Understanding Layer 2 Interfaces

Layer 2 logical interfaces are created by defining one or more logical units on a physical interface with the family address type bridge. If a physical interface has a bridge family logical interface, it cannot have any other family type in its logical interfaces. A logical interface can be configured in one of the following modes:

• Access mode—Interface accepts untagged packets, assigns the specified VLAN identifier to the packet, and forwards the packet within the bridge domain that is configured with the matching VLAN identifier.
• Trunk mode—Interface accepts any packet tagged with a VLAN identifier that matches a specified list of VLAN identifiers. Trunk mode interfaces are generally used to interconnect switches. To configure a VLAN identifier for untagged packets received on the physical interface, use the native-vlan-id option. If the native-vlan-id option is not configured, untagged packets are dropped.

  Tagged packets arriving on a trunk mode interface can be rewritten or “retagged” with a different VLAN identifier. This allows incoming packets to be selectively redirected to a firewall or other security device. For more information, see Understanding VLAN Retagging.

Note: Multiple trunk mode logical interfaces can be defined, as long as the VLAN identifiers of a trunk interface do not overlap with those of another trunk interface. The native-vlan-id must belong to a VLAN identifier list configured for a trunk interface.

Related Topics

• Configuring Layer 2 Logical Interfaces