What is the best option when using labeled and unlabeled traffic, thinking about the best visibility and detail of the traffic, that is:
Which is the best option:
1.-Set up subinterfaces with tag 20,30 and 40. and Set up some subinterfaces with TAG 0 (VLAN ID "0" Zero as the documentation indicates that indicates untagged traffic).
2.- Build subinterfaces with tag 20, 30 and 40 and then build a classic, traditional vwire, using and referencing the physical interfaces, by default which already allows untagged traffic (without specifying vlan tags).
3.- Or simply better everything in a Vwire allowing in the Tagged Allow 0-4094 (or allowing "0" for untagged traffic) and then putting the TAGs of 20,30 and 40, that is, this is how the vlans would be tagged of vwire "0",20,30,40. With this scheme, visibility and control are lost.
Which would be the best Vwire options, when you have L2 and L3 interfaces with subinterfaces, just let the untagged traffic pass through the physical interface, not the sub-interfaces, this applies to L2 and L3 interfaces/subinterfaces, but for Vwire you have to use VLAN ID 0, which identifies the tagged traffic. In my opinion, the best option or options would be options 1 and 2, since 3 loses all visibility, the best option would be 1, subinterfaces even with ID 0 for untagged traffic.
What do you think, what do you think is the best option based on your experience, based on your point of view.
Thank you for your comments, for your collaboration, for your time and for the good vibes.
"Virtual wire interfaces by default allow all untagged traffic. You can, however, use a virtual wire to connect two interfaces and configure either interface to block or allow traffic based on the virtual LAN (VLAN) tags. VLAN tag 0 indicates untagged traffic.
You can also create multiple subinterfaces, add them into different zones, and then classify traffic according to a VLAN tag or a combination of a VLAN tag with IP classifiers (address, range, or subnet) to apply granular policy control for specific VLAN tags or for VLAN tags from a specific source IP address, range, or subnet."
"You can also use IP classifiers for managing untagged traffic. To do so, you must create a sub-interface with the vlan tag “0”, and define subinterface(s) with IP classifiers for managing untagged traffic using IP classifiers."