Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
63529
Views
5
Helpful
6
Replies

clear errdisable - is not working

Go to solution
kozorezdi
Level 1
Level 1

‎12-21-2011 11:46 PM - edited ‎03-07-2019 04:00 AM

Hello everyone,

from cisco site:

You can re-enable a port by using the shutdown and  no  shutdown interface configuration commands, or you can clear error disable  for VLANs by using the clear errdisable  interface command.

This example shows how to re-enable all VLANs that were  error-disabled on port 2.

Switch# clear errdisable interface GigabitEthernet 0/2 vlan

Practice:

I have got on a L2-switch (C2960 Software (C2960-LANBASEK9-M), Version 12.2(44)SE6) a port in err-disable state.

!

interface GigabitEthernet0/15

switchport access vlan 103

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0001

speed 100

!

Switch_Colo_Cisco1#sh run int gi 0/15int gigabitEthernet 0/15

GigabitEthernet0/15 is down, line protocol is down (err-disabled)

!

Switch_Colo_Cisco1#clear errdisable interface gigabitEthernet 0/15 vlan 103

!

Switch_Colo_Cisco1#sh  port-security          

Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action

                (Count)       (Count)          (Count)

---------------------------------------------------------------------------

     Gi0/15              1            1                  1         Shutdown

---------------------------------------------------------------------------

Total Addresses in System (excluding one mac per port)     : 0

Max Addresses limit in System (excluding one mac per port) : 8192

It was cleared only by shutdown/no shutdown on the interface.

Why the command 'clear errdisable int ... ' doesn't work properly?

--

Have a nice day,

Dimitry

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amikat
Level 7
Level 7
In response to kozorezdi

‎12-23-2011 01:38 PM

Hi,

You can configure either to shut down the entire port in the case of errdisable detection (which is the default) or int the cases of bpduguard and port-security violations you have the possibility just to shut down the offending Vlan instead of the entire port (since 12.2(37)SE IOS version with Cat2960). If you decide to configure just to shut down the Vlan (e.g. via the global configuration command "errdisable detect cause port-security shutdown vlan") then you can use the command in question (ie. "clear errdisable interface vlan) to clear the errdisable status (instead of shut/no shut of the interface).

Best regards,

Antonin

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Ven Taylor
Level 4
Level 4

‎12-22-2011 02:39 AM

To clear the errdisable, perform a shut, then no shut on the interface.

Ven

Ven Taylor
0 Helpful

Go to solution
kozorezdi
Level 1
Level 1
In response to Ven Taylor

‎12-22-2011 04:04 AM

hi,

yes it is clear.  not clear why we need the command "clear errdisable"...

--

Dimitry

Go to solution
gfcisco31
Level 1
Level 1

‎12-22-2011 04:37 AM

HI Mate..

The usage guidelines is as follows:

"Use the clear errdisable interface privileged EXEC command on the switch stack or on a standalone switch to re-enable a VLAN that was error disabled [clear errdisable interface (int-id) vlan (vlan-list)]"

So, i assume that by default will only recover SVI interfaces.

hope this helps

regards

0 Helpful

Go to solution
kozorezdi
Level 1
Level 1
In response to gfcisco31

‎12-22-2011 11:37 PM

Good morning,

Intersting... BUT  SVI it is a L3 interface...

errdisable reason:

bpduguard         

channel-misconfig 

dhcp-rate-limit   

dtp-flap          

gbic-invalid      

inline-power      

link-flap         

mac-limit         

loopback          

pagp-flap         

port-mode-failure 

psecure-violation 

security-violation

sfp-config-mismatch

small-frame       

storm-control     

udld              

vmps          

It is not for L3 interface at all.  btw on int vlan * we can't command 'switchport port-security'

Thanks for try!  My question is still without an answer ;D


--

Dimitry

0 Helpful

Go to solution
amikat
Level 7
Level 7
In response to kozorezdi

‎12-23-2011 01:38 PM

Hi,

You can configure either to shut down the entire port in the case of errdisable detection (which is the default) or int the cases of bpduguard and port-security violations you have the possibility just to shut down the offending Vlan instead of the entire port (since 12.2(37)SE IOS version with Cat2960). If you decide to configure just to shut down the Vlan (e.g. via the global configuration command "errdisable detect cause port-security shutdown vlan") then you can use the command in question (ie. "clear errdisable interface vlan) to clear the errdisable status (instead of shut/no shut of the interface).

Best regards,

Antonin

0 Helpful

Go to solution
kozorezdi
Level 1
Level 1
In response to amikat

‎12-26-2011 12:11 AM

Hello Antonin,

Thank you very much for the explanation.

--

Have a nice day,

Dimitry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card