Troubleshooting SFP Module Security and Identification
Cisco small form-factor pluggable (SFP) modules have a serial EEPROM that contains the module serial
number, the vendor name and ID, a unique security code, and cyclic redundancy check (CRC). When an SFP
module is inserted in the device, the device software reads the EEPROM to verify the serial number, vendor
name and vendor ID, and recompute the security code and CRC. If the serial number, the vendor name or
vendor ID, the security code, or CRC is invalid, the software generates a security error message and places
the interface in an error-disabled state.
The security error message references the GBIC_SECURITY facility. The device supports SFP modules and
does not support GBIC modules. Although the error message text refers to GBIC interfaces and modules, the
security messages actually refer to the SFP modules and module interfaces.
Note
If you are using a non-Cisco SFP module, remove the SFP module from the device, and replace it with a Cisco
module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global
configuration command to verify the port status, and enter a time interval for recovering from the error-disabled
state. After the elapsed interval, the device brings the interface out of the error-disabled state and retries the
operation. For more information about the errdisable recovery command, see the command reference for
this release.
If the module is identified as a Cisco SFP module, but the system is unable to read vendor-data information
to verify its accuracy, an SFP module error message is generated. In this case, you should remove and reinsert
the SFP module. If it continues to fail, the SFP module might be defective.
Monitoring SFP Module Status
You can check the physical or operational status of an SFP module by using the show interfaces transceiver
privileged EXEC command. Note that this command will work only on the SFPs which support Digital Optics
Monitoring (DOM) functionality. This command shows the operational status, such as the temperature and
the current for an SFP module on a specific interface and the alarm status. You can also use the command to
check the speed and the duplex settings on an SFP module. For more information, see the show interfaces
transceiver command in the command reference for this release.
Executing Ping
If you attempt to ping a host in a different IP subnetwork, you must define a static route to the network or
have IP routing configured to route between those subnets.
IP routing is disabled by default on all devices.
Though other protocol keywords are available with the ping command, they are not supported in this release.
Note
Use this command to ping another device on the network from the device:
System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
407
Troubleshooting the Software Configuration
Troubleshooting SFP Module Security and Identification
To Next Page
Loading...
Need help?
General