Information About VLANs
You can use VLANs to divide the network into separate logical areas at the Layer 2 level. VLANs can also be considered as broadcast domains.
Any switch port can belong to a VLAN, and unicast broadcast and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.
Understanding VLANs
A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.
Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered as a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router. The following figure shows VLANs as logical networks. The stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to another VLAN.
VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.
By default, a newly created VLAN is operational; that is, the newly created VLAN is in the no shutdown condition. Additionally, you can configure VLANs to be in the active state, which is passing traffic, or the suspended state, in which the VLANs are not passing packets. By default, the VLANs are in the active state and pass traffic.
A VLAN interface, or switched virtual interface (SVI), is a Layer 3 interface that is created to provide communication between VLANs. In order to route traffic between VLANs, you must create and configure a VLAN interface for each VLAN. Each VLAN requires only one VLAN interface.
VLAN Ranges
Note |
The extended system ID is always automatically enabled in Cisco Nexus 9000 devices. |
The device supports up to 4095 VLANs in accordance with the IEEE 802.1Q standard. The software organizes these VLANs into ranges, and you use each range slightly differently.
For information about configuration limits, see the verified scalability limits documentation for your switch.
This table describes the VLAN ranges.
VLANs Numbers |
Range |
Usage |
---|---|---|
1 |
Normal |
Cisco default. You can use this VLAN, but you cannot modify or delete it. |
2—1005 |
Normal |
You can create, use, modify, and delete these VLANs. |
1006—3967 |
Extended |
You can create, name, and use these VLANs. You cannot change the following parameters:
|
3968-4095 |
Internally allocated |
These reserved VLANs are allocated for internal device use. |
Note |
Cisco recommends that you enter the range in an increasing order, though the system accepts the range entered in decreasing order. For example, to delete the range of VLANs from 1602 to 1607, the recommended way to enter the value is 1602-1607, rather than 1607-1602. Entering the range as 1602-7 will delete VLANs from 7 to 1602, instead of 1602 to 1607. |
About Reserved VLANs
The following are notes about reserved VLANs (3968 to 4095):
-
The software allocates a group of VLAN numbers for features like multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates a block of 128 reserved VLANs (3968 to 4095) for these internal uses.
-
You can change the range of reserved VLANs with the system vlan vlan-id reserve command. This allows you to set a different range of VLANs to be used as the reserved VLANs. The selected VLANs must be reserved in groups of 128.
-
You may configure VLANs 3968-4092 for other purposes, except VLAN 3999, as this is used internally even when the default internal VLAN usage is moved.
-
VLANs 4093-4095 are always reserved for internal use and cannot be used other purposes.
For example,
reserves VLANs 400-527.system vlan 400 reserve
The new reserved range takes effect after the running configuration is saved and the device is reloaded.
-
VLANs 4093-4095 are always reserved for internal use and cannot be used other purposes.
In the example, the result of the command would be that VLANs 400-527 are reserved and that VLANs 4093-4095 are also reserved.
-
-
The no system vlan vlan-id reserve command changes the range for reserved VLANs to the default range of 3968-4095 after the device is reloaded.
-
Use the show system vlan reserved command to verify the range of the current and future reserved VLAN ranges.
Example of VLAN Reserve
The following is an example of configuring the VLAN reserve (before and after image reload):
**************************************************
CONFIGURE NON-DEFAULT RANGE, "COPY R S" AND RELOAD
**************************************************
switch(config)# system vlan 400 reserve
"vlan configuration 400-527" will be deleted automatically.
Vlans, SVIs and sub-interface encaps for vlans 400-527 need to be removed by the user.
Continue anyway? (y/n) [no] y
Note: After switch reload, VLANs 400-527 will be reserved for internal use.
This requires copy running-config to startup-config before
switch reload. Creating VLANs within this range is not allowed.
switch(config)# show system vlan reserved
system current running vlan reservation: 3968-4095
system future running vlan reservation: 400-527
switch(config)# copy running-config startup-config
[########################################] 100%
switch(config)# reload
This command will reboot the system. (y/n)? [n] y
************
AFTER RELOAD
************
switch# show system vlan reserved
system current running vlan reservation: 400-527
Creating, Deleting, and Modifying VLANs
Note |
By default, all Cisco Nexus 9396 and Cisco Nexus 93128 ports are Layer 2 ports. By default, all Cisco Nexus 9504 and Cisco Nexus 9508 ports are Layer 3 ports. |
VLANs are numbered from 1 to 3967. All ports that you have configured as switch ports belong to the default VLAN when you first bring up the switch as a Layer 2 device. The default VLAN (VLAN1) uses only default values, and you cannot create, delete, or suspend activity in the default VLAN.
You create a VLAN by assigning a number to it; you can delete VLANs and move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the device goes into the VLAN submode but does not create the same VLAN again.
Newly created VLANs remain unused until Layer 2 ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.
Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):
-
VLAN name
-
VLAN state
-
Shutdown or not shutdown
You can configure VLAN long-names of up to 128 characters. To configure VLAN long-names, VTP must be in transparent mode.
Note |
See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide for information on configuring ports as VLAN access or trunk ports and assigning ports to VLANs. |
When you delete a specified VLAN, the ports associated to that VLAN become inactive and no traffic flows. When you delete a specified VLAN from a trunk port, only that VLAN is shut down and traffic continues to flow on all the other VLANs through the trunk port.
However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable or re-create, that specified VLAN, the system automatically reinstates all the original ports to that VLAN. The static MAC addresses and aging time for that VLAN are not restored when the VLAN is reenabled.
Note |
Commands entered in the VLAN configuration submode are not immediately executed. You must exit the VLAN configuration submode for configuration changes to take effect. |
High Availability for VLANs
The software supports high availability for both stateful and stateless restarts, as during a cold reboot, for VLANs. For the stateful restarts, the software supports a maximum of three retries. If you try more than 3 times within 10 seconds of a restart, the software reloads the supervisor module.
You can upgrade or downgrade the software seamlessly when you use VLANs.
Note |
See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information on high availability features. |