Guest

Cisco Nexus 7000 Series Switches

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.0

  • Viewing Options

  • PDF (471.8 KB)
  • Feedback
Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.0

Table Of Contents

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.0

Contents

Introduction

System Requirements

Hardware Supported

Memory Requirements

Supported Device Hardware

Upgrade/Downgrade Caveats

CMP Images

EPLD Images

Cisco DCNM

New Software Features

Cisco NX-OS Release 5.0(5)

Cisco NX-OS Release 5.0(3)

Cisco Overlay Transport Virtualization

Cisco NX-OS Release 5.0(2a)

Bidirectional Forwarding Detection

IPv6 PMTU

IPv6 on CMP Interface

HSRP for IPv6

IPv6 Support in Object Tracking

CMP Enhancements

Q-in-Q VLAN Tunnels

Promiscuous Trunk Port

Secondary Private VLAN Trunks

LLDP

VRF Support in DHCP

NPE Image

Time Domain Reflectometer

IS-IS Non Stop Routing

Per-command Authorization for TACACS+

AAA Enhancements

NTP Enhancements

ACL Logging on Management Interfaces

VPC Enhancement

VPC Peer Switch Feature

Route Policy Manager Enhancements

Call Home

SSH Enhancements

IEEE 802.1x Enhancements

Configurable Maximum Fabric Modules Per System

Display of Power Draw for Modules and Fan

Fan Embedded Event Manager Policies

Licensing

Transport Services Package

Scalable Feature Package

MIBS

Limitations

vPCs

XML Management Interface

QoS

Rollback

Port Profiles

GOLD

Multicast over Tunnel Interfaces

Syslog Message Indicates SAP Failure

vPC Peer Link Inconsistency Messages

VDC Snapshot Files are Saved in bootflash

The Number of SXP Connections Exceeds the Limit

Stale V6 Adjacencies Are Recovered Following an ISSU

Old Switch Name Appears Following Write Erase

A Version Mismatch Syslog Message Displays Following an ISSD

NTP Errors Display During a Switchover

Packet Forwarding in a vPC with a HSRP V6 Group

Caveats

Open Caveats—Cisco NX-OS Release 5.0

Resolved Caveats—Cisco NX-OS Release 5.0(5)

Resolved Caveats—Cisco NX-OS Release 5.0(3)

Resolved Caveats—Cisco NX-OS Release 5.0(2a)

Resolved Caveats—Cisco NX-OS Release 5.0(2)

Related Documentation

Obtaining Documentation and Submitting a Service Request


Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.0


Date: November 22, 2010
Part Number: OL-22229-04
Current Release: 5.0(5)
Deferred Release 5.0(2)

This document describes the features, caveats, and limitations for Cisco NX-OS software for use on the Cisco Nexus 7000 Series switches. Use this document in combination with documents listed in the "Related Documentation" section.


Note Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of the Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.x Release Notes:
http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html


Table 1 shows the online change history for this document.

Table 1 Online History Change 

Part Number
Revision
Date
Description

OL-22229-01

A0

May 24, 2010

Created release notes for Release 5.0(2).

OL-22229-02

A0

May 26, 2010

Created release notes for Release 5.0(2a).

B0

June 08, 2010

Added the 6.0-kW DC power supply information to Table 1.

C0

June 28, 2010

Added the 10-Gbps SFP+ transceivers to Table 3.

OL-22229-03

A0

July 25, 2010

Created release notes for Release 5.0(3).

B0

August 4, 2010

Moved CSCtg79818 to the "Resolved Caveats—Cisco NX-OS Release 5.0(3)" section.

C0

August 5, 2010

Added Resolved Caveat CSCth34076.

D0

November 8, 2010

Added Open Caveat CSCtg79396.

OL-22229-04

A0

November 22, 2010

Created Release Notes for Release 5.0(5).


Contents

This document includes the following sections:

Introduction

System Requirements

Upgrade/Downgrade Caveats

CMP Images

EPLD Images

Cisco DCNM

New Software Features

Licensing

MIBS

Limitations

Caveats

Related Documentation

Obtaining Documentation and Submitting a Service Request

Introduction

The Cisco NX-OS software for the Cisco Nexus 7000 Series switches fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) similar to Cisco IOS software.

System Requirements

This section includes the following topics:

Hardware Supported

Memory Requirements

Supported Device Hardware

Hardware Supported

The Cisco NX-OS software supports the Cisco Nexus 7000 Series chassis. You can find detailed information about supported hardware in the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.

Memory Requirements

The Cisco NX-OS software requires 4 GB of memory.

Supported Device Hardware

Cisco NX-OS Release 4.2(1) and later releases support management and monitoring of the Cisco Nexus 7010 switch and Cisco Nexus 7018 switch. Although you can use Cisco NX-OS Release 4.0 to manage a Cisco Nexus 7010 switch, you must use Cisco NX-OS Release 4.1(2) or later releases to manage a Cisco Nexus 7018 switch, the 7.5-kW AC power supply unit, and the 48-port 1-Gigabit SFP I/O module.

Cisco NX-OS Release 5.0(2a) or a later release is required to manage the 8-port Gigabit Ethernet I/O module XL and the 48-port Gigabit Ethernet I/O module XL. The default behavior of the XL modules is the same as it is for the non-XL modules. Depending on the chassis, the Cisco Nexus 7010 Scalable Feature Package license (N7K-C7010-XL) or the Cisco Nexus 7018 Scalable Feature Package license (N7K-C7018-XL) is required to enable all XL-capable I/O modules to operate in XL mode.

Cisco NX-OS Release 5.0 introduces support for the 6.0-kW DC power supply and the DC power interface unit.

Table 2 shows the hardware supported by Cisco NX-OS Release 5.0 and all Cisco NX-OS Release 4.x software.

Table 3 shows the transceivers supported by each release.

Table 2 Hardware Supported by Cisco NX-OS Software Releases  

Hardware
Part Number
Cisco NX-OS Release 4.0 Support
Cisco NX-OS Release 4.1(2) through 4.2(4) Support
Cisco NX-OS Release 5.0(2) through 5.0(5)Support

Cisco Nexus 7010 chassis

N7K-C7010

X

X

X

Cisco Nexus 7018 chassis

N7K-C7018

-

X

X

Supervisor module

N7K-SUP1

X

X

X

Fabric module, Cisco Nexus 7000 Series 10-slot

N7K-C7010-FAB-1

X

X

X

Fabric module, Cisco Nexus 7000 Series 18-slot

N7K-C7018-FAB-1

-

X

X

8-port 10-Gigabit Ethernet I/O module XL1

N7K-M108X2-12L

-

-

X

48-port 1-Gigabit Ethernet I/O module XL1

N7K-M148GS-11L

-

-

X

48-port 10/100/1000 Ethernet I/O module

N7K-M148GT-11

X

X

X

48-port 1-Gigabit Ethernet SFP I/O module

N7K-M148GS-11

-

X

X

32-port 10-Gigabit Ethernet SFP+ I/O module

N7K-M132XP-12

X

X

X

System fan tray for the Cisco Nexus 7010 chassis

N7K-C7010-FAN-S

X

X

X

Fabric fan tray for the Cisco Nexus 7010 chassis

N7K-C7010-FAN-F

X

X

X

Fan tray for the Cisco Nexus 7018 chassis

N7K-C7018-FAN

-

X

X

6.0-kW AC power supply unit

N7K-AC-6.0KW

X

X

X

7.5-kW AC power supply unit

N7K-AC-7.5KW-INT
N7K-AC-7.5KW-US

-
-

X
X

X

6.0-kW DC power supply unit (cable included)
DC power interface unit
DC 48 V-48 V cable (spare)

N7K-DC-6.0KW
N7K-DC-PIU
N7K-DC-CAB=

-
-
-

-
-
-

X
X
X

1 Requires the Cisco Nexus 7010 Scalable Feature Package license (N7K-C7010-XL) or the Cisco Nexus 7018 Scalable Feature Package license (N7K-C7018-XL), depending on the chassis, to enable all XL-capable I/O modules to operate in XL mode.


Table 3 Transceivers Supported by Cisco NX-OS Software Releases  

I/O Module
Transceiver Type
Product ID
Minimum Software Version

N7K-M108X2-12L

10GBASE-X X2

X2-10GB-SR

5.0(2a)

X2-10GB-LR

5.0(2a)

X2-10GB-LRM

5.0(2a)

X2-10GB-ER

5.0(2a)

N7K-M108X2-12L

10GBASE-DWDM X2

DWDM-X2-60.61=

5.0(2a)

   

DWDM-X2-59.79=

5.0(2a)

DWDM-X2-58.98=

5.0(2a)

DWDM-X2-58.17=

5.0(2a)

DWDM-X2-56.55=

5.0(2a)

DWDM-X2-55.75=

5.0(2a)

DWDM-X2-54.94=

5.0(2a)

DWDM-X2-54.13=

5.0(2a)

DWDM-X2-52.52=

5.0(2a)

DWDM-X2-51.72=

5.0(2a)

DWDM-X2-50.92=

5.0(2a)

DWDM-X2-50.11=

5.0(2a)

DWDM-X2-48.51=

5.0(2a)

DWDM-X2-47.72=

5.0(2a)

DWDM-X2-46.92=

5.0(2a)

DWDM-X2-46.12=

5.0(2a)

DWDM-X2-44.53=

5.0(2a)

DWDM-X2-43.73=

5.0(2a)

DWDM-X2-42.94=

5.0(2a)

DWDM-X2-42.14=

5.0(2a)

DWDM-X2-40.56=

5.0(2a)

DWDM-X2-39.77=

5.0(2a)

DWDM-X2-38.98=

5.0(2a)

DWDM-X2-38.19=

5.0(2a)

DWDM-X2-36.61=

5.0(2a)

DWDM-X2-35.82=

5.0(2a)

DWDM-X2-35.04=

5.0(2a)

DWDM-X2-34.25=

5.0(2a)

DWDM-X2-32.68=

5.0(2a)

DWDM-X2-31.90=

5.0(2a)

DWDM-X2-31.12=

5.0(2a)

DWDM-X2-30.33=

5.0(2a)

N7K-M148GS-11

1000BASE-CWDM

CWDM-SFP-1470

4.2(1)

CWDM-SFP-1490

4.2(1)

CWDM-SFP-1510

4.2(1)

CWDM-SFP-1530

4.2(1)

CWDM-SFP-1550

4.2(1)

CWDM-SFP-1570

4.2(1)

CWDM-SFP-1590

4.2(1)

CWDM-SFP-1610

4.2(1)

N7K-M148GS-11

1000BASE-DWDM

DWDM-SFP-6141

4.2(1)

DWDM-SFP-6061

4.2(1)

DWDM-SFP-5979

4.2(1)

DWDM-SFP-5898

4.2(1)

DWDM-SFP-5817

4.2(1)

DWDM-SFP-5736

4.2(1)

DWDM-SFP-5655

4.2(1)

DWDM-SFP-5575

4.2(1)

DWDM-SFP-5494

4.2(1)

DWDM-SFP-5413

4.2(1)

DWDM-SFP-5332

4.2(1)

DWDM-SFP-5252

4.2(1)

DWDM-SFP-5172

4.2(1)

DWDM-SFP-5092

4.2(1)

DWDM-SFP-5012

4.2(1)

DWDM-SFP-4931

4.2(1)

DWDM-SFP-4851

4.2(1)

DWDM-SFP-4772

4.2(1)

DWDM-SFP-4692

4.2(1)

DWDM-SFP-4612

4.2(1)

DWDM-SFP-4532

4.2(1)

DWDM-SFP-4453

4.2(1)

DWDM-SFP-4373

4.2(1)

DWDM-SFP-4294

4.2(1)

DWDM-SFP-4214

4.2(1)

DWDM-SFP-4134

4.2(1)

DWDM-SFP-4056

4.2(1)

DWDM-SFP-3977

4.2(1)

DWDM-SFP-3898

4.2(1)

DWDM-SFP-3819

4.2(1)

DWDM-SFP-3739

4.2(1)

DWDM-SFP-3661

4.2(1)

DWDM-SFP-3582

4.2(1)

DWDM-SFP-3504

4.2(1)

DWDM-SFP-3425

4.2(1)

DWDM-SFP-3346

4.2(1)

DWDM-SFP-3268

4.2(1)

   

DWDM-SFP-3190

4.2(1)

DWDM-SFP-3112

4.2(1)

DWDM-SFP-3033

4.2(1)

N7K-M148GS-11

1000BASE-SX

SFP-GE-S

4.1(2)

GLC-SX-MM

4.1(2)

1000BASE-LX

SFP-GE-L

4.1(2)

GLC-LH-SM

4.1(2)

1000BASE-ZX

SFP-GE-Z

4.1(2)

GLC-ZX-SM

4.1(2)

1000BASE-T

GLC-T

4.2(1)

SFP-GE-T

4.2(1)

N7K-M148GS-11L

1000BASE-SX

SFP-GE-S

5.0(2a)

GLC-SX-MM

5.0(2a)

1000BASE-LX

SFP-GE-L

5.0(2a)

GLC-LH-SM

5.0(2a)

1000BASE-ZX

SFP-GE-Z

5.0(2a)

GLC-ZX-SM

5.0(2a)

1000BASE-T

GLC-T

5.0(2a)

SFP-GE-T

5.0(2a)

N7K-M132XP-12

10-Gbps SFP+

SFP-10G-ER

5.0(2a)

SFP-10G-SR (short range)

5.0(2a)

SFP-10G-LR (long range)

5.0(2a)

10GBASE-SR

SFP-10G-SR

4.0(1)

10GBASE-LR

SFP-10G-LR

4.0(3)



Note Version -01 of X2-DWDM Fujitsu with serial number prefix ONJxxxxxxx can be used with the 8-port Gigabit Ethernet I/O module XL. All version -02 of X2-DWDM Fujitsu can be used as well.


Upgrade/Downgrade Caveats

The following caveats apply to the Cisco NX-OS Release 4.2(1) or later for the Cisco Nexus 7000 Series devices:

Do not change any configuration settings or network settings during the upgrade. Any changes in the network settings may cause a disruptive upgrade.

Release 5.0(5) is ISSU-compatible with Release 5.0(3, 5.0(2a), and 5.0(2) and with all 4.2(x) releases.

Release 5.0(5) is not ISSU-compatible with 4.1(x) and 4.0(x) releases.

You can nondisruptively downgrade from Cisco NX-OS Release 5.0(3) to Release 5.0(2a), Release 5.0(2), and to any 4.2(x) release. Downgrades to a 4.1(x) or 4.0(x) release are disruptive.

CMP Images

Cisco NX-OS Release 5.0(5) does not include a new image for the CMP. Cisco NX-OS Release 5.0(2a) includes a new image for the CMP. The CMP is upgraded to Release 5.0(2a) on a successful ISSU of Cisco NX-OS to Release 5.0(2a).

EPLD Images

Cisco NX-OS Release 5.0(5), Release 5.0(3) and Release 5.0(2a) use the Release 5.0(2) EPLD images. Many of the EPLD images were upgraded for Cisco NX-OS Release 5.0(2).

To determine whether you need to upgrade the EPLD images on your Cisco Nexus 7000 Series switch, see the Cisco Nexus 7000 Series FPGA/EPLD Upgrade Release Notes, Release 5.0.

Cisco DCNM

Cisco Data Center Network Manager (DCNM) Release 5.0(2) supports Cisco NX-OS 5.0(5) and other software release versions depending on the Cisco Nexus platform. See the Cisco DCNM Release Notes, Release 5.0(2) for specific information about the Cisco Nexus platforms and software release versions that Cisco DCNM supports.

New Software Features

This section briefly describes the new features introduced in Cisco NX-OS Release 5.0 for the Cisco Nexus 7000 Series switches. For detailed information about the features listed, see the documents listed in the "Related Documentation" section. The "New and Changed Information" section in each of these books provides a detailed list of all new features and includes links to the feature description or new command.

This section includes the following topics:

Cisco NX-OS Release 5.0(5)

Cisco NX-OS Release 5.0(3)

Cisco NX-OS Release 5.0(2a)

Cisco NX-OS Release 5.0(5)

Cisco NX-OS Release 5.0(5) is a maintenance release and does not include any new features.

Cisco NX-OS Release 5.0(3)

This section briefly describes the new features introduced in Cisco NX-OS Release 5.0(3) for the Cisco Nexus 7000 Series switches and includes the following topics:

Cisco Overlay Transport Virtualization

Cisco Overlay Transport Virtualization

Cisco Overlay Transport Virtualization (OTV) is a MAC-in-IP method that extends Layer 2 connectivity across a core network infrastructure. OTV provides an overlay that enables Layer 2 connectivity between separate Layer 2 domains. Using MAC address-based routing and IP-encapsulated forwarding across a core network, OTV provides support for applications that require Layer 2 adjacency, such as clusters and virtualization. You deploy OTV on the edge devices in each site. OTV requires no other changes to the sites or the core network.

In addition to having no impact on existing network design, OTV can deliver the following benefits:

Failure isolation—Failure boundaries and site independence are preserved so that sites are independent of each other and failures do not propagate beyond the OTV edge device.

Optimized operations—OTV uses a single protocol that simplifies site additions and removals.

Optimal bandwidth utilization, resiliency, and scalability—OTV allows for multipathing, seamless multihoming with built-in loop prevention, and multipoint connectivity in a point-to-cloud model.

Seamless migration path—Because OTV is transparent to the core network, it can be incrementally deployed over an existing topology without altering the network design.

OTV requires the Transport Services Package license.

Cisco NX-OS Release 5.0(2a)

This section briefly describes the new features introduced in Cisco NX-OS Release 5.0(2a) for the Cisco Nexus 7000 Series switches and includes the following topics:

Bidirectional Forwarding Detection

IPv6 PMTU

IPv6 on CMP Interface

HSRP for IPv6

IPv6 Support in Object Tracking

CMP Enhancements

Q-in-Q VLAN Tunnels

Promiscuous Trunk Port

Secondary Private VLAN Trunks

LLDP

VRF Support in DHCP

NPE Image

Time Domain Reflectometer

IS-IS Non Stop Routing

Per-command Authorization for TACACS+

AAA Enhancements

NTP Enhancements

VPC Enhancement

VPC Peer Switch Feature

Route Policy Manager Enhancements

Call Home

SSH Enhancements

IEEE 802.1x Enhancements

Configurable Maximum Fabric Modules Per System

Display of Power Draw for Modules and Fan

Fan Embedded Event Manager Policies

Bidirectional Forwarding Detection

Bidirectional Forwarding Detection (BFD) provides low-overhead, short-duration detection of failures in the path between adjacent forwarding engines. In Cisco NX-OS Release 5.0(2a), BFD has been enhanced to detect bidirectional forwarding failures in subsecond time.

BFD is a fixed-length hello protocol, in which each end of a connection transmits packets periodically over a forwarding path. Cisco NX-OS supports BFD adaptive detection times. In addition, Cisco NX-OS supports BFD (version 1) for the verification of IPv4 single-hop connectivity. Cisco NX-OS supports asynchronous mode.

BFD works over Gigabit Ethernet, 10 Gigabit Ethernet, and port channel interfaces. BFD can be used with the following features and protocols:

Static routes

Border Gateway Protocol (BGP)

Intermediate System-to-Intermediate System (IS-IS)

Open Shortest Path First (OSPF)

Enhanced Interior Gateway Routing Protocol (EIGRP)

Hot-Standby Router Protocol (HSRP)

Protocol Independent Multicast (PIM)

IPv6 PMTU

IPv6 path MTU (PMTU) uses larger TCP Max Segment Size while communicating with peers that are not directly connected. The result is better performance in the form of higher data throughput on the connections.

IPv6 on CMP Interface

The following IPv6 features are available on the Connectivity Management Processor (CMP) interface:

IPv6 support on CMP management interface

Ability to configure IPv6 from startup scripts

Telnet and SSH reachability to CMP through IPv6

Ping6 and Traceroute6 support on CMP

HSRP for IPv6

Cisco NX-OS Release 5.0 supports the Hot Standby Routing Protocol for IPv6 (HSRPv6). This support includes link-layer address as well as global IPv6 address support.

IPv6 Support in Object Tracking

With this enhancement, objects tracked now include static as well as dynamic IPv6 routes. Cisco NX-OS Release 5.0 also supports IPv6 routing on interfaces, similar to IPv4.

CMP Enhancements

The Connectivity Management Processor (CMP) that is included on the Cisco Nexus 7000 Series supervisor module, now supports the following features:

Cisco Discovery Protocol (CDP)

Front-panel console monitoring

Q-in-Q VLAN Tunnels

A Q-in-Q VLAN tunnel enables a service provider to segregate the traffic of different customers in their infrastructure, while still giving the customer a full range of VLANs for their internal use by adding a second 802.1Q tag to an already tagged frame.

Promiscuous Trunk Port

Beginning with Cisco NX-OS Release 5.0(2a), you can configure a Layer 2 interface as a private VLAN promiscuous trunk port and then associate that promiscuous trunk port with multiple primary VLANs. These promiscuous trunk ports carry traffic for multiple primary VLANs as well as normal VLANs.

Secondary Private VLAN Trunks

In addition to promiscuous trunk ports, Cisco NX-OS Release 5.0(2a) supports another form of private VLAN trunks called secondary trunk ports. These ports can carry traffic of multiple isolated VLANs, as well as normal VLANs on the same trunk port. The traffic of the associated primary VLAN is translated to the respective isolated VLAN before it leaves the trunk port.

LLDP

The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over the data-link layer (Layer 2) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices that are connected to the network.

To permit the discovery of non-Cisco devices, the switch also supports the Link Layer Discovery Protocol (LLDP), a vendor-neutral device discovery protocol that is defined in the IEEE 802.1ab standard. LLDP allows network devices to advertise information about themselves to other devices on the network. This protocol runs over the data-link layer, which allows two systems running different network layer protocols to learn about each other.

LLDP is a one-way protocol that transmits information about the capabilities and current status of a device and its interfaces. LLDP devices use the protocol to solicit information only from other LLDP devices.

LLDP supports a set of attributes that it uses to discover other devices. These attributes contain type, length, and value (TLV) descriptions. LLDP devices can use TLVs to send and receive information to other devices on the network. Details such as configuration information, device capabilities, and device identity can be advertised using this protocol.

VRF Support in DHCP

In typical network deployments, multiple VPNs and VPN routing and forwarding (VRF) instances are serviced by one single network element (such as a router) where a relay agent can exist. It might be desirable to have just one Dynamic Host Configuration Protocol (DHCP) server placed in one VRF to cater to all the clients in different VRFs. This configuration enables a network administrator to conserve address space by allowing overlapping addresses. In Cisco NX-OS Release 5.0(2a), the relay agent can now support multiple clients on different VPNs, and many of these clients from different VPNs can share the same IP address.

NPE Image

Cisco NX-OS Release 5.0(2a) provides a no payload encryption (NPE) image for countries who have import restrictions on products that encrypt payload data. The NPE image supports all Cisco NX-OS features included in Release 5.0(2a) except Cisco Trusted Security (CTS).

To differentiate the NPE image from the standard software image, the letters npe are included in the image name as follows: n7000-s1-dk9-npe.5.0.2.bin.

Time Domain Reflectometer

A Time Domain Reflectometer (TDR) can be used to find physical layer network problems such as cable faults. TDRs give network administrators the ability to remotely diagnose a cable failure. As a result, they can quickly and effectively identify the root cause of a problem and provide users with a prompt response to their connectivity problems. Moreover, with cable diagnostic capabilities now embedded directly on the Cisco Nexus 7000 Series modules, it is no longer necessary to unplug cables and connect cable testers to diagnose a link fault. The ports on each module can independently detect cabling problems and report them to the switch software. The TDR feature is available only on the 48-port Gigabit Ethernet I/O module XL, N7K-M148GS-11L.

IS-IS Non Stop Routing

This feature combines stateful high availability with graceful restart support for the Intermediate System-to-Intermediate System (IS-IS) protocol to maintain routing sessions during switch supervisor switchover. As a result, there is zero downtime during system upgrades (ISSU) and disruptions.

Per-command Authorization for TACACS+

The current Cisco NX-OS software provides local and remote authentication and command authorization using local RBAC roles and does not support any means for commands to be verified by a server outside the switch. The capability to verify users (authentication) and commands (authorization) using a TACACS+ server is now supported in Cisco NX-OS Release 5.0(2a). This feature provides IOS like privilege levels and two stage authentication using the new enable secret password command. This capability allows network administrators to leverage existing TACACS+ policies for both IOS and NX-OS devices simultaneously.

AAA Enhancements

Authentication, authorization, and accounting (AAA) has been enhanced with the following capabilities:

Per-command authorization with roles for AAA

AAA Challenge Handshake Authentication Protocol (CHAP) authentication

Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory support for AAA

Support for an OTP (OneTimePassword) scheme for the AAA infrastructure

Enhancement to enable or disable fallback to local if remote authentication fails

Support added in the SNMP MIB to get the list of logged in users

Capability to configure test parameters at the AAA group level instead of having to set them up individually for each server in the AAA group

Capability to enable AAA accounting on LOGFLASH for the Cisco Nexus 7000 Series

NTP Enhancements

Cisco NX-OS Release 5.0(2a) includes the following Network Time Protocol (NTP) enhancements:

NTP ACLs

The NTP access group can be used to specify the servers and peers from which time responses are accepted. These lists are built on the ACL infrastructure of Cisco NX-OS.

NTP authentication

Authentication support allows the NTP client to verify that servers are known and trusted and not intruders intending accidentally or intentionally to masquerade as legitimate servers. NTP authentication uses symmetric key cryptography.

NTP logging and debugging

With logging enabled, significant NTP daemon events (such as synchronization to a server or a clock reset) are logged.

ACL Logging on Management Interfaces

The ACL log feature allows you to monitor flows that hit specific ACLs. You can configure specific ACLs with the logging option. When such an option is configured, statistics for each flow that matches the permit or deny conditions of the ACL entry are logged in software.

VPC Enhancement

Virtual Port Channel (VPC) now allows new ports to be enabled on the vPC primary switch when the peer link is down.

VPC Peer Switch Feature

Cisco NX-OS Release 5.0(2) includes the vPC peer switch feature. This feature allows a pair of Cisco Nexus 7000 Series devices to appear as a single STP root in the Layer 2 topology. The vPC peer switch feature eliminates the need to pin the STP root to the vPC primary switch and improves vPC convergence if the vPC primary switch fails.

This feature can be used with these topologies:

The pure peer switch topology in which the devices all belong to the vPC.

The hybrid peer switch topology in which there is a mixture of vPC and non-vPC devices in the configuration

Route Policy Manager Enhancements

The following new commands support the route policy manager:

match metric command

match mac command

match vlan command

Call Home

The Call Home feature has been enhanced and now offers these capabilities:

Multiple SMTP server capability with Call Home.

Call Home messages for process failures on a module.

Enhancement for syslog alerts.

VRF support for the HTTP transport.

SSH Enhancements

The enhancements to Secure Shell (SSH) include the following:

Support for the SSH command in boot mode.

PKI X509 certificate support for SSH.

File copy without a password to an SCP server.

IEEE 802.1x Enhancements

Cisco NX-OS Release 5.0(2a) includes the following IEEE 802.1x features:

Support for dot1x on port channels

Enhancements related to Protected Access Credential (PAC) provisioning

Configurable Maximum Fabric Modules Per System

Cisco NX-OS reserves power for all five fabric modules in the Cisco Nexus 7000 Series. This feature allows customers to release some of the reserved power, by allowing power to the configured fabric module. Fabric modules in slots that are unsupported are kept powered down.

Display of Power Draw for Modules and Fan

Support is now provided to display the actual power draw for newer modules like the Cisco Nexus 7000 Series 48-Port Gigabit Ethernet XL module and 8-Port 10 Gigabit Ethernet XL module.

Support is also provided to display the estimated power draw for the fan.

Fan Embedded Event Manager Policies

Cisco NX-OS Release 5.0(2a) supports the new Embedded Event Manager (EEM) policies.

The following EEM policies apply to the Cisco Nexus 7010 switch:

The fan table speed is capped at a lower value, and the maximum reserved power for the fan can be reduced.

Fan table mappings at various speeds have changed.

The fan shutdown policy for the 10-slot chassis has changed as follows:

If a system fan is removed: Earlier releases shut off the other fan in 3 minutes. The new policy is to increase the speed of the other fan based on the table mapping.

If a fabric fan is removed: Earlier releases shut off the other fan in 3 minutes. The new policy is to increase the speed of the other fan to the maximum.

Hysteresis: fan speed is controlled by temperature. If the temperature increases too high, the fan speed is increased to cool down. If successful, the fan speed is not reduced until the temperature is reduced.

The following EEM policies apply to the Cisco Nexus 7018 Switch:

The fan table speed is capped at a lower value, and hence the maximum reserved power for the fan can be reduced.

Fan table mappings at various speeds have changed.

The fan shutdown policy has not changed.

Hysteresis: fan speed is controlled by temperature. If the temperature increases too high, the fan speed is increased to cool down. If successful, the fan speed is not reduced until the temperature is reduced.

Licensing

Cisco NX-OS Release 5.0(3) includes one new license that is described in the following section:

Transport Services Package

Transport Services Package

The Transport Services Package license is required to use the Overlay Transport Virtualization (OTV) feature that is being launched in Cisco NX-OS Release 5.0(3).

Cisco NX-OS Release 5.0(2a) includes one new license that is described in the following section:

Scalable Feature Package

Scalable Feature Package

The Cisco Nexus 7000 Series Scalable Feature Package license provides the flexibility to enable system-wide XL capabilities without requiring a hardware module change or upgrade. A single license per system enables all XL-capable I/O modules to operate in XL mode. After the single system license is added to a system, all modules that are XL capable are enabled with no additional licensing.

MIBS

The following MIBs are supported:

IP-MIB (RFC-2011)

IP Forwarding Table (RFC4292)

UDP MIB (RFC4113)

The following MIBs have been enhanced to include the notifications listed below each MIB name:

CISCO-SYSTEM-EXT-MIB

cseHaRestartNotify

cseShutDownNotify

cseFailSwCoreNotify

cseFailSwCoreNotifyExtended

ciscoSwFailureNotifEnable

CISCO-ENHANCED-MEMPOOL-MIB

ModuleInstalledMemory

ModuleSystemHeapFree

Dynamically load/unload MIB

CiscoConfigManMIB

ccmHistoryRunningLastSaved

ccmHistoryStartupLastChanged

ccmHistoryRunningLastChanged

Limitations

This section describes the limitations in Cisco NX-OS Release 4.2(1) for the Cisco Nexus 7000 Series switches.

This section includes the following topics:

vPCs

XML Management Interface

QoS

Rollback

Port Profiles

GOLD

Multicast over Tunnel Interfaces

Syslog Message Indicates SAP Failure

vPC Peer Link Inconsistency Messages

VDC Snapshot Files are Saved in bootflash

The Number of SXP Connections Exceeds the Limit

Stale V6 Adjacencies Are Recovered Following an ISSU

Old Switch Name Appears Following Write Erase

A Version Mismatch Syslog Message Displays Following an ISSD

NTP Errors Display During a Switchover

Packet Forwarding in a vPC with a HSRP V6 Group

vPCs

Cisco NX-OS Release 4.2(1) for Cisco Nexus 7000 Series switches supports up to 256 vPCs per device.

The Cisco NX-OS software for Cisco Nexus 7000 Series switches does not support PIM SSM or BIDIR on vPCs; PIM ASM is fully supported.

XML Management Interface

You must enable the Secure Shell (SSH) server on the device to use the XML management interface because this is a mandatory requirement of the NETCONF Configuration Protocol (RFC 4741).

QoS

The Cisco NX-OS software does not support Quality of Service (QoS) policing on Layer 2 interfaces in the egress direction, only ingress.

Rollback

In Cisco NX-OS Release 4.1(4) and later releases, if you configure the Cisco NX-OS device while an atomic rollback is in progress, the rollback operation fails.

Port Profiles

In Cisco NX-OS Release 4.2(1), port profiles do not support Layer 3 (routing and routing protocol) commands nor CTS commands.

A maximum of 512 interfaces can inherit a single port profile.

The system allows only one level of inheritance for all commands for the following functions:

switchport private-vlan mapping

private-vlan mapping

To inherit port profiles, you must have the same configuration settings for the following:

switchport

medium p2p

GOLD

In Cisco NX-OS Release 4.2(1), the PortLoopback test is deprecated on the N7K-M148GS-11 module.

Multicast over Tunnel Interfaces

In Cisco NX-OS Release 4.2(1) and later releases, tunnel interfaces do not support Protocol-Independent Multicast (PIM).

Syslog Message Indicates SAP Failure

During a Service Access Point (SAP) negotiation on a port that is shut, the following syslog message might display:

CTS_SAP_REKEY_FAILED: SAP exchange failed on interface Ethernet8/8. (Reason: CTS hardware programming failure (for action: number))

This message might be triggered when the port is in an Auth Pending state or an SAP rekey is occurring on the port. There is no impact to functionality associated with this message. Enter the no shut command if you see this message and all operations continue normally.

This limitation is associated with CSCtg45647.

vPC Peer Link Inconsistency Messages

In a large scale vPC configuration, operations triggered by the shut command and no shut command on on a peer link, or the reload of secondary switch may cause peer link inconsistency messages to be displayed. The messages appear for a transient period until convergence is achieved. No action is required if you see these messages because the system converges automatically.

This limitation is associated with CSCtf06688.

VDC Snapshot Files are Saved in bootflash

When you create a VDC, a snapshot file is saved in bootflash and remains there even after the VDC is deleted. You can manually delete the snapshot file if it is not needed.

This limitation is associated with CSCte20405.

The Number of SXP Connections Exceeds the Limit

If you have more than 984 SXP connections configured, your system may get extremely busy and nonresponsive. If this occurs, remove some of the SXP connections to get the number of connections under 984. The system does not support more than 984 SXP connections.

This limitation is associated with CSCtf20811.

Stale V6 Adjacencies Are Recovered Following an ISSU

If you perform an ISSU to Cisco NX-OS Release 5.0(2a) from NX-OS Release 4.2(4), any stale V6 adjacencies that exist in persistent storage service (PSS) are recovered. You can enter the clear ip adjacency command to clear these adjacencies.

This limitation is associated with CSCtg51017.

Old Switch Name Appears Following Write Erase

If you boot the kickstart image on a switch, do a write erase, and then load the ISAN image without reloading the switch, the switch comes up with the old switch name. If this occurs, you should reload the switch following the write erase; otherwise, after you load the ISAN image, you can enter the switchname command to change the switch name.

This limitation is associated with CSCsz99964.

A Version Mismatch Syslog Message Displays Following an ISSD

If you perform an ISSD from Cisco NX-OS Release 5.0(2a) to any version lower than Cisco NX-OS Release 4.2(2), a syslog message displays that indicates a PSS1 version mismatch. This message is harmless and does not affect functionality. Any version lower than Cisco NX-OS Release 4.2(1) detects this situation and fixes it without user intervention. Cisco NX-OS Release 4.2(2) detect the situation and fixes it, but does not display a syslog message.

This limitation is associated with CSCtd82864.

NTP Errors Display During a Switchover

During a switchover, the following message displays when the NTP daemon comes up.

2010 Apr 9 13:10:32 qadc3-ind18 %$ VDC-1 %$ ntpd[5251]: ntp:getconfig: Couldn't open </etc/ntp.conf>

This message is informational. Traditionally the NTP configuration is provided by etc/ntp.conf, but this file is not present on the system. On a Cisco Nexus 7000 Series switch, the NTP configuration is provided through the CLI.

This limitation is associated with CSCtg33335.

Packet Forwarding in a vPC with a HSRP V6 Group

In a vPC, packets that are forwarded through an HSRP virtual IP address (VIP) or virtual MAC address (VMAC) might fail. This situation can occur if a VLAN that is in a vPC has a HSRP V6 group and has the use-bia option enabled on an interface. Layer 3 traffic will be disrupted and packets might not reach the VIP. Removing the use-bia option from the interface in the vPC should correct this issue.

Caveats

This section includes the following topics

Open Caveats—Cisco NX-OS Release 5.0

Resolved Caveats—Cisco NX-OS Release 5.0(5)

Resolved Caveats—Cisco NX-OS Release 5.0(3)

Resolved Caveats—Cisco NX-OS Release 5.0(2a)

Resolved Caveats—Cisco NX-OS Release 5.0(2)

Open Caveats—Cisco NX-OS Release 5.0

This section includes the following open caveats:

CSCsm22329

Symptom: QoS statistics require a policing action to allow marking actions to produce statistics.

Conditions: When you define a QoS service policy with only marking actions, the statistics do not work. The statistics feature works only when the service policy has a policing action defined also.

Workaround: You can get statistics for a marking-only policy by applying a dummy policing action to the policies. For example, in addition to the marking actions, you should define a policing action that permits 100 percent traffic. Configure the violate and conform action as transmit.

CSCta03634

Symptom: All member objects of a track list are lost after a configuration rollback.

Conditions: This symptom occurs only when tracking objects of type "track list." The sequence of events that trigger this symptom are as follows:

1. Create a track list with some number of objects configured as members of the track list.

2. Create a checkpoint.

3. Roll back to the created checkpoint.

Workaround: Save the running configuration in a file and restore the configuration from the saved file.

CSCta32738

Symptom: Under certain conditions, TrustSec 802.1AE security negotiations between ports might not complete successfully.

Conditions: You might see this symptom if you have 10-Gbps ports running in full rate dedicated mode as part of a port channel with the Cisco TrustSec 802.1AE Encryption/Authentication feature enabled.

Workaround: Enter the shutdown command on the port, change the port to shared mode, and then enter the no shutdown command.

CSCta58181

Symptom: When you specify a MAC ACL for a WCCP redirect-list and/or service-list of a service group and that ACL is applied to an interface, the SBADDFAIL syslog appears to indicate an invalid ACL. After you receive this error and you change the redirect ACL, the WCCP redirect for the service group is not programmed in the hardware. The syslog is as follows:

Event:E_DEBUG, length:124, at 108444 usecs after Thu Jul  
9 00:38:49 2009
[105] WCCP-EVNT: Send to SPM: Req Id:0x18cb62, Policy 
ID:0, OpMode:DEL, Inte rface:ALL, Type:Match node update, 
Match id: 417 

Event:E_DEBUG, length:74, at 108200 usecs after Thu Jul  9 
00:38:49 2009
[105] WCCP-EVNT: vrf default service 61: Request to 
DELETE Redirect-List <>

Event:E_DEBUG, length:190, at 75267 usecs after Wed Jul  8 
23:58:29 2009
[105] WCCP-EVNT: Rx from SPM: Req id:0x17f5fe, Policy 
ID:1, OpMode:ADD, Inte rface:Ethernet9/1, Type:INGRESS 
Redirect, Request status:FAILED, Error code:0x4116000f, Error 
string:Invalid format

Event:E_DEBUG, length:116, at 27246 usecs after Wed Jul  8 
23:58:29 2009
[105] WCCP-EVNT: Send to SPM: Req id:0x17f5fe, Policy 
ID:1, OpMode:ADD, Inte rface:Ethernet9/1, Type:INGRESS Redirect

Event:E_DEBUG, length:80, at 645750 usecs after Wed Jul  8 
23:58:15 2009
[105] WCCP-EVNT: vrf default service 61: Request to ADD 

Conditions: You might see this symptom when you use a MAC ACL (not an IP ACL) to specify the service-list or redirect-list.

Workaround: Remove the WCCP redirect on the interface. The SBDELFAIL syslog will appear with the following message: invalid id to SPM. Ignore this syslog message, and reconfigure the service group with the proper IP redirect ACL name. Then, reapply the WCCP redirect on the interface.

CSCta65195

Symptom: The ping command to a First Hop Redundancy Protocol (FHRP) virtual IP address from an external device may fail.

Conditions: This problem occurs when you enable Strict Unicast reverse path forwarding (RPF) on FHRP interfaces, and the response from the ping command is forced to take the path using a standby/listen or backup router. To confirm if this symptom exists in your system, enter the ping command to a virtual IP address from the same source with unicast RPF disabled on FHRP-enabled interfaces; check if the ping command succeeds.

Workaround: Reconfigure the RPF to loose RPF.

CSCtb67491

Symptom: When DHCP configuration ACLs are applied to a module that has an incompatible configuration or insufficient resources, the DHCP snooping service displays the message: DHCP_SNOOP-3-HWPGMFAILURE. This behavior is expected. However, when the incompatible configuration or resource restriction is removed, subsequent DHCP configurations will not take affect on such modules and therefore no redirect ACLs are programmed. As a result, DHCP snooping or relay does not work as expected.

Conditions: This symptom occurs only where there is an incompatible configuration (such as resource pooling for example, which is not supported with the DHCP feature) or insufficient resources on the module, and the DHCP configuration is applied within the first 30 seconds of enabling DHCP with the feature DHCP command. This symptom may also occur when the module reloads and incompatible DHCP configuration are applied automatically by the DHCP feature.

Workaround: To avoid this issue, enable DHCP by entering the feature dhcp command, and then wait 30 seconds before applying the same configuration. Otherwise if you have already experienced this issue, take the following steps:

1. Remove the incompatible feature, such as resource pooling, or address the insufficient resource issue.

2. Enter the no feature dhcp command to disable the DHCP feature.

3. Enter the feature dhcp command to enable the DHCP feature.

4. Wait for 30 seconds and then resume the configurations.

CSCtd59280

Symptom: Following a restart, OSPF v3 fails to generate an intra-area Link Service Advertisement (LSA) from the IPv6 loopback interface if there are no IPv4 addresses on the interfaces.

Conditions: You might see this symptom if you do not have any IPv4 addresses on the loopback interfaces.

Workaround: Configure an IPv4 address on a loopback interface.

CSCtd86861

Symptom: DOM (Digital Optical Monitoring) is disabled for X2 transceivers with the manufacturer's part number QFBR-7502-CS3 because these X2 transceivers do not support DOM.

Workaround: Use X2 transceivers with the manufacturer's part number QFBR-7502-CS4 because these transceivers support DOM and DOM is enabled for them.

CSCte50182

Symptom: Layer 2 Protocol Tunneling (L2PT) is not part of the vPC consistency check across 802.1Q tunnel ports.

Conditions: You might see this symptom under these conditions:

L2PT is enabled on a 802.1Q tunnel port on a local switch.

An 802.1Q tunnel port without L2PT is configured on the vPC peer switch.

These ports part of a vPC.

The vPC consistency check does not report an error about the missing L2PT configuration on one of the ports that is part of the vPC.

Workaround: Ensure that all 802.1Q tunnel ports that are part of the vPC have the same L2PT configuration on both vPC peers.

CSCte73854

Symptom: Layer 2 Protocol Tunneling (L2PT) does not work for Spanning Tree Protocol (STP), VLAN Trunking Protocol (VTP), or Cisco Discovery Protocol (CDP) packets coming in on a Cisco Trusted Security (CTS) link to 802.1Q tunnel ports.

Conditions: Enable L2PT on a 802.1Q tunnel port for all supported protocols. Connect the 802.1Q tunnel port onto a trunk port (customer side) that has CTS enabled. L2PT drops all the STP/CDP/VTP frames coming in on the 802.1Q tunnel port because the bridge protocol data units (BPDUs) are encrypted.

Workaround: None. CTS encrypts the payload of the BPDUs (including LLC or SNAP information) thereby making it difficult to identify the BPDU type in order to perform L2PT. Dot1AE encryption with SAP negotiation is not compatible with Q-in-Q tunnels.

CSCtf14834

Symptom: Detecting a newly inserted SFP can take as long as 30 seconds.

Conditions: This symptom might be seen on N7K-M148GT-11, the 48-Port Ethernet I/O module, if a majority of the ports are populated with Copper SFPs and the Copper SFP ports are configured as non-autonegotiate.

Workaround: Wait for a minute before applying any configuration.

CSCtg06552

Symptom: Under certain specific configuration conditions, the following syslog might be seen following a switch reload. None of the physical interfaces are visible in the output of the show interface command:

VMM-2-VMM_TIMEOUT: VDC1: Service SAP 377 timed out in INSERT_SEQ sequence

Conditions: You might see this symptom after a switch reload only when a previously entered copy running-config startup-config command was executed at the same time a configuration session mode command such as the verify command, commit command, or abort command was being processed from a different console or Telnet session. In addition, QoS configurations within the configuration session mode (created using the configuration session session-name command) must exist. This situation can occur in any VDC.

Workaround: Avoid entering a copy running-config startup-config command at the same time when a verify command, a commit command, or an abort command is being processed. If you observe these symptoms after a switch reload, you can resolve the issue by following these steps:

1. Copy the configurations to a file in bootflash by entering the copy startup-config bootflash:filename command.

2. Erase the startup configuration by entering the write erase command.

3. Reload the switch.

4. After the system comes back up, restore the configuration by entering the copy bootflash:filename running-config command.

5. Save the configuration by entering the copy running-config startup-config command.

CSCtg48283

Symptom: OTV overlay statistics are cumulative for all configured overlays.

Conditions: This symptom might be seen when the same join interface is used by multiple overlays.

Workaround: Use a different join interface for each overlay.

CSCtg51234

Symptom: There is a long multicast convergence after an OTV authoritative edge failover in dual-homed devices.

Conditions: The symptom might be seen when there is a failure of the OTV authoritative edge device.

Workaround: None.

CSCtg79256

Symptom: All X2 optical transceivers takes 60 seconds to initialize. After inserting an X2 transceiver, the following syslog message displays:

2010 May 15 02:10:13 switch %ETHPORT-5-IF_HARDWARE: Interface Ethernet8/1, hardware type changed to Transceiver initialization in progress. Can take up to 60 seconds

Conditions: You might see this symptom under normal operating conditions for a Cisco Nexus 7000 Series device.

Workaround: Wait for 60 seconds after insertion of the X2 transceiver, and the Port state will change from xcvrInit to SFP Inserted state.

CSCtg79396

Symptom: If there are more Bidirectional Forwarding Detection (BFD) sessions configured than the Cisco Nexus 7000 Series modules can handle, then a few sessions will not come up.

Conditions: When the BFD protocol is hosted on a module, sessions on physical ports and their subinterfaces always run on the same module bearing the physical port. Sessions on logical ports, such as Layer 3 port channels, their subinterfaces, and SVIs are hosted on one of the modules bearing the carrier links, such as the port channel members or Layer 2 links. There is a limitation on the number of sessions that can be hosted per module. The number of sessions is restricted by the current packet per second (pps) processed by a module. At speed 50/50/3, the number is roughly 10,000 pps, and that module can host 250 sessions. The slower the sessions, the more sessions you can have and vice versa.

In an oversubscription scenario where an administrator has configured more sessions than each module can handle, the sessions are hosted on a module on a first-come first-serve basis. As BFD sessions are symmetric, on both routers the same set of sessions needs to be hosted for them to work correctly. Those sessions that do not have a peer session hosted will fail to come up.

Workaround: Do not configure more sessions than the host modules can support. If there are a large number of subinterfaces for a particular port, select the most important set of subinterfaces where BFD is needed and configure BFD only on those.

CSCtg82227

Symptom: Preconfigured Enhanced Interior Gateway Routing Protocol (EIGRP) interface commands do not take effect after EIGRP has been enabled on an interface.

Conditions: You might see this symptom if the configuration was done manually, starting with preconfigured commands.

Workaround: To work around this issue, enable EIGRP by entering the feature eigrp command, and then enter the ip router eigrp <tag> command on the interface before entering any other commands.

CSCtg84010

Symptom: When daylight saving time is configured on a switch, creating a new user with an expiry date or modifying the expiry date for an existing user may fail, depending on the expiry date.

Conditions: You might see this symptom under the following conditions:

Daylight savings time (summer time) is configured.

The current date and time on the switch is within the daylight savings time zone and the expiry date you are trying to configure is outside the daylight savings time zone and vice-versa.

Workaround: To work around this issue, do one of the following:

If the current time on a switch is within the daylight savings time zone, use an expiry date within the daylight savings time zone; otherwise, use an expiry date outside the daylight savings time zone.

Remove the daylight savings time (summer time) configuration from the switch.

Do not give an expiry date when creating a new user.

CSCtg85564

Symptom: On a Cisco Nexus 7000 Series switch, the system LED on the supervisor modules turned amber following a cold boot of the system, even though all the modules, including the active supervisor module, came up fine.

Conditions: You might see this symptom following a cold boot of a Cisco Nexus 7000 Series switch.

Workaround: Perform a supervisor switchover to ensure that the system LED turns green.

CSCtg92420

Symptom: When you enter the show interface command on the Cisco Nexus 7000 32-port 10-Gigabit Ethernet SFP+ I/O module, the output incorrectly displays storm suppression in packets rather than in bytes.

Conditions: You might see this symptom only on the Cisco Nexus 7000 32-port 10-Gigabit Ethernet SFP+ I/O module.

Workaround: Interpret storm suppression packets as storm suppression in bytes on the Cisco Nexus 7000 32-port 10-Gigabit Ethernet SFP+ I/O module.

CSCtg93564

Symptom: HSRP IPv6 groups get into the initializing state when the interface primary global unicast IPv6 address is removed.

Conditions: This symptom might be seen when the interface primary global unicast IPv6 address is removed and the HSRPv6 groups on that interface move into initializing state, even if they are not configured to use a global unicast virtual address.

Workaround: To work around this issue, add the interface primary unicast IPv6 address back to the HSRPv6 groups, and the groups will resume operation.

CSCtg97144

Symptom: After an ISSU from any Cisco NX-OS Release 4.2(x) to Cisco NX-OS Release 5.0(2), if there is a switch reload, followed by a supervisor switchover, HSRP groups my go to INIT state.

Conditions: This symptom may occur only if the running configuration is not saved to the startup configuration after the ISSU but before the switch reload.

Workaround: Enter the copy running-config startup-config command to save the running configuration to the startup configuration after the ISSU to Cisco NX-OS Release 5.0(2) is complete, even if there are no changes to the configuration.

CSCtg97784

Symptom: When you remove an egress queuing policy from a port channel interface, you might see the following error message:

Note: Service policy with name <policy-map-name> does not exist in output direction on interface: <if-name>

Conditions: You might see this symptom if the port channel contains a mix of ports from the 8-port Gigabit Ethernet I/O module XL (N7K-M108X2-12L) and the 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12), and there is an egress queuing policy applied to the port channel.

Workaround: Apply the same egress queuing policy on all 8-port Gigabit Ethernet I/O module XL ports that are a part of the port channel. Then remove the policy from the port channel.

CSCth02149

Symptom: A Bidirectional Forwarding Detection (BFD) session goes down and fails to come back up.

Conditions: You might see this symptom after a supervisor switchover, followed by a switch reload.

Workaround: Enter the shut command followed by the no shut command on the VLAN interface to bring up the BFD session again.

CSCth45939

Symptom: IPv6 neighbor discovery does not work over the overlay.

Conditions: This symptom might be seen when IPv6 neighbor discovery is sent over the overlay.

Workaround: None.

CSCth65452

Symptom: When you change the default VRF to the non-default VRF for the OTV join interface, traffic over the Unicast OTV GRE tunnel does not go through. In other words, Unicast traffic does not flow through the OTV sites that are connected by these internal OTV GRE tunnels. This issue does not occur if you use the default VRF for the OTV join interface.

Conditions: You might see this symptom in NX-OS Release 5.0(3) when you change the default VRF to the non-default VRF for the OTV join interface.

Workaround: Avoid changing the default VRF name to the non-default VRF name for the OTV join interface.

CSCth79649

Symptom: OTV failures impact the VLANs for which the system is not an authoritative edge device.

Conditions: This symptom might be seen when there is an edge device failure.

Workaround: None.

CSCtk16098

Symptom: Following a cold reboot from Cisco NX-OS Release 5.0(5) to Cisco NX-OS Release 5.1(1), the MAC address table was empty, but the port security table showed static entries on interface eth 4/14.

Conditions: This symptom might be seen if you have port security configured on an interface eth 4/14 and you reboot the switch from Cisco NX-OS Release 5.0(5) to Cisco NX-OS Release 5.1(1).

Workaround: Enter the shut command followed by the no shut command on the port to install the MAC address entries in the MAC address table.

CSCtk16117

Symptom: Following a nondisruptive downgrade from Cisco NX-OS Release 5.1(5) to Cisco NX-OS Release 5.0(5), sticky MAC addresses do not appear in the port security table for interface eth13/13, but the MAC address appears as secured in the MAC table for the same interface.

Conditions: This symptom might be seen when Cisco NX-OS Release 5.1(5) is running on the switch and a downgrade is performed to Cisco NX-OS Release 5.0(5).

Workaround: None.

Resolved Caveats—Cisco NX-OS Release 5.0(5)

CSCte86264

Symptom: Show commands are not in the accounting records sent to AAA servers. Starting with Cisco NX-OS Release 5.0.5, you can enter the terminal log-all command to enable accounting for show commands.

Conditions: This change takes effect starting with Cisco NX-OS Release 5.0(5).

Workaround: This enhancement request is resolved.

CSCtf04410

Symptom: Starting with Cisco NX-OS Release 5.0.5, the terminal log-all command is now a configuration command. The new command replaces existing exec mode command.

Conditions: This change takes effect starting with Cisco NX-OS Release 5.0(5).

Workaround: This enhancement request is resolved.

CSCth43966

Symptom: When you enter the show mac address-table command on a VLAN, the output does not show a specific MAC address, even though the Cisco Nexus 7000 Series switch is continuously receiving traffic through the interface. If the same MAC address on the same VLAN is present on both peer switches, the show mac address-table command might delete the entry.

Conditions: This symptom might be seen when the affected VLAN is not allowed on the vPC peer link.

Workaround: This issue is resolved.

CSCth87955

Symptom: A secondary vPC switch does not send bridge protocol data units (BPDUs) after the peer switch is configured.

Conditions: This symptom might be seen after you configure the vPC peer-switch feature. The secondary vPC switch does not send BPDUs on the vPC member ports.

Workaround: This issue is resolved.

CSCti25583

Symptom: The Cisco Nexus 7000 Series switch sends a DNS name instead of an IP address as a remote address in AAA packet.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

CSCti33104

Symptom: An OTV edge switch does not receive multicast data traffic when there is a receiver at the site.

Conditions: The symptom might occur if both of the following conditions are met:

There are Protocol Independent Multicast (PIM) routers at the site.

The overlay interface is flapped.

Workaround: This issue is resolved.

CSCti35651

Symptom: When the Cisco Nexus 7000 Series switch sends a TACACS command authorization packet to the ACS server, the remote address is empty. Starting with Cisco NX-OS Release 5.0(5), the switch now fills in the remote address field in a TACACS packet when sending a command authorization request to the AAA server.

Conditions: This change takes effect starting with Cisco NX-OS Release 5.0(5).

Workaround: This enhancement request is resolved.

CSCti54025

Symptom: When BFD and ACL are both configured on a Cisco Nexus 7000 Series switch, the ACL might not work properly.

Conditions: This symptom might be seen when both BFD and ACL are configured on a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved, but the following situation can occur. If you perform an ISSU from a Cisco NX-OS release that has this problem to a Cisco NX-OS release that has the fix for the problem, the issue might not automatically be corrected. In the context of an ACL QoS, the ISSU does not affect hardware and the issue can remain.

Following an ISSU on a module, the BFD process on the supervisor will try to delete policies and re-add the policies. This situation occurs on every module, but it is possible that some modules can fix the issue, while others cannot fix it. As a result, some BFD sessions can potentially flap if the interfaces are spanned across multiple modules, such as in a port channel or a switch virtual interface.

There are two options to consider to resolve this issue:

Disable the BFD feature before the ISSU, and then reenable BFD after the ISSU is completely finished.

Reload the module where the BFD feature is configured. This action is disruptive to the traffic on the modules so it is not recommended.

CSCti7312

Symptom: The vrrp_engine process may restart if you periodically enter a show running vrrp command or a show running-config command.

Conditions: The issue might be seen because of a memory leak in the vrrp_engine process of the VRRP service. The problem is self-correcting. When the memory leak exceeds certain thresholds, the process restarts and recovers gracefully.

Workaround: This issue is resolved.

CSCtj76345

Symptom: The mac address-table static mac-address vlan vlan-id drop command should drop frames on both directions. However, it drops a frame only when it is destined for the configured MAC address and does not drop a frame when it is sourced from that particular MAC address.

Conditions: This symptom might be seen under normal operating conditions of a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

CSCtj76496

Symptom: NetFlow does not receive traffic when dhcp-relay is configured.

Conditions: This symptom might be seen when dhcp-relay is configured on an interface.

Workaround: This issue is resolved, but the following situation can occur. If you perform an ISSU from a Cisco NX-OS release that has this problem to a Cisco NX-OS release that has the fix for the problem, the issue might not automatically be corrected. In the context of an ACL QoS, the ISSU does not affect hardware and the issue can remain.

There are two options to consider to resolve this issue:

Remove the netflow policy before the ISSU, and then reenable the netflow policy after the ISSU is completely finished.

Reload the module where the netflow feature is configured. This action is disruptive to the traffic on the modules so it is not recommended.

CSCtj83417

Symptom: After the copy running-config startup-config command was entered, the following messages displayed:

2010 Nov 16 22:01:14.864 sh-iad-b %SYSMGR-3-CFGWRITE_SRVFAILED: Service "Tacacs Daemon" failed to store its configuration (error-id 0x80480018).

2010 Nov 16 22:01:15.157 sh-iad-b %SYSMGR-2-CFGWRITE_ABORTED: Configuration copy aborted.

2010 Nov 16 22:01:21.907 sh-iad-b %SYSMGR-3-CFGWRITE_FAILED: Configuration copy failed (error-id 0x401E0000).

In addition, following an ISSU or ISSD, the following messages are displayed:

<Mon Nov 1 13:41:37 2010> cfg_action_rsp_process: service: Tacacs Daemon failed to save its config: (null) (0x18004880)

<Mon Nov 1 13:41:38 2010> is_cfg_action_succeded: service: Tacacs Daemon has state SRV_STATE_CFG_ACTION_FAILED- returning FALSE since cfg action did not succeed

<Mon Nov 1 13:41:38 2010> write_config: cfg write failed- exiting

<Mon Nov 1 13:41:38 2010> restore_ramfs_cfg: calling startcfg_mount_flash_startup_cfg_partitions() to mount /mnt/cfg/0 and /mnt/cfg/1

Conditions: This symptom might be seen when DNS resolution is disabled and you enter the no ip domain-lookup command.

Workaround: This issue is resolved.

CSCtj86897

Symptom: In a vPC setup, moving a virtual IP address to another physical host that is across the peer link causes adjacency issues with the virtual host.

Conditions: This symptom might be seen in a vPC setup where the virtual host needs to move to a new physical host across the vPC peer link.

Workaround: This issue is resolved.

Resolved Caveats—Cisco NX-OS Release 5.0(3)

CSCte86287

Symptom: When a debounce time is set, the front-panel LED turns off if the link does not go down after the initial link down.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

CSCtf27037

Symptom: On a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 4.2, the L2fm process fails during an ISSU and switchover. At the same time, the L2fm process was exchanging many messages through the CFS.

Conditions: This symptom might be seen under the following conditions:

An ISSU occurs with a peer vPC switch running Cisco NX-OS Release 4.2.

On the switchover during the ISSU, the L2fm process recovers MAC addresses from the modules and peer. If the last MAC address has a particular flag set, then the recovery process gets into a loop, which ultimately results in a process failure.

Workaround: This issue is resolved.

CSCtf30682

Symptom: If a switch virtual interface (SVI) with Global Load Balancing Protocol (GLBP) is deleted without first removing the GLBP from the SVI, the uRIB will then show a /32 null route to the virtual IP address.

switch(config)# sh ip route 192.168.1.2

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

192.168.1.2/32, ubest/mbest: 1/0

*via 192.168.1.2, (null), [0/0], 00:00:12, glbp

Conditions: This symptom might be seen under these conditions: the SVI must have a GLBP VIP configured; the SVI must be up and in the uRIB; and the SVI must be deleted without first removing the GLBP configuration.

Workaround: This issue is resolved.

CSCtf56714

Symptom: Prior to removing the vpc xx command for a vPC member link port channel, a warning should be displayed.

Conditions: This enhancement can be seen in configuration mode.

Workaround: This issue is resolved.

CSCtg11776

Symptom: Scheduled jobs start failing approximately 24 to 48 hours after they are configured.

Conditions: This symptom may be seen when AAA remote authentication is configured, but does not appear in the running or saved configuration.

Workaround: This issue is resolved.

CSCtg32977

Symptom: Call Home e-mail names do not support the following special characters:
! # $ % & ' * + - / = ? ^ _ ` . { | } ~

Conditions: Although special characters are now supported, the following types of addresses are not supported:

E-mail addresses starting with the pipe character (|).

valid: some|one@somewhere.com

invalid: |someone@somewhere.com

E-mail addresses with multiple single quotes; the first character as a single-quote is allowed

valid: s'o'm'e'o'n'e@somewhere.com

valid: 'someone@somewhere.com

invalid: 'some'one@somewhere.com

Workaround: This issue is resolved.


Note If you use one of these special characters and if CFS is enabled and there is a switch that is running an image that does not support these special characters, then the configuration commit will fail.


CSCtg74537

Symptom: A VLAN interface does not go to the UP/UP state when ports in the VLAN are using Spanning Tree Protocol (STP) forwarding.

Conditions: This symptom might be seen if a new VLAN is created and you enter the shut command followed by the no shut command on the VLAN (not on the switch virtual interface (SVI)).

Workaround: This issue is resolved.

CSCtg76785

Symptom: On a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 4.2, the L2fm process fails during an ISSU and switchover. At the same time, the L2fm process was exchanging many messages through the CFS.

Conditions: This symptom might be seen under the following conditions:

An ISSU occurs with a peer vPC switch running Cisco NX-OS Release 4.2.

On the switchover during the ISSU, the L2fm process recovers MAC addresses from the modules and peer. If the last MAC address has a particular flag set, then the recovery process gets into a loop, which ultimately results in a process failure.

Workaround: This issue is resolved.

CSCtg78892

Symptom: When an ISSD is performed from NX-OS Release 5.0(2a) to NX-OS Release 4.2(x), the virtual IP addresses in the FHRP (HSRP, VRRP, GLBP) may not be recovered properly.

Conditions: This symptom might be seen when the configuration has FHRP groups configured and an ISSD is done from NX-OS Release 5.0(2a) to NX-OS Release 4.2(x). The PSS recovery of virtual IP addresses during the downgrade can sometimes fail.

Workaround: This issue is resolved.

CSCtg79818

Symptom: Under a very strict set of conditions, ACLs might not be programmed in hardware on Layer 3 subinterfaces.

Conditions: The following very strict set of conditions must be present before this symptom is seen:

There must be a parent Layer 3 interface or port channel without any ACLs applied.

There must be a number of Layer 3 subinterfaces where there is at least one subinterface with an ACL configured.

A switchover must have occurred prior to any configuration change.

An attempt to configure an ACL on an existing subinterface that did not have any ACLs configured or on any new subinterfaces where an ACL is configured will fail. As a result, the configuration is not applied to the device. You can confirm this by entering the show access-list name summary command or the show access-list number summary command.

Workaround: This issue is resolved.

CSCtg81580

Symptom: Bidirectional Forwarding Detection (BFD) frames sent on Layer 3 interfaces do not have a 802.1Q tag.

Conditions: This symptom might be seen if there is congestion in the Layer 2 network where BFD is running, which leaves a possibility for these BFD frames to be dropped. This situation will cause a false BFD session down event and a protocol adjacency flap for which BFD packets are dropped.

Workaround: This issue is resolved.

CSCtg83783

Symptom: A reload of a primary VPC sometimes causes internal timeouts that lead to some ports becoming error disabled.

Conditions: This symptom might be seen when the autostate featured is configured for SVIs in a scaled vPC topology with several hundred SVIs on an MCT link.

Workaround: This issue is resolved.

CSCtg86021

Symptom: Protocol Independent Multicast (PIM) neighbors lose adjacency when connected through a Cisco Nexus 7000 Series switch.

Conditions: This symptom might be seen when an ingress port to a Cisco Nexus 7000 Series switch is a trunk and IGMP snooping is enabled.

Workaround: This issue is resolved.

CSCtg86355

Symptom: Quoted strings are configurable for the customer ID and site ID in a Callhome configuration.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

CSCtg88508

Symptom: An IGMP snooping message is continuously logged on a Layer 2 switch with ICMP snooping enabled.

Conditions: This symptom might be seen when IGMP joins and leaves are processed many times by the IGMP snooping process on the switch.

Workaround: This issue is resolved.

CSCtg91237

Symptom: A rollback operation fails if it involves any port profile commands.

Conditions: This symptom might be seen when the rollback patch has port profile commands of port profiles that are state enabled and inherited on interfaces.

Workaround: This issue is resolved.

CSCtg91404

Symptom: A recovery of the vPC process may occur, and the following message might be seen:

%SYSMGR-2-SERVICE_CRASHED: Service "vpc" (PID <PID>) hasn't caught signal 11 (core will be saved).

Conditions: This symptom was seen in Cisco NX-OS Release 4.2(4) in a vPC configuration when the show vpc orphan-ports command was entered.

Workaround: This issue is resolved.

CSCtg92807

Symptom: A Cisco Nexus 7000 Series switch fails for the service igmp. The following message might be seen:

%SYSMGR-2-SERVICE_CRASHED: Service "igmp" (PID 5472) hasn't caught signal 11 (core will be saved).

%IGMP-3-RESTART_REASON: igmp [18520] IGMP process has restarted, restart reason: crashed, will preserve routes

Conditions: This symptom was seen after IGMP V3 was configured for a switch virtual interface (SVI) and the Cisco NX-OS was still processing the IGMP V3 report.

Workaround: This issue is resolved.

CSCtg92465

Symptom: A switch virtual interface (SVI) is up but the SVI MAC address is missing from modules running Cisco NX-OS Release 5.0(2a).

Condition: This symptom might be seen during SVI flaps if the SVI MAC address of the switch is learned as a dynamic entry when the SVI is down and multiple notifications are sent, one of which deletes the static SVI gateway MAC address.

Workaround: This issue is resolved.

CSCtg93564

Symptom: HSRP groups get into the init state when the primary interface global unicast IPv6 address is removed.

Conditions: This symptom might be seen only if the primary interface, global unicast IPv6 address is removed. Even with a local interface link IPv6 address, HSRP goes to init state. This symptom does not occur if the primary interface, global unicast IPv6 address is not removed or added.

Workaround: This issue is resolved.

CSCtg94800

Symptom: The no ip vip secondary command does not remove the secondary VIP addresses in the group.

Conditions: This symptom might be seen when you configure the secondary VIP addresses in a group and then try to remove them by entering the no ip vip secondary command.

Workaround: This issue is resolved.

CSCtg97646

Symptom: Repeated fast flapping of interfaces or an error with the SFP may cause an SFP process to fail.

Conditions: This symptom might be seen on the Cisco Nexus 48-port 1-Gigabit Ethernet SFP I/O module and the Cisco Nexus 48-port 1-Gigabit Ethernet SFP I/O module XL.

Workaround: This issue is resolved.

CSCtg99418

Symptom: A Cisco Nexus 7000 Series switch will have two hostnames: one before login (which is the old name) and one after login (which is the new name).

Conditions: This symptom might be seen when the new hostname has a period (.) in it.

Workaround: This issue is resolved.

CSCth00183

Symptom: The show interface transceiver command does not display the correct SFP type. GLC-LH-SM is displayed as 1000base-BX.

Conditions: This symptom might be seen when Cisco NX-OS software reads a certain segment in the SFP SPROM to identify the SFP type. The segments in the GLC-LH-SM and the 1000BASE-BX SFP are identical, which leads to the incorrect display of the SFP type.

Workaround: This issue is resolved.

CSCth02484

Symptom: In Cisco Nexus NX-OS Release 4.2.x and Release 5.0(2), the Netstack process may fail when collecting information for a show tech command or while executing the show ip internal ppf command.

Conditions: This symptom might be seen when dumping the Netstack database. If there is any corruption in the database, the process may fail.

Workaround: This issue is resolved.

CSCth18037

Symptom: The logging server displays the use-vrf default in the configuration even though it is the default.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch with a dual supervisor configuration.

Workaround: This issue is resolved.

CSCth14197

Symptom: A LACP lag mismatch caused port channels to flap.

Conditions: This symptom was seen after a reload, when a vPC secondary node was restored.

Workaround: This issue is resolved.

CSCth15596

Symptom: Following a switchover or reload, router mode commands for multi-instance protocols do not get delivered to all Layer 3 routing protocols.

Conditions: This symptom might be seen when process tag names have a dash (-) character as part of the tag, such as in this tag name: router isis isis-pros-1.

Workaround: This issue is resolved.

CSCth21869

Symptom: An internal Layer 2 process failed.

Conditions: This symptom was seen when the router reloads and the switch does not boot up.

Workaround: This issue is resolved.

CSCth24137

Symptom: Traffic loss occurred because a (S,G) route had the wrong RPF interface. (S,G) should have the RPF interface of a (*,G) route.

Conditions: This symptom might be seen if the following two events happen on a router at almost the same time:

The router receives a PIM (S,G,RP-bit) Assert or a (S,G,RP-bit) Prune

A multicast data packet for that (S,G) is leaked to the supervisor, or the router learns the MSDP (S,G) route

The (S,G) route can then get to a state where its RPF-interface or neighbor is the same as that of the (*,G) route. If the RPF-interface or neighbor for the Source S should be different from that of the (*,G), as determined by the unicast routing, then traffic is not received from the source S, and no forwarding happens on the (S,G).

Workaround: This issue is resolved.

CSCth24330

Symptom: Under load conditions, the CFS process may fail due to exceeding the heap limit.

Conditions: This symptom might be seen when DHCP snooping is enabled in a vPC environment, or under load conditions.

Workaround: This issue is resolved.

CSCth24770

Symptom: Under load conditions in a vPC environment, applications like STP might not be able to transmit messages to the peer switch.

Conditions: This symptom might be seen under load conditions in a vPC environment.

Workaround: This issue is resolved.

CSCth31712

Symptom: Some CPU values on the Cisco NX-OS process may spike to more than 100 percent.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running Cisco NX-OS.

Workaround: This issues is resolved.

CSCth32903

Symptom: The logging level for an interface VLAN disappears after a switchover, and then the configuration does not appear in the running configuration.

Conditions: This symptom might be seen following a supervisor switchover.

Workaround: This issue is resolved.

CSCth34076

Symptom: When you boot a Cisco Nexus 7000 Series switch, the following error message might display:

%KERN-3-SYSTEM_MSG: FAT: Filesystem

panic (dev sda1) - kernel

Conditions: You might see this symptom if the Cisco Nexus 7000 Series switch has a USB module inserted.

Workaround: This issue is resolved.

CSCth38852

Symptom: The supervisor failed on a Cisco Nexus 7000 Series switch when an SNMP configuration was applied following an upgrade to Cisco NX-OS Release 5.0(2a).

Conditions: This symptom might be seen following an upgrade to Cisco NX-OS Release 5.0(2a).

Workaround: This issue is resolved.

CSCth54183

Symptom: Following a reload of a Cisco Nexus 7000 Series module, the ports on a nondefault VDC are down.

Conditions: This symptom might be seen when there are repeated interrupts on an SFP due to a bad peer, SFP, or cable.

Workaround: This issue is resolved.

CSCth54680

Symptom: A ping through the management interface may sometimes fail.

Conditions: After multiple switchovers, there is a possibility that ping through the management interface may not succeed.

Workaround: This issue is resolved.

CSCth58016

Symptom: If Netflow is enabled on Virtual Port Channel (vPC) interfaces, it either does not work as expected, or displays errors during a chassis reload with a Netflow startup configuration.

Conditions: This symptom might be seen when a Netflow configuration that is enabled on vPC interfaces triggers a software bug that leads to the symptom.

Workaround: This issue is resolved.

CSCth61111

Symptom: A DHCP relay agent on a Cisco Nexus 7000 Series switch may corrupt DHCP discovery packets.

Conditions: This symptom might be seen only in NX-OS Release 5.0(2a). It occurs in two cases:

If the payload of DHCP is larger than 512 bytes. For example, if the DHCP clients adds 600+ bytes of padding (0x00) behind the end option (0xFF).

If the don't fragment bit in the IP header of the DHCP discover packet is set.

Workaround: This issue is resolved.

CSCth66359

Symptom: When VDCs are moved across device groups, the hostnames are duplicated.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

CSCth69876

Symptom: When a switchover occurs on a vPC primary switch, Spanning Tree Protocol (STP) is not able to generate a bridge protocol data unit (BPDU) on time. As a result, ports get blocked by a loop guard on connected switches.

Conditions: This symptom might be seen when a switchover occurs on a vPC primary switch.

Workaround: This issue is resolved.

CSCth73939

Symptom: When you configure the DHCP IP relay command along with WCCP redirect statements on the same interface, the configuration does not allow WCCP to redirect packets.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

CSCth76379

Symptom: When the internal Open Shortest Path First (OSPF) protocol message queue is full and a large amount of updates arrive, it is possible that an OSPF neighbor relationship will not be formed with the router.

Conditions: Under certain conditions, the OSPF internal message queue could fill up and eventually prevent further OSPF messaging until the condition is cleared by a reload or a supervisor switchover.

Workaround: This issue is resolved.

Resolved Caveats—Cisco NX-OS Release 5.0(2a)

CSCtg97470

Symptom: If port 2 on a 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) is configured as a member of a port channel, duplicate frames are forwarded on the port channel following an ISSU to Cisco NX-OS Release 5.0(2).

Conditions: This symptom might be seen if port 2 on a 32-port 10-Gigabit Ethernet SFP+ I/O module is in shared rate mode.

Workaround: This issue is resolved. Enter the shut command on port 2 on all 32-port 10-Gigabit Ethernet SFP+ I/O modules in the switch prior to the upgrade to Cisco NX-OS Release 5.0(2). After the ISSU, enter the no shut command on the ports.

Resolved Caveats—Cisco NX-OS Release 5.0(2)

CSCsy16113

Symptom: The vPC stays in the suspended state on a device when both vPC peer devices power cycle and only one of these devices comes back online.

Conditions: You might see this symptom when both vPC peer devices power cycle.

Workaround: This issue is resolved.

CSCtd26157

Symptom: The output of the show int eth slot / slot transceiver command displays the wrong values for fiber lengths.

Conditions: This symptom might be seen when SFP+ transceivers are used.

Workaround: This issue is resolved.

CSCtd75831

Symptom: Under a memory alert condition, a Border Gateway Protocol (BGP) session can be brought down. But the output of the show neighbor command does not indicate the reason and there is no way for a user to know why the session is not coming back up.

Conditions: This symptom might be seen when there is a minor, major, or critical platform memory alert, and the BGP session can be brought down.

Workaround: This issue is resolved.

CSCtd86169

Symptom: The maximum NTP poll interval was 64. This value was chosen with timestamps in mind. A CLI option has been provided to allow the user to configure the maximum and minimum poll interval values, still keeping the default to be 64.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series device.

Workaround: This issue is resolved.

CSCte01050

Symptom: The output of the Embedded Event Manager (EEM) applet is not displayed in alphabetic order.

Conditions: This symptom might be seen when you enter the show running-config eem command to check an EEM configuration. The output is not sorted in alphabetical order which makes it difficult to verify and track the applets because they have similar names.

Workaround: This issue is resolved.

CSCte54283

Symptom: When you log into the switch, you do not see a license expiration warning message.

Conditions: You might see this symptom under normal operating conditions of a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved by adding a license expiry warning message that displays at login when a license expiry is less than 15 days. If the expiry time is less than 7 days, an acknowledgement of the risk of license expiration is required to proceed further.

CSCte81389

Symptom: If you enter the show system resource command, the memory usage that is displayed is incorrect. The total memory does not equal the memory used plus the memory available.

Conditions: This symptom might be seen if the supervisor has more than 4 GB of memory.

Workaround: This issue is resolved.

CSCte93688

Symptom: The show ip isis|eigrp command does not show the information for the correct routing instance.

Conditions: This symptom might be seen when you use more than one route instance with a named process tag.

Workaround: This issue is resolved.

CSCtf14732

Symptom: Policing for an interface is not functional even when there is a QoS policy applied to the interface with a policing configuration.

Conditions: This symptom might be seen when match cos is applied as an additional classifier to a class map that is already part of a service policy applied to an interface. The hardware does not support the additional classifier and the attempt to add match cos fails with a warning message. After this, configured policing parameters are not restored, packets are not policed, and policing is no longer functional for the class.

Workaround: This issue is resolved.

CSCtf41960

Symptom: The interface counters for the management 0 interface return incorrect values through SNMP. The In/Out counters are all zero.

Conditions: This symptom might be seen with the management 0 interface.

Workaround: This issue is resolved.

CSCtf63878

Symptom: A process may fail following an ISSU from Cisco NX-OS Release 4.2(3) to Release 4.2(4).

Conditions: This symptom might occur if prior to the ISSU, Layer 2 interfaces are changed to Layer 3, and then after the ISSU, the interfaces go down.

Workaround: This issue is resolved.

CSCtf99048

Symptom: The value of cefcFRUPowerOperStatus is shown incorrectly as offEnvOtherof in the CISCO-ENTITY-FRU-CONTROL-MIB, even though the show module command shows the module as being up.

Conditions: This symptom might be seen under usual normal conditions for a Cisco Nexus 7000 Series device.

Workaround: This issue is resolved.

CSCtg14789

Symptom: The show logging onboard command does not include standby supervisor logs due to a syntax error.

Conditions: This symptom might be seen when the command is executed from the active supervisor module and is intended to collect the logs from all modules in the system.

Workaround: This issue is resolved.

CSCtg35246

Symptom: When a terminal client sends a Telnet Negotiate About Window Size option message or SSH WINDOW_ADJUST message with a small window size, the VTY session is disconnected and a core file from the VSH process might be generated.

Conditions: You might see this symptom on Cisco Nexus 7000 Series devices when a terminal client sends a small window size. Some PuTTy wrappers are known to do this when the parent window is minimized.

Workaround: This issue is resolved.

CSCtg36399

Symptom: When you copy and paste the output of a show running-config eem command for an EEM SNMP policy configuration, the configuration fails when applied to a device.

Conditions: This symptom might be seen if you configure an SNMP trap action as part of an EEM policy, such as:

action 1.0 snmp-trap intdata1 10 intdata2 20 strdata "hello"

When you enter the show running-config eem command, the output shows extra text:

action 1.0 snmp-trap intdata1 10 intdata2 20 strdata "hello" event-type $_event_type policy-name $_policy_name

If you copy and paste the command output to apply the configuration to a device, the configuration will fail for each of the action name snmp-trap commands.

Workaround: This issue is resolved.

CSCtg37200

Symptom: One syslog threshold message was displayed on a Cisco Nexus 7000 Series switch with a Cisco Nexus 7000 32-port 10-Gigabit Ethernet SFP+ I/O module that had a threshold configured for broadcast storm suppression. The second message was not displayed. When traffic on the interface breaches the upper threshold and later drops, the switch should display two syslog messages:

%ETHPORT-5-STORM_CONTROL_ABOVE_THRESHOLD
%ETHPORT-5-STORM_CONTROL_BELOW_THRESHOLD

Conditions: This symptom was seen on a Cisco Nexus 7000 32-port 10-Gigabit Ethernet SFP+ I/O module. The ABOVE_THRESHOLD syslog message was displayed once immediately after the module reloaded. No other messages were displayed, even though storm suppression packets increased and stopped correctly.

Workaround: This issue is resolved.

Related Documentation

Cisco NX-OS documentation is available at the following URL:

http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html

The Release Notes for upgrading the FPGA/EPLD is available at the following URL:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/epld/epld_rn.html

The following are related Cisco NX-OS documents:

Cisco NX-OS Configuration Guides

Cisco Nexus 7000 Series NX-OS Getting Started with Virtual Device Contexts, Release 5.x

Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Quality of Service Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS OTV Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Software Upgrade and Downgrade Guide, Release 5.x

Cisco NX-OS Licensing Guide

Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x

Cisco NX-OS XML Management Interface User Guide, Release 5.x

Cisco NX-OS System Messages Reference

Cisco Nexus 7000 Series NX-OS MIB Quick Reference

Cisco NX-OS Command References

Cisco Nexus 7000 Series NX-OS Command Reference Master Index, Release 5.x

Cisco Nexus 7000 Series NX-OS Fundamentals Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Interfaces Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Quality of Service Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Multicast Routing Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Security Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS Virtual Device Context Command Reference, Release 5.x

Cisco Nexus 7000 Series NX-OS System Management Command Reference, Release 5.x

Other Software Document

Cisco Nexus 7000 Series NX-OS Troubleshooting Guide, Release 5.x

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.