The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Information About VXLAN
VXLAN has the following prerequisites:
The following table lists the default settings for VXLAN parameters.
Parameter |
Default |
---|---|
VXLAN |
Disabled |
Configuring VXLAN
To enable a VXLAN, you must to perform the following two procedures when first configuring VXLAN.
The following example shows how to configure a vmknic for VXLAN encapsulation.
switch# configure terminal switch(config)# port-profile vmknic-pp switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode access switch(config-port-prof)# switchport access vlan 100 switch(config-port-prof)# capability vxlan switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show port-profile vmknic-pp switch(config-port-prof)# copy running-config startup-config
The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic.
Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or later. If the feature level is not 4.2(1)SV1(5.1) or later, see the Cisco Nexus 1000V Installation and Upgrade Guide.
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
Step 2 | switch(config)# feature segmentation | Enables the VXLAN feature. |
Step 3 | switch(config)# show feature | grep segmentation | (Optional) Displays if the VXLAN feature is enabled. |
Step 4 | switch(config)# show processes | grep seg_bd | (Optional) Displays if the VXLAN process is running. |
Step 5 | switch(config)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
The following example shows enabling the segmentation feature.
switch# configure terminal switch(config)# feature segmentation switch(config)# show feature | grep segmentation network-segmentation 1 disabled segmentation 1 enabled switch(config)# show processes | grep seg_bd 4166 S b7de9468 1 - seg_bd switch(config)# copy running-config startup-config
You are limited to creating a combination of 2048 VXLANs and VLANs.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
||
Step 2 | switch(config)# bridge domain name-string | Creates a VXLAN and associates an identifying name to it. |
||
Step 3 | switch(config-bd)# segment id [number] | Specifies the VXLAN Segment ID. Only one Bridge Domain can use a particular segment id value. Valid values are 4096 to 16777215. (1 - 4095 are reserved for VLANs.) |
||
Step 4 | switch(config-bd)# group ipaddr | Associates the multicast group for broadcasts and floods.
|
||
Step 5 | switch(config-bd)# show bridge-domain name-string | (Optional) Displays bridge domain information. |
||
Step 6 | switch(config-bd)# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
The following example shows how to create a VXLAN.
switch# configure terminal switch(config)# bridge-domain tenant-red switch(config-bd)# segment id 2048 switch(config-bd)# group 239.1.1.1 switch(config-bd)# show bridge-domain tenant-red switch(config-bd)# copy running-config startup-config
Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing vEthernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
||
Step 2 | switch(config)# port-profile [type {ethernet | vethernet}] name | Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:
|
||
Step 3 | switch(config-port-prof)# vmware port-group [pg_name] | Designates the port profile as a VMware port group. The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server. |
||
Step 4 | switch(config-port-prof)# switchport mode access | Designates that the interfaces are to be used as a trunking ports. A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs. |
||
Step 5 | switch(config-port-prof)# switchport access bridge-domain | Assigns a VXLAN bridge domain to this port profile. |
||
Step 6 | switch(config-port-prof)# no shutdown | Administratively enables all ports in the profile. |
||
Step 7 | switch(config-port-prof)# state enabled | Sets the operational state of a port profile. |
||
Step 8 | switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name] | (Optional) Displays the configuration for verification. |
||
Step 9 | switch(config-port-prof)# show running-config bridge-domain | (Optional) Displays the segmentation configuration. |
||
Step 10 | switch(config-port-prof)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
Creating a port profile configured to use a VXLAN .
switch# configure terminal switch(config)# port-profile tenant-profile switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode access switch(config-port-prof)# switchport access bridge-domain tenant-red switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show port-profile name tenant-profile switch(config-port-prof)# show running-config bridge-domain switch(config-port-prof)# copy running-config startup-config
Executing this procedure moves the ports to the default VLAN.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
||
Step 2 | switch(config)# port-profile [type {ethernet | vethernet}] name | Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:
|
||
Step 3 | switch(config-port-prof)# no switchport access bridge-domain | Removes the VXLAN bridge domain from this port profile. |
||
Step 4 | switch(config-port-prof)# show port-profile usage | (Optional) Displays a list of interfaces that inherited a port profile. |
||
Step 5 | switch(config-port-prof)# show bridge-domain | (Optional) Displays all bridge domains. |
||
Step 6 | switch(config-port-prof)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to remove ports from a VXLAN.
switch# configure terminal switch(config)# port-profile tenant-profile switch(config-port-prof)# no switchport access bridge-domain tenant-red switch(config-port-prof)# show port-profile usage switch(config-port-prof)# show bridge-domain switch(config-port-prof)# copy running-config startup-config
Deleting an existing bridge domain with ports on it moves all the ports to a down state. Traffic stops flowing.
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
Step 2 | switch(config)# no bridge-domain group-red | Deletes a VXLAN. |
Step 3 | switch(config-bd)# show bridge-domain | (Optional) Displays all bridge domains. |
Step 4 | switch(config-bd)# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
This example shows how to delete a VXLAN.
switch# configure terminal switch(config)# no bridge-domain switch(config)# show bridge-domain switch(config)# copy running-config startup-config
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
||
Step 2 | switch(config)# show bridge-domain | Displays all bridge domains.
|
||
Step 3 | switch(config)# show running port-profile | (Optional) Displays the running configuration for all port-profiles.
|
||
Step 4 | switch(config)# port-profile name | Names the port profile and enters port profile configuration mode. If the port profile does not already exist, it is created using the following characteristics: name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
|
||
Step 5 | switch(config-port-prof)# no switchport access bridge-domain name-string | Removes the VXLAN bridge domain from this port profile. |
||
Step 6 | switch(config-port-prof)# show port-profile usage | (Optional) Displays a list of interfaces that inherited a port profile. |
||
Step 7 | switch(config-port-prof)# show bridge-domain | (Optional) Displays all bridge domains. |
||
Step 8 | switch(config-port-prof)# no feature segmentation | Removes the segmentation feature. |
||
Step 9 | switch(config-port-prof)# show processes | grep seg_bd | (Optional) Displays the processes to determine that the segmentation feature is not running. |
||
Step 10 | switch(config-port-prof)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
The following example shows how to disable segmentation.
switch# configure terminal switch(config)# show bridge-domain switch(config)# show running port-profile switch(config)# port-profile tenant-profile switch(config-port-prof)# no switchport access bridge-domain tenant-red switch(config-port-prof)# show port-profile usage switch(config-port-prof)# show bridge-domain switch(config-port-prof)# no feature segmentation switch(config-port-prof)# show processes | grep seg_bd switch(config-port-prof)# copy running-config startup-config
To display the VXLAN configuration information, enter one of the following commands:
Command |
Purpose |
---|---|
show processes | grep seg_bd |
Displays that the VXLAN process is running. |
show bridge-domain |
Displays all bridge domains. |
show interface brief |
Displays a short version of the interface configuration. |
show interface switchport |
Displays information about switchport interfaces. |
switch(config)# show processes | grep seg_bd - NR - 1 - seg_bd
switch(config)# show bridge-domain Bridge-domain tenant-red (2 port in all) Segment ID: 5000 (manual/Active Group IP: 239.1.1.1 - NR - 1 - seg_bd
switch(config)# show interface brief --------------------------------------------------------------------- Port VRF Status IP Address Speed MTU --------------------------------------------------------------- mgmt 0 -- up 172.23.233.117 1000 1500 ------------------------------------------------------------------- Ethernet VLAN Type Mode Status Reason Speed Port Interface Ch # --------------------------------------------------------------------- Eth3/5 1 eth trunk up none 1000 --------------------------------------------------------------------- Vehternet VLAN Type Mode Status Reason Speed --------------------------------------------------------------------- Veth1 -- virt access up none auto Veth1 -- virt access up none auto Veth1 100 virt access up none auto --------------------------------------------------------------------- Port VRF Status IP Address Speed MTU control0 -- up -- 1000 1500 switch#(config)#
switch(config)# show interface switchport Name: Ethernet3/5 Switchport: Enabled Switchport Monitor: Not enabled Operational Mode: Trunk Access Mode VLAN: 1 (default) Trunking Native Mode: trunk Trunking VLANs Enabled: 180-181,231-233,571-574 Administrative private-vlan primary host-association: none Administrative private-vlan secondary host-association: none Administrative private-vlan primary mapping: none Administrative private-vlan secondary mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: Operational private-vlan: none ifindex 0x1c000000 swbd 4096 Name Vethernet1 Switchport: Enabled Switchport Monitor: Not enabled Operational Mode: access Access Mode VLAN: 0 (none) Access BD name: tenant-red Trunking Native ModeVLAN: 1 (default) Trunking VLANs Enabled: 1-3967,4048-4093 Administrative private-vlan primary host-association: none Administrative private-vlan secondary host-association: none Administrative private-vlan primary mapping: none Administrative private-vlan secondary mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: Operational private-vlan: none
Feature Name |
Releases |
Feature Information |
---|---|---|
VXLAN |
4.2(1)SV1(5.1) | Introduced the Virtual Extensible Local Area Network (VXLAN) feature. |