EtherChannel presents multiple physical links as a single logical interface to the spanning tree algorithm, eliminating blocked ports and enabling true line-rate redundancy.
The Core Problem EtherChannel Solves
Spanning Tree Protocol sees each physical link as an independent interface. If you connect four 10 Gbps ports from DIST-SW1 to CORE-SW1, STP calculates a cost for each link, selects one as the designated port, and blocks the other three. You've spent money on four 10 Gbps cables but only three are sitting idle in a blocked state.
EtherChannel is the answer: bundle those four ports into a single logical interface (Port-Channel), and STP sees it as one link with a composite cost. All four physical links forward traffic simultaneously. Better yet, the bundle survives single-port failures with no STP reconvergence.
What Is Link Aggregation?
Link aggregation combines multiple physical ports into one logical pipe. The switch applies the same switching decisions (MAC learning, VLAN membership, trunk configuration) to all bundled ports as a unit. Traffic load-balances across the physical links using a hash algorithm.
Logical view (what the OS sees):
Port-Channel 1: up, 40 Gbps (4 × 10 Gbps)
Physical view (what the data plane sees):
Gi1/0/1: up, forwarding (10 Gbps)
Gi1/0/2: up, forwarding (10 Gbps)
Gi1/0/3: up, forwarding (10 Gbps)
Gi1/0/4: up, forwarding (10 Gbps)
All four links carry traffic independently. If Gi1/0/1 fails, the other three continue—no STP reconvergence, no MAC table flushes.
EtherChannel and the STP Tree
Spanning Tree treats the port-channel as a single interface with cost calculated from all member links.
Without EtherChannel:
CORE-SW1 ---[Blocked: Gi1/0/2]--- DIST-SW1
|
+--[Active: Gi1/0/1]--- (Root Bridge)
Two links; one blocked forever.
With EtherChannel:
CORE-SW1 ---[Po1 Active, all 4 links forwarding]--- DIST-SW1
STP sees one logical link. All physical links forward. If one physical link fails, STP doesn't reconverge—the port-channel simply degrades to the remaining links.
This is the killer feature: you get both bandwidth aggregation and redundancy without STP flapping.
EtherChannel Formation Methods
Cisco supports three protocols for bundling:
1. LACP (Link Aggregation Control Protocol, IEEE 802.3ad)
Industry standard. Both sides negotiate bundle membership in real time.
Modes: - active: Send LACP PDUs; initiate negotiation. - passive: Receive LACP PDUs; respond only. - on: Static (no protocol); ports bundle if both sides configured with matching channel-group.
Recommended Matrix: | Device A | Device B | Result | |--------------|--------------|-------------------------| | active | active | Bundle (both initiate) | | active | passive | Bundle (A initiates) | | passive | passive | No bundle (never starts)| | active / passive | on | No bundle (incompatible)|
Best Practice: Use active on both sides or active on one and passive on the other. Never use passive on both.
2. PAgP (Port Aggregation Protocol, Cisco Proprietary)
Cisco's older protocol. Similar negotiation to LACP but not standards-based.
Modes: - desirable: Send PAgP PDUs; initiate negotiation. - auto: Receive PAgP PDUs; respond only. - on: Static bundling.
Matrix: | Device A | Device B | Result | |--------------|--------------|-------------------------| | desirable | desirable | Bundle | | desirable | auto | Bundle | | auto | auto | No bundle (never starts)|
Verdict: LACP is superior. Don't use PAgP on new deployments. It exists only for legacy equipment.
3. Static Mode (on)
No protocol. Both sides must have identical member ports and must be configured with channel-group X mode on.
DIST-SW1(config-if)# channel-group 1 mode on
Pros: Minimal overhead; no PDUs. Cons: Silent failure if one side misconfigured; no automated detection of mismatch.
Use only when protocol support is unavailable (rare) or for lab testing.
Bundling Configuration Syntax
LACP Active (Recommended):
DIST-SW1(config)# interface range GigabitEthernet1/0/1 - 4
DIST-SW1(config-if-range)# channel-group 1 mode active
DIST-SW1(config-if-range)# exit
PAgP Desirable (Legacy):
DIST-SW1(config)# interface range GigabitEthernet1/0/1 - 4
DIST-SW1(config-if-range)# channel-group 1 mode desirable
DIST-SW1(config-if-range)# exit
Static Mode:
DIST-SW1(config)# interface range GigabitEthernet1/0/1 - 4
DIST-SW1(config-if-range)# channel-group 1 mode on
DIST-SW1(config-if-range)# exit
The switch auto-creates Port-Channel 1 (or Po1). All configuration (trunk mode, VLAN membership, speed) goes on the Port-Channel interface.
Load-Balancing Methods
When the switch must choose which physical link to forward a frame on, it uses a hash algorithm on fields in the frame. The available methods:
MAC-Based Methods
src-mac: Hash on source MAC address.
port-channel load-balance src-mac
Example: If frames from MAC 0000.0001.0001 hash to port 1, all frames from that source always use port 1.
dst-mac: Hash on destination MAC address.
port-channel load-balance dst-mac
src-dst-mac: Hash on both source and destination MAC.
port-channel load-balance src-dst-mac
Better distribution. If different destinations are reached from the same source, load-balancing activates.
IP-Based Methods
src-ip: Hash on source IP.
port-channel load-balance src-ip
dst-ip: Hash on destination IP.
port-channel load-balance dst-ip
src-dst-ip: Hash on source and destination IP (most common in modern networks).
port-channel load-balance src-dst-ip
Excellent for data center uplinks where many flows are between different subnets.
Port-Based Methods
src-port: Hash on source TCP/UDP port.
port-channel load-balance src-port
dst-port: Hash on destination TCP/UDP port.
port-channel load-balance dst-port
src-dst-port: Hash on both source and destination port.
port-channel load-balance src-dst-port
Choosing the Right Method
- Access Layer (user to switch):
src-macis standard. Most flows originate from different user MACs. - Distribution to Access:
src-dst-macprovides better distribution if many users share a few servers. - Core / Data Center:
src-dst-ipis the gold standard. Balances multi-path flows. - Heavy UDP or gaming:
src-dst-portcaptures port-based flows.
Verify the current method:
DIST-SW1# show etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-dst-mac
Change it:
DIST-SW1(config)# port-channel load-balance src-dst-ip
DIST-SW1(config)# end
Configuration Compatibility Rules
All member ports in a channel-group must have identical properties:
Speed and Duplex (Non-Negotiable)
If one port is 10 Gbps and another is 1 Gbps, the 1 Gbps port is suspended:
DIST-SW1# show etherchannel summary
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SD) LACP Gi1/0/1(P) Gi1/0/2(p)
The (p) indicates suspended. Verify with:
DIST-SW1# show interfaces GigabitEthernet1/0/2 | include speed|duplex
Fix: Set all ports to the same speed and duplex:
DIST-SW1(config)# interface range GigabitEthernet1/0/1 - 2
DIST-SW1(config-if-range)# speed 10000
DIST-SW1(config-if-range)# duplex full
Switchport Mode (Access vs Trunk)
All member ports must be the same mode: - All access, OR - All trunk.
If you mix, the port-channel won't form (or will suspend):
DIST-SW1(config)# interface GigabitEthernet1/0/1
DIST-SW1(config-if)# switchport mode access
DIST-SW1(config-if)# exit
DIST-SW1(config)# interface GigabitEthernet1/0/2
DIST-SW1(config-if)# switchport mode trunk
! ERROR: This port cannot be bundled with Gi1/0/1. Mismatch.
Fix: Configure both as trunk:
DIST-SW1(config)# interface range GigabitEthernet1/0/1 - 2
DIST-SW1(config-if-range)# switchport mode trunk
VLAN Membership (Allowed VLANs)
If using as access ports, all must be in the same VLAN:
DIST-SW1(config)# interface GigabitEthernet1/0/1
DIST-SW1(config-if)# switchport access vlan 10
DIST-SW1(config-if)# exit
DIST-SW1(config)# interface GigabitEthernet1/0/2
DIST-SW1(config-if)# switchport access vlan 20
! ERROR: VLAN mismatch. Bundle fails.
If using as trunk, all must have identical allowed VLANs. This is enforced on the Port-Channel interface:
DIST-SW1(config)# interface Port-Channel 1
DIST-SW1(config-if)# switchport trunk allowed vlan 10,20,30,40,99,100
Member ports inherit this configuration.
Spanning Tree Interaction
Spanning Tree treats the port-channel as a single port with cost calculated from all member links. The cost is:
Cost of Port-Channel = (4096) / (sum of bandwidth of all member links)
For four 10 Gbps links:
Cost = 4096 / (4 × 10,000 Mbps) = 4096 / 40,000 = ~0.1
This is extremely low cost, making the port-channel highly preferred by STP. The port will almost always be the designated port.
Show STP port state:
DIST-SW1# show spanning-tree vlan 10 interface Port-Channel 1 detail
...
Role: Designated Port
State: Forwarding
...
Port Cost (STP): 100
If a member link fails, STP does not recalculate. The port-channel stays in forwarding state; just one less link is available.
Common Misconfiguration Pitfalls
1. Mismatched Allowed VLANs on Trunk Members
Symptom: Port-channel forms but some VLANs aren't visible.
Cause: Member ports have different allowed VLAN lists (shouldn't be possible with proper config, but can happen if config was inconsistent).
Fix: Verify via the Port-Channel:
DIST-SW1# show interfaces Port-Channel 1 trunk
Port Vlans allowed on trunk
Po1 10,20,30,40,99,100
Port Vlans allowed and active in management domain
Po1 10,20,30,40,99,100
2. Native VLAN Mismatch
If both sides of the bundle have different native VLANs, you'll see warnings but the bundle may still form:
DIST-SW1(config)# interface Port-Channel 1
DIST-SW1(config-if)# switchport trunk native vlan 99
DIST-SW1(config-if)# end
CORE-SW1(config)# interface Port-Channel 1
CORE-SW1(config-if)# switchport trunk native vlan 100
CORE-SW1(config-if)# end
! VLAN mismatch warning; untagged frames may be misinterpreted.
Fix: Ensure both sides use the same native VLAN:
DIST-SW1# show interfaces Port-Channel 1 trunk | include native
Native VLAN: 99
CORE-SW1# show interfaces Port-Channel 1 trunk | include native
Native VLAN: 100
! Mismatch detected. Reconfigure CORE-SW1 to use 99.
3. Port-Channel in Suspended State
Symptom: Po1(SD) instead of Po1(SU).
Cause: One or more member ports suspended due to speed/duplex mismatch or other incompatibility.
Diagnosis:
DIST-SW1# show etherchannel summary
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SD) LACP Gi1/0/1(P) Gi1/0/2(p) Gi1/0/3(p)
Ports with (p) are suspended. Verify why:
DIST-SW1# show interfaces GigabitEthernet1/0/2 | include speed|duplex
Full-duplex, 1000Mb/s
! While Gi1/0/1 is 10 Gbps. Speed mismatch. Reconfigure Gi1/0/2 to 10000.
Real-World Topology Example
In the PingLabz lab: - CORE-SW1 ↔ DIST-SW1: Po1 (Gi1/0/1-4 bundled, LACP active, trunk carrying VLANs 10,20,30,40,99,100) - CORE-SW1 ↔ DIST-SW2: Po2 (Gi1/0/3-4 bundled, LACP active, same VLAN list) - DIST-SW1 ↔ ACC-SW1: Po10 (Gi1/0/23-24 bundled, LACP passive, access to VLAN 10)
STP sees three logical links between core and distribution. All forward simultaneously. If any physical link goes down, STP doesn't reconverge; the port-channel degrades gracefully.
Verification Checklist
DIST-SW1# show etherchannel summary
! Confirm all member ports show (P) for bundled
! Port-channel shows (SU) for in use
DIST-SW1# show lacp neighbor
! Verify partner MAC and port assignments match
DIST-SW1# show etherchannel port-channel
! Confirm protocol and member port status
DIST-SW1# show interfaces Port-Channel 1 trunk
! If trunk, verify allowed and active VLANs match expected
DIST-SW1# show spanning-tree vlan 10 interface Port-Channel 1
! Confirm port-channel is designated and forwarding
Key Takeaways
- EtherChannel presents multiple physical links as one logical interface, allowing STP to see all links as a single port and forward on all simultaneously.
- LACP (802.3ad) is the industry standard; use
activemode on both sides oractiveon one andpassiveon the other. - All member ports must have identical speed, duplex, and switchport mode; mismatches immediately suspend ports.
- Load-balancing hashes on source/destination MAC or IP; choose based on traffic flow patterns (access layer vs core).
- STP treats the port-channel as a low-cost link and doesn't reconverge if a member link fails, providing true redundancy with no topology changes.