Configure Layer 2 Interfaces

Configure Layer 2 Interfaces

Posted on Jan 24, 2020 (0)

Configure Layer 2 Interfaces

From Cisco NX-OS 5.2 Releases onwards there are fooling types of Layer 2 ports configurable on Nexus Device

  • An Access port
  • A Trunk Port
  • A Private VLAN ports
  • A fabric Path Port
  • A Shared Interface: But you cannot configure access port as shared interface.

Access Port:

An access port are those port where any host are connected and are part of only one VLAN. To optimize access port performance, you can also configure access port as host port. If any access port receives any packet tagged with 802.1Q value in header other than access VLAN value, port will not learn the MAC address of the packet and simply drops the packet.

N7K1# configure terminal
N7K1(config)# interface ethernet 1/1
N7K1(config-if)# switchport mode access
N7K1(config-if)# switchport access vlan 10

Configure HOST Port:

N7K1# configure terminal
N7K1(config)# interface ethernet 1/1
N7K1(config-if)# switchport host

Trunk Port:

A trunk port are those ports through which one or more than one VLAN traffic or VTP information, Broadcast packet can pass through. A trunk port can be part of multiple vlan. Cisco Nexus series switches support only 802.1Q encapsulation for tagging any vlan traffic which are going out of any trunk port.

By default all ports on Nexus 7K are layer 3 interface. You can convert all ports to layer 2 ports by following command: system default switchport

A trunk port can also be configured to specifically allow certain VLAN to flow over it by following command:

Switchport trunk allowed vlan add < VLAN IDs >

IEEE 802.1Q Encapsulation:

A trunk port is the port which carry traffic of multiple Vlans, in order to mark or identify which packet belong to which vlan tagging is done. This tagging is done by inserting the 4 byte tag in to frame header. This tag provide the information about specific VLAN of which this packet belong to.

Access VLAN:

Access VLAN are those VLAN which are used to configure any access port. Any Access port who are part of any access VLAN, will carry the traffic of that VLAN only. If any port not configured in any access VLAN are by default part of VLAN 1.

Before assigning port to any VLAN, VLAN must be configured

N7K1 (Config t) # VLAN 10

If any point of time, an access port membership to vlan is changed and if that VLAN does not exits than system will shut down that access Port.

Allowed VLAN Range: 1 to 3967, 4098 to 4094

Trunk port Native VLAN:

As we know trunk port carry the VLAN tagged traffic, but it can also carry nontagged traffic also. When we configure any native VLAN ID on Trunk port and any data traffic which belong to that Native VLAN will not be tagged and will sent out of trunk port untagged.

Native VLAN ID must match between both ends of trunk port else it will give native VLAN mismatch error.

If tagged packet enters to switch and its VLAN ID matches to Native VLAN id, on egress, switch will strip of the VLAN id tag from header and will sent out untagged.

You can also configure any switch to drop all untagged packet on trunk port and to retain tagged packet which is entering on trunk port whose value are equal to Native VLAN ID.

Use following command to tag any packet on Native VLAN: “switchport trunk native vlan tag”.

And if you want to tag packet with Native VLAN and untag control packet use following command:

Switchport trunk native vlan tag exclude control

N7K1# configure terminal
N7K1(config)# interface ethernet 1/1
N7K1(config-if)# switchport mode trunk
N7K1(config-if)# switchport trunk native vlan 10
N7K1(config-if)# switchport trunk allowed vlan 15-20

 Default Interface:

By default interface you can erase the configuration of any configured interface or multiple interface like Ethernet, Loopback, SVI, Port-Channel, and interface.

Once you configure any interface as default interface all user configuration done under this interface will be wiped out.

On management interface default interface is not supported to prevent the device from unreachable state.

N7K1# configure terminal
N7K1(config)# default interface ethernet 1/1 checkpoint dclessons1

Licensing Requirement for Interface: For interface level configuration no license is required like vPC.


    You are will be the first.


Please login here to comment.