Cause of err-disable on the switch interface and solution if the interface status is err-disable and show interfaces status err-disabled, you can view the cause of err-disable triggering. Several common causes of switch interface err-disable caused by www.2cto.com: 1. etherChannel misconfiguration 2. duplex mismatch style = "TEXT-INDENT: 2em" & gt; 3. BPDU port guard 4. UDLD 5. link-flap error 6. loopback error 7. port security violation www.2cto.com first, when the configuration on both ends of the f ec does not match, err-disable will appear. assume that Switch A configures the FEC mode to on. In this case, Switch A does not send the PAgP packet and the connected Switch B to negotiate with FEC. It assumes that Switch B has configured FEC. But in fact Swtich B does not configure FEC. When the status of Switch B exceeds one minute, Switch A's STP considers that A loop appears, So err-disable occurs. the solution is to set the FEC mode to channel-group 1 mode desirable non-silent. This means that the channel is established only after the FEC negotiation is successful. Otherwise, the interface is still in normal state. The second reason for www.2cto.com is that the duplex does not match. After the end is configured as half-duplex, he will check whether the peer is transmitting data. Only when the peer stops transmitting data will he send packets similar to ack to make the link up, however, when the peer end is configured with full-duplex, no matter whether the link is idle or not, he will only keep sending requests to make the link up, the link status changes to err-disable. The third reason is BPDU, which is related to portfast and BPDU guard. If portfast is configured for an interface, this interface should be connected to a pc, and the pc will not send the spanning-tree BPDU frame, therefore, this port also receives BPDU to generate the spanning-tree. The Administrator also configures BPDU guard on the same interface to prevent unknown BPDU frames for enhanced security, however, he accidentally connected a vswitch to which both the portfast and BPDU guard interfaces are configured. Therefore, this interface is connected to the BPDU frame because BPDU guard is configured, this interface naturally enters the err-disable state. Solution: no spanning-tree portfast bpduguard default, or directly disable portfast. The fourth reason is that UDLD. UDLD is cisco's private Layer 2 protocol used to detect one-way link problems. Sometimes the physical layer is up, but the link layer is down. In this case, you need UDLD to check whether the link is up. After both ends of AB are configured with UDLD, A sends a udld frame containing its own port id to B, and B returns A UDLD frame after receiving it, it also contains the received A port id. When A receives the frame and finds that its port id is also in it, it is considered that this link is good. Otherwise, it becomes err-disable. Assume that A is configured with UDLD, while B is not configured with UDLD: A sends A frame containing its own port id to B, and B does not know what the frame is after receiving it, in this case, a udld frame containing the port id of A is not returned. At this time, A considers this link as A one-way link, which naturally changes to the err-disable state. The fifth reason is the link jitter. When the link is up or down five times in 10 seconds, it enters the err-disable state. The sixth reason is keepalive loopback. before 12.1EA, the switch will send keepalive information on all interfaces by default. Because some switches fail to negotiate with the spanning-tree, the same interface may receive its own keepalive message, then this interface will become err-disable. The solution is to disable keepalive. The last reason for upgrading ios to 12.2SE. is that port-security violation shutdown is configured.