Showing results for 
Search instead for 
Did you mean: 

Why does a VRF peer need to support 802.1q tagging?


In the CVD campus guide

it mentions:




A fusion device can be either a true routing platform, a Layer 3 switching platform, or a firewall must meet several technological requirements.  It must support:

●     Multiple VRFs—Multiple VRFs are needed for the VRF-Aware peer model.  For each VN that is handed off on the border node, a corresponding VN and interface is configured on the peer device.  The selected platform should support the number of VNs used in the fabric site that will require access to shared services. 

●     Subinterfaces (Routers or Firewall)—A virtual Layer 3 interface that is associated with a VLAN ID on a routed physical interface.  It extends IP routing capabilities to support VLAN configurations using the IEEE 802.1Q encapsulation.

●     Switched Virtual Interfaces (Layer 3 switch)—Represents a logical Layer 3 interface on a switch.  This SVI is a Layer 3 interface forwarding for a Layer 3 IEEE 802.1Q VLAN.



   IEEE 802.1Q—An internal tagging mechanism which inserts a 4-byte tag field in the original Ethernet frame between the Source Address and Type/Length fields.  Devices that support SVIs and subinterfaces will also support 802.1Q tagging


I don't understand why it needs to support vlan tagging. Is it because some of the packets it receives could be already tagged? That is my best guess. Other than that the fusion device is essentially providing VRF mapping at layer 3, so I can't understand why it require support for layer 2 tagging.


Can someone help explain this to me?

Thank you

2 Replies 2

On a L3 switch, Traffic that is associated to specific subnet/vlan is routed through a logical sub interface call a switched virtual interface (L3 SVI)
However routers dont support SVIs only routed physical ports but they can be sub-divided into logical sub-interfaces These sub-interfaces can be also associated to a specific of subnet/vlan which is done by encapsulating traffic into a dot1q tag.

Best to just think of a tagged sub interface as a SVI residing on a router

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @hfakoor222 ,

in a VRF lite context the fusion router acts as a multi VRF CE that is a subset of a full MPLS L3 VPN PE node.

in the forwarding plane each VRF is mapped to an 802.1Q  VLAN this can be a routed subinterface or it can be an SVI mapped to the associated VRF.


There is no usage of MPLS in SD Access, so the fusion router to save on the number of links it needs to use 802.1Q based subinterfaces or SVIs and a L2 802.1Q trunk.

The fusion router is also out of the VxVLAN campus fabric.


Hope to help


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: