Cisco Nexus 9000 Series Configuration Manual

  • Cisco Manuals
  • Network Router
  • Nexus 9000 Series
  • Configuration manual

Cisco Nexus 9000 Series Configuration Manual

  • Configuration manual (562 pages)
  • Troubleshooting manual (126 pages)
  • Quick start configuration manual (6 pages)
  • page of 182 Go / 182

Table of Contents

  • Document Conventions
  • Documentation Feedback

CHAPTER 1 Newandchangedinformation

Chapter 2 overview 5.

  • VXLAN Encapsulation and Packet Format
  • Vpc Consistency Check for Vpc Vteps
  • Static Ingress Replication
  • Bud Node Topology

CHAPTER 3 Configuringvxlan

  • Considerations for VXLAN Deployment
  • Network Considerations for VXLAN Deployments
  • Considerations for the Transport Network
  • Enabling Vxlans
  • Mapping VLAN to VXLAN VNI
  • Configuring Port VLAN Mapping on a Trunk Port
  • Configuring Inner VLAN and Outer VLAN Mapping on a Trunk Port
  • Creating and Configuring an NVE Interface and Associate Vnis
  • Configuring Static MAC for VXLAN VTEP
  • Disabling Vxlans
  • Configuring BGP EVPN Ingress Replication
  • Configuring Static Ingress Replication
  • Configuring Q-In-VNI
  • Configuring Selective Q-In-VNI
  • Configuring Q-In-VNI with LACP Tunneling
  • Overview for FHRP over VXLAN
  • Guidelines and Limitations for FHRP over VXLAN
  • Only Supported Deployments for FHRP over VXLAN
  • New Supported Topology for Configuring FHRP over VXLAN
  • Overview of IGMP Snooping over VXLAN
  • Guidelines and Limitations for IGMP Snooping over VXLAN
  • Configuring IGMP Snooping over VXLAN
  • Verifying the VXLAN Configuration
  • Example of VXLAN Bridging Configuration

CHAPTER 4 Configuring VXLAN BGP EVPN

  • Notes for EVPN Convergence
  • Considerations for VXLAN BGP EVPN Deployment
  • VPC Considerations for VXLAN BGP EVPN Deployment
  • BGP EVPN Considerations for VXLAN Deployment
  • Commands for BGP EVPN
  • Enabling VXLAN
  • Configuring VLAN and VXLAN VNI
  • Configuring VRF for VXLAN Routing
  • Configuring SVI for Hosts for VXLAN Routing
  • Configuring VRF Overlay VLAN for VXLAN Routing
  • Configuring VNI under VRF for VXLAN Routing
  • Configuring Anycast Gateway for VXLAN Routing
  • Configuring the NVE Interface and Vnis
  • Configuring BGP on the VTEP
  • Configuring RD and Route Targets for VXLAN Bridging
  • Configuring VXLAN EVPN Ingress Replication
  • Configuring BGP for EVPN on the Spine
  • Suppressing ARP
  • Duplicate Detection for IP and MAC Addresses
  • Verifying the VXLAN BGP EVPN Configuration
  • Example of VXLAN BGP EVPN (EBGP)
  • Example of VXLAN BGP EVPN (IBGP)
  • Example Show Commands
  • Configuring VXLAN OAM
  • VXLAN OAM Overview
  • Loopback (Ping) Message
  • Traceroute or Pathtrace Message

CHAPTER 5 Configuring VXLAN OAM

  • Configuring NGOAM Profile
  • NGOAM Authentication

CHAPTER 6 Configuring VXLAN EVPN Multihoming

  • Introduction to Multihoming
  • BGP EVPN Multihoming
  • BGP EVPN Multihoming Terminology
  • EVPN Multihoming Implementation
  • EVPN Multihoming Redundancy Group
  • Ethernet Segment Identifier
  • LACP Bundling
  • Guidelines and Limitations for VXLAN EVPN Multihoming
  • Enabling EVPN Multihoming
  • VXLAN EVPN Multihoming Configuration Examples
  • Layer 2 Gateway STP Overview
  • Guidelines for Moving to Layer 2 Gateway STP
  • Enabling Layer 2 Gateway STP on a Switch
  • EVPN Multihoming Local Traffic Flows
  • EVPN Multihoming Remote Traffic Flows
  • EVPN Multihoming BUM Flows
  • Overview of VLAN Consistency Checking
  • VLAN Consistency Checking Guidelines and Limitations
  • Configuring VLAN Consistency Checking
  • Displaying Show Command Output for VLAN Consistency Checking
  • Overview of ESI ARP Suppression
  • Limitations for ESI ARP Suppression
  • Configuring ESI ARP Suppression
  • Displaying Show Commands for ESI ARP Suppression

VXLAN Bud Node over VPC

  • VXLAN Bud Node over VPC Overview
  • VXLAN Bud Node over VPC Topology Example
  • DHCP Relay in VXLAN BGP EVPN Overview
  • Basic VXLAN BGP EVPN Configuration
  • Client on Tenant VRF and Server on Layer 3 Default VRF
  • Client on Tenant VRF (SVI X) and Server on the same Tenant VRF (SVI Y)
  • Client on Tenant VRF (VRF X) and Server on Different Tenant VRF (VRF Y)
  • Client on Tenant VRF and Server on Non-Default Non-VXLAN VRF
  • Configuring VPC Peers Example
  • Vpc VTEP DHCP Relay Configuration Example

DHCP Relay in VXLAN BGP EVPN

  • Overview of EVPN with Transparent Firewall Insertion
  • EVPN with Transparent Firewall Insertion Example
  • Show Command Examples

EVPN with Transparent Firewall Insertion

  • Overview of Ipv6 Across a VXLAN EVPN Fabric
  • Configuring Ipv6 Across a VXLAN EVPN Fabric Example

Ipv6 Across a VXLAN EVPN Fabric

Advertisement

Quick Links

  • 1 Configuring Vxlan
  • 2 Configuring Q-In-Vni
  • Download this manual

Related Manuals for Cisco Nexus 9000 Series

Switch Cisco Nexus 9000 Series Configuration Manual

Summary of Contents for Cisco Nexus 9000 Series

  • Page 1 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release First Published: 2015-01-27 Last Modified: 2017-02-17 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 This product includes software written by Tim Hudson ([email protected]). https:/ Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: /www.cisco.com/go/trademarks .

Page 3: Table Of Contents

  • Page 4 Notes for EVPN Convergence Considerations for VXLAN BGP EVPN Deployment VPC Considerations for VXLAN BGP EVPN Deployment Network Considerations for VXLAN Deployments Considerations for the Transport Network BGP EVPN Considerations for VXLAN Deployment Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 5 Configuring NGOAM Profile NGOAM Authentication Configuring VXLAN EVPN Multihoming C H A P T E R 6 VXLAN EVPN Multihoming Overview Introduction to Multihoming BGP EVPN Multihoming BGP EVPN Multihoming Terminology Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 6 DHCP Relay in VXLAN BGP EVPN A P P E N D I X B DHCP Relay in VXLAN BGP EVPN Overview DHCP Relay in VXLAN BGP EVPN Example Basic VXLAN BGP EVPN Configuration Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 7 IPv6 Across a VXLAN EVPN Fabric A P P E N D I X D Overview of IPv6 Across a VXLAN EVPN Fabric Configuring IPv6 Across a VXLAN EVPN Fabric Example Show Command Examples Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 8 Contents Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x viii...

Page 9: Document Conventions

Page 10: documentation feedback, page 11: obtaining documentation and submitting a service request.

  • Page 12 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 13: Chapter

  • Page 14 Added support for displaying 7.0(3)I2(2) Verifying the VXLAN tracking route information. Configuration LACP tunneling support for Added support for VXLAN 7.0(3)I2(2) Configuring Q-in-VNI with VXLAN with LACP tunneling. LACP Tunneling Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 15 Static MAC for VXLAN VTEP Enables the configuration of 7.0(3)I1(2) Configuring Static MAC for support static MAC addresses behind a VXLAN VTEP peer VTEP on Cisco Nexus 9300 Series switches. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 16 VXLAN BGP EVPN support Enables the learning of remote 7.0(3)I1(1) Configuring VXLAN BGP VTEPs, overlay MACs, and EVPN routes through the BGP EVPN control plane protocol on Cisco Nexus 9300 Series switches. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 17: Chapter

Page 18: vxlan encapsulation and packet format, page 19: vpc consistency check for vpc vteps, page 20: static ingress replication, page 21: bud node topology.

  • Page 22 The distributed anycast gateway functionality will be used to facilitate flexible workload placement, and optimal traffic across the L3 core network. The overlay network that will be used is based on VXLAN. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 23: Chapter

  • Page 24 IGMP snooping on VXLAN enabled VLANs is not supported in Cisco Nexus 3232C and 3264Q switches. VXLAN with flood and learn and Layer 2 EVPN is supported in Cisco Nexus 3232C and 3264Q switches. • Bind NVE to a loopback address that is separate from other loopback addresses that are required by Layer 3 protocols.
  • Page 25 Configuring VXLAN Guidelines and Limitations for VXLAN • The VXLAN UDP port number is used for VXLAN encapsulation. For Cisco Nexus NX-OS, the UDP port number is 4789. It complies with IETF standards and is not configurable. • For 7.0(3)I2(1) and later, VXLAN is supported on Cisco Nexus 9500 Series switches with the following linecards: ◦...

Page 26: Considerations For Vxlan Deployment

Page 27: vpc considerations for vxlan deployment.

  • Page 28 • The VPC peer-gateway feature must be enabled on both peers. As a best practice, use peer-switch, peer gateway, ip arp sync, ipv6 nd sync configurations for improved convergence in VPC topologies. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 29 In BUD node topologies, the backup SVI needs to be added as a static OIF for each Note underlay multicast group. The SVI must be configured on both VPC peers and requires PIM to be enabled. Note Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 30: Network Considerations For Vxlan Deployments

Page 31: considerations for the transport network, page 32: mapping vlan to vxlan vni.

  • Page 33 • Port VLAN mapping is not supported on Cisco Nexus 9200 Series switches. Beginning with Cisco NX-OS Release 7.0(3)I6(1), port VLAN switching is supported on Cisco Nexus 9500 and 9300 platform switches. However, PV routing is not supported on Cisco Nexus 9500 and 9300 platform switches.
  • Page 34 VLANs. Step 5 [no] switchport vlan Removes all VLAN mappings configured on the interface. mapping all Step 6 copy running-config (Optional) Copies the running configuration to the startup configuration. startup-config Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 35: Configuring Inner Vlan And Outer Vlan Mapping On A Trunk Port

  • Page 36 11 inner 12 111 switch(config-if)# switchport trunk allowed vlan 101-170 switch(config-if)# no shutdown switch(config-if)# show mac address-table dynamic vlan 111 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 37: Creating And Configuring An Nve Interface And Associate Vnis

Page 38: disabling vxlans, page 39: configuring bgp evpn ingress replication, page 40: configuring q-in-vni.

  • Page 41 • The following is an example of configuring a Q-in-VNI (NX-OS 7.0(3)I3(1) and later releases): switch# config terminal switch(config)# interface ethernet 1/4 switch(config-if)# switchport mode dot1q-tunnel switch(config-if)# switchport access vlan 10 switch(config-if)# spanning-tree bpdufilter enable switch(config-if)# Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 42: Configuring Selective Q-In-Vni

  • Page 43 10050 mcast-group 230.1.1.1 • See the following example for the native VLAN configuration: vlan 150 interface vlan150 no shutdown ip address 150.1.150.6/24 ip pim sparse-mode Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 44: Configuring Q-In-Vni With Lacp Tunneling

  • Page 45 • No MAC address-table notification for mac-move. • As a best practice, configure a fast LACP rate on the interface where the LACP port is configured. Otherwise the convergence time is approximately 90 seconds. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 46 ◦ To avoid saturating the MAC, you should turn off/disable learning of VLANS. • Configuring Q-in-VNI to tunnel LACP packets is not supported for VXLAN EVPN. • The number of port-channel members supported is the number of ports supported by the VTEP. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 47: Configuring Fhrp Over Vxlan

Page 48: only supported deployments for fhrp over vxlan.

  • Page 49 FHRP operates in active/active. The VNI mapped to the VLAN must be configured on the NVE interface and it is associated with the used BUM replication mode (Multicast or Ingress Replication). Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 50: New Supported Topology For Configuring Fhrp Over Vxlan

Page 51: configuring igmp snooping over vxlan, page 52: configuring igmp snooping over vxlan.

  • Page 53 Displays logging level. show tech-support nve Displays related NVE tech-support information. show run interface nve x Displays NVE overlay interface configuration. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 54 VXLAN VLAN logical port VP count is 10*10 = 100. Table 4: Display VXLAN configuration information (Release 7.0(3)I2(2) and later) Command Purpose Displays tracking information for running-config. show run track Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 55: Example Of Vxlan Bridging Configuration

  • Page 56 10 switch-vtep-2(config-if)# no shutdown switch-vtep-2(config)# interface nve1 switch-vtep-2(config-if)# no shutdown switch-vtep-2(config-if)# source-interface loopback0 switch-vtep-2(config-if)# member vni 10000 mcast-group 230.1.1.1 switch-vtep-2(config)# vlan 10 switch-vtep-2(config-vlan)# vn-segment 10000 switch-vtep-2(config-vlan)# exit Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 57 200.200.9.9 switch-vtep-1(config-vlan)# exit switch-vtep-1# show nve vni ingress-replication Interface VNI show nve vni ingress-replication Interface VNI Replication List Up Time --------- -------- ----------------- ------- Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 58 Replication List Up Time --------- -------- ----------------- ------- nve1 10011 200.200.8.8 07:42:23 200.200.10.10 07:42:23 nve1 10012 200.200.8.8 07:42:23 • For a vPC VTEP configuration, the loopback address requires a secondary IP. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 59 10 mode active switch-vtep-1(config-if)# no shutdown switch-vtep-1(config)# interface nve1 switch-vtep-1(config-if)# no shutdown switch-vtep-1(config-if)# source-interface loopback0 switch-vtep-1(config-if)# member vni 10000 mcast-group 230.1.1.1 switch-vtep-1(config)# vlan 10 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 60 10 switch-vtep-3(config-if)# no shutdown switch-vtep-3(config)# interface nve1 switch-vtep-3(config-if)# no shutdown switch-vtep-3(config-if)# source-interface loopback0 switch-vtep-3(config-if)# member vni 10000 mcast-group 230.1.1.1 switch-vtep-3(config)# vlan 10 switch-vtep-3(config-vlan)# vn-segment 10000 switch-vtep-3(config-vlan)# exit Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 61 Example of VXLAN Bridging Configuration The secondary IP is used by the emulated VTEP for VXLAN. Note Ensure that all configurations are identical between the VPC primary and VPC secondary. Note Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 62 Configuring VXLAN Example of VXLAN Bridging Configuration Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 63: Configuring Vxlan Bgp Evpn

  • Page 64 • VXLAN BGP EVPN does not support an NVE interface in a non-default VRF. • It is recommended to configure a single BGP session over the loopback for an overlay BGP session. • For Cisco Nexus 9500 Series switches (7.0(3)I2(1) and later), VXLAN BGP EVPN is available only in the default routing mode.

Page 65: Notes For Evpn Convergence

Page 66: considerations for vxlan bgp evpn deployment, page 67: vpc considerations for vxlan bgp evpn deployment.

  • Page 68 SVI is required to be enabled across peer-link and also configured with PIM. This provides a backup routing path in the case when VTEP loses complete connectivity to the spine. Remote peer reachability is re-routed over the peer-link in this case. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 69: Network Considerations For Vxlan Deployments

Page 70: considerations for the transport network, page 71: bgp evpn considerations for vxlan deployment, page 72: configuring vxlan bgp evpn, page 73: configuring vlan and vxlan vni, page 74: configuring svi for hosts for vxlan routing, page 75: configuring anycast gateway for vxlan routing, page 76: configuring bgp on the vtep, page 77: configuring vxlan evpn ingress replication, page 78: configuring bgp for evpn on the spine, page 79: suppressing arp, page 80: disabling vxlans.

  • Page 81 The range is 2 to 36000 seconds; default is 180 seconds. Detects duplicate host addresses (limited switch(config)# l2rib dup-host-mac-detection 100 10 to 100 moves) in a period of 10 seconds. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 82: Verifying The Vxlan Bgp Evpn Configuration

Page 83: example of vxlan bgp evpn (ebgp).

  • Page 84 40.1.1.1 remote-as 200 update-source loopback0 ebgp-multihop 3 address-family l2vpn evpn disable-peer-as-check send-community extended route-map permitall out ◦ Configure the BGP underlay. neighbor 192.168.1.43 remote-as 200 address-family ipv4 unicast allowas-in Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 85 100 router-id 20.1.1.1 address-family l2vpn evpn retain route-target all neighbor 30.1.1.1 remote-as 200 update-source loopback0 ebgp-multihop 3 address-family l2vpn evpn disable-peer-as-check send-community extended route-map permitall out neighbor 40.1.1.1 remote-as 200 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 86 50.1.1.1/32 ip pim sparse-mode ◦ Configure interfaces for Spine-leaf interconnect interface Ethernet2/2 no switchport load-interval counter 1 5 ip address 192.168.1.22/24 ip pim sparse-mode no shutdown Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 87 4.2.2.1/24 ipv6 address 4:2:0:1::1/64 fabric forwarding mode anycast-gateway ◦ Configure ACL TCAM region for ARP suppression hardware access-list tcam region arp-ether 256 double-wide Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 88 ◦ Enable the EVPN control plane functionality and the relevant protocols feature telnet feature nxapi feature bash-shell feature scp-server nv overlay evpn feature bgp feature pim feature interface-vlan feature vn-segment-vlan-based Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 89 4.1.1.1/24 ipv6 address 4:1:0:1::1/64 fabric forwarding mode anycast-gateway interface Vlan1002 no shutdown vrf member vxlan-900001 ip address 4.2.2.1/24 ipv6 address 4:2:0:1::1/64 fabric forwarding mode anycast-gateway Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 90 200 router-id 40.1.1.1 neighbor 10.1.1.1 remote-as 100 update-source loopback0 ebgp-multihop 3 allowas-in send-community extended address-family l2vpn evpn allowas-in send-community extended neighbor 20.1.1.1 remote-as 100 update-source loopback0 ebgp-multihop 3 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 91 2001001 l2 rd auto route-target import auto route-target export auto vni 2001002 l2 rd auto route-target import auto route-target export auto Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 92: Example Of Vxlan Bgp Evpn (Ibgp)

  • Page 93 • Spine (9504-B) ◦ Enable the EVPN control plane and the relevant protocols feature telnet feature nxapi feature bash-shell feature scp-server nv overlay evpn feature ospf Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 94 40.1.1.1 remote-as 65535 update-source loopback0 address-family l2vpn evpn send-community both route-reflector-client • Leaf (9396-A) ◦ Enable the EVPN control plane nv overlay evpn Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 95 ◦ Configure VRF overlay VLAN/SVI for the VRF interface Vlan101 no shutdown vrf member vxlan-900001 ◦ Create VLAN and provide mapping to VXLAN vlan 1001 vn-segment 2001001 vlan 1002 vn-segment 2001002 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 96 ◦ Configure BGP router bgp 65535 router-id 30.1.1.1 neighbor 10.1.1.1 remote-as 65535 update-source loopback0 address-family l2vpn evpn send-community both neighbor 20.1.1.1 remote-as 65535 update-source loopback0 address-family l2vpn evpn send-community both vrf vxlan-900001 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 97 ◦ Create VRF and configure VNI vrf context vxlan-900001 vni 900001 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn address-family ipv6 unicast route-target both auto route-target both auto evpn Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 98 192.168.4.22/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown interface Ethernet2/3 no switchport ip address 192.168.2.23/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 99: Example Show Commands

  • Page 100 Topology Mac Address Prod Next Hop (s) ----------- -------------- ------ --------------- 0000.8816.b645 BGP 40.0.0.2 0001.0000.0033 Local Ifindex 4362086 0001.0000.0035 Local Ifindex 4362086 0011.0000.0034 BGP 40.0.0.2 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 101 • show l2route evpn mac-ip all leaf3# show l2route evpn mac-ip all Topology ID Mac Address Prod Host IP Next Hop (s) ----------- -------------- ---- ------------------------------------------------------ 0011.0000.0034 BGP 5.1.3.2 40.0.0.2 0011.0000.0034 BGP 5.1.3.2 40.0.0.2 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 102 Configuring VXLAN BGP EVPN Example Show Commands Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 103: Configuring Vxlan Oam

Page 104: loopback (ping) message, page 105: traceroute or pathtrace message.

  • Page 106 (for example, ingress interface and egress interface). These packets terminate at VTEP and they does not reach the host. Therefore, only the VTEP responds. Figure 12: Traceroute Message Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 107: Configuring Vxlan Oam

  • Page 108 The source ip-address 1.1.1.1 used in the above example is a loopback interface that is configured on Leaf Note 1 in the same VRF as the destination ip-address. For example, the VRF in this example is vni-31000. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 109 Path trace Request to peer ip 209.165.201.4 source ip 209.165.201.2 Sender handle: 46 TTL Code Reply IngressI/f EgressI/f State ====================================================================== 1 !Reply from 209.165.201.3, Eth5/5/1 Eth5/5/2 UP/UP 2 !Reply from 209.165.201.4, Eth1/3 Unknown UP/DOWN Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 110: Configuring Ngoam Profile

Page 111: ngoam authentication.

  • Page 112 Input Stats: PktRate:0 ByteRate:0 Load:0 Bytes:339580108 unicast:14658 mcast:307587 bcast:67 discards:0 errors:3 unknown:0 bandwidth:42949672970000000 Output Stats: PktRate:0 ByteRate:0 load:0 bytes:237405790 unicast:2929 mcast:535716 bcast:10408 discards:0 errors:0 bandwidth:42949672970000000 2 !Reply from 12.0.22.1, Eth1/17 Unknown UP / DOWN Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 113: Configuring Vxlan Evpn Multihoming

Page 114: bgp evpn multihoming terminology, page 115: evpn multihoming redundancy group, page 116: guidelines and limitations for vxlan evpn multihoming, page 117: vxlan evpn multihoming configuration examples.

  • Page 118 9216 ip address 10.1.1.6/30 ip pim sparse-mode no shutdown interface port-channel11 switchport mode trunk switchport access vlan 1001 switchport trunk allowed vlan 901-902,1001-1050 ethernet-segment 2011 system-mac 0000.0000.2011 mtu 9216 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 119: Configuring Layer 2 Gateway Stp

Page 120: enabling layer 2 gateway stp on a switch.

  • Page 121 2016 Aug 29 19:14:19 TOR9-leaf4 %$ VDC-1 %$ %STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone port inconsistency blocking port Ethernet1/1 on MST0000. 2016 Aug 29 19:14:19 TOR9-leaf4 %$ VDC-1 %$ %STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone port inconsistency blocking port port-channel13 on MST0000. switch# show spanning-tree Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 122 BPDUs from the access switches. In that case, the access ports on VTEPs lose the advantage of rapid transmission, instead forwarding on Ethernet segment link flap. (They have to go through a proposal and agreement handshake before assuming the FWD-Desg role). Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 123: Configuring Vxlan Evpn Multihoming Traffic Flows

  • Page 124 If switch L1 gets isolated from the core, it must not continue to attract access traffic, as it will not be able to encapsulate and send it on the overlay. This means that the access links must be brought down at L1 if L1 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 125 Instead, H3 shows up as a remote host in the IP table at L1, installed in the context of L3 VNI. This packet must be encapsulated in the router-MAC of L2 and routed to L2 via VXLAN overlay. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 126 Figure 17: L1 is Distributed Anycast Gateway. H1, H2, and H3 are in different VLANs. H1->H3 routing happens via VXLAN tunnel encapsulation. In VPC, H3 ARP would have been synced via MCT and direct routing. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 127 If switch L1 gets isolated from the core, it must not continue to attract access traffic, as it will not be able to encapsulate and send it on the overlay. It means that the access links must be brought down at L1 if L1 loses core reachability. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 128: Evpn Multihoming Remote Traffic Flows

  • Page 129 MAC-IP Route remains the same as used in the current vPC multihoming and standalone single-homing solutions. However, now it has a non-zero ESI field that indicates that this is a multihomed host and it is a candidate for ECMP Path Resolution. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 130 ECMP list for the given ES. Figure 21: Layer 2 VXLAN Gateway. ESI failure on L1. L3 withdraws L1 from MAC ECMP list. This will happen due to EAD/ES mass withdrawal from L1. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 131 L1 and L2 advertise the MAC-IP route for Host H2. Due to the receipt of these routes, L3 builds an L3 ECMP list comprising of L1 and L2. Figure 23: Layer 3 VXLAN Gateway. L3 does IP ECMP to L1/L2 for inter subnet traffic. Access Failure for Remote Routed Traffic Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 132 Figure 24: Layer 3 VXLAN Gateway. ESI failure causes ES mass withdrawal that only impacts L2 ECMP. L3 ECMP continues until Type2 is withdrawn. L3 traffic reaches H2 via suboptimal path L3->L1->L2 until then. Core Failure for Remote Routed Traffic Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 133: Evpn Multihoming Bum Flows

  • Page 134 Figure 27: BUM traffic originating at L1. L2 is the DF for ES1 and ES2. However, L2 must perform split horizon check here as it shares ES1 and ES2 with L1. L2 however Ethernet Segment Route (Type 4) Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 135 DF. Since L2 is the only TOR left in the Ordinal Table, it takes over DF role for all VLANs. BGP EVPN multihoming on Cisco Nexus 9000 Series switches provides minimum operational and cabling expenditure, provisioning simplicity, flow based load balancing, multi pathing, and fail-safe redundancy.

Page 136: Configuring Vlan Consistency Checking

Page 137: configuring vlan consistency checking, page 138: configuring esi arp suppression, page 139: limitations for esi arp suppression.

  • Page 140 Multihoming DEL error invalid current state:0 Peer sync DEL error MAC mismatch Peer sync DEL error second delete Peer sync DEL error deleteing TL route True local DEL error deleteing PS RO route :0 switch# Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 141: Vxlan Bud Node Over Vpc

Page 142: vxlan bud node over vpc overview, page 143: vxlan bud node over vpc topology example.

  • Page 144 10002 mcast-group 225.1.1.1 member vni 10003 mcast-group 225.1.1.1 • Loopback interface configuration interface loopback0 ip address 101.101.101.101/32 ip address 99.99.99.99/32 secondary ip router ospf 1 area 0.0.0.0 ip pim sparse-mode Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 145 Per-vlan consistency status : success Type-2 consistency status : success vPC role : secondary, operational primary Number of vPCs configured Peer Gateway : Enabled Dual-active excluded VLANs Graceful Consistency Check : Enabled Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 146 Up, 99.99.99.99, DP Up, 99.99.99.99, DP IP, Host Reach Mode Nve Vni Configuration 10001-10003 10001-10003 Interface-vlan admin up 2,2000 2,2000 Interface-vlan routing 1-4,2000 1-4,2000 capability Allowed VLANs 1-4,101-103,2000 1-4,101-103,2000 Local suspended VLANs Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 147: Dhcp Relay In Vxlan Bgp Evpn

Page 148: dhcp relay in vxlan bgp evpn example, page 149: basic vxlan bgp evpn configuration.

  • Page 150 900001 associate—vrf member vni 2001001 mcast—group 225.4.0.1 interface Ethernetl/49 switchport mode trunk switchport trunk alluwed vlan 10,1001 spanning—tree port type edge trunk Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 151: Dhcp Relay On Vteps

  • Page 152 Vlanl001 ip dhcp relay address 192.1.42.3 use—vrf default Debug Output • The following is a packet dump for DHCP interact sequences. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 153 Agent Remote ID: f8c2882333a5 Option 82 Suboption: (151) VRF name/VPN ID Option 82 Suboption: (11) Server ID Override Length: 4 Server ID Override: 172.16.16.1 (172.16.16.1) Option 82 Suboption: (5) Link selection Length: 4 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 154: Client On Tenant Vrf (Svi X) And Server On The Same Tenant Vrf (Svi Y)

  • Page 155 !Command: show running-config dhcp !Time: Mon Aug 24 08:26:00 2015 version 7.0(3)11(3) feature dhcp service dhcp ip dhcp relay ip dhcp relay information option I4ip dhcp relay information option vpn ipv6 dhcp relay Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 156 • DHCP Discover packet 9372-1 sent to DHCP server. giaddr is set to 11.11.11.11(loopback1) and suboptions 5/11/151 are set accordingly. Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet (0x01) Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 157 65535 (evpn)segid: 900001 tunnelid: 0x2020202 encap: VXLAN 172.16.16.11/32, ubest/mbest: 1/0, attached *via 172.16.16.11, Vlan1001, [190/0], 00:13:56, hmm 192.1.42.0/24, ubest/mbest: 1/0, attached *via 192.1.42.1, Vlan10, [0/0], 00:36:08, direct 192.1.42.1/32, ubest/mbest: 1/0, attached Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 158: Client On Tenant Vrf (Vrf X) And Server On Different Tenant Vrf (Vrf Y)

  • Page 159 20150825 08:59:37.760733 33.33.33.33 -> 192.1.42.3 DHCP DHCP Request - Transaction ID 0x3eebccae 20150825 08:59:37.761297 192.1.42.3 -> 33.33.33.33 DHCP DHCP ACK - Transaction ID 0x3eebccae 20150825 08:59:37.761554 172.16.16.1 -> 172.16.16.11 DHCP DHCP ACK - Transaction ID 0x3eebccae Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 160: Client On Tenant Vrf And Server On Non-Default Non-Vxlan Vrf

  • Page 161 20150825 09:30:56.216931 0.0.0.0 -> 255.255.255.255 DHCP DHCP Request - Transaction ID 0x28a8606d 20150825 09:30:56.218426 172.16.16.1 -> 172.16.16.11 DHCP DHCP ACK - Transaction ID 0x28a8606d 9372-1# ethanalyzer local interface mgmt display-filter "ip.src==10.122.164.147 or ip.dst==10.122.164.147" limit-captured-frames 0 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 162: Configuring Vpc Peers Example

  • Page 163 /* Only required for VPC VTEP. */ • Advertise LoX into the Layer 3 VRF BGP. Router bgp 2 vrf X network 10.1.1.42/32 • Configure DHCP relay on the SVI under the VRF. interface Vlan1601 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 164: Vpc Vtep Dhcp Relay Configuration Example

  • Page 165 192.168.1.2/30 192.168.1.1 /* vPC Peer-2 */ interface Vlan2000 no shutdown mtu 9216 vrf member tenant-vrf ip address 192.168.1.2/30 vrf context tenant-vrf ip route 192.168.1.1/30 192.168.1.2 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 166 DHCP Relay in VXLAN BGP EVPN vPC VTEP DHCP Relay Configuration Example Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 167: Evpn With Transparent Firewall Insertion

  • Page 168 All TOR leafs have a Layer 2 VNI VLAN X. There is no SVI for VLAN X. The service leafs that are connected to the firewall have Layer 2 VNI VLAN X, non-VXLAN VLAN Y, and SVI Y with a HSRP gateway. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 169: Evpn With Transparent Firewall Insertion Example

  • Page 170 10.0.94.2/24 hsrp 0 preempt priority 255 ip 10.0.94.1 interface nve1 member vni 100094 mcast-group 239.1.1.1 router bgp 64500 routerid 1.1.2.1 neighbor 1.1.1.1 remote-as 64500 address-family l2vpn evpn Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 171 Ten-1 address-family ipv4 unicast network 10.0.94.0/24 /*advertise /24 for SVI 95 subnet; it is not VXLAN anymore*/ advertise l2vpn evpn evpn vni 100094 l2 rd auto Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 172: Show Command Examples

  • Page 173 EVPN with Transparent Firewall Insertion Show Command Examples 10.0.94.0/24, ubest/mbest: 1/0 *via 10.100.5.0, [20/0], 03:14:27, bgp65000,external, tag 6450 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 174 EVPN with Transparent Firewall Insertion Show Command Examples Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 175: Ipv6 Across A Vxlan Evpn Fabric

  • Page 176 10 name RED vn-segment 10010 • Configure the VLAN for L3 VNI . vlan 100 name RED_L3_VNI_VLAN vn-segment 20010 • Define the anycast gateway MAC. fabric forwarding anycast-gateway-mac 0000.2222.3333 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 177 10.1.1.1/24 ipv6 address 2001::1/64 fabric forwarding mode anycast-gateway Note IPv6 ND suppression is not supported on Cisco Nexus 9000 Series switches. (7.0(3)I3(1) and earlier releases) • Configure SVI definition for VLAN 100. interface Vlan100 description RED_L3_VNI_VLAN...

Page 178: Show Command Examples

  • Page 179 • Check the L2ROUTE and ensure that the MAC-IP was learned on the remote VTEP - 9396-A-VTEP. rswV1leaf14# show l2route evpn mac-ip evi 1413 host-ip 2001::64 Mac Address Prod Host IP Next Hop (s) -------------- ---- --------------------------------------- -------------- 7c69.f614.2bc1 BGP 2001::64 198.19.0.15 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 180 IPv6 Across a VXLAN EVPN Fabric Show Command Examples Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 181 14, 55, 67 host-reachability protocol bgp 59, 63, 65 how interface rd auto 61, 65 retain route-target all route-map permitall out Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x IN-1...
  • Page 182 41, 42, 87 show nve vni vrf context 41, 42, 59, 87 59, 61, 63 show nve vni ingress-replication 41, 42 vrf member show nve vni summary Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x IN-2...

Rename the bookmark

Delete bookmark, delete from my manuals, upload manual.

  • Skip to content
  • Skip to search
  • Skip to footer

Cisco Nexus 9000 Series NX-OS SAN Switching Configuration Guide, Release 10.3(x)

Bias-free language.

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

  • New and Changed Information
  • Hardware Support for SAN Switching
  • Enabling FC/FCoE Switch Mode
  • Configuring FCoE
  • Configuring Long-distance Over FCoE
  • Configuring Fibre Channel Interfaces
  • Configuring and Managing VSANs
  • Configuring SAN Port Channels
  • Configuring Fibre Channel Domain Parameters

Configuring FCoE VLANs and Virtual Interfaces

  • Managing FLOGI, Name Server, and RSCN Databases
  • Distributing Device Alias Services
  • Configuring and Managing Zones
  • Advanced Fibre Channel Features

Clear Contents of Search

Chapter: Configuring FCoE VLANs and Virtual Interfaces

Information about virtual interfaces, guidelines and limitations for fcoe vlans and virtual interfaces, mapping a vsan to a vlan, creating a virtual fibre channel interface, associating a virtual fibre channel interface to a vsan, configuring virtual fibre channel – port channel interface, verifying the virtual interface, mapping vsans to vlans example configuration.

This chapter contains the following sections:

Cisco Nexus devices support Fibre Channel over Ethernet (FCoE), which allows Fibre Channel and Ethernet traffic to be carried on the same physical Ethernet connection between the switch and the servers.

The Fibre Channel portion of FCoE is configured as a virtual Fibre Channel interface. Logical Fibre Channel features (such as interface mode) can be configured on virtual Fibre Channel interfaces.

FCoE VLANs and Virtual Fiber Channel (vFC) interfaces have these guidelines and limitations:

Each vFC interface must be bound to an FCoE-enabled Ethernet or EtherChannel interface or to the MAC address of a remotely connected adapter. FCoE is supported on 10-Gigabit , 25-Gigabit, 40-Gigabit , and 100-Gigabit Ethernet interfaces.

A virtual Fibre Channel interface must be bound to an interface before it can be used. The binding is to a physical Ethernet interface (when the converged network adapter (CNA) is directly connected to the Cisco Nexus device), a MAC address (when the CNA is remotely connected over a Layer 2 bridge), or an EtherChannel.

The Ethernet or EtherChannel interface that you bind to the vFC interface must be configured as follows:

The Ethernet or EtherChannel interface must be a trunk port (use the switchport mode trunk command).

The FCoE VLAN that corresponds to a vFC’s VSAN must be in the allowed VLAN list.

Set the MTU 9216 and QoS polices to the interface. You can use default (service-policy type qos input default-fcoe-in-policy) or custom QoS policies.

You must not configure an FCoE VLAN as the native VLAN of the trunk port.

You should use an FCoE VLAN only for FCoE.

Do not use the default VLAN, VLAN1, as an FCoE VLAN.

You must configure the Ethernet interface as PortFast (use the spanning-tree port type edge trunk command).

The vFC interface can be bound to Ethernet port channels with multiple member ports connected to FCoE Initialization Protocol (FIP) snooping bridges.

Each vFC interface is associated with only one VSAN.

You must map any VSAN with associated vFC interfaces to a dedicated FCoE-enabled VLAN.

FCoE is not supported on private VLANs.

If the converged access switches (in the same SAN fabric or in another) need to be connected to each other over Ethernet links for a LAN alternate path, then you must explicitly configure such links to exclude all FCoE VLANs from membership.

You must use separate FCoE VLANs for FCoE in SAN-A and SAN-B fabrics.

FCoE connectivity to pre-FIP CNAs over virtual port channels (vPCs) is not supported.

The Nexus 9000 Series switches do not support the combination of vFC binding with vEthernet. You cannot configure Cisco Adapter Fabric Extender (Adapter-FEX) using feature-set virtualization command.

Configuring Virtual Interfaces

A unique, dedicated VLAN must be configured at every converged access switch to carry traffic for each VSAN in the SAN (for example, VLAN 1002 for VSAN 1, VLAN 1003 for VSAN 2, and so on). If Multiple Spanning Tree (MST) is enabled, a separate MST instance must be used for FCoE VLANs.

SUMMARY STEPS

  • switch# configure terminal
  • switch(config)# vlan vlan-id
  • switch(config-vlan)# fcoe [ vsan vsan-id ]
  • switch(config-vlan)# exit
  • (Optional) switch(config)# show vlan fcoe
  • (Optional) switch(config-if)# copy running-config startup-config

DETAILED STEPS

This example shows how to map VLAN 200 to VSAN 2:

You can create a virtual Fibre Channel interface. You must bind the virtual Fibre Channel interface to a physical interface before it can be used.

  • switch(config)# interface vfc vfc-id
  • switch(config-if)# bind { interface { ethernet slot / port | port-channel channel-number } | mac-address MAC-address }
  • (Optional) switch(config-if)# no bind { interface { ethernet slot / port | port-channel channel-number } | mac-address MAC-address }
  • (Optional) switch(config)# no interface vfc vfc-id

This example shows how to bind a virtual Fibre Channel interface to an Ethernet interface:

This example shows how to bind a virtual Fibre Channel interface to port-channel.:

This example shows how to bind a virtual Fibre Channel interface to a MAC address:

This example shows how to delete a virtual Fibre Channel interface:

This example shows how to unbind a virtual Fibre Channel interface from an ethernet interface:

A unique, dedicated VLAN must be configured at every converged access switch to carry traffic for each Virtual Fabric (VSAN) in the SAN (for example, VLAN 1002 for VSAN 1, VLAN 1003 for VSAN 2, and so on). If MST is enabled, a separate MST instance must be used for FCoE VLANs.

  • switch(config)# vsan database
  • switch(config-vsan)# vsan vsan-id interface vfc vfc-id
  • (Optional) switch(config-vsan)# no vsan vsan-id interface vfc vfc-id

This example shows how to associate a virtual Fibre Channel interface to a VSAN:

Creating an Implicit Virtual Fibre Channel Port Channel Interface

You can create a virtual Fibre Channel (vFC), and implicitly bind it to an Ethernet interface or a port-channel using a single command. For this, the vFC identifier must match the Ethernet interface or port-channel identifier. The Ethernet interface can be a module (slot or port) interface (slot/QSFP-module/port).

Before you begin

Ensure you have installed the correct license for FCoE.

Ensure you have enabled FCoE.

Configuring virtual Fibre Channel Interface

This example shows how to implicitly bind a virtual Fibre Channel interface to an Ethernet interface:

Configuring virtual Fibre Channel - Port Channel Interface

The example shows how you can create a vFC-port-channel that implicitly binds to Ethernet port-channel:

To display configuration information about virtual interfaces, perform one of the following tasks:

This example shows how to display a virtual Fibre Channel interface bound to an Ethernet interface:

This example shows how to display a virtual Fibre Channel interface bound to a MAC address:

This example shows how to display the status of all the interfaces on the switch (some output has been removed for brevity):

This example shows how to display the mapping between the VLANs and VSANs on the switch:

The following example shows how to configure the FCoE VLAN and a virtual Fibre Channel interface:

  • Enable the associated VLAN and map the VLAN to a VSAN.
  • Configure the VLAN on a physical Ethernet interface.
  • Create a virtual Fibre Channel interface and bind it to a physical Ethernet interface.

Associate the virtual Fibre Channel interface to the VSAN.

(Optional) Display membership information for the VSAN.

(Optional) Display the interface information for the virtual Fibre Channel interface.

Step 4

Step 5

Step 6

Was this Document Helpful?

Feedback

Contact Cisco

login required

  • (Requires a Cisco Service Contract )

vlan mapping nexus 9000

  • Skip to content
  • Skip to search
  • Skip to footer

Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 10.3(x)

Bias-free language.

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

  • New and Changed Information
  • Configuring Basic Interface Parameters
  • Configuring Layer 2 Interfaces
  • Configuring Layer 3 Interfaces
  • Configuring Bidirectional Forwarding Detection
  • Configuring Port Channels
  • Configuring vPCs
  • Configuring IP Tunnels

Configuring Q-in-Q VLAN Tunnels

Configuring port vlan mapping on vlans.

  • Configuring Static and Dynamic NAT Translation
  • Configuring IP Event Dampening
  • Configuring IP TCP MSS
  • Configuring Unidirectional Ethernet
  • Configuring Layer 2 Data Center Interconnect
  • IETF RFCs supported by Cisco NX-OS Interfaces
  • Configuration Limits for Cisco NX-OS Interfaces

Clear Contents of Search

Chapter: Configuring Q-in-Q VLAN Tunnels

Q-in-q tunneling, native vlan hazard, information about layer 2 protocol tunneling, selective q-in-q with multiple provider vlans, about port vlan mapping on vlans (translating incoming vlans), guidelines and limitations for q-in-q tunneling and layer 2 protocol tunneling, guidelines and limitations for selective q-in-q with multiple provider vlans, guidelines and limitations for port vlan mapping on vlans, creating a 802.1q tunnel port, configuring vlan mapping for selective q-in-q on a 802.1q tunnel port, configuring selective q-in-q with multiple provider vlans, changing the ethertype for q-in-q, enabling the layer 2 protocol tunnel, configuring global cos for l2 protocol tunnel ports, configuring thresholds for layer 2 protocol tunnel ports, configuring combined access port feature set, verifying the q-in-q configuration, configuration examples for q-in-q and layer 2 protocol tunneling, information about q-in-q tunnels.

This chapter describes how to configure IEEE 802.1Q-in-Q VLAN tunnels and Layer 2 protocol tunneling on Cisco NX-OS devices.

A Q-in-Q VLAN tunnel enables a service provider to segregate the traffic of different customers in their infrastructure, while still giving the customer a full range of VLANs for their internal use by adding a second 802.1Q tag to an already tagged frame.

Business customers of service providers often have specific requirements for VLAN IDs and the number of VLANs to be supported. The VLAN ranges required by different customers in the same service-provider network might overlap, and the traffic of customers through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer would restrict customer configurations and could easily exceed the VLAN limit of 4096 of the 802.1Q specification.

Using the 802.1Q tunneling feature, service providers can use a single VLAN to support customers who have multiple VLANs. Customer VLAN IDs are preserved and the traffic from different customers is segregated within the service-provider infrastructure even when they appear to be on the same VLAN. The 802.1Q tunneling expands the VLAN space by using a VLAN-in-VLAN hierarchy and tagging the tagged packets. A port configured to support 802.1Q tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to a VLAN that is dedicated to tunneling. Each customer requires a separate VLAN, but that VLAN supports all of the customer’s VLANs.

Customer traffic that is tagged in the normal way with appropriate VLAN IDs come from an 802.1Q trunk port on the customer device and into a tunnel port on the service-provider edge switch. The link between the customer device and the edge switch is an asymmetric link because one end is configured as an 802.1Q trunk port and the other end is configured as a tunnel port. You assign the tunnel port interface to an access VLAN ID that is unique to each customer. See the figure below.

vlan mapping nexus 9000

Packets that enter the tunnel port on the service-provider edge switch, which are already 802.1Q-tagged with the appropriate VLAN IDs, are encapsulated with another layer of an 802.1Q tag that contains a VLAN ID that is unique to the customer. The original 802.1Q tag from the customer is preserved in the encapsulated packet. Therefore, packets that enter the service-provider infrastructure are double-tagged.

The outer tag contains the customer’s access VLAN ID (as assigned by the service provider), and the inner VLAN ID is the VLAN of the incoming traffic (as assigned by the customer). This double tagging is called tag stacking, Double-Q, or Q-in-Q as shown in the figure below.

vlan mapping nexus 9000

By using this method, the VLAN ID space of the outer tag is independent of the VLAN ID space of the inner tag. A single outer VLAN ID can represent the entire VLAN ID space for an individual customer. This technique allows the customer’s Layer 2 network to extend across the service provider network, potentially creating a virtual LAN infrastructure over multiple sites.

When configuring 802.1Q tunneling on an edge switch, you must use 802.1Q trunk ports for sending out packets into the service-provider network. However, packets that go through the core of the service-provider network might be carried through 802.1Q trunks, ISL trunks, or nontrunking links. When 802.1Q trunks are used in these core switches, the native VLANs of the 802.1Q trunks must not match any native VLAN of the dot1q-tunnel port on the same switch because traffic on the native VLAN is not tagged on the 802.1Q transmitting trunk port.

In the figure below, VLAN 40 is configured as the native VLAN for the 802.1Q trunk port from Customer X at the ingress edge switch in the service-provider network (Switch B). Switch A of Customer X sends a tagged packet on VLAN 30 to the ingress tunnel port of Switch B in the service-provider network that belongs to access VLAN 40. Because the access VLAN of the tunnel port (VLAN 40) is the same as the native VLAN of the edge-switch trunk port (VLAN 40), the 802.1Q tag is not added to tagged packets that are received from the tunnel port. The packet carries only the VLAN 30 tag through the service-provider network to the trunk port of the egress-edge switch (Switch C) and is misdirected through the egress switch tunnel port to Customer Y.

vlan mapping nexus 9000

These are a couple ways to solve the native VLAN problem:

Configure the edge switch so that all packets going out an 802.1Q trunk, including the native VLAN, are tagged by using the vlan dot1q tag native command. If the switch is configured to tag native VLAN packets on all 802.1Q trunks, the switch accepts untagged packets but sends only tagged packets.

Ensure that the native VLAN ID on the edge switch trunk port is not within the customer VLAN range. For example, if the trunk port carries traffic of VLANs 100 to 200, assign the native VLAN a number outside that range.

Customers at different sites connected across a service-provider network need to run various Layer 2 protocols to scale their topology to include all remote sites, as well as the local sites. The Spanning Tree Protocol (STP) must run properly, and every VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider infrastructure. The Cisco Discovery Protocol (CDP) must be able to discover neighboring Cisco devices from local and remote sites, and the VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.

You can configure the switch to allow multi-tagged BPDUs on a tunnel port. If you enable the l2protocol tunnel allow-double-tag command, when a multi-tagged customer BPDU enters the tunnel port, the original 802.1Q tags from the customer traffic is preserved and an outer VLAN tag (customer’s access VLAN ID, as assigned by the service-provider) is added in the encapsulated packet. Therefore, BPDU packets that enter the service-provider infrastructure are multi tagged. When the BPDUs leave the service-provider network, the outer tag is removed and the original multi-tagged BPDU is sent to the customer network.

When protocol tunneling is enabled, edge switches on the inbound side of the service-provider infrastructure encapsulate Layer 2 protocol packets with a special MAC address and send them across the service-provider network. Core switches in the network do not process these packets, but forward them as normal packets. Bridge protocol data units (BPDUs) for CDP, STP, or VTP cross the service-provider infrastructure and are delivered to customer switches on the outbound side of the service-provider network. Identical packets are received by all customer ports on the same VLANs.

If protocol tunneling is not enabled on 802.1Q tunneling ports, remote switches at the receiving end of the service-provider network do not receive the BPDUs and cannot properly run STP, CDP, 802.1X, and VTP. When protocol tunneling is enabled, Layer 2 protocols within each customer’s network are totally separate from those running within the service-provider network. Customer switches on different sites that send traffic through the service- provider network with 802.1Q tunneling achieve complete knowledge of the customer’s VLAN.

For example, in the figure below, Customer X has four switches in the same VLAN that are connected through the service-provider network. If the network does not tunnel BPDUs, switches on the far ends of the network cannot properly run the STP, CDP, 802.1X, and VTP protocols.

vlan mapping nexus 9000

In the preceding example, STP for a VLAN on a switch in Customer X, Site 1 will build a spanning tree on the switches at that site without considering convergence parameters based on Customer X’s switch in Site 2.

The figure below shows the resulting topology on the customer’s network when BPDU tunneling is not enabled.

vlan mapping nexus 9000

Selective Q-in-Q with multiple provider VLANs is a tunneling feature that allows user-specific range of customer VLANs on a port to be associated with one specific provider VLAN and enables you to have multiple customer VLAN to provider VLAN mappings on a port. Packets that come in with a VLAN tag that matches any of the configured customer VLANs on the port are tunneled across the fabric using the properties of the service provider VLAN. The encapsulated packet carries the customer VLAN tag as part of the Layer 2 header of the inner packet.

When a service provider has multiple customers connecting to the same physical switch using the same VLAN encapsulation, but they should not be on the same Layer 2 segment, translating the incoming VLAN to a unique VLAN/VNI is the right way to extending the segment.

Beginning with Cisco NX-OS Release 10.3(3)F, Port VLAN mapping on non-VXLAN VLANs is supported on Cisco Nexus 9300-EX/FX/FX2/FX3/GX/GX2, C9408 platform switches and Cisco Nexus 9500 switches with 9700-EX/FX/GX line cards.

In the figure below two customers, Blue and Red are connecting to the leaf using VLAN 10 as their encapsulation.

In this example VLAN 10 for Customer Blue (on interface E1/1) is mapped/translated to VLAN 100, and VLAN 10 for customer Red (on interface E1/2) is mapped to VLAN 200.

On the other leaf, this mapping is applied in reverse. Incoming VLAN 100 is mapped to VLAN 10 on Interface E1/1 and VLAN 200 is mapped to VLAN 10 on Interface E1/2.

vlan mapping nexus 9000

You can configure VLAN translation between the ingress (incoming) VLAN and a local (translated) VLAN on a port. For the traffic arriving on the interface where VLAN translation is enabled, the incoming VLAN is mapped to a translated VLAN.

On the underlay, the inner dot1q is deleted, and switched over to the non-VXLAN network. On the outgoing interface, where VLAN translation is configured, the traffic is converted to the original VLAN and egressed out. Refer to the VLAN counters on the translated VLAN for the traffic counters and not on the ingress VLAN.

Q-in-Q tunnels and Layer 2 tunneling have the following configuration guidelines and limitations:

Q-in-Q should be configured on the customer-facing interface of the service provider’s edge device. If an Ethernet frame ingresses a Cisco Nexus 9000 series switch, the switch cannot encapsulate the frame with two 802.1Q headers within a single forwarding decision. Similarly, if a Q-in-Q-encapsulated Ethernet frame needs to egress a Cisco Nexus 9000 series switch without any 802.1Q headers, the switch cannot decapsulate two 802.1Q headers from the Ethernet frame within a single forwarding decision.

Mapping multiple VLANs is supported.

Multi-tagged BPDUs are supported on the Cisco Nexus 93108TC-EX and 93180YC-EX switches. We support up to three tags.

Selective Q-in-Q tunneling is not supported with multi-tagged BPDU.

Only multi-tagged CDP and STP BPDUs are supported.

The inner-most tag must always be 0x8100.

Multiple selective Q-in-Q tags are not supported. That is, Q-in-Q does not support multiple SP tags on a single interface.

Switches in the service-provider network must be configured to handle the increase in MTU size due to Q-in-Q tagging.

MAC address learning for Q-in-Q tagged packets is based on the outer VLAN (Service Provider VLAN) tag. Packet forwarding issues might occur in deployments where a single MAC address is used across multiple inner (customer) VLANs.

Layer 3 and higher parameters cannot be identified in tunnel traffic (for example, Layer 3 destination and source addresses). Tunneled traffic cannot be routed.

The system dot1q-tunnel transit or system dot1q-tunnel transit vlan provider_vlan_list command have the following limitations:

These commands are required on Cisco Nexus 9300-EX/FX/FX2/FX3/GX /GX2 switches and 9500 switches with 9700-EX/FX/GX line cards if the device is configured with Q-in-Q, Selective Q-in-Q or Selective Q-in-Q with multiple provider VLAN features.

It is required that you configure the system dot1q-tunnel transit or system dot1q-tunnel transit vlan provider_vlan_list command on ToR or modular devices. Beginning with Cisco NX-OS Release 9.3(5), the system dot1q-tunnel transit vlan provider_vlan_list command is supported.

It is required that you configure the system dot1q-tunnel transit or the system dot1q-tunnel transit vlan provider_vlan_list command on vPC switches or non-vPC switches.

Layer 2 frames that exit trunk ports will always be tagged, even with the native VLAN of the port if these commands have been configured.

The MPLS, GRE, and IP-in-IP functionalities will not function effectively in conjunction with the Q-in-Q tunneling features if these commands have been configured on the switch.

Cisco Nexus 9000 Series devices can provide only MAC-layer ACL/QoS for tunnel traffic (VLAN IDs and src/dest MAC addresses).

You should use MAC address-based frame distribution.

Asymmetrical links do not support the Dynamic Trunking Protocol (DTP) because only one port on the link is a trunk. You must configure the 802.1Q trunk port on an asymmetrical link to trunk unconditionally.

You cannot configure the 802.1Q tunneling feature on ports that are configured to support private VLANs. Private VLAN are not required in these deployments.

You must disable IGMP snooping on the tunnel VLANs.

You should enter the vlan dot1Q tag native command to maintain the tagging on the native VLAN and drop untagged traffic. This command prevents native VLAN misconfigurations.

You must manually configure the 802.1Q interfaces to be edge ports.

IGMP snooping is not supported on the inner VLAN.

Q-in-Q is not supported on the uplink ports of Cisco Nexus 9332PQ, 9372PX, 9372TX, and 93120TX switches and Cisco Nexus 9396PX, 9396TX, and 93128TX switches with the N9K-M6PQ or N9K-M12PQ generic expansion module (GEM).

Q-in-Q tunnels might be affected by the limitations of the Application Leaf Engine (ALE) uplink ports on Cisco Nexus 9300 and 9500 Series devices: Limitations for ALE Uplink Ports

Q-in-Q tunneling is not supported on the following Application Spine Engine 2 (ASE2) and Application Spine Engine 3 (ASE3) based Cisco Nexus switches.

ASE2 - N9236C, N9272Q, N92304QC, and N92300Y

ASE3 - N92160YC-X

Q-in-Q tagging is not supported.

Layer 2 protocol tunneling is not supported on Cisco Nexus 9500 Series switches with N9K-X9636C-R, N9K-X9636Q-R, N9K-X9636C-RX line cards.

Cisco Nexus 9500 Series switches with N9K-X9636C-R, N9K-X9636Q-R, N9K-X9636C-RX line cards, Q-in-Q is supported only on port or port-channel Layer 2 Access VLAN Edge devices.

FEX configuration is not supported on Q-in-Q ports.

If the command l2potocol tunnel stp is configured on a tunnel interface, the VLAN that you configure on the service provider must be different from that of the customer network.

For selective Q-in-Q with multiple provider VLANs, all the existing limitations and guidelines for selective Q-in-Q apply.

Beginning with Cisco NX-OS Release 9.3(5), selective Q-in-Q with multiple provider VLANs feature is supported on Cisco Nexus N9K-C9316D-GX, N9K-C93600CD-GX, N9K-C9364C-GX switches.

Selective Q-in-Q with multiple provider VLANs feature is supported on Nexus 9300-EX, 9300-FX, 9300-FX2, 9300-FX3 switches.

When you enable multiple provider VLANs on a vPC port channel, you must make sure that the configuration is consistent across the vPC peers.

We recommended not to allow provider VLANs on a regular trunk.

Only allow native VLANs and provider VLANs on the trunk interface allowed VLAN list of a multiple provider VLAN interface.

Port to VLAN mappings (for example: switchport vlan mapping 10 20) is not supported on a port that is configured for selective Q-in-Q with multiple provider VLANs.

Private VLAN is not supported on a port that is configured for selective Q-in-Q with multiple provider VLANs.

Only Layer 2 switching is supported.

Routing on provider VLANs is not supported.

FEX is not supported for selective Q-in-Q with multiple provider VLANs.

Selective Q-in-Q with multiple provider VLANs commands not DME-ized

When VLAN1 is configured as native VLAN with selective Q-in-Q and selective Q-in-Q with multiple provider tag, traffic on the native VLAN gets dropped. Do not configure VLAN1 as native VLAN when the port is configured with the selective Q-in-Q. When VLAN1 is configured as customer VLAN, then the traffic on VLAN1 gets dropped.

Guidelines and Limitations for Combined Access Port Feature set

Beginning Cisco NX-OS Release 9.3(3), Combined Access Port Feature set is supported on Cisco Nexus C9348GC-FXP switches with IPv4 underlay .

The Combined Access Port Feature set consists of the following features:

Private VLAN (with secondary isolated)

Selective Q-in-Q

Port-Security

All the guidelines and limitations for PVLAN and selective Q-in-Q are applicable for Combined Access Port Feature set also.

Port mode private-vlan trunk secondary is supported on Combined Access Port Feature set.

When you enable Combined Access Port Feature set on a vPC port channel, you must ensure that the configuration is consistent across the vPC peers.

We recommend that you enter system dot1q-tunnel transit when running the Combined Access Port Feature set.

Port VLAN mapping (for example: switchport vlan mapping 10 20 ) is not supported.

Only layer 2 switching is supported on Selective Q-in-Q

Only routing is supported on native VLAN of the Combined Access Port Feature

The following are the guidelines and Limitations for Port VLAN Mapping:

Beginning with Cisco NX-OS Release 10.3(3)F, Port VLAN mapping on VLANs is supported on Cisco Nexus 9300-EX/FX/FX2/FX3/GX/GX2, C9408 platform switches and Cisco Nexus 9500 switches with 9700-EX/FX/GX line cards.

The ingress (incoming) VLAN does not need to be configured on the switch as a VLAN. The translated VLAN must be configured.

All Layer 2 source address learning and Layer 2 MAC destination lookup occurs on the translated VLAN. See the VLAN counters on the translated VLAN and not on the ingress (incoming) VLAN.

Port VLAN mapping routing supports configuring an SVI on the translated VLAN.

  • The following example shows incoming VLAN 10 being mapped to local VLAN 100: interface ethernet1/1 switchport vlan mapping 10 100
  • The following is an example of overlapping VLAN for PV translation. In the first statement, VLAN-102 is a translated VLAN. In the second statement, VLAN-102 the VLAN where it is translated to VLAN-103: interface ethernet1/1 switchport vlan mapping 101 102 switchport vlan mapping 102 103

When adding a member to an existing port channel using the force command, the "mapping enable" configuration must be consistent. For example:

VLAN mapping helps with VLAN localization to a port, scoping the VLANs per port. A typical use case is in the service provider environment where the service provider leaf switch has different customers with overlapping VLANs that come in on different ports. For example, customer A has VLAN 10 coming in on Eth 1/1 and customer B has VLAN 10 coming in on Eth 2/2.

Port VLAN mapping does not coexist with PVLAN.

If the inherit port-profile command is configured on a PV interface, use the no inherit port-profile <profile name> command to detach and then execute the no switchport vlan mapping all command.

If the system dot1q-tunnel transit vlan provider_vlan_list command is globally configured on the switch, do not set the provider VLAN as the native or access port VLAN for any other trunk or access port on the system. It is expected to choose provider VLANs other than the native VLANs on the system.

Configuring Q-in-Q Tunnels and Layer 2 Protocol Tunneling

You create the dot1q-tunnel port using the switchport mode command.

For seamless packet forwarding and preservation of all VLAN tags on pure transit boxes in the SP cloud that have no Q-in-Q encapsulation or decapsulation requirement, configure the system-wide system dot1q-tunnel transit or system dot1q-tunnel transit vlan provider_vlan_list command. To remove the configuration, use the no system dot1q-tunnel transit or system dot1q-tunnel transit vlan provider_vlan_list command.

For the supported platforms and limitations of the system dot1q-tunnel transit or system dot1q-tunnel transit vlan provider_vlan_list command, see Guidelines and Limitations for Q-in-Q tunneling and Layer 2 Protocol Tunneling section.

Before you begin

You must first configure the interface as a switchport.

SUMMARY STEPS

  • switch# configure terminal
  • switch(config)# interface ethernet slot/port
  • switch(config-if)# switchport
  • switch(config-if)# switchport mode dot1q-tunnel
  • switch(config-if)# spanning-tree port type edge
  • switch(config-if)# switchport access vlan vlan-id
  • (Optional) switch(config-if)# no switchport mode dot1q-tunnel
  • switch(config-if)# exit
  • (Optional) switch(config)# show dot1q-tunnel [ interface if-range ]
  • (Optional) switch(config)# no shutdown
  • (Optional) switch(config)# copy running-config startup-config

DETAILED STEPS

To configure VLAN mapping for selective Q-in-Q on a 802.1Q tunnel port, complete the following steps.

  • switch(config)# interface interface-id
  • switch(config-if)# switchport vlan mapping vlan-id-range dot1q-tunnel outer vlan-id
  • switch# show interfaces interface-id vlan mapping
  • switch# copy running-config startup-config

Use the no switchport vlan mapping vlan-id-range dot1q-tunnel outer vlan-id command to remove the VLAN mapping configuration.

The following example shows how to configure selective Q-in-Q mapping on the port so that traffic with a C-VLAN ID of 1 to 5 enters the switch with an S-VLAN ID of 100. The traffic of any other VLAN IDs is dropped.

You must configure provider VLANs

You must disable spanning-tree on the trunk port using the spanning-tree bpdufilter enable command.

  • switch(config if)# switchport
  • switch(config-if)# switchport mode trunk
  • switch(config-if)# spanning-tree bpdufilter enable
  • switch(config-if)# switchport trunk native vlan vlan-id
  • switch(config-if)# switchport trunk allowed vlan vlan_list
  • switch(config-if)# show interfaces interface-id vlan mapping

The following example shows how to configure selective Q-in-Q with multiple provider VLANs:

The switch default EtherType is 0x8100 for 802.1Q and Q-in-Q encapsulations. EtherType cannot be configured to 0x9100, 0x9200 and 0x88a8 on the switchport interface.

You can enable protocol tunneling on the 802.1Q tunnel port.

  • switch(config-if)# l2protocol tunnel [ cdp | stp | lacp | lldp | vtp ]
  • (Optional) switch(config-if)# no l2protocol tunnel [ cdp | stp | lacp | lldp | vtp ]

You can specify a Class of Service (CoS) value globally so that ingress BPDUs on the tunnel ports are encapsulated with the specified class.

  • switch(config)# l2protocol tunnel cos value
  • (Optional) switch(config)# no l2protocol tunnel cos
  • switch(config)# exit
  • (Optional) switch# no shutdown
  • (Optional) switch# copy running-config startup-config

You can specify the port drop and shutdown value for a Layer 2 protocol tunneling port.

  • switch(config-if)# l2protocol tunnel drop-threshold [ cdp | stp | vtp ] packets-per-sec
  • (Optional) switch(config-if)# no l2protocol tunnel drop-threshold [ cdp | stp | vtp ]
  • switch(config-if)# l2protocol tunnel shutdown-threshold [ cdp | stp | vtp ] packets-per-sec
  • (Optional) switch(config-if)# no l2protocol tunnel shutdown-threshold [ cdp | stp | vtp ]

To configure combined access port feature set follow these steps.

  • interface interface [ port | port-channel | vPC ]
  • switchport mode private-vlan trunk secondary
  • switchport private-vlan trunk native vlan vlan_id
  • switchport private-vlan trunk allowed vlan vlan list
  • switchport private-vlan association trunk primary_vlan_ID secondary_vlan_ID
  • switchport vlan mapping [ vlan-id-range | all ] dot1q-tunnel outer vlan-id
  • storm-control broadcast level [ high level ] [ lower level ]
  • storm-control multicast level [ high level ] [ lower level ]
  • storm-control action [ shutdown | trap ]
  • load-interval counter { 1 | 2 | 3 }
  • switchport port-security maximum [ max-addr ]
  • switchport port-security action [ restrict | shutdown | protect ]
  • switchport port-security
  • service-policy { input | type { qos input | queuing { input | output }}} policy-map-name

Ensure that the physical or port channel on which you want to implement VLAN translation is configured as a Layer 2 trunk port.

Ensure that the translated VLANs are created on the switch and are also added to the Layer 2 trunk ports trunk-allowed VLAN vlan-list.

  • configure terminal
  • interface type/port
  • [no] switchport vlan mapping enable

[no] switchport vlan mapping vlan-id translated-vlan-id

[no] switchport vlan mapping all

copy running-config startup-config

show interface [ if-identifier ] vlan mapping

Step 4

Translates a VLAN to another VLAN.

The range for both the vlan-id and translated-vlan-id arguments are from 1 to 4094.

Routing of traffic happens in context of SVI for translated VLAN. On the outgoing interface, where VLAN translation is configured, the traffic is converted to the original VLAN and egresses out.

Step 5

Removes all VLAN mappings configured on the interface.

Step 6

Copies the running configuration to the startup configuration.

Step 7

Displays VLAN mapping information for a range of interfaces or for a specific interface.

This example shows how to configure VLAN translation between (the ingress) VLAN 10 and (the local) VLAN 100. The show vlan counters command output shows the statistic counters as translated VLAN instead of customer VLAN.

Was this Document Helpful?

Feedback

Contact Cisco

login required

  • (Requires a Cisco Service Contract )

vlan mapping nexus 9000

  • Skip to content
  • Skip to search
  • Skip to footer

Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 13.1(2)

Available languages, download options.

  • PDF (712.6 KB) View with Adobe Reader on a variety of devices
  • ePub (77.3 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle) (137.0 KB) View on Kindle device or Kindle app on multiple devices

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Nexus 9000 ACI-Mode Switches Release Notes , Release 13.1(2)

The Cisco NX-OS software for the Cisco Nexus 9000 series switches is a data center, purpose-built operating system designed with performance, resiliency, scalability, manageability, and programmability at its foundation. It provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in data centers.

Cisco NX-OS release 13.1 works only on Cisco Nexus 9000 Series switches in ACI Mode.

This document describes the features, bugs, and limitations for the Cisco NX-OS software. Use this document in combination with the Cisco Application Policy Infrastructure Controller, 3.1(2), Release Notes , which you can view at the following location:

https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html

Additional product documentation is listed in the "Related Documentation" section.

Release notes are sometimes updated with new information about restrictions and bugs. See the following website for the most recent version of the Cisco NX-OS Release 13.1(2) Release Notes for Cisco Nexus 9000 Series ACI-Mode Switches :

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-release-notes-list.html

Table 1 shows the online change history for this document.

Table 1. Online History Change

This document includes the following sections:

■        Supported Hardware

■        Supported FEX Models

■        New and Changed Information

■        Installation Notes

■        Compatibility Information

■        Usage Guidelines

■        Bugs

■        Related Documentation

Supported Hardware

Table 2 lists the hardware that the Cisco Nexus 9000 Series ACI Mode switches support.

Table 2 Cisco Nexus 9000 Series Hardware

Supported FEX Models

For tables of the FEX models that the Cisco Nexus 9000 Series ACI Mode switches support, see the following webpage:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/hw/interoperability/fexmatrix/fextables.html

For more information on the FEX models, see the Cisco Nexus 2000 Series Fabric Extenders Data Sheet at the following location:

https://www.cisco.com/c/en/us/products/switches/nexus-2000-series-fabric-extenders/datasheet-listing.html

New and Changed Information

This section lists the new and changed features in this release.

■        New Hardware Features

■        New Software Features

New Hardware Features

The following hardware features are now available:

■        Cisco N9K-C9336C-FX2 Leaf switch

■        Cisco N9K-C9516-FM-E2 fabric module

■        Cisco NXA-PDC-440W-PI DC power supply

■        The Cisco N9K-C9348GC-FXP ToR leaf switch now supports 1 Gigabit and 10 Gigabit speeds on the fabric ports (53 and 54).

■        The N9K-C9336C-FX2 and N9K-C93180LC-EX switches in ACI mode now support 100G breakout. Before configuring a 100G port, connect it using a Cisco QSFP-4SFP25G-CuxM cable to four 25G SFP ports of a Cisco switch or server on the other end. The breakout feature is not supported on ports with port profiles or fast link failure profiles. For more information, see the "Dynamic Breakout Ports" section in the Cisco APIC Layer 2 Networking Configuration Guide .

New Software Features

For new software features, see the Cisco APIC 3.1(2) Release Notes at the following location:

This section contains lists of open and resolved bugs and known behaviors.

■        Known Limitations

■        Open Bugs

■        Resolved Bugs

■        Known Behaviors

Known Limitations

The following list describes IpEpg (IpCkt) known limitations in this release:

■        An IP/MAC Ckt endpoint configuration is not supported in combination with static endpoint configurations.

■        An IP/MAC Ckt endpoint configuration is not supported with Layer 2-only bridge domains. Such a configuration will not be blocked, but the configuration will not take effect as there is no Layer 3 learning in these bridge domains.

■        An IP/MAC Ckt endpoint configuration is not supported with external and infra bridge domains because there is no Layer 3 learning in these bridge domains.

■        An IP/MAC Ckt endpoint configuration is not supported with a shared services provider configuration. The same or overlapping prefix cannot be used for a shared services provider and IP Ckt endpoint. However, this configuration can be applied in bridge domains having shared services consumer endpoint groups.

■        An IP/MAC Ckt endpoint configuration is not supported with dynamic endpoint groups. Only static endpoint groups are supported.

■        No fault will be raised if the IP/MAC Ckt endpoint prefix configured is outside of the bridge domain subnet range. This is because a user can configure bridge domain subnet and IP/MAC Ckt endpoint in any order and so this is not error condition. If the final configuration is such that a configured IP/MAC Ckt endpoint prefix is outside all bridge domain subnets, the configuration has no impact and is not an error condition.

■        Dynamic deployment of contracts based on instrImmedcy set to onDemand/lazy not supported; only immediate mode is supported.

The following list describes direct server return (DSR) known limitations in this release:

■        When a server and load balancer are on the same endpoint group, make sure that the Server does not generate ARP/GARP/ND request/response/solicits. This will lead to learning of LB virtual IP (VIP) towards the Server and defeat the purpose of DSR support

■        Load balancers and servers must be Layer 2 adjacent. Layer 3 direct server return is not supported. If a load balancer and servers are Layer 3 adjacent, then they have to be placed behind the Layer 3 out, which works without a specific direct server return virtual IP address configuration.

■        Direct server return is not supported for shared services. Direct server return endpoints cannot be spread around different virtual routing and forwarding (VRF) contexts.

■        Configurations for a virtual IP address can only be /32 or /128 prefix.

■        Client to virtual IP address (load balancer) traffic always will go through proxy-spine because fabric data-path learning of a virtual IP address does not occur.

■        GARP learning of a virtual IP address must be explicitly enabled. A load balancer can send GARP when it switches over from active-to-standby (MAC changes).

■        Learning through GARP will work only in ARP Flood Mode.

This section lists the open bugs. Click the bug ID to access the Bug Search tool and see additional information about the bug. The "Exists In" column of the table specifies the 13.1(2) releases in which the bug exists. A bug might also exist in releases other than the 13.1(2) releases.

Table 4 Open Bugs in This Release

Resolved Bugs

This section lists the resolved bugs. Click the bug ID to access the Bug Search tool and see additional information about the bug. The "Fixed In" column of the table specifies whether the bug was resolved in the base release or a patch release.

Table 5 Resolved Bugs in This Release

Known Behaviors

This section lists bugs that describe known behaviors. Click the Bug ID to access the Bug Search Tool and see additional information about the bug. The "Exists In" column of the table specifies the 13.1(2) releases in which the known behavior exists. A bug might also exist in releases other than the 13.1(2) releases.

Table 6 Known Behaviors in This Release

■        IPN should preserve the CoS and DSCP values of a packet that enters IPN from the ACI spine switches. If there is a default policy on these nodes that change the CoS value based on the DSCP value or by any other mechanism, you must apply a policy to prevent the CoS value from being changed. At the minimum, the remarked CoS value should not be 4, 5, 6 or 7. If CoS is changed in the IPN, you must configure a multipod QoS policy in the ACI for the multipod that translates queuing class information of the packet into the DSCP value in the outer header of the iVXLAN packet.

■        The following properties within a QoS class under "Global QoS Class policies," should not be changed from its default value and is only used for debugging purposes:

—      MTU (default – 9216 bytes)

—      Queue Control Method (default – Dynamic)

—      Queue Limit (default – 1522 bytes)

—      Minimum Buffers (default – 0)

■        The modular chassis Cisco ACI spine nodes, such as the Cisco Nexus 9508, support warm (stateless) standby where the state is not synched between the active and the standby supervisor modules. For an online insertion and removal (OIR) or reload of the active supervisor module, the standby supervisor module becomes active, but all modules in the switch are reset because the switchover is stateless. In the output of the show system redundancy status command, warm standby indicates stateless mode.

■        When a recommissioned APIC controller rejoins the cluster, GUI and CLI commands can time out while the cluster expands to include the recommissioned APIC controller.

■        If connectivity to the APIC cluster is lost while a switch is being decommissioned, the decommissioned switch may not complete a clean reboot. In this case, the fabric administrator should manually complete a clean reboot of the decommissioned switch.

■        Before expanding the APIC cluster with a recommissioned controller, remove any decommissioned switches from the fabric by powering down and disconnecting them. Doing so will ensure that the recommissioned APIC controller will not attempt to discover and recommission the switch.

IGMP Snooping Known Behaviors:

■        Multicast router functionality is not supported when IGMP queries are received with VxLAN encapsulation.

■        IGMP Querier election across multiple Endpoint Groups (EPGs) or Layer 2 outsides (External Bridged Network) in a given bridge domain is not supported. Only one EPG or Layer 2 outside for a given bridge domain should be extended to multiple multicast routers if any.

■        The rate of the number of IGMP reports sent to a leaf switch should be limited to 1000 reports per second.

■        Unknown IP multicast packets are flooded on ingress leaf switches and border leaf switches, unless "unknown multicast flooding" is set to "Optimized Flood" in a bridge domain. This knob can be set to "Optimized Flood" only for a maximum of 50 bridge domains per leaf.

If "Optimized Flood" is enabled for more than the supported number of bridge domains on a leaf, follow these configuration steps to recover:

—      Set "unknown multicast flooding" to "Flood" for all bridge domains mapped to a leaf.

—      Set "unknown multicast flooding" to "Optimized Flood" on needed bridge domains.

■        Traffic destined to Static Route EP VIPs sourced from N9000 switches (switches with names that end in -EX) might not function properly because proxy route is not programmed.

■        An iVXLAN header of 50 bytes is added for traffic ingressing into the fabric. A bandwidth allowance of (50/50 + ingress_packet_size) needs to be made to prevent oversubscription from happening. If the allowance is not made, oversubscription might happen resulting in buffer drops.

Installation Notes

The following procedure installs a Gigabit Ethernet module (GEM) in a top-of-rack switch:

1.      Clear the switch’s current configuration by using the setup-clean-config command.

2.      Power off the switch by disconnecting the power.

3.      Replace the current GEM card with the new GEM card.

4.      Power on the switch.

For other installation instructions, see the Cisco ACI Fabric Hardware Installation Guide at the following location:

Compatibility Information

■        For the supported optics per device, see the Cisco Optics-to-Device Compatibility Matrix .

■        This release supports the hardware and software listed on the ACI Ecosystem Compatibility List, and supports the Cisco AVS, Release 5.2(1)SV3(3.10).

■        Link level flow control is not supported on ACI-mode switches.

■        To connect the N2348UPQ to ACI leaf switches, the following options are available:

—      Directly connect the 40G FEX ports on the N2348UPQ to the 40G switch ports on the ACI leaf switches

—      Break out the 40G FEX ports on the N2348UPQ to 4x10G ports and connect to the 10G ports on all other ACI leaf switches

Note: A fabric uplink port cannot be used as a FEX fabric port.

■        To connect the APIC (the controller cluster) to the ACI fabric, it is required to have a 10G interface on the ACI leaf. You cannot connect the APIC directly to the N9332PQ ACI leaf switch.

■        We do not qualify third party optics in Cisco ACI. When using third party optics, the behavior across releases is not guaranteed, meaning that the optics might not work in some NX-OS releases. Use third party optics at your own risk. We recommend that you use Cisco SFPs, which have been fully tested in each release to ensure consistent behavior.

■        On Cisco ACI platforms, 25G copper optics do not honor auto-negotiation, and therefore auto-negotiation on the peer device (ESX or standalone) must be disabled to bring up the links.

Usage Guidelines

■        The current list of protocols that are allowed (and cannot be blocked through contracts) include the following. Some of the protocols have SrcPort/DstPort distinction.

Note: See the APIC release notes for policy information: https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html

—      UDP DestPort 161: SNMP. These cannot be blocked through contracts. Creating an SNMP ClientGroup with a list of Client-IP Addresses restricts SNMP access to only those configured Client-IP Addresses. If no Client-IP address is configured, SNMP packets are allowed from anywhere.

—      TCP SrcPort 179: BGP

—      TCP DstPort 179: BGP

—      OSPF

—      UDP DstPort 67: BOOTP/DHCP

—      UDP DstPort 68: BOOTP/DHCP

—      IGMP

—      PIM

—      UDP SrcPort 53: DNS replies

—      TCP SrcPort 25: SMTP replies

—      TCP DstPort 443: HTTPS

—      UDP SrcPort 123: NTP

—      UDP DstPort 123: NTP

■        The Cisco APIC GUI incorrectly reports more memory used than is actually used. To calculate the appropriate amount of memory used, run the "show system internal kernel meminfo | egrep "MemT|MemA"" command on the desired switch. Divide MemAvailable by MemTotal, multiply that number by 100, then subtract that number from 100.

—      Example: 10680000 / 24499856 = 0.436 x 100 = 43.6% Free, 100% - 43.6% = 56.4% Used

■        Leaf and spine switches from two different fabrics cannot be connected regardless of whether the links are administratively kept down.

■        Only one instance of OSPF (or any multi-instance process using the managed object hierarchy for configurations) can have the write access to operate the database. Due to this, the operational database is limited to the default OSPF process alone and the multipodInternal instance does not store any operational data. To debug an OSPF instance ospf-multipodInternal, use the command in VSH prompt. Do not use ibash because some ibash commands depend on Operational data stored in the database.

■        When you enable or disable Federal Information Processing Standards (FIPS) on a Cisco ACI fabric, you must reload each of the switches in the fabric for the change to take effect. The configured scale profile setting is lost when you issue the first reload after changing the FIPS configuration. The switch remains operational, but it uses the default port scale profile. This issue does not happen on subsequent reloads if the FIPS configuration has not changed.

FIPS is supported on Cisco NX-OS release 13.1(2) or later. If you must downgrade the firmware from a release that supports FIPS to a release that does not support FIPS, you must first disable FIPS on the Cisco ACI fabric and reload all of the switches in the fabric.

■        Link-level flow control is not supported on leaf switches that are running in ACI mode.

■        The dual rate BiDirectional (BiDi) transceiver QSFP-40/100-SRBD takes up to 90 seconds for the link to come up after auto-negotiating the speed on both the local and remote end.

—      If both ends support the 40/100 combination, the link comes up quickly as 100G.

—      If one end is 40G and other end supports 40/100, then the link takes longer to negotiate to 40G.

■        You cannot use the breakout feature on a port that has a port profile configured on a Cisco N9K-C93180LC-EX switch. With a port profile on an access port, the port is converted to an uplink, and breakout is not supported on an uplink. With a port profile on a fabric port, the port is converted to a downlink. Breakout is currently supported only on ports 1 through 24.

■        On Cisco 93180LC-EX Switches, ports 25 and 27 are the native uplink ports. Using a port profile, if you convert ports 25 and 27 to downlink ports, ports 29, 30, 31, and 32 are still available as four native uplink ports. Because of the threshold on the number of ports (which is maximum of 12 ports) that can be converted, you can convert 8 more downlink ports to uplink ports.  For example, ports 1, 3, 5, 7, 9, 13, 15, 17 are converted to uplink ports and ports 29, 30, 31 and 32 are the 4 native uplink ports, which is the maximum uplink port limit on Cisco 93180LC-EX switches.

When the switch is in this state and if the port profile configuration is deleted on ports 25 and 27, ports 25 and 27 are converted back to uplink ports, but there are already 12 uplink ports on the switch in the example. To accommodate ports 25 and 27 as uplink ports, 2 random ports from the port range 1, 3, 5, 7, 9, 13, 15, 17 are denied the uplink conversion; the chosen ports cannot be controlled by the user. Therefore, it is mandatory to clear all the faults before reloading the leaf node to avoid any unexpected behavior regarding the port type. If a node is reloaded without clearing the port profile faults, especially when there is a fault related to limit-exceed, the ports might be in an unexpected mode.

■        When using a 25G Mellanox cable that is connected to a Mellanox NIC, you can set the ACI leaf switch port to run at a speed of 25G or 10G.

■        A 25G link that is using the IEEE-RS-FEC mode can communicate with a link that is using the CL16-RS-FEC mode. There will not be a FEC mismatch and the link will not be impacted.

Related Documentation

The Cisco Application Policy Infrastructure Controller (APIC) documentation can be accessed from the following website:

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2018 - 2024 Cisco Systems, Inc. All rights reserved.

Was this Document Helpful?

Feedback

Contact Cisco

login required

  • (Requires a Cisco Service Contract )

This Document Applies to These Products

  • Nexus 9000 Series Switches

vlan mapping nexus 9000

  • Skip to Main content
  • Skip to Footer

Cisco Nexus 9000 シリーズ NX-OS VXLAN 構成ガイド、リリース 10.4(x)

この製品のマニュアルセットは、偏向のない言語を使用するように配慮されています。このマニュアルセットでの偏向のない言語とは、年齢、障害、性別、人種的アイデンティティ、民族的アイデンティティ、性的指向、社会経済的地位、およびインターセクショナリティに基づく差別を意味しない言語として定義されています。製品ソフトウェアのユーザーインターフェイスにハードコードされている言語、RFP のドキュメントに基づいて使用されている言語、または参照されているサードパーティ製品で使用されている言語によりドキュメントに例外が存在する場合があります。シスコのインクルーシブランゲージに対する取り組みの詳細は、 こちらをご覧ください 。

このドキュメントは、米国シスコ発行ドキュメントの参考和訳です。リンク情報につきましては、日本語版掲載時点で、英語版にアップデートがあり、リンク先のページが移動/変更されている場合がありますことをご了承ください。あくまでも参考和訳となりますので、正式な内容については米国サイトのドキュメントを参照ください。

  • アンダーレイ(VXLANv6)での IPv6 を使用した VXLAN の設定
  • VXLAN BGP EVPN の設定
  • EVPN ハイブリッド IRB モード
  • HSRP とエニーキャスト ゲートウェイのデフォルト ゲートウェイの共存(VXLAN EVPN)
  • vPC マルチホーミングの構成
  • vPC ファブリック ピアリングの設定
  • ESI を使用した EVPN マルチホーミングとの相互運用性
  • 外部 VRF 接続とルート リークの設定
  • EVPN と L3VPN (MPLS LDP) のシームレスな統合の設定
  • EVPN と L3VPN (MPLS SR) のシームレスな統合の設定
  • L3VPN SRv6 を備えた EVPN のシームレスな統合の設定
  • EVPN (TRM) の MVPN とのシームレスな統合の設定
  • VXLAN EVPN マルチサイトの構成
  • テナント ルーテッド マルチキャストの設定
  • VXLAN OAM の設定
  • VXLAN QoS の設定
  • BGP EVPN フィルタリングの設定
  • VXLAN BGP-EVPN Null ルートの構成
  • ポート VLAN マッピングの設定
  • VXLAN レイヤ 4 - レイヤ 7 サービスについて
  • VXLAN トラフィック エンジニアリングの構成
  • VNF の比例マルチパスの設定
  • EVPN 分散型 NAT
  • VXLAN BGP EVPN 中の DHCP リレーの概要
  • クロス コネクトの設定
  • CloudSec を使用したセキュアな VXLAN EVPN マルチサイトの設定
  • VXLAN ACL の構成
  • 初期ホップ セキュリティの構成

Clear Contents of Search

章のタイトル: PVLAN の設定

Vxlan 上のプライベート vlan について, vxlan にわたるプライベート vlan に関する注意事項および制約事項, プライベート vlan の設定例.

この章は、次の内容で構成されています。

プライベート VLAN の機能は、VLAN のレイヤ 2 ブロードキャスト ドメインをサブドメインに分割できます。サブドメインは、プライマリ VLAN とセカンダリ VLAN で構成されるプライベート VLAN のペアで表されます。プライベート VLAN ドメインには複数のプライベート VLAN のペアを設定でき、それぞれのペアを各サブドメインに割り当てることができます。プライベート VLAN ドメイン内のすべての VLAN ペアは、同じプライマリ VLAN を共有します。セカンダリ VLAN ID は、各サブドメインの区別に使用されます。

プライベート VLAN over VXLAN は、プライベート VLAN を VXLAN 全体に拡張します。セカンダリ VLAN は、VXLAN 上の複数の VTEP に存在できます。MAC アドレスの学習は、プライマリ VLAN 上で行われ、BGP EVPN を介してアドバタイズされます。トラフィックがカプセル化される場合、使用される VNI はセカンダリ VLAN の VNI です。この機能は、エニーキャスト ゲートウェイもサポートします。エニーキャスト ゲートウェイは、プライマリ VLAN を使用して定義する必要があります。

vlan mapping nexus 9000

VXLAN にわたるプライベート VLAN に関する注意事項と制約事項は次のとおりです。

次のプラットフォームは、VXLAN 経由のプライベート VLAN をサポートします。

Cisco Nexus 9300-EX プラットフォーム スイッチ

Cisco Nexus 9300-FX/FX2 プラットフォーム スイッチ

Cisco Nexus 9300-GX プラットフォーム スイッチ

Cisco NX-OS リリース 9.3(9) 以降、vPC ピアリンク インターフェイスでは PVLAN 構成は許可されません。

Cisco NX-OS リリース 10.2(3)F 以降、VXLAN 経由のプライベート VLAN は Cisco Nexus 9300-FX3/GX2 プラットフォーム スイッチでサポートされます。

アンダーレイのフラッディングと学習はサポートされていません。

ファブリック エクステンダ(FEX)VLAN は、プライベート VLAN にマッピングできません。

vPC ファブリック ピアリングはプライベート VLAN をサポートします。

Cisco NX-OS リリース 10.4(1)F 以降、プライベート VLAN は Cisco Nexus C9348GCFX3 および Cisco C9348GC-FX3PH でサポートされます。

次に、プライベート VLAN の設定例を示します。

このドキュメントは役に立ちましたか?

Feedback

  • ( シスコ サービス契約 が必要です。)

vlan mapping nexus 9000

IMAGES

  1. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x

    vlan mapping nexus 9000

  2. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 6.x

    vlan mapping nexus 9000

  3. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7

    vlan mapping nexus 9000

  4. Configure System nve infra-vlans in VXLAN BGP EVPN on Cisco Nexus 9000

    vlan mapping nexus 9000

  5. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7

    vlan mapping nexus 9000

  6. 了解并配置Nexus 9000 vPC的最佳实践

    vlan mapping nexus 9000

VIDEO

  1. GPT 9000 Conventional Config

  2. 9- VLANs

  3. 29-Switching: VLANs Configuration Part 2

  4. 30-Switching: VLANs Configuration Part 3

  5. 26

  6. 56 SWITCH 2 0 Multiple Spanning Tree Protocol VLAN Mapping

COMMENTS

  1. Configuring Port VLAN Mapping

    Cisco Nexus 9000 Series Switches Configuration Guides Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 9.3 (x) Updated: September 22, 2021 Chapter: Configuring Port VLAN Mapping Chapter Contents This chapter contains the following sections: About Translating Incoming VLANs Guidelines and Limitations for Port VLAN Mapping

  2. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide

    Figure 1. VLANs as Logically Defined Networks VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.

  3. CISCO NEXUS 9000 SERIES CONFIGURATION MANUAL Pdf Download

    Step 5 [no] switchport vlan Removes all VLAN mappings configured on the interface. mapping all Step 6 copy running-config (Optional) Copies the running configuration to the startup configuration. startup-config Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

  4. PDF Configuring Port VLAN Mapping on VLANs

    Figure 1: Logical Traffic Flow You can configure VLAN translation between the ingress (incoming) VLAN and a local (translated) VLAN on a port. For the traffic arriving on the interface where VLAN translation is enabled, the incoming VLAN is mapped to a translated VLAN.

  5. PDF Configuring Port VLAN Mapping

    Port VLAN mapping is supported on Cisco Nexus 9300-EX platform switches. Cisco Nexus 9300, and 9500 switches support switching and routing on overlapped VLAN interfaces; only VLAN-mapping switching is applicable for Cisco Nexus 9500 with EX/FX line cards and 9300-EX/FX/FX2 platform switches.

  6. Cisco Nexus 9000 Series NX-OS SAN Switching Configuration Guide

    The Nexus 9000 Series switches do not support the combination of vFC binding with vEthernet. You cannot configure Cisco Adapter Fabric Extender (Adapter-FEX) using feature-set virtualization command. ... Enable the associated VLAN and map the VLAN to a VSAN. Configure the VLAN on a physical Ethernet interface. ...

  7. PDF Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release

    Cisco Nexus 9000 Series Switch can function as a hardware-based VXLAN gateway. It seamlessly connects VXLAN and VLAN segments as one forwarding domain across the Layer 3 boundary without sacrificing forwarding performance. The Cisco Nexus 9000 Series eliminates the need for an additional physical or virtual.

  8. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release

    Cisco Nexus 9000 Series Switches. Configuration Guides. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 10.3(x)

  9. PDF Nexus 9000: Configure and Verify VXLAN Xconnect

    1. Outer VLAN used in this Xconnect topology is 3000. This would be the one with the VNID and Xconnect configuration. 2. Feature NGOAM has to be enabled and needs this configuration. 3. Dot1q tunnel configuration towards the downstream switch. The vPC configurations are required only when VTEPs are deployed as vPC.

  10. Configuring Port VLAN Mapping

    Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 10.4 (x) Updated: December 14, 2023 Chapter: Configuring Port VLAN Mapping Chapter Contents This chapter contains the following sections: About Translating Incoming VLANs Guidelines and Limitations for Port VLAN Mapping Configuring Port VLAN Mapping on a Trunk Port

  11. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release

    Cisco Nexus 9000 Series Switches Configuration Guides Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 10.4 (x) Updated: December 14, 2023 Chapter: Configuring Port VLAN Mapping on VLANs Chapter Contents This chapter contains the following sections: About Port VLAN Mapping on VLANs (Translating incoming VLANs)

  12. PDF Configuring Port VLAN Mapping on VLANs

    The following are the guidelines and Limitations for Port VLAN Mapping: Beginning with Cisco NX-OS Release 10.3(3)F, Port VLAN mapping on VLANs is supported on Cisco Nexus 9300-EX/FX/FX2/FX3/GX/GX2, C9408 platform switches and Cisco Nexus 9500 switches with 9700-EX/FX/GX line cards.

  13. Cisco Nexus 9000 Series NX-OS Release Notes, Release 9.3(13)

    This document describes the features, issues, and exceptions of Cisco NX-OS Release 9.3(13) software for use on Cisco Nexus 9000 Series switches. Note: The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on ...

  14. Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 13.1(2)

    Cisco NX-OS release 13.1 works only on Cisco Nexus 9000 Series switches in ACI Mode. This document describes the features, bugs, and limitations for the Cisco NX-OS software. Use this document in combination with the Cisco Application Policy Infrastructure Controller, 3.1(2), Release Notes , which you can view at the following location:

  15. PDF Configure and Verify VXLAN VRF Leaking on Nexus 9000

    BL(config)# route-map VXLAN-VRF-default-to-Tenant Create route-map.€ Step 4 BL(config-route-map)# match ip address prefix-list VXLAN-VRF-default-to-Tenant Match prefix-list created on step 2.€ Import route to BGP Once it is verified that route exist on default VRF, route must be imported to BGP process. Configure Command or Action Purpose ...

  16. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7

    Configuring Layer 3 Interfaces

  17. Configure and Verify VXLAN VRF Leaking on Nexus 9000

    Configure and Verify VXLAN VRF Leaking on Nexus 9000. Save. Log in to Save Content Download. Print. Available Languages. Download Options. PDF (222.6 KB) View with Adobe Reader on a variety of devices ... In NXOS a route-map is required as a parameter to filter and redistribute routes, for this example prefix 172.16.120.55/32 is going to be ...

  18. Configure QOS (Filter, Marking and Classifying) on Nexus 9000

    This document describes how to configure and verify Quality of Service (Filter, Marking and Classifying) on Nexus 9000 switches. Background Information Marking and classifying traffic in Quality of Service (QoS) is crucial for network performance and ensuring that critical applications receive the necessary level of service.

  19. PDF Configure QOS (Filter, Marking and Classifying) on Nexus 9000

    4. class-map type qos marking-class 5. match access-group name marking-acl 6. policy-map type qos ingress-classify 7. class marking-class 8. set qos-group 7 9. interface ethernet 1/46 10. service-policy type qos input€ingress-classify Verify Verify Marking In order to verify if marking was performed correctly€a packet capture needs to be ...

  20. Cisco Nexus 9000 シリーズ NX-OS VXLAN 構成ガイド、リリース 9.3 (x)

    Cisco Nexus 9000 シリーズ スイッチ コンフィギュレーション ガイド Cisco Nexus 9000 シリーズ NX-OS VXLAN 構成ガイド、リリース 9.3 (x) マニュアルのコンテンツ Updated: 2021年5月28日金曜日 章のタイトル: ポート VLAN マッピングの設定 章のコンテンツ この章は、次の内容で構成されています。 着信 VLAN の変換について ポート VLAN マッピングに関する注意事項と制限事項: トランク ポート上のポート VLAN マッピングの設定 トランク ポートでの内部 VLAN および外部 VLAN マッピングの設定 着信 VLAN の変換について VLAN 変換が必要な場合や必要な場合があります。

  21. Cisco Nexus 9000 シリーズ NX-OS VXLAN 構成ガイド、リリース 10.4(x)

    Cisco Nexus 9000 シリーズ NX-OS VXLAN 構成ガイド、リリース 10.4(x) ... vn-segment 5003 vlan 1001 !L3 VNI for tenant VRF vn-segment 900001 interface Vlan500 no shutdown private-vlan mapping 501-503 vrf member vxlan-900001 no ip redirects ip address 50.1.1.1/8 ipv6 address 50::1:1:1/64 no ipv6 redirects fabric forwarding mode ...