VLANEXEC

show vlan brief

Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports.

Overview

The 'show vlan brief' command is a fundamental tool for any network engineer working with Cisco NX-OS on Nexus switches. It provides a concise, table-formatted summary of all VLANs configured on the switch, including their names, operational status, and the access ports assigned to each VLAN. This command is essential for verifying VLAN configuration, troubleshooting connectivity issues, and auditing the network. VLANs (Virtual Local Area Networks) logically segment a physical network into multiple broadcast domains, improving security, performance, and manageability. On NX-OS, VLANs are created in the global configuration mode and can be assigned to switch ports as access or trunk ports. The 'show vlan brief' command is typically the first step in any VLAN-related troubleshooting workflow, as it quickly reveals whether VLANs exist, are active, and have the correct port assignments. Unlike Cisco IOS, NX-OS does not support VLANs 1002-1005 as usable; they appear as 'act/unsup' for backward compatibility. This command is also useful for verifying the native VLAN on trunk ports, though trunk ports are not directly listed here. For a complete picture, combine it with 'show interface trunk' and 'show vlan id <vlan-id>'. In a typical troubleshooting scenario, if a host cannot communicate, you would run 'show vlan brief' to confirm the VLAN is active and the port is in the correct VLAN. If the VLAN is missing, you need to create it; if the port is missing, check the interface configuration. The command supports an optional VLAN ID parameter to filter output for a specific VLAN, which is helpful in large deployments.

Syntax·EXEC
show vlan brief [vlan-id]

When to Use This Command

  • Quickly verify VLAN configuration after initial setup or changes.
  • Check which ports are assigned to a specific VLAN during troubleshooting.
  • Audit VLAN usage to identify unused or misconfigured VLANs.
  • Confirm VLAN membership before implementing ACLs or routing policies.

Parameters

ParameterSyntaxDescription
vlan-id[vlan-id]Optional VLAN ID (1-4094) to display only that specific VLAN's information. If omitted, all VLANs are shown.

Command Examples

Basic VLAN Summary

show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Eth1/1, Eth1/2, Eth1/3
10   Sales                            active    Eth1/4, Eth1/5
20   Engineering                      active    Eth1/6
30   Management                       active    
100  Voice                            active    Eth1/7, Eth1/8
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup

VLAN 1 (default) is active with ports Eth1/1-3. VLAN 10 (Sales) has Eth1/4-5. VLAN 20 (Engineering) has Eth1/6. VLAN 30 (Management) has no ports. VLAN 100 (Voice) has Eth1/7-8. VLANs 1002-1005 are default reserved VLANs shown as act/unsup.

Specific VLAN Details

show vlan brief 10
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
10   Sales                            active    Eth1/4, Eth1/5

Only VLAN 10 is displayed, confirming it is active with ports Eth1/4 and Eth1/5.

Understanding the Output

The output is organized into columns: VLAN ID, Name, Status, and Ports. The VLAN ID is a number from 1 to 4094 (excluding reserved). The Name is a descriptive label (default is 'default' for VLAN 1). Status indicates whether the VLAN is active, suspended, or act/unsup (for default VLANs that cannot be deleted). Ports lists all access ports assigned to that VLAN; trunk ports are not shown unless they are in the native VLAN. A healthy VLAN shows 'active' status and has the expected ports. Problematic signs include 'suspended' status (VLAN administratively down) or missing ports (misconfiguration). Reserved VLANs (1002-1005) always show 'act/unsup' and are not usable.

Configuration Scenarios

Creating and Verifying VLANs for Departmental Segmentation

A company wants to separate Sales, Engineering, and Management traffic into different VLANs on a Nexus 9000 switch.

Topology

Nexus-9k | +-- Eth1/1-3: Access ports in VLAN 1 (default) +-- Eth1/4-5: Access ports in VLAN 10 (Sales) +-- Eth1/6: Access port in VLAN 20 (Engineering) +-- Eth1/7-8: Access ports in VLAN 100 (Voice)

Steps

  1. 1.Create VLANs 10, 20, and 100 in global config.
  2. 2.Assign access ports to respective VLANs.
  3. 3.Verify with 'show vlan brief'.
Configuration
! Create VLANs
vlan 10
  name Sales
vlan 20
  name Engineering
vlan 100
  name Voice
! Assign ports
interface ethernet 1/4-5
  switchport mode access
  switchport access vlan 10
interface ethernet 1/6
  switchport mode access
  switchport access vlan 20
interface ethernet 1/7-8
  switchport mode access
  switchport access vlan 100

Verify: Run 'show vlan brief' to confirm VLANs are active and ports are correctly assigned.

Watch out: If a VLAN is not created, 'show vlan brief' will not show it. Also, trunk ports are not listed; use 'show interface trunk' for trunk verification.

Troubleshooting with This Command

When troubleshooting VLAN-related issues on Cisco NX-OS, 'show vlan brief' is your first diagnostic command. Start by checking if the VLAN exists and is active. If a VLAN is missing, it may not have been created, or it could be suspended. A suspended VLAN (status 'suspended') is administratively down; re-enable it with 'no shutdown' in VLAN configuration mode. If the VLAN is active but the expected ports are missing, verify the interface configuration: ensure the port is in access mode and assigned to the correct VLAN. Use 'show running-config interface <interface>' to confirm. If the port is a trunk, remember that 'show vlan brief' only shows the native VLAN for trunk ports; to see all VLANs allowed on a trunk, use 'show interface trunk'. Another common issue is VLAN mismatch between switches: if a port is trunking, the native VLAN must match on both ends. Use 'show vlan brief' on both switches to compare. Also, check for VLAN pruning or allowed VLAN lists on trunk ports. If a host cannot communicate, verify that the VLAN is active on the switch and that the port is not err-disabled. 'show vlan brief' can quickly reveal if a VLAN is suspended or if ports are missing. For more granular troubleshooting, use 'show vlan id <vlan-id>' to see detailed information including MTU and private VLAN settings. In NX-OS, VLANs can also be part of a VDC (Virtual Device Context); ensure you are in the correct VDC. Finally, if you see 'act/unsup' for VLANs 1002-1005, ignore them; they are reserved and not used.

CCNA Exam Tips

1.

Remember that 'show vlan brief' does not display trunk ports; use 'show interface trunk' for trunk details.

2.

On NX-OS, VLAN 1 cannot be deleted but can be suspended; know the difference between 'active' and 'suspended'.

3.

Be aware that reserved VLANs (1002-1005) appear but are not usable; they are for legacy compatibility.

Common Mistakes

Assuming all ports are listed; trunk ports are omitted unless they are in the native VLAN.

Confusing 'act/unsup' status with a problem; it is normal for reserved VLANs.

Forgetting that VLANs must be created before assigning ports; 'show vlan brief' will not show uncreated VLANs.

Platform Notes

On Cisco NX-OS (Nexus), 'show vlan brief' behaves similarly to Cisco IOS but with some differences. NX-OS does not support VLANs 1002-1005 as usable; they appear as 'act/unsup' for backward compatibility and cannot be deleted. In IOS, these VLANs are also present but can be deleted. NX-OS uses the 'vlan' command in global config to create VLANs, while IOS uses 'vlan database' in older versions. The output format is nearly identical, but NX-OS may show additional fields like 'Type' in some versions. On Nexus, the command supports the optional VLAN ID parameter, which is also available in IOS. For equivalent commands on other platforms: on Arista EOS, use 'show vlan' or 'show vlan brief'; on Juniper Junos, use 'show vlans' or 'show ethernet-switching table'; on HP ProVision, use 'show vlan'. In NX-OS, the command is available in EXEC mode and does not require privilege escalation. Note that in a VDC environment, the command shows VLANs only within the current VDC. Also, NX-OS supports 'show vlan brief' with a pipe to 'grep' for filtering, e.g., 'show vlan brief | include active'.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions