Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Strange Nexus 7000 Trunk Port Configuration Issue


We have a mixture of Catalyst and Nexus switches and want to implement a safeguard in Cisco ACS in the form of a command authorisation set which prevents users from entering the command "switchport trunk allowed vlan x" without the "add" or "remove" keywords.

I am sure many readers of this understand what happens on a live trunk link when the allowed list is accidentally changed to just the vlan which you originally intended to just add.

The only problem I have is that for some strange reason, the Nexus will NOT allow you to configure a new trunk link with the "switchport trunk allowed vlan add x" syntax. For some reason you have to first configure it with something like "switchport trunk allowed vlan 10-100" and once an initial allowed list is configured, you can then use add / remove to modify the list.

This is obviously different to the way in which Catalysts work because you can do it either way. The strange thing is, the Nexus lets you enter the command with the "add" keyword, and doesnt even complain, but the configuration is NOT updated with the vlan.

We are running NX-OS 5.2(3a) and was wondering if this is a bug / issue which has been resolved in the 6.x release.

New Member

Strange Nexus 7000 Trunk Port Configuration Issue

I have just discovered a very easy work around. You can simply follow the below script:

switchport trunk allowed vlan none

switchport trunk allowed vlan add x,x,x-x

This seems to work fine on both catalyst and nexus.

CreatePlease login to create content