Errdisable

Errdisable is a protective mechanism that automatically disables switch ports when specific error conditions or security violations are detected, preventing potential network disruptions and security breaches. It monitors various fault conditions including BPDU guard violations, port security breaches, link flapping, ARP inspection failures, and other Layer 2 protocol anomalies. The feature provides configurable detection thresholds, automatic recovery timers, and granular control over which error conditions trigger port shutdown, enabling administrators to balance network protection with operational continuity.

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
errdisable	Class	`[errdisable]`	No

errdisable (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory
detect_cause	Class	`[detect_cause]`	No
flap_setting_cause	Class	`[flap_setting_cause]`	No
recovery_interval	Integer	min: `30`, max: `86400`	No
recovery_cause	Class	`[recovery_cause]`	No

detect_cause (iosxe.devices.configuration.errdisable)

Name	Type	Constraint	Mandatory
all	Boolean	`true`, `false`	No
arp_inspection	Boolean	`true`, `false`	No
bpduguard	Boolean	`true`, `false`	No
dhcp_rate_limit	Boolean	`true`, `false`	No
dtp_flap	Boolean	`true`, `false`	No
gbic_invalid	Boolean	`true`, `false`	No
inline_power	Boolean	`true`, `false`	No
l2ptguard	Boolean	`true`, `false`	No
link_flap	Boolean	`true`, `false`	No
loopback	Boolean	`true`, `false`	No
mlacp_minlink	Boolean	`true`, `false`	No
pagp_flap	Boolean	`true`, `false`	No
pppoe_ia_rate_limit	Boolean	`true`, `false`	No
security_violation_shutdown_vlan	Boolean	`true`, `false`	No
sfp_config_mismatch	Boolean	`true`, `false`	No
small_frame	Boolean	`true`, `false`	No
loopdetect	Boolean	`true`, `false`	No

flap_setting_cause (iosxe.devices.configuration.errdisable)

Name	Type	Constraint	Mandatory
dtp_flap_max_flaps	Integer	min: `1`, max: `100`	No
dtp_flap_time	Integer	min: `1`, max: `120`	No
link_flap_max_flaps	Integer	min: `1`, max: `100`	No
link_flap_time	Integer	min: `1`, max: `120`	No
pagp_flap_max_flaps	Integer	min: `1`, max: `100`	No
pagp_flap_time	Integer	min: `1`, max: `120`	No

recovery_cause (iosxe.devices.configuration.errdisable)

Name	Type	Constraint	Mandatory
all	Boolean	`true`, `false`	No
arp_inspection	Boolean	`true`, `false`	No
bpduguard	Boolean	`true`, `false`	No
channel_misconfig	Boolean	`true`, `false`	No
dhcp_rate_limit	Boolean	`true`, `false`	No
dtp_flap	Boolean	`true`, `false`	No
gbic_invalid	Boolean	`true`, `false`	No
inline_power	Boolean	`true`, `false`	No
l2ptguard	Boolean	`true`, `false`	No
link_flap	Boolean	`true`, `false`	No
link_monitor_failure	Boolean	`true`, `false`	No
loopback	Boolean	`true`, `false`	No
mac_limit	Boolean	`true`, `false`	No
mlacp_minlink	Boolean	`true`, `false`	No
mrp_miscabling	Boolean	`true`, `false`	No
oam_remote_failure	Boolean	`true`, `false`	No
pagp_flap	Boolean	`true`, `false`	No
port_mode_failure	Boolean	`true`, `false`	No
pppoe_ia_rate_limit	Boolean	`true`, `false`	No
psp	Boolean	`true`, `false`	No
psecure_violation	Boolean	`true`, `false`	No
security_violation	Boolean	`true`, `false`	No
sfp_config_mismatch	Boolean	`true`, `false`	No
small_frame	Boolean	`true`, `false`	No
storm_control	Boolean	`true`, `false`	No
udld	Boolean	`true`, `false`	No
unicast_flood	Boolean	`true`, `false`	No
vmps	Boolean	`true`, `false`	No
loopdetect	Boolean	`true`, `false`	No

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        errdisable:
          detect_cause:
            all: true
          flap_setting_cause:
            dtp_flap_max_flaps: 5
            dtp_flap_time: 30
            link_flap_max_flaps: 10
            link_flap_time: 60
            pagp_flap_max_flaps: 5
            pagp_flap_time: 30
          recovery_interval: 300
          recovery_cause:
            all: false
            arp_inspection: true
            bpduguard: true