The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
This section describes how to configure Layer 2 switching ports as access or trunk ports.
Note |
For information about configuring a Switched Port Analyzer (SPAN) destination interface, see the Cisco Nexus 1000V for Microsoft Hyper-V System Management Configuration Guide |
Note |
For information about VLANs, MAC address tables, and private VLANs, see the Cisco Nexus 1000V for Microsoft Hyper-V Layer 2 Switching Configuration Guide. |
A Layer 2 port can be configured as an access or a trunk port as follows:
By default, all ports on the Cisco Nexus 1000V are Layer 2 ports. You can change the default port mode (access or trunk). See the Cisco Nexus 1000V for Microsoft Hyper-V Installation and Upgrade Guide for information about setting the default port mode. The following figure shows how you can use trunk ports in the network. The trunk port carries traffic for two or more VLANs.
In order to correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation, or tagging, method.
To optimize the performance on access ports, you can configure the port as a host port. Once the port is configured as a host port, it is automatically set as an access port, and channel grouping is disabled. Use the host designation to decrease the time that it takes the designated port to begin to forward packets.
If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.
A Layer 2 interface can function as either an access port or a trunk port; it cannot function as both port types simultaneously.
A trunk is a point-to-point link between the switch and another networking device. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.
To correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation, or tagging, method that uses a tag that is inserted into the frame header (see the following figures). This tag carries information about the specific VLAN to which the frame and packet belong. This method allows packets that are encapsulated for several different VLANs to traverse the same port and maintain traffic separation between the VLANs. Also, the encapsulated VLAN tag allows the trunk to move traffic end to end through the network on the same VLAN.
The software supports high availability for Layer 2 ports.
VLAN trunking has the following prerequisite:
You are logged into the CLI.
VLAN trunking has the following configuration guidelines and limitations:
Parameters | Default |
---|---|
Switchport mode |
Access |
Allowed VLANs |
1 to 3967, 4048 to 4094 |
Access VLAN ID |
VLAN1 |
Native VLAN ID |
VLAN1 |
Native VLAN ID tagging |
Disabled |
Administrative state |
Shut |
Configuring Access and Trunk Interfaces
You can configure a Layer 2 port as an access port.
This example shows how to set Ethernet 3/1 as a Layer 2 access port that carries traffic for VLAN 5 only:
switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport mode access switch(config-if)# switchport access vlan 5 switch(config-if)#
You can configure a Layer 2 port as a trunk port.
This example shows how to set Ethernet 3/1 as a Layer 2 trunk port:
switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport mode trunk switch(config-if)#
You can configure the native VLAN for 802.1Q trunk ports. If you do not configure this parameter, the trunk port uses the default VLAN as the native VLAN ID.
Be aware that the Cisco Nexus 1000V commands may differ from the Cisco IOS commands.
This example shows how to set the native VLAN for the Ethernet 3/1, Layer 2 trunk port to VLAN 5:
n1000v# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport trunk native vlan 5 switch(config-if)#
You can specify the IDs for the VLANs that are allowed on the specific trunk port.
This example shows how to add VLANs 15 to 20 to the list of allowed VLANs on the Ethernet 3/1, Layer 2 trunk port:
swtich# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport trunk allowed vlan 15-20 switch(config-if)#
When working with 802.1Q trunked interfaces, you can maintain the tagging for all packets that enter with a tag that matches the native VLAN ID. Untagged traffic is dropped (you will still carry control traffic on that interface).
Note |
If you enable 802.1Q tagging on one device and disable it on another device, all traffic is dropped on the device with this feature disabled. You must configure this feature identically on each device. |
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
Step 2 | switch#(config) vlan dot1q tag native | Modifies the behavior of a 802.1Q trunked native VLAN ID interface in the running configuration. The interface maintains the taggings for all packets that enter with a tag that matches the value of the native VLAN ID and drops all untagged traffic. The control traffic is still carried on the native VLAN. The default is disabled. |
Step 3 | switch(config-if)# show vlan | (Optional) Displays the status and information of VLANs. |
Step 4 | switch(config-if)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to change the behavior of the native VLAN on an 802.1Q trunked interface to maintain the tagged packets and drop all untagged traffic (except control traffic):
n1000v# configure terminal switch(config)# vlan dot1q tag native switch(config-if)#
Use one of the following commands to verify the access and trunk interface configuration information:
Command | Purpose |
---|---|
show interface ethernet slot/port [ brief | capabilities | counters | mac-address | status | switchport | trunk] |
Displays the interface configuration. |
show interface ethernet slot/port counters [ brief | detailed | errors | snmp | storm-control | trunk] |
Displays the counters for a specified Ethernet interface. |
show interface ethernet slot/port status [err-disable] |
Displays the status for a specified Ethernet interface. |
show interface brief |
Displays interface configuration information, including the mode. |
show interface switchport |
Displays information, about the access and trunk interface, for all Layer 2 interfaces. |
show interface trunk [module module-number | vlan vlan-id] |
Displays trunk configuration information. |
show interface capabilities |
Displays information about the capabilities of the interfaces. |
show running-config interface ethernet slot/port |
Displays configuration information about the specified interface. |
Use one of the following commands to display access and trunk interface configuration information:
Command | Purpose |
---|---|
clear counters [ interface ] |
Clears the counters. |
show interface counters [ module module ] |
Displays input and output octets unicast packets, multicast packets, and broadcast packets. |
show interface counters detailed [ all ] |
Displays input packets, bytes, and multicast as well as output packets and bytes. |
show interface counters errors [ module module] |
Displays information on the number of error packets. |
This example shows how to configure a Layer 2 access interface and assign the access VLAN for that interface:
switch# configure terminal switch(config)# interface ethernet 2/30 switch(config-if)# switchport switch(config-if)# switchport mode access switch(config-if)# switchport access vlan 5 switch(config-if)#
This example shows how to configure a Layer 2 trunk interface, assign the native VLAN and the allowed VLANs, and configure the device to tag the native VLAN traffic on the trunk interface:
switch# configure terminal switch(config)# interface ethernet 2/35 switch(config-if)# switchport switch(config-if)# switchport mode trunk switch(config-if)# switchport trunk native vlan 10 switch(config-if)# witchport trunk allowed vlan 5, 10 switch(config-if)# exit switch(config-if)# vlan dot1q tag native switch(config-if)#
Feature Name |
Releases |
Feature Information |
---|---|---|
Layer 2 interface parameters |
4.0(4)SV1(1) |
This feature was introduced |