Layer 3 EtherChannel on Cisco IOS Switch

Hello Laz.

Yeah, that makes perfect sense. Although using an EC while having one link as standby (thus not using that link nor the load-balancing that EC offers) seems quite rare to me these days. I can’t think of many scenarios where this would be used.

A quick question, though. Is it necessary to have just two links in the EC? It’s not a requirement but I suppose that it makes sense to only use it with 2 since the design includes one link forwarding and one link idling.

That’s all, thanks!

David

Hello David

Yes, I agree with you for the most part. There are other solutions that would probably be better to use for such redundancy. Even setting up an EtherChannel statically would probably be a better choice in many situations. With static EtherChannel, if a physical link fails, the rest of the links will continue to function without disruption. I guess one particular use case is if you have configured a switch to connect to two NICs on a server using LACP. Then using fast switchover is a good idea.

It’s not mandatory in that you can configure an LACP EtherChannel with more than two links and configure fast switchover. However, it is recommended by Cisco that fast switchover be used with only two physical links in the LACP portchannel.

I hope this has been helpful!

Laz

Hi Rene ,

a question please i have configured the layer 3 etherchannel on 2 layer 3 switches using packet tracer , the configuration is valid i am able to ping between the 2 ports , but i added a pc to each end and i am not able to do a ping between them , the PCs and the layer 3 addresses on the switches are on the same ip + subnet ,adding a picture below , if you could explain me what is not right it will be great thank you in advance

image1448×265 14.6 KB

Hello Vladimir

By definition, if you have a layer 3 Etherchannel link, the link between the two switches constitutes a single subnet/broadcast domain because by definition, an L3 Etherchannel link will have an IP address assigned to each end of the link. That means that the PCs must be configured to be on separate subnets. So having all devices on the same IP addressing subnet would not work.

In your diagram, each L3 switch must act as a router, and must have routing configured so that the two PCs will be able to reach each other.

Since you have correctly configured the L3 Ethernet link and you have tested it, to make it your topology work you must ensure the following is also configured:

1. Assign PC1 and PC2 to two separate subnets
2. Create a VLAN interface on each switch that will act as the default gateway for each PC
3. Configure the PCs with the appropriate default gateway
4. Ensure that each L3 switch has routing information about how to reach the subnet of the remote PC

Try it out and let us know your results. Let us know if we can be of any further help as well!

I hope this has been helpful!

Laz

Hi Laz,

I understand now. Yes, it took me a couple of times to read your answer, but I understand each port that is L3 is a broadcast domain of its own. I got it. Thank you so much.

Hello Vladimir

I’m glad it was helpful and understandable! My pleasure!

Laz

Hi,
Why would shaping on a port channel is in suspended mode ? I am encountering such issues in my network, ports have same configs w.r.t duplex, speed etc. Any idea plz ?

Hello Ishtiaqahmed811

When you see traffic shaping in “suspended” mode on a port-channel interface, this usually indicates that the QoS shaping policy cannot be actively enforced by the switch hardware.

In most cases, the suspended state occurs because Cisco switches cannot perform traffic shaping on logical port-channel interfaces due to hardware ASIC limitations. Traffic shaping requires per-port hardware queuing structures and ASIC resources that only exist on physical interfaces, not on logical aggregated interfaces.

When you apply a service-policy with shaping to a port-channel interface, the switch attempts to install this policy into the hardware of the member ports. If the hardware cannot support the requested shaping on the bundled interface construct, the policy installation fails and the switch marks the policy as “suspended” to indicate it is configured but not actively enforced.

Of course, this is just an assumption. Can you send us information about your platform, IOS/IOSXE version, and configuration so that we can confirm this?

I hope this has been helpful!

Laz

Hi @lagapidis thanks for your response. Below is the detail of our platform

PE Side:
IOS-XE software

interface Port-channel4.419
 description | 50MB | ACT | 22/07/2025
 encapsulation dot1Q 419
 ip vrf forwarding TEST
 ip address 192.168.100.1 255.255.255.252
 ip mtu 1500
 service-policy output 50MB_PMAP_OUT
end

Member 0 : GigabitEthernet0/0/4 , Full-duplex, 1000Mb/s
Member 1 : GigabitEthernet0/0/5 , Full-duplex, 1000Mb/s

sh policy-map interface Port-channel4.419
 Port-channel4.419
  Service-policy output: 50MB_PMAP_OUT
    Service policy 50MB_PMAP_OUT is in suspended mode

Switch:
cisco WS-C6506-E (M8572) processor
Members in this channel: Gi1/22 Gi2/22

GigabitEthernet1/22 is up, line protocol is up (connected)
    Description: PE-CE| Prt Channel 4 | GIG0/0/4
  MTU 9216 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 37/255, rxload 43/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 1000BaseLH
  input flow-control is off, output flow-control is on

sh int GigabitEthernet2/22
GigabitEthernet2/22 is up, line protocol is up (connected)
  Hardware is C6k 1000Mb 802.3, address is 001a.2f68.c2c9 (bia 001a.2f68.c2c9)
  Description: PE-CE| Port Channel 4 | GIG0/0/5
  MTU 9216 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 17/255, rxload 62/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 1000Mb/s, media type is 1000BaseLH
  input flow-control is off, output flow-control is on

Hello ishtiaqahmed81

Thanks for this information. I don’t have a definitive answer for you, but I do have some suggested troubleshooting steps that may help you to resolve this.

Since it is the service policy that is in suspended mode, it looks like the router tried to push the QoS policy into hardware for that interface, failed for some reason, and therefore is not enforcing the policy at all on that interface. But traffic is still forwarding, just without the shaping/policing/queuing you’ve configured.

Different platforms will support different methods of QoS for EtherChannel and EtherChannel subinterfaces. You can find some info about this at the following links:

To determine the reason for the suspended mode, it may be a good idea to check out related QoS syslogs using one of the following commands:

show logging | include QoS
show logging | include policy

There, you may find a syslog that gives the reason for the suspended mode.

The other thing you can do is attempt to apply the policy map to a physical interface and see its behavior. Apply it to a PortChannel interface, and then apply it to a portchannel subinterface, just to see where it “breaks”. This can zero in on the circumstances under which the policy becomes suspended.

Your situation is quite specific and deals with a combination of PortChannel configurations, subinterfaces, QoS features, as well as platform-specific and IOS-specific features that can be difficult to decipher. I hope this provides some insight into how to identify the issue. My feeling is that it is a hardware/ASIC limitation for the specific type of QoS being applied to the PortChannel subinterface. But let us know how you get along, and any new information that you may find out from the troubleshooting process.

I hope this has been helpful!

Laz

Hi lagapidis,

I am working on this issue. I will certainly share resolution if I found any.

Regards,