How to re-enable an Errdisable port?

Bridging & Switching, Security — By CCIETalk on September 25, 2008 at 5:34 pm

So you have configured port-security on one of your ports and we all know that by default if the violation occurs, the port will be put in shutdown-errdisable mode. One way to get the port back up is to do a manual shut-noshut on it. In today's world, this might become an administrative nightmare.

What you can also do is configure automatic recovery of the port by using the global config command "errdisable". This will let you define a "cause" and then modify the interval. Let's take a look at all the "causes" or "errors" that we can recover the port from:

 RSRack1SW1(config)#errdisable recovery cause ?
  all                  Enable timer to recover from all error causes
  arp-inspection       Enable timer to recover from arp inspection error
                       disable state
  bpduguard            Enable timer to recover from BPDU Guard error
  channel-misconfig    Enable timer to recover from channel misconfig error
  dhcp-rate-limit      Enable timer to recover from dhcp-rate-limit error
  dtp-flap             Enable timer to recover from dtp-flap error
  gbic-invalid         Enable timer to recover from invalid GBIC error
  inline-power         Enable timer to recover from inline-power error
  l2ptguard            Enable timer to recover from l2protocol-tunnel error
  link-flap            Enable timer to recover from link-flap error
  loopback             Enable timer to recover from loopback error
  mac-limit            Enable timer to recover from mac limit disable state
  pagp-flap            Enable timer to recover from pagp-flap error
  port-mode-failure    Enable timer to recover from port mode change failure
  psecure-violation    Enable timer to recover from psecure violation error
  security-violation   Enable timer to recover from 802.1x violation error
  sfp-config-mismatch  Enable timer to recover from SFP config mismatch error
  small-frame          Enable timer to recover from small frame error
  storm-control        Enable timer to recover from storm-control error
  udld                 Enable timer to recover from udld error
  vmps                 Enable timer to recover from vmps shutdown error

In my case, I was working with a port-security violation so I picked psecure-violation option. Once you choose the cause, then you can even specify the number of  seconds after which the port will be enabled. pretty cool eh?

RSRack1SW1(config)#errdisable recovery cause psecure-violation

RSRack1SW1(config)#errdisable recovery interval ?
  <30-86400>  timer-interval(sec)

RSRack1SW1(config)#errdisable recovery interval 60

I think this is pretty neat and worth thinking about when you are dealing with port-security in the real network.

Tags: , , ,

Leave a Reply

You must be logged in to post a comment.

Trackbacks

Leave a Trackback