Quick question, I'm just curious if there is a way to disable the port status 'error disabled' on a port. For instance, is there a way to make it to where the ports can't go into that status. That would be cool, but I don't think you can disable a port feature like that on the 3500 series. Let me know, thanks!
Why would you want to do that? That is your signal that something is wrong with either your cable, the device on the other end, or your switch. That's something that needs to be investigated!
I suppose it depends on the REASON it went to err-disable. But I'd agree with the "why would you want to?" question raised already.
You can use "errdisable recovery" commands to have your switch automatically re-enable a port after 'x' number of seconds, but that doesn't avoid things entirely.
So let's go back to "what are you really trying to accomplish?"
Bare with me as I explain this. Basically I have a switch that is accessible to end users. I work in a hospital and one of the patient monitoring tools uploads its information to a database that is accessible by medical staff. Some 'not so smart' medical staff members like to plug and unplug the RJ45 cable from the medical equipment into the switch a lot of times saying 'it's going slow.' Thus, after unplugging and plugging in the cat6 cable the port goes into err-disabled. it's a quick and easy fix (shut/no shut), but if this didn't happen it would be one less thing I have to do.. After a while these medical staff members will basically fill up the switch with err-disabled becuase when one port doesn't work they will try another port.
I work in the IT field as a network administrator for a hospital so I am in the medical industry as well. I have a couple of questions.
1) Why do your "not so smart" medical staff have access to your physical infrastructure. Can you say security risk?
2) With regards to question number one, Wouldn't that be a HIPAA violation?
I would look into getting your infrastructure secured so that medical staff do not have access to your switches.
The medical staff has to plug in their medical equipment into the switch is why it is available to end users. it's not totally available. Just the ports are accessible. it's locked up and secured except the ports. The equipment they plug up is used during the day, so when they are done with the equipment they load up the information. They can't do anything to the switch except plug it up their cat6 cable from their medical equipment.
Does the medical equipment have wireless capability or can they use a wall jack to connect to the network? I am not familiar with your layout or anything, but even still, that sounds very insecure and deserves some consideration to alternate solutions.
I agree. This procedure was put in before I got here. Maybe I can eventually change it, but right now it's not going to change. lets just say that the hospital I work for is a non profit and most of the people that stay there are people that don't have insurance. So, when they can save money they try to everywhere. Nevertheless I agree with what you guys are saying in terms of security. Is there a way to remove that status? Scott mentioned a time frame to remove that status. i think that would fix the problem.
You can probably grab that header and search and come up with a better document. You can also search for configuration guides for those specific IOS revisions and it will explain. However, this seems simple enough that you can just enter config t, type in "errdisable ?" and you'll see what needs to be done.
Yup, as noted above, you want to setup your err-desable cause and interval appropriately! That way you won't despise your users so much!
Always remember though, the more idiot-proof you make something, they'll just keep coming up with better idiots!