IEEE 802.

1ad Support on Provider Bridges

First Published: April 19, 2010

Last Updated: May 26, 2011

Service provider bridges (also called provider bridges) allow switches in a service provider network to
transparently carry a customer’s Layer 2 control frames, such as Spanning Tree Protocol (STP) bridge
protocol data units (BPDUs) or Cisco Discovery Protocol frames, separate from the service provider’s
traffic and from other customer traffic in the service provider’s network. User network interface (UNI)
ports of a provider bridge interface with customer devices and have a specific set of requirements defined
by the IEEE 802.1ad standard. These requirements enable provider bridges to have the same
functionality as Layer 2 protocol tunneling (L2PT) and Q-in-Q (QnQ) bridges.
This document describes the IEEE 802.1ad implementation on Cisco switches using Layer 2
switch ports.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release. To find information
about the features documented in this module, and to see a list of the releases in which each feature is
supported, see the “Feature Information for IEEE 802.1ad Support on Provider Bridges” section on page 13.
Use Cisco Feature Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on
Cisco.com is not required.

Contents
• Restrictions for IEEE 802.1ad Support on Provider Bridges, page 2
• Information About IEEE 802.1ad Support on Provider Bridges, page 2
• How to Configure IEEE 802.1ad Support on Provider Bridges, page 8

Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
 IEEE 802.1ad Support on Provider Bridges
Restrictions for IEEE 802.1ad Support on Provider Bridges

• Additional References, page 11

• Additional References, page 11
• Feature Information for IEEE 802.1ad Support on Provider Bridges, page 13
• Glossary, page 14

Restrictions for IEEE 802.1ad Support on Provider Bridges

• The IEEE 802.1ad Support on Provider Bridges feature is not supported on the Cisco ME3400
series switch.

Information About IEEE 802.1ad Support on Provider Bridges

• Service Provider Bridges, page 2
• MAC Addresses for Layer 2 Protocols, page 4
• IEEE 802.1ad Support on Provider Bridges Feature, page 5

Service Provider Bridges

Provider bridges pass the network traffic of many customers, and each customer’s traffic flow must be
isolated from one another. For Layer 2 protocols within customer domains to function properly,
geographically separated customer sites must appear to be connected via a LAN, and the provider
network must be transparent.
The IEEE has reserved 33 Layer 2 MAC addresses for customer devices operating Layer 2 protocols. If
a provider bridge uses these standard MAC addresses for its Layer 2 protocols, the customers’ and
service provider’s Layer 2 traffic will be mixed together. Provider bridges solve this traffic-mixing issue
by providing Layer 2 protocol data unit (PDU) tunneling for customers using a provider bridge
(S-bridge) component and a provider edge bridge (C-bridge) component. Figure 1 shows the topology.

2
 IEEE 802.1ad Support on Provider Bridges
Information About IEEE 802.1ad Support on Provider Bridges

Figure 1 Layer 2 PDU Tunneling

E-type 88A8, VLAN 999 E-type 88A8, VLAN 999 E-type 88A8, VLAN 999

CE-1 PE-1 PE-2 CE-2

8100 - 10 88a8 - 999 8100 - 10 8100 - 10

8100 - 20 88a8 - 999 8100 - 20 8100 - 20

207502
Native Frame 88a8 - 999 Native Frame Native Frame

S-Bridge Component
The S-bridge component is capable of inserting or removing a service provider VLAN (S-VLAN) for all
traffic on a particular port. IEEE 802.1ad adds a new tag called a Service tag (S-tag) to all ingress frames
from the customer to the service provider.
The VLAN in the S-tag is used for forwarding the traffic in the service provider network. Different
customers use different S-VLANs, which results in each customer’s traffic being isolated. In the S-tag,
provider bridges use an Ethertype value different than the standard 802.1Q Ethertype value, and they do
not understand the standard Ethertype. This difference makes customer traffic tagged with the standard
Ethertype appear as untagged in the provider network so customer traffic is tunneled in the port VLAN
of the provider port. 802.1ad service provider user network interfaces (S-UNIs) and network-network
interfaces (NNIs) implement the S-bridge component.
For example, a VLAN tag has a VLAN ID of 1, the C-tag Ethertype value is 8100 0001, the S-tag
Ethertype value is 88A8 0001, and the class of service (CoS) is zero.
C-tag S-tag
------------------------------------------------------- --------------------------------------------------
0x8100 | Priority bits | CFI | C-VLAN-ID 0x88A8 | Priority bits | 0 | S-VLAN-ID
------------------------------------------------------- --------------------------------------------------

C-Bridge Component
All C-VLANs entering on a UNI port in an S-bridge component are provided the same service (marked
with the same S-VLAN). C-VLAN components are not supported, but a customer may want to tag a
particular C-VLAN packet separately to differentiate between services. Provider bridges allow C-VLAN
packet tagging with a provider edge bridge, called the C-bridge component of the provider bridge.
C-bridge components are C-VLAN aware and can insert or remove a C-VLAN 802.1Q tag. The C-bridge
UNI port is capable of identifying the customer 802.1Q tag and inserting or removing an S-tag on the

3
 IEEE 802.1ad Support on Provider Bridges
Information About IEEE 802.1ad Support on Provider Bridges

packet on a per service instance or C-VLAN basis. A C-VLAN tagged service instance allows service
instance selection and identification by C-VLAN. 801.1ad customer user network interfaces (C-UNIs)
implement the C-component.

MAC Addresses for Layer 2 Protocols

Customers’ Layer 2 PDUs received by a provider bridge are not forwarded, so Layer 2 protocols running
in customer sites do not know the complete network topology. By using a different set of addresses for
the Layer 2 protocols running in provider bridges, IEEE 802.1ad causes customers’ Layer 2 PDUs
entering the provider bridge to appear as unknown multicast traffic and forwards it on customer ports
(on the same S-VLAN). Customers’ Layer 2 protocols can then run transparently.
Table 1 shows the Layer 2 MAC addresses reserved for the C-VLAN component.

Table 1 Reserved Layer 2 MAC Addresses for the C-VLAN Component

Assignment Value
Bridge Group Address 01-80-C2-00-00-00
IEEE 802.3 Full Duplex PAUSE Operation 01-80-C2-00-00-01
IEEE 802.3 Slow_Protocols_Multicast_Address 01-80-C2-00-00-02
IEEE 802.1X PAE Address 01-80-C2-00-00-03
Provider Bridge Group Address 01-80-C2-00-00-08
Provider Bridge GVRP Address 01-80-C2-00-00-0D
IEEE 802.1AB Link Layer Discovery Protocol 01-80-C2-00-00-0E
Multicast Address
Reserved for future standardization 01-80-C2-00-00-04
01-80-C2-00-00-05
01-80-C2-00-00-06
01-80-C2-00-00-07
01-80-C2-00-00-09
01-80-C2-00-00-0A
01-80-C2-00-00-0B
01-80-C2-00-00-0C
01-80-C2-00-00-0F

Table 2 shows the Layer 2 MAC addresses reserved for the S-VLAN component. These addresses are a
subset of the C-VLAN component addresses, and the C-bridge does not forward the provider’s BPDUs
to a customer network.

Table 2 Reserved Layer 2 MAC Addresses for the S-VLAN Component

Assignment Value
IEEE 802.3 Full Duplex PAUSE Operation 01-80-C2-00-00-01
IEEE 802.3 Slow_Protocols_Multicast_Address 01-80-C2-00-00-02

4
 IEEE 802.1ad Support on Provider Bridges
Information About IEEE 802.1ad Support on Provider Bridges

Table 2 Reserved Layer 2 MAC Addresses for the S-VLAN Component (continued)

Assignment Value
IEEE 802.1X PAE Address 01-80-C2-00-00-03
Provider Bridge Group Address 01-80-C2-00-00-08
Reserved for future standardization 01-80-C2-00-00-04
01-80-C2-00-00-05
01-80-C2-00-00-06
01-80-C2-00-00-07
01-80-C2-00-00-09
01-80-C2-00-00-0A

IEEE 802.1ad Support on Provider Bridges Feature

The IEEE 802.1ad Support on Provider Bridges feature is implemented on switch ports and supports the
following IEEE 802.1ad specified functions:
• Operation of individual provider bridges
• Configuration and management of individual provider bridges
• Management of spanning tree and VLAN topologies within a provider network
In Cisco IOS Release 12.2(54)SE, the Cisco ME 3400E and Catalyst 3750 Metro switch platforms
support this feature. The Cisco ME3400 switch platform does not support this feature.

Layer 2 PDU Destination MAC Addresses for Customer-Facing C-Bridge UNI Ports
Table 3 shows the Layer 2 PDU destination MAC addresses for customer-facing C-bridge UNI ports and
how frames are processed.

Table 3 Layer 2 PDU Destination MAC Addresses for Customer-Facing C-Bridge UNI Ports

Significance on the
MAC Address Protocol C-Bridge UNI Port Default Action
01-80-C2-00-00-00 Bridge Group Address Data, BPDU BPDU
(end-to-end BPDUs) (based on the CLI
configuration of the
l2protocol command)
01-80-C2-00-00-01 802.3X Pause Protocol BPDU MAC address processes
01-80-C2-00-00-02 Slow protocol address: BPDU BPDU
802.3ad LACP, 802.3ah
OAM, Cisco Discovery
Protocol, DTP, PagP,
UDLD, VTP
01-80-C2-00-00-03 802.1x BPDU BPDU
01-80-C2-00-00-04 Reserved for future Drop Drop
media access method

5
 IEEE 802.1ad Support on Provider Bridges
Information About IEEE 802.1ad Support on Provider Bridges

Table 3 Layer 2 PDU Destination MAC Addresses for Customer-Facing C-Bridge UNI Ports

Significance on the
MAC Address Protocol C-Bridge UNI Port Default Action
01-80-C2-00-00-05 Reserved for future Drop Drop
media access method
01-80-C2-00-00-06 Reserved for future Drop Drop
bridge use
01-80-C2-00-00-07 Ethernet Local BPDU BPDU
Management Interface
01-80-C2-00-00-08 Provider STP (BPDU) Drop Drop
01-80-C2-00-00-09 Reserved for future Drop Drop
bridge use
01-80-C2-00-00-0A Reserved for future Drop Drop
bridge use
01-80-C2-00-00-0B Reserved for future Drop Drop
S-bridge purposes
01-80-C2-00-00-0C Reserved for future Drop Drop
S-bridge purposes
01-80-C2-00-00-0D Provider bridge GVRP Drop Drop
address
01-80-C2-00-00-0E 802.1ab LLDP Data, BPDU BPDU
(based on the CLI
configuration of the
l2protocol command)
01-80-C2-00-00-0F Reserved for future C- Drop Drop
bridge or Q-bridge use
01-80-C2-00-00-10 All bridges address BPDU Peer
01-80-C2-00-00-20 GMRP Data Data
01-80-C2-00-00-21 GVRP Data Data
01-80-C2-00-00-22-2F Other GARP addresses Data Data
01-00-0C-CC-CC-CC Cisco’s Cisco Data, BPDU BPDU
Discovery Protocol, (based on the CLI
DTP, PagP, UDLD, VTP configuration of the
(end-to-end) l2protocol command)
01-00-0C-CC-CC-CD Cisco’s PVST Data, BPDU BPDU
(end-to-end) (based on the CLI
configuration of the
l2protocol command)

Layer 2 PDU Destination MAC Addresses for Customer-Facing S-Bridge UNI Ports
If a port is operating as a customer-facing S-bridge UNI, the destination MAC addresses shown in Table
4 are used for defining the Layer 2 protocol PDU processing at the S-bridge UNI.
Table 4 shows the Layer 2 PDU destination MAC addresses for customer-facing S-bridge ports and how
frames are processed.

6
IEEE 802.1ad Support on Provider Bridges
Information About IEEE 802.1ad Support on Provider Bridges

Table 4 Layer 2 PDU Destination MAC Addresses for Customer-Facing S-Bridge UNI Ports

Significance on the
MAC Address Protocol S-Bridge UNI Port Default Action
01-80-C2-00-00-00 Bridge Group Address Data, BPDU Data
(BPDUs) (based on the CLI
configuration of the
l2protocol command)
01-80-C2-00-00-01 802.3X Pause Protocol BPDU MAC address processes
01-80-C2-00-00-02 Slow protocol address: BPDU BPDU
802.3ad LACP, 802.3ah
OAM
01-80-C2-00-00-03 802.1x BPDU BPDU
01-80-C2-00-00-04 Reserved for future Drop Drop
media access method
01-80-C2-00-00-05 Reserved for future Drop Drop
media access method
01-80-C2-00-00-06 Reserved for future Drop Drop
bridge use
01-80-C2-00-00-07 Ethernet Local BPDU BPDU
Management Interface (drop on NNI)
01-80-C2-00-00-08 Provider STP (BPDU) BPDU BPDU
01-80-C2-00-00-09 Reserved for future Drop Drop
bridge use
01-80-C2-00-00-0A Reserved for future Drop Drop
bridge use
01-80-C2-00-00-0B Reserved for future Data Data
S-bridge purposes
01-80-C2-00-00-0C Reserved for future Data Data
S-bridge purposes
01-80-C2-00-00-0D Provider bridge GVRP Data Data
address
01-80-C2-00-00-0E 802.1ab LLDP Data, BPDU Data
(based on the CLI
configuration of the
l2protocol command)
01-80-C2-00-00-0F Reserved for future C- Data Data
bridge or Q-bridge use
01-80-C2-00-00-10 All bridges address Data Data
01-80-C2-00-00-20 GMRP Data Data
01-80-C2-00-00-21 GVRP Data Data
01-80-C2-00-00-22-2F Other GARP addresses Data Data

7
 IEEE 802.1ad Support on Provider Bridges
How to Configure IEEE 802.1ad Support on Provider Bridges

Table 4 Layer 2 PDU Destination MAC Addresses for Customer-Facing S-Bridge UNI Ports

Significance on the
MAC Address Protocol S-Bridge UNI Port Default Action
01-00-0C-CC-CC-CC Cisco’s Cisco Data, BPDU Data
Discovery Protocol, (based on the CLI
DTP, PagP, UDLD, VTP configuration of the
l2protocol command)
01-00-0C-CC-CC-CD Cisco’s PVST Data, BPDU Data
(based on the CLI
configuration of the
l2protocol command)

How to Configure IEEE 802.1ad Support on Provider Bridges

• Configuring a Switch Port to Process 802.1ad BPDUs, page 8 (required)

Configuring a Switch Port to Process 802.1ad BPDUs

In an 802.1ad network, the default behavior for Layer 2 PDUs on an interface depends on the 802.1ad
interface type. If the interface type is an S-bridge UNI, all Layer 2 PDUs are tunneled. If the interface
type is a C-bridge UNI, all Layer 2 PDUs are processed (peered)
PDU processing on the S-bridge UNI is the same as on an 802.1ad NNI. Both interface types have the
same scope of MAC addresses. Perform the tasks in this section to configure one switch port to forward
802.1ad BPDUs end to end and another switch port to peer (process) BPDUs:
• Configuring a Switch Port to Forward BPDUs, page 8
• Configuring a Switch Port to Process BPDUs, page 9

Configuring a Switch Port to Forward BPDUs

Perform this task to configure a switch port to forward BPDUs.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. switchport access vlan vlan-id
5. ethernet dot1ad {nni | uni {c-port | s-port}}
6. l2protocol [peer | forward] [protocol]
7. end

8
 IEEE 802.1ad Support on Provider Bridges
How to Configure IEEE 802.1ad Support on Provider Bridges

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Switch> enable
Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal
Step 3 interface type number Configures an interface.

Example:
Switch(config)# interface gigabitethernet 0/2
Step 4 switchport access vlan vlan-id Sets the VLAN when an interface is in access mode.

Example:
Switch(config-if)# switchport access vlan 500
Step 5 ethernet dot1ad {nni | uni {c-port | s-port}} Configures a dot1ad NNI or UNI port.

Example:
Switch(config-if)# ethernet dot1ad uni s-port
Step 6 l2protocol [peer | forward] [protocol] Processes or forwards Layer 2 BPDUs.
• In this example, only VTP PDUs will be forwarded.
Example:
Switch(config)# l2protocol forward vtp
Step 7 end Returns the CLI to privileged EXEC mode.

Example:
Switch(config-if)# end
Switch#

Configuring a Switch Port to Process BPDUs

Perform this task to configure a switch port to process BPDUs.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. switchport mode {access | trunk}
5. ethernet dot1ad {nni | uni {c-port | s-port}}

9
 IEEE 802.1ad Support on Provider Bridges
Configuration Examples for IEEE 802.1ad Support on Provider Bridges

6. l2protocol [peer | forward] [protocol]

7. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Switch> enable
Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal
Step 3 interface type number Configures an interface.

Example:
Switch(config)# interface gigabitethernet 0/3
Step 4 switchport mode {access | trunk} Sets the interface type.

Example:
Switch(config-if)# switchport mode trunk
Step 5 ethernet dot1ad {nni | uni {c-port | s-port}} Configures a dot1ad NNI or UNI port.

Example:
Switch(config-if)# ethernet dot1ad uni c-port
Step 6 l2protocol [peer | forward] [protocol] Processes or forwards Layer 2 BPDUs.
• In this example, only VTP PDUs will be processed.
Example:
Switch(config)# l2protocol peer vtp
Step 7 end Returns the CLI to privileged EXEC mode.

Example:
Switch(config-if)# end
Switch#

Configuration Examples for IEEE 802.1ad Support on Provider

Bridges
• Example: Configuring an 802.1ad S-Bridge UNI, page 11
• Example: Configuring an 802.1ad C-Bridge UNI, page 11

10
 IEEE 802.1ad Support on Provider Bridges
Additional References

Example: Configuring an 802.1ad S-Bridge UNI

The following example shows how to configure GigabitEthernet interface 0/2 of a PE as an 802.1ad
S-bridge UNI. In this example, only Cisco Discovery Protocol PDUs will be forwarded (tunneled). Cisco
Discovery Protocol PDUs will be forwarded between the PE and a customer device.
Switch# configure terminal
Switch(config)# interface GigabitEthernet 0/2
Switch(config-if)# switchport access vlan 500
Switch(config-if)# ethernet dot1ad uni s-port
Switch(config-if)# l2protocol forward cdp

Example: Configuring an 802.1ad C-Bridge UNI

The following example shows how to configure interface GigabitEthernet 0/3 of a PE as an 802.1ad
C-bridge UNI. In this example, only Cisco Discovery Protocol PDUs will be processed.
Switch# configure terminal
Switch(config)# interface GigabitEthernet 0/3
Switch(config-if)# switchport mode trunk
Switch(config-if)# ethernet dot1ad uni c-port
Switch(config-if)# l2protocol peer cdp

Additional References

Related Documents
Related Topic Document Title
Cisco IOS commands: master list of commands with Cisco IOS Master Commands List, All Releases
complete command syntax, command mode, command
history, defaults, usage guidelines, and examples
Cisco IOS Carrier Ethernet commands: complete Cisco IOS Carrier Ethernet Command Reference
command syntax, command mode, command history,
defaults, usage guidelines, and examples
Configuring Carrier Ethernet Cisco IOS Carrier Ethernet Configuration Guide, Release 12.2SR

Standards
Standard Title
IEEE 802.1ad Provider Bridges

11
 IEEE 802.1ad Support on Provider Bridges
Additional References

MIBs
MIB MIBs Link
None To locate and download MIBs for selected platforms, Cisco software
releases, and feature sets, use Cisco MIB Locator found at the
following URL:
http://www.cisco.com/go/mibs

RFCs
RFC Title
None —

Technical Assistance
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.

12
 IEEE 802.1ad Support on Provider Bridges
Feature Information for IEEE 802.1ad Support on Provider Bridges

Feature Information for IEEE 802.1ad Support on Provider

Bridges
Table 5 lists the release history for this feature.
Use Cisco Feature Navigator to find information about platform support and software image support.
Cisco Feature Navigator enables you to determine which software images support a specific software
release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
An account on Cisco.com is not required.

Note Table 5 lists only the software release that introduced support for a given feature in a given software
release train. Unless noted otherwise, subsequent releases of that software release train also support that
feature.

Table 5 Feature Information for IEEE 802.1ad Support on Provider Bridges

Feature Name Releases Feature Information

802.1ad Support for Cat3K Switches 12.2(54)SE The IEEE 802.1ad Support on Provider Bridges feature is
the IEEE 802.1ad implementation on Cisco switches using
Layer 2 switch ports.
In 12.2(54)SE, this feature was introduced on the
Cisco ME 3400E and Catalyst 3750 Metro switch
platforms.
The following commands were introduced or modified:
ethernet dot1ad, l2protocol, show ethernet dot1ad.

13
 IEEE 802.1ad Support on Provider Bridges
Glossary

Glossary
DTP—Dynamic Trunking Protocol
GARP—Generic Attribute Registration Protocol
GMRP—GARP Multicast Registration Protocol
GVRP—Generic VLAN Registration Protocol
LLDP—Link Layer Discovery Protocol
OAM—Operations, Administration, and Maintenance
PagP—Port Aggregation Protocol
PVST—Per-VLAN Spanning Tree
UDLD—UniDirectional Link Detection
VTP—VLAN Trunk Protocol
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks
can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any
examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.
Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2010–2011 Cisco Systems, Inc. All rights reserved.

14