Err-Disable Auto Recovery
Err-disable is a feature that automatically disables a port on a switch when security violation occures, or when configuration mismatches are detected. A switch port in err-disabled state means that it is logically shutdown and no traffic can be sent or received on that port. The port LED is set to the orange color.
Since the port recovery from an Err-disabled state requires always an administrator to manually shutdown and no shutdown the port. It is very useful to configure an automatic recovery mechanism to gain time and minimize administrator interventions.
Configuration:
We need simply to define the recovery cause for which we would like to automatically recover the port state after going to Err-disable. In addition, we need to adjust the time interval (in seconds) to wait before enabling the port:
! Switch(config)# errdisable recovery cause psecure-violation Switch(config)# errdisable recovery interval 300 !
We can use the “all” keyword to configure an auto recovery for all possible causes of err-disable state.
The output below shows the recovery status for each ErrDisable reason:
Switch# show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled inline-power Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled link-monitor-failure Disabled loopback Disabled oam-remote-failure Disabled pagp-flap Disabled port-mode-failure Disabled psecure-violation Enabled security-violation Disabled sfp-config-mismatch Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout:
Useful Links:
no comment