Configure VLAN Subinterfaces
Feature Name |
Release Information |
Feature Description |
---|---|---|
VLAN List |
Release 7.4.1 |
VLANs separated by a comma are called VLAN lists. This feature allows you to configure a VLAN list on the L2 subinterface. VLAN-IDs of up to 9 are supported, per VLAN list. This feature overrides any limit set on the number of customers that can be supported in an Ethernet network. |
Subinterfaces are logical interfaces created on a hardware interface. These software-defined interfaces allow for segregation of traffic into separate logical channels on a single hardware interface as well as allowing for better utilization of the available bandwidth on the physical interface.
Subinterfaces are distinguished from one another by adding an extension on the end of the interface name and designation. For instance, the Ethernet subinterface 23 on the physical interface designated TenGigE 0/1/0/0 would be indicated by TenGigE 0/1/0/0.23.
Before a subinterface is allowed to pass traffic, it must have a valid tagging protocol encapsulation and VLAN identifier assigned. All Ethernet subinterfaces always default to the 802.1Q VLAN encapsulation. However, the VLAN identifier must be explicitly defined.
The subinterface Maximum Transmission Unit (MTU) is inherited from the physical interface with 4 bytes allowed for the 802.1Q VLAN tag.
The following modes of VLAN subinterface configuration are supported:
-
Basic dot1q Attachment Circuit
-
Basic dot1ad Attachment Circuit
-
Q-in-Q Attachment Circuit
To configure a basic dot1q Attachment Circuit, use this encapsulation mode:
encapsulation dot1q vlan extra-id
To configure a basic dot1ad Attachment Circuit, use this encapsulation mode:
encapsulation dot1ad vlan-id
To configure a Q-in-Q Attachment Circuit, use the following encapsulation modes:
-
encapsulation dot1q vlan-id second-dot1q vlan-id
-
encapsulation dot1ad vlan-id dot1q vlan-id
From Release 7.4.1, VLAN list is supported for both inner and outer VLAN IDs. The following is the example to show the supported VLAN lists on L2 subinterface:
Router#configure
Router(config)#interface TenGigE 0/0/0/1.101 l2transport
Router(config-subif)#encapsulation dot1q 10,11,12,13,14,15,16,17,untagged
-
BVI with Double-Tagged AC—You can configure the attachment circuit (AC) with double-VLAN tag encapsulation on the bridge-group virtual interface (BVI). You must specify the rewrite ingress pop 2 symmetric option when you configure the AC on the BVI with double-VLAN tag encapsulation.
Note |
On Cisco N540X-6Z18G-SYS-A/D and N540X-8Z16G-SYS- A/D variants a maximum of up to 1K subinterfaces (includes both bundle and physical) are supported overall. |
Restrictions and Limitations
To configure VLAN subinterface, the following restrictions are applicable.
-
At least 64 VLAN-IDs in a VLAN list is required to overcome the limitation of only 9 VLAN ranges per NPU.
-
For double-tagged packet, the VLAN range is supported only on the inner tag.
-
If 0x9100/0x9200 is configured as tunneling ether-type, then dot1ad (0x88a8) encapsulation isn’t supported.
-
If any subinterface is already configured under a main interface, modifying the tunneling ether-type isn’t supported.
-
Following limitations are applicable to both outer and inner VLAN ranges:
-
32 unique VLAN ranges are supported per NPU.
-
The overlap between outer VLAN ranges on subinterfaces of the same Network Processor Unit (NPU) isn’t supported. A subinterface with a single VLAN tag that falls into a range configured on another subinterface of the same NPU is also considered an overlap.
-
The overlap between inner VLAN ranges on subinterfaces of the same NPU isn’t supported.
-
Range 'any' doesn’t result in explicit programming of a VLAN range in hardware and therefore doesn’t count against the configured ranges.
-
Configuration Example
Configuring a VLAN subinterface involves:
-
Creating a Ten Gigabit Ethernet subinterface
-
Enabling L2 transport mode on the interface
-
Defining the matching criteria (encapsulation mode) to be used in order to map ingress frames on an interface to the appropriate service instance.
Configuration of Basic dot1q Attachment Circuit
Router# configure
Router(config)# interface TenGigE 0/0/0/10.1 l2transport
Router(config-if)# encapsulation dot1q 10 exact
Router(config-if)# no shutdown
Router# configure
Router(config)#interface TenGigE 0/0/0/1.101 l2transport
Router(config-subif)#encapsulation list-extended dot1q 66-67,68-69,70-71,118-119,120-121,122-123,229,230,231
Running Configuration
configure
interface TenGigE 0/0/0/10.1
l2transport
encapsulation dot1q 10 exact
!
!
Configure
interface TenGigE 0/0/0/1.101
l2transport
encapsulation list-extended dot1q 66-67,68-69,70-71,118-119,120-121,122-123,229,230,231
Verification
Verify that the VLAN subinterface is active:
Router# show interfaces TenGigE 0/0/0/10.1
...
TenGigE0/0/0/10.1 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0011.1aac.a05a
Layer 2 Transport Mode
MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation 802.1Q Virtual LAN,
Outer Match: Dot1Q VLAN 10
Ethertype Any, MAC Match src any, dest any
loopback not set,
...
Router#show interfaces TenGigE 0/0/0/1.101
TenGigabitEthernet0/0/0/1.101 is down, line protocol is down
Interface state transitions: 0
Hardware is VLAN sub-interface(s), address is 008a.9678.0c04
Layer 2 Transport Mode
MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation 802.1Q Virtual LAN,
Outer Match: Dot1Q VLAN 66-67,68-69,70-71,118-119,120-121,122-123,229,230,231
Ethertype Any, MAC Match src any, dest any
loopback not set,
Last input never, output never
Last clearing of "show interface" counters never
0 packets input, 0 bytes
0 input drops, 0 queue drops, 0 input errors
0 packets output, 0 bytes
0 output drops, 0 queue drops, 0 output errors