VLANs enable a device to carry multiple discrete broadcast domains, allowing a single switch to function as if it were multiple switches. VLANs are commonly used for network segmentation in the same way that multiple switches can be used: To place hosts on a specific segment, isolated from other segments. Where trunking is employed between switches, devices on the same segment need not reside on the same switch. Devices that support trunking can also communicate on multiple VLANs through a single physical port.
TNSR supports VLANs primarily through subinterfaces, though a variety of VLAN tag rewriting options are available directly on interfaces (Configure Interfaces). Using subinterfaces, TNSR can send and receive VLAN tagged traffic on one or more interfaces. The device to which TNSR is connected must also tag traffic in the same way as TNSR.
TNSR also supports multiple levels of VLAN tagged subinterfaces, commonly known as QinQ or 802.1ad. This is used to transport multiple VLANs inside another VLAN-tagged outer frame. Intermediate equipment only sees the outer tag, and the receiving end can pop off the outer tag and use the multiple networks inside independently as if it had a direct layer 2 connection to those networks. In this way, providers can isolate multiple tenants on the same equipment, allowing each tenant to use whichever VLAN tags they require, or achieve other goals such as using greater than the default limit of 4096 VLANs.
VLAN Subinterface Configuration¶
A few pieces of information are necessary to create a VLAN subinterface (“subif”):
The parent interface which will carry the tagged traffic, e.g.
The subinterface ID number, which is a positive integer that uniquely identifies this subif on the parent interface. It is commonly set to the same value as the VLAN tag
The VLAN tag used by the subif to tag outgoing traffic, and to use for identifying incoming traffic bound for this subif. This is an integer in the range
1-4095, inclusive. This VLAN must also be tagged on the corresponding switch configuration for the port used by the parent interface.
Creating a VLAN Subinterface¶
interface subif <parent> <subinterface id> command creates a new subif
object with the given identifier. This command enters
That mode contains the following commands:
Default subinterface, will match any traffic that does not match another subinterface on the same parent interface.
Specifies whether to exactly match the VLAN ID and the number of defined VLAN IDs. When this is not set, frames with more VLAN tags will also be matched.
VLAN subinterfaces with IP addresses must use
exact-match; it is optional for unrouted/L2 interfaces.
- dot1q (<vlan-id>|any)
The VLAN tag to match for this subinterface.
- inner-dot1q (<vlan-id>|any)
An inner 802.1q VLAN tag for use with QinQ
- outer-dot1ad (<vlan-id>|any)
An outer 802.1ad VLAN tag for use with QinQ
- outer-dot1q (<vlan-id>|any)
An outer 802.1q VLAN tag for use with QinQ
- vlan <vlan-id>
VLAN ID for tag rewriting
Where multiple similar options are present, generally this is for compatibility with other equipment that requires using those specific options. Consult the documentation for the peer device to find out which options it prefers.
After creating the interface, it will be available in TNSR. The name of this
interface is composed of the parent interface name and the subif id, joined by a
.. For example,
VLAN Subinterface Examples¶
To see a complete example scenario of using VLAN subinterfaces to forward network traffic from one VLAN to another VLAN, see the Inter-VLAN Routing recipe.
First, create a new subif object. In this example, both the subif id and the
802.1q VLAN tag are the same,
tnsr(config)# interface subif TenGigabitEthernet6/0/0 70 tnsr(config-subif)# dot1q 70 tnsr(config-subif)# exact-match tnsr(config-subif)# exit
Upon commit, this creates a corresponding subif interface which appears with the
parent interface name and the subif id, joined by a
tnsr(config)# interface TenGigabitEthernet6/0/0.70 tnsr(config-interface)#
At this point, it behaves identically to regular interface in that it may have an IP address, routing, and so on.
When viewing interface configuration, the VLAN subinterface attributes are also printed, and may optionally be filtered:
tnsr# show interface TenGigabitEthernet6/0/0.70 subif Interface: TenGigabitEthernet6/0/0.70 Subif/VLAN: 70 number of tags: 1 outer-vlan-id: 70 flags: exact-match
This example creates a QinQ subinterface with an inner tag of
100 and an
outer tag of
200. The subinterface ID number can be any arbitrary unsigned
32-bit integer, but in this case it makes the purpose more clear to have it
match the outer and inner VLAN tags of the subinterface:
tnsr(config)# interface subif GigabitEthernet0/b/0 200100 tnsr(config-subif)# inner-dot1q 100 tnsr(config-subif)# outer-dot1q 200 tnsr(config-subif)# exit tnsr(config)# exit