Scenario:
A network administrator configures EtherChannel between two Cisco switches using LACP, but the link is not forming, and some VLANs are not passing traffic.
Network Setup:
- Two switches: SW1 and SW2
- Ports Gi0/1 and Gi0/2 are used for EtherChannel.
- VLANs 10, 20, and 30 should be allowed on the trunk.
Step 1: Verify EtherChannel Status
Check the current EtherChannel summary on SW1
SW1# show etherchannel summary
Output:
Group Port-channel Protocol Ports
------ ------------ -------- ------------------------
1 Po1(SD) LACP Gi0/1(P) Gi0/2(D)
๐จ Problem Detected:
- “SD” (Layer 2, Down): The EtherChannel is configured but not operational.
- “D” (Down): Gi0/2 is not active in the group.
Step 2: Check Interface Configurations
Check Gi0/1 and Gi0/2 settings
SW1# show running-config interface Gi0/1
SW1# show running-config interface Gi0/2
Output (SW1):
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
channel-group 1 mode passive # LACP mode
!
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk allowed vlan 10,20,30
channel-group 1 mode passive # LACP mode
Check the same on SW2
bashCopyEditSW2# show running-config interface Gi0/1
SW2# show running-config interface Gi0/2
Output (SW2):
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
channel-group 1 mode passive # LACP mode
!
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk allowed vlan 10,20,30
channel-group 1 mode passive # LACP mode
๐จ Problem Detected:
- Both sides are set to “passive” in LACP.
- LACP requires at least one side to be “active” to initiate EtherChannel.
โ Fix: Change SW1 to “active”
SW1(config)# interface range Gi0/1 - 2
SW1(config-if-range)# channel-group 1 mode active
SW1(config-if-range)# exit
๐ Expected Result: LACP will now negotiate the EtherChannel.
Step 3: Verify if the EtherChannel is Now Up
SW1# show etherchannel summary
Output (Expected):
cssCopyEditGroup Port-channel Protocol Ports
------ ------------ -------- ------------------------
1 Po1(SU) LACP Gi0/1(P) Gi0/2(P)
โ
“SU” (Layer 2, Up) means EtherChannel is working!
โ
“P” (Port is active in EtherChannel) shows both interfaces are bundled.
Step 4: Verify VLANs on the Trunk
If VLAN traffic is still not passing, check allowed VLANs on the trunk:
SW1# show interfaces trunk
Output:
Port Mode Encapsulation Status Allowed VLANs
Po1 on 802.1q trunking 1,10,20,30
๐จ Problem Detected:
- VLAN 1 is allowed by default but is not needed.
โ Fix: Explicitly allow VLANs
SW1(config)# interface Port-channel 1
SW1(config-if)# switchport trunk allowed vlan 10,20,30
SW1(config-if)# exit
๐ Now, only the necessary VLANs are allowed.
Step 5: Final Verification
Check VLANs Allowed on Trunk
SW1# show interfaces trunk
โ Expected Output:
Port Mode Encapsulation Status Allowed VLANs
Po1 on 802.1q trunking 10,20,30
Check Spanning Tree
# show spanning-tree active
โ Ensure Port-Channel 1 is forwarding traffic.
Summary of Troubleshooting Steps
| Issue | Cause | Solution |
|---|---|---|
| EtherChannel is down (SD) | Both sides set to passive in LACP | Change one side to active. |
| One port is down (D) | Speed/duplex mismatch | Set speed/duplex manually. |
| VLAN traffic not passing | VLANs not allowed on the trunk | Use switchport trunk allowed vlan X. |
| STP blocking the EtherChannel | Spanning Tree treating Port-Channel as a loop | Check show spanning-tree and adjust priority. |
Best Practices for EtherChannel Configuration
โ
Use LACP instead of PAgP (open standard, more stable).
โ
Manually set trunk mode on Port-Channel interfaces (switchport mode trunk).
โ
Ensure the same speed, duplex, and VLAN settings on both sides.
โ
Check for STP blocking with show spanning-tree.
โ
Use show etherchannel summary to monitor link status.
Conclusion
In this real-world case, the EtherChannel was down due to LACP passive mode on both switches. Changing one side to active resolved the issue. Additionally, VLAN traffic issues were fixed by explicitly allowing the required VLANs.
The Lazy Networker 
Leave a comment