Reason being that you must allow the same set of vlans on all links for them to form a bundle. If a link fails and drops out of the port-channel if you haven't explicitly told it which vlans are allowed then it will default to allowing all. Then when it tries to rejoin it will not be allowed.
Thanks, good job you mentioned that as I presume if I'd have configure each individual link then this would have broke the etherchannel?
The link is currently active and must stay that way while I configure the allow vlans.
Am I ok to add the port channel interface on to the end of the interface range?
Also I will be configuring switch A first at one side of the link then switch B at the other side soon after. Should this be OK?
I was mistaken before. Apologies for the misleading information, although you seem to have worked out the correct way anyway. You should apply the command to the port-channel interface rather than the physical links. Not sure why i thought differently, memory is not as good as it used to be
I would do it out of hours as the allowed vlan range must be the same on both ends of the link.
Just to be 100% sure is there any point in configuring the allowing vlans on the physical links too or as you say should I just do it on the port-channel interface? What if one of the links in the etherchannel were to fail?
Apologies for confusing the issue, i can understand why you are not sure.
I actually remembered wrongly with my first answer. Once the port-channel is up and running you should apply config changes to the port-channel and not the individual links because if you start applying to individual links they can start dropping out.
So just apply it to the port-channel interface and you should be fine.
When you apply the VLAN changes to the port channel interface (poXX) by using 'switchport trunk allowed vlan add/remove YYY', you will see that the switch has automatically added/removed the allowed VLAN from the members of the port channel group. If you do a 'show int' on the individual interfaces it should match up to the port channel interface.
Also, you can add/remove an allowed VLAN from the port channel group on one end or the other without worrying about the port channel going down. I do this all the time. If it makes you nervous though, your best bet would be to wait until after normal hours.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...