Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide
Configuring Layer 2 Switching
Download this chapter
Configuring Layer 2 SwitchingConfiguring Layer 2 Switching
Download the complete book
Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration GuideCisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide (PDF - 3 MB)
 Feedback

Contents

Configuring Layer 2 Switching

This chapter describes how to configure Layer 2 switching using Cisco NX-OS.

This chapter includes the following sections:

Information About Layer 2 Switching


Note

See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, for information on creating interfaces.

You can configure Layer 2 switching ports as access or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. All Layer 2 switching ports maintain MAC address tables.


Note

See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, for complete information on high-availability features.

Layer 2 Ethernet Switching Overview

The device supports simultaneous, parallel connections between Layer 2 Ethernet segments. Switched connections between Ethernet segments last only for the duration of the packet. New connections can be made between different segments for the next packet.

The device solves congestion problems caused by high-bandwidth devices and a large number of users by assigning each device (for example, a server) to its own 10-, 100-, 1000-Mbps, or 10-Gigabit collision domain. Because each LAN port connects to a separate Ethernet collision domain, servers in a switched environment achieve full access to the bandwidth.

Because collisions cause significant congestion in Ethernet networks, an effective solution is full-duplex communication. Typically, 10/100-Mbps Ethernet operates in half-duplex mode, which means that stations can either receive or transmit. In full-duplex mode, which is configurable on these interfaces, two stations can transmit and receive at the same time. When packets can flow in both directions simultaneously, the effective Ethernet bandwidth doubles. 1/10-Gigabit Ethernet operates in full duplex only.

Switching Frames Between Segments

Each LAN port on a device can connect to a single workstation, server, or to another device through which workstations or servers connect to the network.

To reduce signal degradation, the device considers each LAN port to be an individual segment. When stations connected to different LAN ports need to communicate, the device forwards frames from one LAN port to the other at wire speed to ensure that each session receives full bandwidth.

To switch frames between LAN ports efficiently, the device maintains an address table. When a frame enters the device, it associates the media access control (MAC) address of the sending network device with the LAN port on which it was received.

Building the Address Table and Address Table Changes

The device dynamically builds the address table by using the MAC source address of the frames received. When the device receives a frame for a MAC destination address not listed in its address table, it floods the frame to all LAN ports of the same VLAN except the port that received the frame. When the destination station replies, the device adds its relevant MAC source address and port ID to the address table. The device then forwards subsequent frames to a single LAN port without flooding all LAN ports.

You can configure MAC addresses, which are called static MAC addresses, to statically point to specified interfaces on the device. These static MAC addresses override any dynamically learned MAC addresses on those interfaces. You cannot configure broadcast or multicast addresses as static MAC addresses. The static MAC entries are retained across a reboot of the device.

Beginning with Cisco NX-OS Release 4.1(5), you must manually configure identical static MAC addresses on both devices connected by a virtual port channel (vPC) peer link. The MAC address table display is enhanced to display information on MAC addresses when you are using vPCs.

See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for information about vPCs.

The address table can store a number of MAC address entries depending on the hardware I/O module. The device uses an aging mechanism, defined by a configurable aging timer, so if an address remains inactive for a specified number of seconds, it is removed from the address table.

See the Cisco Nexus 7000 Series NX-OS Security Command Reference for information on MAC port security.

Consistent MAC Address Tables on the Supervisor and on the Modules

Optimally, all the MAC address tables on each module exactly match the MAC address table on the supervisor. Beginning with Cisco NX-OS 4.1(2), when you enter the show forwarding consistency l2 command, the device displays discrepant, missing, and extra MAC address entries.

Layer 3 Static MAC Addresses

Beginning with Release 4.2, you can configure a static MAC address for all Layer 3 interfaces. The default MAC address for the Layer 3 interfaces is the VDC MAC address.

You can configure a static MAC address for the following Layer 3 interfaces:

  • Layer 3 interfaces
  • Layer 3 subinterfaces
  • Layer 3 port channels
  • VLAN network interface

Note

You cannot configure static MAC address on tunnel interfaces.

See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, for information on configuring Layer 3 interfaces.

High Availability for Switching

You can upgrade or downgrade the software seamlessly, with respect to classical Ethernet switching. Beginning with Release 4.2(1), if you have configured static MAC addresses on Layer 3 interfaces, you must unconfigure those ports in order to downgrade the software.


Note

See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, for complete information on high availability features.

Virtualization Support for Layer 2 Switching

The device supports virtual device contexts (VDCs), and the configuration and operation of the MAC address table are local to the VDC.


Note

See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for complete information on VDCs and assigning resources.

Licensing Requirements for Layer 2 Switching

This table shows the licensing requirements for this feature:

Product

License Requirement

Cisco NX-OS

Layer 2 switching require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

However, using VDCs requires an Advanced Services license.

Prerequisites for Configuring MAC Addresses

MAC addresses have the following prerequisites:

  • You must be logged onto the device.
  • If necessary, install the Advanced Services license and enter the desired VDC.

Guidelines and Limitations for Configuring MAC Addresses

MAC addresses have the following configuration guidelines and limitations:

MAC Address Table

Age Group

M1 Line Cards

128,000 entries

F1 Line Cards

16,000 to 256,000 entries

F2 and F2e Line Cards

16,000 to 192,000 entries

Beginning with NX-OS Release 6.0.1, the learning mode feature is supported. Learning mode has the following configuration guidelines and limitations:

Line Cards

Classic Ethernet (CE) Nonconversational Learning Supported

Classic Ethernet (CE) Conversational Learning Supported

Fabric Path Conversational Learning

Fabric Path Nonconversational Learning

M1

Yes

NA

NA

NA

F1

Yes

Yes

Yes

No

F2 and F2e

Yes

Yes

Yes

Yes, if the switch virtual interface (SVI) is configured.

Default Settings for Layer 2 Switching

This table lists the default setting for Layer 2 switching parameters.

Table 1 Default Layer 2 Switching Parameters

Parameters

Default

Aging time

1800 seconds
Beginning with NX-OS Release 6.0.1, the learning mode feature is supported. This table lists the default learning mode parameters.

Table 2 Default Learning Mode Parameters

Parameters

Default

Classic Ethernet (CE) VLAN

Nonconversational

Fabric Path VLANs

Conversational

Configuring Layer 2 Switching by Steps


Note

If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

Configuring a Static MAC Address

You can configure MAC addresses, which are called static MAC addresses, to statically point to specified interfaces on the device. These static MAC addresses override any dynamically learned MAC addresses on those interfaces. You cannot configure broadcast or multicast addresses as static MAC addresses.

Before You Begin

Before you configure static MAC addresses, ensure that you are in the correct VDC (or enter the switchto vdc command).

SUMMARY STEPS

    1.    config t

    2.    mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port} | port-channel number]}

    3.    exit

    4.    (Optional) show mac address-table static

    5.    (Optional) copy running-config startup-config


DETAILED STEPS
     Command or ActionPurpose
    Step 1 config t


    Example: 
    switch# config t
switch(config)#
     

    Enters configuration mode.

     
    Step 2 mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port} | port-channel number]}


    Example: 
    switch(config)# mac-address-table static 1.1.1 vlan 2 interface ethernet 1/2
     

    Specifies a static MAC address to add to the Layer 2 MAC address table.

     
    Step 3 exit


    Example: 
    switch(config)# exit
switch#
     

    Exits the configuration mode.

     
    Step 4 show mac address-table static


    Example: 
    switch# show mac address-table static
          		(Optional)

    Displays the static MAC addresses.

     
    Step 5 copy running-config startup-config


    Example: 
    switch# copy running-config startup-config
          		(Optional)

    Copies the running configuration to the startup configuration.

     

    This example shows how to put a static entry in the Layer 2 MAC address table:

    switch# config t
switch(config)# mac address-table static 1.1.1 vlan 2 interface ethernet 1/2
switch(config)#

    Configuring a Static MAC Address on a Layer 3 Interface

    Beginning with Release 4.2(1), you can configure static MAC addresses on Layer 3 interfaces. You cannot configure broadcast or multicast addresses as static MAC addresses.


    Note

    You cannot configure static MAC addresses on tunnel interfaces.

    See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, for information on configuring Layer 3 interfaces.

    Before You Begin

    Before you configure static MAC addresses, ensure that you are in the correct VDC (or enter the switchto vdc command).

    SUMMARY STEPS

      1.    config t

      2.    interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]

      3.    mac-address mac-address

      4.    exit

      5.    (Optional) show interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]

      6.    (Optional) copy running-config startup-config


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 config t


      Example: 
      switch# config t
switch(config)#
       

      Enters configuration mode.

       
      Step 2 interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]


      Example: 
      switch(config)# interface ethernet 7/3
       

      Specifies the Layer 3 interface and enters the interface configuration mode.

      Note   

      You must create the Layer 3 interface before you can assign the static MAC address.

       
      Step 3 mac-address mac-address


      Example: 
      switch(config-if)# mac-address 21ab.47dd.ff89
switch(config-if)#
       

      Specified a static MAC address to add to the Layer 3 interface.

       
      Step 4 exit


      Example: 
      switch(config-if)# exit
switch(config)#
       

      Exits the interface mode.

       
      Step 5 show interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]


      Example: 
      switch# show interface ethernet 7/3
              		(Optional)

      Displays information about the Layer 3 interface.

       
      Step 6 copy running-config startup-config


      Example: 
      switch# copy running-config startup-config
              		(Optional)

      Copies the running configuration to the startup configuration.

       

      This example shows how to configure the Layer 3 interface on slot 7, port 3 with a static MAC address: 

      switch# config t
switch(config)# interface ethernet 7/3
switch(config-if)# mac-address 21ab.47dd.ff89
switch(config-if)#

      Configuring the Aging Time for the MAC Table

      You can configure the amount of time that a MAC address entry (the packet source MAC address and port on which that packet was learned) remains in the MAC table, which contains the Layer 2 information.


      Note

      You can also configure the MAC aging time in interface configuration mode or VLAN configuration mode.

      Before You Begin

      Before you configure the aging time for the MAC table, ensure that you are in the correct VDC (or enter the switchto vdc command).

      SUMMARY STEPS

        1.    config t

        2.    mac address-table aging-time seconds [vlan vlan_id]

        3.    exit

        4.    (Optional) show mac address-table aging-time

        5.    (Optional) copy running-config startup-config


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 config t


        Example: 
        switch# config t
switch(config)#
         

        Enters configuration mode.

         
        Step 2 mac address-table aging-time seconds [vlan vlan_id]


        Example: 
        switch(config)# mac address-table aging-time 600
         

        Specifies the time before an entry ages out and is discarded from the Layer 2 MAC address table. The range is from 120 to 918000; the default is 1800 seconds. Entering the value 0 disables the MAC aging.

         
        Step 3 exit


        Example: 
        switch(config)# exit
switch#
         

        Exits the configuration mode.

         
        Step 4 show mac address-table aging-time


        Example: 
        switch# show mac address-table aging-time
                  		(Optional)

        Displays the aging time configuration for MAC address retention.

         
        Step 5 copy running-config startup-config


        Example: 
        switch# copy running-config startup-config
                  		(Optional)

        Copies the running configuration to the startup configuration.

         

        This example shows how to set the ageout time for entries in the Layer 2 MAC address table to 600 seconds (10 minutes):

        switch# config t 
switch(config)# mac address-table aging-time 600
switch(config)#

        Configuring Learning Mode for VLANs

        Beginning with NX-OS Release 6.0.1, configuring the learning mode for VLANs is supported. Based on the learning mode configured, the Cisco NX-OS software can install MACs in hardware either conversationally or nonconversationally.

        Before You Begin

        Before you configure the learning mode for VLANs, ensure that you are in the correct VDC (or enter the switchto vdc command).

        SUMMARY STEPS

          1.    config t

          2.    mac address-table learning-mode conversational vlan-range of CE-vlans

          3.    exit


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 config t


          Example: 
          switch# config t
switch(config)#
           

          Enters configuration mode.

           
          Step 2 mac address-table learning-mode conversational vlan-range of CE-vlans


          Example: 
          switch(config)# mac address-table learning-mode conversational vlan1
           

          Specifies the learning mode for the Layer 2 MAC address table. The options are conversational learning and nonconversational learning.

           
          Step 3 exit


          Example: 
          switch(config)# exit
switch#
           

          Exits the configuration mode.

           

          This example shows how to set the ageout time for entries in the Layer 2 MAC address table to 600 seconds (10 minutes):

          switch# config t 
switch(config)# mac address-table learning-mode conversational vlan1
switch(config)# end
switch(config)# show mac address-table learning-mode

          Checking Consistency of MAC Address Tables

          Beginning with Release 4.1(2). you can check the match between the MAC address table on the supervisor and all the modules.

          SUMMARY STEPS

            1.    show forwarding consistency l2 {module_number}


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 show forwarding consistency l2 {module_number}


            Example: 
            switch# show forwarding consistency l2 7
switch#
             

            Displays the discrepant, missing, and extra MAC addresses between the supervisor and the specified module.

             

            This example shows how to display discrepant, missing, and extra entries in the MAC address tables between the supervisor and the specified module: 

            switch# show forwarding consistency l2 7
switch#

            Clearing Dynamic Addresses from the MAC Table

            You can clear all dynamic Layer 2 entries in the MAC address table.

            Before You Begin

            Before you clear the dynamic MAC table, ensure that you are in the correct VDC (or enter the switchto vdc command).

            SUMMARY STEPS

              1.    clear mac address-table dynamic {address mac_addr} {interface [ethernet slot/port | loopback number | port-channel channel-number]} {vlan vlan_id}

              2.    (Optional) show mac address-table


            DETAILED STEPS
               Command or ActionPurpose
              Step 1 clear mac address-table dynamic {address mac_addr} {interface [ethernet slot/port | loopback number | port-channel channel-number]} {vlan vlan_id}


              Example: 
              switch# clear mac address-table dynamic
               

              Clears the dynamic address entries from the MAC address table in Layer 2.

               
              Step 2 show mac address-table


              Example: 
              switch# show mac address-table
                              		(Optional)

              Displays the MAC address table.

               

              This example shows how to clear the dynamic entries in the Layer 2 MAC address table:

              switch# clear mac address-table dynamic
switch#

              Verifying the Layer 2 Switching Configuration

              To display Layer 2 switching configuration information, perform one of the following tasks:

              Command

              Purpose

              show mac address-table

              Displays information about the MAC address table.

              show mac address-table aging-time

              Displays information about the aging time set for the MAC address entries.

              show mac address-table static

              Displays information about the static entries on the MAC address table.

              show interface [interface] mac-address

              Displays the MAC addresses and the burn-in MAC address for the interfaces.

              show forwarding consistency l2 {module}

              Displays discrepant, missing, and extra MAC addresses between the tables on the module and the supervisor.

              For information on the output of these commands, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference.

              Configuration Example for Layer 2 Switching

              The following example shows how to add a static MAC address and how to modify the default global aging time for MAC addresses: 

              switch# configure terminal
switch(config)# mac address-table static 0000.0000.1234 vlan 10 interface ethernet 2/15
switch(config)# mac address-table aging-time 120

              Additional References for Layer 2 Switching -- CLI Version

              Related Documents

              Related Topic

              Document Title

              Port security, static MAC addresses

              Cisco Nexus 7000 Series NX-OS Security Configuration Guide

              Interfaces

              Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide

              Command reference

              Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference

              High availability

              Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide

              VDCs

              Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide

              System management

              Cisco Nexus 7000 Series NX-OS System Management Configuration Guide

              Licensing

              Cisco NX-OS Licensing Guide

              Release Notes

              Cisco Nexus 7000 Series NX-OS Release Notes

              Standards

              Standards

              Title

              No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

              Feature History for Configuring Layer 2 Switching -- CLI Version

              This table lists the release history for this feature.

              Table 3 Feature History for Configuring Layer 2 Switching

              Feature Name

              Releases

              Feature Information

              Learning mode for VLANs

              6.0(1)

              You can configure conversational or nonconversational learning mode for VLANs.

              Layer 3 interface static MAC addresses

              4.2(1)

              You can configure a Layer 3 interface with a static MAC address.

              show mac address-table

              4.1(2)

              This display provides additional information when vPC is enabled and running.

              Layer 2 consistency

              4.1(2)

              The show forwarding consistency l2 command displays inconsistent entries on the MAC address table between the modules.