Пример на память.
http://www.cisco.com/cisco/web/support/RU/10/105/105416_errdisable_recovery.html
EDU-Switch#sh int gi 0/8
GigabitEthernet0/8 is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet, address is 0008.30хх.хххх (bia 0008.30хх.хххх)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 4w6d, output 2d05h, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
9671 packets input, 1590071 bytes, 0 no buffer
Received 2028 broadcasts (310 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 310 multicast, 0 pause input
0 input packets with dribble condition detected
2056200 packets output, 191811224 bytes, 0 underruns
EDU-Switch#sh port-security int gi 0/8
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0000.5e00.0001:111
Security Violation Count : 1
EDU-Switch#sh run int gi 0/8
Building configuration...
Current configuration : 255 bytes
!
interface GigabitEthernet0/8
switchport access vlan 111
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000c.42c1.bea1 vlan access
spanning-tree portfast
end
EDU-Switch#sh int gi 0/8 status
Port Name Status Vlan Duplex Speed Type
Gi0/8 err-disabled 111 auto auto 10/100/1000BaseTX
EDU-Switch#sh log
*Apr 17 00:14:43.784: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/8, putting Gi0/8 in err-disable state
EDU-Switch#sh errdisable detect
ErrDisable Reason Detection Mode
----------------- --------- ----
bpduguard Enabled port
channel-misconfig (STP) Enabled port
community-limit Enabled port
dhcp-rate-limit Enabled port
dtp-flap Enabled port
gbic-invalid Enabled port
inline-power Enabled port
invalid-policy Enabled port
link-flap Enabled port
loopback Enabled port
lsgroup Enabled port
mac-limit Enabled port
pagp-flap Enabled port
port-mode-failure Enabled port
pppoe-ia-rate-limit Enabled port
psecure-violation Enabled port/vlan
security-violation Enabled port
sfp-config-mismatch Enabled port
small-frame Enabled port
storm-control Enabled port
udld Enabled port
vmps Enabled port
EDU-Switch#sh errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
bpduguard Disabled
channel-misconfig (STP) Disabled
dhcp-rate-limit Disabled
dtp-flap Disabled
gbic-invalid Disabled
inline-power Disabled
link-flap Disabled
mac-limit Disabled
loopback Disabled
pagp-flap Disabled
port-mode-failure Disabled
pppoe-ia-rate-limit Disabled
psecure-violation Disabled
security-violation Disabled
sfp-config-mismatch Disabled
small-frame Disabled
storm-control Disabled
udld Disabled
vmps Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
EDU-Switch(config)#errdisable recovery cause psecure-violation
EDU-Switch(config)#do sh errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
bpduguard Disabled
channel-misconfig (STP) Disabled
dhcp-rate-limit Disabled
dtp-flap Disabled
gbic-invalid Disabled
inline-power Disabled
link-flap Disabled
mac-limit Disabled
loopback Disabled
pagp-flap Disabled
port-mode-failure Disabled
pppoe-ia-rate-limit Disabled
psecure-violation Enabled
security-violation Disabled
sfp-config-mismatch Disabled
small-frame Disabled
storm-control Disabled
udld Disabled
vmps Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
Interface Errdisable reason Time left(sec)
--------- ----------------- --------------
Gi0/8 psecure-violation 257
Gi0/10 psecure-violation 257
Gi0/12 psecure-violation 257
Gi0/14 psecure-violation 257
http://www.cisco.com/cisco/web/support/RU/10/105/105416_errdisable_recovery.html
EDU-Switch#sh int gi 0/8
GigabitEthernet0/8 is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet, address is 0008.30хх.хххх (bia 0008.30хх.хххх)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 4w6d, output 2d05h, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
9671 packets input, 1590071 bytes, 0 no buffer
Received 2028 broadcasts (310 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 310 multicast, 0 pause input
0 input packets with dribble condition detected
2056200 packets output, 191811224 bytes, 0 underruns
EDU-Switch#sh port-security int gi 0/8
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0000.5e00.0001:111
Security Violation Count : 1
EDU-Switch#sh run int gi 0/8
Building configuration...
Current configuration : 255 bytes
!
interface GigabitEthernet0/8
switchport access vlan 111
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000c.42c1.bea1 vlan access
spanning-tree portfast
end
EDU-Switch#sh int gi 0/8 status
Port Name Status Vlan Duplex Speed Type
Gi0/8 err-disabled 111 auto auto 10/100/1000BaseTX
EDU-Switch#sh log
*Apr 17 00:14:43.784: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/8, putting Gi0/8 in err-disable state
EDU-Switch#sh errdisable detect
ErrDisable Reason Detection Mode
----------------- --------- ----
bpduguard Enabled port
channel-misconfig (STP) Enabled port
community-limit Enabled port
dhcp-rate-limit Enabled port
dtp-flap Enabled port
gbic-invalid Enabled port
inline-power Enabled port
invalid-policy Enabled port
link-flap Enabled port
loopback Enabled port
lsgroup Enabled port
mac-limit Enabled port
pagp-flap Enabled port
port-mode-failure Enabled port
pppoe-ia-rate-limit Enabled port
psecure-violation Enabled port/vlan
security-violation Enabled port
sfp-config-mismatch Enabled port
small-frame Enabled port
storm-control Enabled port
udld Enabled port
vmps Enabled port
EDU-Switch#sh errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
bpduguard Disabled
channel-misconfig (STP) Disabled
dhcp-rate-limit Disabled
dtp-flap Disabled
gbic-invalid Disabled
inline-power Disabled
link-flap Disabled
mac-limit Disabled
loopback Disabled
pagp-flap Disabled
port-mode-failure Disabled
pppoe-ia-rate-limit Disabled
psecure-violation Disabled
security-violation Disabled
sfp-config-mismatch Disabled
small-frame Disabled
storm-control Disabled
udld Disabled
vmps Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
EDU-Switch(config)#errdisable recovery cause psecure-violation
EDU-Switch(config)#do sh errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
bpduguard Disabled
channel-misconfig (STP) Disabled
dhcp-rate-limit Disabled
dtp-flap Disabled
gbic-invalid Disabled
inline-power Disabled
link-flap Disabled
mac-limit Disabled
loopback Disabled
pagp-flap Disabled
port-mode-failure Disabled
pppoe-ia-rate-limit Disabled
psecure-violation Enabled
security-violation Disabled
sfp-config-mismatch Disabled
small-frame Disabled
storm-control Disabled
udld Disabled
vmps Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
Interface Errdisable reason Time left(sec)
--------- ----------------- --------------
Gi0/8 psecure-violation 257
Gi0/10 psecure-violation 257
Gi0/12 psecure-violation 257
Gi0/14 psecure-violation 257
Комментариев нет:
Отправить комментарий