Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I7(3)
Use this document with documents listed in Related Documentation.
Table 1 shows the online change history of this document.
Table 1 Online History Change
September 28, 2020 |
Upgrade and Downgrade section revised. |
January 24, 2020 |
Added CSCvc95008 to Known Behaviors. |
November 15, 2019 |
Updated Limitations section for breakout issue. |
September 23, 2019 |
Added N9K-C9516-FM-E2 to Table 2. Added N9K-X9732C-FX in Table 4. |
September 16, 2019 |
Removed N9K-C9516-FM-E2 from Table 4. |
July 21, 2019 |
Updated Limitations and Table 3. |
April 23, 2019 |
Updated Transceiver Module Group URL. |
January 11, 2019 |
Updated New and Changed Information for NetFlow support. |
January 2, 2019 |
Updated the Upgrade Instructions regarding BGP EVPN into OSPF. |
December 14, 2018 |
Added Licensing Information. |
September 13, 2018 |
Updated the Upgrade Instructions regarding upgrades from Release 7.0(3)I2(2b). |
August 3, 2018 |
Updated Transceiver Matrix link. |
July 25, 2018 |
Added CSCuy08187 to Open Caveats. |
July 23, 2018 |
Added TACACS issue to the Upgrade Instructions. |
June 22, 2018 |
Added GTP load-sharing to New and Changed Information for Interfaces. |
June 15, 2018 |
Added CSCvg31939 to the Open Caveats. |
June 11, 2018 |
Updated Supported_FEX_Modules. |
May 18, 2018 |
|
May 17, 2018 |
Updated Table 3 with the correct number of fans for NXA-FAN-30CFM-B and NXA-FAN-30CFM-F. |
May 9, 2018 |
Updated the Limitations section for auto-negotiation. |
April 26, 2018 |
Updated the Limitations section for 9364C switches. |
April 20, 2018 |
Updated FEX Unsupported Features. |
March 23, 2018 |
Updated the Supported FEX Modules section. |
March 15, 2018 |
Updated New and Changed Information for Interfaces. |
March 2, 2018 |
Added CSCvg06224, CSCvg71109, CSCvh15975, and CSCvh11138 to the Caveats tables. |
February 28, 2018 |
Added CSCvd43456 to the Resolved Caveats. |
February 27, 2018 |
Updated Unsupported Features for Netflow. |
February 13, 2018 |
Updated the Downgrade Instructions. Updated the Limitations section for Microsoft NLB. |
Guidelines and Limitations for Private VLANs
Guidelines and Limitations for Fabric Extenders
Obtaining Documentation and Submitting a Service Request
Temporary licenses with an expiry date are available for evaluation and lab use purposes. They are strictly not allowed to be used in production. Please use a permanent or subscription license that has been purchased through Cisco for production purposes.
For more information, see the Cisco NX-OS Licensing Guide.
This section includes the following sections:
■ Table 2 lists the Cisco Nexus 9000 Series fabric modules
■ Table 3 lists the Cisco Nexus 9000 Series fans and fan trays
■ Table 4 lists the Cisco Nexus 9500 Series line cards
■ Table 5 lists the Cisco Nexus 9000 Series power supplies
■ Table 6 lists the Cisco Nexus 9500 Series supervisor modules
■ Table 7 lists the Cisco Nexus 9000 Series switches
■ Table 8 lists the Cisco Nexus 9000 Series uplink modules
■ Table 9 lists the Cisco Nexus 9500 Series System Controller
■ Table 10 lists the 3232C and 3264Q switch hardware
■ Table 11 lists the Cisco Nexus 3164Q switch hardware
■ Table 12 lists the Cisco Nexus 31128PQ switch hardware
Table 2 Cisco Nexus 9000 Series Fabric Modules
N9K-C9516-FM-E2 |
16-slot fabric module for -E line cards. |
4 – N9K-X97160YC-EX |
Table 3 Cisco Nexus 9000 Series Fans and Fan Trays
Fan 1 module with port-side intake airflow (burgundy coloring) |
||||
Fan 2 module with port-side intake airflow (burgundy coloring) |
||||
Fan 3 module with port-side intake airflow (burgundy coloring) |
||||
|
||||
|
||||
|
||||
|
||||
Fan module with port-side intake airflow (burgundy coloring) |
|
|||
Fan module with port-side intake airflow (burgundy coloring) |
92160YC-X |
|||
92160YC-X |
||||
|
||||
Fan module with port-side intake airflow (burgundy coloring) |
|
|||
Fan module with port-side exhaust airflow (burgundy coloring) |
1 For specific fan speeds, see the Overview section of the Hardware Installation Guide.
Table 4 Cisco Nexus 9500 Series Line Cards
Line card with 48 1/10-Gigabit SFP+ ports and 4 40-Gigabit QSFP+ uplink ports |
|||||
Line card with 48 10GBASE-T (copper) ports and 4 40-Gigabit QSFP+ ports |
|||||
Line card with 48 10GBASE-T (copper) ports and 4 40-Gigabit QSFP+ ports |
|||||
Line card with 48 1-/10-Gigabit SFP+ ports and 4 40-Gigabit QSFP+ ports |
|||||
Line card with 48 1-/10GBASE-T (copper) ports and 4 40-Gigabit QSFP+ ports |
|||||
N9K-X9732C-FX |
Line card with 32 100 Gigabit Ethernet. Each QSFP28 supports 1x100-, 2x50-, 1x40-, 4x25-, 4x10-, and 1x1/10-Gigabit Ethernet. |
4 |
8 |
16 |
N9K-C9504-FM-E |
N9K-X9788TC-FX |
Line card with 48 1-/10-G BASE-T (copper) and 4 100-Gigabit QSFP28 ports |
4 |
8 |
16 |
N9K-C9504-FM-E N9K-C9516-FM-E |
Line card with 48 10-/25-Gigabit SFP28 ports and 4 40-/100-Gigabit QSFP28 ports |
Table 5 Cisco Nexus 9000 Series Power Supplies
Table 6 Cisco Nexus 9500 Series Supervisor Modules
Table 7 Cisco Nexus 9000 Series Switches
Table 8 Cisco Nexus 9000 Series Uplink Modules
An enhanced version of the Cisco Nexus N9K-M6PQ uplink module. |
|
Cisco Nexus 9300 uplink module with 12 40-Gigabit Ethernet QSPF+ ports. |
Table 9 Cisco Nexus 9500 Series System Controller
Table 10 Cisco Nexus 3232C and 3264Q Switch Hardware
Table 11 Cisco Nexus 3164Q Switch Hardware
Table 12 Cisco Nexus 31128PQ Switch Hardware
To determine which transceivers and cables are supported by this switch, see Transceiver Module (TMG) Compatibility Matrix.
To see the transceiver specifications and installation information, see https://www.cisco.com/c/en/us/support/interfaces-modules/transceiver-modules/products-installation-guides-list.html.
For more information, see the Cisco Nexus 9000 Series Switch FEX Support page.
■ Cisco Nexus 9300 platform switches do not support FEXs on uplink modules (ALE).
This section lists the following topics:
■ New Hardware Features in Cisco NX-OS Release 7.0(3)I7(3)
■ New Software Features in Cisco NX-OS Release 7.0(3)I7(3)
Cisco NX-OS Release 7.0(3)I7(3) supports the following new hardware:
■ Cisco Nexus 9336C-FX2 (N9K-C9336C-FX2)—1-RU switch with 36 40-/100-Gb Ethernet QSFP28 ports.
■ Cisco Nexus 93240YC-FX2 switch (N9K-C93240YC-FX2)—Has 48 10-/25-Gigabit ports and 12 40-/100-Gigabit QSFP28 ports.
■ Cisco Nexus 9788TC-FX (N9K-X9788TC-FX)—Line card with 48 1-/10-Gb BASE-T ports (copper) and 4 100-Gb QSFP28 ports.
Cisco NX-OS Release 7.0(3)I7(3) supports the following new software features:
For more information, see the Cisco Nexus 9000 Series NX-OS FC NPV Configuration Guide.
For more information, see the Cisco Nexus 9000 Series NX-OS FCoE Configuration Guide, Release 7.x.
For more information, see the Cisco Nexus 2000 Series NX-OS Fabric Extender Configuration Guide for Cisco Nexus 9000 Series Switches, Release 7.x.
For more information, see the Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide, Release 7.x.
iCAM Features
■ Traffic Analytics—Support added for FIB TCAM and Layer 2 table resource utilization.
■ Fabric Modules—Support added for all fabric modules.
■ Command Outputs—The show icam command outputs have changed.
For more information, see the Cisco Nexus 9000 Series NX-OS iCAM Configuration Guide, Release 7.x.
Intelligent Traffic Director Features
■ ITD IPv6—Added IPv6 support for ITD and for ICMP and TCP device-group level probes.
For more information, see the Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide, Release 7.x.
■ ECMP Resilient Hashing—Support added for Cisco Nexus 9336C-FX, 9348GC-FXP, 9364C, 93108TC-EX, 93180LC-EX, 93180YC-EX, 93180YC-FX, 93240YC-FX2, and 93300YC-FX switches.
■ GTP load-sharing—Support added for Cisco Nexus 9300-EX platform switches.
■ QSFP 40/100-G dual-rate BiDi—Support added so that the same optic can be used to interconnect with either a 100-G or 40-G speed.
■ Source Direct Tunnel—Support added for the Cisco Nexus 9500 switch with Cisco Nexus N9K-X9700-EX and N9K-X9700-FX line cards.
For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x.
For more information, see the Cisco Nexus 9000 Series NX-OS Label Switching Configuration Guide, Release 7.x
For more information, see the Cisco NX-OS Licensing Guide.
For more information, see the Cisco Nexus 9000v Guide.
■ New NX-API REST commands have been added. The following table describes the markdown files and the name of the corresponding section in the Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference that were edited to include the Data Management Engine (DME)-ized commands made available for the 7.0(3)I7(3) release.
Section Name |
Subsection |
Additional Configuration |
Configuring POAP ■ Added commands for enabling POAP |
Configuring BGP |
Configuring an IPv4 Address Family ■ Added commands for configuring and deleting label allocations Configuring an IPv4 Labeled Unicast Address ■ Added commands for configuring and deleting: o Receive capability for additional paths o To advertise only active routes to the peer o A route map to selectively unsuppress suppressed routes o A conditioned route-map to advertise only when a prefix in condition exists o A route map for conditional advertisement o A route map to specify criteria for originating the default o A site-of-origin extended community under VRF default and IPv4 labeled unicast Configuring an IPv6 Address Family ■ Added commands for configuring and deleting: o The label allocation to all routes o The label allocation to a route map o Additional paths to install the backup path Configuring an IPv6 Labeled Unicast Address ■ Added commands for configuring and deleting: o To advertise only active routes to the peer o Receive capability for additional paths o A third-party nexthop o A route-map to selectively unsuppress suppressed routes o A conditioned route map to advertise only when prefix in condition exists o A route map for conditional advertisement o A route map to specify criteria for originating the default Configuring an IPv4 Labeled Unicast Address ■ Added commands for configuring and deleting: o Overriding route-target’s ASN field for EBGP EVPN sessions (values inherited from a peer template) o A default site-of-origin extended community (values inherited from a peer template)Configuring a Link-State Address Family Configuring a Link-State Address Family ■ Added commands for configuring and deleting target VPN extended communities Configuring a VPNv4 Unicast Address Family ■ Added commands for configuring and deleting: o Multipath for EBGP and IBGP paths o The peering address as nexthop Configuring a VPNv6 Unicast Address Family ■ Added commands for configuring and deleting: o Multipath for EBGP and IBGP paths o The peering address as nexthop |
Configuring the Clock |
Added commands for configuring: ■ The NTP clock protocol |
Configuring DHCP
|
Configuring an IPv6 DHCP Guard Policy ■ Added commands for configuring and deleting: o The maximum number for the allowed advertised server preference of an ipv6 dhcp guard policy o The minimum number for the allowed advertised server preference of an ipv6 dhcp guard policy o Trusted port (no policing) for an ipv6 dhcp guard policy
Configuring IPv6 RA Guard Policies ■ Added commands for configuring and deleting: o trusted port (no policing) for an IPv6 RA guard policy o The maximum hop limit for an IPv6 RA guard policy o The minimum hop limit for an IPv6 RA guard policy o The verification of the advertised managed address configuration flag for an IPv6 RA guard policy o The verification of the advertised other configuration flag for an IPv6 RA guard policy o Discarding RAs with a router preference greater than high Configuring IPv6 Snooping Policies ■ Added commands for configuring and deleting: o The role of the switch attached to the port for an IPv6 snooping policy o The maximum addresses per port for an IPv6 snooping policy o A list of protected prefixes to glean DHCP packets for an IPv6 snooping policy o The security level to glean addresses for an IPv6 snooping policy o Trusted port (no policing) for an IPv6 snooping policy Configuring an IPv6 Snooping Binding Table ■ Added commands for configuring and deleting: o An IPv6 snooping binding table with a VLAN interface o The maximum number of entries for an IPv6 snooping binding table o The syslog logging of binding table events The interval time between two probings |
Configuring DNS |
Added commands for configuring: ■ The name for an IPv4 host ■ The name for an IPv6 host |
Configuring Interfaces
|
Added commands for configuring and deleting: ■ A NAT pool with network mask ■ A NAT pool with prefix length |
Configuring LACP
|
Added commands for configuring and deleting: ■ The MAC address to be used for the LACP protocol exchanges (role: primary) ■ The MAC address to be used for the LACP protocol exchanges (role: secondary) Resetting to use the default VDC MAC address |
Configuring Multicast (IGMP) |
Added commands for configuring: ■ Event history buffers ■ Group membership timeout in minutes ■ The IGMP snooping timeout to never expire ports from a group membership ■ Global link-local groups suppression ■ A vPC-peer-link as static Mrouter for all VLANs ■ The max-response-time for the switch's proxy general-queries ■ Enabling loopback packet to check and drop it ■ Disabling loopback packet to check and drop it ■ To exclude a vPC peer-link for routed multicast traffic ■ The initial hold-down period after switchover or restart ■ Entering MFDM congestion-control mode ■ Exiting MFDM congestion-control mode ■ IGMPv3 report suppression and proxy reporting for the VLAN ■ Snooping for VXLAN VLANs ■ The IGMP table syslog threshold ■ The filter policy for groups mentioned in a route-map ■ IGMPv1 or IGMPv2 report suppression for a VLAN ■ The group membership timeout in minutes (Under a VLAN) ■ The IGMP snooping timeout to never expire ports from a group membership (Under a VLAN) ■ VLAN link-local groups suppression (Under a VLAN) ■ A static group membership (Under a VLAN) ■ The number of omf route entries in m2rib buffer (Under a VLAN) ■ The number of groups that could be joined per interface (Under a VLAN) ■ The maximum number of omf entries in m2rib buffer (Under a VLAN) ■ The maximum number of route entries in m2rib buffer (Under a VLAN) ■ The max-response-time for the switch's proxy general-queries (Under a VLAN) ■ Explicit host tracking for VLAN (Under a VLAN) ■ Fast leave for the VLAN (Under a VLAN) ■ The interval between group-specific query transmissions (Under a VLAN) ■ IGMPv1 or IGMPv2 report suppression for the VLAN (Under a VLAN) ■ IGMPv3 report suppression and proxy reporting for the VLAN (Under a VLAN) ■ IGMP snooping (Under a VLAN) ■ An IGMP report policy with a prefix list (Under a VLAN) ■ An IGMP report policy with a route map (Under a VLAN) ■ An IGMP access group with a prefix list (Under a VLAN) ■ An IGMP report policy with a route map (Under a VLAN) ■ Querier timeout for IGMPv2 (Under a VLAN) ■ The interval between query transmission (Under a VLAN) ■ MRT for query messages (Under a VLAN) ■ RFC defined robustness variable (Under a VLAN) ■ The number of queries sent at startup (Under a VLAN) ■ The query interval at startup (Under a VLAN) ■ The IGMP version number for VLAN (Under a VLAN) ■ Enabling snooping querier (Under a VLAN) ■ Disabling snooping querier (Under a VLAN) |
Configuring Multicast (MRIB) |
Added commands for configuring event history buffers |
Configuring Multicast (MSDP) |
Added commands for configuring event history buffers |
|
|
Configuring Multicast (NGMVPN)
|
Added commands for configuring and deleting: ■ A node as distributed-DR ■ L3-overlay SPT (Shortest-Path-Tree) |
Configuring Multicast (PIM)
|
Added commands for configuring and deleting event history buffers |
Configuring Power Modes
|
Added commands for configuring and deleting: ■ Power supply redundancy mode as combined (Forced) ■ Power supply redundancy mode as combined ■ Power supply redundancy mode as input source redundant ■ Power Su supply redundancy mode as PS redundant
|
Configuring Route Policy Manager
|
IPv4 Configuration Examples Added commands for configuring and deleting: ■ Next-hop order as per CLI configuration ■ Load sharing IPv6 Configuration Examples Added commands for configuring and deleting: ■ Next-hop order as per CLI configuration ■ Load sharing |
Configuring Static MPLS and Segment Routing |
Added sections for configuring: ■ Shutdown segment routing ■ Global block range for segment routing bindings ■ Interval for which SR will wait for SRGB cleanup ACK from clients ■ Interval for which SR will retry SRGB allocation with ULIB ■ Connected prefix segment identifier mappings ■ IPv4 address-family under connected prefix segment identifier mappings ■ IPv6 address-family under connected prefix segment identifier mappings ■ IP address for IPv4 address-family under connected prefix segment identifier mappings |
Configuring Unicast RPF |
IPv4 Configurations ■ Added commands for configuring: o The source as reachable via the interface on which a packet was received o The source as reachable via any interface with loose default route unicast reverse path forwarding IPv6 Configurations ■ Added commands for configuring and deleting: o The source as reachable via the interface on which a packet was received o The source as reachable via any interface with loose default route unicast reverse path forwarding |
Configuring VLANs |
Added commands for enabling MAC learning on all VLANs on an interface |
For more information, see the Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference.
QoS Features
For more information, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide, Release 7.x.
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x.
Software Upgrade and Downgrade Features
■ Enhanced ISSU–Added support for the Cisco Nexus 9200 and 9300-EX platform switches.
For more information, see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x.
■ NetFlow—Support added for Cisco Nexus 9336C-FX2 and 93240YC-FX2 switches.
For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 7.x.
For more information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x
■ Cisco Nexus 9348GC-FXP—Support added for the Cisco Nexus 9348GC-FXP switch.
■ QinQ-QinVNI—Support added for this tunneling feature that allows configuration of a trunk port as a multi-tag port.
For more information, see the Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x
This section includes the following topics:
■ Resolved Caveats—Cisco NX-OS Release 7.0(3)I7(3)
■ Open Caveats—Cisco NX-OS Release 7.0(3)I7(3)
■ Known Behaviors—Cisco NX-OS Release 7.0(3)I7(3)
The following table lists the Resolved Caveats in Cisco NX-OS Release 7.0(3)I7(3). Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 13 Resolved Caveats in Cisco NX-OS Release 7.0(3)I7(3)
Bug ID |
Description |
N9k - Traffic not seen on span destination if span source is FEX HIF allowing vxlan vlan |
|
N9000 drops transit BFD packets when acting as L2 switch with SVI |
|
Link not connected after OIR QSA+1G SX on N9K-C9236C re-timer ports |
|
Enh: N9500 needs syslogs for fabric CRCs like N7K |
|
After VNF deployment, nexus still sends bfd packets to old mac-address |
|
HighGig link failures seen on 16-slotter Fabric module(FM-E) during FM/LC reloads |
|
6.1(2)I1 3.5 to D+MR5 upgrade copp class alpha setting incorrect |
|
Install all should fail if TCAM isn't carved for particular feature in use |
|
Reloading vpc peer switch puts other peers vpc member ports in DESG/BLK state |
|
Cisco Nexus 3000/9000 TCP Ports Incorrectly Exposed in the Default VRF |
|
N9300-EX ECMP and port-channel hashing to include GTP TEID |
|
Need Syslog/Parser Warning Printed When NVE Source IP is Changed Without Shutting Down NVE |
|
Reload ascii with config-profiles doesn't seem to work properly on the N9K |
|
OPG SPAN descriptor drop Not Reflected In Show Queuing Interface Ethernet X/X |
|
Cannot use characters < and > together in a password |
|
Number of Ingress SUP resource not match with tcam region for FM module |
|
Right after reload, N9Ks bring up vPC member ports and send LACPDUs with local Prio/SysID |
|
N9K-C9516-FM-E 16slot: Total power allocated/Budget doesn't match sum of individual reserved power |
|
Nginx Vulnerabilities on Nexus 9000 Switches |
|
N9k VXLAN - interface nve 'host-reachability protocol bgp config' removed post upgrade |
|
Excessive PTP bad correction logging |
|
Unable to remove MAC ACE using sequence number in 7.0(3)I7(2) |
|
N9K: Upgrading from 7.0.3.I7.1 to 7.0.3.I7.2 can re-enable SSH weak ciphers |
|
93180LC-EX, 92160YC-X : Config replace fails to take effect when moving from 4c to 6c/18c. |
|
show inventory all | json missing details |
|
LC/FM reloads due to EOBC heartbeat as CPU busy servicing hrtimer |
|
N9000 pim triggered register not enabled by default |
|
N9K: empty xml output for " show interface status fex X | xml " |
|
N9000/N3000 claims mcast flow to be inactive even after receiving data |
|
statistics per-entry does not work correctly |
|
Update port sm for Inphi 100G DWDM2 XCVR |
|
Copy r s failing with sub-interfaces stuck in retry for ethpm |
|
Changing snmp pktsize to 1450 made snmpd to send 2066 bytes. |
|
IPv6 Traffic is not hitting appropriate ACL deny entries with UDF configured |
|
DHCP snooping binding table is deleted when vPC Peer receive Inform ACK |
|
FIB errors and ACL redirect allocation failed when applying PBR with reachable next hop |
|
Enabling GTPU-TEID based load-sharing for GPRS Protocol |
|
N9K [Cisco ASIC based] >> AA FEX(VPC) ; traffic loss on HIF ports after Peer-link is flapped. |
|
N9K-EX LC ports will not come up |
|
Interfaces not programmed in vlan show after vni deletion |
|
N9K exposes port FlexLM license manager use to the external on default VRF |
|
Traffic to/from Hosts attached to N9K tahoe vpc not able to communicate across GRE tunnel |
|
After upgrade to 7.0(3)I7(2), QSA port remains notconnected |
|
N9300-EX FEX Pvlan: after flap primary vlan, flood within same community ports doesn't work |
|
ptp logging level config lost after switch over |
|
snmp trap for storm-control not consistent after switch over |
|
Service "tahusd" crash with core saved |
|
vsh sessions hang leading to "Too many open files in system" |
The following table lists the open caveats in the Cisco NX-OS Release 7.0(3)I7(3). Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 14 Open Caveats in Cisco NX-OS Release 7.0(3)I7(3)
If EPLD is not latest, terminate non-disruptive ISSU |
|
Cisco Nexus 3000 Series switches take more than 10 secs to populate the S,G entry. |
|
PVLAN: Secondary VLAN traffic will not hit ACL on primary VLAN's SVI. |
|
Multicast-heavy:traffic for /64 IPv6 LPM do not work in N9300-EX post ISSU(7.0(3)I6(1)->7.0(3)I7(2)) |
|
VRRP3 fails when enabled as part of CR |
|
ISSU ND or disruptive upgrade from 7.0(3)I7(1) any I7(2),I7(3),I7(4) rel conf appended with no-alias |
|
After reload license is not checked out despite having "port-license acquire" cli under port. |
|
configure replace fails if macsec policy is associated with an interface |
|
After uninstalling feature-set mpls, the configuration replace feature fails. |
|
PostND-ISSU from G to Gplus: PPF inconsistency in PBR policy |
The following known behaviors are in this release.
Table 4 Known Behaviors in Cisco NX-OS Release 7.0(3)I7(3)
Bug ID |
Description |
On Cisco Nexus 9300-EX, 9348GC-FXP, 93108TC-FX, 93180YC-FX, 9336C-FX2, and 93240YC-FX2 switches, when 802.1q EtherType has changed on an interface, the EtherType of all interfaces on the same slice will be changed to the configured value. This change is not persistent after a reload of the switch and will revert to the EtherType value of the last port on the slice. |
</nf:source> <============nf: is extra
<namespace> : extra characters are seen with XML and JSON from NX-API.
To perform a software upgrade or downgrade, follow the instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x.
For information about an In Service Software Upgrade (ISSU), see the Cisco NX-OS ISSU Support application.
Note: Upgrading from Cisco NX-OS 7.0(3)I1(2), 7.0(3)I1(3), or 7.0(3)I1(3a) requires installing a patch for Cisco Nexus 9500 platform switches only. For more information on the upgrade patch, see Upgrade Patch Instructions.
This section lists limitations related to Cisco NX-OS Release 7.0(3)I7(3).
■ Due to the design of airflow, back-to-front fans requires fan speed to be run at full speed all the time. You might also see fan speeds increase from 40% to 70% post-upgrade. This applies to the following PIDs: N9K-C9272Q, N9K-C9236C, N9K-C93180YC-FX, N9K-C93180TC-FX, N9K-C9364C, N9K-C9336C-FX2. This change is made as of cisco NX-OS Release 7.0(3)I7(3). If your PID is not listed, please contact Cisco TAC for additional verification.
■ Auto-negotiation is not supported on 25-G Ethernet transceiver modules on Cisco Nexus 9200 and 9300-FX platform switches, and Cisco Nexus 9500 platform switches that use N9K-X9700-EX line cards.
■ On the Cisco Nexus 9364C switches, auto-negotiation might not work on ports 49-64 when bringing up 100G links using the QSFP-100G-CR4 cable. The workaround for this issue is that you must hard code the speed on ports 49-64 and disable auto-negotiation.
■ Software streaming telemetry does not support the TCP protocol. The tcp option is displayed in the Help text, but is not accepted during configuration.
■ Autonegotiation (40 G/100 G) and 1 Gb with QSA is not supported on the following ports:
o Cisco Nexus 9336C-FX2 switch: ports 1-6 and 33-36
o Cisco Nexus 9364C switch: ports 49-66
o Cisco Nexus 93240YC-FX2 switch: ports 51-54
o Cisco Nexus 9788TC line card: ports 49-52
NOTE: Peer speed must be set when using coper cables on these ports.
■ We recommend using multicast heavy template for optimal bandwidth utilization when using multicast traffic flows.
■ IPv6 multicast is not supported on Cisco Nexus 9500 platform switches.
■ Multicast heavy template is recommended for optimal bandwidth utilization when using multicast traffic flows.
■ The following features are not supported on the Cisco Nexus 9364C switch.
o 100 G port cannot support breakout (HW limitation)
■ If the speed group is configured, the default interface command displays the following error:
Error: default interface is not supported as speed-group is configured
■ Line rate cannot be sustained across all 36 ports on the 9736C-EX line card.
■ Q-in-VNI has the following limitations:
switch (config-if-nve)# no overlay-encapsulation vxlan-with-tag
!Command: show running-config interface nve1
!Time: Wed Jul 20 23:26:25 2016
host-reachability protocol bgp
member vni 900001 associate-vrf
o Single tag is not supported on Cisco Nexus 9500 platform switches; only double tag is supported.
■ Configuration replace has following limitations:
o Rollback is not supported in the context of auto configurations. Checkpoints do not store auto configurations. Therefore, after a rollback is performed, the corresponding auto configurations will not be present.
o The configuration replace feature is not supported on port profiles that are inherited on the switch interfaces.
o The configuration replace feature is not supported on switches that include FEX modules.
o The configuration replace feature is not supported for breakout interface configurations.
o The configuration replace feature is supported only for the configure terminal mode commands. The configure profile, configure maintenance mode, configure jobs, and any other modes are not supported.
o The configuration replace feature can fail if there is a change in the macsec policy between the running configuration and the user provided configuration, the configuration replace operation can fail. However, you can add or delete the macsec policy.
o The configuration replace feature is not supported on the hardware profile portmode feature on Cisco
Nexus C92160YC-X (N9K-C93180LC-EX) and Cisco Nexus C93180LC-EX (N9K-C93180LC-EX) switches.
o The configuration replace feature is not supported for the VRRPv3 feature.
■ Resilient hashing (port-channel load-balancing resiliency) and VXLAN configurations are not compatible with VTEPs using ALE uplink ports. Please note that resilient hashing is disabled by default.
■ hardware profile front portmode command is not supported on the Cisco Nexus 9000 Series switches.
■ PV (Port VLAN) configuration through an interface range is not supported.
■ neighbor-down fib-accelerate command is supported in a BGP-only environment.
■ PortLoopback and BootupPortLoopback tests are not supported.
o no speed–Auto negotiates and advertises all speeds (only full duplex).
o speed 1000–Auto negotiates and advertises pause (advertises only for 1000 Mbps full duplex).
■ TCAM resources are not shared when:
o Applying VACL (VLAN ACL) to multiple VLANs
o Routed ACL (Access Control List) is applied to multiple SVIs in the egress direction
■ The following switches support QSFP+ with the QSFP to SFP/SFP+ adapter (40 Gb to 10 Gb):
o N9K-C93180YC-FX
■
Note: The Cisco Nexus 9300 platforms support for the QSFP+ breakout has the following limitations:
■ 1 Gb with QSFP-to-SFP Adapter is not supported.
■ For the Cisco Nexus 9332PQ switch, all ports except 13-14 and 27-32 can support breakout.
■ The following switches support the breakout cable (40 Gb ports to 4x10-Gb ports):
o N9K-C93180LC-EX—last four ports are breakout capable (10x4, 24x4, 50x2)
o N9K-X9732C-FX line card
■ Weighted ECMP (Equal-Cost Multi-Path) is not supported on the Cisco Nexus 9000 Series switches.
■ Limitations for ALE (Application Link Engine) uplink ports are listed at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/ale_ports/b_Limitations_for_ALE_Uplink_Ports_on_Cisco_Nexus_9000_Series_Switches.html
This section provides guidelines and limitations for configuring private VLANs.
■ Secondary and Primary VLAN Configuration
■ Private VLAN Port Configuration
■ Limitations with Other Features
For more information, see the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide.
Private VLANs have the following configuration guidelines and limitations:
■ Private VLANs must be enabled before the device can apply the private VLAN functionality.
■ VLAN interface feature must be enabled before the device can apply this functionality.
■ PVLANs support port modes as follows:
■ PVLANs are mapped or associated depending on the PVLAN trunk mode.
■ PVLANs support the following:
¯ PACLs (Port Access Control Lists)
¯ PVLAN across switches through a regular trunk port
¯ RACLs (Router Access Control Lists)
■ PVLANs support SVIs as follows:
¯ HSRP (Hot Standby Router Protocol) on the primary SVI
¯ Primary and secondary IPs on the SVI
¯ SVI allowed only on primary VLANs
■ PVLANs support STP as follows:
¯ MST (Multiple Spanning Tree)
¯ RSTP (Rapid Spanning Tree Protocol)
■ PVLANs port mode is not supported on the following:
¯ 40-Gb interfaces of the Cisco Nexus ALE ports on Cisco Nexus 9300 platform switches.
■ PVLANs do not provide support for the following:
¯ DHCP (Dynamic Host Channel Protocol) snooping
¯ IP multicast or IGMP snooping
¯ SPAN (Switch Port Analyzer) when the source is a PVLAN VLAN
■ For more details, see the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide.
Follow these guidelines when configuring secondary or primary VLANs in private VLANs:
■ VLAN configuration (config-vlan) mode must be used to configure PVLANs.
■ For normal trunk ports, note the following:
¯ Separate instances of STP exist for each VLAN in the private VLAN.
¯ STP parameters for the primary and all secondary VLANs must match.
¯ Primary and all associated secondary VLANs should be in the same MST instance.
■ For PVLAN isolated trunk ports, note the following:
■ Before configuring a VLAN as a secondary VLAN, you must shut down the VLAN network interface for the secondary VLAN.
Follow these guidelines when configuring private VLAN ports:
Consider these configuration limitations with other features when configuring PVLAN:
■ After configuring the association between the primary and secondary VLANs:
¯ Static MAC addresses for the secondary VLANs cannot be created.
¯ Dynamic MAC addresses that learned the secondary VLANs are aged out.
■ In PVLANs, STP controls only the primary VLAN.
■ PVLAN host or promiscuous ports cannot be SPAN destination ports.
■ PVLAN ports can be configured as SPAN source ports.
■ vPC pairing between T2 and TH platforms is not recommended.
■ Post-routed flood is not supported.
■ The configuration is purged when:
o Straight-through FEXs are converted to dual-homed
o Dual-homed FEXs are converted to Straight-through.
There are two cases for dual-home to straight-through conversion:
For more information, see the Cisco Nexus 2000 Series NX-OS Fabric Extender Configuration Guide for Cisco Nexus 9000 Series Switches, Release 7.x.
Notes regarding unsupported features:
■ Cisco Nexus 3232C and 3264Q Switches
■ Cisco Nexus 9200, 9300-EX, and 9300-FX Platform Switches
■ Cisco Nexus 9408 Line Card and 9300 Series Switches
■ Cisco Nexus 9732C-EX Line Card
■ VXLAN
The following features are not supported for the Cisco Nexus 3232C and 3264Q switches:
■ 3264Q and 3232C platforms do not support the PXE boot of the NX-OS image from the loader.
■ Automatic negotiation support for 25-Gb and 50-Gb ports on the Cisco Nexus 3232C switch
■ Cisco Nexus 2000 Series Fabric Extenders (FEX)
■ DHCP subnet broadcast is not supported
■ Due to a Poodle vulnerability, SSLv3 is no longer supported
■ Intelligent Traffic Director (ITD)
■ Enhanced ISSU. NOTE: Check the appropriate guide to determine which platforms support Enhanced ISSU.
■ PIM6
■ Virtual port channel (vPC) peering between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 9300 platform switches or between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 3100 Series switches
The following features are not supported for the Cisco Nexus 9200 platform switches and the Cisco Nexus 93108TC-EX and 93180YC-EX switches:
■ Cisco Nexus 9272PQ and Cisco Nexus 92160YC platforms do not support the PXE boot of the NXOS image from the loader.
■ ACL filters to span subinterface traffic on the parent interface
■ Egress QoS policer is supported on the Cisco Nexus 9300-EX and 9300-FX platform switches. It is not supported on the Cisco Nexus 9200 platform switch. The only policer action supported is drop. Remark action is not supported on egress policer.
■ FEX (supported for Cisco Nexus 9300-EX platform switches but not for Cisco Nexus 9200 platform switches.)
■ GRE v4 payload over v6 tunnels
■ IP-in-IP on Cisco Nexus 92160 switch
■ ISSU enhanced is not supported on the Cisco Nexus 9300-FX platform switch.
■ Layer 2 Q-in-Q is supported only on Cisco Nexus 9300-EX platform switches (93108TC-EX and 93180YC-EX) and Cisco Nexus 9500 platform switches with the X9732C-EX line card.
■ MTU (Multi Transmission Unit) checks for packets received with an MPLS header
■ NetFlow is not supported on Cisco Nexus 9200 platform switches. It is supported on Cisco Nexus 9300-EX and 9300-FX platform switches.
■ Packet-based statistics for traffic storm control (only byte-based statistics are supported)
■ PVLANs (supported on Cisco Nexus 9300 and 9300-EX platform switches but not on Cisco Nexus 9200 platform switches)
■ Q-in-VNI is not supported on Cisco Nexus 9200 platform switches. Beginning with Cisco NX-OS Release 7.0(3)I5(1), Q-in-VNI is supported on Cisco Nexus 9300-EX platform switches.
■ Q-in-Q for VXLAN is not supported on Cisco Nexus 9200 and 9300-EX platform switches
■ Q-in-VNI is not supported on Cisco Nexus 9200 platform switches (supported on Cisco Nexus 9300-EX platform switches)
■ Resilient hashing for ECMP on the Cisco Nexus 9200 platform switches.
■ Resilient hashing for port-channel
■ Rx SPAN for multicast if the SPAN source and destination are on the same slice and no forwarding interface is on the slice
■ SVI uplinks with Q-in-VNI are not supported with Cisco Nexus 9300-EX platform switches
■ Traffic storm control for copy-to-CPU packets
■ Traffic storm control with unknown multicast traffic
■ Tx SPAN for multicast, unknown multicast, and broadcast traffic
■ VACL redirects for TAP aggregation
The following features are not supported for the Cisco Nexus 9500 platform N9K-X9408PC-CFP2 line card and Cisco Nexus 9300 platform switches with generic expansion modules (N9K-M4PC-CFP2):
■ FEX (this applies to the N9K-X9408PC-CFP2 and –EX switches, not all Cisco Nexus 9300 platform switches)
■ MCT (Multichassis EtherChannel Trunk)
■ PTP (Precision Time Protocol)
■ PVLAN (supported on Cisco Nexus 9300 platform switches)
■ Shaping support on 100g port is limited
■ SPAN destination/ERSPAN destination IP
The following features are not supported for Cisco Nexus 9508 switches with an N9K-X9732C-EX line card:
■ IPv6 support for policy-based routing
■ SPAN port-channel destinations
DHCP subnet broadcast is not supported.
■ Cisco Nexus 9300 platform switches do not support FEX on uplink modules (ALE).
■ FEX is supported only on the Cisco Nexus 9332PQ, 9372PX, 9372PX-E, 9396PX, 93180YC-EX, and 9500 platform switches (FEX is not supported on the N9K-X9732C-EX line card, and Cisco Nexus 9200 platforms).
■ FEX vPC is not supported between any model of FEX and the Cisco Nexus 9500 platform switches as the parent switches.
■ IPSG (IP Source Guard) is not supported on FEX ports.
■ VTEP connected to FEX host interface ports is not supported.
■ FEX Layer 3 is not supported on the Cisco Nexus 2348TQ-E fabric.
The following lists other features not supported in the current release:
■ Cisco Nexus 9300 platform switches do not support the 64-bit ALPM routing mode.
■ Due to a Poodle vulnerability, SSLv3 is no longer supported.
■ IPSG is not supported on the following:
¯ The last six 40-Gb physical ports on the Cisco Nexus 9372PX, 9372TX, and 9332PQ switches
¯ All 40G physical ports on the Cisco Nexus 9396PX, 9396TX, and 93128TX switches
This section lists PVLAN features that are not supported.
· PVLAN PO/VPC PO is not supported on Cisco Nexus N9K-X9632PC-QSFP100, N9K-X9432C-S.
This section lists VXLAN features that are not supported.
■ Consistency checkers are not supported for VXLAN tables.
■ DHCP snooping and DAI features are not supported on VXLAN VLANs.
■ IPv6 for VXLAN EVPN ESI MH is not supported.
■ Native VLANs for VXLAN are not supported. All traffic on VXLAN Layer 2 trunks needs to be tagged.
■ QoS buffer-boost is not applicable for VXLAN traffic.
■ QoS classification is not supported for VXLAN traffic in the network-to-host direction as ingress policy on uplink interface.
■ Static MAC pointing to remote VTEP (VXLAN Tunnel End Point) is not supported with BGP EVPN (Ethernet VPN).
■ TX SPAN (Switched Port Analyzer) for VXLAN traffic is not supported for the access-to-network direction.
■ VXLAN routing and VXLAN Bud Nodes features on the 3164Q platform are not supported.
■ The following ACL related features are not supported:
■ Egress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the access-to-network direction (encapsulated path).
■ Ingress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the network-to-access direction (decapsulated path).
The entire Cisco Nexus 9000 Series NX-OS documentation set is available at the following URL:
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/tsd-products-support-series-home.html
The Cisco Nexus 3164Q Switch - Read Me First is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3164/sw/6x/readme/b_Cisco_Nexus_3164Q_Switch_Read_Me_First.html
The Cisco Nexus 31128PQ Switch - Read Me First is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus31128/sw/readme/b_Cisco_Nexus_31128PQ_Switch_Read_Me_First.html
The Cisco Nexus 3232C/3264Q Switch - Read Me First is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3232and3264/sw/7x/readme/b_Cisco_Nexus_3232C_and_3264Q_Switch_Read_Me_First.html
The Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference is available at the following URL:
https://developer.cisco.com/site/nx-os/docs/n3k-n9k-api-ref/
The Cisco NX-OS Supported MIBs URL:
ftp://ftp.cisco.com/pub/mibs/supportlists/nexus9000/Nexus9000MIBSupportList.html
The Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes, Release 7.0(3)I7(3) is available at the following URL.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/epld_rn/guide/nxos_n9K_epldRN_703i73.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/scalability/guide_703I73/b_Cisco_Nexus_9000_Series_NX-OS_Verified_Scalability_Guide_703I73.html
To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com. We appreciate your feedback.
For information on obtaining documentation and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
https://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Open a service request online at:
https://tools.cisco.com/ServiceRequestTool/create/launch.do
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I7(3)