Cisco IOS software allows administrators to combine multiple physical links in the chassis into a single logical link. This provides an ideal solution for load sharing, as well as link redundancy, and can be used by both Layer 2 and Layer 3 sub-systems.These are referred to as Etherchannels.

Understanding EtherChannels

An EtherChannel is comprised of physical, individual FastEthernet, GigabitEthernet, or Ten-GigabitEthernet (10Gbps) links that are bundled together into a single logical link as illustrated in the figure below. An EtherChannel comprised of FastEthernet links is referred to as a FastEtherChannel (FEC); an EtherChannel comprised of GigabitEthernet links is referred to as a GigabitEtherChannel (GEC); and  finally, an EtherChannel comprised of Ten-GigabitEthernet links is referred to as a Ten-GigabitEtherChannel (10GEC):

EtherChannel Physical and Logical View

Each EtherChannel can consist of up to eight (8) ports. Physical links in an EtherChannel must share similar characteristics, such as be defined in the same VLAN or have the same speed and duplex settings, for example. When configuring EtherChannels on Cisco Catalyst switches, it is important to remember that the number of supported EtherChannels will vary between the different Catalyst switch models.

For example, on the Catalyst 3750 series switches, the range is 1 to 48; on the Catalyst 4500 series switches, the range is 1 to 64; and on the flagship Catalyst 6500 series switches, the number of valid values for EtherChannel configuration depends on the software release. For releases prior to Release 12.1(3a)E3, valid values are from 1 to 256; for Releases 12.1(3a)E3, 12.1(3a)E4, and 12.1(4)E1, valid values are from 1 to 64. Release 12.1(5c)EX and later support a maximum of 64 values ranging from 1 to 256.

NOTE: You are not expected to known the values supported in each different IOS version.

In addition to increasing the aggregate link bandwidth between two devices, Etherchannels also provide redundancy in the event of a single link failure within the bundle group. If for example, a single link fails, the traffic previously carried over the failed link is switched over to, or distributed across, the remaining links within the port channel. In addition to this, when you change the number of active bundled ports in a port channel, traffic patterns will reflect the rebalanced state of the port channel. This will be described later in this chapter when we learn about the different Etherchannel load-distribution methods.

There are two link aggregation protocol options that can be used to automate the creation of an EtherChannel group: Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP).  PAgP is a Cisco proprietary protocol while LACP is part of the IEEE 802.3ad specification for creating a logical link from multiple physical links. These two protocols will be described in detail throughout this chapter.

Port Aggregation Protocol Overview

Port Aggregation Protocol (PAgP) is a Cisco proprietary link aggregation protocol that enables the automatic creation of EtherChannels. By default, PAgP packets are sent between EtherChannel-capable ports in order to negotiate the forming of an EtherChannel. These packets are sent to the destination Multicast MAC address 01-00-0C-CC-CC-CC, which is also the same Multicast address that is used by CDP, UDLD, VTP, and DTP.  The figure  below shows the fields contained within a PAgP frame as seen on the wire:

PAgP Ethernet Header

Although going into detail on the PAgP packet format is beyond the scope of Cisco exam requirements, the figure below shows the fields contained in a typical PAgP packet. Some of the fields contained within the PAgP packet are of relevance to Cisco exams and will be described in detail as we progress through this lesson:

The Port Aggregation Protocol Frame

PAgP Port Modes

PAgP supports different port modes that determine whether an EtherChannel will be formed between two PAgP-capable switches. Before we delve into the two PAgP port modes, one particular mode deserves special attention. This mode (the ‘on’ mode) is sometimes incorrectly referenced as a PAgP mode. The truth, however, is that it is not a PAgP port mode.

The on mode forces a port to be placed into a channel unconditionally. The channel will only be created if another switch port is connected and is configured in the on mode. When this mode is enabled, there is no negotiation of the channel performed by the local EtherChannel protocol. In other words, this effectively disables EtherChannel negotiation and forces the port to the channel. The operation of this mode is similar to the operation of the switchport nonegotiate command on trunk links. It is important to remember that switch interfaces that are configured in the on mode do not exchange PAgP packets.

Switch EtherChannels using PAgP may be configured to operate in one of two modes: auto or desirable. These two PAgP modes of operation are described in the following sub-sections.

Auto Mode

Auto mode is a PAgP mode that will negotiate with another PAgP port only if the port receives a PAgP packet. When this mode is enabled, the port(s) will never initiate PAgP communications but instead will listen passively for any received PAgP packets before creating an EtherChannel with the neighboring switch.

Desirable Mode

Desirable mode is a PAgP mode that causes the port to initiate PAgP negotiation for a channel with another PAgP port. In other words, in this mode, the port actively attempts to establish an EtherChannel with another switch running PAgP.

In summation, it is important to remember that switch interfaces configured in the on mode do not exchange PAgP packets but they do exchange PAgP packets with partner interfaces configured in the auto or desirable modes. The below table shows the different PAgP combinations and the result of their use in establishing an EtherChannel:

EtherChannel Formation Using Different PAgP Modes

Switch 1 PAgP Mode	Switch 2 PAgP Mode	EtherChannel Result
Auto	Auto	No EtherChannel Formed
Auto	Desirable	EtherChannel Formed
Desirable	Auto	EtherChannel Formed
Desirable	Desirable	EtherChannel Formed

 

PAgP Learn Method

Switches running PAgP are classified as either physical learners or aggregate learners. These two device types are described in the following sub-sections.

PAgP Physical Learners

PAgP physical learners are switches that learn MAC addresses using the physical ports within the EtherChannel instead of via the logical EtherChannel link. Physical learners forward traffic to addresses based on the physical port via which the address was learned. In other words, the switch will send packets to the neighboring switch using the same port in the EtherChannel from which it learned the source address. The figure below illustrates a switch using physical learning in a three-port EtherChannel:

PAgP Physical Learning

PAgP Aggregate (Logical) Learners

Unlike a physical learner, an aggregate learner learns addresses based on the aggregate or logical EtherChannel port. This allows the switch to transmit packets to the source by using any of the interfaces in the EtherChannel. Aggregate learning is the default in current Cisco IOS switches. However, it should be noted that legacy switches, such as the Catalyst 1900 series switches, support only physical learning.

By default, PAgP is not able to detect whether a neighboring switch is a physical learner. Therefore, when configuring PAgP EtherChannels on switches that support only physical learning, the learning method must be manually set to physical learning. In addition to this, it is important to set the load-distribution method to source-based distribution so that any given source MAC address is always sent on the same physical port. The different EtherChannel load-distribution methods will be described in detail later in this chapter. The figure below illustrates logical learning:

PAgP Logical Learning

The following output shows the MAC entries in the CAM on a device performing aggregate learning:

Switch-1#show mac-address-table Mac Address Table ——————————————-   Vlan    Mac Address       Type        Ports —-    ———–       ——–    —– … [Truncated Output] … 10    0014.a9e5.d640    DYNAMIC     Po1 10    001d.09d4.0238    DYNAMIC     Po1 10    0014.a9e5.d641    DYNAMIC     Po1 10    0014.a9e5.d642    DYNAMIC     Po1 10    0014.a9e5.d643    DYNAMIC     Po1 Total Mac Addresses for this criterion: 9

 PAgP EtherChannel Protocol Packet Forwarding

While PAgP allows for all links within the EtherChannel to be used to forward and receive user traffic, there are some restrictions that you should be familiar with regarding the forwarding of traffic from other protocols. DTP and CDP send and receive packets over all the physical interfaces in the EtherChannel. PAgP sends and receives PAgP Protocol Data Units only from interfaces that are up and have PAgP enabled for auto or desirable modes.

When an EtherChannel bundle is configured as a trunk port, the trunk sends and receives PAgP frames on the lowest numbered VLAN. Spanning Tree Protocol (STP) always chooses the first operational port in an EtherChannel bundle. The show pagp [channel number] neighbor command, which can also be used to validate the port that will be used by STP to send packets and receive packets, determines the port STP will use in an EtherChannel bundle, as shown in the following output:

Switch-1#show pagp neighbor Flags:  S – Device is sending Slow hello. C – Device is in Consistent state. A – Device is in Auto mode.       P – Device learns on physical port.   Channel group 1 neighbors Partner              Partner          Partner         Partner Group Port      Name                 Device ID        Port       Age  Flags   Cap. Fa0/1     Switch-2             0014.a9e5.d640   Fa0/1      2s   SC      10001 Fa0/2     Switch-2             0014.a9e5.d640   Fa0/2      1s   SC      10001 Fa0/3     Switch-2             0014.a9e5.d640   Fa0/3      15s  SC      10001

Referencing the above output, STP will send packets only out of port FastEthernet0/1 because it is the first operational interface. If that port fails, STP will send packets out of FastEthernet0/2. The default port used by PAgP can be viewed in the show EtherChannel summary as illustrated in the following output:

Switch-1#show EtherChannel summary Flags:  D – down        P – in port-channel I – stand-alone s – suspended H – Hot-standby (LACP only) R – Layer3      S – Layer2 u – unsuitable for bundling U – in use      f – failed to allocate aggregator d – default port Number of channel-groups in use: 1 Number of aggregators:           1   Group  Port-channel  Protocol    Ports ——+————-+———–+——————————————– 1      Po1(SU)       PAgP        Fa0/1(Pd)   Fa0/2(P)    Fa0/3(P)

 

When configuring additional STP features such as Loop Guard on an EtherChannel, it is very important to remember that if Loop Guard blocks the first port, no BPDUs will be sent over the channel, even if other ports in the channel bundle are operational. This is because PAgP will enforce uniform Loop Guard configuration on all of the ports that are part of the EtherChannel group.

Real World Implementation In production networks, you may run across the Cisco Virtual Switching System (VSS), which is comprised of two physical Catalyst 6500 series switches acting as a single logical switch. In the VSS, one switch is selected as the active switch while the other is selected as the standby switch. The two switches are connected together via an EtherChannel, which allows for the sending and receiving of control packets between them.Access switches are connected to the VSS using Multichassis EtherChannel (MEC). An MEC is simply an EtherChannel that spans the two physical Catalyst 6500 switches but terminates to the single logical VSS. Enhanced PAgP (PAgP+) can be used to allow the Catalyst 6500 switches to communicate via the MEC in the event that the EtherChannel between them fails, which would result in both switches assuming the active role (dual active), effectively affecting forwarding of traffic within the switched network. This is illustrated in the diagram below:While VSS is beyond the scope of Cisco exam requirements, it is beneficial to know that only PAgP can be used to relay VSS control packets. Therefore, if implementing EtherChannels in a VSS environment, or an environment in which VSS may eventually be implemented, you may want to consider running PAgP instead of LACP, which is an open standard that does not support the proprietary VSS frames. VSS will not be described any further in this guide.

 Link Aggregation Control Protocol Overview

Link Aggregation Control Protocol (LACP) is part of the IEEE 802.3ad specification for creating a logical link from multiple physical links. Because LACP and PAgP are incompatible, both ends of the link need to run LACP in order to automate the formation of EtherChannel groups.

As is the case with PAgP, when configuring LACP EtherChannels, all LAN ports must be the same speed and must all be configured as either Layer 2 or Layer 3 LAN ports. Unlike PAgP, LACP does not support half-duplex links. Half-duplex ports in an LACP Etherchannel are placed into the suspended state. If a link within a port channel fails, traffic previously carried over the failed link is distributed between the remaining links within the port channel. Additionally, when you change the number of active bundled ports in a port channel, traffic patterns will also reflect the rebalanced state of the port channel.

LACP supports the automatic creation of port channels by exchanging LACP packets between ports. It learns the capabilities of port groups dynamically and informs the other ports. Once LACP identifies correctly matched Ethernet links, it facilitates grouping the links into a Gigabit Ethernet port channel. Unlike PAgP, where ports are required to have the same speed and duplex settings, LACP mandates that ports be only full-duplex, as half-duplex is not supported. Half-duplex ports in an LACP EtherChannel are placed into the suspended state.

By default, all inbound Broadcast and Multicast packets on one link in a port channel are blocked from returning on any other link of the port channel. LACP packets are sent to the IEEE 802.3 Slow Protocols Multicast group address 01-80-C2-00-00-02. LACP frames are encoded with the EtherType value 0x8809. The figure below illustrates these fields in an Ethernet frame:

IEEE 802.3 LACP Frame

 LACP Architecture

Architecturally, the LACP application is a client to the MAC Sub-Layer. In other words, with LACP, link aggregation applies to the MAC Sub-Layer of the Data Link Layer. The Link Aggregation Sub-Layer binds multiple physical ports and presents them to upper Layers of the stack as a single logical port. The major LACP architectural components (or blocks) are illustrated in the figure below:

LACP Architectural Blocks

The table below lists and describes the core components illustrated in the above:

EtherChannel Formation Using Different LACP Modes:

Component	Description
Collector	The Collector accepts frames from the physical link and passes them to upper layers. The Collector parses special marker packets from the incoming stream. These packets are then passed to the LACP agent. The LACP agent can also instruct the Distributor to generate marker response packets.
Distributor	The Distributor transmits outgoing frames from the MAC client to links in the aggregation group. This block also implements the distribution algorithm, which is used to redistribute traffic among links. To do so, the higher layer sends a special marker packet at the point where it wishes to re-distribute traffic and waits for the marker response packet. The marker response packet is generated by the receiving agent only after all frames have been passed to the higher layer applications.
Marker and Marker Response	These are used to maintain frame ordering when moving frames from one link in the group to another, such as when a physical link fails.

The LACP defines frame collection and distribution along with an LACP agent. The LACP defines two modes to re-distribute traffic among links. First is with the use of special packets called markers. The frame collector at either end of the link parses special marker packets from the incoming stream. These packets are then passed to the LACP agent. In addition to this, the LACP agent can also instruct the distributor to generate marker response packets.

LACP Port Modes

LACP supports the automatic creation of port channels by exchanging LACP packets between ports. LACP does this by learning the capabilities of port groups dynamically and informing the other ports. Once LACP identifies correctly matched Ethernet links, it facilitates grouping the links into a port channel. Once an LACP mode has been configured, it can only be changed if a single interface has been assigned to the specified channel group. LACP supports two modes: active and passive. These two modes of operation are described in the following sub-sections.

LACP Active Mode

LACP active mode places a switch port into an active negotiating state in which the switch port initiates negotiations with remote ports by sending LACP packets. Active mode is the LACP equivalent of PAgP desirable mode. In other words, in this mode, the switch port actively attempts to establish an EtherChannel with another switch that is also running LACP.

LACP Passive Mode

When a switch port is configured in passive mode, it will negotiate an LACP channel only if it receives another LACP packet. In passive mode, the port responds to LACP packets that the interface receives but does not start LACP packet negotiation. This setting minimizes the transmission of LACP packets. In this mode, the port channel group attaches the interface to the EtherChannel bundle. This mode is similar to the auto mode that is used with PAgP.

It is important to remember that the active and passive modes are valid on non-PAgP interfaces only. However, if you have a PAgP EtherChannel and want to convert it to LACP, then Cisco IOS software allows you to change the protocol at any time. The only caveat is that this change causes all existing EtherChannels to reset to the default channel mode for the new protocol. The table below shows the different LACP combinations and the result of their use in establishing an EtherChannel between two switches:

EtherChannel Formation Using Different LACP Modes:

Switch 1 LACP Mode	Switch 2 LACP Mode	EtherChannel Result
Passive	Passive	No EtherChannel Formed
Passive	Active	EtherChannel Formed
Active	Active	EtherChannel Formed
Active	Passive	EtherChannel Formed

LACP Parameters

There are several LACP parameters that are contained in the LACP PDUs that are exchanged between switches. After exchanging LACP PDUs (also referred to as LACPDUs in some texts), the actor (local switch) and the partner (remote switch) come to agreement about each other’s settings. The switches can now decide whether the ports at each end of the link can be added to an aggregation. LACP uses the following parameters:

• LACP System Priority
• LACP Port Priority
• LACP Administrative Key

These three LACP parameters, which are illustrated in the figure below, will be described in detail in this section:

LACP PDU (LACPDU) Parameters

LACP System Priority

An LACP System Priority must exist on each device running LACP. The LACP system priority can be configured automatically (default) or through the Command Line Interface (CLI). The LACP System Priority must be configured at each end in order for LACP to successfully negotiate the Etherchannel group between the two end points. LACP uses the System Priority with the device MAC address to form the System ID and also during negotiation with other systems. This is illustrated in the below figure:

Deriving the LACP System ID from the MAC Address and System Priority

LACP Port Priority

As is the case with the LACP System Priority, the LACP port priority must be defined on each port configured to use LACP. The Port Priority can be configured automatically (default) or through the CLI. LACP uses the Port Priority to decide which ports should be put into the bundle and which ports should be placed into LACP standby mode when there is a hardware limitation that prevents all compatible ports from aggregating.

In other words, if more than eight links are assigned to an Etherchannel bundle running LACP, the protocol uses the Port Priority to determine which ports are placed into a standby mode, i.e. will be placed into the Etherchannel if one or more of the current active LACP links fails. LACP also uses the port priority with the port number to form the port identifier. The higher the configured priority value (lower numerical value) the greater the chances of the port being used by LACP. The lower the value (higher numerical value) the lower the chances of the port being used by LACP. This concept is illustrated below in the figure:

Deriving the LACP Port ID from the Port Priority and Port Number

LACP Administrative Key

LACP automatically configures an administrative key value on each port configured to use LACP. The administrative key defines the ability of a port to aggregate with other ports. Only ports that have the same administrative key are allowed to be aggregated into the same port channel group. This is illustrated below in the below figure:

Aggregating LACP Ports Based on the Administrative Key

A port’s ability to aggregate with other ports is determined by physical characteristics, such as data rate, duplex capability, and point-to-point or shared medium, or by administrator-defined configuration restrictions or constraints.

LACP Redundancy

LACP provides two key features that afford redundancy for LACP EtherChannels. These two features are LACP hot-standby ports and LACP 1:1 redundancy with fast switchover.

LACP Hot-Standby Ports

By default, when LACP is configured on ports, it tries to configure the maximum number of compatible ports in a port channel, up to the maximum allowed by the hardware, which is typically eight ports.

However, if LACP is unable to aggregate all the ports that are compatible into an EtherChannel (e.g. if the neighboring switch has hardware limitations and can only support a fewer number of ports per EtherChannel), then all the ports that cannot be actively included in the channel are put in hot-standby state and are used only if one of the active ports in the EtherChannel fails.

Cisco IOS software allows administrators to restrict the maximum number of bundled ports allowed in the port channel using the lacp max-bundle [number] command in interface configuration mode. By default, up to eight ports may be bundled into a single channel. Inversely, a port channel must have a minimum of one port configured.

However, Cisco IOS software allows this value to be changed via the port-channel min-links [number] interface configuration command on the port channel interface. This command specifies the minimum number of member ports that must be in the link-up state and bundled in the EtherChannel for the port channel interface to transition to the link-up state.

LACP 1:1 Redundancy with Fast-Switchover

The LACP 1:1 redundancy feature provides an EtherChannel configuration with one active link and the ability to perform a fast switchover to a hot-standby link. To use LACP 1:1 redundancy, configure an LACP EtherChannel with two ports: one active and one standby. In the event that the active link goes down, the EtherChannel stays up and the switch performs fast switchover to the hot-standby link. Traffic is then subsequently forwarded using that interface.

When the failed link becomes operational again (i.e. is restored to its original state), the switch performs another fast switchover to revert to the original active link. The LACP 1:1 redundancy feature must be enabled on both ends of the link.

EtherChannel Load-Distribution Methods

For Etherchannel load distribution, Catalyst switches use a polymorphic or XOR algorithm which uses key fields from the header of the packet to generate a hash which is then matched to a physical link in the Etherchannel group. This XOR operation can be performed on MAC addresses or IP addresses and can be based solely on source or destination addresses. However, in some switching platforms, the operation is based on both source and destination addresses and is performed on the last two bits of the source MAC and the destination MAC.

NOTE: An XOR is an algorithm that basically means either one or the other, but not both.

While delving into detail on the actual computation of the hash used in Etherchannel load distribution is beyond the scope of the SWITCH requirements, it is important to know that the administrator can define what fields in the header can be used as input to the algorithm used to determine the physical link transport the packet.

The load distribution type is configured via the port-channel load-balance [method] global configuration command. Only a single method can be used at any given time. The below table lists and describes the different methods available in Cisco IOS Catalyst switches when configuring Etherchannel load distribution.

EtherChannel Load Distribution (Load Balancing) Options

Method	Description
dst-ip	Performs load distribution based on the destination IP address
dst-mac	Performs load distribution based on the destination MAC address
dst-port	Performs load distribution based on the destination Layer 4 port
src-dst-ip	Performs load distribution based on the source or destination IP address
src-dst-mac	Performs load distribution based on the source or destination MAC address
src-dst-port	Performs load distribution based on the source or destination Layer 4 port
src-ip	Performs load distribution based on the source IP address
src-mac	Performs load distribution based on the source MAC address
src-port	Performs load distribution based on the source Layer 4 port

EtherChannel Configuration Guidelines

The following section lists and describes the steps that are required to configure Layer 2 PAgP EtherChannels. However, before we delve into these configuration steps, it is important that you are familiar with the following caveats when configuring Layer 2 EtherChannels:

• Each EtherChannel can have up to eight compatibly configured Ethernet interfaces. LACP allows you to have more than eight ports in an EtherChannel group. These additional ports are hot-standby ports. This was described in the previous section.
• All interfaces in the EtherChannel must operate at the same speed and duplex modes. Keep in mind, however, that unlike PAgP, LACP does not support half-duplex ports.

• Ensure all interfaces in the EtherChannel are enabled. In some cases, if the interfaces are not enabled, the logical port channel interface will not be created automatically.

• When first configuring an EtherChannel group, it is important to remember that ports follow the parameters set for the first group port added.

• If Switch Port Analyzer (SPAN) is configured for a member port in an EtherChannel, then the port will be removed from the EtherChannel group.

• It is important to assign all interfaces in the EtherChannel to the same VLAN or configure them as trunk links. If these parameters are different, the channel will not form.

• Keep in mind that similar interfaces with different STP Path Costs (manipulated by an administrator) can still be used to form an EtherChannel.

Configuring and Verifying Layer 2 EtherChannels

This section describes the configuration of Layer 2 EtherChannels by unconditionally forcing the selected interfaces to establish an EtherChannel. Click here for the Cisco IOS guide.

1. The first configuration step is to enter interface configuration mode for the desired EtherChannel interface(s) via the interface [name] or interface range [range] global configuration commands.

2. The second configuration step is to configure the interfaces as Layer 2 switch ports via the switchport interface configuration command.

3. The third configuration step is to configure the switch ports as either trunk or access links via the switchport mode [access|trunk] interface configuration command.

4. Optionally, if the interface or interfaces have been configured as access ports, assign them to the same VLAN using the switchport access vlan [number] If the interface or interfaces have been configured as a trunk port, select the VLANs allowed to traverse the trunk by issuing the switchport trunk allowed vlan [range] interface configuration command; if VLAN 1 will not be used as the native VLAN (for 802.1Q), enter the native VLAN by issuing the switchport trunk native vlan [number] interface configuration command. This configuration must be the same on all of the port channel member interfaces.

5. The next configuration step is to configure the interfaces to unconditionally trunk via the channel-group [number] mode on interface configuration command.

The configuration of unconditional EtherChannel using the steps described above will be based on the network topology illustrated in the figure below:

Network Topology for EtherChannel Configuration Output Examples

The following output illustrates how to configure unconditional channeling on Switch 1 and Switch 2 based on the network topology depicted in the above figure. The EtherChannel will be configured as a Layer 2 802.1Q trunk using default parameters:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#interface range fa0/1 – 3 Switch-1(config-if-range)#no shutdown Switch-1(config-if-range)#switchport Switch-1(config-if-range)#switchport trunk encapsulation dot1q Switch-1(config-if-range)#switchport mode trunk Switch-1(config-if-range)#channel-group 1 mode on Creating a port-channel interface Port-channel 1 Switch-1(config-if-range)#exit Switch-1(config)#exit

NOTE: Notice that the switch automatically creates interface port-channel 1 by default. No explicit user configuration is required to configure this interface.

Switch-2#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-2(config)#interface range fa0/1 – 3 Switch-2(config-if-range)#switchport Switch-2(config-if-range)#switchport trunk encapsulation dot1q Switch-2(config-if-range)#switchport mode trunk Switch-2(config-if-range)#channel-group 1 mode on Creating a port-channel interface Port-channel 1 Switch-2(config-if-range)#exit Switch-2(config)#exit

The show etherchannel [options] command can then be used to verify the configuration of the EtherChannel. The available options (which may vary depending on platform) are printed in the following output:

Switch-2#show etherchannel ? <1-6>         Channel group number detail        Detail information load-balance  Load-balance/frame-distribution scheme among ports in port- channel port          Port information port-channel  Port-channel information protocol      protocol enabled summary       One-line summary per channel-group |             Output modifiers <cr>

The following output illustrates the show etherchannel summary command:

Switch-2#show etherchannel summary Flags:  D – down        P – in port-channel I – stand-alone s – suspended H – Hot-standby (LACP only) R – Layer3      S – Layer2 u – unsuitable for bundling U – in use      f – failed to allocate aggregator d – default port Number of channel-groups in use: 1 Number of aggregators:           1 Group  Port-channel  Protocol    Ports ——+————-+———–+——————————————– 1      Po1(SU)          –        Fa0/1(Pd)   Fa0/2(P)    Fa0/3(P)

In the output above, we can determine that there are three links in channel group 1. Interface FastEthernet0/1 is the default port; this port will be used to send STP packets, for example. If this port fails, FastEthernet0/2 will be designated as the default port, and so forth. We can also determine that this is an active Layer 2 EtherChannel by looking at the SU flags next to Po1. The following output shows the information printed by the show EtherChannel detail command:

Switch-2#show etherchannel detail Channel-group listing: ———————- Group: 1 ———- Group state = L2 Ports: 3   Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol:    – Ports in the group: ——————- Port: Fa0/1 ———— Port state    = Up Mstr In-Bndl Channel group = 1           Mode = On/FEC          Gcchange = – Port-channel  = Po1         GC   =   –             Pseudo port-channel = Po1 Port index    = 0           Load = 0x00            Protocol =    – Age of the port in the current state: 0d:00h:20m:20s Port: Fa0/2 ———— Port state    = Up Mstr In-Bndl Channel group = 1           Mode = On/FEC          Gcchange = – Port-channel  = Po1         GC   =   –             Pseudo port-channel = Po1 Port index    = 0           Load = 0x00            Protocol =    – Age of the port in the current state: 0d:00h:21m:20s Port: Fa0/3 ———— Port state    = Up Mstr In-Bndl Channel group = 1           Mode = On/FEC          Gcchange = – Port-channel  = Po1         GC   =   –             Pseudo port-channel = Po1 Port index    = 0           Load = 0x00            Protocol =    – Age of the port in the current state: 0d:00h:21m:20s Port-channels in the group: ————————— Port-channel: Po1 ———— Age of the Port-channel   = 0d:00h:26m:23s Logical slot/port   = 1/0          Number of ports = 3 GC                  = 0x00000000      HotStandBy port = null Port state          = Port-channel Ag-Inuse Protocol            =    – Ports in the Port-channel: Index   Load   Port     EC state        No of bits ——+——+——+——————+———– 0       00     Fa0/1    On/FEC          0 0       00     Fa0/2    On/FEC          0 0       00     Fa0/3    On/FEC          0 Time since last port bundled:    0d:00h:21m:20s    Fa0/3

In the output above, we can determine that this is a Layer 2 EtherChannel with three out of a maximum of eight possible ports in the channel group. We can also determine that the EtherChannel mode is on, based on the protocol being denoted by a dash (-). In addition to this, we can also determine that this is a FastEtherChannel (FEC).

Finally, we can also verify the Layer 2 operational status of the logical port-channel interface by issuing the show interfaces port-channel [number] switchport command. This is illustrated in the following output:

Switch-2#show interfaces port-channel 1 switchport Name: Po1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Protected: false Appliance trust: none

Configuring and Verifying PAgP EtherChannels

This section describes the configuration of PAgP Layer 2 EtherChannels. The following steps need to be executed in order to configure and establish a PAgP EtherChannel.

1. The first configuration step is to enter interface configuration mode for the desired EtherChannel interface(s) via the interface [name] or interface range [range] global configuration commands.

2. The second configuration step is to configure the interfaces as Layer 2 switch ports via the switchport interface configuration command.

3. The third configuration step is to configure the switch ports as either trunk or access links via the switchport mode [access|trunk] interface configuration command.

4. Optionally, if the interface or interfaces have been configured as access ports, assign them to the same VLAN using the switchport access vlan [number] If the interface or interfaces have been configured as a trunk port, select the VLANs allowed to traverse the trunk by issuing the switchport trunk allowed vlan [range] interface configuration command; if VLAN 1 will not be used as the native VLAN (for 802.1Q), enter the native VLAN by issuing the switchport trunk native vlan [number] interface configuration command. This configuration must be the same on all of the port channel member interfaces.

5. Optionally, configure PAgP as the EtherChannel protocol by issuing the channel-protocol pagp interface configuration command. Because EtherChannels default to PAgP, this command is considered optional and is not required. It is considered good practice to issue this command just to be absolutely sure of your configuration.

6. The next configuration step is to configure the interfaces to unconditionally trunk via the channel-group [number] mode on interface configuration command.

The following output illustrates how to configure PAgP channeling on Switch 1 and Switch 2 based on the network topology depicted in the figure above. The EtherChannel will be configured as a Layer 2 802.1Q trunk using default parameters:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#interface range fa0/1 – 3 Switch-1(config-if-range)#switchport Switch-1(config-if-range)#switchport trunk encap dot1q Switch-1(config-if-range)#switchport mode trunk Switch-1(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 Switch-1(config-if-range)#exit

NOTE: In the above output, the port channel desirable mode has been selected. An additional keyword (non-silent) may also be appended to the end of this command. This is because, by default, PAgP auto and desirable modes default to a silent mode. The silent mode is used when the switch is connected to a device that is not PAgP-capable and seldom, if ever, transmits packets. An example of a silent partner is a file server or a packet analyzer that is not generating traffic. It is also used if a device will not be sending PAgP packets (such as in auto mode).

In this case, running PAgP on a physical port connected to a silent partner prevents that switch port from ever becoming operational; however, the silent setting allows PAgP to operate, to attach the interface to a channel group, and to use the interface for transmission. In this example, because Switch 2 will be configured for auto mode (passive mode), it is preferred that the port uses the default silent mode operation. This is illustrated in the PAgP EtherChannel configuration output below:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#interface range fa0/1 – 3 Switch-1(config-if-range)#switchport Switch-1(config-if-range)#switchport trunk encap dot1q Switch-1(config-if-range)#switchport mode trunk Switch-1(config-if-range)#channel-group 1 mode desirable ? non-silent  Start negotiation only after data packets received <cr> Switch-1(config-if-range)#channel-group 1 mode desirable non-silent Creating a port-channel interface Port-channel 1 Switch-1(config-if-range)#exit

Proceeding with PAgP EtherChannel configuration, Switch 2 is configured as follows:

Switch-2#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-2(config)#int range fa0/1 – 3 Switch-2(config-if-range)#switchport Switch-2(config-if-range)#switchport trunk encapsulation dot1q Switch-2(config-if-range)#switchport mode trunk Switch-2(config-if-range)#channel-group 1 mode auto Creating a port-channel interface Port-channel 1 Switch-2(config-if-range)#exit

The following output illustrates how to verify the PAgP EtherChannel configuration by using the show EtherChannel summary command on Switch 1 and Switch 2:

Switch-1#show etherchannel summary Flags:  D – down        P – in port-channel I – stand-alone s – suspended H – Hot-standby (LACP only) R – Layer3      S – Layer2 u – unsuitable for bundling U – in use      f – failed to allocate aggregator d – default port Number of channel-groups in use: 1 Number of aggregators:           1 Group  Port-channel  Protocol    Ports ——+————-+———–+——————————————– 1      Po1(SU)         PAgP      Fa0/1(Pd)   Fa0/2(P)    Fa0/3(P)

PAgP EtherChannel configuration and statistics may also be viewed by issuing the show pagp [options] command. The options available with this command are illustrated in the following output:

Switch-1#show pagp ? <1-6>     Channel group number counters  Traffic information internal  Internal information neighbor  Neighbor information

NOTE: Entering the desired port channel number provides the same options as the last three options printed above. This is illustrated in the following output:

Switch-1#show pagp 1 ? counters  Traffic information internal  Internal information neighbor  Neighbor information

The counters keyword provides information on PAgP sent and received packets. The internal keyword provides information such as the port state, Hello Interval, PAgP port priority, and the port learning method, for example. Using the show pagp internal command, this is illustrated in the following output: 

Switch-1#show pagp 1 internal Flags:  S – Device is sending Slow hello.  C – Device is in Consistent state. A – Device is in Auto mode.        d – PAgP is down. Timers: H – Hello timer is running.        Q – Quit timer is running. S – Switching timer is running.    I – Interface timer is running. Channel group 1 Hello    Partner PAgP      Learning Group Port      Flags State   Timers  Interval Count   Priority  Method   Ifindex Fa0/1     SC    U6/S7   H       30s      1       128       Any      29 Fa0/2     SC    U6/S7   H       30s      1       128       Any      29 Fa0/3     SC    U6/S7   H       30s      1       128       Any      29

The neighbor keyword prints out the neighbor name, ID of the PAgP neighbor, the neighbor device ID (MAC) and the neighbor port. The flags also indicate the mode the neighbor is operating in as well as if it is a physical learner, for example. Using the show pagp neighbor command, this is illustrated in the following output:

Switch-1#show pagp 1 neighbor Flags:  S – Device is sending Slow hello. C – Device is in Consistent state. A – Device is in Auto mode.       P – Device learns on physical port.   Channel group 1 neighbors Partner              Partner          Partner         Partner Group Port      Name                 Device ID        Port       Age  Flags   Cap. Fa0/1     Switch-2             0014.a9e5.d640   Fa0/1      19s  SAC     10001 Fa0/2     Switch-2             0014.a9e5.d640   Fa0/2      24s  SAC     10001 Fa0/3     Switch-2             0014.a9e5.d640   Fa0/3      18s  SAC     10001

Configuring and Verifying LACP EtherChannels

This section describes the configuration of LACP Layer 2 EtherChannels. The following steps need to be executed in order to configure and establish an LACP EtherChannel.

1. The first configuration step is to enter interface configuration mode for the desired EtherChannel interface(s) via the interface [name] or interface range [range] global configuration commands.

2. The second configuration step is to configure the interfaces as Layer 2 switch ports via the switchport interface configuration command.

3. The third configuration step is to configure the switch ports as either trunk or access links via the switchport mode [access|trunk] interface configuration command.

4. Optionally, if the interface or interfaces have been configured as access ports, assign them to the same VLAN using the switchport access vlan [number] If the interface or interfaces have been configured as a trunk port, select the VLANs allowed to traverse the trunk by issuing the switchport trunk allowed vlan [range] interface configuration command; if VLAN 1 will not be used as the native VLAN (for 802.1Q), enter the native VLAN by issuing the switchport trunk native vlan [number] interface configuration command. This configuration must be the same on all of the port channel member interfaces.

5. Configure LACP as the EtherChannel protocol by issuing the channel-protocol lacp interface configuration command. Because EtherChannels default to PAgP, this command is considered mandatory for LACP and is required.

6. The next configuration step is to configure the interfaces to unconditionally trunk via the channel-group [number] mode on interface configuration command.

In the above output illustrating how to configure PAgP channeling on Switch 1 and Switch 2 based on the network topology depicted in the below figure, the EtherChannel will be configured as a Layer 2 802.1Q trunk using default parameters, as shown in the following outputs:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#int range fastethernet 0/1 – 3 Switch-1(config-if-range)#switchport Switch-1(config-if-range)#switchport trunk encapsulation dot1q Switch-1(config-if-range)#switchport mode trunk Switch-1(config-if-range)#channel-protocol lacp Switch-1(config-if-range)#channel-group 1 mode active Creating a port-channel interface Port-channel 1 Switch-1(config-if-range)#exit

 

Switch-2#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-2(config)#interface ra fast 0/1 – 3 Switch-2(config-if-range)#switchport Switch-2(config-if-range)#switchport trunk encap dot1q Switch-2(config-if-range)#switchport mode trunk Switch-2(config-if-range)#channel-protocol lacp Switch-2(config-if-range)#channel-group 1 mode passive Creating a port-channel interface Port-channel 1 Switch-2(config-if-range)#exit

The following output illustrates how to verify the LACP EtherChannel configuration by using the show EtherChannel summary command on Switch 1 and Switch 2:

Switch-1#show etherchannel summary Flags:  D – down        P – in port-channel I – stand-alone s – suspended H – Hot-standby (LACP only) R – Layer3      S – Layer2 u – unsuitable for bundling U – in use      f – failed to allocate aggregator d – default port Number of channel-groups in use: 1 Number of aggregators:           1 Group  Port-channel  Protocol    Ports ——+————-+———–+——————————————– 1      Po1(SU)       LACP        Fa0/1(Pd)   Fa0/2(P)    Fa0/3(P)

LACP allows up to 16 ports to be entered into a port channel group. The first eight operational interfaces will be used by LACP, while the remaining eight interfaces will be placed into the hot-standby state. The show etherchannel detail command shows the maximum number of supported links in an LACP EtherChannel, as illustrated in the following output:

Switch-1#show etherchannel 1 detail Group state = L2 Ports: 3   Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol:   LACP Ports in the group: ——————- Port: Fa0/1 ———— Port state    = Up Mstr In-Bndl Channel group = 1           Mode = Active      Gcchange = – Port-channel  = Po1         GC   =   –         Pseudo port-channel = Po1 Port index    = 0           Load = 0x00        Protocol =   LACP Flags:  S – Device is sending Slow LACPDUs.  F – Device is sending fast LACPDUs. A – Device is in active mode.        P – Device is in passive mode. Local information: LACP port     Admin     Oper    Port     Port Port      Flags   State     Priority      Key       Key     Number   State Fa0/1     SA      bndl      32768         0x1       0x1     0x0      0x3D Partner’s information: Partner               Partner                     Partner Port      System ID             Port Number     Age         Flags Fa0/1     00001,0014.a9e5.d640  0x1             4s          SP LACP Partner         Partner         Partner Port Priority        Oper Key        Port State 32768                0x1             0x3C Age of the port in the current state: 00d:00h:00m:35s Port: Fa0/2 ———— Port state    = Up Mstr In-Bndl Channel group = 1           Mode = Active      Gcchange = – Port-channel  = Po1         GC   =   –         Pseudo port-channel = Po1 Port index    = 0           Load = 0x00        Protocol =   LACP Flags:  S – Device is sending Slow LACPDUs.  F – Device is sending fast LACPDUs. A – Device is in active mode.        P – Device is in passive mode. Local information: LACP port     Admin     Oper    Port     Port Port      Flags   State     Priority      Key       Key     Number   State Fa0/2     SA      bndl      32768         0x1       0x1     0x1      0x3D Partner’s information: Partner               Partner                     Partner Port      System ID             Port Number     Age         Flags Fa0/2     00001,0014.a9e5.d640  0x2             28s         SP LACP Partner         Partner         Partner Port Priority        Oper Key        Port State 32768                0x1             0x3C Age of the port in the current state: 00d:00h:00m:33s Port: Fa0/3 ———— Port state    = Up Mstr In-Bndl Channel group = 1           Mode = Active      Gcchange = – Port-channel  = Po1         GC   =   –         Pseudo port-channel = Po1 Port index    = 0           Load = 0x00        Protocol =   LACP   Flags:  S – Device is sending Slow LACPDUs.  F – Device is sending fast LACPDUs. A – Device is in active mode.        P – Device is in passive mode. Local information: LACP port     Admin     Oper    Port     Port Port      Flags   State     Priority      Key       Key     Number   State Fa0/3     SA      bndl      32768         0x1       0x1     0x2      0x3D Partner's information: Partner               Partner                     Partner Port      System ID             Port Number     Age         Flags Fa0/3     00001,0014.a9e5.d640  0x3             5s          SP LACP Partner         Partner         Partner Port Priority        Oper Key        Port State 32768                0x1             0x3C Age of the port in the current state: 00d:00h:00m:29s Port-channels in the group: ———————- Port-channel: Po1    (Primary Aggregator) ———— Age of the Port-channel   = 00d:00h:13m:50s Logical slot/port   = 1/0          Number of ports = 3 HotStandBy port = null Port state          = Port-channel Ag-Inuse Protocol            =   LACP Ports in the Port-channel: Index   Load   Port    EC state ——+——+——+———— 0       00     Fa0/1   Active 0       00     Fa0/2   Active 0       00     Fa0/3   Active Time since last port bundled:    00d:00h:00m:32s    Fa0/3 Time since last port Un-bundled: 00d:00h:00m:49s    Fa0/1

LACP configuration and statistics may also be viewed by issuing the show lacp [options] command. The options available with this command are illustrated in the following output:

Switch-1#show lacp ? <1-6>     Channel group number counters  Traffic information internal  Internal information neighbor  Neighbor information sys-id    LACP System ID

The counters keyword provides information on LACP sent and received packets. The output printed by this command is illustrated below:

Switch-1#show lacp counters LACPDUs         Marker      Marker Response    LACPDUs Port       Sent   Recv     Sent   Recv     Sent   Recv      Pkts Err ——————————————————————— Channel group: 1 Fa0/1      14     12       0      0        0      0         0 Fa0/2      21     18       0      0        0      0         0 Fa0/3      21     18       0      0        0      0         0

The internal keyword provides information such as the port state, administrative key, LACP port priority, and the port number, for example. This is illustrated in the following output:

Switch-1#show lacp internal Flags:  S – Device is sending Slow LACPDUs. F – Device is sending Fast LACPDUs. A – Device is in Active mode.       P – Device is in Passive mode. Channel group 1 LACP port     Admin     Oper    Port     Port Port      Flags   State     Priority      Key       Key     Number   State Fa0/1     SA      bndl      32768         0x1       0x1     0x0      0x3D Fa0/2     SA      bndl      32768         0x1       0x1     0x1      0x3D Fa0/3     SA      bndl      32768         0x1       0x1     0x2      0x3D

The neighbor keyword prints out the neighbor name, ID of the LACP neighbor, the neighbor device ID (MAC), and the neighbor port. The flags also indicate the mode the neighbor is operating in as well as whether it is a physical learner, for example. This is illustrated in the following output:

Switch-1#show lacp neighbor Flags:  S – Device is sending Slow LACPDUs. F – Device is sending Fast LACPDUs. A – Device is in Active mode.       P – Device is in Passive mode. Channel group 1 neighbors Partner’s information: Partner               Partner                     Partner Port      System ID             Port Number     Age         Flags Fa0/1     00001,0014.a9e5.d640  0x1             11s         SP LACP Partner         Partner         Partner Port Priority        Oper Key        Port State 32768                0x1             0x3C Partner’s information: Partner               Partner                     Partner Port      System ID             Port Number     Age         Flags Fa0/2     00001,0014.a9e5.d640  0x2             19s         SP LACP Partner         Partner         Partner Port Priority        Oper Key        Port State 32768                0x1             0x3C Partner’s information: Partner               Partner                     Partner Port      System ID             Port Number     Age         Flags Fa0/3     00001,0014.a9e5.d640  0x3             24s         SP LACP Partner         Partner         Partner Port Priority        Oper Key        Port State 32768                0x1             0x3C

And finally, the sys-id keyword provides the system ID of the local switch. This is a combination of the switch MAC and LACP priority as illustrated in the following output:

Switch-1#show lacp sys-id 1    ,000d.bd06.4100

Configuring and Verifying the LACP System Priority

The LACP system priority, which is used in conjunction with the switch MAC address to form the LACP system ID, may be manually changed via the lacp system-priority [1-65535] global configuration command. The following output illustrates how to configure a system priority of 255 and verify this configuration using the show lacp sys-id command:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#lacp system-priority 255 Switch-1(config)#exit Switch-1# Switch-1#show lacp sys-id 255  ,000d.bd06.4100

Configuring and Verifying the LACP Port Priority

LACP uses the port priority to decide which ports should be put into standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. The default port priority for all LACP ports is 32,768. However, this default value can be manually adjusted via the lacp port-priority [1-65535] interface configuration command. The lower the value, the more likely that the interface will be used for LACP transmission. The following output illustrates how to configure an interface with a port priority of 4000:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#int fa0/1 Switch-1(config-if)#lacp port-priority 4000 Switch-1(config-if)#exit Switch-1(config)#exit Switch-1# Switch-1#show lacp 1 internal Flags:  S – Device is sending Slow LACPDUs. F – Device is sending Fast LACPDUs. A – Device is in Active mode.       P – Device is in Passive mode. Channel group 1 LACP port     Admin     Oper    Port     Port Port      Flags   State     Priority      Key       Key     Number   State Fa0/1     SA      bndl      4000          0x1       0x1     0x0      0x3D Fa0/2     SA      bndl      32768         0x1       0x1     0x1      0x3D Fa0/3     SA      bndl      32768         0x1       0x1     0x2      0x3D

Configuring and Verifying EtherChannel Load Balancing

EtherChannel load balancing, for both PAgP and LACP, is configured in global mode using the port-channel load-balance [src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip | src-port | dst-port | src-dst-port] command. The following output illustrates how to configure EtherChannel load distribution using the destination MAC address:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#port-channel load-balance dst-mac Switch-1(config)#exit

The show etherchannel load-balance command is used to verify the selected EtherChannel load-distribution method. This is illustrated in the following output:

Switch-1#show etherchannel load-balance Destination MAC address Switch-1#

Protecting STP When Using EtherChannels

The final section of this chapter describes the EtherChannel Guard feature, which is an optional Cisco STP feature designed to protect the Spanning Tree Protocol network when using Layer 2 EtherChannel trunks. The EtherChannel Guard feature is designed to detect an EtherChannel misconfiguration between the switch and another connected device.

For example, a misconfiguration can occur if the local switch interfaces are configured in an EtherChannel, but the interfaces on the other device are not. A misconfiguration can also occur if the channel parameters are not the same at both ends of the EtherChannel.  If the switch detects a misconfiguration on the other device, EtherChannel Guard places the switch interfaces in the errdisabled state, and an error message is printed on the console.

By default, EtherChannel Guard Status is enabled and requires no further configuration. This default behavior is illustrated in the output shown below:

Switch-1#show spanning-tree summary Switch is in mst mode Root bridge for: MST00-MST02 EtherChannel misconfiguration guard is enabled Extended system ID   is enabled PortFast             is disabled by default PortFast BPDU Guard  is disabled by default PortFast BPDU Filter is disabled by default LoopGuard            is disabled by default UplinkFast           is disabled BackboneFast         is disabled PathCost method used is short   Name                   Blocking Listening Learning Forwarding STP Active ———————- ——– ——— ——– ———- ———- MST00                  0        0         0        1          1 MST01                  0        0         0        1          1 MST02                  0        0         0        1          1 ———————- ——– ——— ——– ———- ———- 3 msts                 0        0         0        3          3

If this feature is disabled, it can be re-enabled using the spanning-tree etherchannel guard misconfig global configuration command as illustrated in the following output:

Switch-1#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch-1(config)#spanning-tree EtherChannel guard misconfig Switch-1(config)#exit