Recently I was asked to configure a switch to be used by our help desk staff for imaging new PC’s via PXE boot in preparation for a desktop roll out. Despite passing a CCNA and having some hands-on experience as a 2-and-a-half-line engineer, getting hands on with something is far more valuable than book theory.
This post aims to give you some best practice tips, links and help you avoid all the pitfalls I met whilst configuring a port channel/etherchannel on a new switch.
The below covers how to create a layer 2 VLAN extension using an etherchannel on a new switch. The etherchannel will link to a ‘main’ switch or incumbent switch, the purpose of doing this was to create a build area for PC’s to PXE boot for imaging in isolation from our production switch.
The encapsulation protocol is LCAP and it also contains some tips for troubleshooting if your etherchannel fails to reach an UP/UP state at both ends.
Part 1 – Switches are just a big text file
The prereqs were as follows –
- Reset the local password (aka password recovery in IOS) and clear the old config.
- Create a Layer 2 Etherchannel (or port-channel, both terms mean the same thing in IOS lingo – thanks Cisco).
- Test it, then light a cigar!
Getting Started/High level steps:
- Plug the switch in. Have a laptop with Z-Term or Putty installed. You’ll also need a console to USB cable because switches are so cool, they don’t use USB or the kind of connection you’d like them to 🙂
- Plug your Console to USB into the Console port on the back of the switch.
- Set your connection settings to 9600/8/1 and press return (if using z-term) if using Putty, select your Serial connection and repeat.
- Once your connected, follow the below blog on how to reset the password. Cisco 3560 Password Reset
- I assume you know a bit of IOS here, if you don’t, just lift it from the attached config at the bottom of the post. The basic steps are:
- Wipe VLAN.dat file – this will clear all stored VLAN information on switch and reload the switch.
- Set the hostname, domain name, and turn off DNSlookup.
- Configure a couple of local user accounts – make sure these match your organizations standardised user accounts.
- Configure the virtual-terminal lines i.e. how the connection behaves when you remote connect via Putty/Z-term connect to the switch.
- Configure the etherchannel, encapsulation protocol, and bundle in the interfaces that will be used in the channel.
The config for setting up an etherchannel on a new switch is pasted at the bottom of this page.
Troubleshooting a Layer 2 Etherchannel
Here’s the annoying stuff that’s going to stop your etherchannel from showing UP/UP at both ends of the link. The attached config bundles 2 interfaces into a port channel using LACP protocol to negotiate the channel. Here’s the pitfalls that caused my Etherchannel to fail:
- Pruning – I only wanted VLAN 100 traffic to be sent along the port channel. By adding pruning via command: switchport trunk allowed vlan 100 I actually caused myself more problems. Try omitting this if your channel fails and instead, allow all VLAN traffic to traverse the link.
- Encapsulation mismatch – When adding an interface into a port-channel, it should inherit the settings of the channel (i.e. it’s access mode will change to trunking and it’s encapsulation method to dot1q). Sometimes this doesn’t work and you need to explicitly set either the interfaces bundled in the port-channel, or the port channel itself to trunk. Also, check the encapsulation method on the port-channel, it should be dot1q. Use the show log command to see encapsulation mis-match errors on interfaces.
- Protocol mismatch – decide between LACP or PAGP and make sure your port-channel is using the agreed protocol at both ends. A mismatch between the encapsulation modes active/passive/on/desirable/auto = fail to trunk.
- The port channel won’t negotiate or LACP fails – Try doing a no shut on the port channel first. Then, no shut against the interfaces that are bundled into the port-channel in unison example: interface range gi01-2 to select your channel member interfaces, then shut , no shut. 99% of the time this put the channel into an UP/UP state.
Config to create an etherchannel on the new switch:
#erase current config#
wr erase or erase startup-config reload
#erase vlan data#
delete flash:vlan.dat reload
#set STP priority to low (highest number) so the switch doesn’t become spanning-tree master for the VLAN instance you’re extending set mode to rapid-pvst. enable portfast (this will force ports to forward as soon as they’re up)#
spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 100 priority 61440 spanning-tree portfast default
#set hostname and domain name, disable DNS lookup#
hostname YOURHOSTNAMEHERE no ip domain-lookup ip domain-name YOURDOMAIN.COM vtp domain VTODOMAINHERE vtp mode transparent
#set ip default gateway – *this is the Default gateway on your management VLAN*#
ip default-gateway XX.XX.XX.XX
#Configure the connection lines e.g. virtual terminal (vty), console, set the timeout, turn off the on-screen logging (logging synchronous) and optionally, set the privilege level for the line. 15=admin, 0=read only 1=user exec#
line con 0 logging synchronous line vty 0 4 exec-timeout 600 0 privilege level 15 logging synchronous length 0 transport input all line vty 5 15 login authentication cisco
#create the desired VLAN the etherchannel will extend, this VLAN should be present on the switch your port channel links to#
vlan 100 desc VDI
#create a new etherchannel 10, (number is unique) set encapsulation and set mode to trunk#
conf t interface Port-channel10 switchport trunk encapsulation dot1q switchport mode trunk
#assign 2xports to port-channel 10, add descriptions and use LACP protocol for the channel (the active statement defines this)#
conf t interface range GigabitEthernet0/23-24 description **Uplink to Adjoining Switch** switchport trunk encapsulation dot1q switchport mode trunk channel-group 10 mode active
#verify etherchannel status, if they show (P) they are bundled into a channel=success,#
show etherchannel summary
#create local user accounts#
conf t username AdminUser privilege 15 secret PasswordHere
#assign the spare ports on your build switch to the VLAN you are creating, set mode to access ports#
int gi1/0/1-22 switchport mode access switchport access vlan 100
#ensure all the access ports have PortFast enabled explicitly on the port (as well as in the aforementioned spanning tree instance). The below may not be accurate#
int range g0/1-22 spanning-tree portfast enable
#write to config#