VLAN Design
Etherchannel
Review: Private VLANS



Used by Service providers to deploy host services and
network access where all devices reside in the same subnet
but only communicate to a default gateway, backup servers,
or another network.
Catalyst 6500/4500/3650 switches implement private
PVLANs, whereas the 2950 and 3550 support “protected
ports,” which is functionality similar to PVLANs on a perswitch basis.
Advantages of pVLANs include:
1.
2.
3.
Provides Security
Reduces the number of IP subnets
Reduces the VLANs’ utilisation by isolating traffic between
network devices residing in the same VLAN
Private VLANs
192.168.10.2/24
Fa0/2
Secondary
VLAN 10
(Community)
Computer
Yes
Fa0/3
Computer
192.168.10.3/24
192.168.10.4/24
Fa0/4
Secondary
VLAN 30
(Isolated)
Fa0/1
Computer
No
Fa0/5
Computer
192.168.10.5/24
192.168.10.6/24
Fa0/6
Secondary
VLAN 20
(Community)
192.168.10.1/24
Computer
Yes
Fa0/7
Computer
192.168.10.7/24
No
R1
Primary VLAN 100
(Promiscuous)
Private VLAN Configuration
Create Private VLANs:

DLS2(config)#vtp mode transparent

DLS2(config)#vlan 10

DLS2(config-vlan)#private-vlan community

DLS2(config)#vlan 20

DLS2(config-vlan)#private-vlan community

DLS2(config)#vlan 30

DLS2(config-vlan)#private-vlan isolated

DLS2(config-vlan)#exit

DLS2(config)#vlan 100

DLS2(config-vlan)#private-vlan primary

DLS2(config-vlan)#private-vlan association 10,20,30
Private VLAN Configuration
Populate Private VLANs:

DLS2(config)#int fa0/1

DLS2(config)# switchport mode private-vlan promiscuous

DLS2(config)# switchport private-vlan mapping 100 10,20,30

DLS2(config)# int fa0/2

DLS2(config)# switchport mode private-vlan host

DLS2(config)# switchport private-vlan host-association 100 10
Verify Private VLANs:
S1#show vlan private-vlan
S1#show interface switchport fa0/2
Link Aggregation With EtherChannel
STP with no
EtherChannel
•All the links between access
and distribution switches
are bundled into
EtherChannel and in
forwarding mode.
•EtherChannel is a technology that
was originally developed by Cisco as a
LAN switch-to-switch technique of
grouping several Fast or Gigabit
Ethernet ports into one logical
channel.
STP with
EtherChannel
Link Aggregation With EtherChannel
S3
S1
•Allows for the creation of a very-highbandwidth logical link
•Load balances amongst the physical links
involved
•Provides automatic failover
S2
•Simplifies subsequent logical configuration
(configuration is per logical link instead of
per physical link)
•EtherChannel bundles individual Ethernet links into a single logical link that
provides bandwidth up to 1600 Mbps (Fast EtherChannel, full duplex) or 16 Gbps
(Gigabit EtherChannel) between two Cisco Catalyst switches.
•All interfaces in each EtherChannel must be the same speed and duplex, and
both ends of the channel must be configured as either a Layer 2 or Layer 3
interface.
EtherChannel Load Balancing
S3
Po2
S1
Po1
Fa0/1
Fa0/1
Fa0/2
Fa0/2
•EtherChannel balances the traffic load
across the links in a channel by XORing
last part of the addresses in the frame to a
numerical value that selects one of the links
in the channel.
Po3
•EtherChannel load balancing on L2-only
switches can use either source-MAC or
destination-MAC address forwarding.
S2address
src-mac: Source MAC
dst-mac: Destination MAC address
src-dst-mac: Source and destination MAC
addresses
src-ip: Source IP address
dst-ip: Destination IP address
src-dst-ip: Source and destination IP
addresses (default)
src-port: Source TCP/User Datagram
Protocol (UDP) port
dst-port: Destination TCP/UDP port
src-dst-port: Source and destination
TCP/UDP ports
S1(config)#port-channel load-balance src-dst-port
Configuring EtherChannel

Cisco’s proprietary Port Aggregation Protocol (PAgP) and the IEEE standard Link
Aggregation Protocol (LACP) automatically create bundled Ethernet links.

PAgP packets are sent between Fast EtherChannel-capable ports in order to
negotiate the forming of a channel. When PAgP identifies matched Ethernet links,
PAgP groups the links into an EtherChannel.The EtherChannel is then added to the
spanning tree as a single bridge port.

Link Aggregation Control Protocol (LACP) is part of an IEEE specification (802.3ad)
that allows several physical ports to be bundled together to form a single logical
channel. LACP allows a switch to negotiate an automatic bundle by sending LACP
packets to the peer.

LACP performs a similar function as Port Aggregation Protocol (PAgP) with Cisco
EtherChannel. Because LACP is an IEEE standard, it can be used to facilitate
EtherChannels in mixed switch environments.
EtherChannel Configuration Commands
PAgP
LACP
EtherChannel Considerations
• EtherChannel support: no requirement that interfaces in the
EtherChannel be physically contiguous or on the same module.
• Speed and duplex: Configure all interfaces in an EtherChannel to
operate at the same speed and in the same duplex mode.
• Switched port analyzer (SPAN): An EtherChannel does not form if one
of the interfaces is a SPAN destination port.
• Layer 3 EtherChannels: Assign Layer 3 addresses to the port-channel
logical interface, not to the physical interfaces in the channel.
• VLAN match: All interfaces in the EtherChannel bundle must be
assigned to the same VLAN or be configured as a trunk.
• Range of VLANs: An EtherChannel supports the same allowed range
of VLANs on all the interfaces in a trunking Layer 2 EtherChannel.
• STP path cost: Interfaces with different STP port path costs can form
an EtherChannel as long as they are otherwise compatibly configured.
• Port channel vs interface configuration: any configuration that applied
to the port-channel interface affects the EtherChannel. Any
Link Aggregation With PAgP
S3
S1
Po1
Fa0/1
Fa0/1
Fa0/2
Fa0/2
Po2
Po3
S2
S1(config-if-range )#interface range fa0/1 – 2
S1(config-if-range )#channel-protocol pagp
S1(config-if-range )#channel-group 1 mode on
S1#sh etherchannel summary
Flags: D - down
P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators:
1
Group Port-channel Protocol Ports
------+-------------+-----------+------------------------------------------1
Po1(SU)
PAgP Fa0/1(P) Fa0/2(P)
Link Aggregation With PAgP
S3
S1
Po1
Fa0/1
Fa0/1
Fa0/2
Fa0/2
Po2
Po3
S2
S1(config)# interface range fa0/1 - 2
S1(config-if-range)# no switchport
S1(config-if-range)# channel-group 1 mode desirable
S1(config-if-range)# interface port-channel 1
S1(config-if)# no switchport
S1(config-if)# ip address 10.0.0.1 255.255.255.0
S1#sh etherchannel summary
Flags: D - down
P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators:
1
Group Port-channel Protocol Ports
------+-------------+-----------+------------------------------------------1
Po1(RU)
PAgP Fa0/1(P) Fa0/2(P)
Link Aggregation With LACP
S1
S2
Po1
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Default System Priority = 32768
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Default System Priority = 32768
•LACP requires one switch to make all the decisions about the LACP
channels.
• This is based on the lowest MAC address if default system priority is
not configured.
S1(config)# lacp system-priority 100
S1(config-if-range
S1(config-if-range
S1(config-if-range
S1(config-if-range
)#interface range fa0/1 – 2
)#channel-protocol lacp
)#channel-group 1 mode active
)#lacp port-priority 100
S1(config-if-range )# interface range fa0/3-4
S1(config-if-range )#channel-protocol lacp
S1(config-if-range )#channel-group 1 mode active