EtherChannel is a critical technology for increasing bandwidth and providing redundancy between switches, routers, and servers. On the CCNA 200-301 exam, you must know how to configure and verify both PAgP and LACP EtherChannels. This lab walks you through configuring EtherChannel using LACP, the IEEE standard protocol, a skill you will use daily in enterprise networks to aggregate links without spanning-tree blocking.
Jump to a section
Imagine a single-lane road connecting two cities. Traffic is heavy, and a single accident blocks all movement. Now picture a six-lane highway between the same cities: traffic flows faster, and if one lane is closed for repairs, cars still move on the other five. EtherChannel is that multi-lane highway for network traffic. But simply having multiple physical links between switches is not enough—if you just plug in two cables without EtherChannel, Spanning Tree Protocol (STP) will block one to prevent loops. That is like building two separate single-lane roads that intersect dangerously at every crossing. EtherChannel bundles those physical links into one logical link, just as a highway merges multiple lanes into a single controlled roadway. LACP (Link Aggregation Control Protocol) is the traffic management system that negotiates the bundle, ensuring both sides agree on which links are in the channel, much like highway patrol coordinating lane usage between two cities. Without LACP, you must manually configure both sides—like having two separate toll booths that may not align. With LACP, the switches dynamically negotiate parameters such as port speed, duplex, and VLAN membership, preventing misconfigurations that could cause loops or black holes. The analogy extends to load balancing: traffic is distributed across the lanes using a hash algorithm, just as a highway uses lane markings to distribute cars. If one lane fails, LACP automatically removes it from the bundle, and traffic shifts to the remaining lanes without interruption—like closing a lane for construction while the other five keep flowing.
What is EtherChannel and Why Use It?
EtherChannel, also known as Link Aggregation, allows you to combine multiple physical Ethernet links into a single logical link. This provides increased bandwidth (aggregate throughput) and redundancy: if one physical link fails, traffic is redistributed among the remaining links without requiring STP reconvergence. On the CCNA exam, you must understand that EtherChannel operates at Layer 2 (switch-to-switch) or Layer 3 (router-to-router or switch-router). The logical interface is called a Port-Channel interface.
LACP (IEEE 802.3ad, now 802.1AX) is an open standard protocol. PAgP is Cisco proprietary. Both perform the same basic function: negotiate the formation of an EtherChannel. LACP supports up to 16 links per channel (8 active, 8 standby), while PAgP supports 8 active links. On the exam, know that LACP uses the following modes: - Active: Initiates negotiation and responds to LACP packets. - Passive: Only responds to LACP packets; does not initiate. - On: Forces the link into an EtherChannel without negotiation (static).
Step-by-Step Mechanism
When you configure LACP active/passive on both ends, the switches exchange LACP Data Units (LACPDUs) every 1 second (fast rate) or 30 seconds (slow rate). The default is slow. The LACPDU contains system priority, port priority, port number, and operational key. The switch with the lower system priority (or lower MAC address) becomes the aggregator. The ports must match in speed, duplex, and VLAN membership (for Layer 2). Once negotiated, the ports are bundled into a Port-Channel interface.
EtherChannel Load Balancing
EtherChannel does not round-robin packets; instead, it uses a hash algorithm to select a link for each flow. The hash can be based on source MAC, destination MAC, source IP, destination IP, or a combination. The default on Cisco switches is src-mac for Layer 2 and src-dst-ip for Layer 3. This ensures that packets of the same flow always use the same link, preventing out-of-order delivery.
Configuration Commands
To configure LACP EtherChannel on a Cisco switch:
interface range GigabitEthernet0/1-2
channel-group 1 mode active
exit
interface Port-channel1
switchport mode trunk
switchport trunk allowed vlan 1-100channel-group 1 mode active creates the Port-Channel 1 and sets LACP active mode.
The Port-Channel interface inherits the configuration of the first physical interface added, but you should configure the Port-Channel interface directly for consistency.
Verification Commands
show etherchannel summary
show etherchannel port-channel
show interfaces port-channel 1
show lacp neighborExample output for show etherchannel summary:
1 Po1(SU) LACP Gi0/1(P) Gi0/2(P)(SU) means Layer 2 (S) and in use (U). (P) indicates port is bundled.
Interaction with Spanning Tree
STP sees the Port-Channel as a single logical link. Therefore, all member ports are either forwarding or blocking together. This prevents loops and allows all links to forward traffic simultaneously.
Common Pitfalls
Mismatched VLAN allowed list on member ports: The Port-Channel will not form.
Mismatched speed/duplex: LACP will detect and not bundle.
Using "on" mode on one side and LACP on the other: The channel will not form because "on" does not send LACP packets.
Forgetting to configure the Port-Channel interface: The physical ports inherit the channel-group config, but the Port-Channel interface must have the same switchport mode and VLANs as the member ports.
Troubleshooting
If the EtherChannel does not come up:
1. Check show etherchannel summary to see if ports are in a "D" (down) or "I" (individual) state.
2. Use show lacp neighbor to verify LACP packets are being received.
3. Check show interfaces status for speed/duplex mismatches.
4. Ensure the allowed VLAN list matches on all member ports and the Port-Channel.
5. Use debug etherchannel (with caution in production).
Configure LACP Active on SW1
Access SW1's CLI. Enter global configuration mode. Select the two interfaces to bundle, e.g., GigabitEthernet0/1 and 0/2. Use the `channel-group` command with mode `active`. This enables LACP negotiation. The switch will send LACPDUs and respond to them. The command creates the Port-Channel interface automatically. ``` SW1(config)# interface range GigabitEthernet0/1-2 SW1(config-if-range)# channel-group 1 mode active ``` After this, a Port-Channel 1 interface is created. Verify with `show etherchannel summary`. The ports should show a state of "P" (bundled) or "W" (waiting) until the other side is configured.
Configure LACP Passive on SW2
On SW2, configure the same two interfaces with `channel-group` mode `passive`. This switch will not initiate LACP negotiation but will respond to LACPDUs from SW1. The channel-group number must match SW1's (1 in this case) because it defines the Port-Channel interface number. ``` SW2(config)# interface range GigabitEthernet0/1-2 SW2(config-if-range)# channel-group 1 mode passive ``` After this, the switches exchange LACPDUs. Within a few seconds, the Port-Channel should become operational. Use `show etherchannel summary` on SW2 to confirm ports are "P".
Configure the Port-Channel Interface
Even though the physical ports are bundled, you must configure the logical Port-Channel interface for the desired switchport mode and VLANs. This configuration overrides any settings on the physical ports. Set it as a trunk and allow the necessary VLANs. ``` SW1(config)# interface Port-channel1 SW1(config-if)# switchport mode trunk SW1(config-if)# switchport trunk allowed vlan 1-100 ``` Repeat the same on SW2's Port-Channel 1. Ensure the allowed VLAN list matches both sides, otherwise the channel may not form or traffic may be dropped.
Verify EtherChannel Status
Use `show etherchannel summary` to see the status of the Port-Channel. The output shows the Port-Channel number, its status (SU = Layer 2 up), protocol (LACP), and member ports with their states (P = bundled). ``` SW1# show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended Number of channel-groups in use: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Gi0/1(P) Gi0/2(P) ``` If a port shows "I" (individual), it means it is not bundled — check for mismatches.
Verify LACP Neighbor Details
The `show lacp neighbor` command displays LACP information from the neighbor switch. This confirms that LACPDUs are being exchanged and that the neighbor's system ID and port details are recognized. ``` SW1# show lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode Channel group 1 neighbors Partner's information: LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Number State Gi0/1 SA 32768 0022.3344.5566 1s 0x1 0x102 0x3D Gi0/2 SA 32768 0022.3344.5566 2s 0x1 0x103 0x3D ``` Flags "SA" indicate the neighbor is in Active mode and requesting Slow LACPDUs. If you see no neighbors, LACP negotiation is failing.
Test Redundancy and Load Balancing
Simulate a link failure by shutting down one of the physical interfaces: `interface Gi0/1` then `shutdown`. Verify with `show etherchannel summary` that the port state changes to "D" (down) but the Port-Channel remains up (SU). Traffic continues using the remaining link. Then bring the interface back up. Also test load balancing by generating traffic (e.g., using extended pings) and checking `show etherchannel load-balance` to see the hash algorithm. The default is usually src-mac for Layer 2.
In enterprise data centers, EtherChannel with LACP is the standard for connecting access switches to distribution switches and for connecting servers to top-of-rack switches. A common design is to use four 10GbE links between a pair of distribution switches to provide 40 Gbps aggregate bandwidth. LACP ensures that if a fiber patch cable is accidentally disconnected, the channel automatically adjusts without manual intervention. Another scenario is connecting a storage array to two switches using two links per switch; LACP provides both redundancy and increased throughput. Network engineers often configure LACP with the "active" mode on both ends to ensure rapid negotiation. They also set the LACP rate to "fast" (1-second intervals) on high-availability links for faster failure detection. A frequent misconfiguration is forgetting to configure the Port-Channel interface identically on both switches—for example, allowing different VLANs. This can cause the channel to form but traffic to be dropped for certain VLANs. Another real-world issue is using the default load-balancing algorithm (src-mac) when the traffic pattern is dominated by a single MAC (e.g., a default gateway). This can cause uneven link utilization. Engineers then change the hash algorithm to src-dst-ip to spread traffic better. Finally, EtherChannel interacts with STP: if you have a loop in the network, STP will block one of the Port-Channels, but all member ports of the blocked channel are blocked together. This is a key advantage over using multiple separate links.
The CCNA 200-301 exam tests EtherChannel under Exam Objective 2.3: "Configure and verify EtherChannel (LACP)". You must know the difference between PAgP and LACP modes (active, passive, desirable, auto, on). The most common wrong answer is thinking that "on" mode uses a protocol—it does not; it is static. Another trap is believing that LACP passive mode initiates negotiation; it does not. Candidates also confuse the maximum number of links: LACP supports up to 16 (8 active + 8 standby), while PAgP supports 8 (all active). On the exam, you may be given a scenario where two switches are connected with two links, and you need to choose the correct configuration to form an EtherChannel. The correct answer will have matching modes (active-active or active-passive) and matching trunk configurations. A common distractor is configuring one side as "active" and the other as "on"—this will not work because "on" does not send LACP packets. Another distractor is allowing different VLANs on the two physical ports—the channel will not form. Be prepared to interpret show etherchannel summary output. Look for the flag "P" for bundled ports. If a port shows "I" (individual), it means the port is not part of the channel, often due to mismatched parameters. Also, know that the Port-Channel interface must be configured with the same switchport mode as the physical ports. Finally, remember that EtherChannel load balancing is per-flow, not per-packet. A question may ask: "Which statement about EtherChannel load balancing is true?" The correct answer is that it uses a hash algorithm to ensure packets in the same flow use the same link.
LACP is IEEE 802.3ad (now 802.1AX), an open standard for link aggregation.
LACP modes: active (initiates), passive (responds only), on (static, no protocol).
PAgP is Cisco proprietary with modes desirable (initiates) and auto (responds).
Maximum links: LACP supports 8 active + 8 standby; PAgP supports 8 active.
EtherChannel load balancing uses a hash (e.g., src-mac, dst-mac, src-dst-ip) and is per-flow, not per-packet.
STP treats the Port-Channel as a single logical link; all member ports share the same STP state.
Key verification commands: show etherchannel summary, show lacp neighbor, show interfaces port-channel.
Common misconfiguration: mismatched VLAN allowed list on member ports prevents channel formation.
These come up on the exam all the time. Here's how to tell them apart.
LACP
IEEE standard (802.3ad/802.1AX)
Modes: active, passive, on
Supports up to 16 links (8 active + 8 standby)
Can be used between Cisco and non-Cisco devices
Sends LACPDUs every 1s (fast) or 30s (slow)
PAgP
Cisco proprietary
Modes: desirable, auto, on
Supports up to 8 links (all active)
Only works between Cisco devices
Sends PAgP packets every 1s (fast) or 30s (slow)
Mistake
LACP passive mode can initiate negotiation.
Correct
LACP passive mode only responds to LACPDUs; it never initiates. Active mode initiates. For a channel to form, at least one side must be active.
Candidates confuse passive with PAgP's desirable mode, which does initiate.
Mistake
EtherChannel distributes packets round-robin across links.
Correct
EtherChannel uses a hash algorithm to assign each flow to a specific link. All packets in the same flow use the same link to prevent out-of-order delivery.
The term 'load balancing' suggests equal distribution, but it is per-flow, not per-packet.
Mistake
You can configure different VLAN allowed lists on different member ports.
Correct
All member ports must have the same VLAN allowed list, and the Port-Channel interface must match. Otherwise, the channel will not form or will misbehave.
Candidates think individual port configurations are merged; they are not—they must be identical.
Mistake
The 'on' mode uses LACP to negotiate the channel.
Correct
The 'on' mode is static; it forces the port into the channel without any negotiation. Both sides must be configured with 'on' for the channel to work.
The word 'mode' implies a protocol, but 'on' is manual.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
LACP active mode initiates the negotiation by sending LACPDUs. Passive mode only responds to received LACPDUs; it does not initiate. For an EtherChannel to form, at least one side must be active. If both are passive, no LACPDUs are exchanged, and the channel does not form. This is a common exam point: you need active-active or active-passive, not passive-passive.
No, all ports in an EtherChannel must have the same speed and duplex. LACP will detect mismatches and prevent the port from joining the bundle. This is a hard requirement. On some platforms, you can configure different speeds, but the switch will use the lowest common speed; however, Cisco recommends identical speeds.
STP treats the entire Port-Channel as a single logical link. All member ports share the same STP state (forwarding or blocking). This prevents loops while allowing all links to be used. If the Port-Channel is blocked, all member ports are blocked. This is a key advantage over using multiple separate links where STP would block all but one.
The output shows each channel group, the Port-Channel interface (e.g., Po1), its status (SU = Layer 2 up, SD = Layer 2 down, RU = Layer 3 up, etc.), the protocol (LACP or PAgP), and the member ports with flags: P = bundled (in use), I = individual (not bundled), D = down, s = suspended. For CCNA, you must interpret flags correctly.
The default depends on the switch model and IOS version. For most Catalyst switches, the default is src-mac for Layer 2 EtherChannels and src-dst-ip for Layer 3. You can change it with the 'port-channel load-balance' command. The hash ensures that frames in the same flow use the same link.
Yes, LACP supports up to 16 ports: 8 active and 8 standby. The standby ports are in hot-standby mode; they activate if an active port fails. PAgP supports only 8 active ports. This is a distinguishing feature on the exam.
The EtherChannel will not form. 'On' mode does not send LACP packets, so the active side will never receive a response. The active side will keep sending LACPDUs but the other side ignores them. The ports will remain as individual ports (not bundled). Both sides must use LACP (active/passive) or both use 'on'.
You've just covered Lab: Configure EtherChannel with LACP — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?