×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Portchannel Adding vlan without downtime

Answered Question
Aug 15th, 2013
User Badges:

I have a port channel defined between two catalyst 2960S switches as shown below


interface Port-channel1
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate


interface GigabitEthernet1/0/47
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
channel-group 1 mode active


interface GigabitEthernet1/0/48
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
channel-group 1 mode active


a) If I add a new vlan 30 on two switches, I just need to add the vlan 30 on interface Port-channel1 right?
No need to add the vlan 30 on interfaces 47 & 48.

b) How can I add or remove vlan on port channels without affecting the port channel between the two switches? That is whenever I add or remove a vlan on portchannel port, the trunk link between the switches should not go up/down.

Correct Answer by Kevin Dorrell about 4 years 2 days ago

Just to add to what Paul says, I definitely agree that you should remove the portfast and bpduguard from the trunk links.  You have the port-channel membership in LACP active.  That means that until the LACP has been negotiated, the links will be regarded as individual.  If the switch sees BPDUs from the neighbor on the individual links before the LACP has come up, then it will error-disable the links.


Once you have done that, it will be safe to add or remove VLANs from the port-channel interface as you wish.  The individual links will inherit the VLAN set automatically.  Also, do not worry about having to do both ends of the port-channel at once ... there is no problem there.  For adding, I usually start with the upstream end first, i.e. the end nearest the root bridge.  That will go into forwarding, but the other end will not see it yet.  Then do the other switch, and the link will come up on that side in STP blocking.  Conversely, for removal, I start with the downstream end.  This minimises the amount of re-convergence.


Just one other word of advice: never put portfast on a link between two switches.  OK, it will not have any effect on a trunk (unless you are brave enough to put "portfast trunk"), but it is good practice to put portfast only at the edges of your network.


Kevin Dorrell

Luxembourg

Correct Answer by paul driver about 4 years 2 days ago

hello


I would suggest taking stp port protection off trunk links

no spanning-tree portfast

no spanning-tree bpduguard enable


res

Paul




Please don't forget to rate any posts that have been helpful.


Thanks.

Correct Answer by jawad-mukhtar about 4 years 2 days ago

from the above


if you will add vlan


interface port-channel 1


switchport trunk allowed vlan add 20



It nothing will be effected in that case



but if u will add vlan on interface which are used by port channels

show run interface gi5/3


switchport


switchport trunk encapsulation dot1q


switchport trunk allowed vlan 10-19


switchport mode trunk


no ip address


channel-group 1 mode on



then you interface will be effected.



you can verify this scenirio in GNS or Packet tracer.




Jawad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
jawad-mukhtar Thu, 08/15/2013 - 22:00
User Badges:
  • Silver, 250 points or more

Adding a VLAN to an Etherchannel


How many times have you heard that someone added a VLAN to a phyiscal  layer2 interface instead of the logical layer2 port-channel and  subsequently brought the etherchannel down.  If your lucky you might get  away with it.  I’ve seen engineers take down entire data centers as  well as call centers by issuing this command on the wrong interface.


For those of you who havent made this mistake, here is how to avoid it:-


Task: add vlan 20 to etherchannel 1.


The right way


conf t


interface port-channel 1


switchport trunk allowed vlan add 20


end


The wrong way


Do not add the VLAN to a port which is a member of the etherchannel.


ie


The command below will show the ports which are members of the etherchannel.


show etherchannel 1 summary


!


!


text removed


!


group     port-channel     protocol    ports


————————————–


1            po1(SU)              -               Gi5/3(P)    Gi5/4(P)


If you then look at the physical port, you can see it is a member of port-channel 1.


show run interface gi5/3


switchport


switchport trunk encapsulation dot1q


switchport trunk allowed vlan 10-19


switchport mode trunk


no ip address


channel-group 1 mode on


The last line ie channel-group 1 mode on indicates that this port is  part of etherchannel 1.  If you try to add a VLAN to the etherchannel by  adding the VLAN to the physical port, this port will be removed from  the etherchannel and this will cause spanning tree to throw a wobbly.



Jawad

avilt Thu, 08/15/2013 - 22:45
User Badges:

Thank You Jawad,


You have only answered my first question, what about adding a vlan on logical interface, will it cause the etherchannel to go down since I can not add a vlan on both switches at a time.

Correct Answer
jawad-mukhtar Thu, 08/15/2013 - 23:26
User Badges:
  • Silver, 250 points or more

from the above


if you will add vlan


interface port-channel 1


switchport trunk allowed vlan add 20



It nothing will be effected in that case



but if u will add vlan on interface which are used by port channels

show run interface gi5/3


switchport


switchport trunk encapsulation dot1q


switchport trunk allowed vlan 10-19


switchport mode trunk


no ip address


channel-group 1 mode on



then you interface will be effected.



you can verify this scenirio in GNS or Packet tracer.




Jawad

Correct Answer
paul driver Fri, 08/16/2013 - 00:06
User Badges:
  • Green, 3000 points or more

hello


I would suggest taking stp port protection off trunk links

no spanning-tree portfast

no spanning-tree bpduguard enable


res

Paul




Please don't forget to rate any posts that have been helpful.


Thanks.

Correct Answer
Kevin Dorrell Fri, 08/16/2013 - 00:21
User Badges:
  • Green, 3000 points or more

Just to add to what Paul says, I definitely agree that you should remove the portfast and bpduguard from the trunk links.  You have the port-channel membership in LACP active.  That means that until the LACP has been negotiated, the links will be regarded as individual.  If the switch sees BPDUs from the neighbor on the individual links before the LACP has come up, then it will error-disable the links.


Once you have done that, it will be safe to add or remove VLANs from the port-channel interface as you wish.  The individual links will inherit the VLAN set automatically.  Also, do not worry about having to do both ends of the port-channel at once ... there is no problem there.  For adding, I usually start with the upstream end first, i.e. the end nearest the root bridge.  That will go into forwarding, but the other end will not see it yet.  Then do the other switch, and the link will come up on that side in STP blocking.  Conversely, for removal, I start with the downstream end.  This minimises the amount of re-convergence.


Just one other word of advice: never put portfast on a link between two switches.  OK, it will not have any effect on a trunk (unless you are brave enough to put "portfast trunk"), but it is good practice to put portfast only at the edges of your network.


Kevin Dorrell

Luxembourg

Actions

This Discussion