The Journey of a Network Engineer

Feb 27 2011   7:41AM GMT

Errdisable Port State Recovery on the Cisco IOS

Sulaiman Syed Profile: Sulaiman Syed

Ports in Cisco switches go into errdisable state for various reasons. some reasons are configured such as arp-inspection, bpdugaurd, psecure-violation, etc. While some are turned on by default such as loopback, link-flap, etc. Following the typical default configuration of cisco switch.  Once it goes into errdisable state, the only way to enable the port manually is by shut and no shut command.

Switch#show errdisable recovery
ErrDisable Reason            Timer Status
—————–            ————–
arp-inspection                       Disabled
bpduguard                             Disabled
channel-misconfig (STP)        Disabled
dhcp-rate-limit                     Disabled
dtp-flap                                 Disabled
gbic-invalid                           Disabled
inline-power                          Disabled
l2ptguard                               Disabled
link-flap                                Disabled
mac-limit                              Disabled
loopback                               Disabled
pagp-flap                              Disabled
port-mode-failure                 Disabled
pppoe-ia-rate-limit              Disabled
psecure-violation                 Disabled
security-violation                 Disabled
sfp-config-mismatch          Disabled
small-frame                         Disabled
storm-control                      Disabled
udld                                     Disabled
vmps                                    Disabled

Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:

Since, we have implemented port security, that we limited the number of mac addressed connected to a port (port-security). we wanted to make it possible to recover automatically.  we have added the following commands.

errdisable recovery cause psecure-violation

errdisable recovery interval 14400

This will insure that the port will be automatically up in 4 hrs. which is good enough to shut down the port so the user knows he is doing something wrong. and short enough that it will recover in time so it will not be required for him to contact the administrators.

here is the output as can be seen from the switch after adding the commands.

ErrDisable Reason    Timer Status
—————–    ————–
udld                               Disabled
bpduguard                     Disabled
security-violatio            Disabled
channel-misconfig        Disabled
vmps                             Disabled
pagp-flap                      Disabled
dtp-flap                        Disabled
link-flap                       Disabled
psecure-violation         Enabled
sfp-config-mismat      Disabled
gbic-invalid                 Disabled
dhcp-rate-limit           Disabled
unicast-flood              Disabled
storm-control             Disabled
loopback                    Disabled

Timer interval: 14400 seconds

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: