Hi,

We have a mixture of Catalyst and Nexus switches and want to implement a safeguard in Cisco ACS in the form of a command authorisation set which prevents users from entering the command "switchport trunk allowed vlan x" without the "add" or "remove" keywords.

I am sure many readers of this understand what happens on a live trunk link when the allowed list is accidentally changed to just the vlan which you originally intended to just add.

The only problem I have is that for some strange reason, the Nexus will NOT allow you to configure a new trunk link with the "switchport trunk allowed vlan add x" syntax. For some reason you have to first configure it with something like "switchport trunk allowed vlan 10-100" and once an initial allowed list is configured, you can then use add / remove to modify the list.

This is obviously different to the way in which Catalysts work because you can do it either way. The strange thing is, the Nexus lets you enter the command with the "add" keyword, and doesnt even complain, but the configuration is NOT updated with the vlan.

We are running NX-OS 5.2(3a) and was wondering if this is a bug / issue which has been resolved in the 6.x release.