Hi All,
We are doing tech-refresh from old model 4800 firewall to model 6600 Plus quantum security gateway.
The 4800 has a running 10G Nic card(sku:CPAC-2-10F) installed with two short-range(SR) SFP+ transceivers(sku:CPAC-TR-10SR). Meanwhile, 6600 Plus quantum security gateway has comes along with 4 Port 10GBase-F SFP+ interface card(sku:CPAC-4-10F-C) and 4x 10G SR SFP+ Transceivers(sku:CPAC-TR-10SR-C).
When we migrated/cut over the fiber cable from 4800 firewall to 6600 Plus quantum gateway. One of the 10g transceiver is not blinking, it is showing link down in clish mode "show interface eth1-01", while another 10g transceiver is working. Remarks, these two 10g fiber interface is not bonded and it is two separate 10g interface with their own ip address.
Troubleshooting steps taken:
-eliminated the possibility of transceiver hardware issue by testing with 10g Fiber loopback cable.
-tried plug the "problematic" fiber cable into the other 3 x 10g fiber transceiver of 6600 Plus gateway, none of them is working.
-set interface eth1-01 state on and off, no work also.
-switch on and off of admin state of peer port in core switch, no work.
-reboot the 6600 Plus gateway, does not help.
-Out of no choice, we plugged in the transceiver(sku:CPAC-TR-10SR) of 4800 firewall into 6600 Plus gateway, followed connect it with fiber cable, the 10g interface is blinking and I can ping into that interfaces as well means it is working.
-Auto-negotiation is off at checkpoint and core switch N7K.
-Driver of 10g nic is i40e as shown in below:
[Expert@HTV-F-1141:0]# ethtool -i eth1-01
driver: i40e
version: 2.10.19.82
firmware-version: 6.80 0x8000a368 0.0.0
expansion-rom-version:
bus-info: 0000:01:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes
-below is the output of ethtool when it is working with CPAC-TR-10SR transceiver:
Settings for eth1-01:
Supported ports: [ FIBRE ]
Supported link modes: 1000baseX/Full
10000baseSR/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 1000baseX/Full
10000baseSR/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: 10000Mb/s
Duplex: Full
Port: FIBRE
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
Supports Wake-on: g
Wake-on: g
Current message level: 0x0000000f (15)
drv probe link timer
Link detected: yes
-below is the output of ethtool when it is no blinking with CPAC-TR-10SR-C transceiver:
Settings for eth1-01:
Supported ports: [ FIBRE ]
Supported link modes: 1000baseX/Full
10000baseSR/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 1000baseX/Full
10000baseSR/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: Unknown!
Duplex: Unknown! (255)
Port: FIBRE
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
Supports Wake-on: g
Wake-on: g
Current message level: 0x0000000f (15)
drv probe link timer
Firmware version is R81 with jhf take 81. below is output of cpinfo -y all:
[Expert@HTV-F-1141:0]# cpinfo -y all
This is Check Point CPinfo Build 914000227 for GAIA
[IDA]
No hotfixes..
[MGMT]
HOTFIX_R81_JUMBO_HF_MAIN Take: 81
[CPFC]
HOTFIX_TEX_ENGINE_R81_AUTOUPDATE
[FW1]
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_R81_JUMBO_HF_MAIN Take: 81
HOTFIX_GOT_TPCONF_AUTOUPDATE
HOTFIX_TEX_ENGINE_R81_AUTOUPDATE
FW1 build number:
This is Check Point's software version R81 - Build 037
kernel: R81 - Build 037
[SecurePlatform]
HOTFIX_ENDER_V17_AUTOUPDATE
HOTFIX_R81_JUMBO_HF_MAIN Take: 81
[PPACK]
HOTFIX_R81_JUMBO_HF_MAIN Take: 81
[CPinfo]
No hotfixes..
[AutoUpdater]
No hotfixes..
[DIAG]
No hotfixes..
[CVPN]
HOTFIX_R81_JUMBO_HF_MAIN Take: 81
[CPUpdates]
BUNDLE_ENDER_V17_AUTOUPDATE Take: 18
BUNDLE_CPSDC_AUTOUPDATE Take: 21
BUNDLE_HCP_AUTOUPDATE Take: 58
BUNDLE_CPVIEWEXPORTER_AUTOUPDATE Take: 26
BUNDLE_CPOTELCOL_AUTOUPDATE Take: 22
BUNDLE_R80_40_MAAS_TUNNEL_AUTOUPDATE Take: 49
BUNDLE_R81_JUMBO_HF_MAIN Take: 81
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 111
BUNDLE_TEX_ENGINE_R81_AUTOUPDATE Take: 14
[CPDepInst]
No hotfixes..
[CPotelcol]
HOTFIX_OTLP_GA
[CPviewExporter]
HOTFIX_OTLP_GA
[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE
[cpsdc_wrapper]
HOTFIX_CPSDC_AUTOUPDATE
Questions:
1)Is the SFP+ transceiver CPAC-TR-10SR compatible with 6600 Plus gateway practically? I know 6600 Plus gateway only supported with transceiver CPAC-TR-10SR-C based on datasheet.
2)Thinking to give a try to force speed to 10G at peer core switch port. Currently is auto speed and auto duplex as per uploaded screenshot. Will it help?
3)Does anyone faced the similar weird experience?
Thanks.