RE: disablng etherchannel on a switchport

From: keith tokash (ktokash@hotmail.com)
Date: Fri Jan 11 2008 - 03:46:10 ARST

• Next message: sheherezada@gmail.com: "CCDE beta still taking people?"
• Previous message: bipin.atyale@hotmail.com: "Re: CCIE #19769"
• Maybe in reply to: marc fernandez: "disablng etherchannel on a switchport"
• Next in thread: bipin.atyale@hotmail.com: "Re: disablng etherchannel on a switchport"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm not sure I follow. Do you want to set up etherchannel with the server and
just disable negotiation or do you want to ensure that etherchannel never
happens?

If the former, the command is actually "channel-g # mode on". We use that
with end hosts, and even use portfast (with bpduguard of course). Works
fine.

If the latter, you can shut off all unused ports and just leave that server
one, but the server guys can unplug other stuff. If they need two NICs in
separate VLANs just give them exactly that. You can't stop them from setting
up etherchannel on their end, but if they do and it jacks up STP it will be
really obvious, and it won't work the way they intend. I've never plugged a
pair of etherchanneled host ports into a non-channeled switch so I'm not sure
how that would play out (mental note: trick host guy into channeling two
NICs), but if they're trunk ports you have some protection. I've seen this in
a live network and it does work nicely, catching the problem in 30-60
seconds.

Do a "sh errdisable detect" on the switch.

Rack1SW1#sh errdisable detect
ErrDisable Reason Detection status
----------------- ----------------
udld Enabled
bpduguard Enabled
security-violatio Enabled
channel-misconfig Enabled <-- Here's your Huckleberry
psecure-violation Enabled
vmps Enabled
loopback Enabled
unicast-flood Enabled
pagp-flap Enabled
dtp-flap Enabled
link-flap Enabled
l2ptguard Enabled
sfp-config-mismat Enabled
gbic-invalid Enabled
dhcp-rate-limit Enabled
storm-control Enabled
ilpower Enabled
arp-inspection Enabled
community-limit Enabled
invalid-policy Enabled

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806
cd87b.shtml#topicsub1

With a few exceptions, secrecy is deeply incompatible with democracy and with
science.
        --Carl Sagan

> Date: Wed, 9 Jan 2008 22:27:14 -0800
> From: mag08036@yahoo.com
> Subject: disablng etherchannel on a switchport
> To: ccielab@groupstudy.com
>
> Does anyone know what the best practice would be for the following scenario.
I have a server, two nic cards connected to two different switchports. This
server has the capability to do etherchannel. I need to make sure the server
admins do not try to negotiate an etherchannel with the switch. Is there a way
to prevent this besides channel-group # mode off? Any advice or links on
documenation is greatly appreciated
>
> Regards,
>
>
> ---------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: sheherezada@gmail.com: "CCDE beta still taking people?"
• Previous message: bipin.atyale@hotmail.com: "Re: CCIE #19769"
• Maybe in reply to: marc fernandez: "disablng etherchannel on a switchport"
• Next in thread: bipin.atyale@hotmail.com: "Re: disablng etherchannel on a switchport"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST