Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Modifying VLANs allowed config on trunk

I will be removing and adding several VLAN's from some cisco to cisco network infrastructure links.

IOS and NX-OS equipment

I would like to overwrite the existing "switchport trunk allowed vlan" config instead of using the vlan add or vlan remove commands.  Is there any issues I may run into by overwriting?  my small lab mockup showed no ping drops.


current config "switchport trunk allowed vlan 10-20,25,30"

I would like to overwrite it with "switchport trunk allowed vlan 10,25,30-40" 

I don't want to cause any impact to the users on the vlans that are not being removed (10,25,30)

Everyone's tags (3)
Hall of Fame Super Silver

Modifying VLANs allowed config on trunk

The simple command replacement you cite will work fine and should indeed not impact current users' connections on VLANs 10, 25, and 30.

Cisco Employee

Re: Modifying VLANs allowed config on trunk


This is actually a very good question! Although I do not know the answer myself, I see you have a lab available so the test I would personally perform is debugging the STP to see if the VLANs 10, 25, and 30 are not renegotiated in STP after you modify the switchport trunk allowed vlan command. It is the STP that can cause transient connectivity outages.

Run the following debugs:

debug spanning-tree events

and then try to replace the existing switchport trunk allowed vlan command with the other. The debugs will show that the STP will be triggered for the VLANs that were newly added and possibly removed, but the debugs should not mention the VLANs 10, 25 or 30.

What kind of STP are you running, anyway?

Best regards,


New Member

Re: Modifying VLANs allowed config on trunk

Hi Peter,

I ran the following with debug spanning-tree events on the 4900m access switch


"switchport trunk allowed vlan 10-20,25,30"

overwrote it with "switchport trunk allowed vlan 10,25,30-31"

pings to vlan10's SVI HSRP VIP(N7K) were good and the only STP events i saw on the 4900m was to the vlans removed and added.


remove event for vlan11  "RSTP(11): updt roles, root port te1/1 going down"  etc

add event for vlan 31  "RSTP(31): initializing port te1/1" etc

I also ran debugs on the N5548 and saw no events until i made the same changes on its interface going to the 4900m.

which is expected as the port to the 4900m is desg

So no pings were lost and no stp events for the vlans not changing  

I feel better about making the changes..thanks!