Category:Cisco Systems -> Security
//port state check
switch#sh int gi2/0/37
GigabitEthernet2/0/37 is down, line protocol is down (err-disabled)
//reason
switch#sh int status err-disabled
Port Name Status Reason Err-disabled Vlans
Gi2/0/15 err-disabled link-flap
Gi2/0/17 err-disabled bpduguard
Gi2/0/37 err-disabled link-flap
//errdisable detection configured
2#sh errdisable detect
ErrDisable Reason Detection Mode
----------------- --------- ----
arp-inspection Enabled port
bpduguard Enabled port
channel-misconfig (STP) Enabled port
community-limit Enabled port
dhcp-rate-limit Enabled port
dtp-flap Enabled port
gbic-invalid Enabled port
iif-reg-failure Enabled port
inline-power Enabled port
invalid-policy Enabled port
link-flap Enabled port
loopback Enabled port
lsgroup Enabled port
mac-limit Enabled port
pagp-flap Enabled port
port-mode-failure Enabled port
pppoe-ia-rate-limit Enabled port
psecure-violation Enabled port/vlan
security-violation Enabled port
sfp-config-mismatch Enabled port
sgacl_limitation:enforcem Enabled port
sgacl_limitation:multiple Enabled port
small-frame Enabled port
storm-control Enabled port
udld Enabled port
vmps Enabled port
psp Enabled port
dual-active-recovery Enabled port
evc-lite input mapping fa Enabled port
vsl-and-non-vsl-port-pair Enabled port
Recovery command: clear Enabled port
fasthello-and-non-fasthel Enabled port
//auto-recovery
errdisable recovery cause udld
errdisable recovery cause security-violation
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 60