vxlanEXEC

show nve vni

Displays the operational state and configuration of Network Virtualization Edge (NVE) VNI members, including local and remote endpoints, multicast groups, and VNI state.

Overview

The 'show nve vni' command is a critical diagnostic tool for VXLAN overlay networks on Cisco Nexus switches running NX-OS. It provides a snapshot of the operational state of each VNI (Virtual Network Identifier) configured on the NVE (Network Virtualization Edge) interface. VXLAN is a network virtualization technology that uses MAC-in-UDP encapsulation to extend Layer 2 and Layer 3 networks over an IP underlay. The NVE interface is the logical interface that terminates VXLAN tunnels. Each VNI represents a unique virtual network segment, analogous to a VLAN in traditional networking.

This command is used to verify that VNIs are operational, check the associated multicast group (if any), and list remote VTEPs (VXLAN Tunnel Endpoints) that are members of the VNI. In a BGP EVPN-based VXLAN fabric, remote VTEPs are learned dynamically via EVPN routes. The command also shows traffic statistics per VNI, which helps in monitoring data plane health.

Troubleshooting workflows often start with this command when users report connectivity issues across the overlay. For example, if a host in VNI 10010 cannot reach a host in the same VNI on a remote leaf, you would check that the VNI state is Up, that the remote VTEP is listed and in Up state, and that packet counters are incrementing. If the VNI is Down, common causes include missing 'member vni' configuration under the NVE interface, incorrect multicast group assignment, or underlay routing failures. If remote VTEPs are missing, the issue likely lies in the control plane (BGP EVPN) or underlay reachability.

On Cisco NX-OS, the command supports optional parameters: a specific VNI ID to filter, 'detail' for extended information including statistics and remote VTEP list, and 'interface nve <num>' to limit output to a specific NVE interface. The output is real-time and reflects the current state; it does not require any privileged mode beyond EXEC.

Syntax·EXEC
show nve vni [vni-id] [detail] [interface nve <num>]

When to Use This Command

  • Verify VNI membership and state after configuring VXLAN overlay on Nexus switches.
  • Troubleshoot VXLAN tunnel endpoint (VTEP) reachability and multicast group issues.
  • Monitor VNI-specific counters for traffic drops or errors in a VXLAN fabric.
  • Validate that remote VTEPs are learned correctly via BGP EVPN or static configuration.

Parameters

ParameterSyntaxDescription
vni-idvni-idSpecifies a particular VNI ID (range 1-16777215) to display detailed information for that VNI only. If omitted, all VNIs are shown in summary.
detaildetailProvides extended output including local VTEP IP, list of remote VTEPs with state, and traffic statistics (packets/bytes in/out, drops).
interface nve <num>interface nve <num>Limits the display to VNIs associated with a specific NVE interface (e.g., nve1). Useful when multiple NVE interfaces exist.

Command Examples

Basic VNI summary

show nve vni
Interface VNI      Multicast-group   State   Mode   Type [BD/VRF]      Flags
--------- ------- ------------------ ------ ------ ------------------ -------
nve1      10010   239.1.1.1          Up     ARP     BD [vlan1001]      0x0
nve1      20010   239.2.2.2          Up     ARP     BD [vlan2001]      0x0
nve1      30010   239.3.3.3          Up     ARP     VRF [vrf-blue]    0x0

Each line shows an NVE interface, VNI ID, associated multicast group, operational state (Up/Down), mode (ARP or multicast), type (BD for bridge domain or VRF for L3VNI), and flags.

Detailed VNI information

show nve vni 10010 detail
Interface: nve1, VNI: 10010
   VNI State: Up
   Mode: ARP
   Type: BD
   BD: vlan1001
   Multicast-group: 239.1.1.1
   VNI Flags: 0x0
   Local VTEP IP: 10.1.1.1
   Remote VTEPs:
      10.2.2.2        State: Up
      10.3.3.3        State: Up
   Statistics:
      Packets In: 1000
      Packets Out: 2000
      Bytes In: 64000
      Bytes Out: 128000
      Drops: 0

Detailed output shows VNI state, mode, associated bridge domain or VRF, multicast group, local VTEP IP, list of remote VTEPs with their state, and traffic statistics (packets/bytes in/out, drops).

Understanding the Output

The 'show nve vni' command output is organized per VNI. The first column shows the NVE interface (e.g., nve1) and the VNI ID. The 'Multicast-group' column indicates the multicast group used for BUM traffic (if any). The 'State' column shows whether the VNI is operationally Up or Down. A Down state typically indicates a configuration issue or missing underlay reachability. The 'Mode' column shows ARP (for ARP suppression) or multicast. The 'Type' column indicates whether the VNI is associated with a Bridge Domain (BD) for L2VNI or a VRF for L3VNI. The 'Flags' column shows internal flags (usually 0x0). In the detailed output, you can see the local VTEP IP and a list of remote VTEPs with their state (Up/Down). Healthy output shows all remote VTEPs as Up. The statistics section shows packet and byte counters; increasing counters indicate traffic flow. Drops should be zero; non-zero drops may indicate MTU issues, ACL drops, or encapsulation problems. Common problems: VNI state Down due to missing 'member vni' under the NVE interface, incorrect multicast group, or underlay routing issues. Remote VTEPs not appearing or showing Down indicate BGP EVPN session problems or unreachable VTEP IPs.

Configuration Scenarios

Basic VXLAN VNI Configuration

Configuring a VNI for a bridge domain on a Nexus 9000 leaf switch in a VXLAN EVPN fabric.

Topology

Leaf1 (10.1.1.1) --- Spine --- Leaf2 (10.2.2.2) Host A (VLAN 1001) connected to Leaf1, Host B (VLAN 1001) connected to Leaf2.

Steps

  1. 1.Create a VLAN and bridge domain on both leaves.
  2. 2.Configure an NVE interface with source loopback.
  3. 3.Associate the VNI to the bridge domain under the NVE interface.
  4. 4.Enable BGP EVPN to exchange VNI routes.
Configuration
! On Leaf1
vlan 1001
  name VXLAN-1001
  exit
bridge-domain 1001
  member vlan 1001
  exit
interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.1.1.1
    suppress-arp
  exit
  exit
router bgp 65001
  address-family l2vpn evpn
    neighbor 10.0.0.2 remote-as 65001
    neighbor 10.0.0.2 update-source loopback0
    neighbor 10.0.0.2 activate
  exit

Verify: Use 'show nve vni 10010 detail' to verify VNI state is Up and remote VTEP 10.2.2.2 is listed as Up.

Watch out: Ensure the multicast group is reachable in the underlay; otherwise, BUM traffic will not be forwarded. Also, 'suppress-arp' requires ARP suppression to be enabled globally.

Troubleshooting with This Command

When troubleshooting VXLAN issues with 'show nve vni', start by checking the VNI state. If the state is Down, verify that the NVE interface is up ('show nve interface'), that the source interface (loopback) is reachable, and that the VNI is correctly configured under the NVE interface. Also check that the associated bridge domain or VRF exists and is in the correct state. If the VNI is Up but remote VTEPs are missing, examine BGP EVPN routes ('show bgp l2vpn evpn') to ensure routes are being exchanged. If remote VTEPs are present but in Down state, check IP reachability to the remote VTEP IP (ping from the source loopback). For traffic drops, look at the statistics in the detail output; non-zero drops may indicate MTU issues (VXLAN adds 50 bytes overhead) or ACL drops. Use 'show nve vni <vni-id> detail' repeatedly to see if counters increment, confirming traffic flow. If counters are not incrementing, the issue may be on the host side or in the underlay routing. In head-end replication mode, the multicast-group field may show 0.0.0.0; this is normal. Also, verify that ARP suppression is working correctly if mode is ARP; otherwise, excessive flooding may occur. Finally, check the 'Flags' field; non-zero flags can indicate specific conditions like VNI in error-disabled state.

CCNA Exam Tips

1.

Remember that VNI state must be Up for traffic to flow; Down state is a common troubleshooting starting point.

2.

Know the difference between L2VNI (type BD) and L3VNI (type VRF) and how they appear in output.

3.

Be able to identify missing remote VTEPs as a symptom of BGP EVPN route not being received.

Common Mistakes

Confusing VNI state with interface state; VNI can be Up even if NVE interface is down if not checked separately.

Assuming multicast group is always present; in head-end replication mode, multicast-group may be 0.0.0.0.

Overlooking the 'Mode' field; ARP mode requires ARP suppression configuration, else traffic may be flooded.

Platform Notes

On Cisco NX-OS (Nexus), the 'show nve vni' command is specific to the NVE feature and is not available on Cisco IOS or IOS-XE. The equivalent command on IOS-XE for VXLAN is 'show vxlan vni' or 'show nve vni' on platforms that support NVE. On Nexus, the command output includes the 'Mode' field (ARP or multicast) which is not present on all platforms. The 'detail' option provides per-VNI statistics that are useful for capacity planning. In NX-OS Release 7.0(3)I7(1) and later, the command also supports the 'interface nve' filter. Note that the VNI range is 1-16777215, but some older releases may have a lower limit. Always ensure the NX-OS version supports the VXLAN features you are using. For troubleshooting, the 'show nve vni' command is often used alongside 'show nve peers' to see all remote VTEPs across all VNIs.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions