Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Portchannel Adding vlan without downtime

I have a port channel defined between two catalyst 2960S switches as shown below


interface Port-channel1
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate


interface GigabitEthernet1/0/47
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
channel-group 1 mode active


interface GigabitEthernet1/0/48
switchport trunk allowed vlan 10,20
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
channel-group 1 mode active

a) If I add a new vlan 30 on two switches, I just need to add the vlan 30 on interface Port-channel1 right?
No need to add the vlan 30 on interfaces 47 & 48.

b) How can I add or remove vlan on port channels without affecting the port channel between the two switches? That is whenever I add or remove a vlan on portchannel port, the trunk link between the switches should not go up/down.

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Portchannel Adding vlan without downtime

from the above

if you will add vlan

interface port-channel 1

switchport trunk allowed vlan add 20

It nothing will be effected in that case

but if u will add vlan on interface which are used by port channels

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

then you interface will be effected.

you can verify this scenirio in GNS or Packet tracer.

Jawad

Jawad
VIP Purple

Re: Portchannel Adding vlan without downtime

hello

I would suggest taking stp port protection off trunk links

no spanning-tree portfast

no spanning-tree bpduguard enable

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.

Re: Portchannel Adding vlan without downtime

Just to add to what Paul says, I definitely agree that you should remove the portfast and bpduguard from the trunk links.  You have the port-channel membership in LACP active.  That means that until the LACP has been negotiated, the links will be regarded as individual.  If the switch sees BPDUs from the neighbor on the individual links before the LACP has come up, then it will error-disable the links.

Once you have done that, it will be safe to add or remove VLANs from the port-channel interface as you wish.  The individual links will inherit the VLAN set automatically.  Also, do not worry about having to do both ends of the port-channel at once ... there is no problem there.  For adding, I usually start with the upstream end first, i.e. the end nearest the root bridge.  That will go into forwarding, but the other end will not see it yet.  Then do the other switch, and the link will come up on that side in STP blocking.  Conversely, for removal, I start with the downstream end.  This minimises the amount of re-convergence.

Just one other word of advice: never put portfast on a link between two switches.  OK, it will not have any effect on a trunk (unless you are brave enough to put "portfast trunk"), but it is good practice to put portfast only at the edges of your network.

Kevin Dorrell

Luxembourg

5 REPLIES

Portchannel Adding vlan without downtime

Adding a VLAN to an Etherchannel

How many times have you heard that someone added a VLAN to a phyiscal  layer2 interface instead of the logical layer2 port-channel and  subsequently brought the etherchannel down.  If your lucky you might get  away with it.  I’ve seen engineers take down entire data centers as  well as call centers by issuing this command on the wrong interface.

For those of you who havent made this mistake, here is how to avoid it:-

Task: add vlan 20 to etherchannel 1.

The right way

conf t

interface port-channel 1

switchport trunk allowed vlan add 20

end

The wrong way

Do not add the VLAN to a port which is a member of the etherchannel.

ie

The command below will show the ports which are members of the etherchannel.

show etherchannel 1 summary

!

!

text removed

!

group     port-channel     protocol    ports

————————————–

1            po1(SU)              -               Gi5/3(P)    Gi5/4(P)

If you then look at the physical port, you can see it is a member of port-channel 1.

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

The last line ie channel-group 1 mode on indicates that this port is  part of etherchannel 1.  If you try to add a VLAN to the etherchannel by  adding the VLAN to the physical port, this port will be removed from  the etherchannel and this will cause spanning tree to throw a wobbly.

Jawad

Jawad
Community Member

Re: Portchannel Adding vlan without downtime

Thank You Jawad,

You have only answered my first question, what about adding a vlan on logical interface, will it cause the etherchannel to go down since I can not add a vlan on both switches at a time.

Re: Portchannel Adding vlan without downtime

from the above

if you will add vlan

interface port-channel 1

switchport trunk allowed vlan add 20

It nothing will be effected in that case

but if u will add vlan on interface which are used by port channels

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

then you interface will be effected.

you can verify this scenirio in GNS or Packet tracer.

Jawad

Jawad
VIP Purple

Re: Portchannel Adding vlan without downtime

hello

I would suggest taking stp port protection off trunk links

no spanning-tree portfast

no spanning-tree bpduguard enable

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.

Re: Portchannel Adding vlan without downtime

Just to add to what Paul says, I definitely agree that you should remove the portfast and bpduguard from the trunk links.  You have the port-channel membership in LACP active.  That means that until the LACP has been negotiated, the links will be regarded as individual.  If the switch sees BPDUs from the neighbor on the individual links before the LACP has come up, then it will error-disable the links.

Once you have done that, it will be safe to add or remove VLANs from the port-channel interface as you wish.  The individual links will inherit the VLAN set automatically.  Also, do not worry about having to do both ends of the port-channel at once ... there is no problem there.  For adding, I usually start with the upstream end first, i.e. the end nearest the root bridge.  That will go into forwarding, but the other end will not see it yet.  Then do the other switch, and the link will come up on that side in STP blocking.  Conversely, for removal, I start with the downstream end.  This minimises the amount of re-convergence.

Just one other word of advice: never put portfast on a link between two switches.  OK, it will not have any effect on a trunk (unless you are brave enough to put "portfast trunk"), but it is good practice to put portfast only at the edges of your network.

Kevin Dorrell

Luxembourg

6053
Views
30
Helpful
5
Replies
CreatePlease to create content