11-5
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 11 Configuring VLANs Understanding VLANs
For more detailed definitions of access and trunk modes and their functions, see Table 11-4 on
page 11-15.
When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port
on a per-VLAN basis. For more information, see the “Managing the MAC Address Table” section on
page 5-20.
UNI-ENI VLANs
The Cisco ME switch is the boundary between customer networks and the service-provider network,
with user network interfaces (UNIs) and enhanced interface interfaces (ENIs) connected to the customer
side of the network. When customer traffic enters or leaves the service-provider network, the customer
VLAN ID must be isolated from other customers’ VLAN IDs. You can achieve this isolation by se veral
methods, including using private VLANs. On the Cisco ME switch, this isolation occurs by default by
using UNI-ENI VLANs.
Tab le 11-1 Port Membership Modes
Membership Mode VLAN Membership Characteristics
Static-access A static-access port can belong to one VLAN and is manually assigned to that VLAN.
For more information, see the “Assigning Static-Access Ports to a VLAN” section on page 11-11.
Trunk (IEEE 802.1Q) A trunk port is a member of all VLANs by default, including extended-range VLANs, but
membership can be limited by configuring the allowed-VLAN list.
For information about configuring trunk ports, see the “Configuring an Ethernet Interface as a
Trunk Port” section on page 11-16.
Dynamic-access A dynamic-access port can belong to one VLAN (VLAN ID 1 to 4094) and is dynamically
assigned by a VMPS. The VMPS can be a Catalyst 5000 or Catalyst 6500 series switch, for
example, but never a Cisco ME 3400 Ethernet Access switch. The Cisco ME 3400 switch is a
VMPS client.
Note Only UNIs or ENIs can be dynamic-access ports.
You can have dynamic-access ports and trunk ports on the same switch, but you must connect t he
dynamic-access port to an end station or hub and not to another switch.
For configuration information, see the “Configuring Dynamic-Access Ports on VMPS Clients”
section on page 11-26.
Private VLAN A private VLAN port is a host or promiscuous port that belongs to a private VLAN primary or
secondary VLAN. Only NNIs can be configured as promiscuous ports.
For information about private VLANs, see Chapter 12, “Configuring Private VLANs.”
Tunnel
(dot1q-tunnel)Tunnel ports are used for IEEE 802.1Q tunneling to maintain customer VLAN integrity across a
service-provider network. You configure a tunnel port on an edge switch in the service-provider
network and connect it to an IEEE 802.1Q trunk port on a customer interface, creating an
assymetric link. A tunnel port belongs to a single VLAN that is dedicated to tunneling.
Tunneling is supported only when the switch is running the metro access or metro IP access image.
For more information about tunnel ports, see Chapter 13, “Configuring IEEE 802.1Q and Layer 2
Protocol Tunneling.”