I like sharing these stories because they help me document some really simple problems that can sometimes take a few minutes to troubleshoot and ultimately resolve. The moral of this story resolves around the much used command “switchport trunk allowed vlan x,y,z” and the often overlooked commands “switchport trunk allowed vlan add|remove x,y,z“.
I decided to write about this topic since I recently encountered operational “difficulties” with both my prior employer and my current employer that involved the same near identical mistake of a network engineer accidentally overwriting the list of allowed VLANs. In the most recent case it was a simple oversight on the engineer’s part and the problem was quickly corrected. On the prior case the engineer had issued the command “no switchport trunk allowed vlan x” which seems to have given NXOS a bit of a fit. The ports that were in that vPC needed to be shutdown and then enabled to clear what appeared to be a software bug. While the running-config indicated that the VLANs were being trunked on the ports, the MAC/FDB table had no entries of those VLANs on the affected ports.
I strongly recommend that folks prune VLANs that aren’t being used from their trunks, however, you need to be very careful with how you add and/or remove VLANs from the list once the trunk is up and running.
In the past I’ve seen folks accidentally overwrite the VLAN allowed add list by using the “switchport trunk allowed vlan” command. Look at this sample configuration;
interface port-channel2 description VPC_CISCO_NEXUS_5010 switchport switchport mode trunk switchport trunk allowed vlan 150-154 switchport trunk allowed vlan add 155 mtu 9216 vpc 2
Now let’s say we wanted to add VLAN 156 and we using the following command, taking the allowed VLAN list and adding VLAN 156;
switchport trunk allowed vlan 152-154,156
The problem with this is that we just missed the fact that VLAN 155 was also on that trunk and we just removed it from the trunk with the that previous command.
The morale of the story – be careful when you add/remove VLANs from trunk ports and make sure you use the switchport trunk allow vlan add|remove command.
Image Credit: Roger Kirby