show vlan
Displays VLAN information including VLAN IDs, names, status, and ports assigned to each VLAN.
Overview
The 'show vlan' command is a fundamental troubleshooting and verification tool on Cisco Nexus switches running NX-OS. It displays the VLAN database, including VLAN IDs, names, operational status, and the access ports assigned to each VLAN. VLANs (Virtual Local Area Networks) logically segment a physical network into multiple broadcast domains, improving security and reducing unnecessary traffic. On NX-OS, VLANs are created in the global configuration mode using 'vlan <vlan-id>' and then named optionally. The 'show vlan' command is used to verify that VLANs are correctly configured and active. It is particularly useful when troubleshooting connectivity issues: if a host cannot communicate with others in the same VLAN, checking 'show vlan' can confirm that the VLAN exists and that the interface is in the correct VLAN. Unlike Cisco IOS, NX-OS does not support VTP (VLAN Trunking Protocol); each switch must have VLANs configured locally. The command output also includes default VLANs (1002-1005) for FDDI and Token Ring, which are not used in modern Ethernet networks. In a troubleshooting workflow, after configuring VLANs and assigning interfaces, use 'show vlan' to validate the setup. If an interface is missing from the expected VLAN, check if it is in trunk mode (use 'show interface trunk') or if the VLAN is suspended. The command also supports filtering by VLAN ID or name for focused analysis. Overall, 'show vlan' is a quick and essential command for any network engineer working with Nexus switches.
show vlan [brief | id <vlan-id> | name <vlan-name> | summary | dot1q-tag | private-vlan | access-map | filter <access-map>]When to Use This Command
- Verify VLAN creation and assignment after configuring VLANs on a Nexus switch.
- Troubleshoot connectivity issues by checking if an interface is in the correct VLAN.
- Audit VLAN configurations for security compliance (e.g., unused VLANs).
- Check VLAN status (active vs. suspended) before making changes.
Parameters
| Parameter | Syntax | Description |
|---|---|---|
| brief | brief | Displays a condensed output showing only VLAN ID, name, and status without ports. Useful for a quick overview. |
| id | id <vlan-id> | Displays information for a specific VLAN ID. The VLAN ID must be between 1 and 4094. Use to focus on a single VLAN. |
| name | name <vlan-name> | Displays information for VLANs matching the specified name. The name is case-sensitive. Useful when VLAN names are known. |
| summary | summary | Displays a summary count of existing, configured, active, suspended, and VTP-learned VLANs. Note that VTP is not supported on NX-OS. |
| dot1q-tag | dot1q-tag | Displays the dot1q tag information for VLANs. Used in specific scenarios involving double tagging. |
| private-vlan | private-vlan | Displays private VLAN configuration. Requires that private VLANs are configured. |
| access-map | access-map | Displays VLAN access-map configuration. Used for VLAN-based access control. |
| filter | filter <access-map> | Displays VLANs that match the specified access-map. Used to filter output based on access-map criteria. |
Command Examples
Display all VLANs
show vlanVLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Eth1/1, Eth1/2, Eth1/3 10 Sales active Eth1/4, Eth1/5 20 Engineering active Eth1/6 100 Guest active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type ---- ----- 1 enet 10 enet 20 enet 100 enet 1002 fddi 1003 tr 1004 fdnet 1005 trnet Remote SPAN VLANs ----------------- Primary Secondary Type Ports ------- --------- ---------------- ---------------------------------------
The output lists all VLANs with their ID, name, status, and assigned ports. VLANs 1, 10, 20, and 100 are active; VLAN 100 has no ports. The second table shows VLAN type (enet for Ethernet). The last section is for Remote SPAN VLANs (none here).
Display a specific VLAN
show vlan id 10VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 10 Sales active Eth1/4, Eth1/5 VLAN Type ---- ----- 10 enet Remote SPAN VLANs ----------------- Primary Secondary Type Ports ------- --------- ---------------- ---------------------------------------
Shows only VLAN 10 details. Useful for focusing on a single VLAN.
Display VLAN summary
show vlan summaryNumber of existing VLANs : 5 Number of VLANs configured : 4 Number of VLANs active : 4 Number of VLANs suspended : 0 Number of VLANs in VTP : 0
Provides a count of VLANs. 'Existing' includes default VLANs; 'configured' are user-created; 'active' are operational; 'suspended' are disabled; 'in VTP' indicates VTP-learned VLANs (NX-OS does not support VTP).
Understanding the Output
The 'show vlan' output is divided into sections. The main table lists each VLAN with its ID, name, status, and ports. The 'Status' column shows 'active' for operational VLANs, 'suspended' if administratively down, or 'act/unsup' for default VLANs that are active but unsupported. The 'Ports' column lists interfaces in access mode assigned to that VLAN; trunk ports are not shown here. The second table indicates the VLAN type (typically 'enet' for Ethernet). The 'Remote SPAN VLANs' section shows any VLANs configured for remote SPAN (encapsulated traffic). For troubleshooting, check that the expected VLAN is present and active, and that the correct ports are listed. Missing ports may indicate the interface is in trunk mode or not assigned. Suspended VLANs will not pass traffic. The summary output is useful for a quick count of VLANs and to detect any suspended VLANs.
Configuration Scenarios
Creating VLANs and Assigning Access Ports
You need to create VLAN 10 (Sales) and VLAN 20 (Engineering) on a Nexus switch and assign interfaces Ethernet1/4 and 1/5 to VLAN 10, and Ethernet1/6 to VLAN 20.
Topology
Nexus-1
|
+-- Eth1/4 (PC1)
+-- Eth1/5 (PC2)
+-- Eth1/6 (PC3)Steps
- 1.Enter configuration mode: configure terminal
- 2.Create VLAN 10 and name it Sales: vlan 10; name Sales
- 3.Create VLAN 20 and name it Engineering: vlan 20; name Engineering
- 4.Exit VLAN configuration: exit
- 5.Assign interface Eth1/4 to VLAN 10: interface ethernet 1/4; switchport mode access; switchport access vlan 10
- 6.Assign interface Eth1/5 to VLAN 10: interface ethernet 1/5; switchport mode access; switchport access vlan 10
- 7.Assign interface Eth1/6 to VLAN 20: interface ethernet 1/6; switchport mode access; switchport access vlan 20
- 8.Exit configuration: end
! Configuring VLANs and access ports vlan 10 name Sales vlan 20 name Engineering interface ethernet 1/4 switchport mode access switchport access vlan 10 interface ethernet 1/5 switchport mode access switchport access vlan 10 interface ethernet 1/6 switchport mode access switchport access vlan 20
Verify: Use 'show vlan' to verify that VLANs 10 and 20 are active and that the correct ports are listed under each VLAN.
Watch out: If the interface is in trunk mode, 'show vlan' will not display it. Use 'show interface trunk' to verify trunk ports.
Troubleshooting with This Command
When troubleshooting VLAN-related issues on Cisco NX-OS, the 'show vlan' command is your first step. Start by checking if the VLAN exists and is active. If a VLAN is missing, it may not have been created or may have been deleted. Use 'show vlan summary' to quickly see the number of active VLANs. If a VLAN is suspended, it will not forward traffic; check for administrative shutdown or configuration errors. Next, verify that the interface is in the correct VLAN. If an interface is not listed under the expected VLAN, it may be in trunk mode (use 'show interface trunk') or not configured as an access port. For trunk ports, use 'show interface trunk' to see allowed VLANs. Also, ensure the interface is not in an error-disabled state. If the VLAN is active and the interface is correctly assigned but hosts cannot communicate, check for VLAN ACLs or private VLAN misconfigurations. The 'show vlan' command does not show VLAN ACLs; use 'show vlan access-map' for that. Additionally, on NX-OS, VLANs are local to the switch; if you have multiple switches, ensure VLANs are created on all switches in the path. For Layer 2 issues, also check spanning-tree status with 'show spanning-tree vlan <vlan-id>'. In summary, 'show vlan' is a quick health check for VLAN configuration, but deeper troubleshooting may require additional commands.
CCNA Exam Tips
Remember that NX-OS does not support VTP; VLANs must be created locally on each switch.
Know that 'show vlan' only shows access ports; use 'show interface trunk' for trunk ports.
Be aware that VLAN 1 is the default VLAN and cannot be deleted.
Common Mistakes
Assuming 'show vlan' displays trunk ports; it only shows access ports.
Forgetting that VLANs must be created before assigning interfaces; otherwise, the interface will be in an error state.
Confusing 'suspended' status with 'active'; suspended VLANs do not forward traffic.
Platform Notes
On Cisco NX-OS, the 'show vlan' command behaves similarly to Cisco IOS but with some differences. NX-OS does not support VTP, so the 'VTP' field in the summary output will always show 0. The default VLANs 1002-1005 are displayed but are not usable for Ethernet. NX-OS also supports private VLANs, which can be viewed with 'show vlan private-vlan'. The command output on NX-OS includes a 'Remote SPAN VLANs' section, which is not present in IOS. Additionally, NX-OS allows filtering by VLAN name, which IOS does not. In terms of syntax, NX-OS uses 'show vlan' without the 'brief' keyword to show full output; 'show vlan brief' is also available. On older IOS versions, 'show vlan' might show different formatting. For Nexus 9000 series, the command is identical. When comparing to other platforms, such as Juniper Junos, the equivalent command is 'show vlans' which provides similar information but with different formatting. On Arista EOS, 'show vlan' is very similar to NX-OS. Overall, NX-OS 'show vlan' is a robust command for VLAN verification.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions