Layer 2 Etherchannels, like any protocol, have their pro’s and con’s. Using layer 2 extends Spanning Tree Protocol (STP) over the Etherchannel, which can have adverse effects if you’re not careful.

Take for example the following topology crudely drawn in paint.

Etherchannel - STP

SW1 is the STP  root bridge because it has the lowest bridge ID priority, so ports fa0/1 – 3 are designated ports, and are all in the Forwarding state.

When SW2 creates a layer 2 Etherchannel with SW1, ports fa0/1 – 3 aggregate and become a singular Root Port (RP). If SW1 is not participating in the Etherchannel, a layer 2 loop occurs because both SW1 and SW2 have their ports in a forwarding state.

Etherchannel - STP1

A feature called Etherchannel Misconfiguration Guard (EMG) will intervene when the above topology is detected.

  • If the switch supports EMG, it is on by default.
  • To enable EMG, it is done in global configuration mode using spanning-tree etherchannel guard misconfig
  • Works regardless of STP version (PVST, RST, MST etc..)

How EMG works is by looking at the Port-ID of the incoming BPDU from an adjacent switch. Lets take a brief moment to look at a BPDU frame  so we can further understand how EMG works.


When a port forwards/sends a BPDU, it will attach it’s sending port into the BPDU frame under the ‘Port Identifier’ field.  Because Etherchannel bonds each interface, the Port Identifer will remain only show one port out of the 3 ports. On the receiving end, it will receive three BPDU’s with different PID’s  because the Root Bridge is not part of the Etherchannel. SW2 knows because it is running Etherchannel on it’s ports that only 1 PID should be received, and puts the port-channel into an err-disabled state.

About The Author

Timothy started his networking career in 2014, working for one of the largest telecommunication operators in Australia. He has a passion for networking and cyber security. When he's not working, he's obsessing over German Shepherd Dogs.