The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS interfaces commands available on the Cisco Nexus 3548 switches.
Note The internal CLI commands are not supported on the Cisco Nexus Series switches.
To define a range of IP addresses for a dynamic NAT pool, use the address command. To remove a defined range of IP addresses, use the no form of this command.
Specifies the starting IP address for the range of addresses in the pool. |
|
Specifies the ending IP address for the range of addresses in the pool. |
|
|
---|---|
You can create a NAT pool by either defining the range of IP addresses in a single ip nat pool command or by using the ip nat pool and address commands.
Dynamic NAT allows the configuration of a pool of global addresses that can be used to dynamically allocate global address from the pool for every new translation. The addresses are returned to the pool after the session ages out or is closed. This allows for a more efficient use of addresses based on requirements.
Support for PAT includes the use of the global address pool. This further optimizes IP address utilization. PAT exhausts one IP address at a time with the use of port numbers. If no port is available from the appropriate group and more than one IP address is configured, PAT moves to the next IP address and tries to allocate the original source port again. This process continues until PAT runs out of available ports and IP addresses.
This example shows how to create a NAT pool and define the range of global IP addresses using the ip nat pool and address commands:
|
|
---|---|
To set the inherited and received bandwidth values for an interface, use the bandwidth command. To restore the default values, use the no form of this command.
bandwidth { kbps | inherit [ kbps ]}
no bandwidth { kbps | inherit [ kbps ]}
Informational bandwidth in kilobits per second. Valid values are from 1 to 10000000. |
|
(Optional) Specifies that the bandwidth be inherited from the parent interface. |
Interface configuration mode
Subinterface configuration mode
|
|
---|---|
The bandwidth command sets an informational parameter to communicate only the current bandwidth to the higher-level protocols; you cannot adjust the actual bandwidth of an interface using this command.
The bandwidth inherit command controls how a subinterface inherits the bandwidth of its main interface.
The no bandwidth inherit command enables all subinterfaces to inherit the default bandwidth of the main interface, regardless of the configured bandwidth. If a bandwidth is not configured on a subinterface, and you use the bandwidth inherit command, all subinterfaces will inherit the current bandwidth of the main interface. If you configure a new bandwidth on the main interface, all subinterfaces will use this new value.
If you do not configure a bandwidth on the subinterface and you configure the bandwidth inherit command on the main interface, the subinterfaces will inherit the specified bandwidth.
In all cases, if an interface has an explicit bandwidth setting configured, then that interface will use that setting, regardless of whether the bandwidth inheritance setting is in effect.
This example shows how to configure the bandwidth for a Layer 2 interface:
This example shows how to configure subinterfaces to inherit the bandwidth from the parent routed interface:
|
|
---|---|
To assign and configure a physical interface to an EtherChannel, use the channel-group command. To remove the channel group configuration from the interface, use the no form of this command.
channel-group number [ force ] [ mode { active | on | passive }]
|
|
---|---|
Use this command to create a channel group that includes the interface that you are working on and to add or remove specific interfaces from the channel group. Use this command to move a port from one channel group to another. You enter the channel group that you want the port to move to; the switch automatically removes the specified port from its present channel group and adds it to the specified channel group.
Use the force keyword to force the addition of the interface into the specified channel group.
After you enable LACP globally, by using the feature lacp command, you enable LACP on each channel by configuring the channel mode as either active or passive. An EtherChannel in the on channel mode is a pure EtherChannel and can aggregate a maximum of eight ports. The EtherChannel does not run LACP.
You cannot change the mode for an existing EtherChannel or any of its interfaces if that EtherChannel is not running LACP; the channel mode remains as on. The system returns an error message if you attempt to change the mode.
Use the no form of this command to remove the physical interface from the EtherChannel. When you delete the last physical interface from an EtherChannel, the EtherChannel remains. To delete the EtherChannel completely, use the no form of the interface port-channel command.
The compatibility check includes the following operational attributes:
Use the show port-channel compatibility-parameters command to see the full list of compatibility checks that Cisco NX-OS uses.
You can only add interfaces configured with the channel mode set to on for static EtherChannels, that is, without a configured aggregation protocol. You can only add interfaces configured with the channel mode as active or passive to EtherChannels that are running LACP.
You can configure these attributes on an individual member port. If you configure a member port with an incompatible attribute, Cisco NX-OS suspends that port in the EtherChannel.
When the interface joins an EtherChannel, some of its individual parameters are overridden with the values on the EtherChannel, as follows:
Interface parameters, such as the following, remain unaffected when the interface joins or leaves a EtherChannel:
If interfaces are configured for the EtherChannel interface and a member port is removed from the EtherChannel, the configuration of the EtherChannel interface is not propagated to the member ports.
Any configuration changes that you make in any of the compatibility parameters to the EtherChannel interface are propagated to all interfaces within the same channel group as the EtherChannel (for example, configuration changes are also propagated to the physical interfaces that are not part of the EtherChannel but are part of the channel group).
This example shows how to add an interface to LACP channel group 5 in active mode:
switch(config)#
interface ethernet 1/1
switch(config-if)#
channel-group 5 mode active
switch(config-if)#
This example shows how to forcefully add an interface to the channel group 5:
switch(config)#
interface ethernet 1/1
switch(config-if)#
channel-group 5 force
switch(config-if)#
|
|
---|---|
Displays information about the traffic on the specified EtherChannel interface. |
|
To enable the Cisco Discovery Protocol (CDP) on an Ethernet interface, use the cdp enable command. To disable CDP on the interface, use the no form of this command.
|
|
This example shows how to enable CDP on an Ethernet interface:
|
|
---|---|
To clear dynamic Network Address Translation ( NAT) translations from the translation table, use the clear ip nat translation command in EXEC mode.
clear ip nat translation {all | inside global-ip local-ip [outside local-ip global-ip ]| outside local-ip global-ip }
Clears inside translations that contain the specified global-ip and local-ip addresses. |
|
Clears outside translations that contain the specified local-ip and global-ip addresses. |
|
|
This example shows how to clear entries from the translation table before they time out:
|
|
---|---|
Designates that traffic originating from or destined for the interface is subject to NAT. |
|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To save the running configuration to the startup configuration file so that all current configuration details are available after a reboot, use the copy running-config startup-config command.
copy running-config startup-config
|
|
---|---|
To view the changes to the configuration that you have made, use the show startup-config command.
Note Once you enter the copy running-config startup-config command, the running and the startup copies of the configuration are identical.
This example shows how to save the running configuration to the startup configuration:
|
|
---|---|
To set a delay value for an interface, use the delay command. To restore the default delay value, use the no form of this command.
Throughput delay in tens of microseconds. The range is from 1 to 16,777,215. |
Interface configuration mode
Subinterface configuration mode
|
|
This example shows how to set a delay of 30,000 microseconds on an interface:
This example shows how to set a delay of 1000 microseconds on a subinterface:
|
|
---|---|
To delay the virtual port channel (vPC) from coming up on the restored vPC peer device after a reload when the peer adjacency is already established, use the delay restore command. To revert to the default delay value, use the no form of this command.
Number of seconds to delay bringing up the restored vPC peer device. The range is from 1 to 3600. |
|
|
---|---|
Use the delay restore command to avoid upstream traffic from the access device to the core from being dropped when you restore the vPC peer devices.
This example shows how to configure the delay reload time for a vPC link:
This example shows how to remove the reload time configuration for a vPC link:
|
|
---|---|
To add a description to an interface configuration, use the description command. To remove the description, use the no form of this command.
String description of the interface configuration. This string is limited to 80 characters. |
Interface configuration mode
Subinterface configuration mode
|
|
The description command is meant to provide a reminder in the configuration to describe what certain interfaces are used for. The description appears in the output of the following commands such as show interface and show running-config.
This example shows how to add a description for an interface:
|
|
---|---|
Displays the contents of the currently running configuration file. |
To ensure that certain VLAN interfaces are not shut down on the virtual port-channel (vPC) secondary peer device when the vPC peer link fails for those VLANs carried on the vPC peer link but not on the vPC configuration itself, use the dual-active exclude interface-vlan command. To return to the default value, use the no form of this command.
dual-active exclude interface-vlan { range }
no dual-active exclude interface-vlan
Range of VLAN interfaces that you want to exclude from shutting down. The allowed VLAN range is from 1 to 3967 and 4048 to 4093. |
|
|
---|---|
This example shows how to configure the device to keep the VLAN interfaces up on the vPC peer devices if the peer link fails:
This example shows how to restore the default configuration on the vPC peer devices if the peer link fails:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface, use the encapsulation dot1q command. To disable encapsulation, use the no form of this command.
no encapsulation dot1Q vlan-id
VLAN to set when the interface is in access mode; valid values are from 1 to 4093, except for the VLANs reserved for internal switch use. |
Subinterface configuration mode
|
|
---|---|
IEEE 802.1Q encapsulation is configurable on Ethernet and EtherChannel interfaces. IEEE 802.1Q is a standard protocol for interconnecting multiple switches and routers and for defining VLAN topologies.
Use the encapsulation dot1q command in subinterface range configuration mode to apply a VLAN ID to the subinterface.
Note This command is not applicable to loopback interfaces.
This command does not require a license but if you want to enable Layer 3 interfaces, you must install the LAN Base Services license.
This example shows how to enable dot1Q encapsulation on a subinterface for VLAN 30:
|
|
---|---|
To enable a virtual port channel (vPC), which allows links that are physically connected to two different Cisco Nexus 3000 Series devices to appear as a single port channel to a third device, use the feature vpc command. To disable vPC on the switch, use the no form of this command.
|
|
---|---|
In a vPC configuration, the third device can be a Cisco Nexus 2000 Series Fabric Extender, switch, server, or any other networking device.
This example shows how to enable vPC on the switch:
|
|
---|---|
To enter interface configuration mode for an Ethernet IEEE 802.3 interface, use the interface ethernet command.
interface ethernet slot / port
Port number within a particular slot. The port number is from 1 to 128. |
|
|
This example shows how to enter configuration mode for Ethernet interface 1/4:
switch(config)#
interface ethernet 1/4
switch(config-if)#
|
|
---|---|
Displays various parameters of an Ethernet IEEE 802.3 interface. |
|
To configure a Layer 3 Ethernet IEEE 802.3 routed interface, use the interface ethernet command.
interface ethernet slot / port [. subintf-port-no ]
Port number within a particular slot. The port number is from 1 to 128. |
|
(Optional) Port number for the subinterface. The range is from 1 to 48. |
Global configuration mode
Interface configuration mode
|
|
You must use the no switchport command in the interface configuration mode to configure the interface as a Layer 3 routed interface. When you configure the interface as a Layer 3 interface, all Layer 2 specific configurations on this interface are deleted.
Use the switchport command to convert a Layer 3 interface into a Layer 2 interface. When you configure the interface as a Layer 2 interface, all Layer 3 specific configurations on this interface are deleted.
This example shows how to enter configuration mode for a Layer 3 Ethernet interface 1/5:
switch(config)#
interface ethernet 1/5
switch(config-if)#
no switchport
switch(config-if)#
ip address 10.1.1.1/24
switch(config-if)#
This example shows how to configure a Layer 3 subinterface for Ethernet interface 1/5 in the global configuration mode:
switch(config)#
interface ethernet 1/5.2
switch(config-if)#
no switchport
switch(config-subif)#
ip address 10.1.1.1/24
switch(config-subif)#
This example shows how to configure a Layer 3 subinterface in interface configuration mode:
switch(config)#
interface ethernet 1/5
switch(config-if)#
no switchport
switch(config-if)#
interface ethernet 1/5.1
switch(config-subif)#
ip address 10.1.1.1/24
switch(config-subif)#
This example shows how to convert a Layer 3 interface to a Layer 2 interface:
switch(config)#
interface ethernet 1/5
switch(config-if)#
no switchport
switch(config-if)#
ip address 10.1.1.1/24
switch(config-if)#
switchport
switch(config-if)#
|
|
---|---|
Displays various parameters of an Ethernet IEEE 802.3 interface. |
To create a loopback interface and enter interface configuration mode, use the interface loopback command. To remove a loopback interface, use the no form of this command.
|
|
Use the interface loopback command to create or modify loopback interfaces.
From the loopback interface configuration mode, the following parameters are available:
This example shows how to create a loopback interface:
|
|
---|---|
Displays information about the traffic on the specified loopback interface. |
To create an EtherChannel interface and enter interface configuration mode, use the interface port-channel command. To remove an EtherChannel interface, use the no form of this command.
interface port-channel channel-number [. subintf-channel-no ]
no interface port-channel channel-number [. subintf-channel-no ]
Channel number that is assigned to this EtherChannel logical interface. The range is from 1 to 4096. |
|
(Optional) Port number of the EtherChannel subinterface. The range is from 1 to 4093. |
Global configuration mode
Interface configuration mode
|
|
---|---|
A port can belong to only one channel group.
When you use the interface port-channel command for Layer 2 interfaces, follow these guidelines:
You must use the no switchport command in the interface configuration mode to configure the EtherChannel interface as a Layer 3 interface. When you configure the interface as a Layer 3 interface, all Layer 2 specific configurations on this interface are deleted.
Use the switchport command to convert a Layer 3 EtherChannel interface into a Layer 2 interface. When you configure the interface as a Layer 2 interface, all Layer 3 specific configurations on this interface are deleted.
You can configure one or more subinterfaces on a port channel made from routed interfaces.
This example shows how to create an EtherChannel group interface with channel-group number 50:
This example shows how to create a Layer 3 EtherChannel group interface with channel-group number 10:
This example shows how to configure a Layer 3 EtherChannel subinterface with channel-group number 1 in interface configuration mode:
This example shows how to configure a Layer 3 EtherChannel subinterface with channel-group number 20.1 in global configuration mode:
To create a VLAN interface and enter interface configuration mode, use the interface vlan command. To remove a VLAN interface, use the no form of this command.
VLAN to set when the interface is in access mode; valid values are from 1 to 4094, except for the VLANs reserved for the internal switch use. |
|
|
---|---|
Before you use this command, enable the interface-vlan feature by using the feature interface-vlan command.
Use the interface vlan command to create or modify VLAN interfaces.
The VLAN interface is created the first time that you enter the interface vlan command for a particular VLAN. The vlan-id argument corresponds to the VLAN tag that is associated with the data frames on an IEEE 802.1Q-encapsulated trunk or the VLAN ID that is configured for an access port.
This example shows how to create a VLAN interface for VLAN 50:
|
|
---|---|
Displays information about the traffic on the specified VLAN interface. |
To designate that traffic originating from or destined for an interface is subject to Network Address Translation ( NAT), use the ip natcommand in interface configuration mode. To disable the configuration, use the no form of this command.
Connects the interface inside network (the network subject to NAT translation). |
|
Traffic leaving or arriving at an interface is not subject to NAT.
Interface configuration (config-if)
|
|
---|---|
Only packets traversing between inside and outside interfaces can be translated. You must specify at least one inside interface and one outside interface for each border device where you intend to use NAT.
The following example shows how to connect interfaces to the outside and inside networks:
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To enable dynamic Network Address Translation (NAT) of the inside source address by using an access control list (ACL), use the ip nat inside source command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat inside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [dynamic]
no ip nat inside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [dynamic]
|
|
---|---|
Packets that enter a device through the inside interface and packets that are sourced from the device are checked against the access list for possible NAT candidates. The access list is used to specify the traffic that is to be translated.
Overload, also called Port Address Translation (PAT), is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Your NAT configuration can have multiple dynamic NAT translations with different access control lists (ACLs); but each ACL must point to the same outgoing interface.
This example shows how to configure the dynamic NAT overload configuration:
This example shows how to create a NAT inside source list with pool without overloading:
This example shows how to create a NAT inside source list with pool with overloading:
This example shows how to configure dynamic twice NAT for an inside source address:
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To enable static Network Address Translation (NAT) of an inside global address to an inside local address or of inside local traffic to inside global traffic, use the ip nat inside source static command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat inside source static inside-local-ip-address inside-global-ip-address | [tcp | udp] inside-local-ip-address local-port inside-global-ip-address global-port [group group-id] [dynamic]
no ip nat inside source static inside-local-ip-address inside-global-ip-address | [tcp | udp] inside-local-ip-address local-port inside-global-ip-address global-port [group group-id] [dynamic]
|
|
---|---|
This example shows how to configure dynamic twice NAT for an outside source address:
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To enable dynamic Network Address Translation (NAT) of the outside source address by using an access control list (ACL), use the ip nat outside source command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat outside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [add-route] [dynamic]
no ip nat outside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [add-route] [dynamic]
|
|
---|---|
Packets that enter a device through the outside interface and packets that are sourced from the device are checked against the access list for possible NAT candidates. The access list is used to specify the traffic that is to be translated.
This example shows how to create a NAT outside source list with pool without overloading:
This example shows how to configure dynamic twice NAT for an outside source address:
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To enable static Network Address Translation (NAT) of an outside global address to an inside local address or of inside local traffic to inside global traffic, use the ip nat outside source static command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat outside source static outside-global-ip-address outside-local-ip-address | [tcp | udp] outside-global-ip-address outside-global-port outside-local-ip-address outside-local-port [group group-id] [add-route] [dynamic]
no ip nat outside source static outside-global-ip-address outside-local-ip-address | [tcp | udp] outside-global-ip-address outside-global-port outside-local-ip-address outside-local-port [group group-id] [add-route] [dynamic]
|
|
---|---|
This example shows how to configure dynamic twice NAT for an inside source address:
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To create a dynamic Network Address Translation (NAT) pool, use the ip nat pool command in global configuration mode. To delete the pool, use the no form of this command.
ip nat pool pool-name [startip endip] {prefix prefix-length | netmask network-mask}
|
|
---|---|
Dynamic NAT allows the configuration of a pool of global addresses that can be used to dynamically allocate global address from the pool for every new translation. The addresses are returned to the pool after the session ages out or is closed. This allows for a more efficient use of addresses based on requirements.
Support for PAT includes the use of the global address pool. This further optimizes IP address utilization. PAT exhausts one IP address at a time with the use of port numbers. If no port is available from the appropriate group and more than one IP address is configured, PAT moves to the next IP address and tries to allocate the original source port again. This process continues until PAT runs out of available ports and IP addresses.
You can create a NAT pool by either defining the range of IP addresses in a single ip nat pool command or by using the ip nat pool and address commands.
This example shows how to create a NAT pool with a prefix length:
This example shows how to create a NAT pool with a network mask:
This example shows how to create a NAT pool and define the range of global IP addresses using multiple commands:
This example shows how to delete a NAT pool:
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To change the Network Address Translation (NAT) timeout, use the ip nat translation command in global configuration mode. To disable the timeout, use the no form of this command.
ip nat translation {finrst-timeout {seconds | never} | max-entries number-of-entries | sampling-timeout seconds | syn-timeout {seconds | never} | tcp-timeout seconds | timeout | udp-timeout seconds}
no ip nat translation {finrst-timeout {seconds | never} | max-entries number-of-entries | sampling-timeout seconds | syn-timeout {seconds | never} | tcp-timeout seconds | timeout seconds | udp-timeout seconds}
|
|
---|---|
The finrst-timeout and syn-timeout command options were introduced. |
|
Timeout of a dynamic translation involves both the sampling-timeout value and the TCP or UDP timeout value. The sampling-timeout specifies the time after which the device checks for dynamic translation activity. During the checking, the device inspects the packets that are hitting this translation. The checking happens for the TCP or UDP timeout period. If there are no packets for the TCP or UDP timeout period, the translation is cleared. If activity is detected on the translation, then the checking is stopped immediately and a sampling-timeout period begins.
After waiting for this new sampling-timeout period, the device checks for dynamic translation activity again. During an activity check the Ternary Content-Addressable Memory (TCAM) sends a copy of the packet that matches the dynamic NAT translation to the CPU. If the Control Plane Policing (CoPP) is configured at a low threshold, the TCP or UDP packets might not reach the CPU, and the CPU considers this as inactivity of the NAT translation.
The following example shows how to configure the timeout value for TCP data packets that send the SYN request, but do not receive a SYN-ACK reply:
switch(config)# ip nat translation syn-timeout 20
The following example shows how to configure a device to cause UDP port translation entries to time out after 10 minutes (600 seconds):
|
|
---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
|
|
---|---|
To configure port channel min-links and enter the interface configuration mode, use the lacp min-links command. To remove the port channel min-links configuration, use the no form of this command.
|
|
The min-link feature works only with the Link Aggregation Control Protocol (LACP) port channels.
This example shows how to configure port channel min-links and enter the interface configuration mode:
This example shows how to remove the port channel min-links configuration:
|
|
---|---|
To set the priority for the physical interfaces for the Link Aggregation Control Protocol (LACP), use the lacp port-priority command. To return the port priority to the default value, use the no form of this command.
Priority for the physical interfaces. The range of valid numbers is from 1 to 65535. |
|
|
---|---|
Each port configured to use LACP has an LACP port priority. You can configure a value between 1 and 65535. LACP uses the port priority in combination with the port number to form the port identifier. The port priority is used with the port number to form the port identifier. The port priority is used to decide which ports should be put into standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.
Note When setting the priority, note that a higher number means a lower priority.
This example shows how to set the LACP port priority for the interface to 2000:
|
|
---|---|
To configure the rate at which control packets are sent by the Link Aggregation Control Protocol (LACP), use the lacp rate fast command. To restore the rate to 30 seconds, use the no form of this command or the lacp rate normal command.
|
|
---|---|
You must enable LACP before using this command.
The LACP rate fast feature is used to set the rate (once every second) at which the LACP control packets are sent to an LACP-supported interface. The normal rate at which LACP packets are sent is 30 seconds.
This example shows how to configure the LACP fast rate feature on a specified Ethernet interface:
This example shows how to remove the LACP fast rate configuration from a specified Ethernet interface:
|
|
---|---|
To set the system priority of the switch for the Link Aggregation Control Protocol (LACP), use the lacp system-priority command. To return the system priority to the default value, use the no form of this command.
Priority for the physical interfaces. The range of valid numbers is from 1 to 65535. |
|
|
---|---|
Each device that runs LACP has an LACP system priority value. You can configure a value between 1 and 65535. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems.
When setting the priority, note that a higher number means a lower priority.
This example shows how to set the LACP system priority for the device to 2500:
|
|
---|---|
To enable the reception, or transmission, of Link Layer Discovery Protocol (LLDP) packets on an interface, use the lldp command. To disable the reception or transmission of LLDP packets, use the no form of this command.
no lldp { receive | transmit }
|
|
---|---|
Note LLDP, which is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network, is enabled on the switch by default.
This example shows how to set an interface to transmit LLDP packets:
|
|
---|---|
To configure the interface as a Layer 3 Ethernet interface, use the no switchport command.
|
|
---|---|
You can configure any Ethernet port as a routed interface. When you configure an interface as a Layer 3 interface, any configuration specific to Layer 2 on this interface is deleted.
If you want to configure a Layer 3 interface for Layer 2, enter the switchport command. Then, if you change a Layer 2 interface to a routed interface, enter the no switchport command.
This example shows how to enable an interface as a Layer 3 routed interface:
This example shows how to configure a Layer 3 interface as a Layer 2 interface:
|
|
---|---|
Saves the running configuration to the startup configuration file. |
|
To configure the IPv4 address for the remote end of the vPC peer keepalive link that carries the keepalive messages, use the peer-keepalive command. To disassociate the peer keepalive link, use the no form of this command.
peer-keepalive destination ipv4_address [ hold-timeout holdtime_seconds | interval mseconds { timeout seconds } | precedence { prec_value | critical | flash | flash-override | immediate | internet | network | priority | routine } | source ipv4_address | tos { tos_value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | tos-byte tos_byte_value | udp-port udp_port | vrf { vrf_name | management }]
no peer-keepalive destination ipv4_address [ hold-timeout holdtime_seconds | interval mseconds { timeout seconds } | precedence { prec_value | critical | flash | flash-override | immediate | internet | network | priority | routine } | source ipv4_address | tos { tos_value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | tos-byte tos_byte_value | udp-port udp_port | vrf { vrf_name | management }]
|
|
---|---|
You must configure the vPC peer-keepalive link before the system can form the vPC peer link. Ensure that both the source and destination IP addresses used for the peer-keepalive message are unique in your network and these IP addresses are reachable from the VRF associated with the vPC peer-keepalive link.
The Cisco NX-OS software uses the peer-keepalive link between the vPC peers to transmit periodic, configurable keepalive messages. You must have Layer 3 connectivity between the peer devices to transmit these messages. The system cannot bring up the vPC peer link unless the peer-keepalive link is already up and running.
Note We recommend that you configure a separate VRF instance and put a Layer 3 port from each vPC peer device into that VRF for the vPC peer-keepalive link. Do not use the peer link itself to send vPC peer-keepalive messages.
This example shows how to set up the peer keepalive link connection between the primary and secondary vPC device:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
Displays information about the configuration for the keepalive messages. |
To configure the load-balancing method among the interfaces in the channel-group bundle, use the port-channel load-balance ethernet command. To return the system priority to the default value, use the no form of this command.
port-channel load-balance ethernet method
no port-channel load-balance ethernet [ method ]
Load-balancing method. See the “Usage Guidelines” section for a list of valid values. |
Loads distribution on the source and destination MAC address.
|
|
---|---|
By default, the Cisco Nexus 3548 Switch load balances on a port-channel based on source and destinationIP addresses.
If only MAC address-based load-balancing is desired, you must configure load balancing by using the port-channel load-balance ethernet mac command. There should be no L3 header in the packet amd the packets must be link-local. The Ethertype in the packets must be 0xFFFF. Otherwise, the packets drop becasue of the parse error.
The valid load-balancing method values are as follows:
Use the option that provides the balance criteria with the greatest variety in your configuration. For example, if the traffic on an EtherChannel is going only to a single MAC address and you use the destination MAC address as the basis of EtherChannel load balancing, the EtherChannel always chooses the same link in that EtherChannel; using source addresses or IP addresses might result in better load balancing.
This example shows how to set the load-balancing method to use the source IP:
switch(config)#
port-channel load-balance ethernet source-ip
This example shows how to set the load-balancing method to use the destination IP:
|
|
---|---|
To manually assign a primary or secondary role to a virtual Port Channel (vPC) device, use the role command. To restore the default role priority, use the no form of this command.
Specifies the priority to define primary or secondary roles in the vPC configuration. |
|
Priority value for the vPC device. The range is from 1 to 65535. |
|
|
---|---|
By default, the Cisco NX-OS software elects a primary and secondary vPC peer device after you configure the vPC domain and both sides of the vPC peer link. However, you may want to elect a specific vPC peer device as the primary device for the vPC. Then, you would manually configure the role value for the vPC peer device that you want as the primary device to be lower than the other vPC peer device.
vPC does not support role preemption. If the primary vPC peer device fails, the secondary vPC peer device takes over to become operationally the vPC primary device. However, the original operational roles are not restored if the formerly primary vPC comes up again.
This example shows how to configure the role priority of a vPC device:
This example shows how to restore the default role priority of a vPC device:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
To display a brief summary of the interface configuration information, use the show interface brief command.
|
|
---|---|
This example shows how to display the summary configuration information of the specified interface:
|
|
---|---|
To display detailed information about the capabilities of an interface, use the show interface capabilities command.
show interface [ ethernet slot / port ] capabilities
(Optional) Specifies an Ethernet interface slot number and port number. The slot number is from 1 to 255, and the port number is from 1 to 128. |
|
|
---|---|
You can use the show interface capabilities command only for physical interfaces.
This example shows how to display the interface capabilities:
This example shows how to display the interface capabilities for a specific interface:
|
|
---|---|
To display the debounce time information for all interfaces, use the show interface debounce command.
|
|
---|---|
This example shows how to display the debounce status of all interfaces:
|
|
---|---|
To display information about the interface configuration, use the show interface ethernet command.
show interface ethernet slot / port [. subintf-port-no ] [ brief | counters | description | status | switchport | transceiver [ details ]]
|
|
---|---|
This example shows how to display the detailed configuration of the specified interface:
This example shows how to display the counters configured on a specified interface:
This example shows how to display the switchport information for a specific interface:
This example shows how to display the operational status for a specific interface:
This example shows how to display the calibration information about the transceivers connected to a specified Ethernet interface:
|
|
---|---|
To display information about the loopback interface, use the show interface loopback command.
show interface loopback lo-number [ brief | description ]
(Optional) Displays a brief summary of the loopback interface information. |
|
(Optional) Displays the description provided for the loopback interface. |
|
|
---|---|
This example shows how to display the configuration information for a specific loopback interface:
Table 1 describes the significant fields shown in the display.
This example shows how to display the brief information for a specific loopback interface:
|
|
---|---|
To display the information about an EtherChannel interface configuration, use the show interface port-channel command.
show interface port-channel number [. subinterface-number ] [ brief | counters | description | status ]
|
|
---|---|
This example shows how to display the configuration information of a specified EtherChannel interface:
|
|
---|---|
To display the information about the MAC address, use the show interface mac-address command.
show interface [ type slot / port | portchannel-no ] mac-address
|
|
If you do not specify an interface, the system displays all the MAC addresses.
This example shows how to display the information on MAC addresses for the entire switch:
This example shows how to display the MAC address information for a specific port channel:
|
|
---|---|
Adds static entries to the MAC address table or configures a static MAC address with IGMP snooping disabled for that address. |
|
To display the error disabled state of interfaces, use the show interface status err-disabled command.
show interface status err-disabled
|
|
---|---|
This example shows how to display the error disabled state of interfaces:
|
|
---|---|
To display information about all the switch port interfaces, use the show interface switchport command.
|
|
---|---|
This example shows how to display information for all Ethernet interfaces:
|
|
---|---|
To display the information about the transceivers connected to a specific interface, use the show interface transceiver command.
show interface [ ethernet slot / port ] transceiver [ details ]
|
|
---|---|
You can use the show interface transceiver command only for physical interfaces.
This example shows how to display the transceivers for all Ethernet interfaces:
This example shows how to display the transceivers connected to a specified Ethernet interface:
This example shows how to display the detailed information about the transceivers connected to a specified Ethernet interface:
|
|
---|---|
Displays detailed information about the capabilities of an interface. |
To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC command.
|
|
This example displays the output the show ip nat statistics command:
|
|
---|---|
Designates that traffic originating from or destined for the interface is subject to NAT. |
The following table describes the output fields shown in the preceding display.
To display all NAT translations including static and dynamic translations, use the show ip nat translation command in EXEC mode.
|
|
This example shows how to display entries from the translation table before they time out:
This example shows how to display active NAT translations:
|
|
---|---|
Designates that traffic originating from or destined for the interface is subject to NAT. |
|
Enables dynamic NAT of the inside source address by using an ACL. |
|
To display Link Aggregation Control Protocol (LACP) information, use the show lacp command.
show lacp { counters | interface ethernet slot / port | neighbor [ interface port-channel number ] | port-channel [ interface port-channel number ] | system-identifier }
|
|
---|---|
Use the show lacp command to troubleshoot problems related to LACP in a network.
This example shows how to display the LACP system identification:
This example shows how to display the LACP information for a specific interface:
|
|
---|---|
To display module information, use the show module command.
Module number in the switch chassis. The range is from 1 to 3. |
|
|
---|---|
This example shows how to display the module information for a specific module:
|
|
---|---|
To display the total number of port channels that are configured, or are still available on the device, use the show port-channel capacity command.
|
|
---|---|
This example shows how to display the port channels on a device:
|
|
---|---|
Displays Cisco Technical Support information about EtherChannels. |
To display the parameters that must be the same among the member ports in order to join an EtherChannel interface, use the show port-channel compatibility-parameters command.
show port-channel compatibility-parameters
|
|
---|---|
This example shows how to display the EtherChannel interface parameters:
|
|
---|---|
Displays Cisco Technical Support information about EtherChannels. |
To display the aggregation state for one or more EtherChannel interfaces, use the show port-channel database command.
show port-channel database [ interface port-channel number ]
(Optional) Displays information for an EtherChannel interface. |
|
(Optional) Displays aggregation information for a specific EtherChannel interface. The number range is from 1 to 4096. |
|
|
---|---|
This example shows how to display the aggregation state of all EtherChannel interfaces:
This example shows how to display the aggregation state for a specific EtherChannel interface:
|
|
---|---|
Displays Cisco Technical Support information about EtherChannels. |
To display information about EtherChannel load balancing, use the show port-channel load-balance command.
show port-channel load-balance [ forwarding-path interface port-channel number | src-interface interface { vlan vlan_ID } [ dst-ip ipv4-addr ] [ dst-mac dst-mac-addr ] [ l4-dst-port dst-port ] [ l4-src-port src-port ] [ src-ip ipv4-addr ] [ src-mac src-mac-addr ]]
|
|
---|---|
You must use the vlan keyword to determine the use of hardware hashing.
Note ● Only hardware-based hashing is supported on Cisco Nexus 3548 Switch. There is no software hashing.
When you do not use hardware hashing, the output displays all parameters used to determine the outgoing port ID. Missing parameters are shown as zero values in the output.
If you do not use hardware hashing, the outgoing port ID is determined by using control-plane selection. Hardware hashing is not used in the following scenarios:
To get accurate results, you must do the following:
This example shows how to display the port channel load balance information in wrap mode:
|
|
---|---|
Configures the load-balancing method among the interfaces in the channel-group bundle. |
To display summary information about EtherChannels, use the show port-channel summary command.
|
|
---|---|
Before you use this command, you must configure an EtherChannel group using the interface port-channel command.
This example shows how to display summary information about EtherChannels:
|
|
---|---|
Assigns and configures a physical interface to an EtherChannel. |
|
Creates an EtherChannel interface and enters interface configuration mode. |
To display the traffic statistics for EtherChannels, use the show port-channel traffic command.
show port-channel traffic [ interface port-channel number ]
(Optional) Displays traffic statistics for a specified interface. |
|
(Optional) Displays information for a specified EtherChannel. The range is from 1 to 4096. |
|
|
---|---|
This example shows how to display the traffic statistics for all EtherChannels:
This example shows how to display the traffic statistics for a specific EtherChannel:
|
|
---|---|
Displays Cisco Technical Support information about EtherChannels. |
To display the range of used and unused EtherChannel numbers, use the show port-channel usage command.
|
|
---|---|
This example shows how to display the EtherChannel usage information:
|
|
---|---|
Displays Cisco Technical Support information about EtherChannels. |
To display the number of resources currently available in the system, use the show resource command.
|
|
---|---|
This example shows how to display the resources available in the system:
|
|
---|---|
To display the running configuration for a specific port channel, use the show running-config interface command.
show running-config interface [ all | { ethernet { slot / port } [ all ]} | { loopback { number } [ all ]} | { mgmt 0 [ all ]} | port-channel { channel-number } [ membership ]}
|
|
---|---|
This example shows how to display the running configuration for port channel 100 on a switch that runs Cisco NX-OS Release 5.0(3)A1(1):
switch(config)#
show running-config interface port-channel 100
!Command: show running-config interface port-channel100
!Time: Tue Aug 23 09:25:00 2011
version 5.0(3)A1(1)
interface port-channel100
speed 10000
switch(config)#
|
|
---|---|
To display the running configuration for Network Address Translation (NAT), use the show running-config nat command.
show running-config nat [ all ]
|
|
---|---|
This example shows how to display the running configuration for NAT:
|
|
---|---|
To display troubleshooting information about EtherChannel interfaces, use the show tech-support port-channel command.
show tech-support port-channel
|
|
---|---|
The output from the show tech-support port-channel command is very long. To better manage this output, you can redirect the output to a file.
This example shows how to display Cisco technical support information for EtherChannel interfaces:
|
|
---|---|
Configures the load-balancing method among the interfaces in the channel-group bundle. |
|
To display information about the software and hardware version, use the show version command.
|
|
---|---|
This example shows how to display the version information of a switch that runs Cisco NX-OS Release 5.0(3)A1(1):
To display brief information about the virtual port channels (vPCs), use the show vpc brief command.
(Optional) Displays the brief information for the specified vPC. The range is from 1 to 4096. |
|
|
---|---|
The show vpc brief command displays the vPC domain ID, the peer-link status, the keepalive message status, whether the configuration consistency is successful, and whether a peer link formed or failed to form.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information about enabling vPCs.
You can display the track object if you have configured a tracked object for running vPCs on a single module in the vpc-domain configuration mode.
This example shows how to display brief information about the vPCs on a switch:
|
|
---|---|
To display the consistency of parameters that must be compatible across the virtual port-channel (vPC) interfaces, use the show vpc consistency-parameters command.
show vpc consistency-parameters { global | interface { ethernet slot / port | port-channel channel-number } | vlans | vpc number }
|
|
---|---|
The show vpc consistency-parameters command displays the configuration of all the vPC Type 1 parameters on both sides of the vPC peer link.
Note All the Type 1 configurations must be identical on both sides of the vPC peer link, or the link will not come up.
The vPC Type 1 configuration parameters are as follows:
– Tagging of native VLAN traffic
– Port type setting—We recommend that you set all vPC peer link ports as network ports.
This command is not available if you have not enabled the vPC feature. See feature vpc for information on enabling vPCs.
This example shows how to display the vPC global consistency parameters on a switch:
This example shows how to display the vPC consistency parameters for the specified port channel on a switch:
This example shows how to display the vPC consistency parameters for the specified vPC on a switch:
This example shows how to display the vPC consistency parameters for VLANs on a switch:
|
|
---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
|
To display ports that are not part of the virtual port channel (vPC) but have common VLANs, use the show vpc orphan-ports command.
|
|
---|---|
The show vpc orphan-ports command displays those ports that are not part of the vPC but that share common VLANs with ports that are part of the vPC.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information about enabling vPCs.
This example shows how to display vPC orphan ports:
|
|
---|---|
To display the destination IP for the virtual port-channel (vPC) peer keepalive message and the status of the messages, use the show vpc peer-keepalive command.
|
|
---|---|
The show vpc peer-keepalive command displays the destination IP of the peer keepalive message for the vPC. The command also displays the send and receive status as well as the last update from the peer in seconds and milliseconds.
Note We recommend that you create a separate VRF on the peer devices to send and receive the vPC peer keepalive messages. Do not use the peer link itself to send the vPC peer-keepalive messages.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information about enabling vPCs.
This example shows how to display information about the peer-keepalive message:
|
|
---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
To display information about the virtual port-channel (vPC) role of the peer device, use the show vpc role command.
|
|
---|---|
The show vpc role command displays the following information about the vPC status:
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information on enabling vPCs.
This example shows how to display the vPC role information of the device that you are working on:
|
|
---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
|
To display virtual port-channel (vPC) statistics, use the show vpc statistics command.
show vpc statistics { peer-keepalive | peer-link | vpc number }
Displays statistics about the specified vPC. The range is from 1 to 4096. |
|
|
---|---|
The peer-link parameter displays the same information as the show interface port-channel channel number command for the vPC peer-link port channel.
The vpc number parameter displays the same information as the show interface port-channel channel number command for the specified vPC port channel.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information on enabling vPCs.
This example shows how to display statistics about the peer-keepalive message:
This example shows how to display statistics about a specific vPC:
|
|
---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
|
To shut down the local traffic on an Ethernet interface or Ethernet port-channel interface, use the shutdown command. To return the interface to its default operational state, use the no form of this command.
Interface configuration mode
Subinterface configuration mode
|
|
---|---|
You can use this command on the following interfaces:
Note Use the no switchport command to configure an interface as a Layer 3 interface.
This command does not require a license but if you want to enable Layer 3 interfaces, you must install the LAN Base Services license.
This example shows how to shut down, or disable, a Layer 2 interface:
switch(config)#
interface ethernet 1/10
switch(
config-if)#
shutdown
switch(
config-if)#
This example shows how to shut down a Layer 3 Ethernet subinterface:
switch(config)#
interface ethernet 1/5.1
switch(
config-subif)#
shutdown
switch(
config-subif)#
|
|
---|---|
Displays information on traffic about the specified EtherChannel interface. |
To configure the transmit and receive speed for an Ethernet interface, use the speed command. To reset to the default speed, use the no form of this command.
speed {10 | 100 | 1000 | 10000 | 40000 | auto }
Sets the interface speed to 10 Gbps. This is the default speed. |
|
|
|
The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port and then set its speed with the speed command.
You can enable 40-Gigabits per second (Gbps) speed on up to 12 interfaces. You enable 40-Gbps speed on the first port of a group of four adjacent ports. For example, you enable 40-Gbps speed only on port 1 of port group 1-4, port 5 of port group 5-8, and port 9 of port group 9-12, and so on. These ports are numbered in a 2-tuple naming convention and the first number in the 2-tuple is always 1. Hence, the 40-Gbps port numbering is Ethernet interface 1/1, 1/5, 1/9, 1/13, 1/17, and so on.
The configuration is applied to the first port, not to the remaining three ports in the group. The remaining ports act like the ports without an enhanced small form-factor pluggable (SFP+) transceiver inserted. The configuration takes effect immediately. You do not need to reload the switch.
An SFP+ transceiver security check is performed only on the first port of the group.
You can reconfigure interface speeds from 40-Gigabit to 10-Gigabit, and from 10-Gigabit back to 40-Gbps by using the speed command.
Note If the interface and transceiver speed is mismatched, the SFP validation failed message is displayed when you enter the show interface ethernet slot/port command. For example, if you insert a 1-Gigabit SFP transceiver into a port without configuring the speed 1000 command, you will get this error.
This example shows how to set the speed for a 1-Gigabit Ethernet port:
switch(
config-if)#
This example shows how to set the speed for a 40-Gigabit Ethernet port:
|
|
---|---|
To configure the interface to be an access host port, use the switchport host command. To remove the host port, use the no form of this command.
|
|
---|---|
Ensure that you are configuring the correct interface. It must be an interface that is connected to an end station.
An access host port handles the Spanning Tree Protocol (STP) like an edge port and immediately moves to the forwarding state without passing through the blocking and learning states. Configuring an interface as an access host port also disables EtherChannel on that interface.
This example shows how to set an interface as an Ethernet access host port with EtherChannel disabled:
|
|
---|---|
Displays a summary of the interface configuration information. |
|
Displays information on all interfaces configured as switch ports. |
To configure the interface as a nontrunking nontagged single-VLAN Ethernet interface, use the switchport mode command. To remove the configuration and restore the default, use the no form of this command.
switchport mode { access | trunk }
no switchport mode { access | trunk }
|
|
---|---|
An access port can carry traffic in one VLAN only. By default, an access port carries traffic for VLAN 1. To set the access port to carry traffic for a different VLAN, use the switchport access vlan command.
The VLAN must exist before you can specify that VLAN as an access VLAN. The system shuts down an access port that is assigned to an access VLAN that does not exist.
This example shows how to set an interface as an Ethernet access port that carries traffic for a specific VLAN only:
|
|
---|---|
Displays information on all interfaces configured as switch ports. |
|
To set the list of allowed VLANs on the trunking interface, use the switchport trunk allowed vlan command. To allow all VLANs on the trunking interface, use the no form of this command.
switchport trunk allowed vlan { vlan-list | add vlan-list | all | except vlan-list | none | remove vlan-list }
no switchport trunk allowed vlan
|
|
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport trunk allowed vlan command. This action is required only if you have not entered the switchport command for the interface.
You can enter the switchport trunk allowed vlan command on interfaces where the Switched Port Analyzer (SPAN) destination port is either a trunk or an access port.
If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management traffic in VLAN 1.
When you create a switchport trunk, by default it is not a member of any VLAN. You must explicitly add VLANs to the trunk port for traffic on those VLANs to be allowed on the trunk port. To remove all allowed VLANs from a trunk port, use the no form of this command and the trunk port becomes a member of no VLANs.
This example shows how to add a series of consecutive VLANs to the list of allowed VLANs on a trunking port:
switch(config-if)#
switchport trunk allowed vlan add 40-50
|
|
---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
With Cisco Nexus 3500 platform switches, you can truncate the packets after a user-defined threshold at ingress and time-stamp the packets using Precision Time Protocol (PTP) with nanosecond accuracy.
With PTP, the IEEE 1588 packet is time-stamped at the ingress port to record the event message arrival time in the hardware at the parser level. The time stamp points to the first bit of the packet (following the start frame delimiter [SFD]). Next, the packet is copied to the CPU with the time stamp and the destination port number. The packet next traverses the PTP stack. The advanced PTP clock algorithm in the Cisco Nexus 3548 Series switches keeps a track of all the timing and the frequency information and it makes the necessary adjustments to help ensure accurate time.
Finally, the packet is internally marked as a high-priority packet to ensure priority egress out of the switch and it is sent out at the egress port. The corresponding time stamp for the transmitted packet is available from the First In, First Out (FIFO) transmission time stamp.
The timestamp tagging feature is used to provide precision time information to monitor the devices remotely and to track the real time when the packets arrive at the Cisco Nexus 3500 Series switches. The timestamp tagging feature configures the ttag command on the egress interface.
The ether-type <type> option sets the Ethertype field of the ethernet frame. The Ethertype is used to indicate which protocol is encapsulated in the payload. Ethertype 1 (type 0x88B5/0x88B6) is used for this purpose.
This example shows how to configure timestamp tagging:
|
|
---|---|
Displays a summary of the interface configuration information. |
To enable the timestamp tagging marker packet on the interface, use the ttag-marker command with enable. To disable the timestamp tagging marker packet on the interface, use the no form of this command:
|
|
Once enabled on a Layer 2 port, the ttag marker sends out the periodic marker frames at specific intervals, based on the interval configured. The marker frame format includes the marker Ethertype that is followed by:
The actual ttag packet also contains the hardware timestamp. It is computed with the marker timestamp to calculate the latency of the packet.
The Ethertype that has to be taken for the marker frames can be specified manually, similar to ttag Etherype.
The ether-type <type> option sets the Ethertype field of the Ethernet frame. The Ethertype is used to indicate which protocol is encapsulated in the payload. Ethertype 1 (type 0x88B5/0x88B6) is used for this purpose.
This example shows how to enable the timestamp tagging marker on the interface:
|
|
---|---|
Displays a summary of the interface configuration information. |
To send out periodic timestamp tagging marker frames on an L2 port at specific intervals, use the ttag-marker-interval command:
|
|
The ttag marker interval once configured may not be effective unless the ttag marker is enabled on a specific Layer 2 interface. Once the ttag marker is enabled on the interface, the marker frames are sent out of the configured interface. The default interval is 1 second.
This example shows how to specify the ttag marker interval to 4 seconds:
To configure the Unidirectional Link Detection (UDLD) protocol on the switch, use the udld command. To disable UDLD, use the no form of this command.
udld { aggressive | message-time timer-time | reset }
no udld { aggressive | message-time | reset }
|
|
UDLD aggressive mode is disabled by default. You can configure UDLD aggressive mode only on point-to-point links between network devices that support UDLD aggressive mode. If UDLD aggressive mode is enabled, when a port on a bidirectional link that has a UDLD neighbor relationship established stops receiving UDLD frames, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is disabled.
To prevent spanning tree loops, normal UDLD with the default interval of 15 seconds is fast enough to shut down a unidirectional link before a blocking port transitions to the forwarding state (with default spanning tree parameters).
When you enable the UDLD aggressive mode, the following occurs:
In these cases, the UDLD aggressive mode disables one of the ports on the link, which prevents traffic from being discarded.
This example shows how to enable the aggressive UDLD mode for the switch:
This example shows how to reset all ports that were shut down by UDLD:
|
|
---|---|
To enable and configure the Unidirectional Link Detection (UDLD) protocol on an Ethernet interface, use the udld command. To disable UDLD, use the no form of this command.
udld { aggressive | disable | enable }
no udld { aggressive | disable | enable }
|
|
You can configure normal or aggressive UDLD modes for an Ethernet interface. Before you can enable a UDLD mode for an interface, you must make sure that UDLD is enabled on the switch. UDLD must also be enabled on the other linked interface and its device.
To use the normal UDLD mode on a link, you must configure one of the ports for normal mode and configure the port on the other end for the normal or aggressive mode. To use the aggressive UDLD mode, you must configure both ends of the link for aggressive mode.
This example shows how to enable the normal UDLD mode for an Ethernet port:
This example shows how to enable the aggressive UDLD mode for an Ethernet port:
This example shows how to disable UDLD for an Ethernet port:
|
|
---|---|
To move other port channels into a virtual port channel (vPC) to connect to the downstream device, use the vpc command. To remove the port channels from the vPC, use the no form of this command.
|
|
---|---|
You can use any module in the device for the port channels.
Note We recommend that you attach the vPC domain downstream port channel to two devices for redundancy.
To connect to the downstream device, you create a port channel from the downstream device to the primary vPC peer device, and you create another port channel from the downstream device to the secondary peer device. Finally, working on each vPC peer device, you assign a vPC number to the port channel that connects to the downstream device. You will experience minimal traffic disruption when you are creating vPCs.
Note The port channel number and vPC number can be different, but the vPC number must be the same on both switches.
This example shows how to configure the selected port channel into the vPC to connect to the downstream device:
To create a virtual port channel (vPC) domain and assign a domain ID, use the vpc domain command. To revert to the default vPC configuration, use the no form of this command.
|
|
---|---|
Before you can create a vPC domain and configure vPC on the switch, you must enable the vPC feature using the feature vpc command.
The vPC domain includes both vPC peer devices, the vPC peer keepalive link, the vPC peer link, and all the port channels in the vPC domain connected to the downstream device. You can have only one vPC domain ID on each device.
When configuring the vPC domain ID, make sure that the ID is different from the ID used by a neighboring vPC-capable device with which you may configure a double-sided vPC. This unique ID is needed because the system ID is derived from the MAC address ID of the switch. For a vPC, this MAC address is derived from the domain ID. As a result, in a peer-to-peer vPC configuration, if the neighboring switches use the same domain ID, a system ID conflict may occur in the LACP negotiation that may cause an unsuccessful LACP negotiation.
Under the vPC domain, make sure to configure the primary vPC device to ignore type checks by using the peer-config-check-bypass command.
This example shows how to create a vPC domain:
|
|
---|---|
Copies the running configuration to the startup configuration. |
|
Restores the vPC peer links after a specified period of time. |
|
To create a virtual port channel (vPC) peer link by designating the port channel that you want on each device as the peer link for the specified vPC domain, use the vpc peer-link command. To remove the peer link, use the no form of this command.
|
|
---|---|
We recommend that you configure the Layer 2 port channels that you are designating as the vPC peer link in trunk mode and that you use two ports on separate modules on each vPC peer device for redundancy.
The Cisco Nexus 3000 Series switch supports 64 hardware port channels. Use the show port-channel capacity command to display the total number of port channels supported by the hardware.
This example shows how to select the port channel that you want to use as the vPC peer link for this device and configure the selected port channel as the vPC peer link:
This example shows how to remove the vPC peer link: