08-10-2018 06:28 PM - edited 03-08-2019 03:52 PM
Today we upgraded 8 WS-C2960X-48FPD-L switches to 15.2.4E6 using c2960x-universalk9-tar.152-4.E6.tar
For 3 of them the upgrade was completed with no errors. The rest 5 all had the same issue;
After the reboot we got the error message
%ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
The fiber module would not work and the faulty ones that were in stack would not recognize each other.
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 0059.dc7b.b080 1 4 Ready
2 Member 0000.0000.0000 0 0 Provisioned
After some research on the issue I came upon
https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63972.html
I removed the power for 10 minutes on all affected switches with no success.
I removed all stack modules and sfp+ cards and I also tried
c2960x-universalk9-tar.150-2a.EX5
c2960x-universalk9-tar.152-2.E4.tar
c2960x-universalk9-tar.152-2.E7.tar
c2960x-universalk9-tar.152-2a.E1.tar
c2960x-universalk9-tar.152-6.E1.tar
After each install I would remove power (cold reboot) the sw
and the error persists...
Do you have any suggestion, before I start the hardware replacement procedure?
Solved! Go to Solution.
10-22-2019 07:00 AM - edited 10-22-2019 07:02 AM
As far as I know replacement is the ONLY way to fix it is to RMA the switch. But it would be nice to know what switches have the defective hardware prior to attemtping an upgrade. I currently have a pile of 7 defective switches.
10-21-2019 10:55 PM - edited 10-21-2019 11:15 PM
Sounds not good. Which IOS can i choose then? Or should i stay on 152-2.E6?
10-21-2019 11:49 PM
08-16-2019 07:29 AM
I have seen this issue in all its various forms, whether relating to the SFPs, the stacking modules or the switch itself. I was recently upgrading all 2960X stacks to remediate a security vulnerability. I successfully upgraded 49 stacks at various sites without incident. I am unsure how many switches that represents but at least 150. Then I moved on to a site in Europe with 22 switches in very small stacks of 1 - 3 switches. I loaded them all with 15.2(4)E7 and before my maintenance window came one of the stacks of 2 switches reloaded due to a power failure. I received the POST: ACT2 Authentication : End, Status Failed boot message followed by the %ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco IOS message on one of them while the other one upgraded successfully. So they grabbed a brand new spare off the shelf and I did an IOS upgrade on that before adding to the stack. It also failed with the same error. A second spare upgraded successfully.
I tried everything I could think of to resurrect the 2 switches. Tried the published power cycle trick with no success. Tried factore reset, various IOS images including the original one with no success. Finally called TAC and had the 2 failed switches RMA'ed. Through some mixup they sent 4 switches. One of the switches was DOA.
Since then I have upgraded 10 additional switches one stack at a time and have had 2 more failures. I have 10 more to go but we need to RMA some more switches first. I need to be sure that I have enough switches on hand to cover a failure of every stack member. Luckily at this site the most switches in any one stack is 3. My biggest fear is an extended power outage at the plant and they will all reload. How many will survive is anyone's guess.
It would appear that once this occurs there is no software remedy so by definition this is a hardware failure of some sort. I have to believe Cisco knows what causes the failure and what serial numbers might be affected. But I have never seen this published. My theory is that there is such a huge number of possibly defective switches that they are just not willing to proactively replace them all. So that means I have to slog through these upgrades one at a time and hope for the best.
-Jeff
08-16-2019 07:41 AM
Jeff;
Thank you for your detailed response, I am working with my Cisco Account manager and the SE on the ones I had recently do this.
I agree I think Cisco knows what is going on and is not saying anything due to the financial impact, as such I am currently starting to deploy a different switch than the 2960X due to this issue, and may go as far as looking at other vendors for access switches as I can not have this happen when I am trying to remedy a security issue just as you were doing.
10-31-2022 02:30 AM - edited 10-31-2022 02:32 AM
Posting this for a third time as this problem has irritated me for a long time. It might answer a few people's questions who are nervous about upgrading any CISCO 2960X devices because of breakages in the past.
I have been dancing through a minefield of 2960X switches which would see several of them fail in the way which has been described. After putting together a mortuary of these devices and comparing them with ones that would update, the 3 metrics which you need to lookout for can be spotted when you do a "show version". They are as follows:
Model revision number | M0 |
Motherboard revision number | A0 |
Hardware Board Revision Number | 0x18 |
So, if you do a "show version" and see the see the unholy trinity of M0, A0 and 0x18 appear together in the above metrics, be wary around updating the IOS, this is regardless of the version number of the switch or wherever it was manufactured.
Raising a TAC and RMAing is the only way forward known with regards to this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide