CCNA Lab 11: EtherChannel and Link Aggregation

EtherChannel bonds up to 8 physical links into one logical interface. It provides bandwidth aggregation and link-level redundancy without STP blocking — all member ports share the same STP state.

EtherChannel Protocols

Protocol	Standard	Max Links	Negotiation
PAgP	Cisco proprietary	8	Yes (desirable/auto)
LACP (802.3ad)	IEEE standard	16 (8 active, 8 standby)	Yes (active/passive)
On	None	8	No (static)

Use LACP in multi-vendor networks. Use PAgP for Cisco-only networks. Use on for static configurations where negotiation is undesirable.

LACP Configuration

LACP Modes

Mode	Sends LACP frames	Negotiates
`active`	Yes	Yes
`passive`	No	Yes (responds to active)
`on`	No	No (static)

At least one side must be active.

Basic LACP EtherChannel

interface range Gi0/23-24
 channel-group 1 mode active

The switch creates Port-Channel 1 automatically.

Named Port-Channel

interface Port-channel1
 description CORE-SW-Uplink
 switchport mode trunk
 switchport trunk native vlan 99
 switchport trunk allowed vlan 10,20,30,99

LACP with Standby Links

LACP supports up to 16 links in a group: 8 active, 8 standby.

interface range Gi0/23-24
 channel-group 1 mode active
 
interface range Gi0/21-22
 channel-group 1 mode active
 lacp port-priority 65535

Lower lacp port-priority determines which links are active. Standby links activate if an active link fails.

PAgP Configuration

PAgP Modes

Mode	Sends PAgP frames	Negotiates
`desirable`	Yes	Yes
`auto`	No	Yes (responds to desirable)
`on`	No	No (static)

Basic PAgP EtherChannel

interface range Gi0/23-24
 channel-group 1 mode desirable

Static EtherChannel (On Mode)

No negotiation — both sides must be manually configured identically:

! Switch A
interface range Gi0/23-24
 channel-group 1 mode on
 
! Switch B
interface range Gi0/23-24
 channel-group 1 mode on

Use this only when connecting devices that do not support LACP or PAgP (some servers, firewalls in transparent mode).

Load Balancing

EtherChannel does not round-robin packets. It hashes flows to member links.

Hash Algorithm

port-channel load-balance src-dst-ip

Available algorithms:

Algorithm	Factors
`src-mac`	Source MAC
`dst-mac`	Destination MAC
`src-dst-mac`	Source and destination MAC
`src-ip`	Source IP
`dst-ip`	Destination IP
`src-dst-ip`	Source and destination IP
`src-port`	Layer 4 source port
`dst-port`	Layer 4 destination port
`src-dst-port`	Layer 4 source and destination port

For switch-to-switch trunks carrying many hosts, src-dst-mac or src-dst-ip gives the best distribution.

! Verify current algorithm
show etherchannel load-balance
 
! Set algorithm
port-channel load-balance src-dst-mac

Check Flow Distribution

show etherchannel port-channel
show etherchannel load-balance hash

To see which link a specific flow uses:

test etherchannel load-balance interface Port-channel1 192.168.1.10 192.168.2.20

Verification Commands

show etherchannel summary
show etherchannel port-channel
show etherchannel detail
show etherchannel protocol
show interfaces port-channel 1
show lacp neighbor
show lacp counters
show pagp neighbor
show pagp counters

EtherChannel Summary

show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

Number of channel-groups in use: 1
Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------
1      Po1(SU)      LACP        Gi0/23(P) Gi0/24(P)

All member ports should show (P) — bundled in port-channel. (s) indicates suspended. (I) indicates stand-alone (protocol mismatch).

Troubleshooting EtherChannel

Common Failure Modes

Symptom	Cause	Fix
Channel stays down or ports suspended	Speed/duplex mismatch	Match speed and duplex on all member links
LACP not negotiating	One side is passive, other is off	Change one side to active
Flapping MAC addresses	Load balancing hash causes asymmetric forwarding	Verify both ends use same hash
Ports stuck in stand-alone	Protocol mismatch (LACP vs PAgP vs On)	Match protocol on both ends
STP blocking port in channel	Configuration mismatch	Ensure VLAN allowed lists match on all members

Golden Rules for EtherChannel

All member interfaces must be identical in:

Speed — Same speed on every link
Duplex — All full duplex
Mode — All trunk or all access (mix breaks the bundle)
Native VLAN — Identical across members
Allowed VLAN list — Identical across members
STP configuration — Same portfast/bpduguard settings

If any of these differ, the port is suspended or the channel fails to form.

VLAN Mismatch Example

! Interface Gi0/23
interface Gi0/23
 switchport trunk allowed vlan 10,20,30
 
! Interface Gi0/24
interface Gi0/24
 switchport trunk allowed vlan 10,20,30,40
 
! Result: Gi0/24 will be suspended or the bundle rejects it

Fix: Match the allowed VLAN lists:

interface range Gi0/23-24
 switchport trunk allowed vlan 10,20,30

Real-World Scenarios

Scenario 1: “EtherChannel not coming up”

show etherchannel summary
# Gi0/23(P) Gi0/24(s)
 
show interfaces Gi0/24
# Gi0/24 is down, line protocol is down

The physical link is down. Check the cable, SFP, and far-end interface.

Scenario 2: “One port in stand-alone mode”

show etherchannel summary
# Gi0/23(P) Gi0/24(I)
 
show lacp neighbor
# Gi0/24 has no LACP neighbor

LACP is not reaching the far end. Check the protocol mode — one side may be set to on or desirable while the other is passive.

Scenario 3: “Uneven traffic distribution”

show etherchannel load-balance
# src-mac
 
show interfaces Gi0/23 | include rate
# 900 Mbps
show interfaces Gi0/24 | include rate
# 100 Mbps

src-mac hashing is unbalanced when most traffic comes from a single MAC (e.g., a firewall). Switch to src-dst-ip for better distribution.

Best Practices

Use LACP, not PAgP — Multi-vendor compatibility and more features (standby links)
Standardize member ports — Same media type, speed, and config across all members
Distribute member ports across ASICs — On modular switches, spread links across different line cards for redundancy
Set load-balance to src-dst-mac or src-dst-ip — Best distribution for most network designs
Monitor utilization per member — If one link saturates before others, change hash algorithm
Add one link at a time — When expanding an EtherChannel, verify each link bundles correctly before adding the next

Quick Reference

Command	Purpose
`channel-group 1 mode active`	Add interface to LACP channel 1
`channel-group 1 mode desirable`	Add interface to PAgP channel 1
`channel-group 1 mode on`	Add interface to static channel 1
`interface Port-channel1`	Configure the logical channel interface
`show etherchannel summary`	Channel status and member port states
`show etherchannel detail`	Full EtherChannel information
`show lacp neighbor`	LACP neighbor status
`show lacp counters`	LACP packet counters
`show pagp neighbor`	PAgP neighbor status
`port-channel load-balance src-dst-ip`	Set hash algorithm
`show etherchannel load-balance`	Current hash algorithm
`test etherchannel load-balance`	Preview which link a flow uses