Cisco Ethernet Switch Procedures

Login to the switch (telnet Switch Name or IP Address)
Enter your login name
Enter your one-time password from your CryptoCcard
If the login was successful, a switch prompt will be returned
If you have "Enable" level privileges, a switch prompt will be returned (a prompt that will be like "switch-name> (enable)" to indicate you are in "enable mode")

Switch Port Comments

Cisco Ethernet switch allow users to put a "Name" on each port. This is a comment field that can be used as desired, and has no effect on the operation of the switch. NCAR uses the field to show what a switch port is connected to. In machine rooms, we put machine names in the "Name" field. Everywhere else, we uses a standard NETS location label, usually to specify the Wall plate interface that a port connects to. In the automatically generated Ethernet Switch Port Lists, the "Name" field is called the "Connected To" field. It is also sometimes referred to as the "comment" field in Ethernet switches.

If a switch port has been allocated permanently to a certain VLAN, the Name field will have a P) prefix, indicating that the port is not to be disabled, regardless of how often it is used.

These are the steps for adding and removing a switch

Log into to ExtraView

From your home page, select Add
Select the NETS Add Remove Tab (at the top)
Fill out the form and click submit

Information about the form:

Email will be sent to all staff involved in adding or removing a switch once the ticket is opened.
Staff should update the ticket as work is completed (click on complete button and click update).
Staff assigned to the ticket will receive email every time the ticket has been updated until their task(s) are complete.
Marla will receive a report of all open tickets once a week.
The ticket can be closed by the staff member assigned to the ticket, or it will close automatically and email sent to everyone listed on the ticket once all steps are complete.

Switch port auto-negotiation information

Web page resources to consult:

Troubleshooting Cisco Catalyst Switches to Network Interface Card (NIC) Compatibility Issues (Cisco)
Using Portfast and Other Commands to Fix Workstation Startup Connectivity Delays (Cisco)
Ethernet Technologies (Cisco)
Configuring and Troubleshooting Ethernet 10/100Mb Half/Full Duplex Auto-Negotiation (Cisco)
Recovering From errDisable Port State on the CatOS Platforms

Charles Spurgeon's Ethernet Web Site (contains good information about auto-negotiation)

In general, if a port cannot auto-negotiate the port speed/duplex:

Make sure auto-negotiation is configured on both ends of the link (use the show port command)
-- you cannot configure settings manually on one end of the link and configure the other end of the link for auto-negotiation.
If auto-negotiation fails when you connect a client NIC to the switch, check the NIC and drivers to make sure that auto-negotiation is supported.
If auto-negotiation is supported and properly configured but you still cannot connect, turn off auto-negotiation and set the speed and duplex manually
(use the set port speed and set port duplex commands).

Show the Current Port Status on a Switch

Show the Status of all ports on the Switch
CatOS: show port
IOS: show interface status
Show the Status of all Ports on a Card on the Switch
CatOS: show port x (where x is the card number)
IOS: show interface status module x (where x is the card number)
Show the Status of one port on the Switch
CatOS: show port x/y (where x is the card number and y is the port number)
IOS: show interface status "gig or faste"x/y (where x is the card number and y is the port number)

Show the Error and Data Counters for a Port

Login to the Switch (telnet Switch Name)
Show the Status of one port on the Switch
CatOS: show port x/y (where x is the card number and y is the port number)
IOS: show interface status "gig or faste"x/y (where x is the card number and y is the port number)
Show the MAC level information
CatOS: show mac x/y (where x is the card number and y is the port number)
IOS: show counters int "gig or faste"x/y (where x is the card number and y is the port number)
To aid in tracking down what port might be causing widespread network problems (e.g., a gigabit ethernet host with a bad NIC causing major network problems by spewing out large amounts of multicast traffic):
- start by getting console access on one of the core switches (mlra or flra) in enable mode:
- issue the 'clear counters' command to set values to zero
- then issue the 'show mac' command to see all the unicast, multicast, and broadcast packets for all ports on the switch; if a port is 'misbehaving' badly, the large numbers of packets should stand out in one of the columns that command outputs and give you an indication of which port(s) you might check out first (i.e., which one might have the 'problem device' on it). More information on this matter is available on the troubleshooting severe switch problems web page.
Clearing port counters
CatOS: clear counters x/y (where x is the card number and y is the port number)
IOS: clear counters interface "gig or faste"x/y (where x is the card number and y is the port number)
Showing the updated counters
CatOS: show counters x/y (where x is the card number and y is the port number)
IOS: show counters interface "gig or faste"x/y delta (since last cleared)

Port Error Logging on a Switch

If a switch port performs poorly, do the following to save the port information for later use

Login to the Switch (telnet Switch Name)
Win2K Example: Start->Run->type telnet xxx.xxx.xxx.xxx
(where xxx.xxx.xxx.xxx is the switch's ip address)
Begin a log file to save the session results
Win2K Example: Terminal->Start Logging->"Look in" = c:\, "File Name" = log Date Switch Name.txt
(where Date is in the MMDDYY format and Switch Name is the name of the switch)
Example: log040898ml-16c-c1-es.txt
Retrieve the switch's time
CatOS: show time
IOS: show clock
Retrieve the switch's log
CatOS: show logging buffer
IOS: show log
Retrieve the port information
CatOS: show port x/y (where x is the card number and y is the port number)
IOS: show interface status "gig or faste"x/y (where x is the card number and y is the port number)
Retrieve the MAC level information on the port
CatOS: show mac x/y (where x is the card number and y is the port number)
IOS: show int "gig or faste"x/y counters (where x is the card number and y is the port number)
Retrieve the switch's time again
Retrieve the port information again
Retrieve the MAC level information on the port again
Stop the log file to save the file's contents
Win2K Example: Terminal->Stop Logging
Perform steps 1-11 again after 24 hours and save the results
If the error counts have changed between the two sets of results, check the patch cables at either end. If the patch cables are OK, contact NETS by using a "Work Request" and send the results or contact someone in the section depending on the severity of the problem.

Show the Status and VLANs Connected to a Switch

Login to the Switch (telnet Switch Name)
Show the Status of the VLANs
CatOS: show vlan
IOS: show vlan
The last section of this status display shows the VLAN configuration information. Please review the on-line documentation to understand the column terms.

Show the VLAN Trunking on a Switch

Login to the Switch (telnet Switch Name)
Show the Status of the trunking
CatOS: show trunk
IOS: show interfaces trunk
(Please review the fields descriptions on the Cisco web for descriptions of each field.)

Show Modules and Software Versions for a Switch

Login to the Switch (telnet Switch Name)
Show the Status of the modules
CatOS: show module
IOS: show module

Show the Software Versions and Memory Information for a Switch

Login to the Switch (telnet Switch Name)
Show the version information
CatOS: show version
IOS: show version

Show the Switch Error Log

Login to the Switch (telnet Switch Name)
Show the error log
CatOS: show logging buffer
IOS: show log

Error Logging on a Switch

If a switch performs an unscheduled reboot, do the following to save the reboot information

Login to the Switch (telnet Switch Name)
Win2K Example: Start->Run->type telnet xxx.xxx.xxx.xxx
( where xxx.xxx.xxx.xxx is the switch's ip address)
Begin a log file to save the session results
Win2K Example: Terminal->Start Logging->"Look in" = c:\, "File Name" = log Date Switch Name.txt
(where Date is in the MMDDYY format and Switch Name is the name of the switch)
Example:: log040898ml-16c-c1-es.txt
Retrieve the switch's time
CatOS: show time
IOS: show clock
Retrieve the switch's log
CatOS: show logging buffer
IOS: show log
Retrieve the switch's version information
CatOS: show version
IOS: show version
Retrieve the switch's installed modules information
CatOS: show module
IOS: show module
Retrieve the switch's current configuration
CatOS: show config
IOS: show run
Stop the log file to save the file's contents
Win2K Example: Terminal->Stop Logging
Archive the error log

General host and phone access port

Most ports on the UCAR network will be configured for host and phone access. When a switch or module is added, the established default port configurations are applied.

These include:

spanning-tree portfast default (global)
spanning-tree portfast bpduguard default (global)
switchport
switchport mode access
switchport voice vlan <xxx>
wwr-queue cos-map x x x (QOS priority mapping)
mls qos vlan-based
spanning-tree guard root

To define a port for use at least 2 things need to be configured - the port description and the access vlan

description <this is the location info>
switchport access vlan <xxx>
copy run start (don't forget to save your changes)

Access point configuration

There are a few configurations that are slightly different than the general host and phone access port configuration. One of those is a port configuration for an access point. There is one command that should be removed from our established defaults, and a couple of additions.

To remove a command, use the no form:

no switchport voice vlan

Then add these:

switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan <xxx> (defined vlan for the campus APs)
switchport trunk allowed vlan <xxx,xxx,xxx,xxx> (a set of vlans for the various campus wireless services)
Don't forget to save your changes.

Configuration for connecting Non-NETS switches

Another port configuration would be to connect a port to a Non-NETS switch or a switch that belongs to a division. There are a few required commands that must be configured on the port to protect the UCAR network from problems associated with loops and broadcast storms. A Non-NETS switch will only have a single connection to the UCAR network.

spanning-tree portfast disable
spanning-tree bpduguard disable
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan <xxx,xxx,xxx,xxx>
Don't forget to save your changes.

Modifying a port assignment on a switch

Login to the Switch (telnet Switch Name)
If the port is being disabled, set the VLAN to 1. Otherwise, check the Subnet and VLAN list to determine the VLAN to use.

Verify the VLAN exists on the switch via the "show vlan" command. This is the output from a good vlan:

y2k-6509> (enable) show vlan 1000  
VLAN Name                             Status    IfIndex Mod/Ports, Vlans  
---- -------------------------------- --------- ------- ------------------------  
1000 example-net                        active    235     6/1
                                                          15/1      
VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2  
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------  
1000 enet  101000     1500  -      -      -      -    -        0      0      

VLAN MISTP-Inst DynCreated  RSPAN  
---- ---------- ---------- --------  
1000 -          static     disabled

Once the existence of the VLAN has been verified on the switch, proceed to activating the port:
CatOS: set vlan z x/y (where z is the vlan number, x is the card number and y is the port number)
IOS: interface "gig or faste"x/y (where x is the card number and y is the port number)
switchport access vlan z (where z is the vlan number)
Change the name of the port to the opposite end's connection device, usually a telecommunications outlet
CatOS: set port name x/y ML-43A-W1-2B (where x is the card number and y is the port number, and the text is the information on the connection)
IOS: interface "gig or faste"x/y (where x is the card number and y is the port number)
description ML-43A-W1-2B (the text is the information on the connection)

Download a Switch's Configuration from the TFTP Server
NOTE: This procedure will disrupt the switch's operation!!!

Login to the Switch (telnet Switch Name)
Download the configuration file (configure HostIPAddress Directory/File - where HostIPAddress is the TFTP host, Directory/File is the directory and configuration name)
CatOS: configure xxx.xxx.xxx.xxx configs/fl2-2143-c1-es
IOS: copy tftp xxx.xxx.xxx.xxx1 configs/fl2-2143-c1-es running-config
( where xxx.xxx.xxx.xxx is the tftp server address)
This will take a few minutes and each configuration line will be displayed on the console

Enabling/Disabling system messages from displaying in the current session

If you are troubleshooting a problem on a switch and you keep getting interrupted by lots of system messages scrolling by, you can issue this command to turn them off for the duration of your session
CatOS: set logging session disable
IOS: terminal no monitor
And of course if you do want to see those messages again, you'd enter "set logging session enable"
CatOS: set logging session enable
IOS: terminal monitor

Deleting one arp entry on a switch

How do you clear an individual ARP cache entry on the router should you need to?
CatOS: clear arp xxx.xxx.xxx.xxx
IOS: clear ip arp xxx.xxx.xxx.xxx

General Notes for Switch/Card Installations

Check that all needed hardware is available (Cards, cables, patch panels, cable management, rack screws)
Schedule Down Time and send an Outage Notice at least a week in advance
Prepare a Complete Check List of items needed for the installation
Example:
1. Get three 48 port cards
2. Get six patch panels
3. Get 24 card to patch panel cables
4. Bring tool bag
5. Get rack screws
6. Bring PC & console cables
7. Bring port assignment sheets
8. Get Fluke OneTouch
9. Bring Labeling doc. & labeler
10. Bring this document
During the installation, test all ports with the OneTouch
Install at least the generic labels on all devices and patch panels

Initial Switch Setup & Installation Check List

Install the switch with correct power & cable management
Connect a console device to the console port
Login to the switch's console port by entering the password [if one has already been assigned--if not, there won't be one!]
Change the security mode to modify the configuration (enable Password)
Clear the switches configuration
CatOS: clear config all
IOS: delete nvram:startup-config
reload
Verify the switch is running the current IOS version [can be upgraded via flash card, or via minimal TCP/IP config if necessary]
If not, perform the download procedure
Set the switch's unique information
1. Set the name (where Switch Name is the name of the switch)
  CatOS: set system name fl2-2143-c1-gs
  set prompt fl2-2143-c1-gs>
  IOS: hostname fl2-2143-c1-gs
2. Set the VLAN domain
  CatOS: set vtp domain ucarvtp
  set vtp mode off vlan
  set vtp mode off mst
  IOS: vtp domain ucarvtp
  vtp mode transparent
3. Set the switch IP address
  CatOS: set interface sc0 vlan-number xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
  IOS: interface vlan-number
  ip address xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
  no ip redirects
  no ip proxy-arp
  no ip route-cache
  no shut
  (where vlan-number is the management VLAN number for the campus, xxx.xxx.xxx.xxx is the IP address of the switch, and yyy.yyy.yyy.yyy is the mask)
4. Define the default route for the switch
  CatOS: set ip route 0.0.0.0 xxx.xxx.xxx.xxx
  IOS: ip route 0.0.0.0 xxx.xxx.xxx.xxx
  (where xxx.xxx.xxx.xxx is the IP address of the default router)
5. Define the radius information for the security login to the device
  CatOS: set radius server xxx.xxx.xxx.xxx auth-port 1816 primary
  set radius key abcdefghijklmnop123456
  set radius attribute framed-ip-address include-in-access-req enable
  IOS: radius-server host xxx.xxx.xxx.xxx auth-port 1816 acct-port 1818
  radius-server source-ports 1645-1646
  radius-server retransmit 1
  radius-server timeout 3
  radius-server key abcdefghijklmnop123456
  ip radius source-interface Loopback0
  (where xxx.xxx.xxx.xxx is the IP address of the radius server and abcdefghijklmnop123456 is the system key )
Follow the card installation procedures below to configure any installed modules
Set the login methods to use radius
CatOS: set authentication login radius enable console primary
set authentication login radius enable telnet primary
set authentication enable radius enable console primary
set authentication enable radius enable telnet primary
IOS: aaa authentication login default group radius line
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization exec default group radius none
Set the login password
CatOS: set password a1b2c3d4
IOS: line con 0
password 0 a1b2c3d4
transport preferred none
(get a1b2c3d4 from security file)
Set the enable password
CatOS: set enablepass z9y8x7w6
IOS: enable secret 0 z9y8x7w6
service password-encryption
(get z9y8x7w6 from security file)
Configure SNMP settings
CatOS: set snmp community read-only xxxxxxxx
set snmp community read-write xxxxxxxx
set snmp community read-write-all xxxxxxxx
IOS: snmp-server community xxxxxxx RO 95
snmp-server community xxxxxxx RW 95
snmp-server community public xxxxxxx RO 97
(where xxxxxxxx is the appropriate NCAR SNMP community strings from security file)
Enable time synchronization from the network
CatOS: set ntp broadcastclient enable
set timezone MST -7 0
set summertime enable MDT
set summertime recurring second Sunday March 02:00 first Sunday November 02:00 60
IOS: clock timezone MNT -7
clock summer-time MDT recurring
ntp server xxx.xxx.xxx.xxx
Enable DNS
CatOS: set ip dns server xxx.xxx.xxx.xxx primary
set ip dns server yyy.yyy.yyy.yyy (for the secondary)
set ip dns enable
set ip dns domain ucar.edu
IOS: ip domain-name ucar.edu
ip name-server xxx.xxx.xxx.xxx
ip name-server yyy.yyy.yyy.yyy (for the secondary)

Card Installation Procedures

Actions Before Card is Inserted
1. Get card and if needed cables, patch panels, and cable management
2. Login to switch to check software levels to verify card will be supported and the switch is at the current version levels
3. Schedule Down Time and send an Outage Notice at least a week in advance (the switch may crash or need to be reset)
4. Produce labeling for card
5. If needed, download new software to switch
Actions at Time of Card Insertion
1. Login to the switch through the console port with a PC
2. Check switch status (show vlan, show trunk, show port)
3. Prepare patch panel and cables if needed
4. Install the card (This may reboot the switch)
  - a card insertion message should appear
5. Verify the status of the new module
  CatOS: show text x
  show module
  IOS: show diganostic result module x
  show module
6. Connect the cables to the card and secure
7. Issue the following commands for a module being used for end host connection.
  
  CatOS
  - set port host <mod>/1-48
  - set port qos <mod>/1-48 trust trust-cos
  - set port qos <mod>/1-48 vlan-base
  - set port auxiliaryvlan <mod>/1-48 <campus V-VLAN> cdpverify enable
  - set port jumbo <mod>/1-48 enable (if this is a 1Gig capable module)
  - set errordetection packet-buffer <mod> powercycle
  Issuing the 'set port host' command achieves the same result as if you had entered each of the following commands separately: 'set spantree portfast', 'set trunk off', and 'set channel mode off'. You should do this for all 10/100/1000 ports on all Cisco Catalyst 6500s that you know have only single hosts connected. This solves many potential problems we have seen with hosts (e.g., appletalk problems)
  IOS
  - interface range "gig or faste"<mod>/1-48
  - switchport
  - switchport mode access
  - switchport voice vlan <campus V-VLAN>
  - mls qos vlan-based
  - mtu 9216 (if this is a 1Gig capable module)
  - wrr-queue cos-map 3 3 3 (if this is a WS-X6148A module)
  - no shut
  - exit
  - error-detection packet-buffer action module <mod> reset
8. Label the installed components (card, cables, patch panels)

Adding a Network (IP subnet)

These are the steps you need to go through in order to add a network (new IP subnet):

Check the Subnet and VLAN list to determine the VLAN to use
Choose an unused number, preferably one "next" to an existing number for the customer
The master-network-list file may be incorrect, so you need to verify that the given number is not in use.
Log in to a router and use a show ip route 128.117.x.0 command, where x is the network number.
The router will display information about the route.
-- If the first line says Routing entry for 128.117.0.0/16, then there is no explicit route to the network, and it's not in use.
-- If the first line says anything else, then the route is probably in use, and you should try to allocate a different subnet number.
Add the network to the NND Network Information using the NND's Django Administrative Interface.
NOTE: network name should always end in "net".
Determine whether the network will be at the ML, FL, or CG site. Use the appropriate devices for the campus.
- ML: mlra
  mlrb (ml-243b-c1-gs)
- CG: cgra
  cgrb (cg1-0103-c1-gs)
- FL: flra
  flrb (fl4-1012-c1-gs)
Add router interfaces for the new network
(in this example, the addition of a new ML network is shown along with our current 'standard' interface settings; the important things to note are:
- the 'a' router gets a .253 interface address and the 'b' router gets a .254 interface address
- the 'a' router gets a '101' priority value and the 'b' router defaults to a '100' value
- the standby IP address is the same for each
on mlra:
int vlan241 description --------------------------------------- VLAN 241 (ad1testnet) ip address 128.117.241.253 255.255.255.0 no ip redirects no ip proxy-arp ip pim sparse-dense-mode ip cgmp ntp broadcast standby 1 ip 128.117.241.251 standby 1 priority 101 standby 1 preempt standby 1 authentication Auth

on mlrb:

int vlan241 description --------------------------------------- VLAN 241 (ad1testnet) ip address 128.117.241.254 255.255.255.0 no ip redirects no ip proxy-arp ip pim sparse-dense-mode ip cgmp ntp broadcast standby 1 ip 128.117.241.251 standby 1 preempt standby 1 authentication Auth

Also be sure to do a 'no shutdown' on each of these new interfaces after you've defined them (but before you exit configuration mode); then exit configuration mode and do a 'copy run start'; also note the ip addresses you assigned as part of that last step -- you'll need those numbers to make the DNS request in the next step.

Determine whether you want the the interface to be OSPF passive (on both routers) or not. Our new default is passive-interface, so you only need to specify something here (e.g., "no passive-interface Vlan2" ) if you want it to *not* be passive.
Submit a DSG work request for the DNS part of this--you'll request a DNS entry for each of the following:
- the 'a' router interface; continuing the example above, you'd ask for 'mlra-n241.ucar.edu' for 128.117.241.253
- the 'b' router interface; continuing with the example above, you'd ask for 'mlrb-n241.ucar.edu' for 128.117.241.254
- the network 'default gateway' (router address for nodes on the new network) address; continuing with the example above, you'd ask for 'mlr-n241.ucar.edu' for 128.117.241.251
Add the new VLAN to all the switches on the campus. If you have access to David Mitchell's Python script named edit-vlan.py on the nagman machine, you can do something like
~mitchell/bin/edit-vlan.py add <campus> <vlan id> <vlan name>
to add it for all switches on a campus. If you don't have access to the script, you'll have to manually apply the Adding a VLAN to a Switch procedure on each closet switch, and set the STP root manually as described in the next step.
If you can't run the edit-vlan.py script, or if it produced error messages, you should manually set the spanning tree protocol (STP) root for the VLAN appropriately. For example, if the router interface for the VLAN is on mlra/b, set the STP root to be on mlra with these commands on mlra:
configure terminal spanning-tree vlan <n> priority 8192 end copy running-config startup-config

Replacing a Supervisor Card

Since we have redundant Supervisors in all of our systems, you only need to prep the replacement with the proper CatOS or IOS image. The configuration will be synchronized after insertion in the switch.

Insert the replacment module in a test switch
Connect a terminal or PC to the console port
Copy the proper image to the Sup using a flash card
copy slot0:cat6000-sup2k9.8-4-5.bin bootflash:
or
copy disk0:s3223-ipbasek9-mz.122-33.SXH4.bin sup-bootdisk:
Enter the boot statement to use the correct image
set boot system flash bootflash:cat6000-sup2k9.8-4-5.bin prepend
or
boot system flash sup-bootdisk:s3223-ipbasek9-mz.122-33.SXH4.bin
Reload the supervisor
CatOS: reset system
IOS: reload
Power down the switch and remove the supervisor from the test switch
Remove failed supervisor and replace with configured replacement.
Verify that the supervisor comes online and that syncronization happens

Establishing Etherchannel connections between two ports

Configuring EtherChannels in the Cisco IOS Software is a two-step process: first the ports are assigned to a channel-group and then the virtual interface port-channels are configured. The virtual interface port-channel behaves like a physical interface. In both CatOS and Cisco IOS, all configurations on the port channel interfaces are propagated to the physical interfaces of the port channel. For example, shutting the port channel
interface will shut all physical ports on that port channel. To change parameters of all ports in an EtherChannel, the configuration should be applied to the port channel interface. Although the Cisco IOS Software allows configuration on physical interfaces, the configuration will not be propagated to the port channel bundle. If the interfaces within the bundle are not identical, the channel will not form.

EtherChannels in CatOS and Cisco IOS Software bundle individual Ethernet links into a single logical link to provide bandwidth aggregation and link resilience in a network. Catalyst 6500 Ethernet interfaces support up to eight interfaces per EtherChannel with all interfaces at the same speed: 10,100, 1000 or 10,000 Mbps.

Ports do not have to be contiguous or on the same module, however, the following conditions must be met for the etherchannel to work:

Ports can form an EtherChannel when they are in different PAgP modes as long as the modes are compatible (check documentation for compatible combinations). The default channel mode for a port is auto. In this mode, the port will not initiate the creation of a channel, but will create one if the other end of the link requests it. In 'desirable' mode the port will ask the other end to create a channel, which will succeed if the other end is either 'auto' or 'desirable'. The 'off' mode should be used on host connections to reduce the port startup time. The 'on' mode should never be used as it can cause spanning tree problems. Normally, host ports should be in 'off' and trunks should be in 'auto'. If a channel is desired between two switches, those ports should be manually configured into the same admin group and mode 'desirable'.
Ports on a switch can be combined into an EtherChannel when they are in the same administrative group. Ports on different modules must be manually configured to the same group if a channel is to form.
Assign all ports in an EtherChannel to the same VLAN, or configure them as trunk ports.
If you configure the EtherChannel as a trunk, configure the same trunk mode on all the ports in the EtherChannel. Configuring ports in an EtherChannel in different trunk modes can have unexpected results.
An EtherChannel supports the same allowed range of VLANs on all the ports in a trunking EtherChannel. If the allowed range of VLANs is not the same for a port list, the ports do not form an EtherChannel even when set to the auto or desirable mode with the set port channel command.
Ports with different port path costs, set by the set spantree portcost command, can form an EtherChannel as long they are otherwise compatibly configured. Setting different port path costs does not, by itself, make ports incompatible for the formation of an EtherChannel.
Do not configure the ports in an EtherChannel as dynamic VLAN ports. Doing so can adversely affect switch performance.
An EtherChannel will not form with ports that have different GARP VLAN Registration Protocol (GVRP), GARP Multicast Registration Protocol (GMRP), and quality of service (QoS) configurations.
Configure all ports in an EtherChannel to operate at the same speed and duplex mode.
An EtherChannel will not form with ports where the port security feature is enabled.
You cannot enable the port security feature for ports in an EtherChannel.
An EtherChannel will not form if one of the ports is a SPAN destination port.
An EtherChannel will not form if protocol filtering is set differently on the ports.
Enable all ports in an EtherChannel. If you disable a port in an EtherChannel, it is treated as a link failure and its traffic is transferred to one of the remaining ports in the EtherChannel.

Some notes on EtherChannel:

Date: Thu, 9 Oct 2003 11:07:12 -0600 (MDT)
From: David Mitchell
To: Pete Donnie Sakosky
Cc: ne@ucar.edu
Subject: Re: etherchannel pain in the ---

Here's my understanding for setting up etherchannel.

Every port is in a channel admin group by default. These are high numbered groups of four adjancent ports on a card.

We want the admin groups to be like numbered ports on two different cards, such as 3/3,4/3. I've been using the port numer for the group number. So for ml-50-c1-gs, you should just need to do a "set port channel 3/4,4/4 4" on ml-mr-c1-gs. On the closet switch, a similar command is needed "set port channel 1/1,2/1 1". These commands will bounce all affected ports.

Once the admin group has been created, the configurations of the ports needs to match for the channel to form. The command "show channel group 4 info" will list the status of all relevant config settings. And mis-match in the output of this will keep the channel from forming. Usually this is just the qos settings.

The output of 'show channel' will show the actively channelling ports. Note that the "channel Id" is an arbitrary number that gets assigned to active channels. No idea why they don't just use the admin group numbers.

-David

-------- Original Message -------- Subject: Re: EMERGENCY SERVICE MAINTENANCE: ML-50-C1-GS
Date: Thu, 09 Oct 2003 09:08:22 -0600
From: Pete Donnie Sakosky
To: Jeff Custard

hi jeff,

indeed, there is no etherchannel right now. i was searching for that QoS setting, so thanks for getting that for me. that was one of four problems that wouldn't let me bring up the channel. first was a bad fiber patch, second was the QoS, third was non-matching ISL trunks on ml-50, and fourth was existing etherchannel configuration on ml-mr-c1-gs.

i found out how to fix all of this, but i ran out of window, so i'll have to bring up the channel some other time.

the non-matching ISL trunking was a case of having (on ml-50) 2/1 as negotiate and 1/1 as on. they are both set to "on" now.

the existing etherchannel configuration was tougher to figure out and is what blew the thing this morning. on ml-mr, both 3/4 and 4/4 (which correspond to ml-50 2/1 and 1/1 respectively) were already in separate port channel groups. i found out the hard way that there is no "clear port channel 3/4" command. to remove ports and delete existing channel groups, you need to remove all ports in a channel group- "set port channel x/x-y,x/x mode off". this is non-intuitive and not cool. it also impacts the spanning tree of those other ports in that channel group. i knocked ml-16 off the network for 30 seconds while spanning tree reconverged (but it was within our window).

so, as of now, ports 3/4 and 4/4 on ml-mr are finally not associated with any channel groups. since you got the QoS, here's all that should be needed to bring up etherchannel now-

on ml-mr-c1-gs:
set port channel 3/4,4/4 mode desirable silent

other than that, the OS upgrade was smooth. this was a simple 7P's breakdown with the etherchannel stuff. i'll get it fixed on saturday it sounds like.

donnie

Some Cisco URLs for etherchannel:
http://www.cisco.com/warp/public/473/#EtherChannel

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/channel.htm

Document revision history:

James Van Dyke - February 11, 1999 - Version 3.0
Pete Siemsen - May 4, 1999 - Version 3.1
Pete Siemsen - January 05, 2001 - Version 3.2
Jeff Custard - April 13, 2001 - Version 3.3
Pete Siemsen - April 26, 2001 - Version 3.4
David Mitchell - May 30, 2001 - Version 3.5
Jeff Custard - August 03, 2001 - Version 3.6
Pete Siemsen - September 28, 2001 - Version 3.7
Pete Siemsen - October 12, 2001 - Version 3.8
Jeff Custard - November 01, 2002 - Version 3.9
Jeff Custard - April 11, 2002 - Version 4.0
Jeff Custard - September 09, 2002 - Version 4.1
Jeff Custard - December 18, 2002 - Version 4.2
David Mitchell - February 9, 2004 - Version 4.3
Belinda Housewright - September 29, 2004 - V4.4 - New Remedy form for Adding/Removing switch
Pete Siemsen - Novemberber 8, 2004 - V4.5
Paul Dial- Novemberber 18, 2005 - V4.6
Teresa Shibao - February 23, 2006 - V4.7
Teresa Shibao - July 7, 2006 - V4.8
Pete Siemsen - September 6, 2006 - V4.9
Teresa Shibao - August 23, 2007 - V5.0
Teresa Shibao - August 5, 2009 - V5.1
Teresa Shibao - September 3, 2009 - V5.2 Adding IOS command equivalents
Teresa Shibao - November 6, 2009 - V5.3 additional notes for show and clear counters, CatOS and IOS
Teresa Shibao - September 23, 2010 - V5.4 added QOS config when adding new 1G module
Teresa Shibao - November 2, 2010 - V5.5 added typical configuration examples
Pete Siemsen - September 19, 2011 - V5.6 updated Cisco syntax in the "Adding a Network" section

Address comments or questions about this Web page to the Network Engineering & Telecommunications Section (NETS) at nets-www@ncar.ucar.edu. The NETS is part of the Computational & Information Systems Laboratory (CISL) of the National Center for Atmospheric Research (NCAR), which is sponsored by the National Science Foundation (NSF). Any opinions, findings and conclusions or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. NCAR is managed by the University Corporation for Atmospheric Research (UCAR). This website follows the UCAR General Privacy Policy and the NCAR/UCAR/UCP Terms of Use.