Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1) First Published: February 29, 2012 Last Modified: March 22, 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface Preface xi Audience xi Document Conventions xi Related Documentation for Nexus 3000 Series NX-OS Software xii Obtaining Documentation and Submitting a Service Request xiv CHAPTER 1 New and Changed Information for this Release 1 New and Changed Information for this Release 1 CHAPTER 2 Overview 3 Layer 2 Ethernet Switching Overview 3 VLANs 3 Private VLANs 4 Spanning Tree 4 STP Overview 4 Rapid PVST+ 5 MST 5 STP Extensions 5 CHAPTER 3 Configuring Ethernet Interfaces 7 Information About
Contents Default CDP Configuration 10 About the Error-Disabled State 10 About Port Profiles 11 Guidelines and Limitations for Port Profiles 11 About the Debounce Timer Parameters 11 About MTU Configuration 11 Configuring Ethernet Interfaces 11 Configuring the UDLD Mode 12 Changing an Interface Port Mode 13 Configuring Interface Speed 14 Disabling Link Negotiation 15 Configuring the CDP Characteristics 16 Enabling or Disabling CDP 17 Enabling the Error-Disabled Detection 18 Enabling the Error-Disabled Recov
Contents Configuring a VLAN as a Management SVI 34 Configuring VTP 34 Verifying VLAN Configuration 36 CHAPTER 5 Configuring Private VLANs 37 Information About Private VLANs 37 Primary and Secondary VLANs in Private VLANs 38 Private VLAN Ports 38 Primary, Isolated, and Community Private VLANs 39 Associating Primary and Secondary VLANs 40 Private VLAN Promiscuous Trunks 41 Private VLAN Isolated Trunks 41 Broadcast Traffic in Private VLANs 41 Private VLAN Port Isolation 41 Guidelines and Limitations for Pri
Contents Configuring Access and Trunk Interfaces 53 Configuring a LAN Interface as an Ethernet Access Port 53 Configuring Access Host Ports 54 Configuring Trunk Ports 54 Configuring the Native VLAN for 802.1Q Trunking Ports 55 Configuring the Allowed VLANs for Trunking Ports 55 Configuring Native 802.
Contents Protocol Timers 71 Port Roles 71 Port States 72 Rapid PVST+ Port State Overview 72 Blocking State 73 Learning State 73 Forwarding State 73 Disabled State 74 Summary of Port States 74 Synchronization of Port Roles 74 Processing Superior BPDU Information 75 Processing Inferior BPDU Information 76 Spanning-Tree Dispute Mechanism 76 Port Cost 76 Port Priority 77 Rapid PVST+ and IEEE 802.1Q Trunks 77 Rapid PVST+ Interoperation with Legacy 802.1D STP 77 Rapid PVST+ Interoperation with 802.
Contents MST Overview 89 MST Regions 90 MST BPDUs 90 MST Configuration Information 91 IST, CIST, and CST 91 IST, CIST, and CST Overview 91 Spanning Tree Operation Within an MST Region 92 Spanning Tree Operations Between MST Regions 92 MST Terminology 93 Hop Count 94 Boundary Ports 94 Spanning-Tree Dispute Mechanism 95 Port Cost and Port Priority 96 Interoperability with IEEE 802.
Contents Specifying the Link Type 111 Restarting the Protocol 111 Verifying MST Configurations 112 CHAPTER 10 Configuring STP Extensions 113 About STP Extensions 113 Information About STP Extensions 113 Understanding STP Port Types 113 Spanning Tree Edge Ports 113 Spanning Tree Network Ports 114 Spanning Tree Normal Ports 114 Understanding Bridge Assurance 114 Understanding BPDU Guard 114 Understanding BPDU Filtering 115 Understanding Loop Guard 116 Understanding Root Guard 116 Configuring STP Extensions
Contents Configuring MAC Addresses 131 Configuring a Static MAC Address 131 Configuring the Aging Time for the MAC Table 132 Clearing Dynamic Addresses from the MAC Table 133 Verifying the MAC Address Configuration 133 CHAPTER 13 Configuring IGMP Snooping 135 Information About IGMP Snooping 135 IGMPv1 and IGMPv2 136 IGMPv3 137 IGMP Snooping Querier 137 IGMP Forwarding 137 Configuring IGMP Snooping Parameters 138 Verifying IGMP Snooping Configuration 141 CHAPTER 14 Configuring Traffic Storm Control 143
Preface This preface contains the following sections: • Audience, page xi • Document Conventions, page xi • Related Documentation for Nexus 3000 Series NX-OS Software, page xii • Obtaining Documentation and Submitting a Service Request, page xiv Audience This publication is for experienced network administrators who configure and maintain Cisco Nexus Series devices.
Preface Related Documentation for Nexus 3000 Series NX-OS Software Convention Description [x {y | z}] Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element. variable Indicates a variable for which you supply values, in context where italics cannot be used. string A nonquoted set of characters.
Preface Related Documentation for Nexus 3000 Series NX-OS Software Release Notes The release notes are available at the following URL: http://www.cisco.com/en/US/products/ps11541/prod_release_notes_list.html Installation and Upgrade Guides The installation and upgrade guides are available at the following URL: http://www.cisco.com/en/US/products/ps11541/prod_installation_guides_list.
Preface Obtaining Documentation and Submitting a Service Request Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.
CHAPTER 1 New and Changed Information for this Release The following table provides an overview of the significant changes to this guide for this current release. The table does not provide an exhaustive list of all changes made to the configuration guides or of the new features in this release. • New and Changed Information for this Release, page 1 New and Changed Information for this Release The following table provides an overview of the significant changes to this guide for this current release.
New and Changed Information for this Release New and Changed Information for this Release Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 2 Overview This chapter contains the following sections: • Layer 2 Ethernet Switching Overview, page 3 • VLANs, page 3 • Private VLANs, page 4 • Spanning Tree , page 4 Layer 2 Ethernet Switching Overview The device supports simultaneous, parallel connections between Layer 2 Ethernet segments. Switched connections between Ethernet segments last only for the duration of the packet. New connections can be made between different segments for the next packet.
Overview Private VLANs All ports, including the management port, are assigned to the default VLAN (VLAN1) when the device first comes up. A VLAN interface, or switched virtual interface (SVI), is a Layer 3 interface that is created to provide communication between VLANs. The devices support 4094 VLANs in accordance with the IEEE 802.1Q standard. These VLANs are organized into several ranges, and you use each range slightly differently.
Overview Rapid PVST+ Note Cisco NX-OS for the Cisco Nexus 3000 Series uses the extended system ID and MAC address reduction; you cannot disable these features. In addition, Cisco has created some proprietary features to enhance the spanning tree activities. Rapid PVST+ Rapid PVST+ is the default spanning tree mode for the software and is enabled by default on the default VLAN and all newly created VLANs.
Overview STP Extensions • Root Guard—Root Guard prevents the port from becoming the root in an STP topology. Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 3 Configuring Ethernet Interfaces This chapter contains the following sections: • Information About Ethernet Interfaces, page 7 • Configuring Ethernet Interfaces, page 11 • Displaying Interface Information, page 21 • Displaying Input Packet Discard Information, page 23 • Default Physical Ethernet Settings , page 24 Information About Ethernet Interfaces The Ethernet ports can operate as standard Ethernet interfaces connected to servers or to a LAN.
Configuring Ethernet Interfaces About the Unidirectional Link Detection Parameter The interface numbering convention is extended to support use with a Cisco Nexus 2000 Series Fabric Extender as follows: switch(config)# interface ethernet [chassis/]slot/port • Chassis ID is an optional entry to address the ports of a connected Fabric Extender. The chassis ID is configured on a physical Ethernet or EtherChannel interface on the switch to identify the Fabric Extender discovered via the interface.
Configuring Ethernet Interfaces About the Unidirectional Link Detection Parameter The following figure shows an example of a unidirectional link condition. Device B successfully receives traffic from Device A on the port. However, Device A does not receive traffic from Device B on the same port. UDLD detects the problem and disables the port. Figure 1: Unidirectional Link Default UDLD Configuration The following table shows the default UDLD configuration.
Configuring Ethernet Interfaces About Interface Speed In these cases, the UDLD aggressive mode disables one of the ports on the link, which prevents traffic from being discarded. About Interface Speed A Cisco Nexus 3000 Series switch has a number of fixed 10-Gigabit ports, each equipped with SFP+ interface adapters.
Configuring Ethernet Interfaces About Port Profiles enabled, the interface status displays as err-disabled. Once an interface goes into the err-disabled state, you must manually reenable it or you can configure an automatic timeout recovery value. The err-disabled detection is enabled by default for all causes. The automatic recovery is not configured by default. When an interface is in the err-disabled state, use the errdisable detect cause command to find information about the error.
Configuring Ethernet Interfaces Configuring the UDLD Mode Configuring the UDLD Mode You can configure normal or aggressive unidirectional link detection (UDLD) modes for Ethernet interfaces on devices configured to run UDLD. Before you can enable a UDLD mode for an interface, you must make sure that UDLD is already enabled on the device that includes the interface. UDLD must also be enabled on the other linked interface and its device.
Configuring Ethernet Interfaces Changing an Interface Port Mode This example shows how to disable UDLD for an Ethernet port: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# udld disable This example shows how to disable UDLD for the switch: switch# configure terminal switch(config)# no feature udld Changing an Interface Port Mode You can configure a Quad small form-factor pluggable (QSFP+) port by using the hardware profile portmode command.
Configuring Ethernet Interfaces Configuring Interface Speed switch(config)# hardware profile portmode 48x10g+4x40g Warning: This command will take effect only after saving the configuration and reload! Port configurations could get lost when port mode is changed! switch(config)# copy running-config startup-config switch(config)# reload WARNING: This command will reboot the system Do you want to continue? (y/n) [n] y This example shows how to change the port mode to 48x10g+4x40g for QSFP+ ports and verify
Configuring Ethernet Interfaces Disabling Link Negotiation Command or Action Purpose This command can only be applied to a physical Ethernet interface.
Configuring Ethernet Interfaces Configuring the CDP Characteristics Command or Action Purpose Step 3 switch(config-if)# no negotiate auto Disables link negotiation on the selected Ethernet interface (1-Gigabit port). Step 4 switch(config-if)# negotiate auto (Optional) Enables link negotiation on the selected Ethernet interface. The default for 1-Gigabit ports is enabled.
Configuring Ethernet Interfaces Enabling or Disabling CDP Command or Action Purpose Use the no form of the command to return to its default setting. Step 5 switch(config)# [no] cdp timer seconds (Optional) Sets the transmission frequency of CDP updates in seconds. The range is 5 to 254; the default is 60 seconds. Use the no form of the command to return to its default setting.
Configuring Ethernet Interfaces Enabling the Error-Disabled Detection Enabling the Error-Disabled Detection You can enable error-disable (err-disabled) detection in an application. As a result, when a cause is detected on an interface, the interface is placed in an err-disabled state, which is an operational state that is similar to the link-down state. Procedure Step 1 Command or Action Purpose config t Enters configuration mode.
Configuring Ethernet Interfaces Enabling the Error-Disabled Recovery Enabling the Error-Disabled Recovery You can specify the application to bring the interface out of the error-disabled (err-disabled) state and retry coming up. It retries after 300 seconds, unless you configure the recovery timer (see the errdisable recovery interval command). Procedure Step 1 Command or Action Purpose config t Enters configuration mode.
Configuring Ethernet Interfaces Configuring the Debounce Timer Procedure Step 1 Command or Action Purpose config t Enters configuration mode. Example: switch#config t switch(config)# Step 2 errdisable recovery interval interval Example: switch(config)#errdisable recovery interval 32 switch(config-if)# Step 3 show interface status err-disabled Specifies the interval for the interface to recover from the err-disabled state. The range is from 30 to 65535 seconds. The default is 300 seconds.
Configuring Ethernet Interfaces Disabling and Restarting Ethernet Interfaces Step 3 Command or Action Purpose switch(config-if)# description test Specifies the description for the interface. This example shows how to set the interface description to "Server 3 Interface." switch# configure terminal switch(config)# interface ethernet 1/3 switch(config-if)# description Server 3 Interface Disabling and Restarting Ethernet Interfaces You can shut down and restart an Ethernet interface.
Configuring Ethernet Interfaces Displaying Interface Information Command Purpose switch# show interface type slot/port Displays the detailed configuration of the specified interface. switch# show interface type slot/port capabilities Displays detailed information about the capabilities of the specified interface.
Configuring Ethernet Interfaces Displaying Input Packet Discard Information Trunk encap. type: Channel: Broadcast suppression: Flowcontrol: Rate mode: QOS scheduling: CoS rewrite: ToS rewrite: SPAN: UDLD: 802.
Configuring Ethernet Interfaces Default Physical Ethernet Settings +-----------------------------------------+-----------------+----------------+ | Counter Description | Count | | +-----------------------------------------+-----------------+----------------+ IPv4 Discards 0 STP Discards 0 Policy Discards 100 ACL Drops 0 Receive Drops 0 Vlan Discards 33 +-----------------------------------------+-----------------+----------------+ Counter Information: • IPv4 Discards--- IPv4 Discards represent errors at th
Configuring Ethernet Interfaces Default Physical Ethernet Settings 1 MTU cannot be changed per-physical Ethernet interface. You modify MTU by selecting maps of QoS classes. Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
Configuring Ethernet Interfaces Default Physical Ethernet Settings Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 4 Configuring VLANs This chapter contains the following sections: • Information About VLANs, page 27 • Configuring a VLAN, page 30 Information About VLANs Understanding VLANs A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.
Configuring VLANs VLAN Ranges the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to another VLAN. Figure 2: VLANs as Logically Defined Networks VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.
Configuring VLANs Creating, Deleting, and Modifying VLANs Table 4: VLAN Ranges VLANs Numbers Range Usage 1 Normal Cisco default. You can use this VLAN, but you cannot modify or delete it. 2—1005 Normal You can create, use, modify, and delete these VLANs. 1006—3967 and 4048—4093 Extended You can create, name, and use these VLANs. You cannot change the following parameters: • The state is always active. • The VLAN is always enabled. You cannot shut down these VLANs.
Configuring VLANs About the VLAN Trunking Protocol When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to that VLAN. Note Commands entered in the VLAN configuration submode are immediately executed.
Configuring VLANs Configuring a VLAN Note When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and the packets are dropped. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# vlan {vlan-id | vlan-range} Step 3 Creates a VLAN or a range of VLANs. If you enter a number that is already assigned to a VLAN, the switch puts you into the VLAN configuration submode for that VLAN.
Configuring VLANs Adding Ports to a VLAN Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# vlan {vlan-id Enters VLAN configuration submode. If the VLAN does not exist, the system first creates the specified VLAN. | vlan-range} Step 3 switch(config-vlan)# name vlan-name Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs.
Configuring VLANs Configuring a VLAN as a Routed SVI Command or Action Step 3 Purpose switch(config-if)# switchport access vlan Sets the access mode of the interface to the specified VLAN. vlan-id This example shows how to configure an Ethernet interface to join VLAN 5: switch# configure terminal switch(config)# interface ethernet 1/13 switch(config-if)# switchport access vlan 5 Configuring a VLAN as a Routed SVI You can configure a VLAN to be a routed switch virtual interface (SVI).
Configuring VLANs Configuring a VLAN as a Management SVI What to Do Next You can configure routing protocols on this interface. Configuring a VLAN as a Management SVI You can configure a VLAN to be a management switch virtual interface (SVI). Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Step 2 feature interface-vlan Enables the creation of SVIs.
Configuring VLANs Configuring VTP Command or Action Purpose Step 3 switch(config)# vtp domain domain-name Specifies the name of the VTP domain that you want this device to join. The default is blank. Step 4 switch(config)# vtp version {1 | 2} Sets the VTP version that you want to use. The default is version 1. Step 5 switch(config)# vtp file file-name Specifies the ASCII filename of the IFS file system file where the VTP configuration is stored.
Configuring VLANs Verifying VLAN Configuration VTP Traps Generation : Disabled MD5 Digest : 0xF5 0xF1 0xEC 0xE7 0x29 0x0C 0x2D 0x01 Configuration last modified by 60.10.10.1 at 0-0-00 00:00:00 VTP version running : 1 Verifying VLAN Configuration Use one of the following commands to verify the configuration: Command Purpose switch# show running-config vlan [vlan_id | vlan_range] Displays VLAN information.
CHAPTER 5 Configuring Private VLANs This chapter contains the following sections: • Information About Private VLANs, page 37 • Guidelines and Limitations for Private VLANs, page 42 • Configuring a Private VLAN, page 42 • Verifying the Private VLAN Configuration, page 47 Information About Private VLANs A private VLAN (PVLAN) partitions the Ethernet broadcast domain of a VLAN into subdomains, allowing you to isolate the ports on the switch from each other.
Configuring Private VLANs Primary and Secondary VLANs in Private VLANs the associated promiscuous port in its primary VLAN. Hosts on community VLANs can communicate among themselves and with their associated promiscuous port but not with ports in other community VLANs. Figure 3: Private VLAN Domain Note You must first create the VLAN before you can convert it to a PVLAN, either primary or secondary. Primary and Secondary VLANs in Private VLANs A private VLAN domain has only one primary VLAN.
Configuring Private VLANs Primary, Isolated, and Community Private VLANs • Promiscuous port—A promiscuous port belongs to the primary VLAN. The promiscuous port can communicate with all interfaces, including the community and isolated host ports, that belong to those secondary VLANs associated to the promiscuous port and associated with the primary VLAN. You can have several promiscuous ports in a primary VLAN.
Configuring Private VLANs Primary, Isolated, and Community Private VLANs The following figure shows the traffic flows within a PVLAN, along with the types of VLANs and types of ports. Figure 4: Private VLAN Traffic Flows Note The PVLAN traffic flows are unidirectional from the host ports to the promiscuous ports. Traffic received on primary VLAN enforces no separation and forwarding is done as in a normal VLAN.
Configuring Private VLANs Private VLAN Promiscuous Trunks For an association to be operational, the following conditions must be met: • The primary VLAN must exist and be configured as a primary VLAN. • The secondary VLAN must exist and be configured as either an isolated or community VLAN. Note Use the show vlan private-vlan command to verify that the association is operational. The switch does not display an error message when the association is nonoperational.
Configuring Private VLANs Guidelines and Limitations for Private VLANs • Configure selected interfaces connected to end stations as isolated ports to prevent any communication. For example, if the end stations are servers, this configuration prevents communication between the servers. • Configure interfaces connected to default gateways and selected end stations (for example, backup servers) as promiscuous ports to allow all end stations access to a default gateway.
Configuring Private VLANs Configuring a VLAN as a Private VLAN Configuring a VLAN as a Private VLAN To create a PVLAN, you first create a VLAN, and then configure that VLAN to be a PVLAN. Before You Begin Ensure that the PVLAN feature is enabled. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# vlan {vlan-id | vlan-range} Places you into the VLAN configuration submode.
Configuring Private VLANs Associating Secondary VLANs with a Primary Private VLAN • The secondary-vlan-list parameter can contain multiple community VLAN IDs and one isolated VLAN ID. • Enter a secondary-vlan-list or use the add keyword with a secondary-vlan-list to associate secondary VLANs with a primary VLAN. • Use the remove keyword with a secondary-vlan-list to clear the association between secondary VLANs and a primary VLAN.
Configuring Private VLANs Configuring an Interface as a Private VLAN Host Port Configuring an Interface as a Private VLAN Host Port In PVLANs, host ports are part of the secondary VLANs, which are either community VLANs or isolated VLANs. Configuring a PVLAN host port involves two steps. First, you define the port as a PVLAN host port and then you configure a host association between the primary and secondary VLANs.
Configuring Private VLANs Configuring a Promiscuous Trunk Port Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface type slot/port Selects the port to configure as a PVLAN promiscuous port. A physical interface is required. This port cannot be on a FEX. Step 3 switch(config-if)# switchport mode private-vlan promiscuous Configures the port as a promiscuous port for a PVLAN.
Configuring Private VLANs Configuring Native 802.1Q VLANs on Private VLANs Configuring Native 802.1Q VLANs on Private VLANs You cannot perform this task because the Cisco Nexus 3000 Series device does not support Private VLAN trunk ports. Verifying the Private VLAN Configuration To display PVLAN configuration information, use the following commands: Command Purpose switch# show feature Displays the features enabled on the switch.
Configuring Private VLANs Verifying the Private VLAN Configuration Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 6 Configuring Access and Trunk Interfaces This chapter contains the following sections: • Information About Access and Trunk Interfaces, page 49 • Configuring Access and Trunk Interfaces, page 53 • Verifying Interface Configuration, page 57 Information About Access and Trunk Interfaces Understanding Access and Trunk Interfaces Ethernet interfaces can be configured either as access ports or a trunk ports, as follows: • An access port can have only one VLAN configured on the interface; it can carry
Configuring Access and Trunk Interfaces Understanding IEEE 802.1Q Encapsulation The following figure shows how you can use trunk ports in the network. The trunk port carries traffic for two or more VLANs. Figure 5: Devices in a Trunking Environment In order to correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.1Q encapsulation or tagging method. To optimize the performance on access ports, you can configure the port as a host port.
Configuring Access and Trunk Interfaces Understanding Access VLANs and packet belong. This method allows packets that are encapsulated for several different VLANs to traverse the same port and maintain traffic separation between the VLANs. The encapsulated VLAN tag also allows the trunk to move traffic end-to-end through the network on the same VLAN. Figure 6: Header without and with 802.
Configuring Access and Trunk Interfaces Understanding the Native VLAN ID for Trunk Ports Understanding the Native VLAN ID for Trunk Ports A trunk port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default port VLAN ID to the trunk port, all untagged traffic travels on the default port VLAN ID for the trunk port, and all untagged traffic is assumed to belong to this VLAN. This VLAN is referred to as the native VLAN ID for a trunk port.
Configuring Access and Trunk Interfaces Configuring Access and Trunk Interfaces This feature is supported on all the directly connected Ethernet and EtherChannel interfaces of the Cisco Nexus 3000 Series switch. Note You can enable the vlan dot1q tag native command by issuing the command in the global configuration mode. Configuring Access and Trunk Interfaces Configuring a LAN Interface as an Ethernet Access Port You can configure an Ethernet interface as an access port.
Configuring Access and Trunk Interfaces Configuring Access Host Ports Configuring Access Host Ports By using switchport host, you can make an access port a spanning-tree edge port, and enable bpdu filtering and bpdu guard at the same time. Before You Begin Ensure that you are configuring the correct interface; it must be an interface that is connnected to an end station. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring Access and Trunk Interfaces Configuring the Native VLAN for 802.1Q Trunking Ports Step 3 Command or Action Purpose switch(config-if)# switchport mode {access | trunk} Sets the interface as an Ethernet trunk port. A trunk port can carry traffic in one or more VLANs on the same physical link (VLANs are based on the trunk-allowed VLANs list). By default, a trunk interface can carry traffic for all VLANs.
Configuring Access and Trunk Interfaces Configuring Native 802.1Q VLANs Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface {type slot/port | port-channel number} Specifies an interface to configure, and enters interface configuration mode. Step 3 switch(config-if)# switchport trunk allowed vlan {vlan-list all | none [add |except | none | remove {vlan-list}]} Sets allowed VLANs for the trunk interface.
Configuring Access and Trunk Interfaces Verifying Interface Configuration Command or Action Purpose Step 2 switch(config)# vlan dot1q tag native Enables dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the Cisco Nexus 3000 Series switch. By default, this feature is disabled. Step 3 switch(config)# no vlan dot1q tag native (Optional) Disables dot1q (IEEE 802.1Q) tagging for all native VLANs on all trunked ports on the switch.
Configuring Access and Trunk Interfaces Verifying Interface Configuration Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 7 Configuring Switching Modes This chapter contains the following sections: • Information About Switching Modes, page 59 • Guidelines and Limitations for Switching Modes, page 60 • Licensing Requirements for Switching Modes, page 60 • Default Settings for Switching Modes, page 61 • Configuring Switching Modes, page 61 • Feature History for Switching Modes, page 62 Information About Switching Modes The switching mode determines whether the switch begins forwarding the frame as soon as the switch h
Configuring Switching Modes Guidelines and Limitations for Switching Modes Because it waits to forward the frame until the entire frame has been received and checked, the switching speed in store-and-forward switching mode is slower than the switching speed in cut-through switching mode.
Configuring Switching Modes Default Settings for Switching Modes Default Settings for Switching Modes Cut-through switching is enabled by default. Configuring Switching Modes Enabling Store-and-Forward Switching Note Enabling store-and-forward switching mode might impact your port-to-port switching latency. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
Configuring Switching Modes Feature History for Switching Modes Step 3 Command or Action Purpose switch(config)# copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
CHAPTER 8 Configuring Rapid PVST+ This chapter contains the following sections: • Information About Rapid PVST+, page 63 • Configuring Rapid PVST+, page 78 • Verifying Rapid PVST+ Configurations, page 86 Information About Rapid PVST+ The Rapid PVST+ protocol is the IEEE 802.1w standard, Rapid Spanning Tree Protocol (RSTP), implemented on a per VLAN basis. Rapid PVST+ interoperates with the IEEE 802.1D standard, which mandates a single STP instance for all VLANs, rather than per VLAN.
Configuring Rapid PVST+ Understanding STP Multiple active paths between end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages and switches might learn end station MAC addresses on multiple LAN ports. These conditions result in a broadcast storm, which creates an unstable network. STP defines a tree with a root bridge and a loop-free path from the root to all switches in the network. STP forces redundant data paths into a blocked state.
Configuring Rapid PVST+ Understanding STP Extended System ID A 12-bit extended system ID field is part of the bridge ID. Figure 7: Bridge ID with Extended System ID The switches always use the 12-bit extended system ID. Combined with the bridge ID, the system ID extension functions as the unique identifier for a VLAN.
Configuring Rapid PVST+ Understanding STP • 36864 • 40960 • 45056 • 49152 • 53248 • 57344 • 61440 STP uses the extended system ID plus a MAC address to make the bridge ID unique for each VLAN. Note If another bridge in the same spanning tree domain does not run the MAC address reduction feature, it could achieve root bridge ownership because its bridge ID may fall between the values specified by the MAC address reduction feature.
Configuring Rapid PVST+ Understanding STP Election of the Root Bridge For each VLAN, the switch with the lowest numerical value of the bridge ID is elected as the root bridge. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root bridge. The bridge priority value occupies the most significant bits of the bridge ID.
Configuring Rapid PVST+ Understanding Rapid PVST+ Understanding Rapid PVST+ Rapid PVST+ Overview Rapid PVST+ is the IEEE 802.1w (RSTP) standard implemented per VLAN. A single instance of STP runs on each configured VLAN (if you do not manually disable STP). Each Rapid PVST+ instance on a VLAN has a single root switch. You can enable and disable STP on a per-VLAN basis when you are running Rapid PVST+. Note Rapid PVST+ is the default STP mode for the switch.
Configuring Rapid PVST+ Understanding Rapid PVST+ duplex setting of the port. Full-duplex ports are assumed to be point-to-point ports, while half-duplex ports are assumed to be shared ports. Edge ports do not generate topology changes, but all other designated and root ports generate a topology change (TC) BPDU when they either fail to receive three consecutive BPDUs from the directly connected neighbor or the maximum age times out.
Configuring Rapid PVST+ Understanding Rapid PVST+ Proposal and Agreement Handshake As shown in the following figure, switch A is connected to switch B through a point-to-point link, and all of the ports are in the blocking state. Assume that the priority of switch A is a smaller numerical value than the priority of switch B.
Configuring Rapid PVST+ Understanding Rapid PVST+ Protocol Timers The following table describes the protocol timers that affect the Rapid PVST+ performance. Table 7: Rapid PVST+ Protocol Timers Variable Description Hello timer Determines how often each switch broadcasts BPDUs to other switches. The default is 2 seconds, and the range is from 1 to 10. Forward delay timer Determines how long each of the listening and learning states last before the port begins forwarding.
Configuring Rapid PVST+ Understanding Rapid PVST+ are always in the blocking state. Designated ports start in the blocking state. The port state controls the operation of the forwarding and learning processes. A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology (see the following figure).
Configuring Rapid PVST+ Understanding Rapid PVST+ When the STP algorithm places a LAN port in the forwarding state, the following process occurs: • The LAN port is put into the blocking state while it waits for protocol information that suggests it should go to the learning state. • The LAN port waits for the forward delay timer to expire, moves the LAN port to the learning state, and restarts the forward delay timer.
Configuring Rapid PVST+ Understanding Rapid PVST+ • Forwards frames received from the attached segment. • Forwards frames switched from another port for forwarding. • Incorporates the end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. Disabled State A LAN port in the disabled state does not participate in frame forwarding or STP.
Configuring Rapid PVST+ Understanding Rapid PVST+ The switch is synchronized with superior root information received on the root port if all other ports are synchronized. An individual port on the switch is synchronized if either of the following applies: • That port is in the blocking state. • It is an edge port (a port configured to be at the edge of the network).
Configuring Rapid PVST+ Understanding Rapid PVST+ Processing Inferior BPDU Information An inferior BPDU is a BPDU with root information (such as a higher switch ID or higher path cost) that is inferior to what is currently stored for the port. If a designated port receives an inferior BPDU, it immediately replies with its own information.
Configuring Rapid PVST+ Rapid PVST+ and IEEE 802.1Q Trunks Bandwidth Short Path-cost Method of Port Cost Long Path-cost Method of Port Cost 100 Mbps 19 200,000 1 Gigabit Ethernet 4 20,000 10 Gigabit Ethernet 2 2,000 You can assign lower cost values to LAN interfaces that you want STP to select first and higher cost values to LAN interfaces that you want STP to select last.
Configuring Rapid PVST+ Rapid PVST+ Interoperation with 802.1s MST BPDU version 0, the switch does not set the proposal flag and starts the forward-delay timer for the port. The new root port requires twice the forward-delay time to transition to the forwarding state. The switch interoperates with legacy 802.1D switches as follows: • Notification—Unlike 802.1D BPDUs, 802.1w does not use TCN BPDUs. However, for interoperability with 802.1D switches, Cisco NX-OS processes and generates TCN BPDUs.
Configuring Rapid PVST+ Enabling Rapid PVST+ per VLAN Note Changing the spanning tree mode disrupts traffic because all spanning tree instances are stopped for the previous mode and started for the new mode. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mode rapid-pvst Enables Rapid PVST+ on the switch. Rapid PVST+ is the default spanning tree mode.
Configuring Rapid PVST+ Configuring the Root Bridge ID Command or Action Purpose Caution Do not disable spanning tree on a VLAN unless all switches and bridges in the VLAN have spanning tree disabled. You cannot disable spanning tree on some of the switches and bridges in a VLAN and leave it enabled on other switches and bridges. This action can have unexpected results because switches and bridges with spanning tree enabled will have incomplete information regarding the physical topology of the network.
Configuring Rapid PVST+ Configuring a Secondary Root Bridge Note With the switch configured as the root bridge, do not manually configure the hello time, forward-delay time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age configuration commands. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring Rapid PVST+ Configuring the Rapid PVST+ Port Priority Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree vlan Configures a software switch as the secondary root vlan-range root secondary [diameter bridge. The vlan-range value can be 2 through 4094 (except reserved VLAN values.) The dia default is 7. dia [hello-time hello-time]] The hello-time can be from 1 to 10 seconds, and the default value is 2 seconds.
Configuring Rapid PVST+ Configuring the Rapid PVST+ Pathcost Method and Port Cost Configuring the Rapid PVST+ Pathcost Method and Port Cost On access ports, you assign port cost by the port. On trunk ports, you assign the port cost by VLAN; you can configure the same port cost on all the VLANs on a trunk. Note In Rapid PVST+ mode, you can use either the short or long pathcost method, and you can configure the method in either the interface or configuration submode.The default pathcost method is short.
Configuring Rapid PVST+ Configuring the Rapid PVST+ Hello Time for a VLAN Note Be careful when using this configuration. For most situations, we recommend that you configure the primary root and secondary root to modify the bridge priority. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree vlan Configures the bridge priority of a VLAN.
Configuring Rapid PVST+ Configuring the Rapid PVST+ Forward Delay Time for a VLAN Configuring the Rapid PVST+ Forward Delay Time for a VLAN You can configure the forward delay time per VLAN when using Rapid PVST+. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree vlan vlan-range forward-time forward-time Configures the forward delay time of a VLAN.
Configuring Rapid PVST+ Restarting the Protocol If you set the link to shared, STP moves back to 802.1D. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface type slot/port Specifies the interface to configure, and enters the interface configuration mode. Step 3 switch(config-if)# spanning-tree Configures the link type to be either a point-to-point link or link-type {auto | point-to-point | shared link.
Configuring Rapid PVST+ Verifying Rapid PVST+ Configurations Command Purpose switch# show spanning-tree [options] Displays selected detailed information for the current spanning tree configuration. This example shows how to display spanning tree status: switch# show spanning-tree brief VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 32768 Address 001c.b05a.
Configuring Rapid PVST+ Verifying Rapid PVST+ Configurations Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 9 Configuring Multiple Spanning Tree This chapter contains the following sections: • Information About MST, page 89 • Configuring MST, page 97 • Verifying MST Configurations, page 112 Information About MST MST Overview Note Spanning tree is used to refer to IEEE 802.1w and IEEE 802.1s. If the text is discussing the IEEE 802.1D Spanning Tree Protocol, 802.1D is stated specifically.
Configuring Multiple Spanning Tree MST Regions Note You must enable MST; Rapid PVST+ is the default spanning tree mode. MST Regions To allow switches to participate in MST instances, you must consistently configure the switches with the same MST configuration information. A collection of interconnected switches that have the same MST configuration is an MST region. An MST region is a linked group of MST bridges with the same MST configuration.
Configuring Multiple Spanning Tree MST Configuration Information MST Configuration Information The MST configuration that must be identical on all switches within a single MST region is configured by the user.
Configuring Multiple Spanning Tree IST, CIST, and CST • The CST interconnects the MST regions and any instance of 802.1D and 802.1w STP that may be running on the network. The CST is the one STP instance for the entire bridged network and encompasses all MST regions and 802.1w and 802.1D instances. • A CIST is a collection of the ISTs in each MST region. The CIST is the same as an IST inside an MST region, and the same as a CST outside an MST region.
Configuring Multiple Spanning Tree IST, CIST, and CST The following figure shows a network with three MST regions and an 802.1D switch (D). The CIST regional root for region 1 (A) is also the CIST root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. Figure 15: MST Regions, CIST Regional Roots, and CST Root Only the CST instance sends and receives BPDUs.
Configuring Multiple Spanning Tree Hop Count • The CIST external root path cost is the cost to the CIST root. This cost is left unchanged within an MST region. An MST region looks like a single switch to the CIST. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region. • If the CIST root is in the region, the CIST regional root is the CIST root.
Configuring Multiple Spanning Tree Spanning-Tree Dispute Mechanism with a port that belongs to a different region, creating the possibility of receiving both internal and external messages on a port (see the following figure). Figure 16: MST Boundary Ports At the boundary, the roles of MST ports do not matter; the system forces their state to be the same as the IST port state.
Configuring Multiple Spanning Tree Port Cost and Port Priority Port Cost and Port Priority Spanning tree uses port costs to break a tie for the designated port. Lower values indicate lower port costs, and spanning tree chooses the least costly path. Default port costs are taken from the bandwidth of the interface, as follows: • 10 Mbps—2,000,000 • 100 Mbps—200,000 • 1 Gigabit Ethernet—20,000 • 10 Gigabit Ethernet—2,000 You can configure the port costs in order to influence which port is chosen.
Configuring Multiple Spanning Tree Interoperability with Rapid PVST+: Understanding PVST Simulation Interoperability with Rapid PVST+: Understanding PVST Simulation MST interoperates with Rapid PVST+ with no need for user configuration. The PVST simulation feature enables this seamless interoperability. Note PVST simulation is enabled by default. That is, by default, all interfaces on the switch interoperate between MST and Rapid PVST+.
Configuring Multiple Spanning Tree Entering MST Configuration Mode Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mode mst Enables MST on the switch. Step 3 switch(config)# no spanning-tree mode mst (Optional) Disables MST on the switch and returns you to Rapid PVST+.
Configuring Multiple Spanning Tree Specifying the MST Name Command or Action Purpose • Synchronize primary and secondary VLANs in private VLANs Step 3 • The first form commits all the changes and exits MST configuration mode. switch(config-mst)# exit or switch(config-mst)# abort • The second form exits the MST configuration mode without committing any of the changes.
Configuring Multiple Spanning Tree Specifying the MST Configuration Revision Number Specifying the MST Configuration Revision Number You configure the revision number on the bridge. For two or more bridges to be in the same MST region, they must have the identical MST name, VLAN-to-instance mapping, and MST revision number. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring Multiple Spanning Tree Specifying the Configuration on an MST Region Command or Action Purpose When you map VLANs to an MST instance, the mapping is incremental, and the VLANs specified in the command are added to or removed from the VLANs that were previously mapped. To specify a VLAN range, enter a hyphen; for example, enter the instance 1 vlan 1-63 command to map VLANs 1 through 63 to MST instance 1.
Configuring Multiple Spanning Tree Mapping and Unmapping VLANs to MST Instances Mapping and Unmapping VLANs to MST Instances Caution Note When you change the VLAN-to-MSTI mapping, the system restarts MST. You cannot disable an MSTI. For two or more bridges to be in the same MST region, they must have the identical MST name, VLAN-to-instance mapping, and MST revision number. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring Multiple Spanning Tree Configuring the Root Bridge Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mst configuration Enters MST configuration submode. Step 3 switch(config-mst)# private-vlan synchronize Automatically maps all secondary VLANs to the same MSTI and their associated primary VLAN for all private VLANs.
Configuring Multiple Spanning Tree Configuring a Secondary Root Bridge Command or Action secondary} [diameter dia [hello-time hello-time]] Purpose • For instance-id, you can specify a single instance, a range of instances separated by a hyphen, or a series of instances separated by a comma. The range is from 1 to 4094. • For diameter net-diameter, specify the maximum number of hops between any two end stations. The default is 7. This keyword is available only for MST instance 0.
Configuring Multiple Spanning Tree Configuring the Port Priority Command or Action Step 3 Purpose switch(config)# no spanning-tree (Optional) Returns the switch priority, diameter, and hello-time to default mst instance-id root values.
Configuring Multiple Spanning Tree Configuring the Port Cost Configuring the Port Cost The MST path cost default value is derived from the media speed of an interface. If a loop occurs, MST uses the cost when selecting an interface to put in the forwarding state. You can assign lower cost values to interfaces that you want selected first and higher cost to interfaces values that you want selected last.
Configuring Multiple Spanning Tree Configuring the Hello Time Note Exercise care when using this command. For most situations, we recommend that you enter the spanning-tree mst root primary and the spanning-tree mst root secondary global configuration commands to modify the switch priority. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring Multiple Spanning Tree Configuring the Forwarding-Delay Time Command or Action Purpose messages by the root bridge. These messages mean that the switch is alive. For seconds, the range is from 1 to 10, and the default is 2 seconds.
Configuring Multiple Spanning Tree Configuring the Maximum-Hop Count Step 2 Command or Action Purpose switch(config)# spanning-tree mst max-age seconds Configures the maximum-aging time for all MST instances. The maximum-aging time is the number of seconds that a switch waits without receiving spanning tree configuration messages before attempting a reconfiguration. For seconds, the range is from 6 to 40, and the default is 20 seconds.
Configuring Multiple Spanning Tree Configuring PVST Simulation Per Port Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# no spanning-tree Disables all interfaces on the switch from automatically interoperating with connected switch that is running in Rapid mst simulate pvst global PVST+ mode. The default for this is enabled; that is, by default, all interfaces on the switch operate seamlessly between Rapid PVST+ and MST.
Configuring Multiple Spanning Tree Specifying the Link Type This example shows how to prevent the specified interfaces from automatically interoperating with a connecting switch that is not running MST: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# spanning-tree mst simulate pvst disable Specifying the Link Type Rapid connectivity (802.1w standard) is established only on point-to-point links.
Configuring Multiple Spanning Tree Verifying MST Configurations Procedure Step 1 Command or Action Purpose switch# clear spanning-tree detected-protocol [interface interface [interface-num | port-channel]] Restarts MST on entire switch or specified interfaces.
CHAPTER 10 Configuring STP Extensions This chapter contains the following sections: • About STP Extensions, page 113 About STP Extensions Cisco has added extensions to STP that make convergence more efficient. In some cases, even though similar functionality may be incorporated into the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) standard, we recommend using these extensions. All of these extensions can be used with both RPVST+ and MST.
Configuring STP Extensions Information About STP Extensions Note If you configure a port connected to another switch as an edge port, you might create a bridging loop. Spanning Tree Network Ports Network ports are connected only to switches or bridges. Configuring a port as "network" while Bridge Assurance is enabled globally, enables Bridge Assurance on that port.
Configuring STP Extensions Information About STP Extensions interface signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDU Guard, when enabled globally, shuts down all spanning tree edge ports when they receive a BPDU. BPDU Guard provides a secure response to invalid configurations, because you must manually put the LAN interface back in service after an invalid configuration.
Configuring STP Extensions Information About STP Extensions BPDU Filtering Per Port Configuration BPDU Filtering Global Configuration STP Edge Port Configuration BPDU Filtering State Enable Enabled/Disabled Enabled/Disabled Enable Caution BPDUs are never sent and if received, they do not trigger the regular STP behavior - use with caution.
Configuring STP Extensions Configuring STP Extensions put into a root-inconsistent (blocked) state. After the port stops send superior BPDUs, the port is unblocked again. Through STP, the port moves to the forwarding state. Recovery is automatic. Root Guard enabled on an interface applies this functionality to all VLANs to which that interface belongs. You can use Root Guard to enforce the root bridge placement in the network.
Configuring STP Extensions Configuring STP Extensions Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree Configures all interfaces as edge ports. This assumes all ports are connected to hosts/servers. Edge ports immediately transition to port type edge default the forwarding state without passing through the blocking or learning state at linkup. By default, spanning tree ports are normal port types.
Configuring STP Extensions Configuring STP Extensions • no spanning-tree port type—This command implicitly enables edge behavior if you define the spanning-tree port type edge default command in global configuration mode. If you do not configure the edge ports globally, the no spanning-tree port type command is equivalent to the spanning-tree port type disable command. Before You Begin Ensure that STP is configured. Ensure that the interface is connected to hosts.
Configuring STP Extensions Configuring STP Extensions Note A port connected to a host that is configured as a network port automatically moves into the blocking state. Before You Begin Ensure that STP is configured. Ensure that the interface is connected to switches or routers. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring STP Extensions Configuring STP Extensions Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree port type edge bpduguard default Enables BPDU Guard by default on all spanning tree edge ports. By default, global BPDU Guard is disabled.
Configuring STP Extensions Configuring STP Extensions Command or Action Purpose This example shows how to explicitly enable BPDU Guard on the Ethernet edge port 1/4: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpduguard enable switch(config-if)# no spanning-tree bpduguard Enabling BPDU Filtering Globally You can enable BPDU Filtering globally by default on spanning tree edge ports.
Configuring STP Extensions Configuring STP Extensions Enabling BPDU Filtering on Specified Interfaces You can apply BPDU Filtering to specified interfaces. When enabled on an interface, that interface does not send any BPDUs and drops all BPDUs that it receives. This BPDU Filtering functionality applies to the entire interface, whether trunking or not. Caution Be careful when you enter the spanning-tree bpdufilter enable command on specified interfaces.
Configuring STP Extensions Configuring STP Extensions This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpdufilter enable Enabling Loop Guard Globally You can enable Loop Guard globally by default on all point-to-point spanning tree normal and network ports. Loop Guard does not run on edge ports.
Configuring STP Extensions Verifying STP Extension Configuration Before You Begin Ensure that STP is configured. Ensure that you are configuring Loop Guard on spanning tree normal or network ports. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface type slot/port Specifies the interface to configure, and enters the interface configuration mode.
Configuring STP Extensions Verifying STP Extension Configuration Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 11 Configuring LLDP This chapter contains the following sections: • Configuring Global LLDP Commands, page 127 • Configuring Interface LLDP Commands, page 129 Configuring Global LLDP Commands You can set global LLDP settings.
Configuring LLDP Configuring Global LLDP Commands DCBXP is enabled by default, provided LLDP is enabled. When LLDP is enabled, DCBXP can be enabled or disabled using the [no] lldp tlv-select dcbxp command. DCBXP is disabled on ports where LLDP transmit or receive is disabled. To configure LLDP settings, perform this task: Before You Begin Ensure that the LLDP feature is enabled on the switch. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Configuring LLDP Configuring Interface LLDP Commands This example shows how to configure the global LLDP hold time to 200 seconds: switch# configure terminal switch(config)# lldp holdtime 200 switch(config)# This example shows how to to enable LLDP to send or receive the management address TLVs: switch# configure terminal switch(config)# lldp tlv-select management-address switch(config)# Configuring Interface LLDP Commands To configure the LLDP feature for a physical Ethernet interface, perform this task
Configuring LLDP Configuring Interface LLDP Commands Remote Peers Information on interface Eth1/40 Remote peer's MSAP: length 12 Bytes: 00 c0 dd 0e 5f 3a 00 c0 LLDP LLDP LLDP LLDP LLDP LLDP LLDP 5f 3a ec a3 27 69 TLV's TLV type:Chassis ID LLDP TLV Length: 7 TLV type:Port ID LLDP TLV Length: 7 TLV type:Time to Live LLDP TLV Length: 2 TLV type:LLDP Organizationally Specific LLDP TLV Length: 55 TLV type:LLDP Organizationally Specific LLDP TLV Length: 5 TLV type:END of LLDPDU LLDP TLV Length: 0 Remote
CHAPTER 12 Configuring the MAC Address Table This chapter contains the following sections: • Information About MAC Addresses, page 131 • Configuring MAC Addresses, page 131 • Verifying the MAC Address Configuration, page 133 Information About MAC Addresses To switch frames between LAN ports, the switch maintains an address table. When the switch receives a frame, it associates the media access control (MAcC) address of the sending network device with the LAN port on which it was received.
Configuring the MAC Address Table Configuring the Aging Time for the MAC Table Note You can also configure a static MAC address in interface configuration mode or VLAN configuration mode. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config-)# mac-address-table static mac_address vlan vlan-id {drop | interface {type slot/port} | port-channel number} [auto-learn] Specifies a static address to add to the MAC address table.
Configuring the MAC Address Table Clearing Dynamic Addresses from the MAC Table Command or Action Purpose The seconds range is from 0 to 1000000. The default is 300 seconds. Entering the value 0 disables the MAC aging. If a VLAN is not specified, the aging specification applies to all VLANs.
Configuring the MAC Address Table Verifying the MAC Address Configuration This example shows how to display the MAC address table: switch# show mac-address-table VLAN MAC Address Type Age Port ---------+-----------------+-------+---------+-----------------------------1 0018.b967.3cd0 dynamic 10 Eth1/3 1 001c.b05a.
CHAPTER 13 Configuring IGMP Snooping This chapter contains the following sections: • Information About IGMP Snooping, page 135 • Configuring IGMP Snooping Parameters, page 138 • Verifying IGMP Snooping Configuration, page 141 Information About IGMP Snooping The IGMP snooping software examines IGMP protocol messages within a VLAN to discover which interfaces are connected to hosts or other devices interested in receiving this traffic.
Configuring IGMP Snooping IGMPv1 and IGMPv2 The following figure shows an IGMP snooping switch that is located between the host and the IGMP router. The IGMP snooping switch snoops the IGMP membership reports and leave messages and forwards them only when necessary to the connected IGMP routers. Figure 18: IGMP Snooping Switch Note The switch supports IGMPv3 snooping based only on the destination multicast MAC address. It does not support snooping based on the source MAC address or on proxy reports.
Configuring IGMP Snooping IGMPv3 IGMPv3 The IGMPv3 snooping implementation on the switch forwards IGMPv3 reports to allow the upstream multicast router do source-based filtering. By default, the software tracks hosts on each VLAN port. The explicit tracking feature provides a fast leave mechanism. Because every IGMPv3 host sends membership reports, a report suppression feature limits the amount of traffic the switch sends to other multicast capable routers.
Configuring IGMP Snooping Configuring IGMP Snooping Parameters Configuring IGMP Snooping Parameters To manage the operation of the IGMP snooping process, you can configure the optional IGMP snooping parameters described in the following table. Table 11: IGMP Snooping Parameters Parameter Description IGMP snooping Enables IGMP snooping on a per-VLAN basis. The default is enabled. Note If the global setting is disabled, then all VLANs are treated as disabled, whether they are enabled or not.
Configuring IGMP Snooping Configuring IGMP Snooping Parameters Parameter Description Multicast router vpc-peer-link Configures a static connection to a virtual port channel (vPC) peer link. By default, the vPC peer-link is considered a multicast router port and the multicast packet is sent to the peer-link for each receiver VLAN. To send the multicast traffic over a vPC peer-link to each receiver VLAN that has orphan ports, use the no ip igmp snooping mrouter vpc-peer-link command.
Configuring IGMP Snooping Configuring IGMP Snooping Parameters Command or Action Purpose Step 5 switch(config-vlan)# ip igmp snooping explicit-tracking Tracks IGMPv3 membership reports from individual hosts for each port on a per-VLAN basis. The default is enabled on all VLANs. Step 6 switch(config-vlan)# ip igmp snooping fast-leave Supports IGMPv2 hosts that cannot be explicitly tracked because of the host report suppression mechanism of the IGMPv2 protocol.
Configuring IGMP Snooping Verifying IGMP Snooping Configuration switch(config-vlan)# ip igmp snooping fast-leave switch(config-vlan)# ip igmp snooping report-suppression switch(config-vlan)# ip igmp snooping mrouter interface ethernet 1/10 switch(config-vlan)# ip igmp snooping static-group 230.0.0.
Configuring IGMP Snooping Verifying IGMP Snooping Configuration Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.
CHAPTER 14 Configuring Traffic Storm Control This chapter contains the following sections: • Information About Traffic Storm Control, page 143 • Traffic Storm Guidelines and Limitations, page 144 • Configuring Traffic Storm Control, page 145 • Traffic Storm Control Example Configuration, page 146 • Default Traffic Storm Settings, page 146 Information About Traffic Storm Control A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance.
Configuring Traffic Storm Control Traffic Storm Guidelines and Limitations The following figure shows the broadcast traffic patterns on an Ethernet interface during a specified time interval. In this example, traffic storm control occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold.
Configuring Traffic Storm Control Configuring Traffic Storm Control • You can configure traffic storm control on a port-channel interface. • Specify the level as a percentage of the total interface bandwidth: ◦The level can be from 0 to 100. ◦The optional fraction of a level can be from 0 to 99. ◦100 percent means no traffic storm control. ◦0.0 percent suppresses all traffic. • There are local link and hardware limitations that prevent storm-control drops from being counted separately.
Configuring Traffic Storm Control Verifying Traffic Storm Control Configuration Verifying Traffic Storm Control Configuration To display traffic storm control configuration information, perform one of these tasks: Command Purpose switch# show interface [ethernet slot/port | port-channel number] counters storm-control Displays the traffic storm control configuration for the interfaces.
INDEX 802.
Index H host ports 38 kinds of 38 I ICMPv2 136 IEEE 802.1w 89 IGMP forwarding 137 MAC address 137 IGMP snooping 137 queries 137 IGMPv1 136 IGMPv3 137 interface information, displaying 21 layer 2 21 interface speed 10, 14 configuring 14 interfaces 7, 8 chassis ID 7 options 7 UDLD 8 isolated port 38 isolated VLANs 38, 39 MSTP (continued) CIST root 93 CIST, described 91 CST 91, 92 defined 91 operations between regions 92 IEEE 802.
Index private VLANs (continued) ports (continued) isolated 38 promiscuous 38 primary VLANs 38 promiscuous trunk 41 secondary VLANs 38 promiscuous ports 38 R rapid PVST priority 83 Rapid PVST+ 78 configuring 78 rapid PVST+ configurations 86 verifying 86 Rapid Spanning Tree Protocol 89 reduced MAC address 64 reenabling 61 cut-through switching 61 root guard 116 RSTP 68, 71, 75, 89 active topology 71 BPDU 75 processing 75 designated port, defined 71 designated switch, defined 71 proposal-agreement handshake
Index VLANs 27, 28, 31, 32, 33, 34, 47 adding ports to 32 configuring 31 configuring as management SVIs 34 configuring as routed SVIs 33 description 27 extended system ID 28 VLANs (continued) private 47 reserved ranges 28 SVIs 27 usable VLANs 28 VTP 27 mode 27 Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.