Configure VLAN Sub-Interfaces
Sub-interfaces are logical interfaces created on a hardware interface. These software-defined interfaces allow for segregation of traffic into separate logical channels on a single hardware interface as well as allowing for better utilization of the available bandwidth on the physical interface.
Sub-interfaces are distinguished from one another by adding an extension on the end of the interface name and designation. For instance, the Ethernet sub-interface 23 on the physical interface designated TenGigE 0/1/0/0 would be indicated by TenGigE 0/1/0/0.23.
Before a sub-interface is allowed to pass traffic, it must have a valid tagging protocol encapsulation and VLAN identifier assigned. All Ethernet sub-interfaces always default to the 802.1Q VLAN encapsulation. However, the VLAN identifier must be explicitly defined.
The sub-interface Maximum Transmission Unit (MTU) is inherited from the physical interface with 4 bytes allowed for the 802.1Q VLAN tag.
The following modes of VLAN sub-interface configuration are supported:
Basic dot1q Attachment Circuit
Q-in-Q Attachment Circuit
To configure a basic dot1q Attachment Circuit, use this encapsulation mode:
encapsulation dot1q vlan extra-id
To configure a basic dot1ad Attachment Circuit, use this encapsulation mode:
encapsulation dot1ad vlan-id
To configure a Q-in-Q Attachment Circuit, use the following encapsulation modes:
encapsulation dot1q vlan-id second-dot1q vlan-id
encapsulation dot1ad vlan-id dot1q vlan-id
BVI with Double-Tagged AC— You can configure the attachment circuit (AC) with double-VLAN tag encapsulation on the bridge-group virtual interface (BVI). You must specify the rewrite ingress pop 2 symmetric option when you configure the AC on the BVI with double-VLAN tag encapsulation.
Restrictions and Limitations
To configure VLAN sub-interface, the following restrictions are applicable.
For double tagged packet, the VLAN range is supported only on the inner tag.
VLAN list is not supported.
VLANs separated by comma are called a VLAN list. See the example below.
Router(config)#interface tenGigE 0/0/0/2.0 l2transport Router(config-subif)#encapsulation dot1q 1,2 >> VLAN range with comma Router(config-subif)#commit
If 0x9100/0x9200 is configured as tunneling ether-type, then dot1ad (0x88a8) encapsulation is not supported.
If any sub-interface is already configured under a main interface, modifying the tunneling ether-type is not supported.
You can program a maximum number of 16 virtual MAC addresses on your router.
Following limitations are applicable to both outer and inner VLAN ranges:
32 unique VLAN ranges are supported per system.
The overlap between outer VLAN ranges on sub-interfaces of the same Network Processor Unit (NPU) is not supported. A sub-interface with a single VLAN tag that falls into a range configured on another sub-interface of the same NPU is also considered an overlap.
The overlap between inner VLAN ranges on sub-interfaces of the same NPU is not supported.
Range 'any' does not result in explicit programming of a VLAN range in hardware and therefore does not count against the configured ranges.
Configuring VLAN sub-interface involves:
Creating a Ten Gigabit Ethernet sub-interface
Enabling L2 transport mode on the interface
Defining the matching criteria (encapsulation mode) to be used in order to map ingress frames on an interface to the appropriate service instance
Configuration of Basic dot1q Attachment Circuit
Router# configure Router(config)# interface TenGigE 0/0/0/10.1 l2transport Router(config-if)# encapsulation dot1q 10 exact Router(config-if)# no shutdown
configure interface TenGigE 0/0/0/10.1 l2transport encapsulation dot1q 10 exact ! !
Verify that the VLAN sub-interface is active:
router# show interfaces TenGigE 0/0/0/10.1 ... TenGigE0/0/0/10.1 is up, line protocol is up Interface state transitions: 1 Hardware is VLAN sub-interface(s), address is 0011.1aac.a05a Layer 2 Transport Mode MTU 1518 bytes, BW 10000000 Kbit (Max: 10000000 Kbit) reliability Unknown, txload Unknown, rxload Unknown Encapsulation 802.1Q Virtual LAN, Outer Match: Dot1Q VLAN 10 Ethertype Any, MAC Match src any, dest any loopback not set, ...