Home > Errdisable Recovery > Catalyst Errdisable Recovery

Catalyst Errdisable Recovery

Subjects Security VPN Security Management Firewalling Intrusion Prevention Systems/IDS AAA, Identity and NAC Physical have a peek at this web-site Security MARS Email Security Web Security Other Subjects

Errdisable Recovery Interval

Service Providers Metro MPLS Voice Over IP XR OS and errdisable recovery cause psecure-violation Platforms Video Other Subjects Collaboration, Voice and Video IP Telephony Video Over IP Jabber Clients bpduguard errdisable Unified Communications Applications TelePresence Digital Media System Contact Center Conferencing UC Migrations Other Subjects Wireless - Mobility Security and Network Management Wireless IP Voice and Video

Link-flap Error Detected On Putting In Err-disable State

Getting Started with Wireless WLCCA Other Subjects Services Cisco ServiceGrid Compliance Management and Configuration Service Connected Analytics Customer Premises Equipment (CPE) Support Data Virtualization Software (CIS) Partner Support Service Smart Call Home Smart Care Smart Net Total Care Operations Exchange Mobile Applications Cisco Proximity Cisco Technical Support Online Tools and Resources Cisco

Errdisable Autorecovery

Bug Discussions Technical Documentation Ideas Cisco CLI Analyzer Support Community Help Data Center Application Centric Infrastructure Application Networking Intelligent Automation Server Networking Storage Networking Unified Computing Wide Area Application Services (WAAS) Other Subjects Small Business Network Storage Routers Security Surveillance Switches Voice and Conferencing Wireless Solutions and Architectures Borderless Networks Collaboration Cisco User Groups Seattle Cisco User Group (SEACUG) Silicon Valley Cisco User Group (SVCUG) Southern California Cisco User Group (SCCUG) Cisco Certifications Cisco.com Idea Center Cisco Cafe Expert Corner Top Contributors Leaderboards Cisco Live! Events Experts Bureau Events Community Corner Awards & Recognition Behind the Scenes Feedback Forum Cisco Certifications Cisco Press Café Cisco On Demand Support & Downloads Community Resources Security Alerts Security Alerts News News Video Cisco Support YouTube Cisco YouTube Blogs Technical Documentation Cisco Products Products Services Services Solutions Solutions Global Support Numbers Login | Register Search form Search Search LAN, Switching and Routing Cisco Support Community Cisco.com

Contents

a Catalyst switch, such as the detection of a loopback, UDLD failure, or a broadcast storm. One of the most errdisable recovery best practice common causes of error disabling I've seen isn't technically an error, but

Errdisable Detect Cause

a violation of a port security policy. Port security is a feature which allows for the restriction of errdisable recovery interval best practice incoming MAC addresses on a layer two switched interface. This is handy for mitigating the use of rogue devices customers purchase at Best Buy to help out with your network https://supportforums.cisco.com/document/18706/recovering-errdisabled-port-due-misconfiguration infrastructure design. In aggressive configurations, only a single MAC address (corresponding to the attached workstation) will be allowed inbound on a port; any other MAC address will trigger an error and the port will subsequently be disabled. A default port security policy has been applied to FastEthernet0/1 in this example: interface FastEthernet0/1 switchport access vlan 10 switchport mode access switchport http://packetlife.net/blog/2009/sep/14/errdisable-autorecovery/ port-security spanning-tree portfast We can verify that the port is currently up and associated with a MAC address. Note that the violation mode is "shutdown." Switch# show port-security interface f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 001d.60b3.0add:10 Security Violation Count : 0 When a violation is detected, the switch automatically places the port in the "err-disabled" shutdown state. %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001d.60b3.0aff on port FastEthernet0/1. Switch# show interface f0/1 FastEthernet0/1 is down, line protocol is down (err-disabled) ... By default, manual intervention by an administrator is necessary to restore the interface to working order; this can be done by issuing shutdown followed by no shutdown on the interface. The idea behind requiring administrative action is so that a human engineer can intercede, assess, and (ideally) correct the issue. Howeve

? Ask a question, help others, and get answers from the community Discussions Start a thread and discuss today's topics with top experts Blogs Read the latest tech blogs written http://itknowledgeexchange.techtarget.com/network-technologies/what-is-the-link-flap-error-in-cisco-switches/ by experienced community members >>VIEW ALL POSTS Network technologies and trends « How to change an IP address in a HP Procurve Switch What is Service timestamps logging, and how it can be configured Cisco Switch or a Router? » Aug 17 2008 5:55AM GMT What is the Link-flap error in Cisco Switches? Yasir Irfan Profile: Yasir Irfan Link flap means Errdisable Recovery that the interface continually goes up and down in a Cisco Switch. The interface is put into the errdisabled state if it flaps more than five times in 10 seconds. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch, or bad Gigabit Interface Converter (GBIC) card. Look at the console messages or the errdisable recovery interval messages that were sent to the syslog server that state the reason for the port shutdown. 13w0d: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/28, putting Fa0/28 in err-disable state  Issue this command in order to view the flap values: SRCL-ONC-3550-AS01# sho errdisable flap-values  ErrDisable Reason    Flaps     Time (sec) -----------        ----   -------

pagp-flap                        3       30 dtp-flap                           3       30 link-flap                           5       10 SRCL-ONC-3550-AS01#  The interface can be recovered from errdisable state by reenabling the port using the errdisable recovery cause link-flap. This command is used to configure the recovery mechanism so that the interface can be brought out of the disabled state and allowed to try again. You can also set the time interval. Errdisable recovery is disabled by default in Cisco Switches; when enabled, the default time interval is 300 seconds. Once you enable the errdisable state you can see the following log in the Cisco switch which is trying to recover the error disable interface (link-flap error) 13w0d: %PM-4-ERR_RECOVER: Attempting to recover from link-flap err-disable state on Fa0/28 Comment RSS Feed Email a friend  Comment on this Post There was an error pro