Basic dot1q Attachment Circuit
-
Q-in-Q Attachment Circuit
To configure a basic dot1q Attachment Circuit, use this encapsulation mode:
encapsulation dot1q vlan extra-id
To configure a basic dot1ad Attachment Circuit, use this encapsulation mode:
encapsulation dot1ad vlan-id
To configure a Q-in-Q Attachment Circuit, use the following encapsulation modes:
-
encapsulation dot1q vlan-id second-dot1q vlan-id
-
encapsulation dot1ad vlan-id dot1q vlan-id
Restrictions and Limitations
To configure VLAN sub-interface, the following restrictions are applicable.
-
For double tagged packet, the VLAN range is supported only on the inner tag.
-
VLAN list is not supported.
VLANs separated by comma are called a VLAN list. See the example below.
Router(config)#interface tenGigE 0/0/0/2.0 l2transport Router(config-subif)#encapsulation dot1q 1,2 >> VLAN range with comma Router(config-subif)#commit
-
If 0x9100/0x9200 is configured as tunneling ether-type, then dot1ad (0x88a8) encapsulation is not supported.
-
If any sub-interface is already configured under a main interface, modifying the tunneling ether-type is not supported.
-
You can program a maximum number of 16 virtual MAC addresses on your router.
-
Following limitations are applicable to both outer and inner VLAN ranges:
-
32 unique VLAN ranges are supported per system.
-
The overlap between outer VLAN ranges on sub-interfaces of the same Network Processor Unit (NPU) is not supported. A sub-interface with a single VLAN tag that falls into a range configured on another sub-interface of the same NPU is also considered an overlap.
-
The overlap between inner VLAN ranges on sub-interfaces of the same NPU is not supported.
-
Range 'any' does not result in explicit programming of a VLAN range in hardware and therefore does not count against the configured ranges.
-
Configuration Example
Configuring VLAN sub-interface involves:
-
Creating a Ten Gigabit Ethernet sub-interface
-
Enabling L2 transport mode on the interface
-
Defining the matching criteria (encapsulation mode) to be used in order to map ingress frames on an interface to the appropriate service instance
Configuration of Basic dot1q Attachment Circuit
Router# configure
Router(config)# interface TenGigE 0/0/0/10.1 l2transport
Router(config-if)# encapsulation dot1q 10 exact
Router(config-if)# no shutdown
Running Configuration
configure
interface TenGigE 0/0/0/10.1
l2transport
encapsulation dot1q 10 exact
!
!
Verification
Verify that the VLAN sub-interface is active:
router# show interfaces TenGigE 0/0/0/10.1
...
TenGigE0/0/0/10.1 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0011.1aac.a05a
Layer 2 Transport Mode
MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation 802.1Q Virtual LAN,
Outer Match: Dot1Q VLAN 10
Ethertype Any, MAC Match src any, dest any
loopback not set,
...