Cisco Catalyst 4500 Series Configuration Manual page 294

errdisable detect cause
Command Default Detection is enabled for all causes. All causes, except for per-VLAN error disabling, are configured to
shut down the entire port.
Command Modes Global configuration
Command History Release
12.1(8a)EW
12.2(52)SG
IOS XE 3.5.0E and IOS
15.2(1)E
Usage Guidelines A cause (link-flap, dhcp-rate-limit, and so forth) is the reason for the error-disabled state. When a
cause is detected on an interface, the interface is placed in an error-disabled state, an operational state
that is similar to a link-down state.
When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the
BPDU guard, voice aware 802.1x security, and port-security features, you can configure the switch to
shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the
entire port.
If you set a recovery mechanism for the cause by entering the errdisable recovery global configuration
command for the cause, the interface is brought out of the error-disabled state and allowed to retry the
operation when all causes have timed out. If you do not set a recovery mechanism, you must enter the
shutdown and then the no shutdown commands to manually recover an interface from the
error-disabled state.
For protocol storm protection, excess packets are dropped for a maximum of two virtual ports. Virtual
port error disabling using the psp keyword is not supported for EtherChannel and Flexlink interfaces.
To verify your settings, enter the show errdisable detect privileged EXEC command.
Examples The following example shows how to enable error-disabled detection for the link-flap error-disabled
cause:
Switch(config)# errdisable detect cause link-flap
This command shows how to globally configure BPDU guard for per-VLAN error disable:
witch(config)#
S
This command shows how to globally configure voice aware 802.1x security for per-VLAN error
disable:
Switch(config)# errdisable detect cause security-violation shutdown vlan
You can verify your setting by entering the show errdisable detect privileged EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release XE 3.9.xE and 15.2(5)Ex
2-256
Modification
This command was introduced on the Catalyst 4500 series switch.
Added support for per-VLAN error-disable detection.
The security-violation shutdown vlan keyword was introduced.
errdisable detect cause bpduguard shutdown vlan
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
OL-30934-01