Interfaces Configuration Guide, Cisco DCNM for LAN, Release 6.x
Configuring Layer 2 Interfaces
Downloads: This chapterpdf (PDF - 407.0KB) The complete bookPDF (PDF - 7.16MB) | Feedback

Configuring Layer 2 Interfaces

Table Of Contents

Configuring Layer 2 Interfaces

Information About Access and Trunk Interfaces

Information About Access and Trunk Interfaces

IEEE 802.1Q Encapsulation

Access VLANs

Native VLAN IDs for Trunk Ports

Tagging Native VLAN Traffic

Allowed VLANs

High Availability

Virtualization Support

Default Interfaces

SVI Autostate Exclude

Licensing Requirements for Layer 2 Port Modes

Prerequisites for Layer 2 Interfaces

Default Settings

Platform Support

Configuring Access and Trunk Interfaces

Configuring a LAN Interface as a Layer 2 Access Port

Configuring a Trunk Port and a FabricPath Port

Configuring a Default Interface

Configuring SVI Autostate Exclude

Configuring the Device to Tag Native VLAN Traffic

Monitoring the Layer 2 Interfaces

Field Descriptions

Additional References

Related Documents

Standards

MIBs

Feature History for Configuring Layer 2 Interfaces


Configuring Layer 2 Interfaces


This chapter describes how to configure Layer 2 switching ports as access or trunk ports using Cisco Data Center Network Manager (DCNM).


Note The Cisco NX-OS release that is running on a managed device may not support all the features or settings described in this chapter. For the latest feature information and caveats, see the documentation and release notes for your platform and software release.



Note Beginning with Cisco NX-OS Release 5.1, a Layer 2 port can function as either one of the following:

A trunk port

An access port

A private VLAN port (see the Cisco DCNM Layer 2 Switching Configuration Guide, Release 5.x, for more information on private VLANs)

A FabricPath port (see the Cisco Nexus 7000 Series NX-OS FabricPath Configuration Guide, Release 5.x, and the Cisco DCNM FabricPath Configuration Guide, Release 5.x, for information on FabricPath)

Beginning with Cisco NX-OS Release 5.2(1), a Layer 2 port can also function as a shared interface. You cannot configure an access interface as a shared interface. See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for information on shared interfaces.



Note See the Cisco DCNM FabricPath Configuration Guide, Release 5.x, for more information on configuring the FabricPath feature.



Note A Layer 2 port can function as either a trunk port, an access port, or a private VLAN port.


This chapter includes the following sections:

Information About Access and Trunk Interfaces

Licensing Requirements for Layer 2 Port Modes

Prerequisites for Layer 2 Interfaces

Default Settings

Platform Support

Configuring Access and Trunk Interfaces

Monitoring the Layer 2 Interfaces

Field Descriptions

Additional References

Feature History for Configuring Layer 2 Interfaces


Note See the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x, for information on configuring a SPAN destination interface.


For more information about the Data Center Network Manager features, see the Fundamentals Configuration Guide, Cisco DCNM for LAN, Release 5.x .

You can configure Layer 2 switching ports as access or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. All Layer 2 switching ports maintain media access control (MAC) address tables.


Note See the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x, for information on VLANs, private VLANs, and the Spanning Tree Protocol.



Note A Layer 2 port can function as either a trunk port, an access port, or a private VLAN port. See the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x, for more information on private VLANs.


Information About Access and Trunk Interfaces


Note See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x, for complete information on high-availability features.


This section includes the following topics:

Information About Access and Trunk Interfaces

IEEE 802.1Q Encapsulation

Access VLANs

Native VLAN IDs for Trunk Ports

Tagging Native VLAN Traffic

Allowed VLANs

High Availability

Virtualization Support

Default Interfaces

SVI Autostate Exclude


Note The device supports only IEEE 802.1Q-type VLAN trunk encapsulation.


Information About Access and Trunk Interfaces

A Layer 2 port can be configured as an access or a trunk port as follows:

An access port can have only one VLAN configured on that port; it can carry traffic for only one VLAN.

A trunk port can have two or more VLANs configured on that port; it can carry traffic for several VLANs simultaneously.

By default, all ports on the device are Layer 3 ports.

You change the default port setting to Layer 2 using the command-line interface (CLI). See the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x, for information on changing the default port setting to Layer 2 for the system.

All ports in the same trunk must be in the same device, and trunk ports cannot carry VLANs from different devices.

Figure 3-1 shows how you can use trunk ports in the network. The trunk port carries traffic for two or more VLANs.

Figure 3-1 Trunk and Access Ports and VLAN Traffic


Note See the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x, for information on VLANs.


In order to correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation, or tagging, method (see the "IEEE 802.1Q Encapsulation" section for more information).


Note See the Unicast Configuration Guide, Cisco DCNM for LAN, Release 5.x, for information on subinterfaces on Layer 3 interfaces.


To optimize the performance on access ports, you can configure the port as a host port. Once the port is configured as a host port, it is automatically set as an access port, and channel grouping is disabled. Use the host designation to decrease the time that it takes the designated port to begin to forward packets.

Only an end station can be set as a host port; you will receive an error message if you attempt to configure other ports as hosts.

If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.

A Layer 2 interface can function as either an access port or a trunk port; it cannot function as both port types simultaneously.

When you change a Layer 2 interface back to a Layer 3 interface, that interface loses all the Layer 2 configuration and resumes the default VLAN configurations.

IEEE 802.1Q Encapsulation


Note For information about VLANs, see the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x.


A trunk is a point-to-point link between the switch and another networking device. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.

To correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation, or tagging, method that uses a tag that is inserted into the frame header (see Figure 3-2). This tag carries information about the specific VLAN to which the frame and packet belong. This method allows packets that are encapsulated for several different VLANs to traverse the same port and maintain traffic separation between the VLANs. Also, the encapsulated VLAN tag allows the trunk to move traffic end-to-end through the network on the same VLAN.

Figure 3-2 Header Without and With 802.1Q Tag

Access VLANs


Note If you assign an access VLAN that is also a primary VLAN for a private VLAN, all access ports with that access VLAN will also receive all the broadcast traffic for the primary VLAN in the private VLAN mode.



Note See the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x, for complete information on private VLANs.


When you configure a port in access mode, you can specify which VLAN will carry the traffic for that interface. If you do not configure the VLAN for a port in access mode, or an access port, the interface carries traffic for the default VLAN (VLAN1).

You can change the access port membership in a VLAN by specifying the new VLAN. You must create the VLAN before you can assign it as an access VLAN for an access port. If you change the access VLAN on an access port to a VLAN that is not yet created, the system shuts that access port down.

If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.

Native VLAN IDs for Trunk Ports

A trunk port can carry nontagged packets simultaneously with the 802.1Q tagged packets. When you assign a default port VLAN ID to the trunk port, all untagged traffic travels on the default port VLAN ID for the trunk port, and all untagged traffic is assumed to belong to this VLAN. This VLAN is referred to as the native VLAN ID for a trunk port. That is, the native VLAN ID is the VLAN that carries untagged traffic on trunk ports.


Note Native VLAN ID numbers must match on both ends of the trunk.


The trunk port sends an egressing packet with a VLAN that is equal to the default port VLAN ID as untagged; all the other egressing packets are tagged by the trunk port. If you do not configure a native VLAN ID, the trunk port uses the default VLAN.


Note You cannot use an FCoE VLAN as a native VLAN for an Ethernet trunk switchport.


Tagging Native VLAN Traffic

The Cisco software supports the IEEE 802.1Q standard on trunk ports. In order to pass untagged traffic through the trunk ports, you must create a VLAN that does not tag any packets (or you can use the default VLAN). Untagged packets can pass through trunk ports and access ports.

However, all packets that enter the device with an 802.1Q tag that matches the value of the native VLAN on the trunk are stripped of any tagging and egress the trunk port as untagged packets. This situation can cause problems because you may want to retain the tagging on packets on the native VLAN for the trunk port.

You can configure the device to drop all untagged packets on the trunk ports and to retain the tagging of packets entering the device with 802.1Q values that are equal to that of the native VLAN ID. All control traffic still passes on the native VLAN. This configuration is global; trunk ports on the device either do or do not retain the tagging for the native VLAN.

Allowed VLANs

By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. Later, you can add any specific VLANs that you may want the trunk to carry traffic for back to the list.

To partition the Spanning Tree Protocol (STP) topology for the default VLAN, you can remove VLAN1 from the list of allowed VLANs. Otherwise, VLAN1, which is enabled on all ports by default, will have a very big STP topology, which can result in problems during STP convergence. When you remove VLAN1, all data traffic for VLAN1 on this port is blocked, but the control traffic continues to move on the port.


Note See the Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x, for more information about STP.


High Availability

The software supports high availability for Layer 2 ports.


Note See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x, for complete information on high availability features.


Virtualization Support

The device supports virtual device contexts (VDCs).

All ports in the same trunk must be in the same device, and trunk ports cannot carry VLANs from different devices.


Note See the Virtual Device Context Configuration Guide, Cisco DCNM for LAN, Release 5.x, for complete information on VDCs and assigning resources.


Default Interfaces

You can use the default interface feature to clear the configured parameters for both physical and logical interfaces such as the Ethernet, loopback, VLAN network, tunnel, and the port-channel interface.


Note A maximum of 8 ports can be selected for the default interface. The default interfaces feature is not supported for management interfaces because the device could go to an unreachable state.


SVI Autostate Exclude

Ordinarily, when a VLAN interface has multiple ports in the VLAN, the SVI will go to the down state when all the ports in the VLAN go down. You can use the SVI Autostate Exclude feature to exclude specific ports and port channels while defining the status of the SVI (up or down) even if it belongs to the same VLAN. For example, even if the excluded port or port channel is in the up state and other ports are in the down state in the VLAN, the SVI state is changed to down.


Note You can use the SVI Autostate Exclude feature only for switched physical Ethernet ports and port channels.


Licensing Requirements for Layer 2 Port Modes

The following table shows the licensing requirements for this feature:

Product
License Requirement

Cisco DCNM

Layer 2 port modes require no license. Any feature not included in a license package is bundled with the Cisco DCNM and is provided at no charge to you.

Cisco NX-OS

Layer 2 port modes require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.



Note Using VDCs requires an Advanced Services license.


Prerequisites for Layer 2 Interfaces

Layer 2 interfaces have the following prerequisites:

You are logged onto the device.

Default Settings

Table 3-1 lists the default settings for device access and trunk port mode parameters.

Table 3-1 Default Access and Trunk Port Mode Parameters 

Parameters
Default

Switchport mode

Access

Allowed VLANs

1 to 3967, 4048 to 4094

Access VLAN ID

VLAN1

Native VLAN ID

VLAN1

Native VLAN ID tagging

Disabled

Administrative state

Shut


Platform Support

The following platforms support this feature but may implement it differently. For platform-specific information, including guidelines and limitations, system defaults, and configuration limits, see the corresponding documentation.

Platform
Documentation

Cisco Nexus 1000V Series Switches

Cisco Nexus 1000V Series Switches Documentation

Cisco Nexus 3000 Series Switches

Cisco Nexus 3000 Series Switches Documentation

Cisco Nexus 4000 Series Switches

Cisco Nexus 4000 Series Switches Documentation

Cisco Nexus 5000 Series Switches

Cisco Nexus 5000 Series Switches Documentation

Cisco Nexus 7000 Series Switches

Cisco Nexus 7000 Series Switches Documentation

Cisco Catalyst 6500 Series Switches

Cisco Catalyst 6500 Series Switches Documentation


Configuring Access and Trunk Interfaces


Note Beginning with Cisco NX-OS Release 5.1, you can configure Layer 2 interfaces as Fabricpath interfaces if you have an F Series module in your Cisco Nexus 7000 Series chassis. See the Cisco DCNM FabricPath Configuration Guide and the Cisco Nexus 7000 Series NX-OS FabricPath Configuration Guide for more information on configuring FabricPath.


This section includes the following topics:

Configuring a LAN Interface as a Layer 2 Access Port

Configuring a Trunk Port and a FabricPath Port

Configuring a Default Interface

Configuring SVI Autostate Exclude

Configuring the Device to Tag Native VLAN Traffic

Configuring a LAN Interface as a Layer 2 Access Port

You can configure a Layer 2 port as an access port. An access port transmits packets on only one, untagged VLAN. You specify which VLAN traffic that the interface carries, which becomes the access VLAN. If you do not specify a VLAN for an access port, that interface carries traffic only on the default VLAN. The default VLAN is VLAN1.

You use the Ethernet pane to configure a Layer 2 access port (see Figure 3-3).

Figure 3-3 Ethernet Pane, Port Mode Settings

DETAILED STEPS


Step 1 From the Feature Selector pane, choose Interfaces > Physical > Ethernet to open the Ethernet pane.

Step 2 From the Contents pane, in the Summary pane, double-click the device to display the interfaces.

Step 3 Click the slot to display the list of interfaces.

Step 4 Click the interface.

The system highlights the interface in the Summary pane, and tabs appear in the Details pane.

Step 5 In the Details pane, click the Port Details tab.

Step 6 Click the Port Mode Settings section.

Step 7 From the Mode drop-down list, choose Access to configure the port as an access port.

Routed is the default port mode.

Step 8 In the Access VLAN field, specify the access VLAN by using a known VLAN, assigning a VLAN from among the VLANs on this device, or creating a new VLAN.

The default access VLAN is VLAN1. The range is VLAN 1 to 4094, excluding the internally assigned VLANs 3968 to 4047 and 4094.

Step 9 From the menu bar, choose File > Deploy to apply your changes to the device.


Configuring a Trunk Port and a FabricPath Port


Note You can pre-provision a trunk port while the actual port is still in access mode. From the main menu, choose Tools > Global Preferences > Pre Provisioning to access or hide the screen that allows and displays this functionality. See the Fundamentals Configuration Guide, Cisco DCNM for LAN, Release 5.x , for information on pre-provisioning.


You can configure a Layer 2 port as a trunk port, which transmits untagged packets for one VLAN plus transmits encapsulated, tagged, packets for multiple VLANs.


Note The device supports 802.1Q encapsulation only.


You use the Ethernet pane to configure a Layer 2 trunk port (see Figure 3-3).

DETAILED STEPS


Step 1 From the Feature Selector pane, choose Interfaces > Physical > Ethernet to open the Ethernet pane.

Step 2 From the Contents pane, in the Summary pane, double-click the device to display the interfaces.

Step 3 Click the slot to display the list of interfaces.

Step 4 Click the interface.

The system highlights the interface in the Summary pane, and tabs appear in the Details pane.

Step 5 In the Details pane, click the Port Details tab.

Step 6 Click the Port Mode Settings section.

Step 7 From the Mode drop-down list, choose Trunk to configure the port as a trunk port.


Note Do not change the dimmed value in the Encapsulation row from dot1q. The IEEE 802.1Q encapsulation method is the only supported encapsulation method.


Step 8 In the Allowed VLAN field, enter the numbers of the VLANs or select the VLANs that are allowed to run on this trunk port.

VLANs 1 to 4094 are the default. VLANs 3968 to 4047 and 4094 are internally allocated for device use.

Step 9 In the Native VLAN field, specify, choose, or create the native VLAN for this trunk port.

The default native VLAN is VLAN1. The range is from VLAN 1 to 4094, excluding the internally assigned VLANs 3968 to 4047 and 4094.

Step 10 From the Mode drop-down list, choose Fabricpath to configure the port as a FabricPath port.

Step 11 From the menu bar, choose File > Deploy to apply your changes to the device.


Configuring a Default Interface

The default interface feature allows you to clear the existing configuration of multiple interfaces such as Ethernet, loopback, VLAN network, port-channel, and tunnel interfaces. All user configuration under a specified interface will be deleted.


Note The default interface feature is not supported for management interfaces because the device could go to an unreachable state.


You can select a maximum of 8 ports for a default interface configuration. If you select more than 8 ports and click Set to Default, a dialog box appears (see Figure 3-3).

Figure 3-4 Default Interfaces Dialog Box

DETAILED STEPS


Step 1 From the Feature Selector pane, choose Interfaces > Logical> Tunnel or VLAN Network Interface or Loopback or Port-Channel.

Step 2 From the Contents pane, in the Summary pane, double click the device to display the interfaces.

Step 3 Right-click and choose Set to Default.


Configuring SVI Autostate Exclude

You can configure the SVI Autostate Exclude feature on an Ethernet interface or a port channel.

You can use the Autostate Exclude option to enable or disable the port from bringing up or down the SVI calculation and applying it to all VLANs that are enabled on the selected port (see Figure 3-5).

Figure 3-5 Ethernet Interface

DETAILED STEPS


Step 1 From the Feature Selector pane, choose Interfaces > Physical > Ethernet to open the Ethernet pane.

Step 2 From the Summary pane, double-click the device to display the interfaces.

Step 3 Click the slot to display the list of interfaces.

Step 4 Click the interface.

The system highlights the interface in the Summary pane, and tabs appear in the Details pane.

Step 5 In the Details pane, click the Port Details tab.

Step 6 Expand the Port Mode Settings section.

Step 7 From the Autostate exclude drop-down list, choose Enabled or Disabled to bring up or down the SVI calculation and apply it to all VLANs that are enabled on the selected port.


You can configure SVI Autostate Exclude on a port channel (see Figure 3-6).

Figure 3-6 SVI Port Channel

DETAILED STEPS


Step 1 From the Feature Selector pane, choose Interfaces > Logical > Port Channel to open the Port Channel pane.

Step 2 From the Summary pane, double-click the device to display the interfaces.

Step 3 Click the slot to display the list of interfaces.

Step 4 Click the interface.

The system highlights the interface in the Summary pane, and tabs appear in the Details pane.

Step 5 From the Port Channel Details tab, expand the Common Settings section.

Step 6 From the Autostate exclude drop-down list, choose Enabled or Disabled to bring up or down the SVI calculation and apply it to all VLANs that are enabled on the selected port.


Configuring the Device to Tag Native VLAN Traffic

When you are working with 802.1Q trunked interfaces, you can maintain the tagging for all packets that enter with a tag that matches the value of the native VLAN ID and drops all untagged traffic (you will still carry control traffic on that interface). This feature applies to the entire device; you cannot apply it to selected VLANs on a device.


Note If you enable 802.1Q tagging on one device and disable it on another device, all traffic is dropped on the device with this feature disabled. You must configure this feature identically on each device.


You use the VLAN pane to configure the device to maintain the tagging for all native VLANs for all trunking ports (see Figure 3-7).

Figure 3-7 VLAN Pane, Global Settings

DETAILED STEPS


Step 1 From the Feature Selector pane, choose Switching > VLAN to open the VLAN pane.

Step 2 In the Summary pane, click the Device View tab.

Step 3 Click the device that you want to configure.

The system highlights the device in the Summary pane, and tabs appear in the Details pane.

Step 4 In the Details pane, click the Global Settings tab.

Step 5 From the Dot1Q Native Tag drop-down list, choose Enabled to configure the device to maintain the 802.1q tag on the native VLAN for all trunking ports.

The default is disabled.

Step 6 From the menu bar, choose File > Deploy to apply your changes to the device.


Monitoring the Layer 2 Interfaces

To display statistical information, you can create the following charts, which appear in the Statistics tab:

Traffic Statistics Chart—Displays information about ports, including unicast, multicast, discards, and so forth.

Error Counters Chart—Displays errors about the access or trunk interface, including alignments, collisions, runts, giants, and so forth.

SFP Diagnostic Chart—Displays diagnostic information about the SFP transceivers that are connected to this device.

Trunk Statistics Chart—Displays information about the trunk when you select a trunk port, including unicast, multicast, and so forth.

SOLM Statistics Chart—Displays data about the received and transmitted traffic for unicast and multicast.


Note The SOLM Statistics Chart is applicable only for the Cisco Nexus 4000 platform, beginning with the Cisco DCNM 4.2(3) release.


FIP Statistics Chart - Displays FIP statistics for the selected Ethernet interface.

See the Fundamentals Configuration Guide, Cisco DCNM for LAN, Release 5.x , for more information on collecting statistics for this feature.

Field Descriptions

The field descriptions for the fields discussed in this chapter are in Chapter 2 "Configuring Basic Interface Parameters."

Additional References

For additional information related to implementing access and trunk port modes, see the following sections:

Related Documents

Standards

MIBs

Related Documents

Related Topic
Document Title

Configuring Layer 3 interfaces

Chapter 4 "Configuring Layer 3 Interfaces"

Port channels

Chapter 5 "Configuring Port Channels"

VLANs, private VLANs, STP

Layer 2 Switching Configuration Guide, Cisco DCNM for LAN, Release 5.x

Interfaces

Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x

System management

Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x

High availability

Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x

VDCs

Virtual Device Context Configuration Guide, Cisco DCNM for LAN, Release 5.x

Licensing

Cisco DCNM Installation and Licensing Guide, Release 5.x

Release Notes

Cisco DCNM Release Notes, Release 5.x


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

BRIDGE-MIB

IF-MIB

CISCO-IF-EXTENSION-MIB

ETHERLIKE-MIB

To locate and download MIBs, go to the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


Feature History for Configuring Layer 2 Interfaces

Table 3-2 lists the release history for this feature.

Table 3-2 Feature History for Configuring Layer 2 Interfaces 

Feature Name
Releases
Feature Information

Layer 2 interfaces

4.0(1)

This feature was introduced.

SFP Diagnostic and SOLM Statical charts

4.2(3)

This feature was introduced.