Cisco Nexus 7000 Series Switches

Table Of Contents

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.2

Contents

Introduction

System Requirements

Hardware Supported

Memory Requirements

Supported Device Hardware

Upgrade/Downgrade Caveats

General Upgrade/Downgrade Caveats

Specific Upgrade/Downgrade Caveats for Cisco NX-OS Release 5.2(x)

CMP Images

EPLD Images

Cisco DCNM

New Hardware Features

New Software Features

Cisco NX-OS Release 5.2(4)

Cisco NX-OS Release 5.2(3a)

Cisco NX-OS Release 5.2(1)

LISP

MPLS

FCoE (Fiber Channel over Ethernet)

OTV Features

FEX Features

IEEE 1588v2 PTP Support

PONG

ACL Capture

ACLs Enhancements

BFD SHA-1 Authentication

BFD Support for VRRP

BGP Local-AS

BGP Prefix Independent Convergence Core

CFS Enhancement

Cisco TrustSec Enhancement

Configurable Reserved VLAN Range

CoPP Enhancements

EEM Correlation

EIGRP Wide Metrics

Graceful vPC Type-1 Check Handling

HTTP Proxy Server for Smart Call Home

Multicast over GRE

NetFlow Enhancement

NTP Enhancements

Parallel Upgrade of EPLD Images

Parallel Upgrade of I/O Modules

Password Encryption

Smart DHCP Relay

SPAN and ERSPAN Enhancements

Static Multicast MAC

System Message Logging

Subnet Broadcast Support for the DHCP Relay Agent

Unique MAC Address per VDC

vPC Autorecovery

XML Infrastructure Enhancements

Licensing

FCoE License

MPLS License

SAN Enterprise License

MIBS

Limitations

Role-Based Access Control

EIGRP Routes

Standby Supervisor Can Reset With Feature-Set Operation

NTP Servers Created with Cisco DCNM-SAN Are Not Listed for the Storage VDC

GOLD Snake Loopback Test Disabled on F1 Series Modules

Caveats

Open Caveats—Cisco NX-OS Release 5.2

Resolved Caveats—Cisco NX-OS Release 5.2(4)

Resolved Caveats—Cisco NX-OS Release 5.2(3a)

Resolved Caveats—Cisco NX-OS Release 5.2(1)

Related Documentation

Obtaining Documentation and Submitting a Service Request

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.2

---

Date: March 8, 2012

Part Number: OL-25091-04 E0
Current Release: 5.2(4)
Deferred Release 5.2(3)

This document describes the features, caveats, and limitations for Cisco NX-OS software for use on the Cisco Nexus 7000 Series switches. Use this document in combination with documents listed in the "Related Documentation" section.

---

Note Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of the Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.x Release Notes:
http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html

---

Table 1 shows the online change history for this document.

Table 1 Online History Change 

Part Number	Revision	Date	Description
OL-23608-01	A0	July 29, 2011	Created release notes for Release 5.2(1).
	B0	August 2, 2011	•Added open caveat CSCtn27064. •Removed open caveat CSCtr21856.
	C0	August 5, 2011	Revised the description of the Precision Time Protocol (PTP) feature to indicate that it does not require a license.
	D0	August 15, 2011	•Added the Cisco Nexus 7009 chassis (N7K-7009) and fabric module (N7K-7009-FAB-2) to Table 2. •Added the "New Hardware Features" section.
	E0	August 26, 2011	Corrected the product ID for the FCoE license.
	F0	September 7, 2011	Added Cisco NX-OS Release 4.2(8) to Table 4.
	G0	September 23, 2011	•Added Cisco NX-OS Release 5.1(5) to Table 4. •Added open caveat CSCtr79772.
	H0	October 2, 2011	Added open caveat CSCtr95031.
	I0	October 12, 2011	Added a Note to the "General Upgrade/Downgrade Caveats" section.
	J0	October 19, 2011	Added SFP-10G-ER to N7K-F132XP-15 in Table 3.
	K0	November 13, 2011	Removed NTP update-calendar and NTP clock-period from the "NTP Enhancements" section.
OL-23608-02	A0	December 10, 2011	Created release notes for Release 5.2(3).
OL-23608-03	A0	December 16, 2011	Created release notes for Release 5.2(3a).
	B0	December 20, 2011	Updated CSCtv00716 to include CSCtw66415.
	C0	January 9, 2012	Added open caveat CSCtw50675.
	D0	January 19, 2012	Added limitation related to ISSU support.
	E0	January 30, 2012	Moved the ISSU limitation to the "Upgrade/Downgrade Caveats" section and expanded the description.
OL-23608-04	A0	March 8, 2012	Created release notes for Release 5.2(4).
	B0	March 9, 2012	Updated the transceiver information for the 8-port 10-Gigabit Ethernet I/O module XL (N7K-M108X2-12L) in Table 3.
	C0	March 20, 2012	•Updated the "New Software Features" section for Cisco NX-OS Release 5.2(4). •Added caveat CSCty10765 to the "Resolved Caveats—Cisco NX-OS Release 5.2(4)" section. •Removed caveat CSCtx96144 from the "Resolved Caveats—Cisco NX-OS Release 5.2(4)" section.
	D0	April 2, 2012	Added caveat CSCts11774 to the "Resolved Caveats—Cisco NX-OS Release 5.2(3a)"section.
	E0	May 4, 2012	Modified the description of a caveat for QoS MIB and MPLS QoS defaults in the "Specific Upgrade/Downgrade Caveats for Cisco NX-OS Release 5.2(x)" section.

Contents

This document includes the following sections:

•Introduction

•System Requirements

•Upgrade/Downgrade Caveats

•CMP Images

•EPLD Images

•Cisco DCNM

•New Hardware Features

•New Software Features

•Licensing

•MIBS

•Limitations

•Caveats

•Related Documentation

•Obtaining Documentation and Submitting a Service Request

Introduction

The Cisco NX-OS software for the Cisco Nexus 7000 Series switches fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) similar to Cisco IOS software.

System Requirements

This section includes the following topics:

•Hardware Supported

•Memory Requirements

•Supported Device Hardware

Hardware Supported

The Cisco NX-OS software supports the Cisco Nexus 7000 Series chassis. You can find detailed information about supported hardware in the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.

Memory Requirements

The Cisco NX-OS software requires 4 GB of memory or 8 GB of memory, depending on the software version you use and the software features you enable.

An 8 GB supervisor memory upgrade kit, N7K-SUP1-8GBUPG=, allows for growth in the features and capabilities that can be delivered in existing Cisco Nexus 7000 Series supervisor modules. The memory upgrade kit is supported on Cisco Nexus 7000 Series systems running Cisco NX-OS Release 5.1 or later releases. Instructions for upgrading to the new memory are available in the "Upgrading Memory for Supervisor Modules" section of the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.

The following guidelines can help you determine whether or not to upgrade an existing supervisor module:

•When the system memory usage exceeds 3 GB (75 percent of total memory), we recommend that you upgrade the memory to 8 GB. Use the show system resources command from any VDC context to check the system memory usage:

Nexus-7000# show system resources

Load average:   1 minute: 0.47   5 minutes: 0.24   15 minutes: 0.15

Processes   :   959 total, 1 running

CPU states  :   3.0% user,   3.5% kernel,   93.5% idle

Memory usage:   4115776K total,   2793428K used,   1322348K free <-------------

•If you create more than one VDC with XL mode enabled, or if you have more than two VDCs, 8 GB of memory is required.

For additional guidance about whether or not to upgrade a supervisor module to 8 GB of memory, see Figure 1.

Figure 1 Supervisor Memory Upgrade Decision Flowchart

When you insert a supervisor module into a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 5.1(x) or a later release, be aware that one of the following syslog messages will display, depending on the software version and the amount of memory for the supervisor module:

•If you are running Cisco NX-OS Release 5.1(1) or a later release and you have an 8-GB supervisor as the active supervisor and you insert a 4-GB supervisor module as the standby, it will be powered down. A severity 2 syslog message indicates that the memory amounts should be equivalent between the active and the standby supervisor:

2010 Dec 3 00:05:37 switch %$ VDC-1 %$ %SYSMGR-2-SUP_POWERDOWN: Supervisor in slot 10 
is running with less memory than active supervisor in slot 9

In this situation, you have the option to upgrade the memory in the 4-GB supervisor or shut down 
the system and remove the extra memory from the 8-GB supervisor.

•If you are running Cisco NX-OS Release 5.1(2) or a later release and you insert a 8-GB supervisor module as the standby, a severity 4 syslog message appears.

2010 Dec  1 23:32:08 switch %SYSMGR-4-ACTIVE_LOWER_MEM_THAN_STANDBY: Active supervisor 
in slot 5 is running with less memory than standby supervisor in slot 6. 

In this situation, you have the option to remove the extra memory or do a switchover and upgrade the memory in the 4-GB supervisor.

Supported Device Hardware

Table 2 shows the hardware supported by Cisco NX-OS Release 5.x and Cisco NX-OS Release 4.x software.

Table 3 shows the transceiver devices supported by each release.

For a list of minimum recommended Cisco NX-OS software releases for use with Cisco Nexus 7000 Series switches, see the document Minimum Recommended Cisco NX-OS Releases for Cisco Nexus 7000 Series Switches.

Table 2 Hardware Supported by Cisco NX-OS Software Releases 

Product ID	Hardware	Minimum Software Release
N7K-C7009	Cisco Nexus 7009 chassis	5.2(1)
N7K-C7010	Cisco Nexus 7010 chassis	4.0(1)
N7K-C7018	Cisco Nexus 7018 chassis	4.1(2)
N7K-C7010-FAN-S	System fan tray for the Cisco Nexus 7010 chassis	4.0(1)
N7K-C7010-FAN-F	Fabric fan tray for the Cisco Nexus 7010 chassis	4.0(1)
N7K-C7018-FAN	Fan tray for the Cisco Nexus 7018 chassis	4.1(2)
N7K-AC-6.0KW	6.0-kW AC power supply unit	4.0(1)
N7K-AC-7.5KW-INT N7K-AC-7.5KW-US	7.5-kW AC power supply unit	4.1(2) 4.1(2)
N7K-DC-6.0KW N7K-DC-PIU N7K-DC-CAB=	6.0-kW DC power supply unit (cable included) DC power interface unit DC 48 V-48 V cable (spare)	5.0(2) 5.0(2) 5.0(2)
N7K-SUP1	Supervisor module	4.0(1)
N7K-SUP1-8GBUPG	Supervisor module memory kit upgrade	5.1(1)
N7K-C7009-FAB-2	Fabric module, Cisco Nexus 7000 Series 9-slot	5.2(1)
N7K-C7010-FAB-1	Fabric module, Cisco Nexus 7000 Series 10-slot	4.0(1)
N7K-C7018-FAB-1	Fabric module, Cisco Nexus 7000 Series 18-slot	4.1(2)
N7K-F132XP-15	32-port 1/10 Gigabit Ethernet module (F1-Series)	5.1(1)
N7K-M108X2-12L	8-port 10-Gigabit Ethernet I/O module XL1	5.0(2)
N7K-M132XP-12	32-port 10-Gigabit Ethernet SFP+ I/O module	4.0(1)
N7K-M132XP-12L	32-port 10-Gigabit Ethernet SFP+ I/O module XL1	5.1(1)
N7K-M148GS-11	48-port 1-Gigabit Ethernet SFP I/O module	4.1(2)
N7K-M148GS-11L	48-port 1-Gigabit Ethernet I/O module XL1	5.0(2)
N7K-M148GT-11	48-port 10/100/1000 Ethernet I/O module	4.0(1)
N7K-M148GT-11L	48-port 10/100/1000 Ethernet I/O module XL1	5.1(2)
N2K-C2248TP-1GE	Cisco Nexus 2248TP Fabric Extender2	5.1(1)
N2K-C2224TP-1GE	Cisco Nexus 2224TP Fabric Extender2	5.2(1)
N2K-C2232PP-10GE	Cisco Nexus 2232PP Fabric Extender2	5.2(1)

1 Requires the Cisco Nexus 7010 Scalable Feature Package license (N7K-C7010-XL) or the Cisco Nexus 7018 Scalable Feature Package license (N7K-C7018-XL), depending on the chassis, to enable all XL-capable I/O modules to operate in XL mode. 2 Cisco Nexus Fabric Extenders (FEX) are supported on the 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) and the 32-port 10-Gigabit Ethernet SF P+ I/O module XL (N7K-M132XP-12L). In addition, all FEX models use only the AC power supply and require front-to-back airflow.

Table 3 Transceivers Supported by Cisco NX-OS Software Releases  

I/O Module	Product ID	Transceiver Type	Minimum Software Version
N7K-F132XP-15	SFP-10G-ER	10GBASE-ER SFP+	5.2(1)
	SFP-10G-SR	10GBASE-SR SFP+	5.1(1)
	SFP-10G-LR1	10GBASE-LR SFP+	5.1(1)
	SFP-10G-LRM	10GBASE-LRM SFP+	5.1(1)
	SFP-H10GB-CUxM	SFP-H10GB-CUxM Twinax Cable Passive (1m, 3m, 5m)	5.1(1)
	SFP-H10GB-ACUxM	SFP-H10GB-ACUxM Twinax Cable Active (7m, 10m)	5.1(1)
	SFP-GE-T	1000BASE-T SFP	5.1(1)
	SFP-GE-S	1000BASE-SX SFP (DOM)	5.1(1)
	SFP-GE-L	1000BASE-LX/LH SFP (DOM)	5.1(1)
	SFP-GE-Z	1000BASE-ZX SFP (DOM)	5.1(1)
	GLC-LH-SM	1000BASE-LX/LH SFP	5.1(1)
	GLC-SX-MM	1000BASE-SX SFP	5.1(1)
	GLC-ZX-SM	1000BASE-ZX SFP	5.1(1)
	GLC-T	1000BASE-T SFP	5.1(1)
	GLC-LH-SMD	1000BASE-LX/LH SFP	5.2(1)
	GLC-SX-MMD	1000BASE-SX SFP	5.2(1)
N7K-M108X2-12L	SFP-10G-LR2	10GBASE-LR SFP+	5.2(3a)
	SFP-10G-LRM2	10GBASE-LRM SFP+	5.2(3a)
	CVR-X2-SFP10G	OneX Converter Module - X2 to SFP+ Adapter	5.2(1)
	SFP-10G-SR22	10GBASE-SR SFP+	5.2(1)
	SFP-H10GB-CUxM2	SFP-H10GB-CUxM Twinax Cable Passive (1m, 3m, 5m)	5.2(1)
	X2-10GB-CX4	10GBASE-CX4 X2	5.1(1)
	X2-10GB-ZR	10GBASE-ZR X2	5.1(1)
	X2-10GB-LX4	10GBASE-LX4 X2	5.1(1)
	X2-10GB-SR	10GBASE-SR X2	5.0(2a)
	X2-10GB-LR	10GBASE-LRX2	5.0(2a)
	X2-10GB-LRM	10GBASE-LRM X2	5.0(2a)
	X2-10GB-ER	10GBASE-ERX2	5.0(2a)
	DWDM-X2-60.61=	10GBASE-DWDM X2	5.0(2a)
	DWDM-X2-59.79=		5.0(2a)
	DWDM-X2-58.98=		5.0(2a)
	DWDM-X2-58.17=		5.0(2a)
	DWDM-X2-56.55=		5.0(2a)
	DWDM-X2-55.75=		5.0(2a)
	DWDM-X2-54.94=		5.0(2a)
	DWDM-X2-54.13=		5.0(2a)
	DWDM-X2-52.52=		5.0(2a)
	DWDM-X2-51.72=		5.0(2a)
	DWDM-X2-50.92=		5.0(2a)
	DWDM-X2-50.11=		5.0(2a)
	DWDM-X2-48.51=		5.0(2a)
	DWDM-X2-47.72=		5.0(2a)
	DWDM-X2-46.92=		5.0(2a)
	DWDM-X2-46.12=		5.0(2a)
	DWDM-X2-44.53=		5.0(2a)
	DWDM-X2-43.73=		5.0(2a)
	DWDM-X2-42.94=		5.0(2a)
	DWDM-X2-42.14=		5.0(2a)
	DWDM-X2-40.56=		5.0(2a)
	DWDM-X2-39.77=		5.0(2a)
	DWDM-X2-38.98=		5.0(2a)
	DWDM-X2-38.19=		5.0(2a)
	DWDM-X2-36.61=		5.0(2a)
	DWDM-X2-35.82=		5.0(2a)
	DWDM-X2-35.04=		5.0(2a)
	DWDM-X2-34.25=		5.0(2a)
	DWDM-X2-32.68=		5.0(2a)
	DWDM-X2-31.90=		5.0(2a)
	DWDM-X2-31.12=		5.0(2a)
	DWDM-X2-30.33=		5.0(2a)
N7K-M148GS-11	SFP-GE-S	1000BASE-SX	4.1(2)
	GLC-SX-MM		4.1(2)
	SFP-GE-L	1000BASE-LX	4.1(2)
	GLC-LH-SM		4.1(2)
	SFP-GE-Z	1000BASE-ZX	4.1(2)
	GLC-ZX-SM		4.1(2)
	GLC-T	1000BASE-T	4.2(1)
	SFP-GE-T		4.2(1)
	GLC-BX-D	1000BASE-BX10-D	5.2(1)
	GLC-BX-U	1000BASE-BX10-U	5.2(1)
	GLC-SX-MMD	1000BASE-SX	5.2(1)
	GLC-LH-SMD	1000BASE-LX	5.2(1)
	CWDM-SFP-1470	1000BASE-CWDM	4.2(1)
	CWDM-SFP-1490		4.2(1)
	CWDM-SFP-1510		4.2(1)
	CWDM-SFP-1530		4.2(1)
	CWDM-SFP-1550		4.2(1)
	CWDM-SFP-1570		4.2(1)
	CWDM-SFP-1590		4.2(1)
	CWDM-SFP-1610		4.2(1)
N7K-M148GS-11	DWDM-SFP-6141	1000BASE-DWDM	4.2(1)
	DWDM-SFP-6061		4.2(1)
	DWDM-SFP-5979		4.2(1)
	DWDM-SFP-5898		4.2(1)
	DWDM-SFP-5817		4.2(1)
	DWDM-SFP-5736		4.2(1)
	DWDM-SFP-5655		4.2(1)
	DWDM-SFP-5575		4.2(1)
	DWDM-SFP-5494		4.2(1)
	DWDM-SFP-5413		4.2(1)
	DWDM-SFP-5332		4.2(1)
	DWDM-SFP-5252		4.2(1)
	DWDM-SFP-5172		4.2(1)
	DWDM-SFP-5092		4.2(1)
	DWDM-SFP-5012		4.2(1)
	DWDM-SFP-4931		4.2(1)
	DWDM-SFP-4851		4.2(1)
	DWDM-SFP-4772		4.2(1)
	DWDM-SFP-4692		4.2(1)
	DWDM-SFP-4612		4.2(1)
	DWDM-SFP-4532		4.2(1)
	DWDM-SFP-4453		4.2(1)
	DWDM-SFP-4373		4.2(1)
	DWDM-SFP-4294		4.2(1)
	DWDM-SFP-4214		4.2(1)
	DWDM-SFP-4134		4.2(1)
	DWDM-SFP-4056		4.2(1)
	DWDM-SFP-3977		4.2(1)
	DWDM-SFP-3898		4.2(1)
	DWDM-SFP-3819		4.2(1)
	DWDM-SFP-3739		4.2(1)
	DWDM-SFP-3661		4.2(1)
	DWDM-SFP-3582		4.2(1)
	DWDM-SFP-3504		4.2(1)
	DWDM-SFP-3425		4.2(1)
	DWDM-SFP-3346		4.2(1)
	DWDM-SFP-3268		4.2(1)
	DWDM-SFP-3190		4.2(1)
	DWDM-SFP-3112		4.2(1)
	DWDM-SFP-3033		4.2(1)
N7K-M148GS-11L	SFP-GE-S	1000BASE-SX	5.0(2a)
	GLC-SX-MM		5.0(2a)
	SFP-GE-L	1000BASE-LX	5.0(2a)
	GLC-LH-SM		5.0(2a)
	SFP-GE-Z	1000BASE-ZX	5.0(2a)
	GLC-ZX-SM		5.0(2a)
	GLC-T	1000BASE-T	5.0(2a)
	SFP-GE-T		5.0(2a)
	GLC-BX-D	1000BASE-BX10-D	5.2(1)
	GLC-BX-U	1000BASE-BX10-U	5.2(1)
	GLC-SX-MMD	1000BASE-SX	5.2(1)
	GLC-LH-SMD	1000BASE-LX	5.2(1)
N7K-M148GS-11L	DWDM-SFP-6141	1000BASE-DWDM	5.0(2a)
	DWDM-SFP-6061		5.0(2a)
	DWDM-SFP-5979		5.0(2a)
	DWDM-SFP-5898		5.0(2a)
	DWDM-SFP-5817		5.0(2a)
	DWDM-SFP-5736		5.0(2a)
	DWDM-SFP-5655		5.0(2a)
	DWDM-SFP-5575		5.0(2a)
	DWDM-SFP-5494		5.0(2a)
	DWDM-SFP-5413		5.0(2a)
	DWDM-SFP-5332		5.0(2a)
	DWDM-SFP-5252		5.0(2a)
	DWDM-SFP-5172		5.0(2a)
	DWDM-SFP-5092		5.0(2a)
	DWDM-SFP-5012		5.0(2a)
	DWDM-SFP-4931		5.0(2a)
	DWDM-SFP-4851		5.0(2a)
	DWDM-SFP-4772		5.0(2a)
	DWDM-SFP-4692		5.0(2a)
	DWDM-SFP-4612		5.0(2a)
	DWDM-SFP-4532		5.0(2a)
	DWDM-SFP-4453		5.0(2a)
	DWDM-SFP-4373		5.0(2a)
	DWDM-SFP-4294		5.0(2a)
	DWDM-SFP-4214		5.0(2a)
	DWDM-SFP-4134		5.0(2a)
	DWDM-SFP-4056		5.0(2a)
	DWDM-SFP-3977		5.0(2a)
	DWDM-SFP-3898		5.0(2a)
	DWDM-SFP-3819		5.0(2a)
	DWDM-SFP-3739		5.0(2a)
	DWDM-SFP-3661		5.0(2a)
	DWDM-SFP-3582		5.0(2a)
	DWDM-SFP-3504		5.0(2a)
	DWDM-SFP-3425		5.0(2a)
	DWDM-SFP-3346		5.0(2a)
	DWDM-SFP-3268		5.0(2a)
	DWDM-SFP-3190		5.0(2a)
	DWDM-SFP-3112		5.0(2a)
	DWDM-SFP-3033		5.0(2a)
N7K-M148GS-11L	CWDM-SFP-1470	1000BASE-CWDM	5.0(2a)
	CWDM-SFP-1490		5.0(2a)
	CWDM-SFP-1510		5.0(2a)
	CWDM-SFP-1530		5.0(2a)
	CWDM-SFP-1550		5.0(2a)
	CWDM-SFP-1570		5.0(2a)
	CWDM-SFP-1590		5.0(2a)
	CWDM-SFP-1610		5.0(2a)
N7K-M132XP-12	SFP-H10GB-ACUxM1	SFP-H10GB-ACUxM Twinax Cable Active (7m, 10m)	5.1(2)
	FET-10G	Cisco Fabric Extender Transceiver (FET)	5.1(1)
	SFP-10G-ER	10GBASE-ER SFP+	4.2(6)
	SFP-10G-LR	10GBASE-LR SFP+	4.0(3)
	SFP-10G-SR	10GBASE-SR SFP+	4.0(1)
N7K-M132XP-12L	FET-10G	Cisco Fabric Extender Transceiver (FET)	5.1(1)
	SFP-10G-SR	10GBASE-SR SFP+	5.1(1)
	SFP-10G-LR	10GBASE-LR SFP+	5.1(1)
	SFP-10G-ER	10GBASE-ER SFP+	5.1(1)
	SFP-10G-LRM	10GBASE-LRM SFP+	5.1(1)
	SFP-H10GB-ACUxM	SFP-H10GB-ACUxM Twinax Cable Active (7m, 10m)	5.1(1)
	SFP-H10GB-CUxM1	SFP-H10GB-CUxM Twinax Cable Passive (1m, 3m, 5m)	5.1(2)3

1 Only Version -02 or later is supported. 2 Requires CVR-X2-SFP10G, OneX Converter Module (X2 to SFP+ Adapter). 3 Requires a module reload if you perform an ISSU to Cisco NX-OS Release 5.1(2) from an earlier release.

Upgrade/Downgrade Caveats

This section includes caveats that relate to upgrading or downgrading Cisco NX-OS software on Cisco Nexus 7000 Series devices.

---

Note Before you upgrade or downgrade your Cisco NX-OS software, we recommend that you read the complete list of caveats in this section to understand how an upgrade or downgrade might affect your network, depending on the features that you have configured.

---

This section includes the following topics:

•General Upgrade/Downgrade Caveats

•Specific Upgrade/Downgrade Caveats for Cisco NX-OS Release 5.2(x)

General Upgrade/Downgrade Caveats

Do not change any configuration settings or network settings during a software upgrade. Any changes in the network settings may cause a disruptive upgrade.

Refer toTable 4 for the nondisruptive upgrade (ISSU) path to, and nondisruptive downgrade (ISSD) path from Cisco NX-OS Release 5.2(4). Releases that are not listed for a particular release train do not support a direct ISSU or ISSD to the current release.

Table 4 ISSU and ISSD Paths to the Current Release

Current Releases	Release Train	Releases That Support ISSU to Current Release	Releases That Support ISSD from Current Release
NX-OS Release 6.0(2)	6.0	6.0(1)	6.0(1)
	5.2	5.2(1), 5.2(3a), 5.2(4)	5.2(1), 5.2(3a), 5.2(4)
NX-OS Release 5.2(4)	5.2	5.2(1), 5.2(3a)	5.2(1), 5.2(3a)
	5.1	5.1(3), 5.1(4), 5.1(5), 5.1(6)	5.1(3), 5.1(4), 5.1(5), 5.1(6)
	5.0	5.0(5)	5.0(5)
	4.2	4.2(6), 4.2(8)	4.2(4), 4.2(6), 4.2(8)

Cisco NX-OS Release 5.2(1) or later releases are not ISSU-compatible with NX-OS Release 5.1(2), which is a deferred release.

Cisco NX-OS Release 5.2(1) or later releases are not ISSU-compatible with Release 4.1(x) and Release 4.0(x). Similarly a downgrade to Release 4.1(x) or Release 4.0(x) is disruptive.

---

Note If you are running an unsupported NX-OS release, you can perform an ISSU or ISSD in two steps:

1. Upgrade (or downgrade) to an ISSU-compatible or ISSD-compatible release.

2. Perform a second nondisruptive upgrade (or downgrade) to the current release.

For example, to upgrade from Release 4.2(3) to Release 5.2(x), you can perform an ISSU from Release 4.2(3) to Release 4.2(6), and then perform and ISSU from Release 4.2(6) to Release 5.2(x).

---

---

Note During a disruptive upgrade, configuration loss is possible on the Cisco Nexus 7000 system and on any attached Fabric Extender Modules when the reason "incompatible image" is displayed.

---

Specific Upgrade/Downgrade Caveats for Cisco NX-OS Release 5.2(x)

•Cisco NX-OS Release 5.2(1) includes new mandatory configuration parameters for OTV. An ISSU to Release 5.2(1) will result in interruptions of the OTV service. In addition, be aware of the following points related to ISSU:

–If any overlay interface is in the no-shutdown state (up), the ISSU pre-upgrade stage cannot complete. All overlay interfaces must be in the shutdown state before the ISSU can successfully complete.

–Following the ISSU, it is mandatory to configure the OTV site identifier to bring up the overlays.

–Following the ISSU, apply the default CoPP policy to ensure that OTV functions properly. To apply the default CoPP policy, enter the copp profile strict command.

Recommendations on the best procedure to minimize the impact of ISSU on the OTV service can be found in the Cisco Nexus 7000 Series NX-OS OTV Configuration Guide. Closely follow this procedure when upgrading an existing OTV deployment.

•When you downgrade from Cisco NX-OS Release 5.2(x) to an earlier release such as Cisco NX-OS Release 4.2(1), you might see messages like the following:

Jul 9 14:50:30 sysmgr: <<%PSS-1-PSS_VERSION_MISMATCH>> sysmgr: found version mismatch in /var/sysmgr/startup-cfg/bin/sysmgr_config

Jul 9 14:50:30 %PSS-1-PSS_VERSION_MISMATCH sysmgr: found version mismatch in /var/sysmgr/startup-cfg/bin/sysmgr_config

Jul 9 14:50:30 sysmgr: <<%PSS-1-PSS_VERSION_MISMATCH>> sysmgr: found version mismatch in /var/sysmgr/startup-cfg/debug/sysmgr_debug_config

These messages are harmless and the downgrade should succeed.

•Before you attempt a downgrade from Cisco NX-OS Release 5.2(x) to any release prior to Release 5.2(1), you should clear the QoS MIB and MPLS QoS defaults using the clear qos mpls-snmp command. Enter these commands after the switch configuration has been erased and it has been reloaded. The downgrade might result in a continuous failure if the defaults are not cleared.

•Before you downgrade from Cisco NX-OS Release 5.2(x) or 5.1(x) to Cisco NX-OS Release 5.0(x) or an earlier release, remove all system QoS and QoS policies configured on F1-series modules. Use the clear qos policies command to remove the defaults for F1-series modules. An internal process failure can result if the QoS policies are not removed prior to the downgrade.

•ISSU and stateful switchover (SSO) are not supported when aggressive failure detection timers are used for any Layer 3 protocols. Starting in Cisco NX-OS Release 5.2(3a), the First Hop Redundancy Protocol (FHRP) with aggressive timers has been validated for SSO or ISSU using the extended hold timer feature. Other protocols such as OSPF have been validated with aggressive timers without SSO or ISSU support starting in Cisco NX-OS Release 5.2(1). For additional information on aggressive timer support and extended hold timers for FHRP, see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide and the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide.

•Cisco NX-OS Release 5.2(1) extends the reserved VLAN range from 3968 to 4095 and makes it configurable. Previously, in releases prior to Cisco NX-OS Release 5.2(1), the reserved VLAN range was 3968 to 4048, and 4094, and it was not configurable. See the "Configurable Reserved VLAN Range" section for more information about this new feature.

Once you upgrade to Cisco NX-OS Release 5.2(1), user-defined VLANs might fall within the new reserved range. If that occurs, then the new reserved range will not take effect and the features that need the additional reserved VLANs will be impacted.

To address this situation, you can either migrate the affected user-defined VLAN before or after the upgrade, or you can modify the new VLAN range after the upgrade. See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide.

---

Caution Once you modify the VLAN range, an ISSD to a lower release will overwrite your configuration. Because of this, we recommend that you save a copy of your switch configuration to a separate file before you start an ISSU to Cisco NX-OS Release 5.2(1) so that you restore the configuration if necessary.

---

If you perform an ISSU to Cisco NX-OS Release 5.2(1) and you modify the new configurable reserved VLAN range, an ISSD to a lower version requires a reboot to restore the previous reserved VLAN range of 3968 to 4048, and 4094.

If you perform an ISSU to Cisco NX-OS Release 5.2(1) and you do not modify the new configurable reserved VLAN range of 3968 to 4095, then you can perform an ISSD to a lower version and your configuration is preserved.

•BFD for static routes does not support a stateful switchover (SSO) or an ISSU. When you perform an ISSU or an SSO, a small amount of packet loss can result in flows that follow static routes that are protected by BFD.

•The ACL resource allocation scheme was changed in Cisco NX-OS Release 5.1(x) to provide BFD improved interoperability with other features that use ACLs. Because of this change, you should disable BFD prior to a software upgrade from any Cisco NX-OS Release 5.0(x) to any Cisco NX-OS Release 5.1(x) or Release 5.2(x). Likewise, you should disable BFD before a downgrade from any Cisco NX-OS Release 5.2(x) or Release 5.1(x) to any Cisco NX-OS Release 5.0(x).

•Before you perform an ISSU from a Cisco NX-OS Release 5.2(x) earlier than Release 5.2(4) to Release 6.x or perform an ISSU or ISSD between any two Cisco NX-OS 6.x releases, you must first remove QoS policies and ACLs from interfaces that are in the down state. If this action is not performed, the installer process will abort the upgrade or downgrade process, and a message similar to the following will be displayed:

Service "ipqosmgr" : Please remove inactive policies using the command "clear 
inactive-config qos" Pre-upgrade check failed. Return code 0x415E0055 (Need to clear 
inactive-if-config from qos manager using the command "conf;clear inactive-config qos" 
or can manually clear the config shown by the command: "show running-config ipqos 
inactive-if-config").

---

Note The automatic clear inactive-config qos command that clears an inactive configuration will delete the port channel policies even if one of the ports in a port channel has inactive policies.

---

Guidelines for manual policy removal: during a manual removal, when the interface is part of a port channel, remove the policy map or access list from the port channel or remove the interface from the port channel before performing the ISSU or ISSD. For all other interface types, remove the policy map or access list from the interface.

•If you downgrade a Cisco Nexus 7000 Series device from Cisco NX-OS Release 5.2(x) or Release 5.1(x) to Cisco NX-OS Release 5.0(x) or Release 4.2(x), AAA configuration commands might fail. The workaround is to write-erase the startup configuration and reboot the device.

•A nondisruptive software upgrade or downgrade is not supported when vPC peers are on a single physical switch, but they run across VDCs.

CMP Images

Cisco NX-OS Release 5.2(4) uses the same CMP image as Cisco NX-OS Release 5.2(1).

Cisco NX-OS Release 5.2(1) includes a new image for the connectivity management processor (CMP). The CMP is upgraded to Release 5.2(1) on successful ISSU of Cisco NX-OS to Release 5.2(1). When the ISSU completes, you should reload the CMP image on the active and standby supervisor modules. For additional information, see the Cisco Nexus 7000 Series NX-OS Software Upgrade and Downgrade Guide, Release 5.x.

For additional information about the CMP, see the Cisco Nexus 7000 Series Connectivity Management Processor Configuration Guide.

EPLD Images

In conjunction with Cisco NX-OS Release 5.2(1), a new EPLD package is introduced. Certain features in Cisco NX-OS Release 5.2(1) may require an upgrade to the new EPLD images. LISP, for example, requires a specific EPLD version on the 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) and the 32-port 10-Gigabit Ethernet SFP+ I/O module XL (N7K-M132XP-12L). MPLS does not require an EPLD upgrade.

Cisco NX-OS Release 5.2(4) and Release 5.2(3a) do not include new EPLD images.

To determine if you need to upgrade the EPLD images on your Cisco Nexus 7000 Series switch, see the Cisco Nexus 7000 Series FPGA/EPLD Upgrade Release Notes, Release 5.2.

Cisco DCNM

Cisco Data Center Network Manager (DCNM) Release 5.2(2a) supports Cisco NX-OS Release 5.2(4).

Cisco Data Center Network Manager (DCNM) Release 5.2(1) supports Cisco NX-OS 5 Release 5.2(1) and Release 5.2(3a). See the Cisco DCNM Release Compatibility Matrix for specific information about the Cisco Nexus platforms and software release versions that Cisco DCNM supports.

New Hardware Features

Cisco NX-OS Release 5.2 supports the new Cisco Nexus 7009 chassis (N7K-7009) and new fabric module (N7K-7009-FAB-2) for the Cisco Nexus 7009 system. The Cisco Nexus 7009 chassis has 9 slots that allow for two supervisor modules and up to seven I/O modules. The chassis also holds up to five fabric modules, one fan tray, up to two power supply units, and a cable management system. For additional information about the Cisco Nexus 7009 system, see the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.

New Software Features

This section briefly describes the new features introduced in Cisco NX-OS Release 5.2 for the Cisco Nexus 7000 Series switches. For detailed information about the features listed, see the documents listed in the "Related Documentation" section. The "New and Changed Information" section in each of these books provides a detailed list of all new features and includes links to the feature description or new command.w

Some new features require a new license. See the "Licensing" section for additional information. For complete information about the licenses required for Cisco NX-OS features, see the Cisco NX-OS Licensing Guide.

This section includes the following topics:

•Cisco NX-OS Release 5.2(4)

•Cisco NX-OS Release 5.2(3a)

•Cisco NX-OS Release 5.2(1)

Cisco NX-OS Release 5.2(4)

Cisco NX-OS Release 5.2(4) is a maintenance release that includes bug fixes and minor software enhancements:

•Beginning with Cisco NX-OS Release 5.2(4), multicast GRE tunnel interfaces are supported with MVPN.

•Beginning with Cisco NX-OS Release 5.2(4), PBR and WCCP are supported on the same interface if bank chaiing is disabled.

Cisco NX-OS Release 5.2(3a)

Cisco NX-OS Release 5.2(3a) is a maintenance release that includes bug fixes. It does not include new software features.

Cisco NX-OS Release 5.2(1)

This section briefly describes the new features introduced in Cisco NX-OS Release 5.2(1) for the Cisco Nexus 7000 Series switches and includes the following topics:

•LISP

•MPLS

•FCoE (Fiber Channel over Ethernet)

•OTV Features

•FEX Features

•IEEE 1588v2 PTP Support

•PONG

•ACL Capture

•ACLs Enhancements

•BFD SHA-1 Authentication

•BFD Support for VRRP

•BGP Local-AS

•BGP Prefix Independent Convergence Core

•CFS Enhancement

•Cisco TrustSec Enhancement

•Configurable Reserved VLAN Range

•CoPP Enhancements

•EEM Correlation

•EIGRP Wide Metrics

•Graceful vPC Type-1 Check Handling

•HTTP Proxy Server for Smart Call Home

•Multicast over GRE

•NetFlow Enhancement

•NTP Enhancements

•Parallel Upgrade of EPLD Images

•Parallel Upgrade of I/O Modules

•Password Encryption

•Smart DHCP Relay

•SPAN and ERSPAN Enhancements

•Static Multicast MAC

•System Message Logging

•Subnet Broadcast Support for the DHCP Relay Agent

•Unique MAC Address per VDC

•vPC Autorecovery

•XML Infrastructure Enhancements

LISP

The Locator/ID Separation Protocol (LISP) is a new routing architecture designed for Internet scale and global reach across organizations. Cisco NX-OS Release 5.2(1) introduces LISP VM mobility which is designed to enable global IP endpoint mobility across private networks and the Internet.

LISP functionality requires the use of the 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) or the 32-port 10-Gigabit Ethernet SFP+ I/O module XL (N7K-M132XP-12L). These modules can be used independently or combined with F1 series modules in proxy mode to deliver LISP functionality in a Cisco Nexus 7000 Series switch. Traffic received on other M-series modules will not be processed by LISP because they cannot operate in proxy mode.

LISP does not require a new license. It can be enabled with the Transport Services Package license (N7K-TRS1K9).

For additional information about LISP, see the Cisco Nexus 7000 Series NX-OS LISP Configuration Guide.

MPLS

Cisco NX-OS Release 5.2(1) adds support for MultiProtocol Label Switching (MPLS) on Cisco Nexus 7000 Series devices, and includes the features briefly described in this section.

MPLS requires a new license as described in the "Licensing" section.

For additional information about MPLS, see the Cisco Nexus 7000 Series MPLS Configuration Guide.

MPLS Label Switching Router

MPLS forwarding is based on label switching. Labels are allocated based on per-prefix or per-VRF. LDP enables the exchange of labels and IGP prefix bindings. Per-Prefix and Per-VRF bindings are supported.

MPLS Layer-3 VPNs for IPv4

Layer-3 VPNs for IPv4 provide secure segmentation of customer traffic, and allow common services to be shared among customers.

MPLS Layer-3 VPNs for IPv6

Layer-3 VPNs for IPv6 allows communication between IPv6 domains over an MPLS enabled network. The 6VPE technique allows carrying IPv6 in a VPN fashion over a non-IPv6 aware MPLS core.

MPLS Traffic Engineering

MPLS traffic engineering allows you to create paths in the network to efficiently use the network fabric and bandwidth. MPLS TE FRR supports restoration of a TE path in 50 ms or less. Link, node, path and bandwidth protection mechanisms are supported. Cisco Nexus 7000 Series XL linecards are required to achieve 50 ms convergence for MPLS TE FRR.

MPLS QoS

QoS mechanisms such as policing, marking and matching are available for MPLS labeled packets. Differentiated services models such as pipe, short-pipe, and uniform modes allow control of classification and remarking of traffic, which can be applied to applications that require tight service-level agreement (SLA) controls.

MPLS OAM (LSP Ping and Trace)

LSP ping and traceroute provide data path verification in MPLS networks. Tunnel ping and traceroute for path verification are available over TE tunnels.

LDP

Cisco NX-OS Release 5.2(1) supports Label Distribution Protocol as defined in RFC 3036.

Multicast VPN for IPv4

A multicast VPN is an IP VPN service that supports the transmission of IP multicast packets between sites. Cisco NX-OS Release 5.2(1) implements the Internet Draft, draft-rosen-vpn-mcast-10.txt, "Multicast in MPLS/BGP IP VPNs." This multicast VPN service is an overlay to BGP or MPLS IP VPNs. The signaling specified is Protocol Independent Multicast (PIM) and the traffic encapsulation is Generic Routing Encapsulation (GRE).

Export and Import of Routes Between VRFs

The ability to export or import routes between VPNs, based on VPN route target communities as part of BGP extended communities, is available in Cisco NX-OS Release 5.2(1) for VRF-lite and MPLS Layer 3 VPNs. Both AS and IP address route targets are supported. An MPLS license is not required to export or import routes between VPNs with VRF-lite.

FCoE (Fiber Channel over Ethernet)

FCoE support is added for the 32-port 1/10 Gigabit Ethernet module (F1-Series) module (N7K-F132XP-15) in the Cisco Nexus 7000 Series chassis. FCoE can now be deployed in director class, highly available, modular platforms for the access and core of converged networks. To support FCoE hosts and targets, VE port support allows for FCoE ISLs, which help create scalable, multihop FCoE topologies. FCoE traffic within a Cisco Nexus 7000 Series switch can be segmented using a dedicated storage VDC.

FCoE includes the features briefly described in this section.

Storage VDC

To run FCoE on a Cisco Nexus 7000 Series device, you must create a separate storage VDC. Only one of the VDCs can be a storage VDC, and the default VDC cannot be configured as a storage VDC. The storage VDC enables isolation, security, and ease of management of FCoE traffic. An FCoE license (N7K-FCOEF132XP) is required to create the storage VDC. See the "Licensing" section.t

For additional information about the storage VDC, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.

Shared Interfaces

You can configure shared interfaces that carry both Ethernet and Fibre Channel traffic. In this specific case, the same interface belongs to more than one VDC. The shared interface is allocated to both an Ethernet VDC and a storage VDC. For additional information about FCoE and shared interfaces, see the Cisco NX-OS FCoE Configuration Guide.

Cisco Nexus 7000 Series FCoE converged networks can be seamlessly bridged to Cisco MDS 9500 switches with the introduction of the Cisco MDS 9000 8-port 10-Gbps Fibre Channel over Ethernet (FCoE) Module (DS-X9708-K9). For additional information about the FCoE module, see the Cisco MDS 9500 Series Hardware Installation Guide.

FCoE requires a new license as described in the "Licensing" section.

OTV Features

There are several new OTV features in Cisco NX-OS Release 5.2(1) which are briefly described in this section. For additional information, see the Cisco Nexus 7000 Series NX-OS OTV Configuration Guide.

OTV Adjacency Server

The OTV adjacency server feature enables unicast based OTV deployment in environments in which the IP core does not support IP multicast. In an OTV environment, the edge devices build a relationship with each other from a control-plane perspective. The neighbor relationship can be built over both multicast-enabled and unicast-only transport infrastructure.

OTV Support for IPv6 Clients

Cisco NX-OS Release 5.2(1) introduces support for IPv6 ND packets over OTV.

OTV Site Hardening

Additional checks have been added to OTV to prevent accidental misconfiguration that might lead to problems. This functionality introduces a new mandatory command in OTV. Since this command is introduced in NX-OS Release 5.2(1), an ISSU from previous versions of NX-OS will result in a disruption of the OTV service. Refer to the"Upgrade/Downgrade Caveats" section for more information.

FEX Features

Cisco NX-OS Release 5.2(1) adds support for new features to Cisco Nexus Fabric Extender (FEX) modules.

LDP Support for FEX

The LLDP and LACP support the Cisco Nexus 2000 Series Fabric Extender (FEX).

Routed FEX port

This functionality enables a FEX port to be configured as a routed port. However, no routing protocols can be tied to this routed interface.

Host vPC with FEX

The host vPC with FEX feature provides the ability to have a vPC from a host connected to two independent Cisco Nexus 2000 Series Fabric Extenders with a Cisco Nexus 7000 Series switch that acts as a parent switch to the FEX. The two Cisco Nexus 7000 Series switches that act as the parent switch form the vPC peers. The connectivity between the FEX and Cisco Nexus 7000 Series switch cannot be a vPC. It can be a link or a port channel.

IEEE 1588v2 PTP Support

Precision Time Protocol (PTP) is based on IEEE 1588v2, and it is implemented on F1-series modules. The implementation supports Boundary Clock for network synchronization, and includes support for multiple slaves. The precision provided by the implementation is approximately less than 50 ns.

PONG

PONG is the ability to do a traceroute based on the MAC addresses of the destination endpoint, and to provide a latency and connectivity check, using IEEE1588v2 for latency measurement. PONG can be enable with the Enhanced Layer 2 Package (N7K-EL21K9) license.

ACL Capture

ACL capture provides a mechanism to selectively monitor traffic on all types of interfaces per VLAN. It allows the user to enable capture for a specific ACL rule. Packets that match an ACL rule with a capture option, are either forwarded or dropped based on a permit or deny action and also copied to an alternate destination port for further analysis.

ACLs Enhancements

•Added support for FCoE ACLs on F1 Series modules.

•Changed the show running-config aclmgr and show startup-config aclmgr commands to display only the user-configured ACLs (and not also the default CoPP-configured ACLs) in the running and startup configurations.

BFD SHA-1 Authentication

SHA-1 authentication mechanism between BFD peers is now supported.

BFD Support for VRRP

BFD support for VRRP is added. This feature allows aggressive router failure detection when VRRP is enabled.

BGP Local-AS

This feature provides the capability to add to or change the values prepended onto the AS_PATH attribute on routes to or from the configured eBGP neighbor. Having this capability simplifies the process of AS migration by not disrupting existing peering arrangements by allowing the router to appear to external peers as a member of another autonomous system.

BGP Prefix Independent Convergence Core

Cisco Release NX-OS 5.2(1) introduces BGP Prefix Independent Convergence (PIC) Core. This feature allows for faster convergence for traffic destined to BGP prefixes that share the same remote next hop in case of a failure in the core of the network. Both MPLS and pure IP traffic can benefit from BGP PIC Core. It is enabled by default and can not be disabled.

CFS Enhancement

Cisco NX-OS Release 5.2(1) adds CFS over Fibre Channel (CFSoFC) distribution support for device alias, DPVM, FC domain, FC port security, FC timer, IVR, and RSCN.

Cisco TrustSec Enhancement

Added support for pause frame encryption and decryption on interfaces. Pause frames are MAC control frames used for Ethernet flow control. The ports on some line cards encrypt and decrypt pause frames while the ports on other line cards do not have this ability. This disparity causes interoperability issues and causes the ports to discard or ignore the pause frames. Beginning with Cisco NX-OS Release 5.2, you can configure if the pause frames are to be encrypted or clear on individual interfaces. If two ports are connected to form a CTS link and one is clear pause capable and the other is secure (encryption/decryption) pause capable, the pause frames must be sent in the clear across the link in order for them to be correctly sent and received.

F1 Series modules and the N7K-M132XP-12(L) module support only clear pause frames. All other M1 Series modules support both secure (encrypted and decrypted) and clear pause frames.

Configurable Reserved VLAN Range

On Cisco Nexus 7000 Series switches, certain VLANs are reserved for internal use. These VLAN numbers occasionally conflict with the network VLANs that customers assign. In Cisco NX-OS Release 5.2(1), the new system vlan start-vlan range command allows you to reassign the internal VLANs to a different value. In addition, the range of reserved VLANs is extended to 128.

---

Note Before upgrading to Cisco NX-OS 5.2(1), review the"Upgrade/Downgrade Caveats" section to understand the impact of the configurable reserved VLAN feature on a non-disruptive downgrade.

---

CoPP Enhancements

•Added the ability to change or reapply the default CoPP policy without rerunning the setup utility.

•Changed the CoPP best practice policy to read-only and added the ability to copy the policy in order to modify it.

•Added the show copp profile and show copp diff profile commands to display the details of the CoPP best practice policy and the differences between policies, respectively.

•Changed the show copp status command to display which flavor of the CoPP best practice policy is attached to the control plane.

•Changed the name of the none option for the best practices CoPP profile in the setup utility to skip.

•Updated the default class maps with support for MPLS LDP, MPLS OAM, MPLS RSVP, DHCP relay, and OTV-AS.

EEM Correlation

Multiple event correlation support allows users to trigger an EEM policy based on combinations of event triggers.

EIGRP Wide Metrics

EIGRP wide metrics can accommodate interfaces faster than 1 Gigabit Ethernet, while computing the metric to be installed in the RIB or FIB. This feature allows EIGRP to perform meaningful path selection when high-speed links are involved.

Graceful vPC Type-1 Check Handling

Changing a type-1 parameter such as STP mode or MTU on one of the vPC port channels can cause a consistency check failure. As a result, the vPC is set to a down state, as is the associated vPC on the other peer device, and traffic for this particular vPC is blackholed. The graceful vPC type-1 check can avert a failure and preserve the network redundancy by keeping up the vPC member ports on a primary peer device. The graceful vPC type-1 check is applicable for the global type-1 parameter and the vPC level type-1 parameter.

HTTP Proxy Server for Smart Call Home

You can now configure Smart Call Home to send HTTP messages through an HTTP proxy server.

Multicast over GRE

In Cisco NX-OS Release 5.2(1), you can configure multicast on generic routing encapsulation (GRE) tunnel interfaces including as an OIF.

NetFlow Enhancement

NetFlow is supported on switch virtual interfaces (SVIs) for F1 Series ports.

NTP Enhancements

Cisco NX-OS 5.2(1) supports the following NTP features:

•NTP Server (Unicast only)

•Added NTP support for all VDCs, enabling them to act as time servers.

•Changed the command to enable or disable NTP from [no] ntp enable to [no] feature ntp.

•Added the serve, serve-only, and query-only access group options to control access to additional NTP services.

Parallel Upgrade of EPLD Images

This feature allows you to upgrade EPLD images in parallel on all I/O modules or a range of I/O modules.

Parallel Upgrade of I/O Modules

This features allows you to upgrade Cisco NX-OS on I/O modules in parallel, instead of sequentially, which is the current model. Parallel upgrades allows control of how many modules can be upgraded at one time. This feature can greatly reduce the time to upgrade the I/O modules and help reduce the maintenance window at customer sites.

Password Encryption

The Advanced Encryption Standard (AES) password encryption feature stores all existing and newly created clear-text passwords for supported applications (currently RADIUS and TACACS+) in the strong and reversible type-6 encrypted format. A master encryption key is used to encrypt and decrypt the passwords. You can also use this feature to convert all existing weakly encrypted passwords to type-6 encrypted passwords.

Smart DHCP Relay

As of today when DHCP relay agent receives broadcast DHCP request packet from a host, it fills the primary address of the inbound interface and forwards to the server, which allocates IP addresses from the subnet pool until the pool is exhausted and ignores further requests. This may not work if the number of hosts is more than the number of IP addresses in the pool or if there are multiple subnets configured on an interface using secondary addresses. The relay functionality is enhanced so that the relay agent fills relay agent address of DHCP request packet with one of the secondary address and forward to the server in case IP addresses are exhausted in primary address subnet pool. The server allocates IP address in the secondary IP address subnet pool.

SPAN and ERSPAN Enhancements

•Added SPAN and ERSPAN source support for Cisco Nexus 2000 Series Fabric Extender interfaces.

•MTU Truncation (Applies only to SPAN, not to ERSPAN) - To reduce the SPAN traffic bandwidth, you can configure the maximum bytes allowed for each replicated packet in a SPAN session.

•Source Rate Limit (Applies only to SPAN, not to ERSPAN) - When a SPAN session is configured with multiple interfaces or VLANs as the sources in a high-traffic environment, the destination port can be overloaded, causing the normal data traffic to be disrupted at the source port. You can alleviate this problem as well as traffic overload on the source forwarding instance by configuring a source rate limit for each SPAN session.

•Multicast Best Effort Mode - You can configure the multicast best effort mode for any SPAN or ERSPAN session. By default, SPAN/ERSPAN replication occurs on both the ingress and egress line card. When you enable the multicast best effort mode, SPAN/ERSPAN replication occurs only on the ingress line card for multicast traffic or on the egress line card for packets egressing out of Layer 3 interfaces (that is, on the egress line card, packets egressing out of Layer 2 interfaces are not replicated for SPAN/ERSPAN).

Static Multicast MAC

Currently on the Cisco Nexus 7000 Series platform, Layer 2 multicast table lookup is performed on the destination IP address instead of the destination MAC address. This type of lookup does not work for all network applications. Some applications share a single unicast cluster IP address and multicast cluster MAC address. Traffic destined for the unicast cluster IP address is forwarded by the last-hop router with the shared multicast MAC address. Forwarding is accomplished by assigning a static Multicast MAC address for the destination IP address of the end host or cluster.

System Message Logging

Added the ability to add the description for physical Ethernet interfaces and subinterfaces in the system message log.

Subnet Broadcast Support for the DHCP Relay Agent

You can configure the device to support the relaying of DHCP packets from clients to a subnet broadcast IP address. When this feature is enabled, the VLAN ACLs (VACLs) accept IP broadcast packets and all subnet broadcast (primary subnet broadcast as well as secondary subnet broadcast) packets.

Unique MAC Address per VDC

VDCs currently point to a common MAC address that is shared as the source from a management perspective. With the new unique MAC address per VDC feature, customers can now manage or view a VDC as a unique device because each VDC will have a unique MAC address as an identifier.

vPC Autorecovery

Currently when a vPC peer-link goes down, a secondary switch takes down all its vPCs if it finds a peer-keep alive is working. If the peer-link does not recover, and the primary switch goes down and is unable to forward any traffic, then the access switches are disconnected.

Autorecovery is the ability to recover from this kind of failure scenario. Autorecovery enables the secondary vPC peer device to set its vPC member ports to an up state in that particular case.

XML Infrastructure Enhancements

Cisco NX-OS allows client applications to send CLI configuration and show commands, but receive the response to the commands as XML tags. In Cisco NX-OS Release 5.2(1), additional CLI commands have been added to support that.

Licensing

Cisco NX-OS Release 5.2(1) includes the new licenses that are described in the following sections:

•FCoE License

•MPLS License

•SAN Enterprise License

For additional information about the licenses mentioned is this section, see the Cisco NX-OS Licensing Guide.

FCoE License

FCoE on the Cisco Nexus 7000 Series is licensed per module. One Cisco Nexus 7000 F1 FCoE License (N7K-FCOEF132XP) is required for each Cisco Nexus 32-port 1/10 Gigabit Ethernet module (N7K-F132XP-15) that runs the FCoE features.

MPLS License

The MPLS license (N7K-MPLS1K9P) is required for all MPLS services.

SAN Enterprise License

The Cisco Nexus 7000 SAN Enterprise License (N7K-SAN1K9) is a chassis-based license that enables Inter-VSAN Routing (IVR), VSAN based access control, and fabric binding.

MIBS

Starting with Cisco NX-OS Release 5.2(1), support is added for the following MIBs:

•BFD MIB

•LDPMIB

•LSR MIB

•TE MIB

•L3VPN

•PIM MIB

•MIB for TCP (RFC 4022)

•IP-MIB (RFC2011)

•Etherlike MIB (RFC1650)

•CISCO-ENTITY-ASSET-MIB

•CISCO-ENTITY-DISPLAY-MIB

•CISCO-ENTITY-EXT-MIB

•CISCO-ENTITY-FRU-CONTROL-MIB

•CISCO-ENTITY-SENSOR-MIB

•CISCO-ENTITY-VENDORTYPE-OID-MIB

•CISCO-PKI-PARTICIPATION MIB Enhancements

•Q-BRIDGE-MIB

•CBQoS-MIB

Limitations

This section describes the limitations in Cisco NX-OS Release 5.2 for the Cisco Nexus 7000 Series switches. It includes the following sections:

•Role-Based Access Control

•EIGRP Routes

•Standby Supervisor Can Reset With Feature-Set Operation

•NTP Servers Created with Cisco DCNM-SAN Are Not Listed for the Storage VDC

•GOLD Snake Loopback Test Disabled on F1 Series Modules

Role-Based Access Control

•Beginning with Cisco NX-OS Release 5.2, you can configure role-based access control (RBAC) in the Cisco Nexus 7000 storage VDC using Cisco NX-OS CLI commands. You cannot configure RBAC in the Cisco Nexus 7000 storage VDC using Cisco DCNM. Note that RBAC in the storage VDC is RBAC for the Cisco Nexus 7000 Series switches, which is different from that for the Cisco MDS 9500 Series switches.

•RBAC CLI scripts used in Cisco MDS 9500 Series switches cannot be applied to the storage VDC configured for a Cisco Nexus 7000 Series switch.

•You cannot distribute the RBAC configuration between a Cisco MDS 9500 Series switch and the storage VDC configured for a Cisco Nexus 7000 Series switch. To prevent this distribution, make sure to assign RBAC in Cisco MDS and the Cisco Nexus 7000 storage VDC to different CFS regions.

EIGRP Routes

Due to a semantic difference between Cisco NX-OS and Cisco IOS software, EIGRP routes that are installed in the routing information base (RIB) are marked with the incorrect process number. When the EIGRP process tag is a number and an AS number is defined under that EIGRP process, the routes in RIB are installed with the process tag and not the AS number.

Standby Supervisor Can Reset With Feature-Set Operation

The standby supervisor might reload when a feature-set operation (install, uninstall, enable, or disable) is performed, if the HA state of the standby supervisor is not "HA standby" at the time of the feature-set operation. To prevent the reload, ensure that the state of the standby supervisor is "HA standby." To check the HA state for the specific VDC where the feature-set operation is performed, enter the show system redundancy ha status command on the active supervisor.

A reload of the standby supervisor has no operational impact because the active supervisor is not affected.

In addition, if you perform a feature-set operation while modules are in the process of coming up, then those modules will be power cycled. Modules that are up and in the "ok" state are not power cycled when you perform a feature set operation.

NTP Servers Created with Cisco DCNM-SAN Are Not Listed for the Storage VDC

If you use Cisco DCNM-SAN to create NTP servers for the Storage VDC, they are not listed for the Storage VDC. The reason is that the Storage VDC is not configured to control the clock and the clock manager cannot provide that information through SNMP.

GOLD Snake Loopback Test Disabled on F1 Series Modules

The GOLD snake loopback test has been disabled on an F1 series modules in Cisco NX-OS Release 5.2(1).

Caveats

This section includes the following topics:

•Open Caveats—Cisco NX-OS Release 5.2

•Resolved Caveats—Cisco NX-OS Release 5.2(4)

•Resolved Caveats—Cisco NX-OS Release 5.2(3a)

•Resolved Caveats—Cisco NX-OS Release 5.2(1)

---

Note Release note information is sometimes updated after the product Release Notes document is published. Use the Cisco Bug Toolkit to see the most up-to-date release note information for any caveat listed in this document.

---

Open Caveats—Cisco NX-OS Release 5.2

This section includes the following open caveats:

•CSCta69220

Symptom: A Web Cache Control Protocol (WCCP) redirect configuration on an interface is not removed when TCAM programming fails due to an unsupported combination of features.

Conditions: This symptom might be seen when Bank Chaining (Hardware Resource Pooling) is enabled and a WCCP configuration is applied after a RACL configuration. This issue might result in a SBADDFAIL syslog that indicates an unsupported feature combination. The WCCP configuration on the interface is not removed when the error occurs and the WCCP redirect is not programmed in the TCAM.

Workaround: Remove the WCCP redirect from the interface. When this operation is done, the SBDELFAIL syslog will appear. Ignore the syslog message and remove the RACL configuration from the interface and reapply the WCCP redirect on the interface. TCAM programming should go through.

•CSCtg90667

Symptom: If the netstack process fails, existing BGP sessions might flap and routes might be relearned, which could cause traffic loss.

Conditions: This symptom might be seen only when the netstack process fails or terminates ungracefully.

Workaround: None.

•CSCtl18412

Symptom: Policies such ACL, QoS, and PBR for FEX interfaces are not cleaned from connecting modules when the FEX fabric ports are moved to another VDC. If those ports are moved back later to the same VDC and configured as a fabric port, or some other ports in same module are configured to be fabric ports, the FEX module might not come online (using those ports), or the relevant policies might not be enforced.

Conditions: This symptom might be seen when FEX fabric ports are moved to any other VDC.

Workaround: Unconfigure the FEX fabric ports from the fabric port channel before moving them to any other VDC. If this issue occurs, power down the FEX module, remove all FEX configurations, and reconfigure the FEX module again.

•CSCtn27064

Symptom: Applying a large egress ACL to an interface might cause BFD flaps.

Conditions: This symptom might be seen when a large egress ACL is applied to, or removed from an unrelated Layer 3 physical interface or SVI.

Workaround: None.

•CSCto84731

Symptom: The linkUp trap is not generated for the management interface.

Conditions: This symptom might be seen if the trap is sent out from the management interface.

Workaround: None.

•CSCtq03187

Symptom: The subswitch ID for a vPC on the secondary switch is incorrectly programmed in the hardware as 1 (reserved) even though it has the correct SSID, as can be seen in the output of the show vpc brief command.

Conditions: This symptom might be seen in the following situation:

–Configure a vPC port channel on a secondary switch (for example, vPC 1 and port channel 1) and make sure that from the access switch's perspective (that is, port channel 1), only the links going to the secondary switch are up. (If the port channel 1 links from the access switch to primary switch are also up, then this problem will not occur.)

–Configure the corresponding vPC on the primary switch.

Workaround: If the roles are established, configure the vPC on primary switch before configuring it on secondary switch.

•CSCtq41235

Symptom: Slow STP convergence occurs after the shut and no shut commands are entered on a range of interfaces.

Conditions: When you enter the shut command followed by the no shut command on a large range of interfaces, bringing up the interfaces is delayed due to the pacing of the interfaces.

Workaround: Specify a smaller range of interfaces when you enter the shut and no shut commands.

•CSCtq48316

Symptom: SNMP fails when cfcRequestEntryStatus is set to active.

Condition: This symptom might be seen when the cfcRequestEntryStatus field in a table in the CISCO-FTP-CLIENT-MIB is set to a value of one.

Workaround: None.

•CSCtq58558

Symptom: SSO routes might be deleted on a EIGRP peer in a scale setup.

Conditions: When there are a large number of routes that are redistributed into EIGRP and the source protocol takes longer to converge than EIGRP does, routes are deleted from the EIGRP peer on SSO.

Workaround: Set the EIGRP signal timer higher than the source protocol convergence time.

•CSCtq65756

Symptom: Reloading a switch with many BFD sessions can leave a few port-channel member ports in an error-disabled state on the connected switches.

Conditions: This symptom might be seen when there is a heavy BFD and ACL Manager interaction, with many sessions going up or down, and the ACL manager process on the supervisor module can get busy processing BFD-related ACL requests. At the same time, if one or more port-channel members are trying to come up, they fail to be part of that port channel and potentially leave them in a suspended state on the local and remote end.

Workaround: Enter the shut and no shut commands on the member ports of the suspended port-channel members to bring them back up.

•CSCtq73420

Symptom: On the 32-port 1/10 Gigabit Ethernet module (N7K-F132XP-15), an ACL policy might be rejected with an atomic failure.

Conditions: This symptom might be seen on the 32-port 1/10 Gigabit Ethernet module when an atomic update is configured and policies which need slightly less than 512 TCAM entries are rejected with an atomic failure.

Workaround: Configure a nonatomic update if needed.

•CSCtq84651

Symptom: OSPFv3 advertises the local prefix even though the address is a duplicate in the network.

Conditions: This symptom might be seen when OSPFv3 forms an IPv6 neighbor, even though the local address is a duplicate in the network. This can result in a black hole of traffic to the local IPv6 address.

Workaround: Reconfigure the local address with a unique IPv6 address.

•CSCtq91921

Symptom: A traffic loss of a few 100 ms occurs when an alternative MPLS path with better cost is found.

Conditions: This symptom might be seen in an MPLS environment when an alternative IGP path is available and traffic may switch from the old path to a new path if the newer path's cost is better. During this switchover, there can be a traffic outage of a few 100 ms.

Workaround: None.

•CSCtq95695

Symptom: DHCP clients fails to get an IP address when they are connected to a FEX Layer 3 port where a DHCP relay is configured.

Conditions: This issue might be seen when feature dhcp is enabled after the FEX module is online.

Workaround: To avoid this issue, enable feature dhcp before you bring up the FEX module. If you experience the issue, take the FEX module offline, and then bring it back online to recover the state.

•CSCtq95941

Symptom: When a dynamic Endpoint Identifier (EID) moves away and is discovered by a remote XTR, the old XTR will receive an SMR that indicates that the dynamic EID has moved away. In response, the old XTR installs a /32 (host) Null0 route for the dynamic EID. Installing /32 (host) Null0 makes sense in case of asm, but it should not be installed in the esm.

Conditions: This symptom might be seen every time the dynamic EID moves from one XTR to the other XTR. The only negative side is that the old XTR cannot reach the dynamic EID even though it is on the same (extended) subnet. All other hosts on the subnet are able to reach the dynamic EID, and the XTR will rarely need to reach the dynamic EID.

Workaround: None.

•CSCtr07544

Symptom: In a network where FabricPath is deployed, packets can loop until the Time to Live (TTL) on the packet expires.

Condition: This symptom might be seen in a FabricPath topology with M1 series modules on the edge for ingress flows and two or more non-port-channel parallel links between the FabricPath core switches.

Workaround: Configure the parallel links as members of a port channel to reduce or eliminate the looping of packets.

•CSCtr17002

Symptom: When a parent interface goes down, allocated VLANs are created in the owner VDC.

Workaround: Enter the copy running-config startup-config vdc all command from the global VDC after any resources are allocated to any VDC.

•CSCtr25965

Symptom: In some scalability setups, where there are a lot of FEX modules and lot of HIF vPCs, a reload of all the fabric modules (which in turn causes a reload of all the FEX modules), can cause some satellite interfaces (FEX ports) to become error-disabled after the reload. Syslog messages are also generated with more details on specific ports that are error-disabled.

Conditions: This symptom might be seen in scale setups when all the fabric modules that are connected to all the FEX modules are reloaded.

Workaround: Enter the shut command followed by the no shut command on the satellite interfaces to recover the ports.

•CSCtr40010

Symptom: The FEX state is stuck in the Registered state.

Conditions: This symptom might be seen in rare situations when a port is being flapped with the shut and no shut commands.

Workaround: Enter the shut command on the port, reload the FEX module, and then enter the no shut command on the port.

•CSCtr42896

Symptom: The output of the show running config command shows type-7 secrets with encryption services enabled instead of type-6.

Conditions: This issue might be seen only in a dual-supervisor system following a supervisor switchover. The issue occurs in the following situation:

–Applications such as RADIUS or TACACS have type-7 secrets configured. i.

–Encryption service is enabled.

–The encryption reencrypt command is entered.

–A supervisor switchover is performed.

The show running config command displays type-7 secrets instead of the expected type-6 secrets. The same issue can occur with the encryption delete command and the encryption decrypt command.

Workaround: Remove all type-7 secrets that are configured before you enable the encryption service feature and then reconfigure them. Subsequent switchovers will not have the issue.

•CSCtr45128

Symptom: The no default val command on table maps does not remove the default table map value.

Conditions: This symptom might be seen when the no default val command is executed for user-defined table map names. System default table maps do not exhibit this behavior.

Workaround: Enter the default copy command to the table map to remove the default value.

•CSCtr45329

Symptom: The FEX fabric port is error-disabled with the message "fex: Port is not a port-channel member."

Conditions: This symptom might be seen when a port that is not a port-channel member is brought up or a port is changed to "switchport mode fex-fabric" while it is up.

Workaround: Enter the shut and no shut commands on the port after adding the port to a port channel.

•CSCtr49395

Symptom: The running configuration contains lines of a configuration that is no longer valid because they pertain to a feature that was active at some point but has since been disabled. If you try to execute the configuration, you receive syntax errors for those lines. The lines of the configuration in question are these:

[no] snmp-server enable traps bfd session-up

[no] snmp-server enable traps bfd session-down

Conditions: This symptom might be seen anytime the feature BFD is disabled after being enabled.

Workaround: None.

•CSCtr52593

Symptom: Two protocols add the same route: OSPF and RIP. The admin distance of RIP is configured to be the same as OSPF. If the metric for the RIP route is better than the OSPF route, the RIP route is selected (which is incorrect behavior).

Conditions: This symptom might be seen when two protocols are configured to have the same admin distance. If RIP and OSPF are configured to have the same admin distance, the software chooses the route with the lower metric. Because metrics do not have any meaning across protocols and only within a protocol, this selection does not make sense. The route found by the protocol with the lower default admin distance should be selected.

Workaround: Configure the protocol that should be selected to have a lower admin distance. Do not configure both protocols to have the same value.

•CSCtr54250

Symptom: A module might get reloaded more than once before it comes up. In rare cases, the ports in the module might be up before the module is reloaded once. When the module is reloaded slightly after the ports are brought up, an adjacent switch might see a port flop.

Conditions: This symptom might be seen if the FCoE feature set is installed on a storage VDC upon a cold boot of the switch, but this is an extremely rare occurrence.

Workaround: None.

•CSCtr58022

Symptom: Memory usage of the system manager goes up by approximately 100 KB upon a VDC reload.

Conditions: The symptom is not seen with every VDC reload and the triggers for it are unknown.

Workaround: None.

•CSCtr58287

Symptom: The CLI process fails when you enter confederation peers for BGP and the character string is larger than 1024.

Conditions: This symptom might be seen when the character string for BGP confederation peers is larger than 1024.

Workaround: None.

•CSCtr60525

Symptom: A VLAN specific configuration may fail when you try to roll back to the previous checkpoint after configuring a new reserved VLAN range.

Conditions: This symptom might be seen once you configure the system reserved VLAN range. All the VLAN configurations for the new range get deleted from the running configuration and any checkpoint that has a VLAN configuration in the new range also become obsolete.

At this point in tim, if you rollback to an earlier checkpoint, the rollback fails for the VLAN configuration in the new reserved range.

Workaround: Before initiating a rollback, delete the previously reserved VLAN range configuration by entering the no system vlan vlan-id reserve command.

•CSCtr63848

Symptom: An snmpwalk on the entitySensorMIB for SFP entities does not return entries.

Conditions: This symptom might be seen when a module is powered down. If a module is powered down, the entitySensorMIB entries for all modules in the next slots are not returned.

Workaround: Keep the modules powered on if the snmpwalk output is needed for entitySensorMIB entries for SFPs.

•CSCtr65510

Symptom: Some of the wccp show commands do not display the output completely. The following show commands are affected:

–show ip wccp service_group number mask

–show ip wccp service_group number detail

–show ip wccp service_group number internal

–show ip wccp

–show system internal wccp config-dump

Conditions: This symptom might be seen when the mask value is 64 or greater or when there are many service groups (roughly greater than 20). The output is not displayed completely because the TLVs used to send the information to the frontend are not big enough to store all the necessary information.

Workaround: None.

•CSCtr66043

Symptom: The RESOURCE_UNAVAILABLE_ERROR was received when walking mplsLabelStackTable.

Conditions: This symptom might be seen when walking the LSR MIB on a scaled topology with 75,000 or more local labels in use.

Workaround: None.

•CSCtr67670

Symptom: The pixm service displays a critical syslog message that the ltl programming fails for the standby supervisor.

Conditions: This symptom might be seen when an EPLD upgrade is performed on the standby supervisor. As part of the EPLD upgrade, the standby supervisor is reloaded. The syslog message from the pixm service is a side-effect of the standby supervisor reload.

Workaround: None. There is no operational impact caused by this issue.

•CSCtr70912

Symptom: OTV overlay adjacencies might flap when there is a node switchover.

Conditions: This symptom might be seen when the physical node has a large number of VDCs or a large configuration. In such a case, it takes time during the switchover for the OTV-IS-IS process to get its configuration. During that time, neighbors can time out the node that is undergoing the switchover.

Workaround: Increase the hello timers to larger than the default values.

•CSCtr72438

Symptom: VRRP groups become master-master, with text authentication enabled. The following syslog messages are displayed:

Jul 26 23:01:06.870 IST: %VRRP-4-BADAUTH: Bad authentication from 100.100.199.2, group 3, type 1

Conditions: This issue might be seen if VRRP groups form peers with devices other than Cisco NX-OS 7000 Series switches, authentication is enabled, and the password configured is less than eight characters.

Workaround: Use an authentication secret that is eight characters long for VRRP. This issue has no impact on an ISSU from an earlier release, even for groups with authentication enabled. The groups continue to function after the upgrade.

•CSCtr75627

Symptom: If a port-channel member is removed and re-added back to a dce-core port-channel, in some cases it is possible that traffic might not flow on that member.

Conditions: This symptom might be seen because the CBL is set to blocked.

Workaround: Enter the shut and no shut commands on the impacted member port.

•CSCtr76181

Symptom: The snmpd process dumps core if you set the managementDomainName with zero-length string in the CISCO-VTP-MIB.

Conditions: This symptom might be seen because the value in the SNMP SET operation is set to a zero-length string. If you set the managementDomainName to a non-zero-length value, that works correctly.

Workaround: None.

•CSCtr76708

Symptom: The aclqos process occasionally fails after a successful ISSD from Cisco NX-OS Release 5.2(1) to Cisco NX-OS Release 5.1(x).

Conditions: This symptom might be seen if the COPP policy that is in use in Cisco NX-OS Release 5.2(1) has a class map that refers to "match protocol mpls router-alert."

Workaround: Before performing an ISSD from Cisco NX-OS Release 5.2(1) to Cisco NX-OS Release 5.1(x), remove "match protocol mpls router-alert" from the referring class map and add it back to the same class map after the ISSD completes.

•CSCtr79772

Symptom: Traffic loss occurs after a BGP restart in a 1 DPS scale setup.

Conditions: This symptom might be seen when you do the following:

–Configure 1000 VRFs and pump 300,000 routes in per-prefix label mode in a specific topology.

–Send traffic from remote to local devices.

–Perform a BGP restart.

The issue occurs in the following setups:

Non-VDC:

–1000 VRFs and 300,000 routes in per-prefix mode

–1000 VRFs and 500,000 routes in per-vrf mode

3 VDCs:

–1000 VRFs and 300,000 routes in per-prefix mode

–1000 VRFs and 500,000 routes in per-vrf mode

Workaround: None.

•CSCtu42326

Symptom: When a peer link is brought up, VLANs 2047-4094 are suspended because they are not allowed in the vPC peer, even those VLANs are allowed and correctly configured on the vPC peer device. As a result, 6 to10 second packet drops can occur in VLANs 2047-4094.

Conditions: This symptom might be seen if there are more than 2049 VLANs created and allowed on the vPC peer link. It is not necessary to have those VLANs in one range or started from number one. This symptom can occur when the total count of VLANs is more than 2049.

Workaround: Allow fewer than 2049 VLANs on the vPC peer link at the time of vPC bringup. Those VLANs can be added later without impact.

•CSCtv00716

Symptom: On a vPC+ setup with asymmetric traffic flows across two vPC+ pair switches, traffic might drop if it is directed towards a peer switch where the host is singly connected. This condition could happen for orphan hosts and east-west traffic that also has vPC+ enabled.

There are two additional issues that are related to vPC+ with orphan entries that impact traffic across vPC+ peers:

–CSCtt29422 Interaction between FabricPath and vPC features

–CSCtu03756 Failure flooding is observed due to MAC deletion

There is one issue related to a vPC+ setup with a F1-Series module:

–CSCtw66415 vPC+ ARP resolution fails for vMAC on the standby HSRP peer for F1 LC

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch with vPC+ and FabricPath enabled.

Workaround: There is no known workaround at this time.

•CSCtw50675

Symptom: A label distribution protocol (LDP) graceful restart might not complete successfully following a supervisor switchover, and can result in packet loss.

Conditions: This symptom might be seen in the following situations:

–MD5 password authentication is configured for LDP sessions.

–For an LDP session, the router with the highest LDP router ID has one of the following events: a supervisor switchover, a supervisor OIR, or an ISSU.

Workaround: Remove MD5 password authentication for LDP prior to any of the events mentioned previously.

•CSCtw56369

Symptom: A FEX port-channel member port goes down during 802.1X reauthentication.

Conditions: This symptom might be seen when 802.1X reauthentication is configured on a FEX port-channel member port.

Workaround: Disable 802.1X reauthentication on the FEX port-channel member port.

•CSCtw76151

Symptom: Remote MAC addresses might disappear from the MAC address table after a Layer 2 topology change that involves merging two OTV sites into one.

Conditions: This symptom might be seen following an ISSU from Cisco NX-OS Release 5.1(3) to Cisco NX-OS Release 5.2(3a).

Workaround: Unextend and re-extend the OTV VLAN.

•CSCtw76389

Symptom: When an OTV configuration is applied on a Cisco Nexus 7000 Series switch where a large number of VLANs are to be extended, local MAC addresses might end up missing on some VLANs.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch where the startup configuration has been erased and Cisco NX-OS Release 5.2(3a) has been installed.

Workaround: Enter the clear mac address-table vlan vlan-id command.

•CSCtw76904

Symptom: A module upgrade fails when the nfp service fails to respond to the System Manager linecard upgrade notification within a specified timeout interval.

Conditions: This symptom might be seen if the software on the switch prior to the upgrade is Cisco NX-OS Release 5.1(x) or an earlier release, and the module is busy exporting Netflow data in the presence of a large number flows at the time of the upgrade.

Workaround: Before starting the system upgrade, increase the active and inactive Netflow timeouts to be closer to their maximum allowed values.

•CSCtw78172

Symptom: MAC addresses are learned on the peer_link of an M1 series module.

Conditions: This symptom might be seen when a switch has multiple VDCs. If a vPC is configured on one VDC and a vPC+ (emulated vPC) is configured on another VDC, then do not learn on peer_link is not set in the port ASIC for the M1 modules. This configuration causes packets coming in from the peer link to be learned by the hardware.

Workaround: To restore the correct behavior, remove the emulated switch configuration from the switch.

•CSCtx48464

Symptom: If an SVI for a VLAN is up, and you configure the corresponding VLAN as private-vlan non-primary, the SVI manager is unable to respond to the PVLAN. The CLI configuration might hang and not complete. SVI resources might stay locked and a subsequent SVI configuration on the affected SVI might fail.

Conditions: This symptom might be seen when an SVI for a VLAN is up, and you configure the corresponding VLAN as private-vlan non-primary.

Workaround: Delete or shut the SVI before configuring the corresponding VLAN as private-vlan non-primary.

•CSCtx75246

Symptom: A MAC address points to the wrong interface.

Conditions: This symptom might be seen when a vPC is deleted with the no vpc x command.

Workaround: Shut down the vPC on both switches before entering the no vpc x command.

•CSCtx95828

Symptom: Executing a rollback operation to a checkpoint file that has the feature-set fabricpath command results in a failure.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 5.2(4) if a rollback is initiated after the no feature-set fabricpath command executes.

Workaround: Enter the feature-set fabricpath command before starting the rollback operation.

•CSCtx97685

Symptom: Following a switchover, the Web Cache Control Protocol (WCCP) fails if the name of the redirect list is changed.

Conditions: This symptom might be seen if the access list is large enough to occupy 40 percent of the TCAM space.

Workaround: Reduce the access control entry (ACE) under the access list.

•CSCtx99598

Symptom: The WCCP fails.

Conditions: This symptom might be seen if the ACE of the access list is changed.

Workaround: Disable the cache engine connected interface and edit the ACE. Reenable the cache engine connected interface.

•CSCty00412

Symptom: Adding the ACE caused the WCCP to fail.

Conditions: This symptom might be seen if the TCAM is about 50 percent full and you try to add the ACE.

Workaround: Disable the atomic update and enable resource pooling.

•CSCty01628

Symptom: After BGP bestpath has run, some BGP IPv4 or Unicast learned routes in the default VRF might remain in an invalid state and are get downloaded into the URIB or advertised to peers. The show ip bgp command on the route shows that the path is invalid. Correspondingly, a show bgp ipv4 unicast nexthop-database command on the route's next hop shows that the RNH is resolved and reachable.

Conditions: This symptom might be seen within a couple of minutes of a BGP process restart.

Workaround: Enter the clear ip route command on the affected RNH to cause the URIB to clear the RNH from its tables and install it again. This action triggers a notification to BGP that causes BGP to validate the affected routes and run bestpath on them. After the bestpath computation, BGP downloads the routes into the URIB and advertises them to its peers as required.

•CSCty07640

Symptom: CLI commands fail after an ISSD from Cisco NX-OS Release 6.0(2) to Release 5.2(4).

Conditions: This symptom might be seen when the feature-set mpls command is removed.

Workaround: None.

•CSCty12471

Symptom: When brief is part of the show interface ethernet command, XML validation fails. The token ID of brief is not passed back.

Conditions: This symptom might be seen because of a problem in the XML infrastructure.

Workaround: None, but there is no impact to functionality.

Resolved Caveats—Cisco NX-OS Release 5.2(4)

•CSCtn64672

Symptom: Too many MAC address moves over a vPC peer link can cause the l2fm process to fail or the chassis to reload. The output of the show system reset-reason command indicates that the reload reason is caused by a l2fm hap reset.

Conditions: This symptom might be seen under normal operating conditions of a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtr11036

Symptom: CDP discovery is not happening when ports are Layer 2 connected to Layer 3 with a native VLAN on a Layer 2 VLAN 1.

Conditions: This symptom might be seen when a Layer 2 trunk port (on a Catalyst 6000 switch) with a native VLAN other than 1 is connected to a Layer 3 port (on a Cisco Nexus 7000 Series switch) that does not have a subinterface with VLAN 1. CDP neighbors are not seen. This problem does not happen if the Layer 2 trunk port is configured with native VLAN 1.

Workaround: This issue is resolved.

•CSCtr21843

Symptom: Local MDT routes are not present in the BRIB.

Conditions: This symptom might be seen in the router bgp mode, if the following events occurred:

–address-family ipv4 mdt was not configured under router bgp mode

–address-family ipv4 mdt was configured and then it was removed if BGP is restarted, or if the device is reloaded with this configuration (where there is no MDT AF in the router bgp mode).

The local MDT routes gets removed from BRIB.

Workaround: This issue is resolved.

•CSCtr83812

Symptom: BGP might fail with a fast back-to-back context deletion and recreation.

Conditions: This symptom might be seen when a table (address family of a VRF) in BGP is deleted and while the deletion is still in progress, a new table with the same table ID is created. BGP then fails with a "Table not found" error.

Workaround: This issue is resolved.

•CSCts35211

Symptom: The PPM process fails on command updates or other port-profile operations.

Conditions: This symptom might be seen when there is a startup configuration of port-profiles where the interfaces have some override commands in the database.

Workaround: This issue is resolved.

•CSCts38517

Symptom: An internal index related to IGMP snooping is not updated correctly when IGMP snooping or OMF are disabled. Once this situation occurs, OMF-related information remains incorrect even after IGMP snooping or OMF are enabled, which results in multicast flooding.

Conditions: This symptom might be seen when IGMP snooping or OMF are disabled with the no ip igmp snooping command or the ip igmp snooping optimise-multicast-flood command.

Workaround: This issue is resolved.

•CSCts41355

Symptom: QoS gets stuck and does not process any set operations.

Conditions: This symptom might be seen if an attempt to apply a network-qos policy fails validation. When this occurs, QoS gets stuck and does not process any commands after that.

Workaround: This issue is resolved.

•CSCtt02614

Symptom: The output of the show fex fex transceiver command or the show Interface Ethernet transceiver fex-fabric command has incorrect information. It shows an SFP is present but not supported.

Conditions: This symptom might be seen in Cisco NX-OS Release 5.2(3a) and Release 6.0(1)

Workaround: This issue is resolved.

•CSCtt19402

Symptom: All vPC channels are in the suspended state after a reload and when a vPC delay restore expires.

Conditions: This symptom might be seen oly when there is fast continuous flapping of some interfaces and only after a reload of the vPC or when the vPC is configured for the first time.

Workaround: This issue is resolved.

•CSCtt39386

Symptom: MAC addresses get out of sync on modules and the supervisor.

Condition: This symptom might be seen following a module reload. You can verify the issue by entering the show system internal mtm info all | grep ack_pending command. You might see the following output:

nl_mv_rd num_ack_pending 1sup_ack_pending 1

If sup_ack_pending is set to 1, then you have encountered the issue. The pending ack causes future Nls not to be reported from the modules to the supervisor which causes MAC addresses to be out of sync between the modules and the supervisor.

Workaround: This issue is resolved.

•CSCtt98945

Symptom: When implementing vPC+, MAC addresses might move between the local switch ID and the port channel where the host is known.

Conditions: This symptom might be seen when hosts whose MAC addresses are moving send IGMP reports for groups in the range 224.0.0.0/24.

Workaround: This issue is resolved.

•CSCtu14737

Symptom: A manual upgrade with the copy running-config startup-config command followed by a reload can result in the loss of an ACL configuration.

Conditions: This symptom might be seen when there is a large access list configuration on a Cisco Nexus 7000 Series switch and the ACL manager fails to respond to an ASCII configuration request in time. As a result, an incomplete ASCII startup configuration is saved.

Workaround: This issue is resolved.

•CSCtu28085

Symptom: In certain rare situations, a Layer 2 MAC address forwarding table might become inconsistent between modules on a Cisco Nexus 7000 Series switch. This inconsistency causes traffic that is destined to the affected MAC address to be blackholed.

Conditions: This symptom might be seen following a brief mac-flap event caused by an external trigger.

Workaround: This issue is resolved.

•CSCtw49994

Symptom: The pfstat process does not run.

Condition: This symptom might be seen when communication between the supervisor and a linecard fails and the system has a critical error. The pfstat process does not handle the error condition gracefully; it exits and fails.

Workaround: This issue is resolved.

•CSCtw65614

Symptom: During an ISSU, a module with a FEX connected to it fails to upgrade from Cisco NX-OS Release 5.1(3) to Release 5.2(3a), or from Release 5.1(3) to Release 5.2(1) to Release 6.0.

The following output might be seen:

Module 1: Non-disruptive upgrading.

[#                   ]   0

<snip>

[#                   ]   0% -- FAIL.

Return code 0x401D002D (Module Manager initiated failure routine after a timeout 
occurred).

Conditions: This symptom might be seen on a 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) with a FEX module connected to it, and an ISSU from Cisco NX-OS Release 5.1(3) to Release 5.2(3a) is performed.

Workaround: This issue is resolved.

•CSCtw70555

Symptom: A Cisco Nexus 7000 Series switch with a FEX module connected to an 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) in slot 1 may incorrectly experience LIF exhaustion. The switch log shows a failure to allocate LIF entries:

%ELTMC-SLOT1-2-ELTMC_L2_LIF_ALLOC_FAIL_INTF: Failed to allocate L2 LIF entries in 
forwarding engine for interfac Ethernet<slot/port>

Conditions: This symptom might be seen when the Cisco FEX modules are connected to a 32-port 10-Gigabit Ethernet SFP+ I/O module in slot 1 on a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtw72949

Symptom: When polling at a sustained rate on a Cisco Nexus 7000 Series switch, certain objects from the BRIDGE-MIB might cause a relatively high CPU usage for SNMPD for some time after polling and might cause new requests to time out. On releases earlier than Cisco NX-OS Release 5.2, this polling might cause internal messages for interprocess communications to be queued and might affect other services.

Conditions: This symptom might be seen when there is a large amount of SNMP access to the device against the BRIDGE-MIB.

Workaround: This issue is resolved.

•CSCtw78172

Symptom: MAC addresses are not learned on the peer link of M1 series modules.

Conditions: This symptom might be seen on a switch with multiple VDCs where a vPC is configured on one VDC and a vPC+ is configured on another VDC. The peer link is not learned and is not set in the port ASIC of the M1 series modules. As a result, the hardware learns the MAC address of packets coming in from the peer link.

Workaround: This issue is resolved.

•CSCtw81313

Symptom: The SNMP process leaks memory when an SNMP get operation occurs.

Conditions: This symptom might be seen when a getone or getnext operation is performed on LLDP MIB objects.

Workaround: This issue is resolved.

•CSCtx11611

Symptom: An ARP reply from a Cisco Nexus 7000 Series switch does not get sent.

Conditions: This symptom might be seen in a FabricPath and VPC+ environment with port channels to a Cisco Nexus 5000 Series switch with FabricPath configured.

Workaround: This issue is resolved.

•CSCtx35369

Symptom: After a supervisor switchover, OSPF neighbors are down on the Cisco Nexus 7000 Series switch.

Conditions: This symptom might be seen if the OSPF neighbor uses an MD5 password with 16 characters. (The length for an unencrypted password is 16 characters.)

Workaround: This issue is resolved.

•CSCtx43739

Symptom: The ELTMC process has a memory leak which results in a process failure.

Conditions: This symptom might be seen if the system has a VLAN translation or PVLAN configuration.

Workaround: This issue is resolved.

•CSCtx48586

Symptom: FCoE frames are incorrectly forwarded out of the F1 Series module port where they were received.

Conditions: This symptom might be seen when FCoE traffic is looped at line rate between two Cisco Nexus 7000 Series switches, a Cisco Nexus 5000 Series switch, and a Cisco Nexus 7000 Series switch in a double-sided vPC topology.

Workaround: This issue is resolved.

•CSCtx49097

Symptom: STP BPDUs on vPC peer-link interfaces (where the peer link is an interface on an F1 Series module) get dropped when the packets ingress on a switch due to a rate limiter.

Conditions: This symptom might be seen when vPCs are single-homed to the vPC secondary switch. All STP BPDUs for the mcec are generated by the primary switch and tunneled over the peer-link. These packets are subjected to a different rate limiter that is more aggressive.

Workaround: This issue is resolved.

•CSCtx69544

Symptom: When a switch is booted and the ip multicast multipath none command present in the configuration, the configuration does not work as expected in the non-default VRF.

Conditions: This symptom might be seen only for non-default VRFs if the switch is booted with this configuration.

Workaround: This issue is resolved.

•CSCtx74878

Symptom: There is an extra workload for Layer 3 control-plane components in Layer 2 only in environments with F1 Series modules.

Conditions: This symptom might be seen under normal operating conditions. F1 Series modules will leak broadcast ARP and link-local multicast traffic to the in-band CPU, regardless of whether an SVI exists for the VLAN. This traffic is rate limited, however in aggregate can cause unnecessary traffic to be processed.

Workaround: This issue is resolved.

•CSCtx84008

Symptom: An M1 series module with an aclqos process might fail after the module comes online.

Conditions: The symptom might be seen when there is a Layer 3 interface configured with Netflow and policy-based routing, and one of the ACLs that is referenced in the policy does not have any access-control entries installed.

Workaround: This issue is resolved.

•CSCtx93830

Symptom: On a Cisco Nexus 7000 Series switch, broadcast and flooded traffic might be dropped on the fabric modules after a module repeatedly fails to come online.

Conditions: This symptom might be seen when a module is reseated while almost coming online. If the module comes online, the misprogramming does not occur.

Workaround: This issue is resolved.

•CSCtx94277

Symptom: Forwarding for VLANs stops in the system when there is a FEX Host Port-Channel (HIFPC) down or a CBL is blocking for some or all the VLANs in the allowed VLAN list for the FEX Host Port-Channel.

Conditions: This symptom might be seen when an HIFPC has either a CBL blocking on some VLANs or the HIFPC itself is down.

Workaround: This issue is resolved.

•CSCty08927

Symptom: Multicast router ports are missing from IGMP snooping.

Conditions: This symptom might be seen following an ISSU to Cisco NX-OS Release 5.2(4) or an ISSD from Cisco NX-OS Release5.2(4).

Workaround: This issue is resolved.

•CSCty10765

Symptom: During an ISSU from Cisco NX-OS Release 5.0(2a) to Release 5.1(4), multiple ELTM failures occurred.

Conditions: This symptom might be seen when a memory leak occurs on the supervisor module during an ISSU from Cisco NX-OS Release 5.0(2a) to Release 5.1(4).

Workaround: This issue is resolved.

•CSCty14876

Symptom: When a peer-link port channel is deleted, the vPC gets error disabled by Unidirectional Link Detection (UDLD).

Conditions: This symptom might be seen when a peer-link port channel is deleted and the vPC is brought down through a laser cut. In some cases, especially when there are a lot of VACLs, the ACL manager might take some time to clean up the VACLs which delays any notification to UDLD to stop listening for packets. As a result, UDLD continues to run and then it error disables the port after it time outs.

Workaround: This issue is resolved.

Resolved Caveats—Cisco NX-OS Release 5.2(3a)

•CSCsw24739

Symptom: The ipv6_next_hop value is missing in the captured Netflow packets.

Conditions: This symptom might be seen when exporting packets at a high rate.

Workaround: This issue is resolved.

•CSCte19879

Symptom: A service failure occurred during an ISSU on a Cisco Nexus 7000 Series switch. The following message appeared:

1 [N7K-M108X2-12L]: %IPFIB-SLOT2-4-FIB_TCAM_PF_INSERT_FAIL: FIB TCAM prefix

Conditions: This symptom was seen during an ISSU upgrade.

Workaround: This issue is resolved.

•CSCtg95381

Symptom: A Cisco Nexus 7000 Series switch may redirect traffic to the CPU so that the traffic may experience random delays or drops. ARP is learned and FIB adjacency is in the FIB adjacency table.

Conditions: This issue might be seen because of race conditions. Some hosts do not respond to the ARP refresh sent by the Cisco Nexus 7000 Series switch which in turn triggers a deletion of the ARP entry due to expiry. Because of this, the route delete notification is sent to URIB from the process. However, traffic still arrives at the given IP address. As a result, the next packet triggers ARP and ARP is learned from the host.

Workaround: This issue is resolved.

•CSCtj59752

Symptom: Following a system switchover, some (*,G) entries became corrupted and were missing the RPF interface. As a result, when the traffic was stopped, some of the entries failed to come up.

Conditions: This symptom might be seen after a system switchover.

Workaround: This issue is resolved.

CSCtj83417

Symptom: After the copy running-config startup-config command was entered, the following messages displayed:

2010 Nov 16 22:01:14.864 sh-iad-b %SYSMGR-3-CFGWRITE_SRVFAILED: Service "Tacacs Daemon" failed to store its configuration (error-id 0x80480018).

2010 Nov 16 22:01:15.157 sh-iad-b %SYSMGR-2-CFGWRITE_ABORTED: Configuration copy aborted.

2010 Nov 16 22:01:21.907 sh-iad-b %SYSMGR-3-CFGWRITE_FAILED: Configuration copy failed (error-id 0x401E0000).

In addition, following an ISSU or ISSD, the following messages are displayed:

<Mon Nov 1 13:41:37 2010> cfg_action_rsp_process: service: Tacacs Daemon failed to save its config: (null) (0x18004880)

<Mon Nov 1 13:41:38 2010> is_cfg_action_succeded: service: Tacacs Daemon has state SRV_STATE_CFG_ACTION_FAILED- returning FALSE since cfg action did not succeed

<Mon Nov 1 13:41:38 2010> write_config: cfg write failed- exiting

<Mon Nov 1 13:41:38 2010> restore_ramfs_cfg: calling startcfg_mount_flash_startup_cfg_partitions() to mount /mnt/cfg/0 and /mnt/cfg/1

Conditions: This symptom might be seen when DNS resolution is disabled and you enter the no ip domain-lookup command.

Workaround: This issue is resolved.

•CSCtj84923

Symptom: When you downgrade from Cisco NX-OS Release 5.1(1) to NX-OS Release 4.2(4) on the Cisco Nexus 7018 switch, the modules reload if all five crossbar modules are not online.

Conditions: You might see this symptom on the Cisco Nexus 7018 switch. The symptom is not seen on the Cisco Nexus 7010 switch

Workaround: This issue is resolved.

•CSCtj85934

Symptom: An NPACL process might fail when you add more entries in SNMP or a VTY access list.

Conditions: This symptom might be seen while adding more ACEs with SNMP ACL.

Workaround: This issue is resolved.

•CSCtk36830

Symptom: In a Cisco Nexus 7000 Series switch, the SNMP process stops responding after reporting KERNEL-2-SYS-MSG messages.

Conditions: This symptom might be seen in Cisco Nexus 7000 Series switches that are running Cisco NX-OS Release 5.x software.

Workaround: This issue is resolved.

•CSCtk95728

Symptom: The otv extend-vlan command (and possibly other commands) might not be saved from the running configuration to the startup configuration. As a result, the commands do not appear after a reload. Other affected commands include the following:

–hostname command

–site vlan command

–otv-isis configuration command

Conditions: This symptom might be seen if you have more than 255 characters in the otv extend-vlan command. The large number of characters can occur in these situations:

–You have more than 255 characters in your command as a result of spaces that are added in between multiple VLANs. The spaces count towards the 255 characters.

–You copy and paste the command text or enter it through a script, which can sometimes include extra characters.

–You experience CSCtk63052 which can cause the otv extend-vlan command to add extra characters in the show run output command whenever there are greater than approximately 175 characters.

Workaround: This issue is resolved.

•CSCtl42961

Symptom: HSRP groups remain in the initial state.

Conditions: This symptom might be seen following a system reload or supervisor switchover.

Workaround: This issue is resolved.

•CSCtl77507

Symptom: Rollback verification fails because the running configuration fails to roll back to the previous checkpoint.

Conditions: This symptom might be seen when the switchport trunk vlan add command is in the configuration.

Workaround: This issue is resolved.

•CSCtn13364

Symptom: Following an ISSU, certain traffic for a VLAN that was flowing correctly before the upgrade starts to drop. This situation can be caused by incorrect hardware ACL identifiers being programmed on the affected VLANs, even though there might not be any ACLs present.

Conditions: This symptom might be seen following an ISSU from Cisco NX-OS Release 5.0(3) to Release 5.1(1a).

Workaround: This issue is resolved.

•CSCtn21586

Symptom: A policy-based routing (PBR) policy on Layer 3 interfaces does not redirect traffic. As a result, the traffic takes the normal route.

Conditions: This symptom might be seen if the same PBR policy is applied on multiple interfaces before the next hop adjacencies are resolved. It does not redirect the traffic correctly on some interfaces.

Workaround: This issue is resolved.

•CSCtn32477

Symptom: When you attempt to change the layer of a Layer 3 port that has subinterfaces, the switch hangs and the following output displays:

switch(config)# int ethernet 1/3

switch(config-if)# no shut

The command does not execute successfully, which can be confirmed with the following show commands:

switch(config-if)#

switch# sh int e1/3

Ethernet1/3 is down (Administratively down)

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch that runs Cisco NX-OS Release 5.x software and the switchport command is executed on an Layer 3 port containing subinterfaces.

Workaround: This issue is resolved.

•CSCtn42451

Symptom: When you try to apply a configuration in the default VDC, the switch hangs for approximately 60 seconds and displays the following output:

switch(config)# int ethernet 1/3

switch(config-if)# no shut

The command does not execute successfully, which you can verify with the following show commands:

switch(config-if)#

switch# sh int e1/3

Ethernet1/3 is down (Administratively down)

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 4.2(6) software when a no shut command is executed on a port-channel member.

Workaround: This issue is resolved.

•CSCtn46911

Symptom: Connectivity through a second Cisco Nexus 7000 Series peer switch is completely lost following a switch reload or a device in the vPC that is not a switch is disconnected.

Conditions: This symptom might be triggered by a Multiple Spanning Tree (MST) protocol root flap between two peer switches. The following conditions exist:

–The device that is not a switch establishes a vPC with two Cisco Nexus 7000 switches.

–Multiple Spanning Tree (MST) protocol is running and the first Cisco Nexus 7000 Series switch is the root.

–A switch reload occurs or the third device becomes disconnected.

–Spanning Tree Protocol (STP) shows all vPCs as forwarding, but PIXM shows that the vPC is blocking.

Workaround: This issue is resolved.

•CSCtn91342

Symptom: The ELTM process fails when you add FabricPath VLANs on a Cisco Nexus 7000 Series switch, as shown:

switch(config-vlan)# vlan 526

switch(config-vlan)# mode fabricpath

switch(config-vlan)# vlan 527

switch(config-vlan)# 2011 Sep 14 18:36:53.990 s74050prd

%SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 15098) hasn't caught signal 11 (core will be saved).

2011 Sep 14 18:36:54.579 s74050prd %SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 22489) hasn't caught signal 11 (core will be saved).

2011 Sep 14 18:36:55.119 s74050prd %SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 22491) hasn't caught signal 11 (core will be saved).

2011 Sep 14 18:36:55.720 s74050prd %SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 22493) hasn't caught signal 11 (core will be saved).

Conditions: This symptom might be seen when you add FabricPath VlANs on a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.1(3) or Release 5.2(x).

Workaround: This issue is resolved.

•CSCtn93962

Symptom: An STP frame that should have been sent over a vPC reaches the peer switch on the vPC peer link.

Conditions: This issue is seen only when the access switch reloads and the port-channel interfaces are split across the two vPC switches. This issue also requires a significant amount of STP traffic that originates from one of the vPC switches that goes to the access switch.

Workaround: This issue is resolved.

•CSCto13318

Symptom: When a module reloads or the weighted random early detection (WRED) configuration changes on a Cisco Nexus 7000 Series switch, continuous partial traffic loss that is independent of the traffic rate and WRED thresholds can occur.

Conditions: This symptom might be seen on a 32-port 10-Gigabit Ethernet SFP+ I/O module (N7K-M132XP-12) with egress queuing policies.

Workaround: This issue is resolved.

•CSCto31791

Symptom: ERSPAN destination ports do not receive the copied traffic from ERSPAN sources. ERSPAN GRE encapsulated traffic is sent to the destination VDC or switch but it is not mapped to the ERSPAN destination port.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch configured with ERSPAN and running Cisco NX-OS Release 5.1 or a later release.

Workaround: This issue is resolved.

•Workaround: CSCto35788

Symptom: Following a supervisor switchover on a Cisco Nexus 7000 series switch, some MAC addresses will fail to be advertised through IS-IS across the Layer 2 extension through OTV.

Conditions: This symptom might be seen after a supervisor switchover.

Workaround: This issue is resolved.

•CSCto35788

Symptom: Following a supervisor switchover on a Cisco Nexus 7000 series switch, some MAC addresses will fail to be advertised through IS-IS across the Layer 2 extension through OTV.

Conditions: This symptom might be seen after a supervisor switchover.

Workaround: Clear the MAC address table for those MAC addresses on the OTV edge device where the host is located locally and IS-IS will start advertising it again.

•CSCto45271

Symptom: When you enter the show tech brief command the following error appears:

Another show tech is running, please try again later

Conditions: This symptom might be seen after you enter and then interrupt the show tech command.

Workaround: This issue is resolved.

•CSCto53699

Symptom: After a link failure or network reconvergence following a link flap, some of the local hosts will not be able to connect to some of the remote hosts.

Conditions: This symptom might be seen when the following conditions are true:

–The OTV VDC has redundant links to local site aggregation switches. One link will be in spanning tree forwarding and the other link will be in Spanning tree blocking state.

–A link failure or link flap occurred.

–The OTV ARP-ND cache is not disabled on the OTV VDC.

–The ARP entry for the remote host is on the ARP ND cache of the OTV VDC.

–The local host does not have ARP entry for the remote host(s).

Workaround: This issue is resolved.

•CSCto54463

Symptom: A nondisruptive software upgrade (ISSU) from NX-OS Release 5.1(1) or Release 5.1(2) to Release 5.1(3) causes spanning tree bridge protocol data unit (BPDU) timeouts, Unidirectional Link Detection (UDLD) timeouts, and Enhanced Interior Gateway Routing Protocol (EIGRP) timeouts on adjacent devices which results in network disruptions.

Conditions: This issue might be seen during a supervisor switchover or an ISSU.

Workaround: This issue is resolved.

•CSCto54709

Symptom: The incorrect weighted round-robin (WRR) configuration is applied to an interface.

Conditions: This symptom might be seen when the WRR configuration on an interface is modified. The existing priority queue configuration is not considered which results in bandwidth being taken from the existing queue to be allocated to the priority queue.

Workaround: This issue is resolved.

•CSCto63293

Symptom: The snmpd process randomly stops responding to SNMP requests on a Cisco Nexus 7000 Series switch.

Conditions: This symptom might be seen on the default VDC.

Workaround: This issue is resolved.

•CSCto63457

Symptom: SNMP polling for OSPF MIBs on the Cisco Nexus 7000 Series switch causes the SNMP process to fail and a system switchover to occur.

Conditions: This symptom might be seen when there is polling through SNMP for OSPF MIBs.

Workaround: This issue is resolved.

•CSCto67986

Symptom: A gratuitous ARP (GARP) storm can cause the MTS buffers to lock up which can cause connectivity issues on the network and eventually lead to a supervisor failover. The following syslog messages might be seen:

%KERN-2-SYSTEM_MSG: mts_acquire_q_space() failing

%SYSMGR-SLOT4-2-TMP_DIR_FULL: System temporary directory usage is unexpectedly high at 100%.

You might also see the adjmg, l2fm, and arp processes running at a high utilization level.

Conditions: This symptom is specific to a storm of GARPs from multiple hosts that claim the same IP address. This symptom causes the Cisco Nexus 7000 series switch to constantly update its ARP and adjacency tables which might result in an MTS buffer lockup.

For a typical ARP storm caused by a bridging loop, this issue is not seen.

Workaround: This issue is resolved.

•CSCto72064

Symptom: Traffic drops for CoS 4 traffic.

Conditions: This symptom might be seen when the following conditions are met:

–There is CoS 4 traffic.

–There is an ingress F1 series module and an egress M1 series module.

–You are using the nondefault system QoS policy. (The default-nq-8e-policy is the default policy and it would have to be manually changed for this issue to be seen.)

Workaround: This issue is resolved.

•CSCto89025

Symptom: Gateway MAC addresses are missing after a port move from one VDC to another VDC on an F1 series module.

Conditions: There are two issues with port moves on F1 modules:

–Moving ports from one VDC to another does not delete old gateway MAC addresses.

–After HSRP is up, moving new ports to a VDC causes some gateway MAC addresses to fail insertion due to an issue with the if_index.

This symptom might be seen because of the second condition.

Workaround: This issue is resolved.

•CSCto99151

Symptom: A security violation occurs for a MAC address that is configured as a secure MAC in the interface configuration.

Conditions: This symptom might be seen if port security is used when secure MAC is configured on interfaces.

Workaround: This issue is resolved.

•CSCtq00694

Symptom: Some configured and connected FEXes do not come online after a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.1(3) reloads.

Conditions: This symptom might be seen when the following sequence of steps occur:

–Configure and bring up FEXes.

–Do a system switchover to the standby supervisor.

–Reload the entire Cisco Nexus 7000 Series system and bring it up in less than 15 minutes following the switchover event.

–Make the pre-switchover active supervisor the active supervisor again.

Workaround: This issue is resolved.

•CSCtq29575

Symptom: There are multiple symptoms:

–A FEX access port learns the MAC address of a server (host) on the wrong VLAN.

–A FEX access port learns the MAC address of a server (host) on two VLANs.

–Traffic from a FEX access port is dropped even though the port is in forwarding state.

Conditions: This symptom can be seen whenever a nondisruptive software upgrade from NX-OS Release 5.1(1) or Release 5.1(2) to Release 5.1(3) is performed with FEX access ports in the setup.

Workaround: This issue is resolved.

•CSCtq30996

Symptom: The supervisor fails and reloads due to kernel panic.

Conditions: This symptom might be seen when the system is running low on memory.

Workaround: This issue is resolved.

•CSCtq33715

Symptom: The DTFM services fails four times and the 32-port 1/10 Gigabit Ethernet module (F1-Series) goes into failure mode.

Conditions: This symptom might be seen when more than 4000 VLANs are created on the 32-port 1/10 Gigabit Ethernet module. Internally the failure occurs because of the corresponding SVI creation for those VLANs. The failure happens when the module is supporting more than 1 VDC and the total VLAN count across all VDCs is greater than 4000. Such VLAN scale numbers are not currently supported taking into account the total Layer 2 group features supported on Cisco Nexus 7000 Series switches.

Workaround: This issue is resolved.

•CSCtq43020

Symptom: CoS to queue mappings in queuing class-maps does not take effect when there are no interfaces in the default VDC.

Conditions: This symptom might be seen when there are no interfaces in the default VDC.

Workaround: This issue is resolved.

•CSCtq57911

Symptom: GLBP AVG continues to redirect hosts to an old vMAC address even after the redirect timer expires.

Conditions: This symptom might be seen when GLBP is configured.

Workaround: This issue is resolved.

•CSCtq59609

Symptom: In a dual-sided vPC setup, when one member link of each vPC pair is down or shut, there can be a software loop of IGMP Global Leave packets if there is a topology change. If this happens, it will lead to high CPU usage.

Conditions: This issue might be seen only in dual-sided vPC setups when one member link of each vPC pair is down.

Workaround: This issue is resolved.

•CSCtr08143

Symptom: New VLANs cannot be added to an existing vPC with VLANs. The new VLANs are suspended:

2011 Oct 28 12:02:01 UUT %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 700 on

Interface port-channel104 are being suspended. (Reason: Vlan is not allowed on

Peer-link)

Conditions: This symptom might be seen following an ISSU to Cisco NX-OS Release 4.2(8) from an earlier release.

Workaround: This issue is resolved.

•CSCtr12932

Symptom: Following a reload, all ports that have configured one static port-security address are shown as dynamic and they learn any MAC address that is received.

Condition: This symptom might be seen in a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.1(4).

Workaround: This issue is resolved.

•CSCtr19177

Symptom: Packets might get dropped or treated unfairly in contrast with the applied QoS policies.

Conditions: This symptom might be seen when the queuing parameters applied in hardware are different from the one that is programmed in the policy.

Workaround: This issue is resolved.

•CSCtr33544

Symptom: The copy running-config startup-config command aborts.

Conditions: This symptom might be seen when there are repeated copy running-config startup-config commands.

Workaround: This issue is resolved.

•CSCtr36566

Symptom: On a Cisco Nexus 7000 Series switch, any change to the summer-time configuration (daylight saving time) is not correctly updated in the RPM.

Conditions: This symptom might be seen if you enter the clock summer-time command and attempt to make changes to the summer-time configuration. Even though the output of the show clock detail command will show the correct summer-time settings, the changes are not updated in the RPM which can affect other components, such as key chains, that rely on timing.

Workaround: This issue is resolved.

•CSCtr44645

Symptom: Cisco Nexus OS contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary commands on a targeted device. The vulnerability is due to improper sanitization of user-supplied values to command line interface commands.

An authenticated, local attacker could exploit the vulnerability by issuing commands that contain malicious options on the device command line interface. If successful, the attacker could gain elevated privileges on the targeted device.

Conditions: This symptom might be seen when injection is done with either the less or the section subcommand.

Workaround: This issue is resolved.

•CSCtr69066

Symptom: If an ISSU to Cisco NX-OS Release 5.1(x) on a Cisco Nexus 7000 Series switch is followed by a switchover, HSRP groups get stuck in the initializing state.

Conditions: This symptom might be seen when a system switchover occurs following an ISSU to Cisco NX-OS Release 5.1(x) from Cisco NX-OS Release 4.x or 5.0(x).

Workaround: This issue is resolved.

•CSCtr74913

Symptom: The aclqos process fails, which causes the linecard to reload.

Conditions: This symptom might be seen when an existing access list is being updated and all of the following conditions are true:

–Statistics is enabled on the policy.

–The policy is active on interfaces.

–The ACEs containing object groups are updated.

Workaround: This issue is resolved.

•CSCtr79988

Symptom: After an ISSU, the following error messages can be seen when the vPC peer link flaps:

%ETH_PORT_CHANNEL-3-PCM_HWCFG_FAIL_ERROR: Port-channel:port-channel1

mbr:Ethernet1/5 SAP 176 returned error Unknown error 1088421890 for opc

MTS_OPC_PIXM_MOD_MEMB_LTL; if lacp port-channel please collect <show

tech-support lacp all> or please collect <show tech-suppor

Conditions: This symptom might be seen when the following conditions are met:

-A vPC is configured.

-Only the peer link is affected (not the vPC members).

-A vPC needs to be configured and removed again before the ISSU.

-An ISSU is performed.

-The peer link need to be flapped (it can go down for any reason).

Workaround: This issue is resolved.

•CSCtr80779

Symptom: CBL VLAN programming is incorrect.

Conditions: This symptom might be seen when you enter the shut, suspend, no suspend, and no shut commands in that sequence.

Workaround: This issue is resolved.

•CSCtr88741

Symptom: Interface related configurations are not processed and cause an syslog error message to be printed. Configurations cannot be properly applied using SNMPSET.

Conditions: This symptom might be seen when configurations cannot be applied using SNMPSET.

Workaround: This issue is resolved.

•CSCtr88786

Symptom: Reloading an OTV VDC causes an OTV adjacency to immediately come up, but the show otv isis adjacency command shows that the neighbor name is not resolved and no IS-IS LSP is received from the neighbor until 8 to10 minutes later.

Conditions: This symptom might be seen when you reload the OTV VDC.

Workaround: This issue is resolved.

•CSCtr88815

Symptom: Following a reload of a Cisco Nexus 7000 Series switch that has a core VDC and an OTV VDC, the other site ED cannot establish an OTV adjacency with the VDC on the reloaded switch. The other site ED has *,G for the OTV core multicast group and s,g for the other ED, but no s,g for the reloaded ED.

Conditions: This symptom might be seen when you reload a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtr92742

Symptom: When the ACL manager stops responding, access-group commands cannot be removed from a bound interface.

Conditions: This symptom might be seen in very rare cases under continuous test cycles when a large ACL (40,000+ lines) is added to a running configuration.

Workaround: This issue is resolved.

•CSCtr95031

Symptom: When you enable LDP, the following message appears:

TRANSPORT_SERVICES_PKG license not installed. ldp feature will be shut down after grace period of approximately x day(s).

Conditions: This symptom might be seen when you enable LDP.

Workaround: This issue is resolved.

•CSCtr97385

Symptom: SNMP can fail when the config-copy MIB is used.

Conditions: This symptom might be seen when there are missed heartbeats.

Workaround: This issue is resolved.

•CSCts00210

Symptom: A type-3 default gateway summary route is sent to Area 0 from an Area Border Router (ABR).

Conditions: This symptom can be seen only if stub areas are configured and there is a type-5 default route in the database. If both of these conditions are not met, the symptom cannot occur.

This issue can be triggered by an interface flap of OSPF neighbors, a module reload, or the clear ip ospf neighbor command. The probability of this issue occurring is higher if many neighbors flap at the same time, but it does not occur at each flap.

Workaround: This issue is resolved.

•CSCts08764

Symptom: After supervisors fail over in a Cisco Nexus 7000 Series switch, a VDC may show as failed in the output of the show vdc command:

switch# show vdc

N7K# show vdc

vdc_id vdc_name state mac lc

------ -------- ----- ---------- ------

<snip>

2 VDC2 failed <mac-address> m1 f1 m1xl

<snip>

Conditions: This symptom might be seen immediately after a forced switchover between supervisors.

Workaround: This issue is resolved.

•CSCts11774

Symptom: Shutting down the SVI caused the ipfib process to fail.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch that is running NX-OS Release 5.1(3).

Workaround: This issue is resolved.

•CSCts27542

Symptom: You cannot enter the system startup-config unlock x command when x is greater than 65536.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCts29458

Symptom: A memory leak occurs during a MIB walk of the CISCO-STP-EXTENSIONS-MIB.

Conditions: This symptom might be seen on a switch running Cisco NX-OS Release 5.2(1) when there is a MIB walk of the CISCO-STP-EXTENSIONS-MIB.

Workaround: This issue is resolved.

•CSCts35587

Symptom: A supervisor failover occurs on a Cisco Nexus 7000 Series switch when the show diff rollback-patch running-config startup-config command is entered while a module is booting up.

2011 Aug 23 04:06:09 Nexus7K %$ VDC-1 %$ %SYSMGR-2-SERVICE_CRASHED: Service

"ethpm" (PID 5223) hasn't caught signal 11 (core will be saved).

2011 Aug 23 04:06:09 Nexus7K %$ VDC-1 %$ %SYSMGR-2-SERVICE_CRASHED: Service

"ethpm" (PID 30011) hasn't caught signal 11 (core will be saved).

2011 Aug 23 04:06:10 Nexus7K %$ VDC-1 %$ %SYSMGR-2-SERVICE_CRASHED: Service

"ethpm" (PID 30013) hasn't caught signal 11 (core will be saved).

switch# show cores vdc-all

VDC Module Instance Process-name PID Date(Year-Month-Day Time)

--- ------ -------- --------------- -------- -------------------------

1 6 1 ethpm 30013 2011-08-23 04:23:33

1 6 1 ethpm 5223 2011-08-23 04:23:35

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 5.1(1) that has modules booting up while a CLI command is executing.

Workaround: This issue is resolved

•CSCts45337

Symptom: When an ISSU from Cisco NX-OS Release 5.1(3) to Release 5.2(1) is performed on a Cisco Nexus 7000 Series switch, the MTU on the Layer 3 port channel interfaces that have a jumbo MTU configured will be misprogrammed in hardware which will result in traffic being switched incorrectly in software and will cause poor performance.

Conditions: This symptom might seen when you perform an ISSU upgrade to Cisco NX-OS Release 5.2(1) on a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.1(3).

Workaround: This issue is resolved.

CSCts46571

Symptom: A Protocol Independent Multicast (PIM) neighbor does not come up through MTI interface when the ip redirect feature is enabled on a loopback interface.

Conditions: This symptom might be seen when ip redirect is enabled on a loopback interface after the loopback interface is up and the PIM neighbor relationship is lost.

Workaround: This issue is resolved.

•CSCts50402

Symptom: On a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.1(2), DHCP offers with a client MAC address of 0000.0000.0000 are dropped and are not forwarded to the client.

Conditions: This symptom might be seen specifically with devices that use a client MAC address of all zeroes in the Bootp portion of the packet.

Workaround: This issue is resolved.

•CSCts53540

Symptom: A Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.2(1) is not serving NTP to NTP clients that are not directly connected.

Conditions: This symptom might be seen when the NTP server for a Cisco Nexus 7000 Series switch responds only to directly-connected NTP clients

Workaround: This issue is resolved

•CSCts55243

Symptom: A MAC address shows up in VLAN 4042 instead of in another VLAN, which also prevents the static MAC from being added to that VLAN.

Conditions: This symptom might be seen following an ISSU from Cisco NX-OS Release 5.1(x) to Release 5.2(1).

Workaround: This issue is resolved

•CSCts56310

Symptom: The VRRP group goes into the initializing state when VRRP configuration changes are made.

Conditions: This symptom might be seen when configuration changes are made to a VRRP group in large range of VLANs.

Workaround: This issue is resolved.

•CSCts68444

Symptom: A connectivity issue occurs on an existing port channel when a new port channel is brought up or an existing port channel is flapped.

Conditions: This symptom might be seen in a port channel with more than one member that goes from a FEX to the end hosts

Workaround; This issue is resolved.

•CSCts73997

Symptom: The eth_port_channel service might fail and display the following syslog message:

"SYSMGR-2-SERVICE_CRASHED: Service "eth_port_channel" (PID 28252) hasn't caught signal 6 (core will be saved)."

Conditions: This symptom might be seen if you enter the show running command or the show startup command many times. A memory leak occurs in the service eth_port_channel when handling this operation.

Workaround: This issue is resolved.

•CSCts77130

Symptom: An ISSU from Cisco NX-OS Release 4.2(4) to Release 5.1(3) can cause an internal process to fail. In addition, the ISSU might be incomplete which can cause a few modules to remain on Release 4.2(4).

Conditions: This symptom might be seen when an ISSU from Cisco NX-OS Release 4.2(4) is performed.

Workaround: This issue is resolved.

•CSCts77257

Symptom: The summary route is missing from the RIB, but the LSA that corresponds to the prefix is present in the OSPF database.

Conditions: This symptom might be seen under the following conditions:

–A summary-address command is configured on a router.

–The summary address has no component routes to advertise that fall in that summary.

–The router receives a LSA from another router for a component route that falls in that summary.

Under these conditions, when an incremental summary SPF runs, the route might be missing from the RIB.

Workaround: This issue is resolved.

•CSCts79277

Symptom: Autonegotiation cannot be turned off on a Cisco Nexus 7000 Series switch.

Conditions: This symptom might be seen when a user tries to manually disable autonegotiation by configuring a non-auto speed on a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.2(1).

Workaround: This issue is resolved.

•CSCts97097

Symptom: The MAC address for a FEX port can be learned on a wrong VLAN or BD, if there are FEX Layer 2 trunk ports present in the VDC.

Conditions: This symptom might be seen when either dot1x or CTS is enabled, or both are enabled along with the FEX configuration in the same VDC. Dot1x or CTS do not be enabled on the FEX ports for this symptom to occur.

Workaround: This issue is resolved.

•CSCtt14198

Symptom: When you enter the show vlan command, the following error message appears:

ERROR: Get port-channel database failed

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch that is running Cisco NX-Os Release 5.2(1).

Workaround: This issue is resolved.

•CSCttl6348

Symptom: A module resets because the ori_fwd process fails.

Conditions: This issue can occur at approximately 150 days OR when the number of interrupts in the system (due to topology, traffic flow, and so on) is very high.

Workaround: This issue is resolved.

•CSCtt32509

Symptom: In previous Cisco NX-OS releases, the NTP authentication key limit was 8 characters. As a result, following a downgrade, the ASCII replay might fail for the authentication key configuration. Also following a downgrade, deleting a longer key might fail.

Conditions: This symptom might be seen following an ISSD.

Workaround: This issue is resolved. The NTP authentication key limit has been increased to 15 characters.

•CSCtt37768

Symptom: MAC addresses that point towards the peer-link (for hosts through orphan ports on the vPC peer) are removed from the linecard forwarding hardware.

Conditions: This symptom might be seen when a remote MAC address has been incorrectly programmed, which allows it to be aged out which in turn causes the problem.

This issue affects all M1, F1, and F2 series modules in Cisco NX-OS Release 5.1(x), Release 5.2(x), and Release 6.0(x).

Workaround: This issue is resolved.

•CSCtt38844

Symptom: A DCHP relay on a Cisco Nexus 7000 Series switch does not flood the DHCP offer received from the server where the client set the broadcast bit. The destination MAC address is ffff.ffff.ffff, but the CPU sends the packet out the interface where the corresponding DHCP discover packet was received from the client.

Conditions: This symptom might be seen when the broadcast bit is set to client. The result should be flood to VLAN. In this case, the DHCP offer is not flooded, and if the client is now known through a different interface, or circumstances prevent that broadcast packet from reaching the client through the original path, DHCP times out.

Workaround: This issue is resolved.

•CSCtt40390

Symptom: A very large ACL that is used for a PBR policy-map corrupts the TCAM memory on an XL module once it is applied to an interface. I

Conditions: This symptom might be seen on an XL line card with a very large ACL that is used for PBR.

Workaround: This issue is resolved.

•CSCtt43115

Symptoms: An M-1 Series module resets following the configuration of a new VLAN. The following errors appear:

%MODULE-2-MOD_DIAG_FAIL: Module X (serial: <serial#>) reported failure on ports

X/1-X/48 (Ethernet) due to Octopus internal error in device 78 (device error

<ErrCode>)

Conditions: This symptom might be seen when a Cisco Nexus 7000 Series switch is a mixed chassis, with both M-1 and F1- Series modules, and there is a TX SPAN session configured with the destination port as a trunk port. The SPAN destination port can be in either the M-1 or F1- Series module. The switch is running Cisco NX-OS Release 5.2(1).

Workaround: This issue is resolved.

•CSCtt62040

Symptom: While creating a dual adjacency on a pair of Cisco Nexus 7010 switches, the following error message appeared:

%SYSMGR-2-SERVICE_CRASHED: Service "mrib" (PID 6164) hasn't caught signal 11 (core will be saved).

Conditions: This symptom might be seen when OTV is enabled.

Workaround: This issue is resolved.

•CSCtt97081

Symptom: After entering the copy running-config startup command on an Cisco MDS 9513 switch that is running Cisco NX-OS Release 5.2(1), the following message appears:

[########################################] 98%

Copy running-config

startup-config failed to complete.....

Conditions: This symptom might be seen following a system switchover when the standby supervisor does not come up, but remains in a powered up state.

Workaround: This issue is resolved.

•CSCtt97253

Symptom: The aclqos process might fail when you modify the IPv6 route map on an interface.

Conditions: This symptom might be seen under the following conditions:

–An IPv6 route map is configured with an ACL for matching.

–Policy routing is enabled for the route map and is applied to IPv6 enabled interface.

You modify the ACL attached to the route map. For example, you add an entry. The addition fails and the following messages appear:

******

2011 Oct 13 12:53:10 NDC1P03DSTSR05 %SYSMGR-SLOT1-2-SERVICE_CRASHED: Service "aclqos" (PID 1706) hasn't caught signal 11 (core will

be saved).

2011 Oct 13 12:53:13 NDC1P03DSTSR05 %ACLMGR-3-ACLMGR_VERIFY_FAIL: Verify failed: client 8300016E, Linecard aclqos client crash

Workaround: This issue is resolved.

•CSCtt97355

Symptom: Creation of new multicast groups with FEX interfaces as members fails with this error:

"Multicast resource (DVIF) unavailable"

Conditions: This symptom might be seen if there are any topology changes during an ISSU, such as multicast join or leave, or link flaps of the FEX ports. The issue can cause some resource leaks and an MTS buffer leak in the vntag_mgr process. The issue might appear a long time after the ISSU.

Workaround: This issue is resolved.

•CSCtu00256

Symptom: A Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release5.1(5) might unexpectedly fail due to an eth_pcm error.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtu03245

Symptom: When a failover occurs, the LTL index may not get programmed.

Conditions: This symptom might be seen under these conditions.

There are two messages sent from the supervisor module to all linecards in the switch:

–The first message is used to clear the supervisor specific LTL table entries that correspond to supervisor DIs.

–The second message is used to restore the supervisor specific LTL table entries that correspond to supervisor DIs.

If the first message is not received by one particular linecard, after two supervisor switchovers, the supervisor bound credited traffic will not go through because LTL entries that correspond to supervisor DIs are zeroed.

Workaround: This issue is resolved.

•CSCtu08174

Symptom: Broadcast traffic fails to pass on a VLAN that is converted from a private VLAN to normal VLAN on the 32-port 10-Gigabit Ethernet SFP+ I/O module in a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.2(1).

Conditions: This symptom might be seen when you configure a private VLAN and convert it to a normal VLAN on a switch that is running Cisco NX-OS Release 5.2(1).

Workaround: This issue is resolved.

•CSCtu19840

Symptom: A SPAN destination port can be misprogrammed and forward traffic that is not supposed to be SPAN if two or more source ports that are forwarding multicast traffic are removed.

Conditions: This issue might be seen with multicast traffic when two or more source multicast ports are removed from the SPAN source or when the source of the VLAN is removed that has multicast traffic running.

Workaround: This issue is resolved.

•CSCtu21367

Symptom: Packets that are sourced from and destined to certain MAC addresses are not transported across OTV.

Conditions: This symptom might be seen when the MAC addresses of the traffic meet both of the following conditions:

–The destination MAC address starts with 6 (6xxx.xxxx.xxxx).

–The second byte of the source MAC address is 0 or 1 (xx00.xxxx.xxxx or xx01.xxxx.xxxx).

Workaround: This issue is resolved.

•CSCtu27858

Symptom: Under certain circumstances, traffic that enters an F1 series module with a HSRP MAC address might get dropped.

Conditions: This symptom might be seen when both an F1 series module and a M1 series module are present in the system.

Workaround: This issue is resolved.

•CSCtu30632

Symptom: The supervisor module failed when the L2FM process failed.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.2(1).

Workaround: This issue is resolved.

•CSCtu33071

Symptom: The mpls ldp sync command is removed from the OSPF configuration after a reload. The command is present in the startup configuration, but does not appear in running configuration. The feature is also not active after the reload.

Conditions: This symptom might be seen on the non-default VDC only after a reload. The symptom is not seen following a supervisor switchover.

Workaround: This issue is resolved.

•CSCtu39465

Symptom: The PPM process failed at bootup because of a missed heartbeat caused by high CPU usage during bootup. The following message was written to the log:

<Start type:

SRV_OPTION_RESTART_STATEFUL (24)

Death reason: SYSMGR_DEATH_REASON_FAILURE_HEARTBEAT (9)>

Conditions: This symptom might be seen when there is high CPU usage during bootup.

Workaround: This issue is resolved.

•CSCtv00148

Symptom: After a Layer 2 multicast lookup MAC address is configured, the Cisco Nexus 7000 Series switch still floods unicast traffic with the destination MAC address as a multicast address, if the Cisco Nexus 7000 Series switch routes the traffic. The switch should forward the traffic to ports in the mac address-table multicast 01xx.xxxx.xxxx vlan vlan-id interface interface-name command.

This issue only covers the case where the destination multicast address does not start with 01005e. For the case where the destination multicast address does start with 01005e, see CSCtw73595.

Conditions: This symptom might be seen in Cisco NX-OS Release 5.2(1) and Release 6.0(1) when the Cisco Nexus 7000 Series switch has to route the traffic between two SVI interfaces.

Workaround: This issue is resolved.

•CSCtw89936

Symptom: When upgrading a Cisco Nexus 7000 Series switch to Cisco NX-OS Release 5.2(3), the vlan_mgr process might fail once the upgrade is complete if the show vlan command is executed manually or using a script.

Conditions: This symptom might be seen when the device is upgraded through the ISSU process to Cisco NX-OS Release 5.2(3).

Workaround: This issue is resolved.

Resolved Caveats—Cisco NX-OS Release 5.2(1)

•CSCsm22329

Symptom: QoS statistics require a policing action to allow marking actions to produce statistics.

Conditions: When you define a QoS service policy with only marking actions, the statistics do not work. The statistics feature works only when the service policy has a policing action defined also.

Workaround: This issue is resolved.

•CSCti03724

Symptom: Cisco NX-OS software images contain the GDB debugger, which is the GNU Program Debugger.

Conditions: This symptom might be seen in Cisco NX-OS Release 4.2(3) and earlier releases.

Workaround: This issue is resolved.

•CSCtj29688

Symptom: Peer-link ports might become error disabled on the primary switch.

Conditions: This symptom might be seen if you enter the shut command followed by the no shut command on the peer-link port when there are a large number of vPCs (250 or more).

Workaround: This issue is resolved.

•CSCtj36639

Symptom: IP switched flows in a VLAN are not reported.

Conditions: This symptom might be seen under the following conditions:

–If a VLAN has been disabled by the no vlan command and is reenabled later.

–If VLAN Trunking Protocol (VTP) is enabled and configured for client mode, this issue might occur if the VLAN is deleted and re-added at the VTP server node.

Workaround: This issue is resolved.

•CSCtj42200

Symptom: The supervisor module fails due to an snmpd process:

swtich# show system reset-reason

----- reset reason for Supervisor-module 5 (from Supervisor in slot 5) ---

1) At 683491 usecs after Thu Feb 10 08:41:28 2011

Reason: Reset triggered due to HA policy of Reset

Service: snmpd hap reset

Conditions: This symptom might be seen when the Cisco Nexus 7000 Series switch is running Cisco NX-OS Release 5.1(3) or an earlier release.

Workaround: This issue is resolved.

•CSCtk18052

Symptom: When you enter the encapsulation dot1q vlan-id command, the Cisco Nexus 7000 Series switch fails and displays the following message:

switch#%SYSMGR-2-SERVICE_CRASHED: Service "icmpv6" (PID 3915) hasn't caught

signal 11 (core will be saved).

Additional output includes the following:

#0 0x414cefb6 in strlen () from

/tmp/fas_20110210111928/x86-wrl/lib/libc.so.6

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running NX-OS Release 5.1(1).

Workaround: This issue is resolved.

•CSCtk34535

Symptom: A Cisco Nexus 7000 Series switch might reset due to a HAP policy of Reset in Cisco Discovery Protocol (CDP).

Conditions: This symptom might be seen under normal operating conditions of a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtk36830

Symptom: SNMP stops responding after the following message started appearing on the console:

KERNEL-2-SYSTEM-MSG

Conditions: This symptom might be seen when there is a long-lived TCP connection from NMS to the Cisco Nexus 7000 Series switch. The netstack TCP buffer gets full and the following send() call gets stuck if it is a BLOCKING call. As a result, SNMP fails due to a missing heartbeat.

Workaround: This issue is resolved.

•CSCtk55946

Symptom: After MAC addresses are moved multiple times, the MAC addresses do not appear when you enter the show mac address-table command on the supervisor module.

Conditions: This symptom might be seen when a MAC address move is initiated due to a topology change by STP. The MAC addresses that are missing in the output of the show mac address-table command do not have active traffic coming from them.

Workaround: This issue is resolved.

•CSCtk63052

Symptom: Upon extending multiple ranges of VLANs, the output of the show running-config command displays an inconsistent and distorted output.

Conditions: This symptom might be seen in Cisco NX-OS Release 5.1(2) and Release 5.1(3).

Workaround: This issue is resolved.

•CSCtk60746

Symptom: Occasionally you might see the following error message in the syslog file:

Failure communicating with MTS_SAP_SPM for opcode MTS_OPC_ETHPM_BUNDLE_MEMBER_BRINGUP.

Conditions: This message is seen when the port-channel interface comes online or goes offline with a Web Cache Control Protocol (WCCP) policy applied to it. The message is seen only in Cisco NX-OS Release 5.1(1) and Cisco NX-OS Release 5.1(2).

Workaround: This issue is resolved.

•CSCtk68076

Symptoms: A Cisco Nexus 7000 Series switch might erroneously send packets out of the incorrect interface which can cause the other link to become error-disabled.

Conditions: This symptom might be seen during a hardware failure of the module on which the packets would normally be sent out.

Workaround: This issue is resolved.

•CSCtk82443

Symptom: The MAC address is not synchronized between the supervisor module and the other modules after a reload of the secondary vPC switch.

Conditions: This issue might be seen in Cisco NX-OS Release 4.2(4) and Release 4.2(6) in the following conditions:

–A peer gateway is configured.

–There is not only a peer link between the peer but an additional trunk link.

–The secondary vPC peer switch is reloaded.

This issue is not seen in Cisco NX-OS Release 5.0(2a), 5.0(5), and 5.1(1a).

Workaround: This issue is resolved.

•CSCtk83380

Symptom: When a large number (more than 12,000) ACLs are configured, disabling resource pooling may not work as expected.

Conditions: This symptom might be seen under these conditions:

–There are a large number of ACLs configured.

–Resource pooling is disabled.

Workaround: This issue is resolved.

•CSCtk83899

Symptom: When you try to remove a configuration from an interface on a Cisco Nexus 7000 Series switch, the attempt might be rejected and the following message displays:

Interface config wipeout failed for 0x1

This symptom can also occur when you use the default interface int command.

Conditions: The specific trigger for this symptom is not known.

Workaround: This issue is resolved.

•CSCtk94528

Symptom: When trying to extend the VLANs for the overlay interface, you might see the following error message:

Switch(config-if-overlay)# otv extend-vlan add 2020

Processing currently extended vlans, please wait for some time and retry

your command

Conditions: This symptom might be seen in Cisco NX-OS Release 5.1(2) and can be verified by entering the show system internal orib cleanup command:

switch# show system internal orib cleanup

VLANS UNDERGOING CLEANUP

msg_id = 798850571

VLAN message_id r-uroutes r-mroutes

---- ---------- --------- ---------

8 798850571 0 1

Workaround: This issue is resolved.

•CSCtl07863

Symptom: When the supervisor fails over to the standby supervisor, the NFM process on the newly active supervisor fails with the following message:

%SYSMGR-2-SERVICE_CRASHED:Service "nfm" (PID 6705) hasn't caught signal 6 (core will be saved).

Conditions: This symptom might be seen when Netflow Exporter is configured and the switch has a large volume NF exports.

Workaround: This issue is resolved.

•CSCtl10832

Symptom: In Cisco NX-OS Release 5.1(2), IPv6 fails in a vPC or vPC+ setup when a peer gateway is configured.

Conditions: This symptom might be seen when ND packets are routed on a remote vPC peer switch and as a result, the TTL/hop-limit in the IPv6 header is decremented. When the packet reaches the vPC switch to which the ND packet is destined, the TTL will not be 255 and will be dropped in the software.

Workaround: This issue is resolved.

•CSCtl24854

Symptom: A Cisco Nexus 7000 Series switch might be unreachable (through ping, HSRP, or Telnet), and stop routing all ingress traffic on an impacted module for a specific VLAN. Further analysis shows the RMAC of the impacted VLAN is not programmed in the hardware on the impacted module.

Conditions: The specific trigger for this symptom is not known.

Workaround: This issue is resolved.

•CSCtl47670

Symptom: When there is a vPC with one route going from a F1 series module, there is a possibility that traffic might be denied on the egress side of the F1 series module.

Condition: This symptom might be seen when there is one vPC connected out of the downstream switch and the vPC on the peer Cisco Nexus switch to the downstream switch is down.

Workaround: This issue is resolved.

•CSCtl56471

Symptom: When RBAC is disabled on a Cisco Nexus 7000 Series switch, all commands are forwarded for authorization to the TACACS server. For example, when you create a new user by entering the username test5 password cisco role network-operator command, the TACACS server passes this command, but the switch rejects the command with the message: "cannot make changes for other user."

Conditions: This symptom might be seen when RBAC is disabled on the switch.

Workaround: This issue is resolved.

•CSCtl71701

Symptom: Once UDLD is disabled, it cannot be enabled.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtl76940

Symptom: A Cisco Nexus 7000 Series switch with root guard enabled on a VPC to a secondary switch will not automatically recover, once the inconsistency is cleared.

Conditions: This symptom might be seen when two Cisco Nexus 7000 Series switches that are running Cisco NX-OS Release 5.1(2) are connected through a vPC to a secondary switch. Root guard is enabled on the vPC and Spanning Tree Protocol priority is lower on the secondary switch, which disables the vPC. Root primary should be enabled on the Cisco Nexus 7000 switches to clear the root guard condition, however, the port does not recover.

Workaround; This issue is resolved.

•CSCtn21586

Symptom: A policy-based routing (PBR) policy on Layer 3 interfaces does not redirect traffic. As a result, the traffic takes the normal route.

Conditions: This symptom might be seen if the same PBR policy is applied on multiple interfaces before the next hop adjacencies are resolved. It does not redirect the traffic correctly on some interfaces.

Workaround: This issue is resolved.

•CSCtn61023

Symptom: After a DWDM-X2 SFP is inserted, a port or link does not come up.

Conditions: This symptom might be seen when a DWDM-X2 SFP is repeatedly inserted and removed. The issue is not specific to any particular DWDM-X2 SFP.

Workaround: This issue is resolved.

•CSCtn61286

Symptom: ISSU will not work properly if there is a single supervisor in the second supervisor slot, which is slot 6 on the Cisco Nexus 7010 switch chassis.

Conditions: This symptom might be seen if there is single supervisor that is marked in the chassis as Supervisor-2.

Workaround: This issue is resolved.

•CSCtn63734

Symptom: If you move a vPC peer link from one port-channel interface to another port-channel interface, and the peer link is composed of members that are on an F1-series module, then broadcast packets can loop from one vPC member, across the peer link, and out of the other vPC member.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running NX-OS Release 5.1(2).

Workaround: This issue is resolved.

•CSCtn64173

Symptom: A failure occurs during a HA switchover.

Conditions: This symptom might be seen when the following steps occur in this order:

–Perform an ISSU from a release earlier than Cisco NX-OS Release 5.1(2) to Release 5.1(2) and from a release earlier than Cisco NX-OS Release 5.1(3) to Release 5.1(3).

–Perform a switchover after the ISSU completes.

–Create the switch virtual interface (SVI).

–Delete the SVI.

–Create the same SVI again.

Workaround: This issue is resolved.

•CSCtn75342

Symptom: An 802.1X port that is in an unauthorized state might pass traffic after multiple port flaps on the port.

Conditions: This symptom might be seen under the following conditions:

–The RADIUS server is unreachable or is not configured on the switch.

–The wrong credentials are provided.

Workaround: This issue is resolved.

•CSCtn76500

Symptom: A faulty fabric module could cause a reset of the supervisor module and possibly other modules due to an ASIC fatal error. In the output of the show module internal exception log mod module-number command, the error description shows the following:

Error Description : OC_RO0_INT_TDB_START_ERR

All modules would also fail the diagnostics Rewrite Engine test.

Conditions: This symptom is a very rare failure mode of the fabric module.

Workaround: This issue is resolved.

•CSCtn78549

Symptom: FabricPath forwarding engines (FEs) do not populate remote MAC addresses according to port-channel membership in a chassis with both M1 series modules and F1 series modules.

Conditions: This symptom might be seen when two members of the same FE (x and y) belong to the same FabricPath port channel (that contains any number of port-channel members) and one of the members (x or y) is brought down. This symptom occurs only on switches where FabricPath is enabled.

Workaround: This issue is resolved.

•CSCtn79375

Symptom: When you enter the default interface interface command, a trunk-allowed list for that interface does not go back to the default state. The trunk allowed list becomes "none" (empty).

Conditions: This symptom might be seen when the port is in trunk mode with some allowed VLANs.

Workaround: This issue is resolved.

•CSCtn81880

Symptom: When a peer link comes up on an F1 series module, the following level 2 syslog message displays, even when the peer-gateway is not configured:

VPC_ADD_L3_BKUP_VLAN_TO_PEER_GW_EXCLUDE_LIST

Conditions: This symptom might be seen on an F1 series module when a peer link comes up, but the peer gateway is not configured.

Workaround: This issue is resolved.

•CSCtn82316

Symptom: On a Cisco Nexus 7000 Series switch that is not performing DHCP relay functionality or DHCP snooping, any DHCP discover or offer packet, or boot packet that has a source IP address of 0.0.0.0 and destination IP address of 255.255.255.255, and that is sourced or destined for UDP port 68 or 67, the forwarding engine will classify this packet and count it toward the control-plane policing statistics in the class where DHCP is defined.

Conditions: This symptom might be seen because by default, control-plane policing counts DHCP packets in copp-system-class-normal, which is where ARP is also classified. If there is enough constant DHCP traffic flowing through the switch, this CoPP policer might also discard valid ARP packets, possibly causing intermittent packet loss.

Workaround: This issue is resolved.

•CSCtn85080

Symptom: The hardware rate limiter "vpc-peer-gw" is disabled by default on all modules.

Conditions: This symptom might be seen following an ISSU from Cisco NX-OS Release 5.1(3) to Release 5.1(4).

Workaround: This issue is resolved.

•CSCtn94017

Symptom: When GRE tunnel(s) are configured between a Cisco Nexus 7000 Series switch and another device, the switch fails when ping is initiated to the Cisco Nexus 7000 Series switch tunnel interface IP address from the remote side of the GRE tunnel.

Conditions: This symptom might be seen when the ping for the GRE tunnel is received on a F series module. The GRE tunnel should use a source and destination loopback interface. The issue can be triggered by traffic that is destined to in-band over the GRE tunnel and switched from an F series module; however, the issue can also be triggered from an M series module.

Workaround: This issue is resolved.

•CSCtn95934

Symptom: The 10-Gbps fiber links flap between Cisco Nexus 7000 Series switches.

Conditions: The issue might be seen when the following conditions apply:

–The Cisco Nexus 7000 Series switch is running Cisco NX-OS Release 5.1(2).

–The link connected between N7K-F132XP-15 modules.

–Modules are connected over certain DWDM systems.

Workaround: This issue is resolved.

•CSCto09454

Symptom: After adding a default static mroute on the Cisco Nexus 7000 Series switch, the route shows as hidden in the output of the show ip route rpf command. This route is not used to do RPF checks.

Conditions: This symptom might be seen regardless of whether or not there are any unicast default routes in the table. If there are no unicast default routes, the output says no route found.

Workaround: This issue is resolved.

•CSCto41068

Symptom: High CPU utilization is seen on a Cisco Nexus 7000 Series module.

Condition: This symptom might be seen when a configured session timeout triggers Layer 3 flows to be aggressively exported.

Workaround: This issue is resolved.

•CSCto72759

Symptom: By default in Cisco NX-OS, IBGP routes are redistributed into the IGP when redistribution is configured. In Cisco IOS software, the bgp redistribute-internal router bgp command is needed to redistribute the routes.

Conditions: Consistent behavior is need between Cisco NX-OS and Cisco IOS software.

Workaround: This issue is resolved.

•CSCto91534

Symptom: When a fabric module is reloaded during an ISSU, the ISSU stops for all the modules because the fabric module reload is not handled gracefully.

Conditions: This symptom might be seen when a fabric module reloads during an ISSU.

Workaround: This issue is resolved.

•CSCtq00709

Symptom: A static port-security MAC address is lost in the MAC address table. As a result, the MAC address loses connectivity to other devices.

Conditions: This symptom might be seen in Cisco NX-OS Release 4.2(6).

Workaround: This issue is resolved.

•CSCtq08690

Symptom: An snmpget command for the fex-cable displays the following error:

No Such Instance currently exists at this

Conditions: This symptom might be seen only with snmpget for the fex-cable. The getnext command does not have this problem. The snmpget command does not have this problem for any other OID.

Workaround: This issue is resolved.

•CSCtq30174

Symptom: A service policy with a police action cannot be applied to a VLAN interface. A message similar to the following is displayed:

ERROR: Unable to perform the action due to incompatiblity: Module 3 returned status "policing action not supported"

Conditions: This symptom might be seen when an F1series module is in the chassis.

Workaround: This issue is resolved.

•CSCtq46403

Symptom: A VDC fails when WCCP is enabled.

Conditions: This symptom might be seen under normal operating conditions for a Cisco Nexus 7000 Series switch.

Workaround: This issue is resolved.

•CSCtq53809

Symptom: The NetFlow service stops responding after NetFlow configuration changes are made.

Conditions: This symptom might be seen on a Cisco Nexus 7000 Series switch running Cisco NX-OS Release 4.2(6).

Workaround: This issue is resolved.

•CSCtq59896

Symptom: The vntag_mgr process continuously fails and displays the message:

%SYSMGR-2-SERVICE_CRASHED: Service "vntag_mgr" (PID 15232) hasn't caught signal 11 (core will be saved).

Conditions: The issue might be seen when a large number of VLANs is allowed on the FEX trunks, combined with a large amount of discontiguous VLANs that are defined.

Workaround: This issue is resolved.

•CSCtq63108

Symptom: Kernel panic and a supervisor reload can occur.

Conditions: This symptom might be seen in an extremely rare situation where the underlying hardware (either a module, a supervisor module, or the switch transmitting packets) has malfunctioned and causes timeout drops. A race condition occurs that uses a freed section of memory.

Workaround: This issue is resolved.

•CSCtq81425

Symptom: In specific situations during bringup, a member port of a port channel with a min-link configuration can get error-disabled with the reason "undefined." The following syslog indicates this condition:

2011 Jun 8 21:21:34 n7k-1 %$ VDC-1 %$ %ETHPORT-2-IF_SEQ_ERROR: Error ("undefined") communicating with MTS_SAP_ETH_PORT_CHANNEL_MGR for opcode MTS_OPC_ETHPM_PORT_BRINGUP (RID_PORT: Ethernet9/13) Follow PM FAQ #6 at: http://zed.cisco.com/confluence/display/KGP/Port+Manager+FAQ

Conditions: This symptom might be seen when a port (such as port-1) is in a transitory bringup state and at the same instant another member port (such as port-2) goes down in the port channel. If port-2 going down triggers a min-link condition, port-1 will also be suspended. Without this fix, the port will be error-disabled with the reason "undefined" instead of being suspended.

Workaround: This issue is resolved.

•CSCtq87642

Symptom: LTL programming does not take place on certain modules because of PIXM deregistering the modules from the active-lc-mask.

Conditions: This symptom might be seen when there is congestion in the communications link between the modules.

Workaround: This issue is resolved.

•CSCtq92515

Symptom: When a PIM neighbor flaps, both devices consider themselves to be the DF. The new DF winner does not send or announce others, which causes two DF winners in the network.

Conditions: This symptom might be seen when PIM flaps due to the port-channel link flaps, and then elects two DF winners on the same link.

Workaround: This issue is resolved.

•CSCtq94473

Symptom: On a Cisco Nexus 7000 Series switch, a PIM neighbor relationship might be formed on an SVI with a neighbor on the wrong subnet or VLAN.

Conditions: This symptom might be seen under these conditions:

–The SVI forming the incorrect PIM neighbor adjacency must be the native VLAN of a trunk.

–The switch must not have the SVI of the VLANs it is forming a neighbor relationship with.

Workaround: This issue is resolved.

•CSCtq94723

Symptom: Link up or link down traps are sent from FEX ports even though the FEX module is disabled.

Conditions: This symptom might seen after you enter the no snmp-server trap link-status command.

Workaround: This issue is resolved.

•CSCtq98904

Symptom: High memory utilization might occur for the sysmgr process.

Conditions: This issue might be seen when there have been many VDC reloads on the standby supervisor prior to a switchover.

Workaround: This issue is resolved.

•CSCtr14590

Symptom: Once a broadcast packet from an extended VLAN is encapsulated in an OTV control-group IP multicast packet, then the Layer 2 multicast header is malformed.

Conditions: This symptom might be seen under the following conditions:

–If the packets with the malformed destination address are received by an F series module, then the packet is dropped.

–If the packets with the malformed destination address is received by an M series module, then the packet is forwarded.

Workaround: This issue is resolved.

•CSCtr20824

Symptom: A Cisco Nexus 7000 Series switch might not forward multicast streams because of a hardware issue where multicast entries are not installed in the hardware. Lack of a hardware entry can be verified with the following commands:

show ip mroute source group

This output should be correct.

show forwarding multicast route source source group group

This output does not show the entry, as the entry is not created in hardware properly.

Conditions: The symptom can be verified with the following command:

sh system internal mfdm info statistics | egrep -i "delay|failed"

Number of index in delayed free <x> <<<< # around 65k

Number of L3 index alloc failed <x> <<<< continuously

incrementing

This queue is not expected to always be non zero. It is normal for it to be non zero. However, an indication of an issue is if the queue continues to steadily increase without decreasing. If the multicast environment is very dynamic, there is greater fluctuation in the number of entries in the queue.

Workaround: This issue is resolved.

•CSCtr29101

Symptom: Once you enter the advertise-labels for pfx_acl to tsr_acl MPLS LDP configuration command, you cannot remove it.

Conditions: This symptom might be seen when you are configuring labels to be advertised to peers.

Workaround: This issue is resolved.

•CSCtr33173

Symptom: A Cisco Nexus 7000 Series switch repeatedly has ACLQOS service failures followed by module resets:

%SYSMGR-SLOT3-2-SERVICE_CRASHED: Service "aclqos" (PID 27249) hasn't caught signal 6 (core will be saved).

%SYSMGR-SLOT3-2-SERVICE_CRASHED: Service "aclqos" (PID 18426) hasn't caught signal 11 (core will be saved).

%IPQOSMGR-4-QOSMGR_LC_SESSION_ERROR_MSG: Linecard 2 returned the following error for statistics session: Operation timed out.

%IPQOSMGR-4-QOSMGR_LC_SESSION_ERROR_MSG: Linecard 3 returned the following error for statistics session: Operation timed out.

%IPQOSMGR-4-QOSMGR_LC_SESSION_ERROR_MSG: Linecard 1 returned the following error for statistics session: Operation timed out.

%SYSMGR-SLOT3-2-SERVICE_CRASHED: Service "aclqos" (PID 18605) hasn't caught signal 11 (core will be saved).

%ETHPORT-5-IF_SEQ_ERROR: Error ("sequence timeout") communicating with MTS_SAP_SPM for opcode MTS_OPC_ETHPM_PORT_LOGICAL_CLEANUP (RID_PORT: Ethernet<mod/port>)

%MODULE-2-MOD_DIAG_FAIL: Module 3 (serial: JXXXXXXXX) reported failure due to Service on linecard had a hap-reset in device 134 (device error 0x16e)

Conditions: This issue might be seen on a Cisco Nexus 7000 Series switch that is running Cisco NX-OS Release 5.1(3). The issue persists after a switch reload

Workaround: This issue is resolved.

•CSCtr33411

Symptom: The show hardware internal forwarding l2 asic register 1465 2 2 command causes the 32-port 10-Gigabit Ethernet SFP+ I/O module to fail.

Conditions: This symptom might be seen when you enter the command and specify a specific instance in the argument.

Workaround: This issue is resolved.

•CSCtr43139

Symptom: After an ISSU and EPLD upgrade on a Cisco Nexus 7000 Series switch, the first switchover performed results in a failure of the UDLD process with multiple core files.

Conditions: This issue might be seen at the first switchover after the upgrade. Further switchovers do not cause the problem.

Workaround: This issue is resolved.

•CSCtr44323

Symptom: Port channels exhibit unexpected behavior in Cisco NX-OS Release 4.2 when any configuration is applied. If the configuration succeeds, there might be traffic discrepancies.

Conditions: This issue might be seen when an ISSD is performed from any release later than Cisco NX-OS Release 4.x(x) to any Release 4.x.

Workaround: This issue is resolved.

•CSCtr46794

Symptom: The CLI process fails when a large number of BGP confederation peers are configured.

Conditions: This symptom might be seen if you configure a large number of BGP confederation peers because more than 200 confederation peers is not supported.

Workaround: This issue is resolved.

Related Documentation

Cisco NX-OS documentation is available at the following URL:

http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html

The Release Notes for upgrading the FPGA/EPLD is available at the following URL:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/epld/epld_rn.html

Cisco NX-OS includes the following documents:

Release Notes

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.x

NX-OS Configuration Guides

Cisco Nexus 7000 Series NX-OS Virtual Device Context Quick Start

Cisco Nexus 7000 Series OTV Quick Start Guide

Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Quality of Service Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS OTV Configuration Guide

Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS FabricPath Configuration Guide

Cisco Nexus 7000 Series NX-OS Software Upgrade and Downgrade Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS LISP Configuration Guide

Cisco NX-OS Licensing Guide

Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide

Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x

Cisco NX-OS FCoE Configuration Guide

Configuring the Cisco Nexus 2000 Series Fabric Extender

Cisco NX-OS XML Management Interface User Guide

Cisco NX-OS System Messages Reference

Cisco Nexus 7000 Series NX-OS MIB Quick Reference

NX-OS Command References

Cisco Nexus 7000 Series NX-OS Command Reference Master Index

Cisco Nexus 7000 Series NX-OS Fundamentals Command Reference

Cisco Nexus 7000 Series NX-OS Interfaces Command Reference

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference

Cisco Nexus 7000 Series NX-OS Quality of Service Command Reference

Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference

Cisco Nexus 7000 Series NX-OS Multicast Routing Command Reference

Cisco Nexus 7000 Series NX-OS MPLS Command Reference

Cisco Nexus 7000 Series NX-OS Security Command Reference

Cisco Nexus 7000 Series NX-OS OTV Command Reference

Cisco Nexus 7000 Series NX-OS Virtual Device Context Command Reference

Cisco Nexus 7000 Series NX-OS FabricPath Command Reference

Cisco Nexus 7000 Series NX-OS System Management Command Reference

Cisco Nexus 7000 Series NX-OS LISP Command Reference

Cisco NX-OS FCoE Command Reference

Other Software Document

Cisco Nexus 7000 Series NX-OS Troubleshooting Guide

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.2

© 2012 Cisco Systems, Inc. All rights reserved.