Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
10
Helpful
4
Replies

Configure NXOS Switch as Layer 2 or disable inter-vlan routing

Go to solution
dhau
Level 1
Level 1

‎02-10-2023 06:52 PM

I'd like to disable inter-vlan routing on NXOS switches so it would act as a Layer 2 switch and would not contribute to routing. On Catalyst switches I know the method is to run "no ip routing", set up a default-gateway and it's all done. However, I can't seem to find the equivalent command for NXOS switches.

Currently the feature I have enabled is "feature interface-vlan" since I was setting up VLANs on NXOS switches and I found that this command made configuring VLANs the same process as VLANs on Catalyst switches. I found some "mac address table" commands for NXOS switches but I'm confused by them.

One of the implementations of these NXOS switches is that they'll have multiple VLANs and mostly trunk ports for allowing VM host connections. These VM hosts will need a VLAN for vMotion or vSAN processes, and various VLANs for the production VLAN that the VM guests would need to connect to. The reason for configuring the NXOS switches as a Layer 2 devices (aka disabling inter-vlan routing) is so I can perform segmentation between the VLANs.

I've seen implementations of applying access-lists to the VLANs but that seems a bit clunky. I imagine the cleaner way would be to configure the switch as a Layer 2 switch.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christopher Hart
Cisco Employee
Cisco Employee

‎02-11-2023 07:58 AM

Hello!

There is no command on Cisco Nexus series switches running the NX-OS network operating system to outright disable routing capabilities (inter-VLAN or otherwise). Cisco Catalyst switches running the IOS-XE network operating system have the no ip routing global configuration command to do this, but NX-OS does not have an equivalent command.

However, if you do not configure any Switch Virtual Interfaces (SVIs) for any VLANs and do not configure any routed/Layer 3 ports on the switch, then the switch will functionally operate as a Layer 2 switch and will not route traffic.

The feature interface-vlan global configuration command allows you to configure SVIs. If you do not need this, then you can safely disable the feature interface-vlan global configuration command. This will not impact your ability to create new VLANs on the switch, and it will not impact the switch's ability to act as a Layer 2 switch; it only prevents you from configuring SVIs on the switch.

I hope this helps - thank you!

-Christopher

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP
VIP

‎02-11-2023 12:11 AM

 

       >.... is that they'll have multiple VLANs and mostly trunk ports for allowing VM host...
 Note that nx-os based devices (nexus) are datacenter oriented and usually not used for simple layer2 functionality , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Christopher Hart
Cisco Employee
Cisco Employee

‎02-11-2023 07:58 AM

Hello!

There is no command on Cisco Nexus series switches running the NX-OS network operating system to outright disable routing capabilities (inter-VLAN or otherwise). Cisco Catalyst switches running the IOS-XE network operating system have the no ip routing global configuration command to do this, but NX-OS does not have an equivalent command.

However, if you do not configure any Switch Virtual Interfaces (SVIs) for any VLANs and do not configure any routed/Layer 3 ports on the switch, then the switch will functionally operate as a Layer 2 switch and will not route traffic.

The feature interface-vlan global configuration command allows you to configure SVIs. If you do not need this, then you can safely disable the feature interface-vlan global configuration command. This will not impact your ability to create new VLANs on the switch, and it will not impact the switch's ability to act as a Layer 2 switch; it only prevents you from configuring SVIs on the switch.

I hope this helps - thank you!

-Christopher

Go to solution
dhau
Level 1
Level 1
In response to Christopher Hart

‎02-13-2023 01:38 PM

Hello,

I tried that and I think that resolves my issue. I read on a different thread also and my approach will be to keep "feature interface-vlan" but run "no interface vlan #" for all VLANs except for the one that I plan on using for inline band management. That allows me to have segmentation between the VLANs while still allowing SSH to individual switches for management purposes.

I know it's possible to configure the management port and use vrf etc. to have OOB management, but for compliance reasons this will be my approach for now. I may change it in the future so all VLANs are Layer 2 with no SVI and use the management port for OOB management access.

Thanks!

Davin

Go to solution
MHM Cisco World
VIP
VIP

‎02-11-2023 08:39 AM

Only not config SVI for vlan that want Nexus be l2 for it.

No need more command

If you want to config vlan for managment that ok it will not effect NSK l2.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card