- Preface
- New and Changed Information
- Overview
- Configuring Layer 2 Switching
- Configuring VLANs
- Configuring VTP
- Configuring Private VLANs Using NX-OS
- Configuring Rapid PVST+ Using Cisco NX-OS
- Configuring MST Using Cisco NX-OS
- Configuring STP Extensions Using Cisco NX-OS
- Configuration Limits for Layer 2 Switching
- Index
- Finding Feature Information
- Information About VLANs
- Licensing Requirements for VLANs
- Prerequisites for Configuring VLANs
- Guidelines and Limitations for Configuring VLANs
- Default Settings for VLANs
- Configuring a VLAN
- Verifying the VLAN Configuration
- Displaying and Clearing VLAN Statistics
- Configuration Example for VLANs
- Additional References for VLANs
- Feature History for Configuring VLANs
Configuring VLANs
This chapter describes how to configure virtual LANs (VLANs) on Cisco NX-OS devices.
This chapter includes the following sections:
- Finding Feature Information
- Information About VLANs
- Licensing Requirements for VLANs
- Prerequisites for Configuring VLANs
- Guidelines and Limitations for Configuring VLANs
- Default Settings for VLANs
- Configuring a VLAN
- Verifying the VLAN Configuration
- Displaying and Clearing VLAN Statistics
- Configuration Example for VLANs
- Additional References for VLANs
- Feature History for Configuring VLANs
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.
Information About VLANs
You can use VLANs to divide the network into separate logical areas at the Layer 2 level. VLANs can also be considered as broadcast domains.
Any switch port can belong to a VLAN, and unicast broadcast and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.
- Understanding VLANs
- VLAN Ranges
- Creating, Deleting, and Modifying VLANs
- High Availability for VLANs
- Virtualization Support for VLANs
Understanding VLANs
A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.
Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered as a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router. The following figure shows VLANs as logical networks. The stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to another VLAN.
VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.
By default, a newly created VLAN is operational; that is, the newly created VLAN is in the no shutdown condition. Additionally, you can configure VLANs to be in the active state, which is passing traffic, or the suspended state, in which the VLANs are not passing packets. By default, the VLANs are in the active state and pass traffic.
VLAN Ranges
 Note | The extended system ID is always automatically enabled in Cisco NX-OS devices. |
The device supports up to 4094 VLANs in accordance with the IEEE 802.1Q standard. The software organizes these VLANs into ranges, and you use each range slightly differently.
For information about configuration limits, see the documentation for your switch.
The software allocates a group of VLAN numbers for features such as multicast and diagnostics that need to use internal VLANs for their operation. You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.
Creating, Deleting, and Modifying VLANs
Note | By default, all Cisco NX-OS ports are Layer 3 ports. |
VLANs are numbered from 1 to 4094 for each VDC. All ports that you have configured as switch ports belong to the default VLAN when you first bring up the switch as a Layer 2 device. The default VLAN (VLAN1) uses only default values, and you cannot create, delete, or suspend activity in the default VLAN.
You create a VLAN by assigning a number to it; you can delete VLANs and move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the device goes into the VLAN submode but does not create the same VLAN again.
Newly created VLANs remain unused until Layer 2 ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.
Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):
When you delete a specified VLAN, the ports associated to that VLAN become inactive and no traffic flows. When you delete a specified VLAN from a trunk port, only that VLAN is shut down and traffic continues to flow on all the other VLANs through the trunk port.
However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable or re-create, that specified VLAN, the system automatically reinstates all the original ports to that VLAN. The static MAC addresses and aging time for that VLAN are not restored when the VLAN is reenabled.
High Availability for VLANs
The software supports high availability for both stateful and stateless restarts, as during a cold reboot, for VLANs. For the stateful restarts, the software supports a maximum of three retries. If you try more than 3 times within 10 seconds of a restart, the software reloads the supervisor module.
You can upgrade or downgrade the software seamlessly when you use VLANs.
Virtualization Support for VLANs
The software supports virtual device contexts (VDCs), and VLAN configuration and operation are local to the VDC.
When you create a new VDC, the device automatically creates a new default VLAN, VLAN1, and internally reserves VLANs for device use.
One or more VLANs can be associated with a role to either allow or disallow the user to configure it. When a VLAN is associated with a role, the corresponding interfaces will also be subjected to the same check. For instance, if a role is allowed to access VLAN1, that role also has access to the interfaces that have that VLAN. If an interface does not have the VLAN associated with a role, that interface is not accessible to that role.
Licensing Requirements for VLANs
The following table shows the licensing requirements for this feature.
|
Product |
License Requirement |
|---|---|
|
Cisco NX-OS |
VLANs require no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. |
However, using VDCs requires an Advanced Services license.
Prerequisites for Configuring VLANs
VLANs have the following prerequisites:
Guidelines and Limitations for Configuring VLANs
VLANs have the following configuration guidelines and limitations:
-
The maximum number of VLANs per VDC is 4094.
-
VLAN 4094 is a reserved VLAN.
-
You cannot create, modify, or delete any VLANs that are within the group of VLANs reserved for internal use.
-
VLAN1 is the default VLAN. You cannot create, modify, or delete this VLAN.
-
VLANs 1006 to 4094 are always in the active state and are always enabled. You cannot suspend the state or shut down these VLANs.
Default Settings for VLANs
Configuring a VLAN
- Creating and Deleting a VLAN
- Entering the VLAN Configuration Submode
- Configuring a VLAN
- Changing the Range of Reserved VLANs
- Configuring a VLAN Before Creating the VLAN
- Configuring VLAN Long-Name
- Configuring VLAN Translation on a Trunk Port
Creating and Deleting a VLAN
You can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the device.
Once a VLAN is created, it is automatically in the active state.
Note | When you delete a VLAN, ports associated to that VLAN become inactive. Therefore, no traffic flows and the packets are dropped. On trunk ports, the port remains open and the traffic from all other VLANs except the deleted VLAN continues to flow. |
If you create a range of VLANs and some of these VLANs cannot be created, the software returns a message listing the failed VLANs, and all the other VLANs in the specified range are created.
Note | You can also create and delete VLANs in the VLAN configuration submode. |
Ensure that you are in the correct VDC (or enter the switchto vdc command). You can repeat VLAN names and IDs in different VDCs, so you must confirm that you are working in the correct VDC.
1.
config
t
2.
vlan
{vlan-id |
vlan-range}
3.
exit
4.
(Optional)
show
vlan
5.
(Optional)
copy
running-config startup-config
DETAILED STEPS
This example shows how to create a range of VLANs from 15 to 20:
switch# config t switch(config)# vlan 15-20 switch(config-vlan)# exit switch(config)#
Entering the VLAN Configuration Submode
To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:
Ensure that you are in the correct VDC (or enter the switchto vdc command). You can repeat VLAN names and IDs in different VDCs, so you must confirm that you are working in the correct VDC.
1.
config t
2.
vlan {vlan-id | vlan-range}
3.
exit
4.
(Optional)
show vlan
5.
(Optional)
copy running-config startup-config
DETAILED STEPS
This example shows how to enter and exit VLAN configuration submode:
switch# config t switch(config)# vlan 15 switch(config-vlan)# exit switch(config)#
Configuring a VLAN
To configure or modify a VLAN for the following parameters, you must be in VLAN configuration submode:
Note | You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs. |
Ensure that you are in the correct VDC (or enter the switchto vdc command). VLAN names and IDs can be repeated in different VDCs, so you must confirm which VDC that you are working in.
1.
config
t
2.
vlan
{vlan-id |
vlan-range}
3.
name
vlan-name
4.
state
{active
|
suspend}
5.
no
shutdown
6.
exit
7.
(Optional)
show
vlan
8.
(Optional) show vtp status
9.
(Optional)
copy
running-config startup-config
DETAILED STEPS
This example shows how to configure optional parameters for VLAN 5:
switch# config t switch(config)# vlan 5 switch(config-vlan)# name accounting switch(config-vlan)# state active switch(config-vlan)# no shutdown switch(config-vlan)# exit switch(config)#
Changing the Range of Reserved VLANs
1.
config t
2.
system vlan
start-vlan
reserve
3.
copy
running-config startup-config
4.
reload
5.
(Optional)
show system
vlan reserved
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 | config t
Example: switch# config t switch(config)# |
Enters global configuration mode. | ||
| Step 2 |
system vlan
start-vlan
reserve
Example: switch(config)# system vlan 3968 reserve |
Allows you to change the reserved VLAN range by specifying the starting VLAN ID for your desired range. You can change the reserved VLANs to any other 128 contiguous VLAN ranges. When you reserve such a range, it frees up the range of VLANs that were allocated for internal use by default, and all of those VLANs are available for user configuration except for VLAN 4094.
| ||
| Step 3 |
copy
running-config startup-config
Example: switch(config)# copy running-config startup-config |
Copies the running configuration to the startup configuration.
| ||
| Step 4 |
reload
Example: switch(config)# reload |
Reloads the software, and modifications to VLAN ranges become effective. For more details about this command, see the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x. | ||
| Step 5 |
show system
vlan reserved
Example: switch(config)# show system vlan reserved | (Optional)
Displays the configured changes to the VLAN range. |
switch# configuration terminal
switch(config)# system vlan 2000 reserve
This will delete all configs on vlans 2000-2081. Continue anyway? (y/n) [no] y
Note: After switch reload, VLANs 2000-2081 will be reserved for internal use.
This requires copy running-config to startup-config before
switch reload. Creating VLANs within this range is not allowed.
switch(config)#
Note | You must reload the device for this change to take effect. |
Configuring a VLAN Before Creating the VLAN
Note | The show vlan command does not display these VLANs unless you create the VLANs using the vlan command. |
1.
config t
2.
vlan configuration {vlan-id}
DETAILED STEPS
| Command or Action | Purpose |
|---|
switch# config t switch(config)# vlan configuration 20 switch(config-vlan-config)#
Configuring VLAN Long-Name
Note | If VTP is enabled, it must be in transparent or in off mode. VTP cannot be in client or server mode. For more details about VTP, see the Configuring VTP chapter. |
1.
configure
terminal
2.
system vlan long-name
3.
(Optional) copy running-config startup-config
4.
show running-config | sec long-name
DETAILED STEPS
| Step 1 |
configure
terminal
Example: switch# configure terminal Enters global configuration mode. | ||
| Step 2 | system vlan long-name
Example: switch(config)# system vlan long-name Allows you to configure the length of VLAN names up to 128 characters.
If you try to enable or disable the system vlan long-name command, when it is already enabled or disabled, the system will throw error message. We recommend you view the status of the VLAN long-name knob before enabling or disabling this command. Use the no form of this command to disable this feature. | ||
| Step 3 | (Optional)
copy running-config startup-config
Example: switch(config)# copy running-config startup-config Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. | ||
| Step 4 | show running-config | sec long-name
Example: switch(config)# show running-config | sec long-nameDisplays the VLAN long-name status information.
|
switch# configure terminal switch(config)# system vlan long-name !2001 Sep 29 02:24:11 N72-3 %$ VDC-1 %$ %VLAN_MGR-2-CRITICAL_MSG: VLAN long name is Enabled! switch(config)# copy running config startup config switch(config)# show running-config | sec long-name switch# configure terminal switch(config)# vlan 2 switch(config-vlan)# name VLAN128Char000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002 switch(config-vlan)# exit switch# show vlan id 2 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 2 VLAN128Char000000000000000040000 active 00000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000002 . . .
The following example displays the error output if you try to configure a VLAN long name of more than 128 characters.
switch# system vlan long-name switch(config)# vlan 2 switch(config-vlan)# name 129Char123456789000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000987654321CiscoBangalore !% String exceeded max length of (128) at '^' marker.! Switch(config-vlan)# exit
The following example displays the error output if you try to configure VLAN name ( more than 32 characters) without enabling the system vlan long- name command.
switch# configure terminal switch(config)# vlan 2 switch(config-vlan)# name 33Char1234567890987CiscoBangalore !ERROR: Long VLAN name is not enabled: Vlan name greater than 32 is not allowed! Switch(config-vlan)# exit
Configuring VLAN Translation on a Trunk Port
You can configure VLAN translation between the ingress VLAN and a local VLAN on a port. The traffic arriving on the ingress VLAN maps to the local VLAN at the ingress of the trunk port and the traffic that is internally tagged with the translated VLAN ID is mapped back to the original VLAN ID before leaving the switch port.
-
Ensure that the physical or port channel on which you want to implement VLAN translation is configured as a Layer 2 trunk port.
-
Ensure that the translated VLANs are created on the switch and are also added to the Layer 2 trunk ports trunk-allowed VLAN vlan-list.
-
For FEX port-channel trunk interfaces, the last VLAN in the allowed VLAN list must be associated with a translated VLAN in one of the VLAN maps configured on the FEX fabric interface.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
switch#
configure
terminal
|
Enters global configuration mode. | ||
| Step 2 |
switch(config)#
interface
type
port
|
Enters interface configuration mode. | ||
| Step 3 |
switch(config-if)# [no]
switchport
vlan mapping enable
| (Optional)
Enables VLAN translation on the switch port after VLAN translation is explicitly disabled. VLAN translation is enabled by default.
| ||
| Step 4 | switch(config-if)# [no] switchport vlan mapping vlan-id translated-vlan-id |
Translates a VLAN to another VLAN.
| ||
| Step 5 | switch(config-if)# [no] switchport vlan translation all |
Removes all VLAN translations configured on the interface. | ||
| Step 6 | switch(config-if)# copy running-config startup-config | (Optional)
Copies the running configuration to the startup configuration.
| ||
| Step 7 |
switch(config-if)#
show
interface [if-identifier]
vlan
mapping
| (Optional)
Displays VLAN mapping information for all interfaces or for the specified interface. |
This example shows how to configure VLAN translation between (the ingress) VLAN 10 and (the local) VLAN 100:
switch# config t switch(config)# interface ethernet1/1 switch(config-if)# switchport vlan mapping 10 100 switch(config-if)# show interface ethernet1/1 vlan mapping Interface eth1/1: Original VLAN Translated VLAN ------------------ --------------- 10 100
Verifying the VLAN Configuration
|
Command |
Purpose |
|---|---|
| show running-config vlan vlan-id |
Displays VLAN information. |
| show vlan [all-ports | brief | id vlan-id | name name | dot1q tag native] |
Displays VLAN information. |
|
show vlan summary |
Displays a summary of VLAN information. |
|
show vtp status |
Displays VTP information. |
show system vlan reserved |
Displays system reserved VLAN range. |
For information on the output of these commands, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference.
Displaying and Clearing VLAN Statistics
|
Command |
Purpose |
|---|---|
|
clear vlan [id vlan-id] counters |
Clears counters for all VLANs or for a specified VLAN. |
|
show vlan counters |
Displays information on Layer 2 packets in each VLAN. |
Configuration Example for VLANs
The following example shows how to create and name a VLAN as well as how to make the state active and administratively up:
switch# configure terminal switch(config)# vlan 10 switch(config-vlan)# name test switch(config-vlan)# state active switch(config-vlan)# no shutdown switch(config-vlan)# exit switch(config)#
Additional References for VLANs
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Command reference |
Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference |
|
NX-OS Layer 2 switching configuration |
Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide |
|
Interfaces, VLAN interfaces, IP addressing, and port channels |
Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide |
|
Multicast routing |
Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide |
|
NX-OS fundamentals |
Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide |
|
High availability |
Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide |
|
System management |
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide |
|
VDCs |
Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide |
|
Licensing |
Cisco NX-OS Licensing Guide |
|
Release notes |
Cisco Nexus 7000 Series NX-OS Release Notes |
Standards
|
Standards |
Title |
|---|---|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |
MIBs
|
MIBs |
MIBs Link |
|---|---|
|
|
To locate and download MIBs, go to the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml |
Feature History for Configuring VLANs
|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
VLAN translation |
6.2(6) |
You can configure mapping between a pair of VLANs. |
|
Configure VLAN long-name. |
6.1(1) |
You can configure VLAN long-names. |
|
Dynamic system reserved VLAN range |
5.2(1) |
You can change the range of the system reserve VLANs. |
|
Configure VLAN before creating the VLAN |
5.1(1) |
You can configure a VLAN before creating the VLAN. |
|
No change |
4.2(1) |
-- |
|
VLAN Trunking Protocol |
4.1(2) |
The device now runs VTP in transparent mode. |
Feedback