vxlanVLAN Config

vn-segment [vni-id]

Maps a VLAN to a VXLAN Network Identifier (VNI) to enable VXLAN bridging and routing on Cisco Nexus switches.

Overview

The 'vn-segment' command in Cisco NX-OS is used to associate a VLAN with a VXLAN Network Identifier (VNI), which is a 24-bit segment ID that identifies a specific VXLAN overlay network. This mapping is fundamental to VXLAN bridging, where Layer 2 traffic from a VLAN is encapsulated in VXLAN packets and transported across an IP underlay network. The command is configured in VLAN configuration mode, and requires the 'feature vn-segment-vlan-based' to be enabled globally. On Nexus switches, this command is typically used in VXLAN EVPN fabrics to extend Layer 2 segments across multiple leaf switches, enabling tenant isolation and mobility. It is also used for VXLAN routing when combined with an SVI and VRF. In troubleshooting, verifying VNI mapping helps identify misconfigurations that can cause connectivity issues in the overlay.

Syntax·VLAN Config
vn-segment [vni-id]

When to Use This Command

  • Enabling VXLAN bridging for a tenant VLAN in a data center overlay network.
  • Extending Layer 2 segments across multiple leaf switches in a VXLAN EVPN fabric.
  • Integrating legacy VLAN-based networks with a VXLAN overlay.
  • Configuring VXLAN gateway functionality for inter-VXLAN routing.

Parameters

ParameterSyntaxDescription
vni-id1-16777215The VXLAN Network Identifier (VNI) to associate with the VLAN. Must be unique per VLAN and within the valid range. Typically, VNI values are chosen to match the VLAN ID or follow a numbering scheme.

Command Examples

Map VLAN 100 to VNI 10100

vlan 100 vn-segment 10100
Switch(config)# vlan 100
Switch(config-vlan)# vn-segment 10100
Switch(config-vlan)#

Enters VLAN configuration mode for VLAN 100 and maps it to VNI 10100. No output indicates success.

Verify VNI mapping

show vlan id 100
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
100  VLAN0100                          active    Eth1/1, Eth1/2

VLAN Type         Vlan-mode
---- ------------ ----------------------
100  enet         CE

Remote SPAN VLAN
---------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

VXLAN VNI: 10100

The output confirms VLAN 100 is active and shows the associated VXLAN VNI (10100) at the bottom.

Understanding the Output

The command itself produces no output on success. Verification is done via 'show vlan' or 'show vxlan' commands. In 'show vlan id <vlan>', look for 'VXLAN VNI: <vni-id>' to confirm mapping. If missing, the mapping is not applied. In 'show vxlan vni', each VNI appears with its associated VLAN and state. A healthy state shows 'Up' for the VNI. Problem values include 'Down' or missing VNI, indicating configuration or operational issues.

Configuration Scenarios

Basic VXLAN Bridging

A leaf switch needs to extend VLAN 100 to other leaf switches in the VXLAN fabric.

Topology

Leaf1 --- Spine --- Leaf2 VLAN100 on Leaf1 and Leaf2

Steps

  1. 1.Enable VXLAN and VNI features: 'feature vn-segment-vlan-based' and 'feature nv overlay'.
  2. 2.Create VLAN 100 and map to VNI 10100: 'vlan 100; vn-segment 10100'.
  3. 3.Configure NVE interface and associate VNI: 'interface nve1; member vni 10100; ingress-replication protocol bgp'.
  4. 4.Configure EVPN for VNI advertisement.
Configuration
! Global features
feature vn-segment-vlan-based
feature nv overlay
feature bgp

! VLAN to VNI mapping
vlan 100
  vn-segment 10100

! NVE interface
interface nve1
  no shutdown
  source-interface loopback0
  member vni 10100
    ingress-replication protocol bgp

! BGP EVPN configuration
router bgp 65001
  address-family l2vpn evpn
    neighbor 10.0.0.1 remote-as 65001
    neighbor 10.0.0.1 update-source loopback0
    neighbor 10.0.0.1 address-family l2vpn evpn

Verify: Use 'show vxlan vni' to see VNI 10100 state as 'Up'. Use 'show vlan id 100' to confirm VNI mapping.

Watch out: Ensure the NVE interface is configured with a source-interface that has reachability to other VTEPs.

Troubleshooting with This Command

When troubleshooting VXLAN connectivity, start by verifying the VLAN-to-VNI mapping with 'show vlan id <vlan>' and ensure 'VXLAN VNI' appears. If missing, reapply the 'vn-segment' command. Next, check 'show vxlan vni' to see if the VNI is 'Up'. If 'Down', check the NVE interface status with 'show nve interface nve1'. Common issues include: NVE interface down, source-interface not reachable, or BGP EVPN session not established. Use 'show bgp l2vpn evpn summary' to verify EVPN peers. Also, ensure the underlay IP routing is working between VTEPs. If the VNI is not learned from remote VTEPs, check 'show vxlan vni 10100 detail' for remote VTEP list.

CCNA Exam Tips

1.

Remember that vn-segment is configured under VLAN config mode, not global config.

2.

VNI range is typically 1-16777215; exam may test valid ranges.

3.

Associate vn-segment with 'feature vn-segment-vlan-based' to enable the feature.

Common Mistakes

Configuring vn-segment under interface instead of VLAN config mode.

Forgetting to enable 'feature vn-segment-vlan-based' before using the command.

Using duplicate VNI across different VLANs without proper segmentation.

Platform Notes

On Cisco NX-OS, the 'vn-segment' command is specific to Nexus 9000, 7000, and 3000 series switches running NX-OS. It differs from Cisco IOS where VXLAN configuration is done under interface or using 'vxlan vni' under VLAN config in newer IOS-XE. On Nexus, the command requires 'feature vn-segment-vlan-based' which is not present in IOS. Equivalent commands on other platforms: Juniper uses 'vni' under 'vlans', Arista uses 'vxlan vni' under 'vlan'. In NX-OS versions prior to 7.0, VXLAN configuration was different; always check the release notes.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions