Cisco: All about errdisable (and how to enable ports disabled by it)

Errdisable is a feature that automatically disables a port on a Cisco Catalyst switch and is supported on most Catalyst switches running the Cisco IOS software.

The Errdisable error disable feature was designed to inform the administrator when there is a port problem or error.  The reasons a catalyst switch can go into Errdisable mode and shutdown a port are many and include:

  • Duplex Mismatch
  • Loopback Error
  • Link Flapping (up/down)
  • Port Security Violation
  • Broadcast Storms
  • etc

When a port is in error-disabled state, it is effectively shut down and no traffic is sent or received on that port. The port LED is set to the orange color and, when you issue the show interfaces command, the port status shows as Errdisabled.

To enable err-disabled ports on Cisco 3750 switch series. Follow the below . . .

First make telnet connection with the switch

telnet 10.0.0.1

(change the ip as required,)
Enter Password to continue.

To view Disabled Ports:

show interfaces status err-disabled

e.g:

NOC_SWITCH>show int status err-disabled

Port      Name               Status                    Reason               Err-disabled Vlans
Gi2/0/10                     err-disabled         link-flap

NOC_SWITCH>

To Enable Port:

enable
config t
int G2/0/10
no switchport port-security  (< You probably dont need this line, its just to disable pot security feature, I used it to perform various tests)
shut
no shut
exit

Change the interface name to match your. In above example I had two 3750-e models in stack mode. so its showing G2, you may get G1 if you have single switch.

TIP1 :
Link flap means that the specific port continuously goes up and down. The port is put into the errdisabled state if it flaps more than four-five times in few seconds. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch.

TIP2:

Firewalls that are equipped with a Hardware Switch (like a Fortigate 80E), the ports member of the hardware switch will be sending BPDUs as if its a switch. This can be unexpected as typical routers/firewalls are typically DTE. But just in case you come across issue with a switchport on a switch that is keep on going into errdisabled state. Check the port if the bdpuguard is enabled and just disable it.

sh run

interface GigabitEthernet1/0/1
switchport mode access
switchport nonegotiate
spanning-tree bpduguard enable

(config-if)#spanning-tree bpduguard disable

 

For more detailed and brief descriptions, please visit

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/883-cisco-switches-errdisable-autorecovery.html

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s