Home > Err-disabled Recovery Questions

Err-disabled Recovery Questions

November 25th, 2018 in SWITCH 300-115 Go to comments

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8


This is the paragraph which describes about the “show errdisable recovery” command on Cisco website:

“If you have enabled errdisable recovery, you can determine the reason for the errdisable status if you issue the “show errdisable recovery” command. An example of the output of this command is shown below:

Switch#show errdisable recovery
ErrDisable Reason    Timer Status
-----------------    --------------
udld                 Enabled
bpduguard            Enabled
security-violatio    Enabled
channel-misconfig    Enabled
pagp-flap            Enabled
dtp-flap             Enabled
link-flap            Enabled
l2ptguard            Enabled
psecure-violation    Enabled
gbic-invalid         Enabled
dhcp-rate-limit      Enabled
mac-limit            Enabled
unicast-flood        Enabled
arp-inspection       Enabled

Timer interval: 300 seconds

Interfaces that will be enabled at the next timeout:

Interface      Errdisable reason      Time left(sec)
---------    ---------------------    --------------
  Fa2/4                bpduguard          273

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

So answer A seems to be correct but the above quote is very misleading. In fact, this command is used to verify which services/features were enabled for err-disable recovery (notice that the err-disable recovery feature is disabled by default for all services and features and we have to manually turn them on if we want to use via the command “errdisable recovery cause …”). If we allows all above services/features to automatically recover then we will not know the reason a port was error-disabled.

In fact, the best way to determine why a port is in the err-disabled state is to view the Syslog messages. For example:

%PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable state

This means Fa0/1 is put in err-disabled state because of a port security violation.

Note: The command “show errdisable detect” is used to identify which services are enabled for Errdisable only (for example, services like “arp-inspection”, bpduguard, UDLD,…)

Question 9


When a port is error-disabled, the LED associated with the port on the front panel is solid orange.

Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/ethernet/12017-20.html

Error-disabled is same as shut down state so all traffic on this port are stopped.

Question 10


When a port security is violated, that port can be put into errdisable state -> B is correct.

When a maximum number of hosts per port was reached, learning a new MAC address can put that port into errdisable state -> D is correct.

  1. tcp22
    December 4th, 2018

    A question about a fiber connected EtherChannel after the switches were powered on the ports went errdisable.
    A. Due to UDLD errdisable it.
    B. Due to EtherChannel misconfig.

    why B is not correct?

  2. driguilim
    December 5th, 2018

    Where can I see thi question about “Err-disabled Recovery Questions”? I’ve got the lastest download from the PDF questions (SWITCH_Nov_2019), but I didn’t found any topic about it.

  3. ccnp engineer
    December 10th, 2018

    Which errdisable recovery command option enables a device to recover from an incorrect SFT state?

    A. link-monitor-failure
    B. sfp-config-mismatch
    C. gbic-invalid
    D. port-mode-failure

    I think the answer should be C ( gbic-invalid) not A.

    Please verify and confirm..

    Reference link below…

  4. Anonymous
    December 12th, 2018

    @CCNP Engineer

    I thought the same thing when I read. Can someone confirm?

  1. No trackbacks yet.