PAgP and LACP – EtherChannel Link Aggregation Protocols

1. What Is Link Aggregation and Why Is It Used?

Link aggregation combines multiple physical Ethernet links between two network devices into a single logical Port-Channel interface. The result is increased bandwidth, improved redundancy, and simplified management — all from the perspective of Spanning Tree Protocol (STP), the aggregated links look like a single link, so no ports are blocked.

  Without link aggregation:             With link aggregation (EtherChannel):
  Switch A ──── Switch B                Switch A ════ Switch B
           ──── (STP blocked)                    ════  (Port-Channel 1)
           ──── (STP blocked)                    ════  all ports active
  Only 1 Gbps usable;                    3 Gbps aggregate bandwidth;
  2 links wasted by STP                  automatic failover if any link drops

Business Reasons for Link Aggregation

Benefit	Detail
Increased aggregate bandwidth	Multiple flows can simultaneously use different member links — 4 × 1 Gbps links carry up to 4 Gbps of aggregate throughput across multiple concurrent flows
Redundancy without STP blocking	STP sees one logical link — all physical ports remain active and carry traffic. If one member link fails, the Port-Channel stays up and traffic redistributes across remaining members with no topology change event
Sub-second failover	Link failure is detected at the physical layer (loss of signal) — failover is faster than STP convergence (no topology change, no listening/learning delay)
Simplified management	One logical interface to manage, monitor, and apply QoS/ACL policies — instead of managing 2–8 individual physical interfaces

2. PAgP — Port Aggregation Protocol (Cisco Proprietary)

PAgP (Port Aggregation Protocol) is Cisco's proprietary link aggregation negotiation protocol. It dynamically negotiates EtherChannel formation between switches by exchanging PAgP PDUs (Protocol Data Units) to confirm that both sides are willing and configured to participate.

PAgP Modes

Mode	Behaviour	Sends PAgP PDUs?	Forms EtherChannel With
Desirable	Actively initiates PAgP negotiation — sends PAgP PDUs to the remote side to form an EtherChannel	Yes	Desirable or Auto
Auto	Passive — listens for PAgP PDUs from the remote side but does not initiate. Only responds if the other side sends PDUs first	No (only responds)	Desirable only (not Auto)
On	Forces EtherChannel without any negotiation protocol — no PAgP PDUs are sent or processed	No	On only (no protocol negotiation)

Auto–Auto does NOT form EtherChannel. Both sides are waiting for the other to initiate — no PDUs are ever sent, so negotiation never happens. At least one side must be desirable. This is a frequent exam trap and a real-world misconfiguration that leaves ports operating as individual links rather than as an EtherChannel.

PAgP PDU Timer

PAgP sends PDUs every 30 seconds by default to maintain the neighbour relationship. If PDUs stop arriving (e.g., link failure), the EtherChannel member is removed from the bundle. PAgP does not support a fast timer like LACP does.

3. LACP — Link Aggregation Control Protocol (IEEE Standard)

LACP (Link Aggregation Control Protocol) is defined by IEEE 802.3ad (later incorporated into IEEE 802.1AX). It is an open standard supported by all major vendors — Cisco, Juniper, Arista, HPE, Brocade, and others. LACP is the recommended protocol for all new EtherChannel deployments.

LACP Modes

Mode	Behaviour	Sends LACP PDUs?	Forms EtherChannel With
Active	Actively initiates LACP negotiation — sends LACPDUs to the remote port. Does not wait for the remote side to initiate.	Yes	Active or Passive
Passive	Passive — listens for LACPDUs from the remote side but does not initiate. Responds when PDUs are received.	No (only responds)	Active only (not Passive)
On	Forces EtherChannel without LACP negotiation — no LACPDUs sent or processed	No	On only (no protocol negotiation)

Passive–Passive does NOT form EtherChannel. Identical to PAgP Auto–Auto — both sides wait, neither initiates, no PDUs are exchanged. At least one side must be active.

LACP Standby Links

LACP uniquely supports hot-standby member links. You can configure up to 16 physical ports in an LACP bundle, with 8 active and 8 in standby. Standby ports are fully negotiated and ready — if an active member link fails, a standby link is promoted to active immediately without any delay or reconfiguration.

! LACP port priority determines which ports are active vs standby
! Lower value = higher priority = more likely to be active
! Default: 32768

Switch(config)# interface GigabitEthernet0/5
Switch(config-if)# lacp port-priority 100    ! Set low value = high priority = stays active

! LACP system priority determines which switch controls port selection
! Lower value = higher priority = controls which ports are active
! Default: 32768

Switch(config)# lacp system-priority 100     ! This switch becomes the LACP controller

4. PAgP vs LACP vs Static — Full Comparison

Feature	PAgP	LACP	Static (On)
Standard	Cisco proprietary	IEEE 802.3ad / 802.1AX — open standard	No protocol — manual configuration
Vendor support	Cisco only	All major vendors (Cisco, Juniper, Arista, HPE, etc.)	Universal — any switch that supports EtherChannel
Modes	Auto, Desirable	Passive, Active	On
Negotiation PDUs	PAgP PDUs (every 30s)	LACPDUs (every 1s fast / 30s slow)	None — no negotiation
Max active links	8	8 active	8 (platform dependent)
Standby links	No	Yes — up to 8 standby (16 total)	No
Misconfiguration detection	Yes — will not form if settings mismatch	Yes — LACPDUs carry system/port info for validation	No — forces EtherChannel regardless; misconfig goes undetected
Recommended for	Legacy Cisco-only environments only	All new deployments; multi-vendor; server connections	Connecting to devices that don't support PAgP or LACP

5. Mode Compatibility Matrix

The EtherChannel only forms when the modes on both sides are compatible. Memorise this matrix — it appears regularly on CCNA exams.

PAgP Compatibility

Switch A Mode	Switch B Mode	EtherChannel Forms?
Desirable	Desirable	Yes ✓ — both actively negotiate
Desirable	Auto	Yes ✓ — Desirable initiates, Auto responds
Auto	Desirable	Yes ✓ — Desirable initiates, Auto responds
Auto	Auto	No ✗ — neither side initiates; no PDUs sent
On	On	Yes ✓ — static, no negotiation
On	Desirable or Auto	No ✗ — On ignores PAgP PDUs; other side expects negotiation

LACP Compatibility

Switch A Mode	Switch B Mode	EtherChannel Forms?
Active	Active	Yes ✓ — both actively negotiate
Active	Passive	Yes ✓ — Active initiates, Passive responds
Passive	Active	Yes ✓ — Active initiates, Passive responds
Passive	Passive	No ✗ — neither side initiates; no LACPDUs sent
On	On	Yes ✓ — static, no negotiation
On	Active or Passive	No ✗ — On ignores LACPDUs; LACP side cannot negotiate

PAgP and LACP cannot interoperate. If one side uses PAgP (desirable/auto) and the other uses LACP (active/passive), no EtherChannel forms — they speak different negotiation protocols. Both sides must use the same protocol, or both must use static (on).

6. EtherChannel Member Port Requirements

Before EtherChannel forms — regardless of whether PAgP, LACP, or static mode is used — all physical member ports must have identical configuration in every relevant parameter. A single mismatch prevents the port from joining the bundle or causes it to be placed in a suspended/error state.

Parameter	Must Match?	Common Mistake
Speed	Yes — all members must run at the same speed	Mixing 100 Mbps and 1 Gbps ports in the same bundle
Duplex	Yes — all must be full-duplex	Auto-negotiation resulting in half-duplex on one port
Switchport mode	Yes — all must be access or all must be trunk	Mixing access and trunk ports in the same group
Access VLAN (if access mode)	Yes — all access ports must be in the same VLAN	Different VLANs on member ports
Allowed VLANs (if trunk mode)	Yes — same allowed VLAN list on all member trunks	Different pruned VLAN lists on member ports
Native VLAN (if trunk)	Yes — must be identical	Different native VLANs causing STP issues
Trunk encapsulation	Yes — must both be dot1q (or ISL, though ISL is deprecated)	One port set to dot1q, another set to negotiate
STP path cost	Should match — inconsistency may prevent bundling	Manually set path costs differing across member ports

Configure the Port-Channel interface, not individual members. Best practice is to configure trunk/access/VLAN settings on the interface port-channel N and let the configuration propagate to member ports. Configuring members directly risks inconsistency and EtherChannel misconfiguration errors.

7. EtherChannel and Spanning Tree Interaction

One of EtherChannel's most important functions is its interaction with STP. When ports are bundled into a Port-Channel, STP treats the entire bundle as a single logical link. This means:

All physical member ports carry traffic simultaneously — STP does not block any of them
STP topology calculations use the Port-Channel's cost (not individual port costs)
If the Port-Channel goes down, STP reconverges as if a single link failed
Adding or removing individual member links does not trigger STP topology changes — the Port-Channel stays up

  STP view of the network:

  Without EtherChannel:           With EtherChannel:
  Root ──────────── SW-A          Root ════════════ SW-A
       ──────────── (blocked)          (one logical link — no blocking)

  STP blocks 2 of 3 links.       All 3 physical links active.
  Only 1 Gbps throughput.         3 Gbps aggregate throughput.

EtherChannel misconfiguration and STP: If EtherChannel is configured on one side but not the other (e.g., Switch A bundles, Switch B sees individual links), a bridging loop can occur. Switch A forwards on all member ports as one logical unit, but Switch B sees multiple separate links — potentially creating a loop. EtherChannel Guard (spanning-tree etherchannel guard misconfig) detects this and err-disables the port to prevent the loop.

8. Complete Configuration Examples

LACP Configuration — Recommended for New Deployments

! ── Switch A ────────────────────────────────────────────────────────────
Switch-A(config)# interface range GigabitEthernet0/1 - 4

! Configure trunk settings on member ports (or on Port-Channel — see tip above)
Switch-A(config-if-range)# switchport mode trunk
Switch-A(config-if-range)# switchport trunk encapsulation dot1q
Switch-A(config-if-range)# switchport trunk allowed vlan 10,20,30
Switch-A(config-if-range)# channel-group 1 mode active      ! LACP active
Switch-A(config-if-range)# exit

! Port-Channel logical interface
Switch-A(config)# interface port-channel 1
Switch-A(config-if)# switchport mode trunk
Switch-A(config-if)# switchport trunk encapsulation dot1q
Switch-A(config-if)# switchport trunk allowed vlan 10,20,30

! Load balancing method (global — affects all EtherChannels)
Switch-A(config)# port-channel load-balance src-dst-ip

! ── Switch B ────────────────────────────────────────────────────────────
Switch-B(config)# interface range GigabitEthernet0/1 - 4
Switch-B(config-if-range)# switchport mode trunk
Switch-B(config-if-range)# switchport trunk encapsulation dot1q
Switch-B(config-if-range)# switchport trunk allowed vlan 10,20,30
Switch-B(config-if-range)# channel-group 1 mode active      ! LACP active (or passive)
Switch-B(config-if-range)# exit

Switch-B(config)# interface port-channel 1
Switch-B(config-if)# switchport mode trunk
Switch-B(config-if)# switchport trunk encapsulation dot1q
Switch-B(config-if)# switchport trunk allowed vlan 10,20,30

Switch-B(config)# port-channel load-balance src-dst-ip

PAgP Configuration — Cisco-Only Legacy Environments

! ── Switch A (Desirable) ─────────────────────────────────────────────────
Switch-A(config)# interface range FastEthernet0/1 - 2
Switch-A(config-if-range)# switchport mode trunk
Switch-A(config-if-range)# channel-group 1 mode desirable   ! PAgP active

! ── Switch B (Auto or Desirable) ─────────────────────────────────────────
Switch-B(config)# interface range FastEthernet0/1 - 2
Switch-B(config-if-range)# switchport mode trunk
Switch-B(config-if-range)# channel-group 1 mode auto        ! PAgP passive
! OR:
Switch-B(config-if-range)# channel-group 1 mode desirable   ! PAgP active (also works)

Static EtherChannel — When Connecting to Non-Cisco Devices

! Static (On) — no negotiation protocol
! BOTH sides must be configured as "on" — mixing "on" with active/passive fails

Switch-A(config)# interface range GigabitEthernet0/1 - 2
Switch-A(config-if-range)# channel-group 1 mode on

Switch-B(config)# interface range GigabitEthernet0/1 - 2
Switch-B(config-if-range)# channel-group 1 mode on

LACP with Standby Links (Advanced)

! Configure 6 ports: 4 active + 2 standby
! LACP selects active ports based on port-priority (lower = higher priority)

Switch-A(config)# interface range GigabitEthernet0/1 - 4
Switch-A(config-if-range)# channel-group 1 mode active
Switch-A(config-if-range)# lacp port-priority 100           ! High priority — stays active
Switch-A(config-if-range)# exit

Switch-A(config)# interface range GigabitEthernet0/5 - 6
Switch-A(config-if-range)# channel-group 1 mode active
Switch-A(config-if-range)# lacp port-priority 32768         ! Default — becomes standby
Switch-A(config-if-range)# exit

! Set system priority to control which switch chooses active ports
Switch-A(config)# lacp system-priority 100    ! Lower value = this switch decides

9. EtherChannel Security — EtherChannel Guard

EtherChannel Guard is a Cisco STP feature that detects and protects against EtherChannel misconfiguration. If a switch detects that its neighbour is treating a bundled Port-Channel as individual links (or vice versa), EtherChannel Guard places the affected ports into an err-disabled state — preventing a potential bridging loop.

! Enable EtherChannel Guard (recommended on all production switches)
Switch(config)# spanning-tree etherchannel guard misconfig

! If a misconfiguration is detected, the port is err-disabled:
! %PM-4-ERR_DISABLE: etherchannel-misconfig error detected on Gi0/1

! To re-enable the port after fixing the misconfiguration:
Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# shutdown
Switch(config-if)# no shutdown

! Or enable automatic recovery:
Switch(config)# errdisable recovery cause etherchannel-misconfig
Switch(config)# errdisable recovery interval 300    ! Re-enable after 300 seconds

When does EtherChannel Guard trigger? It fires when BPDUs arrive on a Port-Channel interface from different bridge IDs on what should be the same link. This indicates that the remote switch is treating the member ports individually (seeing multiple separate paths) while the local switch treats them as a single bundle. The mismatch can cause duplicate frames and STP loops — hence the err-disable response.

Additional Security Best Practices

Only connect trusted, known switches and servers to EtherChannel ports — an attacker with access to a bundled port gains effectively higher bandwidth and a direct trunk link
Use LACP (not static) so misconfigured or rogue devices cannot silently join a bundle without proper negotiation
Apply port security or 802.1X on access-mode Port-Channel interfaces to restrict which MAC addresses can communicate
Document every EtherChannel group, its member ports, and the connected device — configuration drift is harder to detect on logical interfaces

10. Verification and Troubleshooting

Annotated show etherchannel summary Output

Switch# show etherchannel summary

Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        M - not in use, minimum links not met

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+--------------------------------------------
1      Po1(SU)         LACP      Gi0/1(P) Gi0/2(P) Gi0/3(P) Gi0/4(P)

!  Po1(SU) = Port-Channel 1, S=Layer2, U=in use (EtherChannel is up)
!  Gi0/1(P) = GigabitEthernet0/1, P=bundled (active member of port-channel)
!  (I) = stand-alone = port NOT in EtherChannel (mismatch or negotiation failed)
!  (H) = Hot-standby = LACP standby port (ready to become active)
!  (s) = suspended = port config is inconsistent with the port-channel

Troubleshooting Table

Symptom	Likely Cause	Diagnostic & Fix
Ports show "I" (stand-alone) in summary	Mode incompatibility (passive-passive, auto-auto), protocol mismatch (PAgP vs LACP), or "on" mixed with negotiation mode	`show etherchannel summary` — confirm protocol. `show run interface Gi0/1` — check channel-group mode on both sides. Ensure at least one side is active/desirable.
Ports show "s" (suspended) in summary	Physical port configuration mismatch — speed, duplex, VLAN, or trunk settings differ between member ports	`show etherchannel 1 detail` — look for "Incompatible" messages. `show interfaces Gi0/1 trunk` — verify trunk config matches across all members. Ensure all ports have identical settings.
Port-Channel is up but traffic is uneven	Hash imbalance — few unique source/destination pairs for the configured hash method	`show interfaces port-channel 1 etherchannel` — compare per-member counters. Change to `src-dst-ip` or `src-dst-ip-l4port` hashing. Use `test etherchannel load-balance` to verify.
Port err-disabled with "etherchannel-misconfig"	EtherChannel Guard triggered — one side has EtherChannel, other side does not (or different channel-group numbers)	Check remote switch configuration. Ensure both sides use same channel-group number and compatible modes. Fix config, then `shutdown / no shutdown` to re-enable.
EtherChannel flapping (repeatedly up/down)	Unstable physical link, LACP PDU timer expiring, or STP topology change triggered by misconfiguration	`show log` — look for link-up/down and LACP events. Check cable integrity. Verify LACP timers and port-priority settings.
Cannot add more ports to EtherChannel	Reached maximum member limit (8 active for LACP/PAgP; 16 total for LACP) or platform limit	`show etherchannel 1 detail` — check member count. Consider LACP with standby ports if additional redundancy needed.

Full Verification Command Reference

show etherchannel summary              ! Overview of all EtherChannels — flags, protocol, ports
show etherchannel 1 detail             ! Detailed view of group 1 — members, protocol, timers
show etherchannel 1 port-channel       ! Port-Channel logical interface details
show etherchannel load-balance         ! Current hash method for load distribution
show interfaces port-channel 1         ! Port-Channel interface counters (input/output)
show interfaces port-channel 1 etherchannel  ! Per-member traffic counters for balance diagnosis
show interfaces GigabitEthernet0/1 etherchannel  ! Member port EtherChannel status
show lacp neighbor                     ! LACP neighbour info (system ID, port ID, priority)
show lacp internal                     ! Local LACP port states, priorities, timers
show pagp neighbor                     ! PAgP neighbour info
show pagp internal                     ! Local PAgP port states

11. Layer 3 EtherChannel

EtherChannel is not limited to Layer 2 switching. A Layer 3 EtherChannel (routed port-channel) assigns an IP address directly to the Port-Channel interface, enabling it to function as a routed link. This is common in data-centre designs between distribution and core layers where routing (not switching) is desired.

! Layer 3 EtherChannel — routed port-channel with IP address

Switch-A(config)# interface range GigabitEthernet0/1 - 2
Switch-A(config-if-range)# no switchport                 ! Convert to routed port
Switch-A(config-if-range)# channel-group 1 mode active   ! LACP
Switch-A(config-if-range)# exit

Switch-A(config)# interface port-channel 1
Switch-A(config-if)# no switchport                       ! Ensure routed mode
Switch-A(config-if)# ip address 10.1.1.1 255.255.255.252

! Verify — routing table shows directly connected via Port-Channel
Switch-A# show ip route
C   10.1.1.0/30 is directly connected, Port-channel1

Layer 3 EtherChannel and STP: Layer 3 Port-Channels do not run STP — they are routed interfaces. The "R" flag in show etherchannel summary indicates a Layer 3 channel-group: Po1(RU) = Layer 3, in use.

12. When and Where to Use Each Protocol

Scenario	Recommended Protocol	Reason
New Cisco-to-Cisco switch uplink	LACP active	Open standard, better feature set (standby links, system priority), future-proofs if non-Cisco equipment is introduced
Cisco switch to Juniper/Arista/HPE switch	LACP active	Only LACP is universally supported — PAgP is Cisco-only
Server NIC bonding (Linux/Windows)	LACP active	LACP is the standard for server-side 802.3ad bonding; PAgP not supported by server OS bonding drivers
Legacy Cisco-only network, existing PAgP	PAgP desirable (maintain) or migrate to LACP	PAgP still works but migration to LACP is recommended for new links
Connecting to a device that supports neither PAgP nor LACP	Static (On)	No negotiation required — both sides forced. Use with caution: misconfigurations are not detected
High-availability uplinks requiring hot-standby	LACP with port-priority tuning	Only LACP supports standby links that activate automatically on failure

13. Common Misconceptions

"EtherChannel gives every device 4× bandwidth."
EtherChannel increases aggregate bandwidth shared across all flows. A single flow (one TCP session) is still limited to one member link's bandwidth because per-flow hashing always assigns a flow to one physical port. Four 1 Gbps links = 4 Gbps aggregate across many flows, but any one flow maxes out at 1 Gbps.
"LACP Active–Active causes a conflict because both sides are sending PDUs."
Not a problem — Active–Active is actually the most reliable combination. Both sides continuously exchange LACPDUs, providing mutual health monitoring. The PDUs contain port and system information that allows both sides to validate consistency and detect misconfiguration quickly.
"Static EtherChannel is always safer because there's no protocol overhead."
Static (mode on) is riskier, not safer. Without negotiation, mismatched configurations go undetected. One side may have EtherChannel while the other does not — creating a loop that STP cannot catch. LACP's PDU exchange validates that both sides agree on the bundle before carrying traffic.
"You can mix PAgP and LACP on the same EtherChannel."
Impossible — they are completely separate protocols with different PDU formats. One side sends PAgP PDUs, the other expects LACPDUs; neither understands the other's messages and no EtherChannel forms. Both ends of every EtherChannel must use the same protocol.

14. Key Points & Exam Tips

Link aggregation = multiple physical links → one logical Port-Channel. STP sees one link; all members active simultaneously.
PAgP: Cisco proprietary. Modes: Auto (passive) and Desirable (active). Auto–Auto = NO channel.
LACP: IEEE 802.3ad open standard. Modes: Passive (responds only) and Active (initiates). Passive–Passive = NO channel.
Both sides must use the same protocol — PAgP and LACP cannot interoperate.
Mixing On with Active/Passive or Desirable/Auto = NO channel. On–On works (static only).
All member ports must have identical: speed, duplex, switchport mode, VLAN(s), native VLAN, trunk encapsulation.
LACP supports up to 16 ports (8 active + 8 hot-standby). PAgP max = 8 active.
LACP port-priority: lower value = higher priority = more likely to be an active (not standby) member.
EtherChannel Guard: spanning-tree etherchannel guard misconfig — err-disables ports when it detects one side bundled and the other not.
EtherChannel mode recommendation: LACP active for all new deployments. PAgP desirable for legacy Cisco-only. Static only when no protocol is available.
Verification: show etherchannel summary — check flags: P=bundled, I=stand-alone (not in channel), s=suspended (config mismatch), H=hot-standby.

15. PAgP and LACP Quiz

1. Switch A is configured with `channel-group 1 mode passive` on its uplink ports. Switch B is also configured with `channel-group 1 mode passive`. Both switches are directly connected. What state will the EtherChannel be in and why?

A. EtherChannel forms — passive is compatible with passive because both sides are willing to participate B. EtherChannel forms but operates at reduced bandwidth because passive mode limits throughput C. EtherChannel does not form — LACP passive mode only responds to LACPDUs but never initiates; with both sides passive, no PDUs are ever sent and negotiation never starts D. EtherChannel forms after a 30-second delay while both sides wait for PDUs

Correct answer is C. LACP passive mode means the port will not send LACPDUs unless it first receives them from the remote side. With both sides in passive mode, neither sends the first PDU — negotiation never starts and no EtherChannel forms. The ports remain as independent stand-alone links (shown as "I" in

show etherchannel
                  summary

). The fix: change at least one side to active mode. The identical problem applies to PAgP: Auto–Auto also fails for the same reason.

2. An engineer configures Switch A's uplink ports with `channel-group 1 mode desirable` and Switch B's ports with `channel-group 1 mode active`. What happens?

A. EtherChannel forms successfully because desirable and active are both aggressive modes B. EtherChannel forms in degraded mode using whichever protocol wins the negotiation C. Both sides fall back to static mode automatically D. EtherChannel does not form — desirable is PAgP and active is LACP; they are different protocols and cannot interoperate

Correct answer is D. This is a protocol mismatch, not just a mode mismatch. desirable is a PAgP mode; active is a LACP mode. They are entirely different protocols with different PDU formats. Switch A sends PAgP PDUs; Switch B sends LACPDUs. Neither understands the other's PDUs — no EtherChannel forms. For an EtherChannel to form, both sides must use the same protocol: either both PAgP (desirable/auto) or both LACP (active/passive). Never mix protocols on the same EtherChannel.

3. A network engineer is setting up a new EtherChannel between a Cisco Catalyst switch and an Arista EOS switch. Which protocol and mode should be configured on the Cisco side?

A. PAgP desirable — PAgP is Cisco's best link aggregation protocol and should work with Arista B. LACP active — LACP is the open IEEE standard supported by Arista and all other major vendors; PAgP is Cisco-only and will not work C. Static (On) — static mode works with any device and avoids protocol incompatibility issues D. PAgP auto — auto mode is less aggressive and gives the Arista switch time to respond

Correct answer is B. LACP (IEEE 802.3ad) is the only link aggregation negotiation protocol supported across multiple vendors. Arista EOS supports LACP natively. PAgP is Cisco proprietary — Arista has no PAgP implementation, so configuring desirable or auto on the Cisco side would result in PAgP PDUs being sent to a switch that cannot process them. While static (On) would technically work, it provides no negotiation-based misconfiguration detection and is not recommended. LACP active on the Cisco side ensures PDUs are sent first, and Arista responds (passive or active).

4. An engineer adds a new GigabitEthernet port to an existing 3-port EtherChannel. The new port is running at 100 Mbps while the existing ports run at 1 Gbps. What happens?

A. The new port cannot join the EtherChannel — all member ports must run at identical speed; the port will be shown as suspended or stand-alone B. The new port joins and the entire EtherChannel slows down to 100 Mbps to maintain consistency C. The new port joins as a standby link at reduced speed D. The switch auto-negotiates the new port to 1 Gbps to match the existing members

Correct answer is A. All ports in an EtherChannel must operate at the same speed and duplex. A 100 Mbps port cannot join a GigabitEthernet EtherChannel. The port will be placed in a suspended state (shown as "s" in show etherchannel summary) and will not carry traffic. The existing three members continue operating normally. The fix: replace the port with a GigabitEthernet port or ensure auto-negotiation connects at 1 Gbps. This speed requirement applies even for LACP hot-standby ports — all configured members, both active and standby, must have identical speed and duplex.

5. A network administrator sees this output from `show etherchannel summary`:
`1 Po1(SU) LACP Gi0/1(P) Gi0/2(P) Gi0/3(I) Gi0/4(P)`
What does the "I" flag on Gi0/3 indicate, and what should be checked?

A. "I" means Inactive — the port is administratively shut down and needs to be re-enabled B. "I" means Initialising — the port is in the process of joining the EtherChannel C. "I" means stand-alone — Gi0/3 is not bundled into the EtherChannel; check for LACP mode mismatch, physical port config inconsistency (speed/VLAN), or LACP PDU negotiation failure on that port D. "I" means the port is an LACP hot-standby ready to activate when a member fails

Correct answer is C. In EtherChannel summary output, the "I" flag means stand-alone — the port has a channel-group configured but is NOT currently bundled into the EtherChannel. It operates as an independent link. Common causes for Gi0/3 specifically: (1) LACP negotiation failure on that specific port — check show lacp internal and show lacp neighbor for Gi0/3. (2) Physical port configuration mismatch (different VLAN or trunk settings). (3) The remote port's configuration doesn't match. Note: "H" is the hot-standby flag in LACP. Check show etherchannel 1 detail for specific error reasons for Gi0/3.

6. What is the purpose of LACP port-priority, and what does a lower value mean?

A. LACP port-priority sets the physical speed of the port; lower values = slower speed B. LACP port-priority determines which ports are selected as active members vs standby when more ports are configured than the maximum 8 active limit; lower value = higher priority = more likely to be active C. LACP port-priority sets the STP port cost; lower = lower STP cost D. LACP port-priority determines the order in which ports are added to the bundle during initial configuration

Correct answer is B. LACP allows up to 16 physical ports in a bundle (on platforms that support it), but only 8 can be active simultaneously. The remaining ports are in hot-standby (shown as "H" in show etherchannel summary). LACP port-priority (range 1–65535, default 32768) determines which ports are selected as active: the 8 ports with the lowest port-priority values become active members; the rest become standby. If an active port fails, the highest-priority standby port is immediately promoted to active. The switch with the lower LACP system-priority controls which ports are active vs standby — called the "LACP controller".

7. Why is configuring EtherChannel with `mode on` (static) generally considered riskier than using LACP?

A. Static mode uses more CPU resources because it must continuously hash all traffic manually B. Static mode is limited to 2 links while LACP supports up to 16 C. Static mode does not support load balancing across member links D. Static mode has no negotiation to detect mismatches — if one side has EtherChannel and the other does not, a bridging loop can occur that STP may not detect and prevent; LACP validates both sides agree before bundling

Correct answer is D. With LACP, both sides continuously exchange LACPDUs that confirm the bundle is intact and both sides agree on which ports are in the channel. If one side loses EtherChannel configuration (e.g., a reload clears it), LACP on the other side detects the missing PDUs and tears down the bundle — preventing a loop. With static (on), there is no such validation. If Switch A has EtherChannel configured but Switch B does not (e.g., after a reload), Switch A still forwards on all member ports as one bundle, but Switch B sees multiple individual links — potentially creating a bridging loop. EtherChannel Guard helps catch this, but LACP prevents it proactively.

8. A switch logs the following message:
`%PM-4-ERR_DISABLE: etherchannel-misconfig error detected on Gi0/2, putting Gi0/2 in err-disable state`
What caused this and what must be done to resolve it?

A. EtherChannel Guard detected that the remote switch is not bundling these ports (one side has EtherChannel, the other does not); fix the remote switch EtherChannel configuration, then shutdown/no shutdown the port to re-enable B. The port's LACP PDU rate exceeded the allowed limit; change to passive mode to reduce PDU frequency C. The VLAN configuration mismatch was detected by EtherChannel Guard; align the VLAN lists on both sides D. The port was physically damaged and needs replacement

Correct answer is A. The etherchannel-misconfig error-disable is triggered by EtherChannel Guard (spanning-tree etherchannel guard misconfig) when it detects a topology inconsistency — specifically, when BPDUs arrive on a Port-Channel interface from different bridge IDs. This happens when one switch has bundled the ports into an EtherChannel but the remote switch treats them as individual links. To resolve: (1) Identify and fix the remote switch configuration — ensure it has the matching channel-group configuration. (2) Re-enable the err-disabled port: interface Gi0/2 → shutdown → no shutdown. Optionally configure errdisable recovery cause etherchannel-misconfig for automatic recovery after a timeout.

9. An engineer needs to bundle four 1 Gbps uplinks between a distribution switch and a core switch, with two additional ports in hot-standby that automatically activate if any of the four active links fail. Which protocol and configuration achieves this?

A. PAgP desirable with 6 ports — PAgP supports standby links automatically B. Static EtherChannel (mode on) with 6 ports — static mode activates standby links through load balancing C. LACP active with 6 ports in the same channel-group, then set lower port-priority on the 4 preferred active ports so LACP selects them as active and puts the other 2 in hot-standby D. Configure two separate 2-port EtherChannels and use HSRP to switch between them

Correct answer is C. Hot-standby links are exclusively a LACP feature — PAgP and static mode do not support standby ports. LACP allows up to 16 ports in a bundle with 8 active and 8 standby. Configure all 6 ports in channel-group 1 mode active. Then set lower port-priority values (e.g., 100) on the 4 preferred ports — lower priority value = higher priority = selected as active. The 2 ports with default priority (32768) become hot-standby (shown as "H" in show etherchannel summary). When any active port fails, LACP immediately promotes the highest-priority standby port to active — providing instant, automatic failover beyond the 4-link limit.

10. A network engineer is troubleshooting an EtherChannel that formed successfully (Port-Channel shows "SU") but one port in the bundle suddenly appears as "s" (suspended) in `show etherchannel summary` after a VLAN change was made. What is the most likely cause?

A. The port's LACP priority was changed and it was demoted to standby B. The VLAN change made that port's trunk configuration inconsistent with the Port-Channel interface — member port configurations must match the Port-Channel; the mismatch caused the switch to suspend the port from the bundle C. The port was err-disabled by EtherChannel Guard after the VLAN change D. LACP PDUs were interrupted during the VLAN change, causing a negotiation timeout

Correct answer is B. The "s" (suspended) flag means the port has a configuration inconsistency with the Port-Channel interface. This commonly happens when a VLAN change is made on an individual member port (e.g., adding/removing a VLAN from the trunk allowed list on Gi0/3 directly) but not on the Port-Channel interface itself — or vice versa. The switch detects that the member port's effective configuration no longer matches the bundle and suspends it. The fix: make the VLAN change on the Port-Channel interface (interface port-channel 1 → switchport trunk allowed vlan...) which propagates to all members, rather than on individual member ports. Use show etherchannel 1 detail to confirm the specific mismatch.

← Back to Home

PAgP and LACP – EtherChannel Link Aggregation Protocols

1. What Is Link Aggregation and Why Is It Used?

Business Reasons for Link Aggregation

2. PAgP — Port Aggregation Protocol (Cisco Proprietary)

PAgP Modes

PAgP PDU Timer

3. LACP — Link Aggregation Control Protocol (IEEE Standard)

LACP Modes

LACP Standby Links

4. PAgP vs LACP vs Static — Full Comparison

5. Mode Compatibility Matrix

PAgP Compatibility

LACP Compatibility

6. EtherChannel Member Port Requirements

7. EtherChannel and Spanning Tree Interaction

8. Complete Configuration Examples

LACP Configuration — Recommended for New Deployments

PAgP Configuration — Cisco-Only Legacy Environments

Static EtherChannel — When Connecting to Non-Cisco Devices

LACP with Standby Links (Advanced)

9. EtherChannel Security — EtherChannel Guard

Additional Security Best Practices

10. Verification and Troubleshooting

Annotated show etherchannel summary Output

Troubleshooting Table

Full Verification Command Reference

11. Layer 3 EtherChannel

12. When and Where to Use Each Protocol

13. Common Misconceptions

14. Key Points & Exam Tips

15. PAgP and LACP Quiz

1. Switch A is configured with channel-group 1 mode passive on its uplink ports. Switch B is also configured with channel-group 1 mode passive. Both switches are directly connected. What state will the EtherChannel be in and why?

2. An engineer configures Switch A's uplink ports with channel-group 1 mode desirable and Switch B's ports with channel-group 1 mode active. What happens?

3. A network engineer is setting up a new EtherChannel between a Cisco Catalyst switch and an Arista EOS switch. Which protocol and mode should be configured on the Cisco side?

4. An engineer adds a new GigabitEthernet port to an existing 3-port EtherChannel. The new port is running at 100 Mbps while the existing ports run at 1 Gbps. What happens?

5. A network administrator sees this output from show etherchannel summary: 1 Po1(SU) LACP Gi0/1(P) Gi0/2(P) Gi0/3(I) Gi0/4(P) What does the "I" flag on Gi0/3 indicate, and what should be checked?

6. What is the purpose of LACP port-priority, and what does a lower value mean?

7. Why is configuring EtherChannel with mode on (static) generally considered riskier than using LACP?

8. A switch logs the following message: %PM-4-ERR_DISABLE: etherchannel-misconfig error detected on Gi0/2, putting Gi0/2 in err-disable state What caused this and what must be done to resolve it?

9. An engineer needs to bundle four 1 Gbps uplinks between a distribution switch and a core switch, with two additional ports in hot-standby that automatically activate if any of the four active links fail. Which protocol and configuration achieves this?

10. A network engineer is troubleshooting an EtherChannel that formed successfully (Port-Channel shows "SU") but one port in the bundle suddenly appears as "s" (suspended) in show etherchannel summary after a VLAN change was made. What is the most likely cause?

1. Switch A is configured with `channel-group 1 mode passive` on its uplink ports. Switch B is also configured with `channel-group 1 mode passive`. Both switches are directly connected. What state will the EtherChannel be in and why?

2. An engineer configures Switch A's uplink ports with `channel-group 1 mode desirable` and Switch B's ports with `channel-group 1 mode active`. What happens?

5. A network administrator sees this output from `show etherchannel summary`:
`1 Po1(SU) LACP Gi0/1(P) Gi0/2(P) Gi0/3(I) Gi0/4(P)`
What does the "I" flag on Gi0/3 indicate, and what should be checked?

7. Why is configuring EtherChannel with `mode on` (static) generally considered riskier than using LACP?

8. A switch logs the following message:
`%PM-4-ERR_DISABLE: etherchannel-misconfig error detected on Gi0/2, putting Gi0/2 in err-disable state`
What caused this and what must be done to resolve it?

10. A network engineer is troubleshooting an EtherChannel that formed successfully (Port-Channel shows "SU") but one port in the bundle suddenly appears as "s" (suspended) in `show etherchannel summary` after a VLAN change was made. What is the most likely cause?