Solved: switchport trunk allowed vlan and switchport trunk allowed vlan add

dazza007 · ‎08-06-2019

I need some clarification after a fun morning, fortunately there are not too many users this morning!

After bringing half of my network down today while adding a vlan to some trunk ports on the core I am trying to get clarification on the difference in the two lines of config.

interface TenGigabitEthernet2/4
description ***TRUNK LINK***
switchport trunk allowed vlan 51,90,100-110,115,301-312,322,410,510-512,598
switchport trunk allowed vlan add 599,700,710-713,911,912
switchport mode trunk

What is the difference in switchport trunk allowed vlan and switchport trunk allowed vlan add

In order to add a vlan I issued the 1st line command with the added vlan this erased the second line of the config on the port, why would this happen? The switch is a 4900M

Many Thanks

Darren

Giuseppe Larosa · ‎08-06-2019

Hello dazza007,

after a trunk is operational we should use only

switchport trunk allowed vlan add xx

or

switchport trunk allowed vlan remove yy

to modify the list of allowed vlans on the trunk.

I think tahat the CLI parser should be modified to print a warning when using switchport trunk allowed vlan on a trunk already operational.

Because, it is very common to forget the add keyword in the command almost everyone has made this error.

Hope to help

Giuseppe

View solution in original post

paul driver · ‎08-06-2019

Hello

@dazza007 wrote:

What is the difference in switchport trunk allowed vlan and switchport trunk allowed vlan add

Allowed vlan xx = only allows the vlan(s) you specify it will remove any other vlans already being allowed on the trunk if those are also not specified

Allowed vlan add xx = will append vlans to the other vlans already being allowed to cross the trunk

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

dazza007 · ‎08-06-2019

Thank you for you time to help me!

when submitting the command switchport trunk allowed vlan add xx should this not add the vlan to the switchport trunk allowed vlan 1st line on the list I guess by submitting switchport trunk allowed vlan xx, xx,etc this would by default erase the second line of config, as I have seen this morning

paul driver · ‎08-06-2019

Hello

@dazza007 wrote:

when submitting the command switchport trunk allowed vlan add xx should this not add the vlan to the switchport trunk allowed vlan 1st line on the list I guess by submitting switchport trunk allowed vlan xx, xx,etc this would by default erase the second line of config, as I have seen this morning

Yes that is correct submitting switchport allowed vlan xx will overwrite whatever is being allowed prior to that statement being submitted

When you enable a trunk all vlans are allowed by default but when you start using the switchport allowed vlan xx then you are manipulating the all vlans allowed listing whatever that maybe so in a production environment you need to be a bit careful using this switchport allowed command as you could end up doing what you've experienced!

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎08-06-2019

Hello dazza007,

after a trunk is operational we should use only

switchport trunk allowed vlan add xx

or

switchport trunk allowed vlan remove yy

to modify the list of allowed vlans on the trunk.

I think tahat the CLI parser should be modified to print a warning when using switchport trunk allowed vlan on a trunk already operational.

Because, it is very common to forget the add keyword in the command almost everyone has made this error.

Hope to help

Giuseppe

dazza007 · ‎08-06-2019

Thank you too!

So just to clarify a last point

here is the broken port config

switchport trunk allowed vlan 6,51,100-110,115,301-312,322,410,510-512,598

I submit the command "switchport trunk allowed vlan add 700,710-713,911,912"

and then the config afterwards...

switchport trunk allowed vlan 6,51,100-110,115,301-312,322,410,510-512,598,700
switchport trunk allowed vlan add 710-713,911,912

Why would vlan 700 go onto the 1st line?

paul driver · ‎08-06-2019

Hello

@dazza007 wrote:

Thank you too!

So just to clarify a last point

here is the broken port config

switchport trunk allowed vlan 6,51,100-110,115,301-312,322,410,510-512,598

I submit the command "switchport trunk allowed vlan add 700,710-713,911,912" <- - then this will join and append to the above

and then the config afterwards...

switchport trunk allowed vlan 6,51,100-110,115,301-312,322,410,510-512,598,700 <-- 700 will be allowed by the first line the rest is already allowed
switchport trunk allowed vlan add 710-713,911,912 <- - then this will join and append to the first line

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul