Nested VLAN with sub-switch CLI command

The sub-switch command in the Global Configuration Mode provides a convenient way to create a nested VLAN that bridges tagged and untagged frames unaltered on chosen ports of the switch.

Nested VLAN Feature

The nested VLAN feature allows a set of ports on the switch to be combined in a smaller independent switch (a sub-switch). The sub switch leaves the Ethernet frames unchanged from entry to exit, while still providing the correct bridging to the destination. This allows tagged and untagged frames to coexist within the nested VLAN.

The following network can be set up with the sub-switch nested vlan 50 gigabit 0/9-12 command allowing for an example of an untagged path and a nested VLAN 50 path through the switch.

The syntax of the sub-switch command is as follows:

sub-switch

sub-switch

{ [nested] } { vlan } { <vlan-id> } { ([<interface-type> } { <0/a-b,0/c,...>] } { [<interface-type> } { <0/a-b,0/c,...>]) }

Mode

Global Configuration Mode

Parameters

Parameter	Type	Description
`nested`		Enter to select the optional nested VLAN feature.
`vlan`		Enter to set the subnet mask for the configured IP address. The configured subnet mask should be in the same subnet of the network in which the switch is placed
`vlan-id`	Integer	Enter to configure the number of high-order bits in the IP address. These bits are common among all hosts within a network. This value ranges from 1 to 32.
`interface-type <0/a-b, 0/c, ...>`		Enter to set the list of interfaces or a specific interface identifier. This value is a combination of slot number and port number separated by a slash. Use comma as a separator without space while configuring list of interfaces. Example: 0/1,0/3 or 1,3.
`gigabitethernet`		Enter for Gigabitethernet.
`extreme-ethernet`		Enter for Extreme-Ethernet.

Examples

The command below shows an example of nested VLAN 20 path through the switch.

iS5Comm# (config)# sub-switch nested vlan 20 gigabit 0/7-8,0/11-12

Restrictions

Creating a nested VLAN in this way requires that:

the VLAN does not already exist, and
the list of all ports belong only to the default VLAN.

On creation:

the ports will be removed from the default VLAN and added to the new VLAN,
the PVID of all the ports will be set to the VLAN ID, and
the nested VLAN feature will be enabled on all the ports.

The PVID will be restricted to be used only in this VLAN to ensure that there is no mixing with otherVLANs.

Adding or removing ports from the nested VLAN requires that:

the VLAN is deleted
a new nested VLAN is created to ensure that all ports on the port list are in the correct states when the nested VLAN feature is enabled

Note that deleting a nested VLAN will set the PVIDs of all ports back to the default PVID.

In HSR/PRP networks, both tagged and untagged frames can originate from a single redundant node depending on the protocol being used. The nested VLAN feature will allow both types of frames to reach there destinations by coexisting in the same nested VLAN.

A HSR QuadBox has a similar built-in feature to allow tagged and untagged frames through, as shown in the following diagram.