Configuring Layer 3 Interfaces

About Layer 3 Interfaces

Layer 3 interfaces forward IPv4 packets to another device using static or dynamic routing protocols. You can use Layer 3 interfaces for IP routing and inter-VLAN routing of Layer 2 traffic.

Routed Interfaces

You can configure a port as a Layer 2 interface or a Layer 3 interface. A routed interface is a physical port that can route IP traffic to another device. A routed interface is a Layer 3 interface only and does not support Layer 2 protocols, such as the Spanning Tree Protocol (STP).

All Ethernet ports are routed interfaces by default. You can change this default behavior with the CLI setup script.


Note

The default mode for the Cisco Nexus® 3550-T switch interface is Layer 3.

You can assign an IP address to the port, enable routing, and assign routing protocol characteristics to this routed interface.

You can also create a Layer 3 port channel from routed interfaces. For more information about port channels, see the Configuring Port Channels section.

Routed interfaces support exponentially decayed rate counters. Cisco NX-OS tracks the following statistics with these averaging counters:

  • Input packets/sec

  • Output packets/sec

VLAN Interfaces

A VLAN interface, or switch virtual interface (SVI), is a virtual routed interface that connects a VLAN on the device to the Layer 3 router engine on the same device. Only one VLAN interface can be associated with a VLAN, but you need to configure a VLAN interface for a VLAN only when you want to route between VLANs or to provide IP host connectivity to the device through a virtual routing and forwarding (VRF) instance that is not the management VRF. When you enable VLAN interface creation, Cisco NX-OS creates a VLAN interface for the default VLAN (VLAN 1) to permit remote switch administration.

You must enable the VLAN network interface feature before you can see configure it. The system automatically takes a checkpoint prior to disabling the feature, and you can roll back to this checkpoint. See the Cisco Nexus® 3550-T System Management Configuration section for information on rollbacks and checkpoints.


Note

You cannot delete the VLAN interface for VLAN 1.

You can route across VLAN interfaces to provide Layer 3 inter-VLAN routing by configuring a VLAN interface for each VLAN that you want to route traffic to and assigning an IP address on the VLAN interface. For more information about IP addresses and IP routing, see the Cisco Nexus® 3550-T Unicast Routing Configuration section.

The following figure shows two hosts connected to two VLANs on a device. You can configure VLAN interfaces for each VLAN that allows Host 1 to communicate with Host 2 using IP routing between the VLANs. VLAN 1 communicates at Layer 3 over VLAN interface 1 and VLAN 10 communicates at Layer 3 over VLAN interface 10.

Figure 1. Connecting Two VLANs with VLAN interfaces

Changing VRF Membership for an Interface

When you enter the vrf member command under an interface, you receive an alert regarding the deletion of interface configurations and to notify the clients/listeners (such as CLI-Server) to delete configurations with respect to the interface.

Entering the system vrf-member-change retain-l3-config command enables the retention of the Layer 3 configuration when the VRF member changes on the interface. It does this by sending notification to the clients/listeners to store (buffer) the existing configurations, delete the configurations from the old vrf context, and reapply the stored configurations under the new VRF context.


Note

When the system vrf-member-change retain-l3-config command is enabled, the Layer 3 configuration is not deleted and remains stored (buffered). When this command is not enabled (default mode), the Layer 3 configuration is not retained when the VRF member changes.

You can disable the retention of the Layer 3 configuration with the no system vrf-member-change retain-l3-config command. In this mode, the Layer 3 configuration is not retained when the VRF member changes.

Notes About Changing VRF Membership for an Interface

  • Momentary traffic loss may occur when changing the VRF name.

  • Only the configurations under the interface level are processed when the system vrf-member-change retain-l3-config command is enabled. You must manually process any configurations at the router level to accommodate routing protocols after a VRF change.

  • The system vrf-member-change retain-l3-config command supports interface level configurations with:

    • Layer 3 configurations maintained by the CLI Server, such as ip address and all OSPF/ISIS/EIGRP CLIs available under the interface configuration.

Loopback Interfaces

A loopback interface is a virtual interface with a single endpoint that is always up. Any packet transmitted over a loopback interface is immediately received by this interface. Loopback interfaces emulate a physical interface. You can configure up to 1024 loopback interfaces, numbered 0 to 1023.

You can use loopback interfaces for performance analysis, testing, and local communications. Loopback interfaces can act as a termination address for routing protocol sessions. This loopback configuration allows routing protocol sessions to stay up even if some of the outbound interfaces are down.

High Availability

Layer 3 interfaces support stateful and stateless restarts. After the switchover, Cisco NX-OS applies the runtime configuration after the switchover.

See the Cisco Nexus® 3550-T Unicast Routing Configuration section for complete information about high availability.

Prerequisites for Layer 3 Interfaces

Layer 3 interfaces have the following prerequisites:

  • You are familiar with IP addressing and basic configuration. See the Cisco Nexus® 3550-T Unicast Routing Configuration section for more information about IP addressing.

Guidelines and Limitations for Layer 3 Interfaces

Layer 3 interfaces have the following configuration guidelines and limitations:

  • If you change a Layer 3 interface to a Layer 2 interface, Cisco NX-OS shuts down the interface, reenables the interface, and removes all configuration specific to Layer 3.

  • If you change a Layer 2 interface to a Layer 3 interface, Cisco NX-OS shuts down the interface, reenables the interface, and deletes all configuration specific to Layer 2.

  • IP unnumbered interfaces are not supported.

  • Multicast and/or broadcast counters for SVI are not supported.

  • Control plane SVI/SI traffic for SVI counters are not supported.

  • show commands with the internal keyword are not supported.


Note

If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

Default Settings

The following table lists the default settings for Layer 3 interface parameters.

Table 1. Default Layer 3 Interface Parameters

Parameters

Default

Admin state

Shut

Configuring Layer 3 Interfaces

Configuring a Routed Interface

You can configure any Ethernet port as a routed interface.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

interface ethernet slot/port

Example:

switch(config)# interface ethernet 1/2
switch(config-if)#

Enters interface configuration mode.

Step 3

no switchport

Example:

switch(config-if)# no switchport

Configures the interface as a Layer 3 interface.

Step 4

[ip address]

Example:

switch(config-if)# ip address 192.0.2.1/8

  • Configures an IP address for this interface. See the Cisco Nexus® 3550-T Unicast Routing Configuration section for more information about IP addresses.

Step 5

show interfaces

Example:

switch(config-if)# show interfaces ethernet 1/2

(Optional) Displays the Layer 3 interface statistics.

Step 6

no shutdown

Example:

switch# 
switch(config-if)# int e1/2
switch(config-if)# no shutdown

(Optional) Clears the errors on the interfaces where policies correspond with hardware policies. This command allows policy programming to continue and the port to come up. If policies do not correspond, the errors are placed in an error-disabled policy state.

Step 7

copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

(Optional) Saves the configuration change.

Example

  • Use the switchport command to convert a Layer 3 interface into a Layer 2 interface.

Command

Purpose

switchport

Example: 

switch(config-if)# switchportswitchport

Configures the interface as a Layer 2 interface and deletes any configuration specific to Layer 3 on this interface.

  • This example shows how to configure a routed interface: 

    switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# no switchport
switch(config-if)# ip address 192.0.2.1/8 
switch(config-if)# copy running-config startup-config

    The default setting for interfaces is routed. If you want to configure an interface for Layer 2, enter the switchport command. Then, if you change a Layer 2 interface to a routed interface, enter the no switchport command.

Configuring a VLAN Interface

You can create VLAN interfaces to provide inter-VLAN routing.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters configuration mode.

Step 2

feature interface-vlan

Example:

switch(config)# feature interface-vlan

Enables VLAN interface mode.

Step 3

interface vlan number

Example:

switch(config)# interface vlan 10
switch(config-if)#

Creates a VLAN interface. The number range is from 1 to 4094.

Step 4

[ip address ip-address/length]

Example:

switch(config-if)# ip address 192.0.2.1/8

  • Configures an IP address for this VLAN interface. See the Cisco Nexus® 3550-T Unicast Routing Configuration section for more information on IP addresses.

Step 5

show interface vlan number

Example:

switch(config-if)# show interface vlan 10

(Optional) Displays the Layer 3 interface statistics.

Step 6

no shutdown

Example:

switch(config)# int e1/3
switch(config)# no shutdown

(Optional) Clears the errors on the interfaces where policies correspond with hardware policies. This command allows policy programming to continue and the port to come up. If policies do not correspond, the errors are placed in an error-disabled policy state.

Step 7

copy running-config startup-config

Example:

switch(config-if)# copy running-config startup-config

(Optional) Saves the configuration change.

Example

This example shows how to create a VLAN interface: 

switch# configure terminal
switch(config)# feature interface-vlan
switch(config)# interface vlan 10
switch(config-if)# ip address 192.0.2.1/8
switch(config-if)# copy running-config startup-config

Configuring a Loopback Interface

You can configure a loopback interface to create a virtual interface that is always up.

Before you begin

Ensure that the IP address of the loopback interface is unique across all routers on the network.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters configuration mode.

Step 2

interface loopback instance

Example:

switch(config)# interface loopback 0
switch(config-if)#

Creates a loopback interface. The range is from 0 to 1023.

Step 3

[ip address ip-address/length]

Example:

switch(config-if)# ip address 192.0.2.1/8

  • Configures an IP address for this interface. See the Cisco Nexus® 3550-T Unicast Routing Configuration section for more information about IP addresses.

Step 4

show interface loopback instance

Example:

switch(config-if)# show interface loopback 0

(Optional) Displays the loopback interface statistics.

Step 5

copy running-config startup-config

Example:

switch(config-if)# copy running-config startup-config

(Optional) Saves the configuration change.

Example

This example shows how to create a loopback interface: 

switch# configure terminal
switch(config)# interface loopback 0
switch(config-if)# ip address 192.0.2.1/8
switch(config-if)# copy running-config startup-config

Assigning an Interface to a VRF

You can add a Layer 3 interface to a VRF.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters configuration mode.

Step 2

interface interface-type number

Example:

switch(config)# interface loopback 0
switch(config-if)#

Enters interface configuration mode.

Step 3

vrf member vrf-name

Example:

switch(config-if)# vrf member RemoteOfficeVRF

Adds this interface to a VRF.

Step 4

ip address ip-prefix/length

Example:

switch(config-if)# ip address 192.0.2.1/16

Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.

Step 5

show vrf [vrf-name] interface interface-type number

Example:

switch(config-vrf)# show vrf Enterprise interface loopback 0

(Optional) Displays VRF information.

Step 6

copy running-config startup-config

Example:

switch(config-if)# copy running-config startup-config

(Optional) Saves the configuration change.

Example

This example shows how to add a Layer 3 interface to the VRF: 

switch# configure terminal
switch(config)# interface loopback 0
switch(config-if)# vrf member RemoteOfficeVRF
switch(config-if)# ip address 209.0.2.1/16
switch(config-if)# copy running-config startup-config

Configuring a DHCP Client on an Interface

You can configure the DHCP client on a management interface, for IPv4 address.

Procedure

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# interface ethernet type slot/port | mgmt mgmt-interface-number |

Creates a physical Ethernet interface, a management interface.

Step 3

switch(config-if)# [no] [ip | ipv4] address dhcp

Requests the DHCP server for an IPv4 address.

The no form of this command removes any address that was acquired.

Step 4

Save the configuration.

Verifying the Layer 3 Interfaces Configuration

To display the Layer 3 configuration, perform one of the following tasks:

Command

Purpose

show interface ethernet slot/port

Displays the Layer 3 interface configuration, status, and counters (including the 5-minute exponentially decayed moving average of inbound and outbound packet and byte rates).

show interface ethernet slot/port brief

Displays the Layer 3 interface operational status.

show interface ethernet slot/port capabilities

Displays the Layer 3 interface capabilities, including port type, speed, and duplex.

show interface ethernet slot/port description

Displays the Layer 3 interface description.

show interface ethernet slot/port status

Displays the Layer 3 interface administrative status, port mode, speed, and duplex.

show interface ethernet slot/port.number

Displays the subinterface configuration, status, and counters (including the f-minute exponentially decayed moving average of inbound and outbound packet and byte rates).

show interface port-channel channel-id.number

Displays the port-channel subinterface configuration, status, and counters (including the 5-minute exponentially decayed moving average of inbound and outbound packet and byte rates).

show interface loopback number

Displays the loopback interface configuration, status, and counters.

show interface loopback number brief

Displays the loopback interface operational status.

show interface loopback number description

Displays the loopback interface description.

show interface loopback number status

Displays the loopback interface administrative status and protocol status.

show interface vlan number

Displays the VLAN interface configuration, status, and counters.

show interface vlan number brief

Displays the VLAN interface operational status.

show interface vlan number description

Displays the VLAN interface description.

show interface vlan number status

Displays the VLAN interface administrative status and protocol status.

Monitoring the Layer 3 Interfaces

Use the following commands to display Layer 3 statistics:

Command

Purpose

show interface ethernet slot/port counters

Displays the Layer 3 interface statistics (unicast, multicast, and broadcast).

show interface ethernet slot/port counters brief

Displays the Layer 3 interface input and output counters.

show interface ethernet errors slot/port detailed [all]

Displays the Layer 3 interface statistics. You can optionally include all 32-bit and 64-bit packet and byte counters (including errors).

show interface ethernet errors slot/port counters errors

Displays the Layer 3 interface input and output errors.

show interface ethernet errors slot/port counters snmp

Displays the Layer 3 interface counters reported by SNMP MIBs.

show interface loopback number detailed [all]

Displays the loopback interface statistics. You can optionally include all 32-bit and 64-bit packet and byte counters (including errors).

show interface vlan number counters detailed [all]

Displays the VLAN interface statistics. You can optionally include all Layer 3 packet and byte counters (unicast and multicast).

show interface vlan number counters snmp

Displays the VLAN interface counters reported by SNMP MIBs.

Configuration Examples for Layer 3 Interfaces

This example shows how to configure a loopback interface: 

interface loopback 3
ip address 192.0.2.2/32

Example of Changing VRF Membership for an Interface

  • Enable Layer 3 configuration retention when changing VRF membership. 

    
switch# configure terminal
switch(config)# system vrf-member-change retain-l3-config

Warning: Will retain L3 configuration when vrf member change on interface.

  • Verify Layer 3 retention. 

    
switch# show running-config | include vrf-member-change

system vrf-member-change retain-l3-config

  • Configure the SVI interface with Layer 3 configuration as VRF "blue". 

    
switch# configure terminal
switch(config)# show running-config interface vlan 2002

interface Vlan2002
description TESTSVI
no shutdown
vrf member blue
no ip redirects
ip address 192.168.211.2/27
ip router ospf 1 area 0.0.0.0
preempt delay minimum 300 reload 600
priority 110 forwarding-threshold lower 1 upper 110
ip 192.168.211.1
preempt delay minimum 300 reload 600
priority 110 forwarding-threshold lower 1 upper 110

  • Verify SVI interface after VRF change. 

    
switch# configure terminal
switch(config)# show running-config interface vlan 2002

interface Vlan2002
description TESTSVI
no shutdown
vrf member red
no ip redirects
ip address 192.168.211.2/27
ip router ospf 1 area 0.0.0.0
preempt delay minimum 300 reload 600
priority 110 forwarding-threshold lower 1 upper 110
ip 192.168.211.1
preempt delay minimum 300 reload 600
priority 110 forwarding-threshold lower 1 upper 110

Note

  • When changing the VRF, the Layer 3 configuration retention affects:

    • Physical Interface

    • Loopback Interface

    • SVI Interface

    • Port-Channel

  • When changing the VRF, the existing Layer 3 configuration is deleted and reapplied. All routing protocols, such as OSPF/ISIS/EIGRP, go down in the old VRF and come up in the new VRF.

  • Direct/Local IPv4 addresses are removed from the old VRF and installed in the new VRF.

  • Some traffic loss might occur during the VRF change.

Related Documents

Related Documents

Document Title

IP

Cisco Nexus® 3550-T Unicast Routing Configuration section

VLANs

Cisco Nexus® 3550-T Layer 2 Switching Configuration section