In this example we will recover from a Port Security Mac Sticky violation after 30 seconds. From the output below you can see that we can recover from multiple different types of failures.

Pre-Configuration:
Switch# interface GigabitEthernet0/0 switchport mode access switchport port-security mac-address sticky switchport port-security mac-address sticky 0050.7966.6802 switchport port-security ! Switch#show port-security interface g0/0 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0050.7966.6802:1 Security Violation Count : 0 ! ! interface Vlan1 ip address 192.168.1.1 255.255.255.0
Error Disable Recovery Configuration:
Switch(config)#errdisable ? detect Error disable detection flap-setting Error disable flap detection setting recovery Error disable recovery ! Switch(config)#errdisable recovery ? cause Enable error disable recovery for application interval Error disable recovery timer value ! Switch(config)#errdisable recovery cause ? all Enable timer to recover from all error causes arp-inspection Enable timer to recover from arp inspection error disable state bpduguard Enable timer to recover from BPDU Guard error channel-misconfig Enable timer to recover from channel misconfig error (STP) dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error dtp-flap Enable timer to recover from dtp-flap error gbic-invalid Enable timer to recover from invalid GBIC error inline-power Enable timer to recover from inline-power error l2ptguard Enable timer to recover from l2protocol-tunnel error link-flap Enable timer to recover from link-flap error link-monitor-failure Enable timer to recover from link monitoring failure loopback Enable timer to recover from loopback error mac-limit Enable timer to recover from mac limit disable state oam-remote-failure Enable timer to recover from OAM detected remote failure pagp-flap Enable timer to recover from pagp-flap error port-mode-failure Enable timer to recover from port mode change failure pppoe-ia-rate-limit Enable timer to recover from PPPoE IA rate-limit error psecure-violation Enable timer to recover from psecure violation error psp Enable timer to recover from psp security-violation Enable timer to recover from 802.1x violation error sfp-config-mismatch Enable timer to recover from SFP config mismatch error storm-control Enable timer to recover from storm-control error udld Enable timer to recover from udld error unicast-flood Enable timer to recover from unicast flood error vmps Enable timer to recover from vmps shutdown error ! Switch(config)#errdisable recovery cause psecure-violation ! Switch(config)#errdisable recovery interval ? <30-86400> timer-interval(sec) ! Switch(config)#errdisable recovery interval 30
Now we will disconnect PC-1 and connect PC-2 to port G0/0 and see the errdisable recovery take place.
Switch# *Oct 10 06:34:38.756: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/0, putting Gi0/0 in err-disable state *Oct 10 06:34:38.759: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.7966.6803 on port GigabitEthernet0/0. *Oct 10 06:34:39.758: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Oct 10 06:34:40.776: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down Switch# Switch# *Oct 10 06:35:08.748: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Gi0/0 *Oct 10 06:35:10.776: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up *Oct 10 06:35:11.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
Verifications:
Switch#show errdisable detect ErrDisable Reason Detection Mode ----------------- --------- ---- arp-inspection Enabled port bpduguard Enabled port channel-misconfig (STP) Enabled port community-limit Enabled port dhcp-rate-limit Enabled port dtp-flap Enabled port ekey Enabled port gbic-invalid Enabled port iif-reg-failure Enabled port inline-power Enabled port invalid-policy Enabled port l2ptguard Enabled port link-flap Enabled port link-monitor-failure Enabled port loopback Enabled port lsgroup Enabled port oam-remote-failure Enabled port mac-limit Enabled port pagp-flap Enabled port port-mode-failure Enabled port pppoe-ia-rate-limit Enabled port psecure-violation Enabled port security-violation Enabled port sfp-config-mismatch Enabled port sgacl_limitation:enforcem Enabled port sgacl_limitation:multiple Enabled port storm-control Enabled port udld Enabled port unicast-flood Enabled port vmps Enabled port psp Enabled port dual-active-recovery Enabled port evc-lite input mapping fa Enabled port vsl-and-non-vsl-port-pair Enabled port Recovery command: "clear Enabled port fasthello-and-non-fasthel Enabled port ! Switch#show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig (STP) Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled inline-power Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled link-monitor-failure Disabled loopback Disabled oam-remote-failure Disabled pagp-flap Disabled port-mode-failure Disabled pppoe-ia-rate-limit Disabled psecure-violation Enabled security-violation Disabled sfp-config-mismatch Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled psp Disabled dual-active-recovery Disabled evc-lite input mapping fa Disabled Recovery command: "clear Disabled Timer interval: 30 seconds Interfaces that will be enabled at the next timeout: !