Configure Layer 2 Interfaces
Configure Layer 2 Interfaces
From Cisco NX-OS 5.2 Releases onwards there are fooling types of Layer 2 ports configurable on Nexus Device
- An Access port
- A Trunk Port
- A Private VLAN ports
- A fabric Path Port
- A Shared Interface: But you cannot configure access port as shared interface.
An access port are those port where any host are connected and are part of only one VLAN. To optimize access port performance, you can also configure access port as host port. If any access port receives any packet tagged with 802.1Q value in header other than access VLAN value, port will not learn the MAC address of the packet and simply drops the packet.
Configure HOST Port:
A trunk port are those ports through which one or more than one VLAN traffic or VTP information, Broadcast packet can pass through. A trunk port can be part of multiple vlan. Cisco Nexus series switches support only 802.1Q encapsulation for tagging any vlan traffic which are going out of any trunk port.
By default all ports on Nexus 7K are layer 3 interface. You can convert all ports to layer 2 ports by following command: system default switchport
A trunk port can also be configured to specifically allow certain VLAN to flow over it by following command:
Switchport trunk allowed vlan add < VLAN IDs >
IEEE 802.1Q Encapsulation:
A trunk port is the port which carry traffic of multiple Vlans, in order to mark or identify which packet belong to which vlan tagging is done. This tagging is done by inserting the 4 byte tag in to frame header. This tag provide the information about specific VLAN of which this packet belong to.
Access VLAN are those VLAN which are used to configure any access port. Any Access port who are part of any access VLAN, will carry the traffic of that VLAN only. If any port not configured in any access VLAN are by default part of VLAN 1.
Before assigning port to any VLAN, VLAN must be configured
If any point of time, an access port membership to vlan is changed and if that VLAN does not exits than system will shut down that access Port.
Allowed VLAN Range: 1 to 3967, 4098 to 4094
Trunk port Native VLAN:
As we know trunk port carry the VLAN tagged traffic, but it can also carry nontagged traffic also. When we configure any native VLAN ID on Trunk port and any data traffic which belong to that Native VLAN will not be tagged and will sent out of trunk port untagged.
Native VLAN ID must match between both ends of trunk port else it will give native VLAN mismatch error.
If tagged packet enters to switch and its VLAN ID matches to Native VLAN id, on egress, switch will strip of the VLAN id tag from header and will sent out untagged.
You can also configure any switch to drop all untagged packet on trunk port and to retain tagged packet which is entering on trunk port whose value are equal to Native VLAN ID.
Use following command to tag any packet on Native VLAN: “switchport trunk native vlan tag”.
And if you want to tag packet with Native VLAN and untag control packet use following command:
Switchport trunk native vlan tag exclude control
By default interface you can erase the configuration of any configured interface or multiple interface like Ethernet, Loopback, SVI, Port-Channel, and interface.
Once you configure any interface as default interface all user configuration done under this interface will be wiped out.
On management interface default interface is not supported to prevent the device from unreachable state.
Licensing Requirement for Interface: For interface level configuration no license is required like vPC.