•
IGMP runs only on the primary VLAN and uses the configuration of the primary VLAN for all secondary
VLANs.
•
Any IGMP join request in the secondary VLAN is treated as if it is received in the primary VLAN.
•
A destination SPAN port cannot be an isolated port. (However, a source SPAN port can be an isolated
port.)
•
You can configure SPAN to span both primary and secondary VLANs or, alternatively, to span either
one if you are interested only in ingress or egress traffic.
•
A MAC address learned in a secondary VLAN is placed in the shared table of the primary VLAN. When
the secondary VLAN is associated to the primary VLAN, its MAC address tables are merged into one
shared MAC table.
•
You can configure a private VLAN (PVLAN) port as a SPAN source port.
•
A PVLAN host or promiscuous port cannot be a SPAN destination port.
•
TFTP download to Cisco Nexus 9000 Series switches is not supported when the transfer is done when
you are using In-band Management, for example, VLAN SVI that is in default or custom VRF. The
TFTP transfer times out and fails. CoPP for TFTP traffic only matches the TFTP connections on the
ports and it does not match the concurrent data transfers that are on the dynamic ports. All the other
TFTP traffic after an initial connection is placed in default class and it is dropped.
Possible workarounds for the download are:
◦
Use the management port for TFTP as the management VRF does not participate in CoPP.
◦
Use FTP or another file transfer protocol to transfer the files. (It is sorted into the management
class of CoPP and it is not sorted in the default class.)
◦
Edit the CoPP policy to accommodate the TFTP traffic from the TFTP server that is to be grouped
into another CoPP class as displayed in the following example:
1
Create an ACL permitting only TFTP server address:
switch# show ip access-lists copp_udp
IP access list copp_udp
10 permit udp x.x.x.x/32 any <-- TFTP server address
2
Copy the CoPP policy and apply the ACL in the management class:
switch(config)# copp copy profile strict suffix udp-customized
switch(config)# class-map type control-plane match-any
copp-class-management-udp-customized
switch(config-cmap)# match access-group name copp_udp
3
Apply the new CoPP policy to the Cisco Nexus 9000 Series switch:
switch(config)# control-plane
switch(config-cp)# service-policy input copp-policy-strict-udp-customized
4
Verify that your applied CoPP policy contains the ACL in the management class:
switch(config-cp)# show policy-map interface control-plane | b tftp prev 10
Initial Troubleshooting VLANs Checklist
Troubleshooting a VLAN problem involves gathering information about the configuration and connectivity
of individual devices and the entire network. Begin your troubleshooting VLAN issues by checking the
following issues first:
Cisco Nexus 9000 Series NX-OS Troubleshooting Guide, Release 7.x
52
Troubleshooting VLANs
Initial Troubleshooting VLANs Checklist
To Next Page
Loading...
