Overview & Thematic Scope
Network engineers often encounter the dreaded err-disabled state on Cisco switch and router ports. This port status indicates the device has been administratively enabled (via no shutdown) but has been automatically disabled by the system software due to an error condition. When a port is err-disabled, it is effectively shut down, passing no traffic . This FAQ provides expert-level answers to the most common troubleshooting and deployment questions, covering everything from root cause identification to automated recovery strategies for platforms like Catalyst and Nexus switches.

Frequently Asked Questions
- Q1: How do I identify that a Cisco port is in the err-disabled state and why it happened?
- Identify an err-disabled port by running the
show interfaces statuscommand, which will list the port status as err-disabled . To determine the exact cause, check the console logs or syslog messages for error notifications, and use theshow errdisable recoverycommand to view the specific reason, such asbpduguardorlink-flap. - Q2: What are the most common causes for an interface to be placed in the err-disabled state?
- The most common causes include a duplex mismatch between connected devices, a BPDU guard violation (when a PortFast-enabled port receives a spanning-tree BPDU), and a link-flap where the port transitions up and down too rapidly . Other triggers are EtherChannel misconfigurations (inconsistent VLANs or trunk modes), UDLD failures, and port security violations .
- Q3: What is the immediate command-line fix to recover a port from err-disabled?
- Manually recover a port by entering interface configuration mode and executing a
shutdownfollowed by ano shutdown(orshut/no shut) command sequence . However, this fix is only temporary if the root cause, such as a faulty cable, misconfiguration, or unidirectional link, is not resolved first . - Q4: How can I configure automatic recovery for a port that keeps going err-disabled?
- Enable automatic recovery globally by using the
errdisable recovery cause <reason>command in global configuration mode for specific triggers likebpduguard,link-flap, orudld. You can then adjust the recovery timer witherrdisable recovery interval <seconds>, with a default of 300 seconds, allowing the switch to reactivate the port automatically after the timer expires . - Q5: Is there any scenario on Nexus switches where a port goes err-disabled due to an internal software error?
- Yes, particularly on Nexus 9000 (NX-OS) switches, a port can enter an err-disabled state (Reason: invalid argument to function call) due to a software defect when
lacp vpc-convergenceis combined withswitchport trunk allowed vlan none. The specific workaround for this bug (CSCvv80116) is to allow at least one VLAN in the allowed list . Similarly, downstream Catalyst switches connected to Nexus vPC pairs may trigger errdisable due to STP BPDU source MAC address changes during specific ISSU upgrades . - Q6: What specific command allows me to see the error recovery timer status for all err-disabled interfaces?
- Use the
show errdisable recoverycommand to view a comprehensive status table listing all errdisable reasons and whether the timer is enabled for them . This command also displays the specific interfaces scheduled for recovery and the time left (in seconds) before they are automatically re-enabled . - Q7: What should I do if the automatic recovery timer is enabled but the port does not recover?
- If the timer is enabled and the port does not recover, this usually indicates the root cause has not been cleared and the switch re-detects the error upon bringing the port up . However, on newer platforms (e.g., Cisco 8000 routers running IOS XR 7.3.15+), a physical layer error like CRC might prevent recovery until you manually clear NPU counters using the
clear controller npu stats asic-counterscommand and then bounce the port .
Leave a comment