Although the CSCur56395 bug description claims it was fixed in 15.2(2)E2, I just experienced a similar problem on a 2 switch WS-C2960X-48FPS-L stack after an upgrade to 15.2(2)E7.  I was seeing the %ILET-1-AUTHENTICATION_FAIL message and noticing strange behavior.   Specifically, there were two wireless APs connected to the stack and they were failing to associate to the controller.  I couldn't even ping them.

I tried the suggested workaround (hard powercycle) and that did the trick.

Perhaps the condition manifests itself based on the firmware version before the upgrade?  I didn't perform the upgrade so I am not sure what the precise version was, but this particular stack was upgraded from somewhere in the 15.0 track.  

-Jeff

---

@jedavis wrote:

Although the CSCur56395 bug description claims it was fixed in 15.2(2)E2

---

Raise a TAC Case to TAC can confirm if you're hitting the bug or not. 

Don't completely trust details in the Bug ID.  Once a Bug ID is created, it is rarely updated.  In a lot of cases details in the Bug ID are incorrect or vague.  TAC can dig into internal notes to determine the latest update.  

experienced this issue on several 2960x stacks running 15.2(7)E2 which is the current recommended version for 2960x.  Pulled all of the power cords in the stack and removed the stacking cables and SFP's.  Brought the switches back up one at a time, reconnecting the stack cables for each switch as I went.  This resolved the issue, but not clear what sw image to use to ensure this doesn't occur again.

Time to get off that 15.0 train.  It may happen when you reload after the IOS update to a new version.  It seems to me that the bug manifests itself based on the original version that you are upgrading from and not the new version.  That would explain why a power cycle is needed to clear it too.

We faced the same problem but nothing resolved the issues.we downgrade to older IOS , to latest IOS , reboot , hard re-boot for too many time , removed the STACK modules , SFP . downlink ports , just a few..the SYST status changed to orange and the syslog show that the error.even the same PC in the same VLAN can't access each other . we see the switch learn the MAC address on down link and even the PO LACP with C4500 come up but no L2 switching at all.it look like the switch only L2 broadcast ARP packet as we see the out hosts ARP cache show the other end MAC address.All 4 switch in the stack become master as no one see each other on the STACK ports.

we use the STACK modules to stack 4 C2960-X with 10G uplink for our small server farm and the issues caused 8 hours downtime.we don't know that the problem cause is the Cisco HW issues or we brought counterfeit HW from bad supplier .the sad thing is Cisco don't put much effort to find the problem root cause or give the customers useful workaround for help.Again bad Cisco responsibility as before for loyal customers.

I just updated a test switch with c2960x-universalk9-mz.152-7.E0a  ... and it now has this problem.

and hard power cycle does NOT fix the issue

Horrible for Cisco to not fix this yet.

I had a 2960S that had this same error message IoS upgrade from 12.2 > 15.2(E9). 

None of my end user ports were working off my 2960S after upgrade.  I soft and hard-reseted the system multiple times.  It finally restored function when I rolled back the IoS to 12.2.  I am now submitting this device for replacement to 2960X.   

Hi,

If this is the message:

ILET-1-DEVICE_AUTHENTICATION_FAIL: The FlexStack Module inserted in this switch may not have been manufactured by Cisco or with Cisco's authorization...  You will need 15.2(6)E  instead of 15.2(4)E6.

FlexStack extended modules (fiber and hybrid) are supported beginning with Cisco IOS Software Release 15.2(6)E.

https://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-2960-x-series-switches/white-paper-c11-739615.pdf

Additionally,  remember to hard reset the Switch(unplug and plug back the cables).  In some scenarios this procedure needs to be repeated twice.  If error persists open a case with TAC - LAN Switching.

...After opening the TAC case, provide the following info in advance please.

#show tech:

#show hardware:

#show platform status:

Original software version New software version: 15.2(4)E

Company Name:

Customer Contact name:

Email:

Phone Number:

Country the switch(s) are located in:

Thanks for the quick answer. Actually, the log refers to the switch not the stack module:

*Mar 1 00:00:39.153: Read env variable - LICENSE_BOOT_LEVEL =
*Jan 2 00:00:00.076: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c2960x_lanbase Next reboot level = lanbase and License = No valid license found
Feb 4 19:46:28.178: Flexstack module is 1
Feb 4 19:47:14.972: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack
Feb 4 19:47:16.070: %SMI-5-CLIENT: Smart Install Client feature is enabled. It is recommended to disable the Smart Install feature when it is not actively used. To disable feature execute 'no vstack' in configuration mode
Feb 4 19:47:16.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Feb 4 19:47:16.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
Feb 4 19:47:18.069: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
Feb 4 19:47:25.818: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan140, changed state to down
Feb 4 19:47:25.849: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to gci04-fsw01.
Feb 4 19:47:25.933: %SYS-5-CONFIG_I: Configured from memory by console
Feb 4 19:47:26.038: %STACKMGR-5-SWITCH_READY: Switch 1 is READY
Feb 4 19:47:26.038: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
Feb 4 19:47:26.038: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
Feb 4 19:47:26.465: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
Feb 4 19:47:26.552: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY
Feb 4 19:47:26.555: %PLATFORM-6-FLEXSTACK_INSERTED: FlexStack module inserted in Switch 1.
Feb 4 19:47:26.839: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(4)E6, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Thu 05-Apr-18 02:53 by prod_rel_team
Feb 4 19:47:26.922: %SSH-5-ENABLED: SSH 1.99 has been enabled
Feb 4 19:47:27.873: %ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
Feb 4 19:47:28.499: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
Feb 4 19:47:32.941: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up

I see.

The authentication error message is not coming from "FlexStack Module".

This is another scenario on C2960 Switches, but is similar troubleshooting and workaround:

%ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization...

The behavior is related to several well-known bugs. This one below is the most accurate for your scenario described.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCur56395/

Notice the physical troubleshooting and workaround is the same with or without "FlexStack Module" errors.

Here are the summary steps:

1)Here you have done the first step already, which is upgrading to the latest version.

2)Hard reset. Power off the Switch, unplug all cables(power source, stacking modules...)

3)If still error follows.  Open a case with us in TAC - LAN Switching | +1 800-553-2447.

4)RMA.  At this point we determine the error is product of a hardware failure.

For this TAC will request you to provide the following info:

#show tech:

#show hardware:

#show platform status:

Original software version New software version: 15.2(4)E

TAC Service Request Number:

Company Name:

Contact's full name:

Email:

Phone Number:

Country the switch(s) are located in:

Once this validation is complete, we will proceed with replacing the Switch.

Hope this helps you.