L2VPN Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Releases

PDF

VLAN subinterfaces

Want to summarize with AI?

Log in

Explains VLAN subinterface fundamentals, outlines the use of VLAN lists and ranges, presents guidelines for high-density subinterface deployment, and demonstrates configuration procedures for VLAN subinterfaces.


A VLAN subinterface is a Layer 2 subinterface that

  • classifies ingress traffic by encapsulation and VLAN identifiers

  • supports both basic dot1q and double-tagged dot1ad and dot1q attachment circuits, and

  • maps matching frames to the correct Layer 2 service instance.


VLAN subinterface characteristics

Key VLAN subinterface attributes

VLAN subinterfaces are logical interfaces created on a hardware interface. These software-defined interfaces enable separation of traffic into distinct logical channels on a single physical port.

  • Naming format: Subinterfaces are named by appending an extension to the base interface name (for example, HundredGigE 0/1/0/0.23 for subinterface 23 on physical interface HundredGigE 0/1/0/0).

  • Encapsulation requirement: Each subinterface must have a valid tagging protocol encapsulation and VLAN identifier assigned before it can pass traffic. Ethernet subinterfaces default to 802.1Q VLAN encapsulation, but require an explicit VLAN ID.

  • Maximum transmission unit (MTU): The MTU is inherited from the physical interface, with an additional 4 bytes for the 802.1Q VLAN tag.

  • Attachment circuit mode: The basic dot1q Attachment Circuit mode of VLAN subinterface configuration is supported through the command encapsulation dot1q vlan_id.

  • Layer 2 encapsulation: Layer 2 subinterfaces can be configured with encapsulation default command.

configure
 interface HundredGigE 0/0/0/10.1
  l2transport
   encapsulation default

VLAN list and VLAN range


Best practice for high-density subinterface deployment

To avoid uneven hardware utilization and Out of Resource (OOR) conditions in dense Layer 2 VLAN subinterface designs, follow these best practices:

  • Configure Layer 2 VLAN subinterfaces across multiple physical interfaces to improve resource utilization and ensure service mappings are not concentrated on a single hardware slice.

  • For high-density deployments, distribute services across different interfaces to prevent uneven allocation of system resources. Use bundle interfaces to distribute services across multiple member links, improving load balancing and resiliency.

  • Prefer interfaces outside the fabric slice for very high-density deployments to optimize resource allocation.

  • Be aware that the system automatically assigns service mapping resources using internal hashing mechanisms, which can result in uneven resource distribution.

  • Monitor for Out of Resource (OOR) conditions; these may occur if resources are unevenly allocated, even when overall capacity remains available, and monitoring tools may report maximum utilization for affected resources.


Configure VLAN subinterface

Use this task to configure either a basic dot1q attachment circuit or a double-tagged dot1ad and dot1q attachment circuit.

The source includes both single-tag and double-tag examples and shows how to verify each mode.

Before you begin

Identify the physical interface, subinterface number, and VLAN IDs that the service requires.

Procedure

1.

Create the Layer 2 subinterface.

Example:

Router# configure
Router(config)# interface HundredGigE 0/0/0/10.1 l2transport
2.

Configure encapsulation for the required service type.

Example:

Router(config-if)# encapsulation dot1q 10

For a double-tag service, the source uses:

Router# configure
Router(config)# interface HundredGigE 0/0/0/10.1 l2transport
Router(config-if)# encapsulation dot1ad 200 dot1q 201
3.

Bring the subinterface up.

Example:

Router(config-if)# no shutdown
4.

Use the show interfaces hundredGigE 0/0/0/29.300 command to verify that the VLAN subinterface is active in a double-tag scenario.

Example:

Router# show interfaces hundredGigE 0/0/0/29.300
HundredGigE0/0/0/29.300 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0029.c201.3f0c
Internet address is Unknown
MTU 1518 bytes, BW 100000000 Kbit (Max: 100000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation 802.1Q Virtual LAN, VLAN Id 300, loopback not set, 
Last link flapped 00:00:19
Last input never, output never
Last clearing of "show interface" counters never
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 0 multicast packets
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
5.

Use the show interface HundredGigE 0/0/0/29.200 command to verify that the VLAN subinterface is active in a double-tag scenario.

Example:

Router# show interface HundredGigE 0/0/0/29.200
HundredGigE0/0/0/29.200 is up, line protocol is up
Interface state transitions: 1
Hardware is VLAN sub-interface(s), address is 0029.c201.3f0c
Internet address is 40.40.50.1/24
MTU 1522 bytes, BW 100000000 Kbit (Max: 100000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation 802.1ad-802.1Q Virtual LAN,
Last link flapped 00:01:25
ARP type ARPA, ARP timeout 04:00:00
Last input never, output never
Last clearing of "show interface" counters never
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 0 multicast packets
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets

Successful verification shows the interface up and the encapsulation line for each scenario.