EtherChannelCCNA 200-301

STP Blocking One EtherChannel Member Port

Presenting Symptom

One member port of an EtherChannel is in STP blocking state while the other member ports are forwarding, causing traffic to be dropped on that link.

Network Context

A small enterprise campus network with two Cisco Catalyst 3750 switches running IOS 12.2(55)SE. The switches are connected via a 4-port EtherChannel (Port-channel 1) configured as a trunk carrying multiple VLANs. STP is running Rapid PVST+. The problem occurs after a recent configuration change where a new VLAN was added to the trunk.

Diagnostic Steps

Check EtherChannel status

show etherchannel summary

Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------
1      Po1(SU)         LACP      Gi0/1(P)    Gi0/2(P)    Gi0/3(P)    Gi0/4(S)

The output shows that Gi0/4 is in state 'S' (suspended) instead of 'P' (bundled). This indicates the port is not part of the active EtherChannel. The 'S' flag means the port is suspended due to a misconfiguration or STP inconsistency.

Check STP state for the EtherChannel and its member ports

show spanning-tree interface port-channel 1 detail

Port-channel1 is root port, forwarding
  Port path cost 4, Port priority 128, Port identifier 128.1.
  Designated root has priority 32768, address aaaa.bbbb.cccc
  Designated bridge has priority 32768, address aaaa.bbbb.cccc
  Designated port id is 128.1, designated path cost 0
  Timers: message age 2, forward delay 15, hold 1
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 1234, received 5678

The port is in the port-channel.

Interface Gi0/1 (member of Port-channel1):
  Role: Root, State: Forwarding
  ...
Interface Gi0/2 (member of Port-channel1):
  Role: Root, State: Forwarding
  ...
Interface Gi0/3 (member of Port-channel1):
  Role: Root, State: Forwarding
  ...
Interface Gi0/4 (member of Port-channel1):
  Role: Alternate, State: Blocking
  ...

The STP detail shows that Gi0/4 is in 'Alternate' role and 'Blocking' state, while the other member ports are 'Root' and 'Forwarding'. This is abnormal because all member ports of an EtherChannel should share the same STP state. The port is being blocked by STP, likely due to a VLAN mismatch or inconsistent port configuration.

Check for VLAN inconsistencies on the member port

show interfaces trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1
Gi0/2       on               802.1q         trunking      1
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-100,200
Gi0/2       1-100,200
Gi0/3       1-100,200
Gi0/4       1-100,200

Port        Vlans allowed and active in management domain
Gi0/1       1-100,200
Gi0/2       1-100,200
Gi0/3       1-100,200
Gi0/4       1-100,200

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       none
Gi0/2       none
Gi0/3       none
Gi0/4       none

The trunk configuration appears consistent across all ports. However, note that the 'Vlans in spanning tree forwarding state' shows 'none' for all ports, which is unusual. This may indicate that the STP state is not updating correctly. Further investigation is needed on the remote switch.

Check the remote switch's STP state for the same port

show spanning-tree interface gigabitethernet 0/4 detail

Interface Gi0/4 (member of Port-channel1):
  Role: Designated, State: Forwarding
  ...

On the remote switch, Gi0/4 is in 'Designated' role and 'Forwarding' state. This inconsistency (local switch sees it as Alternate/Blocking, remote sees it as Designated/Forwarding) indicates a configuration mismatch. The most common cause is that the port is not configured with the same allowed VLANs or trunk mode on both sides, or there is a native VLAN mismatch.

Verify the native VLAN configuration on the member port

show running-config interface gigabitethernet 0/4

interface GigabitEthernet0/4
 switchport trunk native vlan 999
 switchport mode trunk
 channel-group 1 mode active
!

The output shows that Gi0/4 has a native VLAN of 999, while the other member ports likely have native VLAN 1 (default). This mismatch causes STP to block the port to prevent loops. The native VLAN must be consistent across all member ports of the EtherChannel.

Root Cause

The native VLAN on interface Gi0/4 was misconfigured as VLAN 999, while the other member ports (Gi0/1-3) use the default native VLAN 1. This VLAN mismatch causes STP to place Gi0/4 in a blocking state to prevent potential loops, as STP considers the port to be in a different VLAN domain.

Resolution

1. Change the native VLAN on Gi0/4 to match the other ports (VLAN 1): interface GigabitEthernet0/4 no switchport trunk native vlan 999 switchport trunk native vlan 1 end 2. Alternatively, if the intended native VLAN is 999, change the other member ports to match: interface range GigabitEthernet0/1-3 switchport trunk native vlan 999 end 3. After correction, the port should automatically rejoin the EtherChannel and STP will transition it to forwarding.

Verification

show etherchannel summary Expected output: Gi0/4 should now show flag 'P' (bundled). show spanning-tree interface port-channel 1 detail Expected output: Gi0/4 should show Role: Root, State: Forwarding (same as other members).

Prevention

1. Always ensure consistent native VLAN configuration across all member ports of an EtherChannel. 2. Use a configuration template or automation to apply identical settings to all ports in a port-channel. 3. Before adding a new VLAN to a trunk, verify that all member ports have the same allowed VLAN list.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario may appear as a troubleshooting question where you must identify why an EtherChannel member port is blocked. The exam tests your understanding of STP interaction with EtherChannel and the importance of consistent port configurations. Key fact: All member ports of an EtherChannel must have identical VLAN configurations (allowed VLANs, native VLAN, trunk mode) to avoid STP inconsistencies.

Exam Tips

Memorize the 'show etherchannel summary' flags: P = bundled, S = suspended. A suspended port often indicates a configuration mismatch.

Remember that STP treats all member ports of an EtherChannel as a single logical port; if one member has a different VLAN config, STP may block it.

When troubleshooting EtherChannel issues, always check 'show interfaces trunk' and 'show running-config interface' for VLAN consistency across member ports.

Commands Used in This Scenario

show etherchannel summary

Displays the status and configuration of all EtherChannel interfaces on the switch, used to verify channel bundling, port membership, and protocol state.

show interfaces trunk

Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions