The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • Modes
  • Load Balancing
  • LACP Priorities
  • What causes an LACP port-channel to not come up?
  • Further Reading
  1. Misc
  2. High Availability (HA)

Link Aggregation on IOS-XE

Most readers studying for the CCNP-SP will already be familiar with link aggregation on IOS-XE switching platforms, so this article will serve as a brief refresher.

When configuring link aggregation, you add member interfaces to a port-channel using the following command:

int Gi0/0
 channel-group number mode active|passive|desirable|auto|on

When first creating a port-channel, the port-channel will inherit the config of the member interface. When adding additional configuration to an existing port-channel, you do it under the port-channel, and the member interfaces will automatically inherit the configuration. If you configure a member interface sparately, the interface’s config will not align with the port-channel and it will be removed from the port-channel.

! Do this:

SW1(config)#int po1
SW1(config-if)#switchport access vlan 10
SW1(config-if)#do sho run | begin interface
interface Port-channel1
 switchport access vlan 10
!
interface GigabitEthernet0/0
 switchport access vlan 10
 negotiation auto
 channel-group 1 mode active
!
interface GigabitEthernet0/1
 switchport access vlan 10
 negotiation auto
 channel-group 1 mode active


! Don't do this:

SW1(config-vlan)#int gi0/0
SW1(config-if)#switchport access vlan 11
SW1(config-if)#
*Dec 11 16:18:46.699: %EC-5-CANNOT_BUNDLE2: Gi0/0 is not compatible with Gi0/1 and will be suspended (access vlan of Gi0/0 is 11, Gi0/1 is 10)

Modes

There are five port-channel modes:

Mode

Description

Active

LACP, the switch will actively send LACP discovery frames

Passive

LACP, the switch will passively watch for LACP discovery frames

Desirable

PAgP (Cisco proprietary), the switch will actively send PAgP discovery frames

Auto

PAgP (Cisco proprietary), the switch will passively watch for PAgP discovery frames

On

Unconditional aggregation. No protocol is used for link monitoring.

As you probably know, port-channel that uses passive can only form an LACP port-channel with a neighboring switch using active. The same logic applies for a switch using auto - it can only form a port-channel with a switch using desirable. Two switches using active or two switches using desirable can form a port-channel.

Load Balancing

A single flow can only use one link in a port-channel. So while a port-channel increases your bandwidth, a single flow can only ever achieve the bandwidth provided by a single link.

The load balancing method determines what factors a switch uses to run a hashing algorithm and distribute flows across multiple links. On most platforms you can use any combinition of src/dst mac/IP/layer4-port.

SW1(config)#port-channel load-balance ?
  dst-ip        Dst IP Addr
  dst-mac       Dst Mac Addr
  dst-port      Dst TCP/UDP Port
  src-dst-ip    Src XOR Dst IP Addr
  src-dst-mac   Src XOR Dst Mac Addr
  src-dst-port  Src XOR Dst TCP/UDP Port
  src-ip        Src IP Addr
  src-mac       Src Mac Addr
  src-port      Src TCP/UDP Port

The load balancing method is not signaled in LACP or PAgP control frames, so it does not need to match on each switch. It is a local function.

LACP Priorities

During LACP negotiation, two LACP systems elect a “master” switch by using the lowest LACP system priority. If the priorities are the same, the lowest MAC address is used. (This is similar to other layer 2 technologies).

The “master” LACP switch is responsible for selecting the member interfaces that will be used in the port-channel. In situations where there are more member interfaces than allowed in the port-channel, interfaces with higher port priorities will be placed in “hot standby” mode. The default port priority is also 32768.

The system priority is set using the following command:

lacp system-priority <0-65535>

A port’s priority is set using the following command:

int Gi0/0
 lacp port-priority <0-65535>

To demonstrate how this works, consider the following configuration:

#SW1                                #SW2
lacp system-priority 100            lacp system-priority 200
!                                   !
int Po1                             int Po1
 lacp max-bundle 2                   lacp max-bundle 2
!                                   !
int Gi0/0                           int Gi0/0
 channel-group 1 mode active         channel-group 1 mode active
 lacp port-priority 100              lacp port-priority 100
!                                   !
int Gi0/1                           int Gi0/1
 channel-group 1 mode active         channel-group 1 mode active
 lacp port-priority 200              lacp port-priority 300
!                                   !
int Gi0/2                           int Gi0/2
 channel-group 1 mode active         channel-group 1 mode active
 lacp port-priority 300              lacp port-priority 200

SW1 will be the LACP master because it has a lower LACP system priority. Both switches have three links configured for the port-channel, but the port-channel can only have a max of two links. SW1 will select its port with the worst priority and place it in hot standby mode, which is Gi0/2. Even though SW2’s Gi0/2 has a better port-priority than Gi0/1, this doesn’t matter, because SW1 is the master, so it is the one that dictates which link is placed in hot standby mode.

SW1#show etherc sum
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi0/0(P)    Gi0/1(P)    Gi0/2(H)


SW2#show etherc sum
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi0/0(P)    Gi0/1(P)    Gi0/2(H)

What causes an LACP port-channel to not come up?

In general, nothing really needs to “match” for an LACP port channel to come up between two devices. One side can use slow rate PDUs (30 seconds) and one side can use fast rate PDUs (1 second), etc. The only thing that really needs to match is the partner's system ID among all member interfaces. (This is why MLAG requires the same LACP system ID on each chassis).

You may come across articles that state that you must have both port-channels be a trunk, with both having the same allowed vlan list, or both be in access mode, etc.

However, I’ve found that this is not true. I see nowhere in the LACP frame that the VLAN list is signaled. I believe people are confused with the fact that member interfaces must all have the same configuration. But two switches can put their port-channel in different VLANs, or have one side access and one side trunk, and the port-channel works just fine.

#SW1                                   #SW2
int Po1                                int Po1
 switchport access vlan 10              switchport access vlan 50 
!
int Vlan10                             int Vlan50
 ip address 10.1.1.1 255.255.255.0      ip address 10.1.1.2 255.255.255.0 
 no shut                                no shut


SW1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 2/2/4 ms


! This even works if we change Po1 to a trunk with native vlan 10
#SW1
int Po1
 switchport trunk encap dot1q
 switchport trunk native vlan 10
 switchport mode trunk
SW1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/7 ms

It’s true that you will see CDP native VLAN mismatch syslog messages, but the port-channel still works fine.

This is such a common misconception that in a test, if “native VLAN mismatch” was the only compelling answer to a port-channel troubleshooting question, I would reluctantly select that as the answer!

Further Reading

PreviousBFDNextLink Aggregation on IOS-XR

Last updated 2 years ago

https://networklessons.com/switching/etherchannel-cisco-ios-catalyst-switch
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/lanswitch/configuration/xe-3s/asr903/17-1-1/b-lanswitch-ethernet-channel-xe-17-1-asr900/configuring_ieee_802_3ad_link_bundling.html