Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
13166
Views
0
Helpful
0
Comments

How to recover Cisco Catalyst switches that run Cisco IOS system software from the errDisable port state

TCC_2
Level 10
Level 10

‎06-22-2009 04:13 PM - edited ‎03-01-2019 03:58 PM

Core issue

If the configuration shows a port to be enabled, but the software on the switch detects an error on the port, the software shuts down that port. In other words, the port is automatically disabled by the switch operating system software because of an error condition encountered on the port.

When a port is error-disabled, it is effectively shut down and no traffic is sent or received on that port. The port LED is set to the color orange, and when the show port command is issued, the port status shows err-disable. If an interface is disabled due to an error condition, the output of the show interface status command displays the interface status as err-disable.

This is an example of how an error-disabled port looks from the Command Line Interface (CLI) of the switch:

Switch#show interfaces gigabitethernet 4/1 status

Port  Name  Status  Vlan  Duplex  Speed  Type
Gi4/1  err-disabled  100  full  1000  1000BaseSX

Messages similar to this are sometimes seen if the interface is disabled due to an error condition:

%PM-SP-4-ERR_DISABLE: bpduguard error detected on Gi4/1, putting Gi4/1 in err-disable state

These are the various situations that can cause an interface to go into the err-disable state:

  • Duplex mismatch       
  • Incorrect configuration of the port channel
  • Bridge Protocol Data Unit (BPDU) guard violation
  • UniDirectional Link Detection (UDLD) condition
  • Late-collision detection
  • Link-flap detection
  • Security violation
  • Port Aggregation Protocol (PAgP) flap
  • Layer 2 (L2) Tunneling Protocol (L2TP) guard
  • Dynamic Host Control Protocol (DHCP) snooping rate-limit 

Resolution

To resolve this issue, perform these steps:

  1. Identify and fix the cause of the port error-disabled state (for instance, a problem with cables, Network Interface Cards (NICs), the EtherChannel, and so on).

    If the underlying issue is not identified and fixed, the ports just become error-disabled again when the problem reoccurs. Some errors can occur quite often (an example is the error detected by the Bridge Protocol Data Unit (BPDU) portguard, which can occur every two seconds).

    To determine the reason for the err-disable status, issue the show errdisable recovery command:

    cat6knative#show errdisable recovery 
    ErrDisable Reason    Timer Status
    -----------------    --------------
    udld                 Enabled
    bpduguard            Enabled
    security-violatio    Enabled
    channel-misconfig    Enabled
    pagp-flap            Enabled
    dtp-flap             Enabled
    link-flap            Enabled
    l2ptguard            Enabled
    psecure-violation    Enabled

    Timer interval: 300 seconds

    Interfaces that will be enabled at the next timeout:

    Interface    Errdisable reason    Time left(sec)
    ---------    -----------------    --------------
     Gi4/1           bpduguard             270

    After the root cause is determined, troubleshoot and fix the underlying problem. For example, the receipt of a BPDU on a PortFast-enabled access port can cause the port can be in the err-disable state. Verify whether a switch was accidentally connected to that port or whether a hub was connected that created a looping condition.

    To troubleshoot other scenarios, refer to the specific feature information in the product documentation.

  2. Reenable the port.

When the source of the problem is fixed, the ports do not automatically
become enabled again. Once the source of the problem is fixed, the ports are still disabled (and the port LEDs are still orange); the ports must be reenabled before they become active.

To reenable the interface manually, issue the shutdown and no shutdown  interface commands. You can also issue the errdisable recovery cause enable command to set up timeout mechanisms that automatically reenable the port after a configured time period.

Issue the errdisable recovery cause bpduguard and errdisable recovery interval sec commands to reenable the port automatically.

The port may move into errdisable state due to many reasons. For more information on recovering the port from Errdisable state, refer to the followingarticles

1. Recovering from ErrDisabled port due to misconfiguration

2. Switch port is in errdisable status due to a duplex mismatch

3. Port status is errdisable due to BPDU guard

4. Port status is errdisable due to EtherChannel misconfiguration

5. The port status is "errdisable" due to a UniDirectional Link Detection condition

6. The Catalyst 3750 switch port enters the "error-disabled" state

For further assistance, contact Cisco Technical Support

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents