When you execute the command “show vlan id” you may see the keyword “SAID” in the output:
Switch#show vlan id 1 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------ 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ --- 1 enet 100001 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ---------------------------------
So what does the term SAID stand for? The answer is somewhat surprising – SAID is Security Association Identifier. The original purpose of SAID was the same as of SPI (Security Parameters Index) in IPsec packet headers – it defined the local set of security attributes (e.g. cipher, key, hash etc) to be applied to the incoming packet. The term comes from now extinct IEEE 802.10 standard, which defined Layer 2 security mechanisms in LANs/MANs.
However, it never became adopted as a security protocol. Instead, Cisco adapted the use of 802.10 encapsulation to implement trunking across FDDI and Token Ring networks. The 4-byte SAID value was used to map a “normal” VLAN number to the encapsulation supported by both Token Ring and FDDI networks (which were both IEEE based). In those days, many people considered 802.10 a “trunking” and not the security protocol. This is why even the modern switches still show you the SAID value mapped to VLAN ID. Like if you still have Token Ring around!
PS
The original IEEE 802.10 standard could be found here: http://standards.ieee.org/getieee802/download/802.10-1998.pdf
