VLAN Subinterfaces

VLANs enable a device to carry multiple discrete broadcast domains, allowing a single switch to function as if it were multiple switches. VLANs are commonly used for network segmentation in the same way that multiple switches can be used: To place hosts on a specific segment, isolated from other segments. Where trunking is employed between switches, devices on the same segment need not reside on the same switch. Devices that support trunking can also communicate on multiple VLANs through a single physical port.

TNSR supports VLANs primarily through subinterfaces, though a variety of VLAN tag rewriting options are available directly on interfaces (Configure Interfaces). Using subinterfaces, TNSR can send and receive VLAN tagged traffic on one or more interfaces. The device to which TNSR is connected must also tag traffic in the same way as TNSR.

TNSR also supports multiple levels of VLAN tagged subinterfaces, commonly known as QinQ or 802.1ad. This is used to transport multiple VLANs inside another VLAN-tagged outer frame. Intermediate equipment only sees the outer tag, and the receiving end can pop off the outer tag and use the multiple networks inside independently as if it had a direct layer 2 connection to those networks. In this way, providers can isolate multiple tenants on the same equipment, allowing each tenant to use whichever VLAN tags they require, or achieve other goals such as using greater than the default limit of 4096 VLANs.

VLAN Subinterface Configuration

A few pieces of information are necessary to create a VLAN subinterface (“subif”):

  • The parent interface which will carry the tagged traffic, e.g. GigabitEthernet3/0/0

    Warning

    This interface must be enabled for a VLAN subinterface to function.

  • The subinterface ID number, which is a positive integer that uniquely identifies this subif on the parent interface. It is commonly set to the same value as the VLAN tag

  • The VLAN tag used by the subif to tag outgoing traffic, and to use for identifying incoming traffic bound for this subif. This is an integer in the range 1-4095, inclusive. This VLAN must also be tagged on the corresponding switch configuration for the port used by the parent interface.

Creating a VLAN Subinterface

The interface subif <parent> <subinterface id> command creates a new subif object with the given identifier. This command enters config-subif mode. That mode contains the following commands:

default:

Default subinterface, will match any traffic that does not match another subinterface on the same parent interface.

exact-match:

Specifies whether to exactly match the VLAN ID and the number of defined VLAN IDs. When this is not set, frames with more VLAN tags will also be matched.

Warning

VLAN subinterfaces with IP addresses must use exact-match; it is optional for unrouted/L2 interfaces.

dot1q <vlan-id>:

The VLAN tag to match for this subinterface.

inner-dot1q (<vlan-id>|any):

An inner 802.1q VLAN tag for use with QinQ

outer-dot1ad <vlan-id>:

An outer 802.1ad VLAN tag for use with QinQ

outer-dot1q <vlan-id>:

An outer 802.1q VLAN tag for use with QinQ

vlan <vlan-id>:

VLAN ID for tag rewriting

Note

Where multiple similar options are present, generally this is for compatibility with other equipment that requires using those specific options. Consult the documentation for the peer device to find out which options it prefers.

After creating the interface, it will be available in TNSR. The name of this interface is composed of the parent interface name and the subif id, joined by a .. For example, TenGigabitEthernet6/0/0.70.

VLAN Subinterface Examples

See also

To see a complete example scenario of using VLAN subinterfaces to forward network traffic from one VLAN to another VLAN, see the Inter-VLAN Routing recipe.

VLAN Example

Before configuring the VLAN subinterface, ensure that the parent interface is enabled:

tnsr(config)# interface TenGigabitEthernet6/0/0
tnsr(config-interface)# enable
tnsr(config-interface)# exit

Create a new subif object. In this example, both the subif id and the 802.1q VLAN tag are the same, 70:

tnsr(config)# interface subif TenGigabitEthernet6/0/0 70
tnsr(config-subif)# dot1q 70
tnsr(config-subif)# exact-match
tnsr(config-subif)# exit

Upon commit, this creates a corresponding subif interface which appears with the parent interface name and the subif id, joined by a .:

tnsr(config)# interface TenGigabitEthernet6/0/0.70
tnsr(config-interface)#

At this point, it behaves identically to regular interface in that it may have an IP address, routing, and so on.

When viewing interface configuration, the VLAN subinterface attributes are also printed, and may optionally be filtered:

tnsr# show interface TenGigabitEthernet6/0/0.70 subif
Interface: TenGigabitEthernet6/0/0.70
    Subif/VLAN: 70
        number of tags: 1
        outer-vlan-id: 70
        flags: exact-match

QinQ Example

This example creates a QinQ subinterface with an inner tag of 100 and an outer tag of 200. The subinterface ID number can be any arbitrary unsigned 32-bit integer, but in this case it makes the purpose more clear to have it match the outer and inner VLAN tags of the subinterface:

tnsr(config)# interface subif GigabitEthernet0/b/0 200100
tnsr(config-subif)# inner-dot1q 100
tnsr(config-subif)# outer-dot1q 200
tnsr(config-subif)# exit
tnsr(config)# exit