Should err-disable recovery be used?

Cisco Switches will automatically shut down a port when certain conditions happen. The switch will shut down the port in an attempt to protect the netwok. For example, a port with BPDU Guard would go into an err-disable state and stop passing traffic if BPDU’s are received on that port. This is good because the BPDU’s were not allowed on that port.I have found that in some cases, it’s not so good to have the port go into err-disable state.

When performing a software upgrade on a Cisco 4507 switch, many of the Cisco 3560’s connected to the 4507 didn’t come back online after the 4507 software upgrade. These switches were all in remote locations with out console access to them. I had to call the local PC tech and have him drive to the facility. The onsite PC tech found the switches and rebooted a couple of them. After they were rebooted, they came online.


Finally, one of the switches that were rebooted was one of two connections to the core from that switch segment. I was then able to SSH into the 2nd connection to the 4507 from that segment. The uplink was in err-disable state because the link flapped too many times while the 4507 was performing the software upgrade. After I identified the cause, I decided to turn on “errdisable recovery cause link-flap” on all of my remote closet switches. Now, if this happens again, the err-disabled port will re-enable itself in 300 seconds (5 minutes, the default time).

If I would have had this enabled during the 4507 upgrade, the onsite tech never would have been called and would have saved the company many hours of pay that was issued to the onsite tech for his time.

Below are all of the errdisable options for a Cisco 3560. You even have an option to change the recovery time. I’m not so sure I would support errdisable recovery for everything, but diffidently for link-flap.

Do you use errdisable recovery as part of your standard configuration?
What cause do you recovery and why?

***Different switches may have different err-disable causes and default recovery interval.

errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval


Leave a Reply