So you have configured port-security on one of your ports and we all know that by default if the violation occurs, the port will be put in shutdown-errdisable mode. One way to get the port back up is to do a manual shut-noshut on it. In today’s world, this might become an administrative nightmare.
What you can also do is configure automatic recovery of the port by using the global config command “errdisable”. This will let you define a “cause” and then modify the interval. Let’s take a look at all the “causes” or “errors” that we can recover the port from:
 RSRack1SW1(config)#errdisable recovery cause ?
 all                 Enable timer to recover from all error causes
 arp-inspection      Enable timer to recover from arp inspection error
                      disable state
 bpduguard           Enable timer to recover from BPDU Guard error
 channel-misconfig   Enable timer to recover from channel misconfig error
 dhcp-rate-limit     Enable timer to recover from dhcp-rate-limit error
 dtp-flap            Enable timer to recover from dtp-flap error
 gbic-invalid        Enable timer to recover from invalid GBIC error
 inline-power        Enable timer to recover from inline-power error
 l2ptguard           Enable timer to recover from l2protocol-tunnel error
 link-flap           Enable timer to recover from link-flap error
 loopback            Enable timer to recover from loopback error
 mac-limit           Enable timer to recover from mac limit disable state
 pagp-flap           Enable timer to recover from pagp-flap error
 port-mode-failure   Enable timer to recover from port mode change failure
 psecure-violation   Enable timer to recover from psecure violation error
 security-violation  Enable timer to recover from 802.1x violation error
 sfp-config-mismatch Enable timer to recover from SFP config mismatch error
 small-frame         Enable timer to recover from small frame error
 storm-control       Enable timer to recover from storm-control error
 udld                Enable timer to recover from udld error
 vmps                Enable timer to recover from vmps shutdown error
In my case, I was working with a port-security violation so I picked psecure-violation option. Once you choose the cause, then you can even specify the number of seconds after which the port will be enabled. pretty cool eh?
RSRack1SW1(config)#errdisable recovery cause psecure-violation
RSRack1SW1(config)#errdisable recovery interval ?
 <30-86400> timer-interval(sec)RSRack1SW1(config)#errdisable recovery interval 60
I think this is pretty neat and worth thinking about when you are dealing with port-security in the real network.
About CCIETalk
I really like this feature, best tool to find out who wants to build their own network by putting in a foreign switch…
is this applicable if the client/suplicant connect through AP
I have not tested that. You are more than welcome to take a stab at it
very usefull tips.. thanks alot..