9-4
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 9 Configuring Interfaces
Understanding Interface Types
For detailed information about configuring access port and trunk port characteristics, see Chapter 11,
“Configuring VLANs.” For more information about tunnel ports, see Chapter 13, “Configuring IEEE
802.1Q and Layer 2 Protocol Tunneling.”
Access Ports
An access port belongs to and carries the traffic of only one VLAN. Traffic is received and sent in native
formats with no VLAN tagging. Traffic arriving on an access port is assumed to belong to the VLAN
assigned to the port. If an access port receives an IEEE 802.1Q tagged packet, the packet is dropped, and
the source address is not learned. IEEE 802.1x can also be used for VLAN assignment.
Two types of access ports are supported:
Static access ports are manually assigned to a VLAN.
VLAN membership of dynamic access ports is learned through incoming packets. By default, a
dynamic access port is a member of no VLAN, and forwarding to and from the port is enabled only
when the VLAN membership of the port is discovered. UNIs begin forwarding packets as soon as
they are enabled. Dynamic access ports on the switch are assigned to a VLAN by a VLAN
Membership Policy Server (VMPS). The VMPS can be a Catalyst 6500 series switch; the Cisco ME
switch cannot be a VMPS server. Dynamic access ports for VMPS are only supported on UNIs and
ENIs.
Trunk Ports
An IEEE 802.1Q trunk port carries the traffic of multiple VLANs and by default is a member of all
VLANs in the VLAN database. A trunk port supports simultaneous tagged and untagged traffic. An
IEEE 802.1Q trunk port is assigned a default Port VLAN ID (PVID), and all untagged traffic travels on
the port default PVID. All untagged traffic and tagged traffic with a NULL VLAN ID are assumed to
belong to the port default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is
sent untagged. All other traffic is sent with a VLAN tag.
Although by default a trunk port is a member of multiple VLANs, you can limit VLAN membership by
configuring an allowed list of VLANs for each trunk port. The list of allowed VLANs does not affect
any other port but the associated trunk port. By default, all possible VLANs (VLAN ID 1 to 4094) are
in the allowed list. A trunk port can become a member of a VLAN only if the VLAN is in the enabled
state.
For more information about trunk ports, see Chapter 11, “Configuring VLANs.”
Tunnel Ports
Tunnel ports are used in IEEE 802.1Q tunneling to segregate the traffic of customers in a
service-provider network from other customers who are using the same VLAN number. You configure
an asymmetric link from a tunnel port on a service-provider edge switch to an IEEE 802.1Q trunk port
on the customer switch. Packets entering the tunnel port on the edge switch, already
IEEE 802.1Q-tagged with the customer VLANs, are encapsulated with another layer of an IEEE 802.1Q
tag (called the metro tag), containing a VLAN ID unique in the service-provider network, for each
customer. The double-tagged packets go through the service-provider network keeping the original
customer VLANs separate from those of other customers. At the outbound interface, also a tunnel port,
the metro tag is removed, and the original VLAN numbers from the customer network are retrieved.