Provider bridge commands configure the switch to use IEEE802.1ad stacked VLANs. Service providers use stacked VLANs— in which 801.Q VLAN tags are encapsulated in a second layer of 802.1Q tags (802.1Q-in-Q)— to enable a single VLAN to support customers who have multiple internal VLANs.
Provider bridge commands include data tunneling commands and L2 protocol tunneling commands.
"Data Tunneling Commands"define service instances and apply them to specific ports.
"L2 Protocol Tunneling Commands" enable using Layer 2 protocols across customer networks at different sites that are connected through a service provider network.
Data Tunneling Commands
To enable a VLAN on the switch to be bridged throughout the service provider network, you define service instances. A service instance definition includes the service name, the type of forwarding to use, and QoS information. A service instance is also associated with a unique service VLAN (or SVLAN), which is identified by the service VLAN ID (or S-VID).
The administrator can subscribe individual ports to a service. When a port subscribes to a service, a VLAN is created on the switch (if it does not already exist) and the subscribing port is configured as a participant in the SVLAN. The service provider port (called the Network-to-Network, or NNI, port) is also configured as a participant in the SVLAN in order to transmit and receive upstream/downstream traffic.
A subscription includes match criteria such as the customer VLAN ID, such as C-VID, priority, S-VID. When an incoming packet on UNI-P matches the subscription criteria on the port, the switch adds the service VLAN tag to the packet and, optionally, re-marks the C-VID/removes the C-tag before forwarding/redirecting to the service provider network. When an incoming packet on UNI-S matches the subscription criteria on the port, the switch may remark S-VID and/or remarks C-VID/removes C-tag to the packet before forwarding/redirecting to the service provider network. TEJOS supports up to 4K service subscriptions per switch/port.
When a TLS service is subscribed on a port, then the port's P-VID is set to be the S-VID of the TLS service. The P-VID of the NNI port is set to the Management VLAN. The default management VLAN is 1). Creation and participation behavior of VLANs on the switch is the same for all types of services (TLS, E-LAN, E-Tree, E-Line) of services.
CAUTION: In TEJOS software, VLANs and participation of ports (customer and service provider ports) is configured automatically based on service and subscription configuration. It is recommended that administrators do not create or change VLANs and port VLAN participations on any ports. Manual configuration of VLANs and port participations may result in undefined behavior in the system.
dot1ad mode
This command enables UNI/NNI mode and sets the dot1ad type for an interface or range of interfaces. UNI–P is for a port-based service interface and UNI–S is for a service-based interface. A match based on S–VID/C–VID and C–VID/Priority can be configured on an UNI–S port. A UNI–P port may be configured with C–VID/Priority/ Untagged-based match criteria. Dot1ad services cannot be subscribed on NNI port and switch port. When mode is set to switchport, the port can be used for normal switching/routing traffic.
Default: uni
Format: dot1ad mode {uni-p | uni-s | nni | switchport}
Mode: Interface Config
dot1ad service
This command configures a service of a given type by name. This command allows configuration of the S–VID and NNI port association at the service level. When the service creation is successful, you enter into dot1ad- service mode.
Format: dot1ad service {service-name svid svid {e–lan | e-line | e–tree | tls} [nni port list]}
Mode: Global Config
port-list: NNI port list
service-name: The user-assigned service name.
svid: The service VLAN ID (S-VID).
e-lan | e-line | e-tree | tls: These parameters define the type of traffic associated with this service instance.
e-lan — A switched or general service is one in which the traffic associated with that service is forwarded based on a standard L2 switching lookup using the S-VID and destination MAC as lookups in the FDB. In TEJOS a port can be a member of multiple E-LAN services. If a switched service is assigned to multiple UNI ports, those ports will be able to forward traffic to each other as well as to the NNI ports. The same E-LAN service can also be applied on UNI-P and UNI-S ports.
e-line — The <e-line>parameter creates a point-to-point service, in which traffic is forwarded directly to the NNI port in the upstream direction and to the associated UNI port in the downstream direction. An e-line service bypasses the standard VLAN/MAC-based switching decisions, including the source MAC learning. Be default, TEJOS does not learn traffic belonging to the e-line service. An e-line service-instance defines a point-to-point service in which only one UNI-P or UNI-S port participates.
NOTE: It is important to note that downstream broadcast and multicast traffic will still be redirected to the associated UNI port participating in the e-line service.
e-tree — The <e-tree>parameter creates a point-to-multipoint service in which the traffic associated with that service is forwarded directly to the NNI port in the upstream direction and direct to the associated UNI port(s) in the downstream direction. If an e-tree service instance is applied to multiple UNI ports, it becomes a point-to-multipoint service in which the participating user ports are still isolated from each other.
NOTE: It is important to note that downstream broadcast, multicast, and unknown destination (DLF) traffic will still be forwarded (replicated) to all ports participating in the e-tree service.
tls (Transparent LAN Service). Administrators can configure a TLS on UNI-P and UNI-S ports. A Transparent LAN service is used to connect the remote sites of a customer with C-Tag transparency. There are no match criteria for a TLS.
If no TLS service is configured on an UNI-P port, all packets not matching any of the service instances configured on the ports will be dropped. If a TLS service is configured, then all packets not matching the other service instances on that port will be tagged as per the TLS definition on that port. TLS service defined by the user will be used by Untagged, Priority Tagged, and C-VLAN tagged packets which do not match any other service instances on the port.
If a TLS service is configured on an UNI-S port, service VLAN tagged (including double tagged) frames that do not match other service instances on the port will be forwarded to appropriate NNI port(s) based on the S-VID associated with the service without any VLAN modification. Untagged and priority tagged packets that do not match other service instances on the port will be dropped.
dot1ad service
Format: no dot1ad service service-name
Mode: Global Config
subscribe match untagged–pkt
Use this command to configure the match VLAN assignment for untagged packets (UNI–P ports only) on an interface or range of interfaces. Upstream traffic goes to configured NNI ports based on a switching or redirection action, depending upon the service subscribed for.
Format: subscribe <service-name> <subscription-name> match untagged–pkt [assign–cvid <cvid>] [nni <port-list>]
Mode: Interface Config
mo subscribe match untagged–pkt
Use the no form of the command to unsubscribe the untagged packets.
Format: subscribe <service-name> <subscription-name> match untagged–pkt [assign–cvid <cvid>] [nni <port-list>]
Mode: Interface Config
subscribe match priority
Use this command to configure the VLAN assignment criteria for priority tagged packets on an interface or range of interfaces. Upstream traffic goes to configured NNI ports based on a switching or redirection action, depending upon the service subscribed for.
Format: subscribe <service-name> <subscription-name> match priority pri [assign–cvid <cvid>] [nni <port-list>]
Mode: Interface Config
subscribe match cvid
Use this command to configure the match VLAN assignment criteria for C–tagged packets. Upstream traffic goes to configured NNI ports based on a switching or redirection action, depending upon the service subscribed for. This command is applicable only on UNI–P ports.
Use this command to configure the match VLAN assignment criteria for C–tagged packets based on both C–VID and, optionally, the Priority value in the C–tag. Upstream traffic goes to configured NNI ports based on switching or redirection action depending upon the service subscribed for. This command is applicable only on UNI–P ports.
Format: subscribe <service-name><subscription-name> match cvid <cvid> [priority pri [[remark–cvid] <cvid>] | [remove–ctag]] [nni <port-list>]
Mode: Interface Config
subscribe match svid
Use this command to configure the match VLAN assignment criteria for single S–tagged packets. Upstream traffic goes to configured NNI ports based on a switching or redirection action, depending upon the service subscribed for.
Format: subscribe <service-name><subscription-name> match svid <svid> [nni <port-list>]
Mode: Interface Config
subscribe match svid cvid
Use this command to configure the match VLAN assignment criteria for double–tagged packets. Upstream traffic goes to configured NNI ports based on a switching or redirection action, depending upon the service subscribed for.
Use this command to subscribe for a TLS service on the port. Upstream traffic goes to configured NNI ports based on a switching decision.
Format: subscribe service-name subscription-name
Mode: Interface Config
show dot1ad service
Use this command to display the specified service or all the services information (i.e. service name, service type and the S–VID) configured on the CPE.
Format: show dot1ad service [[service-name] [unit/slot/port]]
Mode: Privileged EXEC
show dot1ad service-subscription
This command output shows all the services subscribed on the given LAN interfaces.
Format: show dot1ad service-subscription{<unit/slot/port> | all | service-name}
Mode: Privileged EXEC
The display parameters for above command are:
unit/slot/port: Shows all subscriptions on the specified unit/slot/port.
all: Shows subscriptions to all services.
service-name: Shows all subscriptions to the specified service name.
e-lan | e-line | e-tree | tls:
These parameters define the type of traffic associated with this service instance.
e-lan — A switched or general service is one in which the traffic associated with that service is forwarded based on a standard L2 switching lookup using the S-VID and destination MAC as lookups in the FDB. In TEJOS a port can be a member of multiple E-LAN services. If a switched service is assigned to multiple UNI ports, those ports will be able to forward traffic to each other as well as to the NNI ports. The same E-LAN service can also be applied on UNI-P and UNI-S ports.
e-line — The e-line>parameter creates a point-to-point service, in which traffic is forwarded directly to the NNI port in the upstream direction and to the associated UNI port in the downstream direction. An e-line service bypasses the standard VLAN/MAC- based switching decisions, including the source MAC learning. Be default, TEJOS does not learn traffic belonging to the e-line service. An e-line service-instance defines a point-to-point service in which only one UNI-P or UNI-S port participates.
NOTE: It is important to note that downstream broadcast and multicast traffic will still be redirected to the associated UNI port participating in the e-line service.
e-tree — The <e-tree> parameter creates a point-to-multipoint service in which the traffic associated with that service is forwarded directly to the NNI port in the upstream direction and direct to the associated UNI port(s) in the downstream direction. If an e-tree service instance is applied to multiple UNI ports, it becomes a point-to-multipoint service in which the participating user ports are still isolated from each other.
NOTE: It is important to note that downstream broadcast, multicast, and unknown destination (DLF) traffic will still be forwarded (replicated) to all ports participating in the e-tree service.
tls (Transparent LAN Service): Administrators can configure a TLS on UNI-P and UNI-S ports. A Transparent LAN service is used to connect the remote sites of a customer with C-Tag transparency. There are no match criteria for a TLS.
If no TLS service is configured on an UNI-P port, all packets not matching any of the service instances configured on the ports will be dropped. If a TLS service is configured, then all packets not matching the other service instances on that port will be tagged as per the TLS definition on that port. TLS service defined by the user will be used by Untagged, Priority Tagged, and C-VLAN tagged packets which do not match any other service instances on the port.
If a TLS service is configured on an UNI-S port, service VLAN tagged (including double tagged) frames that do not match other service instances on the port will be forwarded to appropriate NNI port(s) based on the S-VID associated with the service without any VLAN modification. Untagged and priority tagged packets that do not match other service instances on the port will be dropped.
L2 Protocol Tunneling Commands
Layer 2 tunneling can be used to extend a network to remote sites across a service provider network. These commands configure layer 2 tunneling on switch interfaces. To configure L2 protocol tunneling on an interface, you configure it as 802.1ad network-to-network interface (NNI) or user-to-network interface (UNI). Then, you configure the action (tunnel, terminate, discard, or discard- shutdown) the interface takes when it receives a PDU with a specified combination of a destination reserved MAC address and a protocol ID. If the interface is configured to tunnel the protocol/MAC address PDUs, then it appropriately tags the packet with a service definition (S-tag) and optionally with the customer’s VLAN ID (C-tag), and forwards it to the NNI port.
dot1ad l2tunnel
This command configures an action (tunnel or terminate) for the given reserved MAC address on a particular service.
NOTE: All reserved MAC addresses in the range 01:80:C2:00:00:00 to 01:80:C2:00:00:3F are configured with the 'terminate' action by default. When a reserved MAC is configured with the 'terminate' action, it is not visible under any ‘show’ or ‘show running config’ commands.
protocol-id: The protocol ID field that has to be matched in the ingress packet to perform protocol tunnelling. Protocol-id range is from 0x0001 to 0xffff.
reserved-mac: The destination mac-address field in the ingress packet that has to be matched for which the protocol tunneling needs to be configured. MAC address range is from 01:80:c2:00:00:00 to 01:80:c2:00:00:3F.
tunnel |terminate |discard [shutdown]: The action to be taken on any packets that match the MAC-address/protocol-id combination.
tunnel—The packet is double-tagged with the service definition (S-VID) and customer VLAN ID (C-VID) and the packet is forwarded to the NNI port based on the S-VID. This action is taken whether or not the protocol has been enabled on the interface.
terminate—If the protocol has been enabled on the interface, then the control PDU is handed to the protocol processing application. If the protocol has not been enabled,then the control packet is dropped.
discard [shutdown] —The packet is discarded, regardless of whether the protocol is enabled on the interface. Use the optional shutdown keyword to shut down the interface and generate an SNMP trap.
vlan id: The service VLAN ID.
no dot1ad l2tunnel
This command removes any dot1ad protocol processing from the port.
Format: no dot1ad l2tunnel {vlan<vlan id> MAC-address reserved MAC protocol-id proto-id}
Mode: Global Config
show dot1ad mode
This command displays the port-type (UNI-P, UNI-S, NNI, or switch port).
Format: show dot1ad mode {all | <unit/slot/port>}
Mode: Privileged EXEC
show dot1ad l2tunnel
This command display the L2 reserved MAC filtering configuration.
