Step-by-Step Cisco Nexus Switch Configuration for VLANs and Trunk Links

Configuring Cisco Nexus Switches VLANs and Trunk Ports

Cisco Nexus switches are among the most widely used switches inside modern data centers. They run Cisco NX-OS instead of traditional Cisco IOS. Although the concepts of VLANs and trunking remain similar, the syntax, architecture, operational philosophy, and modern data center practices differ significantly.

In this educational guide, we will configure:

• Trunk interfaces between Nexus switches
• VLAN creation and access port assignment
• Allowed VLAN filtering on trunk ports
• Verification commands
• Troubleshooting methodology
• Comparison with traditional Cisco IOS switches
• Modern NX-OS best practices
• Mathematical understanding of VLAN segmentation and bandwidth concepts

---

Table of Contents

• 1. Introduction to Cisco Nexus
• 2. Lab Topology
• 3. Task 1 - Configure Trunk Ports
• 4. Task 2 - Configure VLANs
• 5. Task 3 - Allow VLANs Across Trunks
• 6. Verification Commands
• 7. Nexus vs Traditional IOS Switches
• 8. Modern NX-OS Configuration
• 9. VLAN and Switching Mathematics
• 10. Troubleshooting
• 11. Best Practices
• 12. Related Articles

---

1. Introduction to Cisco Nexus

Cisco Nexus switches are designed primarily for:

• Data centers
• Cloud infrastructure
• Virtualized environments
• High-speed switching
• Storage networking
• Automation-driven architectures

Unlike traditional Catalyst switches, Nexus devices use NX-OS. NX-OS provides:

• High availability
• Process isolation
• Modular software design
• Data center optimized forwarding
• Automation support
• API integration

What is a VLAN?

A VLAN (Virtual Local Area Network) divides a Layer 2 network into multiple broadcast domains.

If a switch contains:

\[ N = Total\ Number\ of\ Devices \]

And devices are separated into:

\[ V = Number\ of\ VLANs \]

Then the average broadcast domain size becomes:

\[ Broadcast\ Domain\ Size = \frac{N}{V} \]

Smaller broadcast domains improve network efficiency.

---

2. Lab Topology

We have three Nexus switches:

• NX-01
• NX-02
• NX-03

Interfaces E1/1 through E1/4 will act as trunk ports.

Interfaces E1/5 through E1/6 belong to VLAN 10.

Interfaces E1/7 through E1/8 belong to VLAN 20.

Logical Design

+--------+        +--------+        +--------+
| NX-01  |--------| NX-02  |--------| NX-03  |
+--------+        +--------+        +--------+

Trunk Ports:
E1/1 - E1/4

VLAN 10:
E1/5 - E1/6

VLAN 20:
E1/7 - E1/8

---

3. Task 1 - Configure Trunk Ports

Trunk ports allow multiple VLANs to travel across a single physical link.

Understanding Trunking

Without trunking:

• Each VLAN requires a separate cable
• Scalability becomes impossible
• Cabling complexity increases dramatically

With trunking:

• Multiple VLANs share one interface
• 802.1Q tagging identifies VLAN membership
• Efficient bandwidth usage is achieved

802.1Q Frame Tagging

Ethernet Frame Size:

\[ Ethernet\ Frame = Header + Payload + Trailer \]

802.1Q inserts an additional 4-byte VLAN tag:

\[ Modified\ Frame = Original\ Frame + 4\ Bytes \]

This tag identifies VLAN membership.

---

Configuration Example

Below is the NX-OS configuration syntax.

configure terminal

interface ethernet1/1-4
 switchport
 switchport mode trunk
 no shutdown

end
copy running-config startup-config

CLI Output Example

Click to Expand CLI Output

NX-01(config)# interface ethernet1/1-4
NX-01(config-if-range)# switchport
NX-01(config-if-range)# switchport mode trunk
NX-01(config-if-range)# no shutdown
NX-01(config-if-range)# end
NX-01#

Apply on All Switches

Apply the same configuration on:

• NX-01
• NX-02
• NX-03

---

4. Task 2 - Configure VLANs

Now we will create VLANs and assign interfaces.

Why VLANs Matter

VLANs provide:

• Security segmentation
• Broadcast control
• Performance optimization
• Logical grouping
• Simplified management

VLAN 10

Interfaces:

• E1/5
• E1/6

VLAN 20

Interfaces:

• E1/7
• E1/8

---

Configuration Example

configure terminal

vlan 10
 name USERS_VLAN10

vlan 20
 name SERVERS_VLAN20

interface ethernet1/5-6
 switchport
 switchport mode access
 switchport access vlan 10
 no shutdown

interface ethernet1/7-8
 switchport
 switchport mode access
 switchport access vlan 20
 no shutdown

end
copy running-config startup-config

CLI Output Example

Click to Expand VLAN CLI Output

NX-01(config)# vlan 10
NX-01(config-vlan)# name USERS_VLAN10

NX-01(config)# vlan 20
NX-01(config-vlan)# name SERVERS_VLAN20

NX-01(config)# interface ethernet1/5-6
NX-01(config-if-range)# switchport mode access
NX-01(config-if-range)# switchport access vlan 10

NX-01(config)# interface ethernet1/7-8
NX-01(config-if-range)# switchport mode access
NX-01(config-if-range)# switchport access vlan 20

---

5. Task 3 - Allow VLANs Across Trunks

By default, many switches allow all VLANs across trunk links. However, best practice is to explicitly permit only required VLANs.

Why Restrict VLANs?

• Improves security
• Reduces unnecessary broadcasts
• Simplifies troubleshooting
• Limits spanning-tree scope

Configuration

configure terminal

interface ethernet1/1-4
 switchport trunk allowed vlan 10-20

end
copy running-config startup-config

CLI Verification

Click to Expand Verification

NX-01# show interface trunk

Port        Mode         Encapsulation  Status
Eth1/1      trunk        802.1q         trunking
Eth1/2      trunk        802.1q         trunking
Eth1/3      trunk        802.1q         trunking
Eth1/4      trunk        802.1q         trunking

Allowed VLANs:
10-20

---

6. Verification Commands

Check VLANs

show vlan brief

Check Trunk Interfaces

show interface trunk

Check Interface Status

show interface status

Check Running Configuration

show running-config

Check MAC Address Table

show mac address-table

---

7. Nexus vs Traditional IOS Switches

Feature	Cisco IOS	Cisco NX-OS
Operating System	IOS	NX-OS
Primary Usage	Campus Networks	Data Centers
CLI Style	Traditional	Modular
Process Isolation	Limited	Advanced
Automation	Basic	Advanced APIs
Virtualization	Limited	Strong Support

Traditional IOS Example

interface range fa0/1 - 4
 switchport mode trunk

NX-OS Example

interface ethernet1/1-4
 switchport mode trunk

Key Difference

NX-OS uses:

• ethernet1/1 syntax
• feature-based architecture
• modular services
• high availability processes

---

8. Modern NX-OS Configuration

The configuration you provided is still valid and widely used. However, modern data center networks often include:

• vPC
• VXLAN
• EVPN
• Automation frameworks
• Ansible integration
• ACI fabrics

Modern Best Practice Example

configure terminal

feature interface-vlan

vlan 10
 name USERS

vlan 20
 name SERVERS

interface ethernet1/1-4
 description TRUNK_TO_CORE
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 10,20
 spanning-tree port type network
 no shutdown

interface ethernet1/5-6
 description USER_ACCESS_PORTS
 switchport
 switchport mode access
 switchport access vlan 10
 spanning-tree port type edge
 no shutdown

interface ethernet1/7-8
 description SERVER_ACCESS_PORTS
 switchport
 switchport mode access
 switchport access vlan 20
 spanning-tree port type edge
 no shutdown

Why Modern Configuration is Better

• Descriptions improve readability
• Spanning-tree optimization reduces convergence time
• Explicit VLAN lists improve security
• Modern naming standards improve automation

---

9. VLAN and Switching Mathematics

Bandwidth Sharing

If:

\[ B = Total\ Trunk\ Bandwidth \]

And:

\[ n = Number\ of\ VLANs \]

Then average VLAN bandwidth is:

\[ Bandwidth\ per\ VLAN = \frac{B}{n} \]

For example:

\[ B = 10Gbps \]

\[ n = 2 \]

\[ Bandwidth = \frac{10}{2}=5Gbps \]

Broadcast Reduction

Suppose:

\[ 1000\ devices \]

Without VLANs:

\[ 1\ broadcast\ domain \]

With 10 VLANs:

\[ \frac{1000}{10}=100 \]

Each VLAN contains only 100 devices.

This significantly reduces broadcast traffic.

Switching Efficiency Formula

Efficiency can be estimated as:

\[ Efficiency = \frac{Useful\ Traffic}{Total\ Traffic} \]

VLAN segmentation increases useful traffic percentage.

---

10. Troubleshooting

Problem: VLAN Not Passing

Possible causes:

• VLAN not created
• VLAN not allowed on trunk
• Port shutdown
• Native VLAN mismatch

Troubleshooting Commands

show vlan brief

show interface trunk

show spanning-tree vlan 10

show mac address-table

show logging

Problem: Interface Down

Check:

show interface status

Problem: MAC Learning Failure

show mac address-table dynamic

---

11. Best Practices

• Always document interface purpose
• Use descriptions
• Restrict allowed VLANs
• Disable unused ports
• Use consistent VLAN naming
• Verify spanning-tree behavior
• Save configuration changes
• Use automation when scaling

Disable Unused Ports

interface ethernet1/20-48
 shutdown

Enable BPDU Guard

spanning-tree port type edge bpduguard default

---

Complete Final Configuration

configure terminal

vlan 10
 name USERS

vlan 20
 name SERVERS

interface ethernet1/1-4
 description TRUNK_LINKS
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 10-20
 spanning-tree port type network
 no shutdown

interface ethernet1/5-6
 description VLAN10_USERS
 switchport
 switchport mode access
 switchport access vlan 10
 spanning-tree port type edge
 no shutdown

interface ethernet1/7-8
 description VLAN20_SERVERS
 switchport
 switchport mode access
 switchport access vlan 20
 spanning-tree port type edge
 no shutdown

end

copy running-config startup-config

---

12. Related Articles

• Part 2 - Cisco Nexus Static Port-Channel Configuration
• Configuring Trunk Interfaces and VLANs
• Differences in OSPF Configuration
• Exploring CDP Configuration
• Mastering OSPF Router-ID Configuration
• Optimizing OSPF Network Types
• Policy Based Routing Configuration
• Configuring EIGRP for Simple Networks
• OSPF Adjacency Debugging

---

Key Takeaways

✔ Cisco Nexus switches use NX-OS instead of IOS.

✔ Trunk ports carry multiple VLANs using 802.1Q tagging.

✔ VLANs divide Layer 2 networks into smaller broadcast domains.

✔ Restricting VLANs on trunks improves security and performance.

✔ Modern NX-OS configurations include descriptions and spanning-tree optimizations.

✔ Verification commands are essential for troubleshooting.

---

Conclusion

In this complete Cisco Nexus switching guide, we configured trunk interfaces, VLANs, and VLAN filtering between NX-01, NX-02, and NX-03. We also explored the differences between traditional Cisco IOS and modern NX-OS architectures.

Although the provided configuration remains fully valid in real-world deployments, modern data center environments increasingly rely on automation, virtualization, and scalable fabrics like VXLAN EVPN.

Understanding these foundational VLAN and trunking concepts remains essential before progressing into advanced data center technologies.