EtherChannel Review – VERY Important Layer 3 EtherChannel proper configuration for Exam Day!

The last thing I left on from Cisco forums was an issue with their exam experiences in regards to the topic of L3 EtherChannel configuration, so I thought a good place to start would be where I left off, and this will be important for exam day I expect!

If you read nothing else, skip to the bottom to review the Layer 3 EtherChannel configuration, it may save your butt on Exam Day!

Also for Exam day, configure one interface at a time, as the interface range command I have heard is buggy, and can peg your exam entirely. So one interface at a time!

So quick recap of EtherChannel at Layer 2 and Layer 3:

• Load balances traffic FLOWS of traffic by source mac by default
• Does NOT provide increased bandwidth, only provides more links / redundancy
• Misconfig Guard is on by  default, used to detect STP loops and other misconfigs
• Misconfig Guard will put the ports into err-disable until the issue is corrected
• Layer 2 allows for bundled links to all be utilized for data transmission, where without EtherChannel bundling the links, the ports would be detected as STP loops and put into a blocking state where an EtherChannel will be one logical link
• Layer 3 EtherChannel allows the separation of broadcast domains, similar to creating a separate VLAN for a high utilization server so it is not hit with all broadcast traffic from the network
• PAgP – Cisco Proprietary, 8 max links, Auto / Desirable modes, works with Full or Half Duplex ports (but all ports must match or misconfig guard will get ya!)
• LACP – IEEE 802.1ad / 802.1ax, Industry Standard, Active / Passive, max of 8 links bundled but other ports can be configured to join the bundle if a bundled link fails
• Switch selects ports to join the bundle by lowest sys-id / port priority # (STP)
• “channel-group mode on” = switchport mode trunk, static EtherChannel config, constantly trying to trunk and is harder to recover from err-disable state, as you need to shut all interfaces / ports down and bring them all back up at once
• Modes must match on both sides, one side must be actively trying to form
• EtherChannel BPDU’s will be created logically from the bundled links

That was my… quick… recap.

(Skip Layer 2 configuration section if you want, but check out Layer 3!)

Lets take a look at the existing  Topology before configs, and the ping test around:

R1 / Host A:

HostA#
HostA#
HostA#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostA#
HostA#ping 10.2.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
HostA#

So we are able to hit our own SVI, but not at the remote end, yet!

R2 / Host B:

HostB#
HostB#ping 10.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostB#
HostB#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
HostB#

So a little more ugly on this side, Switch A’s SVI is completely unreachable, whereas Host A indicates with the U.U.U the upstream device has no return route.

I’ll bring the Layer 3 IP stuff back into it here, but first just a quick demo of proper Layer 2 EtherChannel configuration using Cisco’s favorite PAgP:

SW1

SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int range fa1/0/10 – 12
SW1(config-if-range)#channel-group ?
<1-48> Channel group number

SW1(config-if-range)#channel-group 1 ?
mode Etherchannel Mode of the interface

SW1(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected

SW1(config-if-range)#channel-group 1 mode auto ?
non-silent Start negotiation only after data packets received
<cr>

SW1(config-if-range)#channel-group 1 mode auto
Creating a port-channel interface Port-channel 1

SW1(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW1(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW1(config-if-range)#

Note that on exam day, I would expect that tricky Cisco will probably always use the mode that is not actively trying to make things work, which I did here by using Auto, as that is PAgP’s snooty mode of you need to talk to me before I’ll chat.

Now to configure the other side to chat first to form the EtherChannel:

SW2:

SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int ra fa1/0/10-12
SW2(config-if-range)#channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1

SW2(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW2(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW2(config-if-range)#
*Mar 1 04:04:38.251: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up   <—— Woohooo!!!
SW2(config-if-range)#

And just to confirm:

SW2(config-if-range)#do sh ip int po1
Port-channel1 is up, line protocol is up
SW2(config-if-range)#

Some things to remember for exam day that were not labbed here is to make sure speed and duplex settings match across all interfaces, that your using the same mode on both sides, and make sure you configure the active flavor of the mode on exam day if configuring Layer 2 or Layer 3 EtherChannel (unless explicitly stated otherwise)!

This means using either Desirable (PAgP), Active (LACP), or ON (Static).

Now for a Layer 3 configuration, you will not touch the actual interface range, until you have created the Port-Channel first. Just a quick glance at what is being configured again:

 

SW1:

SW1(config)#int port-channel 1
SW1(config-if)#no switchport
SW1(config-if)#
*Mar 1 04:16:35.343: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down

SW1(config-if)#ip add 10.0.0.10 255.255.255.0
SW1(config-if)#int range fa1/0/10 – 12
SW1(config-if-range)#no switchport
SW1(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW1(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW1(config-if-range)#
SW1(config-if-range)#channel-group 1 mode passive
SW1(config-if-range)#
*Mar 1 04:22:31.146: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/10, changed state to down
*Mar 1 04:22:31.154: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/11, changed state to down
*Mar 1 04:22:31.162: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/12, changed state to down
SW1(config-if-range)#
*Mar 1 04:22:38.502: %EC-5-L3DONTBNDL2: Fa1/0/10 suspended: LACP currently not enabled on the remote port.
*Mar 1 04:22:38.603: %EC-5-L3DONTBNDL2: Fa1/0/11 suspended: LACP currently not enabled on the remote port.
*Mar 1 04:22:38.754: %EC-5-L3DONTBNDL2: Fa1/0/12 suspended: LACP currently not enabled on the remote port.
SW1(config-if-range)#

So we have one side configured, but the EtherChannel will not come up until the other side is configured, and we better use ACTIVE MODE or it will not form!

I will leave the full output below to demonstrate the interfaces bouncing around.

SW2:

SW2(config)#
SW2(config)#int po1
SW2(config-if)#no switchport
SW2(config-if)#
*Mar 1 04:29:56.161: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
SW2(config-if)#ip add 10.0.0.20 255.255.255.0
SW2(config-if)#int ra fa1/0/10 – 12
SW2(config-if-range)#no switchport
SW2(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW2(config-if-range)#
(Output redacted, all interfaces goes Down/Up)
SW2(config-if-range)#
SW2(config-if-range)#channel-group 1 mode active
SW2(config-if-range)#
*Mar 1 04:31:02.792: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/10, changed state to down
*Mar 1 04:31:02.800: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/11, changed state to down
*Mar 1 04:31:02.809: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/12, changed state to down
*Mar 1 04:31:06.533: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/10, changed state to up
SW2(config-if-range)#
*Mar 1 04:31:07.532: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
SW2(config-if-range)#
*Mar 1 04:31:08.068: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/11, changed state to up
*Mar 1 04:31:08.454: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/12, changed state to up
*Mar 1 04:31:08.538: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up    <—- WoooooHoooo!!!
SW2(config-if-range)#

We now have a Layer 3 EtherChannel, and if we now go back to SW1 to see the output:

SW1 (Highlighting relevant info):

SW1(config-if)#do sh int po1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 1ce6.c7c1.c842 (bia 1ce6.c7c1.c842)
Internet address is 10.0.0.10/24
MTU 1500 bytes, BW 300000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa1/0/10 Fa1/0/11 Fa1/0/12
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:12:15, output 00:12:15, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
370 packets input, 53249 bytes, 0 no buffer
Received 149 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 148 multicast, 0 pause input
0 input packets with dribble condition detected
367 packets output, 52865 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
SW1(config-if)#

Most of the top portion is relevant information, however we can see our IP / MAC / Interfaces in the EtherChannel / Speed / Duplex, however the switches do need to have routes added for Host A and Host B to communicate per the topology:

SW1(config)#ip route 10.2.2.0 255.255.255.0 po1
SW1(config)#
ASR#2
[Resuming connection 2 to sw2 … ]

SW2(config)#ip route 10.1.1.0 255.255.255.0 po1
SW2(config)#

Now the ultimate connectivity test, the almighty ping from Host A to Host B:

HostA#ping 10.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
….!
Success rate is 20 percent (1/5), round-trip min/avg/max = 1/1/1 ms
HostA#ping 10.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostA#

That was really sketchy at first, after the 3rd dot I was wondering what on Earth I forgot, but on that 5th ping we got a ! and then a full 5 ! on the next ping, so connectivity is good!

Host B:

HostA#
ASR#5
[Resuming connection 5 to r2 … ]

HostB#
HostB#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostB#

So the checklist is:

• Create port-channel interface first
• No switchport
• IP Address
• Interface range
• No switchport
• channel-group (po#) …….
• Add routes to all subnets behind that remote L3 EtherChannel Interface!

And that is it, however you MUST remember to make both the Port-Channel AND Interfaces “no switchport” to make them both Layer 3 interfaces!!!

That was quite the lab for my first time labbing on the home rack in almost a year, I hope that helps my fellow CCNP Grinders make it to that passing score on exam day! 🙂

BONUS I FORGOT ABOUT – HOW TO CHANGE AND TEST LOAD BALANCING:

I meant to play with this during the lab, but it was so long I forgot it until the end, below is the output to change the load-balancing for a port-channel (which is always src mac by default), and how to test it – I took the lazy way and did source and destination IP.

Chose the almighty XOR algorithm for it to choose the link chosen:

SW1(config)#port-channel load-balance ?
dst-ip Dst IP Addr
dst-mac Dst Mac Addr
src-dst-ip Src XOR Dst IP Addr
src-dst-mac Src XOR Dst Mac Addr
src-ip Src IP Addr
src-mac Src Mac Addr

SW1(config)#port-channel load-balance src-dst-ip ?
<cr>

SW1(config)#port-channel load-balance src-dst-ip

SW1#test etherchannel ?
load-balance Load balancing information

SW1#test etherchannel load-balance ?
interface Port-channel interface

SW1#test etherchannel load-balance int po1 ?
ip IP address
ipv6 IPv6 address
mac Mac address

SW1#test etherchannel load-balance int po1 ip ?
A.B.C.D Source IP address

SW1#test etherchannel load-balance int po1 ip 10.1.1.2 ?
A.B.C.D Destination IP address

SW1#test etherchannel load-balance int po1 ip 10.1.1.2 10.2.2.2 ?
<cr>

SW1#test etherchannel load-balance int po1 ip 10.1.1.2 10.2.2.2
Would select Fa1/0/10 of Po1

SW1#test etherchannel load-balance int po1 ip 10.1.1.2 10.2.2.1
Would select Fa1/0/10 of Po1

SW1#

Not too exciting, but can never hurt to know too much, now that my brain is cramping from work to labbing for hours I am outta here – Until next time!