Cisco Application Policy Infrastructure Controller Release Notes, Release 6.0(9)

Available Languages

Download Options

  • PDF
    (564.9 KB)
    View with Adobe Reader on a variety of devices
Updated:August 29, 2025

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (564.9 KB)
    View with Adobe Reader on a variety of devices
Updated:August 29, 2025
 

 

Introduction

The Cisco Application Centric Infrastructure (ACI) is an architecture that allows the application to define the networking requirements in a programmatic way. This architecture simplifies, optimizes, and accelerates the entire application deployment lifecycle. Cisco Application Policy Infrastructure Controller (APIC) is the software, or operating system, that acts as the controller.

This document describes the features, issues, and limitations for the Cisco APIC software. For the features, issues, and limitations for the Cisco NX-OS software for the Cisco Nexus 9000 series switches, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 16.0(9).

For more information about this product, see "Related Content."

Date

Description

August 7, 2025

Release 6.0(9e) became available; the Resolved Issues table was updated.

July 1, 2025

Defect CSCwp91797 was added to the list of Known Issues.

June 11, 2025

The Miscellaneous Compatibility Information table was updated to indicate support for 4.3.2.250016 CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3).

April 16, 2025

Release 6.0(9d) became available; the Resolved Issues table was updated.

February 27, 2025

Release 6.0(9c) became available.

New Software Features

Product Impact

Feature

Description

N/A

N/A

There are no new software features in this release.

New Hardware Features

For the new hardware features, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 16.0(9).

Changes in Behavior

For the changes in behavior, see Cisco ACI Releases Changes in Behavior.

Open Issues

Click the bug ID to access the Bug Search tool and see additional information about the bug. The "Exists In" column of the table specifies the 6.0(9) releases in which the bug exists. A bug might also exist in releases other than the 6.0(9) releases.

Bug ID                    

Description

Exists in          

CSCvt99966

A SPAN session with the source type set to "Routed-Outside" goes down. The SPAN configuration is pushed to the anchor or non-anchor nodes, but the interfaces are not pushed due to the following fault: "Failed to configure SPAN with source SpanFL3out due to Source fvIfConn not available".

6.0(9c) and later

CSCwf48875

When using two different host profiles (for example UCS C-Series and UCS B-Series) to deploy NSX, the uplink policy will be different for the host profiles. In this case, using one uplink profile with two policies might cause traffic disruption for a non-default teaming policy.

6.0(9c) and later

CSCwp14876

Return PBR traffic dropped on Service Leaf after APIC upgrade due to actrlRule missing to allow traffic.

6.0(9d)

CSCwc50398

Licensemgr process crashes on node-1, with Smart license mode being "Direct connection to CSSM” under smart license settings.

6.0(9c) and 6.0(9d)

Resolved Issues

Click the bug ID to access the Bug Search tool and see additional information about the bug. The "Fixed In" column of the table specifies the 6.0(9) release in which the bug was first fixed.

Bug ID                    

Description

Fixed in          

CSCwo19068

Users are unable to authenticate on APICs 1 and 2 via GUI after power event/reload of APIC, while authentication works on APIC 3. CLI access still works.

6.0(9d)

CSCwh41632

APIC controller upgrade will be shown as completed only after the post upgrade activities are completed.

6.0(9d)

CSCwn59662

After upgrading an ACI leaf, the GBP cache may miss some contracts, which can cause traffic disruptions for the affected EPGs. On the OSP/compute node, this issue may manifest as policy miss drops in OVS, specifically indicated by POL_TABLE MISS.

6.0(9d)

CSCwo45052

We should have proper validation for gipo. need to validate the following things:

1. valid range

2. valid subnet/mask

APIC obviously took the invalid address at the initial setup, whereas NXOS correctly rejects in multi-pod environment.

6.0(9d)

CSCwb66277

When trying to generate acllogPermitL3Flow, acllogDropL3Flow, acllogPermitL3Pkt or acllogDropL3Pkt, APIC returns to the user "Unable to deliver the message. Resolve timeout from (type/num/svc/shard) = switch:{switchId}:4:0".

6.0(9c)

CSCwb97455

switch nginx process would be blocked when query acllog records, either from visore or through CLI moquery. this is due to performance issue when querying those info and creating acllog mos on the fly. the main time consumer is query actrlRule when it is relatively large, around ~50K mos. If nginx is blocked, customer can not logging to switch for about 10-15 mins until nginx is timed out querying those acllog records.

6.0(9c)

CSCwh63412

Audit logs under System > History > Audit Logs are limited to the current logged in user. Only the user with the username admin can see the audit logs from all users, but other users despite having admin privileges cannot see the audit logs from other users. The audit logs under Tenants are visible to every user.

6.0(9c)

CSCwi05819

Export of techsupport, configuration backups, etc. does not work when the remote server is a Windows machine with SFTP because the GUI does not allow a remote path without a leading slash in the remote location object (`fileRemotePath.remotePath`).For instance, an example of a correct remote path for a Windows machine with SFTP is "C:/Users/Administrator/Downloads".However, the GUI enforces users to type "/C:/Users/Administrator/Downloads" instead, which fails with a fault F0053 and error "Upload failed, Destination access was denied".

6.0(9c)

CSCwi12805

The CLI command "show dcimgr repo sclass-maps" reports multiple translation rules stated as unformed. Those rules are not installed in the line card, which is not found by the CLI command "show plat int hal dci sclassmap".

6.0(9c)

CSCwi66761

The client Certificate Authenticate state is disabled but the browser still prompts for the certificate when the APIC GUI is accessed.

6.0(9c)

CSCwi76453

In L3Outs with BGP enabled, we cannot configure an IPv6 neighbor address with /127 and /128 prefix under the BGP Connectivity Profile, especially for physical interfaces. For example: fd00::/127.

The input box will be squared with red and display a red exclamation mark, but it does not give a warning in the pop-up text when you hover the mouse cursor on the exclamation mark. Also, the "Submit" button will be grayed out.

6.0(9c)

CSCwi80052

After a user changes the time zone from UTC to a local time zone in "System" > "System Setting" > "Date and Time", the time zone looks changed to the local time zone on the APIC GUI (For example, Asia/Tokyo).

But, the time zone attribute of the datetimeFormat managed object that manages time zone internally is still set to UTC.

6.0(9c)

CSCwi81236

When deploying an encapsulation VLAN on an EPG using AAEP, any subsequent VLAN you attempt to deploy under the same AAEP overwrites the existing VLAN, with no prior warning or notification.

6.0(9c)

CSCwi82301

The loopback IP address configured on the APIC GUI on a node profile for an L3Out, is not reflected in the CLI of the leaf switch.

6.0(9c)

CSCwi85833

Some APIC show commands are hanging or not responding to auto-complete.

6.0(9c)

CSCwj14274

Data center crashes caused by missing ElasticSearch service has been fixed. However, data center can no longer receive updates from the cloud.

6.0(9c)

CSCwj25438

When an interface connected to a leaf switch goes down, LLDP caches that info instead of clearing it, which can cause the attribute-value pair to corrupt the cluster and cause the cluster to become diverged.

6.0(9c)

CSCwj51103

Stale leaf-to-controller connection shows as an active connection.

6.0(9c)

CSCwj68034

 

During an APIC cluster upgrade, APIC 1 gets stuck as shown in this output:

2024-03-13 19:01:36,238|INFO|32451|install_utils:114 killall -9 glusterfsd

2024-03-13 19:01:36,255|INFO|32451|install_utils:121 lsof /data2 2>/dev/null | grep -v PID | awk '{print $1"_X_"$2}' | sort -u

2024-03-13 19:01:36,388|INFO|32451|install_utils:127 python3_X_32451

2024-03-13 19:01:36,388|INFO|32451|install_utils:282 Killing python3:32451 to free /data2

2024-03-13 19:01:36,389|INFO|32451|install_utils:114 kill -9 32451

6.0(9c)

CSCwj71324

Fault F3083 did not generate for two endpoints in the same EPG that have the same IP address.

6.0(9c)

CSCwj80825

After performing a policy upgrade to 6.0(2) or later, the upgrade failed on the virtual APICs or the virtual APICs were otherwise unresponsive.

6.0(9c)

CSCwj85048

It is possible to configure infra VLAN as part of a dynamic VLAN pool, even though this configuration should be prevented by the APIC policy distributor process checks.

6.0(9c)

CSCwk02682

 

Reset Reason for this card:        Image Version : 16.0(3e)        Reset Reason (LCM): Unknown (0) at time         Reset Reason (SW): System cold rebooted (180) at time           Service (Additional Info): System cold rebooted        Reset Reason (HW): Unknown (0) at time         Reset Cause (HW): 0x00 at time          Reset internal (HW): 0x00 at time

6.0(9c)

CSCwk40978

 

Decommissioned APIC residue in avread. This APIC triggered leaf switches to do AV mutation continuously, resulting in fnvread flap on APIC.

6.0(9c)

CSCwk42159

After upgrading border leaf switches to version 6.0.5h, static pervasive routes to remote bridge domain might not get programmed in one of the pairs, causing the traffic to get dropped.

6.0(9c)

CSCwk45026

When two Switch Profiles are created in Fabric Policy via GUI, Interface Associations of the first Profiles are deleted.

6.0(9c)

CSCwk45334

Browser's page with APIC UI gets failed with "Error code: 5" when two snapshots are compared and one of them is small (<1MB) and the other one is large (>2MB).

6.0(9c)

CSCwk53812

 

 

 

The threshold action became permit from bypass in case the nexthop group attribute missing for PBR policyThe "nexthop group" attribute is missing for PBR policy v4 or v6 after enable the PBR threshold with bypass action.By considering checking how the backup group is decided for bypass node on switch, put below command, but it seems not showing as expected for IPv4 case.. it couldn?t see the next "nexthop group: info displayed for IPv4, but for Ipv6 we can see that info.

6.0(9c)

CSCwk59987

 

 

1. On GUI, go to Fabric > Inventory > Fabric Membership

2. Select a spine which you want to replace and right-click it

3. From the pop-up menu, select "Decommission".

4. You cannot see options in the "Decommission" dialog.

6.0(9c)

CSCwk69242

When an APIC controller in one Pod is replaced by a standby controller from another Pod, the Static Node Management Address for Out-of-Band interface on the new active APIC (former standby APIC) is assigned to the "default" OOB EPG instead of the configured custom OOB EPG. As a result, the new active APIC might become unreachable through Out-of-Band.

6.0(9c)

CSCwk69705

Getting the "show version" result fails if you access the APIC from a non-English remote client. The following warning will appear when logging in

-----------------

/bin/bash: warning: setlocale: LC_ALL: cannot change locale (ja_JP.UTF-8)Last login: 2024-07-10T03:53:51.000+00:00 UTCapic1# show versionsError: 'nodeId'

-----------------

6.0(9c)

CSCwk73873

66% of entries in the CU environment are for "modifications" to the DeviceConnectorInst as below. This creates difficulty in monitoring ACI as well as fills up storage with superfluous entries.

<aaaModLR affected="uni/fabric/dcinst" cause="transition" changeSet="psb (****)" childAction="" clientTag="" code="E4219170" created="2024-07-09T14:08:44.823+00:00" descr="DeviceConnectorInst modified" dn="subj-[uni/fabric/dcinst]/mod-8589955642" id="8589955642" ind="modification" modTs="never" sessionId="" severity="info" status="" trig="config" txId="576460752306227951" user="intersight_dc"/>

6.0(9c)

CSCwk88187

Switch TACACS audit feature does not work when using INB management on TACACs destination group.

 

The TACACS logging for switches were added in 6.0.2. Though the feature was added and tested for OOB during implementation, it was not tested for INB Epg configuration, which should be supported and tested.

6.0(9c)

CSCwm07136

nginx crashed is seen when LDAP login is used.

6.0(9c)

CSCwm07375

The APIC UI show the following warning: This object was created by an unknown orchestrator. It is recommended to only modify this object using the appropriate orchestrator when the orchestrator used to create the Tenant is "orchestrator:aci-containers-controller". This is a supported orchestrator, and this is just a cosmetic issue.

6.0(9c)

CSCwm29721

When APIC authentication takes place, the leaf ports where the APIC is connected to are going into out of service state. LLDP interface is indicating wiring issues: unapproved controller:

leaf-2001# cat /mit/sys/lldp/inst/if-[eth1--1]/summary

# LLDP Interface

id                     : eth1/1

adminRxSt              : enabled

adminSt                : enabled

adminTxSt              : enabledCluster

…………………………………………

……………………………………………

6.0(9c)

CSCwm34088

fabric command failed with show discovery issues on APIC.

6.0(9c)

CSCwm37391

The command 'show vmware domain name <vc>'  is showing invalid token for some vcenters in vmmdomain:Error: not well-formed (invalid token): line 1, column 132528

6.0(9c)

CSCwm40608

When applying SMU to a version that is compatible with the SMU, a compatibility error occurs. Error: "The firmware version of node(s) <Node ID> are not compatible with SMU version being installed”.

6.0(9c)

CSCwm44776

If user defined tenant configuration uses the same VLAN as the infra VLAN then during the configuration you will see a fault F0467 about the VLAN encap being in use on the leaf that has the APIC infra VLAN deployed on the APIC connected interface. However, if the APIC interface goes down then the tenant VLAN gets programmed which results in the switch port not having the actual infra VLAN deployed. The interface shows unapproved controller for the connected APIC.

6.0(9c)

CSCwm48813

During the ACI switch SMU installation, the upgrade window fails to update the SMU version information in a timely manner.

Using the APIC GUI:

Step 1.Upload a SMU image: Navigate to Admin > Firmware > Images.

Step 2.Create a Switch upgrade policy: Proceed to Admin > Firmware > Switches > Actions > Create Update Group. Select a switch, then opt for "Software Maintenance Upgrade (Install)" and choose the previously uploaded SMU firmware. Initiate the download.

Step 3.Admin > Firmware > Switches > Click on the current status > Click Actions > Select Install and Reload.

Step 4.Maintain the upgrade window open and await the completion of the installation.

 Despite the installation being complete, the SMU Version column remains blank with "-",    and refreshing the page offers no help.

6.0(9c)

CSCwm54552

The default Password Strength Check value is Enabled under Admin/AAA/Security/Default settings, but when opening the "Edit Security Default Settings" window, the Password Strength Check checkbox isn't checked so it looks like it is not enabled.

6.0(9c)

CSCwm61872

If you configure any vSwitch Policy on the APIC when the VDS Parameters have the Multicast Filtering Mode as IGMP / MLD Snooping, and this configuration is pushed, the Filtering Mode will be reverted to Basic, as the following log:

 

The vSphere Distributed Switch "name 1" in "name 2" was reconfigured. Modified: config.description: <unset> -> ""; config.configVersion: "2" -> "3"; config.switchIpAddress: <unset> -> "0.0.0.0"; config.ipfixConfig.collectorIpAddress: <unset> -> "x.x.x.x"; config.ipfixConfig.collectorPort: 0 -> 9995; config.multicastFilteringMode: "snooping" -> "legacyFiltering"; Added: Deleted:

6.0(9c)

CSCwm63131

GUI throws an error that says "An object with the same naming properties exists in the system, please fix and continue" when creating a contract with the same name as a contract in another tenant.

6.0(9c)

CSCwm77699

Create a profile/selector for a subPort greater than 16, for example interface eth1/1/20 on node 101. In other words, assign a Policy Group to an interface that does not exist.

6.0(9c)

CSCwm80661

As per design, the ESG policies and intra-VRF routes (all BD subnets) are programmed on all nodes where the VRF is deployed upon ESG creation. In contra-VRF routes, when the last ESG associated with VRF is removed from the APIC, we expected respective BD subnets to be removed from all nodes where the BD/EPG is not deployed. However, this is not the case. The BD subnets remained on the nodes where the VRF is deployed.

6.0(9c)

CSCwm96465

ACI 6.0(5h) | Wrong value for APIC's Memory usage in GUI.

6.0(9c)

CSCwn62369

When collecting on ondemand TS for APIC M4/L4s the DB files will be missing in the collection (2of3 file). You will see the file completes but it will be a very small file without the DB files.

6.0(9c)

CSCwp22212

The policymgr process consistently crashes after an upgrade to a non-fixed version. As a result, the APIC cluster fails to converge and remain in a data-layer partially diverged status.

6.0(9e)

CSCwc50398

Licensemgr process crashes on node-1, with Smart license mode being "Direct connection to CSSM” under smart license settings.

6.0(9e)

CSCwk79672

The Cisco APIC upgrade status becomes stuck in the "Post Upgrade Pending" state when there is some connectivity issue between two APICs during post-upgrade callback execution.

6.0(9e)

CSCwp64296

After a stateless reload of a spine, the EP exception list shows it is disabled and no configuration is present.

spine# moquery -c rogueBDDef

No Mos found

 

spine# vsh

spine# show coop internal information ep exception-list

EP Exception list not Enabled.  

6.0(9e)

Known Issues

Click the bug ID to access the Bug Search tool and see additional information about the bug. The "Exists In" column of the table specifies the 6.0(9) releases in which the bug exists. A bug might also exist in releases other than the 6.0(9) releases.

Bug ID                    

Description

Exists in          

CSCvj26666

The "show run leaf|spine <nodeId>" command might produce an error for scaled up configurations.

6.0(9c) and later

CSCvq39764

When you click Restart for the Microsoft System Center Virtual Machine Manager (SCVMM) agent on a scaled-out setup, the service may stop. You can restart the agent by clicking Start.

6.0(9c) and later

CSCvq58953

One of the following symptoms occurs:

App installation/enable/disable takes a long time and does not complete.

Nomad leadership is lost. The output of the acidiag scheduler logs members command contains the following error:

Error querying node status: Unexpected response code: 500 (rpc error: No cluster leader)

6.0(9c) and later

CSCvr89603

The CRC and stomped CRC error values do not match when seen from the APIC CLI compared to the APIC GUI. This is expected behavior. The GUI values are from the history data, whereas the CLI values are from the current data.

6.0(9c) and later

CSCvs19322

Upgrading Cisco APIC from a 3.x release to a 4.x release causes Smart Licensing to lose its registration. Registering Smart Licensing again will clear the fault.

6.0(9c) and later

CSCvs77929

In the 4.x and later releases, if a firmware policy is created with different name than the maintenance policy, the firmware policy will be deleted and a new firmware policy gets created with the same name, which causes the upgrade process to fail.

6.0(9c) and later

CSCvx75380

svcredirDestmon objects get programmed in all of the leaf switches where the service L3Out is deployed, even though the service node may not be connected to some of the leaf switch.

There is no impact to traffic.

6.0(9c) and later

CSCvx78018

A remote leaf switch has momentary traffic loss for flushed endpoints as the traffic goes through the tglean path and does not directly go through the spine switch proxy path.

6.0(9c) and later

CSCvy07935

xR IP flush for all endpoints under the bridge domain subnets of the EPG being migrated to ESG. This will lead to a temporary traffic loss on remote leaf switch for all EPGs in the bridge domain. Traffic is expected to recover.

6.0(9c) and later

CSCvy10946

With the floating L3Out multipath recursive feature, if a static route with multipath is configured, not all paths are installed at the non-border leaf switch/non-anchor nodes.

6.0(9c) and later

CSCvy34357

Starting with the 6.0(7) release, the following apps built with the following non-compliant Docker versions cannot be installed nor run:

●  ConnectivityCompliance 1.2
●  SevOneAciMonitor 1.0

6.0(9c) and later

CSCvz06118

In the "Visibility and Troubleshooting Wizard," ERSPAN support for IPv6 traffic is not available.

6.0(9c) and later

CSCvz84444

While navigating to the last records in the various History sub tabs, it is possible to not see any results. The first, previous, next, and last buttons will then stop working too.

6.0(9c) and later

CSCvz85579

VMMmgr process experiences a very high load for an extended period of time that impacts other operations that involve it.

The process may consume excessive amount of memory and get aborted. This can be confirmed with the command "dmesg -T | grep oom_reaper" if messages such as the following are reported:

         oom_reaper: reaped process 5578 (svc_ifc_vmmmgr.)

6.0(9c) and later

CSCwa78573

When the "BGP" branch is expanded in the Fabric > Inventory > POD 1 > Leaf > Protocols > BGP navigation path, the GUI freezes and you cannot navigate to any other page.

This occurs because the APIC gets large set of data in response, which cannot be handled by the browser for parts of the GUI that do not have the pagination.

6.0(9c) and later

CSCwe18213

The logical switch created for the EPG remains in the NSX-T manager after the EPG is disassociated from the domain, or the logical switch does not get created when the EPG is associated with the domain.

6.0(9c) and later

CSCwf71934

Multiple duplicate subnets are created on Nutanix for the same EPG.

6.0(9c) and later

CSCwh74888

With the addressing of CSCwe64407, a release that integrates that bug fix can the reference of a static VLAN pool in a VMM domain, which before was not possible. However, if the VMM domain is used by Layer 4 to Layer 7 virtual services and the VMM domain is referencing a static VLAN pool, the services do not work and a fault is raised.

6.0(9c) and later

CSCwh92539

After upgrading a Cisco APIC from a release before 5.2(8) to release 6.0(7) or later, there is a loss of out-of-band management connectivity over IPv6 if the APIC has dual stack out-of-band management. However, IPv4 connectivity remains intact. This issue does not occur if the out-of-band management is only IPv4 or only IPv6.

6.0(9c) and later

CSCvy40511

Traffic from an endpoint under a remote leaf switch to an external node and its attached external networks is dropped. This occurs if the external node is attached to an L3Out with a vPC and there is a redistribution configuration on the L3Out to advertise the reachability of the external nodes as direct-attached hosts.

6.0(9c) and later

CSCwa90084

- Traffic gets disrupted across a vPC pair on a given encapsulation.

OR

- EPG flood in encapsulation gets blackholed on a given encapsulation.

OR

- STP packets received on an encapsulation on a given port are not forwarded on all the leaf switches where the same EPG/same encapsulation is deployed.

6.0(9c) and later

CSCwf78521

A GOLF spine switch advertises the bridge domain prefixes to a GOLF peer in multiple VRF instances.

6.0(9c) and later

CSCwp91797

VPC ports channel member ports were showing down post upgrade.

1     Po1(SD)     Eth      LACP      Eth1/9(D)   

2     Po2(SD)     Eth      LACP      Eth1/68(D)  

6.0(9d)

N/A

Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. Because of the validation, when TCP is configured as the IP SLA type, Cisco APIC no longer accepts an IP SLA port value of 0, which was allowed in previous releases. An IP SLA monitor policy from a previous release that has an IP SLA port value of 0 becomes invalid if the Cisco APIC is upgraded to release 4.1(1) or later. This results in a failure for the configuration import or snapshot rollback.

The workaround is to configure a non-zero IP SLA port value before upgrading the Cisco APIC, and use the snapshot and configuration export that was taken after the IP SLA port change.

6.0(9c) and later

N/A

If you use the REST API to upgrade an app, you must create a new firmware.OSource to be able to download a new app image.

6.0(9c) and later

N/A

In a multipod configuration, before you make any changes to a spine switch, ensure that there is at least one operationally "up" external link that is participating in the multipod topology. Failure to do so could bring down the multipod connectivity. For more information about multipod, see the Cisco Application Centric Infrastructure Fundamentals document and the Cisco APIC Getting Started Guide.

6.0(9c) and later

N/A

With a non-english SCVMM 2012 R2 or SCVMM 2016 setup and where the virtual machine names are specified in non-english characters, if the host is removed and re-added to the host group, the GUID for all the virtual machines under that host changes. Therefore, if a user has created a micro segmentation endpoint group using "VM name" attribute specifying the GUID of respective virtual machine, then that micro segmentation endpoint group will not work if the host (hosting the virtual machines) is removed and re-added to the host group, as the GUID for all the virtual machines would have changed. This does not happen if the virtual name has name specified in all english characters.

6.0(9c) and later

N/A

A query of a configurable policy that does not have a subscription goes to the policy distributor. However, a query of a configurable policy that has a subscription goes to the policy manager. As a result, if the policy propagation from the policy distributor to the policy manager takes a prolonged amount of time, then in such cases the query with the subscription might not return the policy simply because it has not reached policy manager yet.

6.0(9c) and later

N/A

When there are silent hosts across sites, ARP glean messages might not be forwarded to remote sites if a leaf switch without -EX or a later designation in the product ID happens to be in the transit path and the VRF is deployed on that leaf switch, the switch does not forward the ARP glean packet back into the fabric to reach the remote site. This issue is specific to transit leaf switches without -EX or a later designation in the product ID and does not affect leaf switches that have -EX or a later designation in the product ID. This issue breaks the capability of discovering silent hosts.

6.0(9c) and later

N/A

Typically, faults are generally raised based on the presence of the BGP route target profile under the VRF table. However, if a BGP route target profile is configured without actual route targets (that is, the profile has empty policies), a fault will not be raised in this situation.

6.0(9c) and later

N/A

MPLS interface statistics shown in a switch's CLI get cleared after an admin or operational down event.

6.0(9c) and later

N/A

MPLS interface statistics in a switch's CLI are reported every 10 seconds. If, for example, an interface goes down 3 seconds after the collection of the statistics, the CLI reports only 3 seconds of the statistics and clears all of the other statistics.

6.0(9c) and later

Virtualization Compatibility Information

This section lists virtualization compatibility information for the Cisco APIC software.

●     For a table that shows the supported virtualization products, see the ACI Virtualization Compatibility Matrix.

●     For information about Cisco APIC compatibility with Cisco UCS Director, see the appropriate Cisco UCS Director Compatibility Matrix document.

●     This release supports the following additional virtualization products:

Product

Supported Release

Information Location

Microsoft Hyper-V

●  SCVMM 2019 RTM (Build 10.19.1013.0) or newer
●  SCVMM 2016 RTM (Build 4.0.1662.0) or newer
●  SCVMM 2012 R2 with Update Rollup 9 (Build 3.2.8145.0) or newer

N/A

VMM Integration and VMware Distributed Virtual Switch (DVS)

6.5, 6.7, 7.0 and 8.0.

Note: vSphere 8.0 does not support the vCenter Plug-in and Cisco ACI Virtual Edge (AVE). If you need to continue to use the vCenter Plug-in and Cisco AVE, use vSphere 7.0.

Cisco ACI Virtualization Guide, Release 6.0(x)

Nutanix

●  Prism Central (PC) version: 2022.6.0.4;
AOS version 6.5.x
●  Prism Central (PC) version: 2023.1.0.1;
AOS version 6.6.x
●  Prism Central (PC) version: 2024.2.0.1;
AOS version - 6.10.x

Note: Only 6.0(9d) supports PC version: 2024.2.0.1, AOS version - 6.10.x

N/A

Hardware Compatibility Information

This release supports the following Cisco APIC servers:

Product ID

Description

APIC-L2

Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports)

APIC-L3

Cisco APIC with large CPU, hard drive, and memory configurations (more than 1200 edge ports)

APIC-L4

Cisco APIC with large CPU, hard drive, and memory configurations (more than 1200 edge ports)

APIC-M2

Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports)

APIC-M3

Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1200 edge ports)

APIC-M4

Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1200 edge ports)

 

The following list includes general hardware compatibility information:

●     For the supported hardware, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 16.0(9).

●     Contracts using matchDscp filters are only supported on switches with "EX" on the end of the switch name. For example, N9K-93108TC-EX.

●     When the fabric node switch (spine or leaf) is out-of-fabric, the environmental sensor values, such as Current Temperature, Power Draw, and Power Consumption, might be reported as "N/A." A status might be reported as "Normal" even when the Current Temperature is "N/A."

●     First generation switches (switches without -EX, -FX, -GX, or a later suffix in the product ID) do not support Contract filters with match type "IPv4" or "IPv6." Only match type "IP" is supported. Because of this, a contract will match both IPv4 and IPv6 traffic when the match type of "IP" is used.

The following table provides compatibility information for specific hardware:

Product ID

Description

Cisco UCS M4-based Cisco APIC

The Cisco UCS M4-based Cisco APIC and previous versions support only the 10G interface. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration.

Cisco UCS M5-based Cisco APIC

The Cisco UCS M5-based Cisco APIC supports dual speed 10G and 25G interfaces. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration.

N2348UPQ

To connect the N2348UPQ to Cisco ACI leaf switches, the following options are available:

Directly connect the 40G FEX ports on the N2348UPQ to the 40G switch ports on the Cisco ACI leaf switches

Break out the 40G FEX ports on the N2348UPQ to 4x10G ports and connect to the 10G ports on all other Cisco ACI leaf switches.

Note: A fabric uplink port cannot be used as a FEX fabric port.

N9K-C9348GC-FXP

This switch does not read SPROM information if the PSU is in a shut state. You might see an empty string in the Cisco APIC output.

N9K-C9364C-FX

Ports 49-64 do not support 1G SFPs with QSA.

N9K-C9508-FM-E

The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch.

N9K-C9508-FM-E2

The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch.

The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS switch CLI.

N9K-C9508-FM-E2

This fabric module must be physically removed before downgrading to releases earlier than Cisco APIC 3.0(1).

N9K-X9736C-FX

The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS Switch CLI.

N9K-X9736C-FX

Ports 29 to 36 do not support 1G SFPs with QSA.

Miscellaneous Compatibility Information

This release supports the following products:

Product

Supported Release

Cisco NX-OS

16.0(9)

Cisco UCS Manager

2.2(1c) or later is required for the Cisco UCS Fabric Interconnect and other components, including the BIOS, CIMC, and the adapter.

CIMC HUU ISO

Note: Install only the CIMC versions mentioned here in this table. Though other firmware versions may be supported on standard UCS C220/C225 servers, they are not supported on APIC and could lead to issues, including failure to boot.

●  4.3.4.252002 (recommended) CIMC HUU ISO for UCS C225 M6 (APIC-L4/M4)
●  4.3.2.250016 (recommended) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.3.4.241063 CIMC HUU ISO for UCS C225 M6 (APIC-L4/M4)
●  4.3.2.240077 CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.3.2.240009 CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) and UCS C225 M6 (APIC-L4/M4)
●  4.3.2.230207 CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) and UCS C225 M6 (APIC-L4/M4)
●  4.2(3e) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) and UCS C225 M6 (APIC-L4/M4)
●  4.2(3b) CIMC HUU ISO for UCS C225 M6 (APIC-L4/M4)
●  4.2(3b) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.2(2a) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.1(3m) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.1(3f) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.1(3d) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.1(3c) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3)
●  4.1(2m) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2)
●  4.1(2k) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2)
●  4.1(2g) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2)
●  4.1(2b) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2)
●  4.1(1g) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3)
●  4.1(1f) CIMC HUU ISO for UCS C220 M4 (APIC-L2/M2) (deferred release)
●  4.1(1d) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3)
●  4.1(1c) CIMC HUU ISO for UCS C220 M4 (APIC-L2/M2)
●  4.0(4e) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3)
●  4.0(2g) CIMC HUU ISO for UCS C220/C240 M4 and M5 (APIC-L2/M2 and APIC-L3/M3)
●  4.0(1a) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3)
●  3.0(4d) CIMC HUU ISO for UCS C220/C240 M3 and M4 (APIC-L2/M2)
●  3.0(3f) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2)
●  2.0(13i) CIMC HUU ISO
●  2.0(9c) CIMC HUU ISO
●  2.0(3i) CIMC HUU ISO

Network Insights Base, Network Insights Advisor, and Network Insights for Resources

For the release information, documentation, and download links, see the Cisco Network Insights for Data Center page.

For the supported releases, see the Cisco Data Center Networking Applications Compatibility Matrix.

 

●     This release supports the partner packages specified in the L4-L7 Compatibility List Solution Overview document.

●     A known issue exists with the Safari browser and unsigned certificates, which applies when connecting to the Cisco APIC GUI. For more information, see the Cisco APIC Getting Started Guide, Release 6.0(x).

●     For compatibility with Day-2 Operations apps, see the Cisco Data Center Networking Applications Compatibility Matrix.

●     Cisco Nexus Dashboard Insights creates a user in Cisco APIC called cisco_SN_NI. This user is used when Nexus Dashboard Insights needs to make any changes or query any information from the Cisco APIC. In the Cisco APIC, navigate to the Audit Logs tab of the System > History page. The cisco_SN_NI user is displayed in the User column.

Related Content

See the Cisco Application Policy Infrastructure Controller (APIC) page for the documentation.

The documentation includes installation, upgrade, configuration, programming, and troubleshooting guides, technical references, release notes, and knowledge base (KB) articles, as well as other documentation. KB articles provide information about a specific use case or a specific topic.

By using the "Choose a topic" and "Choose a document type" fields of the APIC documentation website, you can narrow down the displayed documentation list to make it easier to find the desired document.

You can watch videos that demonstrate how to perform specific tasks in the Cisco APIC on the Cisco Cloud Networking YouTube channel.

Temporary licenses with an expiry date are available for evaluation and lab use purposes. They are strictly not allowed to be used in production. Use a permanent or subscription license that has been purchased through Cisco for production purposes. For more information, go to Cisco Data Center Networking Software Subscriptions.

The following table provides links to the release notes, verified scalability documentation, and new documentation:  

Document

Description

Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 16.0(9)

The release notes for Cisco NX-OS for Cisco Nexus 9000 Series ACI-Mode Switches.

Verified Scalability Guide for Cisco APIC, Releases 6.0(4) through 6.0(9) and Cisco Nexus 9000 Series ACI-Mode Switches, Releases 16.0(4) through 16.0(9)

This guide contains the maximum verified scalability limits for Cisco Application Centric Infrastructure (ACI) parameters for Cisco APIC and Cisco Nexus 9000 Series ACI-Mode Switches.

APIC REST API Configuration Procedures

This document resides on developer.cisco.com and provides information about and procedures for using the Cisco APIC REST APIs. The new REST API procedures for this release reside only here and not in the configuration guides. However, older REST API procedures are still in the relevant configuration guides.

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, send your comments to apic-docfeedback@cisco.com. We appreciate your feedback.

Legal Information

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2025 Cisco Systems, Inc. All rights reserved.

Learn more