• Home
  • Exams
    Microsoft
    AI-102 (Designing and Implementing) AI-900 (AI Fundamentals) AZ-104 (Administrator) AZ-140 (Configuring and Operating) AZ-204 (Developing Solutions) AZ-305 (Designing Infrastructure Solutions) AZ-400 (DevOps Solutions) AZ-500 (Security Technologies) AZ-700 (Designing and Implementing)
    All Microsoft Exams
    Amazon
    CLF-C01 (Cloud Practitioner) DBS-C01 (Database - Specialty) DVA-C01 (Developer Associate) SCS-C01 (Security - Specialty) SAA-C02 (Solutions Architect Associate) SAA-C03 (Solutions Architect Associate) SAP-C01 (Solutions Architect Professional) SOA-C02 (Certified SysOps Administrator Associate) DOP-C01 (DevOps Engineer Professional)
    All Amazon Exams
    Cisco
    200-201 (CBROPS) 200-301 (CCNA) 200-901 (DEVASC) 300-410 (ENARSI) 300-415 (ENSDWI) 300-420 (ENSLD) 300-425 (ENWLSD) 300-430 (ENWLSI) 300-715 (SISE) 350-401 (ENCOR) 350-501 (SPCOR) 350-601 (DCCOR) 350-701 (SCOR) 350-801 (CLCOR) 400-007 (CCDE)
    All Cisco Exams
    CompTIA
    220-1101 (A+ Core 1) 220-1102 (A+ Core 2) CAS-004 (Advanced Security Practitioner) CS0-002 (CySA+) CV0-003 (Cloud+) FC0-U61 (IT Fundamentals) N10-008 (Network+) PK0-004 (Project+) PT0-002 (PenTest+) SK0-005 (Server+) SY0-601 (Security+) XK0-004 (Linux+)
    All CompTIA Exams
    Google
    Associate Cloud Engineer Cloud Digital Leader Professional Cloud Architect Professional Cloud Security Engineer Professional Data Engineer
    All Google Exams
    Huawei
    H11-851 (HCNA-VC) H12-211 (HCIA Routing&Switching) H12-221 (HCNP-RS-IERN) H12-224 (HCNP-RS Fast Track) H12-711 (HCNA-Security-CBSN) H13-612 (HCNA-Storage-BSSN) H13-629 (HCIE-Storage)
    All Huawei Exams
    Python
    Python Programming (PCAP)
    All Python Exams
    Juniper
    JN0-104 (JNCIA-Junos) JN0-251 (JNCIA-MistAI)
    All Juniper Exams
    Fortinet
    NSE4_FGT-7.0 (FortiOS 7.0) NSE4_FGT-7.2 (FortiOS 7.2) NSE5_FAZ-7.0 (FortiAnalyzer 7.0) NSE5_FCT-7.0 (FortiClient EMS 7.0) NSE5_FMG-7.0 (FortiManager 7.0) NSE7_EFW-7.0 (Enterprise Firewall 7.0) NSE7_SDW-7.0 (SD-WAN 7.0 ) NSE8_812 (Written Exam)
    All Fortinet Exams
  • LabsNew
    CCNA 200-301
    Introduction IOS Operating System IPv4 Address Configure Serial and Loopback Interfaces IPv6 Address Configuration, Verification, and Troubleshooting IPv6 Address Autoconfiguration and EUI-64 Understanding ARP and Proxy ARP Configuring Standard VLANs Configuring VTP Clients and Servers Configuring VTP Transparent Mode Securing VTP Domains Switch Access Port Security Advanced Switch Access Port Security Advanced Static Switch Access Port Security Disabling Auto-negotiation of Trunking Configuring Dynamic Trunking Configuring Default Gateways Cisco Discovery Protocol (CDP) Configuring LLDP on Cisco Devices Configuring Errdisable Recovery Configuring Inter-VLAN Routing with Router on a Stick (RoaS) Inter-VLAN Routing Using Switched Virtual Interfaces (SVI) Configuring Static Routing via Ethernet Interfaces Configuring Static Routing via IP addresses Configuring and Naming Static Routes Configuring Default Static Routes Configuring IPv6 Static Routes Configuring IPv6 Default Routes Configuring IP Floating Static Routes Configuring RIP Version 2 RIPv2 Network Summarization Configuration
  • ToolboxNew
    IPv4 Subnet Calculator
    IPv4 Wildcard Mask Calculator
    HTML Encoder and Decoder
    URL Encoder and Decoder
    Random Password Generator
  • Net Sec ToolsNew
    Cisco Packet Tracer
    GNS3
    EVE-NG
    Wireshark
    Postman
    Nmap
    Curl
    Nessus
    Burp Suite
  • Sign Up
  • Login

  • Logo

    Labs

    • Lab 1: Introduction to CISCO 200-301 Labs
    • Lab 2: Cisco IOS Operating System
    • Lab 3: IPv4 Address Configuration, Verification, and Troubleshooting on Cisco Routers
    • Lab 4: IPv6 Address Configuration, Verification, and Troubleshooting on Cisco Routers
    • Lab 5: IPv6 Address Autoconfiguration and EUI-64 Addressing on Cisco Routers
    • Lab 6: Understanding ARP and Proxy ARP on Cisco Routers
    • Lab 7: Configuring Standard VLANs on Catalyst Switches
    • Lab 8: Configuring VTP Clients and Servers on Cisco Catalyst Switches
    • Lab 9: Configuring VTP Transparent Mode on Cisco Catalyst Switches
    • Lab 10: Securing VTP Domains on Cisco Catalyst Switches
    • Lab 11: Configuring Switch Access Port Security on Cisco Catalyst Switches
    • Lab 12: Configuring Advanced Switch Access Port Security on Cisco Catalyst Switches
    • Lab 13: Configuring Advanced Static Switch Access Port Security on Cisco Catalyst Switches
    • Lab 14: Disabling Auto-negotiation of Trunking on Cisco Catalyst Switches
    • Lab 15: Configuring Dynamic Trunking on Cisco Switchports
    • Lab 16: Configuring Default Gateways for Cisco Routers and Switches
    • Lab 17: Understanding Cisco Discovery Protocol (CDP)
    • Lab 18: Configuring LLDP on Cisco Devices
    • Lab 19: Configuring Errdisable Recovery on Cisco Switches
    • Lab 20: Configuring Inter-VLAN Routing with Router on a Stick (RoaS)
    • Lab 21: Configuring Inter-VLAN Routing Using Switched Virtual Interfaces (SVI)
    • Lab 22: Configuring Static Routing via Ethernet Interfaces on Cisco Routers
    • Lab 23: Configuring Static Routing via IP addresses
    • Lab 24: Configuring and Naming Static Routes on Cisco Routers
    • Lab 25: Configuring Default Static Routes on Cisco Routers
    • Lab 26: Configuring IPv6 Static Routes on Cisco Routers
    • Lab 27: Configuring IPv6 Default Routes on Cisco Routers
    • Lab 28: Configuring IP Floating Static Routes on Cisco Routers
    • Lab 29: Configuring RIP Version 2 on Cisco Routers
    • Lab 30: RIPv2 Network Summarization Configuration on Cisco Routers

    Configuring Errdisable Recovery on Cisco Switches

    Objective

    The objective of this lab exercise is for you to learn and understand how the errdisable recovery feature works on a Layer 2 network. This lab will not work on Packet Tracer.

    Purpose

    Understanding how errdisable functionality works on a Layer 2 switch is a fundamental skill that will allow a network engineer to recover a port from the error-disable state. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to recover any port in an error-disable state.

    Lab Topology

    Use the following topology to complete this lab exercise:

    Router Setup 1

    Task 1: Configure Hostname

    Objective: Configure the hostname on SW1 as illustrated in the topology.

    Configuration:

    SW1#conf t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#hostname SW1

    Task 2: Create SVI for VLAN1

    Objective: Create an SVI for VLAN1 on the switch and apply the respective IP address as illustrated in the topology (do the same thing with PC1).

    Configuration:

    SW1#conf t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#interface vlan 1
    SW1(config-if)#ip address 192.168.0.254 255.255.255.0
    SW1(config-if)#no shut
    SW1(config-if)#end
    SW1#

    Task 3: Configure Port Security

    Objective: Configure SW1 port 0/1 with the following settings:

    • Access-port mode
    • Access-port VLAN1
    • Switchport port-security enabled
    • Switchport port-security maximum MACs of 1
    • Switchport port-security violation mode shutdown

    Configuration:

    SW1#conf t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#interface gigabit0/1
    SW1(config-if)#switchport mode access
    SW1(config-if)#switchport access vlan 1
    SW1(config-if)#switchport port-security
    SW1(config-if)#switchport port-security maximum 1
    SW1(config-if)#switchport port-security violation shutdown
    SW1(config-if)#end

    Task 4: Test Port Security Violation

    Objective: Remove PC1 and attach PC2 to the same port with a different IP address (192.168.10.2) and see how the port is shut down.

    Configuration:

    VPCS> ping 192.168.0.254
    
    84 bytes from 192.168.0.254 icmp_seq=1 ttl=255 time=0.390 ms
    84 bytes from 192.168.0.254 icmp_seq=2 ttl=255 time=0.455 ms
    84 bytes from 192.168.0.254 icmp_seq=3 ttl=255 time=0.267 ms
    84 bytes from 192.168.0.254 icmp_seq=4 ttl=255 time=0.387 ms
    84 bytes from 192.168.0.254 icmp_seq=5 ttl=255 time=0.663 ms
    
    Switch CLI Message:
    %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001d.60b3.0aff on port FastEthernet0/1
    
    Switch#show interface gigabit0/1
    gigabitethernet0/1 is down, line protocol is down (err-disabled)

    Task 5: Configure Errdisable Recovery

    Objective: Configure the switch so that any port being shut down by a security violation will recover automatically after 5 minutes. Check the status of the port where PC2 is connected after 5 minutes to ensure that the port is up and running. Issue a relevant show command.

    Configuration:

    SW1#conf t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#errdisable recovery cause psecure-violation
    SW1(config)#errdisable recovery inte
    SW1(config)#errdisable recovery interval 300
    SW1(config)#end
    SW1#
    *Jul 28 07:56:58.645: %SYS-5-CONFIG_I: Configured from console by console
    
    Switch CLI Messages:
    %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on interface gigabit0/1
    %LINK-3-UPDOWN: Interface gigabit0/1, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface gigabit0/1, changed state to up
    
    channel-misconfig (STP)      Disabled
    dhcp-rate-limit              Disabled
    dtp-flap                     Disabled
    gbic-invalid                 Disabled
    inline-power                 Disabled
    l2ptguard                    Disabled
    link-flap                    Disabled
    mac-limit                    Disabled
    link-monitor-failure         Disabled
    loopback                     Disabled
    oam-remote-failure           Disabled
    pagp-flap                    Disabled
    port-mode-failure            Disabled
    pppoe-ia-rate-limit          Disabled
    psecure-violation            Enabled
    security-violation           Disabled
    sfp-config-mismatch          Disabled
    storm-control                Disabled
    udld                         Disabled
    unicast-flood                Disabled
    vmps                         Disabled
    psp                          Disabled
    dual-active-recovery         Disabled
    
    Timer interval: 300 seconds
    
    Interfaces that will be enabled at the next timeout:0
    Interface      Errdisable reason      Time left(sec)
    ---------      ------------------     --------------
    Gig0/1         security-violation     300
    © 2025 WinITExam.com
    Terms | Privacy | Refund | Contact