errdisable recovery is a tool on Cisco devices that allows engineers to configure the automatic re-enabling of interfaces that have been placed in an ‘err-disabled’ state, usually as a result of a security protocol violation.

The basic command for configuring errdisable recovery is as follows:

  • (config)#errdisable recovery cause violation/cause

There are many possible causes for the ‘errdisabled’ state. By default, none will recover (re-enable) unless configured with the above command.

Common examples of causes are Port Security or DHCP Snooping violations. Use the correct option to enable recovery for whatever cause you need. The ? contextual command is useful for viewing a list of all available causes.


errdisable recovery will, by default, re-enable interfaces every 300 seconds (5 minutes). You can change this interval with the following command:

  • (config)#errdisable recovery interval seconds