When a port is configured with port security, a violation can cause the port to become error disabled. When a port is error disabled, it is effectively shut down and no traffic is sent or received on that port. A series of port security related messages display on the console (Figure 1).

Note: The port protocol and link status is changed to down.

The port LED will change to orange. The show interface command identifies the port status as err-disabled (Figure 2). The output of the show port-security interface command now shows the port status as secure-shutdown. Because the port security violation mode is set to shutdown, the port with the security violation goes to the error disabled state.

The administrator should determine what caused the security violation before re-enabling the port. If an unauthorized device is connected to a secure port, the port should not be re-enabled until the security threat is eliminated. To re-enable the port, use the shutdown interface configuration mode command (Figure 3). Then, use the no shutdown interface configuration command to make the port operational.