Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port goes into error disable state 3750

Can you please help with the following

We have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.

For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.

interface GigabitEthernet2/0/13

switchport access vlan 726

switchport mode access

switchport port-security maximum 10

switchport port-security

network-policy 766

priority-queue out

mls qos trust dscp

spanning-tree portfast

Any help is much appreciated

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Gold

Port goes into error disable state 3750

switchport port-security maximum 2

switchport port-security

Something is missing here ...

Ok, you've enabled port-security and you've specified up to 2 MAC addresses allowed.  My question is what will the switch DO when three or more MAC addresses are learnt from a port?  Specifically, what ACTIONS did you specify the switchport to do when this event happens.  I believe the default is "error-disable".

Add the following lines and see what happens:

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

VIP Purple

Re: Port goes into error disable state 3750

A switch will not be automatically blocked. But it will if more than X (with X=1 as you didn't specify any maximum in your new config) MAC-addresses are seen.

If you also want to protect your infrastructure against rougue switches you could also consider Rootguard or even BPDUguard.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
7 REPLIES
VIP Purple

Re: Port goes into error disable state 3750

The disabling of the port is caused by port-security. The MAC is learned and kept by the switch for the port.

For these situations where PCs are roaming, you can put an idle-time on the port-security-entries:

switchport port-security aging time 2

switchport port-security aging type inactivity


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Hall of Fame Super Gold

Port goes into error disable state 3750

For example if I plug PC A to the phone that connects to port 13

Your configuration doesn't have any Voice VLAN.

I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state

Can you please post the output to the command "sh interface status err"?

New Member

Port goes into error disable state 3750

Hi Karsten,

Many Thanks for your response the new config will look like

interface GigabitEthernet2/0/13

switchport access vlan 726

switchport mode access

switchport port-security aging time 2

switchport port-security aging type inactivity

network-policy 766

priority-queue out

mls qos trust dscp

spanning-tree portfast

The Phones work and do not reboot when move from one phone to another

Will the config above block a rogue switch if connected to the port ?

VIP Purple

Re: Port goes into error disable state 3750

A switch will not be automatically blocked. But it will if more than X (with X=1 as you didn't specify any maximum in your new config) MAC-addresses are seen.

If you also want to protect your infrastructure against rougue switches you could also consider Rootguard or even BPDUguard.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Port goes into error disable state 3750

Hi leolaohoo,

The switch port voice vlan command is replced by

network-policy 766

Pls see config for the policy below

network-policy profile 766

voice vlan 766

voice-signaling vlan 766 cos 3

voice-signaling vlan 766 dscp 24

Below is the output from a test phone

HS-1FB-C3K-1#sh int status err-disabled

Port      Name               Status       Reason               Err-disabled Vlans

Gi1/0/5                      err-disabled psecure-violation

HS-1FB-C3K-1#

HS-1FB-C3K-1#

Below is the original config I had on the ports

interface GigabitEthernet2/0/13

switchport access vlan 726

switchport mode access

switchport port-security maximum 2

switchport port-security

network-policy 766

priority-queue out

mls qos trust dscp

spanning-tree portfast

ITs like the switch holds the MAC address fixed to the switch port number when I plug in the same PC to another phone it goes to error disable

Kind Regards,

Zee

Hall of Fame Super Gold

Port goes into error disable state 3750

switchport port-security maximum 2

switchport port-security

Something is missing here ...

Ok, you've enabled port-security and you've specified up to 2 MAC addresses allowed.  My question is what will the switch DO when three or more MAC addresses are learnt from a port?  Specifically, what ACTIONS did you specify the switchport to do when this event happens.  I believe the default is "error-disable".

Add the following lines and see what happens:

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

New Member

Port goes into error disable state 3750

All,

Many thnank for your support and helping out

Many Thanks again

3246
Views
0
Helpful
7
Replies