Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
982
Views
15
Helpful
4
Replies

VLANs accidentally removed from trunk on Nexus 7K

aweise
Level 1
Level 1

‎02-04-2021 01:17 PM

We have two Nexus 7706 switches in our data center. Both are running 8.2(1).

 

This morning, I went to remove a specific VLAN from a port-profile. This port-profile is tied to several VPC port-channel interfaces (shared across both 7Ks), which are trunks to our ESX servers. The configuration is like so:

 

port-profile type port-channel ESX
switchport
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181
switchport trunk allowed vlan add 183-184,190,321,401,552,652,1000
spanning-tree port type edge trunk
speed 10000
duplex full
description ESX Server
state enabled

 

I ran this command: on both 7Ks:

 

Switch(config)#port-profile type port-channel ESX

Switch((config-port-prof)#switchport trunk allowed vlan remove 140

 

A few minutes later, we realized some systems were down. Ultimately, I found that the port-profile configuration had removed several VLANs:

 

port-profile type port-channel ESX
switchport
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 130-132,134-139,141-158,164-170,174,177-178,181

spanning-tree port type edge trunk
speed 10000
duplex full
description ESX Server

 

I have a TAC case open to investigate this, but has anyone else come across this?

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎02-05-2021 02:45 AM - edited ‎02-05-2021 02:47 AM

Not sure what happens on the background :

 

if the profile apply as below :

 

switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181
switchport trunk allowed vlan add 183-184,190,321,401,552,652,1000   -  << above command overide this.

 

as per your command :

 

switchport trunk allowed vlan 130-132,134-139,141-158,164-170,174,177-178,181  ( VLAN 140 removed here and profile applied,)

 

switchport trunk allowed vlan  - when you use this command what ever configuration on the interface  will be wiped and new allowed VLAN added.

 

so make sure you profile has full vlan like as below  example :

 

switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181, 183-184,190,321,401,552,652,1000

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

aweise
Level 1
Level 1
In response to balaji.bandi

‎02-05-2021 06:54 AM

How would the one command override the other?

 

switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181
switchport trunk allowed vlan add 183-184,190,321,401,552,652,1000   -  << above command overide this.

 

When I initially applied the configuration, I did so as you suggested:

 

switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181183-184,190,321,401,552,652,1000

 

When I display the running config, it's shown in the two-line format, with the second line using the "add" command. Thus, nothing should be overriding any other command.

 

When I did the remove of a single VLAN ID, the second line somehow got removed from the config. So, the switch updated the port profile to remove VLAN 140, but it also removed the second line with all of those VLANs.

 

I've removed VLANs numerous times before from these port profiles and have never seen this happen.

balaji.bandi
Hall of Fame
Hall of Fame
In response to aweise

‎02-05-2021 10:53 AM

Technically as soon the command issued - switchport trunk allowed vlan  all other config removed from port-channel.

 

I have not worked on the profile, let me read (if any clarification let you know)

In the Future you do not like this happens, make sure you update the profile as suggested.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

aweise
Level 1
Level 1
In response to balaji.bandi

‎02-08-2021 07:50 AM

Yes, I understand that, but that's not how the configuration was applied.

 

When I first set up the port profile, I used this command:

 

switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181,183-184,190,321,401,552,652,1000

 

After that, doing a "show run port-profile" on the Nexus displays it like this:

 

switchport trunk allowed vlan 130-132,134-158,164-170,174,177-178,181
switchport trunk allowed vlan add 183-184,190,321,401,552,652,1000

 

I did not execute the general "switchport trunk allowed vlan" command. I did the following:

 

switchport trunk allowed vlan remove 140

 

Please note that I used the "remove" keyword so that I would only remove vlan 140 from the trunk configuration and not anything else.

 

It was after this command that I found the second line of the port-profile missing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card