Have you ever had a nightmare where your Cisco switch port suddenly crashed, caught in the inevitable err-disable grip? This article will walk you through the intricacies of err-disable, uncover its causes, and offer powerful recovery solutions.
The port errdisabled is the port that has been disabled by the Cisco switch because an error condition is detected. This error condition can be caused by various factors, such as misconfiguration, loopback, link flapping, security, or protocol violations. Errdisabled ports cannot send or receive data traffic until those ports are manually or automatically reactivated.
Errdisabled ports can cause serious network interference, especially if they are connected to critical devices such as servers, routers, or end devices. Therefore, it is important to know how to address errdisabled ports and prevent them from happening in the future.
In this article, we will discuss the following:
- What are the common causes of errdisabled ports and how to diagnose the problem?
- How to re-enable errdisabled ports manually or automatically by using the errdisable recovery feature.
- How to prevent errdisabled ports by using the errdisable detect and errdisable flap features.
- How to monitor the status of errdisabled ports by using the show interfaces status err-disabled and show errdisable recovery commands.
Common Causes of Errdisabled Ports and How to Diagnose the Problem
Many error conditions can cause a port to become errdisabled on Cisco switches. Some of the most common error conditions are:
- Misconfigurasi: Misconfiguration is a misconfiguration that causes conflicts or incompatibilities between connected ports. For example, if the connected ports have different speeds or duplexes, or if the connected ports have different trunking modes, then those ports can become errdisabled.
- Loopback: Loopback is a condition in which a port receives back packets sent by the port itself. This can happen if there is a cable connected between two ports on the same switch, or if a device sends back packets it receives. Loopbacks can cause network traffic to become excessive and interfere with switch performance.
- Link flapping: Link flapping is a condition in which ports repeatedly rise and fall due to physical or logical interference with the connection. This can be caused by damaged cables, loose connectors, electromagnetic interference, or a faulty device. Link flapping can cause network instability and reduce switch reliability.
- Security: Security is a condition where a port violates the security rules set by the switch. This can happen if an unauthorized device tries to access the network, or if a device tries to perform a network attack. Some security features that can cause a port to become errdisabled are Port Security, 802.1x, DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard.
- Protocol violation: A protocol violation is a condition in which a port violates the protocol rules set by the switch. This can happen if any device does not support or conform to the protocol used by the switch, or if any device sends an invalid or malicious packet. Some protocols that can cause a port to become errdisabled are Spanning Tree Protocol (STP), EtherChannel, UDLD, and VTP.
To diagnose the problem that causes the port to become errdisabled, we can use the show interfaces status err-disabled command on the switch. This command will display a list of ports that are errdisabled and the reason why those ports are disabled. The following is an example output of this command:
Switch# show interfaces status err-disabled Port Name Status Reason Gi1/0/1 err-disabled link-flap Gi1/0/2 err-disabled bpduguard Gi1/0/3 err-disabled psecure-violation Gi1/0/4 err-disabled udld Gi1/0/5 err-disabled channel-misconfig
From the output above, we can see that port Gi1/0/1 becomes errdisabled due to link flapping, port Gi1/0/2 becomes errdisabled due to STP violation, port Gi1/0/3 becomes errdisabled due to Port Security violation, port Gi1/0/4 becomes errdisabled due to UDLD violation, and port Gi1/0/5 becomes errdisabled due to EtherChannel misconfiguration.
In addition, we can also use the show logging command to view log messages related to the errdisabled port. This command will display a historical record of switch activity, including error messages generated by errdisabled ports. The following is an example output of this command:
Switch# show logging ... %PM-4-ERR_DISABLE: link-flap error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/2, putting Gi1/0/2 in err-disable state %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/3, putting Gi1/0/3 in err-disable state %PM-4-ERR_DISABLE: udld error detected on Gi1/0/4, putting Gi1/0/4 in err-disable state %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected on Gi1/0/5, putting Gi1/0/5 in err-disable state ...
From the output above, we can see that the log message shows the reason why the port became errdisabled and the time the error occurred.
Using the above commands, we can find out the common causes of errdisabled ports and how to diagnose the problem. The next step is to re-enable errdisabled ports and prevent them from happening in the future.
How to Re-Enable Errdisabled Ports Manually or Automatically
Once we know the cause of the errdisabled port, we can take steps to resolve the problem and reactivate the port. There are two ways to re-enable errdisabled ports: manually or automatically.
How to Re-Enable Errdisabled Ports Manually
The way to manually re-enable errdisabled ports is to use the shutdown command and no shutdown in interface configuration mode. This command forcibly deactivates and reactivates the port, removing the errdisabled state from that port. The following is an example of using this command:
Switch# configure terminal Switch(config)# interface gigabitethernet 1/0/1 Switch(config-if)# shutdown Switch(config-if)# no shutdown Switch(config-if)# end
The above command will re-enable the Gi1/0/1 port which was errdisabled due to link flapping. However, note that this method is only temporary because the port can revert to errdisabled if the error condition still exists or recurs. Therefore, before manually re-enabling an errdisabled port, we must make sure that the problem that caused the errdisabled port is resolved or prevented.
How to Re-Enable Errdisabled Ports Automatically
The way to re-enable errdisabled ports automatically is to use the errdisable recovery feature on the switch. This feature will allow the switch to re-enable errdisabled ports automatically after a certain time, without the need for manual intervention. This feature can save time and effort in resolving errdisabled ports, especially if there are many ports affected.
To enable the errdisable recovery feature, we must use the commands errdisable recovery cause and errdisable recovery interval in global configuration mode. The errdisable recovery cause command will specify what error conditions this feature can handle, while the errdisable recovery interval command will specify the timeout in seconds before the switch reactivates the errdisabled port. The following is an example of using this command:
Switch# configure terminal Switch(config)# errdisable recovery cause link-flap Switch(config)# errdisable recovery cause bpduguard Switch(config)# errdisable recovery cause psecure-violation Switch(config)# errdisable recovery cause udld Switch(config)# errdisable recovery cause channel-misconfig Switch(config)# errdisable recovery interval 300 Switch(config)# end
The above command will enable errdisable recovery for the five most common error conditions, namely link flapping, STP violation, Port Security violation, UDLD violation, and EtherChannel misconfiguration. In addition, the command will also set a timeout of 300 seconds (5 minutes) before the switch re-enables the errdisabled port.
By using the errdisable recovery feature, we can reduce the negative impact of errdisabled ports and speed up network recovery. However, note that this feature is also only temporary, as the port may revert to errdisabled if the error condition persists or recurs. Therefore, this feature should be used as an emergency solution, not as a permanent solution.
How to Prevent Errdisabled Ports by Using the Errdisable Detect and Errdisable Flap Features
In addition to re-enabling errdisabled ports, we can also prevent errdisabled ports by using the errdisable detect and errdisable flap features on the switch. These features will help us identify and isolate ports that have the potential to cause errors, thereby reducing the risk of errdisabled ports.
How to Prevent Errdisabled Ports by Using the Errdisable Detect Feature
The errdisable detect feature is a feature that will detect error conditions that can cause the port to become errdisabled and give a warning to us. This feature can help us find out which ports are problematic and what causes them, so we can take precautions before they become errdisabled.
To enable the errdisable detect feature, we must use the command errdisable detect cause in global configuration mode. This command will determine what error conditions this feature can detect. The following is an example of using this command:
Switch# configure terminal Switch(config)# errdisable detect cause link-flap Switch(config)# errdisable detect cause bpduguard Switch(config)# errdisable detect cause psecure-violation Switch(config)# errdisable detect cause udld Switch(config)# errdisable detect cause channel-misconfig Switch(config)# end
The above command will enable errdisable detection for five of the most common error conditions, namely link flapping, STP violation, Port Security violation, UDLD violation, and EtherChannel misconfiguration.
After the errdisable detect feature is enabled, the switch will send a warning message to the console or syslog if any port encounters the specified error condition. The following is an example of a warning message generated by this feature:
%PM-4-ERR_DISABLE: link-flap error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/2, putting Gi1/0/2 in err-disable state %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/3, putting Gi1/0/3 in err-disable state %PM-4-ERR_DISABLE: udld error detected on Gi1/0/4, putting Gi1/0/4 in err-disable state %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected on Gi1/0/5, putting Gi1/0/5 in err-disable state
By using the errdisable detect feature, we can find out which ports have the potential to cause errors and take precautions before they become errdisabled.
How to Prevent Errdisabled Ports by Using the Errdisable Flap Feature
The errdisable flap feature is a feature that will isolate ports that repeatedly become errdisabled due to the same error conditions. This feature can help us avoid network interference caused by unstable ports and reduce the burden of switches in reactivating errdisabled ports.
To enable the errdisable flap feature, we must use the command errdisable flap setting in global configuration mode. This command determines the maximum number of errdisabled ports that can be handled by a switch at one time and the time interval in seconds between two ports that are the same errdisabled. The following is an example of using this command:
Switch# configure terminal Switch(config)# errdisable flap setting 10 60 Switch(config)# end
The above command will enable the errdisable flap feature by setting the maximum number of errdisabled ports that a switch can handle at 10 and the time interval between two ports that are errdisabled the same at 60 seconds.
After the errdisable flap feature is enabled, the switch will isolate ports that repeatedly become errdisabled due to the same error conditions in the specified time interval. Isolated ports will not be re-enabled by the switch, even if the errdisable recovery feature is enabled. Isolated ports can only be manually re-enabled by using the shutdown and no shutdown commands. The following is an example of a message generated by this feature:
%PM-4-ERR_RECOVER: Attempting to recover from link-flap err-disable state on Gi1/0/1 %PM-4-ERR_DISABLE: link-flap error detected on %PM-4-ERR_DISABLE: link-flap error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state %PM-4-ERR_DISABLE: Too many link-flap error detected on Gi1/0/1, putting Gi1/0/1 in permanent err-disable state
From the above message, we can see that the Gi1/0/1 port became errdisabled due to link flapping and then isolated by the switch due to too much link flapping occurring within 60 seconds.
By using the errdisable flap feature, we can avoid network interference caused by unstable ports and reduce the burden of switches in reactivating errdisabled ports.
How to Monitor the Status of an Errdisabled Port by Using the Show Interfaces Err-disabled Status and Show Errdisable Recovery Commands
In addition to addressing and preventing errdisabled ports, we can also monitor the status of errdisabled ports by using the show interfaces status err-disabled command and show errdisable recovery on the switch. These commands will display information about the port that is errdisabled and the errdisable recovery feature that is running on the switch.
How to Monitor the Status of an Err-disabled Port by Using the Show Interfaces Err-disabled Status Command
The show interfaces status err-disabled command is a command that will display a list of ports that are errdisabled and the reason why those ports are disabled. This command can help us find out which ports are problematic and what causes them so that we can take corrective or preventive action. The following is an example output of this command:
Switch# show interfaces status err-disabled Port Name Status Reason Gi1/0/1 err-disabled link-flap Gi1/0/2 err-disabled bpduguard Gi1/0/3 err-disabled psecure-violation Gi1/0/4 err-disabled udld Gi1/0/5 err-disabled channel-misconfig
From the output above, we can see that port Gi1/0/1 becomes errdisabled due to link flapping, port Gi1/0/2 becomes errdisabled due to STP violation, port Gi1/0/3 becomes errdisabled due to Port Security violation, port Gi1/0/4 becomes errdisabled due to UDLD violation, and port Gi1/0/5 becomes errdisabled due to EtherChannel misconfiguration.
How to Monitor the Status of an Errdisabled Port by Using the Show Errdisable Recovery Command
The show errdisable recovery command is a command that will display information about the errdisable recovery feature running on the switch. This command can help us find out what error conditions this feature can handle, the wait time before the switch reactivates the errdisabled port, and the recovery status of the errdisabled port. The following is an example output of this command:
Switch# show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- link-flap Enabled bpduguard Enabled psecure-violation Enabled udld Enabled channel-misconfig Enabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) --------- ----------------- -------------- Gi1/0/1 link-flap 120 Gi1/0/2 bpduguard 180 Gi1/0/3 psecure-violation 240 Gi1/0/4 udld 300 Gi1/0/5 channel-misconfig 300
From the output above, we can see that the errdisable recovery feature is enabled for the five most common error conditions, namely link flapping, STP violation, Port Security violation, UDLD violation, and EtherChannel misconfiguration. In addition, we can also see that the wait time before the switch re-enables the errdisabled port is 300 seconds, and the recovery status of the errdisabled port, including the time remaining before the port is reactivated.
Using the above commands, we can monitor the status of the errdisabled port and the errdisable recovery feature running on the switch.
Conclusion
An errdisabled port is a port that has been disabled by the Cisco switch because an error condition is detected. Errdisabled ports can cause serious network interference, especially if they are connected to critical devices such as servers, routers, or end devices. Therefore, it is important to know how to address errdisabled ports and prevent them from happening in the future.
By understanding and applying the concepts we’ve learned, we can better manage errdisabled ports and improve the performance and reliability of our network.