Differences

This shows you the differences between two versions of the page.

--- cisco:certification_topics:ccie-ei:1.1.aii [2025/11/23 16:47] – Name
+++ cisco:certification_topics:ccie-ei:1.1.aii [2025/11/23 17:11] (current) – Name
@@ Line 161: / Line 161: @@
 ====Configuration=====
-  * To configure all causes
+  * Are applied globally.
+  * To configure all causes.
     * <code>switch(config)#errdisable detect cause all</code>
-  * To configure one cause
+  * To configure one cause.
     * <code>switch(config)#errdisable detect cause <cause name></code>
     * <code>switch(config)#errdisable detect cause link-flap</code>
-  * To disable all causes
+  * To disable all causes.
     * <code>switch(config)#no errdisable detect cause all</code>
-  * To disable one cause
+  * To disable one cause.
     * <code>switch(config)#no errdisable detect cause <cause name></code>
     * <code>switch(config)#no errdisable detect cause link-flap</code>
 ====Recovery Options=====
-  * Automatically recover from all error conditions
+  * Automatically recover from all error conditions.
     * <code>switch(config)#errdisable recovery cause all</code>
-  * Automatically recover from one error condition
+  * Automatically recover from one error condition.
     * <code>switch(config)#errdisable recovery cause mac-limit</code>
   * Else, to recover from an errdisabled state, the port must be shut/no shut.
@@ Line 185: / Line 186: @@
 ====Recovery Interval=====
   * When enabled, the default recovery interval is 300 secs (5 mins)
-  * Modify recovery interval by
+  * Modify recovery interval from 30-86400 secs (24 hrs) by
     * <code>switch(config)#errdisable recovery interval ?
   <30-86400>  timer-interval(sec)</code>
     * <code>switch(config)#errdisable recovery interval 30</code>
+====Verification====
+  * View a single interface status line protocol.
+    * <code>switch#show interfaces t1/0/1 | i line protocol
+TenGigabitEthernet1/0/1 is down, line protocol is down (notconnect)</code>
+  * View all interface status line protocols.
+    * <code>switch#show interfaces status err-disabled</code>
+  * View all errdisable reason status' and timer.
+    * <code>switch#sh errdisable recovery
+ErrDisable Reason            Timer Status
+-----------------            --------------
+arp-inspection               Enabled
+bpduguard                    Enabled
+channel-misconfig            Enabled
+dhcp-rate-limit              Enabled
+dtp-flap                     Enabled
+gbic-invalid                 Enabled
+inline-power                 Enabled
+l2ptguard                    Enabled
+link-flap                    Enabled
+mac-limit                    Enabled
+link-monitor-failure         Enabled
+loopback                     Enabled
+oam-remote-failure           Enabled
+pagp-flap                    Enabled
+port-mode-failure            Enabled
+pppoe-ia-rate-limit          Enabled
+psecure-violation            Enabled
+security-violation           Enabled
+sfp-config-mismatch          Enabled
+storm-control                Enabled
+udld                         Enabled
+vmps                         Enabled
+psp                          Enabled
+dual-active-recovery         Disabled
+evc-lite input mapping fa    Disabled
+Timer interval: 30 seconds
+Interfaces that will be enabled at the next timeout:</code>
+=====Switchport Security Configuration=====
+  * Port security configuration for a single MAC address, from the first learned MAC address.
+    - Change port mode to access port.
+      * <code>switch(config-if)#switchport mode access</code>
+    - Configure port security to allow first MAC that is seen connected to the port, or in the CAM table already.
+      * <code>switch(config-if)#switchport port-security mac-address sticky</code>
+    - Configure only one MAC address to be learned.
+      * <code>switch(config-if)#switchport port-security maximum 1</code>
+    - Configure violation mode.
+      * <code>switch(config-if)#switchport port-security violation shutdown</code>
+    - Enable port-security (must be done).
+      * <code>switch(config-if)#switchport port-security</code>
+    - Verify port-security configuration.
+      * <code>switch#show port-security interface t1/0/1
+Port Security              : Enabled
+Port Status                : Secure-down
+Violation Mode             : Shutdown
+Aging Time                 : 1 mins
+Aging Type                 : Inactivity
+SecureStatic Address Aging : Enabled
+Maximum MAC Addresses      : 1
+Total MAC Addresses        : 1
+Configured MAC Addresses   : 0
+Sticky MAC Addresses       : 1
+Last Source Address:Vlan   : 0000.0000.0000:0
+Security Violation Count   : 0</code>
+    - Optional: Configure automated port recovery.
+      * <code>switch(config)#errdisable recovery cause all</code>
+    - If no automated recovery is configured, then the port has to be **shut/no shut** to recover.
+    - Optional: Change recovery timer, in seconds.
+      * <code>switch(config)#errdisable recovery interval 30
+switch#show errdisable recovery | i interval
+Timer interval: 30 seconds</code>
 ======Backlinks======
 [[cisco:certification_topics:ccie-ei|CCIE-EI v1.1]]\\

Tim's Technology Gauntlet Wiki

User Tools

Site Tools

Differences

Page Tools