Cisco Application Policy Infrastructure Controller Release Notes, Release 4.2(7)

March 17, 2023

Release 4.2(7w) became available; there are no changes to this document for this release. See the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(7) for the changes in this release.

November 29, 2022

In the Known Issues section, added:

November 20, 2022

Release 4.2(7v) became available; there are no changes to this document for this release. See the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(7) for the changes in this release.

November 18, 2022

In the Open Issues section, added bug CSCwc66053.

August 1, 2022

In the Miscellaneous Compatibility Information section, added:

July 22, 2022

Release 4.2(7u) became available; there are no changes to this document for this release. See the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(7) for the changes in this release.

July 1, 2022

In the Open Issues section, added bug CSCwb93239.

June 30, 2022

In the section Miscellaneous Compatibility, added information about Cisco Nexus Dashboard Insights creating the cisco_SN_NI user.

April 8, 2022

Removed bug CSCvu04758 from the Open Issues and Resolved Issues sections because this bug was resolved in 4.2(6d).

April 6, 2022

Release 4.2(7t) became available. Added the resolved issues for this release.

March 21, 2022

In the Miscellaneous Compatibility Information section, added:

February 23, 2022

In the Miscellaneous Compatibility Information section, added:

February 14, 2022

Release 4.2(7s) became available. Added the resolved issues for this release.

December 18, 2021

Release 4.2(7r) became available. In the Resolved Issues section, added bug CSCwa47295.

November 15, 2021

In the Open Issues section, added bug CSCvy17504.

November 2, 2021

In the Miscellaneous Compatibility Information section, added:

October 7, 2021

Release 4.2(7q) became available. Added the open and resolved issues for this release.

July 30, 2021

Release 4.2(7l) became available. Added the resolved issues for this release. Added the same bugs as open in the 4.2(7f) release.

July 26, 2021

In the Miscellaneous Compatibility Information section, the CIMC 4.1(3c) release is now recommended for UCS C220/C240 M5 (APIC-L3/M3).

May 13, 2021

Removed bug CSCvt00629 from the open issues table. This bug was resolved in the 4.2(5k) release.

March 17, 2021

In the Resolved Issues section, added bugs CSCvx32437, CSCvw33277, CSCvu84392, CSCvu36682, and CSCvx59637.

March 16, 2021

Release 4.2(7f) became available.

N/A

There are no new features in this release.

CSCwi01316

In the following topology:

Tenant 1:

VRF 1 > EPG A, EPG B.  There is an any-to-any Intra VRF instance contract and EPG A and B are providers for an inter-VRF instance contract.

VRF 2 > L3Out or EPG. The VRF instance consumes the inter-VRF instance contract.

Traffic will unexpectedly get sent to the wrong rule when inter-VRF instance traffic is flowing.

4.2(7v) and later

CSCwa97230

The Cisco APIC is not able to register to the Smart Account in the CSSM and the F3058 "Fail to send out Call Home HTTP" message is generated. The Call Home logs in /var/log/dme/log/ch_dbg.log show the following failure reason:

*Wed Feb 16 10:15:20.083 UTC: CH-TRANS-ERROR: ch_pf_curl_send_msg[539], failed to perform, err code 60, err string "Peer certificate cannot be authenticated with given CA certificates"

4.2(7s)

CSCvy47145

A leaf switch experiences an SDKHAL crash when a summary route is added that is a host IP address in the subnet instead of the actual subnet boundary. Example: 10.10.10.1/24 summary address is entered instead of 10.10.10.0/24.

This summary route is added after a policy prefix for the actual subnet (10.10.10.0/24) is created.

The SDK hal crash will also result in other DME/process crashes for ipfib, epmc, aclqos, and eltmc.

A Cisco ACI leaf switch will install the subnet IP address as shown below, but it will not advertise this to the peer. A proper subnet is advertised to the peer router.

10.10.10.1/24, ubest/mbest: 1/0

    *via , null0, [220/0], 00:02:38, ospf-default, discard, tag 4294967295

4.2(7f) through 4.2(7s)

CSCvy49540

HTTPS API Calls to the switch are not working. The NGINX service does not listen to the HTTPS port because the nginx.conf file is not properly populated.

4.2(7f) through 4.2(7s)

CSCvx76043

A timeout is observed while using Drop/stats under Visibility & Troubleshooting in a scaled Cisco ACI fabric.

4.2(7f) through 4.2(7r)

CSCwa19126

The Fabric Topology view shows old connections as well as new ones, which can be misleading. This behavior is cosmetic in nature and should have no impact on data/control plane.

4.2(7f) through 4.2(7r)

CSCwa47295

This bug has been filed to evaluate the Cisco Network Insights Base Application - NIB (its Nexus Insights Cloud Connector App on 5.x version onwards) for Cisco APIC against the vulnerability in the Apache Log4j Java library disclosed on December 9th, 2021.

Cisco has reviewed this product and concluded that it contains a vulnerable version of Apache Log4j and is affected by the following vulnerability:

CVE-2021-44228 - Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

4.2(7f) through 4.2(7q)

CSCvd66359

The Port ID LLDP Neighbors panel displays the port ID when the interface does not have a description. Example:  Ethernet 1/5, but if the interface has description, the Port ID property shows the Interface description instead of the port ID.

4.2(7f) and later

CSCvf70362

This enhancement is to change the name of "Limit IP Learning To Subnet" under the bridge domains to be more self-explanatory.

Original:

    Limit IP Learning To Subnet: [check box]

Suggestion:

    Limit Local IP Learning To BD/EPG Subnet(s): [check box]

4.2(7f) and later

CSCvg35344

Requesting an enhancement to allow exporting a contract by right clicking the contract itself and choosing "Export Contract" from the right click context menu. The current implementation of needing to right click the Contract folder hierarchy to export a contract is not intuitive.

4.2(7f) and later

CSCvg81020

For strict security requirements, customers require custom certificates that have RSA key lengths of 3072 and 4096.

4.2(7f) and later

CSCvi20535

When a VRF table is configured to receive leaked external routes from multiple VRF tables, the Shared Route Control scope to specify the external routes to leak will be applied to all VRF tables. This results in an unintended external route leaking. This is an enhancement to ensure the Shared Route Control scope in each VRF table should be used to leak external routes only from the given VRF table.

4.2(7f) and later

CSCvj56726

The connectivity filter configuration of an access policy group is deprecated and should be removed from GUI.

4.2(7f) and later

CSCvk18014

The action named 'Launch SSH' is disabled when a user with read-only access logs into the Cisco APIC.

4.2(7f) and later

CSCvm42914

This is an enhancement request to add policy group information to the properties page of physical interfaces.

4.2(7f) and later

CSCvm56946

Support for local user (admin) maximum tries and login delay configuration.

4.2(7f) and later

CSCvn12839

Error "mac.add.ress not a valid MAC or IP address or VM name" is seen when searching the EP Tracker.

4.2(7f) and later

CSCvp26694

A leaf switch gets upgraded when a previously-configured maintenance policy is triggered.

4.2(7f) and later

CSCvp62048

New port groups in VMware vCenter may be delayed when pushed from the Cisco APIC.

4.2(7f) and later

CSCvq57942

In a RedHat OpenStack platform deployment running the Cisco ACI Unified Neutron ML2 Plugin and with the CompHosts running OVS in VLAN mode, when toggling the resolution immediacy on the EPG<->VMM domain association (fvRsDomAtt.resImedcy) from Pre-Provision to On-Demand, the encap VLANs (vlanCktEp mo's) are NOT programmed on the leaf switches.

This problem surfaces sporadically, meaning that it might take several resImedcy toggles between PreProv and OnDemand to reproduce the issue.

4.2(7f) and later

CSCvq63415

Disabling dataplane learning is only required to support a policy-based redirect (PBR) use case on pre-"EX" leaf switches.  There are few other reasons otherwise this feature should be disabled.  There currently is no confirmation/warning of the potential impact that can be caused by disabling dataplane learning.

4.2(7f) and later

CSCvr62453

When a Cisco ACI fabric upgrade is triggered and a scheduler is created and associated to the maintenance group, the scheduler will remain associated to the maintenance group. If the version is changed in the maintenance group, it will trigger the upgrade. This enhancement is to avoid unwanted fabric upgrades. Post-upgrade, the association of the scheduler should be removed from the maintenance group after the node upgrade reaches 100%.

4.2(7f) and later

CSCvr85945

There should be a description field in the subnet IP address tables.

4.2(7f) and later

CSCvs03055

While configuring a logical node profile in any L3Out, the static routes do not have a description.

4.2(7f) and later

CSCvs04899

When you run the 'show vpc map' command in the APIC CLI, it only prints the column headers, but none of the vPC information. If you go to the leaf switch CLI and run the 'show vpc extended' command, it will show the vPCs there.

4.2(7f) and later

CSCvs11202

After exiting Maintenance (GIR) mode, the switch reloads automatically after 5 minutes without warning.This enhancement will provide messaging in the GUI to indicate that the reload is expected.

4.2(7f) and later

CSCvs53247

OpenStack supports more named IP protocols for service graph rules than are supported in the Cisco APIC OpenStack Plug-in.

4.2(7f) and later

CSCvs56642

This is an enhancement request for schedule-based Tech Support for leaf and spine switches.

4.2(7f) and later

CSCvs81944

The following example shows UNIX time in the subject header:

Subject: Configuration import/export job 2020-01-27T09-00-16 finished with status: success Created: 1580144423366

ContentType: plain/text

4.2(7f) and later

CSCvt18530

The paths list in UCSM Integration Tab->Policy is empty.  There are no paths and therefore no VLANs listed. The Leaf-Enforced mode on UCSM Integration filters out all VLANs, resulting in traffic loss.

4.2(7f) and later

CSCvt30716

UCSM Integration shows an old topology when the connection between the fabric interconnect and leaf switch pair is removed, because LooseNode information is not updated when LLDP connections go away. This persists even after you delete the integration and add the UCSM as a new integration.

4.2(7f) and later

CSCvt31539

The UCSM app fails to configure a native VLAN on the UCSM if you configure an EPG with the native VLAN set. The app sets the VLAN as a normal trunk-tagged VLAN on the UCSM. This causes the blackholing of traffic.

4.2(7f) and later

CSCvt64925

Changes to a Cisco APIC configuration are no longer pushed to the Cisco APIC.

4.2(7f) and later

CSCvt67097

In the Cisco APIC GUI, external EPGs under L2Out and L3Out in tenants are called "External Network Instance Profile". This is the official name for object (l2extInstP and l3extInstP). However, these are typically referred to as external EPGs. This is an enhancement to update the GUI label from "External Network Instance Profile" to "External EPG".

4.2(7f) and later

CSCvt92961

A TEP endpoint can expire on the leaf switch if the host does not respond on a unicast ARP refresh packet initiated by the leaf switch.

4.2(7f) and later

CSCvv11517

The DHCP server response is dropped at the external router.

4.2(7f) and later

CSCvv11546

DHCP response is dropped at the border leaf switch.

4.2(7f) and later

CSCvv14373

The DHCP response does not reach the client.

4.2(7f) and later

CSCvw54371

The application EPG or the corresponding bridge domain's public subnet in VRF1 may be advertised out of an OSPF-enabled L3Out in VRF2 even though the L3Out does not participate in the shared service.

4.2(7f) and later

CSCvw69692

If a service graph gets attached to the inter-VRF contract after it was already attached to the intra-VRF contract, the pctag for the shadow EPG gets reprogrammed with a global value. The zoning-rule entries that matched the previous pctag as the source and EPG1 and EPG2 as the destination do not get reprogrammed and they remain in a stale status in the table.

Traffic between EPG1 and EPG2 gets broken as the packets flowing from the PBR get classified with the new global pctag.

4.2(7f) and later

CSCvx10921

A standby APIC disappears from the GUI after cluster convergence.

4.2(7f) and later

CSCvx13070

An endpoint will be stuck in the WAIT ACK state if it does a vMotion between different Cisco ACI Virtual Edge VMM domains while the Cisco APIC to VMware vCenter connectivity is down.

4.2(7f) and later

CSCvx44425

The fvSubnet under an EPG keeps get advertised to a GOLF router when unicast routing is disabled on the bridge domain.

4.2(7f) and later

CSCvx59006

The External EPG tab displays the following tabs: General, Contracts, Inherited, and Contracts. The External EPG tab should display the following tabs: General, Contracts, Subject Labels, and EPG Labels.

4.2(7f) and later

CSCvx64383

Cleanup of backend data will not happen for an old bridge domain with a subnet and old CTX combination. Fault F0469 is raised when a new bridge domain is added into an old CTX with the same subnet.

4.2(7f) and later

CSCvy17504

When the OpFlexAgent moved from one vPC pair leaf switches to a new vPC pair, it may take up to 20 minutes for the OpFlexAgent detected the movement, and reconnect the OpFlex channel.  Ideally, this should be completed within a few seconds.

4.2(7f) and later

CSCwa58709

The GIPo address is only visible on APIC 1 when using the command "cat /data/data_admin/sam_exported.config". The command output from the other APICs outputs do not show the GIPo address.

4.2(7f) and later

CSCwb93239

The GUI displays the following error:

      Failed, Local Upload Failure Msg (Request failed with status code 413).

4.2(7f) and later

CSCwc66053

Preconfiguration validations for L3Outs that occur whenever a new configuration is pushed to the Cisco APIC might not get triggered.

4.2(7f) and later

CSCwh98712

When running "show running-config" from API CLI, the command takes several minutes to complete. Several thousand API requests are seen in access.log querying ptpRsProfile on every static path.

4.2(7f) and later

CSCvx79477

Contracts are not pushed to a leaf switch, which causes traffic to be dropped. This will also cause bridge domains that would have been deployed because of the contracts to fail to program. This can occur after a node is added to the fabric, upgraded, or clean reloaded.

4.2(7f) and 4.2(7l)

CSCvy55588

"Show Usage" in the GUI for a TACACS policy in the fabric monitoring common policy do not work in release 4.2(5k) and later.

4.2(7f) and 4.2(7l)

CSCvv18827

The data in the Cisco APIC database may get deleted during an upgrade from a 3.0 or 3.1 release to a 4.0 or 4.1 release if the target release is rolled back to current running release within 2 minutes after the upgrade was started. The upgrade will continue anyway, but the Cisco APIC will lose all data in the database and a user with admin credentials cannot log in. Only the rescue-user/admin can log in.  All shards for a process show as unexpected, and the database files are removed. The last working pre-upgrade database files are copied to the purgatory directory.

4.2(7f)

CSCvw33061

Traffic loss is observed from multiple endpoints deployed on two different vPC leaf switches.

4.2(7f)

CSCvx28313

On a recurring basis, after several days, ssh/GUI access is lost to some Cisco APICs using either a local account or remote user. For example, the same user can log in to APIC3, but not APIC1 nor APIC2. Restarting nginx eliminates the issue for several days, but the issue then occurs again. The Cisco APIC cluster is fully fit and no cores are seen.

4.2(7f)

CSCvx43110

In a scaled configuration, the "show running-config" command errors out.

4.2(7f)

CSCvx54410

An endpoint move from a microsegmentation EPG to a base EPG causes the endpoint to disconnect for tag-based microsegmentation.

4.2(7f)

CSCvx59910

Running "Visibility & Troubleshooting Reporting" gives a report of "Status - Pending" after trying for the second time. The first attempt works fine, but the second attempt gets stuck in the pending state. This issue is observed on all Cisco APICs, on all the browsers, and with different PCs.

4.2(7f)

CSCvx70452

The Cisco ACI Hyper-V Agent crashes or restarts with the following exception:

System.OutOfMemoryException

4.2(7f)

CSCvx73311

The "df -h" and "ls -al /tmp/" commands hang. High CPU utilization seen from glusterd. The "cat /sys/fs/cgroup/pids/system.slice/system-gluster.slice/glusterd.service/pids.current" command shows a number approaching 100.

4.2(7f)

CSCvx74210

One Cisco APIC experiences high Java CPU utilization, reaching over 400%.

4.2(7f)

CSCvx79517

Cisco APIC services such as dbgr, bootmgr, or policymgr may continue to crash after upgrading to an impacted version. For a three-node cluster, if all nodes' services continue to crash multiple times at the same time, this could cause a loss of data in that service's database.

4.2(7f)

CSCvx79980

In a setup with 3 hosts from the same domain that have some number of virtual machines under them and the reserve host and other parameters are selected, after starting the "Migrate to ACI Virtual Edge" process, all hosts start to move at the same time, causing a resource crunch. This issue occurs only once in a while. In a normal scenario, the hosts migrate one by one.

While starting the vMotion, the process checks for the Reserve host compatibility can be seen, but there is no reply back on this query. As a result, the process starts migrating the virtual machines in a batch of 10 and keeps adding virtual machines to the batch from all three hosts.

4.2(7f)

CSCvx89934

The tag information from the VMware vCenter does not get pulled, even when the enableTag property is set to true.

4.2(7f)

CSCvx90048

The load time of the operational tab of an interface under a node is significantly longer the first time it is viewed. After this initial load, going to other interfaces under that same switch is comparatively faster.

4.2(7f)

CSCvy15098

A mini Cisco ACI cluster does not converge after power cycling the entire setup.

4.2(7f)

CSCvy20694

The Cisco APIC cluster diverges when there are 2 Cisco APICs with same ID in the setup.

4.2(7f)

CSCvy21796

The boot manager process (bootmgr) crashes, which causes clustering issues.

4.2(7f)

CSCvy30453

For a Cisco ACI fabric that is configured with fabricId=1, if APIC3 is replaced from scratch with an incorrect fabricId of "2," APIC3's DHCPd will set the nodeRole property to "0" (unsupported) for all dhcpClient managed objects. This will be propagated to the appliance director process for all of the Cisco APICs. The process then stops sending the AV/FNV update for any unknown switch types (switches that are not spine nor leaf switches). In this scenario, commissioning/decommissioning of the Cisco APICs will not be propagated to the switches, which causes new Cisco APICs to be blocked out of the fabric.

Another symptom is that the "acidag fnvread" command's output has a value of "unknown" in the role column.

4.2(7f)

CSCvy30683

The "show" and "fabric" commands on the Cisco APIC CLI become unresponsive.

4.2(7f)

CSCvy31814

The shard leader state does not change when the policymgr service stops. The shard state does not go down and instead stays up. Other symptoms include that the cluster is "FULLY-FIT," the output of acidiag rvreadle shows "no optimal leader for shards," the output of acidiag rvread shows that the cluster is clean/fit, and there are no cores for the policymgr process.

4.2(7f)

CSCvy44940

APIC symptoms: After a Cisco APIC has finished upgrading and has reloaded, the ifc_reader crashes about 6 times in 7 minutes. Afterward, the ifc_reader service stops, which causes Cisco APIC communication issues. ifc_reader DME issues are not reflected in the AV health values, rvread, nor the Cisco APIC GUI. acidiag avread, rvread, and the Cisco APIC GUI report a fully fit cluster. Cisco APIC GUI alarms raise a "split fabric" alert, and crashes in the NGINX process may be observed.

Switch Symptoms: After the Cisco APICs have been upgraded, all switches start seeing NGINX DME crashes every few minutes. The rate of crashes increases with the rate of uribv4Nexthop.type API queries that result in switch queries. After the NGINX process has received 250 instances of the offending query, the switch will cut off the interfaces, as it has reached a failed state.  This will lead to a loss of network connectivity on the affected devices.

4.2(7f)

CSCvy67637

The stats page shows nothing when opened from Fabric -> Inventory -> POD-{id} -> Node-{id} - > Interfaces -> Physical Interfaces.

4.2(7f)

CSCvy86541

Under the Upgrade Group Policy, the switches are added as a range. If the switches are added manually, everything works as expected.

4.2(7f)

CSCvy47145

A leaf switch experiences an SDKHAL crash when a summary route is added that is a host IP address in the subnet instead of the actual subnet boundary. Example: 10.10.10.1/24 summary address is entered instead of 10.10.10.0/24.

This summary route is added after a policy prefix for the actual subnet (10.10.10.0/24) is created.

The SDK hal crash will also result in other DME/process crashes for ipfib, epmc, aclqos, and eltmc.

A Cisco ACI leaf switch will install the subnet IP address as shown below, but it will not advertise this to the peer. A proper subnet is advertised to the peer router.

10.10.10.1/24, ubest/mbest: 1/0

    *via , null0, [220/0], 00:02:38, ospf-default, discard, tag 4294967295

4.2(7t)

CSCvy49540

HTTPS API Calls to the switch are not working. The NGINX service does not listen to the HTTPS port because the nginx.conf file is not properly populated.

4.2(7t)

CSCwa97230

The Cisco APIC is not able to register to the Smart Account in the CSSM and the F3058 "Fail to send out Call Home HTTP" message is generated. The Call Home logs in /var/log/dme/log/ch_dbg.log show the following failure reason:

*Wed Feb 16 10:15:20.083 UTC: CH-TRANS-ERROR: ch_pf_curl_send_msg[539], failed to perform, err code 60, err string "Peer certificate cannot be authenticated with given CA certificates"

4.2(7t)

CSCvx76043

A timeout is observed while using Drop/stats under Visibility & Troubleshooting in a scaled Cisco ACI fabric.

4.2(7s)

CSCwa19126

The Fabric Topology view shows old connections as well as new ones, which can be misleading. This behavior is cosmetic in nature and should have no impact on data/control plane.

4.2(7s)

CSCwa47295

This bug has been filed to evaluate the Cisco Network Insights Base Application - NIB (its Nexus Insights Cloud Connector App on 5.x version onwards) for Cisco APIC against the vulnerability in the Apache Log4j Java library disclosed on December 9th, 2021.

Cisco has reviewed this product and concluded that it contains a vulnerable version of Apache Log4j and is affected by the following vulnerability:

CVE-2021-44228 - Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

4.2(7r)

CSCvx79477

Contracts are not pushed to a leaf switch, which causes traffic to be dropped. This will also cause bridge domains that would have been deployed because of the contracts to fail to program. This can occur after a node is added to the fabric, upgraded, or clean reloaded.

4.2(7q)

CSCvy55588

"Show Usage" in the GUI for a TACACS policy in the fabric monitoring common policy do not work in release 4.2(5k) and later.

4.2(7q)

CSCvz31155

The show usage screen in the Cisco APIC GUI has empty output.

4.2(7q)

CSCvv18827

The data in the Cisco APIC database may get deleted during an upgrade from a 3.0 or 3.1 release to a 4.0 or 4.1 release if the target release is rolled back to current running release within 2 minutes after the upgrade was started. The upgrade will continue anyway, but the Cisco APIC will lose all data in the database and a user with admin credentials cannot log in. Only the rescue-user/admin can log in.  All shards for a process show as unexpected, and the database files are removed. The last working pre-upgrade database files are copied to the purgatory directory.

4.2(7l)

CSCvw33061

Traffic loss is observed from multiple endpoints deployed on two different vPC leaf switches.

4.2(7l)

CSCvx28313

On a recurring basis, after several days, ssh/GUI access is lost to some Cisco APICs using either a local account or remote user. For example, the same user can log in to APIC3, but not APIC1 nor APIC2. Restarting nginx eliminates the issue for several days, but the issue then occurs again. The Cisco APIC cluster is fully fit and no cores are seen.

4.2(7l)

CSCvx43110

In a scaled configuration, the "show running-config" command errors out.

4.2(7l)

CSCvx54410

An endpoint move from a microsegmentation EPG to a base EPG causes the endpoint to disconnect for tag-based microsegmentation.

4.2(7l)

CSCvx59910

Running "Visibility & Troubleshooting Reporting" gives a report of "Status - Pending" after trying for the second time. The first attempt works fine, but the second attempt gets stuck in the pending state. This issue is observed on all Cisco APICs, on all the browsers, and with different PCs.

4.2(7l)

CSCvx70452

The Cisco ACI Hyper-V Agent crashes or restarts with the following exception:

System.OutOfMemoryException

4.2(7l)

CSCvx73311

The "df -h" and "ls -al /tmp/" commands hang. High CPU utilization seen from glusterd. The "cat /sys/fs/cgroup/pids/system.slice/system-gluster.slice/glusterd.service/pids.current" command shows a number approaching 100.

4.2(7l)

CSCvx74210

One Cisco APIC experiences high Java CPU utilization, reaching over 400%.

4.2(7l)

CSCvx79517

Cisco APIC services such as dbgr, bootmgr, or policymgr may continue to crash after upgrading to an impacted version. For a three-node cluster, if all nodes' services continue to crash multiple times at the same time, this could cause a loss of data in that service's database.

4.2(7l)

CSCvx79980

In a setup with 3 hosts from the same domain that have some number of virtual machines under them and the reserve host and other parameters are selected, after starting the "Migrate to ACI Virtual Edge" process, all hosts start to move at the same time, causing a resource crunch. This issue occurs only once in a while. In a normal scenario, the hosts migrate one by one.

While starting the vMotion, the process checks for the Reserve host compatibility can be seen, but there is no reply back on this query. As a result, the process starts migrating the virtual machines in a batch of 10 and keeps adding virtual machines to the batch from all three hosts.

4.2(7l)

CSCvx89934

The tag information from the VMware vCenter does not get pulled, even when the enableTag property is set to true.

4.2(7l)

CSCvx90048

The load time of the operational tab of an interface under a node is significantly longer the first time it is viewed. After this initial load, going to other interfaces under that same switch is comparatively faster.

4.2(7l)

CSCvy15098

A mini Cisco ACI cluster does not converge after power cycling the entire setup.

4.2(7l)

CSCvy20694

The Cisco APIC cluster diverges when there are 2 Cisco APICs with same ID in the setup.

4.2(7l)

CSCvy21796

The boot manager process (bootmgr) crashes, which causes clustering issues.

4.2(7l)

CSCvy30453

For a Cisco ACI fabric that is configured with fabricId=1, if APIC3 is replaced from scratch with an incorrect fabricId of "2," APIC3's DHCPd will set the nodeRole property to "0" (unsupported) for all dhcpClient managed objects. This will be propagated to the appliance director process for all of the Cisco APICs. The process then stops sending the AV/FNV update for any unknown switch types (switches that are not spine nor leaf switches). In this scenario, commissioning/decommissioning of the Cisco APICs will not be propagated to the switches, which causes new Cisco APICs to be blocked out of the fabric.

Another symptom is that the "acidag fnvread" command's output has a value of "unknown" in the role column.

4.2(7l)

CSCvy30683

The "show" and "fabric" commands on the Cisco APIC CLI become unresponsive.

4.2(7l)

CSCvy31814

The shard leader state does not change when the policymgr service stops. The shard state does not go down and instead stays up. Other symptoms include that the cluster is "FULLY-FIT," the output of acidiag rvreadle shows "no optimal leader for shards," the output of acidiag rvread shows that the cluster is clean/fit, and there are no cores for the policymgr process.

4.2(7l)

CSCvy44940

APIC symptoms: After a Cisco APIC has finished upgrading and has reloaded, the ifc_reader crashes about 6 times in 7 minutes. Afterward, the ifc_reader service stops, which causes Cisco APIC communication issues. ifc_reader DME issues are not reflected in the AV health values, rvread, nor the Cisco APIC GUI. acidiag avread, rvread, and the Cisco APIC GUI report a fully fit cluster. Cisco APIC GUI alarms raise a "split fabric" alert, and crashes in the NGINX process may be observed.

Switch Symptoms: After the Cisco APICs have been upgraded, all switches start seeing NGINX DME crashes every few minutes. The rate of crashes increases with the rate of uribv4Nexthop.type API queries that result in switch queries. After the NGINX process has received 250 instances of the offending query, the switch will cut off the interfaces, as it has reached a failed state.  This will lead to a loss of network connectivity on the affected devices.

4.2(7l)

CSCvy67637

The stats page shows nothing when opened from Fabric -> Inventory -> POD-{id} -> Node-{id} - > Interfaces -> Physical Interfaces.

4.2(7l)

CSCvy86541

Under the Upgrade Group Policy, the switches are added as a range. If the switches are added manually, everything works as expected.

4.2(7l)

CSCvq39922

Specific operating system and browser version combinations cannot be used to log in to the Cisco APIC GUI.

The websocket connection fails (gets response 500), which causes the subsequent subscription request to fail (response 405). This failing subscription request logs the following:

"Subscription request failed, unable to locate opened web socket. Please re-login to the application"

4.2(7f)

CSCvs47892

Any time an Intersite L3Out is deployed to a border leaf switch, remote IP address learning of endpoints should automatically get disabled. Remote IP address learning gets reenabled after a border leaf switch is clean reloaded.

4.2(7f)

CSCvt15235

When the SSD file system (used by the Cisco APIC database) becomes read-only, the upgrade utility should catch such issues and abort the upgrade. This would allow the user to see the upgrade failure and triage the issue.  Currently, the upgrade utility continues the data conversion and eventually reboots, which causes all configurations to be lost.

4.2(7f)

CSCvu36682

After upgrading to release 4.2(3q), the Event Manger generates a core and crashes continuously, leading to a diverged cluster.

4.2(7f)

CSCvu68611

An in-band mgmt provider contract that is consumed in a user tenant as vzAny generates fault code F1259. actrl-mgmt-rule-sw-prog-failed shows prog-failed.

4.2(7f)

CSCvu84284

When a Cisco UCS M5 (M3 APIC) with an Intel copper-based NIC is downgraded to any release prior to 4.2(5), the Cisco APIC will not join the fabric because this Intel copper-based NIC is not supported in older releases.

4.2(7f)

CSCvu84392

The policy-mgr crashes on multiple Cisco APICs during an upgrade.

4.2(7f)

CSCvv15515

When running the "show run" CLI command, the output is incomplete and fails with the error 'Error: __init__() takes at least 3 arguments (1 given)'.

4.2(7f)

CSCvv31884

Multiple NTP providers trying to use a single NTP auth key will not work because all NTP providers are not associated to the auth key. Only one NTP provider is associated to a single NTP auth key. The other providers will not have any auth key associated to them.

4.2(7f)

CSCvv33524

Cisco APIC is not able to present the transceiver part number correctly in the GUI, and any REST query that requires the l1PhysIf parameter will return an invalid json file.

The transceiver part ID is 'WT-SFP+\10G-T'.

4.2(7f)

CSCvv52437

The controllers show an Ownership value of "Not Associated" on some of the Cisco APICs, but there is at least one Cisco APIC that can display the information properly.

4.2(7f)

CSCvv57220

Endpoints learned on an EPG with VMM domain association and VMM integration fail to come up with the VMM learning flag.

4.2(7f)

CSCvv78465

Syslog messages are not sent to a remote syslog server.

4.2(7f)

CSCvv92150

Upgrading a switch from release 14.2(3l) to 15.0(1l) causes the health of a leaf switch to drop to 86. Reloading the leaf switch brings the health score back to 100.

4.2(7f)

CSCvw24827

Cisco APIC should not allow a router ID with an invalid IPv4 address, such as 0.x.x.x, for a BGP L3Out. The expected behavior is to refuse the invalid IPv4 address and request a new one.

4.2(7f)

CSCvw29503

This is an enhancement so that the GUI will display a pop-up when trying to configure flood in encapsulation on the EPG or bridge domain where micrsegmentation is configured. Such a configuration does not work. However, currently there is no validation or pop-up to let users know. This enhancement blocks this configuration.

4.2(7f)

CSCvw30526

'show run' fails with the following error:

Error while processing mode: configure

Error: Invalid Path: topology/pod-1/paths-101/pathep-[eth1/1 - 2] 

4.2(7f)

CSCvw30805

The VLANs for EPGs attached to a VMM domain are not deployed on leaf switches for immediate resolution immediacy. This is due to adjacency not being formed properly when loose nodes (such as fabric interconnects) are present between leaf switches and VMM hosts.

4.2(7f)

CSCvw33277

The fault F3227 "ACI failed processing an already accepted configuration change" continuously gets raised.

4.2(7f)

CSCvw42110

Only the relative position of the graphs are saved. This causes confusion because the chart rearranges upon each visit.

4.2(7f)

CSCvw47981

Even after fixing OSPF connectivity to IPN and Cisco ACI reporting the OSPF neighbor relationship to be up, a notification alert still shows that OSPF peering is down.

4.2(7f)

CSCvw48647

OpFlex connectivity flaps on the ESXi host and does not remain stable.

4.2(7f)

CSCvw55407

Intermittently, standby Cisco APIC AVs go out of sync on random active (regular) Cisco APICs. The "cntrlSbst" filed in the AV changes between ACTIVE, ERASED, and DO_SOMETHING on random active Cisco APICs.

The issue is caused by the standby Cisco APIC's appliance director service heartbeat thread sending heartbeats and is received by the active Cisco APICs in-between 2 given points in time when the serial number in the AVs is being verified (function calls).

4.2(7f)

CSCvw55526

The system allows users to squelch TCA faults.

For a TCA fault, the object property "cause" has a value of "threshold-crossed" and the fault description starts with "TCA:".

4.2(7f)

CSCvw60158

After applying an ESXi patch, Cisco ACI Virtual Edge is unable to download SOD. This is caused by the UUID, which was changed on the Cisco ACI Virtual Edge virtual machine after the ESXi patch.

The managed object on Cisco APIC still points to the old UUID, and so the SOD sent to Cisco ACI Virtual Edge still points to the old UUID. This causes Cisco ACI Virtual Edge to reject it without any error.

4.2(7f)

CSCvw62384

After upgrading the switch nodes, the policy manager crashes on all Cisco APICs in a cluster and all replicas are down for the policy manager data management engine.

4.2(7f)

CSCvw63421

The policymgr crashes because of a null pointer.

4.2(7f)

CSCvw74951

Traffic is misclassified due to a stale prefix entry, or the prefix-entry-in-use fault raised even when there is no conflicting subnet present.

4.2(7f)

CSCvw77112

The vmmmgr process deleted all port groups under a LNode/VDS when the API call to get port group information from the vmmmgr process to VMware vCenter failed.

This issue occurs with a Cisco ACI Virtual Edge domain. The deletion of port group information leads to an outage of all endpoints behind the Cisco ACI Virtual Edge instances under the Cisco ACI Virtual Edge domain.

4.2(7f)

CSCvw77568

There is high disk space utilization due to zk data and log files not being cleaned up. This can cause other problems, such as the inability to upgrade/downgrade.

4.2(7f)

CSCvw77769

The object l3ext.RtdOutDef doesn't have any monitoring policy attached. As a result, there is no option to change the threshold values of the faults that occur due to these drops being associated with this object.

4.2(7f)

CSCvw85218

Network scanning shows that the "diffie-hellman-group14-sha1" key exchange (KEX) is enabled. This key exchange algorithm is for using SSH to connect to a Cisco APIC node. However, it might not be desired to have this KEX enabled.

You can use the following command to demonstrate it:

ssh admin@apic.host.com -o KexAlgorithms=diffie-hellman-group14-sha1

4.2(7f)

CSCvw85269

Cisco APIC's IPv6 out-of-band (OOB) management fails to communicate when using a Layer 2 network without an IPv6 gateway.

The symptoms are as follows:

- Pingv6/SSHv6 from the Cisco APIC OOB to another Cisco APIC OOB always fails.

- Pingv6/SSHv6 from the Cisco APIC OOB to own CIMC address always succeeds.

- Pingv6/SSHv6 from the Cisco APIC OOB to another Cisco APIC's CIMC address always succeeds.

- Pingv6/SSHv6 from a non-Cisco APIC device in same segment of OOB network to Cisco APIC OOB sometimes succeeds, but sometimes fails.

- Pingv6/SSHv6 from the Cisco APIC OOB to a non-Cisco APIC device in same segment of OOB network always succeeds.

- IPv6 neighbor discovery always succeeds regardless of Pingv6/SSHv6 results.

- Removing and reapplying the OOB contract does not fix this issue.

- IPv6 OOB does not have any communication problems when using release 3.2(5e) and 3.2(9b).

- IPv4 OOB does not have any communication problems.

- The same IPv6 OOB issue also occurs in other Cisco ACI fabrics.

- The Cisco APIC configuration, OOB contract, ifconfig, IPv6 neighbor table, and iptables for IPv6 OOB look fine.

4.2(7f)

CSCvw85608

When navigating to the Infra Peer Connectivity Profile under an L3Out or after creating the Infra Peer Connectivity Profile, the submit button stays disabled after editing any field on that page.

4.2(7f)

CSCvw88636

This is an enhancement request to allow interface-level BGP peer profiles with the same peer IP address to be created for multiple interfaces under the same node profile, as long as each interface belongs to different leaf switches.

Note that it is expected to block BGP peer profiles with the same peer IP address on multiple interfaces on the same leaf switch.

4.2(7f)

CSCvw91984

Cisco ACI cannot be integrated with the Cisco APIC 4.2(4) nor 5.0(2h) releases with vManage 20.3.1, 20.3.2 and later releases.

Error:

Issues:Error registering APIC as partner

Status:online

4.2(7f)

CSCvw98976

When trying to add a new image to the repository, no error is seen and the image is never moved.

4.2(7f)

CSCvw99158

Remote leaf nodes are stuck in the inactive state after a reload.

4.2(7f)

CSCvx03607

The Cisco APIC locator LED doesn't work as expected in the Cisco APIC GUI. Even if the locator LED is enabled, it blinks a few seconds and then turns off. It works in the CIMC GUI and the physical button.

4.2(7f)

CSCvx05466

The Cisco APIC GUI topology view shows 3 of the same ports of a leaf switch, which is connected to a standby Cisco APIC. The actual connected port is only 1 interface.

4.2(7f)

CSCvx10307

On a Cisco APIC cluster, the cluster may be in a "Data Layer Partially Diverged" state after restarting a Cisco APIC. When running "ps" in the Cisco APIC CLI, you will notice the "svc_ifc_observer.bin" is not running. There will also be multiple core files generated on the Cisco APIC for the observer process.

4.2(7f)

CSCvx12522

When adding or deleting a static route to an L3Out, it may trigger an update to the contracts to which its VRF is related, even if the contract is not modified.

4.2(7f)

CSCvx14621

Sometimes IPG doesn't load and gives the following error: "The server is temporarily busy due to a higher than usual request volume. Please try again later".

4.2(7f)

CSCvx16196

The XML information of any VMM domain object cannot be retrieved using Save As option in the GUI, which is available by right-clicking over any object of the VMM domain and the VMM domain itself. The downloaded file will show no information. However, when the Download button on the Work pane is used to get XML information of any obeject from VMM domain, then this works and the downloaded files will contain much more information.

4.2(7f)

CSCvx17882

Standby Cisco APICs with the rejected state show up in the option to replace a controller that appears after right-clicking on a controller.

4.2(7f)

CSCvx18898

Cisco APIC calls return the following error message in addition to the desired output:

Error executing transaction. Potential reasons include unfit clusters, database read errors, or other internal errors. Please make sure cluster is in fully-fit state resolve all errors and try again.

4.2(7f)

CSCvx25245

When editing a physical domain that is already associated with an EPG, the title of the dialog that opens is incorrect. The title states "VMM domain" instead of "physical domain."

4.2(7f)

CSCvx28453

The managed object eqpt.Storage is reporting incorrect statistics for the "available" and "used" properties. Due to this, the available space reported in the GUI is also incorrect.

4.2(7f)

CSCvx28960

An external bridge domain or a Layer 3 domain is deleted by deleting a physical domain when these objects have the same name. This can cause an impact to policies that are deployed with the same Layer 3 domain or external bridge domain.

4.2(7f)

CSCvx31968

When pushing the new VMware VMM domain to VMware vCenter 7, the task "Reconfigure Distributed Port Group" for the DV-uplink-group completes with a status of "Link Aggregation Control Protocol group configured on <VMM_domain_name> conflicts with the Link Aggregation Control Protocol API version multipleLag."

No fault is raised on the Cisco APIC.

4.2(7f)

CSCvx32437

When a power supply is disconnected for one PSU, it typically takes 5 minutes, but up to 20 minutes, to reflect the correct status in the Cisco APIC. A similar delay is observed when the power supply is connected again.

4.2(7f)

CSCvx59637

Fault F0058 is raised when attempting to add the Tetration agent .rpm file firmware image in the Cisco APIC firmware.

4.2(7f)

N/A

If you are upgrading to Cisco APIC release 4.2(6o), 4.2(7l), or later, ensure that any VLAN encapsulation blocks that you are explicitly using for leaf switch front panel VLAN programming are set as "external (on the wire)." If these VLAN encapsulation blocks are instead set to "internal," the upgrade causes the front panel port VLAN to be removed, which can result in a datapath outage.

4.2(7l) and later

CSCvj26666

The "show run leaf|spine <nodeId>" command might produce an error for scaled up configurations.

4.2(7f) and later

CSCvj90385

With a uniform distribution of EPs and traffic flows, a fabric module in slot 25 sometimes reports far less than 50% of the traffic compared to the traffic on fabric modules in non-FM25 slots.

4.2(7f) and later

CSCvq39764

When you click Restart for the Microsoft System Center Virtual Machine Manager (SCVMM) agent on a scaled-out setup, the service may stop. You can restart the agent by clicking Start.

4.2(7f) and later

CSCvq58953

One of the following symptoms occurs:

·         App installation/enable/disable takes a long time and does not complete.

·         Nomad leadership is lost. The output of the acidiag scheduler logs members command contains the following error:

Error querying node status: Unexpected response code: 500 (rpc error: No cluster leader)

4.2(7f) and later

CSCvr89603

The CRC and stomped CRC error values do not match when seen from the APIC CLI compared to the APIC GUI. This is expected behavior. The GUI values are from the history data, whereas the CLI values are from the current data.

4.2(7f) and later

CSCvs19322

Upgrading Cisco APIC from a 3.x release to a 4.x release causes Smart Licensing to lose its registration. Registering Smart Licensing again will clear the fault.

4.2(7f) and later

CSCvs77929

In the 4.x and later releases, if a firmware policy is created with different name than the maintenance policy, the firmware policy will be deleted and a new firmware policy gets created with the same name, which causes the upgrade process to fail.

4.2(7f) and later

N/A

Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. Because of the validation, when TCP is configured as the IP SLA type, Cisco APIC no longer accepts an IP SLA port value of 0, which was allowed in previous releases. An IP SLA monitor policy from a previous release that has an IP SLA port value of 0 becomes invalid if the Cisco APIC is upgraded to release 4.1(1) or later. This results in a failure for the configuration import or snapshot rollback.

The workaround is to configure a non-zero IP SLA port value before upgrading the Cisco APIC, and use the snapshot and configuration export that was taken after the IP SLA port change.

4.2(7f) and later

N/A

If you use the REST API to upgrade an app, you must create a new firmware.OSource to be able to download a new app image.

4.2(7f) and later

N/A

In a multipod configuration, before you make any changes to a spine switch, ensure that there is at least one operationally "up" external link that is participating in the multipod topology. Failure to do so could bring down the multipod connectivity. For more information about multipod, see the Cisco Application Centric Infrastructure Fundamentals document and the Cisco APIC Getting Started Guide.

4.2(7f) and later

N/A

With a non-english SCVMM 2012 R2 or SCVMM 2016 setup and where the virtual machine names are specified in non-english characters, if the host is removed and re-added to the host group, the GUID for all the virtual machines under that host changes. Therefore, if a user has created a micro segmentation endpoint group using "VM name" attribute specifying the GUID of respective virtual machine, then that micro segmentation endpoint group will not work if the host (hosting the virtual machines) is removed and re-added to the host group, as the GUID for all the virtual machines would have changed. This does not happen if the virtual name has name specified in all english characters.

4.2(7f) and later

N/A

A query of a configurable policy that does not have a subscription goes to the policy distributor. However, a query of a configurable policy that has a subscription goes to the policy manager. As a result, if the policy propagation from the policy distributor to the policy manager takes a prolonged amount of time, then in such cases the query with the subscription might not return the policy simply because it has not reached policy manager yet.

4.2(7f) and later

N/A

When there are silent hosts across sites, ARP glean messages might not be forwarded to remote sites if a leaf switch without -EX or a later designation in the product ID happens to be in the transit path and the VRF is deployed on that leaf switch, the switch does not forward the ARP glean packet back into the fabric to reach the remote site. This issue is specific to transit leaf switches without -EX or a later designation in the product ID and does not affect leaf switches that have -EX or a later designation in the product ID. This issue breaks the capability of discovering silent hosts.

4.2(7f) and later

Microsoft Hyper-V

N/A

VMM Integration and VMware Distributed Virtual Switch (DVS)

6.5, 6.7, and 7.0

Cisco ACI Virtualization Guide, Release 4.2(x)

APIC-L1

Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports)

APIC-L2

Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports)

APIC-L3

Cisco APIC with large CPU, hard drive, and memory configurations (more than 1200 edge ports)

APIC-M1

Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports)

APIC-M2

Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports)

APIC-M3

Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1200 edge ports)

Cisco UCS M4-based Cisco APIC

The Cisco UCS M4-based Cisco APIC and previous versions support only the 10G interface. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration.

Cisco UCS M5-based Cisco APIC

The Cisco UCS M5-based Cisco APIC supports dual speed 10G and 25G interfaces. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration.

N2348UPQ

To connect the N2348UPQ to Cisco ACI leaf switches, the following options are available:

·         Directly connect the 40G FEX ports on the N2348UPQ to the 40G switch ports on the Cisco ACI leaf switches

·         Break out the 40G FEX ports on the N2348UPQ to 4x10G ports and connect to the 10G ports on all other Cisco ACI leaf switches.

Note: A fabric uplink port cannot be used as a FEX fabric port.

N9K-C9348GC-FXP

This switch does not read SPROM information if the PSU is in a shut state. You might see an empty string in the Cisco APIC output.

N9K-C9364C-FX

Ports 49-64 do not supporFut 1G SFPs with QSA.

N9K-C9508-FM-E

The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch.

N9K-C9508-FM-E2

The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch.

The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS switch CLI.

N9K-C9508-FM-E2

This fabric module must be physically removed before downgrading to releases earlier than Cisco APIC 3.0(1).

N9K-X9736C-FX

The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS Switch CLI.

N9K-X9736C-FX

Ports 29 to 36 do not support 1G SFPs with QSA.

Cisco NX-OS

14.2(7)

Cisco AVS

5.2(1)SV3(4.10)

For more information about the supported AVS releases, see the AVS software compatibility information in the Cisco Application Virtual Switch Release Notes, Release 5.2(1)SV3(4.11).

Cisco UCS Manager

2.2(1c) or later is required for the Cisco UCS Fabric Interconnect and other components, including the BIOS, CIMC, and the adapter.

CIMC HUU ISO

* We do not recommend this CIMC release if you have the "SFP-10G-T-X" connector type on the Cisco APIC data link ports (eth2-1 and eth2-2). To see which connector type you have, enter commands as shown in the following example:

C220-WMP2704001H /chassis # scope adapter 1

C220-WMP2704001H /chassis/adapter # show ext-eth-if detail

Port 2:

MAC Address: 3C:26:E4:1D:BC:95

Link State: LinkUp

…

Connector Type: SFP-10G-T-X

…

Network Insights Base, Network Insights Advisor, and Network Insights for Resources

For the release information, documentation, and download links, see the Cisco Network Insights for Data Center page.

For the supported releases, see the Cisco Data Center Networking Applications Compatibility Matrix.

Cisco ACI Virtual Edge Release Notes, Release 2.2(7)

The release notes for Cisco ACI Virtual Edge.

Cisco ACI Virtual Pod Release Notes, Release 4.2(7)

The release notes for Cisco ACI Virtual Pod.

Cisco Application Centric Infrastructure Simulator Appliance Release Notes, Release 4.2(7)

The release notes for the Cisco ACI Simulator Appliance.

Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(7)

The release notes for Cisco NX-OS for Cisco Nexus 9000 Series ACI-Mode Switches.

Verified Scalability Guide for Cisco APIC, Release 4.2(6), Multi-Site, Release 3.1(1), and Cisco Nexus 9000 Series ACI-Mode Switches, Release 14.2(6)

This guide contains the maximum verified scalability limits for Cisco Application Centric Infrastructure (ACI) parameters for Cisco APIC, Cisco ACI Multi-Site, and Cisco Nexus 9000 Series ACI-Mode Switches.

Note: the 4.2(6) release document applies to this release.