Configuring VLANs

This chapter describes how to configure VLANs on the Cisco Nexus 5000 Series switch. It contains the following sections:

Configuring VLANs

You can use virtual LANs (VLANs) to divide the network into different logical broadcast domains.

Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.

Information About VLANs

Understanding VLAN Ranges

The Cisco Nexus 5000 Series switch supports VLAN numbers 1to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into ranges. You use each range slightly differently. The Nexus 5000 Series switch supports 507 VLANs and it shares this available number of VLANs with its VSANs; each VSAN consumes one VLAN.

The following table describes the details of the VLAN ranges.

Table 1  VLAN Ranges

VLANs Numbers

Range

Usage

1

Normal

Cisco default. You can use this VLAN, but you cannot modify or delete it.

2—1005

Normal

You can create, use, modify, and delete these VLANs.

1006—4094

Extended

You can create, name, and use these VLANs. You cannot change the following parameters:


  • State is always active.

  • VLAN is always enabled. You cannot shut down these VLANs.

3968—4047 and 4094

Internally allocated

These 80 VLANs, plus VLAN 4094, are allocated for internal use. You cannot create, delete, or modify any VLANs within the block reserved for internal use.


Note

VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.

Cisco NX-OS allocates a group of 80 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4047 for internal use. VLAN 4094 is also reserved for internal use by the switch.

You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.

Creating, Deleting, and Modifying VLANs

VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values. You cannot create, delete, or suspend activity in the default VLAN.

You create a VLAN by assigning a number to it. You can delete VLANs as well as move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the switch goes into the VLAN submode but does not create the same VLAN again.

Newly created VLANs remain unused until ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.

Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):


  • VLAN name

  • Shutdown or not shutdown

When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to that VLAN.


Note

Commands entered in the VLAN configuration submode are immediately executed.

VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.

About the VLAN Trunking Protocol

The VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol that maintains VLAN consistency by managing the addition, deletion, and renaming of VLANs within a VTP domain. A VTP domain includes one or more network switches that share the same VTP domain name and that are connected with trunk interfaces. Each switch can be in only one VTP domain.

Layer 2 trunk interfaces, Layer 2 port channels, and virtual port channels (vPCs) support VTP functionality.


Note

In the Cisco Nexus 5000 Series switches, VTP works only in transparent mode, allowing you to extend a VTP domain across the switch.

When the switch is in the VTP transparent mode, the switch relays all VTP protocol packets that it receives on a trunk port to all other trunk ports. When you create or modify a VLAN that is in VTP transparent mode, those VLAN changes affect only the local switch. A VTP transparent network switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements.


Note

VLAN 1 is required on all trunk ports used for switch interconnects if the VTP protocol is to be supported in the network. Removing VLAN 1 from any of these ports prevents VTP from functioning.

VTP is disabled by default on the switch. You enable and configure VTP using the command-line interface (CLI). When VTP is disabled, the switch does not relay any VTP packets.

If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.

Configuring a VLAN

Creating and Deleting a VLAN

You can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the switch. Once a VLAN is created, it is automatically in the active state.


Note

When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and the packets are dropped.
SUMMARY STEPS

1.    switch# configure terminal

2.    switch(config)# vlan {vlan-id | vlan-range}

3.    switch(config-vlan)# no vlan {vlan-id | vlan-range}


DETAILED STEPS
  Command or Action Purpose
Step 1 switch# configure terminal
 

Enters configuration mode.

 
Step 2 switch(config)# vlan {vlan-id | vlan-range}
 

Creates a VLAN or a range of VLANs.

If you enter a number that is already assigned to a VLAN, the switch puts you into the VLAN configuration submode for that VLAN. If you enter a number that is assigned to an internally allocated VLAN, the system returns an error message. However, if you enter a range of VLANs and one or more of the specified VLANs is outside the range of internally allocated VLANs, the command takes effect on only those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and cannot be created or deleted. You cannot create or delete those VLANs that are reserved for internal use.

 
Step 3 switch(config-vlan)# no vlan {vlan-id | vlan-range}
 

Deletes the specified VLAN or range of VLANs and removes you from the VLAN configuration submode. You cannot delete VLAN1 or the internally allocated VLANs.

 

This example shows how to create a range of VLANs from 15 to 20:

switch# configure terminal

switch(config)# vlan 15-20

Note

You can also create and delete VLANs in the VLAN configuration submode.

Entering the VLAN Submode and Configuring the VLAN

To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:


  • Name

  • Shut down


Note

You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs.

SUMMARY STEPS

1.    switch# configure terminal

2.    switch(config)# vlan {vlan-id | vlan-range}

3.    switch(config-vlan)# name vlan-name

4.    switch(config-vlan)# state {active | suspend}

5.    (Optional) switch(config-vlan)# no shutdown


DETAILED STEPS
  Command or Action Purpose
Step 1 switch# configure terminal
 

Enters configuration mode.

 
Step 2 switch(config)# vlan {vlan-id | vlan-range}
 

Enters VLAN configuration submode. If the VLAN does not exist, the system first creates the specified VLAN.

 
Step 3 switch(config-vlan)# name vlan-name
 

Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs. The default value is VLANxxxx where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number.

 
Step 4 switch(config-vlan)# state {active | suspend}
 

Sets the state of the VLAN to active or suspend. While the VLAN state is suspended, the ports associated with this VLAN are shut down, and that VLAN does not pass any traffic. The default state is active. You cannot suspend the state for the default VLAN or VLANs 1006 to 4094.

 
Step 5 switch(config-vlan)# no shutdown
  		(Optional)

Enables the VLAN. The default value is no shutdown (or enabled). You cannot shut down the default VLAN, VLAN1, or VLANs 1006 to 4094.

 

This example shows how to configure optional parameters for VLAN 5: 

switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# name accounting
switch(config-vlan)# state active
switch(config-vlan)# no shutdown

Adding Ports to a VLAN

After you have completed the configuration of a VLAN, assign ports to it. To add ports, perform this task:

SUMMARY STEPS

1.    switch# configure terminal

2.    switch(config)# interface {ethernet slot/port | port-channel number}

3.    switch(config-if)# switchport access vlan vlan-id


DETAILED STEPS
  Command or Action Purpose
Step 1 switch# configure terminal
 

Enters configuration mode.

 
Step 2 switch(config)# interface {ethernet slot/port | port-channel number}
 

Specifies the interface to configure, and enters the interface configuration mode. The interface can be a physical Ethernet port or an EtherChannel.

 
Step 3 switch(config-if)# switchport access vlan vlan-id
 

Sets the access mode of the interface to the specified VLAN.

 

This example shows how to configure an Ethernet interface to join VLAN 5:

switch# configure terminal

switch(config)# interface ethernet 1/13

switch(config-if)# switchport access vlan 5

Configuring VTP

You can enable and configure VTP to relay VTP packets. If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.

Before You Begin

Ensure that you are in the correct VDC (or enter the switchto vdc command). VLAN names and IDs can be repeated in different VDCs, so you must confirm which VDC that you are working with.


SUMMARY STEPS

1.    config t

2.    feature vtp

3.    vtp domain domain-name

4.    vtp version {1|2}

5.    vtp mode transparent

6.    exit

7.    show vlan

8.    copy running-config startup-config


DETAILED STEPS
  Command or Action Purpose
Step 1 config t


Example: 
switch#config t
switch(config)#
 

Enters configuration mode.

 
Step 2 feature vtp


Example: 
switch(config)#feature vtp
switch(config)#
 

Enables VTP on the device. The default is disabled.

 
Step 3 vtp domain domain-name


Example: 
switch(config)#vtp domain accounting
switch(config)#
 

Enter the name of the VTP domain that you want this switch to join. The default is blank.

 
Step 4 vtp version {1|2}


Example: 
switch(config)#vtp version 2
switch(config)#
 

Sets the VTP version that you want to use. The default is version 1.

 
Step 5 vtp mode transparent


Example: 
switch(config)#vtp mode transparent
switch(config)#
 

(Optional) After you enable VTP, the only available mode is transparent.

 
Step 6 exit


Example: 
switch(config)#exit
switch(config)#
 

Exits the configuration submode.

 
Step 7 show vlan


Example: 
switch(config)#show vlan
 

(Optional) Displays information about VTP.

 
Step 8 copy running-config startup-config


Example: 
switch(config)#copy running-config startup-config
 

(Optional) Copies the running configuration to the startup configuration.

 

This example shows how to configure VTP in transparent mode:

switch#config t
switch(config)#feature vtp
switch(config)#vtp domain accounting
switch(config)#vtp version2
switch(config)#exit
switch#

Verifying VLAN Configuration

To display VLAN configuration information, perform one of these tasks:

Command

Purpose
switch# show running-config vlan [vlan_id | vlan_range]

Displays VLAN information.
switch# show vlan [brief | id [vlan_id | vlan_range] | name name | summary]

Displays selected configuration information for the defined VLAN(s).

The following example shows all VLANs defined in the range of 1 to 21.

switch# show running-config vlan 1-21

version 4.0(1a)N1(1)
vlan 1
vlan 5

The following example shows the VLANs created on the switch and their status:

switch# show vlan

 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Eth1/1, Eth1/2, Eth1/3, Eth1/4
                                                Eth1/5, Eth1/6, Eth1/7, Eth1/8
                                                Eth1/9, Eth1/10, Eth1/11
                                                Eth1/12, Eth1/15, Eth1/16
                                                Eth1/17, Eth1/18, Eth1/19
                                                Eth1/20, Eth1/21, Eth1/22
                                                Eth1/23, Eth1/24, Eth1/25
                                                Eth1/26, Eth1/27, Eth1/28
                                                Eth1/29, Eth1/30, Eth1/31
                                                Eth1/32, Eth1/33, Eth1/34
                                                Eth1/35, Eth1/36, Eth1/37
                                                Eth1/38, Eth1/39, Eth1/40
                                                Eth3/1, Eth3/2, Eth3/3, Eth3/4
                                                veth1/1
13   VLAN0005                         active    Eth1/13, Eth1/14

The following example shows the details of VLAN 13 including its member ports:

switch# show vlan id 13

 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
13   VLAN0005                         active    Eth1/13, Eth1/14
 
 
VLAN Type   MTU
---- ----- -----
13   enet  576
 
Remote SPAN VLAN
----------------
Disabled
 
Primary  Secondary  Type             Ports
-------  ---------  ---------------  -------------------------------------------

The following example shows the VLAN settings summary:

switch# show vlan summary

 
Number of existing VLANs           : 2
 Number of existing user VLANs     : 2
 Number of existing extended VLANs : 0