nx-os 5.1 Layer 2 vlan (not vlan1). L2 Vlan Interface is shutdown, vlan passing traffic

dmooreami · ‎09-14-2012

I understand the vlans on the catalyst side of the house on 2900 to 6500 Catalyst switches.

This 7010 running nx-os 5.1(3) I did not setup, but have to manage it. Hasn't really been a proble till now.

My nexus 7010 has a Layer 2 only vlan 11. It is "Active" but the interface is "shutdown". Yet, it is passing traffic across the directly connected ports on the nexus 7010 and to other switches in my network. Vlan 11 is being set out via VTP to all my switches and things are running fine.

I need to create another L2 only Vlan. I can't seem to find any docs that indicate that a Layer2 vlan Interface on nx-os should be in "shutdown" mode as part of the setup. I do see in the docs where it has to be set "Active" as part of the process.

Is this the correct way to seutp a L2 only vlan on nex-os? Leave the interface in "shutdown" but make it "Active"?

Mystery Vlan 4 and 6

The mystery deepens. I have other L2 vlans ,Vlan4&6 that are NOT defined as "Interface Vlan4" in the nexus config, yet it is applied to GigE ports on the nexus and these Vlans 4/6is also being sent out VTP to all switches. Even weirder is that these vlans have names associated with the numbers. These are valid Vlans that were configured on the old 6509 before the Nexus was installed.

I have checked all switches, NONE are running in Server mode for VTP, all are in CLIENT. The nexus 7010 is the only device running in VTP Server mode.

More Info and some thoughts

I see that in 5.1(3) you can configure the vlan before creating the VLAN. Perhaps that what is the case is here. During the nexus install there were some switches runnning in VTP server mode.

Perhaps my descriptions for the vlans in other switches vlan.dat files got updated into the nexus 7010's.

As for the "Interface VLAN XX", is the main function of this just to pull statistics (netflow,snmp), monitor, or to be used to "kill" all vlan traffic via the "passive" command if needed?

I would like to standardize the 7010 so each L2 vlan has an "Interface Vlan X" in the config just to maintain consistency. Will doing this for Vlan 4 & 6 "kill" these vlans from passing traffic as the commands are applied? Humm, I think I am getting to indepth for someone here to answer these "what if's" and a TAC ticket might be in order. I can't "test" my theories since its a production switch

Still, looking for any insight into this from the forum.

Thanks

phiharri · ‎09-17-2012

Greetings,

'interface Vlan' config lines define a Switched Virtual Interface / SVI which are primarily configured to allow routing between VLANs. The configuration of the Layer 2 VLAN depends on your VTP mode, but if local configuration is present looks like 'vlan '.

VLAN interfaces / SVIs are not required if you only need to pass traffic at Layer 2 on the device in question, and there is no advantage at all in creating SVIs which will always remain administratively down.

There is nothing particularly new here, Layer 2 VLAN configuration and VLAN interfaces/SVIs function the same on Nexus 7000 compared to any Layer 3 capable Catalyst switch.

Hope this helps!

/Phil

dmooreami · ‎09-17-2012

Thanks for the reply. I am going to creat the SVI's in the config anyway for the L2 Vlan's to maintain consistency. Being able to "see" every vlan in the config is helpful. Also, creating the SVI allows me to put a description on it, good for documentation.