ICND2 200-101

ICND2 200-101

Configuring and Verifying EtherChannel

Steps to configure EtherChannel

The process of creating an EtherChannel bundle is very finicky. You have to be careful. So what are some of these parameters on our switches; those interfaces, where we are bundling them together that have to be the same or we'll run into problems.

We should be able to just list these off: Speed and Duplex. The Duplex: it would make sense would be full. Speed: whatever the maximum speed you can get across that link. So if you've got four links in an EtherChannel bundle, same Speed, same Duplex, same Layer 2 characteristics in terms of VLANs, short for virtual LANs. You can channelize just about any kind of link. It can channelize an access link. It can channelize a trunk link. Now the parameters within them would need to match. If it's an access link, make sure it's part of the same VLAN. If it's a trunk link, same allowed VLANs and the same native VLAN. And for those of you thinking about the future, you can channelize layer three links, which are called routed links between multi-layer switches, that's even a possibility, OK? But what you need to ensure is that, they are essentially twins. The same physical and VLAN characteristics must be present on all members.

EtherChannel topology

I love the term twins. We want all of these interfaces to be exactly alike. What we're looking at here is the output of our running configuration from our online switching Lab and it's showing us the final configuration for EtherChannel. But it doesn't explain the step-by-step process that you should use to make sure that you do it right. You want to have a step-by-step process in the real world to make sure you do it right.

In example I would use the interface range command. That is great, interface range Ethernet0/0 - 1: so 0 and 1 were bundling together. That ensures that we configure those interfaces at the same time. We're making them twins but I would have done something before this. But before that I would have went to global configuration mode and typed in default interface Ethernet 0/0 and default interface Ethernet 0/1. Why? Let's make them exactly the same right off the bat with just their default configurations. Then go into interface range mode, and shut down those interfaces, shut them down. We don't see that here because this is the running configuration. But if you were following a step-by-step process, shut them down and then do your configuration, and turn them back on. So I will type in shutdown, then I would use the channel-group command. What does the channel-group command do?

!
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-group 1 mode active
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-group 1 mode active
!

This is our big command. This is the command we must master. We're using this command to assign physical ports to a logical port. The logical port is a port channel interface that has a number and the number ties back to the number that you put in the channel-group command. So you could do channel-group followed by a number, and the number does depend on the chassis. Some chassis might allow you to put in up to 63 or 64, some might be lower, depends. I like to use the low numbers here. channel-group 1, OK, so, we're saying that these two FastEthernet ports are going to go in the EtherChannel interface, the logical interface with number one, and then we say mode. OK. So the key question here is, what protocol, if any, are we running? This is a question for you folks. This is a question you must be able to answer.

So did we use PAgP, short for Port Aggregation Protocol? Did we use LACP, short for Link Aggregation Control Protocol? Or are we forwarding these to channel bundle statically? Can we tell based on that channel-group command?

Do you remember the settings for PAgP? It was auto and desirable. What about LACP? It was active and passive. I see active and that is your clue. This is setting LACP. So you need to be able to think like that. PAgP, what are the two modes? Auto and desirable. LACP? Active and passive. So we know this side is set with LACP and the other side should either be another active or it could be passive. Those are the only two working options and then, we just configure whatever needs to be configured. Notice we do that on the logical port channel. Our logical configuration lives there, which is the right way to go. And I will say that for switch to switch connections, we're usually going to make it a trunk. So make it a trunk, configure the allowed VLANs that need to be carried across that, and match the native VLAN and you should be good to go.

So we have to do this on both switches. Make sure on the other switch, before you bring up these Ethernet interfaces, that you have set your mode to active or passive. That way there when you come back to our switch on the left-hand side, you type in no shutdown, it comes up, the other end of those links will come up-up as well, and our configurations are done. We've set our port-channel information and we're good to go. You follow those steps in that order and you reduce your chances of errors significantly. And I like to do things by minimizing my possibilities for errors. Now one thing to realize is that if you go to Ethernet 0/0 or Ethernet 0/1, and you start doing configurations on those physical interfaces, you are hurting yourself. How? Well, you are making changes specifically to that interface, and that does not affect the port channel. It does not affect the bundle, it only affects that specific interface. And we explored with you those parameters, that if they don't match between those interfaces, then the bundle will break the bundle.

So even though it is formed, and if somebody modifies those physical interface parameters, speed, duplex, trunk values on an interface-by-interface basis, your bundle will be broken. Guarantee it. So as we pointed out, do the configuration in port-channel configuration mode. Because all that information you type in port-channel configuration mode will be automatically copied to those main physical interfaces. So they should all match in the end, but the configuration is done at the port-channel mode.

Verifying EtherChannel

One place to go to verify your EtherChannel bundle is on the switch. We're creating a logical interface out of thin air, and so we can't see it as a regular interface. This looks like a physical interface, it's not. But we can see that it is up-up.

DSTR2#sh interfaces port-channel 1
Port-channel1 is up, line protocol is up (connected)
  Hardware is Ethernet, address is aabb.cc00.d400 (bia aabb.cc00.d400)
  MTU 1500 bytes, BW 20000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ...

I'll be honest though. We don't usually look at it and troubleshoot it with this command. When we're verifying EtherChannel, we need to dig deeper and we need to use commands that are specific and can get the magnifying glass to look at things like the member ports.

I said that there were two things that you really want to have mastered for this discussion. This for me is the second. The first was knowing your protocols and the parameters that set which protocol. The next is this output and I would want you to know the flags, the key words that we see here. So this is a great command: show etherchannel summary and look at all those flags up top. That's a lot and we should know how to use those flags. Down below it says, the number of channel groups, one. Great. That's what we had configured before but let's go from left to right. Group, well that's just the group number.

DSTR2#sh etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
Number of channel-groups in use: 1
Number of aggregators:           1
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Et0/0(P)    Et0/1(P)

Then we see the logical name and this is where we need to be very careful about reading. It says, Po1 for port-channel 1, SU. In the real world I would like to see SU or RU. So what's the upper case S here? Well I want you to find it in the flags. S says layer two, which means this is not a router port. I had said that you can use this on layer three EtherChannel bundles and a layer three EtherChannel bundle would have an R. So for me the only things that I want to see here are S or R, and we have to be mindful of the capitalization, by the way, because a lower case s can come up elsewhere. OK. So that's the S, for Switched essentially. Is it Switched or Routed? The next one is, U. This is a big deal. U says, in use. So you don't want to see anything other than a U here, like a D. It's a very possible value you could see, a D. U says Up. It says, in Use but I think of it as Up. OK. Then protocol LACP Active and Passive, settings.

Then we have our ports. So here, we would list the two to however many ports we have in EtherChannel bundle. And then there is a P here and that P says we're participating in the port channel. It's possible to see things like suspended here, OK? You don't want to see that. So knowing that decode for me is the second big takeaway from this chapter. You should know how to read the output and obtain the output. So show etherchannel summary, pretty important command.

By far, the last show command is the most important show command. You want to be able to read through that output inside and out, up and down, side to side without a problem. The show etherchannel Port-channel command allows us to dive into the specifics about our port-channel.

DSTR2#show etherchannel port-channel
                Channel-group listing:
                ----------------------
Group: 1
----------
                Port-channels in the group:
                ---------------------------
Port-channel: Po1    (Primary Aggregator)
------------
Age of the Port-channel   = 0d:09h:15m:12s
Logical slot/port   = 16/0          Number of ports = 2
HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =   LACP
Port security       = Disabled
Ports in the Port-channel:
Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
  0     00     Et0/0    Active             0
  0     00     Et0/1    Active             0
Time since last port bundled:    0d:09h:15m:05s    Et0/1

We can see the number of groups we have configured, in this example, one. And the first port-channel we're looking at is port-channel one. We can see aging, timers, how long it has been available for, the protocol, LACP, and the ports in the port-channel. Similar information that we just saw in the show etherchannel summary command, but here we can see the load as well. How much load on an average is each link utilizing. The ports 0/0, 0/1 and then our state, the EC state - Active, Active. Where have I heard that word before? It's one of the modes. It's one of the modes directly related to LACP.

In most of the cases the load isn't 50-50 and this is because of the underlying frame forwarding that happens. It's not a round-robin fashion. It doesn't say, frame one goes here, frame one goes the other one. No. Instead, it's based on the number of bits that you see there. Number of bits says, here is our hashing algorithm, which takes fields in the headers of the frames and based on the output of those, chooses which port it goes down. So in a more advanced class, we might teach you about altering where those bits are pulled from. Do we pull it from the layer two header with MAC, short for Media Access Control addresses? Do we look at IP addresses, source, and destination? And it is very chassis dependent, as well. Some chassis give you fewer options. So this is kind of a nice to see output. And if things were wildly misbehaving as in, you're expecting double the throughput but then you came here and you saw a load of 95 and 5. Well then, you might have to figure out, how do I change my load balancing strategy to get a better distribution of traffic?