« VUE Releases Testing "Enhancements" | Main | Best Cisco Laptop? »

July 28, 2008

Automatic Err-Disable Recovery

Someone showed me a great feature today. One of the constant pains in the network is when you get a port err-disabled on the switch. Regardless of how many times I see it, it always seems to be the last thing I check. There's a little-known feature in the IOS called "err-disable recovery" which automatically turns a err-disabled switchport back on after 5 minutes (by default). The good news is that this command allows you to choose specific reasons where you'd like to re-enable the port, such as re-enabling ports disabled because of a port-flap instance but keeping mac-address security violations error disabled. Here's the syntax to make it happen:


CAT3550#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CAT3550(config)#errdisable recovery ?
  cause     Enable error disable recovery for application
  interval  Error disable recovery timer value
CAT3550(config)#errdisable recovery cause ?
  all                   Enable timer to recover from all error causes
  arp-inspection        Enable timer to recover from arp inspection error
                        disable state
  bpduguard             Enable timer to recover from BPDU Guard error
  channel-misconfig     Enable timer to recover from channel misconfig error
  dhcp-rate-limit       Enable timer to recover from dhcp-rate-limit error
  dtp-flap              Enable timer to recover from dtp-flap error
  gbic-invalid          Enable timer to recover from invalid GBIC error
  inline-power          Enable timer to recover from inline-power error
  l2ptguard             Enable timer to recover from l2protocol-tunnel error
  link-flap             Enable timer to recover from link-flap error
  link-monitor-failure  Enable timer to recover from link monitoring failure
  loopback              Enable timer to recover from loopback error
  mac-limit             Enable timer to recover from mac limit disable state
  oam-remote-failure    Enable timer to recover from OAM detected remote
                        failure
  pagp-flap             Enable timer to recover from pagp-flap error
  port-mode-failure     Enable timer to recover from port mode change failure
  psecure-violation     Enable timer to recover from psecure violation error
  security-violation    Enable timer to recover from 802.1x violation error
  sfp-config-mismatch   Enable timer to recover from SFP config mismatch error
  storm-control         Enable timer to recover from storm-control error
  udld                  Enable timer to recover from udld error
  unicast-flood         Enable timer to recover from unicast flood error
  vmps                  Enable timer to recover from vmps shutdown error
CAT3550(config)#errdisable recovery cause link-flap
CAT3550(config)#^Z
CAT3550#show errdisable recovery
ErrDisable Reason    Timer Status
-----------------    --------------
arp-inspection       Disabled
bpduguard            Disabled
channel-misconfig    Disabled
dhcp-rate-limit      Disabled
dtp-flap             Disabled
gbic-invalid         Disabled
inline-power         Disabled
l2ptguard            Disabled
link-flap            Enabled
mac-limit            Disabled
link-monitor-fail    Disabled
loopback             Disabled
oam-remote-failur    Disabled
pagp-flap            Disabled
port-mode-failure    Disabled
psecure-violation    Disabled
security-violatio    Disabled
sfp-config-mismat    Disabled
storm-control        Disabled
udld                 Disabled
unicast-flood        Disabled
vmps                 Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
CAT3550#

Posted by JC at July 28, 2008 1:19 PM

Trackback Pings

TrackBack URL for this entry:
http://www.cioara.org/cgi-bin/mt-tb.cgi/288

Comments

Good Golly, this one saved my neck. Thanks a lot.

Posted by: Firdaus at September 24, 2008 8:54 PM

Post a comment




Remember Me?

(you may use HTML tags for style)