Err-disabled Recovery Questions
Question 1
Which errdisable recovery command option enables a device to recover from a potential loop condition?
A. link-flap
B. security-violation
C. udld
D. dtp-flap
Answer: C
udld = UniDirectional Link Detection (UDLD) conditi
ستجد الجواب ضمن الشرح أدناه وهو :-
Use this command in order to restore all of the ports that have been placed into error-disable mode by the UDLD:
N7KA(config)# udld reset
المرجع للشرح :-
The ports exchange UDLD packets during the UDLD detection process, to include the originator switch-ID and the originator port-ID. Once a UDLD packet is received, the switch echoes the peer switch-ID and port-ID back to the peer. Once the switche
show errdisable recovery—Shows the time period after which the interfaces are enabled for errdisable conditions. show errdisable detect—Shows the reason for the errdisable status.
s exchange echo packets, a bi-directional relationship is formed.
The UDLD error conditions exist when the switch does not receive the expected information from its UDLD peer.
This document describes these UDLD error conditions and how to troubleshoot them:
- Empty-echo
- Transmit-Receive (Tx-Rx) Loop
- Uni-direction
- Neighbor mismatch
- Sudden cessation of UDLD frames
UDLD Error Conditions
This section describes the various types of UDLD error conditions and some probable causes.
Empty Echo
This condition is present when Switch-A receives a UDLD frame from Switch-B without the expected echo of the Switch-A switch-ID and port-ID.
When an empty-echo is detected, the UDLD performs these actions:
| Mode | Action |
|---|---|
| Normal Mode | err-disable port |
| Aggressive Mode | err-disable port |
These syslog messages are then generated:
2015 Mar 19 11:57:56.155 N7kA ETHPORT-2-IF_DOWN_ERROR_DISABLED Interface Ethernet1/2
is down (Error disabled. Reason:UDLD empty echo)
2015 Mar 19 11:57:56.186 N7kA ETH_PORT_CHANNEL-5-PORT_INDIVIDUAL_DOWN individual port
Ethernet1/2 is down
2015 Mar 19 11:57:56.336 N7kA ETHPORT-2-IF_DOWN_ERROR_DISABLED Interface Ethernet1/2
is down (Error disabled. Reason:UDLD empty echo)
Here are some possible causes for this condition
- The UDLD bi-directional relationship has timed out on Switch-B because it does not receive the UDLD frames from Switch-A.
- Switch-B received the UDLD frames from Switch-A but did not process them.
- Switch-A did not send the UDLD frames to Switch-B.
Tx-Rx Loop
This condition occurs when a UDLD frame is received on the same port from which it was transmitted.
When a Tx-Rx loop is detected, UDLD performs these actions:
| Mode | Action |
|---|---|
| Normal Mode | err-disable port |
| Aggressive Mode | err-disable port |
These syslog messages are then generated:
2015 Mar 20 14:52:30 N7kA %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet17/5
is down (Error disabled. Reason:UDLD Tx-Rx Loop)
2015 Mar 20 14:52:30 N7kA %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet17/5
is down (Error disabled. Reason:UDLD Tx-Rx Loop)
Here are some possible causes for this condition:
- There might be incorrect wiring or a physical media issue.
- The intermediate devices reflect the frames back to the sending port.
Neighbor Mismatch
This condition is present when Port-A on Switch-A receives a frame from a port other than that with which it already formed a UDLD bi-directional relationship.
When a neighbor mismatch is detected, UDLD performs these actions:
| Mode | Action |
|---|---|
| Normal Mode | err-disable port |
| Aggressive Mode | err-disable port |
These syslog messages are then generated:
2015 Mar 21 10:23:05.598 N7kA %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet3/21
is down (Error disabled. Reason:UDLD Neighbor mismatch)
2015 Mar 21 10:24:07.065 N7kA %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet3/21
is down (Error disabled. Reason:UDLD Neighbor mismatch)
Here are some possible causes for this condition:
- The UDLD port in question is a member of a port-channel on which a member port has changed states.
- There is an intermediate device between the two ports that formed the bi-directional relationship.
Sudden Cessation of UDLD Frames
This condition is present when a port that has formed a bi-directional relationship does not receive a UDLD frame during the time-out interval (50 seconds by default).
When this condition is detected, the UDLD performs these actions:
| Mode | Action |
|---|---|
| Normal Mode | UDLD marks port as Undetermined, and the port continues to function in accordance with its spanning-tree port state |
| Aggressive Mode | err-disable port |
Troubleshoot UDLD Error Conditions
This section describes general troubleshooting steps that you should complete if you encounter a UDLD error-disabled port.
Since UDLD errors indicate physical layer faults, it is appropriate to troubleshoot at the physical layer. When UDLD error messages are encountered, consider these questions:
- Does the error persist if the Small Form-Factor Pluggable Transceiver (SFP) is replaced?
- Does the error persist if the cable is replaced?
- Does the error persist if the connection is moved to a different physical port on the switch?
Useful Commands
Use this command in order to restore all of the ports that have been placed into error-disable mode by the UDLD:
N7KA(config)# udld reset
Use this command in order to verify the bi-directional relationship:
N7KA-NORTH-AGG(config-if)# show udld eth 3/4
Interface Ethernet3/4
--------------------------------
Port enable administrative configuration setting: enabled
Port enable operational state: enabled
Current bidirectional state: bidirectional
Current operational state: advertisement - Single neighbor detected
Message interval: 7
Timeout interval: 5
Entry 1
----------------
Expiration time: 39
Cache Device index: 1
Current neighbor state: bidirectional
Device ID: JAF1620ABAB
Port ID: Ethernet3/12
Neighbor echo 1 devices: JAF1617BACD
Neighbor echo 1 port: Ethernet3/4
Message interval: 15
Timeout interval: 5
CDP Device name: N7KB-SOUTH-AGG(JAF1620ABAB)
Last pkt send on: 400096, Aug 6 13:58:52 2014
Probe pkt send on: 400096, Aug 6 13:58:52 2014
Echo pkt send on: 395799, Aug 6 13:58:43 2014
Flush pkt send on: None.
Last pkt recv on: 740333, Aug 6 13:58:52 2014
Probe pkt recv on: 740333, Aug 6 13:58:52 2014
Echo pkt recv on: 730454, Aug 6 13:58:43 2014
Flush pkt recv on: None.
Deep pkt inspections done: None.
Mismatched if index found: None.
Deep pkt inspection drops: None.
Use this command in order to verify error counters on the physical interfaces, which determines whether the UDLD frames are dropped due to physical layer hardware faults:
RTP-Agg1# show interface ethernet 4/1 | i error|CRC|discard|drop
0 runts 0 giants 0 CRC/FCS 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble 0 output discard
Use this command in order to check the CPU utilization, which determines whether high CPU utilization prevents the UDLD frames from being processed:
N7K-A# show system resources
Load average: 1 minute: 0.17 5 minutes: 0.25 15 minutes: 0.20
Processes : 1993 total, 1 running
CPU states : 0.18% user, 0.81% kernel, 98.99% idle
Question 2
A question about how to recover err-disable. (Choose two)
A. UDLD reset
B. Err-disable auto recovery
C. Shut and restart
D. UDLD recovery
Answer: A B
A صحيحة كما تم توضيحة في شرح السؤال الأول :-
Use this command in order to restore all of the ports that have been placed into error-disable mode by the UDLD:
N7KA(config)# udld reset
B صحيحة والمرجع هو وهو :-
ince the port recovery from an Err-disabled state requires always an administrator to manually shutdown and no shutdown the port. It is very useful to configure an automatic recovery mechanism to gain time and minimize administrator interventions.
Configuration:
We need simply to define the recovery cause for which we would like to automatically recover the port state after going to Err-disable. In addition, we need to adjust the time interval (in seconds) to wait before enabling the port:
! Switch(config)# errdisable recovery cause psecure-violation Switch(config)# errdisable recovery interval 300 !
We can use the “all” keyword to configure an auto recovery for all possible causes of err-disable state.
The output below shows the recovery status for each ErrDisable reason:
Switch# show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled inline-power Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled link-monitor-failure Disabled loopback Disabled oam-remote-failure Disabled pagp-flap Disabled port-mode-failure Disabled psecure-violation Enabled security-violation Disabled sfp-config-mismatch Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout:
Question 3
Refer to the exhibit
| errdisable recovery cause udld udld port aggressive mode current operational status : disabled port message interval 7 time out interval 5fa0/13 is down, line protocol is down (err-disabled) mtu 1500 bw 1000, dly 1000 loopback not set keepalive set 10 sec |
Which two statements of the above result is true? (Choose two)
A. As a result of STP, interface was err-disabled
B. UDLD reset command recovers the disabled ports after the error is corrected
C. UDLD negotiation failed when neighbor switch went offline
D. UDLD mode changed from normal to aggressive when the error was detected
E. UDLD aggressive mode put the interface into an error disabled state
Answer: B E
errdisable recovery cause udld ==> B true (1)
udld port aggressive mode =============> E true (2)
current operational status : disabled port =>E true (3)
message interval 7
time out interval 5fa0/13 is down, line protocol is down (err-disabled)
mtu 1500 bw 1000, dly 1000
loopback not set
keepalive set 10 sec
بما أن الذي سبب المشكلة كما في أول سطر هو udld لذلك نستخدم لحلها الأمر :- UDLD reset وهكذا B صحيحة
كما في السطر الثاني والثالث المنفذ دخل في حالة error disabled بسبب udld port aggressive mode وهكذا تكون E صحيحة
Question 4
A question about a fiber connected EtherChannel after the switches were powered on the ports went errdisable.
A. Due to UDLD errdisable it.
B. Due to EtherChannel misconfig.
C. ?
D. ?
Answer: A
بما أن السؤال عن الـfiber فالجواب الافضل هو الذي يحتوي udld لانه يخص الفايبر
Question 5
Which two port err-disabled recovery options are used to detect the reason? (Choose two)
A. show errdisable detect
B. show errdisable recovery
C. error-disable notifications/traps are active by default.
D. error-disable notifications/traps are disabled by default.
E. error-disable notifications/traps is never possible.
Answer: A B
Verify
- show version—Displays the version of the software that is used on the switch.
- show interfaces interface interface_number status—Shows the current status of the switch port.
- show errdisable detect—Displays the current settings of the errdisable timeout feature and, if any of the ports are currently error disabled, the reason that they are error disabled.
Troubleshoot
- show interfaces status err-disabled—Shows which local ports are involved in the errdisabled state.
- show etherchannel summary—Shows the current status of the EtherChannel.
- show errdisable recovery—Shows the time period after which the interfaces are enabled for errdisable conditions.
- show errdisable detect—Shows the reason for the errdisable status.
Question 6
Which errdisable recovery command option enables a device to recover from an incorrect SFT state?
A. link-monitor-failure
B. sfp-config-mismatch
C. gbic-invalid
D. port-mode-failure
Answer: C
In order to turn on errdisable recovery and choose the errdisable conditions, issue this command:
cat6knative#errdisable recovery cause ?
…….
gbic-invalid Enable timer to recover from invalid GBIC error disable state
Question 7
Which command is used to verify errdisable on any interface?
A. show err-disable detect
B. show interfaces err-disable status
C. show interface status err-disabled
Answer: C
- show interfaces status err-disabled—Shows which local ports are involved in the errdisabled state.
Question 8
Which two statements about errdisable recovery are true? (Choose two)
A. You can use the show errdisable recovery command to view the reason a port was error-disabled
B. Errdisable detection is enabled by default on ports with port security enabled
C. You can use the show errdisable detect command to view the reason a port was error-disabled
D. Errdisabled autorecovery is enabled by default
E. Errdisabled detection is disabled by default on ports with port security enabled
Answer: A B
This is the paragraph which describes about the “show errdisable recovery” command on Cisco website:
“If you have enabled errdisable recovery, you can determine the reason for the errdisable status if you issue the “show errdisable recovery” command. An example of the output of this command is shown below:
Switch#show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- udld Enabled bpduguard Enabled security-violatio Enabled channel-misconfig Enabled pagp-flap Enabled dtp-flap Enabled link-flap Enabled l2ptguard Enabled psecure-violation Enabled gbic-invalid Enabled dhcp-rate-limit Enabled mac-limit Enabled unicast-flood Enabled arp-inspection Enabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: Interface Errdisable reason Time left(sec) --------- --------------------- -------------- Fa2/4 bpduguard 273
So answer A seems to be correct but the above quote is very misleading. In fact, this command is used to verify which services/features were enabled for err-disable recovery (notice that the err-disable recovery feature is disabled by default for all services and features and we have to manually turn them on if we want to use via the command “errdisable recovery cause …”). If we allows all above services/features to automatically recover then we will not know the reason a port was error-disabled.
In fact, the best way to determine why a port is in the err-disabled state is to view the Syslog messages. For example:
| %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable state |
This means Fa0/1 is put in err-disabled state because of a port security violation.
Note: The command “show errdisable detect” is used to identify which services are enabled for Errdisable only (for example, services like “arp-inspection”, bpduguard, UDLD,…)
Question 9
Which two statements about error-disabled ports are true? (Choose two)
A. When a port is error-disabled, it may continue to pass management traffic
B. When a port is error-disabled, all traffic on the port stops.
C. By default, error-disabled ports automatically recover once the issue is resolved
D. When a port is error-disabled, the port LED changes to solid orange
E. They can be recovered only by resetting the interface
Answer: B D
When a port is error-disabled, the LED associated with the port on the front panel is solid orange.
Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/ethernet/12017-20.html
Error-disabled is same as shut down state so all traffic on this port are stopped.
Question 10
Which two circumstances can cause a port to errdisable? (Choose two)
A. It is connected to a host with an NIC that is unable to recognize
B. The switch incurred a port security violation
C. It detected a collision
D. It learned a new MAC address
E. It detected a peer with a matching duplex
Answer: B D
When a port security is violated, that port can be put into errdisable state -> B is correct.
When a maximum number of hosts per port was reached, learning a new MAC address can put that port into errdisable state -> D is correct.