Configuring VLANs
Available Languages
Contents
- Configuring VLANs
- Information About VLANs
- Understanding VLANs
- Understanding VLAN Ranges
- Creating, Deleting, and Modifying VLANs
- About the VLAN Trunking Protocol
- Guidelines and Limitations
- Configuring a VLAN
- Creating and Deleting a VLAN
- Entering the VLAN Submode and Configuring the VLAN
- Configuring VTP
- Adding Ports to a VLAN
- Verifying VLAN Configuration
Configuring VLANs
This chapter describes how to configure VLANs on the Cisco Nexus 5000 Series switch. It contains the following sections:
Understanding VLANs
A VLAN is a group of end stations in a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.
Any port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network. Packets destined for stations that do not belong to the VLAN must be forwarded through a router.
The following figure shows VLANs as logical networks. In this diagram, the stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to yet another VLAN.
VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.
By default, a newly created VLAN is operational. To disable the VLAN use the shutdown command. Additionally, you can configure VLANs to be in the active state, which is passing traffic, or the suspended state, in which the VLANs are not passing packets. By default, the VLANs are in the active state and pass traffic.
Note
The VLAN Trunking Protocol (VTP) mode is OFF. VTP BPDUs are dropped on all interfaces of a Cisco Nexus 5000 Series switch. This has the effect of partitioning VTP domains if other switches have VTP turned on.
Understanding VLAN Ranges
The Cisco Nexus 5000 Series switch supports VLAN numbers 1to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into ranges. The switch is physically limited in the number of VLANs it can support. The hardware also shares this available range with its VSANs. For information about VLAN and VSAN configuration limits, see the configuration limits documentation for your switch.
The following table describes the details of the VLAN ranges.
Note
VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.
Cisco NX-OS allocates a group of 80 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4047 for internal use. VLAN 4094 is also reserved for internal use by the switch.
You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.
Creating, Deleting, and Modifying VLANs
VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values. You cannot create, delete, or suspend activity in the default VLAN.
You create a VLAN by assigning a number to it. You can delete VLANs as well as move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the switch goes into the VLAN submode but does not create the same VLAN again.
Newly created VLANs remain unused until ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.
Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):
When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to that VLAN.
Note
Commands entered in the VLAN configuration submode are immediately executed.
VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.
About the VLAN Trunking Protocol
VTP is a distributed VLAN database management protocol that synchronizes the VTP VLAN database across domains. A VTP domain includes one or more network switches that share the same VTP domain name and that are connected with trunk interfaces. Each switch can be in only one VTP domain. Layer 2 trunk interfaces, Layer 2 port channels, and virtual port channels (vPCs) support VTP functionality. Cisco NX-OS Release 5.0(2)N1(1) introduces the support for VTPv1 and VTP2. Beginning in Cisco NX-OS Release 5.0(2)N2(1), you can configure VTP in client or server mode. Prior to NX-OS Release 5.0(2)N2(1), VTP worked only in transparent mode.
There are four VTP modes:
Server mode–Allows users to perform configurations, it manages the VLAN database version #, and stores the VLAN database.
Client mode–Does not allow user configurations and relies on other switches in the domain to provide configuration information.
Off mode—Allows you to access the VLAN database (VTP is enabled) but not participate in VTP.
Transparent mode–Does not participate in VTP, uses local configuration, and relays VTP packets to other forward ports. VLAN changes affect only the local switch. A VTP transparent network switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements.
Guidelines and Limitations
VTP has the following configuration guidelines and limitations:
When a switch is configured as a VTP client, you cannot create VLANs on the switch in the range of 1 to 1005.
VLAN 1 is required on all trunk ports used for switch interconnects if VTP is supported in the network. Disabling VLAN 1 from any of these ports prevents VTP from functioning properly.
If you enable VTP, you must configure either version 1 or version 2. On the Cisco Nexus 5010 and Nexus 5020 switch, 512 VLANs are supported. If these switches are in a distribution network with other switches, the limit remains the same.
On the Cisco Nexus 5010 switch and the Nexus 5020 switch, 512 VLANs are supported. If these switches are in a distribution network with other switches, the VLAN limit for the VTP domain is 512. If a Nexus 5010 switch or Nexus 5020 switch client/server receives additional VLANs from a VTP server, they transition to transparent mode
The show running-configuration command does not show VLAN or VTP configuration information for VLANs 1 to 1000.
When deployed with vPC, both vPC switches must be configured identically.
VTP advertisements are not sent out on Cisco Nexus 2000 Series Fabric Extender ports.
VTP pruning is not supported.
Creating and Deleting a VLAN
SUMMARY STEPSYou can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the switch. Once a VLAN is created, it is automatically in the active state.
Note
When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and the packets are dropped.
2. switch(config)# vlan {vlan-id | vlan-range}
3. switch(config-vlan)# no vlan {vlan-id | vlan-range}
DETAILED STEPS
Command or Action Purpose Step 1 switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# vlan {vlan-id | vlan-range}
Creates a VLAN or a range of VLANs.
If you enter a number that is already assigned to a VLAN, the switch puts you into the VLAN configuration submode for that VLAN. If you enter a number that is assigned to an internally allocated VLAN, the system returns an error message. However, if you enter a range of VLANs and one or more of the specified VLANs is outside the range of internally allocated VLANs, the command takes effect on only those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and cannot be created or deleted. You cannot create or delete those VLANs that are reserved for internal use.
Step 3 switch(config-vlan)# no vlan {vlan-id | vlan-range}
Deletes the specified VLAN or range of VLANs and removes you from the VLAN configuration submode. You cannot delete VLAN1 or the internally allocated VLANs.
Entering the VLAN Submode and Configuring the VLAN
SUMMARY STEPSTo configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:
Note
You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs.
2. switch(config)# vlan {vlan-id | vlan-range}
3. switch(config-vlan)# name vlan-name
4. switch(config-vlan)# state {active | suspend}
5. (Optional) switch(config-vlan)# no shutdown
DETAILED STEPS
Command or Action Purpose Step 1 switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# vlan {vlan-id | vlan-range}
Enters VLAN configuration submode. If the VLAN does not exist, the system first creates the specified VLAN.
Step 3 switch(config-vlan)# name vlan-name
Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs. The default value is VLANxxxx where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number.
Step 4 switch(config-vlan)# state {active | suspend}
Sets the state of the VLAN to active or suspend. While the VLAN state is suspended, the ports associated with this VLAN are shut down, and that VLAN does not pass any traffic. The default state is active. You cannot suspend the state for the default VLAN or VLANs 1006 to 4094.
Step 5 switch(config-vlan)# no shutdown
(Optional) Enables the VLAN. The default value is no shutdown (or enabled). You cannot shut down the default VLAN, VLAN1, or VLANs 1006 to 4094.
Configuring VTP
SUMMARY STEPSBeginning with Cisco NX-OS Release 5.0(2)N2(1), you can configure VTP in the client or server mode on Cisco Nexus 5000 Series switches. Before Cisco NX-OS Release 5.0(2)N2(1), VTP worked only in transparent mode.
You can enable VTP and then configure the VTP mode (server [default], client, transparent, or off). If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.
5. vtp mode {client | server| transparent| off}
7. vtp password password-value
10. (Optional) show vtp counters
11. (Optional) show vtp interface
12. (Optional) show vtp password
13. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action Purpose Step 1 config t
Example:switch# config t switch(config)#Enters configuration mode.
Step 2 feature vtp
Example:switch(config)# feature vtp switch(config)#Enables VTP on the device. The default is disabled.
Step 3 vtp domain domain-name
Example:switch(config)# vtp domain accountingSpecifies the name of the VTP domain that you want this device to join. The default is blank.
Step 4 vtp version {1 | 2}
Example:switch(config)# vtp version 2Sets the VTP version that you want to use. The default is version 1.
Step 5 vtp mode {client | server| transparent| off}
Example:switch(config)# vtp mode transparentSets the VTP mode to client, server, transparent, or off.
Beginning with NX-OS Release 5.0(2)N2(1), you can configure VTP in client or server mode.
Step 6 vtp file file-name
Example:switch(config)# vtp file vtp.datSpecifies the ASCII filename of the IFS file system file where the VTP configuration is stored.
Step 7 vtp password password-value
Example:switch(config)# vtp password ciscoSpecifies the password for the VTP administrative domain.
Step 8 exit
Example:switch(config)# exit switch#Exits the configuration submode.
Step 9 show vtp status
Example:switch# show vtp status(Optional) Displays information about the VTP configuration on the device, such as the version, mode, and revision number.
Step 10 show vtp counters
Example:switch# show vtp counters(Optional) Displays information about VTP advertisement statistics on the device.
Step 11 show vtp interface
Example:switch# show vtp interface(Optional) Displays the list of VTP enabled interfaces.
Step 12 show vtp password
Example:switch# show vtp password(Optional) Displays the password for the management VTP domain.
Step 13 copy running-config startup-config
Example:switch(config)# copy running-config startup-config(Optional) Copies the running configuration to the startup configuration.
This example shows how to configure VTP in transparent mode for the device:
switch# config t switch(config)# feature vtp switch(config)# vtp domain accounting switch(config)# vtp version 2 switch(config)# vtp mode transparent switch(config)# exit switch#This example shows the VTP status and that the switch is capable of supporting Version 2 and that the switch is running Version 1.
switch(config)# show vtp status VTP Status Information ---------------------- VTP Version : 2 (capable) Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 502 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled (Operationally Disabled) VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 Digest : 0xF5 0xF1 0xEC 0xE7 0x29 0x0C 0x2D 0x01 Configuration last modified by 60.10.10.1 at 0-0-00 00:00:00 VTP version running : 1Adding Ports to a VLAN
SUMMARY STEPSAfter you have completed the configuration of a VLAN, assign ports to it. To add ports, perform this task:
2. switch(config)# interface {ethernet slot/port | port-channel number}
3. switch(config-if)# switchport access vlan vlan-id
DETAILED STEPS
Command or Action Purpose Step 1 switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# interface {ethernet slot/port | port-channel number}
Specifies the interface to configure, and enters the interface configuration mode. The interface can be a physical Ethernet port or an EtherChannel.
Step 3 switch(config-if)# switchport access vlan vlan-id
Sets the access mode of the interface to the specified VLAN.
Verifying VLAN Configuration
To display VLAN configuration information, perform one of these tasks:
Command
Purpose
switch# show running-config vlan [vlan_id | vlan_range] Displays VLAN information.
switch# show vlan [brief | id [vlan_id | vlan_range] | name name | summary] Displays selected configuration information for the defined VLAN(s).
The following example shows all VLANs defined in the range of 1 to 21.
switch# show running-config vlan 1-21version 5.0(3)M1(1)vlan 1vlan 5The following example shows the VLANs created on the switch and their status:
switch# show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Eth1/1, Eth1/2, Eth1/3, Eth1/4Eth1/5, Eth1/6, Eth1/7, Eth1/8Eth1/9, Eth1/10, Eth1/11Eth1/12, Eth1/15, Eth1/16Eth1/17, Eth1/18, Eth1/19Eth1/20, Eth1/21, Eth1/22Eth1/23, Eth1/24, Eth1/25Eth1/26, Eth1/27, Eth1/28Eth1/29, Eth1/30, Eth1/31Eth1/32, Eth1/33, Eth1/34Eth1/35, Eth1/36, Eth1/37Eth1/38, Eth1/39, Eth1/40Eth3/1, Eth3/2, Eth3/3, Eth3/4veth1/113 VLAN0005 active Eth1/13, Eth1/14The following example shows the details of VLAN 13 including its member ports:
switch# show vlan id 13VLAN Name Status Ports---- -------------------------------- --------- -------------------------------13 VLAN0005 active Eth1/13, Eth1/14VLAN Type MTU---- ----- -----13 enet 576Remote SPAN VLAN----------------DisabledPrimary Secondary Type Ports------- --------- --------------- -------------------------------------------The following example shows the VLAN settings summary:
switch# show vlan summaryNumber of existing VLANs : 2Number of existing user VLANs : 2Number of existing extended VLANs : 0
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)