First Published: March 21, 2018

Last Updated: September 22, 2020

Cisco UCS C-Series Servers

Cisco UCS C-Series Servers deliver unified computing in an industry-standard form factor to reduce total cost of ownership and increase agility. Each product addresses varying workload challenges through a balance of processing, memory, I/O, and internal storage resources.

About the Release Notes

This document describes the new features, system requirements, open caveats and known behaviors for C-Series software release 3.1(3) including Cisco Integrated Management Controller software and any related BIOS, firmware, or drivers. Use this document in conjunction with the documents listed in the Related Documentation section.


Note

We sometimes update the documentation after original publication. Therefore, you should also refer to the documentation on Cisco.com for any updates.

Revision History

Revision

Date

Description

J0

September 22, 2020

Following changes were made:

I0

September 17, 2019

Following changes were made:

H0

November 05, 2018

Following changes were made:

G0

September 10, 2018

Following changes were made:

  • Updated the Resolved Caveats section.

  • Updated the HUU versions to 3.1(3h). Firmware for the following hardware was updated:

    • Intel® SSD DC S4500 and DC S4600 Series SATA

    • Micron 5100 SATA SSD (M.2 and U.2)

    • Intel® SSD DC P4500 and P4600 Series NVMe

    The firmware files in Cisco Host Upgrade Utility for individual releases are available at: Cisco UCS C-Series Integrated Management Controller Firmware Files, Release 3.1

F0

July 20, 2018

Following changes were made:

E0

June 25, 2018

Following changes were made:

D0

May 30, 2018

Following changes were made:

C0

May 15, 2018

Following changes were made:

  • Added the Software Advisory for CSCvj32984.

  • Updated the Open Caveats sections for 3.1(3a) and 3.1(3b) releases.

B0

May 10, 2018

Following changes were made:

A0

March 21, 2018

Created release notes for 3.1(3a).

Supported Platforms and Release Compatibility Matrix

Supported Platforms

The following servers are supported in this release:

  • UCS-C220 M5

  • UCS-C240 M5

  • UCS-C480 M5

  • UCS-S3260 M5

For information about these servers, see Overview of Servers

Cisco IMC and Cisco UCS Manager Release Compatibility Matrix

Cisco UCS C-Series and S-Series Rack-Mount Servers are managed by built-in standalone software — Cisco Integrated Management Controller (Cisco IMC). However, when a C-Series or a S-Series Rack-Mount Server is integrated with Cisco UCS Manager, the Cisco IMC does not manage the server anymore.

The following table lists the C-Series software standalone and Cisco UCS Manager releases for C-Series and S-Series Rack-Mount Servers:

Table 1. Cisco C-Series and UCS Manager Software Releases for C-Series Servers

C-Series Standalone Release

Cisco UCS Manager Release

C-Series Servers

3.1(3k)

3.2(3p)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3j)

No Support

Note 

We support discovery and upgrade or downgrade functions with Cisco UCS Manager.

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3i)

3.2(3i)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3h)

3.2(3h)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3g)

3.2(3g)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3d)

3.2(3e)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3c)

3.2(3d)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(3b)

3.2(3b)

Cisco UCS C480 M5, C220 M5, and C240 M5 servers

3.1(3a)

3.2(3a)

Cisco UCS C480 M5, C220 M5, C240 M5, and S3260 M5 servers

3.1(2d)

3.2(2d)

Cisco UCS C480 M5, C220 M5, and C240 M5 servers

3.1(2c)

3.2(2c)

Cisco UCS C480 M5, C220 M5, and C240 M5 servers

3.1(2b)

3.2(2b)

Cisco UCS C480 M5, C220 M5, and C240 M5 servers

3.1(1d)

3.2(1d)

Cisco UCS C220 M5 and C240 M5 servers

3.0(3a)

3.1(3a)

Cisco UCS C220 M5 and C240 M5 servers

3.0(2b)

No Support

Note 

We support discovery and upgrade or downgrade functions with Cisco UCS Manager.

Cisco UCS C220 M5 and C240 M5 servers

3.0(1d)

No Support

Note 

We support discovery and upgrade or downgrade functions with Cisco UCS Manager.

All Cisco UCS M3 and M4 servers except C420 M3

2.0(13e)

3.1(2b)

All Cisco UCS M3 and M4 servers except C420 M3

2.0(10b)

3.1(1g)

Cisco UCS C220 M4 and C240 M4 servers

2.0(9c)

3.1(1e)

All Cisco UCS M3 and M4 servers

2.0(9f)

2.2(7b)

All Cisco UCS M3 and M4 servers except C420 M3

2.0(10b)

2.2(7b)

Cisco UCS C220 M4 and C240 M4 servers

1.5(9d)

2.2(7b)

Cisco UCS C420 M3, C260 M2, and C460 M2

1.5(9d)

2.2(8f)

Cisco UCS C420 M3, C260 M2, and C460 M2

2.0(9c)

2.2(8f)

All Cisco UCS M3 and M4 servers

2.0(10b)

2.2(8f)

Cisco UCS C220 M4 and C240 M4 servers

2.0(12b)

2.2(8f)

Cisco UCS C460 M4 server

1.5(8a)

2.2(6g)

Cisco UCS C420 M3, C260 M2, and C460 M2 servers

2.0(8d)

2.2(6c)

All Cisco UCS M3 and M4 servers

1.5(7f)

2.2(5b)

Cisco UCS C420 M3, C260 M2, and C460 M2 servers

2.0(6d)

2.2(5a)

All Cisco UCS M3 and M4 servers

1.5(7a)2

2.2(4b)

Cisco UCS C420 M3, C260 M2, C460 M2 servers

2.0(4c)

2.2(4b)

All Cisco UCS M3 and M4 servers

1.5(7c)1

2.2(3b)

Cisco UCS C420 M3, C260 M2, and C460 M2 servers

2.0(3d)1

2.2(3a)

All Cisco UCS M3 and M4 servers

System Requirements

The management client must meet or exceed the following minimum system requirements:

  • Sun JRE 1.8.0_92 or later (Till 1.8.0_121)

  • HTML based interfaces are supported on:

    • Microsoft Internet Explorer 10.0 or 11

    • Mozilla Firefox 30 or higher

    • Google Chrome 38 or higher

    • Safari 7 or higher


    Note

    If the management client is launched using an unsupported browser, check the help information from the For best results use supported browsers option available in the login window for the supported browser versions.

  • For Classic View - all browsers must have Adobe Flash Player 11 plug-in or higher. Supported browsers are:

    • Microsoft Internet Explorer 11 or higher

    • Mozilla Firefox 54 or higher

    • Google Chrome 61 or higher

    • Safari 11 or higher

  • Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows Vista, Microsoft Windows 10, Apple Mac OS X v10.6, Red Hat Enterprise Linux 5.0 or higher operating systems

  • Transport Layer Security (TLS) version 1.2.

Hardware and Software Interoperability

For detailed information about storage switch, operating system and adapter, see the Hardware and Software Interoperability Matrix for your release located at:

http://www.cisco.com/en/US/products/ps10477/prod_technical_reference_list.html


Note

Connectivity is tested between the server and the first connected device. Further connections, such as to storage arrays after a switch are not listed in the Cisco UCS Hardware Compatibility List though they may be highlighted in the vendor support matrix for those devices.

For details about transceivers and cables that are supported on VIC cards, see the Transceiver Modules Compatibility Matrix

You can also see the VIC data sheets for more compatibility information: Cisco UCS Virtual Interface Card Data Sheets

Upgrade Paths for Release 3.1(x)

The section provides information on the upgrade paths to release 3.1(x). Refer to the table for upgrade paths for various Cisco UCS C-series IMC versions.

Table 2. Upgrade Paths to Release 3.1(x)

Upgrade From Release

Upgrade To Release

Recommended Upgrade Path

For all M5 Servers

3.1(x)

Follow below upgrade path:

  • You can use Interactive HUU or Non-Interactive HUU (NIHHU) script to update the server.

  • While updating the firmware using the Non-Interactive HUU (NIHUU) tool, use the Python scripts that are released with version 3.1(2b).

  • Use OpenSSL 1.0.1e-fips on the client side (where the NIHUU python scripts are running).

  • Download HUU iso from here.

  • Download NIHUU script from here.

Firmware Upgrade Details

Firmware Files

The C-Series software release 3.1(3) includes the following software files:

CCO Software Type File name(s) Comment
Unified Computing System (UCS) Server Firmware

ucs-c240m5-huu-3.1.3.iso

ucs-c220m5-huu-3.1.3.iso

ucs-c480m5-huu-3.1.3.iso

ucs-s3260-huu-3.1.3.iso

For release specific ISO versions, see Cisco UCS C-Series Integrated Management Controller Firmware Files, Release 3.1

Host Upgrade Utility
Unified Computing System (UCS) Drivers ucs-cxxx-drivers.3.1.3.iso Drivers
Unified Computing System (UCS) Utilities

ucs-cxxx-utils-efi.3.1.3.iso

ucs-cxxx-utils-linux.3.1.3.iso

ucs-cxxx-utils-vmware.3.1.3.iso

ucs-cxxx-utils-windows.3.1.3.iso

Utilities

Note

Always upgrade the BIOS, the Cisco IMC and CMC from the HUU ISO. Do not upgrade individual components (only BIOS or only Cisco IMC), since this could lead to unexpected behavior. If you choose to upgrade BIOS, and the Cisco IMC individually and not from the HUU ISO, make sure to upgrade both Cisco IMC, and BIOS to the same container release. If the BIOS and the Cisco IMC versions are from different container releases, it could result in unexpected behavior. Cisco recommends that you use the Update All option from the Host Upgrade Utility to update the firmware versions of Cisco IMC, BIOS, and all other server components (VIC, RAID Controllers, PCI devices, and LOM) together.

Host Upgrade Utility

The Cisco Host Upgrade Utility (HUU) is a tool that upgrades the Cisco UCS C-Series firmware.

The image file for the firmware is embedded in the ISO. The utility displays a menu that allows you to choose which firmware components to upgrade. For more information on this utility see:

http://www.cisco.com/en/US/products/ps10493/products_user_guide_list.html

For details of firmware files in Cisco Host Upgrade Utility for individual releases, see Cisco UCS C-Series Integrated Management Controller Firmware Files, Release 3.1

Updating the Firmware

Use the Host Upgrade Utility to upgrade the C-Series firmware. Host Upgrade Utility can upgrade the following software components:

  • BIOS

  • Cisco IMC

  • CMC

  • Cisco VIC Adapters

  • LSI Adapters

  • LAN on Motherboard

  • PCIe adapter firmware

  • HDD firmware

  • SAS Expander firmware

All firmware should be upgraded together to ensure proper operation of your server.


Note

We recommend that you use the Update All option from the Host Upgrade Utility to update the firmware versions of Cisco IMC, BIOS and all other server components (VIC, RAID Controllers, PCI devices, and LOM) together. Click Exit once you deploy the firmware.

For more information on how to upgrade the firmware using the utility, see:

http://www.cisco.com/c/en/us/support/servers-unified-computing/ucs-c-series-rack-servers/products-user-guide-list.html

Supported Features

Supported Features

Release 3.1(3k)

Following BIOS tokens are supported from release 3.1(3k) onwards:

BIOS Token

Description

Adaptive Memory Training

When this option is Enabled:

The Memory training will not happen in every boot but the BIOS will use the saved memory training result in every re-boot.

Some exceptions when memory training happens in every boot are:

BIOS update, CMOS reset, CPU or Memory configuration change, SPD or run-time uncorrectable error or the last boot has occurred more than 24 hours before.

When this option is Disabled, the Memory training happens in every boot.

Default value: Enabled.

Note 

To disable the Fast Boot option, you must set the following tokens as mentioned below:

  • Adaptive Memory Training to disabled

  • BIOS Techlog level to Normal

  • OptionROM Launch Optimization to disabled.

OptionROM Launch Optimization

When this option is Enabled, the OptionROMs only for the controllers present in the boot order policy will be launched.

Note 

Some controllers such as Onboard storage controllers, Emulex FC adapters, and GPU controllers though not listed in the boot order policy will have the OptionROM launched.

When this option is Disabled, all the OptionROMs is launched.

Default value: Enabled

BIOS Techlog Level

This option denotes the type of messages in BIOS tech log file.

The log file can be one of the following types:

  • Normal - Includes debug errors only.

  • Minimum - Includes debug errors, warnings and loading messages.

  • Maximum - Includes debug errors, warnings, loading messages and debug info.

Default value: Minimum.

Following BIOS tokens are no longer supported:

  • BORNumRetry

  • BORCoolDown

  • BootOptionRetry

Release 3.1(3a)

The following new software features are supported in Release 3.1(3a):

  • FIPS 140-2 Compliance on Cisco IMC—Added option to enable Security Configuration to achieve FIPS 140-2 compliance on Cisco IMC.

  • NVMe Updates— Grouped the direct connected (U.2), NVMe HHHL and MSwitch connected NVMe controllers seperately on the Cisco IMC web UI under the Storage tab.

  • Intersight Management—Added option to enable Read-only mode.

  • Copyback Operation—Added option to perform copyback operation from source to the chosen destination drive is added.

  • Power Redundancy Updates—Added option to select one of the following Power Redundancy Policies is:

    • Non-Redundant

    • N+1

    • Grid

  • Assigning a Server to a Physical Drive Updates—On the S3260 M5 servers, added option to choose the controller and SAS expander path while assigning a server to a physical drive.

New Hardware in Release 3.1(3)

Release 3.1(3a)

M5 Servers

  • Support for S3260 M5 rack-mount servers

  • Support for the following NVMe-optimized servers:

    • UCSC-C220-M5SN—The PCIe MSwitch is placed in the dedicated MRAID slot for UCS C220 M5 servers. This set up supports up to 10 NVMe drives. The first two drives are direct-attached through the riser. The rest of the 8 drives are connected and managed by the MSwitch. This set up does not support any SAS/SATA drive combinations.

    • UCSC-C240-M5SN—The PCIe MSwitch is placed in the riser-2 at slot-4 for UCS C240 M5 server. The servers support up to 24 drives. Slots 1-8 are the NVMe drives connected and managed by the MSwitch. The servers also support up to 2 NVMe drives in the rear and are direct-attached through the riser. This set up supports SAS/SATA combination with the SAS/SATA drives from slots 9-24. These drives are managed by the SAS controller placed in the dedicated MRAID PCIe slot.

    • UCS-C480-M5—UCS C480 M5 servers support up to three front NVMe drive cages, each supporting up to 8 NVMe drives. Each cage has an interposer card, which contains the MSwitch. Each server can support up to 41 NVMe drives (32 U.2 and 9 HHHL). The servers also support a rear PCIe Aux drive cage, which can contain up to 8 NVMe drives managed by an MSwitch placed in PCIe slot-10.

      This set up does not support:

      • combination of NVMe drive cages and HDD drive cages

      • combination of Cisco 12G 9460-8i RAID controller and NVMe drive cages, irrespective of rear Aux drive cage.


      Note

      UCS C480 M5 PID remains same as in earlier release.

Peripherals

  • Support for the Cisco 12G 9460-8i RAID controller with 2GB cache (UCSC-SAS9460-8I) for UCS C480 M5 rack-mount servers

    Support for UCS C480 M5 (UCSC-C480-8AUX) Auxiliary Drive Modules for the Cisco 12G 9460-8i RAID controller

  • Support for the following new NVMe SSD drives UCS S3260 M5 servers:

    • UCS S3260 500G NVMefor M5 Server Node/SIOC (UCS-S3260-NVG25)

    • UCS S3260 1T NVMe for M5 Server Node/SIOC (UCS-S3260-NVG210)

    • UCS S3260 2T NVMe for M5 Server Node/SIOC (UCS-S3260-NVG220)

  • Support for the following new NVMe SSD drives on all M5 servers:

    • HGST SN200 1.6TB 2.5 in SSD (UCSC-NVMEHW-H1600)

    • HGST SN200 3.2TB 2.5 in SSD (UCSC-NVMEHW-H3200)

    • HGST SN200 6.4TB 2.5 in SSD (UCSC-NVMEHW-H6400)

    • HGST SN200 7.7TB 2.5 in SSD KNCCD101 (UCSC-NVMEHW-H7680)

    • HGST SN200 800GB 2.5 in SSD (UCSC-NVMEHW-H800)

  • Support for the following new NVMe SSD drives on NVMe-optimized M5 servers:

    • Cisco 2.5" 750GB Intel Xpoint BRAND NVMe Extreme Perf. (UCSC-NVMEXP-I750) - Supported only on C220 M5

    • Cisco 2.5" 375GB Intel Xpoint BRAND NVMe Extreme Perf (UCSC-NVMEXP-I375 ) - Supported only on C220 M5

    • Cisco 2.5" U.2 1.6TB Intel P4600 NVMe High Perf High Endurance (UCSC-NVMEHW-I1600)

    • Cisco 2.5" U.2 2TB Intel P4600 NVMe High Perf High Endurance (UCSC-NVMEHW-I2000)

    • Cisco 2.5" U.2 3.2TB Intel P4600 NVMe High Perf High Endurance (UCSC-NVMEHW-I3200)

    • Cisco 2.5" U.2 1TB Intel P4500 NVMe High Perf Value Endurance (UCSC-NVMEHW-I1000)

    • Cisco 2.5" U.2 2TB Intel P4500 NVMe High Perf Value Endurance (UCSC-NVMEHW-I2TBV)

    • Cisco 2.5" U.2 4TB Intel P4500 NVMe High Perf Value Endurance (UCSC-NVMEHW-I4000)

    • Cisco 2.5" U.2 500GB Intel P4501 NVMe Med. Perf. Value Endurance (UCSC-NVMELW-I500)

    • Cisco 2.5" U.2 1TB Intel P4501 NVMe Med. Perf. Value Endurance (UCSC-NVMELW-I1000)

    • Cisco 2.5" U.2 2TB Intel P4501 NVMe Med. Perf. Value Endurance (UCSC-NVMELW-I2000)

  • Support for the following PCIe cards on the IOE for a server node with UCS S3260 M5 servers:

    • Intel X550 dual-port 10GBase-T (UCSC-PCIE-ID10GC)

    • Qlogic QLE2692 dual-port 16G Fiber Channel HBA (UCSC-PCIE-QD16GF

  • Support for the following MSwitch card in NVMe optimized M5 servers:

    • UCS-C480-M5 HDD Ext NVMe Card (UCSC-C480-8NVME) - Front NVMe drive cage with an attached interposer card containing the PCIe MSwitch. Each server supports up to three front NVMe drive cages and each cage supports up to 8 NVMe drives. Each server can support up to 24 NVMe drives (3 NVMe drive cages x 8 NVMe drives).

    • UCS-C480-M5 PCIe NVMe Switch Card (UCSC-NVME-SC) - PCIe MSwitch card to support the upto 8 NVMe NVMe drives in the rear aux drive cage inserted in slot PCIe 10.


      Note

      The C480 M5 servers support a maximum of 32 NVMe drives (24NVMe drives in the front + 8 NVMe drives on the rear aux drive cage)

    • UCSC-C220-M5SN and UCSC-C240-M5SN do not have separate MSwitch PIDs. MSwitch cards for these servers are part of the corresponding NVMe optimized server.

  • Support for the following NVIDIA GPUs:

    • P4 GPUs with C220 M5 and C240 M5 servers

    • V100 GPUs with C240 M5, C480 M5 servers

  • Support for the following Intel adapter with UCS M5 servers:

    • Intel XL710 adapter (UCSC-PCIE-ID40GF) (not supported on S3260 M5)

    • Intel XXV710-DA2 adapter (XXV710-DA2) (not supported on S3260 M5)

    • Intel X710-DA4 adapter (UCSC-PCIE-IQ10GF) (not supported on S3260 M5)

    • Intel X710-DA2 adapter (UCSC-PCIE-ID10GF) (not supported on S3260 M5)

    • Intel X710-T4 adapter (X710-T4)

    • Intel X550-T2 adapter (UCSC-PCIE-ID10GC)

    • Intel X520 dual port adapter (N2XX-AIPCI01)

  • Support for the following storage controllers:

    • UCS S3260 Dual Pass Through (UCS-S3260-DHBA)

    • UCS S3260 Dual RAID (UCS-S3260-DRAID)

Release 3.1(3b)

  • Intel ® SSD DC S4500 Series 480GB (UCS-SD480GBIS6-EV)

  • Intel ® SSD DC S4500 Series 960GB (UCS-SD960GBIS6-EV)

  • Intel ® SSD DC S4500 Series 3.8TB (CS-SD38TBIS6-EV)

Software Utilities

The following standard utilities are available:

  • Host Update Utility (HUU)

  • BIOS and Cisco IMC Firmware Update utilities

  • Server Configuration Utility (SCU)

  • Server Diagnostic Utility (SDU)

The utilities features are as follows:

  • Availability of HUU, SCU on the USB as bootable images. The USB also contains driver ISO, and can be accessed from the host operating system.

Security Fixes

Security Fixes in Release 3.1(3j)

The following Security Fixes were added in Release 3.1(3j):

Release

Defect ID

CVE

Symptom

3.1(3j)

CSCvp34806

  • CVE-2018-12126

  • CVE-2018-12127

  • CVE-2018-12130

  • CVE-2019-11091

Cisco UCS M5 servers are based on Intel® Xeon® Scalable processors that are vulnerable to variants of exploits that use Microarchitectural Data Sampling (MDS) to gain access to data being processed in the CPU by other applications.

  • CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling) affects store buffers in the CPU, and is addressed by applying the updated microcode included in the UCS Cisco IMC release as well as the relevant Operating System and Hypervisor patches from the appropriate vendors.

  • CVE-2018-12127 (Microarchitectural Load Port Data Sampling) affects load buffers in the CPU, and is addressed by applying the updated microcode included in the UCS Cisco IMC release as well as the relevant Operating System and Hypervisor patches from the appropriate vendors.

  • CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling) affects line fill buffers in the CPU, and is addressed by applying the updated microcode included in the UCS Cisco IMC release as well as the relevant Operating System and Hypervisor patches from the appropriate vendors.

  • CVE-2019-11091 (Microarchitectural Uncacheable Data Sampling) affects the uncacheable memory buffers in the CPU, and is addressed by applying the updated microcode included in the UCS Cisco IMC release as well as the relevant Operating System and Hypervisor patches from the appropriate vendors.

This release includes BIOS revisions for Cisco UCS M5 generation servers. These BIOS revisions include the updated microcode that is a required part of the mitigation for these vulnerabilities.

Security Fixes in Release 3.1(3i)

The following Security Fixes were added in Release 3.1(3i):

Release

Defect ID

CVE

Description

3.1(3i)

CSCvm35067

CVE-2018-3655

Cisco UCS C-Series servers include a version of the Intel® Converged Security Management Engine that maybe affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE): CVE-2018-3655. This vulnerability was addressed in this release.

3.1(3i)

CSCvm15466

CVE-2018-5391

Cisco Integrated Management Controller (Cisco IMC) of the Cisco UCS C-Series M5 servers include a version of the Linux kernel that is affected by the IP Fragment Reassembly Denial of Service Vulnerability identified by the following Common Vulnerability and Exposures (CVE) ID: CVE-2018-5391. This vulnerability was addressed in this release.

Security Fixes in Release 3.1(3g)

The following Security Fixes were added in Release 3.1(3g):

Release

Defect ID

CVE

Description

3.1(3g)

CSCvj59331

  • CVE-2018-3639

  • CVE-2018-3640

Cisco UCS C-Servers M5 servers are based on Intel® processors that are vulnerable to variants of an exploit that uses CPU speculative processing and data cache timing to efficiently leak information, known as Spectre.

CVE-2018-3639 (Spectre/Variant #4) and CVE-2018-3640 (Spectre/Variant #3a) are addressed by applying the updated processor microcode from Intel included in the server firmware bundle, and the relevant Operating System and Hypervisor patches from the appropriate vendors.

This release includes BIOS revisions for Cisco UCS M5 generation servers. These BIOS revisions include the updated processor microcode that is a required part of the mitigation for CVE-2018-3639 (Spectre/Variant #4) and CVE-2018-3640 (Spectre/Variant #3a).

Security Fixes in Release 3.1(3a)

The following security issues are resolved:

Release

Defect ID

CVE

Description

3.1(3a)

CSCvg97982

  • CVE-2017-5753

  • CVE-2017-5715

  • CVE-2017-5754

Cisco C-Series M5 servers are based on Intel® Xeon® Scalable Processors (Skylake) that are vulnerable to exploits that use CPU speculative processing and data cache timing to potentially identify privileged information. These exploits are collectively known as Spectre and Meltdown.

  • CVE-2017-5753 (Spectre/Variant 1) is addressed by applying relevant Operating System and Hypervisor patches from the appropriate vendors.

  • CVE-2017-5715 (Spectre/Variant 2) is addressed by applying the updated microcode included in the UCS C-Series servers as well as the relevant Operating System and Hypervisor patches from the appropriate vendors.

  • CVE-2017-5754 (Meltdown) is addressed by applying the relevant Operating System patches from the appropriate vendors.

This release includes BIOS revisions for Cisco UCS C-Series M5 generation servers. These BIOS revisions include the updated microcode that is a required part of the mitigation for CVE-2017-5715 (Spectre/Variant 2).

Resolved Caveats

The following section lists resolved caveats.

Resolved Caveats in Release 3.1(3)

Release 3.1(3j)

The following defects are resolved in release 3.1(3j):

Table 3. BIOS

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj81831

Board controller activation fails for C240-M5SX and C220-M5SX servers due to PSU1 update failure. This happens when you upgrade the firmware to 4.0(x) versions and then downgrade it back to 3.x versions.

3.1(3a)

3.1(3j)
Table 4. External Controllers

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvp19814

Numerous command timeouts and resets are seen in a short amount of time which could potentially lead to performance degradation with SSD/HDDs while using a SAS-RAID controller in JBOD mode. This can happen at any time in a vSAN environment using the lsi-mr3-7.703.18.00 or lsi-mr3-7.703.19.00 driver.

3.1(3a)

3.1(3j)

Release 3.1(3i)

The following defects are resolved in release 3.1(3i):

Table 5. BIOS

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj22869

System Event Log (SEL) reports "UPI Correctable "Rx / Tx Data Lane 0 is dropped / down"" error messages on the UCS C480 M5 servers. These UPI error messages are reported only on the UPI Port 2 for each processor present on the system.

3.1(3e)

3.1(3i)
Table 6. External Controllers

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvm83587

On the C220 and 240 M5 servers with 3.1(3a) firmware versions, file transfer on VMware host results in Rx packet drops and CRC errors with Qlogic 25G card (QL41212H) running on driver version 8.21.x.

3.1(3a)

3.1(3i)

Release 3.1(3h)

The following defects are resolved in release 3.1(3h):

Table 7. BMC

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj74285

Cisco IMC reboots due to Out of memory (OOM) on M5 servers running on firmware version 3.1(3a). After recovery of the Cisco IMC, the following entry is found in the logs: kernel:-:<0>[out_of_memory]:663:Out of memory (oom-killer): Stopping strobe of WDT monitoring BMC. Reset coming!

3.1(3a)

3.1(3h)

CSCvk52168

On the S3260 servers, when you use SLAAC to launch the KVM or Cisco IMC web UI, the BMC SLAAC IP is unresponsive to pings.

3.0(4i)

3.1(3h)

Release 3.1(3d)

The following defects are resolved in release 3.1(3d):

Table 8. BMC

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj22846

C220 M5 and C240 M5 servers that have a single CPU installed may report the following informational level fault: "P2_PRESENT: Processor 2 missing: Please reseat or replace Processor 2"

3.1(2g)

3.1(3d)
Table 9. BIOS

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCuz63541

UCS boots into UEFI Shell when no UEFI boot option is found. Hence OS cannot boot up until users re-configure Boot Option in BIOS.

2.0(8g)

3.1(3d)
Table 10. Web Management

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj42923

Unable to launch the KVM window when you use the IPv6 address and the IPv4 address is not set or set to 0.0.0.0.

3.0(3a)

3.1(3d)
Table 11. XML API

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj75669

On the S3260 servers, you cannot set BMC2 Interface using the XML API when only one compute node is present.

3.1(3a)

3.1(3d)
Table 12. Harware

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvj83780

Under specific low write and long idle time workloads, the following SATA SSDs no longer show read errors:

  • UCS-M2-240GB

  • HX-M2-240GB

3.1(3b)

3.1(3d)

Release 3.1(3a)

The following defects are resolved in release 3.1(3a):

Table 13. BMC

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvf41430

POWER_USAGE sensor will exceed the Upper Critical (UC) threshold in a max configured system (5+ GPUs) and 2+2 PSU redundancy is lost (without any indication).

3.1(2b)

3.1(3a)

Table 14. BIOS

Defect ID

Symptom

First Affected Release

Resolved in Release

CSCvf28096

On the UCS C240 M5 servers, boot protocol setting in the BIOS setup does not work for Slot 4 in the legacy mode.

3.1(2b)

3.1(3a)

CSCvf51157

In-deterministic core count issue occurs while setting "Cores Enabled" setting to anything other than All in certain CPU SKU of Intel® Xeon® Scalable Processors series (SKUs 8158 and 6134).

3.1(2b)

3.1(3a)

Open Caveats

The following section lists open caveats.

Open Caveats in Release 3.1(3)

Release 3.1(3d)

The following defect is open in Release 3.1(3d):

Table 15. Hardware

Defect ID

Symptom

Workaround

First Affected Release

CSCvj83780

Under specific low write and long idle time workloads, the following SATA SSDs may show read errors:

  • UCS-M2-240GB

  • HX-SD38TBM1K9

  • HX-SD38TBE1NK9

  • HX-SD960GBM1K9

  • HX-SD960GBE1NK9

  • HX-M2-240GB

Upgrade Cisco IMC to 3.1(3d) or later releases.

3.1(2b)

Table 16. Software Advisory

Defect ID

Symptom

Workaround

First Affected Release

CSCvj32984

Operating System logs have a large amount of persistent SCSI abort commands for FCID 0xffffffff.

Operating Systems utilizing remote FC / FCoE storage may hang.

This happens when there is significant Fibre Channel (FC)/Fibre Channel over Ethernet (FCoE) traffic, and affects the following VIC adapters:

  • Cisco UCS VIC 1340 modular LOM (UCSB-MLOM-40G-031)

  • Cisco UCS VIC 1380 mezzanine adapter (UCS-VIC-M83-8P)

  • Cisco UCS VIC 1385 Dual Port 40Gb QSFP+ CAN (UCSC-PCIE-C40Q-03)

  • Cisco UCS VIC 1387 Dual Port 40Gb QSFP CNA MLOM (UCSC-MLOM-C40Q-03)

Downgrade the firmware to a release prior to Release 3.1(3a)

For more information, see the Cisco Software Advisory at https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/SA/SW_Advisory_CSCvj32984.html

3.1(3a)

Release 3.1(3a)

The following defects are open in Release 3.1(3a):

Table 17. Software Advisory

Defect ID

Symptom

Workaround

First Affected Release

CSCvj32984

Operating System logs have a large amount of persistent SCSI abort commands for FCID 0xffffffff.

Operating Systems utilizing remote FC / FCoE storage may hang.

This happens when there is significant Fibre Channel (FC)/Fibre Channel over Ethernet (FCoE) traffic, and affects the following VIC adapters:

  • Cisco UCS VIC 1340 modular LOM (UCSB-MLOM-40G-031)

  • Cisco UCS VIC 1380 mezzanine adapter (UCS-VIC-M83-8P)

  • Cisco UCS VIC 1385 Dual Port 40Gb QSFP+ CAN (UCSC-PCIE-C40Q-03)

  • Cisco UCS VIC 1387 Dual Port 40Gb QSFP CNA MLOM (UCSC-MLOM-C40Q-03)

Downgrade the firmware to a release prior to Release 3.1(3a)

For more information, see the Cisco Software Advisory at https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/SA/SW_Advisory_CSCvj32984.html

3.1(3a)
Table 18. BMC

Defect ID

Symptom

Workaround

First Affected Release

CSCvi03086

On the C3260 servers, power characterization does not work as expected for custom and thermal profiles.

None.

3.1(3a)

CSCvi48698

Power characterization status is reported as not Run when the server or nodes are powered off and power characterization triggered.

Power On the server or nodes before triggering the Power characterization run.

3.1(3a)

CSCvi52975

In the Cisco IMC logs, fault history does not display the set time zone. This happens when the default time zone is modified.

Reset the remote sys-log by disabling and then enabling it.

3.1(3a)

CSCvi53766

On the S3260 M5 and S3260 M4 servers, Time Zone configuration page on the Cisco IMC web UI displays a blank screen. Hence you cannot configure time zone using the Cisco IMC web UI.

Use CLI to set the time zone.

3.1(3a)
Table 19. BIOS

Defect ID

Symptom

Workaround

First Affected Release

CSCvg61868

"DMAR: VT-d detected invalid descriptor: low=<nnn>, high=<nnn>" message appers during the Linux kernel loading and initialization phase. This happens with a single CPU sample, with IO cards like NVMe or PCIe cards on PCIe port 1A or 1B.

Temporary workaround is to disable VT-d direct IO token from BIOS setup, or Cisco IMC Web UI or CLI. If your setup is running operating system with virtualization support, we recommend you to replace the CPU pair.

3.1(3a)

CSCvg97305

Uncorrectable memory error injection using Intel ITP probe & CScript always reports error on CPU1 A1 DIMM with Silver CPU 4114.

Note 

This issue occurs only with the Silver CPU 4114 CPUs, the other CPUs work as expected.

Ignore the SEL reported during runtime. Cold reboot the host and wait for the POST to complete, check the failed DIMM SEL message or identify the failed DIMM in memory inventory in the setup or Cisco IMC web UI or CLI.

3.1(3a)

CSCvg65199

Option ROM for the NVMe SSDs populated in the front slots: 7,8 and 23 will not be loaded. Hence cannot be seen listed in the Advance page of the setup.

The Firmware revisions for these drives will not be populated in the SMBIOS 202 and PCIe inventory of the Cisco IMC. These drives cannot be used as Boot drives.

None.

3.1(3a)

Table 20. External Controllers

Defect ID

Symptom

Workaround

First Affected Release

CSCvh31592

Windows 2016 OS crashes resulting in a BSOD and the host reboots. This happens when high stress IO with IO transaction on RAID 1 volume run for a long period for time.

Enable write back cache on RAID 1 drive group.

3.1(3a)

CSCvh06510

When you insert an NVMe drives into a slot, failed or degraded status is reported momentarily. This issue occurs with all drives irrespective of whether they are direct or mswitch attached.

None.

3.1(3a)

Open Caveats in Release 3.1(2)

Release 3.1(2b)

The following defects are open in Release 3.1(2b):

Table 21. BIOS

Defect ID

Symptom

Workaround

First Affected Release

CSCvf51428

Cisco IMC BIOS configuration screen allows you to set COM1 on a C480 M5 server even though the server does not have a COM1 port. If you try to set the COM1 post, the settings are configured on the COM0 port that is available.

None.

3.1(2b)

Table 22. Utilities

Defect ID

Symptom

Workaround

First Affected Release

CSCvd34396

Some components or adapters are not being discovered by HUU when booted in the UEFI secure boot enabled mode.

Disable the UEFI Secure Boot Option using the Cisco IMC web UI and reboot the HUU.

3.1(2b)

Open Caveats in Release 3.1(1d)

The following defects are open in release 3.1(1d):

Table 23. BMC

Defect ID

Symptom

Workaround

First Affected Release

CSCve78250

Delay firmware update using the UCSCFG fails to start. This happens when you try starting a firmware update from the UCSCFG and then set the one time boot order using the KVM or Cisco IMC Web UI.

Do not set the one time boot order after triggering the delay firmware update using UCSCFG.

3.1(1d)

CSCvd85269

When Virtual Media is enabled on a HTML5 KVM client and if you attempt to activate it on a second HTML5 KVM client, the following two messages may repeatedly pop up even after selecting OK on each message:

Virtual Media has terminated as a result of Unknown problem.

Virtual Media redirection is already in use by another user.

Restart the HTML5 KVM client and activate only one Virtual Media client at a time.

3.1(1d)

Table 24. BIOS

Defect ID

Symptom

Workaround

First Affected Release

CSCve46673

Precision boot order does not list the third party network adapters in legacy mode.

Switch to UEFI mode.

3.1(1d)

CSCve35219

When you select power capping without enabling the allow throttling option, and select a capping value towards the lower end of the allowed capping range, power capping may not be successful achieved.

Select allow throttling option, if you want to set a lower power capping value.

3.1(1d)

Table 25. External Controllers

Defect ID

Symptom

Workaround

First Affected Release

CSCvf03966

Random Critical SEL about HDDX_STATUS drive faults are asserted during reboots. However, no failure of any specific drive slots detected on reboot.

None.

This does not have any functional impact and can be ignored.

3.1(1d)

Table 26. Utilities

Defect ID

Symptom

Workaround

First Affected Release

CSCvd34396

Some components or adapters are not visible on HUU when it boots in the UEFI secure boot mode.

Disable the UEFI secure boot using the Cisco IMC web UI and reboot the HUU.

3.1(1d)

Known Behaviors

The following section lists known behaviors.

Known Behaviors in Release 3.1(3)

Release 3.1(3c)

The following is the known behavior in Release 3.1(3c):

Table 27. BMC

Defect ID

Symptom

Workaround

First Affected Release

CSCvj64919

Upgrading Cisco IMC to version 3.1(3c) sets the default fan policy to low power profile.

If you want to change the fan policy to a different power policy, you must manually change it.

You can set the fan policy using one of the following methods:

  • Using the Cisco IMC web UI - Compute -> Power Policies -> Configure Fan Policy.

  • Using the CLI - Scope chassis -> Scope fan-policy- set Fan policy

3.1(3b)

Release 3.1(3a)

The following are the known behaviors in Release 3.1(3a):

Table 28. BIOS

Defect ID

Symptom

Workaround

First Affected Release

CSCve90425

The Cisco IMC Processor Inventory screen of the Cisco UCS C-series M5 servers displays user configured number of cores instead of total available cores.

None.

3.1(2b)

CSCvd79734

The values of effective memory and redundant memory (in the mirroring mode) are incorrect on the Cisco IMC Web UI.

None.

3.1(1d)

Table 29. External Controllers

Defect ID

Symptom

Workaround

First Affected Release

CSCve75610

On LSA (LSI Storage Authority) installed on RHEL 7.3, SBMezz controller IDs are mapped incorrectly as: Controller ID0 - SBMezz2, Controller ID1 - SBMezz1. However, Cisco IMC web UI and CLI display the IDs correctly.

None.

3.1(3a)

Table 30. Utilities

Defect ID

Symptom

Workaround

First Affected Release

CSCvc25435

HDD firmware activation fails after an HDD firmware update is done and the firmware displays the older HDD firmware version. This happens when you choose south bridge as RSTE (which is the AHCI mode) in the BIOS Advance settings.

Use LSISWRAID mode while performing the HDD firmware update.

3.1(2b)

Known Behaviors in Release 3.1(2b)

The following are the known behaviors in Release 3.1(2b):

Table 31. BMC

Defect ID

Symptom

Workaround

First Affected Release

CSCvf93319

After upgrading to version 3.1(2) from 3.1(1), Flexutil controller status displays the following message: "Invalid partition, reset required"

Reset the card configuration.

3.1(2b)

Table 32. BIOS

Defect ID

Symptom

Workaround

First Affected Release

CSCvf64564

On the C220 M5 or C240 M5 servers, BIOS password authentication fails after upgrading the server firmware from version 3.1(1) to 3.1(2), and you cannot enter the BIOS Setup screen.

Boot the system BIOS to Setup while system is at version 3.1(1), go to the Security page and clear the system password. Now upgrade the server to version 3.1(2) and enter the BIOS setup to set the password of your choice.

3.1(2b)

Table 33. External Controllers

Defect ID

Symptom

Workaround

First Affected Release

CSCva82566

When you place a vNIC on the Intel X520 network adapter with user defined MAC, association succeeds but the Web UI and CLI does not display the vNIC path.

None.

3.1(2b)

CSCvf47015

NVMe U.2 and HHHL drives are supported only on the following specific slots in the single CMOD configuration:

  • For SFF (U.2) NVMe— supported only in slot 1 and slot 17

  • For HHHL NVMe—supported only in slots 1,2,5,8,9 and 10.

For the use of NVMe devices, the above slots are supported in a single CMOD configuration.

However, if you plug the NVMe devices in the other supported slots that work on the dual CMOD configuration, the NVMe devices are displayed under the Storage Management tab and can be managed. But these devices are not accessible in the BIOS as well as Inventory and cannot be used at the OS level.

None.

3.1(2b)

CSCvf29989

The performance of sn200 is low on the HDDEXT1_SLOT2 and HDDEXT3_slot2 slots, the performance is as expected on the others slots. There is a 17-19% performance drop on the above two slots on random or sequential read. However, on the others slots there only a 2-3% drop which meets standards.

None.

3.1(2b)

Known Behaviors in Release 3.1(1d)

The following are the known behaviors in Release 3.1(1d):

Table 34. BMC

Defect ID

Symptom

Workaround

First Affected Release

CSCve82042

Flexflash Virtual Drives disconnects from the host when you perform multiple flexflash resets. This happens due to the controller not being able to detect the installed SD cards.

Reset the controller again and reconnect the VD to the host.

3.1(1d)

CSCvd00773

When the platform or CPU domain power limit is set to an absolute minimum power value (characterized minimum value) and the correction time to 1 second, sometimes it may take more than 1 second (correction time) to limit power to the set value.

No workaround.

3.1(1d)

CSCvf48086

When power cap limit for a platform domain is set close to a minimum power limit value, following critical SEL messages may appear during system boot:

Node Manager: Thermal Status Sensor for CPU 1, PROCHOT asserted

Node Manager: Thermal Status Sensor for CPU 2, PROCHOT asserted

These messages get de-asserted during the boot process. These messages are seen as the system tries to retain the power consumption during system boot within the configured power cap value.

Configure a higher power cap value.

3.1(1d)

Table 35. BIOS

Defect ID

Symptom

Workaround

First Affected Release

CSCvd52950

The SEL "System Software event: Post sensor, Unrecoverable Video Controller Failure [0xFF09] was asserted." is logged and there is no display on the Offboard VGA console. This happens when you have an offboard VGA card that does not have UEFI oprom support and the server is in the UEFI boot mode (default mode).

Clear the CMOS to reset the VGA priority to use onboard VGA as the primary video console.

3.1(1d)

Recommended Best Practices

Upgrading BIOS and Cisco IMC Firmware

Cisco provides the Cisco Host Upgrade Utility to assist you in upgrading the BIOS, Cisco IMC, CMC LOM, LSI storage controller, and Cisco UCS Virtual Interface Cards firmware to compatible levels. On the C220 M3, C240 M3, C22 M3, and C24 M3 servers, we recommend that you reboot Cisco IMC before performing the Cisco IMC and BIOS firmware update using NIHUU, HUU, web UI, CLI, or XML API.


Note

When upgrading the Cisco IMC firmware for the UCS C-series platforms, ensure that you update using the full image (for example upd-pkg-cXXX-mx-Cisco IMC.full.*.bin).

The correct and compatible firmware levels for your server model are embedded in the utility ISO.

To use this utility, use the Cisco Host Upgrade Utility User Guide which includes the instructions for downloading and using the utility ISO. Select the guide from this URL:

http://www.cisco.com/en/US/products/ps10493/products_user_guide_list.html

Related Documentation

Related Documentation

For configuration information for this release, refer to the following:

For information about installation of the C-Series servers, refer to the following:

The following related documentation is available for the Cisco Unified Computing System:

Refer to the release notes for Cisco UCS Manager software and the Cisco UCS C Series Server Integration with Cisco UCS Manager Guide at the following locations: