Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4596
Views
5
Helpful
4
Replies

Need to add allowed vlan to port-channel / vpc

Go to solution
AlexFer
Level 1
Level 1

‎10-06-2020 05:21 AM - edited ‎10-06-2020 05:22 AM

Hello experts,

my question seems to be answered by add new vlan in vpc and portchannel however, since this is my first time doing on live switch, I seek confirmation.

I required to add vlans to a trunk being a port-channel and a VPC without downtime.

Obviously, my intention is to update Port-Channel on both VPC Peers, but there may be a practical short delay during which there will be inequality. As you see below, it’s a “Type 1” VPC which means “parameters must match on both vPC Peers, otherwise vPC is not operational”.

My question: is ‘Allowed VLANs’ considered a consistency parameter or not? If not, then short delay during inequality won’t cause downtime, correct?

R's, Alex

 

hostname-7010-1# show vpc consistency-parameters vpc 200
    Legend:
        Type 1 : vPC will be suspended in case of mismatch
Name                        Type  Local Value            Peer Value            
-------------               ----  ---------------------- -----------------------
lag-id                      1     [(abcd,                [(abcd,              
                                  0-23-4-ee-be-12, 80c8, 0-23-4-ee-be-12, 80c8,
                                   0, 0), (abcd,          0, 0), (abcd,       
                                  0-23-4-ee-be-6c, 8002, 0-23-4-ee-be-6c, 8002,
                                   0, 0)]                 0, 0)]              
mode                        1     active                 active               
STP Port Type               1     Normal Port            Normal Port          
STP Port Guard              1     None                   None                 
STP MST Simulate PVST       1     Default                Default              
Native Vlan                 1     1                      1                    
Port Mode                   1     trunk                  trunk                
MTU                         1     1500                   1500                 
Duplex                      1     full                   full                  
Speed                       1     10 Gb/s                10 Gb/s              
Allowed VLANs               -     18,22,24,30,34,40,50-5 18,22,24,30,34,40,50-5
                                  3,81,85,88,90-91,100-1 3,81,85,88,90-91,100-106
:
Local suspended VLANs       -     -                      -  

hostname-7010-1# show running-config cfs
version 5.2(1)
cfs eth distribute

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to AlexFer

‎10-06-2020 11:06 PM

Correct. Your understanding is correct.

It does not matter on which peer you make changes, the vpc operational secondary will be always the one who suspend the vlan.

 

Stay safe,

Sergiu

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎10-06-2020 07:40 AM

Hi @AlexFer 

 

Technically, allowed vlans is not a type 1 inconsistency as a range, however, it is per-vlan inconsistancy. What do I mean by this is if a vlan is configured and allowed on only one side of the vpc port-channel, then the vpc operational secondary switch will bring ONLY that specific vlan in suspended state on the respective vpc-enabled port-channel.

Example (as they always clarify better the story):

! initial config:

interface port-channel119
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 20

! start config changes:

N9K-1 (vpc operational secondary)
N9K-1(config-if)# int po 119
N9K-1(config-if)# switchport trunk allowed vlan add 21

2020 Oct  6 17:37:29 N9K-1%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLAN/BDs 21 on Interface port-channel119 are being suspended. (Reason: Vlan is not configured on remote vPC interface)


! nothing changed on N9K-2 (operational primary)
! continuing with the cfg

N9K-2(config-if)# int po 119
N9K-2(config-if)# switchport trunk allowed vlan add 21

2020 Oct  6 17:37:48 N9K-1 %ETHPORT-3-IF_ERROR_VLANS_REMOVED: VLAN/BDs 21 on Interface port-channel119 are removed from suspended state

Hope it is clear and it helps. Good luck with the changes.

 

Stay safe,

Sergiu

Go to solution
AlexFer
Level 1
Level 1
In response to Sergiu.Daniluk

‎10-06-2020 03:44 PM - edited ‎10-06-2020 03:58 PM

Hi Sergiu,

from your response, I understand that only those VLANs matched by "allowed vlan" on both VPC Peers will allowed on that port-channel/vpc, and there's no impact on other VLANs on that port-channel/vpc due to "switchport trunk allowed vlan add" command - correct?

Does it matter on which VPC Peer I make the change first? (You make first change on "operational secondary" VPC Peer first.)

R's, Alex

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to AlexFer

‎10-06-2020 11:06 PM

Correct. Your understanding is correct.

It does not matter on which peer you make changes, the vpc operational secondary will be always the one who suspend the vlan.

 

Stay safe,

Sergiu

0 Helpful

Go to solution
AlexFer
Level 1
Level 1
In response to Sergiu.Daniluk

‎10-14-2020 03:36 PM

Hi Sergiu,

a subsequent question: I understand is a suspended VLAN affects that VLAN's traffic across the VPC Peer-link, but does it prevent the traffic on the actual port-channel - will that VLAN's traffic still be trunked?

R's, Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents