Let’s say you have a layer 2 firewall and you wish traffic to still be forwarded in the event it fails. One way of achieving this is to use LACP and limit the number of links in the path to one.
! SWITCH1 interface po1 lacp fast-switchover lacp max-bundle 1 ! interface Gi0/1 channel-protocol lacp channel-group 1 mode active ! interface Gi0/2 channel-protocol lacp channel-group 1 mode active lacp port-priority 65535 !
!SWITCH2 interface po2 lacp fast-switchover lacp max-bundle 1 ! interface Gi0/1 channel-protocol lacp channel-group 2 mode active ! interface Gi0/2 channel-protocol lacp channel-group 2 mode active lacp port-priority 65535 !
- The max-bundle command specifies how many active links the channel-group can have, we limit this to one.
- With LACP the priority is a 16 bit number, note that the range is 1 – 64535, no zero for some reason. The default it 32768 (half way up) and a higher priority is worse, so setting the priority on port Gi0/2 on each box to 65535 means those ports won’t be used by default.
- We use lacp fast-switchover for obvious reasons.
Switch1 and Switch2 can be the same device if you use a different VLAN on each etherchannel interface. The frames will get de-tagged when entering Po10 and re-tagged in a different VLAN on ingress to Po20 but that hardly matters as the L2 headers will get stripped right away when they are routed. We do this on our Internet routers to allow us to put a passive tap on our traffic.
This is a nice little trick I’ve seen used when the vendor doesn’t provide a fail active solution. It is reasonably simple and works well.