Guest

Support

Configuring Layer 2 Switching

Hierarchical Navigation

  • Viewing Options

  • PDF (520.8 KB)
  • Feedback
Configuring Layer 2 Switching

Contents

Configuring Layer 2 Switching

This chapter describes how to configure Layer 2 switching using Cisco NX-OS.

This chapter includes the following sections:

Information About Layer 2 Switching


Note

See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x, for information on creating interfaces.

You can configure Layer 2 switching ports as access or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. All Layer 2 switching ports maintain MAC address tables.


Note

See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x, for complete information on high-availability features.

Layer 2 Ethernet Switching Overview

The device supports simultaneous, parallel connections between Layer 2 Ethernet segments. Switched connections between Ethernet segments last only for the duration of the packet. New connections can be made between different segments for the next packet.

The device solves congestion problems caused by high-bandwidth devices and a large number of users by assigning each device (for example, a server) to its own 10-, 100-, 1000-Mbps, or 10-Gigabit collision domain. Because each LAN port connects to a separate Ethernet collision domain, servers in a switched environment achieve full access to the bandwidth.

Because collisions cause significant congestion in Ethernet networks, an effective solution is full-duplex communication. Typically, 10/100-Mbps Ethernet operates in half-duplex mode, which means that stations can either receive or transmit. In full-duplex mode, which is configurable on these interfaces, two stations can transmit and receive at the same time. When packets can flow in both directions simultaneously, the effective Ethernet bandwidth doubles. 1/10-Gigabit Ethernet operates in full duplex only.

Switching Frames Between Segments

Each LAN port on a device can connect to a single workstation, server, or to another device through which workstations or servers connect to the network.

To reduce signal degradation, the device considers each LAN port to be an individual segment. When stations connected to different LAN ports need to communicate, the device forwards frames from one LAN port to the other at wire speed to ensure that each session receives full bandwidth.

To switch frames between LAN ports efficiently, the device maintains an address table. When a frame enters the device, it associates the media access control (MAC) address of the sending network device with the LAN port on which it was received.

Building the Address Table and Address Table Changes

The device dynamically builds the address table by using the MAC source address of the frames received. When the device receives a frame for a MAC destination address not listed in its address table, it floods the frame to all LAN ports of the same VLAN except the port that received the frame. When the destination station replies, the device adds its relevant MAC source address and port ID to the address table. The device then forwards subsequent frames to a single LAN port without flooding all LAN ports.

You can configure MAC addresses, which are called static MAC addresses, to statically point to specified interfaces on the device. These static MAC addresses override any dynamically learned MAC addresses on those interfaces. You cannot configure broadcast or multicast addresses as static MAC addresses. The static MAC entries are retained across a reboot of the device.

Beginning with Cisco NX-OS Release 4.1(5), you must manually configure identical static MAC addresses on both devices connected by a virtual port channel (vPC) peer link. The MAC address table display is enhanced to display information on MAC addresses when you are using vPCs.

The address table can store up to 128,000 address entries. The device uses an aging mechanism, defined by a configurable aging timer, so if an address remains inactive for a specified number of seconds, it is removed from the address table.

Consistent MAC Address Tables on the Supervisor and on the Modules

Optimally, all the MAC address tables on each module exactly match the MAC address table on the supervisor. Beginning with NX-OS 4.1(2), when you enter the show forwarding consistency l2 command, the device displays discrepant, missing, and extra MAC address entries.

Layer 3 Static MAC Addresses

Beginning with Release 4.2, you can configure a static MAC address for all Layer 3 interfaces. The default MAC address for the Layer 3 interfaces is the VDC MAC address.

You can configure a static MAC address for the following Layer 3 interfaces:


  • Layer 3 interfaces

  • Layer 3 subinterfaces

  • Layer 3 port channels

  • VLAN network interface


Note

You cannot configure static MAC address on tunnel interfaces.

See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x, for information on configuring Layer 3 interfaces.

High Availability for Switching

You can upgrade or downgrade the software seamlessly, with respect to classical Ethernet switching. Beginning with Release 4.2(1), if you have configured static MAC addresses on Layer 3 interfaces, you must unconfigure those ports in order to downgrade the software.


Note

See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x, for complete information on high availability features.

Virtualization Support for Layer 2 Switching

The device supports virtual device contexts (VDCs), and the configuration and operation of the MAC address table are local to the VDC.


Note

See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x, for complete information on VDCs and assigning resources.

Licensing Requirements for Layer 2 Switching

This table shows the licensing requirements for this feature:

Product

License Requirement

Cisco NX-OS

Layer 2 switching require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

However, using VDCs requires an Advanced Services license.

Prerequisites for Configuring MAC Addresses

MAC addresses have the following prerequisites:


  • You must be logged onto the device.

  • If necessary, install the Advanced Services license and enter the desired VDC.

Guidelines and Limitations for Configuring MAC Addresses

MAC addresses have the following configuration guidelines and limitations:


  • The MAC address table stores up to 128,000 entries.

  • You can configure up to 14 different aging times on the device.

Default Settings for Layer 2 Switching

This table lists the default setting for Layer 2 switching parameters.
Table 1 Default Layer 2 Switching Parameters

Parameters

Default

Aging time

1800 seconds

Configuring Layer 2 Switching by Steps


Note

If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

Configuring a Static MAC Address

You can configure MAC addresses, which are called static MAC addresses, to statically point to specified interfaces on the device. These static MAC addresses override any dynamically learned MAC addresses on those interfaces. You cannot configure broadcast or multicast addresses as static MAC addresses.

Before You Begin

Before you configure static MAC addresses, ensure that you are in the correct VDC (or enter the switchto vdc command).


SUMMARY STEPS

1.    config t

2.    mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port} | port-channel number]}

3.    exit

4.    (Optional) show mac address-table static

5.    (Optional) copy running-config startup-config


DETAILED STEPS
  Command or Action Purpose
Step 1 config t


Example: 
switch# config t
switch(config)#
 

Enters configuration mode.

 
Step 2 mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port} | port-channel number]}


Example: 
switch(config)# mac-address-table static 1.1.1 vlan 2 interface ethernet 1/2
 

Specifies a static MAC address to add to the Layer 2 MAC address table.

 
Step 3 exit


Example: 
switch(config)# exit
switch#
 

Exits the configuration mode.

 
Step 4 show mac address-table static


Example: 
switch# show mac address-table static
  		(Optional)

Displays the static MAC addresses.

 
Step 5 copy running-config startup-config


Example: 
switch# copy running-config startup-config
  		(Optional)

Copies the running configuration to the startup configuration.

 

This example shows how to put a static entry in the Layer 2 MAC address table:

switch# config t
switch(config)# mac address-table static 1.1.1 vlan 2 interface ethernet 1/2
switch(config)#

Configuring a Static MAC Address on a Layer 3 Interface

Beginning with Release 4.2(1), you can configure static MAC addresses on Layer 3 interfaces. You cannot configure broadcast or multicast addresses as static MAC addresses.


Note

You cannot configure static MAC addresses on tunnel interfaces.

See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x, for information on configuring Layer 3 interfaces.

Before You Begin

Before you configure static MAC addresses, ensure that you are in the correct VDC (or enter the switchto vdc command).


SUMMARY STEPS

1.    config t

2.    interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]

3.    mac-address mac-address

4.    exit

5.    (Optional) show interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]

6.    (Optional) copy running-config startup-config


DETAILED STEPS
  Command or Action Purpose
Step 1 config t


Example: 
switch# config t
switch(config)#
 

Enters configuration mode.

 
Step 2 interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]


Example: 
switch(config)# interface ethernet 7/3
 

Specifies the Layer 3 interface and enters the interface configuration mode.

Note   

You must create the Layer 3 interface before you can assign the static MAC address.

 
Step 3 mac-address mac-address


Example: 
switch(config-if)# mac-address 21ab.47dd.ff89
switch(config-if)#
 

Specified a static MAC address to add to the Layer 3 interface.

 
Step 4 exit


Example: 
switch(config-if)# exit
switch(config)#
 

Exits the interface mode.

 
Step 5 show interface [ethernet slot/port | ethernet slot/port.number | port-channel number | vlan vlan-id]


Example: 
switch# show interface ethernet 7/3
  		(Optional)

Displays information about the Layer 3 interface.

 
Step 6 copy running-config startup-config


Example: 
switch# copy running-config startup-config
  		(Optional)

Copies the running configuration to the startup configuration.

 

This example shows how to configure the Layer 3 interface on slot 7, port 3 with a static MAC address: 

switch# config t
switch(config)# interface ethernet 7/3
switch(config-if)# mac-address 21ab.47dd.ff89
switch(config-if)#

Configuring the Aging Time for the MAC Table

You can configure the amount of time that a MAC address entry (the packet source MAC address and port on which that packet was learned) remains in the MAC table, which contains the Layer 2 information.


Note

You can also configure the MAC aging time in interface configuration mode or VLAN configuration mode.
Before You Begin

Before you configure the aging time for the MAC table, ensure that you are in the correct VDC (or enter the switchto vdc command).


SUMMARY STEPS

1.    config t

2.    mac address-table aging-time seconds [vlan vlan_id]

3.    exit

4.    (Optional) show mac address-table aging-time

5.    (Optional) copy running-config startup-config


DETAILED STEPS
  Command or Action Purpose
Step 1 config t


Example: 
switch# config t
switch(config)#
 

Enters configuration mode.

 
Step 2 mac address-table aging-time seconds [vlan vlan_id]


Example: 
switch(config)# mac address-table aging-time 600
 

Specifies the time before an entry ages out and is discarded from the Layer 2 MAC address table. The range is from 120 to 918000; the default is 1800 seconds. Entering the value 0 disables the MAC aging.

 
Step 3 exit


Example: 
switch(config)# exit
switch#
 

Exits the configuration mode.

 
Step 4 show mac address-table aging-time


Example: 
switch# show mac address-table aging-time
  		(Optional)

Displays the aging time configuration for MAC address retention.

 
Step 5 copy running-config startup-config


Example: 
switch# copy running-config startup-config
  		(Optional)

Copies the running configuration to the startup configuration.

 

This example shows how to set the ageout time for entries in the Layer 2 MAC address table to 600 seconds (10 minutes):

switch# config t 
switch(config)# mac address-table aging-time 600
switch(config)#

Checking Consistency of MAC Address Tables

Beginning with Release 4.1(2). you can check the match between the MAC address table on the supervisor and all the modules.

SUMMARY STEPS

1.    show forwarding consistency l2 {module_number}


DETAILED STEPS
  Command or Action Purpose
Step 1 show forwarding consistency l2 {module_number}


Example: 
switch# show forwarding consistency l2 7
switch#
 

Displays the discrepant, missing, and extra MAC addresses between the supervisor and the specified module.

 

This example shows how to display discrepant, missing, and extra entries in the MAC address tables between the supervisor and the specified module: 

switch# show forwarding consistency l2 7
switch#

Clearing Dynamic Addresses from the MAC Table

You can clear all dynamic Layer 2 entries in the MAC address table.

Before You Begin

Before you clear the dynamic MAC table, ensure that you are in the correct VDC (or enter the switchto vdc command).


SUMMARY STEPS

1.    clear mac address-table dynamic {address mac_addr} {interface [ethernet slot/port | loopback number | port-channel channel-number]} {vlan vlan_id}

2.    (Optional) show mac address-table


DETAILED STEPS
  Command or Action Purpose
Step 1 clear mac address-table dynamic {address mac_addr} {interface [ethernet slot/port | loopback number | port-channel channel-number]} {vlan vlan_id}


Example: 
switch# clear mac address-table dynamic
 

Clears the dynamic address entries from the MAC address table in Layer 2.

 
Step 2 show mac address-table


Example: 
switch# show mac address-table
  		(Optional)

Displays the MAC address table.

 

This example shows how to clear the dynamic entries in the Layer 2 MAC address table:

switch# clear mac address-table dynamic
switch#

Verifying the Layer 2 Switching Configuration

To display Layer 2 switching configuration information, perform one of the following tasks:

Command

Purpose

show mac address-table

Displays information about the MAC address table.

show mac address-table aging-time

Displays information about the aging time set for the MAC address entries.

show mac address-table static

Displays information about the static entries on the MAC address table.

show interface [interface] mac-address

Displays the MAC addresses and the burn-in MAC address for the interfaces.

show forwarding consistency l2 {module}

Displays discrepant, missing, and extra MAC addresses between the tables on the module and the supervisor.

For information on the output of these commands, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference.

Configuration Example for Layer 2 Switching

The following example shows how to add a static MAC address and how to modify the default global aging time for MAC addresses: 

switch# configure terminal
switch(config)# mac address-table static 0000.0000.1234 vlan 10 interface ethernet 2/15
switch(config)# mac address-table aging-time 120

Additional References for Layer 2 Switching -- CLI Version

Related Documents

Related Topic

Document Title

Port security, static MAC addresses

Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x

Interfaces

Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x

Command reference

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference

High availability

Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x

VDCs

Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x

System management

Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x

Licensing

Cisco NX-OS Licensing Guide

Release Notes

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.x

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

Feature History for Configuring Layer 2 Switching -- CLI Version

This table lists the release history for this feature.
Table 2 Feature History for Configuring Layer 2 Switching

Feature Name

Releases

Feature Information

Layer 3 interface static MAC addresses

4.2(1)

You can configure a Layer 3 interface with a static MAC address.

show mac address-table

4.1(2)

This display provides additional information when vPC is enabled and running.

Layer 2 consistency

4.1(2)

The show forwarding consistency l2 command displays inconsistent entries on the MAC address table between the modules.