In this tutorial we look at errdisable recovery and highlight it on the PocketCLI Network Simulator. Errdisable recovery is a feature on Cisco switches that allows network administrators to automatically activate an err-disabled port after a specified timeout period.
A common cause for an interface to be placed in err-disable status is a port security violation. Please reference the tutorial Port Security - Configuration for more details. The port in the err-disabled state needs an administrator to manually restore the port back to operation. Activation of the port will be accomplished by issuing the command shutdown followed by the no shutdown command.
The topology below will be used for this tutorial:
By default, all Cisco switches have Spanning Tree Protocol (STP) enabled. However, you can choose to configure STP on your switches manually.
STP is used by switches to prevent loops (broadcast storms) from disrupting local area networks. It ensures that there is only one logical path between all destinations on the network, which is achieved by disabling unwanted paths and blocking ports that could cause the loop.
A switch blocks a port when it detects a loop on the network. On the network segment with switches, one switch is elected to be Root Bridge on the network. Other switches on the network then select one of its ports as Root Port. Also, a Designated Port is chosen on each segment and any other ports are put in Blocking state. We shall follow these same procedure in our manual configurations.
The lab below is used in this tutorial:
In this tutorial, we shall look at port security and how it is configured. Port security is a security feature on Cisco Catalyst Switches that is configured to restrict input to an interface by limiting or assigning particular MAC addresses of hosts that are allowed to access the port. When port security is configured on a particular port, it allows access for only allowed MAC address(es) on the port. Any unauthorized MAC address that connects to the port cannot access network resources.
Configuring Port Security
In this tutorial, we shall use the topology below to configure port security on our switch.
In our last two tutorials we looked at VLANs and Trunking, where we created two VLANs on two switches and linked them with a trunk port. At the end of that tutorial, the VLANs of same ID were able to communicate across the two switches. In this tutorial, we shall look at how the different VLANs can communicate, known as Inter-VLAN routing, by configuring Router on a stick.
In this tutorial, we shall add a router to the previous topology, as seen below:
In the previous tutorial, we looked at how to create VLANs, assign ports to VLANs, and how to delete VLANs, all on one switch. In this tutorial, we shall look at how to configure VLANs on multiple switches, and how same VLANs on different switches can communicate; introducing a term known as Trunking.
In this tutorial, we shall create a lab in the Pocket CLI App to configure VLANs on two switches. Required devices for this lab are two Switches and four Hosts.