Configure Layer 2 Switching features Nexus

Configure Layer 2 Switching features Nexus

Posted on Jan 24, 2020 (0)

Configure Layer 2 Switching features Nexus

Frame Switching between Segments:

When the L2 Frame needs to be switched between segments, switch lookup its address table to find where the destination MAC is connected to. To switch frames between LAN, each switch maintains an address table called as CAM table or MAC table.

This table is populated dynamically when any L2 frame enters on port, switch Port captures the MAC address of the frame and populates the CAM table with MAC address, its associated port and interface to which this host is connected.

When a frame has destination address as FF.FF.FF.FF then it is treated as broadcast frame and the switch will flood this broadcast frame to all its ports that belong to same VLAN.

We have also option to configure MAC address called as Static MAC address, which statically points to specified interface on switch and also on both devices which are connected by VPC Peer link. These static MAC address overrides the dynamic learned MAC address on that interface. Broadcast MAC address are not configured however Multicast MAC address can be configured as static MAC address.

All MAC address tables on each module should exactly match MAC address table on supervisor but if yu want to see the missing and extra MAC address entries use the below commands:

N7K1# config t
N7K1(config)# mac address-table static 0000.000a.1123 vlan 2 interface ethernet 1/1

Configure Static MAC address on Layer -3 Interface.

N7K1# config t
N7K1(config)# interface ethernet 6/3
N7K1(config-if)# mac-address 22ac.47ad.ff39

Show forwarding consistency L2

Now from NX-OS 4.2 onwards MAC address can also be statically configured for all L3 interfaces. IF you want to know what is the default MAC address for Layer 3 interface? , it is VDC MAC address.

A static MAC address can be configured on following Layer-3 interface.

  • A Layer 3 Interface
  • A Layer 3 Sub interface
  • A Layer 3 Port-Channel

But you cannot configure Static MAC address on tunnel interface.

License Requirement for L2 Switching

For Layer 2 switching, there is no additional license required.

Limitation for Configuring MAC address and Module learning Behavior

Following table shows MAC address limitation based on Module:

  • M1 Line Cards: 128,000 entries
  • F1 Line Cards: 16,000 to 256,000 entries
  • F2 and F2e Line Cards: 16000 to 192,000 entries.

Below table explains the NX-OS 6.0.1 supported learning mode feature:

N7K1# config t
N7K1(config)# mac address-table learning-mode conversational vlan1
N7K1(config)# end
N7K1(config)# show mac address-table learning-mode

Default Setting for Layer 2 Switching:

Aging Time: 1800 Sec

N7K1# config t
N7K1(config)# mac address-table aging-time 600


Virtual LAN is used to divide the network or segments in multiple segments in order to avoid the large Broadcast domain to smaller one.

How to create the VLAN and its operation parameter and also learn how reserve any VLAN.

N7K1# config t
N7K1(config)# vlan 10
N7K1(config-vlan)# name dclessons
N7K1(config-vlan)# state active
N7K1(config-vlan)# no shutdown
N7K1(config-vlan)# exit
N7K1# configuration terminal
N7K1(config)# system vlan 2000 reserve

Configuring MVRP:

MVRP is the Multiple VLAN Registration Protocol is IEEE 802.1ak that helps in dynamic registration and deregistration of VLAN on ports.

MVRP helps in registering VLAN and enables a VLAN Bridge to restrict the multicast, unknown unicast and broadcast traffic to links that are used by regular traffic to access appropriate network devices. With this feature MVRP improves resource utilization and bandwidth conservation for this to achieve MVRP sends one PDU which includes state if all 4094 VLANS on a port.

MVRP is not supported on Sub-interface and is only supported on IEEE 802.1Q trunk, Port-channel or VPC both side.

N7K1# configuration terminal
N7K1(config)# int ethX/Y
N7K1(config-if)# feature mvrp
N7K1(config-if)# mvrp registration {normal | fixed | forbidden}
N7K1(config-if)# mvrp timer {{join | leave | join-leave} timer-value | periodic}

  • Normal: It specify that the register responds normally to incoming MVRP messages.
  • Fixed: It specify that the register to ignore all incoming MVRP messages remain in IN state.
  • Forbidden: It specify that the register to ignore all incoming MVRP messages remain in EMPTY (MT) state.

VTP Overview:

VTP is VLAN trunk protocol used to advertise the VLAN information, VTP attributes to all other switches participating in VTP domain.

VTP is used to create, delete, and renaming of VLANs with in VTP domains where more than one switch are connected via trunk ports. VTP is by default disabled on Switch and it can be enabled on Switches by CLI configuration. Whenever any VAN is configured these information is advertised to a multicast address and all neighboring devices receives this.

Following information is advertised by VTP packets to all other device in VTP domain.

  • VTP management domain
  • Configuration revision number
  • Known VLANs and its associated parameter.

VTP Modes: Following are the VTP modes used in VTP domains.


  • Creates, Deletes, modify and renames VLAN
  • It is the default Mode
  • VLAN information is stored on bootflash and cannot be erased after reboot.


  • This mode allows to relay all VTP protocol packets once it receives on trunk ports.
  • Any modification done in VLAN is local to Switch and is not advertises to another device in same VTP domains.
  • It does not advertise VLAN configuration and also does not synchronize VLAN configuration based on received VTP advertisement.
  • VLAN range between 1002- 1005 in VTP client/server mode as these are reserved for Token Ring.


  • VTP client’s behavior is same as VTP server but it cannot create, rename, modify and delete VLANs.
  • Whatever it receives, advertise to another device participating in VTP domains.

 VTP v3:

VTP v3 is introduced in Cisco NX-OS 7.2(0) and has following features:

  • It has interoperability with VTP v1 and v2
  • It allow only Primary server to do VTP configuration changes
  • It supports 4K VLAN
  • It provides security with hidden and secret password
  • It has interoperability with PVLAN
  • It also resolves the issue of VTP bombing.

N7K1(config)# feature vtp
N7K1(config)# vtp domain domain-name
N7K1(config)# vtp version {1 | 2 | 3}
N7K1(config)# vtp mode {client | server | transparent | off} [vlan | mst | unknown]
N7K1(config)# vtp password password-value [ hidden | secret]
N7K1(config)# vtp primary [feature] [force]



    You are will be the first.


Please login here to comment.