Ether Channel

QAS · ‎02-20-2025

I have an ether channel configured on a 4441 router which consists of two physical ports.

each of these ports is plugged in to a separate switch.

the issue I have is if I plug a laptop in to one of the devices, Switch A, I can access the internet, if I then move the device to the other switch, Switch B, I lose all internet connection, can’t even ping the router.

where it gets odd is if I then power off Switch A everything resumes to work correctly.

If power switch A back on and all works ok until I move the device from Switch B to Switch A and then I lose connectivity again. I can move then move the device back to Switch A and it resumes connectivity.

i think this is something wrong in the configuration on the router and feels like it only routes traffic down one of the ether channels at a time and cannot see when a device has moved between the ports.

i don’t have direct access to the router as it is managed but struggling to get and sense from the engineer who co figured it.

i have a diagram of the setup which may help.

any suggestion would be very much appreciated.

MHM Cisco World · ‎02-20-2025

These SW is stack?

MHM

QAS · ‎02-20-2025

No switches aren’t stacked

also, if I add a cable between the switches the issue goes away. Although I don’t think that’s the correct configuration.

MHM Cisco World · ‎02-20-2025

one PO with two interface and connect to two different SW (not run stack) will lead to issue sure.

this connection not work

MHM

Joseph W. Doherty · ‎02-20-2025

As already implied by @MHM Cisco World yours is an invalid configuration.

Generally, for Cisco Multi Chassis Etherchannel (MEC), all member links must terminate on the same logical device. One exception is Cisco Nexus virtual port channel (vPC), but there's special pairing to support that too.

QAS · ‎02-20-2025

Thanks for the replies

i have now configured the switches in a stack and configured four Trunks, one for each of the firewalls and cisco routers.

I can see the trunks are active to the firewalls and their partner status is ok, but to the Cisco routers they do not seem to be communicating correctly.

This is the config I have been sent from one of the routers.

LGFL-13196-RC1#show etherchannel summary
Flags: D - down        P/bndl - bundled in port-channel
        I - stand-alone s/susp - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
10 Po10(RU) Gi0/0/0(P) Gi0/0/3(D)

RU - L3 port-channel UP State
SU - L2 port-channel UP state
P/bndl - Bundled
S/susp - Suspended

LGFL-13196-RC1#
LGFL-13196-RC1#sh run int po10
Building configuration...

Current configuration : 407 bytes
!
interface Port-channel10
description Not Managed - Customer LAN - RawInternet
ip vrf forwarding Raw_Internet
ip address 5.150.65.140 255.255.255.240
no ip redirects
no ip proxy-arp
ip access-group 187 in
standby 10 ip 5.150.65.142
standby 10 priority 105
standby 10 preempt
standby 10 track 1 decrement 30
no negotiation auto
end

LGFL-13196-RC1#show run int gi0/0/0
Building configuration...

Current configuration : 313 bytes
!
interface GigabitEthernet0/0/0
description Not Managed - Customer LAN - RawInternet - Port-channel10
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group 187 in
logging event subif-link-status
negotiation auto
snmp ifindex persist
channel-group 10 <<<<<<<<<
hold-queue 100 out
end

LGFL-13196-RC1#show run int gi0/0/3
Building configuration...

Current configuration : 328 bytes
!
interface GigabitEthernet0/0/3
description Not Managed - Customer LAN - RawInternet - Port-channel10
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group 187 in
logging event subif-link-status
negotiation auto
no cdp enable
snmp ifindex persist
channel-group 10 <<<<<<<<<
hold-queue 100 out
end

MHM Cisco World · ‎02-21-2025

Are you use mode ON in both sides ??

MHM

vishalbhandari · ‎02-20-2025

@QAS Your issue sounds like a problem with EtherChannel load balancing or Spanning Tree Protocol (STP) behavior on the switches. Based on your diagram and description:

Possible Cause - EtherChannel Misconfiguration:
- If the router's EtherChannel is using mode ON (static) while the switches are using LACP (active/passive) or PAgP, this could cause traffic to be sent only through one link.
- If the load-balancing method is based on source MAC and your laptop keeps the same MAC when switching between switches, the router might not be updating its forwarding table properly.
Possible Cause - STP Blocking:
- Since you mentioned that powering off Switch A makes everything work, it's possible that STP is blocking the port on Switch B when both switches are active.
- Check if one of the EtherChannel links is in a blocking state due to spanning tree.

Quick Checks:

Verify EtherChannel Mode: Ensure both router and switches use the same protocol (LACP or static).
Check Load Balancing Method: If MAC-based, try changing it to IP-based (port-channel load-balance src-dst-ip).
Check STP Status: On both switches, run show spanning-tree to see if any ports are in blocking state.
Verify MAC Table: Run show mac address-table on the switches to confirm where the laptop’s MAC address is being learned.

This is likely a configuration issue on the router or switches, but STP behavior suggests that only one path is forwarding at a time.