topic Re: Nessus tenable.sc scan in Network Access Control

Nessus tenable.sc scan

yaredo70 — Fri, 18 Mar 2022 14:50:50 GMT

Hi All,
We have currently required to scan our cisco switches with Nessus tenable.sc scanner and every time the scan started the datalink port disabled on the switch. I looked up the error and I found that err-disabled and I have to manually run a shut and no shut command to open the port.

if there anyone has had the issue before please share.

Thanks

Nessus tenable.sc scan

Mike.Cifelli — Fri, 18 Mar 2022 15:15:59 GMT

datalink port disabled on the switch. I looked up the error and I found that err-disabled and I have to manually run a shut and no shut command to open the port. Here is some info that should help:

-You can enable port sec error autorecovery to eliminate the need to manually shut/no shut ports in order to re-enable.

View port sec status:

#show port-security interface <int>

View ports in err-disabled:

#show interfaces status err-disabled

Enable the autorecovery feature 30 seconds after a port security violation:

#errdisable recovery cause psecure-violation
#errdisable recovery interval 30

NOTE: Autorecovery default timer is 300 seconds.

Lastly, I would discuss with the scan team to determine if there is a better way to ensure the NADs are hardened/secure. Access ports going into errdisabled is a service interruption and something I would assume most want to avoid. HTH!

Re: Nessus tenable.sc scan

yaredo70 — Fri, 18 Mar 2022 15:28:02 GMT

Hi Mike,

Thank you for your reply. I don't think there is a port security configuration on the switch, I will look up the config files if there is any port security configured. My question is how We can prevent that from happening? This happened only after the scan started.

Thanks,

Re: Nessus tenable.sc scan

Kasun Bandara — Fri, 18 Mar 2022 15:40:50 GMT

first check the error-disabled reason. then you can take actions to that by disabling err-disable only for given reason. you can check logs or use console monitoring to get the reason easily.

Re: Nessus tenable.sc scan

yaredo70 — Mon, 21 Mar 2022 14:07:31 GMT

Hi,

I have checked the error and I found this

err-disabled reason - udld

how do I solve it?

Thanks?

Re: Nessus tenable.sc scan

chrisdale — Tue, 15 Jul 2025 09:31:31 GMT

I would suggest the interface going err-disabled, check the interface to see the status of the SFP. Also check the send TX and RX values to see if they increment. Could be a failing SFP, or poorly terminated fibre or cable.

HTH