Cisco Nexus 9000 Series Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Nexus 9000 Series
  6. Configuration manual

Cisco Nexus 9000 Series Configuration Manual

Nx-os layer 2 switching configuration
Hide thumbs Also See for Nexus 9000 Series:
Table of Contents

Advertisement

Quick Links

See also: Troubleshooting Manual , Configuration Manual
Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration
Guide, Release 7.x
First Published: 2013-11-26
Last Modified: 2017-08-29
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

Related Manuals for Cisco Nexus 9000 Series

Summary of Contents for Cisco Nexus 9000 Series

  • Page 1 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x First Published: 2013-11-26 Last Modified: 2017-08-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 This product includes software written by Tim Hudson (tjh@cryptsoft.com). https:/ Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: /www.cisco.com/go/trademarks .
  • Page 3 Switching Frames Between Segments Building the Address Table and Address Table Changes Consistent MAC Address Tables on the Supervisor and on the Modules Layer 3 Static MAC Addresses Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 4 Configuring a VLAN Before Creating the VLAN Enabling the VLAN Long-Name Configuring Port VLAN Mapping on a Trunk Port Configuring Inner VLAN and Outer VLAN Mapping on a Trunk Port Verifying the VLAN Configuration Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 5 Guidelines and Limitations for Configuring Private VLANs Secondary and Primary VLAN Configuration Private VLAN Port Configuration Limitations with Other Features Default Settings for Private VLANs Configuring a Private VLAN Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 6 C H A P T E R 8 Information About Rapid PVST+ Overview of STP How a Topology is Created Bridge ID Bridge Priority Value Extended System ID STP MAC Address Allocation BPDUs Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 7 Configuring the Root Bridge ID Configuring a Secondary Root Bridge-CLI Version Configuring the Rapid PVST+ Bridge Priority of a VLAN Configuring the Rapid PVST+ Port Priority - CLI Version Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 8 Licensing Requirements for MST Prerequisites for MST Guidelines and Limitations for Configuring MST Default Settings for MST Configuring MST Enabling MST - CLI Version Entering MST Configuration Mode Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x viii...
  • Page 9 Bridge Assurance BPDU Guard BPDU Filtering Loop Guard Root Guard Applying STP Extension Features PVST Simulation High Availability for STP Licensing Requirements for STP Extensions Prerequisites for STP Extensions Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 10 C H A P T E R 1 1 About Reflective Relay 802.1Qbg Reflective Relay Support Guidelines and Limitations for Reflective Relay Configuring Reflective Relay Using the NX-OS CLI Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 11: Document Conventions

    • Documentation Feedback, page xii • Obtaining Documentation and Submitting a Service Request, page xiii Audience This publication is for network administrators who install, configure, and maintain Cisco Nexus switches. Document Conventions Command descriptions use the following conventions: Convention Description...

  • Page 12: Documentation Feedback

    An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line. Related Documentation for Cisco Nexus 9000 Series Switches The entire Cisco Nexus 9000 Series switch documentation set is available at the following URL: http://www.cisco.com/en/US/products/ps13386/tsd_products_support_series_home.html Documentation Feedback To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com.

  • Page 13: Obtaining Documentation And Submitting A Service Request

    Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.
  • Page 14 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 15: Chapter

    New and Changed Information, page 1 New and Changed Information This table summarizes the new and changed features for the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide and where they are documented. Table 1: New and Changed Features...
  • Page 16 Modes frame. Private VLAN support Enables association of primary 7.0(3)I1(2) Configuring Private VLANs and secondary VLANs to form Using NX-OS a private VLAN Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 17: Overview

    All ports are assigned to the default VLAN (VLAN1) when the device first comes up. A VLAN interface, or switched virtual interface (SVI), is a Layer 3 interface that is created to provide communication between VLANs. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 18: Spanning Tree

    Rapid PVST+ is the default STP protocol for Cisco Nexus devices. Note Cisco NX-OS uses the extended system ID and MAC address reduction; you cannot disable these features. In addition, Cisco has created some proprietary features to enhance the spanning tree activities.

  • Page 19: Stp Extensions

    • Cisco Nexus 9000 Series NX-OS Security Configuration Guide • Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide • Cisco Nexus 9000 Series NX-OS System Management Configuration Guide Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 20 Overview Related Topics Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 21: Configuring Layer 2 Switching

    VLANs across an entire network. All Layer 2 switching ports maintain MAC address tables. See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information Note on high-availability features.

  • Page 22: Layer 2 Ethernet Switching Overview

    (vPC) peer link. The MAC address table display is enhanced to display information on MAC addresses when you are using vPCs. See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide for information about vPCs. The address table can store a number of MAC address entries depending on the hardware I/O module. The device uses an aging mechanism, defined by a configurable aging timer, so if an address remains inactive for a specified number of seconds, it is removed from the address table.

  • Page 23: Consistent Mac Address Tables On The Supervisor And On The Modules

    MAC addresses on Layer 3 interfaces, you must unconfigure those ports in order to downgrade the software. Note See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information on high availability features. Licensing Requirements for Layer 2 Switching...

  • Page 24: Prerequisites For Configuring Mac Addresses

    Configuring Layer 2 Switching by Steps Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. Configuring a Static MAC Address You can configure MAC addresses, which are called static MAC addresses, to statically point to specified interfaces on the device.

  • Page 25: Configuring A Static Mac Address On A Layer 3 Interface

    Hardware prog failed. See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on configuring Layer 3 interfaces. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 26: Configuring The Aging Time For The Mac Table

    You can configure the amount of time that a MAC address entry (the packet source MAC address and port on which that packet was learned) remains in the MAC table, which contains the Layer 2 information. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 27: Checking Consistency Of Mac Address Tables

    600 switch(config)# Checking Consistency of MAC Address Tables You can check the match between the MAC address table on the supervisor and all the modules. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 28: Clearing Dynamic Addresses From The Mac Table

    Displays the MAC address table. Example: switch# show mac address-table This example shows how to clear the dynamic entries in the Layer 2 MAC address table: switch# clear mac address-table dynamic switch# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 29: Verifying The Layer 2 Switching Configuration

    Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide High availability Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide System management Cisco Nexus 9000 Series NX-OS System Management Configuration Guide Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 30 Additional References for Layer 2 Switching -- CLI Version Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 31: Information About Vlans

    VLAN must be forwarded through a router. The following figure shows VLANs as logical networks. The stations in the engineering department are assigned to one VLAN, Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 32: Vlan Ranges

    VLAN interface for each VLAN. Each VLAN requires only one VLAN interface. VLAN Ranges The extended system ID is always automatically enabled in Cisco Nexus 9000 devices. Note The device supports up to 4095 VLANs in accordance with the IEEE 802.1Q standard. The software organizes these VLANs into ranges, and you use each range slightly differently.

  • Page 33: About Reserved Vlans

    ◦ VLANs 4093-4095 are always reserved for internal use and cannot be used other purposes. In the example, the result of the command would be that VLANs 400-527 are reserved and that VLANs 4093-4095 are also reserved. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 34: Example Of Vlan Reserve

    400-527 Creating, Deleting, and Modifying VLANs By default, all Cisco Nexus 9396 and Cisco Nexus 93128 ports are Layer 2 ports. Note By default, all Cisco Nexus 9504 and Cisco Nexus 9508 ports are Layer 3 ports.

  • Page 35: High Availability For Vlans

    10 seconds of a restart, the software reloads the supervisor module. You can upgrade or downgrade the software seamlessly when you use VLANs. See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information Note on high availability features.

  • Page 36: Prerequisites For Configuring Vlans

    • When VLANs are configured to have vn-segments, QOS/ACL/SPAN are not supported on FEX HIFs. Default Settings for VLANs This table lists the default settings for VLAN parameters. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 37: Configuring A Vlan

    Layer 2 interfaces to VLANs (access or trunk ports). All interfaces are in VLAN1 by default. Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
  • Page 38 Displays information and status of VLANs. Example: switch# show vlan Step 5 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 39: Entering The Vlan Configuration Submode

    Displays information and status of VLANs. Example: switch# show vlan Step 5 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 40: Configuring A Vlan

    VLAN become inactive, and that VLAN does not pass any Example: traffic. The default state is active. You cannot suspend the switch(config-vlan)# state active state for the default VLAN or VLANs 1006 to 3967. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 41: Configuring A Vlan Before Creating The Vlan

    You can configure a VLAN before you create the VLAN. This procedure is used for IGMP snooping, VTP, and other configurations. The show vlan command does not display these VLANs unless you create it using the vlan command. Note Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 42: Enabling The Vlan Long-Name

    Enabling the VLAN Long-Name You can configure VLAN long-names of up to 128 characters. Note When system vlan long-name is included in the start-up configuration, the Cisco Nexus 9000 Series switch boots up in VTP off mode. To enable VTP transparent mode:...

  • Page 43: Configuring Port Vlan Mapping On A Trunk Port

    • PV switching and PV routing are not supported on FEX ports. • On Cisco Nexus 9300 Series switches, PV routing is not supported on 40G ports. • VLAN translation (mapping) is supported on Cisco Nexus 9000 Series switches with a Network Forwarding Engine (NFE).
  • Page 44 1/8 switchport vlan mapping enable channel-group 101 force • Port VLAN mapping on a trunk port is supported only on Cisco Nexus 9000 Series switches with a Network Forwarding Engine (NFE). Before You Begin • Ensure that the physical or port channel on which you want to implement VLAN translation is configured as a Layer 2 trunk port.

  • Page 45: Configuring Inner Vlan And Outer Vlan Mapping On A Trunk Port

    You can configure VLAN translation from an inner VLAN and an outer VLAN to a local (translated) VLAN on a port. Notes for configuring inner VLAN and outer VLAN mapping: Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 46 /***Valid because inner vlan can be the same.***/ • Port VLAN mapping on a trunk port is supported only on Cisco Nexus 9300 Series switches and Cisco Nexus 9500 Series switches. It is not supported on Cisco Nexus 9200 or 9500-EX switches.

  • Page 47: Verifying The Vlan Configuration

    Displays a summary of VLAN information. Displays VTP information. show vtp status Displaying and Clearing VLAN Statistics To display VLAN configuration information, perform one of the following tasks: Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 48: Configuration Example For Vlans

    Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide High availability Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide System management Cisco Nexus 9000 Series NX-OS System Management Configuration Guide Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 49 MIBs MIBs MIBs Link CISCO-VLAN-MEMBERSHIP MIB: To locate and download MIBs, go to the following URL: ftp://ftp.cisco.com/pub/mibs/supportlists/ • vmMembership Table nexus9000/Nexus9000MIBSupportList.html • MIBvmMembershipSummaryTable • MIBvmMembershipSummaryTable Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 50 Configuring VLANs Additional References for VLANs Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 51: Configuring Vtp

    The VTP is disabled by default on the device. You can enable and configure VTP using the command-line interface (CLI). When VTP is disabled, the device does not relay any VTP protocol packets. VTP worked only in transparent mode in the Cisco Nexus 9000 Series devices, allowing you to extend a Note VTP domain across the device.

  • Page 52: Vtp Overview

    By default, VTP is enabled on all the switch ports. Guidelines and Limitations for Configuring VTP VTP has the following configuration guidelines and limitations: • show commands with the internal keyword are not supported. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 53: Default Settings

    Disabling VLAN 1 from any of these ports prevents VTP from functioning properly in transparent mode. VTP worked only in transparent mode. Note Procedure Command or Action Purpose Step 1 config t Enters configuration mode. Example: switch# config t switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 54 Displays the list of VTP-enabled interfaces. Example: switch# show vtp interface Step 11 show vtp password (Optional) Displays the password for the management VTP domain. Example: switch# show vtp password Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 55 Configuring VTP Configuring VTP Command or Action Purpose Step 12 (Optional) copy running-config startup-config Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 56 Configuring VTP Configuring VTP Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 57: Configuring Private Vlans Using Nx-Os

    VLANs, and hosts on community VLANs communicate only among themselves and with associated promiscuous ports but not with isolated ports or ports in other community VLANs. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 58: Private Vlan Overview

    • Community VLANs—Ports within a community VLAN can communicate with each other but cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer 2 level. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 59: Private Vlan Ports

    Each primary VLAN and one associated secondary VLAN is a private VLAN pair, and you can configure a maximum of 16 private VLAN pairs on each isolated trunk port. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 60: Primary, Isolated, And Community Private Vlans

    VLAN in the private VLAN. This figure shows the Layer 2 traffic flows within a primary, or private VLAN, along with the types of VLANs and types of ports. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 61 In a switched environment, you can assign an individual private VLAN and associated IP subnet to each individual or common group of end stations. The end stations need to communicate only with a default gateway to communicate outside the private VLAN. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 62: Associating Primary And Secondary Vlans

    Configuring Private VLANs Using NX-OS Private VLAN Overview You must enable the VLAN interface feature before you can configure the Layer 3 gateway. See the Cisco Note Nexus 9000 Series NX-OS Interfaces Configuration Guide for complete information on VLAN network interfaces and IP addressing.

  • Page 63: Broadcast Traffic In Private Vlans

    • If you try to create and enable a VLAN network interface on a VLAN that is configured as a secondary VLAN, that VLAN interface remains disabled and the system returns an error. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 64: Private Vlans Across Multiple Devices

    VLAN is propagated to the secondary VLANs. For example, if you assign an IP subnet to the VLAN network interface on the primary VLAN, this subnet is the IP subnet address of the entire private VLAN. You must enable the VLAN interface feature before you configure VLAN interfaces. See the Cisco Nexus Note 9000 Series NX-OS Interfaces Configuration Guide, for information on VLAN interfaces and IP addressing.

  • Page 65: Prerequisites For Private Vlans

    • You must enable PVLANs before the device can apply the PVLAN functionality. • PVLANs are supported over vPCs and port channels for Cisco Nexus 9200, 9300, and 9300-EX Series switches beginning with Cisco NX-OS Release 7.0(3)I5(1) and for Cisco Nexus 9500 Series switches (with all line cards except the N9K-X9432C-S) beginning with Cisco NX-OS Release 7.0(3)I5(2).
  • Page 66 • PVLANs do not provide support for SPAN when the source is a PVLAN VLAN. • You cannot configure a shared interface to be part of a PVLAN. For more details, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.

  • Page 67: Secondary And Primary Vlan Configuration

    • For private VLAN promiscuous trunk ports, note the following: • You can configure a maximum of 16 private VLAN primary and secondary VLAN pairs on each promiscuous trunk port. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 68: Private Vlan Port Configuration

    • Private VLAN host or promiscuous ports cannot be a SPAN destination port. • A destination SPAN port cannot be an isolated port. (However, a source SPAN port can be an isolated port.) Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 69: Default Settings For Private Vlans

    VLAN interfaces. Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. Enabling Private VLANs - CLI Version You must enable private VLANs on the device to have the private VLAN functionality.
  • Page 70 VLAN. You will later associate multiple isolated and multiple community VLANs to one primary VLAN. You can have many primary VLANs and associations, which means that you could have many private VLANs. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 71 This example shows how to assign VLAN 5 to a private VLAN as the primary VLAN: switch# config t switch(config)# vlan 5 switch(config-vlan)# private-vlan primary Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 72 5 switch(config-vlan)# Step 3 [no] private-vlan association {[add] Use one form of the command to secondary-vlan-list | remove Associate the secondary VLANs with the secondary-vlan-list} primary VLAN. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 73 Mapping Secondary VLANs to the VLAN Interface of a Primary VLAN - CLI Version See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on assigning IP Note addresses to VLAN interfaces on primary VLANs of private VLANs.
  • Page 74 This example shows how to map the secondary VLANs 100 through 105 and 109 on the Layer 3 interface of the primary VLAN 5: switch #config t switch(config)# interface vlan 5 switch(config-if)# private-vlan mapping 100-105, 109 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 75 VLAN. Example: switch(config-if)# switchport private-vlan host-association 10 50 Remove the private VLAN association from the port. Step 5 exit Exits the interface configuration mode. Example: switch(config-if)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 76 Step 2 interface {type slot/port} Selects the Layer 2 port to configure as a private VLAN isolated trunk port. Example: switch(config)# interface ethernet 2/11 switch(config-if)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 77 VLAN. You cannot put two isolated VLANs that are associated with the same primary VLAN into a private VLAN isolated trunk port. If you do, the last entry overwrites the previous entry. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 78 Before You Begin Ensure that the private VLAN feature is enabled. Procedure Command or Action Purpose Step 1 config t Enters configuration mode. Example: switch# config t switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 79 You can configure a Layer 2 interface as a private VLAN promiscuous trunk port and then associate that promiscuous trunk port with multiple primary VLANs. These promiscuous trunk ports carry traffic for multiple primary VLANs as well as normal VLANs. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 80 {add vlan-list | all | except promiscuous trunk interface. Valid values are from 1 to vlan-list | none | remove vlan-list} 3968 and 4048 to 4093. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 81 VLANs and their associated secondary VLANs: switch# config t switch(config)# interface ethernet 2/1 switch(config-if)# switchport switch(config-if)# switchport mode private-vlan trunk promiscuous switch(config-if)# switchport private-vlan trunk allowed vlan add 1 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 82: Enabling Pvlan On Fex Trunk

    110/1/1 switch(config-if)# Step 3 switchport mode private-vlan host Configures the Layer 2 port as a host port for a private VLAN. Example: switch(config-if)# switchport mode private-vlan host switch(config-if)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 83 Selects the Layer 2 port to configure as a private VLAN isolated trunk port. Example: switch(config)# interface ethernet 2/11 switch(config-if)# Step 3 Configures the Layer 2 port as a switch port. switchport Example: switch(config-if)# switchport switch(config-if)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 84 VLAN. The secondary VLAN must be an isolated VLAN. Example: switch(config-if)# switchport private-vlan association trunk 10 switch(config-if)# Step 8 exit Exits the interface configuration mode. Example: switch(config-if)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 85 Purpose clear vlan [id vlan-id] counters Clears counters for all VLANs or for a specified VLAN. Displays information on Layer 2 packets in each show vlan counters VLAN. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 86 Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide Static MAC addresses, security Cisco Nexus 9000 Series NX-OS Security Configuration Guide Cisco NX-OS fundamentals Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 87 MIBs MIBs MIBs Link To locate and download MIBs, go to the following • CISCO-PRIVATE-VLAN-MIB URL: http://www.cisco.com/public/sw-center/ netmgmt/cmtk/mibs.shtml Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 88 Configuring Private VLANs Using NX-OS Additional References for Private VLANs -- CLI Version Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 89 When store-and-forward switching is enabled, the switch checks each frame for cyclic redundancy check (CRC) errors before forwarding them to the network. Each frame is stored until the entire frame has been received and checked. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 90 This feature is supported only for the Cisco Nexus 9500 Series switches with the 9636PQ line card. It is not supported for the Cisco Nexus 9300 Series switches. Operating at 40G improves latency but prevents the fabric from supporting the full line rate. See the Cisco Nexus 9000 Series NX-OS Layer 2 Configuration Guide for more information.
  • Page 91 Cut-through switching mode and store-and-forward switching modes do not require licenses. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
  • Page 92 This example shows how to reenable cut-through switching: switch# configure terminal switch(config) # no switching-mode store-forward switch(config) # Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 93: Information About Rapid Pvst

    • Additional References for Rapid PVST+ -- CLI Version, page 113 Information About Rapid PVST+ See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on creating Note Layer 2 interfaces. The Spanning Tree Protocol (STP) was implemented to provide a loop-free network at Layer 2 of the network.

  • Page 94: Overview Of Stp

    Rapid PVST+ interoperates with devices that run legacy IEEE 802.1D STP. RSTP is an improvement on the original STP standard, 802.1D, which allows faster convergence. The device supports full nondisruptive upgrades for Rapid PVST+. See the Cisco Nexus 9000 Series Note NX-OS High Availability and Redundancy Guide, for complete information on nondisruptive upgrades.

  • Page 95: Bridge Id

    In a switched network, the root switch is the logical center of the spanning tree topology. STP uses BPDUs to elect the root switch and root port for the switched network. The mac-address bpdu source version 2 command enables STP to use the new Cisco MAC address Note (00:26:0b:xx:xx:xx) as the source address of BPDUs generated on vPC ports.

  • Page 96: Stp Mac Address Allocation

    4096. Only the following values are possible: • 0 • 4096 • 8192 • 12288 • 16384 • 20480 • 24576 • 28672 • 32768 • 36864 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 97: Bpdus

    • A root port is elected. This port provides the best path from the bridge to the root bridge. • Ports included in the spanning tree are selected. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 98: Election Of The Root Bridge

    By changing the STP port priority on the fiber-optic port to a higher priority (lower numerical value) than the root port, the fiber-optic port becomes the new root port. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 99: Rapid Pvst

    • Edge ports—When you configure a port as an edge port on an RSTP device, the edge port immediately transitions to the forwarding state. (This immediate transition was previously a Cisco-proprietary feature named PortFast.) You should only configure ports that connect to a single end station as edge ports.

  • Page 100: Rapid Pvst+ Bpdus

    • The role and state of the port that originates the BPDU • The proposal and agreement handshake This figure shows the use of the BPDU flags in Rapid PVST+. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 101: Proposal And Agreement Handshake

    With each iteration of this handshaking process, one more switch joins the active topology. As the network converges, this proposal-agreement handshaking progresses from the root toward the leaves of the spanning tree as shown in this figure. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 102: Protocol Timers

    This timer is generally not used by the protocol, but it is used when interoperating with the 802.1D spanning tree. The default is 15 seconds, and the range is from 4 to 30 seconds. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 103: Port Roles

    Designated ports start in the blocking state. The port state controls the operation of the forwarding and learning processes. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 104: Rapid Pvst+ Port State Overview

    When the STP algorithm places a Layer 2 LAN port in the forwarding state, the following process occurs: 1 The Layer 2 LAN port is put into the blocking state while it waits for protocol information that suggests it should go to the learning state. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 105: Blocking State

    • Forwards frames received from the attached segment. • Forwards frames switched from another port for forwarding. • Incorporates the end station location information into its address database. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 106: Disabled State

    An individual port on the device is synchronized if either of the following applies: • That port is in the blocking state. • It is an edge port (a port configured to be at the edge of the network). Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 107: Processing Superior Bpdu Information

    An inferior BPDU is a BPDU with root information (such as a higher switch ID or higher path cost) that is inferior to what is currently stored for the port. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 108: Detecting Unidirectional Link Failure:rapid Pvst

    See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on UDLD. When a designated port detects a conflict, it keeps its role, but reverts to a discarding state because disrupting connectivity in case of inconsistency is preferable to opening a bridging loop.

  • Page 109: Port Priority

    Rapid PVST+ and IEEE 802.1Q Trunks The 802.1Q trunks impose some limitations on the STP strategy for a network. In a network of Cisco network devices connected through 802.1Q trunks, the network devices maintain one instance of STP for each VLAN allowed on the trunks.

  • Page 110: Rapid Pvst+ Interoperation With 802.1S Mst

    The software supports high availability for Rapid PVST+. However, the statistics and timers are not restored when Rapid PVST+ restarts. The timers start again and the statistics begin from 0. See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information Note on high-availability features.

  • Page 111: Licensing Requirements For Rapid Pvst

    BPDUs on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved 802.1D spanning tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree Protocol (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).
  • Page 112 ◦ short: 4 ◦ long: 20,000 • 10 Gigabit Ethernet: ◦ short: 2 ◦ long: 2,000 • 40 Gigabit Ethernet: ◦ short: 1 ◦ long: 500 Hello time 2 seconds. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 113: Configuring Rapid Pvst

    Procedure Command or Action Purpose Step 1 config t Enters configuration mode. Example: switch# config t switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 114: Disabling Or Enabling Rapid Pvst+ Per Vlan - Cli Version

    You can enable or disable Rapid PVST+ on each VLAN. Rapid PVST+ is enabled by default on the default VLAN and on all VLANs that you create. Note Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 115 VLAN. This action can have unexpected results because switches and bridges with spanning tree enabled will have incomplete information regarding the physical topology of the network. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 116: Configuring The Root Bridge Id

    Example: switch# config t switch(config)# Step 2 spanning-tree vlan vlan-range root primary Sets the bridge priority for the spanning tree. Example: switch(config)# spanning-tree vlan 2 root primary Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 117: Configuring A Secondary Root Bridge-Cli Version

    With the device configured as the root bridge, do not manually configure the hello time, forward-delay time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 118: Configuring The Rapid Pvst+ Bridge Priority Of A Vlan

    You can configure the Rapid PVST+ bridge priority of a VLAN. This is another method of configuring root bridges. Be careful when using this configuration. We recommend that you configure the primary root and secondary Note root to modify the bridge priority. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 119: Configuring The Rapid Pvst+ Port Priority - Cli Version

    The device uses the port priority value when the LAN port is configured as an access port and uses the VLAN port priority values when the LAN port is configured as a trunk port. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 120: Configuring The Rapid Pvst+ Path-Cost Method And Port Cost - Cli Version

    On access ports, you can assign the port cost for each port. On trunk ports, you can assign the port cost for each VLAN; you can configure all the VLANs on a trunk with the same port cost. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 121 Step 5 Exits interface mode. exit Example: switch(config-if)# exit switch(config)# Step 6 show spanning-tree pathcost method (Optional) Displays the STP path-cost method. Example: switch# show spanning-tree pathcost method Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 122: Configuring The Rapid Pvst+ Hello Time For A Vlan - Cli Version

    Step 3 exit Exits configuration mode. Example: switch(config)# exit switch# Step 4 show spanning-tree vlan vlan_id (Optional) Displays the STP configuration per VLAN. Example: switch# show spanning-tree vlan 5 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 123: Configuring The Rapid Pvst+ Forward Delay Time For A Vlan - Cli Version

    Displays the STP configuration per VLAN. Example: switch# show spanning-tree vlan 5 Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 124: Configuring The Rapid Pvst+ Maximum Age Time For A Vlan - Cli Version

    This example shows how to configure the maximum aging time for VLAN 5 to 36 seconds: switch# config t switch(config)# spanning-tree vlan 5 max-age 36 switch(config)# exit switch# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 125: Specifying The Link Type For Rapid Pvst+ - Cli Version

    (Optional) Displays the STP configuration. Example: switch# show spanning-tree Step 6 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 126: Reinitializing The Protocol For Rapid Pvst

    Displays STP information per VLAN and interface. | interface {[ethernetslot/port] | [port-channelchannel-number]}} [detail] show spanning-tree vlanshow spanning-tree vlan Displays information on the STP bridge. vlan-id bridge Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 127: Displaying And Clearing Rapid Pvst+ Statistics -- Cli Version

    Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide Cisco NX-OS fundamentals Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide High availability Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 128 IEEE 802.1D-2004 (formerly known as IEEE 802.1w), IEEE 802.1D, IEEE 802.1t MIBs MIBs MIBs Link To locate and download MIBs, go to the following • CISCO-STP-EXTENSION-MIB URL: ftp://ftp.cisco.com/pub/mibs/supportlists/ nexus9000/Nexus9000MIBSupportList.html • BRIDGE-MIB Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 129: Information About Mst

    • Additional References for MST -- CLI Version, page 149 Information About MST See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on creating Note Layer 2 interfaces. MST, which is the IEEE 802.1s standard, allows you to assign two or more VLANs to a spanning tree instance.

  • Page 130: Mst Overview

    IST. You can assign a VLAN to only one MST instance at a time. The MST region appears as a single bridge to adjacent MST regions and to other Rapid PVST+ regions and 802.1D spanning tree protocols. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 131: Mst Bpdus

    (0) and last element (4095) set to 0. The value of element number X represents the instance to which VLAN X is mapped. Note When you change the VLAN-to-MSTI mapping, the system reconverges MST. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 132: Ist, Cist, And Cst

    (lower switch ID, lower path cost, and so forth) than the information that is currently stored for the port, it relinquishes its claim as the CIST regional root. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 133: Spanning Tree Operations Between Mst Regions

    Only the CST instance sends and receives BPDUs. MSTIs add their spanning tree information into the BPDUs (as M-records) to interact with neighboring devices within the same MST region and compute the final Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 134: Mst Terminology

    (only on the IST), and the same values are propagated by the region-designated ports at the boundary. You configure a maximum aging time as the number of seconds that a device waits without receiving spanning tree configuration messages before attempting a reconfiguration. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 135: Boundary Ports

    Note See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on Unidirectional Link Detection (UDLD). When a designated port detects a conflict, it keeps its role, but reverts to a discarding state because disrupting connectivity in case of inconsistency is preferable to opening a bridging loop.

  • Page 136: Port Cost And Port Priority

    All Rapid PVST+ switches (and all 8021.D STP switches) on the link can process MST BPDUs as if they are 802.1w BPDUs. MST devices can send either Version 0 configuration and topology change notification (TCN) Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 137: High Availability For Mst

    MST restarts. The timers start again and the statistics begin from 0. The device supports full nondisruptive upgrades for MST. See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information on nondisruptive upgrades and high-availability features.
  • Page 138 ◦ To leave the MST configuration submode and commit all the changes that you made before you left the submode, enter the exit or end commands, or press Ctrl + Z. The software supports full nondisruptive upgrades for MST. See Cisco Nexus 9000 Series NX-OS High Note Availability and Redundancy Guide, for complete information about nondisruptive upgrades.

  • Page 139: Default Settings For Mst

    • 1 Gigabit Ethernet: 20,000 • 10 Gigabit Ethernet: 2,000 • 40 Gigabit Ethernet: 500 Hello time 2 seconds Forward-delay time 15 seconds Maximum-aging time 20 seconds Maximum hop count 20 hops Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 140: Configuring Mst

    • Full duplex: point-to-point link • Half duplex: shared link Configuring MST If you are familiar with the Cisco IOS CLI, be aware that the Cisco software commands for this feature Note might differ from the Cisco IOS commands that you would use.

  • Page 141: Entering Mst Configuration Mode

    Command or Action Purpose Step 1 config t Enters configuration mode. Example: switch# config t switch(config)# Step 2 spanning-tree mst configuration or • spanning-tree mst configuration no spanning-tree mst configuration Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 142: Specifying The Mst Name

    You can configure a region name on the bridge. If two or more bridges are in the same MST region, they must have the identical MST name, VLAN-to-instance mapping, and MST revision number. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 143 This example shows how to set the name of the MST region: switch# config t switch(config)# spanning-tree mst configuration switch(config-mst)# name accounting switch(config-mst)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 144: Specifying The Mst Configuration Revision Number

    This example shows how to configure the revision number of the MSTI region to 5: switch# config t switch(config)# spanning-tree mst configuration switch(config-mst)# revision 5 switch(config-mst)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 145: Specifying The Configuration On An Mst Region

    Step 5 revision version Specifies the configuration revision number. The range is from 0 to 65535. Example: switch(config-mst)# revision 1 Step 6 exit or abort • exit Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 146: Mapping Or Unmapping A Vlan To An Mst Instance - Cli Version

    You cannot map VLANs 3968 to 4095 to an MST instance. These VLANs are reserved for internal use by the device. When you change the VLAN-to-MSTI mapping, the system reconverges MST. Note Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 147 Exits the MST configuration submode without committing any of the changes. Step 5 show spanning-tree mst configuration (Optional) Displays the MST configuration. Example: switch# show spanning-tree mst configuration Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 148: Configuring The Root Bridge

    Procedure Command or Action Purpose Step 1 Enters configuration mode. config t Example: switch# config t switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 149 This example shows how to configure the device as the root switch for MSTI 5: switch# config t switch(config)# spanning-tree mst 5 root primary switch(config)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 150: Configuring An Mst Secondary Root Bridge

    Step 3 exit Exits configuration mode. Example: switch# exit switch(config)# Step 4 show spanning-tree mst (Optional) Displays the MST configuration. Example: switch# show spanning-tree mst Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 151: Configuring The Mst Switch Priority

    Priority values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. The system rejects all other values. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 152: Configuring The Mst Port Priority

    Specifies an interface to configure, and enters interface configuration mode. number}} Example: switch(config)# interface ethernet switch(config-if)# Step 3 spanning-tree mst instance-id Configures the port priority as follows: port-priority priority Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 153: Configuring The Mst Port Cost

    MST puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. MST uses the long path-cost calculation method. Note Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 154 This example shows how to set the MST interface port cost on Ethernet 3/1 for MSTI 4: switch# config t switch(config)# interface ethernet 3/1 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 155: Configuring The Mst Hello Time

    Example: switch(config)# copy running-config startup-config This example shows how to configure the hello time of the device to 1 second: switch# config t switch(config)# spanning-tree mst hello-time 1 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 156: Configuring The Mst Forwarding-Delay Time

    Configuring the MST Maximum-Aging Time You can set the maximum-aging timer for all MST instances on the device with one command (the maximum age time only applies to the IST). Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 157: Configuring The Mst Maximum-Hop Count

    MST uses the path cost to the IST regional root and a hop-count mechanism similar to the IP time-to-live (TTL) mechanism. The hop count achieves the same result as the message-age information (triggers a reconfiguration). Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 158: Configuring An Interface To Proactively Send Prestandard Mstp Messages - Cli Version

    MSTP messages. That is, the specified interface would not have to wait to receive a prestandard MSTP message; the interface with this configuration always sends prestandard MSTP messages. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 159: Specifying The Link Type For Mst - Cli Version

    A full-duplex port is considered to have a point-to-point connection; a half-duplex port is considered to have a shared connection. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 160 This example shows how to configure the link type as a point-to-point link: switch# config t switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree link-type point-to-point switch(config-if)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 161: Reinitializing The Protocol For Mst

    Displays summary STP information. show spanning-tree detail Displays detailed STP information. show spanning-tree {vlan vlan-id | interface Displays STP information per VLAN and interface. {[ethernet slot/port] | [port-channel channel-number]}} [detail] Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 162: Displaying And Clearing Mst Statistics -- Cli Version

    20 vlan 400-420 switch(config-mst)# instance 21 vlan 421-441 switch(config-mst)# instance 22 vlan 442-462 switch(config-mst)# instance 23 vlan 463-483 switch(config-mst)# instance 24 vlan 484-504 switch(config-mst)# instance 25 vlan 505-525 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 163: Additional References For Mst -- Cli Version

    Additional References for MST -- CLI Version Related Documents Related Topic Document Title Layer 2 interfaces Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 164 IEEE 802.1D-2004 (formerly known as IEEE 802.1w), IEEE 802.1D, IEEE 802.1t MIBs MIBs MIBs Link To locate and download MIBs, go to the following • CISCO-STP-EXTENSION-MIB URL: ftp://ftp.cisco.com/pub/mibs/supportlists/ nexus9000/Nexus9000MIBSupportList.html • BRIDGE-MIB Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 165: Information About Stp Extensions

    • Additional References for STP Extensions -- CLI Version, page 177 Information About STP Extensions See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on creating Note Layer 2 interfaces. Cisco has added extensions to STP that enhances loop prevention, protects against some possible user misconfigurations, and provides better control over the protocol parameters.

  • Page 166: Stp Port Types

    With Bridge Assurance enabled, BPDUs are sent out on all operational network ports, including alternate and backup ports, for each hello time period. If the port does not receive a BPDU for a specified period, the port Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 167 Figure 14: Network with Normal STP Topology This figure demonstrates a potential network problem when the device fails and you are not running Bridge Assurance. Figure 15: Network Problem without Running Bridge Assurance Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 168: Bpdu Guard

    When you configure BPDU Guard globally, it is effective only on operational spanning tree edge ports. In a valid configuration, Layer 2 LAN edge interfaces do not receive BPDUs. A BPDU that is received by an edge Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 169: Bpdu Filtering

    2 The port transmits at least 10 BPDUs. If this port receives any BPDUs, the port returns to the spanning tree normal port state and BPDU filtering is disabled. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 170: Loop Guard

    We recommend that you configure the various STP extension features through your network as shown in this figure. Bridge Assurance is enabled on the entire network. You should enable either BPDU Guard or BPDU Filtering on the host interface. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 171: Pvst Simulation

    STP instances are not on one side or the other, the software moves the port into a PVST simulation-inconsistent state. We recommend that you put the root bridge for all STP instances in the MST region. Note Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 172: High Availability For Stp

    The software supports high availability for STP. However, the statistics and timers are not restored when STP restarts. The timers start again and the statistics begin from 0. Note See the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, for complete information on high-availability features. Licensing Requirements for STP Extensions...

  • Page 173: Default Settings For Stp Extensions

    Note link failure. A loop may occur until UDLD detects the failure, but Loop Guard will not be able to detect it. See the Cisco NX-OSSeries NX-OS Interfaces Configuration Guide, for information on UDLD. • You should enable Loop Guard globally on a switch network with physical loops.

  • Page 174: Configuring Stp Extensions Steps

    PVST simulation Enabled Configuring STP Extensions Steps If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature Note might differ from the Cisco IOS commands that you would use. You can enable Loop Guard per interface on either shared or point-to-point links.
  • Page 175 This example shows how to configure all access ports connected to Layer 2 hosts as spanning tree edge ports: switch# config t switch(config)# spanning-tree port type edge default switch(config)# exit switch# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 176: Configuring Spanning Tree Edge Ports On Specified Interfaces

    • Ensure that you are configuring the ports correctly as to the device to which the port is connected. Procedure Command or Action Purpose Step 1 config t Enters configuration mode. Example: switch# config t switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 177: Configuring Spanning Tree Network Ports On Specified Interfaces

    Bridge Assurance globally, it automatically runs on a spanning tree network port. • spanning-tree port type normal —This command explicitly configures the port as a normal spanning tree port and Bridge Assurance cannot run on this interface. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 178 Step 5 show spanning-tree interface type slot/port (Optional) Displays the STP configuration including the STP port type if configured. Example: switch# show spanning-tree interface ethernet 1/4 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 179: Enabling Bpdu Guard Globally

    Enables BPDU Guard by default on all spanning-tree port type edge bpduguard default spanning tree edge ports. By default, global BPDU Guard is disabled. Example: switch(config)# spanning-tree port type edge bpduguard default Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 180: Enabling Bpdu Guard On Specified Interfaces

    Before You Begin Before you configure this feature, you should do the following: • Ensure that STP is configured. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 181 This example shows how to explicitly enable BPDU Guard on the Ethernet edge port 1/4: switch# config t switch(config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpduguard enable switch(config-if)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 182: Enabling Bpdu Filtering Globally

    Step 3 exit Exits configuration mode. Example: switch(config)# exit switch# Step 4 show spanning-tree summary (Optional) Displays summary STP information. Example: switch# show spanning-tree summary Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 183: Enabling Bpdu Filtering On Specified Interfaces

    • Ensure that STP is configured. When you enable BPDU Filtering locally on a port, this feature prevents the device from receiving or Note sending BPDUs on this port. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 184 This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4: switch# config t switch(config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpdufilter enable switch(config-if)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 185: Enabling Loop Guard Globally

    Displays summary STP information. Example: switch# show spanning-tree summary Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 186: Enabling Loop Guard Or Root Guard On Specified Interfaces

    Enables or disables either Loop Guard or Root Guard for the specified interface. By default, Root Guard is disabled by default, and Loop Guard on Example: specified ports is also disabled. switch(config-if)# spanning-tree guard loop Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 187 This example shows how to enable Root Guard on Ethernet port 1/4: switch# config t switch(config)# interface etherent 1/4 switch(config-if)# spanning-tree guard root switch(config-if)# exit switch(config)# Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 188: Configuring Pvst Simulation Globally-Cli Version

    Displays detailed STP information. Example: switch# show spanning-tree summary Step 5 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 189: Configuring Pvst Simulation Per Port

    Rapid PVST+ and MST. simulate pvst • spanning-tree mst simulate pvst Reenables seamless operation between MST and Rapid PVST+ on specified interfaces. • no spanning-tree mst simulate pvst Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 190: Verifying The Stp Extension Configuration

    Displays summary information on STP. show spanning-tree mst instance-id interface Displays MST information for the specified interface {ethernet slot/port | port-channel channel-number} and instance. [detail] Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 191: Configuration Examples For Stp Extension

    Cisco Nexus 9000 Series NX-OS System Management Configuration Guide Standards Standards Title IEEE 802.1Q-2006 (formerly known as IEEE 802.1s), — IEEE 802.1D-2004 (formerly known as IEEE 802.1w), IEEE 802.1D, IEEE 802.1t Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 192 Additional References for STP Extensions -- CLI Version MIBs MIBs MIBs Link To locate and download MIBs, go to the following • CISCO-STP-EXTENSION-MIB URL: ftp://ftp.cisco.com/pub/mibs/supportlists/ nexus9000/Nexus9000MIBSupportList.html • BRIDGE-MIB Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...

  • Page 193: About Reflective Relay 802.1Qbg

    Reflective relay leverages the external switch for switching features and management capabilities, freeing server resources to support the VMs. Reflective relay applies the policies you configure on the Cisco Nexus N9K-C93180XX-EX switch to traffic between the VMs on the same server.

  • Page 194: Guidelines And Limitations For Reflective Relay

    • Physical domains—virtual domains are not supported. • Physical ports and port channels—Does not support Cisco Fabric Extender (FEX) and blade servers. If reflective relay is enabled on an unsupported interface, a fault is raised, and the last valid configuration is retained.
  • Page 195 Configuring Reflective Relay for Layer2 Switching Configuring Reflective Relay Using the NX-OS CLI Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 196 Configuring Reflective Relay for Layer2 Switching Configuring Reflective Relay Using the NX-OS CLI Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x...
  • Page 197 103, 134, 135, 136 feature private-vlan primary root feature vtp private-vlan mapping force remove hello revision 130, 131 hello-time 103, 135 how interface show consistency-checker l2 show forwarding consistency l2 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x IN-1...
  • Page 198 127, 129, 130, 131, 133 vtp password spanning-tree mst forward-time 102, 103, 134, 142 vtp version spanning-tree mst hello-time 102, 103, 134, 141 Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x IN-2...

Table of Contents