Table Of Contents
Configuring VLANs
Information About VLANs
VLANs Overview
VLAN Ranges
Creating, Deleting, and Modifying VLANs
High Availability
Virtualization Support
Licensing Requirements for VLANs
Prerequisites for Configuring VLANs
Guidelines and Limitations
Configuring a VLAN
Creating and Deleting a VLAN
Entering the VLAN Configuration Submode
Configuring the VLAN
Verifying VLAN Configuration
Displaying and Clearing Statistics
VLAN Example Configuration
Default Settings
Additional References
Related Documents
Standards
MIBs
Configuring VLANs
This chapter describes how to configure virtual LANs (VLANs) on NX-OS devices.
This chapter includes the following topics:
•
Information About VLANs
•Licensing Requirements for VLANs
•Prerequisites for Configuring VLANs
•Guidelines and Limitations
•Configuring a VLAN
•Verifying VLAN Configuration
•Displaying and Clearing Statistics
•VLAN Example Configuration
•Default Settings
•Additional References
Note For information about private VLANs, see Chapter 4, "Configuring Private VLANs."
Information About VLANs
You can use VLANsto divide the network into separate logical areas at the Layer 2 level. VLANs can also be considered as broadcast domains.
Any switch port can belong to a VLAN, and, unicast broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a bridge or a router.
This section includes the following topics:
•VLANs Overview
•VLAN Ranges
•Creating, Deleting, and Modifying VLANs
•High Availability
•Virtualization Support
VLANs Overview
Note VLAN Trunking Protocol (VTP) mode is OFF. VTP protocol data units (PDUs) are dropped on all device interfaces, which partitions VTP domains if other devices have VTP turned on.
A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.
Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.
Figure 3-1 shows VLANs as logical networks. In this diagram, the stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to another VLAN.
Figure 3-1 VLANs as Logically Defined Networks
VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.
By default, a newly created VLAN is operational; that is, the newly created VLAN is in the no shutdown condition. Additionally, you can configure VLANs to be in the active state, which is passing traffic, or the suspended state, in which the VLANs are not passing packets. By default, the VLANs are in the active state and pass traffic.
A VLAN interface, or switched virtual interface (SVI), is a Layer 3 interface that is created to provide communication between VLANs. In order to route traffic between VLANs, you must create and configure a VLAN interface for each VLAN. Each VLAN requires only one VLAN interface.
Note See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 4.0 for complete information on configuring VLAN interfaces, and subinterfaces, as well as assigning IP addresses. This feature must be enabled before you can configure VLAN interfaces.
VLAN Ranges
Note The extended system ID is always automatically enabled in NX-OS devices.
The device supports up to 4094 VLANs in accordance with the IEEE 802.1Q standard in each VDC. The software organizes these VLANs into ranges, and you use each range slightly differently.
Table 3-1 describes the VLAN ranges.
Table 3-1 VLAN Ranges
VLANs Numbers
|
Range
|
Usage
|
1
|
Normal
|
Cisco default. You can use this VLAN, but you cannot modify or delete it.
|
2-1005
|
Normal
|
You can create, use, modify, and delete these VLANs.
|
1006-4094
|
Extended
|
You can create, name, and use these VLANs. You cannot change the following parameters:
•The state is always active.
•The VLAN is always enabled. You cannot shut down these VLANs.
|
3968-4047 and 4094
|
Internally allocated
|
These 80 VLANs, and VLAN 4094, are allocated for internal device use. You cannot create, delete, or modify any VLANs within the block reserved for internal use.
|
Note VLANs 3968 to 4047 and 4094 are reserved for internal use in each VDC; you cannot change or use these VLANs.
The software allocates a group of 80 VLAN numbers for those features, like multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs 3968 to 4047 for internal use. VLAN 4094 is also reserved for internal use by the device.
Note See the Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 4.0 for information about multicasting and the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.0 book for information about diagnostics.
You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.
Creating, Deleting, and Modifying VLANs
Note By default, all NX-OS ports are Layer 3 ports.
VLANs are numbered from 1 to 4094 for each VDC. All ports that you have configured as switch ports belong to the default VLAN when you first bring up the switch as a Layer 2 device. The default VLAN (VLAN1) uses only default values, and you cannot create, delete, or suspend activity in the default VLAN.
You create a VLAN by assigning a number to it; you can delete VLANs and move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the device goes into the VLAN submode but does not create the same VLAN again.
Newly created VLANs remain unused until Layer 2 ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.
Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):
•VLAN name
•VLAN state
•Shutdown or not shutdown
Note See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 4.0 for information on configuring ports as VLAN access or trunk ports and assigning ports to VLANs.
When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. When you delete a specified VLAN from a trunk port, only that VLAN is shut down and traffic continues to flow on all the other VLANs through the trunk port.
However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or re-create, that specified VLAN, the system automatically reinstates all the original ports to that VLAN. The static MAC addresses and aging time for that VLAN are not restored when the VLAN is reenabled.
Note Commands entered in the VLAN configuration submode are immediately executed.
Note VLANs 3968 to 4047 and 4094 are reserved for internal use in each VDC; you cannot change or use these VLANs.
High Availability
The software supports high availability for both stateful and stateless restarts, as during a cold reboot, for VLANs. For the stateful restarts, The software supports a maximum of three retries; if you try more than 3 times within 10 seconds of a restart, the software reloads the supervisor module.
You can upgrade or downgrade the software seamlessly, with respect to VLANs.
Note See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 4.0 for complete information on high availability features.
Virtualization Support
The software supports virtual device contexts (VDCs), and VLAN configuration and operation are local to the VDC.
Note See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.0 for complete information on VDCs and assigning resources.
Each VLAN must have all of its ports in the same VDC. If you do not have enough resources allocated to the VDC, the software returns an error message.
When you create a new VDC, the device automatically creates a new default VLAN, VLAN1, and internally reserves VLANs 3968 to 4047 and 4094 for device use.
You can re-use the same numbers for VLANs in different VDCs.
One or more VLANs can be associated with a role to either allow or disallow the user to configure it. When a VLAN is associated with a role, the corresponding interfaces will also be subjected to the same check. For instance, if a role is allowed to access VLAN1, then that role also has access to the interfaces that have that VLAN. If an interface does not have the VLAN associated with a role, that interface is not accessible to that role.
Licensing Requirements for VLANs
The following table shows the licensing requirements for this feature:
Product
|
License Requirement
|
NX-OS
|
VLANs require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the NX-OS licensing scheme, see the Cisco Nexus 7000 Series NX-OS Licensing Guide, Release 4.0.
|
However, using VDCs requires an Advanced Services license.
Prerequisites for Configuring VLANs
The following are prerequisites for configuring VLANs:
•You must be logged onto the device.
•If necessary, install the Advanced Services license and enter the desired VDC. Ensure that you have allocated enough resources for that VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.0 for information on creating VDCs and allocating resources.
•You must create the VLAN before you can do any modification of that VLAN.
Guidelines and Limitations
Follow these guidelines and limitations when configuring VLANs:
•The maximum number of VLANs per VDC is 4094.
•You can reuse VLAN IDs numbers in different VDCs. For example, you can have VLAN10 in the default VDC and a completely separate VLAN10 in a newly created VDC, such as VDC 2.
•You can configure a single VLAN or a range of VLANs.
•You cannot create, modify, or delete any VLANs that are within the group of VLANs reserved for internal use.
•VLAN1 is the default VLAN. You cannot create, modify, or delete this VLAN.
•VLANs 1006 to 4094 are always in the active state and are always enabled. You cannot suspend the state or shut down these VLANs.
Configuring a VLAN
This section includes the following topics:
•Creating and Deleting a VLAN
•Entering the VLAN Configuration Submode
•Configuring the VLAN
Note See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 4.0 for information on assigning Layer 2 interfaces to VLANs (access or trunk ports). All interfaces are in VLAN1 by default.
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Creating and Deleting a VLAN
You can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the device.
Once a VLAN is created, it is automatically in the active state.
Note When you delete a VLAN, ports associated to that VLAN shut down. Therefore, no traffic flows and the packets are dropped. On trunk ports, the port remains open and the traffic from all other VLANs except the deleted VLAN continues to flow.
If you create a range of VLANs and some of these VLANs cannot be created, the software returns a message listing the failed VLANs, and all the other VLANs in the specified range are created.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or enter the switchto vdc command). You can repeat VLAN names and IDs in different VDCs, so you must confirm that you are working in the correct VDC.
SUMMARY STEPS
1. config t
2. vlan {vlan-id | vlan-range}
3. exit
4. show vlan
5. copy running-config startup-config
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
vlan {vlan-id | vlan-range}
Example:
switch(config)# vlan 5
switch(config-vlan)#
|
Creates a VLAN or a range or VLANs. If you enter a number that is already assigned to a VLAN, the device puts you into the VLAN configuration submode for that VLAN. If you enter a number that is assigned to an internally allocated VLAN, the system returns an error message. However, if you enter a range of VLANs and one or more of the specified VLANs is outside the range of internally allocated VLANs, the command takes effect on only those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and cannot be created or deleted. You cannot create or delete those VLANs that are reserved for internal use.
|
Step 3
|
exit
Example:
switch(config-vlan)# exit
switch(config)#
|
Exits the VLAN mode.
|
Step 4
|
show vlan
Example:
switch# show vlan
|
(Optional) Displays information and status of VLANs.
|
Step 5
|
copy running-config startup-config
Example:
switch(config)# copy running-config
startup-config
|
(Optional) Copies the running configuration to the startup configuration.
|
This example shows how to create a range of VLANs from 15 to 20:
switch(config)# vlan 15-20
Note You can also create and delete VLANs in the VLAN configuration submode.
Entering the VLAN Configuration Submode
To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:
•Name
•State
•Shut down
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or enter the switchto vdc command). You can repeat VLAN names and IDs in different VDCs, so you must confirm that you are working in the correct VDC.
SUMMARY STEPS
1. config t
2. vlan {vlan-id | vlan-range}
3. exit
4. show vlan
5. copy running-config startup-config
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
vlan {vlan-id | vlan-range}
Example:
switch(config)# vlan 5
switch(config-vlan)#
|
Places you into the VLAN configuration submode. This submode allows you to name, set the state, disable, and shut down the VLAN or range of VLANs.
You cannot change any of these values for VLAN1 or the internally allocated VLANs. You can change only the name for VLANs 1006 to 4094.
|
Step 3
|
exit
Example:
switch(config-vlan)# exit
switch(config)#
|
Exits the VLAN configuration mode.
|
Step 4
|
show vlan
Example:
switch# show vlan
|
(Optional) Displays information and status of VLANs.
|
Step 5
|
copy running-config startup-config
Example:
switch(config)# copy running-config
startup-config
|
(Optional) Copies the running configuration to the startup configuration.
|
This example shows how to enter and exit the VLAN configuration submode:
switch(config-vlan)# exitswitch(config)#
Configuring the VLAN
To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:
•Name
•State
•Shut down
Note You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs; see the "VLAN Ranges" section for complete information.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or enter the switchto vdc command). VLAN names and IDs can be repeated in different VDCs, so you must confirm which VDC that you are working in.
SUMMARY STEPS
1. config t
2. vlan {vlan-id | vlan-range}
3. name vlan-name
4. state {active | suspend}
5. no shutdown
6. exit
7. show vlan
8. copy running-config startup-config
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
vlan {vlan-id | vlan-range}
Example:
switch(config)# vlan 5
switch(config-vlan)#
|
Places you into the VLAN configuration submode. If the VLAN does not exist, the system creates the specified VLAN and then enters the VLAN configuration submode.
|
Step 3
|
name vlan-name
Example:
switch(config-vlan)# name accounting
|
Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs. The default value is VLANxxxx where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number.
|
Step 4
|
state {active | suspend}
Example:
switch(config-vlan)# state active
|
Sets the state of the VLAN to active or suspend. While the VLAN state is suspended, the ports associated with this VLAN are shut down, and that VLAN does not pass any traffic. The default state is active. You cannot suspend the state for the default VLAN or VLANs 1006 to 4094.
|
Step 5
|
no shutdown
Example:
switch(config-vlan)# no shutdown
|
Enables the VLAN. The default value is no shutdown (or enabled). You cannot shut down the default VLAN, VLAN1, or VLANs 1006 to 4094.
|
Step 6
|
exit
Example:
switch(config-vlan)# exit
switch(config)#
|
Exits the VLAN configuration submode.
|
Step 7
|
show vlan
Example:
switch# show vlan
|
(Optional) Displays information and status of VLANs.
|
Step 8
|
copy running-config startup-config
Example:
switch(config)# copy running-config
startup-config
|
(Optional) Copies the running configuration to the startup configuration.
|
This example shows how to configure optional parameters for VLAN 5:
switch(config-vlan)# name accounting
switch(config-vlan)# state active
switch(config-vlan)# no shutdown
switch(config-vlan)# exit
Verifying VLAN Configuration
To display VLAN configuration information, perform one of the following tasks:
Command
|
Purpose
|
show running-config vlan vlan-id
|
Displays VLAN information.
|
show vlan [all-ports | brief | id vlan-id | name name | dot1q tag native]
|
Displays VLAN information.
|
show vlan summary
|
Displays a summary of VLAN information.
|
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference, Release 4.0.
Displaying and Clearing Statistics
To display VLAN configuration information, perform one of the following tasks:
Command
|
Purpose
|
clear vlan [id vlan-id] counters
|
Clears counters for all VLANs or for a specified VLAN.
|
show vlan counters
|
Displays information on Layer 2 packets in each VLAN.
|
VLAN Example Configuration
The following example shows how to create and name a VLAN as well as how to make the state active and administratively up:
switch# configure terminal
switch(config-vlan)# name test
switch(config-vlan)# state active
switch(config-vlan)# no shutdown
switch(config-vlan)# exit
See the "Default Settings" section for information on default settings for VLANs.
Default Settings
Table 3-2 lists the default settings for VLAN parameters.
Table 3-2 Default VLAN Parameters
Parameters
|
Default
|
VLANs
|
Enabled
|
VLAN
|
VLAN1
A port is placed in VLAN1 when you configure it as a switch port.
|
VLAN ID
|
1
|
VLAN name
|
•Default VLAN (VLAN1)—default
•All other VLANs—VLANvlan-id
|
VLAN state
|
Active
|
STP
|
Enabled; Rapid PVST+ is enabled
|
Additional References
For additional information related to implementing VLANs, see the following sections:
•Related Documents
•Standards
•MIBs
Related Documents
Related Topic
|
Document Title
|
Private VLANs
|
Chapter 4, "Configuring Private VLANs"
|
Rapid PVST+
|
Chapter 5, "Configuring Rapid PVST+"
|
MST
|
Chapter 6, "Configuring MST"
|
STP Extensions
|
Chapter 7, "Configuring STP Extensions"
|
Command reference
|
Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference, Release 4.0
|
DCNM Layer 2 switching configuration
|
Cisco DCNM Layer 2 Switching Configuration Guide
|
Interfaces, VLAN interfaces, IP addressing, and port channels
|
Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 4.0
|
NX-OS fundamentals
|
Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 4.0
|
Multicast routing
|
Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 4.0
|
High availability
|
Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 4.0
|
System management
|
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.0
|
VDCs
|
Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.0
|
Licensing
|
Cisco Nexus 7000 Series NX-OS Licensing Guide, Release 4.0
|
Release notes
|
Cisco Nexus 7000 Series NX-OS Release Notes, Release 4.00
|
Standards
Standards
|
Title
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
—
|
MIBs
