Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4713
Views
0
Helpful
2
Replies

Enable SNMP to send interface blocked due to network loop

Go to solution
holzhirt1
Level 1
Level 1

‎08-22-2011 06:07 AM - edited ‎02-21-2020 04:26 AM

Dear community,

We had a customer who created a loop on his access layer and STP blocked some interfaces in order to protect the network.

So far normal behavior , however we would like to receive from the device when such events happen, typically when an interface is set onto err-disable or shut down (I guess it is more err-disable).

We noticed that somehow the concerned interface was sometimes staying down without checking back and maybe change its status.

I tried some commands like :

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps port-security (This is probably more for MAC quantity excess over the interface)

I found also a nice MIB called Cisco-Err-Disable

But I have the feeling I miss something on the device side,

Any help to put this in place would be greatly appreciated,

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎08-23-2011 10:47 AM

STP will not put the port into err-disable mode.   The CISCO-ERR-DISABLE mib will report when the port is placed into a  err-disable state from one of these events published in the MIB:

CErrDisableFeatureID ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "An integer-value assigned to various features/events
        that can error disable a system entity

        udld: Unidirectional Link Detection

        bpduGuard: Spanning Tree BPDU Guard feature that prevents
        processing BPDU packets on an access interface

        channelMisconfig: General Link Aggregation mis-configuration

        pagpFlap: Cisco's PAGP Link Aggregation protocol errors

        dtpFlap: Dynamic Trunking Protocol errors

        linkFlap: Link State flapping

        l2ptGuard: L2 Protocol Tunnel errors

        dot1xSecurityViolation: 802.1x authentication violations

        portSecurity: Port Security violations

        gbicInvalid: Invalid GBIC errors (examples include
        unsupported GBIC being inserted)

        dhcpRateLimit: DHCP snooping rate limit violation

        unicastFlood: Unicast Flooding threshold violations

        vmps: VLAN Membership Policy Server feature related errors

        stormControl: storm control (broadcast/multicast/unicast)
        threshold violations

        inlinePower: Errors in inline power

        arpInspection: Errors detected by Dynamic Arp Inspection
        (DAI) feature

        portLoopback: Interface Loopback Error

        packetBuffer: Packet Buffer Error

        macLimit: Errors detected by Mac Address Limit feature

        linkMonitorFailure: Link Monitoring failure

        oamRemoteFailure: Remote Failure detected by Ethernet OAM
        (Operations, Administration, and Maintenance) feature

        dot1adIncompEtype: 802.1ad Ether-type Incompatible errors

        dot1adIncompTunnel: 802.1ad Pdu Tunnel Incompatible errors

        sfpConfigMismatch: Mismatch on SFP configuration

        communityLimit: Vlan Community Limit violations

        invalidPolicy: QoS Policy violation

        lsGroup: Errors detected by Link State Group Tracking feature

        ekey: Errors detected by Error Key Mechanism

        portModeFailure: Port mode change failure

        pppoeIaRateLimit: Errors detected by PPPoE Intermediate Agent
        Rate Limit feature

        oamRemoteCriticalEvent: Ethernet OAM Remote Critical Event
        Failure

        oamRemoteDyingGasp: Ethernet OAM Remote Dying Gasp Failure

        oamRemoteLinkFault: Ethernet OAM Remote Link Fault Failure

        mvrp: Errors detected by Multiple VLAN Registration Protocol

The switch will generate the traps with:

#snmp-server enable traps errdisable

- Dan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎08-23-2011 10:47 AM

STP will not put the port into err-disable mode.   The CISCO-ERR-DISABLE mib will report when the port is placed into a  err-disable state from one of these events published in the MIB:

CErrDisableFeatureID ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "An integer-value assigned to various features/events
        that can error disable a system entity

        udld: Unidirectional Link Detection

        bpduGuard: Spanning Tree BPDU Guard feature that prevents
        processing BPDU packets on an access interface

        channelMisconfig: General Link Aggregation mis-configuration

        pagpFlap: Cisco's PAGP Link Aggregation protocol errors

        dtpFlap: Dynamic Trunking Protocol errors

        linkFlap: Link State flapping

        l2ptGuard: L2 Protocol Tunnel errors

        dot1xSecurityViolation: 802.1x authentication violations

        portSecurity: Port Security violations

        gbicInvalid: Invalid GBIC errors (examples include
        unsupported GBIC being inserted)

        dhcpRateLimit: DHCP snooping rate limit violation

        unicastFlood: Unicast Flooding threshold violations

        vmps: VLAN Membership Policy Server feature related errors

        stormControl: storm control (broadcast/multicast/unicast)
        threshold violations

        inlinePower: Errors in inline power

        arpInspection: Errors detected by Dynamic Arp Inspection
        (DAI) feature

        portLoopback: Interface Loopback Error

        packetBuffer: Packet Buffer Error

        macLimit: Errors detected by Mac Address Limit feature

        linkMonitorFailure: Link Monitoring failure

        oamRemoteFailure: Remote Failure detected by Ethernet OAM
        (Operations, Administration, and Maintenance) feature

        dot1adIncompEtype: 802.1ad Ether-type Incompatible errors

        dot1adIncompTunnel: 802.1ad Pdu Tunnel Incompatible errors

        sfpConfigMismatch: Mismatch on SFP configuration

        communityLimit: Vlan Community Limit violations

        invalidPolicy: QoS Policy violation

        lsGroup: Errors detected by Link State Group Tracking feature

        ekey: Errors detected by Error Key Mechanism

        portModeFailure: Port mode change failure

        pppoeIaRateLimit: Errors detected by PPPoE Intermediate Agent
        Rate Limit feature

        oamRemoteCriticalEvent: Ethernet OAM Remote Critical Event
        Failure

        oamRemoteDyingGasp: Ethernet OAM Remote Dying Gasp Failure

        oamRemoteLinkFault: Ethernet OAM Remote Link Fault Failure

        mvrp: Errors detected by Multiple VLAN Registration Protocol

The switch will generate the traps with:

#snmp-server enable traps errdisable

- Dan

0 Helpful

Go to solution
holzhirt1
Level 1
Level 1
In response to Dan Frey

‎08-23-2011 11:08 PM

Hello Dan,

Thank you very much for you explanation, this is very clear now,

I will simulate this in lab, thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card