- address (NAT pool)
- bandwidth (interface)
- channel-group (Ethernet)
- cdp enable
- clear ip nat translation
- copy running-config startup-config
- delay (interface)
- delay restore
- description (interface)
- dual-active exclude interface-vlan
- encapsulation dot1Q
- feature vpc
- interface ethernet
- interface ethernet (Layer 3)
- interface loopback
- interface port-channel
- interface vlan
- ip nat
- ip nat inside source list
- ip nat inside source static
- ip nat outside source list
- ip nat outside source static
- ip nat pool
- ip nat translation
- lacp min-links
- lacp port-priority
- lacp rate fast
- lacp system-priority
- lldp (interface)
- no switchport
- peer-keepalive
- port-channel load-balance ethernet
- role
- show interface brief
- show interface capabilities
- show interface debounce
- show interface ethernet
- show interface loopback
- show interface port-channel
- show interface mac-address
- show interface status err-disabled
- show interface switchport
- show interface transceiver
- show ip nat statistics
- show ip nat translation
- show lacp
- show module
- show port-channel capacity
- show port-channel compatibility-parameters
- show port-channel database
- show port-channel load-balance
- show port-channel summary
- show port-channel traffic
- show port-channel usage
- show resource
- show running-config interface
- show running-config nat
- show tech-support port-channel
- show version
- show vpc brief
- show vpc consistency-parameters
- show vpc orphan-ports
- show vpc peer-keepalive
- show vpc role
- show vpc statistics
- shutdown
- speed (Ethernet)
- switchport host
- switchport mode
- switchport trunk allowed vlan
- ttag
- ttag-marker
- ttag-marker-interval
- udld (configuration mode)
- udld (Ethernet)
- vpc
- vpc domain
- vpc peer-link
Interfaces Commands
This chapter describes the Cisco NX-OS interfaces commands available on the Cisco Nexus 3548 switches.
Note
The internal CLI commands are not supported on the Cisco Nexus Series switches.
address (NAT pool)
To define a range of IP addresses for a dynamic NAT pool, use the address command. To remove a defined range of IP addresses, use the no form of this command.
Syntax Description
Specifies the starting IP address for the range of addresses in the pool. |
|
Specifies the ending IP address for the range of addresses in the pool. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can create a NAT pool by either defining the range of IP addresses in a single ip nat pool command or by using the ip nat pool and address commands.
Dynamic NAT allows the configuration of a pool of global addresses that can be used to dynamically allocate global address from the pool for every new translation. The addresses are returned to the pool after the session ages out or is closed. This allows for a more efficient use of addresses based on requirements.
Support for PAT includes the use of the global address pool. This further optimizes IP address utilization. PAT exhausts one IP address at a time with the use of port numbers. If no port is available from the appropriate group and more than one IP address is configured, PAT moves to the next IP address and tries to allocate the original source port again. This process continues until PAT runs out of available ports and IP addresses.
Examples
This example shows how to create a NAT pool and define the range of global IP addresses using the ip nat pool and address commands:
Related Commands
|
|
|
|---|---|
bandwidth (interface)
To set the inherited and received bandwidth values for an interface, use the bandwidth command. To restore the default values, use the no form of this command.
bandwidth { kbps | inherit [ kbps ]}
no bandwidth { kbps | inherit [ kbps ]}
Syntax Description
Informational bandwidth in kilobits per second. Valid values are from 1 to 10000000. |
|
(Optional) Specifies that the bandwidth be inherited from the parent interface. |
Command Default
Command Modes
Interface configuration mode
Subinterface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
The bandwidth command sets an informational parameter to communicate only the current bandwidth to the higher-level protocols; you cannot adjust the actual bandwidth of an interface using this command.
The bandwidth inherit command controls how a subinterface inherits the bandwidth of its main interface.
The no bandwidth inherit command enables all subinterfaces to inherit the default bandwidth of the main interface, regardless of the configured bandwidth. If a bandwidth is not configured on a subinterface, and you use the bandwidth inherit command, all subinterfaces will inherit the current bandwidth of the main interface. If you configure a new bandwidth on the main interface, all subinterfaces will use this new value.
If you do not configure a bandwidth on the subinterface and you configure the bandwidth inherit command on the main interface, the subinterfaces will inherit the specified bandwidth.
In all cases, if an interface has an explicit bandwidth setting configured, then that interface will use that setting, regardless of whether the bandwidth inheritance setting is in effect.
Examples
This example shows how to configure the bandwidth for a Layer 2 interface:
This example shows how to configure subinterfaces to inherit the bandwidth from the parent routed interface:
Related Commands
|
|
|
|---|---|
channel-group (Ethernet)
To assign and configure a physical interface to an EtherChannel, use the channel-group command. To remove the channel group configuration from the interface, use the no form of this command.
channel-group number [ force ] [ mode { active | on | passive }]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use this command to create a channel group that includes the interface that you are working on and to add or remove specific interfaces from the channel group. Use this command to move a port from one channel group to another. You enter the channel group that you want the port to move to; the switch automatically removes the specified port from its present channel group and adds it to the specified channel group.
Use the force keyword to force the addition of the interface into the specified channel group.
After you enable LACP globally, by using the feature lacp command, you enable LACP on each channel by configuring the channel mode as either active or passive. An EtherChannel in the on channel mode is a pure EtherChannel and can aggregate a maximum of eight ports. The EtherChannel does not run LACP.
You cannot change the mode for an existing EtherChannel or any of its interfaces if that EtherChannel is not running LACP; the channel mode remains as on. The system returns an error message if you attempt to change the mode.
Use the no form of this command to remove the physical interface from the EtherChannel. When you delete the last physical interface from an EtherChannel, the EtherChannel remains. To delete the EtherChannel completely, use the no form of the interface port-channel command.
The compatibility check includes the following operational attributes:
- Port mode
- Access VLAN
- Trunk native VLAN
- Tagged or untagged
- Allowed VLAN list
- Switched Port Analyzer (SPAN) (cannot be SPAN source or destination port)
- Storm control
Use the show port-channel compatibility-parameters command to see the full list of compatibility checks that Cisco NX-OS uses.
You can only add interfaces configured with the channel mode set to on for static EtherChannels, that is, without a configured aggregation protocol. You can only add interfaces configured with the channel mode as active or passive to EtherChannels that are running LACP.
You can configure these attributes on an individual member port. If you configure a member port with an incompatible attribute, Cisco NX-OS suspends that port in the EtherChannel.
When the interface joins an EtherChannel, some of its individual parameters are overridden with the values on the EtherChannel, as follows:
- MAC address
- Spanning Tree Protocol (STP)
- Service policy
- Quality of service (QoS)
- Access control lists (ACLs)
Interface parameters, such as the following, remain unaffected when the interface joins or leaves a EtherChannel:
If interfaces are configured for the EtherChannel interface and a member port is removed from the EtherChannel, the configuration of the EtherChannel interface is not propagated to the member ports.
Any configuration changes that you make in any of the compatibility parameters to the EtherChannel interface are propagated to all interfaces within the same channel group as the EtherChannel (for example, configuration changes are also propagated to the physical interfaces that are not part of the EtherChannel but are part of the channel group).
Examples
This example shows how to add an interface to LACP channel group 5 in active mode:
switch(config)# interface ethernet 1/1
switch(config-if)# channel-group 5 mode active
switch(config-if)#
This example shows how to forcefully add an interface to the channel group 5:
switch(config)# interface ethernet 1/1
switch(config-if)# channel-group 5 force
switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays information about the traffic on the specified EtherChannel interface. |
|
cdp enable
To enable the Cisco Discovery Protocol (CDP) on an Ethernet interface, use the cdp enable command. To disable CDP on the interface, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Examples
This example shows how to enable CDP on an Ethernet interface:
Related Commands
|
|
|
|---|---|
clear ip nat translation
To clear dynamic Network Address Translation ( NAT) translations from the translation table, use the clear ip nat translation command in EXEC mode.
clear ip nat translation {all | inside global-ip local-ip [outside local-ip global-ip ]| outside local-ip global-ip }
Syntax Description
Clears inside translations that contain the specified global-ip and local-ip addresses. |
|
Clears outside translations that contain the specified local-ip and global-ip addresses. |
Command Default
Command Modes
Command History
|
|
|
Examples
This example shows how to clear entries from the translation table before they time out:
Related Commands
|
|
|
|---|---|
Designates that traffic originating from or destined for the interface is subject to NAT. |
|
Enables dynamic NAT of the inside source address by using an ACL. |
|
copy running-config startup-config
To save the running configuration to the startup configuration file so that all current configuration details are available after a reboot, use the copy running-config startup-config command.
copy running-config startup-config
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
To view the changes to the configuration that you have made, use the show startup-config command.
Note Once you enter the copy running-config startup-config command, the running and the startup copies of the configuration are identical.
Examples
This example shows how to save the running configuration to the startup configuration:
Related Commands
|
|
|
|---|---|
delay (interface)
To set a delay value for an interface, use the delay command. To restore the default delay value, use the no form of this command.
Syntax Description
Throughput delay in tens of microseconds. The range is from 1 to 16,777,215. |
Command Default
Command Modes
Interface configuration mode
Subinterface configuration mode
Command History
|
|
|
Examples
This example shows how to set a delay of 30,000 microseconds on an interface:
This example shows how to set a delay of 1000 microseconds on a subinterface:
Related Commands
|
|
|
|---|---|
delay restore
To delay the virtual port channel (vPC) from coming up on the restored vPC peer device after a reload when the peer adjacency is already established, use the delay restore command. To revert to the default delay value, use the no form of this command.
Syntax Description
Number of seconds to delay bringing up the restored vPC peer device. The range is from 1 to 3600. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the delay restore command to avoid upstream traffic from the access device to the core from being dropped when you restore the vPC peer devices.
Examples
This example shows how to configure the delay reload time for a vPC link:
This example shows how to remove the reload time configuration for a vPC link:
Related Commands
|
|
|
|---|---|
description (interface)
To add a description to an interface configuration, use the description command. To remove the description, use the no form of this command.
Syntax Description
String description of the interface configuration. This string is limited to 80 characters. |
Command Default
Command Modes
Interface configuration mode
Subinterface configuration mode
Command History
|
|
|
Usage Guidelines
The description command is meant to provide a reminder in the configuration to describe what certain interfaces are used for. The description appears in the output of the following commands such as show interface and show running-config.
Examples
This example shows how to add a description for an interface:
Related Commands
|
|
|
|---|---|
Displays the contents of the currently running configuration file. |
dual-active exclude interface-vlan
To ensure that certain VLAN interfaces are not shut down on the virtual port-channel (vPC) secondary peer device when the vPC peer link fails for those VLANs carried on the vPC peer link but not on the vPC configuration itself, use the dual-active exclude interface-vlan command. To return to the default value, use the no form of this command.
dual-active exclude interface-vlan { range }
no dual-active exclude interface-vlan
Syntax Description
Range of VLAN interfaces that you want to exclude from shutting down. The allowed VLAN range is from 1 to 3967 and 4048 to 4093. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to configure the device to keep the VLAN interfaces up on the vPC peer devices if the peer link fails:
This example shows how to restore the default configuration on the vPC peer devices if the peer link fails:
Related Commands
|
|
|
|---|---|
Copies the running configuration to the startup configuration. |
|
encapsulation dot1Q
To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface, use the encapsulation dot1q command. To disable encapsulation, use the no form of this command.
no encapsulation dot1Q vlan-id
Syntax Description
VLAN to set when the interface is in access mode; valid values are from 1 to 4093, except for the VLANs reserved for internal switch use. |
Command Default
Command Modes
Subinterface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
IEEE 802.1Q encapsulation is configurable on Ethernet and EtherChannel interfaces. IEEE 802.1Q is a standard protocol for interconnecting multiple switches and routers and for defining VLAN topologies.
Use the encapsulation dot1q command in subinterface range configuration mode to apply a VLAN ID to the subinterface.
Note This command is not applicable to loopback interfaces.
This command does not require a license but if you want to enable Layer 3 interfaces, you must install the LAN Base Services license.
Examples
This example shows how to enable dot1Q encapsulation on a subinterface for VLAN 30:
Related Commands
|
|
|
|---|---|
feature vpc
To enable a virtual port channel (vPC), which allows links that are physically connected to two different Cisco Nexus 3000 Series devices to appear as a single port channel to a third device, use the feature vpc command. To disable vPC on the switch, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
In a vPC configuration, the third device can be a Cisco Nexus 2000 Series Fabric Extender, switch, server, or any other networking device.
Examples
This example shows how to enable vPC on the switch:
Related Commands
|
|
|
|---|---|
interface ethernet
To enter interface configuration mode for an Ethernet IEEE 802.3 interface, use the interface ethernet command.
interface ethernet slot / port
Syntax Description
Port number within a particular slot. The port number is from 1 to 128. |
Command Default
Command Modes
Command History
|
|
|
Examples
This example shows how to enter configuration mode for Ethernet interface 1/4:
switch(config)# interface ethernet 1/4
switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays various parameters of an Ethernet IEEE 802.3 interface. |
|
interface ethernet (Layer 3)
To configure a Layer 3 Ethernet IEEE 802.3 routed interface, use the interface ethernet command.
interface ethernet slot / port [. subintf-port-no ]
Syntax Description
Port number within a particular slot. The port number is from 1 to 128. |
|
(Optional) Port number for the subinterface. The range is from 1 to 48. |
Command Default
Command Modes
Global configuration mode
Interface configuration mode
Command History
|
|
|
Usage Guidelines
You must use the no switchport command in the interface configuration mode to configure the interface as a Layer 3 routed interface. When you configure the interface as a Layer 3 interface, all Layer 2 specific configurations on this interface are deleted.
Use the switchport command to convert a Layer 3 interface into a Layer 2 interface. When you configure the interface as a Layer 2 interface, all Layer 3 specific configurations on this interface are deleted.
Examples
This example shows how to enter configuration mode for a Layer 3 Ethernet interface 1/5:
switch(config)# interface ethernet 1/5
switch(config-if)# no switchport
switch(config-if)# ip address 10.1.1.1/24
switch(config-if)#
This example shows how to configure a Layer 3 subinterface for Ethernet interface 1/5 in the global configuration mode:
switch(config)# interface ethernet 1/5.2
switch(config-if)# no switchport
switch(config-subif)# ip address 10.1.1.1/24
switch(config-subif)#
This example shows how to configure a Layer 3 subinterface in interface configuration mode:
switch(config)# interface ethernet 1/5
switch(config-if)# no switchport
switch(config-if)# interface ethernet 1/5.1
switch(config-subif)# ip address 10.1.1.1/24
switch(config-subif)#
This example shows how to convert a Layer 3 interface to a Layer 2 interface:
switch(config)# interface ethernet 1/5
switch(config-if)# no switchport
switch(config-if)# ip address 10.1.1.1/24
switch(config-if)# switchport
switch(config-if)#
Related Commands
|
|
|
|---|---|
Displays various parameters of an Ethernet IEEE 802.3 interface. |
interface loopback
To create a loopback interface and enter interface configuration mode, use the interface loopback command. To remove a loopback interface, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
Use the interface loopback command to create or modify loopback interfaces.
From the loopback interface configuration mode, the following parameters are available:
- description —Provides a description of the purpose of the interface.
- ip —Configures IP features, such as the IP address for the interface, Address Resolution Protocol (ARP) attributes, load balancing, or Unicast Reverse Path Forwarding (RPF).
- logging —Configures logging of events.
- shutdown —Shuts down traffic on the interface.
Examples
This example shows how to create a loopback interface:
Related Commands
|
|
|
|---|---|
Displays information about the traffic on the specified loopback interface. |
interface port-channel
To create an EtherChannel interface and enter interface configuration mode, use the interface port-channel command. To remove an EtherChannel interface, use the no form of this command.
interface port-channel channel-number [. subintf-channel-no ]
no interface port-channel channel-number [. subintf-channel-no ]
Syntax Description
Channel number that is assigned to this EtherChannel logical interface. The range is from 1 to 4096. |
|
(Optional) Port number of the EtherChannel subinterface. The range is from 1 to 4093. |
Command Default
Command Modes
Global configuration mode
Interface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
A port can belong to only one channel group.
When you use the interface port-channel command for Layer 2 interfaces, follow these guidelines:
- If you are using the Cisco Discovery Protocol (CDP), you must configure it only on the physical interface and not on the EtherChannel interface.
- The MAC address of the EtherChannel is the address of the first operational port added to the channel group. If this first-added port is removed from the channel, the MAC address comes from the next operational port added, if there is one.
You must use the no switchport command in the interface configuration mode to configure the EtherChannel interface as a Layer 3 interface. When you configure the interface as a Layer 3 interface, all Layer 2 specific configurations on this interface are deleted.
Use the switchport command to convert a Layer 3 EtherChannel interface into a Layer 2 interface. When you configure the interface as a Layer 2 interface, all Layer 3 specific configurations on this interface are deleted.
You can configure one or more subinterfaces on a port channel made from routed interfaces.
Examples
This example shows how to create an EtherChannel group interface with channel-group number 50:
This example shows how to create a Layer 3 EtherChannel group interface with channel-group number 10:
This example shows how to configure a Layer 3 EtherChannel subinterface with channel-group number 1 in interface configuration mode:
This example shows how to configure a Layer 3 EtherChannel subinterface with channel-group number 20.1 in global configuration mode:
Related Commands
interface vlan
To create a VLAN interface and enter interface configuration mode, use the interface vlan command. To remove a VLAN interface, use the no form of this command.
Syntax Description
VLAN to set when the interface is in access mode; valid values are from 1 to 4094, except for the VLANs reserved for the internal switch use. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Before you use this command, enable the interface-vlan feature by using the feature interface-vlan command.
Use the interface vlan command to create or modify VLAN interfaces.
The VLAN interface is created the first time that you enter the interface vlan command for a particular VLAN. The vlan-id argument corresponds to the VLAN tag that is associated with the data frames on an IEEE 802.1Q-encapsulated trunk or the VLAN ID that is configured for an access port.
Examples
This example shows how to create a VLAN interface for VLAN 50:
Related Commands
|
|
|
|---|---|
Displays information about the traffic on the specified VLAN interface. |
ip nat
To designate that traffic originating from or destined for an interface is subject to Network Address Translation ( NAT), use the ip natcommand in interface configuration mode. To disable the configuration, use the no form of this command.
Syntax Description
Connects the interface inside network (the network subject to NAT translation). |
|
Command Default
Traffic leaving or arriving at an interface is not subject to NAT.
Command Modes
Interface configuration (config-if)
Command History
|
|
|
|---|---|
Usage Guidelines
Only packets traversing between inside and outside interfaces can be translated. You must specify at least one inside interface and one outside interface for each border device where you intend to use NAT.
Examples
The following example shows how to connect interfaces to the outside and inside networks:
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
ip nat inside source list
To enable dynamic Network Address Translation (NAT) of the inside source address by using an access control list (ACL), use the ip nat inside source command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat inside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [dynamic]
no ip nat inside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [dynamic]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Packets that enter a device through the inside interface and packets that are sourced from the device are checked against the access list for possible NAT candidates. The access list is used to specify the traffic that is to be translated.
Overload, also called Port Address Translation (PAT), is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Your NAT configuration can have multiple dynamic NAT translations with different access control lists (ACLs); but each ACL must point to the same outgoing interface.
Examples
This example shows how to configure the dynamic NAT overload configuration:
This example shows how to create a NAT inside source list with pool without overloading:
This example shows how to create a NAT inside source list with pool with overloading:
This example shows how to configure dynamic twice NAT for an inside source address:
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
ip nat inside source static
To enable static Network Address Translation (NAT) of an inside global address to an inside local address or of inside local traffic to inside global traffic, use the ip nat inside source static command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat inside source static inside-local-ip-address inside-global-ip-address | [tcp | udp] inside-local-ip-address local-port inside-global-ip-address global-port [group group-id] [dynamic]
no ip nat inside source static inside-local-ip-address inside-global-ip-address | [tcp | udp] inside-local-ip-address local-port inside-global-ip-address global-port [group group-id] [dynamic]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure dynamic twice NAT for an outside source address:
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
ip nat outside source list
To enable dynamic Network Address Translation (NAT) of the outside source address by using an access control list (ACL), use the ip nat outside source command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat outside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [add-route] [dynamic]
no ip nat outside source list access-list-name {interface type number | pool pool-name [overload]} [group group-id] [add-route] [dynamic]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Packets that enter a device through the outside interface and packets that are sourced from the device are checked against the access list for possible NAT candidates. The access list is used to specify the traffic that is to be translated.
Examples
This example shows how to create a NAT outside source list with pool without overloading:
This example shows how to configure dynamic twice NAT for an outside source address:
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
ip nat outside source static
To enable static Network Address Translation (NAT) of an outside global address to an inside local address or of inside local traffic to inside global traffic, use the ip nat outside source static command in global configuration mode. To disable the configuration, use the no form of this command.
ip nat outside source static outside-global-ip-address outside-local-ip-address | [tcp | udp] outside-global-ip-address outside-global-port outside-local-ip-address outside-local-port [group group-id] [add-route] [dynamic]
no ip nat outside source static outside-global-ip-address outside-local-ip-address | [tcp | udp] outside-global-ip-address outside-global-port outside-local-ip-address outside-local-port [group group-id] [add-route] [dynamic]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to configure dynamic twice NAT for an inside source address:
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
ip nat pool
To create a dynamic Network Address Translation (NAT) pool, use the ip nat pool command in global configuration mode. To delete the pool, use the no form of this command.
ip nat pool pool-name [startip endip] {prefix prefix-length | netmask network-mask}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Dynamic NAT allows the configuration of a pool of global addresses that can be used to dynamically allocate global address from the pool for every new translation. The addresses are returned to the pool after the session ages out or is closed. This allows for a more efficient use of addresses based on requirements.
Support for PAT includes the use of the global address pool. This further optimizes IP address utilization. PAT exhausts one IP address at a time with the use of port numbers. If no port is available from the appropriate group and more than one IP address is configured, PAT moves to the next IP address and tries to allocate the original source port again. This process continues until PAT runs out of available ports and IP addresses.
You can create a NAT pool by either defining the range of IP addresses in a single ip nat pool command or by using the ip nat pool and address commands.
Examples
This example shows how to create a NAT pool with a prefix length:
This example shows how to create a NAT pool with a network mask:
This example shows how to create a NAT pool and define the range of global IP addresses using multiple commands:
This example shows how to delete a NAT pool:
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
ip nat translation
To change the Network Address Translation (NAT) timeout, use the ip nat translation command in global configuration mode. To disable the timeout, use the no form of this command.
ip nat translation {finrst-timeout {seconds | never} | max-entries number-of-entries | sampling-timeout seconds | syn-timeout {seconds | never} | tcp-timeout seconds | timeout | udp-timeout seconds}
no ip nat translation {finrst-timeout {seconds | never} | max-entries number-of-entries | sampling-timeout seconds | syn-timeout {seconds | never} | tcp-timeout seconds | timeout seconds | udp-timeout seconds}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
The finrst-timeout and syn-timeout command options were introduced. |
|
Usage Guidelines
Timeout of a dynamic translation involves both the sampling-timeout value and the TCP or UDP timeout value. The sampling-timeout specifies the time after which the device checks for dynamic translation activity. During the checking, the device inspects the packets that are hitting this translation. The checking happens for the TCP or UDP timeout period. If there are no packets for the TCP or UDP timeout period, the translation is cleared. If activity is detected on the translation, then the checking is stopped immediately and a sampling-timeout period begins.
After waiting for this new sampling-timeout period, the device checks for dynamic translation activity again. During an activity check the Ternary Content-Addressable Memory (TCAM) sends a copy of the packet that matches the dynamic NAT translation to the CPU. If the Control Plane Policing (CoPP) is configured at a low threshold, the TCP or UDP packets might not reach the CPU, and the CPU considers this as inactivity of the NAT translation.
Examples
The following example shows how to configure the timeout value for TCP data packets that send the SYN request, but do not receive a SYN-ACK reply:
switch(config)# ip nat translation syn-timeout 20
The following example shows how to configure a device to cause UDP port translation entries to time out after 10 minutes (600 seconds):
Related Commands
|
|
|
|---|---|
Enables dynamic NAT of the inside source address by using an ACL. |
|
lacp min-links
|
|
|
|---|---|
To configure port channel min-links and enter the interface configuration mode, use the lacp min-links command. To remove the port channel min-links configuration, use the no form of this command.
Syntax Description
Defaults
Command Modes
Command History
|
|
|
Usage Guidelines
The min-link feature works only with the Link Aggregation Control Protocol (LACP) port channels.
Examples
This example shows how to configure port channel min-links and enter the interface configuration mode:
This example shows how to remove the port channel min-links configuration:
Related Commands
|
|
|
|---|---|
lacp port-priority
To set the priority for the physical interfaces for the Link Aggregation Control Protocol (LACP), use the lacp port-priority command. To return the port priority to the default value, use the no form of this command.
Syntax Description
Priority for the physical interfaces. The range of valid numbers is from 1 to 65535. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Each port configured to use LACP has an LACP port priority. You can configure a value between 1 and 65535. LACP uses the port priority in combination with the port number to form the port identifier. The port priority is used with the port number to form the port identifier. The port priority is used to decide which ports should be put into standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.
Note When setting the priority, note that a higher number means a lower priority.
Examples
This example shows how to set the LACP port priority for the interface to 2000:
Related Commands
|
|
|
|---|---|
lacp rate fast
To configure the rate at which control packets are sent by the Link Aggregation Control Protocol (LACP), use the lacp rate fast command. To restore the rate to 30 seconds, use the no form of this command or the lacp rate normal command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You must enable LACP before using this command.
The LACP rate fast feature is used to set the rate (once every second) at which the LACP control packets are sent to an LACP-supported interface. The normal rate at which LACP packets are sent is 30 seconds.
Examples
This example shows how to configure the LACP fast rate feature on a specified Ethernet interface:
This example shows how to remove the LACP fast rate configuration from a specified Ethernet interface:
Related Commands
|
|
|
|---|---|
lacp system-priority
To set the system priority of the switch for the Link Aggregation Control Protocol (LACP), use the lacp system-priority command. To return the system priority to the default value, use the no form of this command.
Syntax Description
Priority for the physical interfaces. The range of valid numbers is from 1 to 65535. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Each device that runs LACP has an LACP system priority value. You can configure a value between 1 and 65535. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems.
When setting the priority, note that a higher number means a lower priority.
Examples
This example shows how to set the LACP system priority for the device to 2500:
Related Commands
|
|
|
|---|---|
lldp (interface)
To enable the reception, or transmission, of Link Layer Discovery Protocol (LLDP) packets on an interface, use the lldp command. To disable the reception or transmission of LLDP packets, use the no form of this command.
no lldp { receive | transmit }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Note LLDP, which is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network, is enabled on the switch by default.
Examples
This example shows how to set an interface to transmit LLDP packets:
Related Commands
|
|
|
|---|---|
no switchport
To configure the interface as a Layer 3 Ethernet interface, use the no switchport command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can configure any Ethernet port as a routed interface. When you configure an interface as a Layer 3 interface, any configuration specific to Layer 2 on this interface is deleted.
If you want to configure a Layer 3 interface for Layer 2, enter the switchport command. Then, if you change a Layer 2 interface to a routed interface, enter the no switchport command.
Examples
This example shows how to enable an interface as a Layer 3 routed interface:
This example shows how to configure a Layer 3 interface as a Layer 2 interface:
Related Commands
|
|
|
|---|---|
Saves the running configuration to the startup configuration file. |
|
peer-keepalive
To configure the IPv4 address for the remote end of the vPC peer keepalive link that carries the keepalive messages, use the peer-keepalive command. To disassociate the peer keepalive link, use the no form of this command.
peer-keepalive destination ipv4_address [ hold-timeout holdtime_seconds | interval mseconds { timeout seconds } | precedence { prec_value | critical | flash | flash-override | immediate | internet | network | priority | routine } | source ipv4_address | tos { tos_value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | tos-byte tos_byte_value | udp-port udp_port | vrf { vrf_name | management }]
no peer-keepalive destination ipv4_address [ hold-timeout holdtime_seconds | interval mseconds { timeout seconds } | precedence { prec_value | critical | flash | flash-override | immediate | internet | network | priority | routine } | source ipv4_address | tos { tos_value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | tos-byte tos_byte_value | udp-port udp_port | vrf { vrf_name | management }]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You must configure the vPC peer-keepalive link before the system can form the vPC peer link. Ensure that both the source and destination IP addresses used for the peer-keepalive message are unique in your network and these IP addresses are reachable from the VRF associated with the vPC peer-keepalive link.
The Cisco NX-OS software uses the peer-keepalive link between the vPC peers to transmit periodic, configurable keepalive messages. You must have Layer 3 connectivity between the peer devices to transmit these messages. The system cannot bring up the vPC peer link unless the peer-keepalive link is already up and running.
Note We recommend that you configure a separate VRF instance and put a Layer 3 port from each vPC peer device into that VRF for the vPC peer-keepalive link. Do not use the peer link itself to send vPC peer-keepalive messages.
Examples
This example shows how to set up the peer keepalive link connection between the primary and secondary vPC device:
Related Commands
|
|
|
|---|---|
Copies the running configuration to the startup configuration. |
|
Displays information about the configuration for the keepalive messages. |
port-channel load-balance ethernet
To configure the load-balancing method among the interfaces in the channel-group bundle, use the port-channel load-balance ethernet command. To return the system priority to the default value, use the no form of this command.
port-channel load-balance ethernet method
no port-channel load-balance ethernet [ method ]
Syntax Description
Load-balancing method. See the “Usage Guidelines” section for a list of valid values. |
Command Default
Loads distribution on the source and destination MAC address.
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
By default, the Cisco Nexus 3548 Switch load balances on a port-channel based on source and destinationIP addresses.
If only MAC address-based load-balancing is desired, you must configure load balancing by using the port-channel load-balance ethernet mac command. There should be no L3 header in the packet amd the packets must be link-local. The Ethertype in the packets must be 0xFFFF. Otherwise, the packets drop becasue of the parse error.
The valid load-balancing method values are as follows:
- destination-ip —Loads distribution on the destination IP address.
- destination-mac —Loads distribution on the destination MAC address.
- destination-port —Loads distribution on the destination port.
- source-destination-ip —Loads distribution on the source and destination IP address.
- source-destination-mac —Loads distribution on the source and destination MAC address.
- source-destination-port —Loads distribution on the source and destination port.
- source-ip —Loads distribution on the source IP address.
- source-mac —Loads distribution on the source MAC address.
- source-port —Loads distribution on the source port.
Use the option that provides the balance criteria with the greatest variety in your configuration. For example, if the traffic on an EtherChannel is going only to a single MAC address and you use the destination MAC address as the basis of EtherChannel load balancing, the EtherChannel always chooses the same link in that EtherChannel; using source addresses or IP addresses might result in better load balancing.
Examples
This example shows how to set the load-balancing method to use the source IP:
switch(config)# port-channel load-balance ethernet source-ip
This example shows how to set the load-balancing method to use the destination IP:
Related Commands
|
|
|
|---|---|
role
To manually assign a primary or secondary role to a virtual Port Channel (vPC) device, use the role command. To restore the default role priority, use the no form of this command.
Syntax Description
Specifies the priority to define primary or secondary roles in the vPC configuration. |
|
Priority value for the vPC device. The range is from 1 to 65535. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
By default, the Cisco NX-OS software elects a primary and secondary vPC peer device after you configure the vPC domain and both sides of the vPC peer link. However, you may want to elect a specific vPC peer device as the primary device for the vPC. Then, you would manually configure the role value for the vPC peer device that you want as the primary device to be lower than the other vPC peer device.
vPC does not support role preemption. If the primary vPC peer device fails, the secondary vPC peer device takes over to become operationally the vPC primary device. However, the original operational roles are not restored if the formerly primary vPC comes up again.
Examples
This example shows how to configure the role priority of a vPC device:
This example shows how to restore the default role priority of a vPC device:
Related Commands
|
|
|
|---|---|
Copies the running configuration to the startup configuration. |
|
show interface brief
To display a brief summary of the interface configuration information, use the show interface brief command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the summary configuration information of the specified interface:
Related Commands
|
|
|
|---|---|
show interface capabilities
To display detailed information about the capabilities of an interface, use the show interface capabilities command.
show interface [ ethernet slot / port ] capabilities
Syntax Description
(Optional) Specifies an Ethernet interface slot number and port number. The slot number is from 1 to 255, and the port number is from 1 to 128. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can use the show interface capabilities command only for physical interfaces.
Examples
This example shows how to display the interface capabilities:
This example shows how to display the interface capabilities for a specific interface:
Related Commands
|
|
|
|---|---|
show interface debounce
To display the debounce time information for all interfaces, use the show interface debounce command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the debounce status of all interfaces:
Related Commands
|
|
|
|---|---|
show interface ethernet
To display information about the interface configuration, use the show interface ethernet command.
show interface ethernet slot / port [. subintf-port-no ] [ brief | counters | description | status | switchport | transceiver [ details ]]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the detailed configuration of the specified interface:
This example shows how to display the counters configured on a specified interface:
This example shows how to display the switchport information for a specific interface:
This example shows how to display the operational status for a specific interface:
This example shows how to display the calibration information about the transceivers connected to a specified Ethernet interface:
Related Commandsswitch#
|
|
|
|---|---|
show interface loopback
To display information about the loopback interface, use the show interface loopback command.
show interface loopback lo-number [ brief | description ]
Syntax Description
(Optional) Displays a brief summary of the loopback interface information. |
|
(Optional) Displays the description provided for the loopback interface. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the configuration information for a specific loopback interface:
Table 1 describes the significant fields shown in the display.
This example shows how to display the brief information for a specific loopback interface:
Related Commands
|
|
|
|---|---|
show interface port-channel
To display the information about an EtherChannel interface configuration, use the show interface port-channel command.
show interface port-channel number [. subinterface-number ] [ brief | counters | description | status ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the configuration information of a specified EtherChannel interface:
Related Commands
|
|
|
|---|---|
show interface mac-address
To display the information about the MAC address, use the show interface mac-address command.
show interface [ type slot / port | portchannel-no ] mac-address
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
If you do not specify an interface, the system displays all the MAC addresses.
Examples
This example shows how to display the information on MAC addresses for the entire switch:
This example shows how to display the MAC address information for a specific port channel:
Related Commands
|
|
|
|---|---|
Adds static entries to the MAC address table or configures a static MAC address with IGMP snooping disabled for that address. |
|
show interface status err-disabled
To display the error disabled state of interfaces, use the show interface status err-disabled command.
show interface status err-disabled
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the error disabled state of interfaces:
Related Commands
|
|
|
|---|---|
show interface switchport
To display information about all the switch port interfaces, use the show interface switchport command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Examples
This example shows how to display information for all Ethernet interfaces:
Related Commands
|
|
|
|---|---|
show interface transceiver
To display the information about the transceivers connected to a specific interface, use the show interface transceiver command.
show interface [ ethernet slot / port ] transceiver [ details ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can use the show interface transceiver command only for physical interfaces.
Examples
This example shows how to display the transceivers for all Ethernet interfaces:
This example shows how to display the transceivers connected to a specified Ethernet interface:
This example shows how to display the detailed information about the transceivers connected to a specified Ethernet interface:
Related Commands
|
|
|
|---|---|
Displays detailed information about the capabilities of an interface. |
show ip nat statistics
To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Examples
This example displays the output the show ip nat statistics command:
Related Commands
|
|
|
|---|---|
Designates that traffic originating from or destined for the interface is subject to NAT. |
The following table describes the output fields shown in the preceding display.
show ip nat translation
To display all NAT translations including static and dynamic translations, use the show ip nat translation command in EXEC mode.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Examples
This example shows how to display entries from the translation table before they time out:
This example shows how to display active NAT translations:
Related Commands
|
|
|
|---|---|
Designates that traffic originating from or destined for the interface is subject to NAT. |
|
Enables dynamic NAT of the inside source address by using an ACL. |
|
show lacp
To display Link Aggregation Control Protocol (LACP) information, use the show lacp command.
show lacp { counters | interface ethernet slot / port | neighbor [ interface port-channel number ] | port-channel [ interface port-channel number ] | system-identifier }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Use the show lacp command to troubleshoot problems related to LACP in a network.
Examples
This example shows how to display the LACP system identification:
This example shows how to display the LACP information for a specific interface:
Related Commands
|
|
|
|---|---|
show module
To display module information, use the show module command.
Syntax Description
Module number in the switch chassis. The range is from 1 to 3. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the module information for a specific module:
Related Commands
|
|
|
|---|---|
show port-channel capacity
To display the total number of port channels that are configured, or are still available on the device, use the show port-channel capacity command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the port channels on a device:
Related Commands
|
|
|
|---|---|
Displays Cisco Technical Support information about EtherChannels. |
show port-channel compatibility-parameters
To display the parameters that must be the same among the member ports in order to join an EtherChannel interface, use the show port-channel compatibility-parameters command.
show port-channel compatibility-parameters
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the EtherChannel interface parameters:
Related Commands
|
|
|
|---|---|
Displays Cisco Technical Support information about EtherChannels. |
show port-channel database
To display the aggregation state for one or more EtherChannel interfaces, use the show port-channel database command.
show port-channel database [ interface port-channel number ]
Syntax Description
(Optional) Displays information for an EtherChannel interface. |
|
(Optional) Displays aggregation information for a specific EtherChannel interface. The number range is from 1 to 4096. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the aggregation state of all EtherChannel interfaces:
This example shows how to display the aggregation state for a specific EtherChannel interface:
Related Commands
|
|
|
|---|---|
Displays Cisco Technical Support information about EtherChannels. |
show port-channel load-balance
To display information about EtherChannel load balancing, use the show port-channel load-balance command.
show port-channel load-balance [ forwarding-path interface port-channel number | src-interface interface { vlan vlan_ID } [ dst-ip ipv4-addr ] [ dst-mac dst-mac-addr ] [ l4-dst-port dst-port ] [ l4-src-port src-port ] [ src-ip ipv4-addr ] [ src-mac src-mac-addr ]]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You must use the vlan keyword to determine the use of hardware hashing.
Note ● Only hardware-based hashing is supported on Cisco Nexus 3548 Switch. There is no software hashing.
- For an L2 port, cache hit indicates that the source and destination mac addresses are learnt in the MAC table whereas for an L3 port cache hit indicates that the IP addresses are resolved.
When you do not use hardware hashing, the output displays all parameters used to determine the outgoing port ID. Missing parameters are shown as zero values in the output.
If you do not use hardware hashing, the outgoing port ID is determined by using control-plane selection. Hardware hashing is not used in the following scenarios:
- The specified VLAN contains an unknown unicast destination MAC address.
- The specified VLAN contains a known or an unknown multicast destination MAC or destination IP address.
- The specified VLAN contains a broadcast MAC address.
- The EtherChannel has only one active member.
- The destination MAC address is unknown when the load distribution is configured on the source IP address (src-ip), source port (l4-src-port), or source MAC address (src-mac).
To get accurate results, you must do the following:
- (For unicast frames) Provide the destination MAC address (dst-mac) and the VLAN for hardware hashing (vlan). When the destination MAC address is not provided, hardware hashing is assumed.
- (For multicast frames) For IP multicast, provide either the destination IP address (dst-ip) or destination MAC address (dst-mac) with the VLAN for hardware hashing (vlan). For non-ip multicast, provide the destination MAC address with the VLAN for hardware hashing.
- (For broadcast frames) Provide the destination MAC address (dst-mac) and the VLAN for hardware hashing (vlan).
Examples
This example shows how to display the port channel load balance information in wrap mode:
Related Commands
|
|
|
|---|---|
Configures the load-balancing method among the interfaces in the channel-group bundle. |
show port-channel summary
To display summary information about EtherChannels, use the show port-channel summary command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Before you use this command, you must configure an EtherChannel group using the interface port-channel command.
Examples
This example shows how to display summary information about EtherChannels:
Related Commands
|
|
|
|---|---|
Assigns and configures a physical interface to an EtherChannel. |
|
Creates an EtherChannel interface and enters interface configuration mode. |
show port-channel traffic
To display the traffic statistics for EtherChannels, use the show port-channel traffic command.
show port-channel traffic [ interface port-channel number ]
Syntax Description
(Optional) Displays traffic statistics for a specified interface. |
|
(Optional) Displays information for a specified EtherChannel. The range is from 1 to 4096. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the traffic statistics for all EtherChannels:
This example shows how to display the traffic statistics for a specific EtherChannel:
Related Commands
|
|
|
|---|---|
Displays Cisco Technical Support information about EtherChannels. |
show port-channel usage
To display the range of used and unused EtherChannel numbers, use the show port-channel usage command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the EtherChannel usage information:
Related Commands
|
|
|
|---|---|
Displays Cisco Technical Support information about EtherChannels. |
show resource
To display the number of resources currently available in the system, use the show resource command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the resources available in the system:
Related Commands
|
|
|
|---|---|
show running-config interface
To display the running configuration for a specific port channel, use the show running-config interface command.
show running-config interface [ all | { ethernet { slot / port } [ all ]} | { loopback { number } [ all ]} | { mgmt 0 [ all ]} | port-channel { channel-number } [ membership ]}
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the running configuration for port channel 100 on a switch that runs Cisco NX-OS Release 5.0(3)A1(1):
switch(config)# show running-config interface port-channel 100
!Command: show running-config interface port-channel100
!Time: Tue Aug 23 09:25:00 2011
version 5.0(3)A1(1)
interface port-channel100
speed 10000
switch(config)#
Related Commands
|
|
|
|---|---|
show running-config nat
To display the running configuration for Network Address Translation (NAT), use the show running-config nat command.
show running-config nat [ all ]
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the running configuration for NAT:
Related Commands
|
|
|
|---|---|
show tech-support port-channel
To display troubleshooting information about EtherChannel interfaces, use the show tech-support port-channel command.
show tech-support port-channel
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The output from the show tech-support port-channel command is very long. To better manage this output, you can redirect the output to a file.
Examples
This example shows how to display Cisco technical support information for EtherChannel interfaces:
Related Commands
|
|
|
|---|---|
Configures the load-balancing method among the interfaces in the channel-group bundle. |
|
show version
To display information about the software and hardware version, use the show version command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Examples
This example shows how to display the version information of a switch that runs Cisco NX-OS Release 5.0(3)A1(1):
show vpc brief
To display brief information about the virtual port channels (vPCs), use the show vpc brief command.
Syntax Description
(Optional) Displays the brief information for the specified vPC. The range is from 1 to 4096. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The show vpc brief command displays the vPC domain ID, the peer-link status, the keepalive message status, whether the configuration consistency is successful, and whether a peer link formed or failed to form.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information about enabling vPCs.
You can display the track object if you have configured a tracked object for running vPCs on a single module in the vpc-domain configuration mode.
Examples
This example shows how to display brief information about the vPCs on a switch:
Related Commands
|
|
|
|---|---|
show vpc consistency-parameters
To display the consistency of parameters that must be compatible across the virtual port-channel (vPC) interfaces, use the show vpc consistency-parameters command.
show vpc consistency-parameters { global | interface { ethernet slot / port | port-channel channel-number } | vlans | vpc number }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The show vpc consistency-parameters command displays the configuration of all the vPC Type 1 parameters on both sides of the vPC peer link.
Note All the Type 1 configurations must be identical on both sides of the vPC peer link, or the link will not come up.
The vPC Type 1 configuration parameters are as follows:
- Port-channel mode: on, off, or active
- Link speed per channel
- Duplex mode per channel
- Trunk mode per channel
– Tagging of native VLAN traffic
- Spanning Tree Protocol (STP) mode
- STP region configuration for Multiple Spanning Tree
- Enable/disable state the same per VLAN
- STP global settings
– Port type setting—We recommend that you set all vPC peer link ports as network ports.
This command is not available if you have not enabled the vPC feature. See feature vpc for information on enabling vPCs.
Examples
This example shows how to display the vPC global consistency parameters on a switch:
This example shows how to display the vPC consistency parameters for the specified port channel on a switch:
This example shows how to display the vPC consistency parameters for the specified vPC on a switch:
This example shows how to display the vPC consistency parameters for VLANs on a switch:
Related Commands
|
|
|
|---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
|
show vpc orphan-ports
To display ports that are not part of the virtual port channel (vPC) but have common VLANs, use the show vpc orphan-ports command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The show vpc orphan-ports command displays those ports that are not part of the vPC but that share common VLANs with ports that are part of the vPC.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information about enabling vPCs.
Examples
This example shows how to display vPC orphan ports:
Related Commands
|
|
|
|---|---|
show vpc peer-keepalive
To display the destination IP for the virtual port-channel (vPC) peer keepalive message and the status of the messages, use the show vpc peer-keepalive command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The show vpc peer-keepalive command displays the destination IP of the peer keepalive message for the vPC. The command also displays the send and receive status as well as the last update from the peer in seconds and milliseconds.
Note We recommend that you create a separate VRF on the peer devices to send and receive the vPC peer keepalive messages. Do not use the peer link itself to send the vPC peer-keepalive messages.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information about enabling vPCs.
Examples
This example shows how to display information about the peer-keepalive message:
Related Commands
|
|
|
|---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
show vpc role
To display information about the virtual port-channel (vPC) role of the peer device, use the show vpc role command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The show vpc role command displays the following information about the vPC status:
- Status of peer adjacency
- vPC role
- vPC MAC address
- vPC system priority
- MAC address of the device that you are working on
- System priority for the device that you are working on
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information on enabling vPCs.
Examples
This example shows how to display the vPC role information of the device that you are working on:
Related Commands
|
|
|
|---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
|
show vpc statistics
To display virtual port-channel (vPC) statistics, use the show vpc statistics command.
show vpc statistics { peer-keepalive | peer-link | vpc number }
Syntax Description
Displays statistics about the specified vPC. The range is from 1 to 4096. |
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
The peer-link parameter displays the same information as the show interface port-channel channel number command for the vPC peer-link port channel.
The vpc number parameter displays the same information as the show interface port-channel channel number command for the specified vPC port channel.
This command is not available if you have not enabled the vPC feature. See the feature vpc command for information on enabling vPCs.
Examples
This example shows how to display statistics about the peer-keepalive message:
This example shows how to display statistics about a specific vPC:
Related Commands
|
|
|
|---|---|
Displays information about vPCs. If the feature is not enabled, the system displays an error when you enter this command. |
|
shutdown
To shut down the local traffic on an Ethernet interface or Ethernet port-channel interface, use the shutdown command. To return the interface to its default operational state, use the no form of this command.
Syntax Description
Command Default
Command Modes
Interface configuration mode
Subinterface configuration mode
Command History
|
|
|
|---|---|
Usage Guidelines
You can use this command on the following interfaces:
Note Use the no switchport command to configure an interface as a Layer 3 interface.
This command does not require a license but if you want to enable Layer 3 interfaces, you must install the LAN Base Services license.
Examples
This example shows how to shut down, or disable, a Layer 2 interface:
switch(config)# interface ethernet 1/10
switch(config-if)# shutdown
switch(config-if)#
This example shows how to shut down a Layer 3 Ethernet subinterface:
switch(config)# interface ethernet 1/5.1
switch(config-subif)# shutdown
switch(config-subif)#
Related Commands
|
|
|
|---|---|
Displays information on traffic about the specified EtherChannel interface. |
speed (Ethernet)
To configure the transmit and receive speed for an Ethernet interface, use the speed command. To reset to the default speed, use the no form of this command.
speed {10 | 100 | 1000 | 10000 | 40000 | auto }
Syntax Description
Sets the interface speed to 10 Gbps. This is the default speed. |
|
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port and then set its speed with the speed command.
You can enable 40-Gigabits per second (Gbps) speed on up to 12 interfaces. You enable 40-Gbps speed on the first port of a group of four adjacent ports. For example, you enable 40-Gbps speed only on port 1 of port group 1-4, port 5 of port group 5-8, and port 9 of port group 9-12, and so on. These ports are numbered in a 2-tuple naming convention and the first number in the 2-tuple is always 1. Hence, the 40-Gbps port numbering is Ethernet interface 1/1, 1/5, 1/9, 1/13, 1/17, and so on.
The configuration is applied to the first port, not to the remaining three ports in the group. The remaining ports act like the ports without an enhanced small form-factor pluggable (SFP+) transceiver inserted. The configuration takes effect immediately. You do not need to reload the switch.
An SFP+ transceiver security check is performed only on the first port of the group.
You can reconfigure interface speeds from 40-Gigabit to 10-Gigabit, and from 10-Gigabit back to 40-Gbps by using the speed command.
Note If the interface and transceiver speed is mismatched, the SFP validation failed message is displayed when you enter the show interface ethernet slot/port command. For example, if you insert a 1-Gigabit SFP transceiver into a port without configuring the speed 1000 command, you will get this error.
Examples
This example shows how to set the speed for a 1-Gigabit Ethernet port:
switch(config-if)#
This example shows how to set the speed for a 40-Gigabit Ethernet port:
Related Commands
|
|
|
|---|---|
switchport host
To configure the interface to be an access host port, use the switchport host command. To remove the host port, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Ensure that you are configuring the correct interface. It must be an interface that is connected to an end station.
An access host port handles the Spanning Tree Protocol (STP) like an edge port and immediately moves to the forwarding state without passing through the blocking and learning states. Configuring an interface as an access host port also disables EtherChannel on that interface.
Examples
This example shows how to set an interface as an Ethernet access host port with EtherChannel disabled:
Related Commands
|
|
|
|---|---|
Displays a summary of the interface configuration information. |
|
Displays information on all interfaces configured as switch ports. |
switchport mode
To configure the interface as a nontrunking nontagged single-VLAN Ethernet interface, use the switchport mode command. To remove the configuration and restore the default, use the no form of this command.
switchport mode { access | trunk }
no switchport mode { access | trunk }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
An access port can carry traffic in one VLAN only. By default, an access port carries traffic for VLAN 1. To set the access port to carry traffic for a different VLAN, use the switchport access vlan command.
The VLAN must exist before you can specify that VLAN as an access VLAN. The system shuts down an access port that is assigned to an access VLAN that does not exist.
Examples
This example shows how to set an interface as an Ethernet access port that carries traffic for a specific VLAN only:
Related Commands
|
|
|
|---|---|
Displays information on all interfaces configured as switch ports. |
|
switchport trunk allowed vlan
To set the list of allowed VLANs on the trunking interface, use the switchport trunk allowed vlan command. To allow all VLANs on the trunking interface, use the no form of this command.
switchport trunk allowed vlan { vlan-list | add vlan-list | all | except vlan-list | none | remove vlan-list }
no switchport trunk allowed vlan
Syntax Description
Defaults
Command Modes
Command History
|
|
|
Usage Guidelines
You must enter the switchport command without any keywords to configure the LAN interface as a Layer 2 interface before you can enter the switchport trunk allowed vlan command. This action is required only if you have not entered the switchport command for the interface.
You can enter the switchport trunk allowed vlan command on interfaces where the Switched Port Analyzer (SPAN) destination port is either a trunk or an access port.
If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management traffic in VLAN 1.
When you create a switchport trunk, by default it is not a member of any VLAN. You must explicitly add VLANs to the trunk port for traffic on those VLANs to be allowed on the trunk port. To remove all allowed VLANs from a trunk port, use the no form of this command and the trunk port becomes a member of no VLANs.
Examples
This example shows how to add a series of consecutive VLANs to the list of allowed VLANs on a trunking port:
switch(config-if)# switchport trunk allowed vlan add 40-50
Related Commands
|
|
|
|---|---|
Displays the administrative and operational status of a switching (nonrouting) port. |
ttag
With Cisco Nexus 3500 platform switches, you can truncate the packets after a user-defined threshold at ingress and time-stamp the packets using Precision Time Protocol (PTP) with nanosecond accuracy.
Syntax Description
Command Default
Command Modes
Usage Guidelines
With PTP, the IEEE 1588 packet is time-stamped at the ingress port to record the event message arrival time in the hardware at the parser level. The time stamp points to the first bit of the packet (following the start frame delimiter [SFD]). Next, the packet is copied to the CPU with the time stamp and the destination port number. The packet next traverses the PTP stack. The advanced PTP clock algorithm in the Cisco Nexus 3548 Series switches keeps a track of all the timing and the frequency information and it makes the necessary adjustments to help ensure accurate time.
Finally, the packet is internally marked as a high-priority packet to ensure priority egress out of the switch and it is sent out at the egress port. The corresponding time stamp for the transmitted packet is available from the First In, First Out (FIFO) transmission time stamp.
The timestamp tagging feature is used to provide precision time information to monitor the devices remotely and to track the real time when the packets arrive at the Cisco Nexus 3500 Series switches. The timestamp tagging feature configures the ttag command on the egress interface.
The ether-type <type> option sets the Ethertype field of the ethernet frame. The Ethertype is used to indicate which protocol is encapsulated in the payload. Ethertype 1 (type 0x88B5/0x88B6) is used for this purpose.
Examples
This example shows how to configure timestamp tagging:
Related Commands
|
|
|
|---|---|
Displays a summary of the interface configuration information. |
ttag-marker
To enable the timestamp tagging marker packet on the interface, use the ttag-marker command with enable. To disable the timestamp tagging marker packet on the interface, use the no form of this command:
Command Default
Command Default
Command History
|
|
|
Usage Guidelines
Once enabled on a Layer 2 port, the ttag marker sends out the periodic marker frames at specific intervals, based on the interval configured. The marker frame format includes the marker Ethertype that is followed by:
- 64 bit magic number
- 8 bit version
- 8 bit granularity
- 8 bit utc offset
- 16 bits reserved
- 48 bit timestamp (last 32 bits to be used)
- 32 bit utc_sec
- 32 bit utc usec
- 32 bit reserved
- 32 bit signature
The actual ttag packet also contains the hardware timestamp. It is computed with the marker timestamp to calculate the latency of the packet.
The Ethertype that has to be taken for the marker frames can be specified manually, similar to ttag Etherype.
The ether-type <type> option sets the Ethertype field of the Ethernet frame. The Ethertype is used to indicate which protocol is encapsulated in the payload. Ethertype 1 (type 0x88B5/0x88B6) is used for this purpose.
Examples
This example shows how to enable the timestamp tagging marker on the interface:
Related Commands
|
|
|
|---|---|
Displays a summary of the interface configuration information. |
ttag-marker-interval
To send out periodic timestamp tagging marker frames on an L2 port at specific intervals, use the ttag-marker-interval command:
Command Default
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
The ttag marker interval once configured may not be effective unless the ttag marker is enabled on a specific Layer 2 interface. Once the ttag marker is enabled on the interface, the marker frames are sent out of the configured interface. The default interval is 1 second.
Examples
This example shows how to specify the ttag marker interval to 4 seconds:
udld (configuration mode)
To configure the Unidirectional Link Detection (UDLD) protocol on the switch, use the udld command. To disable UDLD, use the no form of this command.
udld { aggressive | message-time timer-time | reset }
no udld { aggressive | message-time | reset }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
UDLD aggressive mode is disabled by default. You can configure UDLD aggressive mode only on point-to-point links between network devices that support UDLD aggressive mode. If UDLD aggressive mode is enabled, when a port on a bidirectional link that has a UDLD neighbor relationship established stops receiving UDLD frames, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is disabled.
To prevent spanning tree loops, normal UDLD with the default interval of 15 seconds is fast enough to shut down a unidirectional link before a blocking port transitions to the forwarding state (with default spanning tree parameters).
When you enable the UDLD aggressive mode, the following occurs:
- One side of a link has a port stuck (both transmission and receive)
- One side of a link remains up while the other side of the link is down
In these cases, the UDLD aggressive mode disables one of the ports on the link, which prevents traffic from being discarded.
Examples
This example shows how to enable the aggressive UDLD mode for the switch:
This example shows how to reset all ports that were shut down by UDLD:
Related Commands
|
|
|
|---|---|
udld (Ethernet)
To enable and configure the Unidirectional Link Detection (UDLD) protocol on an Ethernet interface, use the udld command. To disable UDLD, use the no form of this command.
udld { aggressive | disable | enable }
no udld { aggressive | disable | enable }
Syntax Description
Command Default
Command Modes
Command History
|
|
|
Usage Guidelines
You can configure normal or aggressive UDLD modes for an Ethernet interface. Before you can enable a UDLD mode for an interface, you must make sure that UDLD is enabled on the switch. UDLD must also be enabled on the other linked interface and its device.
To use the normal UDLD mode on a link, you must configure one of the ports for normal mode and configure the port on the other end for the normal or aggressive mode. To use the aggressive UDLD mode, you must configure both ends of the link for aggressive mode.
Examples
This example shows how to enable the normal UDLD mode for an Ethernet port:
This example shows how to enable the aggressive UDLD mode for an Ethernet port:
This example shows how to disable UDLD for an Ethernet port:
Related Commands
|
|
|
|---|---|
vpc
To move other port channels into a virtual port channel (vPC) to connect to the downstream device, use the vpc command. To remove the port channels from the vPC, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
You can use any module in the device for the port channels.
Note We recommend that you attach the vPC domain downstream port channel to two devices for redundancy.
To connect to the downstream device, you create a port channel from the downstream device to the primary vPC peer device, and you create another port channel from the downstream device to the secondary peer device. Finally, working on each vPC peer device, you assign a vPC number to the port channel that connects to the downstream device. You will experience minimal traffic disruption when you are creating vPCs.
Note The port channel number and vPC number can be different, but the vPC number must be the same on both switches.
Examples
This example shows how to configure the selected port channel into the vPC to connect to the downstream device:
Related Commands
vpc domain
To create a virtual port channel (vPC) domain and assign a domain ID, use the vpc domain command. To revert to the default vPC configuration, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
Before you can create a vPC domain and configure vPC on the switch, you must enable the vPC feature using the feature vpc command.
The vPC domain includes both vPC peer devices, the vPC peer keepalive link, the vPC peer link, and all the port channels in the vPC domain connected to the downstream device. You can have only one vPC domain ID on each device.
When configuring the vPC domain ID, make sure that the ID is different from the ID used by a neighboring vPC-capable device with which you may configure a double-sided vPC. This unique ID is needed because the system ID is derived from the MAC address ID of the switch. For a vPC, this MAC address is derived from the domain ID. As a result, in a peer-to-peer vPC configuration, if the neighboring switches use the same domain ID, a system ID conflict may occur in the LACP negotiation that may cause an unsuccessful LACP negotiation.
Under the vPC domain, make sure to configure the primary vPC device to ignore type checks by using the peer-config-check-bypass command.
Examples
This example shows how to create a vPC domain:
Related Commands
|
|
|
|---|---|
Copies the running configuration to the startup configuration. |
|
Restores the vPC peer links after a specified period of time. |
|
vpc peer-link
To create a virtual port channel (vPC) peer link by designating the port channel that you want on each device as the peer link for the specified vPC domain, use the vpc peer-link command. To remove the peer link, use the no form of this command.
Syntax Description
Command Default
Command Modes
Command History
|
|
|
|---|---|
Usage Guidelines
We recommend that you configure the Layer 2 port channels that you are designating as the vPC peer link in trunk mode and that you use two ports on separate modules on each vPC peer device for redundancy.
The Cisco Nexus 3000 Series switch supports 64 hardware port channels. Use the show port-channel capacity command to display the total number of port channels supported by the hardware.
Examples
This example shows how to select the port channel that you want to use as the vPC peer link for this device and configure the selected port channel as the vPC peer link:
This example shows how to remove the vPC peer link:
Feedback