Port Err-Disable cisco switch usually happens on Dot1x user with ISE

oumodom · ‎12-15-2024

Dear Cisco ISE lover,

I have tried to find out the root cause on port Err-Disable whether it is the link flap or what else once we apply with Dot1x configuration?

Really appreciate for your assistance.

MHM Cisco World · ‎12-15-2024

Do you see log about violation?

MHM

oumodom · ‎12-16-2024

Can see only the Err-Disable status.
Don't know which it the root cause.

MHM Cisco World · ‎12-16-2024

Ok'

Share

Show authentication session interface x/x detail

MHM

ammahend · ‎12-16-2024

do you have phone and PC both connected to the port ? try connecting just PC and share your port config and switch log.

-hope this helps-

oumodom · ‎12-16-2024

Yes, we configure multi-auth with phone and pc.
But for disable error happen only with pc only.

ammahend · ‎12-16-2024

share the port config and switch log, make sure cdp is enabled on the port, this will help VoIP phone to inform it about the dedicated voice VLAN

-hope this helps-

oumodom · ‎12-16-2024

CDP is disable due to security purpose.

Aref Alsouqi · ‎12-16-2024

Could you please share the output of the "sh run interface < one of the interfaces where the err-disable happens" for review? you might have switch port security applied to those ports and a violation is triggered when more than a device is connected to the port. If you have switch port security configured on those ports then the recommendation would be to remove it and rely only on dot1x.

oumodom · ‎12-16-2024

We don't have port security applies.

Marcelo Morais · ‎12-16-2024

Hi @oumodom ,

please take a look at Recovery ErrDisable Port State on Cisco IOS Platform.

Hope this helps !!!

oumodom · ‎12-16-2024

I will share the status then with above info @Marcelo Morais

thomas · ‎12-16-2024

See How to Ask The Community for Help to help us help you.