Configuring 802.1Q VLAN Interfaces on the Cisco ASR 9000 Series Router
This module describes the configuration and management of 802.1Q VLAN interfaces on the Cisco ASR 9000 Series Aggregation Services Routers.
The IEEE 802.1Q specification establishes a standard method for tagging Ethernet frames with VLAN membership information, and defines the operation of VLAN bridges that permit the definition, operation, and administration of VLAN topologies within a bridged LAN infrastructure.
The 802.1Q standard is intended to address the problem of how to divide large networks into smaller parts so broadcast and multicast traffic does not use more bandwidth than necessary. The standard also helps provide a higher level of security between segments of internal networks.
Feature History for Configuring 802.1Q VLAN Interfaces
This feature was introduced on the Cisco ASR 9000 Series Router.
Layer 2 dot1q was updated. Encapsulation dot1q was added.
Prerequisites for Configuring 802.1Q VLAN Interfaces
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Before configuring 802.1Q VLAN interfaces, be sure that the following conditions are met:
You must have configured a Gigabit Ethernet interface, a 10-Gigabit Ethernet interface, or an Ethernet bundle interface.
Information About Configuring 802.1Q VLAN Interfaces
To configure 802.1Q VLAN interfaces, you must understand the following concepts:
A VLAN is a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are very flexible for user and host management, bandwidth allocation, and resource optimization.
The IEEE 802.1Q protocol standard addresses the problem of dividing large networks into smaller parts so broadcast and multicast traffic does not consume more bandwidth than necessary. The standard also helps provide a higher level of security between segments of internal networks.
The 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames.
The IEEE 802.1Q tag-based VLAN uses an extra tag in the MAC header to identify the VLAN membership of a frame across bridges. This tag is used for VLAN and quality of service (QoS) priority identification. The VLANs can be created statically by manual entry or dynamically through Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP). The VLAN ID associates a frame with a specific VLAN and provides the information that switches must process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes of Tag Protocol Identifier (TPID) residing within the type and length field of the Ethernet frame and two bytes of Tag Control Information (TCI) which starts after the source address field of the Ethernet frame.
CFM on 802.1Q VLAN Interfaces
Configuring Connectivity Fault Management (CFM) for monitoring 802.1Q VLAN interfaces is identical to configuring CFM for monitoring Ethernet interfaces.
Subinterfaces are logical interfaces created on a hardware interface. These software-defined interfaces allow for segregation of traffic into separate logical channels on a single hardware interface as well as allowing for better utilization of the available bandwidth on the physical interface.
Subinterfaces are distinguished from one another by adding an extension on the end of the interface name and designation. For instance, the Ethernet subinterface 23 on the physical interface designated TenGigE 0/1/0/0 would be indicated by TenGigE 0/1/0/0.23.
Before a subinterface is allowed to pass traffic it must have a valid tagging protocol encapsulation and VLAN identifier assigned. All Ethernet subinterfaces always default to the 802.1Q VLAN encapsulation. However, the VLAN identifier must be explicitly defined.
The subinterface maximum transmission unit (MTU) is inherited from the physical interface with an additional four bytes allowed for the 802.1Q VLAN tag.
The Cisco ASR 9000 Series Router does not support a native VLAN. However, the equivalent functionality is accomplished using an encapsulation command as follows:
encapsulation dot1q TAG-ID, untagged
An Ethernet Flow Point (EFP) is a Metro Ethernet Forum (MEF) term describing abstract router architecture. On the Cisco ASR 9000 Series Router, an EFP is implemented by an L2 subinterface with a VLAN encapsulation. The term EFP is used synonymously with an VLAN tagged L2 subinterface.
Layer 2 VPN on VLANs
The Layer 2 Virtual Private Network (L2VPN) feature enables Service Providers (SPs) to provide Layer 2 services to geographically disparate customer sites.
The configuration model for configuring VLAN attachment circuits (ACs) is similar to the model used for configuring basic VLANs, where the user first creates a VLAN subinterface, and then configures that VLAN in subinterface configuration mode. To create an AC, you need to include the l2transport keyword in the interface command string to specify that the interface is a Layer 2 interface.
VLAN ACs support three modes of L2VPN operation:
Basic Dot1Q AC—The AC covers all frames that are received and sent with a specific VLAN tag.
QinQ AC—The AC covers all frames received and sent with a specific outer VLAN tag and a specific inner VLAN tag. QinQ is an extension to Dot1Q that uses a stack of two tags.
Q-in-Any AC—The AC covers all frames received and sent with a specific outer VLAN tag and any inner VLAN tag, as long as that inner VLAN tag is not L3 terminated. Q-in-Any is an extension to QinQ that uses wildcarding to match any second tag.
Note The Q-in-Any mode is a variation of the basic Dot1Q mode. In Q-in-Any mode, the frames have a basic QinQ encapsulation; however, in Q-in-Any mode the inner tag is not relevant, except for the fact that a few specific inner VLAN tags are siphoned for specific services. For example, a tag may be used to provide L3 services for general internet access.
Keep the following in mind when configuring L2VPN on a VLAN:
Cisco IOS XR software supports 4k ACs per LC.
In a point-to-point connection, the two ACs do not have to be of the same type. For example, a port mode Ethernet AC can be connected to a Dot1Q Ethernet AC.
Pseudowires can run in VLAN mode or in port mode. A pseudowire running in VLAN mode has a single Dot1Q tag, while a pseudo-wire running in port mode has no tags. Some interworking is required to connect these different types of circuits together. This interworking takes the form of popping, pushing, and rewriting tags. The advantage of Layer 2 VPN is that is simplifies the interworking required to connect completely different media types together.
The ACs on either side of an MPLS pseudowire can be different types. In this case, the appropriate conversion is carried out at one or both ends of the AC to pseudowire connection.
Use the show interfaces command to display AC and pseudowire information.
Note For detailed information about configuring an L2VPN network, see the “Implementing MPLS Layer 2 VPNs” module of the Cisco ASR 9000 Series Router Multiprotocol Label Switching Configuration Guide.
Other Layer 2 VPN Features
For information on the following Layer 2 VPN features, refer to the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide and the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference :
Configures Layer 2 protocol tunneling and protocol data unit (PDU) filtering on an Ethernet interface for the following protocols: CDP, PVST+, STP, VTP, where:
tunnel —Specifies L2PT encapsulation on frames as they enter the interface, and de-encapsulation on frames as they exit they interface.
reverse-tunnel —Specifies L2PT encapsulation on frames as they exit the interface, and de-encapsulation on frames as they enter the interface.
Saves configuration changes.
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
– Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
– Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
– Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
show interfaces [ GigabitEthernet | TenGigE ] interface-path-id.subinterface
RP/0/RSP0/CPU0:router# show interfaces TenGigE 0/3/0/0.1
(Optional) Displays statistics for interfaces on the router.
What to Do Next
To configure a point-to-point pseudowire cross connect on the AC, see the “ Implementing MPLS Layer 2 VPNs” module of the Cisco ASR 9000 Series Router Multiprotocol Label Switching Configuration Guide.
To attach Layer 3 service policies, such as Multiprotocol Label Switching (MPLS) or QoS, to the VLAN, refer to the appropriate Cisco ASR 9000 Series Router configuration guide.
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.