EtherChannelCCNA 200-301

EtherChannel Member Ports with Different VLAN Configs

Presenting Symptom

Pings between hosts on the same VLAN across an EtherChannel fail intermittently, and the EtherChannel shows some member ports are down or not bundled.

Network Context

A small branch office has two Cisco Catalyst 2960 switches connected via a 4-port EtherChannel (Port-channel 1) trunking multiple VLANs. The switches run IOS 15.0. The EtherChannel is configured as a Layer 2 trunk. One switch (SW1) has member ports Gi0/1-4, the other (SW2) has Gi0/1-4. The problem occurs after a junior engineer reconfigured some ports to add a new VLAN, but inadvertently changed the VLAN configuration on some member ports.

Diagnostic Steps

Check EtherChannel status and member ports

show etherchannel summary

Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------
1      Po1(SU)         LACP      Gi0/1(P)    Gi0/2(P)    Gi0/3(D)    Gi0/4(D)

The output shows that Gi0/3 and Gi0/4 are down (D) or not bundled. This indicates a problem with those ports. Normal output would show all ports as (P) for bundled.

Check the VLAN configuration on the problematic member ports

show interfaces gigabitEthernet 0/3 switchport

Name: Gi0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

The output shows the port is in trunk mode with all VLANs allowed. However, we need to compare with a working port. The issue may be that the allowed VLAN list differs between member ports.

Compare allowed VLANs on all member ports

show interfaces trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1
Gi0/2       on               802.1q         trunking      1
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-1005
Gi0/2       1-1005
Gi0/3       1-1005
Gi0/4       1-1005

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20,30
Gi0/2       1,10,20,30
Gi0/3       1,10,20
Gi0/4       1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10,20,30
Gi0/2       1,10,20,30
Gi0/3       1,10,20
Gi0/4       1,10,20

Notice that Gi0/3 and Gi0/4 are missing VLAN 30 in the 'Vlans allowed and active' list. This mismatch causes the EtherChannel to suspend those ports because all member ports must have identical VLAN configurations.

Check EtherChannel port-channel configuration

show running-config interface port-channel 1

interface Port-channel1
 switchport mode trunk
 switchport trunk allowed vlan 1,10,20,30
!

The port-channel interface has the correct allowed VLAN list. The problem is that the individual member ports Gi0/3 and Gi0/4 have a different allowed VLAN list (missing VLAN 30).

Root Cause

The EtherChannel member ports Gi0/3 and Gi0/4 have a different VLAN allowed list than the port-channel interface and the other member ports. Specifically, they are missing VLAN 30. Cisco EtherChannel requires all member ports to have identical VLAN configurations (allowed VLANs, native VLAN, etc.) for the bundle to form. The mismatch causes those ports to be suspended or not bundled.

Resolution

Configure the missing VLAN on the affected member ports to match the port-channel configuration. On SW1: interface gigabitEthernet 0/3 switchport trunk allowed vlan add 30 interface gigabitEthernet 0/4 switchport trunk allowed vlan add 30 Alternatively, to ensure consistency, you can set the allowed VLAN list on each member port to match the port-channel: interface range gigabitEthernet 0/1-4 switchport trunk allowed vlan 1,10,20,30 Note: The port-channel interface configuration is the master; member ports should inherit it, but if manually configured, they must match.

Verification

After applying the fix, verify the EtherChannel status: show etherchannel summary Expected output: Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------- 1 Po1(SU) LACP Gi0/1(P) Gi0/2(P) Gi0/3(P) Gi0/4(P) Also verify trunk allowed VLANs: show interfaces trunk Expected output shows all ports have VLAN 30 in the allowed list.

Prevention

1. Always configure VLAN settings on the port-channel interface rather than on individual member ports. The port-channel configuration is automatically propagated to member ports. 2. Use consistent configuration templates for all member ports to avoid manual mismatches. 3. Before adding a new VLAN, ensure it is added to all member ports or to the port-channel interface.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of EtherChannel configuration requirements. Questions may present a troubleshooting scenario where an EtherChannel is not forming, and you must identify that VLAN mismatch is the cause. Expect multiple-choice questions asking 'What is the most likely cause?' or drag-and-drop steps to resolve. Key fact: All member ports must have identical VLAN configuration (allowed VLANs, native VLAN) for the bundle to form.

Exam Tips

Remember that the 'show etherchannel summary' command quickly shows which ports are bundled (P) or down (D).

The 'show interfaces trunk' command reveals VLAN mismatches between member ports.

On the exam, if an EtherChannel is not forming, always check VLAN consistency first.

Commands Used in This Scenario

show etherchannel summary

Displays the status and configuration of all EtherChannel interfaces on the switch, used to verify channel bundling, port membership, and protocol state.

show interfaces trunk

Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions