Can a switchport be configured to be disabled due to excessive errors

Unanswered Question
Feb 14th, 2008
User Badges:

While looking through 4500 IOS installation/config-guides/reference-guides I thought I saw a method to configure a switchport to become disabled due to excessive input/output errors. Is there such a capability/feature?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi, I read your post and the closest thing I know of to what you are asking is the storm control command. I know you can set and error threshold but not sure if it will shutdown the port.



storm-control level

To set the suppression level, use the storm-control level command. Use the no form of this command to turn off the suppression mode.


storm-control {broadcast | multicast | unicast} level level[.level]


no storm-control {broadcast | multicast | unicast} level


Syntax Description

broadcast

Broadcast traffic.

multicast

Multicast traffic.

unicast

Unicast traffic.

level

Integer suppression level; valid values are from 0 to 100 percent.

.level

(Optional) Fractional suppression level; valid values are from 0 to 99.




Defaults

All packets are passed.







http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/configuration/guide/swtrafc.html#wp1129705

james.hicks Thu, 02/14/2008 - 17:28
User Badges:

Thank you for your reply. I'm aware of storm-control for bcst/mcast/ucast. We have been asked to allow a customer owned and maintained switch to be connected to our switch (we are providing a isolated vlan for the customer, but they need more ports). The interface is in access mode, on the isolated vlan .


We have spanning-tree bpduguard enabled globally, so of course the port errdisabled when the coam switch was connected when bpdu's arrived. So we will disable portfast on that port. Plus I suggest at a minimum;


spanning-tree guard root

switchport access vlan xxx

switchport nonegotiate

no cdp enable


While putting together some info on the stp guard root I thought I'd seen something about errdisable/?? when input and/or output error counters were high. I'll reread the sections tomorrow.


Actually, malformed frames are tossed aren't they?



We were wanting to be sure we protected our device from customer induced issues.


Jph


james.hicks Thu, 02/14/2008 - 17:40
User Badges:

As you can see by my other reply, the stp bpdu guard did it's job when the customer switches bdpdu's arrived on the interface.


I reviewed errdisable and I understand it takes effect by default for other features when enabled (bdduguard, link-flap, security-violation, etc).


We will allow the customer switch to be connected to ours for the time being. I was wanting to mitigate customer induced problems/mis-configs/ect from effecting our box.


Thanks Edison.


Jay

Actions

This Discussion