Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I7(8)
This document describes the features, caveats, and limitations of Cisco NX-OS Release 7.0(3)I7(8) software for use on the following switches:
■ Cisco Nexus 9000 Series
■ Cisco Nexus 31128PQ
■ Cisco Nexus 3164Q
■ Cisco Nexus 3232C
■ Cisco Nexus 3264Q
For more information, see Related Content.
Date |
Description |
September 29, 2020 |
Upgrade and Downgrade section revised. |
June 30, 2020 |
Added CSCvu20429 to Open Issues. |
March 10, 2020 |
Added CSCvr09175 and CSCvr14976 to the Resolved Issues. |
March 5, 2020 |
Added EPLD Release Notes to New Documentation. |
March 4, 2020 |
Cisco NX-OS Release 7.0(3)I7(8) became available. |
ECMP Load Balancing |
Support added for configuring the ECMP load-sharing algorithm based on inner NVGRE header. For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x. |
Enabling syslog messages to account link level pause frames |
Support to enable syslog messages to account all the incoming global and link level pause frames. For more informatin, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide, Release 7.x. |
Enabling syslog messages to account packet drops |
Support to enable syslog messages to account packet drops on multicast queues for no-drop class. For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x. |
Interface Port Channel |
Added support to select the configuration a port channel and then apply that configuration to the member ports of all the configured port channels using the interface port-channel all command. For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x. |
Link Layer Discovery Protocol (LLDP) Multi-Neighbor Support on Interfaces |
Support for up to three (3) neighbors per interface. For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 7.x. |
Link Layer Discovery Protocol (LLDP) Multi-Neighbor Support on Port Channels |
Support on LLDP on interface port channels. For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 7.x. |
Link Layer Flow Control (LLFC) Watchdog |
Support for reacting to LLFC packets on a PFC-enabled interface by shutting the no-drop queue until a timer resets it. For more informatin, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide, Release 7.x. |
MACsec |
Added support for MACsec on Cisco Nexus N9K-X9732C-FX line card. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x. |
SSH Algorithm Support |
The ssh ciphers and ssh kexalgos commands were modified. The aes256-gcm keyword was added to the ssh ciphers command and ecdh-sha2-nistp384 keyword was added to the ssh kexalgos command. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x. |
There are no new hardware featues in this release.
Headline: Config change of deleting cast-group and enabling IR under member VNI, fails Symptoms: On NVE1, config change of deleting mcast-group and enabling IR under member VNI, fails. Workarounds: Wait for a while after deleting mcast-group, and then enable IR under member VNI. |
|
Headline: MTS leak on VTP when vlan creation with more than supported range is tried with RSTP Symptoms: Create large set of VLANs -> command fails with following message: ERROR: VLAN creation failed : Maximum vlan limit(507) reached for RSTP mode System side - mts leak is observed for MTS_OPC_VLAN_MGR_VLAN_CREATED in VTP queue. Workarounds: Move to config-vlan mode using existing VLAN in system and then enter the exit command. |
|
Headline: Port-channel ECN marked packets statistics is incorrect on show policy-map int detail Symptoms: Port-channel ECN marked packets statistics is incorrect on show policy-map int detail Workarounds: Use the "show queuing" or "show queuing tabular" commands to check the counter. |
|
Headline: SSO is causing heavy permanent traffic drop && lot of v4, v6 adjacencies are tentative Symptoms: Traffic drop due to adjacencies are not learned after multiple SSOs Workarounds: Clearing MAC will resolve the issue |
|
Headline: n9k - VXLAN - L3 traffic incorreclty policed when CIR is reached Symptoms: VXLAN - L3 traffic is incorrectly policed when CIR is reached Workarounds: None |
|
Headline: Multicast traffic forwarded with TTL 0 Symptoms: Multicast traffic forwarded with TTL 0 Workarounds: None |
|
Headline: interface port-channel all fails when sub interfaces present Symptoms: interface port-channel all fails Workarounds: Remove all sub interfaces from running config |
|
Headline: While doing ND ISSU from GMR6 to GMR7 on vPC primary seeing momentary traffic loss Symptoms: While doing ND ISSU from GMR6 to GMR7.44 on Cisco Nexus 9500 platform swtiches (vPC Primary) seeing momentary unicast traffic loss. Workarounds:N/A |
|
Headline: Need to add config check for LLDP port-channel feature on vPC, FEX Pos Symptoms: When an LLDP port channel is enabled on a port channel which is configured later for vPC or FEX , the LLDP multiple neighbor feature might not work as expected. Workarounds: Disable the LLDP feature and re-enable the LLDP feature. Add back any non-default LLDP configuration that might have been present earlier on the switch. |
|
Headline: 3 msec packet loss on port-channel member down for flows hashing to non-impacted member port Symptoms: sub-second packet loss on port-channel member down for flows hashing to non-impacted member port Workarounds: None |
|
Headline: First Generation N9K: Pvlan l2 traffic drop observed after remove and reconfiguring Pvlan Symptoms: Traffic and other control traffic get dropped in this port. CC will fail for this port. Workarounds: Interface flap will recover the port from issue state. |
|
Headline: Reload ASCII causes source IP as 0x0 Symptoms: Analytics FT records will be dropped as the source address of packet will be 0x0. Workarounds: Unconfigure and reconfigure the FT analytics configuration |
|
Headline: QoS:Queue dropped pkts not updated for QOS group 0/7 in sh policy-map int eth x/x type queuing Cli Symptoms: The drop stats for last two data queues in queuing policy are not displayed in "show policy interface Ethernet <intf> type queuing" cmd on Nexus3000. Workarounds: Drop stats for all queues can be seen with this command instead: show queuing interface eth <intf>. |
|
Headline: PCIE error seen on 9364 in syslog Symptoms: PCIE Correctable error messages seen in syslog Workarounds: None |
|
Headline: Storm control commands broadcast/muliticast added to interface configs after non disruptive ISSU Symptoms: After multiple non disruptive ISSUs, the following commands were added to the interface configuration causing complete connectivity issues. For instance, non-disruptive ISSU was performed as below versions and all L2/L3 interfaces were added with below commands. I7.0(3)I4(1) > 7.0(3)I7(7)> 7.0(3)I7(8) interface Ethernet1/17 Workarounds: Reconfigure the same commands on effected ports and then remove it as indicated below. configure terminal config t Or Write erase and reapply the original configurations. |
Bug ID |
Description |
Headline: Need support for DOM on FEX HIF ports |
|
Headline: eth_port_channel core ended in loader> after wr era + copy cfg start + boot build 466 |
|
Headline: Increased CPU usage for nsusd process (25%) |
|
Headline: vPC setup: after reload, seeing ETHPORT-3-IF_ERROR_VLANS_REMOVED console logs per VLAN In a fully scaled setup, we would see around 4k error messages scrolling on console. Fix: Created a single error message for all VLANs that are suspended. Displayed it as VLAN_LIST. |
|
Headline: NVE may not show up as CFS application after reload/bootup - OVSDB setup may observe no VNI hashed replication list on vPC secondary due to no BFD sync possible. - VLAN consistency check may fail with VXLAN multi-homing setup (no vPC) Add overlay feature: |
|
Headline: Nexus 9000: L2 QOS TCAM resources not released when policy-map applied with and without "no-stats" Symptoms: On a Nexus 9000 device, if a QoS policy is applied to an interface with the "no-stats" keyword (which enables label sharing) after it was previously applied without the "no-stats" keyword, the QoS policy uses the same amount of TCAM resources as it normally would without the "no-stats" keyword. Workarounds: No known non-disruptive workaround is known for this issue at this time. Reloading the Nexus 9000 device with "no-stats" keyword configuration in place will cause TCAM resources to be correctly allocated after the device comes back online. |
|
Headline: bgp nxos: not able to delete "advertisement-interval" when inheritance is configured |
|
Headline: Vsh crash with frequent executing show logging onboard exception-log # sh cores VDC Module Instance Process-name PID Date(Year-Month-Day Time) --- ------ -------- --------------- -------- ------------------------- |
|
Headline: [NBM] mrib refreshing routes and takes around 1hr to age out 50 flows |
|
Headline: PTP auto-log creation is failing when high clock corrections occur 2019 Mar 22 15:06:16 %USER-0-SYSTEM_MSG: Not able to create logfile /bootflash/ptp/auto_ptp_dbg_log_1.log, err 2(No such file or directory) - please remove/rename file ptp under /bootflash, check diskspace etc. - ptp |
|
Headline: tahusd process crash after enabling QSA/SFP(+) interface in the unsupported configuration `show logging nvram` %$ VDC-1 %$ %SYSMGR-SLOT1-2-SERVICE_CRASHED: Service "tahusd" (PID 30508) hasn't caught signal 11 (core will be saved). 1) Use a Cisco-branded SFP in the QSFP |
|
Headline: Irvine : vsh core seen in steady state with traffic running [without any triggers] |
|
Headline: Evaluation of n9k-standalone-sw for Intel 2019.1 QSR - MDS CVE-2018-12127 -- Microarchitectural Load Port Data Sampling (MLPDS) Cisco has reviewed this product and concluded that it is affected by this vulnerability. Fixed software information will be updated as part of this Release Note Enclosure. >> Disable access to the host shell by configuring "no feature bash" If any shell access mentioned in the 'Conditions' section is required, make sure the user does not run code/binary software from untrusted 3rd parties. |
|
Headline: Tunnels have zero outer SrcIp/SMAC or encapped traffic blackholed after destination adjacency change or tunnel encapsulated data plane traffic is blackholed, for example. not seen in SPAN, due to tunnel HW programming with Dest MAC 00:00:00:00:00:00 |
|
|
Headline: config-replace show patch shows " switchport access vlan 1 " additionally to the actual patch Symptoms: switch(config-if)# configure replace bootflash:rollback.cfg show-patch Version match between user file and running configuration. Pre-check for User config PASSED <SNIP> interface Ethernet1/4 switchport access vlan 1 <<<<<<<<<<<<<<<<<<<<<<< interface Ethernet1/5 Workarounds: NA |
Headline: N9K: mrouter port is not created dynamically based on dummy PIM Hellos from OTV ED Symptoms: Despite the OTV, ED sends the dummy PIM hellos out the site internal interface and the Cisco Nexus 9000 Series switch receives them on inband. The IGMP Snooping process is not aware of them and so it doesn't dynamically create the mrouter port towards the OTV ED in question. Workarounds: Configure the port towards OTV ED as static mrouter port:vlan configuration 11 ip igmp snooping mrouter interface eth1/1 |
|
Headline: SAN-PO from NPV N9k to an FC switch will not come up |
|
Headline: N9K-EX : no shut of admin down port leads to fatal error in device DEV_SUGARBOWL_ASIC error message 2018 Nov 16 12:33:00.348 Nexus9K %PLATFORM-5-MOD_STATUS: Module 4 current-status is MOD_STATUS_ONLINE/OK |
|
Headline: DHCP request with BCAST flag set might result in control plane failure Workarounds: Don't mismatch the set qos-group and set cos values. If traffic is set to a specific QoS group, set the cos value of that traffic to the same number. |
|
Headline: Cisco Nexus 9000 Series switches encapsulate with incorrect/null source IP address and MAC address +++ A null (0.0.0.0) or incorrect source IP address +++ A null (0000.0000.0000) or incorrect source MAC address. As a result, the switch on the remote end of the tunnel discards the incorrectly-encapsulated packets on ingress, since they do not appear to be coming from the correct switch. |
|
Headline: RMAC in L2RIB points to the wrong NH despite URIB having the correct information In contrast, the URIB has the correct information (both L2RIB and URIB are getting the next hop from BGP). Depending on the topology, this might cause severe packet loss or total traffic blackhole. 1. Flap the L3 VLAN having the spurious RMAC. This will flush out the wrong entries from L2RIB. |
|
Headline: Link flap might cause the port to go down Topo: All e1/1-e1/6 configured 40G breakout to 10G on both N9Ks. Problem description: |
|
Headline: multisite routed traffic is not decapsulated if uplink b/w Leaf and BGW is front panel port Bridged and routed traffic inside same fabric working fine. |
|
Headline: FHS config lost by upgrading from old version to 9.2(4) or 9.3(1) 1. From Cisco NX-OS 9.2(3) or a previous version to new version Cisco NX-OS 9.2(4) 2. From Cisco NX-OS 7.0(3)I7(7) or a previous version to new version Cisco NX-OS 9.2(4) 3. From Cisco NX-OS 9.2(3) or a previous version to new version Cisco NX-OS 9.3(1) 4. From Cisco NX-OS 7.0(3)I7(7) or a previous version to new version Cisco NX-OS 9.3(1) Downgrading from Cisco NX-OS 9.2(4) or Cisco NX-OS 9.3(1) to Cisco NX-OS 9.2(3) and prior to Cisco NX-OS 7.0(3)I7(x) will also be impacted. 1. List all the FHS target related configuration 'show run dhcp' 2. Copy them and redeploy when the upgrading is done. The same workaround for downgrading from 9.2(4) or 9.3(1) to the old versions. |
|
Headline: Intermittent VNI in DOWN state due to vni-add-await-buffer Symptoms: VNI in down state due to vni-add-await-buffer Workarounds: Remove entry and recreate resolves the issue. |
|
Headline: N9K: Radius authentication fails after reload/upgrade when DNS is used. |
|
Headline: ERSPAN sends to wrong egress interface |
|
Headline: speed xxxx under line console doesn't take effect (config-console)# speed 9600 |
|
Headline: not able to configure max igmp snooping group-timeout 10080 A lower value than the limit 10080 is accepted, shown and taken correctly on the show commands |
|
Headline: Port-channel member ports will cost TCAM entries as well as port-channel |
|
Headline: Unexpected configuration refresh removes member VNI configurations |
|
Headline: FT flow records in Cisco Nexus 9300-EX ToR switches do not have the correct STEP field set |
|
Headline: Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability Symptoms: A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce Workarounds: Please refer to the Security Advisory. |
|
Headline: GRE traffic with payload that has the wrong IP header is dropped |
|
Headline: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol DoS Vulnerability Symptoms: A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Note:Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: Workarounds: Please refer to the Security Advisory. |
|
Headline: IP forwarding is broken when the "hardware access-list tcam label ing-racl 9" command is entered. hardware access-list tcam label ing-racl 9 |
|
Headline: Longevity: nginx process getting killed - out of memory due to deadlock among DME threads In case of a REST timeout, "isan/bin/nginx" can be restarted to see if it fixes the issue. |
|
Headline: NXA-PAC-1100W-P series power supply might not work if connected to the same ATS |
|
Headline: IGMPv3/MLD Snoop - Mcast Traffic Loss To All Receivers After One Receiver Sends Multiple Leaves Sysptoms: Multicast traffic loss to remaining receivers after one receiver sends multiple leaves in quick succession. Workarounds: Disable explicit host tracking under vlan configuration: configure terminal |
|
Headline: Crash at the moment of collecting stats for TAHUSD process |
|
Headline: MPLS transit forwarding affected through Cisco Nexus 9300-FX2 platform switches |
|
Headline: Cisco Nexus 93180LC-EX crashes due to tahusd process in disruptive upgrade from 7.0(3)I7(1) to 7.0(3)I7(6)
The command to disable bootup tests from config mode is : switch(config)# diagnostic bootup level bypass Then re-enable complete diagnostics after upgrade : Disable bootup diagnostic tests globally before the upgrade and re-enable it after upgrade. That should be good workaround to move forward with the upgrade. The command to disable bootup tests from config mode is : switch(config)# diagnostic bootup level complete |
|
Headline: VXLAN: BUM traffic dropped on DCI/BL devices working as Bud node |
|
Headline: The "show hardware capacity forwarding" command does not have complete output in JSON |
|
Headline: VXLAN Encap packets sent with destination mac 00:00:00:00:00:00 when there is no ARP in Underlay (See the BugSearch Tool for show command outputs.) (Static ARP does not work as a workaround.) |
|
Headline: N9K-C92160YC-X // BGP - Some routes are forwarded via incorrect interface |
|
Headline: Community deletion leads to Assertion 'tmp_com == del_com' failed. Not applicable in some scenarios. |
|
Headline: MACsec ports are in (MACsec failure)/MACsec diagnostic is failing on module reload Then reload the line card again. |
|
Headline: After a disruptive upgrade of Cisco Nexus 9000 to 7.0(3)I7(6), control plane is stuck. |
|
Headline: Fatal SAP 28 pile up post SNMP crashes. |
|
Headline: SNMP crash seen due to corrupted TLV Switch# show cores vdc-all VDC Module Instance Process-name PID Date(Year-Month-Day Time) --- ------ -------- --------------- -------- ------------------------- |
|
Headline: Packets looping on internal ports of LC and FM after replacing N9K-X97160YC-EX with N9K-X9736C-FX Workarounds: FM reload fixes the issue. We can reload FMs one by one so that traffic will not be impacted. |
|
Headline: Nexus 9K Sysmgr crash while rotating log |
|
Headline: N9k reloads with Kernel panic - unable to handle kernel paging request |
|
Headline: Unable to save running config, gets error that memory is full |
|
Headline: BGP attribute-map for aggre address sets the last attribute without matching the prefix list. |
|
Headline: SNMP walk using OID 1.3.6.1.2.1.1 returns NULL [Expert Info (Note/Response): endOfMibView] |
|
Headline: Netflow / destination command is broken in rollback/patch |
|
Headline: N9K-X9736C-FX // debounce time Unexpected Behaviour |
|
Headline: Dynamic NAT configuration on the N9k causes L2 forwarding issues. |
|
Headline: Kernel Panic generates Kernel Trace instead of Stack Trace |
|
Headline: Copy run start fails on Cisco Nexus 3500 switch due to service "confelem" failure |
|
Headline: Configure replace fails when 'switchport trunk allowed vlan' list is too large When running 'show config-replace log verify' the below output is presented. Workarounds: ++ Shorten the list of the 'switchport trunk allowed vlan' list in the configuration file you are using for 'configure replace', then add any missing VLANs manually after the 'configure replace' task completes successfully. |
|
Headline: Native VLAN hardware mis-programming happens in tah after upgrade to 7.0.3.I7.7 with LACP individual |
|
Headline: Unexpected reload of ipqosmgr process while applying 'service-policy type qos input' on range of PCs Symptoms: Configuring "service-policy type qos input" under range of port-channel interfaces causes unexpected reload related to ipqosmgr process. Workarounds: Do not use a range of port-channels while configuring QoS. Add QoS configuration one by one. |
|
Headline: Wrong output of 'show snapshots compare' command with multiple VRFs |
|
Headline: Debounce is not working for N9K-C9364C using LR4 transceiver and link flaps |
|
Headline: Nexus 3500 BGP-3-ASSERT syslog in IPv4 Multicast AF with Ext. Communities 3548# show logging logfile | include ignore-case assert<snip>2019 Nov 6 17:33:11 3548 %BGP-3-ASSERT: bgp-49657 [4530] ../routing-sw/routing/bgp/bgp_import.c:1781: Assertion `0' failed.2019 Nov 6 17:33:11 3548 %BGP-3-ASSERT: bgp-49657 [4530] -Traceback: 0x81b5b63 0x820a9b0 0x820b53b 0x8135d8b 0x8137452 0x8137d58 librsw.so+0xa2107 libpthread.so.0+0x6140 libc.so.6+0xcedee A Cisco Nexus 3500 platform switch running 7.x code may see the following syslog: 3548# show logging logfile | include ignore-case assert <snip> 2019 Nov 6 16:20:49 3548 %BGP-3-ASSERT: bgp- [29626] ../routing-sw/routing/bgp/bgp_import.c:3756: Assertion `0' failed.2019 Nov 6 16:20:49 3548 %BGP-3-ASSERT: bgp- [29626] -Traceback: bgp=0x10001000 0x10278973 0x103e8380 0x103e8767 0x103e9091 0x10181553 0x10187621 0x1018d125 librsw_kstack.so=0xf3ecf000 librsw_kstack.so+0xac5cd libpthread.so.0=0xf3634000 libpthread.so.0+0x69ab libc.so.6=0xf34a4000 libc.s* A Cisco Nexus 3500 platform switch running 9.x code might see the following syslog: 2019 Nov 6 17:01:39 3548 %BGP-3-ASSERT: bgp- [667] ../routing-sw/routing/bgp/bgp_import.c:4424: Assertion `0' failed.2019 Nov 6 17:01:39 3548 %BGP-3-ASSERT: bgp- [667] -Traceback: bgp=0x100dd000 0x103082ba 0x1044cacb 0x1044ce13 0x1044d47a 0x10238207 0x1023d529 0x1024234b librsw_kstack.so=0xf64d2000 librsw_kstack.so+0x9fb07 libpthread.so.0=0xf62b5000 libpthread.so.0+0x62be libc.so.6=0xf5910000 libc.s* This symptom is observed regardless of whether the device is configured to perform inter-VRF leaking or not. No impact is observed to the device's ability to forward traffic, and the relevant prefix is installed in the BGP table in the VRF where it is received without issue. |
|
Headline: Storm control gets triggered even when threshold is not reached |
|
Headline: vpcm process memory leak @ libnve.so and libvlan_mgr_mcec.so You may also experience this issue by running `show run`: |
|
Headline: N9K crashing at the moment of using a flow exporter |
|
Headline: vsh.bin process crash `show logging nvram` |
|
Headline: Kernel panic and reload due to Watchdog Timeout after link flaps |
|
Headline: PTP Packets punted when feature ptp is enabled/disabled |
|
Headline: An interface may forward disallowed VLAN traffic over a trunk |
|
Headline: IGMPv3 report being looped on VXLAN vPC |
|
Headline: Storm control policer became 0x0 after duplicate policer index programmed incorrectly |
|
Headline: aclqos crash without device rebooting |
|
Headline: policyelem crash as soon we configure the flow-monitor on vlan |
|
Headline: Unable to toggle the interface snmp trap configuration after upgrade |
|
Headline: corrupted/incorrect router ID sent in update packet for external routes. |
|
Headline: SVI is down while VLAN has active port after port flapping Workaround #2 |
|
Headline: Negotiation issue with Intel X10SDV - port flapping multiple times |
|
Headline: Cisco Nexus 9500 SC EOBC Reloads on 7.0(3)I7.7 |
|
Headline: MALLOC_FAILED: mcastfwd [27776] m_copyin failed in mfwd_ip_main() |
|
Headline: Using GRE, inner DSCP value is not copied to the outer DSCP on N9K. |
|
Headline: Multicast Storm-control not working for Cisco Nexus 9000 |
|
Headline: EIGRP learned routes flapping when associated prefix-list is modified N9K-1--------EIGRP--------N9K2 Prefix-list configured on N9K-1 matching static routes When new entry is added to a prefix-list on N9K1, EIGRP learned routes on N9K-2 flaps If we use OSPF as routing protocol, we don't see route flap |
|
Headline: Nexus 93180YC-FX does not encapsulate traffic destined to Tunnel interface (GRE) Workarounds: ++ No workaround available |
|
Headline: The "ip igmp static-oif" command can take effect on the PIM DR and non-DR interfaces (SVI) Multicast stream Configured "ip igmp static-oif x.x.x.x" on both (SVI 101) of N9Ks. N9K (DR and non-DR interfaces) will have the static OIF for SVI and it causes the duplicate multicast traffic due to two valid OIFs. 1/ only configure static-oif in DR interface 2/ use dynamic join (IGMP report) rather than static oif |
|
Headline: Access-list TCAM entry does not program option fields configuerd in access-list |
|
Headline: N9K-C9396 // OID Return Wrong Values For example, On an N9K-C9396, which is a 48 port switch NOTE: This workaround applies only if the SNMP query is done for all ports linearly. Not guaranteed to work for random port queries. |
|
Headline: Multi-site EVPN: traffic might be dropped towards Layer3 if only a Layer3 extension is configured |
|
Headline: After upgrading to 7.0.3.I7.7 the port-channels got misconfigured and not possible to remove VLANS It is not easy for users to remove the use of port-profile type [ethernet|interface-vlan] <>, subcommands and the applying the port-profile commands on the interface before upgrade. |
|
Headline: NVE 1 stays UP on vPC secondary when peer-link down In "show nve interface nve 1 detail", the status is stuck in "Interface state : nve-intf-del-peer-cleanup-pending". |
|
Headline: Memory leak leads to crash on callhome |
|
Headline: N9K-X9788TC-FX continuously aging out MAC addresses |
|
Headline: N9K: aclqos crashes and generates core dump |
|
Headline: interface port-channel all command fails when sub interfaces are present |
|
Headline: CBL blocked state on BCM after interface comes up on FEX STP is forwarding from the software perspective. Workarounds: 1.Apply configuration on FEX interface then attach the cable. 2. Use PVSTP. |
|
Headline: Refresh profile CLI will fail when updating the Old profile with new profile |
|
Headline: CLI 'show hardware capacity forwarding' fails to produce JSON L2 related output |
|
Headline: IP/GRE traffic not matching TapAgg ACL |
|
Headline: N9K-C9348GC link up delay on usd level after reloaded |
|
Headline: Cisco Nexus 9000/VXLAN - Forwarding broken due to inner Dot1Q copied during VXLAN Encap Hosts across different leaf switches in VXLAN EVPN Fabric. OR, configure any spare interface (doesn't need to be UP) with the following configuration on each VTEP (both in case of vPC): (Supported with N9300-FX/FXP/FX2 platform switches)
interface Ethernet1/x x = any vlan with vn-segment enabled. Example: VLAN Segment-id |
|
Headline: Cisco Nexus 9000 crash when name based NTP server is configured and switch restart VDC-1 %$ %NTP-2-NTP_SYSLOG_INIT_FAIL: : Failed to restart NTPd sh system reset-reason |
|
Headline: bcm_l2_register_callback causes 9500 module reload. exception information --- exception instance 1 ---- `show cores` 1 1 1 bcm_usd 8252 2020-01-02 16:49:07 |
Bug ID |
Description |
On Cisco Nexus 9300-EX, 9348GC-FXP, 93108TC-FX, 93180YC-FX, 9336C-FX2, and 93240YC-FX2 switches, when 802.1q EtherType has changed on an interface, the EtherType of all interfaces on the same slice will be changed to the configured value. This change is not persistent after a reload of the switch and will revert to the EtherType value of the last port on the slice. |
</nf:source> <============nf: is extra
<namespace> : extra characters are seen with XML and JSON from NX-API.
· Table 1 Cisco Nexus 9000 Series Fabric Modules
· Table 2 Cisco Nexus 9000 Series Fans and Fan Trays
· Table 3 Cisco Nexus 9500 Platform Switches Line Cards
· Table 4 Cisco Nexus 9000 Series Power Supplies
· Table 5 Cisco Nexus 9500 Platform Switches Supervisor Modules
· Table 6 Cisco Nexus 9000 Series Switches
· Table 7 Cisco Nexus 9000 Series Uplink Modules
· Table 8 Cisco Nexus 9500 Platform Switches System Controller
· Table 9 Cisco Nexus 3232C and 3264Q Switch Hardware
· Table 10 Cisco Nexus 3164Q Switch Hardware
· Table 11 Cisco Nexus 31128PQ Switch Hardware
Table 1 Cisco Nexus 9000 Series Fabric Modules
N9K-C9516-FM-E2 |
16-slot fabric module for -E line cards. |
4 – N9K-X97160YC-EX |
Table 2 Cisco Nexus 9000 Series Fans and Fan Trays
1 For specific fan speeds, see the Overview section of the Hardware Installation Guide.
Table 3 Cisco Nexus 9500 Platform Switches Line Cards
Line card with 48 1/10-Gigabit SFP+ ports and 4 40-Gigabit QSFP+ uplink ports |
|||||
Line card with 48 10GBASE-T (copper) ports and 4 40-Gigabit QSFP+ ports |
|||||
Line card with 48 10GBASE-T (copper) ports and 4 40-Gigabit QSFP+ ports |
|||||
Line card with 48 1-/10-Gigabit SFP+ ports and 4 40-Gigabit QSFP+ ports |
|||||
Line card with 48 1-/10GBASE-T (copper) ports and 4 40-Gigabit QSFP+ ports |
|||||
N9K-X9732C-FX |
Line card with 32 100 Gigabit Ethernet. Each QSFP28 supports 1x100-, 2x50-, 1x40-, 4x25-, 4x10-, and 1x1/10-Gigabit Ethernet. . |
4 |
8 |
16 |
N9K-C9504-FM-E |
N9K-X9736Q-FX |
Line card with 36 1-/10-/40-Gigabit QSFP28 ports |
4 |
8 |
16 |
N9K-C9504-FM-E N9K-C9508-FM-E N9K-C9516-FM-E |
N9K-X9788TC-FX |
Line card with 48 1-/10-G BASE-T (copper) and 4 100-Gigabit QSFP28 ports |
4 |
8 |
16 |
N9K-C9504-FM-E N9K-C9516-FM-E |
N9K-X97160YC-EX |
Line card with 48 10-/25-Gigabit SFP28 ports and 4 40-/100-Gigabit QSFP28 ports |
4 |
8 |
16 |
N9K-C9504-FM-E |
Table 4 Cisco Nexus 9000 Series Power Supplies
Table 5 Cisco Nexus 9500 Platform Switches Supervisor Modules
Table 6 Cisco Nexus 9000 Series Switches
Table 7 Cisco Nexus 9000 Series Uplink Modules
An enhanced version of the Cisco Nexus N9K-M6PQ uplink module. |
|
Cisco Nexus 9300 uplink module with 12 40-Gigabit Ethernet QSPF+ ports. |
Table 8 Cisco Nexus 9500 Platform Switches System Controller
Table 9 Cisco Nexus 3232C and 3264Q Switch Hardware
Table 10 Cisco Nexus 3164Q Switch Hardware
Table 11 Cisco Nexus 31128PQ Switch Hardware
To perform a software upgrade or downgrade, follow the instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x.
For information about an In Service Software Upgrade (ISSU), see the Cisco NX-OS ISSU Support application.
Note: Upgrading from Cisco NX-OS 7.0(3)I1(2), 7.0(3)I1(3), or 7.0(3)I1(3a) requires installing a patch for Cisco Nexus 9500 platform switches only. For more information on the upgrade patch, see Upgrade Patch Instructions.
The following features are not supported for the Cisco Nexus 3232C and 3264Q switches:
■ 3264Q and 3232C platforms do not support the PXE boot of the NX-OS image from the loader.
■ Automatic negotiation support for 25-Gb and 50-Gb ports on the Cisco Nexus 3232C switch
■ Cisco Nexus 2000 Series Fabric Extenders (FEX)
■ Cisco NX-OS to ACI conversion (The Cisco Nexus 3232C and 3264Q switches operate only in Cisco NX-OS mode.)
■ DCBXP
■ Designated router delay
■ DHCP subnet broadcast is not supported
■ Due to a Poodle vulnerability, SSLv3 is no longer supported
■ FCoE NPV
■ Intelligent Traffic Director (ITD)
■ Enhanced ISSU. NOTE: Check the appropriate guide to determine which platforms support Enhanced ISSU.
■ MLD
■ NetFlow
■ PIM6
■ Policy-based routing (PBR)
■ Port loopback tests
■ Resilient hashing
■ SPAN on CPU as destination
■ Virtual port channel (vPC) peering between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 9300 platform switches or between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 3100 Series switches
■ VXLAN IGMP snooping
The following features are not supported for the Cisco Nexus 9200 platform switches and the Cisco Nexus 93108TC-EX and 93180YC-EX switches:
■ 64-bit ALPM routing mode
■ Cisco Nexus 9272PQ and Cisco Nexus 92160YC platforms do not support the PXE boot of the NXOS image from the loader.
■ ACL filters to span subinterface traffic on the parent interface
■ Egress port ACLs
■ Egress QoS policer is supported on the Cisco Nexus 9300-EX and 9300-FX platform switches. It is not supported on the Cisco Nexus 9200 platform switch. The only policer action supported is drop. Remark action is not supported on egress policer.
■ FEX (supported for Cisco Nexus 9300-EX platform switches but not for Cisco Nexus 9200 platform switches.)
■ GRE v4 payload over v6 tunnels
■ IP length-based matches
■ IP-in-IP on Cisco Nexus 92160 switch
■ ISSU enhanced is not supported on the Cisco Nexus 9300-FX platform switch.
■ Layer 2 Q-in-Q is supported only on Cisco Nexus 9300-EX platform switches (93108TC-EX and 93180YC-EX) and Cisco Nexus 9500 platform switches with the X9732C-EX line card.
■ MTU (Multi Transmission Unit) checks for packets received with an MPLS header
■ NetFlow is not supported on Cisco Nexus 9200 platform switches. It is supported on Cisco Nexus 9300-EX and 9300-FX platform switches.
■ Packet-based statistics for traffic storm control (only byte-based statistics are supported)
■ PVLANs (supported on Cisco Nexus 9300 and 9300-EX platform switches but not on Cisco Nexus 9200 platform switches)
■ Q-in-VNI is not supported on Cisco Nexus 9200 platform switches. Beginning with Cisco NX-OS Release 7.0(3)I5(1), Q-in-VNI is supported on Cisco Nexus 9300-EX platform switches.
■ Q-in-Q for VXLAN is not supported on Cisco Nexus 9200 and 9300-EX platform switches
Q-in-VNI is not supported on Cisco Nexus 9200 platform switches (supported on Cisco Nexus 9300-EX platform switches)
■ Resilient hashing for ECMP on the Cisco Nexus 9200 platform switches.
■ Resilient hashing for port-channel
■ Rx SPAN for multicast if the SPAN source and destination are on the same slice and no forwarding interface is on the slice
■ SVI uplinks with Q-in-VNI are not supported with Cisco Nexus 9300-EX platform switches
■ Traffic storm control for copy-to-CPU packets
■ Traffic storm control with unknown multicast traffic
■ Tx SPAN for multicast, unknown multicast, and broadcast traffic
■ VACL redirects for TAP aggregation
The following features are not supported for the Cisco Nexus 9500 platform N9K-X9408PC-CFP2 line card and Cisco Nexus 9300 platform switches with generic expansion modules (N9K-M4PC-CFP2):
■ 802.3x
■ Breakout ports
■ FEX (this applies to the N9K-X9408PC-CFP2 and –EX switches, not all Cisco Nexus 9300 platform switches)
■ MCT (Multichassis EtherChannel Trunk)
■ NetFlow
■ Only support 40G flows
■ Port-channel (No LACP)
■ PFC/LLFC
■ PTP (Precision Time Protocol)
■ PVLAN (supported on Cisco Nexus 9300 platform switches)
■ Shaping support on 100g port is limited
■ SPAN destination/ERSPAN destination IP
■ Storm Control
■ vPC
■ VXLAN access port
The following features are not supported for Cisco Nexus 9508 switches with an N9K-X9732C-EX line card:
■ FEX
■ IPv6 support for policy-based routing
■ LPM dual-host mode
■ SPAN port-channel destinations
The entire Cisco Nexus 9000 Series NX-OS documentation set is available at the following location: Cisco Nexus 9000 Series Switches
Cisco Nexus 9000 Series Software Upgrade and Downgrade Guide is available at the following location: Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x
The Cisco Nexus 3164Q Switch - Read Me First is available at the following location: Cisco Nexus 3164Q Switch — READ ME FIRST
The Cisco Nexus 31128PQ Switch - Read Me First is available at the following location: Cisco Nexus 31128PQ Switch — READ ME FIRST
The Cisco Nexus 3232C/3264Q Switch - Read Me First is available at the following location: Cisco Nexus 3232C and 3264Q Switches — READ ME FIRST
The Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference is available at the following location: Cisco Nexus NX-API References
The Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes, Release 7.0(3)I7(8) is available at the following location:
Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes, Release 7.0(3)I7(8)
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)