Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
1
Helpful
1
Replies

cisco switch error-disabled port reason on cisco ISE

Go to solution
Raminkn20
Level 1
Level 1

‎05-13-2023 11:32 PM

Hi everyone, I have a question about cisco ISE 3, how can i find cisco switch error-disabled port reason on cisco ISE?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎05-14-2023 01:22 PM

Hi @Raminkn20 

ISE won't tell you why an interface has been put in err-disabled state. You can get that reason from the switch logs (show logging).

It's usually because a condition has been violated - e.g. in the context of ISE and NAC, it's usually because you have exceeded the number of MAC addresses allowed (e.g. >1 MAC address in DATA domain in multi-domain mode causes err-disable)

Back in the early days of ISE the recommendation was to send SYSLOGS to the ISE MNTs (on UDP/20514) - but nobody does that anymore - and I doubt that ISE would even process them.

View solution in original post

1 Reply 1

Go to solution
Arne Bier
VIP
VIP

‎05-14-2023 01:22 PM

Hi @Raminkn20 

ISE won't tell you why an interface has been put in err-disabled state. You can get that reason from the switch logs (show logging).

It's usually because a condition has been violated - e.g. in the context of ISE and NAC, it's usually because you have exceeded the number of MAC addresses allowed (e.g. >1 MAC address in DATA domain in multi-domain mode causes err-disable)

Back in the early days of ISE the recommendation was to send SYSLOGS to the ISE MNTs (on UDP/20514) - but nobody does that anymore - and I doubt that ISE would even process them.

Customers Also Viewed These Support Documents