The content on this page are my notes on objective 1.1.c – Troubleshoot Err-disable Recovery – of the CCNP SWITCH 300-115 Cisco certification. You can view the previous notes for objective 1.1.a – SDM Templates – and 1.1.b – Managing MAC Address Table.
Error Disable Recovery is the act of a switch detecting an error condition and then automatically turns the err-disabled interface back on after a default time. You can specify reasons for an interface to become re-enabled.
When a port goes into err-disabled it will shut down and stop sending and receiving traffic. The LED changes to orange and err-disabled will be shown under the show interfaces command.
The reason why an interface would go into err-disable is because of an error condition. This tells a network engineer there is a problem with the port and prevents the port from causing other ports to fail. Some of the causes for err-disable:
- Bad cable
- Bad network interface card
- Port duplex mismatch
- Port channel misconfiguration
- BPDU guard violation
- UDLD condition
- Late-collision detection
- Link-flap detection
- Security violation
- PAgP flap
- L2TP guard
- DHCP snooping rate-limit
- Incorrect GBIC/SFP module or cable
- ARP Inspection
- Inline power
How do you determine the reason of err-disable
Type the command show errdisable recovery to display the ErrDisable Reason column and find out if you have autorecovery enabled. As you can see in the list below, autorecovery for all the features listed are disabled.
SW#show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- udld Disabled bpduguard Disabled security-violatio Disabled channel-misconfig Disabled vmps Disabled pagp-flap Disabled dtp-flap Disabled link-flap Disabled l2ptguard Disabled psecure-violation Disabled sfp-config-mismat Disabled gbic-invalid Disabled dhcp-rate-limit Disabled unicast-flood Disabled storm-control Disabled arp-inspection Disabled loopback Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: SW#
To enable autorecovery use the following syntax:
errdisable recovery cause cause-name
Commands to use:
show interfaces interface_number status to check the Status column of the switchport.
SW#show interfaces g1/0/13 status Port Name Status Vlan Duplex Speed Type Gi1/0/13 UPLINK notconnect 1 auto auto 10/100/1000BaseTX
show errdisable detect to show the current settings of errdisable. Mainly to check if errdisable detection is enabled for different settings.
SW#show errdisable detect ErrDisable Reason Detection status ----------------- ---------------- udld Enabled bpduguard Enabled security-violatio Enabled channel-misconfig Enabled psecure-violation Enabled vmps Enabled loopback Enabled unicast-flood Enabled pagp-flap Enabled dtp-flap Enabled link-flap Enabled l2ptguard Enabled sfp-config-mismat Enabled gbic-invalid Enabled dhcp-rate-limit Enabled storm-control Enabled ilpower Enabled arp-inspection Enabled community-limit Enabled invalid-policy Enabled
show interfaces status err-disabled will display any interfaces currently in err-disabled status.
The show interfaces command will display whether the port is in error disabled mode.
To reenable an err-disabled port, you must shutdown the port and issue a no shutdown command. To automatically recover you must issue the errdisable recovery interval timer_interval_seconds command.
