The err-disabled interface state can be caused by many situations including:
- Bad cabling
- Duplex mismatch
- BPDU guard violation
- Port-Security violation
- Link-flap detection
The complete list is on Cisco's site.
An engineer can recover an interface by entering configuration mode for the interface and issuing the shutdown and then no shutdown commands. By default the interface will remain err-disabled until a human intervenes because auto recovery is disabled as is shown by the following show command.
SWITCH#show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig (STP) Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled inline-power Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled loopback Disabled pagp-flap Disabled port-mode-failure Disabled pppoe-ia-rate-limit Disabled psecure-violation Disabled security-violation Disabled sfp-config-mismatch Disabled small-frame Disabled storm-control Disabled udld Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout:
In some cases, it would be safe to allow the switch to auto recover the interface to up if the condition that caused the err-disabled state has cleared. For this example, let's assume that a port-security violation caused the error (psecure-violation). This is a relatively benign error to auto recover because if the violation still exists, port security will rapidly trip again putting the interface back into err-disabled. The default is that the switch will clear the state after 5 minutes. So to have the switch auto recover the interface the following configuration would need to be added.
Similar commands can be entered for the other reasons listed above in the show command or you can set all reasons to recover by using the keyword all. Be careful where you enable the auto recovery, it might not be your friend on all switches. For example, you wouldn't want a link on a core switch having a problem to start flapping because of auto recovery causing a network convergence every 5 minutes (or whatever you set the timer to).SWITCH# configure terminal SWITCH(conf)#errdisable recovery interval 300 ! Default setting shown for completeness. SWITCH(conf)#errdisable recovery cause psecure-violation SWITCH(conf)#end SWITCH#copy running-config startup-config
No comments:
Post a Comment