VLANs
VLAN Configuration
A VLAN can be configured before it is created. Not much available other than Netflow, IGMP and the service policy
N7K-1(config)# vlan configuration 900
N7K-1(config-vlan-config)# ?
ip Configure IP features
ipv6 Configure IPv6 features
service-policy Configure service policy for an interface
N7K-1(config-vlan-config)# ip ?
flow NetFlow related commands
igmp IGMP configuration commands
N7K-1(config-vlan-config)# service-policy ?
input Input Service Policy
output Output Service Policy
type Specify the type of this policy
VLAN long-name
Using the default value, VLAN names up to 32 characters are supported.
N7K-1(config)# vlan 900
N7K-1(config-vlan)# name ?
WORD The ascii name for the VLAN (Max Size 32)
N7K-1(config)# system vlan long-name
Using the long-name, VLAN names up to 132 characters is supported.
Reserved VLANs
You can change the range of the 128 reserved VLANs. The switch must be reloaded to make this change.
N7K-1(config)# system vlan 2000 reserve
Private VLANs
Host ports are either community or isolated.
Promiscuous ports can be trunk ports as well. These trunks can carry up to 16 PVLAN pairs and also can carry normal VLANs.
Primary VLAN - carries traffic from the promiscuous ports to the host ports
Isolated VLAN - Secondary VLAN that only carries traffic to the promiscuous port.
Community VLAN - Secondary VLAN that carries traffic to the promiscuous port as well as other ports in the community VLAN.
There are 7 steps to configure private VLANs on Nexus Switches. I took this for the configuration example in the L2 Switching Configuration Guide
- Enable the private VLAN feature
- The first step is to create the primary VLAN and the secondary VLANs
- Next step is associating the secondary VLANs to the primary VLAN
- The third step is setting the physical ports to either host or promiscuous
- The fourth step assigns the primary and secondary VLAN to the host port(s)
- The fifth step maps the primary VLAN to the community and isolated VLANs
- The final step create an L3 SVI
- N7K-1(config-vlan)# private-vlan primary
N7K-1(config-vlan)# vlan 30
N7K-1(config-vlan)# private-vlan community
N7K-1(config-vlan)# vlan 40
N7K-1(config-vlan)# private-vlan isolated
N7K-1(config-vlan)# vlan 20 - N7K-1(config-vlan)# private-vlan association 30,40
- N7K-1(config-if)# int e2/6
N7K-1(config-if)# switchport mode private-vlan host
N7K-1(config-if)# int e2/7
N7K-1(config-if)# switchport mode private-vlan promiscuous - N7K-1(config-if)# switchport private-vlan host-association 20 30
- N7K-1(config-if)# switchport private-vlan mapping 20 30,40
- N7K-1(config-if)# private-vlan mapping 30,40
The configuration of VTP is exactly the same in NX-OS as in IOS (right down to 'switchport trunk pruning vlan add' so I'm no going to bother documenting it. You do need to enable the feature however if you want to use it.
