Configuring Auto-Recovery of a Disabled Port

Netvisor ONE automatically disables physical ports due to certain violations. For example, if a port receives BPDU messages on an edge port, Netvisor ONE disables the port because receiving BPDUs on a edge port becomes a security violation. This happens because the edge port is configured for BPDU guard for the violation to take effect.

The port may be disabled due to the following errors:

  • BPDU Guard Messages: The port is set to err-disabled when a BPDU is received on an edge port with BPDU guard enabled.
  • Link Flaps: There are too many link flaps for a configured interval of time.
  • MAC address Security Violation: The number of MAC addresses on an interface is greater than the configured limit.

To clear the counters for err-disable caused by BPDU guard and MAC security, use the following command:

CLI (network-admin@Leaf1) > err-disable-clear-counters


Resets err-disable counters for all the ports on the switch.

Specify any of the following options:


Specify if BPDU guard counters are to be cleared.


Specify if MAC security counters are to be cleared.

recovery-timer duration: #d#h#m#s

Specify the recovery timer value. The default timer value is 5 minutes.

Example: 20s or 1d or 10d20m3h15s

To configure BPDU guard or MAC security on a switch, use the command:

CLI (network-admin@Leaf1) > err-disable-modify


Modifies the err-disable settings for the switch.

Specify any of the following options:


Specify either of the options to enable or disable BPDU guard.


Specify either of the options to enable or disable MAC security.

recovery-timer duration: #d#h#m#s

Specify the recovery time value. The default timer value is 5 minutes.

Example: 20s or 1d or 10d20m3h15s

To view the error recovery settings on a switch, use the err-disable-show command. For example:

CLI (network-admin@Leaf1) > err-disable-show

switch:         Leaf1

bpduguard:      off

macsecurity:    off

recovery-timer: 5m