THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
29-Apr-22 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
IOS |
IOS |
15.2 |
15.2(2)E, 15.2(2)E1, 15.2(2)E10, 15.2(2)E2, 15.2(2)E3, 15.2(2)E4, 15.2(2)E5, 15.2(2)E5a, 15.2(2)E6, 15.2(2)E7, 15.2(2)E8, 15.2(2)E9, 15.2(3)E, 15.2(3)E1, 15.2(3)E2, 15.2(3)E3, 15.2(4)E, 15.2(4)E1, 15.2(4)E10, 15.2(4)E2, 15.2(4)E3, 15.2(4)E4, 15.2(4)E5, 15.2(4)E6, 15.2(4)E7, 15.2(4)E8, 15.2(4)E9, 15.2(5)E, 15.2(5)E1, 15.2(5)E2, 15.2(6)E, 15.2(6)E1, 15.2(6)E2a, 15.2(7)E1, 15.2(7)E2, 15.2(7)E3 |
All releases earlier than Cisco IOS Release 15.2.7E4 are impacted. |
Defect ID | Headline |
---|---|
CSCvb64782 | SUDI Verification Feature Supported in Release 15.2(7)E4 or Later |
In order to detect and mitigate device counterfeiting and malicious attacks on hardware and software, Cisco uses Hardware Trust Anchor, Secure Unique Device Identifier (SUDI), digitally signed software images, secure boot, and other multilayered security approaches to verify the authenticity and integrity of our solutions. These trustworthy technologies run automated checks of hardware and software integrity and can shut down the boot process if a compromise is detected.
Cisco Catalyst 2960X/2960XR platforms should be upgraded to Cisco IOS® Release 15.2(7)E4 or later in order to enable this SUDI verification before devices are onboarded into your network. The latest software can be downloaded from the Cisco Software Download website.
Cisco encourages customers to buy only genuine gear from Cisco Authorized Partners. Because of the pervasiveness of the Cisco Catalyst 2960X/2960XR switches on the grey market, it is imperative that customers enable the latest software release in order to validate the authenticity, security, and performance of their switch.
The illicit grey market for Cisco's gear carries significant risk for customers who buy unauthorized secondhand, third-party, or even stolen networking gear. Cisco's 2960X/2960XR switches have been a flagship product for many years, and subsequently have been diverted into the grey market.
Cisco always recommends that customers buy from Cisco Authorized Partners. If you choose to purchase Cisco products from a source on the grey market, you might take these risks:
The Cisco Brand Protection team partners closely with both law enforcement and customs officials around the world to stop counterfeit products at borders, identify counterfeiting operations, and pursue legal actions against infringers of Cisco’s intellectual property rights, which includes trademarks. Cisco’s goal is to actively support our partners and customers in protecting their investment in Cisco solutions.
Counterfeit devices run the risk of disrupting normal system operation and can show any abnormal behavior.
Some of the common error logs which might be observed include, but are not limited to, these logs:
%ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
%ILET-1-DEVICE_AUTHENTICATION_FAIL: The FlexStack Module inserted in this switch might not have been manufactured by Cisco or with Cisco's authorization. If your use of this product is the cause of a support issue, Cisco might deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center (TAC) for more information.
The process to validate the SUDI on a Cisco Catalyst 2960X/2960XR device is described in this section. The implementation of SUDI is based on Public Key Infrastructure (PKI) and the associated cryptography.
Note: Steps 2 and 3 require access to the openssl
command. This is not a Cisco IOS CLI command. The openssl
command is available in most Linux distributions (such as Ubuntu) and MacOS.
Microsoft Windows does not have it available with the installation, but there are third-party binaries available for download.
Step 1. Gather Device Data
Data needed from the device for this validation includes:
show version
CLI command.show platform sudi certificate sign nonce [nonce]
CLI command. This CLI command is only available in Cisco IOS Release 15.2.7E4 and later.In order to confirm the output is not tampered in any way, include the 'sign' option with a 'nonce' in the command. The value of the nonce shall be a random number decided when you enter the command. Do not use a static value for all validations on a particular device.
Sample Output:
Switch#show platform sudi certificate sign nonce 123 -----BEGIN CERTIFICATE----- MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED >>> Certificate 1 o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEPDCCAySgAwIBAgIKYQlufQAAAAAADDANBgkqhkiG9w0BAQUFADA1MRYwFAYD VQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgw HhcNMTEwNjMwMTc1NjU3WhcNMjkwNTE0MjAyNTQyWjAnMQ4wDAYDVQQKEwVDaXNj bzEVMBMGA1UEAxMMQUNUMiBTVURJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA0m5l3THIxA9tN/hS5qR/6UZRpdd+9aE2JbFkNjht6gfHKd477AkS 5XAtUs5oxDYVt/zEbslZq3+LR6qrqKKQVu6JYvH05UYLBqCj38s76NLk53905Wzp 9pRcmRCPuX+a6tHF/qRuOiJ44mdeDYZo3qPCpxzprWJDPclM4iYKHumMQMqmgmg+ xghHIooWS80BOcdiynEbeP5rZ7qRuewKMpl1TiI3WdBNjZjnpfjg66F+P4SaDkGb BXdGj13oVeF+EyFWLrFjj97fL2+8oauV43Qrvnf3d/GfqXj7ew+z/sXlXtEOjSXJ URsyMEj53Rdd9tJwHky8neapszS+r+kdVQIDAQABo4IBWjCCAVYwCwYDVR0PBAQD >>> Certificate 2 AgHGMB0GA1UdDgQWBBRI2PHxwnDVW7t8cwmTr7i4MAP4fzAfBgNVHSMEGDAWgBQn 88gVHm6aAgkWrSugiWBf2nsvqjBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vd3d3 LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY3JsL2NyY2EyMDQ4LmNybDBQBggrBgEF BQcBAQREMEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3Vy aXR5L3BraS9jZXJ0cy9jcmNhMjA0OC5jZXIwXAYDVR0gBFUwUzBRBgorBgEEAQkV AQwAMEMwQQYIKwYBBQUHAgEWNWh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5 L3BraS9wb2xpY2llcy9pbmRleC5odG1sMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJ KoZIhvcNAQEFBQADggEBAGh1qclr9tx4hzWgDERm371yeuEmqcIfi9b9+GbMSJbi ZHc/CcCl0lJu0a9zTXA9w47H9/t6leduGxb4WeLxcwCiUgvFtCa51Iklt8nNbcKY /4dw1ex+7amATUQO4QggIE67wVIPu6bgAE3Ja/nRS3xKYSnj8H5TehimBSv6TECi i5jUhOWryAK4dVo8hCjkjEkzu3ufBTJapnv89g9OE+H3VKM4L+/KdkUO+52djFKn hyl47d7cZR4DY4LIuFM2P1As8YyjzoNpK/urSRI14WdIlplR1nH7KNDl5618yfVP 0IFJZBGrooCRBjOSwFv8cpWCbmWdPaCQT2nwIjTfY8c= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDiDCCAnCgAwIBAgIDAbx3MA0GCSqGSIb3DQEBCwUAMCcxDjAMBgNVBAoTBUNp c2NvMRUwEwYDVQQDEwxBQ1QyIFNVREkgQ0EwHhcNMTMwNzEyMjExMTE1WhcNMjMw NzEyMjExMTE1WjB1MSwwKgYDVQQFEyNQSUQ6V1MtQzI5NjBYLTQ4VFMtTCBTTjpG T0MxNzI4VzI1UzEOMAwGA1UEChMFQ2lzY28xGDAWBgNVBAsTD0FDVC0yIExpdGUg U1VESTEbMBkGA1UEAxMSV1MtQzI5NjBYLTQ4VFMtTCAgMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAputJ8j29wJubV2yFF1wL+4ynVspW/8dLqZKECAfp NafvKXLlnd5cVleq7H8A4e7o4mHwmHsEmzfpfxbDnSppuhnHeoEJYY6FH4tCXrF3 s4Dg7SA8zpVGOWFVo4oeCCh+nnrq/avCsSW7tWm0brc9RgL2yf6RrdkmdQYiDvcd ruw7WbCj/IrfEBTaIosgLWfKhR5YNlQLJTfvLC92+osCXLqXGi4+o3/iMgg82ngH jkQmiBLWQL5bpGEQ4xHwfEgHhFMzqhEFUPZseCEJKiVkXIRB9jwQQvqkkhirORgB >>> Certificate 3 5obLVsxKFDz9l2SEeewyO/fA/ZwkbjHqULYb8VroJ4PvnwIDAQABo28wbTAOBgNV HQ8BAf8EBAMCBeAwDAYDVR0TAQH/BAIwADBNBgNVHREERjBEoEIGCSsGAQQBCRUC A6A1EzNDaGlwSUQ9VVFJVFVJVWpDUUt2QUFBQU0vZXFZaUF5TWlBeE16b3lOVG95 TXlCeEVxWT0wDQYJKoZIhvcNAQELBQADggEBABUb8ooyQSlPzeGllmnSFq+Riv4L 4OhNYozVxOpSThzlF07c/ql3OilTGfYA/M3VePizgYUC4q2b0jhiwz25WH9ocaO2 MWXunq8yaUIdtI/PWAAUSx3G//OkA0rCixDMg0BoHghAha2xHA+kkPNX7Gm7os34 g6BWgT+Ds8smje0mHfUcWH7HCFJgk/8GePfPGy7H5se5A2W6ZdZzuy46vReqmAL1 3pTQAepD2lkgkgBOJP9e02FQ+l+QHpaaCyx/L5pkUF7a5d6/ew7KgB5DsljNe/8x N2N6H8KrEJuZWLxbfFwsziFuya2Rd5jxZYbvYVa7D7fsrNOpnXF7RWSCFPc= -----END CERTIFICATE----- Signature version: 1 Signature:
3453E7DFBC4942548A52876994D95B69089B6B6C9561878F553D009A2B60BDFE661515C69DCAE12A2966792A730C1E054E329851DA9BD97E4EC1332B8567E97122B4C8F7AE455B768C37DABD5F2149CB2D188A85A82F9C97075ECE374DDF1C38DD2688A3D008AA0047314196A4B3A46DA85B59A85A8369AE2F9EE054548B6AC3E91654F75256E216A8FD37DD8739015914912BE66D1768619880E121FA738A1003E2A731E9CF888C562F0E903351E86F1D901066DC83DA9C61A05BC5BF77E0D370E3B2A483AFB0589DB9149862C7A5CC12ACF8C758AA878905EB2D9F693681A694B2520320F0A65FEF7D643268300C129D28168147D518361251CE759162CA95
Step 2. Verify the X.509v3 Certificates
The result of SUDI verification contains three X.509v3 certificates - Certficate 1, Certificate 2, and Certificate 3 in the previous sample output.
Certificate 1 is the Cisco Root Certificate Authority (CA) certificate and Certificate 2 is the signing SUDI CA certificate. In order to verify the certificates, download the official X.509v3 certificates - Cisco Root CA 2048 (crca2048) - PEM and ACT2 SUDI CA - PEM from the Cisco PKI website and compare them with the ones listed in the SUDI verification (show platform sudi certificate sign nonce [nonce
command) output.
Certificate 1 from the device output should match with Cisco Root CA 2048 (crca2048) - PEM downloaded from the website.
Certificate 2 from the device output should match with ACT2 SUDI CA - PEM downloaded from the website.
Optional Step: Additionally, the openssl
command can be used to extract the certificate type from the Subject line in the certificate. Refer to this sample output:
Sample Output:
ubuntu$ openssl x509 -noout -subject -----BEGIN CERTIFICATE----- MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzU= -----END CERTIFICATE----- subject=O = Cisco Systems, CN = Cisco Root CA 2048 ubuntu$ openssl x509 -noout -subject -----BEGIN CERTIFICATE----- MIIEPDCCAySgAwIBAgIKYQlufQAAAAAADDANBgkqhkiG9w0BAQUFADA1MRYwFAYD VQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgw HhcNMTEwNjMwMTc1NjU3WhcNMjkwNTE0MjAyNTQyWjAnMQ4wDAYDVQQKEwVDaXNj bzEVMBMGA1UEAxMMQUNUMiBTVURJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA0m5l3THIxA9tN/hS5qR/6UZRpdd+9aE2JbFkNjht6gfHKd477AkS 5XAtUs5oxDYVt/zEbslZq3+LR6qrqKKQVu6JYvH05UYLBqCj38s76NLk53905Wzp 9pRcmRCPuX+a6tHF/qRuOiJ44mdeDYZo3qPCpxzprWJDPclM4iYKHumMQMqmgmg+ xghHIooWS80BOcdiynEbeP5rZ7qRuewKMpl1TiI3WdBNjZjnpfjg66F+P4SaDkGb BXdGj13oVeF+EyFWLrFjj97fL2+8oauV43Qrvnf3d/GfqXj7ew+z/sXlXtEOjSXJ URsyMEj53Rdd9tJwHky8neapszS+r+kdVQIDAQABo4IBWjCCAVYwCwYDVR0PBAQD AgHGMB0GA1UdDgQWBBRI2PHxwnDVW7t8cwmTr7i4MAP4fzAfBgNVHSMEGDAWgBQn 88gVHm6aAgkWrSugiWBf2nsvqjBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vd3d3 LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY3JsL2NyY2EyMDQ4LmNybDBQBggrBgEF BQcBAQREMEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3Vy aXR5L3BraS9jZXJ0cy9jcmNhMjA0OC5jZXIwXAYDVR0gBFUwUzBRBgorBgEEAQkV AQwAMEMwQQYIKwYBBQUHAgEWNWh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5 L3BraS9wb2xpY2llcy9pbmRleC5odG1sMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJ KoZIhvcNAQEFBQADggEBAGh1qclr9tx4hzWgDERm371yeuEmqcIfi9b9+GbMSJbi ZHc/CcCl0lJu0a9zTXA9w47H9/t6leduGxb4WeLxcwCiUgvFtCa51Iklt8nNbcKY /4dw1ex+7amATUQO4QggIE67wVIPu6bgAE3Ja/nRS3xKYSnj8H5TehimBSv6TECi i5jUhOWryAK4dVo8hCjkjEkzu3ufBTJapnv89g9OE+H3VKM4L+/KdkUO+52djFKn hyl47d7cZR4DY4LIuFM2P1As8YyjzoNpK/urSRI14WdIlplR1nH7KNDl5618yfVP 0IFJZBGrooCRBjOSwFv8cpWCbmWdPaCQT2nwIjTfY8c= -----END CERTIFICATE----- subject=O = Cisco, CN = ACT2 SUDI CA
Step 3. Verify the Device Identity
The third X.509v3 certificate (Certificate 3 in the sample output) in the result of SUDI verification is the SUDI certificate. It is important to confirm the device identity specified in this certificate which should match the device information.
The openssl
command can be used to extract the device ID (Product ID (PID) and Serial Number (SN)) from the Subject line in the SUDI certificate.
Sample Output:
ubuntu$ openssl x509 -noout -subject -----BEGIN CERTIFICATE----- MIIDiDCCAnCgAwIBAgIDAbx3MA0GCSqGSIb3DQEBCwUAMCcxDjAMBgNVBAoTBUNp c2NvMRUwEwYDVQQDEwxBQ1QyIFNVREkgQ0EwHhcNMTMwNzEyMjExMTE1WhcNMjMw NzEyMjExMTE1WjB1MSwwKgYDVQQFEyNQSUQ6V1MtQzI5NjBYLTQ4VFMtTCBTTjpG T0MxNzI4VzI1UzEOMAwGA1UEChMFQ2lzY28xGDAWBgNVBAsTD0FDVC0yIExpdGUg U1VESTEbMBkGA1UEAxMSV1MtQzI5NjBYLTQ4VFMtTCAgMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAputJ8j29wJubV2yFF1wL+4ynVspW/8dLqZKECAfp NafvKXLlnd5cVleq7H8A4e7o4mHwmHsEmzfpfxbDnSppuhnHeoEJYY6FH4tCXrF3 s4Dg7SA8zpVGOWFVo4oeCCh+nnrq/avCsSW7tWm0brc9RgL2yf6RrdkmdQYiDvcd ruw7WbCj/IrfEBTaIosgLWfKhR5YNlQLJTfvLC92+osCXLqXGi4+o3/iMgg82ngH jkQmiBLWQL5bpGEQ4xHwfEgHhFMzqhEFUPZseCEJKiVkXIRB9jwQQvqkkhirORgB 5obLVsxKFDz9l2SEeewyO/fA/ZwkbjHqULYb8VroJ4PvnwIDAQABo28wbTAOBgNV HQ8BAf8EBAMCBeAwDAYDVR0TAQH/BAIwADBNBgNVHREERjBEoEIGCSsGAQQBCRUC A6A1EzNDaGlwSUQ9VVFJVFVJVWpDUUt2QUFBQU0vZXFZaUF5TWlBeE16b3lOVG95 TXlCeEVxWT0wDQYJKoZIhvcNAQELBQADggEBABUb8ooyQSlPzeGllmnSFq+Riv4L 4OhNYozVxOpSThzlF07c/ql3OilTGfYA/M3VePizgYUC4q2b0jhiwz25WH9ocaO2 MWXunq8yaUIdtI/PWAAUSx3G//OkA0rCixDMg0BoHghAha2xHA+kkPNX7Gm7os34 g6BWgT+Ds8smje0mHfUcWH7HCFJgk/8GePfPGy7H5se5A2W6ZdZzuy46vReqmAL1 3pTQAepD2lkgkgBOJP9e02FQ+l+QHpaaCyx/L5pkUF7a5d6/ew7KgB5DsljNe/8x N2N6H8KrEJuZWLxbfFwsziFuya2Rd5jxZYbvYVa7D7fsrNOpnXF7RWSCFPc= -----END CERTIFICATE----- subject=serialNumber = PID:WS-C2960X-48TS-L SN:XXXXXXXXXXX, O = Cisco, OU = ACT-2 Lite SUDI, CN = "WS-C2960X-48TS-L "
This is an example of what might be found, when you search the SN and PID, in the output of the show version
CLI command.
Switch#show version <<output snipped>> Model revision number : V01 Motherboard revision number : A0 Model number : WS-C2960X-48TS-L Daughterboard assembly number : 73-14200-03 Daughterboard serial number : YYYYYYYYYYY System serial number : XXXXXXXXXXX
The device identity (PID and SN) extracted from the SUDI certificate and the output of the show version
CLI command should match.
If you detect any mismatch in the outputs from Step 2 and Step 3, contact the Technical Assistance Center (TAC) if the product is under support. If the product is not under support, fill out the Brand Protection form and our team will be in touch. They will further guide you with the counterfeit detection process.
Customers can submit their Cisco products for verification at the Cisco Buy Right Portal which offers a complimentary serial number validation on the status of products. See Buy Right–Buy Authorized Cisco for more information.
Customers can also check the labels in order to determine if a Cisco product is genuine. Cisco’s Identity Counterfeit Platform provides a means to identify key security features on the Carton Security, Printed Circuit Board Assembly (PCBA), and Module Security labels. For more information, see Identify Counterfeit and Pirated Products.
In order to learn more, see Brand Protection.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance