ME-3400 port is error disabled

Similar Messages

• Campus Manager report - Ports in error Disabled state

  Hi,
  I have LMS 3.2 and I wonder how Campus Manager collects information from the switch to generate a report of discrepancies, namely a report of "Ports in Error Disabled state"??
  I find that I have ports in errDisabled state but Campus Manger doesn´t show this information in "Ports in Error Dissabled state" report. What could be the problem?
  Thanks.

  Hi,
  Campus Manager do snmpwalk on the ciscoErrDisableMIB to get the status of the error disabled ports.
  Thanks,
  Gaganjeet Singh

• EEM on port error-disable due to UDLD

  I would like to ask from the EEM community for some assistance in regards to crafting an EEM script for an ME-3800X.  We have one or two appliances whereby the only uplink (TenGigabitEthernet0/1 and/or TenGigabitEthernet0/2) goes into error-disable and caused by UDLD.  What I am looking for is a script to do the following: 
  1.  If the ports TenGigabitEthernet0/1 and/or TenGigabitEthernet0/2 goes into error-disable caused by UDLD or link-flap then disable the port, wait for 5 seconds, enable the port; 
  2.  Wait for 15 seconds and send an email.  
  I only want this EEM to work on the TenGigabitEthernet interfaces and I do not want the EEM script to do this on the access ports.  
  Error-disable recovery is a global option and there's no option to limit on a per-interface level.  
  Thank you in advance. 

  Thanks for responding, Joe. 
  We were not able to take down the error messages but I believe they error messages could be:
  %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Te0/2, unidirectional link detected
  %PM-4-ERR_DISABLE: udld error detected on Te0/2, putting Te0/2 in err-disable state
  Could an EEM script be created when an error message or an event of "unidirectional link detected" occurs, do the following: 
  1.  In privilege mode, issue the command "udld reset".
  2.  Wait for 30 seconds and then send an email. 
  Thanks for your assistance and support, Joe.

• Error disabled ports

  I have a 3550 switch that gets a error-disabled copper ports. There is no errors ont the port. What else would cause it to be disabled?

  Although there is no error on the port , there should be an error message in the log that should tell you the reason why the port got error disabled like port security violation , loopback detection , etherchannel misconfig etc.
  You can enable errordisable recovery for all different causes by setting a timer. What happens is once this timer expires , the port is brough out of error dsiabled state.
  Here are some of the useful commands.
  D-C3550-2A(config)#errdisable ?
  detect Error disable detection
  recovery Error disable recovery
  D-C3550-2A(config)#errdisable recovery ?
  cause Enable error disable recovery for application
  interval Error disable recovery timer value
  Hope this helps.
  Salman Z.

• FI's uplink ports Error Disabled on ENM loop

  Hi,
  I have two UCS6120XP FIs connected to a Cat2948G-GE-TX switch via port 1/3 on each FI. One port on the Cat2948G-GE-TX acts as the uplink port and is connected to the LAN. All ports of the Cat2948G-GE-TX are in VLAN 1 to allow all connected devices to reach the Gateway via the LAN uplink port.
  Now after a while both ports 1/3 on the FIs get error disabled on ENM loop.
  'show cdp neighbor' on the Cat2k shows FIs hanging off of 2/45 & 2/46. The management ports of both FIs are connected to ports 2/1 and 2/2 of the
  Cat2948G-GE-TX as well, as are some other devices.
  I'd like to keep both FI uplink ports enabled for failover scenarios - how can I achieve that w/o the ports getting error-disabled?
  Thanks,
  Matthias

  Hi,
  The reload was to test the loss of a FI prior to going into the production environment. A disassociate/reassociate of a SP made no difference.
  I plan to upgrade to V2.2(1D) and re-test again tomorrow.

• ISE error disable interface

  Dears
  After configuring DOT1x on access ports , some ports show error disabled without enabling the port-security , is their any way to increase the number of MAC addresses allowed on the port ? , is it possible to disable this feature
  Sent from Cisco Technical Support iPhone App

  Hi Eng.malak,
  The port config provided by you the interface GigabitEthernet1/0/2 is configured for MDA that means an IP phone and a single host behind the IP phone are authenticated independently, even though both the IP phone and host machine are connected to a single switch port on the switch. If more than once device is detected in either domain, a security violation will be triggered. This can be a problem when a phone fails to authenticate properly. If a phone fails authentication, then the switch does not receive the "device-traffic-class=voice" VSA from the radius server and the switch will assume that the failed device was in the data domain. However if there is already a data device behind the phone, there will be now 2 devices in the data domain, and a security violation is triggered.  On this port only 2 MAC addresses are allowed. The switch place the client machine in a data vlan and the IP phone in a voice vlan. 
  Configure the violation mode. The keywords have these meanings:
  authentication violation shutdown | restrict | protect | replace}
  •shutdown-Error disable the port.
  •restrict-Generate a syslog error.
  •protect-Drop packets from any new device that sends traffic to the port.
  •replace-Removes the current session and authenticates with the new host.
  Configuring 802.1x Violation Modes
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1324086
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Nexus 5500 - Fabricpath Core Port - Error disabled. Reason:DCX-No ACK in 100 PDUs

  Has anyone seen Fabricpath Core Interfaces between two Nexus 5596UP switches error-disabled because of missing DCBX Acks after 50mins?
  I do not see interface errors and the peer is another 5500.
  Both switches are running 5.1(3)N2(1) with this port config:
  int e1/3
  switchport mode fabricpath
  ! Cisco 5m Twinax cables
  Log messages
  2012 May 25 17:40:59 nexus1 %L3VM-5-FP_TPG_INTF_DOWN: Interface Ethernet1/3 down in fabricpath topology 0 - Interface down
  2012 May 25 17:40:59 nexus1 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/3 is down (None)
  2012 May 25 17:40:59 nexus1 %ISIS_FABRICPATH-5-ADJCHANGE:  isis_fabricpath-default [3365]  P2P adj L1 nexus5 over Ethernet1/3 - DOWN (Delete All) on MT-0
  2012 May 25 17:40:59 nexus1 %CDP-5-NEIGHBOR_REMOVED: CDP Neighbor nexus5(FOX1550GDH1) on port Ethernet1/3 has been removed
  2012 May 25 17:40:59 nexus1 %LLDP-5-SERVER_REMOVED: Server with Chassis ID 547f.ee63.fa88 Port ID Eth1/1 on local port Eth1/3 has been removed
  2012 May 25 17:40:59 nexus1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet1/3 is down (Error disabled. Reason:DCX-No ACK in 100 PDUs)
  Robert

  Can you send the output of
  show lldp interface ethernet 1/3
  show lldp dcbx interface ethernet 1/3
  a workaround may be to disable lldp on both sides on these physical interfaces

• Vfc error disabled because of Ethernet port down?

  We are building a new datacenter and is starting to set up the SAN.
  This small DC consist of 2 Nexus 5596UP, a Compellent SAN and 2 Dell M1000e cassis with blade servers.
  naive FC part in Nexus has been easy to set up but we have problems with the FCOE setup.
  Since the blades are not installed yet none of the Ethernet ports are up. As soon as we bind an ethernet port to a vfc the vfc goes to error disable with this message:
  %PORT-2-IF_DOWN_ERROR_DISABLED: %$VSAN 1900%$ Interface vfc101 is down (Error disabled)
  Config snippets:
  vlan 1900
    fcoe vsan 1900
    name VSAN-A-FCOE
  vlan 1901
    name VSAN-B-FCOE
  vsan database
    vsan 1900 name "VSAN-A"
    vsan 1901 name "VSAN-B"
  interface vfc101
    bind interface Ethernet1/1
    no shutdown
  vsan database
    vsan 1900 interface vfc101
    vsan 1900 interface fc2/13
    vsan 1900 interface fc2/14
    vsan 1900 interface fc2/15
    vsan 1900 interface fc2/16
  interface Ethernet1/1
    switchport mode trunk
    spanning-tree port type edge trunk
  vlan 1900
    fcoe vsan 1900
    name VSAN-A-FCOE
  vlan 1901
    name VSAN-B-FCOE
  vsan database
    vsan 1900 name "VSAN-A"
    vsan 1901 name "VSAN-B"
  vsan database
    vsan 1900 interface vfc101
    vsan 1900 interface fc2/13
    vsan 1900 interface fc2/14
    vsan 1900 interface fc2/15
    vsan 1900 interface fc2/16
  interface vfc101
    bind interface Ethernet1/1
    no shutdown
  interface Ethernet1/1
    switchport mode trunk
    spanning-tree port type edge trunk
  Do the vfc go error disable because the ethernet interface being down? I was under the impression it should just go "down"

  What you are seeing is normal.. Here are outputs from my lab switch where I shut Eth1/20 which is tied to vFC 20
  24.10.5020A.1(config)# int ethernet 1/20
  24.10.5020A.1(config-if)# shut
  2011 Oct 21 10:16:01 24 %ETHPORT-5-IF_DOWN_CFG_CHANGE: Interface Ethernet1/20 is down(Config change)
  2011 Oct 21 10:16:01 24 %FLOGI-5-MSG_PORT_LOGGED_OUT: %$VSAN 100%$ [VSAN 100, Interface vfc20: mode[TF]] Nx Port 21:00:00:c0:dd:12:0e:35 logged OUT.
  2011 Oct 21 10:16:01 24 %PORT-5-IF_PORT_QUIESCE_FAILED: Interface vfc20 port quiesce failed due to failure reason: Epp Not Supported by Peer (0x19d)
  2011 Oct 21 10:16:01 24 %PORT-5-IF_DOWN_NONE: %$VSAN 100%$ Interface vfc20 is down (None)  
  2011 Oct 21 10:16:01 24 %PORT-2-IF_DOWN_ERROR_DISABLED: %$VSAN 100%$ Interface vfc20 is down (Error disabled)  
  2011 Oct 21 10:16:02 24 %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/20 is down (Administratively down)
  24.10.5020A.1(config-if)#

• WLC 5508 reboot cause switch port link flap error disable

  Hi All
  today my customer call me saied after reboot WLC , the switch port was err-disable , the cause is link flap
  after we reboot 3 times , the switch port link flap err-disable every time
  does anyone to meet the same problem??
  we don't know why the WLC rebboot will cause it , it just normal action on device
  the WLC version is 7.4.100.0
  link switch with access port , no port channel , no portfast
  Asa Hung          2013/05/30

  Hello Asa,
  As per your query i can suggest you the following solution-
  Complete these steps to reset the WLC to factory default settings using the CLI:
  Enter reset system at the command prompt.
  At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.
  When you are prompted for a username, enter recover-config to restore the factory default configuration.
  The WLC reboots and displays the  Welcome to the Cisco WLAN Solution Wizard Configuration Tool message.
  Use the configuration wizard to enter configuration settings.
  Note: Once the WLC is reset to defaults, you need a serial connection to the WLC in order to use the configuration wizard.
  Hope this will help you.

• UDLD Detection & Error Disable On Cat 6513

  Hi
  We have a problem with an etherchannel trunk between 2 Cat 6513's. The etherchannel is 8Gb split across 2 Copper 10/100/1000Mb 16 port cards in each chassis. The trunk uses ports 13 - 16 on slot 5 in one chassis to 13 - 16 on slot 5 in the other chassis and 13 - 16 on slot 6 in one chassis to 13 - 16 in slot 6 on the other chassis.
  We appear to have had a UDLD Detection which error disabled all 4 of the links from slot 6 to slot 6 at the same time. IE ports 13 - 16 on slot 6 of both chassis went into error disabled state.
  Could this be a ASIC hardware problem on one of the cards? If so, how do we establish which end of the trunk the problem exists? All other connections on these slot 6 cards are working fine.

  UDLD is a protocol that discovers if communication over a link is one-way only, and therefore partially broken. A damaged fiber cable or other cabling/port issue could cause this one-way only communication. Spanning tree loops can occur with this problem. UDLD allows the port to detect a unidirectional link, and can be configured to put a port in errDisable state when it detects this condition.

• Cisco Prime Infrastructure 2.1 error-disable alert

  We have a cisco PI 2.1 managing switches and a lot of switchports have BPDUGuard enabled. When occur error-disable , request send email notification to administrator .
  By default, when a port of a switch goes down, the Prime generates alarm for that. (this is a problem, because every laptop disconnection will generate alarm for administrator)
  Can i change the alert just for error-disable and how to ?
  Thanks

  Causes of Errdisable
  This feature was first implemented to handle special collision situations in which the switch detected excessive or late collisions on a port. Excessive collisions occur when a frame is dropped because the switch encounters 16 collisions in a row. Late collisions occur after every device on the wire should have recognized that the wire was in use. Possible causes of these types of errors include:
  A cable that is out of specification (either too long, the wrong type, or defective)
  A bad network interface card (NIC) card (with physical problems or driver problems)
  A port duplex misconfiguration
  A port duplex misconfiguration is a common cause of the errors because of failures to negotiate the speed and duplex properly between two directly connected devices (for example, a NIC that connects to a switch). Only half-duplex connections should ever have collisions in a LAN. Because of the carrier sense multiple access (CSMA) nature of Ethernet, collisions are normal for half duplex, as long as the collisions do not exceed a small percentage of traffic.
  There are various reasons for the interface to go into errdisable. The reason can be:
  Duplex mismatch
  Port channel misconfiguration
  BPDU guard violation
  UniDirectional Link Detection (UDLD) condition
  Late-collision detection
  Link-flap detection
  Security violation
  Port Aggregation Protocol (PAgP) flap
  Layer 2 Tunneling Protocol (L2TP) guard
  DHCP snooping rate-limit
  Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
  Address Resolution Protocol (ARP) inspection
  Inline power
  Note: Error-disable detection is enabled for all of these reasons by default. In order to disable error-disable detection, use the no errdisable detect cause command. The show errdisable detect command displays the error-disable detection status.

• Error disable due to loopback

  Hi,
  We have a campus network. A student's hostel room port that is connected to a 2960 switch get error-disabled time and again and it shows the reason being "loopback".
  From switch patch panel to user's LAN port in room , we have tested the connectivity through cable tester and it is found to be proper.
  He has changed his LAN cable also, what can be the exact reasons causing this problem

  Thanks for the output to the command "sh version".  
  Look at the uptime of the switch.  Because of this the output to the "loopback_error_2960" is totally useless.  Why?  If there was any line errors which can determine if there was a cabling issue, a NIC card issue or something more sinister, then there's only 4-days worth of data.  Not much to run with.  
  The IOS is very, very old.  
  Currently, the only thing I can think of is remove the configuration of setting the speed to the port to 10 Mbps.  (I don't see the benefit of punishing students by slowing down their network speed.)  Once the port is running auto speed/auto duplex, wait for approximately 30 minutes and run a TDR on the port.   Even better if you can move the cable to the GigabitEthernet port and run the TDR there so you'll get a better picture of all the pairs.
  Another thing, post the output to the command "sh post".

• (Error disabled. Reason:Disabled by Server Mgr triggered)

  I´ve some ports in my Nexus 5k going to err-disable with the following message:
  (Error disabled. Reason:Disabled by Server Mgr triggered)
  These ports are connected in HPBlade 7000 through FEX Nexus B22 does someone know about this errors ? 

  Hi,
  Not sure if you already found the root cause of the issue,but this message generally comes from blade FEX's when there is an internal communication error or no connection between the FEX HIF's and the server chassis/software. This might come when a port is made "admin up" while is not configured or mapped blade from server perspective.
  Thanks,
  Ivan.

• Nexus 4k error disable

  Anyone ever seen this before? Trying to understand why the port error disabled.
  2011 Jan 18 11:53:09 MTWDAVDC1BLDB9001 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet1/1 is down (Error disabled. Reason:requested by sap: MTS_SAP_DCX, req down_type: 2, req down_reason: 222 )
  MTWDAVDC1BLDB9002# sh int eth1/1
  Ethernet1/1 is down (DcxMultipleMSAPs)
    Hardware: 1000/10000 Ethernet, address: 0027.0d23.4d8d (bia 0027.0d23.4d8d)
    MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is trunk
    full-duplex, 10 Gb/s, media type is 10g
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 1d03h
    Last clearing of "show interface" counters never
    1 minute input rate 0 bits/sec, 0 packets/sec
    1 minute output rate 0 bits/sec, 0 packets/sec
    Rx
      153349455 input packets 143221479 unicast packets 3730739 multicast packets
      6397237 broadcast packets 0 jumbo packets 0 storm suppression packets
      66448449173 bytes
    Tx
      328643307 output packets 90031378 multicast packets
      113132871 broadcast packets 12877361 jumbo packets
      62121338327 bytes
      0 input error 0 short frame 0 watchdog
      0 no buffer 0 runt 0 CRC 0 ecc
      0 overrun  0 underrun 0 ignored 0 bad etype drop
      0 bad proto drop 0 if down drop 0 input with dribble
      1416 input discard
      0 output error 0 collision 0 deferred
      0 late collision 0 lost carrier 0 no carrier
      0 babble
      0 Rx pause 0 Tx pause
    8 interface resets

  I looked into the error and would suggest opening a TAC case so our engineering team can look into this error.  You can open a case using the supportforum as well to turn the thread into a case.
  Sorry to not be able to help more, but looks like our internal team needs to look into this further.
  Chad

• Vfc Error disabled

  Hi,
  I have a problem connecting a CNA (Qlogic 8152) to a Nexus 5010, the network part is working goot but not the FCoE.
  What I have noticed is that the vfc is down (Error disabled), the DCBX works any how:
  Nex1# sh system internal dcbx info interface ethernet 1/16
  Interface info for if_index: 0x1a00f000(Eth1/16)
  tx_enabled: TRUE
  rx_enabled: TRUE
  dcbx_enabled: TRUE
  DCX Protocol: CEE
  This is the port configuration:
  interface port-channel16
    switchport mode trunk
    vpc 16
    switchport trunk native vlan 501
    switchport trunk allowed vlan 501,810
    spanning-tree port type edge
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/16
    switchport mode trunk
    switchport trunk native vlan 501
    switchport trunk allowed vlan 501,810
    spanning-tree port type edge
    flowcontrol receive on
    flowcontrol send on
    channel-group 16 mode active
  Any ideas what can be the problem? I have seen that if change "channel-group 16 mode active" to "channel-group 16 mode on" the interface goes up but the network connectivity is lost...
  Br
  Per

  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_fcoe_ops.html#wp1080158
  --snip--
  LACP and FCoE To The Host
  Today, when deploying FCoE over a host-facing vPC, the vFC interface is  bound to the port channel interfaces associated with the vPC.  This  requires that the port channel interface be up and forwarding before  FCoE traffic can be switched.  Cisco recommends when running vPC in an  Ethernet environment is to use LACP in order to negotiate the parameters  on both sides of the port channel to ensure that configurations between  both sides is consistent.
  However, if there are inconsistencies in any of the Ethernet  configuration parameters LACP uses to bring up the port channel  interface, both sides of the virtual port channel will remain down.   This means that FCoE traffic from the host is now dependent on the  correct configuration on the LAN/Ethernet side.  When this dependency  occurs, Cisco recommends that you use the static port channel  configuration (channel-group # mode on) when deploying vPC and FCoE to  the same host.
  --snip--
  I'm guessing there's something about the way your CNA / host is handling LACP that caused some kind of mismatch. A packet trace may give a clue. Did you try 'mode passive' as well?