Solved: Nexus 5k - Adding and removing vlans in port-channel (vpc)

ahmed.jama · ‎12-05-2012

version 5.2(1)N1(1)

Hello,

I am a bit confused by the output of 'show run' and 'show run switch-profile' that pertains to a port-channel interface configured in a switch-profile. My main gaol is to find out how can I add/remove the allowed vlans the port-channel (configured as trunk) carries.

The setup is like this. I have 2 N5k in vPC domain and Etherner1/11 on both switches is configured as trunk vPC that connects to a core switch. When I issue ‘show run’ for the port-channel and physical interface I get the following output

N5k1# sh run int po10

interface port-channel10

description TEST

switchport mode trunk

switchport trunk allowed vlan 30,40

speed 1000

vpc 10

N5k1# sh run int Ethernet 1/11

interface Ethernet1/11

description TEST

switchport mode trunk

switchport trunk allowed vlan 30,40

speed 1000

channel-group 10 mode active

When I issue 'show run switch-profile', I get the following output

N5k1# sh run switch-profile | be int

interface port-channel10

description TEST

switchport mode trunk

speed 1000

vpc 10

interface Ethernet1/11

switchport mode trunk

switchport trunk allowed vlan 30, 40

speed 1000

channel-group 10 mode active

From above it seems the switch-profile configuration is missing the 'switchport trunk allowed vlan' in the port-channel interface. If want I to remove vlan 30 from the allowed vlan, should I go under the switch-profile mode and remove vlan 30 from the allowed list even though the switch-profile configuration seems to be missing this.

For example:

conf sync

!

switch-profile TEST

!

interface port-channel10

switchport trunk allowed vlan remove 30

exit

!

verify

!

commit

!

end

Could someone kindly point me into the right direction.

Regards,

Ahmed

Reza Sharifi · ‎12-05-2012

Hi,

If you are using config sync, then you need to use the switch-profile and remove it there, so it applies to both switches. If you are not using config sync, then you can make the change on the portchannel and remove the vlan there.

From the config guide:

Switch Profiles

Beginning with Cisco NX-OS Release 5.0(2)N1(1), config-sync mode allows you to create a switch profile. A switch profile contains a predefined configuration that you can use to configure a peer switch so that both peers have the same configuration. In config-sync mode, you define the peer and the configuration in the switch profile. Peers are identified by their IP address and they are local to each switch profile. Commands entered in config-sync mode are buffered until they are committed. Configuration changes made in configuration terminal mode apply only to the local switch.

You must create an identical switch profile on each peer switch in config-sync mode. This configuration is not automatically synchronized and you must configure it on each peer switch.

To create the switch profiles, enter the following commands:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_config_sync_ops.html

HTH

View solution in original post

Reza Sharifi · ‎12-05-2012

Hi,

If you are using config sync, then you need to use the switch-profile and remove it there, so it applies to both switches. If you are not using config sync, then you can make the change on the portchannel and remove the vlan there.

From the config guide:

Switch Profiles

Beginning with Cisco NX-OS Release 5.0(2)N1(1), config-sync mode allows you to create a switch profile. A switch profile contains a predefined configuration that you can use to configure a peer switch so that both peers have the same configuration. In config-sync mode, you define the peer and the configuration in the switch profile. Peers are identified by their IP address and they are local to each switch profile. Commands entered in config-sync mode are buffered until they are committed. Configuration changes made in configuration terminal mode apply only to the local switch.

You must create an identical switch profile on each peer switch in config-sync mode. This configuration is not automatically synchronized and you must configure it on each peer switch.

To create the switch profiles, enter the following commands:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_config_sync_ops.html

HTH

ahmed.jama · ‎12-07-2012

Hi Reza,

Thanks for the information. Do you happen to know why the output of 'show run switch-profile' omits some port-channel related configuration such as 'switchport trunk allowed vlan 30, 40', and this is displayed when 'show run int' output?

Regards,

Ahmed

Kevin Dorrell · ‎09-12-2013

That happens if the commands are not in the switch-profile, but are in the "conf t" part of the configuration.

I find it quite useful to upload the config to a TFTP server, and then to examine the file using an editor. You will find there are two parts to the file: the top part contains the commands entered in "conf t" mode, and the bottom part (under the switch-profile conmmand) contains the commands entered in "conf sync" mode.

Even more revealing is to upload the config of both switches to a TFTP server, and then use some comparision tool like WinMerge to highlight the differences.

Regards

Kevin DORRELL

Luxembourg