Published On: April 12ᵗʰ, 2021 06:01

VLAN Configuration Guide, Cisco IOS XE Amsterdam 17.3.x (Catalyst 9500 Switches)

Contents

This module describes how to configure the dot1q VLAN subinterfaces on a Layer 3 interface, which forwards IPv4 and IPv6 packets to another device using static or dynamic routing protocols. You can use Layer 3 interfaces for IP routing and inter-VLAN routing of Layer 2 traffic.

Restrictions for Configuring Layer 3 Subinterfaces

  • Subinterfaces are not supported on StackWise Virtual Link.

  • Subinterfaces with Software-Defined Access (SD-Access) is not supported.

  • Do not configure more than 4,000 Layer 3 interfaces, that includes routed physical interfaces, SVI interfaces and subinterfaces.

  • A maximum of 1000 SVI interfaces is supported.

  • Do not configure encapsulation on the native VLAN of an IEEE 802.1Q trunk without the native keyword. Always use the native keyword of the dot1q vlan command when the VLAN ID is the ID of the IEEE 802.1Q native VLAN.

  • If you configure normal-range VLANs on subinterfaces, you cannot change the VLAN Trunking Protocol (VTP) mode from Transparent.

  • If a Layer 3 port has a subinterface configured with dot1q as the native VLAN, Cisco recommends not to configure routing related configuration on the Layer 3 port as it will hinder the functionality of the native VLAN subinterface.

Information About Layer 3 Subinterfaces

A dot1q VLAN subinterface is a virtual Cisco IOS interface that is associated with a VLAN ID on a routed physical interface. A parent interface is a physical port. Subinterfaces can be created on Layer 3 physical interfaces and Layer 3 port channels. A subinterface can be associated with different functionalities such as IP addressing, forwarding policies, Quality of Service (QoS) policies, and security policies.

Subinterfaces divide the parent interface into two or more virtual interfaces on which you can assign unique Layer 3 parameters such as IP addresses and dynamic routing protocols. The IP address for each subinterface should be in a different subnet from any other subinterface on the parent interface.

You can create a subinterface with a name that consists of the parent interface name (for example, HundredGigabitEthernet 1/0/33) followed by a period and then by a number that is unique for that subinterface. For example, you can create a subinterface for HundredGigabitEthernet interface 1/0/33 named HundredGigabitEthernet 1/0/33.1, where .1 indicates the subinterface.

One of the uses of subinterfaces is to provide unique Layer 3 interfaces to each VLAN that is supported by the parent interface. In this scenario, the parent interface connects to a Layer 2 trunking port on another device. You can configure a subinterface and associate the subinterface to a VLAN ID using 802.1Q trunking.

You can configure subinterfaces with any normal range or extended range VLAN ID in VLAN Trunking Protocol (VTP) transparent mode. Because VLAN IDs 1 to 1005 are global in the VTP domain and can be defined on other network devices in the VTP domain, you can use only extended range VLANs with subinterfaces in VTP client or server mode. In VTP client or server mode, normal-range VLANs are excluded from subinterfaces.

Use bridge groups on VLAN interfaces (also called fall-back bridging) to bridge nonrouted protocols. Bridge groups on VLAN interfaces are supported on the route processor (RP) software.

You can configure the same VLAN ID on a Layer 2 VLAN or Layer 3 VLAN interface and on a Layer 3 subinterface.

The following features and protocols are supported on Layer 3 subinterfaces:

  • Addressing and routing: IPv4 and IPv6.

  • Unicast routing: Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Routing Information Protocol (RIP), Border Gateway Protocol (BGP), and static routing.

  • Multicast routing: Internet Group Management Protocol (IGMP), Protocol-Independent Multicast Sparse Mode (PIM-SM), Source Specific Multicast (SSM), and Multiprotocol Label Switching (MPLS).

  • First-Hop Redundancy Protocol (FHRP) protocols: Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP).

  • Bidirectional Forwarding Detection (BFD), Unicast Reverse Path Forwarding (uRPF), and Equal-Cost Multipath (ECMP).

  • Maximum transmission unit (MTU) and IPv4 fragmentation.

  • Virtual routing and forwarding (VRF) lite.

  • Router access control list and policy-based routing (PBR).

  • Quality of Service (QoS): Marking and policing.

  • Services: Network Address Translation (NAT) IPv4, Security Group Access Control List (SGACL) enforcement, DHCP Server/Relay, SGT Exchange Protocol (SXP), and NetFlow.

  • Layer 3 EtherChannels.

How to Configure Layer 3 Subinterfaces

You can configure one or more subinterfaces on a routed interface. Configure the parent interface as a routed interface by using the no switchport command . The parent interface can have its own IP address, policies, and configurations attached to it. Untagged traffic and any tagged traffic or VLAN (not handled by the subinterface) that comes into the port are handled by the parent interface.

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface {type switch / slot / port.subinterface}

Example:

Device(config)# interface HundredGigabitEthernet 1/0/33.201

Or

Device(config)# interface range 
HundredGigabitEthernet1/0/33.201-
HundredGigabitEthernet1/0/33.204

Selects an interface or interface range and enters subinterface configuration mode. (To remove an interface, use the no form of this command.)

  • You can also specify a range of interfaces along with the associated dot1q VLAN IDs as shown in this example.

Step 4

encapsulation dot1q vlan-id [native]

Example:

Device(config-subif)# encapsulation dot1q 201 native

Configures 802.1Q encapsulation for the subinterface. The range is from 1 to 4000. (To remove 802.1Q encapsulation for the subinterface, use the no form of this command.)

  • native: To make a subinterface the default handler of untagged packets coming to the port, use this keyword. If you configure this keyword on the subinterface, and IP and other configurations are also configured on the parent interface, this keyword overwrites the configurations on the parent interface. Configure either this keyword on the subinterface or the configurations on the parent interface at a time.

Note 

shutdown and no shutdown commands can be used to shutdown or reverse the shutdown on a specific subinterface without affecting the traffic passing through the parent interface or other subinterfaces.

Step 5

end

Example:

Device(config-subif)# end

Exits subinterface mode and returns to privileged EXEC mode.

Example: Configuring Layer 3 Subinterfaces

The following example shows how to configure subinterfaces on layer 3 interfaces:

Device> enable
Device# configure terminal
Device(config)# interface HundredGigabitEthernet 1/0/33
Device(config-if)# no switchport
Device(config-if)# no ip address
Device(config-if)# exit
Device(config)# interface HundredGigabitEthernet 1/0/33.201
Device(config-subif)# encapsulation dot1q 201 native
Device(config-subif)# end


The following example shows how to configure subinterfaces on layer 3 port channels:

Device> enable
Device# configure terminal
Device(config)# interface port-channel 2
Device(config-if)# no switchport
Device(config-if)# no ip address
Device(config-if)# exit
Device(config)# interface port-channel 2.10
Device(config-subif)# encapsulation dot1q 10
Decvice(config-subif)# ip address 10.10.10.11 255.255.255.0
Device(config-subif)# end


Feature Information for Layer 3 Subinterfaces

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Layer 3 Subinterfaces

Feature Name

Releases

Feature Information

Layer 3 Subinterfaces

Cisco IOS XE Gibraltar 16.10.1

Layer 3 interfaces forward IPv4 and IPv6 packets to another device using static or dynamic routing protocols. You can use Layer 3 interfaces for IP routing and inter-VLAN routing of Layer 2 traffic.

This feature was introduced on Cisco Catalyst 9500 Series High Performance Switches.

Layer 3 Subinterfaces

Cisco IOS XE Gibraltar 16.12.1

This feature was introduced on Cisco Catalyst 9500 Series Switches.

EtherChannel and Multiprotocol Label Switching

Cisco IOS XE Gibraltar 16.12.1

These features were introduced on Layer 3 subinterfaces.