N5K err-disabled a port due to DCX-No ACK in 100 PDUs

I'm super new to Nexus, so I'm not really sure how to troubleshoot this. I did a quick search and found that this is related to DCBX TLVs in LLDP, which we apparently shouldn't be getting on a regular ethernet port. I'm pretty sure this is just a regular ethernet port. (Like I said, I'm pretty new to nexus. lol)  I wonder if the following output indicates that we are receiving and sending DCBX TLVs in LLDP. If so, it sounds like the interface will go into err-disable state if the server stops sending ACK frames.
# show lldp dcbx int e1/17
Local DCBXP Control information:
Operation version: 00  Max version: 00  Seq no: 1  Ack no: 1 
Type/
Subtype    Version    En/Will/Adv Config
004/000     000        Y/N/Y      8906001b21 08
002/000     000        Y/N/Y      0000000064 00000000 00000001
Peer's DCBXP Control information:
Operation version: 00  Max version: 00  Seq no: 1  Ack no: 1 
Type/      Max/Oper
Subtype    Version    En/Will/Err Config
004/000     000/000    Y/Y/N      8906001b21 08
003/000     000/000    Y/Y/Y      ff08
002/000     000/000    Y/Y/N      ffffffff00 00000000 00000008
This is the first time we've run into this. Any idea what might really be going on?
Thanks!

Hi,
Per the display it  the Server Adapter is doing LLDP DCBX negotiation.
If not needed, then you might want to check the Server adapter settings.
DCBX is an extension of LLDP link layer discovery protocol; not restricted for FCOE usage.
Further informatin on LLDP for Nexus:
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5500/sw/layer2/602_N1_1/b_5500_Layer2_Config_602N11_chapter_01010.html#task_1152779
Thanks!
Regards,
Carlos

Similar Messages

  • Nexus 5500 - Fabricpath Core Port - Error disabled. Reason:DCX-No ACK in 100 PDUs

    Has anyone seen Fabricpath Core Interfaces between two Nexus 5596UP switches error-disabled because of missing DCBX Acks after 50mins?
    I do not see interface errors and the peer is another 5500.
    Both switches are running 5.1(3)N2(1) with this port config:
    int e1/3
    switchport mode fabricpath
    ! Cisco 5m Twinax cables
    Log messages
    2012 May 25 17:40:59 nexus1 %L3VM-5-FP_TPG_INTF_DOWN: Interface Ethernet1/3 down in fabricpath topology 0 - Interface down
    2012 May 25 17:40:59 nexus1 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/3 is down (None)
    2012 May 25 17:40:59 nexus1 %ISIS_FABRICPATH-5-ADJCHANGE:  isis_fabricpath-default [3365]  P2P adj L1 nexus5 over Ethernet1/3 - DOWN (Delete All) on MT-0
    2012 May 25 17:40:59 nexus1 %CDP-5-NEIGHBOR_REMOVED: CDP Neighbor nexus5(FOX1550GDH1) on port Ethernet1/3 has been removed
    2012 May 25 17:40:59 nexus1 %LLDP-5-SERVER_REMOVED: Server with Chassis ID 547f.ee63.fa88 Port ID Eth1/1 on local port Eth1/3 has been removed
    2012 May 25 17:40:59 nexus1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet1/3 is down (Error disabled. Reason:DCX-No ACK in 100 PDUs)
    Robert

    Can you send the output of
    show lldp interface ethernet 1/3
    show lldp dcbx interface ethernet 1/3
    a workaround may be to disable lldp on both sides on these physical interfaces

  • Error disabled. Reason:DCX-No ACK in 100 PDUs

    Hi,
      I have a customer who lost all connectivity from the ESX host for both networking and FCoE because (as the title suggests) the interfaces were error disabled.  This happened across all 8, dual ported, dual homed CNAs at the same time.  Does anyone have any idea what this error comes from?  The are using ESX 4.0 and are running Nexus 5020 with 4.2(1)N2(1a).
    Thanks,
    Thom

    DCBX Type Length Values(TLV) are packaged within a LLDP frame which  is exchanged between the switch and the CNA. One such Control Sub-TLV is  used for ACK which is sequence based. For example, the switch sends  this control Sub-TLV with SeqNo of 1 and AckNo of 2. The host is  supposed to inverse this and send a LLDP frame with control sub-TLV with  SeqNo of 2 and AckNo of 1.
    We expect this exchange every 30 seconds from the host and if the  switch does not see it for 100 times 30 which is 3000 seconds (or 50  minutes), the switch error disables with following error
    2011 May 13 12:03:23 CSX_5020_A1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet115/1/17 is down (Error disabled. Reason:DCX-No ACK in 100 PDUs)
    2011 May 13 12:03:27 CSX_5020_A1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet116/1/16 is down (Error disabled. Reason:DCX-No ACK in 100 PDUs)
    Some commands on the switch which helps in narrowing down root cause.
    F340.24.10-5548-1# show lldp interface ethernet 1/22
    Interface Information:
      Enable (tx/rx/dcbx): Y/Y/Y    Port Mac address: 00:05:73:ab:29:bd
    Peer's LLDP TLVs:
    Type Length Value
    001  007    040000c9 9d2372
    002  007    030000c9 9d2372
    003  002    0078
    006  045    456d756c 6578204f 6e65436f 6e6e6563 74203130 4762204d 756c7469
                2066756e 6374696f 6e204164 61707465 72
    007  004    00800080
    127  055    001b2102 020a0000 00000002 00000001 04110000 c0000001 00003232
                00000000 00000206 060000c0 00080808 0a0000c0 00890600 1b2108
    000  000   
    F340.24.10-5548-1# show lldp dcbx interface ethernet 1/22
    Local DCBXP Control information:
    Operation version: 00  Max version: 00  Seq no: 1  Ack no: 2  <<---Our sequence # and Ack #
    Type/
    Subtype    Version    En/Will/Adv Config
    003/000     000        Y/N/Y      0808
    004/000     000        Y/N/Y      8906001b21 08
    002/000     000        Y/N/Y      0001000032 32000000 00000002
    Peer's DCBXP Control information:
    Operation version: 00  Max version: 00  Seq no: 2  Ack no: 1  <<---Peer sequence # and Ack # should be reversed.
    Type/      Max/Oper
    Subtype    Version    En/Will/Err Config
    002/000     000/000    Y/Y/N      0001000032 32000000 00000002
    003/000     000/000    Y/Y/N      0808
    004/000     000/000    Y/Y/N      8906001b21 08
    F340.24.10-5548-1#
    Root cause for this problem in most cases is misbehaving CNA/server or incorrect firmware/driver on the CNA.

  • Strange mac address causing err-disable

    I have mainly 3550/4506 with port-security. Every day user ports go into err-disable and it's the same few mac addresses each time? anyone else came acreoss this ans know what's it is all about.

    It should tell you in the logg why the port is err-disableing the port . Could be as simple as speed/duplex mismatches on the port if they are causing something like a lot of late collisions the switch will err-disable the ports . Check the switch and nic settings for these devices .

  • WS-C6509-V-E VSS Pair: Random ports going into err-disabled due to udld error

    We recently (a few months ago) put two 6509s into VSS mode and had many teething problems. One of the problems we had was random ports on switch 2 of the pair came up in err-disabled mode after a reboot. We somehow fixed them by combinations of shut/no shut, reseating or changing SFPs, etc.
    Two days ago we saw half of the ports on one card were in err-disabled mode due to udld errors. We cannot find a way to bring them back up (tried udld resets, etc) and think it's really strange that it's a block of ports on the same card. Also it's strange since last time we had this problem it was on different cards (switch 2 as well though).
    See below Te2/3/5-12 are in err-disabled mode. All other ports are fine. We highly doubt a physical problem with fibre and SFPs. Initially suspected the line card, but happened on different cards last time.
    Is there some bug anyone is aware of? Software or physical issue?
    Thanks in advance,
    Paolo.
    Hardware: WS-C6509-V-E
    Version 15.1(2)SY3
    XD#sh mod
    Mod Ports Card Type                              Model              Serial No.
      1   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1737CMC3
      2   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1737CMCH
      3   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1737CMCQ
      4   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1739D8NA
      5    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL1737CU10
      6    5  Supervisor Engine 2T 10GE w/ CTS (CSSO VS-SUP2T-10G       SAL1737CU0L
      7   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1739D8PF
      8   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1739D8R2
      9   48  CEF720 48 port 1000mb SFP              WS-X6848-SFP       SAL1746GBR7
    XD#sh int status | i Te2/3
    Te2/3/5       Mmbr HS-10G-XA-1   err-disabled 999          full    10G 10Gbase-LR
    Te2/3/6       Mmbr HS-400B2-XA-1 err-disabled 999          full    10G 10Gbase-LR
    Te2/3/7       Mmbr HS-AD1-XA-1   err-disabled 999          full    10G 10Gbase-LR
    Te2/3/8       Mmbr HS-AD211-XA-1 err-disabled 999          full    10G 10Gbase-LR
    Te2/3/9       Mmbr HS-AR101B-XA- err-disabled 999          full    10G 10Gbase-SR
    Te2/3/10      Mmbr HS-AS1-XA-1   err-disabled 999          full    10G 10Gbase-LR
    Te2/3/11      Mmbr HS-AS4-XA-1   err-disabled 999          full    10G 10Gbase-LR
    Te2/3/12      Mmbr HS-AV-XA-1    err-disabled 999          full    10G 10Gbase-LR
    Te2/3/13      Mmbr HS-BA107-XA-1 connected    trunk        full    10G 10Gbase-LR
    Te2/3/14      Mmbr HS-BA4-XA-1   connected    trunk        full    10G 10Gbase-LR
    Te2/3/15      Mmbr HS-BA4-XA-2   connected    trunk        full    10G 10Gbase-LR
    Te2/3/16      Mmbr HS-BA7-XA-1   connected    trunk        full    10G 10Gbase-LR
    Te2/3/17      Mmbr HS-BA9-XA-1   connected    trunk        full    10G 10Gbase-LR
    Te2/3/18      Mmbr HS-BA12-XA-1  connected    trunk        full    10G 10Gbase-LR
    Te2/3/19      Mmbr HS-BAHUB-XA-1 disabled     999          full    10G No Connector
    Te2/3/20      Mmbr HS-BOOKSHOP-X connected    trunk        full    10G 10Gbase-LR

    What do these err-disabled ports connect to?

  • Interfaces in port-channel keep err-disabling because of keepalives

    Below is the current portchannel that I am having problems with.  The interfaces on Switch A keep going into an error disabled state because they receive their own loopback.  Cisco says to disable keepalives and that it will fix the problem, but I do not like the idea of disabling keepalives.  Has anyone found a solution other than disabling keepalives?  Notice that ios's are different, but am not convinced that this is the issue.  Also one is PoE and the other isn't.  Lastly, i found this article "Keepalives are sent on all interfaces by default in Cisco IOS Software Release 12.1EA-based software. In Cisco IOS Software Release 12.2SE-based software and later, keepalives are not sent by default on fiber and uplink interfaces".  I would think trunked interfaces in a port-channel would be uplink interfaces and if this is true, it should be sending out keepalives anyway since i am running the 12.2SE based ios.  Thanks for whatever input you may have.
    Switch A
    C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
    System image file is "flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9-mz.122-55.SE3.bin"
    cisco WS-C3750X-48P
    Port-channels in the group:
    Port-channel: Po52
    Age of the Port-channel   = 219d:04h:32m:49s
    Logical slot/port   = 10/39          Number of ports = 4
    GC                  = 0x00000000      HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =    -
    Port security       = Disabled
    Ports in the Port-channel:
    Index   Load   Port     EC state        No of bits
    ------+------+------+------------------+-----------
      0     00     Gi1/0/35 On                 0
      0     00     Gi1/0/36 On                 0
      0     00     Gi2/0/45 On                 0
      0     00     Gi2/0/46 On                 0
    %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/35.
    %PM-4-ERR_DISABLE: loopback error detected on Gi1/0/35, putting Gi1/0/35 in err-disable state
    %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel39, changed state to down
    %LINK-3-UPDOWN: Interface Port-channel39, changed state to down
    Switch B
    C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
    System image file is "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"
    cisco WS-C3750X-48
    Port-channels in the group:
    Port-channel: Po52
    Age of the Port-channel   = 443d:18h:43m:06s
    Logical slot/port   = 10/39          Number of ports = 4
    GC                  = 0x00000000      HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =    -
    Port security       = Disabled
    Ports in the Port-channel:
    Index   Load   Port     EC state        No of bits
    ------+------+------+------------------+-----------
      0     00     Gi1/0/35 On                 0
      0     00     Gi1/0/36 On                 0
      0     00     Gi1/0/45 On                 0
      0     00     Gi1/0/46 On                 0

    PER CISCO
    Symptom:
    An interface on a Catalyst switch is errordisabled after detecting a loopback.
    Mar 7 03:20:40: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on
    GigabitEthernet0/2. The port is forced to linkdown.
    Mar 7 03:20:42: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state
    to administratively down
    Mar 7 03:20:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    GigabitEthernet0/2, changed state to down
    Conditions:
    This might be seen on a Catalyst 2940, 2950, 2950-LRE, 2955, 2970, 3550, 3560
    or 3750 switch running 12.1EA or 12.2SE based code.
    Workaround:
    Disable keepalives by using the no keepalive interface command. This
    will prevent the port from being errdisabled, but it does not resolve the root
    cause of the problem. Please see section below for more information.
    Additional Information:
    The problem occurs because the keepalive packet is looped back to the port that
    sent the keepalive. There is a loop in the network. Although disabling the
    keepalive will prevent the interface from being errdisabled, it will not remove
    the loop.
    The problem is aggravated if there are a large number of Topology Change
    Notifications on the network. When a switch receives a BPDU with the Topology
    Change bit set, the switch will fast age the MAC Address table. When this
    happens, the number of flooded packets increases because the MAC Address table
    is empty.

  • LMS 4.2 - Err-disable port state

    Hello,
    I'm trying to figure it out how exactly LMS learns about ports in err-disable state? Which MIB or command is used?
    I have two ME3400 switches with err-disabled ports but LMS shows only the ports of one of the them. Both switches are ME-3400-24TS-A
    and have the same IOS version (12.2(53)SE). I'm sure data collection is running fine because it updates the other discrepancies.
    What i have tried by now:
    - did an SNMP walk from LMS on CISCO-ERR-DISABLED-MIB - no info found there on port status
    - did an SNMP walk from LMS on CISCO-STACK-MIB - I know that this MIB contains object portAdditionalOperStatus (1.3.6.1.4.1.9.5.1.4.1.1.23) which shows the operational status of the ports, but it seems that ME3400 does not support it (although it supports CISCO-STACK-MIB), because I cannot see the SNMP reponse in the trace:
    ========================================================================
    The following is a SNMP walk of device 192.168.6.89 starting from .1.3.6.1.4.1.9.5.1.4.1.1.23
    SNMP Walk Output
    .1.3.6.1.4.1.9.5.1.4.1.1.23
    CISCO-STACK-MIB::portAdditionalOperStatus = No Such Object available on this agent at this OID
    ========================================================================
    So how does LMS knows which ports are in err-disable state?
    Kind regards,
    Velin

    Hello,
    The OID that LMS uses for detecting the err-disabled state of the ports is 1.3.6.1.4.1.9.9.548.1.3.1.1.2 (cErrDisableIfStatusCause) from CISCO-ERR-DISABLE-MIB 
    Velin

  • Looking for Tool - Port Security/err-disable

    I have implemented port security on our new 3750X's.  Does anyone know, or using, a tool that can report, poll or alert when an interface goes into err-disable and what caused the violation?

    Thanks Marvin.  I was hoping there was another utility, as well.  We have a syslog server, which does get the syslog messages.  I was hoping for a more proactive response versus a query for the information.  Building trends and such is not a big deal with the syslog data.
    Our environment is fairly large with 70 buildings at one location and 15 at another.  Being a University we have students who try different things on the network as well as other "IT" arms doing their own thing.  We have a monitoring tool, Intermapper, but I was hoping there was something else that could be used, or someone else using something better, to give us a real time view, and something that could collect all the data at once and provide a report.
    I was not sure if Cisco Prime Infrastructure provided that functionality or not, or if there was another product recommended.

  • Port Err-disable report from cisco works

    Hi All,
    We have network of around 400 switches.
    My question is, Is there any way I can pull up the report of Err-disable for all the switches on Cisoworks ( LMS 3.2).
    Any help would be appricated.
    Thanks,
    Samir

    No, this is not possible because determining if a port is err-disable is not easily obtainable via SNMP.  Campus Manager's Port Attributes report will show you the operational status of ports, but err-disable ports will be down (which is indistinguishable from a port which is unconnected).

  • Gig port down/down (err-disabled) Reason: diagnostics

    Hello,
    Today I had a 2 ports on Cisco 6509 go into err-disabled state. Both ports show reason "diagnostics". I tried bouncing the interfaces and defaulting the interfaces. Any ideas? Thank you!
    Show int status err-disabled:
    Port    Name                        Status       Reason
    Gi1/4                                err-disabled diagnostics
    Gi1/6   In Patient First F err-disabled diagnostics
    Show Version:
    Cisco Internetwork Operating System Software
    IOS (tm) s3223_rp Software (s3223_rp-IPBASE_WAN-M), Version 12.2(18)SXF16, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2009 by cisco Systems, Inc.
    Compiled Tue 03-Mar-09 19:00 by kellythw
    Image text-base: 0x40101040, data-base: 0x42A48810
    ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
    BOOTLDR: s3223_rp Software (s3223_rp-IPBASE_WAN-M), Version 12.2(18)SXF16, RELEASE SOFTWARE (fc2)
    NOMA17UA01A uptime is 4 years, 34 weeks, 4 days, 23 hours, 36 minutes
    Time since NOMA17UA01A switched to active is 4 years, 34 weeks, 4 days, 23 hours, 48 minutes
    System returned to ROM by  power cycle (SP by power on)
    System restarted at 11:49:53 extende Tue Sep 8 2009
    System image file is "sup-bootdisk:s3223-ipbase_wan-mz.122-18.SXF16.bin"
    cisco WS-C6509-E (R7000) processor (revision 1.4) with 458752K/65536K bytes of memory.
    Processor board ID SMG1229N0DT
    R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
    Last reset from power-on
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    X.25 software, Version 3.0.0.
    Bridging software.
    TN3270 Emulation software.
    2 Virtual Ethernet/IEEE 802.3 interfaces
    345 Gigabit Ethernet/IEEE 802.3 interfaces
    1915K bytes of non-volatile configuration memory.
    65536K bytes of Flash internal SIMM (Sector size 512K).
    Configuration register is 0x2102
    Thank you,
    -Nick Chenault

    I think Diagnostics means Hardware related issue not Config related, I would contact Cisco as this could a sign of ASIC failure.
    Manish

  • WAPs connected ports are becoming err-disabled.

    Hi All,
    I'm facing a strange issue. WAPs connected ports are becomming err-disabled with an attached error message. Not only a single WAP, All the WAPs connected to the 3750 are having the same issue. I have tried to identify which WAP is sending the BPDU and that inturn causing other WAP connected ports to be down.
    I have 5 WAPs in that site; if I enable any WAPs connected port below logs messages are coming and that port is becomming err-disable.
    Can anyone shed some light to troubleshoot this issue. Any help would be appreciated.
    Dec  1 03:32:59.397 UTC: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/0/12 with BPDU Guard enabled. Disabling port.
    Dec  1 03:32:59.397 UTC: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/12, putting Gi1/0/12 in err-disable state
    Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/12, changed state to down
    Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan5, changed state to down
    Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan50, changed state to down
    Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan51, changed state to down
    Dec  1 03:33:01.427 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/12, changed state to down
    Regards,
    T.K

    Can you please furnish the command output of the following:
    1.  sh version
    2.  sh run int g 1/0/12
    3.  sh interface status err

  • %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/40

    Hi All,
    I am getting below error in the Switch, Please help how to troubleshoot and stop.
    Mar 11 09:46:07.492 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/37, putting Gi2/0/37 in err-disable state (C29NEWM434-03-2)
    Mar 11 09:49:07.516 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/37 (C29NEWM434-03-2)
    Mar 11 10:02:55.308 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/37, putting Gi2/0/37 in err-disable state (C29NEWM434-03-2)
    Mar 11 10:05:55.325 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/37 (C29NEWM434-03-2)
    Mar 11 10:11:39.306 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/37, putting Gi2/0/37 in err-disable state (C29NEWM434-03-2)
    Mar 11 10:14:39.323 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/37 (C29NEWM434-03-2)
    Mar 11 10:50:13.152 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/37, putting Gi2/0/37 in err-disable state (C29NEWM434-03-2)
    Mar 11 10:53:13.162 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/37 (C29NEWM434-03-2)
    Mar 11 14:53:30.262 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/40, putting Gi2/0/40 in err-disable state (C29NEWM434-03-2)
    Mar 11 14:56:30.279 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/40 (C29NEWM434-03-2)
    Mar 11 15:33:03.207 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/40, putting Gi2/0/40 in err-disable state (C29NEWM434-03-2)
    Mar 11 15:36:03.227 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/40 (C29NEWM434-03-2)
    Mar 11 15:46:03.250 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/40, putting Gi2/0/40 in err-disable state (C29NEWM434-03-2)
    Mar 11 15:49:03.268 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/40 (C29NEWM434-03-2)
    Mar 11 15:53:23.050 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/40, putting Gi2/0/40 in err-disable state (C29NEWM434-03-2)
    Mar 11 15:56:23.064 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi2/0/40 (C29NEWM434-03-2)
    Mar 11 17:09:43.703 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/40, putting Gi2/0/40 in err-disable state (C29NEWM434-03-2)
    Mar 12 09:53:20.747 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/40, putting Gi2/0/40 in err-disable state (C29NEWM434-03-2)
    Thanks in advance,
    Nagasheshu.

    sh errdisable recovery
    ErrDisable Reason            Timer Status
    arp-inspection               Enabled
    bpduguard                    Enabled
    channel-misconfig (STP)      Disabled
    dhcp-rate-limit              Disabled
    dtp-flap                     Disabled
    gbic-invalid                 Disabled
    inline-power                 Disabled
    link-flap                    Enabled
    mac-limit                    Disabled
    loopback                     Disabled
    pagp-flap                    Disabled
    port-mode-failure            Disabled
    pppoe-ia-rate-limit          Disabled
    psecure-violation            Disabled
    security-violation           Disabled
    sfp-config-mismatch          Disabled
    small-frame                  Disabled
    storm-control                Disabled
    udld                         Disabled
    vmps                         Disabled
    psp                          Disabled
    Timer interval: 180 seconds
    Interfaces that will be enabled at the next timeout:
    sh ip arp inspection int output
     Gi2/0/37         Untrusted               15                 1
     Interface        Trust State     Rate (pps)    Burst Interval
     Gi2/0/38         Untrusted               15                 1
     Gi2/0/39         Untrusted               15                 1
     Gi2/0/40         Untrusted               15                 1
     Gi2/0/41         Untrusted               15                 1
     Gi2/0/42         Untrusted               15                 1
     Gi2/0/43         Untrusted               15                 1
     Gi2/0/44         Untrusted               15                 1
     Gi2/0/45         Untrusted               15                 1
     Gi2/0/46         Untrusted               15                 1
     Gi2/0/47         Untrusted               15                 1
     Gi2/0/48         Trusted               None               N/A
     Gi2/0/49         Untrusted               15                 1
    sh cdp  neighbors Gig 2/0/40 det
    Device ID: SEP0004f2440d98
    Entry address(es):
      IP address: 10.210.86.86
    Platform: Polycom SoundPoint IP 450,  Capabilities: Host Phone
    Interface: GigabitEthernet2/0/40,  Port ID (outgoing port): Port 1
    Holdtime : 120 sec
    Version :
    Updater: 5.0.2, App: 4.0.2
    advertisement version: 2
    Duplex: full
    Power drawn: 5.400 Watts
    Power Available TLV:
        Power request id: 0, Power management id: 0, Power available: 0, Power management level: 0
    Management address(es):
    29NEWM434-03#sh run | i arp inspe
    ip arp inspection vlan 11-13,21-23
    Please see the output and config. Please advise.
    Thanks!!

  • Cisco 4506 switch in Err-disable mode

        I have a Cisco 4506 switch and its 10 gig interface is in error disable mode.I tried Shut and no shut the port couple of times but it transits from up to down number of times and then to error-disable. Did anyone else encountered this issue before. kindly advise the solution for the same. thanks         

    Hi Shariq,
    Can you post the output of the show interface status err-disable ? That output contains the reason for putting your port into err-disabled state.
    Best regards,
    Peter

  • SF300-24PP switch causing err-disable on some other switch Uplinks

    This is something that happened as I was setting up a couple of these PoE SF300 switches for IP cameras.
    We wanted to save a little money so we purchased a few of these switches to daisy-chain onto a couple of our 4507s to provide PoE support for IP cameras that are coming in. But an odd thing happened when I set one up and connected it.
    I set up the SF300 switch with all FE ports set to access and for VLAN 18 (our camera VLAN). I then configured a Portchannel (PO2) and assigned GE1 and GE2 to it. I defined the allowed VLANs 10,14,18 on the Port Channel Interface definition. I also created an SVI Interface VLAN definition for our management address (on VLAN 10) to be able to SSH into the switch once it's on the network.
    I did most of this thru the CLI and not the GUI.
    I saved the config (copy run start) and turned off the switch then deployed it in the IDF closet. I powered it up and connected the GE1&2 ports to 2 Gig ports in the 4507 defined with PO2 - both with MODE=ON.
    Well, as I found out later, my config changes never got saved and the GE1&2 because trunk ports, so when I plugged them in, They started acting independently. At about the same time another switch we have in our network (that is daisy-chained off a 3750 - 1 trunk port) suddenly had it's uplink put into ERR_DISABLE mode (we also had this occur with another 2 switches with a very similar config - Daisy-Chain).
    Now , how my config never got saved issue, is not at the forefront of my mind as much as how did a couple of switch uplinks in another building go into ERR-DISABLE. 
    I know that our 4507s run rapid per-vlan STP+ and that the SP300 only runs Rapid STP, but this is a real mystery to us. If anyone has any ideas for tracking this down, please reply.

    Hello James,
    Welcome to the forums!
    About the default settings. The switch comes with vlan1 as the default vlan for all traffic.
    Here is a quick overview of the port settings
    access - one vlan
    trunk - multiple vlans
    general - multiple vlans (had additional options)
    When using the auto voice-vlan, you can have your port set as access for vlan 1 and when the switch see a phone connected, it will join the voice vlan also. This allow the ports to be dynamic. It is not necessary to do this. You can create all ports as trunk ports that are part of both your default vlan and your voice vlan.
    The benifits of auto-voice vlan
    -phones are discovered and joined to the vlan dynamically
    -predetermined QoS settings
    -security in that you can have your port set to access
    This is a relatively basic overview.
    As for the problem you are seeing. I would recommend that you check the firmware of the switch and upgrade if needed. While it may not have anything to do with the problem at hand, it will help prevent any future issues.
    I would suggest disabling the Green Ethernet, which can be found under the port management section. If you continue to see the problem after that, I would recommend giving us a call at the support center. We will be able to look a little closer to what is happening.
    http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

  • BPDU Guard without ERR-Disable

    Hi Everyone, 
    I recently had an instance in one of my networks where a user plugged in a home router to our network. The router then started handing out incorrect IP addresses to clients. 
    I know I can use DHCP Snooping or BPDU guard to stop this happening again and we do have BPDU Guard running at other sites successfully. The problem has always been if we enable it in a new production network we might disable ports that have legitimate devices on the other end. For example someone is using a small switch to share a port between a PC and a printer.
    Is there a way of turning on BPDU guard but without it putting ports into an Err-Disabled mode and just alerting in the logs instead?
    Regards, Daniel

    Hi Leo, 
    Thanks for your input in the discussion. However I think you are misunderstanding why I am asking this question.
    I WANT to enable BPDU guard on this network, I know its not a PIA and I am well aware of what it does and why it would be implemented.
    The reason I am asking this question is because I need to transition from a network that doesn't have BPDU guard enabled to one that does. If i turn the feature on it will start disabling ports on switches and stop peoples workflow until it is resolved. The reason people have unidentified switches plugged into the network might be legitimate, but the way they got around their problem wasn't the best. 
    My goal is to find out where these rogue switches are, find out why they are there. Find an alternative way to connect these devices to the network by either purchasing new switches or running more cabling.  This network does not have any onsite IT and therefor all this needs to be figured out remotely.
    So the crux of the problem is. How to find STP devices that are plugged into my switches.
    Thoughts?

Maybe you are looking for

  • My facebook profile badge stopped loading properly on my website :-( how can i fix it?

    please go to www.platino909.com and look above the twitter profile badge on the home page. it was working for more than a year. now suddenly it's just a tiny white box top left in the text box. help!

  • BADI/User-Exit for MD14

    Hi, Our client wants to update certain data in PR while the PRs are created from Planned orders or after a PR is created from a Planned order. I've implemented BADI MD_PURREQ_CHANGE but while testing, the debugger is not taking to the break point. Th

  • Dynamic Variable - Time/Date

    I am trying to update a standard query and make it less manually intensive. The issue at hand is that the way the query and data is structured, we need to go into the query each quarter and then add another quarter column at the end. I am not sure ho

  • String draw size, in a linux command environment

    I need to get the string length as it displays on screen (for image generation). First i did this through a simple php script but i discovered that the standard method in php is way off by 200 +pixels. Thus i would  like to know if i can get the stri

  • Why in the world can't I install LR5

    Does Lightroom 5 really refuse to operate with Vista?  Guess I should have checked specs but have NEVER had a problem with an OS and a program.  Anyone else run into this mess? Will Lightroom 4 cooperate with Vista or XP?  Any help would be greatly a