Cisco Systems ME3400G2CSA UNI VLANs

11-5

Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide

78-17058-01

Chapter11 Configuring VLANs Understanding VLANs

For more detailed definitions of access and trunk modes and their functions, se e Table 11-4 on

page 11-15.

When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port

on a per-VLAN basis. For more information, see the “Managing th e MAC Address Table” section on

page 5-19.

UNI VLANs

The Cisco ME switch is the boundary between customer ne tworks and t he se rv ice-p rovider ne twork ,

with user network interfaces (UNIs) connected to the cust omer side of th e netwo rk. W he n c usto me r

traffic enters or leaves the service-provider network, the customer VLAN ID mus t be isolated from other

customers’ VLAN IDs. You can achieve this isolation by several methods, including using private

VLANs. On the Cisco ME switch, this isolation occurs by default by using UNI VLANs.

There are two types of UNI VLANs:

•UNI isolated VLAN—This is the default VLAN state for all VLANs created on the switch. Local

switching does not occur among UNIs on the switch that belong to the same UNI isolated VLAN.

This configuration is designed for cases when different customers are connected to UNIs on the

same switch. However, switching is allowed among UNIs on different switches even though they

belong to the same UNI isolated VLAN.

Dynamic-access A dynamic-access port can belong to one VLAN (VLAN ID 1 t o 4094 ) an d is dyn am ica lly

assigned by a VMPS. The VMPS can be a Catalyst 5000 or Catalyst 6500 series swi tch, f or

example, but never a Cisco ME 3400 Ethernet Access switch. The Cisco ME 3400 swit ch i s a

VMPS client.

Note Only UNIs can be dynamic-access ports.

You can have dynamic-access ports and trunk ports on the same switch, but you must connect the

dynamic-access port to an end station or hub and not to anoth er swi tch .

For configuration information, see the “Configuring Dynamic-Access Ports on VMPS Clients”

section on page 11-26.

Private VLAN A private VLAN port is a host or promiscuous port that belongs to a private VLAN p rima ry o r

secondary VLAN. Only NNIs can be configured as promiscuous ports.

For information about private VLANs, see Chapter 12, “Configuring Private VLANs.”

Tunnel

(dot1q-tunnel)Tunnel ports are used for IEEE 802.1Q tunneling to maintain customer VLA N in tegrity acr oss a

service-provider network. You configure a tunnel port on an edge switch in the service- pr ovider

network and connect it to an IEEE 802.1Q trunk port on a customer interface, creating an

assymetric link. A tunnel port belongs to a single VLAN that is dedicated to tunneling.

Tunneling is supported only when the switch is running the metro access or metro IP access image.

For more information about tunnel ports, see Chapter 13, “Configuring IEEE 802.1Q and Lay er 2

Protocol Tunneling.”

Table11-1 Port Membership Modes (continued)

Membership Mode VLAN Membership Characteristics