Profiles can utilize customized port channel configurations as part of their interface settings. Existing port channel profile configurations can be overridden as the become obsolete for specific device deployments.
To define or override a port channel configuration on a profile:
Note
A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.Refer to the following to review existing port channel configurations and their status to determine whether a parameter requires an override:
Name | The port channel's numerical identifier assigned when it was created. The numerical name cannot be modified as part of the edit process. |
Type | Whether the type is port channel. |
Description | A short description (64 characters maximum) describing the port channel or differentiating it from others with similar configurations. |
Admin Status | A green check mark means the listed port channel is active and currently enabled with the profile. A red “X” means the port channel is currently disabled and not available for use. The interface status can be modified with the port channel configuration as required. |
Description | Enter a brief description for the port channel (64 characters maximum). The description should reflect the port channel‘s intended function. |
Admin Status | Select Enabled
to define this port channel as active to the profile it
supports. Select Disabled
to disable this port channel configuration in the profile.
It can be activated at any future time when needed. The default setting is enabled. |
Speed | Select the speed at which the port channel can receive and transmit data. Select either 10 Mbps, 100 Mbps, or1000 Mbps to establish a 10, 100, or 1000 Mbps data transfer rate for the selected half duplex or full duplex transmission. These options are not available if Auto is selected. Select Automatic to allow the port channel to automatically exchange information about data transmission speeds and duplex capabilities. Auto negotiation is helpful in an environment where different devices are connected and disconnected on a regular basis. Automatic is the default setting. |
Duplex | Select half, full, or automatic. Select Half duplex to send data over the port channel, then immediately receive data from the same direction in which the data was transmitted. Like a full-duplex transmission, a half-duplex transmission can carry data in both directions, just not at the same time. Select Full duplex to transmit data to and from the port channel at the same time. Using full duplex, the port channel can send data while receiving data as well. Select Automatic to enable the controller or service platform to dynamically duplex as port channel performance needs dictate. Automatic is the default setting. |
Mode | Select either Access or Trunk to set the VLAN switching mode over the port channel. If Access is selected, the port channel accepts packets only from the native VLAN. Frames are forwarded untagged with no 802.1Q header. All frames received on the port are expected as untagged and are mapped to the native VLAN. If the mode is set to Trunk, the port channel allows packets from a list of VLANs you add to the trunk. A port channel configured as Trunk supports multiple 802.1Q tagged VLANs and one Native VLAN which can be tagged or untagged. Access is the default setting. |
Native VLAN | Use the spinner control to define a numerical Native VLAN ID from 1 - 4094. The native VLAN allows an Ethernet device to associate untagged frames to a VLAN when no 802.1Q frame is included in the frame. Additionally, the native VLAN is the VLAN untagged traffic will be directed over when using trunk mode. The default value is 1. |
Tag the Native VLAN | Select this option to tag the native VLAN. Controllers and service platforms support the IEEE 802.1Q specification for tagging frames and coordinating VLANs between devices. IEEE 802.1Q adds four bytes to each frame identifying the VLAN ID for upstream devices that the frame belongs. If the upstream Ethernet device does not support IEEE 802.1Q tagging, it does not interpret the tagged frames. When VLAN tagging is required between devices, both devices must support tagging and be configured to accept tagged VLANs. When a frame is tagged, a 12-bit frame VLAN ID is added to the 802.1Q header, so upstream Ethernet devices know which VLAN ID the frame belongs to. The device reads the 12-bit VLAN ID and forwards the frame to the appropriate VLAN. When a frame is received with no 802.1Q header, the upstream device classifies the frame using the default or native VLAN assigned to the Trunk port. The native VLAN allows an Ethernet device to associate untagged frames to a VLAN when no 802.1Q frame is included in the frame. This setting is disabled by default. |
Allowed VLANs | Selecting Trunk as the mode enables the Allowed VLANs parameter. Add VLANs that exclusively send packets over the port channel. |
You will use the drop-down menus to select the firewall rules to apply to this profile‘s Ethernet port configuration. The firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances
Trust ARP Responses | Select this option to enable ARP trust on this port. ARP packets received on this port are considered trusted, and the information from these packets is used to identify rogue devices within the network. This option is disabled by default. |
Trust DHCP Responses | Select this option to enable DHCP trust on this port. If enabled, only DHCP responses are trusted and forwarded on this port, and a DHCP server can be connected only to a DHCP trusted port. This option is enabled by default. |
ARP Header Mismatch Validation | Select this option to enable a mismatch check for the source MAC in both the ARP and Ethernet header. This option is enabled by default. |
Trust 802.1p COS values | Select this option to enable 802.1p COS values on this port. This option is enabled by default. |
Trust IP DSCP |
Select this option to enable IP DSCP values on this port. This option is disabled by default. |
Trust ND Requests |
Select this option to enable neighbor discovery (ND) request trust on this port channel (neighbor discovery requests received on this port are considered trusted). Neighbor discovery allows the discovery of an adjacent device‘s MAC addresses, similar to Address Resolution Protocol (ARP) on Ethernet in IPv4. The default value is disabled. |
Trust DHCPv6 Responses |
Select this option to enable DHCPv6 trust. If enabled, only DHCPv6 responses are trusted and forwarded on this port channel, and a DHCPv6 server can be connected only to a trusted port. The default value is enabled. |
ND Header Mismatch Validation | Select this option to enable a mismatch check for the source MAC within the ND header and Link Layer Option. This option is disabled by default. |
RA Guard | Select this option to enable router advertisements or ICMPv6 redirects from this Ethernet port. Router advertisements are periodically sent to hosts or sends in response to solicitation requests. The advertisement includes IPv6 prefixes and other subnet and host information. This option is disabled by default. |
Enable PortFast |
Select this option to enable drop-down menus for the Enable PortFast BPDU Filter and Enable PortFast BPDU Guard options. This setting is disabled by default. |
Enable PortFast BPDU Filter | Enable PortFast to invoke a BPDU filter for this portfast enabled port channel. Enabling the BPDU filter feature ensures this port channel does not transmit or receive any BPDUs. |
Enable PortFast BPDU Guard | Enable PortFast to invoke a BPDU guard for this portfast enabled port channel. Enabling the BPDU Guard feature means this port will shutdown on receiving a BPDU. Hence no BPDUs are processed. |
Enable as Edge Port | Select this option to define this port as an edge port. Using an edge (private) port, you can isolate devices to prevent connectivity over this port channel. This setting is disabled by default. |
Link Type | Select either Point-to-Point or Shared.
When Point-to-Point is selected, the port is
treated as connected to a point-to-point link. Selecting
Shared means this port should be treated as
having a shared connection. A port connected to a hub is on a Sharedlink. A port connected to an access point is a Point-to-Point link. A port connected to a controller or service platform is a Point-to-Point link. Point-to-Point is the default setting. |
Cisco MSTP Interoperability | Enable or Disable interoperability with Cisco‘s version of MSTP over the port. Cisco's version of MSTP is incompatible with standard MSTP. This setting is disabled by default. |
Force Protocol Version | Set the protocol version to either STP(0), Not Supportedd(1), RSTP(2), or MSTP(3). MSTP(3) is the default setting. |
Guard | Determines whether the port channel enforces root bridge placement. Setting the guard to Root ensures the port is a designated port. Typically, each guard root port is a designated port, unless two or more ports (within the root bridge) are connected together. If the bridge receives superior (BPDUs) on a guard root-enabled port, the guard root moves the port to a root-inconsistent STP state. This state is equivalent to a listening state. No data is forwarded across the port. Thus, the guard root enforces the root bridge position. |
The designated cost is the cost for a packet to travel from this port to the root in the MSTP configuration. The slower the media, the higher the cost.
Speed | Default Path Cost |
---|---|
<=100,000 bits/sec | 200000000 |
<=1,000,000 bits/sec | 20000000 |
<=10,000,000 bits/sec | 2000000 |
<=100,000,000 bits/sec | 200000 |
<=1,000,000,000 bits/sec | 20000 |
<=10,000,000,000 bits/sec | 2000 |
<=100,000,000,000 bits/sec | 200 |
<=1,000,000,000,000 bits/sec | 20 |
>1,000,000,000,000 bits/sec | 2 |
Select + Add Row as needed to include additional indexes.