cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1134
Views
0
Helpful
7
Replies

Allow vlans across Etherchannel

darrenriley5
Level 1
Level 1

I have an layer 2 etherchannel between two sites which currently allows all vlans. I'm looking to limit the vlans across the etherchannel.

My question is configure the allow vlans on the port channel and then configure the allow vlans on the trunk links which are members of the etherchannel.

or doesn't it matter?

Thanks

Darren

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Darren

Configure the physical links ie.

switch(config)# interface range ....

Reason being that you must allow the same set of vlans on all links for them to form a bundle. If a link fails and drops out of the port-channel if you haven't explicitly told it which vlans are allowed then it will default to allowing all. Then when it tries to rejoin it will not be allowed.

Jon

Jon,

Thanks, good job you mentioned that as I presume if I'd have configure each individual link then this would have broke the etherchannel?

The link is currently active and must stay that way while I configure the allow vlans.

Am I ok to add the port channel interface on to the end of the interface range?

Also I will be configuring switch A first at one side of the link then switch B at the other side soon after. Should this be OK?

Many Thanks

Darren

darrenriley5 wrote:

Jon,

Thanks, good job you mentioned that as I presume if I'd have configure each individual link then this would have broke the etherchannel?

The link is currently active and must stay that way while I configure the allow vlans.

Am I ok to add the port channel interface on to the end of the interface range?

Also I will be configuring switch A first at one side of the link then switch B at the other side soon after. Should this be OK?

Many Thanks

Darren

Darren

I was mistaken before. Apologies for the misleading information, although you seem to have worked out the correct way anyway. You should apply the command to the port-channel interface rather than the physical links. Not sure why i thought differently, memory is not as good as it used to be

I would do it out of hours as the allowed vlan range must be the same on both ends of the link.

Jon

Jon,

Sorry last question.

Just to be 100% sure is there any point in configuring the allowing vlans on the physical links too or as you say should I just do it on the port-channel interface? What if one of the links in the etherchannel were to fail?

Many Thanks

Darren

Darren

Apologies for confusing the issue, i can understand why you are not sure.

I actually remembered wrongly with my first answer. Once the port-channel is up and running you should apply config changes to the port-channel and not the individual links because if you start applying to individual links they can start dropping out.

So just apply it to the port-channel interface and you should be fine.

Jon

When you apply the VLAN changes to the port channel interface (poXX) by using 'switchport trunk allowed vlan add/remove YYY', you will see that the switch has automatically added/removed the allowed VLAN from the members of the port channel group. If you do a 'show int' on the individual interfaces it should match up to the port channel interface.

Also, you can add/remove an allowed VLAN from the port channel group on one end or the other without worrying about the port channel going down. I do this all the time. If it makes you nervous though, your best bet would be to wait until after normal hours.

jon.marshall wrote:

memory is not as good as it used to be

Funny, happens to me especially when it's close to Christmas! 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco