Configuring Layer 2 Interfaces
Note Beginning with Cisco Release 5.2, the Cisco Nexus 7000 Series devices support FabricPath Layer 2 interfaces. See the Cisco Nexus 7000 Series NX-OS FabricPath Command Reference, Release 5.x for complete information about the FabricPath feature and interfaces.
This chapter describes how to configure Layer 2 switching ports as access or trunk ports on Cisco NX-OS devices.
Note Beginning with Cisco NX-OS Release 5.1, a Layer 2 port can function as either one of the following:
- A trunk port
- An access port
- A private VLAN port (see the Cisco DCNM Layer 2 Switching Configuration Guide, Release 5.x, for more information on private VLANs)
- A FabricPath port (see the Cisco Nexus 7000 Series NX-OS FabricPath Configuration Guide, Release 5.x, and the Cisco DCNM FabricPath Configuration Guide, Release 5.x, for information on FabricPath)
Beginning with Cisco NX-OS Release 5.2(1), a Layer 2 port can also function as a shared interface. You cannot configure an access interface as a shared interface. See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for information on shared interfaces.
Note See the Cisco DCNM FabricPath Configuration Guide, Release 5.x, for more information on configuring the FabricPath feature.
Note A Layer 2 port can function as either a trunk port, an access port, or a private VLAN port.
This chapter includes the following sections:
Note See the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x, for information on configuring a SPAN destination interface.
You can configure Layer 2 switching ports as access or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network. All Layer 2 switching ports maintain media access control (MAC) address tables.
Note See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for information on VLANs, MAC address tables, private VLANs, and the Spanning Tree Protocol.
Note A Layer 2 port can function as either a trunk port, an access port, or a private VLAN port. See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for more information on private VLANs.
Information About Access and Trunk Interfaces
Note See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x, for complete information on high-availability features.
This section includes the following topics:
Note The device supports only IEEE 802.1Q-type VLAN trunk encapsulation.
Information About Access and Trunk Interfaces
A Layer 2 port can be configured as an access or a trunk port as follows:
- An access port can have only one VLAN configured on that port; it can carry traffic for only one VLAN.
- A trunk port can have two or more VLANs configured on that port; it can carry traffic for several VLANs simultaneously.
By default, all ports on the device are Layer 3 ports.
You can make all ports Layer 2 ports using the setup script or by entering the system default switchport command. See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 5.x, for information on using the setup script. To configure the port as a Layer 2 port using the CLI, use the switchport command,
All ports in one trunk must be in the same virtual device context (VDC). See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x, for information on VDCs.
All ports in the same trunk must be in the same VDC, and trunk ports cannot carry VLANs from different VDCs.
Figure 3-1 shows how you can use trunk ports in the network. The trunk port carries traffic for two or more VLANs.
Figure 3-1 Trunk and Access Ports and VLAN Traffic
Note See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for information on VLANs.
In order to correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation, or tagging, method (see the “IEEE 802.1Q Encapsulation” section for more information).
Note See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x, for information on subinterfaces on Layer 3 interfaces.
To optimize the performance on access ports, you can configure the port as a host port. Once the port is configured as a host port, it is automatically set as an access port, and channel grouping is disabled. Use the host designation to decrease the time that it takes the designated port to begin to forward packets.
Only an end station can be set as a host port; you will receive an error message if you attempt to configure other ports as hosts.
If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.
A Layer 2 interface can function as either an access port or a trunk port; it cannot function as both port types simultaneously.
When you change a Layer 2 interface back to a Layer 3 interface, that interface loses all the Layer 2 configuration and resumes the default VLAN configurations.
IEEE 802.1Q Encapsulation
Note For information about VLANs, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x.
A trunk is a point-to-point link between the switch and another networking device. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.
To correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation, or tagging, method that uses a tag that is inserted into the frame header (see Figure 3-2). This tag carries information about the specific VLAN to which the frame and packet belong. This method allows packets that are encapsulated for several different VLANs to traverse the same port and maintain traffic separation between the VLANs. Also, the encapsulated VLAN tag allows the trunk to move traffic end-to-end through the network on the same VLAN.
Figure 3-2 Header Without and With 802.1Q Tag
Access VLANs
Note If you assign an access VLAN that is also a primary VLAN for a private VLAN, all access ports with that access VLAN will also receive all the broadcast traffic for the primary VLAN in the private VLAN mode.
Note See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for complete information on private VLANs.
When you configure a port in access mode, you can specify which VLAN will carry the traffic for that interface. If you do not configure the VLAN for a port in access mode, or an access port, the interface carries traffic for the default VLAN (VLAN1).
You can change the access port membership in a VLAN by specifying the new VLAN. You must create the VLAN before you can assign it as an access VLAN for an access port. If you change the access VLAN on an access port to a VLAN that is not yet created, the system shuts that access port down.
If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.
Native VLAN IDs for Trunk Ports
A trunk port can carry nontagged packets simultaneously with the 802.1Q tagged packets. When you assign a default port VLAN ID to the trunk port, all untagged traffic travels on the default port VLAN ID for the trunk port, and all untagged traffic is assumed to belong to this VLAN. This VLAN is referred to as the native VLAN ID for a trunk port. That is, the native VLAN ID is the VLAN that carries untagged traffic on trunk ports.
Note Native VLAN ID numbers must match on both ends of the trunk.
The trunk port sends an egressing packet with a VLAN that is equal to the default port VLAN ID as untagged; all the other egressing packets are tagged by the trunk port. If you do not configure a native VLAN ID, the trunk port uses the default VLAN.
Note You cannot use an FCoE VLAN as a native VLAN for an Ethernet trunk switchport.
Tagging Native VLAN Traffic
The Cisco software supports the IEEE 802.1Q standard on trunk ports. In order to pass untagged traffic through the trunk ports, you must create a VLAN that does not tag any packets (or you can use the default VLAN). Untagged packets can pass through trunk ports and access ports.
However, all packets that enter the device with an 802.1Q tag that matches the value of the native VLAN on the trunk are stripped of any tagging and egress the trunk port as untagged packets. This situation can cause problems because you may want to retain the tagging on packets on the native VLAN for the trunk port.
You can configure the device to drop all untagged packets on the trunk ports and to retain the tagging of packets entering the device with 802.1Q values that are equal to that of the native VLAN ID. All control traffic still passes on the native VLAN. This configuration is global; trunk ports on the device either do or do not retain the tagging for the native VLAN.
Allowed VLANs
By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. Later, you can add any specific VLANs that you may want the trunk to carry traffic for back to the list.
To partition the Spanning Tree Protocol (STP) topology for the default VLAN, you can remove VLAN1 from the list of allowed VLANs. Otherwise, VLAN1, which is enabled on all ports by default, will have a very big STP topology, which can result in problems during STP convergence. When you remove VLAN1, all data traffic for VLAN1 on this port is blocked, but the control traffic continues to move on the port.
Note See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for more information about STP.
Note Beginning with Cisco Release 5.2, you can change the block of VLANs reserved for internal use. See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for more information about changing the reserved VLANs.
High Availability
The software supports high availability for Layer 2 ports.
Note See the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x, for complete information on high availability features.
Virtualization Support
The device supports virtual device contexts (VDCs).
All ports in the same trunk must be in the same VDC, and trunk ports cannot carry VLANs from different VDCs.
Note See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x, for complete information on VDCs and assigning resources.
Default Interfaces
You can use the default interface feature to clear the configured parameters for both physical and logical interfaces such as the Ethernet, loopback, VLAN network, tunnel, and the port-channel interface.
Note A maximum of 8 ports can be selected for the default interface. The default interfaces feature is not supported for management interfaces because the device could go to an unreachable state.
SVI Autostate Exclude
Ordinarily, when a VLAN interface has multiple ports in the VLAN, the SVI will go to the down state when all the ports in the VLAN go down. You can use the SVI Autostate Exclude feature to exclude specific ports and port channels while defining the status of the SVI (up or down) even if it belongs to the same VLAN. For example, even if the excluded port or port channel is in the up state and other ports are in the down state in the VLAN, the SVI state is changed to down.
Note You can use the SVI Autostate Exclude feature only for switched physical Ethernet ports and port channels.
Configuring Access and Trunk Interfaces
This section includes the following topics:
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Guidelines for Configuring Access and Trunk Interfaces
All VLANs on a trunk must be in the same VDC.
Configuring a LAN Interface as a Layer 2 Access Port
You can configure a Layer 2 port as an access port. An access port transmits packets on only one, untagged VLAN. You specify which VLAN traffic that the interface carries, which becomes the access VLAN. If you do not specify a VLAN for an access port, that interface carries traffic only on the default VLAN. The default VLAN is VLAN1.
The VLAN must exist before you can specify that VLAN as an access VLAN. The system shuts down an access port that is assigned to an access VLAN that does not exist.
BEFORE YOU BEGIN
Ensure that you are configuring a Layer 2 interface.
SUMMARY STEPS
1. configure terminal
2. interface {{ type slot/port } | { port-channel number }}
3. switchport mode { access | trunk }
4. switchport access vlan vlan-id
5. exit
6. (Optional) show interface
7. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface {{ type slot/port } | { port-channel number }} Example: switch(config)# interface ethernet 3/1 switch(config-if)# |
Specifies an interface to configure, and enters interface configuration mode. |
Step 3 |
switchport mode { access | trunk } Example: switch(config-if)# switchport mode access |
Sets the interface as a nontrunking nontagged, single-VLAN Layer 2 interface. An access port can carry traffic in one VLAN only. By default, an access port carries traffic for VLAN1; to set the access port to carry traffic for a different VLAN, use the switchport access vlan command. |
Step 4 |
switchport access vlan vlan-id Example: switch(config-if)# switchport access vlan 5 |
Specifies the VLAN for which this access port will carry traffic. If you do not enter this command, the access port carries traffic on VLAN1 only; use this command to change the VLAN for which the access port carries traffic. |
Step 5 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the configuration mode. |
Step 6 |
show interface Example: switch# show interface |
(Optional) Displays the interface status and information. |
Step 7 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to set Ethernet 3/1 as a Layer 2 access port that carries traffic for VLAN 5 only:
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 5
Configuring Access Host Ports
Note You should apply the switchport host command only to interfaces connected to an end station.
You can optimize the performance of access ports that are connected to end stations by simultaneously setting that port as an access port. An access host port handles the STP like an edge port and immediately moves to the forwarding state without passing through the blocking and learning states. Configuring an interface as an access host port also disables port channeling on that interface.
Note See Chapter 6, “Configuring Port Channels” for information on port-channel interfaces and the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x. For complete information on the Spanning Tree Protocol.
BEFORE YOU BEGIN
Ensure that you are configuring the correct interface to an interface that is an end station.
SUMMARY STEPS
1. configure terminal
2. interface type slot/port
3. switchport host
4. exit
5. (Optional) show interface
6. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface type slot/port Example: switch(config)# interface ethernet 3/1 switch(config-if)# |
Specifies an interface to configure, and enters interface configuration mode. |
Step 3 |
switchport host Example: switch(config-if)# switchport host |
Sets the interface to be an access host port, which immediately moves to the spanning tree forwarding state and disables port channeling on this interface. Note Apply this command only to end stations. |
Step 4 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the interface mode. |
Step 5 |
show interface Example: switch# show interface |
(Optional) Displays the interface status and information. |
Step 6 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to set Ethernet 3/1 as a Layer 2 access port with PortFast enabled and port channel disabled:
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport host
Configuring Trunk Ports
You can configure a Layer 2 port as a trunk port. A trunk port transmits untagged packets for one VLAN plus encapsulated, tagged, packets for multiple VLANs. (See the “IEEE 802.1Q Encapsulation” section for information about encapsulation.)
Note The device supports 802.1Q encapsulation only.
BEFORE YOU BEGIN
Before you configure a trunk port, ensure that you are configuring a Layer 2 interface.
SUMMARY STEPS
1. configure terminal
2. interface { type slot/port | port-channel number }
3. switchport mode { access | trunk }
4. exit
5. (Optional) show interface
6. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface { type slot/port | port-channel number } Example: switch(config)# interface ethernet 3/1 switch(config-if)# |
Specifies an interface to configure, and enters interface configuration mode. |
Step 3 |
switchport mode { access | trunk } Example: switch(config-if)# switchport mode trunk |
Sets the interface as a Layer 2 trunk port. A trunk port can carry traffic in one or more VLANs on the same physical link (VLANs are based on the trunk-allowed VLANs list). By default, a trunk interface can carry traffic for all VLANs. To specify that only certain VLANs are allowed on the specified trunk, use the switchport trunk allowed vlan command. |
Step 4 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the interface mode. |
Step 5 |
show interface Example: switch# show interface |
(Optional) Displays the interface status and information. |
Step 6 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional Copies the running configuration to the startup configuration. |
This example shows how to set Ethernet 3/1 as a Layer 2 trunk port:
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport mode trunk
Configuring the Native VLAN for 802.1Q Trunking Ports
You can configure the native VLAN for 802.1Q trunk ports. If you do not configure this parameter, the trunk port uses the default VLAN as the native VLAN ID.
Note You cannot configure an FCoE VLAN as a native VLAN for an Ethernet interface.
SUMMARY STEPS
1. configure terminal
2. interface { type slot/port | port-channel number }
3. switchport trunk native vlan vlan-id
4. exit
5. (Optional) show vlan
6. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface { type slot/port | port-channel number } Example: switch(config)# interface ethernet 3/1 switch(config-if)# |
Specifies an interface to configure, and enters interface configuration mode. |
Step 3 |
switchport trunk native vlan vlan-id Example: switch(config-if)# switchport trunk native vlan 5 |
Sets the native VLAN for the 802.1Q trunk. Valid values are from 1 to 4094, except those VLANs reserved for internal use. The default value is VLAN1. |
Step 4 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the interface mode. |
Step 5 |
show vlan Example: switch# show vlan |
(Optional) Displays the status and information of VLANs. |
Step 6 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to set the native VLAN for the Ethernet 3/1, Layer 2 trunk port to VLAN 5:
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport trunk native vlan 5
Configuring the Allowed VLANs for Trunking Ports
You can specify the IDs for the VLANs that are allowed on the specific trunk port.
Note The switchport trunk allowed vlan vlan-list command replaces the current VLAN list on the specified port with the new list. Consequently you are prompted for confirmation before the new list is applied.
As a side effect, if you are doing copy and paste of a large configuration then you may see some failures as the CLI is waiting for a confirmation before accepting other commands. To avoid this you can disable prompting using the terminal dont-ask command before you paste the configuration.
BEFORE YOU BEGIN
Before you configure the allowed VLANs for the specified trunk ports, ensure that you are configuring the correct interfaces and that the interfaces are trunks.
Note Beginning with Cisco Release 5.2, you can change the block of VLANs reserved for internal use. See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for more information about changing the reserved VLANs.
SUMMARY STEPS
1. configure terminal
2. interface { ethernet slot/port | port-channel number }
3. switchport trunk allowed vlan { vlan-list | add vlan-list | all | except vlan-list | none | remove vlan-list }
4. exit
5. (Optional) show vlan
6. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface { ethernet slot/port | port-channel number } Example: switch(config)# interface ethernet 3/1 |
Specifies an interface to configure, and enters interface configuration mode. |
Step 3 |
switchport trunk allowed vlan { vlan-list add vlan-list | all | except vlan-list | none | remove vlan-list } Example: switch(config-if)# switchport trunk allowed vlan add 15-20# |
Sets the allowed VLANs for the trunk interface. The default is to allow all VLANs on the trunk interface: 1 to 3967 and 4048 to 4094. VLANs 3968 to 4047 are the default VLANs reserved for internal use by default. By default, all VLANs are allowed on all trunk interfaces. Beginning with Cisco Release 5.2(1), the default reserved VLANs are 3968 to 4094, and you can change the block of reserved VLANs. See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x, for more information. Note You cannot add internally allocated VLANs as allowed VLANs on trunk ports. The system returns a message if you attempt to list an internally allocated VLAN as an allowed VLAN. |
Step 4 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the interface mode. |
Step 5 |
show vlan Example: switch# show vlan |
(Optional) Displays the status and information for VLANs. |
Step 6 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to add VLANs 15 to 20 to the list of allowed VLANs on the Ethernet 3/1, Layer 2 trunk port:
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport trunk allowed vlan 15-20
Configuring a Default Interface
The default interface feature allows you to clear the existing configuration of multiple interfaces such as Ethernet, loopback, VLAN network, port-channel, and tunnel interfaces. All user configuration under a specified interface will be deleted. You can optionally create a checkpoint before clearing the interface configuration so that you can later restore the deleted configuration.
Note The default interface feature is not supported for management interfaces because the device could go to an unreachable state.
SUMMARY STEPS
1. configure terminal
2. default interface int-if [ checkpoint name ]
3. exit
4. (Optional) show interface
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
default interface int-if [ checkpoint name ] Example: switch(config)# default interface ethernet 3/1 checkpoint test8 |
Deletes the configuration of the interface and restores the default configuration. Use the ? keyword to display the supported interfaces. Use the checkpoint keyword to store a copy of the running configuration of the interface before clearing the configuration. |
Step 3 |
exit Example: switch(config)# exit switch# |
Exits the configuration mode. |
Step 4 |
show interface Example: switch# show interface |
(Optional) Displays the interface status and information. |
This example shows how to delete the configuration of an Ethernet interface while saving a checkpoint of the running configuration for rollback purposes:
switch# configure terminal
switch(config)# default interface ethernet 3/1 checkpoint test8
Configuring SVI Autostate Exclude
You can configure the SVI Autostate Exclude feature on an Ethernet interface or a port channel.
You can use the Autostate Exclude option to enable or disable the port from bringing up or down the SVI calculation and applying it to all VLANs that are enabled on the selected port.
SUMMARY STEPS
1. configure terminal
2. interface {{ type slot/port } | { port-channel number }}
3. switchport
4. switchport autostate exclude
5. exit
6. (Optional) show running-config interface
7. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface {{ type slot/port } | { port-channel number }} Example: switch(config)# interface ethernet 3/1 switch(config-if)# |
Specifies an interface to configure, and enters interface configuration mode. |
Step 3 |
switchport Example: switch(config-if)# switchport |
Sets the interface as a Layer 2 interface. |
Step 4 |
switchport autostate exclude Example: switch(config-if)# switchport autostate exclude |
Excludes this port from the VLAN interface link-up calculation when there are multiple ports in the VLAN. To revert to the default settings, use the no form of this command. |
Step 5 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the configuration mode. |
Step 6 |
show running-config interface {{ type slot/port } | { port-channel number }} Example: switch(config)# show running-config interface ethernet 3/1 |
(Optional) Displays configuration information about the specified interface. |
Step 7 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to exclude a port from the VLAN interface link-up calculation on the Cisco NX-OS device:
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport
switch(config-if)# switchport autostate exclude
Configuring the Device to Tag Native VLAN Traffic
When you are working with 802.1Q trunked interfaces, you can maintain the tagging for all packets that enter with a tag that matches the value of the native VLAN ID and drops all untagged traffic (you will still carry control traffic on that interface). This feature applies to the entire device; you cannot apply it to selected VLANs on a device.
The vlan dot1q tag native global command changes the behavior of all native VLAN ID interfaces on all trunks on the device.
Note If you enable 802.1Q tagging on one device and disable it on another device, all traffic is dropped on the device with this feature disabled. You must configure this feature identically on each device.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command). You can repeat VLAN names and IDs in different VDCs, so you must confirm that you are working in the correct VDC.
SUMMARY STEPS
1. configure terminal
2. vlan dot1q tag native
3. exit
4. (Optional) show vlan
5. (Optional) copy running-config startup-config
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
vlan dot1q tag native Example: switch(config)# vlan dot1q tag native |
Modifies the behavior of a 802.1Q trunked native VLAN ID interface. The interface maintains the taggings for all packets that enter with a tag that matches the value of the native VLAN ID and drops all untagged traffic. The control traffic is still carried on the native VLAN. The default is disabled. |
Step 3 |
exit Example: switch(config)# exit switch# |
Exits the configuration mode. |
Step 4 |
show vlan Example: switch# show vlan |
(Optional) Displays the status and information for VLANs. |
Step 5 |
copy running-config startup-config Example: switch# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to change the behavior of the native VLAN on an 802.1Q trunked interface to maintain the tagged packets and drop all untagged traffic (except control traffic):
switch# configure terminal
switch(config)# vlan dot1q tag native
Changing the System Default Port Mode to Layer 2
You can set the system default port mode to Layer 2 access ports.
See the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 for information on setting the system default port mode to Fibre Channel in storage VDCs.
SUMMARY STEPS
1. configure terminal
2. system default switchport [ shutdown ]
3. exit
4. (Optional) show interface brief
5. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
system default switchport [ shutdown ] Example: switch(config-if)# system default switchport |
Sets the default port mode for all interfaces on the system to Layer 2 access port mode. By default, all the interfaces are Layer 3. |
Step 3 |
exit Example: switch(config-if)# exit switch(config)# |
Exits the interface mode. |
Step 4 |
show interface brief Example: switch# show interface brief |
(Optional) Displays the status and information for interfaces. |
Step 5 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This example shows how to set the system ports to be Layer 2 access ports by default:
switch# configure terminal
switch(config-if)# system default switchport