Setup Guide
Figure 146. Tagged Frame Format
The tag header contains some key information that the system uses:
• The VLAN protocol identier identies the frame as tagged according to the IEEE 802.1Q specications (2 bytes).
• Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved.
NOTE: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1,518 bytes as
specied in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame
size.
Information contained in the tag header allows the system to prioritize trac and to forward information to ports associated with a specic
VLAN ID. Tagged interfaces can belong to multiple VLANs, while untagged interfaces can belong only to one VLAN.
Conguration Task List
This section contains the following VLAN conguration tasks.
• Creating a Port-Based VLAN (mandatory)
• Assigning Interfaces to a VLAN (optional)
• Assigning an IP Address to a VLAN (optional)
• Enabling Null VLAN as the Default VLAN
Enabling Null VLAN as the Default VLAN
In a Carrier Ethernet for Metro Service environment, service providers who perform frequent recongurations for customers with changing
requirements occasionally enable multiple interfaces, each connected to a dierent customer, before the interfaces are fully congured.
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able
to access each other's networks. The system has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are
placed into it by default, so even if you activate the physical ports of multiple customers, no trac is allowed to traverse the links until each
port is place in another VLAN.
To enable Null VLAN, use the following command.
• Disable the default VLAN, so that all ports belong to the Null VLAN until congured as a member of another VLAN.
CONFIGURATION mode
default-vlan disable
Default: the default VLAN is enabled (no default-vlan disable).
Assigning an IP Address to a VLAN
VLANs are a Layer 2 feature. For two physical interfaces on dierent VLANs to communicate, you must assign an IP address to the VLANs
to route trac between the two interfaces.
The shutdown command in INTERFACE mode does not aect Layer 2 trac on the interface; the shutdown command only prevents
Layer 3 trac from traversing over the interface.
1072
Virtual LANs (VLANs)