Cisco Systems N3KC3064TFAL3 User Manual

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide,Release 5.0(3)U3(1)First Published: February 29, 2012Last Modified: March 22, 2012America

Configuring MAC Addresses 131Configuring a Static MAC Address 131Configuring the Aging Time for the MAC Table 132Clearing Dynamic Addresses from the M

If you set the link to shared, STP moves back to 802.1D.ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Spe

PurposeCommandDisplays selected detailed information for the currentspanning tree configuration.switch# show spanning-tree [options]This example shows

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)88 OL-26590-01 Configuring Rapid PVST+Verifying Rapid PVST+ Confi

CHAPTER 9Configuring Multiple Spanning TreeThis chapter contains the following sections:•Information About MST, page 89•Configuring MST, page 97•Verif

You must enable MST; Rapid PVST+ is the default spanning tree mode.NoteMST RegionsTo allow switches to participate in MST instances, you must consiste

MST Configuration InformationThe MST configuration that must be identical on all switches within a single MST region is configured bythe user.You can

•The CST interconnects the MST regions and any instance of 802.1D and 802.1w STP that may berunning on the network. The CST is the one STP instance fo

The following figure shows a network with three MST regions and an 802.1D switch (D). The CIST regionalroot for region 1 (A) is also the CIST root. Th

•The CIST external root path cost is the cost to the CIST root. This cost is left unchanged within an MSTregion. An MST region looks like a single swi

with a port that belongs to a different region, creating the possibility of receiving both internal and externalmessages on a port (see the following

PrefaceThis preface contains the following sections:•Audience, page xi•Document Conventions, page xi•Related Documentation for Nexus 3000 Series NX-OS

Port Cost and Port PrioritySpanning tree uses port costs to break a tie for the designated port. Lower values indicate lower port costs,and spanning t

Interoperability with Rapid PVST+: Understanding PVST SimulationMST interoperates with Rapid PVST+ with no need for user configuration. The PVST simul

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Enables MST on the switch.switch(config)# spanning-tree mod

PurposeCommand or Action•Synchronize primary and secondary VLANs in privateVLANsswitch(config-mst)# exit orswitch(config-mst)# abortStep 3•The first f

Specifying the MST Configuration Revision NumberYou configure the revision number on the bridge. For two or more bridges to be in the same MST region,

PurposeCommand or ActionWhen you map VLANs to an MST instance, the mapping isincremental, and the VLANs specified in the command are addedto or remove

Mapping and Unmapping VLANs to MST InstancesWhen you change the VLAN-to-MSTI mapping, the system restarts MST.CautionYou cannot disable an MSTI.NoteFo

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Enters MST configuration submode.switch(config)# spanning-t

PurposeCommand or Action•For instance-id, you can specify a single instance, a rangeof instances separated by a hyphen, or a series of instancessepara

PurposeCommand or Action(Optional)Returns the switch priority, diameter, and hello-time to defaultvalues.switch(config)# no spanning-treemst instance-

DescriptionConventionNested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a v

Configuring the Port CostThe MST path cost default value is derived from the media speed of an interface. If a loop occurs, MST usesthe cost when sele

Exercise care when using this command. For most situations, we recommend that you enter thespanning-tree mst root primary and the spanning-tree mst ro

PurposeCommand or Actionmessages by the root bridge. These messages mean that theswitch is alive. For seconds, the range is from 1 to 10, andthe defau

PurposeCommand or ActionConfigures the maximum-aging time for all MST instances.The maximum-aging time is the number of seconds that aswitch(config)#

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Disables all interfaces on the switch from automaticallyint

This example shows how to prevent the specified interfaces from automatically interoperating with a connectingswitch that is not running MST:switch# c

ProcedurePurposeCommand or ActionRestarts MST on entire switch orspecified interfaces.switch# clear spanning-tree detected-protocol[interface interfac

CHAPTER 10Configuring STP ExtensionsThis chapter contains the following sections:•About STP Extensions, page 113About STP ExtensionsCisco has added ex

If you configure a port connected to another switch as an edge port, you might create a bridging loop.NoteSpanning Tree Network PortsNetwork ports are

interface signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDUGuard, when enabled globally, shuts down all

Release NotesThe release notes are available at the following URL:http://www.cisco.com/en/US/products/ps11541/prod_release_notes_list.htmlInstallation

BPDU Filtering StateSTP Edge PortConfigurationBPDU Filtering GlobalConfigurationBPDU Filtering Per PortConfigurationEnableBPDUs arenever sent andif re

put into a root-inconsistent (blocked) state. After the port stops send superior BPDUs, the port is unblockedagain. Through STP, the port moves to the

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Configures all interfaces as edge ports. This assumes all p

• no spanning-tree port type—This command implicitly enables edge behavior if you define thespanning-tree port type edge default command in global con

A port connected to a host that is configured as a network port automatically moves into the blockingstate.NoteBefore You BeginEnsure that STP is conf

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Enables BPDU Guard by default on all spanningtree edge port

PurposeCommand or ActionThis example shows how to explicitly enable BPDU Guard on the Ethernet edge port 1/4:switch# configure terminalswitch (config)

Enabling BPDU Filtering on Specified InterfacesYou can apply BPDU Filtering to specified interfaces. When enabled on an interface, that interface does

This example shows how to explicitly enable BPDU Filtering on the Ethernet spanning tree edge port 1/4:switch# configure terminalswitch (config)# inte

Before You BeginEnsure that STP is configured.Ensure that you are configuring Loop Guard on spanning tree normal or network ports.ProcedurePurposeComm

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additi

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)126 OL-26590-01 Configuring STP ExtensionsVerifying STP Extension

CHAPTER 11Configuring LLDPThis chapter contains the following sections:•Configuring Global LLDP Commands, page 127•Configuring Interface LLDP Commands

DCBXP is enabled by default, provided LLDP is enabled. When LLDP is enabled, DCBXP can be enabledor disabled using the [no] lldp tlv-select dcbxp comm

This example shows how to configure the global LLDP hold time to 200 seconds:switch# configure terminalswitch(config)# lldp holdtime 200switch(config)

Remote Peers Information on interface Eth1/40Remote peer's MSAP: length 12 Bytes:00 c0 dd 0e 5f 3a 00 c0 dd 0e 5f 3aLLDP TLV'sLLDP TLV type:

CHAPTER 12Configuring the MAC Address TableThis chapter contains the following sections:•Information About MAC Addresses, page 131•Configuring MAC Add

You can also configure a static MAC address in interface configuration mode or VLAN configurationmode.NoteProcedurePurposeCommand or ActionEnters conf

PurposeCommand or ActionThe seconds range is from 0 to 1000000. The default is 300seconds. Entering the value 0 disables the MAC aging. If aVLAN is no

This example shows how to display the MAC address table:switch# show mac-address-tableVLAN MAC Address Type Age Port---------+-----------------+------

CHAPTER 13Configuring IGMP SnoopingThis chapter contains the following sections:•Information About IGMP Snooping, page 135•Configuring IGMP Snooping P

CHAPTER 1New and Changed Information for this ReleaseThe following table provides an overview of the significant changes to this guide for this curren

The following figure shows an IGMP snooping switch that is located between the host and the IGMP router.The IGMP snooping switch snoops the IGMP membe

IGMPv3The IGMPv3 snooping implementation on the switch forwards IGMPv3 reports to allow the upstream multicastrouter do source-based filtering.By defa

Configuring IGMP Snooping ParametersTo manage the operation of the IGMP snooping process, you can configure the optional IGMP snoopingparameters descr

DescriptionParameterConfigures a static connection to a virtual portchannel (vPC) peer link.By default, the vPC peer-link is considered a multicastrou

PurposeCommand or ActionTracks IGMPv3 membership reports from individual hostsfor each port on a per-VLAN basis. The default is enabled onall VLANs.sw

switch(config-vlan)# ip igmp snooping fast-leaveswitch(config-vlan)# ip igmp snooping report-suppressionswitch(config-vlan)# ip igmp snooping mrouter

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)142 OL-26590-01 Configuring IGMP SnoopingVerifying IGMP Snooping

CHAPTER 14Configuring Traffic Storm ControlThis chapter contains the following sections:•Information About Traffic Storm Control, page 143•Traffic Sto

The following figure shows the broadcast traffic patterns on an Ethernet interface during a specified timeinterval. In this example, traffic storm con

•You can configure traffic storm control on a port-channel interface.•Specify the level as a percentage of the total interface bandwidth:◦The level ca

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)2 OL-26590-01 New and Changed Information for this ReleaseNew and

Verifying Traffic Storm Control ConfigurationTo display traffic storm control configuration information, perform one of these tasks:PurposeCommandDisp

INDEX802.1Q VLANs 47, 56configuring 56private VLANs 47Aaging time, configuring 132MAC table 132Bblocking state, STP 73BPDU guard 114bridge ID 64broadc

Hhost ports 38kinds of 38IICMPv2 136IEEE 802.1w 89IGMP forwarding 137MAC address 137IGMP snooping 137queries 137IGMPv1 136IGMPv3 137interface informat

private VLANs (continued)ports (continued)isolated 38promiscuous 38primary VLANs 38promiscuous trunk 41secondary VLANs 38promiscuous ports 38Rrapid PV

VLANs 27, 28, 31, 32, 33, 34, 47adding ports to 32configuring 31configuring as management SVIs 34configuring as routed SVIs 33description 27extended s

CHAPTER 2OverviewThis chapter contains the following sections:•Layer 2 Ethernet Switching Overview, page 3•VLANs, page 3•Private VLANs, page 4•Spannin

All ports, including the management port, are assigned to the default VLAN (VLAN1) when the device firstcomes up. A VLAN interface, or switched virtua

Cisco NX-OS for the Cisco Nexus 3000 Series uses the extended system ID and MAC address reduction;you cannot disable these features.NoteIn addition, C

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMME

• Root Guard—Root Guard prevents the port from becoming the root in an STP topology. Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, R

CHAPTER 3Configuring Ethernet InterfacesThis chapter contains the following sections:•Information About Ethernet Interfaces, page 7•Configuring Ethern

The interface numbering convention is extended to support use with a Cisco Nexus 2000 Series Fabric Extenderas follows:switch(config)# interface ether

The following figure shows an example of a unidirectional link condition. Device B successfully receivestraffic from Device A on the port. However, De

In these cases, the UDLD aggressive mode disables one of the ports on the link, which prevents traffic frombeing discarded.About Interface SpeedA Cisc

enabled, the interface status displays as err-disabled. Once an interface goes into the err-disabled state, youmust manually reenable it or you can co

Configuring the UDLD ModeYou can configure normal or aggressive unidirectional link detection (UDLD) modes for Ethernet interfaceson devices configure

This example shows how to disable UDLD for an Ethernet port:switch# configure terminalswitch(config)# interface ethernet 1/4switch(config-if)# udld di

switch(config)# hardware profile portmode 48x10g+4x40gWarning: This command will take effect only after saving the configuration and reload!Port confi

PurposeCommand or ActionThis command can only be applied to a physical Ethernetinterface. The speed argument can be set to one of thefollowing:•10 Mbp

CONTENTSPreface Preface xiAudience xiDocument Conventions xiRelated Documentation for Nexus 3000 Series NX-OS Software xiiObtaining Documentation

PurposeCommand or ActionDisables link negotiation on the selected Ethernetinterface (1-Gigabit port).switch(config-if)# no negotiate autoStep 3(Option

PurposeCommand or ActionUse the no form of the command to return to its defaultsetting.(Optional)Sets the transmission frequency of CDP updates in sec

Enabling the Error-Disabled DetectionYou can enable error-disable (err-disabled) detection in an application. As a result, when a cause is detectedon

Enabling the Error-Disabled RecoveryYou can specify the application to bring the interface out of the error-disabled (err-disabled) state and retrycom

ProcedurePurposeCommand or ActionEnters configuration mode.config tExample:switch#config tswitch(config)#Step 1Specifies the interval for the interfac

PurposeCommand or ActionSpecifies the description for the interface.switch(config-if)# description testStep 3This example shows how to set the interfa

PurposeCommandDisplays the detailed configuration of the specifiedinterface.switch# show interface type slot/portDisplays detailed information about t

Trunk encap. type: 802.1QChannel: yesBroadcast suppression: percentage(0-100)Flowcontrol: rx-(off/on),tx-(off/on)Rate mode: noneQOS scheduling: rx-(6q

+-----------------------------------------+-----------------+----------------+| Counter Description | Count | |+--------------------------------------

1MTU cannot be changed per-physical Ethernet interface. You modify MTU by selecting maps of QoS classes.Cisco Nexus 3000 NX-OS Layer 2 Switching Confi

Default CDP Configuration 10About the Error-Disabled State 10About Port Profiles 11Guidelines and Limitations for Port Profiles 11About the Debounce T

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)26 OL-26590-01 Configuring Ethernet InterfacesDefault Physical Et

CHAPTER 4Configuring VLANsThis chapter contains the following sections:•Information About VLANs, page 27•Configuring a VLAN, page 30Information About

the stations in the marketing department are assigned to another VLAN, and the stations in the accountingdepartment are assigned to another VLAN.Figur

Table 4: VLAN RangesUsageRangeVLANs NumbersCisco default. You can use thisVLAN, but you cannot modify ordelete it.Normal1You can create, use, modify,

When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows.However, the system retains all the VLAN-to-por

When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and thepackets are dropped.NoteProcedurePurposeCommand or A

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Enters VLAN configuration submode. If the VLAN does notexis

PurposeCommand or ActionSets the access mode of the interface to thespecified VLAN.switch(config-if)# switchport access vlanvlan-idStep 3This example

What to Do NextYou can configure routing protocols on this interface.Configuring a VLAN as a Management SVIYou can configure a VLAN to be a management

PurposeCommand or ActionSpecifies the name of the VTP domain that you wantthis device to join. The default is blank.switch(config)# vtp domaindomain-n

Configuring a VLAN as a Management SVI 34Configuring VTP 34Verifying VLAN Configuration 36CHAPTER 5 Configuring Private VLANs 37Information About Priv

VTP Traps Generation : DisabledMD5 Digest : 0xF5 0xF1 0xEC 0xE7 0x29 0x0C 0x2D 0x01Configuration last modified by 60.10.10.1 at 0-0-00 00:00:00VTP ver

CHAPTER 5Configuring Private VLANsThis chapter contains the following sections:•Information About Private VLANs, page 37•Guidelines and Limitations fo

the associated promiscuous port in its primary VLAN. Hosts on community VLANs can communicate amongthemselves and with their associated promiscuous po

• Promiscuous port—A promiscuous port belongs to the primary VLAN. The promiscuous port cancommunicate with all interfaces, including the community an

The following figure shows the traffic flows within a PVLAN, along with the types of VLANs and types ofports.Figure 4: Private VLAN Traffic FlowsThe P

For an association to be operational, the following conditions must be met:•The primary VLAN must exist and be configured as a primary VLAN.•The secon

•Configure selected interfaces connected to end stations as isolated ports to prevent any communication.For example, if the end stations are servers,

Configuring a VLAN as a Private VLANTo create a PVLAN, you first create a VLAN, and then configure that VLAN to be a PVLAN.Before You BeginEnsure that

•The secondary-vlan-list parameter can contain multiple community VLAN IDs and one isolated VLANID.•Enter a secondary-vlan-list or use the add keyword

Configuring an Interface as a Private VLAN Host PortIn PVLANs, host ports are part of the secondary VLANs, which are either community VLANs or isolate

Configuring Access and Trunk Interfaces 53Configuring a LAN Interface as an Ethernet Access Port 53Configuring Access Host Ports 54Configuring Trunk P

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Selects the port to configure as a PVLANpromiscuous port. A

Configuring Native 802.1Q VLANs on Private VLANsYou cannot perform this task because the Cisco Nexus 3000 Series device does not support Private VLANt

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)48 OL-26590-01 Configuring Private VLANsVerifying the Private VLA

CHAPTER 6Configuring Access and Trunk InterfacesThis chapter contains the following sections:•Information About Access and Trunk Interfaces, page 49•C

The following figure shows how you can use trunk ports in the network. The trunk port carries traffic for twoor more VLANs.Figure 5: Devices in a Trun

and packet belong. This method allows packets that are encapsulated for several different VLANs to traversethe same port and maintain traffic separati

Understanding the Native VLAN ID for Trunk PortsA trunk port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign

This feature is supported on all the directly connected Ethernet and EtherChannel interfaces of the CiscoNexus 3000 Series switch.You can enable the v

Configuring Access Host PortsBy using switchport host, you can make an access port a spanning-tree edge port, and enable bpdu filteringand bpdu guard

PurposeCommand or ActionSets the interface as an Ethernet trunk port. A trunk port cancarry traffic in one or more VLANs on the same physicalswitch(co

Protocol Timers 71Port Roles 71Port States 72Rapid PVST+ Port State Overview 72Blocking State 73Learning State 73Forwarding State 73Disabled State 74S

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Specifies an interface to configure, and enters interfaceco

PurposeCommand or ActionEnables dot1q (IEEE 802.1Q) tagging for all nativeVLANs on all trunked ports on the Cisco Nexus 3000Series switch. By default,

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)58 OL-26590-01 Configuring Access and Trunk InterfacesVerifying I

CHAPTER 7Configuring Switching ModesThis chapter contains the following sections:•Information About Switching Modes, page 59•Guidelines and Limitation

Because it waits to forward the frame until the entire frame has been received and checked, the switchingspeed in store-and-forward switching mode is

Default Settings for Switching ModesCut-through switching is enabled by default.Configuring Switching ModesEnabling Store-and-Forward SwitchingEnablin

PurposeCommand or Action(Optional)Saves the change persistently through reboots andrestarts by copying the running configuration to thestartup configu

CHAPTER 8Configuring Rapid PVST+This chapter contains the following sections:•Information About Rapid PVST+, page 63•Configuring Rapid PVST+, page 78•

Multiple active paths between end stations cause loops in the network. If a loop exists in the network, endstations might receive duplicate messages a

Extended System IDA 12-bit extended system ID field is part of the bridge ID.Figure 7: Bridge ID with Extended System IDThe switches always use the 12

MST Overview 89MST Regions 90MST BPDUs 90MST Configuration Information 91IST, CIST, and CST 91IST, CIST, and CST Overview 91Spanning Tree Operation Wi

•36864•40960•45056•49152•53248•57344•61440STP uses the extended system ID plus a MAC address to make the bridge ID unique for each VLAN.If another bri

Election of the Root BridgeFor each VLAN, the switch with the lowest numerical value of the bridge ID is elected as the root bridge. Ifall switches ar

Understanding Rapid PVST+Rapid PVST+ OverviewRapid PVST+ is the IEEE 802.1w (RSTP) standard implemented per VLAN. A single instance of STP runson each

duplex setting of the port. Full-duplex ports are assumed to be point-to-point ports, while half-duplex portsare assumed to be shared ports.Edge ports

Proposal and Agreement HandshakeAs shown in the following figure, switch A is connected to switch B through a point-to-point link, and all ofthe ports

Protocol TimersThe following table describes the protocol timers that affect the Rapid PVST+ performance.Table 7: Rapid PVST+ Protocol TimersDescripti

are always in the blocking state. Designated ports start in the blocking state. The port state controls the operationof the forwarding and learning pr

When the STP algorithm places a LAN port in the forwarding state, the following process occurs:•The LAN port is put into the blocking state while it w

•Forwards frames received from the attached segment.•Forwards frames switched from another port for forwarding.•Incorporates the end station location

The switch is synchronized with superior root information received on the root port if all other ports aresynchronized. An individual port on the swit

Specifying the Link Type 111Restarting the Protocol 111Verifying MST Configurations 112CHAPTER 10 Configuring STP Extensions 113About STP Extensions 1

Processing Inferior BPDU InformationAn inferior BPDU is a BPDU with root information (such as a higher switch ID or higher path cost) that isinferior

Long Path-cost Method of Port CostShort Path-cost Method of PortCostBandwidth200,00019100 Mbps20,00041 Gigabit Ethernet2,000210 Gigabit EthernetYou ca

BPDU version 0, the switch does not set the proposal flag and starts the forward-delay timer for the port. Thenew root port requires twice the forward

Changing the spanning tree mode disrupts traffic because all spanning tree instances are stopped for theprevious mode and started for the new mode.Not

PurposeCommand or ActionDo not disable spanning tree on a VLAN unless all switchesand bridges in the VLAN have spanning tree disabled. Youcannot disab

With the switch configured as the root bridge, do not manually configure the hello time, forward-delaytime, and maximum-age time using the spanning-tr

ProcedurePurposeCommand or ActionEnters configuration mode.switch# configure terminalStep 1Configures a software switch as the secondary rootbridge. T

Configuring the Rapid PVST+ Pathcost Method and Port CostOn access ports, you assign port cost by the port. On trunk ports, you assign the port cost b

Be careful when using this configuration. For most situations, we recommend that you configure theprimary root and secondary root to modify the bridge

Configuring the Rapid PVST+ Forward Delay Time for a VLANYou can configure the forward delay time per VLAN when using Rapid PVST+.ProcedurePurposeComm