Tag: Ethernet

Etherchannel: PAgP and LACP

Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) are aggregate link control protocols that dynamically negotiate a port channel with a neighbor switches.

PAgP allows a max of eight links in a port channel, there are no configurable parameters for PAgP except for the frequency at which PAgP messages are transmitted.  The frequency is configurable on a per port basis and defaults to 30 seconds but can be configured down to 1 second if needed.

For PAgP to dynamically form a port channel you would use the channel-group command and choose what mode it will operate in, either auto or desirable.

LACP allows for a maximum of 16 links to be placed into a port channel and is the IEEE standard used for multi vendor port channels, however only 8 links at most will ever be active in  the bundle, the rest are put into a standby state.  switches will choose the port with the lowest port id to become active should an active port fail with multiple standby ports available.  Priority on these ports can also be manually configured.

Here are the two modes for PAgP / LACP respectively and their actions:

  • Auto/passive – considered passive and waits for an initiating connection from the neighbor.
  • Desirable/Active – auto initiates port channel negotiation

When PAgP or LACP begins to negotiate a port channel messages include the exchange of specific information that allows detecting whether all links being bundled are on a single port channel and are connected to the same neighbor and if the neighbor is willing to negotiate a bundle as well.

The values included in  these messages include:

  • System IDs
  • identifiers of physical ports
  • aggregation groups

PAgP and LACP do not check to see if the ports are configured identically…they only check to ensure consistent connections are in place on both neighboring switches.



Etherchannel: Port Channel Discovery

When ports are added to a bundle the following configuration items must be identical:

  • Same speed and duplex
  • Same operating mode
  • If not trunking, same access VLAN
  • If trunking same trunk type, allowed VLANs and native VLAN
  • Each port in a port channel must have the same STP cost per VLAN on all links in the port channel
  • No ports can have SPAN configured

When a port channel is made an interface is also automatically added to the configuration, this interface inherits the configuration of the port it was added to.  If member port configurations differ the port channel will be in a suspended state and will not become working until the member whose configuration is different is corrected and identical to the port channel interface.

Any interface commands configured on the port channel interface are pushed down to the member links for conformity.  Here are the recommended guidelines for configuring port channels

  • do not create the interface port channel manually before bundling the ports, let the switch create it and populate its config automatically
  • When removing a port channel make sure to manually remote the interface port channel from the running config so that it’s config does not cause issues when a port channel with the same number may be created later
  • be sure to make the config of the physical ports identical before adding them to the port channel
  • if the physical ports config differs from the port channel interface config correct the port config first, only then proceed to perform changes to the port channel interface config.
  • port channel interface can either be a layer 2 or layer 3 depending on the physical bundled ports are configured for layer 2 or layer 3.  If needed you can change the type of interface it is after you’ve already created it.
  • Whenever resolving issues with err-disabled ports under a port channel be sure to shut down both the physical and port channel interfaces, then try to reactivate them, unbundling them and then recreating the port channel.


Etherchannel: Load Balancing

Etherchannel increases the available bandwidth by carrying multiple frames over multiple links.  A single frame is always transmitted across a single link in an Etherchannel bundle when traffic enters a switch a hashing function is performed on the address fields in the frame producing a number that identifies which link the frame will transmit over.

The sequence of frames having the same value in the address fields fed into the hashing function is called a conversation or a flow.  The hashing function is deterministic, meaning that all frames in a flow will produce the same hash value, therefore forwarding of the frames in a flow will all traverse a single link and will not be per packet forwarded across multiple links.

This allows for multiple flows to traverse multiple links increasing higher aggregate throughput.  This also prevents frames from being received out of order.

You want to ensure there is a mix of frames sent over a port channel, usually access ports are sending frames from hosts who are transmitting only to their default gateway, and vice versa on return traffic, gateway sourced traffic is being sent back to the unique hosts.  To mix this up you could balance based on source MAC address for outgoing traffic, and then balance using destination MAC on the return traffic, so there are unique flows generated for the hash value and its not all the same going over a single link.

The maximum number of member links in a bundle is 8, the hashing function produces a 3 bit result in the range of 0-7 whose values are assigned to individual member links.   If there are fewer physical links some of the links will be assigned multiple values from this range and ultimately those links will carry more traffic than others as a result.

Traffic will only be distributed evenly across multiple links in a bundle when the number of links equals 8, 4, or 2.



Etherchannel is also referred to as link aggregation which is used to bundle multiple physical Ethernet links interconnecting devices into a single logical communication channel with increased throughput.

After Etherchannel has been established, it creates a single logical interface that utilizes the bandwidth of all the member links in the bundle.  This allows traffic to be load balanced across the multiple member links to take advantage of the combined bandwidth.

Also if links in an Etherchannel bundle fail, traffic is spread out over the remaining up and active member links in the bundle without taking the logical interface down.


PPPoE: Point to Point Protocol over Ethernet

Point to Point Protocol over Ethernet (PPPoE) visualizes Ethernet multiple point to point sessions between client hosts and an access concentrator….essentially turning a broadcast Ethernet domain into a point to multi-point environment.

The PPPoE client feature in IOS allows the router as opposed as an end user host workstation to serve as the client in the network.  This allows entire LANs to connect to the internet over a single PPPoE connection terminated to a router.

PPP interface IP addresses are assigned using an upstream DHCP server and the IP Configuration Protocol (IPCP), which is a sub protocol of PPP.  IP address negotiation must be enabled on the dialer interface in the router for it to obtain an IP address.

PPPoE also introduces an additional 8byte transport overhead, (2 bytes for the PPP header and 6 bytes for PPPoE)  in order to adjust for this in the 1500 byte MTU, you have to decrease the MTU to 1492 bytes so the entire encapsulated packet fits within the 1500 byte Ethernet frame.  For TCP sessions the Max segment size is reduced to 1452 this allows for 40 bytes in TCP and IP headers and 8 bytes in the PPPoE totaling 1500 bytes that fit into an ordinary Ethernet frame.

MTU mismatches can prevent a PPPoE connection from establishing or carrying large datagrams, so this is a good place to check when troubleshooting connections.


VLANs: VTPv3 Primary Server

A VTPv3 Primary server is the only switch in a VTP domain that is allowed to make configuration changes to the VLAN database to propagate out to the network.  VTPv3 servers and clients will only exchange VLAN database information if they agree on the domain name and the identity of the Primary Server (MAC Address).

Other switches in the VTP domain who are configured to be servers are classified as secondary servers and cannot make configuration changes to the VLAN database.  They are only there to serve as backup servers to the primary in case the existing primary server is demoted for any reason.

There are cases where there may be a conflict between switches on what each believes to be the primary server.  Conflicting switches do not synchronize their VLAN databases, this can happen when a primary server is disconnected and another server is promoted.  Then the original primary server is reconnected and comes back online, client switches then begin having a conflict as a result.

Correcting this simply means demoting one of the primary servers and allowing the other to take over as the only primary server in the VTP domain.


VLANs: VTP Update Process

In order for Client and Server switches to propagate VLAN changes to the rest of the network, here is the process by which VTP uses to disseminate VLAN configuration changes:

  1. A New VLAN is added to the VTP Server
  2. Configuration Revision Number increments up by one
  3. VTP Advertisement is sent out to all VTP neighbors
  4. VTP Clients receive higher Configuration Revision number
  5. Clients begin to sync updated VLAN database to their own



VLANs: VTP Messages


VTPv1 and VTPv2 use 4 types of messages:

  • Summary Advertisement: this message comes from the Server and Clients every 5 minutes and after each update to the VLAN database.  This message includes the VTP domain name, revision number, identity of the last updater, time stamp of the last update, MD5 sum computed over the contents of the VLAN database, and the VTP password, and the number of subset advertisements following the Summary Advertisement.
  • Subset Advertisement: This message is generated when the VLAN database is updated, it is sent out via the Server and clients in the VTP domain.   These advertisements carry the full VLAN database.
  • Advertisement request: This message is sent from Servers or clients to VTP neighbors to request the contents of the complete VLAN database or a portion of it.  These messages are sent when a Client switch is restarted, when a switch enters client mode, or when a server or client switch receives a summary advertisement with a higher revision number.
  • Join: This message is sent out of the Servers or Clients every 6 seconds if VTP pruning is active.  These messages contain a bit field that indicates whether normal VLANs configured are active or unused.

Currently there is no documentation released for VTPv3 messages.

VLANs: VTP Modes


Server Mode

  • Originates VTP Advertisements
  • Processes received advertisements to update its VLAN configuration
  • Forwards received VTP advertisements
  • Saves VLAN configuration in NVRAM or vlan.dat
  • Can create, modify, or delete VLANs

Client Mode

  • Originates VTP Advertisements
  • Processes received advertisements to update its VLAN configuration
  • Forwards received VTP advertisements
  • Saves VLAN configuration in NVRAM or vlan.dat

Transparent Mode

  • Forwards received VTP advertisements
  • Saves VLAN configuration in NVRAM or vlan.dat
  • Can create, modify, or delete VLANs

Off Mode

  • Saves VLAN configuration in NVRAM or vlan.dat
  • Can create, modify, or delete VLANs


*Off mode is supported only with VTPv3

VLANs: VLAN Trunking Protocol (VTP)

VTP advertises VLAN configuration information among a number of VTP participating switches in a LAN.  VTP advertises VLAN ID, VLAN name, and VLAN type and state for each VLAN configured to all other switches on the network.  VTP does not advertise the specific ports participating in those VLANs, so configuration associating specific switch port interfaces to specific VLANs is still required.

VTP exists in three versions, VTPv1, VTPv2, and VTPv3….

VTP versions 1 and 2 are widely supported across Cat-Os and IOS based switching platforms.  VTPv3 is still at present relatively new, VTP support starts on IOS release 12.2(52)SE.

VTPv1 is the default VTP version supported and active on IOs based switches, its only capable of supporting the dissemination of normal range VLANs only.

VTPv2 has the following new enhancements:

  • Supports token Ring concentrator Relay function and Bridge Relay Function (TrCRF and TrBRF) type VLANs: These VLANs were used to segment Token Ring networks into multiple logical rings and interconnecting bridges.  There is no use for these types of VLANs in Ethernet based networks.
  • Supports unknown Type-Length-Value (TLV) records: VTP Messages can contain additional information elements stored as TLV records.  VTPv1 usually drops all unrecognized TLVs from received messages, VTPv2 keeps all TLVs in propogated messages even if they are not recognized.
  • Optimized VLAN database consistency checking: VTPv1 only performed checks when the VLAN database was modified.  In VTPv2 the consistency checks are skipped if the change was caused by a received VTP message.

VTPv3 has the following enhancements from VTPv2:

  • The server role has been modified: There are two server types in VTPv3 primary and secondary, A primary server is allowed to modify VTP domain contents and there can only be on primary server per VTP domain at any time.
  • VTPv3 password storage has been improved.  the VTP password can now be stored in an encrypted format that cannot be displayed back as plaintext.
  • VTPv3 is capable of distributing information about the full range of VLANs including Private VLANs.  It is no longer necessary to use transparent mode when using extended range VLANs and Private VLANs.  Pruning still only applies to normal range VLANs.
  • VTPv3 supports an off mode where it will drop all received VTP messages and not participate in VTP operations.  You can also shut down VTP on specific trunks.