Configuring Auto-Recovery of a Disabled Port
Netvisor ONE automatically disables physical ports due to certain violations. For example, if a port receives BPDU messages on an edge port, Netvisor ONE disables the port because receiving BPDUs on a edge port becomes a security violation. This happens because the edge port is configured for BPDU guard for the violation to take effect.
The port may be disabled due to the following errors:
- BPDU Guard Messages: The port is set to err-disabled when a BPDU is received on an edge port with BPDU guard enabled.
- Link Flaps: There are too many link flaps for a configured interval of time.
- MAC address Security Violation: The number of MAC addresses on an interface is greater than the configured limit.
To clear the counters for err-disable caused by BPDU guard and MAC security, use the following command:
CLI (network-admin@Leaf1) > err-disable-clear-counters
|
err-disable-clear-counters |
Resets err-disable counters for all the ports on the switch. |
|
Specify any of the following options: |
|
|
bpduguard|no-bpduguard |
Specify if BPDU guard counters are to be cleared. |
|
macsecurity|no-macsecurity |
Specify if MAC security counters are to be cleared. |
|
recovery-timer duration: #d#h#m#s |
Specify the recovery timer value. The default timer value is 5 minutes. Example: 20s or 1d or 10d20m3h15s |
To configure BPDU guard or MAC security on a switch, use the command:
CLI (network-admin@Leaf1) > err-disable-modify
|
err-disable-modify |
Modifies the err-disable settings for the switch. |
|
Specify any of the following options: |
|
|
bpduguard|no-bpduguard |
Specify either of the options to enable or disable BPDU guard. |
|
macsecurity|no-macsecurity |
Specify either of the options to enable or disable MAC security. |
|
recovery-timer duration: #d#h#m#s |
Specify the recovery time value. The default timer value is 5 minutes. Example: 20s or 1d or 10d20m3h15s |
To view the error recovery settings on a switch, use the err-disable-show command. For example:
CLI (network-admin@Leaf1) > err-disable-show
switch: Leaf1
bpduguard: off
macsecurity: off
recovery-timer: 5m