Clearing The Key-Ex-Fail Alarm - Cisco NCS 2000 series Troubleshooting Manual

Alarm Troubleshooting
Note The KEY-EX-FAIL alarm is raised on the trunk port. However, there is no correlation with the OTN alarms
that are raised on the trunk.
This alarm may be raised during these scenarios:
• A loss of signal on a fibre that may occur during key exchange. This results in failure of master key
• Bit errors on the line during key exchange.
• Incorrect configuration of destination IP address, destination port or both in Provisioning > Encryption >
• Card authentication enabled on one end and disabled on the other end.

Clearing the KEY-EX-FAIL Alarm

Before you begin
You must have Security user or Security super user privileges to clear the alarm.
Step 1 Ensure that there are no alarms on the client or trunk ports. This is because a loss of synchronization in the client port
may result in an AIS in the trunk port, which in turn cascades on the TLS.
Step 2 Reset the master key from CTC:
a) In node view (single shelf mode), or shelf view (multi-shelf mode), double-click the WSE card for which you want
to reset the master key.
b) Go to Provisioning > Encryption > Key Management.
c) Click the Reset Master Key button for the port to reset the master key.
d) Click Apply.
If the troubleshooting procedure does not clear the alarm, log into the Technical Support Website at
http://www.cisco.com/c/en/us/support/index.html
report the problem.
KEY-WRITE-FAIL
Default Severity: Major (MJ)
Logical Object: TRUNK (OTU)
The Key Write Failure alarm is raised on the OTU trunk port in the WSE card. This alarm is raised when the
programming of the key to the crypto FPGA fails.
exchange.
GCC2 Settings in CTC.
or call the Cisco Technical Assistance Center (1 800 553-2447) to
Cisco NCS 2000 series Troubleshooting Guide, Release 11.0
Clearing the KEY-EX-FAIL Alarm
247