Cisco IOS Software Releases 12.1 T

Table Of Contents

Bridging Between IEEE 802.1Q VLANs

Feature Overview

VLANs

IEEE 802.1Q

Relaying Function

The Tagging Scheme

Native VLAN

PVST+

Ingress and Egress Rules

Integrated Routing and Bridging

Benefits

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Configuring a VLAN for a bridge-group with Default VLAN1

Configuring a VLAN for a bridge-group as a Native VLAN

Monitoring and Maintaining VLAN Subinterfaces

Configuration Examples

VLAN 100 for bridge-group 1 with Default VLAN 1

VLAN 20 for bridge-group 1 with Native VLAN

VLAN ISL or IEEE 802.1Q Routing Example

VLAN IEEE 802.1Q Bridging Example

VLAN IEEE 802.1Q Integrated Routing and Bridging Example

Command Reference

encapsulation dot1q

interface fastethernet

show vlans

Bridging Between IEEE 802.1Q VLANs

---

This feature module describes the Integrated Routing and Bridging, Transparent Bridging, and PVST+ Between VLANs with IEEE 802.1Q Encapsulation feature. It includes information on the benefits of the new feature, supported platforms, supported standards, and the commands necessary to configure the Integrated Routing and Bridging, Transparent Bridging, and PVST+ Between VLANs with IEEE 802.1Q Encapsulation feature.

This document includes the following section:

•Feature Overview

•Supported Platforms

•Supported Standards, MIBs, and RFCs

•Configuration Tasks

•Configuration Examples

•Command Reference

Feature Overview

The Integrated Routing and Bridging, Transparent Bridging, and PVST+ Between VLANs with IEEE 802.1Q Encapsulation feature provides the ability to connect a network of hosts over a simple bridging-access device to a remote access concentrator. This feature supports the following IEEE 802.1Q (Dot1q) functionality:

•Integrated routing and bridging (IRB)—Support connectivity for multiple VLANs using a Bridge-Group Virtual Interface (BVI) to associate a bridge group.

•Transparent bridging (TB)—Support connectivity for multiple VLANs bridged between Dot1q interfaces and other interface encapsulations or other types of interface media.

•Per-VLAN Spanning Tree (PVST+) for IEEE 802.1Q trunks — Support for Dot1q trunks to map multiple spanning trees to a single spanning tree.

This feature will enable interoperability and compatibility between Dot1q encapsulated interfaces and all supported interface medias, such as Inter-Switch Link (ISL) encapsulated interfaces. The packets on the Dot1q link contain a standard (s, run spanning tree per-VLAN over ISL or PVST, where a single spanning tree caters to every VLAN in the domain, PVST+ runs spanning tree on a per VLAN basis, and a default VLAN-1 spanning tree (also called Common Spanning Tree) tunnels to the IEEE 802.1Q specific Mono Spanning Tree (MST).

VLANs

The term VLAN refers to the ability to "virtualize" a Local Area Network (LAN) using a switched architecture. The attraction of using VLANs is that each user device can be connected to any VLAN. Rather than be defined on a physical or geographical basis, VLANs can be defined on a logical or organizational basis where the network can be configured via software instead of by manually replugging wires.

IEEE 802.1Q

The IEEE 802.1Q standard is extremely restrictive to untagged frames. The standard provides only a per-port VLANs solution for untagged frames. For example, assigning untagged frames to VLANs takes into consideration only the port from which they have been received. Each port has a parameter called a permanent virtual identification (Native VLAN) that specifies the VLAN assigned to receive untagged frames.

The main characteristics of IEEE 802.1Q are as follows:

•Assigns frames to VLANs by filtering.

•The standard assumes the presence of a single spanning tree and of an explicit tagging scheme with one-level tagging.

Relaying Function

The relaying function level, as displayed in Figure 1, is the lowest level in the architectural model described in the IEEE 802.1Q standard and presents three types of rules:

•Ingress rules—rules relevant to the classification of received frames belonging to a VLAN.

•Forwarding rules between ports—decides to filter or forward the frame.

•Egress rules (output of frames from the switch)—decides if the frame must be sent tagged or untagged.

Figure 1 Relaying Function

The Tagging Scheme

Figure 2 shows the tagging scheme proposed by the 802.3ac standard, that is, the addition of the four octets after the source MAC address. Their presence is indicated by a particular value of the EtherType field (called TPID), which has been fixed to be equal to 0x8100. When a frame has the EtherType equal to 0x8100, this frame carries the tag IEEE 802.1Q/802.1p. The tag is stored in the following two octets and it contains 3 bits of user priority, 1 bit of Canonical Format Identifier (CFI) and 12 bits of VLAN ID (VID). The 3 bits of user priority are used by the standard 802.1p; and the CFI is used for compatibility reasons between Ethernet type networks and Token Ring type networks. The VID is the identification of the VLAN, which is basically used by the standard 802.1Q and, being on 12 bits, it allows the identification of 4096 VLANs.

After the two octets of TPID and the two octets of the Tag Control Information field there are two octets that originally would have been located after the Source Address field where there is the TPID. They contain either the MAC Length in the case of IEEE 802.3 or the EtherType in the case of Ethernet v.2.

Figure 2 Tagging Scheme

The EtherType and VLAN ID are inserted after the MAC source address, but before the original Ethertype/Length or Logical Link Control (LLC). The 1-bit CFI included a T-R Encapsulation bit so that Token Ring frames can be carried across Ethernet backbones without using 802.1H translation.Adding a Tag Recomputes the Frame Control Sequence

Figure 3 shows how adding a tag in a frame recomputes the Frame Control Sequence. 802.1p and 802.1Q share the same tag.

Figure 3 Adding a Tag Recomputes the Frame Control Sequence

Native VLAN

Each physical port has a parameter called PVID. Every 802.1Q port is assigned a PVID value that is of its native VLAN ID (default is VLAN 1). All untagged frames are assigned to the LAN specified in the PVID parameter. When a tagged frame is received by a port, the tag is respected. If the frame is untagged, the value contained in the PVID is considered as a tag. Because the frame is untagged and the PVID is tagged, this allows the coexistence, as shown in Figure 4, on the same pieces of cable of VLAN-aware bridge/stations and of VLAN-unaware bridges/stations. Consider, for example, the two stations connected to the central trunk link in the lower part of Figure 4. They are VLAN-unaware and they will be associated with VLAN C because the PVIDs of the VLAN-aware bridges are equal to VLAN C. Because the VLAN-unaware stations send only untagged frames, when the VLAN-aware bridge devices receive these untagged frames they assign them to VLAN C.

Figure 4 Native VLAN

PVST+

PVST+ provides support for 802.1Q trunks and the mapping of multiple spanning trees to the single spanning tree of 802.1Q switches.

The PVST+ architecture distinguishes three types of regions:

•A PVST region

•A PVST+ region

•A MST region

Each region consists of a homogenous type of switch. A PVST region can be connected to a PVST+ region by connecting two ISL ports. Similarly, a PVST+ region can be connected to an MST region by connecting two 802.1Q ports.

At the boundary between a PVST region and a PVST+ region the mapping of spanning trees is one-to-one. At the boundary between a MST region and a PVST+ region, the ST in the MST region maps to one PVST in the PVST+ region. The one it maps to is called the Common Spanning Tree (CST). The default CST is the PVST of VLAN 1 (Native VLAN).

All PVSTs, except for the CST, are tunneled through the MST region. Tunneling means that Bridge Protocol Data Units (BPDU) are flooded through the MST region along the single spanning tree present in the MST region.

---

Note When a Dot1q VLAN is configured on an interface, a default VLAN 1 is automatically created to process the common spanning tree (CST). The default VLAN 1 created is only used for processing spanning tree BPDU packets. Even though these packets are Dot1q un-tagged, no other un-tagged data packet will be process by this VLAN 1. Instead, all of the un-tagged data packet will be processed by the explicitly defined Native VLAN. If, however, no Native VLAN is defined, VLAN 1 will become the default the Native VLAN 1 (it can also be explicitly defined as Native VLAN 1) to handle all the un-tagged packets, including CST BPDUs and data packets.

---

Ingress and Egress Rules

The BPDU transmission on the 802.1Q port of a PVST+ router will be implemented in compliance with the following rules:

•The CST BPDU (of VLAN 1, by default) is sent to the IEEE address.

•All the other BPDUs are sent to Shared Spanning Tree Protocol (SSTP)-Address and encapsulated with Logical Link Control-Subnetwork Access Protocol (LLC-SNAP) header.

•The BPDU of the CST and BPDU of the VLAN equal to the PVID of the 802.1Q trunk are sent untagged.

•All other BPDUs are sent tagged with the VLAN ID.

•The CST BPDU is also sent to the SSTP address.

•Each SSTP-addressed BPDU has a Tag-Length-Value (TLV) appended to it. This TLV contains the VLAN ID of the spanning tree to which the BPDU belongs and is used to check the PVID.

The BPDU reception on the 802.1Q port of a PVST+ router will follow these rules:

•All untagged SSTP-addressed BPDUs must be received on the PVID of the 802.1Q port.

•IEEE-addressed BPDUs will be processed by the CST.

•If the SSTP-addressed BPDU does not have an 802.1Q tag (that is, if it originated from the PVID of the sending 802.1Q port), it will still contain a TLV. The TLV contains the PVID of the sending port, which the receiver will compare with the PVID of the receiving port. If these two values do not match, the port is put into Blocking state due to PVID inconsistency.

•All SSTP-addressed BPDUs whose VLAN ID is not equal to the CST are processed by the spanning tree of that particular VLAN ID.

•The SSTP-addressed BPDUs whose VLAN ID is equal to the CST are dropped. These BPDUs are used for consistency checking only.

Integrated Routing and Bridging

IRB enables a user to route a given protocol between routed interfaces and bridge groups or route a given protocol between the bridge groups. This feature extends the 802.1Q support for IRB with the following protocols:

•IP

•IPX

•AppleTalk

Benefits

Currently, Cisco IOS support for interfaces that have 802.1Q encapsulation configured is IP, IP Multicast, and IPX routing between the respective VLANs represented as subinterfaces on that link. This feature will introduce new functionality in IEEE 802.1Q support for bridging on those interfaces and the capability to configure and use IRB.

Supported Platforms

•Cisco 2600 series

•Cisco 3600 series

•Cisco 4000-m series

•Cisco 7100 series

•Cisco 7200 series

•Cisco 7500 series

Supported Standards, MIBs, and RFCs

Standards

•IEEE 802.1Q

•IEEE 802.1p

MIBs

None

For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

RFCs

None

Configuration Tasks

See the following sections for configuration tasks for the Integrated Routing and Bridging, Transparent Bridging, and PVST+ Between VLANs with IEEE 802.1Q Encapsulation feature.

•Configuring a VLAN for a bridge-group with Default VLAN1

•Configuring a VLAN for a bridge-group as a Native VLAN

Configuring a VLAN for a bridge-group with Default VLAN1

To configure a VLAN associated to a bridge group with a default native VLAN, use the following commands in global configuration mode:

	Command	Purpose
Step 1	Router(config)# interface fastethernet slot/port	Selects a particular Fast Ethernet interface for configuration.
Step 2	Router(config-subif)# encapsulation dot1q 1	Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in VLANs, and defaults the associated VLAN as a native VLAN.
Step 3	Router(config-subif)# bridge-group bridge-group	Assigns each network interface to a bridge group.

---

Note If there is no explicitly defined native VLAN, the default VLAN 1 becomes the native VLAN 1.

---

Configuring a VLAN for a bridge-group as a Native VLAN

To configure a VLAN associated to a bridge group as a native VLAN, use the following commands in global configuration mode:

	Command	Purpose
Step 1	Router(config)# interface fastethernet slot/port	Selects a particular Fast Ethernet interface for configuration.
Step 2	Router(config-subif)# encapsulation dot1q vlan-id native	Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in VLANs, and defaults to 1.
Step 3	Router(config-subif)# bridge-group bridge-group	Assigns each network interface to a bridge group.

---

Note If there is an explicitly defined native VLAN, VLAN 1 will only be used to process CST.

---

Monitoring and Maintaining VLAN Subinterfaces

To indicate whether a VLAN is a native VLAN, use the following command in privileged EXEC mode:

Command	Purpose
Router# show vlans	Displays VLAN subinterfaces.

Configuration Examples

This section provides the following configuration examples:

•VLAN 100 for bridge-group 1 with Default VLAN 1

•VLAN 20 for bridge-group 1 with Native VLAN

•VLAN ISL or IEEE 802.1Q Routing Example

•VLAN IEEE 802.1Q Bridging Example

•VLAN IEEE 802.1Q Integrated Routing and Bridging Example

VLAN 100 for bridge-group 1 with Default VLAN 1

The following example configures VLAN 100 for bridge-group 1 with a default VLAN 1:

interface FastEthernet 4/1.100

encapsulation dot1q 1

bridge-group 1

VLAN 20 for bridge-group 1 with Native VLAN

The following example configures VLAN 20 for bridge-group 1as a native VLAN:

interface FastEthernet 4/1.100

encapsulation dot1q 20 native

bridge-group 1

VLAN ISL or IEEE 802.1Q Routing Example

The following example configures VLAN ISL or IEEE 802.10 routing:

ipx routing

appletalk routing

!

interface Ethernet 1

ip address 110.1.1.1 255.255.255.0

appletalk cable-range 1-1 1.1

appletalk zone 1

ipx network 110 encapsulation snap

!

router igrp 1

network 110.1.0.0

!

end

!

#Catalyst5000

!

set VLAN 110 2/1

set VLAN 120 2/2

!

set trunk 1/1 110,120

# if 802.1Q, set trunk 1/1 nonegotiate 110, 120

!

end

!

ipx routing

appletalk routing

!

interface FastEthernet 1/1.110

encapsulation isl 110

!if 802.1Q, encapsulation dot1Q 110

ip address 110.1.1.2 255.255.255.0

appletalk cable-range 1.1 1.2

appletalk zone 1

ipx network 110 encapsulation snap

!

interface FastEthernet 1/1.120

encapsulation isl 120

!if 802.1Q, encapsulation dot1Q 120

ip address 120.1.1.2 255.255.255.0

appletalk cable-range 2-2 2.2

appletalk zone 2

ipx network 120 encapsulation snap

!

router igrp 1

network 110.1.0.0

network 120.1.0.0

!

end

!

ipx routing

appletalk routing

!

interface Ethernet 1

ip address 120.1.1.3 255.255.255.0

appletalk cable-range 2-2 2.3

appletalk zone 2

ipx network 120 encapsulation snap

!

router igrp 1

network 120.1.0.0

!

end

VLAN IEEE 802.1Q Bridging Example

interface FastEthernet4/0

 no ip address

 no ip route-cache

 half-duplex

!

interface FastEthernet4/0.100

 encapsulation dot1Q 100

 no ip route-cache

 bridge-group 1

!

interface FastEthernet4/0.200

 encapsulation dot1Q 200 native

 no ip route-cache

 bridge-group 2

!

interface FastEthernet4/0.300

 encapsulation dot1Q 1

 no ip route-cache

 bridge-group 3

!

interface FastEthernet10/0

 no ip address

 no ip route-cache

 half-duplex

!

interface FastEthernet10/0.100

 encapsulation dot1Q 100

 no ip route-cache

 bridge-group 1

!

interface Ethernet11/3

 no ip address

 no ip route-cache

 bridge-group 2

!

interface Ethernet11/4

 no ip address

 no ip route-cache

 bridge-group 3

!

bridge 1 protocol ieee

bridge 2 protocol ieee

bridge 3 protocol ieee

VLAN IEEE 802.1Q Integrated Routing and Bridging Example

ip cef

appletalk routing

ipx routing 0060.2f27.5980

!

bridge irb

!

interface TokenRing3/1

 no ip address

 ring-speed 16

 bridge-group 2

!

nterface FastEthernet4/0

 no ip address

 half-duplex

!

interface FastEthernet4/0.100

 encapsulation dot1Q 100

 bridge-group 1

!

interface FastEthernet4/0.200

 encapsulation dot1Q 200

 bridge-group 2

!

interface FastEthernet10/0

ip address 20.1.1.10 255.255.255.0

 half-duplex

 appletalk cable-range 200-200 200.10

 appletalk zone irb

 ipx network 200

!

interface Ethernet11/3

 no ip address

 bridge-group 1

!

interface BVI 1

 ip address 10.1.1.11 255.255.255.0

 appletalk cable-range 100-100 100.11

 appletalk zone bridging

 ipx network 100

!

router rip

 network 10.0.0.0

 network 20.0.0.0

!

bridge 1 protocol ieee

 bridge 1 route appletalk

 bridge 1 route ip

 bridge 1 route ipx

bridge 2 protocol ieee

!

Command Reference

This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.

•encapsulation dot1q

•interface fastethernet

•show vlans

encapsulation dot1q

To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in virtual LANs, use the encapsulation dot1q subinterface configuration command.

encapsulation dot1q vlan-id [native]

Syntax Description

vlan-id	Virtual LAN identifier. The allowed range is from 1 to 1000.
native	(Optional) Sets the PVID value of the port to vlan-id.

Defaults

Disabled

Command Modes

Subinterface configuration

Command History

Release	Modification
12.0(1)T	This command was introduced.
12.1(3)T	The native keyword was added.

Usage Guidelines

IEEE 802.1Q encapsulation is configurable on Fast Ethernet interfaces. IEEE 802.1Q is a standard protocol for interconnecting multiple switches and routers and for defining VLAN topologies.

Do not configure encapsulation on the native VLAN of an IEEE 802.1Q trunk without the native keyword. (Always use the native keyword when vlan-id is the ID of the IEEE 802.1Q native VLAN.)

Examples

The following example encapsulates VLAN traffic using the IEEE 802.1Q protocol for VLAN 100:

interface fastethernet 4/1.100

  encapsulation dot1q 100

Related Commands

Command	Description
encapsulation isl	Enables the ISL, a Cisco proprietary protocol for interconnecting multiple switches and maintaining VLAN information as traffic goes between switches.
encapsulation sde	Enables IEEE 802.10 encapsulation of traffic on a specified subinterface in VLANs.

interface fastethernet

To select a particular Fast Ethernet interface for configuration, use the interface fastethernet global configuration command.

Cisco 4500 and 4700 Series

interface fastethernet number

Cisco 7200 Series

interface fastethernet slot/port

Cisco 7500 Series

interface fastethernet slot/port-adapter/port

Syntax Description

number	Port, connector, or interface card number. On Cisco 4500 or 4700 series routers, specifies the Network Interface Module (NIM) or Networking Products Marketplace (NPM) number. The numbers are assigned at the factory at the time of installation or when added to a system.
slot	Number of the slot being configured. Refer to the appropriate hardware manual for slot and port information.
port	Number of the port being configured. Refer to the appropriate hardware manual for slot and port information.
port-adapter	Number of the port adapter being configured. Refer to the appropriate hardware manual for information about port adapter compatibility.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release	Modification
11.2	This command was introduced.
11.3	Default encapsulation type was changed to Advanced Research Projects Agency (ARPA).

Usage Guidelines

This command does not have a no form.

Examples

The following example configures Fast Ethernet interface 0 for standard ARPA encapsulation (the default setting) on Cisco 4500 or 4700 series routers:

interface fastethernet 0

Related Commands

Command	Description
show interfaces fastethernet	Displays information about the Fast Ethernet interfaces.

show vlans

To view virtual LAN (VLAN) subinterfaces, use the show vlans privileged EXEC command.

show vlans

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release	Modification
11.0	This command was introduced.
12.1(3)T	This command was modified to display traffic count on FastEthernet subinterfaces.

Examples

The following is sample output from the show vlans command:

RouterC7xxx# show vlans

Virtual LAN ID:  2 (IEEE 802.1Q Encapsulation)

    vLAN Trunk Interface:   FastEthernet5/0.1

    Protocols Configured:   Address:              Received:        Transmitted:

            IP              56.0.0.3                    16               92129

Virtual LAN ID:  3 (IEEE 802.1Q Encapsulation)

    vLAN Trunk Interface:   Ethernet6/0/1.1

    Protocols Configured:   Address:              Received:        Transmitted:

            IP              36.0.0.3                  1558                1521

Virtual LAN ID:  4 (Inter Switch Link Encapsulation)

    vLAN Trunk Interface:   FastEthernet5/0.2     

    Protocols Configured:   Address:              Received:        Transmitted:

            IP              76.0.0.3                     0                   7

The following is sample output from the show vlans command indicating a native VLAN and a bridged group:

Virtual LAN ID:  1 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interface:   FastEthernet1/0/2

 This is configured as native Vlan for the following interface(s) :

FastEthernet1/0/2

   Protocols Configured:   Address: Received:        Transmitted:

Virtual LAN ID:  100 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interface:   FastEthernet1/0/2.1

   Protocols Configured:   Address: Received:        Transmitted:

        Bridging        Bridge Group 1 0                   0

Table 1 describes the fields shown in the display.

Table 1 show vlans Field Descriptions  

Field	Description
Virtual LAN ID	Domain number of the VLAN.
vLAN Trunk Interface	Subinterface that carries the VLAN traffic.
Protocols Configured	Protocols configured on the VLAN.
Address	Network address.
Received	Packets received.
Transmitted	Packets sent.