How To Fix Error-disabled On Cisco Switch
Contents |
SwitchingSpanning Tree ProtocolTroubleshoot and AlertsConfiguration Example and TechNotes Errdisable Port State Recovery on the Cisco IOS Platforms Download Print Available Languages Download Options PDF (143.8 KB) err-disabled bpduguard View with Adobe Reader on a variety of devices ePub (82.1 KB) err-disabled link-flap View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone Mobi (Kindle) (87.6 KB) View on err-disabled loopback Kindle device or Kindle app on multiple devices Updated:Mar 23, 2016 Document ID:69980 ContentsIntroductionPrerequisitesRequirementsComponents UsedBackground InformationPlatforms That Use ErrdisableErrdisableFunction of ErrdisableCauses of ErrdisableDetermine If Ports Are in the Errdisabled StateDetermine the Reason err-disabled gbic-invalid for the Errdisabled State (Console Messages, Syslog, and the show errdisable recovery Command)Recover a Port from Errdisabled StateCorrect the Root ProblemReenable the Errdisabled PortsVerifyTroubleshootRelated Information Introduction This document defines the errdisabled state, describes how to recover from it, and provides examples of errdisable recovery. This document uses the terms errdisable and error disable interchangeably. Customers often contact Cisco Technical Support when they notice
Err-disabled Psecure-violation
that one or more of their switch ports have become error disabled, which means that the ports have a status of errdisabled. These customers want to know why the error disablement happened and how they can restore the ports to normal. Note: The port status of err-disabled displays in the output of the show interfaces interface_number status command. Prerequisites Requirements There are no specific requirements for this document. Components Used In order to create the examples in this document, you need two Cisco Catalyst 4500/6500 Series Switches (or the equivalent) in a lab environment with cleared configurations. The switches should run Cisco IOSĀ® Software and each switch should have two Fast Ethernet ports that are capable of EtherChannel and PortFast. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Background Information Platforms That Use Errdisable The errdisable feature is supported on these Catalyst switches: Catalyst switches that run Cisco IOS Software
(DNS)Supernetting & CIDRSpanning Tree Protocol (STP)RoutingRouting ProtocolsOSPF Routing ProtocolNetwork Address TranslationVLAN NetworksDesigning VLANsVirtual Trunk Protocol (Cisco VTP)FirewallsPalo Alto FirewallsWAN TechnologiesCiscoCisco RoutersCisco SwitchesCisco VoIP/CCME - CallManagerCisco FirewallsCisco WirelessCisco Services & TechnologiesCisco Authors & CCIE
Enable Errdisable Recovery
InterviewsCisco Data Center User GroupMicrosoftWindows XP, Vista, 7Windows 8 & channel-misconfig (stp) error detected Windows 8.1Windows 2000 ServerWindows 2003 ServerWindows 2012 ServerLinuxIntroduction To LinuxLinux AdministrationSystem and Network ServicesOpenMosix- Linux line protocol is down (err-disabled) SupercomputerMore ContentHot Product ReviewsSecurity ArticlesGFI Network SecurityGFI LanGuard: Network Security ScannerGFI WebMonitor: Web Security & MonitoringE-mail Security White PapersCloud-Based SolutionsFree Security ServicesNetsparker Web Application Security http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html ScannerManageEngineOpManager - Network Monitoring & ManagementOther ArticlesWhitepapersIT Books - Certification Guide ReviewsFCX RelatedFree Cisco LabCisco Password DecoderNetwork ToolsDownloadsForum Tuesday, 18 October 2016 HomeCiscoCisco SwitchesErr-disabled Port State, Enable & Disable Autorecovery Feature Hot Downloads Network Security Scanner Free Download Free Hyper-V & VMware Backup Get 2 VMs for FREE, forever! Free Bandwidth http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/883-cisco-switches-errdisable-autorecovery.html Monitoring Free Download Free Bandwidth Monitoring Free Download Web Monitoring & Security Free Download Free Network Monitoring Manage your Network! Free Bandwidth Monitoring Free Download Network Patch Scanner Free Download Network Security Scanner Free Download Err-disabled Port State, Enable & Disable Autorecovery Feature Written by Administrator. Posted in Cisco Switches - Catalyst / Nexus Switch Configuration 4.34482758621 1 1 1 1 1 Rating 4.34 (29 Votes) TweetErrdisable is a feature that automatically disables a port on a Cisco Catalyst switch.When a port is error disabled, it is effectively shut down and no traffic is sent or received on that port. The error disabled feature is supported on most Catalyst switches running the Cisco IOS software. Including all the following models: Catalyst 2940 / 2950 / 2960 / 2960S Catalyst 3550 / 3560 / 3560-E / 3750 / 3750-E Catalyst 4000 / 4500 / 4507R Catalyst 6000 / 6500 Th
a Catalyst switch, such as the detection of a loopback, UDLD failure, or a broadcast storm. One of the most common causes of error disabling I've seen isn't technically an error, but a http://packetlife.net/blog/2009/sep/14/errdisable-autorecovery/ violation of a port security policy. Port security is a feature which allows for the restriction of incoming MAC addresses on a layer two switched interface. This is handy for mitigating the use of rogue devices customers purchase at Best Buy to help out with your network infrastructure design. In aggressive configurations, only a single MAC address (corresponding to the attached workstation) will be allowed inbound on a port; any other MAC how to address will trigger an error and the port will subsequently be disabled. A default port security policy has been applied to FastEthernet0/1 in this example: interface FastEthernet0/1 switchport access vlan 10 switchport mode access switchport port-security spanning-tree portfast We can verify that the port is currently up and associated with a MAC address. Note that the violation mode is "shutdown." Switch# show port-security interface f0/1 Port Security : Enabled Port Status : Secure-up how to fix Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 001d.60b3.0add:10 Security Violation Count : 0 When a violation is detected, the switch automatically places the port in the "err-disabled" shutdown state. %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001d.60b3.0aff on port FastEthernet0/1. Switch# show interface f0/1 FastEthernet0/1 is down, line protocol is down (err-disabled) ... By default, manual intervention by an administrator is necessary to restore the interface to working order; this can be done by issuing shutdown followed by no shutdown on the interface. The idea behind requiring administrative action is so that a human engineer can intercede, assess, and (ideally) correct the issue. However, some configurations may be prone to accidental violations, and a steady recurrence of these can amount to a huge time sink for the administrative staff. This is where autorecovery can be of great assistance. We can configure the switch to automatically re-enable any error-disabled interfaces after a specified timeout period. This gives the offending issue a chance to be cleared by the user (for example, by removing an unapproved device) without the need for administrative intervention. Switch(c