Imagine you're a network engineer at a data center, and your top-of-rack switches connect to a server with four 1 Gbps links. Without EtherChannel, only one link can be active at a time due to Spanning Tree Protocol (STP) blocking the others—wasting 75% of your bandwidth. EtherChannel bundles multiple physical links into a single logical interface, providing up to 8 Gbps of aggregate throughput and link redundancy. This chapter covers Cisco's implementation of EtherChannel and the Link Aggregation Control Protocol (LACP), directly mapping to CCNA 200-301 exam objective 2.3: 'Configure and verify EtherChannel.' Master this topic to optimize bandwidth, simplify STP, and ace the exam.
Jump to a section
Think of a highway with multiple tollbooths leading into a city. Without EtherChannel, each tollbooth operates independently: cars (data frames) must choose a specific booth, and if one booth is closed (link failure), cars queue at the others—but no car can use a different booth mid-queue. Worse, a traffic rule (Spanning Tree Protocol) might close all but one booth to prevent loops, leaving most booths idle. EtherChannel is like merging those tollbooths into a single logical 'superbooth' with multiple lanes. The superbooth has one set of traffic lights (one logical interface for STP) and one payment system (one MAC address). Cars are distributed across the lanes using a hashing algorithm—for example, based on the car's license plate (source MAC) or destination (destination MAC). If one lane closes (link fails), the superbooth automatically redirects traffic to the remaining lanes without any cars getting lost. The key mechanism is the hashing algorithm: it ensures that all frames in a single conversation (e.g., from one IP to another) always use the same lane to prevent out-of-order delivery. LACP (Link Aggregation Control Protocol) is like a supervisor that negotiates which lanes belong to the superbooth, ensures both ends agree on the number of lanes, and detects when a lane is malfunctioning. Without LACP, you'd have to manually configure each lane—prone to human error. This analogy captures the essence: EtherChannel creates a single logical link from multiple physical ones, with intelligent traffic distribution and automatic failover.
What is EtherChannel?
EtherChannel (also called link aggregation) is a technology that allows you to combine up to 8 physical Ethernet links into a single logical link between two switches, or between a switch and a router/server. The primary reasons to use EtherChannel are: - Increased bandwidth: Aggregate throughput up to 8 Gbps (with GigabitEthernet) or 80 Gbps (with 10 GigabitEthernet). - Redundancy: If one physical link fails, traffic is redistributed among the remaining links. Failover is typically under one second. - Load balancing: Traffic is distributed across links using a hash algorithm, not per-packet round-robin (which can cause out-of-order delivery). - STP simplification: The logical interface is treated as a single port by STP, so only one logical link needs to be blocked—no wasted bandwidth from STP blocking multiple physical links.
How EtherChannel Works at the Frame Level
When a frame arrives at an EtherChannel interface, the switch applies a hash algorithm to select which physical link to use. The hash is computed over fields in the frame, such as:
Source MAC address
Destination MAC address
Source IP address
Destination IP address
Source and destination TCP/UDP ports
The default hash method varies by platform, but common defaults are source-and-destination MAC (for Layer 2) or source-and-destination IP (for Layer 3). The hash result maps to a specific link number (0 to N-1, where N is the number of active links). All frames in the same flow (e.g., same source-destination IP pair) always hash to the same link, preserving packet order.
Cisco supports three modes: - Static (manual): No protocol; you configure the channel-group manually. Both sides must match. No negotiation; if there is a mismatch, it may cause loops or black holes. - PAgP (Port Aggregation Protocol): Cisco proprietary. Has modes: desirable (actively initiates negotiation) and auto (passively waits). - LACP (IEEE 802.3ad): Open standard. Modes: active (sends LACPDUs) and passive (responds only).
For CCNA, focus on LACP (active/passive) and static. PAgP is legacy but still tested.
LACP Key Details
LACP uses frames called LACPDUs (Link Aggregation Control Protocol Data Units) sent every 1 second (fast rate) or 30 seconds (slow rate). Default is slow (30s) on most Cisco switches, but you can set lacp rate fast for faster detection.
LACP has a system priority (default 32768) and port priority (default 32768). Lower values are better. The switch with lower system priority becomes the LACP partner with decision authority.
Maximum number of active links in a port-channel is 8; up to 8 additional links can be in standby mode (for redundancy).
LACP detects mismatched parameters (e.g., speed or duplex) and will not aggregate the link.
IOS CLI Configuration
#### Static EtherChannel
interface range GigabitEthernet0/1-2
channel-group 1 mode on
! The mode 'on' forces the link into the port-channel without negotiation.
! Both sides must use mode 'on'.#### LACP EtherChannel
interface range GigabitEthernet0/1-2
channel-group 1 mode active
! 'active' sends LACPDUs and negotiates with the other side.
! The other side can be 'active' or 'passive'.#### Verify EtherChannel
show etherchannel summary
show etherchannel port-channel
show lacp neighbor
show interfaces port-channel 1Example output of show etherchannel summary:
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------
1 Po1(SU) LACP Gi0/1(P) Gi0/2(P)SU means Layer2 and in use.
P means the port is bundled (active).
If a port shows I (stand-alone) or s (suspended), there is a problem.
Interplay with STP and VLANs
STP runs on the port-channel interface, not on individual physical links. This means only one logical link per channel is evaluated by STP, preventing loops while using all physical links for forwarding.
VLANs: All physical links in the channel must have the same VLAN configuration (same trunk allowed VLANs, same native VLAN). Mismatched VLANs will cause the port to be suspended.
Load balancing: The hash algorithm can be changed globally with port-channel load-balance <method>. Common methods: src-dst-mac, src-dst-ip, src-dst-port.
Common Pitfalls
Speed/duplex mismatch: All physical links must have identical speed and duplex. LACP will not bundle mismatched links.
VLAN mismatch: Trunk allowed VLANs must match exactly.
STP port cost: The port-channel interface inherits the physical port cost; but you can manually set cost on the port-channel.
Maximum links: Only 8 active links per port-channel. Additional links go to standby (LACP) or are ignored (static).
Configuration inconsistency: If one side is configured as LACP active and the other as static 'on', the link will not bundle.
Identify Physical Links to Bundle
First, decide which physical interfaces you want to bundle. They must be of the same type (e.g., all GigabitEthernet), same speed, same duplex, and same VLAN configuration (if access ports) or same trunking parameters (if trunk ports). You can bundle up to 8 active links. On Cisco switches, you typically use a range of interfaces, e.g., GigabitEthernet0/1-4. Ensure no configuration exists on the individual interfaces that would conflict (e.g., different native VLAN). Use `show interfaces status` to verify speed/duplex.
Create the Port-Channel Interface
Although the port-channel interface is automatically created when you assign the first physical port to a channel-group, it is best practice to explicitly create it using `interface port-channel <number>`. This allows you to configure logical interface parameters (like switchport mode trunk, allowed VLANs, STP cost) that will apply to the entire bundle. The number must match the channel-group number you will use on the physical ports. Example: `interface port-channel 1` then `switchport mode trunk`.
Configure Physical Ports with channel-group
Enter interface configuration mode for each physical port (or a range) and assign them to the same channel-group using the `channel-group <number> mode <mode>` command. For LACP, use `mode active` (sends LACPDUs) or `mode passive` (responds only). For static, use `mode on`. Both ends must agree on the mode. Example: `interface range GigabitEthernet0/1-2` then `channel-group 1 mode active`. The physical ports will inherit the configuration of the port-channel interface (e.g., trunk settings) once they are bundled.
Verify EtherChannel Status
Use `show etherchannel summary` to confirm the port-channel is up (SU) and the physical ports are bundled (P flag). If a port shows 'I' (stand-alone) or 's' (suspended), troubleshoot. Use `show lacp neighbor` to see LACP negotiation details: verify that the partner's system ID and port information are correct. Use `show interfaces port-channel 1` to see the logical interface status and counters. Check for any error messages like '%EC_LACP-4-MISMATCH' which indicates a configuration mismatch.
Test Load Balancing and Failover
Generate traffic between devices connected via the EtherChannel (e.g., ping with large packets or use iperf). Use `show etherchannel load-balance` to see the current hash algorithm. Use `show interfaces <physical>` to see traffic counters on each member link—they should be roughly balanced for many flows. To test failover, shut down one physical interface (`shutdown`) and immediately verify that traffic continues via the other links. Use `show etherchannel summary` again to confirm the port is now down (D) but the bundle remains up. Re-enable the interface and it should rejoin automatically.
Adjust Load-Balancing Method (Optional)
If the default hash algorithm does not distribute traffic evenly, you can change it globally with `port-channel load-balance <method>`. Common methods: `src-dst-mac` (Layer2), `src-dst-ip` (Layer3), `src-dst-port` (Layer4). The choice depends on traffic patterns. For example, if traffic is between many different IP pairs, `src-dst-ip` works well. Use `show etherchannel load-balance` to verify the current method. Note: Changing the hash algorithm may cause temporary reordering of traffic, but it is generally safe.
In a typical data center, top-of-rack (ToR) switches connect to servers using multiple 10GbE links. Without EtherChannel, STP would block all but one link, wasting bandwidth. Network engineers use LACP to bundle two to four 10GbE links into a 20-40 Gbps logical link. This provides both increased throughput and redundancy: if a cable fails, traffic shifts to the remaining links in milliseconds. For example, a web server farm might have each server connected with two 10GbE links in an LACP bundle to two different ToR switches (using MLAG or vPC for multi-chassis link aggregation). In campus networks, EtherChannel is commonly used between access and distribution switches. A typical design bundles two or four GigabitEthernet links to provide 2-4 Gbps uplink capacity while maintaining STP simplicity. The engineer configures the port-channel as a trunk allowing all VLANs, and STP sees only one logical link. Performance considerations: the load-balancing hash must be chosen carefully. If most traffic is between two servers (e.g., backup traffic), all frames will hash to the same physical link, defeating the purpose. In such cases, using src-dst-ip or even src-dst-port can help spread flows. Misconfiguration scenarios: a common mistake is to configure one side as LACP active and the other as static 'on'. This results in the static side sending frames on all links, but the LACP side only using the link that received LACPDUs—potentially causing a loop or black hole. Always verify both sides match. Another pitfall: changing the allowed VLAN list on individual physical ports after bundling can cause the port to be suspended. Always configure VLANs on the port-channel interface, not on physical ports. In production, engineers use show etherchannel summary and show lacp neighbor during maintenance windows to verify health before and after changes.
The CCNA 200-301 exam objective 2.3 specifically requires you to 'Configure and verify EtherChannel.' Expect 2-3 questions on this topic. The exam tests both configuration knowledge and troubleshooting. Key points to memorize:
LACP modes: active (sends LACPDUs) and passive (waits). PAgP modes: desirable (sends) and auto (waits).
Static mode: 'on' – no negotiation, both sides must be 'on'.
Maximum of 8 active links per port-channel; LACP supports up to 8 standby links.
Default LACP rate is slow (30 seconds); use lacp rate fast for 1-second intervals.
Default system priority: 32768; default port priority: 32768.
Common verification commands: show etherchannel summary, show etherchannel port-channel, show lacp neighbor, show interfaces port-channel 1.
Most common wrong answers: 1. 'EtherChannel uses round-robin per-packet load balancing.' – Wrong. It uses a hash algorithm to keep flows on the same link. Round-robin would cause out-of-order packets. 2. 'LACP active mode can form a bundle with another active mode switch.' – Actually correct, but some candidates think only active-passive works. Both active-active and active-passive work. 3. 'You can bundle links of different speeds.' – Wrong. All links must have the same speed and duplex. 4. 'STP runs on each physical link in the channel.' – Wrong. STP runs only on the logical port-channel interface.
Calculation traps: None directly, but know that bandwidth is additive: 4x1Gbps = 4Gbps.
Decision rule for scenario questions: If the question asks about negotiating a bundle, look for LACP or PAgP modes. If it asks about load balancing, the answer involves a hash, not round-robin. If it asks about troubleshooting a non-bundling link, check for speed/duplex mismatch or VLAN mismatch. Eliminate answers that suggest per-packet load balancing or mixing speeds.
EtherChannel bundles up to 8 physical links into one logical interface, increasing bandwidth and providing redundancy.
LACP (IEEE 802.3ad) is the open standard; modes: active (sends LACPDUs) and passive (responds).
PAgP is Cisco proprietary; modes: desirable (sends) and auto (responds).
Static EtherChannel uses 'mode on' with no negotiation; both sides must be configured identically.
All physical links in a bundle must have the same speed, duplex, and VLAN configuration.
Load balancing uses a hash algorithm (default src-dst-mac for L2, src-dst-ip for L3); not per-packet round-robin.
STP runs on the port-channel interface, not on individual member links.
Verification commands: show etherchannel summary, show lacp neighbor, show interfaces port-channel.
These come up on the exam all the time. Here's how to tell them apart.
Static EtherChannel
No negotiation protocol; both sides manually configured with 'mode on'.
No LACPDUs sent; relies on administrative configuration.
If configuration mismatches, can cause loops or black holes.
Cannot detect misconfigurations like speed/duplex mismatches automatically.
Simpler but less robust.
LACP EtherChannel
Uses IEEE 802.3ad LACPDUs to negotiate and maintain the bundle.
LACPDUs sent every 1s (fast) or 30s (slow) to verify link health.
Detects mismatches (speed, duplex, VLAN) and prevents bundling.
Supports standby links for fast failover (up to 8 standby).
Standardized, interoperable with other vendors.
Mistake
EtherChannel distributes traffic per-packet in round-robin fashion.
Correct
EtherChannel uses a hash algorithm to ensure all frames of a given flow use the same physical link, preventing out-of-order delivery.
Many assume load balancing means per-packet, but that would cause reordering issues.
Mistake
LACP active mode requires the other side to be passive to form a bundle.
Correct
LACP active can form a bundle with another active switch; both sides send LACPDUs and negotiate.
Confusion with PAgP where desirable-desirable works, but some think active requires passive.
Mistake
You can bundle links of different speeds (e.g., 1 Gbps and 10 Gbps) in the same EtherChannel.
Correct
All links must have identical speed and duplex. Mixing speeds will prevent the bundle from forming.
Some think EtherChannel can aggregate any links, but the standard requires homogeneity.
Mistake
STP runs on each physical link within the EtherChannel, blocking all but one.
Correct
STP runs only on the logical port-channel interface. The physical links are not individual STP ports.
Candidates think STP still sees each physical link, but EtherChannel abstracts them.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
LACP active mode means the switch actively sends LACPDUs to negotiate the bundle. LACP passive mode means the switch only responds to LACPDUs it receives; it does not initiate negotiation. A bundle can form between active-active or active-passive, but not passive-passive because neither side initiates. For the CCNA exam, remember that at least one side must be active.
No. All physical links in an EtherChannel must have the same speed and duplex. If you try to mix, LACP will detect the mismatch and not bundle the links. Static EtherChannel will also fail because the switch will treat them as separate links. Always ensure consistent speed and duplex.
STP treats the entire port-channel as a single logical interface. It runs BPDU exchange on the port-channel, not on individual physical links. This means only one logical link per channel is evaluated for blocking, preventing loops while all physical links forward traffic. If the port-channel goes down, STP recalculates.
You can have up to 8 active links in a single EtherChannel. LACP also supports up to 8 standby links, which are used if an active link fails. Static EtherChannel does not support standby links; all configured links are active unless they fail.
Use the global configuration command 'port-channel load-balance <method>'. Common methods include src-dst-mac (Layer2), src-dst-ip (Layer3), and src-dst-port (Layer4). The change applies to all port-channels on the switch. Verify with 'show etherchannel load-balance'.
A port is suspended when it has a configuration mismatch with the port-channel. Common reasons: different speed/duplex, different VLAN configuration (e.g., allowed VLANs), or incompatible trunking mode. LACP will also suspend if the neighbor does not respond. Check the individual interface configuration and ensure consistency.
Yes, Cisco routers (e.g., ISR 4000 series) support EtherChannel. The configuration is similar to switches: create a port-channel interface, assign physical interfaces with 'channel-group' command. Routers often use L3 port-channels (no switchport) for routed links. The same rules apply: consistent speed, duplex, and no mixing of L2/L3 modes.
You've just covered EtherChannel and LACP — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?