Solution to the error "err-disable" on the switch port

Solution to the error "err-disable" on the switch port

Instance:

We pulled an MSTP line from the customer's IDC room. After connecting to the Cisco 3750x, the port lights will not light up, and the port will not light up after it is changed, the error "err-disable" is reported because the client has a loop.

Fault symptom:

Line failure, physical indicator light is not on, some will be displayed in Orange (different platform indicator light status)

Solution:

Cancel loop and restart the port

Troubleshooting process:

1. view the interface status

GigabitEthernet1/0/41 is down, line protocol is down (err-disabled)

C3750X-5F-I02-2-252#SHOwINTERfacesGIgabitEthernet1/0/8GigabitEthernet1/0/8isdown,lineprotocolisdown(err-disabled)HardwareisGigabitEthernet,addressis00af.1fe0.63d0(bia00af.1fe0.63d0)Description:"HTZQNetwork"Internetaddressis165.16.241.174/30MTU1500bytes,BW100000Kbit,DLY100usec,reliability255/255,txload1/255,rxload1/255EncapsulationARPA,loopbacknotsetKeepaliveset(10sec)Auto-duplex,Auto-speed,mediatypeis10/100/1000BaseTXinputflow-controlisoff,outputflow-controlisunsupportedARPtype:ARPA,ARPTimeout04:00:00Lastinput16:07:19,output16:07:19,outputhangneverLastclearingof"showinterface"countersneverInputqueue:0/75/0/0(size/max/drops/flushes);Totaloutputdrops:0Queueingstrategy:fifoOutputqueue:0/40(size/max)5minuteinputrate0bits/sec,0packets/sec5minuteoutputrate0bits/sec,0packets/sec42packetsinput,10117bytes,0nobufferReceived33broadcasts(0IPmulticasts)0runts,0giants,0throttles0inputerrors,0CRC,0frame,0overrun,0ignored0watchdog,19multicast,0pauseinput0inputpacketswithdribbleconditiondetected77packetsoutput,21350bytes,0underruns0outputerrors,0collisions,9interfaceresets0babbles,0latecollision,0deferred0lostcarrier,0nocarrier,0PAUSEoutput0outputbufferfailures,0outputbuffersswappedoutC3750X-5F-I02-2-252#SHOwINTERfacesGIgabitEthernet1/0/8STATUSPortNameStatusVlanDuplexSpeedTypeGi1/0/8"HTZQNetwork"err-disabledroutedautoauto10/100/1000BaseTXC3750X-5F-I02-2-252#

 

2. Check the cause of interface err-disable.

C3750X-5F-I02-2-252#showinterfacesstatuserr-disabledPortNameStatusReasonErr-disabledVlansGi1/0/8"HTZQNetwork"err-disabledloopbackGi1/0/9err-disabledloopbackGi1/0/10err-disabledloopbackGi1/0/20err-disabledloopbackC3750X-5F-I02-2-252#

It can be seen that the reason for the err-disable interface is loopback, because I changed the interface during this period, because the loop causes all the interfaces that have been replaced to be err-disable.

See what causes the interface to be in err-disable

C3750X-5F-I02-2-252#showerrdisabledetectErrDisableReasonDetectionMode------------------------------arp-inspectionEnabledportbpduguardEnabledportchannel-misconfig(STP)Enabledportcommunity-limitEnabledportdhcp-rate-limitEnabledportdtp-flapEnabledportgbic-invalidEnabledportinline-powerEnabledportinvalid-policyEnabledportl2ptguardEnabledportlink-flapEnabledportloopbackEnabledportlsgroupEnabledportmac-limitEnabledportpagp-flapEnabledportport-mode-failureEnabledportpppoe-ia-rate-limitEnabledportpsecure-violationEnabledport/vlansecurity-violationEnabledportsfp-config-mismatchEnabledportsmall-frameEnabledportstorm-controlEnabledportudldEnabledportvmpsEnabledportC3750X-5F-I02-2-252#

From the list, we can see that the common causes include udld, bpduguard, link-flap, and loopback. The specific cause of err-disable can be viewed by show interface status err-disable.

 

3. Recovery

In interface mode, you can use shutdown and no shutdown to manually activate the service, provided that the loop is accessible, otherwise the interface will be placed in err-disable again.

 

In the default configuration, once the interface is set to err-disable, IOS will not try to restore the interface. This can be viewed by show errdisable recovery. All values under the timer status are disable.

C3750X-5F-I02-2-252#showerrdisablerecoveryErrDisableReasonTimerStatus-------------------------------arp-inspectionDisabledbpduguardDisabledchannel-misconfig(STP)Disableddhcp-rate-limitDisableddtp-flapDisabledgbic-invalidDisabledinline-powerDisabledl2ptguardDisabledlink-flapDisabledmac-limitDisabledloopbackDisabledpagp-flapDisabledport-mode-failureDisabledpppoe-ia-rate-limitDisabledpsecure-violationDisabledsecurity-violationDisabledsfp-config-mismatchDisabledsmall-frameDisabledstorm-controlDisabledudldDisabledvmpsDisabledTimerinterval:300secondsInterfacesthatwillbeenabledatthenexttimeout:C3750X-5F-I02-2-252#

Configure IOS to automatically reactivate the errdisable Interface

C3750X-5F-I02-2-252(config)#errdisablerecoverycause?allEnabletimertorecoverfromallerrorcausesarp-inspectionEnabletimertorecoverfromarpinspectionerrordisablestatebpduguardEnabletimertorecoverfromBPDUGuarderrorchannel-misconfig(STP)Enabletimertorecoverfromchannelmisconfigerrordhcp-rate-limitEnabletimertorecoverfromdhcp-rate-limiterrordtp-flapEnabletimertorecoverfromdtp-flaperrorgbic-invalidEnabletimertorecoverfrominvalidGBICerrorinline-powerEnabletimertorecoverfrominline-powererrorl2ptguardEnabletimertorecoverfroml2protocol-tunnelerrorlink-flapEnabletimertorecoverfromlink-flaperrorloopbackEnabletimertorecoverfromloopbackerrormac-limitEnabletimertorecoverfrommaclimitdisablestatepagp-flapEnabletimertorecoverfrompagp-flaperrorport-mode-failureEnabletimertorecoverfromportmodechangefailurepppoe-ia-rate-limitEnabletimertorecoverfromPPPoEIArate-limiterrorpsecure-violationEnabletimertorecoverfrompsecureviolationerrorsecurity-violationEnabletimertorecoverfrom802.1xviolationerrorsfp-config-mismatchEnabletimertorecoverfromSFPconfigmismatcherrorsmall-frameEnabletimertorecoverfromsmallframeerrorstorm-controlEnabletimertorecoverfromstorm-controlerrorudldEnabletimertorecoverfromudlderrorvmpsEnabletimertorecoverfromvmpsshutdownerrorC3750X-5F-I02-2-252(config)#errdisablerecoverycauseloopback

You can specify the circumstances in which the err-disable interface is automatically activated, or you can select all the interfaces that cause err-disable.

After the preceding command is configured, IOS tries to restore the interface that is set to err-disable after a period of time. The default value is 300 seconds. This time passes the show errdisable recovery Timer interval: 300 seconds value.

To adjust the err-disable timeout, run the following command:

C3750X-5F-I02-2-252(config)#errdisablerecoveryinterval?<30-86400>timer-interval(sec)C3750X-5F-I02-2-252(config)#errdisablerecoveryinterval600

It can be adjusted to 30-300 seconds. The default value is seconds.

 

View the status of all interfaces

C3750X-5F-I02-2-252#showinterfacesstatusPortNameStatusVlanDuplexSpeedTypeGi1/0/1"AANetwork"connectedrouteda-halfa-10010/100/1000BaseTXGi1/0/2"BBNetworkconnectedrouteda-fulla-10010/100/1000BaseTXGi1/0/3"CCNetwork"connectedrouteda-halfa-10010/100/1000BaseTXGi1/0/4"DDNetwork"connectedrouteda-halfa-10010/100/1000BaseTXGi1/0/5"EENetwork"connectedrouteda-halfa-10010/100/1000BaseTXGi1/0/6"FFNetwork"connectedrouteda-halfa-10010/100/1000BaseTXGi1/0/7"GGNetworkconnectedrouteda-halfa-10010/100/1000BaseTXGi1/0/8"HHNetwork"connectedrouteda-fulla-10010/100/1000BaseTXGi1/0/9err-disabled1autoauto10/100/1000BaseTXGi1/0/10err-disabled1autoauto10/100/1000BaseTXGi1/0/11notconnect515autoauto10/100/1000BaseTXGi1/0/12connected515a-fulla-100010/100/1000BaseTXGi1/0/13connected514a-fulla-10010/100/1000BaseTXGi1/0/14connected514a-fulla-10010/100/1000BaseTXGi1/0/15notconnect513autoauto10/100/1000BaseTXGi1/0/16notconnect513autoauto10/100/1000BaseTXGi1/0/17connected502a-fulla-100010/100/1000BaseTXGi1/0/18connected502a-fulla-100010/100/1000BaseTXGi1/0/19connected502a-fulla-100010/100/1000BaseTXGi1/0/20err-disabled502autoauto10/100/1000BaseTXGi1/0/21connected515a-fulla-100010/100/1000BaseTXGi1/0/22connected515a-fulla-100010/100/1000BaseTXGi1/0/23notconnect1autoauto10/100/1000BaseTXGi1/0/24connectedtrunka-fulla-100010/100/1000BaseTXFa0notconnectroutedautoauto10/100BaseTXC3750X-5F-I02-2-252#

 

Extension:

Configure the interface speed and duplex mode

The interface duplex mode is divided into full duplex and half duplex, which refers to the data transmission mode:

1. Half Duplex (Half Duplex) means that the interface can only receive or send data at any time, and there is a limit on the maximum transmission distance.

2. Full Duplex refers to the ability to receive data while sending data. Both of them are synchronized, and the maximum throughput can reach double rate, and the physical distance limit of half Duplex is eliminated. Currently, all NICs support full duplex.

 

Configure the interface duplex mode

Interface mode configuration can be self-negotiation mode (auto), half-duplex mode (half), full mode (full)

The self-negotiation content includes the duplex mode and interface speed of the interfaces at both ends. Once the negotiation passes, the devices at both ends of the link are locked in the same duplex mode and interface speed. The self-negotiation function takes effect only when the devices at both ends of the link are supported. If the peer device does not support the self-negotiation function, or the self-negotiation mechanism of the Peer device is inconsistent with that of the local device, the interface may be in the Down state.

If the data traffic is large, the self-negotiation results at both ends of the link can only be in full duplex mode, not half duplex mode, otherwise packet loss may occur. If the data traffic is small, the self-negotiation results at both ends of the link are in half duplex mode, which can meet the data transmission requirements.

The Duplex modes at both ends of the link must be consistent. When an electrical interface is connected, the interface may be negotiated in half duplex mode due to Inconsistent Self-negotiation modes between the two interfaces. In this case, message interaction exceptions may occur.

C3750X-5F-I02-2-252(config)#interfaceGigabitEthernet1/0/8C3750X-5F-I02-2-252(config-if)#duplex?autoEnableAUTOduplexconfigurationfullForcefullduplexoperationhalfForcehalf-duplexoperationC3750X-5F-I02-2-252(config-if)#speed?10Force10Mbpsoperation100Force100Mbpsoperation1000Force1000MbpsoperationautoEnableAUTOspeedconfigurationC3750X-5F-I02-2-252(config-if)#