3750G & switch port lock outs

Unanswered Question
Dec 29th, 2009
User Badges:

Hello all,

            I have just started work with a company which has the 3750G deployed throughout it's buildings. I am having an issue that is really annoying, some computers are being locked out (red cross for network connectivity icon on sys tray), all the computers that this effects are HP's with a Realtec gig on board card. Now the switches concerned are not managed nor do they have an IP address (I will get round to doing it). The only solution seems to be to replace the card, or reboot the switch (not the most practicle), also most of the computers affected are setup for DHCP(from a server) and most of them aren't even on our domain !!!!. Some but not all when scanned have a fair amount of malware on them. Any suggestions would be appreciated.

Kind Regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Peter Paluch Tue, 12/29/2009 - 04:12
User Badges:
  • Cisco Employee,

Hello Alex,

Cisco Catalyst switches can have a number of reasons when they deactivate a port so that it appears as disconnected to the end stations. Mostly, these reasons are a result of either security violation or indications of a network problem (traffic loops, excessive MAC address movements). If the port is deactivated for such a reason, its status is described as err-disabled in the show interfaces output. The interface can be reactivated by entering its configuration, then issuing the command shutdown, waiting a few seconds, and then entering the command no shutdown. However, this will only reactivate the port, not remove the reason for which it was disabled.

I strongly suggest going over the show logging output to see if there are any messages indicating the cause why the interface was brought down. Also, if it is permissible for you, perhaps it would be helpful to post here the entire sanitized configuration of one of your 3750G switches that experiences these problems, together with description which ports exhibit this problem.

Best regards,


Scotland1314 Tue, 12/29/2009 - 04:18
User Badges:


        thanks very much for that, as I expected it looks like a PC NIC/Malware issue. Once I have a copy of the config of one our affected switches I will post the sanitised version on here.

Thanks again for your help mate.



glen.grant Tue, 12/29/2009 - 13:32
User Badges:
  • Purple, 4500 points or more

  As Peter said they are probably being err-disabled.  On the trouble ports you need to verify the nic settings for speed and duplex and match them against the switchports. Your best bet is to leave the nics and the switchports as auto unless there is a specific reason to do otherwise. If the switch err-diables the port it will tell you why in the logg assuming logging is configured.

Scotland1314 Tue, 12/29/2009 - 23:52
User Badges:

Cheers Glen, will be taking a close look at the next lockout we have, next step is the major one of getting the switches managed


This Discussion