Hello

Is this is a only affecting users of this replacement switch?
show errdisable detec
show errdisable recovery
show mac address-table count
show spanning-tree | in Shr

In reality we made a change of as many as 59 switches, as I said the thing is quite random.
Giallo_5#sh errdisable detect
ErrDisable Reason Detection Mode
----------------- --------- ----
arp-inspection Enabled port
bpduguard Enabled port
channel-misconfig (STP) Enabled port
community-limit Enabled port
dhcp-rate-limit Enabled port
dtp-flap Enabled port
gbic-invalid Enabled port
iif-reg-failure Enabled port
inline-power Enabled port
invalid-policy Enabled port
l2ptguard Enabled port
link-flap Enabled port
link-monitor-failure Enabled port
loopback Enabled port
lsgroup Enabled port
oam-remote-failure Enabled port
mac-limit Enabled port
pagp-flap Enabled port
port-mode-failure Enabled port
pppoe-ia-rate-limit Enabled port
psecure-violation Enabled port/vlan
security-violation Enabled port
sfp-config-mismatch Enabled port
sgacl_limitation:enforcem Enabled port
sgacl_limitation:multiple Enabled port
storm-control Enabled port
udld Enabled port
vmps Enabled port
psp Enabled port
dual-active-recovery Enabled port
evc-lite input mapping fa Enabled port
vsl-and-non-vsl-port-pair Enabled port
Recovery command: "clear Enabled port
fasthello-and-non-fasthel Enabled port
mvrp Enabled port


Giallo_5# show errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
arp-inspection Enabled
bpduguard Enabled
channel-misconfig (STP) Enabled
dhcp-rate-limit Enabled
dtp-flap Enabled
gbic-invalid Enabled
inline-power Enabled
l2ptguard Enabled
link-flap Enabled
mac-limit Enabled
link-monitor-failure Disabled
loopback Enabled
oam-remote-failure Disabled
pagp-flap Enabled
port-mode-failure Enabled
pppoe-ia-rate-limit Disabled
psecure-violation Enabled
security-violation Enabled
sfp-config-mismatch Enabled
storm-control Enabled
udld Enabled
vmps Enabled
psp Disabled
dual-active-recovery Disabled
evc-lite input mapping fa Disabled
Recovery command: "clear Disabled

Timer interval: 30 seconds

Interfaces that will be enabled at the next timeout:


show mac address table count
Mac Entries for Vlan 168:
---------------------------
Dynamic Address Count : 203
Static Address Count : 6
Total Mac Addresses : 209



the last command havent's results

What is connected to Gi 1/0/19? Is it a PC?
Is there a phone connected to Gi 1/0/19?
Is this issue happening only to this port? Any other downstream client(s) having the same issue?

on port gi1/0/19 there is a printer.
There isn't phone, but for my convenience I left the voice vlan.
It also happens to other ports and other stacks in my network
today the problem has recurred.
I'm going crazy

have you tried a different software image ?

Not yet, which version should I install? the current one is the recommended one

we use Denali 16.3.7 on 36s and its very stable or 3.8 is now the recommended , worth a shot changing image if there all the same incase its an underlying bug

the previous post you sent with teh shut , no shut screenshots , there were no logs when that stopped working ?
the spanning tree wasn't effected at that time ?

I have a syslog server, besides the ports that go down and then up, I don't have any other logs. The spanning tree has not changed.
Is the software you recommended me totally free?
Do you have a guide to install it? I stayed behind at 3750 ahahhahaha

yes once you have a CCO id and the device is under contract or you have at least one of your 3650s under contract you can download it

Go to upgrade section
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-3/release_notes/ol-16-3-3650.html#pgfId-1105101

I am sure that it is not the wisest thing to update almost 60 switches now.
there must be a solution to this problem.

Hi

I wasn't suggesting 60 switches , I said upgrade 1 see if it stabilizes the issue local to the switch ,if there all running same image and you've hit a bug that's common to that image you will be upgrading them either way but you have to rule out the software as a point of fault especially if it exists on all switches and they have just been added to the network running same code and now theres issues with dynamic and static arps not responding to local pings when in the tables complete

 

At this stage if you cant find the issue you should open a TAC case too

I updated the switches to the denali version, I immediately had problems with 802.1x, so I had to disable it from the ports.
The customer obviously wants this kind of security, so I ask you to help me, below the error messages
May 7 11:34:54.230: %PM-4-ERR_DISABLE: security-violation error detected on Gi3/0/41, putting Gi3/0/41 in err-disable state
May 7 11:34:54.238: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet3/0/41, new MAC address (d8cb.8a8e.72ec) is seen.AuditSessionID Unassigned
May 7 11:34:55.232: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/41, changed state to down
also removing the port security the messages appear the same