Solved: Re: Safe way to change allowed vlans on a port-channel trunk?

grnelson · ‎11-22-2010

When changing allowed vlans on a port-channel trunk the switch issues the following message:

%EC-SP-5-CANNOT_BUNDLE2: Gi3/13 is not compatible with Po2 and will be suspended (vlan mask is different)

The interface and port-channel are then down.

It's not possible to change allowed Vlans on both ends of the port-channel simultaneously.

Is there a method that avoids the port-channel dropping?

Jon Marshall · ‎11-22-2010

Just to clarify. Are you applying the "switchport trunk allowed vlan .." command to the port-channel or the interfaces in the port-channel. You should only apply to the port-channel interfaces otherwise you will get inconsistencies.

The error you are getting, is gi3/13 on the local switch you are configuring and is it part of the etherchannel ?

Jon

View solution in original post

cadet alain · ‎11-22-2010

when you change the allowed vlan list on the port-channel it is automatically configured for the members of the port-channel but this config must be the same on both ends of the port-channel.

Regards.

Don't forget to rate helpful posts.

View solution in original post

Jon Marshall · ‎11-22-2010

grnelson wrote:

The G3/13 interface is on the local switch.

Yes, I believe I applied the "allowed vlans" statement to the port channel first, not the interface.

I thought the problem was that the far end of the port-channel did not have the same vlans in its "allowed" list.

Does that matter?

Do the characteristics of the port-channel interface automatically get copied down to the members?

You want both ends to match but it shouldn't bring the link down when you change one end first and then the other. The key is to make sure that locally the port-channel interface and the physical interfaces agree on the vlans allowed and to do this once the etherchannel is formed if you want to make changes then you must only configure the port-channel interface. Any changes to the port-channel interface are automatically propogated to the individual ports in the etherchannel.

If you made the change on an individual ports it would immediately complain because it now has a different set of allowed vlans so it would drop out of the etherchannel.

Jon

View solution in original post

Jon Marshall · ‎11-22-2010

grnelson wrote:

Sounds good.

A small clarification....

Do the characteristics of a member interface and the port-channel have to match before the port-channel first comes up?

Or will the port-channel charactistics always be copied to the members?

When you configure a L2 etherchannel the port-channel is automatically created for you (unlike L3 etherchannel where you have to create it), so it is not a case of the port-channel settings having to match. So as far as L2 goes, the relevant settings on the individual physical ports must match eg. speed/duplex/vlans etc...

So if you have the settings correct on the physical ports then the etherchannel will come up. After that you then make changes to the port-channel interface.

Jon

View solution in original post

Jon Marshall · ‎11-22-2010

grnelson wrote:

So....

You're saying that if you configure an physical interface like this...

interface GigabitEthernet3/13
description L2 trunk to chc-s45-llcr
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,85,160
switchport mode trunk
channel-group 2 mode desirable

The port-channel2 interface is automatically created with those characteristics?

From memory no i don't think it does, although i could be misremembering. What i am saying is that the physical interfaces must have the same settings.

Personally when configuring a L2 etherchannel trunk i simply had a very basic config on the physical ports and then applied things like trunk allowed etc. to the port-channel once created. So my physical interface config would look something like -

int gi3/13

switchport mode trunk

switchport truk encapsulation dot1q

channel-group 2 mode desirable

then i would go to the port-channel and add the other commands.

Jon

View solution in original post

Jon Marshall · ‎11-22-2010

Just to clarify. Are you applying the "switchport trunk allowed vlan .." command to the port-channel or the interfaces in the port-channel. You should only apply to the port-channel interfaces otherwise you will get inconsistencies.

The error you are getting, is gi3/13 on the local switch you are configuring and is it part of the etherchannel ?

Jon

grnelson · ‎11-22-2010

The G3/13 interface is on the local switch.

Yes, I believe I applied the "allowed vlans" statement to the port channel first, not the interface.

I thought the problem was that the far end of the port-channel did not have the same vlans in its "allowed" list.

Does that matter?

Do the characteristics of the port-channel interface automatically get copied down to the members?

cadet alain · ‎11-22-2010

when you change the allowed vlan list on the port-channel it is automatically configured for the members of the port-channel but this config must be the same on both ends of the port-channel.

Regards.

Don't forget to rate helpful posts.

mostaphazedan · ‎12-23-2014

if you can to support me with the below issue i had configure trunk per interface and per ether-channel and you can see the different although the allowed vlan for the both configuration the same

why the allowed and pruned vlan's are different

trunk feature activate per interface

Switch#show int trun
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 1
Fa0/5 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/4 20-30,50
Fa0/5 20-30,50

Port Vlans allowed and active in management domain
Fa0/4 20,30,50
Fa0/5 20,30,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 20,30,50
Fa0/5 20,30,50
Switch#

------------------------------------------------------------------------

trunk feature activate per ether-channel

Switch#show int trun
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 1
Fa0/5 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/4 1-1005
Fa0/5 1-1005

Port Vlans allowed and active in management domain
Fa0/4 1,20,30,40,50
Fa0/5 1,20,30,40,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,20,30,40,50
Fa0/5 none

s

Jon Marshall · ‎11-22-2010

grnelson wrote:

The G3/13 interface is on the local switch.

Yes, I believe I applied the "allowed vlans" statement to the port channel first, not the interface.

I thought the problem was that the far end of the port-channel did not have the same vlans in its "allowed" list.

Does that matter?

Do the characteristics of the port-channel interface automatically get copied down to the members?

You want both ends to match but it shouldn't bring the link down when you change one end first and then the other. The key is to make sure that locally the port-channel interface and the physical interfaces agree on the vlans allowed and to do this once the etherchannel is formed if you want to make changes then you must only configure the port-channel interface. Any changes to the port-channel interface are automatically propogated to the individual ports in the etherchannel.

If you made the change on an individual ports it would immediately complain because it now has a different set of allowed vlans so it would drop out of the etherchannel.

Jon

grnelson · ‎11-22-2010

Sounds good.

A small clarification....

Do the characteristics of a member interface and the port-channel have to match before the port-channel first comes up?

Or will the port-channel charactistics always be copied to the members?

Jon Marshall · ‎11-22-2010

grnelson wrote:

Sounds good.

A small clarification....

Do the characteristics of a member interface and the port-channel have to match before the port-channel first comes up?

Or will the port-channel charactistics always be copied to the members?

When you configure a L2 etherchannel the port-channel is automatically created for you (unlike L3 etherchannel where you have to create it), so it is not a case of the port-channel settings having to match. So as far as L2 goes, the relevant settings on the individual physical ports must match eg. speed/duplex/vlans etc...

So if you have the settings correct on the physical ports then the etherchannel will come up. After that you then make changes to the port-channel interface.

Jon

grnelson · ‎11-22-2010

So....

You're saying that if you configure an physical interface like this...

interface GigabitEthernet3/13
description L2 trunk to chc-s45-llcr
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,85,160
switchport mode trunk
channel-group 2 mode desirable

The port-channel2 interface is automatically created with those characteristics?

Jon Marshall · ‎11-22-2010

grnelson wrote:

So....

You're saying that if you configure an physical interface like this...

interface GigabitEthernet3/13
description L2 trunk to chc-s45-llcr
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,85,160
switchport mode trunk
channel-group 2 mode desirable

The port-channel2 interface is automatically created with those characteristics?

From memory no i don't think it does, although i could be misremembering. What i am saying is that the physical interfaces must have the same settings.

Personally when configuring a L2 etherchannel trunk i simply had a very basic config on the physical ports and then applied things like trunk allowed etc. to the port-channel once created. So my physical interface config would look something like -

int gi3/13

switchport mode trunk

switchport truk encapsulation dot1q

channel-group 2 mode desirable

then i would go to the port-channel and add the other commands.

Jon

grnelson · ‎11-29-2010

Your assertion that changing trunk characteristics on the port-channel copies them to the members seems to be incorrect.

At ieast it didn't work that way for me yesterday and today.

Yesterday I set up a port-channel trunk between two 6509's consisting of one interface on each switch.

I entered a minimal configuration on the physical interface: encapsulation, trunk mode.

I entered the full trunk configuration on the port-channel: including native vlan and allowed vlans.

The port-channel went into suspended status. The switch complained the native vlan was different. (default =1 on the interface, 99 on the port-channel)

I had to enter the full configuration on the interface before the port channel would come up.

Today I added another vlan to the allowed list on the port-channel.

The port-channel went into suspended status.

I had to add the additional vlan to the allowed list on the interface to get the port-channel back up.

It's impossible to change the trunk characteristics on the port-channel and interface(s) simultaneously.

If you change them on either the port-channel or a member interface the port-channel goes down.

We down-load our device's entire configuration file for each change we make.

It seems the best you can do is change both of them during a download of the config file.

The port-channel may go down briefly since it occurs early in the config file.

When the change to the interface occurs later during the config download the port-channel comes back up.

glen.grant · ‎11-29-2010

I got to believe something is not right with how its being implemented , we do this all the time , it just goes into the port channel SVI . Bring up 2 windows , one for each side of the link . On the port channel SVI just implement the command "switchport trunk alllowed vlan add X" . We have never seen an issue doing it this way and we also use negotiated port channels. Implement each side as close together as you can . Maybe you can post the port channel svi config along with whats on the interfaces you are using for the channel.

grnelson · ‎11-29-2010

Port channel and interface on switch 6509whi

===========================================

!
interface Port-channel12
description L2 trunk GCW 5E
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,37,121
switchport mode trunk
no shutdown

!
interface GigabitEthernet3/9
description L2 trunk GCW 5E
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,37,121
switchport mode trunk
channel-group 12 mode desirable
no shutdown

Port-channel and interface on switch 6509/5E

============================================

!
interface Port-channel12
description L2 trunk 6509whi
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,37,121
switchport mode trunk
no shutdown

!
interface GigabitEthernet1/2
description L2 trunk 6509whi
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 1,37,121
switchport mode trunk
channel-group 12 mode desirable
no shutdown

Since we download the entire config each time a change is made we virtually never use the "switchport trunk alllowed vlan add X" command.

glen.grant · ‎11-29-2010

If you are downloading the entire config then yes it probably will bounce something . If all you want to do is add a vlan to the trunk on the etherchannel then all that needs to be done is on each "int port-channel X" add "switchport trunk allowed vlan add X" . Not sure why you want to download the whole config if you are just adding a vlan to the trunk .