"Errdisable Port State

shuja_abbas · ‎08-26-2015

Hi I am getting these ports on error diable continously . Please advise possible resolution for this .

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 56    WS-C3850-48U       03.03.03SE        cat3k_caa-universalk9 INSTALL
     2 56    WS-C3850-48U       03.03.03SE        cat3k_caa-universalk9 INSTALL
     3 56    WS-C3850-48U       03.03.03SE        cat3k_caa-universalk9 INSTALL

sw-01#sh int status | inc err
Gi2/0/17                     err-disabled 100          auto   auto 10/100/1000BaseTX
Gi2/0/18                     err-disabled 100          auto   auto 10/100/1000BaseTX
Gi2/0/33                     err-disabled 100          auto   auto 10/100/1000BaseTX

sw-01#sh clock
15:39:26.309 UTC Wed Aug 26 2015

Aug 26 15:01:26.510: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client () on Interface Ca3 AuditSessionID 0aeaed0355ddcc7200000cda
Aug 26 15:01:41.960: %DOT1X-5-FAIL: Authentication failed for client () on Interface Ca4 AuditSessionID 0aeaed0355ddb19500000a9c
Aug 26 15:01:41.960: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client () on Interface Ca4 AuditSessionID 0aeaed0355ddb19500000a9c
Aug 26 15:02:11.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/4, changed state to down
Aug 26 15:02:12.439: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/4, changed state to down
Aug 26 15:07:04.100: %DOT1X-5-FAIL: Authentication failed for client () on Interface Ca4 AuditSessionID 0aeaed0355ddc3f000000c39
Aug 26 15:07:04.101: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client () on Interface Ca4 AuditSessionID 0aeaed0355ddc3f000000c39
Aug 26 15:07:08.104: %AUTHMGR-4-UNAUTH_MOVE: (fast) MAC address ( from Ca4 to Ca3
Aug 26 15:10:08.180: %DOT1X-5-FAIL: Authentication failed for client () on Interface Ca1 AuditSessionID 0aeaed0355ddcab600000cc4
Aug 26 15:10:08.180: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client () on Interface Ca1 AuditSessionID 0aeaed0355ddcab600000cc4
Aug 26 15:16:32.489: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/41, changed state to down
Aug 26 15:16:33.492: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/41, changed state to down
Aug 26 15:16:39.088: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/41, changed state to up
Aug 26 15:16:40.090: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/41, changed state to up
Aug 26 15:25:48.618: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/41, changed state to down
Aug 26 15:25:49.619: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/41, changed state to down
Aug 26 15:25:53.933: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/41, changed state to up
Aug 26 15:25:54.930: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/41, changed state to up
Aug 26 15:26:57.971: %AUTHMGR-4-UNAUTH_MOVE: (slow) MAC address (34e2.fd9a.6f6b) from Ca2 to Ca0
Aug 26 15:31:08.218: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down
Aug 26 15:31:10.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up
Aug 26 15:31:41.849: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/40, changed state to down
Aug 26 15:31:42.850: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/40, changed state to down
Aug 26 15:33:07.132: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/33, changed state to down
Aug 26 15:33:09.138: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/33, changed state to up

Leo Laohoo · ‎08-27-2015

Please post the output to the command "sh interface status error".

shuja_abbas · ‎08-27-2015

Here is the required output .

Port Name Status Reason Err-disabled Vlans
Gi2/0/17 err-disabled psecure-violation

Leo Laohoo · ‎08-27-2015

"psecure" means "port security" violation.

Post the interface configuration.

shuja_abbas · ‎08-27-2015

here is the interface configuration

interface GigabitEthernet2/0/17
switchport access vlan 100
switchport mode access
switchport voice vlan 500
switchport port-security maximum 4
switchport port-security
switchport port-security aging time 10
spanning-tree portfast
end

Leo Laohoo · ‎09-01-2015

If port-security configuration is removed from the interface, does the port still go into error-disable?

shuja_abbas · ‎09-07-2015

instead i went to configure the error recovery interval to 30 second .

InayathUlla Sharieff · ‎09-07-2015

"Errdisable Port State Recovery on the Cisco IOS Platforms"

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

Among the examples in this document we have the output of CatOS comand "errdisable recovery cause ?" with the following lines:

psecure-violation Enable timer to recover from psecure violation disable state

security-violation Enable timer to recover from 802.1x violation disable state

Therefore, according to this sample, psecure-violation is related to violations of switchport port-security and security-violation is related to violations of 802.1x.

Leo Laohoo · ‎09-08-2015

instead i went to configure the error recovery interval to 30 second .

What for?

Enabling error-recovery nulls all the port-security configuration. The only difference is the user will need to wait for 30 seconds for the auto-recovery to kick in.

So why bother enabling port-security and then enabling error-recovery?

Ports Getting on error disable reason unkown