Common Errors

Jul 3 2008

Lighting up a layer 2 trunk

I’ve seen this a number of times.  A user lights up a trunk and doesn’t restrict which VLANs can use the trunk, so Cisco IOS obviously allows all VLANs and this causes spanning tree to send a whole load of BPDUs to the remote device and if it has also been configured in a similar way at the remote end then spanning tree will then have to reconverge.  At this point you’ll probably have been kicked off the box and you’ll be sweating prefuously.  Hmm, not a good way to bring a trunk live.

The right way.

When you configure the port, make sure it is shut down.  Only bring it live (no shut) when you have configured both sides of the link and are sure that both sides have a compatible setup.  A good rule of thumb is to disallow ALL VLANs when you bring the trunk up.  Once the trunk is up, you can easily add more VLANs as and when required.

Heres a copy of a possible configuration you could use before you unshut the port.

interface GigabitEthernet1/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan none

switchport mode trunk

By zismail • Common Errors 0 • Tags: , ,

Jul 3 2008

Etherchannel configurations – woops added the VLAN to the physical port.

Adding a VLAN to an Etherchannel

How many times have you heard that someone added a VLAN to a phyiscal layer2 interface instead of the logical layer2 port-channel and subsequently brought the etherchannel down.  If your lucky you might get away with it.  I’ve seen engineers take down entire data centers as well as call centers by issuing this command on the wrong interface.

For those of you who havent made this mistake, here is how to avoid it:-

Task: add vlan 20 to etherchannel 1.

The right way

conf t

interface port-channel 1

switchport trunk allowed vlan add 20

end

The wrong way

Do not add the VLAN to a port which is a member of the etherchannel.

ie

The command below will show the ports which are members of the etherchannel.

show etherchannel 1 summary

!

!

text removed

!

group     port-channel     protocol    ports

————————————–

1            po1(SU)              -               Gi5/3(P)    Gi5/4(P)

If you then look at the physical port, you can see it is a member of port-channel 1.

show run interface gi5/3

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-19

switchport mode trunk

no ip address

channel-group 1 mode on

The last line ie channel-group 1 mode on indicates that this port is part of etherchannel 1.  If you try to add a VLAN to the etherchannel by adding the VLAN to the physical port, this port will be removed from the etherchannel and this will cause spanning tree to throw a wobbly.

Be warned:-)

By zismail • Common Errors 0 • Tags: