CISCO - Err-Disable - FingerInTheNet for English Guy

In the event of a problem on our network, our equipment is able to send us a message to warn us.
Several problems can harm our network …
To protect against it, our equipment is able to put a port in "ERR-DISABLE" mode.

This basically consists of putting this port in "SHUTDOWN" mode.

Possible causes include:

– all: Detects all possible problems.
– arp-inspection: Error detection with Dynamic ARP Inspection (DAI).
– bpduguard: A port configured in Portfast has received a BPDU frame. Security bpduguard.
– dhcp-rate-limit: Error detection with DHCP snooping.
– dtp-flap: The DTP protocol has changed the type of encapsulation.
– gbic-invalid: Detection of an invalid GBIC or SFP module.
– inline-power: Problem with the PoE (Bad power).
– l2ptguard: Error within an L2TP tunnel.
– link-flap: A bagotte link.
– loopback: Detection of a network loop.
– pagp-flap: An Etherchannel link using the PAGP (Cisco) bagotte protocol.
– pppoe-ia-rate-limit: PPPoE problem.
– psecure-violation: Violation of a port using the port-security.
– psp: Detects an error related to protocol storm protection.
– security-violation: Violation 802.X.
– sfp-config-mismatch: Detects errors related to SFP configuration mismatches.
– small-frame: Detects errors when VLAN-tagged packets are too small and arrives above a certain rate.
– storm-control: The Storm-control process detected a problem.
– udld: Detection of a one-way link via UDLD.

By default, all of its possible errors are enabled by default via the command:

Switch (config) - errdisable detect cause all

Our port will remain in "ERR-DISABLE" mode until the local administrator has dealt with the problem and reactivated the interface.

To reactivate it, just make a shut – no shut on the latter.

Switch (config) - FastEthernet interface 0/1
Switch (config-if) - shutdown
Switch (config-if) no shutdown

In order to avoid the need for an administrator's action, it is possible to set up a return to normal after a certain period of time:

Switch (config) - errdisable recovery cause [ all | cause-name ]
Switch (config) - errdisable recovery interval seconds

You can put a time interval between 30 and 86,400 seconds (24 hours).

Example:

Switch (config) - errdisable recovery cause psecure-violation
Switch (config) - errdisable recovery interval 3600

Hoping this article has been helpful to you! Don't hesitate to let me know!!

FingerInTheNet.com

Noël NICOLAS

CISCO – Err-Disable

Like this:

Leave a Reply Cancel reply

Ajouter FingerInTheNet à votre Page d'accueil!

Share :

Like this:

Leave a Reply Cancel reply

Ajouter FingerInTheNet à votre Page d'accueil!