AUTH Messages

AUTH-1001

Message: <Operation type> has been successfully completed.

Message Type: LOG

Severity: INFO

Probable Cause: Indicates that the secret database has been updated using the fcsp auth-secret or no fcsp auth-secret command. The values for Operation type can be "set" or "remove".

Recommended Action: No action is required.

AUTH-1002

Message:<Operation type> has failed.

Message Type: LOG

Severity: ERROR

Probable Cause: Indicates that the specified action to update the secret database using the fcsp auth-secret or no fcsp auth-secret command has failed. The values for Operation type can be "set" or "remove".

Recommended Action: Execute the fcsp auth-secret or no fcsp auth-secret command again. Execute the copy support command and contact your switch service provider.

AUTH-1003

Message: <data type> type has been successfully set to <setting value>.

Message Type: LOG

Severity:INFO

Probable Cause: Indicates that an authentication configuration parameter was set to a specified value. The data type can be either authentication type, DH group type, or policy type.

Recommended Action: No action is required.

AUTH-1004

Message: Failed to set <data type> type to <setting value>.

Message Type: LOG

Severity: ERROR

Probable Cause: Indicates that the fcsp auth command has failed to set the authentication configuration value. The data type can be either authentication type, DH group type, hash type, or policy type.

Recommended Action: Execute the fcsp auth command. Execute the copy support command and contact your switch service provider.

AUTH-1006

Message: Failed to open authentication configuration file.

Message Type: LOG

Severity:WARNING

Probable Cause: Indicates an internal problem with the security policy.

Recommended Action: Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1007

Message: The proposed authentication protocol(s) are not supported: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the proposed authentication protocol types are not supported by the local port.

Recommended Action:Execute the fcsp auth command to make sure the local switch supports the following protocols: Fibre Channel Authentication Protocol (FCAP) or Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP).

AUTH-1010

Message: Failed to initialize security policy: switch <switch number>, error <error code>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates an internal problem with the security policy.

Recommended Action:Reload or power cycle the switch. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1012

Message: Authentication <code> is rejected: port <port number> explain <explain code> reason <reason code>.

Message Type: LOG

Severity:WARNING

Probable Cause: Indicates that the specified authentication is rejected because the remote entity does not support authentication.

Recommended Action:Make sure the entity at the other end of the link supports authentication.

AUTH-1013

Message: Cannot perform authentication request message: port <port number>, message code <message code>.

Message Type: LOG

Severity:WARNING

Probable Cause: Indicates that the system is running low on resources when receiving an authentication request. Usually this problem is transient. The authentication may fail.

Recommended Action: Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1014

Message: Invalid port value to <operation>: port <port number>.

Message Type:LOG | FFDC

Severity:ERROR

Probable Cause: Indicates an internal problem with the security policy.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1017

Message: Invalid value to start authentication request: port <port number>, operation code<operation code>.

Message Type: LOG

Severity: ERROR

Probable Cause: Indicates an internal problem with the security policy.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1018

Message: Invalid value to check protocol type: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates an internal problem with the security policy.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1020

Message: Failed to create timer for authentication: port <port number>.

Message Type: LOG

Severity:INFO

Probable Cause: Indicates that an authentication message timer was not created. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1022

Message: Failed to extract <data type> from <message> payload: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the authentication process failed to extract a particular value from the receiving payload. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1025

Message: Failed to get <data type> during <authentication phase>: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the authentication process failed to get expected information during the specified authentication phase. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1026

Message: Failed to <Device information> during negotiation phase: port <port number>.

Message Type: LOG

Severity:WARNING

Probable Cause: Indicates that the authentication failed to get device or host bus adapter (HBA) information due to an internal failure. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1027

Message: Failed to select <authentication value> during <authentication phase>: value <value> port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the authentication process failed to select an authentication value (for example, DH group, hash value, or protocol type) from a receiving payload during the specified authentication phase. This error occurred because the local switch does not support the specified authentication value.

Recommended Action:Check the authentication configuration and reset the supported value if needed using the fcsp auth command. Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1028

Message: Failed to allocate <data type> for <operation phase>: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the authentication process failed because the system is low on memory. Usually this problem is transient. The authentication may fail. The data type is a payload or structure that failed to get memory. The operation phase specifies which operation of a particular authentication phase failed.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands. If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1029

Message: Failed to get <data type> for <message phase> message: port <port number>, retval <error code>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the authentication process failed to get a particular authentication value at certain phase. Usually this problem is transient. The authentication may fail.

The data type is a payload or structure that failed to get memory.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1030

Message: Invalid message code for <message phase> message: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the receiving payload does not have a valid message code during the specified authentication phase. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1031

Message: Failed to retrieve secret value: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the secret value was not set properly for the authenticated entity.

Recommended Action:Reset the secret value using the fcsp auth-secret command.

Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

AUTH-1032

Message: Failed to generate <data type> for <message payload> payload: length <data length>, error code <error code>, port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the authentication process failed to generate specific data (for example, challenge, nonce, or response data) for an authentication payload. This usually relates to an internal failure. A nonce is a single-use, usually random value used in authentication protocols to prevent replay attacks. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1033

Message: Disable port <port number> due to unauthorized switch <switch WWN value>.

Message Type: LOG

Severity: ERROR

Probable Cause: Indicates that an entity, which was not configured in the switch connection control (SCC) policy tried to connect to the port.

Recommended Action:Add the entity World Wide Name (WWN) to the SCC policy using the secpolicy defined-policy command, then reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

AUTH-1034

Message: Failed to validate name <entity name> in <authentication message>: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the entity name in the payload is not in the correct format.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1035

Message: Invalid <data type> length in <message phase> message: length <data length>, port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that a particular data field in the authentication message has an invalid length field. This error usually relates to an internal failure.

Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis disable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1036

Message: Invalid state <state value> for <authentication phase>: port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the switch received an unexpected authentication message. Usually this problem is transient. The authentication may fail.

Recommended Action:Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis disable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1037

Message: Failed to <operation type> response for <authentication message>: init_len <data length>, resp_len <data length>, port <port number>.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that a Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) authentication operation failed on the specified port due to mismatched response values between two entities. The error may indicate that an invalid entity tried to connect to the switch.

Recommended Action:Check the connection port for a possible security attack.

Reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis disable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1039

Message: Neighboring switch has conflicting authentication policy: Port <Port Number> disabled.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the neighboring switch has a conflicting authentication policy enabled. The E_Port has been disabled because the neighboring switch has rejected the authentication negotiation and the local switch has a strict switch authentication policy.

Recommended Action:Correct the switch policy configuration on either of the switches using the fcsp auth command, and then enable the port using the no shutdown command.

AUTH-1040

Message: Reject authentication on port <Port Number>, because switch authentication policy is set to OFF.

Message Type: LOG

Severity:INFO

Probable Cause: Indicates that the local switch has rejected the authentication because the switch policy is turned off. If the neighboring switch has a strict (ON) switch policy, the port will be disabled due to conflicting configuration settings. Otherwise, the E_Port will form without authentication.

Recommended Action:If the port is disabled, correct the switch policy configuration on either of the switches using the fcsp auth command, and then enable the port on neighboring switch using the no shutdown command. If the E_Port has formed, no action is required.

AUTH-1041

Message: Port <port number> has been disabled, because an authentication-reject was received with code '<Reason String>' and explanation '<Explanation String>'.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the specified port has been disabled because it received an authentication-reject response from the connected switch or device. The error may indicate that an invalid entity tried to connect to the switch.

Recommended Action:Check the connection port for a possible security attack.

Check the shared secrets using the show fcsp auth-secret dh-chap command and reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis disable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1042

Message: Port <port number> has been disabled, because authentication failed with code '<Reason String>' and explanation '<Explanation String>'.

Message Type: LOG

Severity:ERROR

Probable Cause: Indicates that the specified port has been disabled because the connecting switch or device failed to authenticate. The error may indicate that an invalid entity attempted to connect to the switch.

Recommended Action:Check the connection port for a possible security attack.

Check the shared secrets using the show fcsp auth-secret dh-chap command and reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis disable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-1044

Message: Authentication <Reason for disabling the port>. Disabling the port <port number>.

Message Type: LOG | FFDC

Severity:ERROR

Probable Cause: Indicates that the authentication has timed out after multiple retries and as a result, the specified port has been disabled. This problem may be transient due to the system CPU load. In addition, a defective small form-factor pluggable (SFP) or faulty cable may have caused the failure.

Recommended Action:Check the SFP and the cable. Then try to enable the port using the no shutdown command.

AUTH-3001

Message: Event: <Event Name>, Status: success, Info: <Data type> type has been changed from [<Old value>] to [<New value>].

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that a authentication configuration parameter was set to a specified value. The data type can be either authentication type, DH group type, hash type, or policy type.

Recommended Action:No action is required.

AUTH-3002

Message: Event: <Event Name>, Status: success, Info: <Event Related Info>.

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that the secret database has been updated using the fcsp auth-secret command.

Recommended Action:No action is required.

AUTH-3004

Message: Event: <Event Name>, Status: failed, Info: Neighboring switch has a conflicting authentication policy; Port <Port Number> disabled.

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that the specified E_Port was disabled because the neighboring switch rejected the authentication negotiation and the local switch has a strict switch authentication policy.

Recommended Action:Correct the switch policy configuration on either of the switches using the fcsp auth command, and then enable the port using no shutdown command.

AUTH-3005

Message: Event: <Event Name>, Status: failed, Info: Rejecting authentication request on port <Port Number> because switch policy is turned OFF.

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that the local switch has rejected the authentication request because the switch policy is turned off. If the neighboring switch has a strict (ON) switch policy, the port will be disabled due to conflicting configuration settings. Otherwise, the E_Port will form without authentication.

Recommended Action:If the specified port is disabled, correct the switch policy configuration on either of the switches using the fcsp auth command, and then enable the port on the neighboring switch using no shutdown command.

If the E_Port formed, no action is required.

AUTH-3006

Message: Event: <Event Name>, Status: failed, Info: Authentication failed on port <port number> due to mismatch of DH-CHAP shared secrets.

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that a Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) authentication operation failed on the specified port due to mismatched response values between two entities. The error may indicate that an invalid entity tried to connect to the switch.

Recommended Action:Check the connection port for a possible security attack.

Check the shared secrets using the show fcsp auth-secret dh-chap command and reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-3007

Message: Event: <Event Name>, Status: failed, Info: Port <port number> disabled, because an authentication-reject was received with code '<Reason String>' and Explanation '<Explanation String>'.

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that the specified port was disabled because it received an authentication-reject response from the connected switch or device. The error may indicate that an invalid entity tried to connect to the switch.

Recommended Action:Check the connection port for a possible security attack.

Check the shared secrets using show fcsp auth-secret dh-chap and reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.

AUTH-3008

Message: Event: <Event Name>, Status: failed, Info: Port <port number> has been disabled due to authentication failure with code '<Reason String>' and explanation '<Explanation String>'.

Message Type: AUDIT

Class:SECURITY

Severity:INFO

Probable Cause: Indicates that the specified port has been disabled because the connecting switch or device failed to authenticate. The error may indicate that an invalid entity tried to connect to the switch.

Recommended Action:Check the connection port for a possible security attack.

Check the shared secrets using show fcsp auth-secret dh-chap and reinitialize authentication using the shutdown and no shutdown commands or the chassis disable and chassis enable commands.

If the message persists, execute the copy support command and contact your switch service provider.