Category: Etherchannel

Etherchannel: PAgP and LACP

Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) are aggregate link control protocols that dynamically negotiate a port channel with a neighbor switches.

PAgP allows a max of eight links in a port channel, there are no configurable parameters for PAgP except for the frequency at which PAgP messages are transmitted.  The frequency is configurable on a per port basis and defaults to 30 seconds but can be configured down to 1 second if needed.

For PAgP to dynamically form a port channel you would use the channel-group command and choose what mode it will operate in, either auto or desirable.

LACP allows for a maximum of 16 links to be placed into a port channel and is the IEEE standard used for multi vendor port channels, however only 8 links at most will ever be active in  the bundle, the rest are put into a standby state.  switches will choose the port with the lowest port id to become active should an active port fail with multiple standby ports available.  Priority on these ports can also be manually configured.

Here are the two modes for PAgP / LACP respectively and their actions:

  • Auto/passive – considered passive and waits for an initiating connection from the neighbor.
  • Desirable/Active – auto initiates port channel negotiation

When PAgP or LACP begins to negotiate a port channel messages include the exchange of specific information that allows detecting whether all links being bundled are on a single port channel and are connected to the same neighbor and if the neighbor is willing to negotiate a bundle as well.

The values included in  these messages include:

  • System IDs
  • identifiers of physical ports
  • aggregation groups

PAgP and LACP do not check to see if the ports are configured identically…they only check to ensure consistent connections are in place on both neighboring switches.


Etherchannel: STP Etherchannel Misconfig Guard

STP Etherchannel Misconfig Guard is a prevention mechanism implemented on switches to check the MAC Address of BPDUs transmitted across an etherchannel bundle.  It assumes that since these ports are bundled together BPDUs should be originating from the same source MAC address.

If BPDUs sourced from different MACs are received on a port channel interface it is an indication that the adjacent switch is treating the ports included in the bundle as separate independent interfaces instead of a port channel.  As a result, STP Etherchannel Misconfig will place the ports of the bundle into an err-disabled.

STP Etherchannel Misconfig is active by default and can be deactivated using the no spanning-tree etherchannel guard misconfig global config command.

This is the reason it is strongly recommended to use a dynamic negotiation protocol to allow the switches to negotiate the port channel and verify if the links are eligible for bundling.


Etherchannel: Port Channel Discovery

When ports are added to a bundle the following configuration items must be identical:

  • Same speed and duplex
  • Same operating mode
  • If not trunking, same access VLAN
  • If trunking same trunk type, allowed VLANs and native VLAN
  • Each port in a port channel must have the same STP cost per VLAN on all links in the port channel
  • No ports can have SPAN configured

When a port channel is made an interface is also automatically added to the configuration, this interface inherits the configuration of the port it was added to.  If member port configurations differ the port channel will be in a suspended state and will not become working until the member whose configuration is different is corrected and identical to the port channel interface.

Any interface commands configured on the port channel interface are pushed down to the member links for conformity.  Here are the recommended guidelines for configuring port channels

  • do not create the interface port channel manually before bundling the ports, let the switch create it and populate its config automatically
  • When removing a port channel make sure to manually remote the interface port channel from the running config so that it’s config does not cause issues when a port channel with the same number may be created later
  • be sure to make the config of the physical ports identical before adding them to the port channel
  • if the physical ports config differs from the port channel interface config correct the port config first, only then proceed to perform changes to the port channel interface config.
  • port channel interface can either be a layer 2 or layer 3 depending on the physical bundled ports are configured for layer 2 or layer 3.  If needed you can change the type of interface it is after you’ve already created it.
  • Whenever resolving issues with err-disabled ports under a port channel be sure to shut down both the physical and port channel interfaces, then try to reactivate them, unbundling them and then recreating the port channel.


Etherchannel: Load Balancing

Etherchannel increases the available bandwidth by carrying multiple frames over multiple links.  A single frame is always transmitted across a single link in an Etherchannel bundle when traffic enters a switch a hashing function is performed on the address fields in the frame producing a number that identifies which link the frame will transmit over.

The sequence of frames having the same value in the address fields fed into the hashing function is called a conversation or a flow.  The hashing function is deterministic, meaning that all frames in a flow will produce the same hash value, therefore forwarding of the frames in a flow will all traverse a single link and will not be per packet forwarded across multiple links.

This allows for multiple flows to traverse multiple links increasing higher aggregate throughput.  This also prevents frames from being received out of order.

You want to ensure there is a mix of frames sent over a port channel, usually access ports are sending frames from hosts who are transmitting only to their default gateway, and vice versa on return traffic, gateway sourced traffic is being sent back to the unique hosts.  To mix this up you could balance based on source MAC address for outgoing traffic, and then balance using destination MAC on the return traffic, so there are unique flows generated for the hash value and its not all the same going over a single link.

The maximum number of member links in a bundle is 8, the hashing function produces a 3 bit result in the range of 0-7 whose values are assigned to individual member links.   If there are fewer physical links some of the links will be assigned multiple values from this range and ultimately those links will carry more traffic than others as a result.

Traffic will only be distributed evenly across multiple links in a bundle when the number of links equals 8, 4, or 2.



Etherchannel is also referred to as link aggregation which is used to bundle multiple physical Ethernet links interconnecting devices into a single logical communication channel with increased throughput.

After Etherchannel has been established, it creates a single logical interface that utilizes the bandwidth of all the member links in the bundle.  This allows traffic to be load balanced across the multiple member links to take advantage of the combined bandwidth.

Also if links in an Etherchannel bundle fail, traffic is spread out over the remaining up and active member links in the bundle without taking the logical interface down.