Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
45869
Views
50
Helpful
5
Replies

Portchannel Adding vlan without downtime

Go to solution
avilt
Level 3
Level 3

‎08-15-2013 09:24 PM - edited ‎03-07-2019 02:57 PM

I have a port channel defined between two catalyst 2960S switches as shown below


interface Port-channel1
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate


interface GigabitEthernet1/0/47
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
channel-group 1 mode active


interface GigabitEthernet1/0/48
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
channel-group 1 mode active

a) If I add a new vlan 30 on two switches, I just need to add the vlan 30 on interface Port-channel1 right?
No need to add the vlan 30 on interfaces 47 & 48.

b) How can I add or remove vlan on port channels without affecting the port channel between the two switches? That is whenever I add or remove a vlan on portchannel port, the trunk link between the switches should not go up/down.

4 people had this problem
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
jawad-mukhtar
Level 4
Level 4
In response to avilt

‎08-15-2013 11:26 PM

from the above

if you will add vlan

interface port-channel 1

switchport trunk allowed vlan add 20

It nothing will be effected in that case

but if u will add vlan on interface which are used by port channels

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

then you interface will be effected.

you can verify this scenirio in GNS or Packet tracer.

Jawad

Jawad

View solution in original post

Go to solution
paul driver
VIP
VIP
In response to jawad-mukhtar

‎08-16-2013 12:06 AM

hello

I would suggest taking stp port protection off trunk links

no spanning-tree portfast

no spanning-tree bpduguard enable

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Go to solution
Kevin Dorrell
Level 10
Level 10
In response to paul driver

‎08-16-2013 12:21 AM

Just to add to what Paul says, I definitely agree that you should remove the portfast and bpduguard from the trunk links.  You have the port-channel membership in LACP active.  That means that until the LACP has been negotiated, the links will be regarded as individual.  If the switch sees BPDUs from the neighbor on the individual links before the LACP has come up, then it will error-disable the links.

Once you have done that, it will be safe to add or remove VLANs from the port-channel interface as you wish.  The individual links will inherit the VLAN set automatically.  Also, do not worry about having to do both ends of the port-channel at once ... there is no problem there.  For adding, I usually start with the upstream end first, i.e. the end nearest the root bridge.  That will go into forwarding, but the other end will not see it yet.  Then do the other switch, and the link will come up on that side in STP blocking.  Conversely, for removal, I start with the downstream end.  This minimises the amount of re-convergence.

Just one other word of advice: never put portfast on a link between two switches.  OK, it will not have any effect on a trunk (unless you are brave enough to put "portfast trunk"), but it is good practice to put portfast only at the edges of your network.

Kevin Dorrell

Luxembourg

View solution in original post

5 Replies 5

Go to solution
jawad-mukhtar
Level 4
Level 4

‎08-15-2013 10:00 PM

Adding a VLAN to an Etherchannel

How many times have you heard that someone added a VLAN to a phyiscal  layer2 interface instead of the logical layer2 port-channel and  subsequently brought the etherchannel down.  If your lucky you might get  away with it.  I’ve seen engineers take down entire data centers as  well as call centers by issuing this command on the wrong interface.

For those of you who havent made this mistake, here is how to avoid it:-

Task: add vlan 20 to etherchannel 1.

The right way

conf t

interface port-channel 1

switchport trunk allowed vlan add 20

end

The wrong way

Do not add the VLAN to a port which is a member of the etherchannel.

ie

The command below will show the ports which are members of the etherchannel.

show etherchannel 1 summary

!

!

text removed

!

group     port-channel     protocol    ports

————————————–

1            po1(SU)              -               Gi5/3(P)    Gi5/4(P)

If you then look at the physical port, you can see it is a member of port-channel 1.

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

The last line ie channel-group 1 mode on indicates that this port is  part of etherchannel 1.  If you try to add a VLAN to the etherchannel by  adding the VLAN to the physical port, this port will be removed from  the etherchannel and this will cause spanning tree to throw a wobbly.

Jawad

Jawad

Go to solution
avilt
Level 3
Level 3
In response to jawad-mukhtar

‎08-15-2013 10:45 PM

Thank You Jawad,

You have only answered my first question, what about adding a vlan on logical interface, will it cause the etherchannel to go down since I can not add a vlan on both switches at a time.

0 Helpful

Go to solution
jawad-mukhtar
Level 4
Level 4
In response to avilt

‎08-15-2013 11:26 PM

from the above

if you will add vlan

interface port-channel 1

switchport trunk allowed vlan add 20

It nothing will be effected in that case

but if u will add vlan on interface which are used by port channels

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

then you interface will be effected.

you can verify this scenirio in GNS or Packet tracer.

Jawad

Jawad

Go to solution
paul driver
VIP
VIP
In response to jawad-mukhtar

‎08-16-2013 12:06 AM

hello

I would suggest taking stp port protection off trunk links

no spanning-tree portfast

no spanning-tree bpduguard enable

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Kevin Dorrell
Level 10
Level 10
In response to paul driver

‎08-16-2013 12:21 AM

Just to add to what Paul says, I definitely agree that you should remove the portfast and bpduguard from the trunk links.  You have the port-channel membership in LACP active.  That means that until the LACP has been negotiated, the links will be regarded as individual.  If the switch sees BPDUs from the neighbor on the individual links before the LACP has come up, then it will error-disable the links.

Once you have done that, it will be safe to add or remove VLANs from the port-channel interface as you wish.  The individual links will inherit the VLAN set automatically.  Also, do not worry about having to do both ends of the port-channel at once ... there is no problem there.  For adding, I usually start with the upstream end first, i.e. the end nearest the root bridge.  That will go into forwarding, but the other end will not see it yet.  Then do the other switch, and the link will come up on that side in STP blocking.  Conversely, for removal, I start with the downstream end.  This minimises the amount of re-convergence.

Just one other word of advice: never put portfast on a link between two switches.  OK, it will not have any effect on a trunk (unless you are brave enough to put "portfast trunk"), but it is good practice to put portfast only at the edges of your network.

Kevin Dorrell

Luxembourg

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card