Configuring VLANs

This chapter contains the following sections:

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About VLANs

Understanding VLANs

A VLAN is a group of end stations in a switched network that is logically segmented by function, project team, or application, without the limitation to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.

Any port can belong to a VLAN; all unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network. If a packet destination address does not belong to the VLAN, it must be forwarded through a router.

The following figure shows VLANs as logical networks. In this diagram, the stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to yet another VLAN.

Figure 1. VLANs as Logically Defined Networks

VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.

By default, a newly created VLAN is operational. To disable the VLAN use the shutdown command. Additionally, you can configure VLANs to be in the active state (passing traffic), or the suspended state (in which the VLANs are not passing packets). By default, the VLANs are in the active state and pass traffic.


Note

The VLAN Trunking Protocol (VTP) mode is OFF. VTP BPDUs are dropped on all interfaces of the switch. This process has the effect of partitioning VTP domains if other switches have VTP turned on.

A VLAN can also be configured as a switched virtual interface (SVI). In this case, the switch ports in the VLAN are represented by a virtual interface to a routing or bridging system. The SVI can be configured for routing, in which case it supports Layer 3 protocols for processing packets from all switch ports associated with the VLAN, or for in-band management of the switch.

Understanding VLAN Ranges

The Cisco Nexus device supports VLAN numbers 1 to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into ranges. The switch is physically limited in the number of VLANs it can support. The hardware also shares this available range with its VSANs. For information about VLAN and VSAN configuration limits, see the configuration limits documentation for your device.

The following table describes the details of the VLAN ranges.

Table 1  VLAN Ranges

VLANs Numbers

Range

Usage

1

Normal

Cisco default. You can use this VLAN, but you cannot modify or delete it.

2—1005

Normal

You can create, use, modify, and delete these VLANs.

1006—4094

Extended

You can create, name, and use these VLANs. You cannot change the following parameters:

  • State is always active.

  • VLAN is always enabled. You cannot shut down these VLANs.

3968—4049 and 4094

Internally allocated

These 82 VLANs, plus VLAN 4094, are allocated for internal use. You cannot create, delete, or modify any VLANs within the block reserved for internal use.


Note

You cannot configure the internally allocated VLANs (reserved VLANs).


Note

VLANs 3968 to 4049 and 4094 are reserved for internal use; these VLANs cannot be changed or used.

Cisco NX-OS allocates a group of 82 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4049 for internal use. VLAN 4094 is also reserved for internal use by the switch.

You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.

Creating, Deleting, and Modifying VLANs

VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values. You cannot create, delete, or suspend activity in the default VLAN.

You create a VLAN by assigning a number to it. You can delete VLANs as well as move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the switch goes into the VLAN submode but does not create the same VLAN again.

Newly created VLANs remain unused until ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.

Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):

  • VLAN name

  • Shutdown or not shutdown

When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to that VLAN.


Note

Commands entered in the VLAN configuration submode are immediately executed.

VLANs 3968 to 4049 and 4094 are reserved for internal use; these VLANs cannot be changed or used.

About the VLAN Trunking Protocol

VLAN Trunking Protocol (VTP) is a distributed VLAN database management protocol that synchronizes the VTP VLAN database across domains. A VTP domain includes one or more network switches that share the same VTP domain name and are connected with trunk interfaces. Each switch can be in only one VTP domain. Layer 2 trunk interfaces, Layer 2 port channels, and virtual port channels (vPCs) support VTP functionality. You can configure VTP in client or server mode. In previous releases, VTP worked only in transparent mode.

The following are the different VTP modes:

  • Server mode—Allows users to perform configurations, manage the VLAN database version, and store the VLAN database.

  • Client mode—Does not allow users to perform configurations and relies on other switches in the domain to provide configuration information.

  • Off mode—Allows users to access the VLAN database (VTP is enabled) but does not participate in VTP.

  • Transparent mode—Does not participate in VTP, uses local configuration, and relays VTP packets to other forward ports. VLAN changes affect only the local switch. A VTP transparent network switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements.

Guidelines and Limitations for VTP

VTP has the following configuration guidelines and limitations:

  • When a switch is configured as a VTP client, you cannot create VLANs on the switch in the range of 1 to 1005.

  • VLAN 1 is required on all trunk ports used for switch interconnects if VTP is supported in the network. Disabling VLAN 1 from any of these ports prevents VTP from functioning properly.

  • If you enable VTP, you must configure either version 1 or version 2.

  • If system vlan long-name knob is enabled, then VTP configurations will come up in OFF mode and users can change the mode to Transparent. However, changing the mode to Server or Client is not allowed.

  • The show running-configuration command does not show VLAN or VTP configuration information for VLANs 1 to 1000.

  • Private VLANs (PVLANs) are supported only when the switch is in transparent mode.

  • When a switch is configured in VTP client or server mode, VLANs 1002 to1005 are reserved VLANs.

  • VTPv3 pruning is supported from Cisco NX-OS Release 7.2(0)N1(1) onwards.

  • You must enter the copy running-config startup-config command followed by a reload after changing a reserved VLAN range. For example: 

    switch(config)# system vlan 2000 reserve 
This will delete all configs on vlans 2000-2081. Continue anyway? (y/n) [no] y

    After the switch reload, VLANs 2000 to 2081 are reserved for internal use, which requires that you enter the copy running-config startup-config command before the switch reload. Creating VLANs within this range is not allowed.

  • In SNMP, the vlanTrunkPortVtpEnabled object indicates whether the VTP feature is enabled or not.

Configuring a VLAN

Creating and Deleting a VLAN

You can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the switch. Once a VLAN is created, it is automatically in the active state.


Note

When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and the packets are dropped.

Procedure
     Command or ActionPurpose
    Step 1switch# configure terminal  

    Enters global configuration mode.

     
    Step 2 switch(config)# vlan {vlan-id | vlan-range}
     

    Creates a VLAN or a range of VLANs.

    If you enter a number that is already assigned to a VLAN, the switch moves into the VLAN configuration submode for that VLAN. If you enter a number that is assigned to an internally allocated VLAN, the system returns an error message. However, if you enter a range of VLANs and one or more of the specified VLANs is outside the range of internally allocated VLANs, the command takes effect on only those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and cannot be created or deleted. You cannot create or delete those VLANs that are reserved for internal use.

     
    Step 3 switch(config-vlan)# no vlan {vlan-id | vlan-range}
     

    Deletes the specified VLAN or range of VLANs and removes you from the VLAN configuration submode. You cannot delete VLAN1 or the internally allocated VLANs.

     

    This example shows how to create a range of VLANs from 15 to 20: 

    switch# configure terminal
switch(config)# vlan 15-20

    Note

    You can create and delete VLANs in the VLAN configuration submode.

    Configuring VLAN Long-Name


    Note

    If VTP is enabled, it must be in transparent or in off mode. VTP cannot be in client or server mode. For more details about VTP, see the Configuring VTP chapter.

    Beginning with Cisco NX-OS Release 7.3(0)N1(1), the length of VLAN name that you can configure is increased from 32 to 128 characters. In the earlier release version, you could configure the length of VLAN name up to 32 characters.

    Procedure
      Step 1   configure terminal


      Example: 
      switch# configure terminal

      Enters global configuration mode.

      Step 2   system vlan long-name


      Example: 
      switch(config)# system vlan long-name

      Allows you to configure the length of VLAN names up to 128 characters.

      Note   

      Enabling or disabling the system vlan long-name command will trigger a system log message that will let you know if the VLAN long name is enabled or disabled.

      If you try to enable or disable the system vlan long-name command, when it is already enabled or disabled, the system will throw error message. We recommend you view the status of the VLAN long-name knob before enabling or disabling this command.

      Use the no form of this command to disable this feature.

      Step 3   (Optional)  copy running-config startup-config


      Example: 
      switch(config)# copy running-config startup-config

      Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

      Step 4   show running-config | sec long-name


      Example: 
      switch(config)# show running-config | sec long-name
      Displays the VLAN long-name status information.
      Note   

      When you configure a VLAN name of more than 32 characters, the show vlan commands will show the output in mulitple lines with each line containing a maximum of 32 characters.

      This example shows how to configure VLAN long-names of up to 128 characters. 
      switch# configure terminal
switch(config)# system vlan long-name
!2001 Sep 29 02:24:11 N72-3 %$ VDC-1 %$ %VLAN_MGR-2-CRITICAL_MSG: VLAN long name is Enabled!
switch(config)# copy running config startup config
switch(config)# show running-config | sec long-name 
switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# name VLAN128Char000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002

switch(config-vlan)# exit
switch# show vlan id 2

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 VLAN128Char000000000000000040000 active 
00000000000000000000000000000000 
00000000000000000000000000000000 
00000000000000000000000000000002 
.
.
.

      The following example displays the error output if you try to configure a VLAN long name of more than 128 characters. 

      switch# system vlan long-name
switch(config)# vlan 2
switch(config-vlan)# name 129Char123456789000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000987654321CiscoBangalore

!% String exceeded max length of (128) at '^' marker.!
Switch(config-vlan)# exit

      The following example displays the error output if you try to configure VLAN name ( more than 32 characters) without enabling the system vlan long- name command. 

      switch# configure terminal
switch(config)# vlan 2
switch(config-vlan)# name 33Char1234567890987CiscoBangalore
!ERROR: Long VLAN name is not enabled: Vlan name greater than 32 is not allowed!
Switch(config-vlan)# exit

      Changing the Range of Reserved VLANs

      To change the range of reserved VLANs, you must be in global configuration mode. After entering this command, you must do the following tasks:

      • Enter the copy running-config startup-config command

      • Reload the device

      Procedure
         Command or ActionPurpose
        Step 1config t


        Example: 
        switch# config t
switch(config)#
         

        Enters global configuration mode.

         
        Step 2 system vlan start-vlan reserve


        Example: 
        switch(config)# system vlan 3968 reserve
         

        Allows you to change the reserved VLAN range by specifying the starting VLAN ID for your desired range.

        You can change the reserved VLANs to any other 82 contiguous VLAN ranges. When you reserve such a range, it frees up the range of VLANs that were allocated for internal use by default, and all of those VLANs are available for user configuration except for VLAN 4094.

        Note   

        To return to the default range of reserved VLANs (3968-4049 and 4094), you must enter the no system vlan start-vlan reserve command.

         
        Step 3 copy running-config startup-config


        Example: 
        switch(config)# copy running-config
startup-config
         

        Copies the running configuration to the startup configuration.

        Note   

        You must enter this command if you change the reserved block.

         
        Step 4 reload


        Example: 
        switch(config)# reload
         

        Reloads the software, and modifications to VLAN ranges become effective.

        For more details about this command, see the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x.

         
        Step 5 show system vlan reserved


        Example: 
        switch(config)# show system vlan reserved
                  		(Optional)

        Displays the configured changes to the VLAN range.

         
        This example shows how to change the range of reserved VLANs: 
        switch# configuration terminal
switch(config)# system vlan 1006 reserve
This will delete all configs on vlans 1006-1087. Continue anyway? (y/n) [no] yes 
Note: After switch reload, VLANs 1006-1087 will be reserved for internal use.
      This requires copy running-config to startup-config before
      switch reload.  Creating VLANs within this range is not allowed.
switch(config)# copy running-config startup-config
switch(config)# reload
switch(config)# show system vlan reserved

        Note

        You must reload the device for this change to take effect.

        Configuring a VLAN

        To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:

        • Name


          Note
          VLAN name can be either a short name (up to 32 characters) or long name (up to 128 characters). To configure VLAN long-name of up to 128 characters, you must enable system vlan long-name command.

        • Shut down


        Note

        You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs.

        Procedure
           Command or ActionPurpose
          Step 1switch# configure terminal  

          Enters global configuration mode.

           
          Step 2 switch(config)# vlan {vlan-id | vlan-range}
           

          Enters VLAN configuration submode. If the VLAN does not exist, the system first creates the specified VLAN.

           
          Step 3 switch(config-vlan)# name vlan-name
           

          Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs. The default value is VLANxxxx where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.

           
          Step 4 switch(config-vlan)# state {active | suspend}
           

          Sets the state of the VLAN to active or suspend. While the VLAN state is suspended, the ports associated with this VLAN are shut down, and that VLAN does not pass any traffic. The default state is active. You cannot suspend the state for the default VLAN or VLANs 1006 to 4094.

           
          Step 5 switch(config-vlan)# no shutdown
                      		(Optional)

          Enables the VLAN. The default value is no shutdown (or enabled). You cannot shut down the default VLAN, VLAN1, or VLANs 1006 to 4094.

           

          This example shows how to configure optional parameters for VLAN 5: 

          switch# configure terminal
          switch(config)# vlan 5
          switch(config-vlan)# name accounting
          switch(config-vlan)# state active
          switch(config-vlan)# no shutdown

          Adding Ports to a VLAN

          After you have completed the configuration of a VLAN, assign ports to it.

          Procedure
             Command or ActionPurpose
            Step 1switch# configure terminal  

            Enters global configuration mode.

             
            Step 2 switch(config)# interface {ethernet slot/port | port-channel number}
             

            Specifies the interface to configure, and enters the interface configuration mode. The interface can be a physical Ethernet port or an EtherChannel.

            Note   

            If this is a QSFP+ GEM or a breakout port, the port syntax is QSFP-module/port.

             
            Step 3 switch(config-if)# switchport access vlan vlan-id
             

            Sets the access mode of the interface to the specified VLAN.

             

            This example shows how to configure an Ethernet interface to join VLAN 5:

            switch# configure terminal

            switch(config)# interface ethernet 1/13

            switch(config-if)# switchport access vlan 5

            Verifying the VLAN Configuration

            Use one of the following commands to verify the configuration:

            Command

            Purpose
            switch# show running-config vlan [vlan_id | vlan_range]

            Displays VLAN information.
            switch# show vlan [brief | id [vlan_id | vlan_range] | name name | summary ]

            Displays selected configuration information for the defined VLAN(s).
            switch# show system vlan reserved

            Displays the system reserved VLAN range.

            Feature History for Configuring VLANs

            This table lists the release history for this feature.
            Note   

            The feature history table is added/updated in this guide from Cisco Nexus Release 7.3(0)N1(1) onwards.



            Table 2 Feature History for Configuring VLANs

            Feature Name

            Releases

            Feature Information

            Configure VLAN long-name.

            7.3(0)N1(1)

            You can configure VLAN long-names of up to 128 characters. The following command was introduced:

            • system vlan long-name