Guidelines and Limitations

This section lists guidelines and limitations that are related to the Cisco DCNM 10.4(2), 11.0(1).

  • For deployments that require PIM border leaf and multi-site, use Cisco DCNM 10.4(2) or later. vPC and PIM Border leaf cannot coexist in the same fabric. If IP for Media (IPFM) vPC is required, use Cisco DCNM 10.3(2).

  • Though deletion of the IP for Media (IPFM) hosts is possible in the DCNM for Media Controller solution, it is recommended that you should use this option with extreme caution, understanding that manual effort is needed to bring the solution back in sync.

  • The icons or fonts on Cisco DCNM GUI may not appear correctly on Microsoft Windows 10 browsers. This problem can occur if your Windows 10 is set to block untrusted fonts or some security or mitigation options. Microsoft's Internet Explorer Browser Support team has provided with the following steps to address this issue.

  • The Cisco non-blocking multicast (NBM) crashes on Cisco Nexus 9000 Series switch that runs NX-OS Release 7.0(3)F3(1). This is a known issue with Cisco Nexus 9000 Series switch that runs NX-OS Release 7.0(3)F3(1). The cleanFlow API might be used for cleaning the stale flows in Cisco DCNM, and that may trigger the issue with Nexus 9000 Series switch that runs NX-OS Release 7.0(3)F3(1).

  • You need to configure the Allow Font Downloads Internet Explorer Setting on the Internet Zone and Restricted Sites Zone (enabled by default). Perform the following steps:

    1. Search for Group Policy Editor in Control Panel.

    2. Choose Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Internet Zone > Allow Font Downloads.

    3. Double click and choose the Enabled radio button.

    4. Click OK.

    5. Choose Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Restricted Sites Zone > Allow Font Downloads.

    6. Double click and choose the Enabled radio button.

    7. Click OK.

    8. Restart the computer so that the new setting takes effect.

  • POAP Dynamic Breakout—From Cisco NX-OS Release 7.0(3)I4(1), POAP dynamically breaks out ports to detect a DHCP server behind one of the broken-out ports. Previously, the DHCP server that is used for POAP was directly connected to a normal cable as the breakout cables were not supported. POAP determines which breakout map (for example, 10gx4, 50gx2, 25gx4, or 10gx2) brings up the link that is connected to the DHCP server. If breakout is not supported on any of the ports, POAP skips the dynamic breakout process. After the breakout loop completes, POAP proceeds with the DHCP discovery phase as normal.

    Cisco DCNM leverages the dynamic breakout to simplify the fabric setup by retaining successful breakout configuration. Since dynamic breakout requires the other side of the link to be active, there are circumstances where you must manually breakout interfaces, or may notice breakout in places which are not desired. In those situations, you must adjust the ports on the Interfaces page before performing Save and Deploy in the Fabric Builder.

  • If you want to perform an In-Service Software Upgrade (ISSU), you need to configure both IPv4 and IPv6 addresses on the switch.

  • To support IPv6 addressing in Nexus 9000 Leaf template, the custom template needs to be configured with the IPv6 address field and the IPv6 gateway without IPv4 fields. The BUM Multicast Replication fields need to be added to specify correct RP Group and anycast IP address.

  • Depending on how a switch handles the cdp enable CLI command (enabled or disabled by default), Cisco DCNM shows this as config difference, although the Save and Deploy operation is performed to correct it. This depends on the default behavior of the switch image (that is, whether the show running-config shows the CLI or not). To address this issue, the respective policy template that is applied on the interfaces must be updated, so that the CLI is ignored during the configuration compliance check.

  • When you edit a template in Cisco DCNM 10.4(2) while it is in use, the template changes are saved on the DCNM Web UI but not on the disk. If this setup is upgraded to Cisco DCNM 11.0(1), the template changes made in 10.4(2) are not retained since backup reads content from disk. To address this issue, ensure that the content on DCNM Web UI matches with the content on disk. If it does not match, you must manually edit these templates in 10.4(2) on disk before taking the backup of the content.

  • During the installation if EPL eth2 adapter is used when eth0 and eth1 adapters are configured, the virtual machine needs to come up first. If the virtual machine does not come up before eth2 adapter is configured, the eth1 adapter will not come up, because of the incorrect mac-address assignment by installer.

  • Create a free-form configuration on all the white box switches that are managed by Cisco DCNM as shown below, and deploy them on all the switches before the final Save and Deploy operation.

    line console
    speed 115200
    stopbits 2

    This is only applicable to the Cisco DCNM LAN Fabric mode.

  • On Microsoft Windows 2016 Standard server, run the Cisco DCNM installation EXE file as an administrator. Cisco DCNM installation will not start on Microsoft Windows 2016 Standard server unless you set the EXE file as an administrator. To start the installation EXE file, you can right-click on the EXE file, and choose Run as administrator.

  • When the NX-OS Virtual Switches are cloned, they might use the same serial number. Since Cisco DCNM will discover them using the same serial number, the device discovery operation will fail.

  • You must undeploy everything before border provisioning. However, Cisco DCNM allows you to change the roles from Leaf to BorderLeaf and Leaf to BorderGateway, or vice versa. Cisco DCNM also allows you to enable VRF-Lite and Multisite Domains with active deployments. You must ensure that the Border provisioning is enabled on the switch before deployment.

  • Cisco DCNM allows you to view and purge the various events between the Host and Flow. The Events are recorded on Media Controller > Events. When you click Purge to remove the old or unwanted events, the DCNM server restarts, by default a maximum of 5000 event entries are retained for 6 hours.

  • Though deletion of PMN hosts is possible in the Cisco DCNM for Media Controller solution, it is recommended that you should use this option with extreme caution, understanding that manual effort is needed to bring the solution back in sync.

  • On the border leaf switch, ethernet interfaces are configured as sender and receiver WAN interfaces to transport multicast traffic between the switch and remote hosts. PIM policies are enabled on the sender and receiver WAN interfaces.

Guidelines and Limitations

  • Ensure that you have installed Visual C++ Redistributable Packages for Visual Studio 2013 64 bit before installing or upgrading to Cisco DCNM Release 11.4(1).

  • To check the status of the running Postgres database in Native HA setup, use pg_ctl command. Do not use the systemctl command.

  • Do not begin the password with Hash (#) symbol. Cisco DCNM considers the password as an encrypted text if it begins with # symbol.

  • Restoring DCNM with changes in IP addresses is not supported.

  • POAP Dynamic Breakout—From Cisco NX-OS Release 7.0(3)I4(1), POAP dynamically breaks out ports to detect a DHCP server behind one of the broken-out ports. Previously, the DHCP server that is used for POAP was directly connected to a normal cable as the breakout cables were not supported. POAP determines which breakout map (for example, 10gx4, 50gx2, 25gx4, or 10gx2) brings up the link that is connected to the DHCP server. If breakout is not supported on any of the ports, POAP skips the dynamic breakout process. After the breakout loop completes, POAP proceeds with the DHCP discovery phase as normal.

    Cisco DCNM leverages the dynamic breakout to simplify the fabric setup by retaining successful breakout configuration. Since dynamic breakout requires the other side of the link to be active, there are circumstances where you must manually breakout interfaces, or may notice breakout in places which are not desired. In those situations, you must adjust the ports on the Interfaces page before performing Save and Deploy in the Fabric Builder.

  • Before using the licensed features, install a Cisco DCNM license for each Nexus-managed or MDS-managed platform. For information about licensing, see the Cisco DCNM Licensing Guide, Release 11.x.

  • Create a free-form configuration on all the white box switches that are managed by Cisco DCNM as shown below, and deploy them on all the switches before the final Save and Deploy operation.

    line console
    speed 115200
    stopbits 2

    This is only applicable to the Cisco DCNM LAN Fabric mode.

  • On Microsoft Windows 2016 Standard server, run the Cisco DCNM installation EXE file as an administrator. Cisco DCNM installation will not start on Microsoft Windows 2016 Standard server unless you set the EXE file as an administrator. To start the installation EXE file, you can right-click on the EXE file, and choose Run as administrator.

  • When the Cisco Nexus 9000v Virtual Switches are cloned, they may use the same serial number. Since Cisco DCNM discovers them using the same serial number, the device discovery operation fails.

  • You cannot access the Cisco DCNM Web UI, when the user system is configured with the same IP address range as that of internal subnet used by the Application Framework in DCNM. For more information, see Cisco DCNM Troubleshooting Guide.

  • Though you can delete PMN hosts, we recommended that you use this option with extreme caution, understanding that manual effort is needed to bring the solution back in sync.

  • Cisco DCNM in Media Controller Deployment Release 11.x does not support non-default VRFs for Cisco Nexus 9000 Release 9.3(x).

  • Cisco DCNM does not support suspending or unsuspending of the VMs.

  • If NIR was installed and stopped, it does not stop service containers running on DCNM compute nodes.

    If the NIR application is deleted from DCNM, a few service containers continue to run DCNM compute nodes and must be stopped manually using afw service commands.

  • When NIR/NIA applications is enabled at higher scale, that is, with 250 switches and 10000 Hardware telemetry flows, DCNM Computes nodes must be connected on all eth0, eth1, and eth2 interfaces using a 10Gig link.

  • For leaf-leaf ports in non-VPC cases, DCNM will always push the shutdown command. If you want to bring up the port, add the no cdp enable command to the interface freeform policy on one of the ports.

    For leaf-leaf or border-border connected ports in non-VPC cases, DCNM will always push the shutdown command to avoid the potential of loops in a VXLAN EVPN fabric. To bring up the port, add no cdp enable command to the interface freeform policy on one of the ports. Consequently, the link will however not be discovered and consequently not show up in the topology but the interfaces will still be up.

  • Two-factor authentication is not supported in DCNM.

  • After the eth0 IP address (for standalone deployment) or the vip0 IP address (for Native HA deployment) is modified using the appmgr update network-properties command, on the Web UI > Administration > MultiSite Manager does not display the correct IP address for AMQP.

  • When a Nexus Dashboard server is adding a Site from DCNM 11.5(1), it must reach the DCNM server over the Data Network. DCNM Data Network connectivity is defined to be over eth2 interface of the DCNM server; also known as Inband Connectivity interface in DCNM. When the eth2 connectivity of the DCNM with the Data Network Connectivity of the Nexus Dashboard is spanning multiple subnets, that is, when they are Layer3 Route connected, you must add routes in DCNM before adding the Site on ND.

    To add route over the Inband Network in DCNM, on the Cisco DCNM Web UI, choose Administration > Customzation > Network Preferences. Enter the Routes to the ND Data Network over the In-band(eth2) inputs of the dashlet. For more information, see Network Preferences-Routes.

  • From Release 11.4(1), Cisco DCNM does not support syncing fabric with switches in VTP server mode. For more information, refer to CSCvx86976.

  • While upgrading from DCNM Release 11.5(1) to Release 11.5(4), if you try to retain when the CA-signed certificates, DCNM fails to launch. For more information, see CSCwb97942.

  • In a DCNM managed by NDO, the MSD fabric backup is not restored completely. The MSD fabric is reverted to the time where the deployed networks created on NDO are not yet available. While the fabric shows as in sync in DCNM, there will be no configuration drift notifications in NDO.

  • In Cisco DCNM SAN deployment, if the DCNM server streaming the SAN analytics is over-utilized, the Elasticsearch database service goes down. This results in performance issues. The Pipeline service may be consuming all the CPU and system resources on the Cisco DCNM server. To troubleshoot this, do the following task:

    1. Stop the Pipeline service.

    2. Reduce the streaming load from the MDS fabric.

    3. Start Elasticsearch service.

    4. Start the Pipeline service.

  • From Cisco DCNM Release 11.5(2), VLAN range is extended. After patch update for LAN Fabric deployment, you can set VLAN range to 4094.

  • In Cisco DCNM SAN deployment, when you enable or disable alarms on a Primary node, it will not be applied to all the nodes in the Federation. You must manually enable or disable alarms on all nodes on all servers in the Federation setup. You must restart the DCNM Server to apply the changes.

  • In Cisco DCNM SAN deployment, when you modify the server properties on Cisco DCNM Web UI > Administration > DCNM Server > Server Properties on a Primary node, it will not be applied to all the nodes in the Federation. You must manually make the changes to the server properties on all nodes on all servers in the Federation setup. You must restart the DCNM Server to apply the changes.

  • SAN Insights is best supported on Linux from Release 11.0(1), and on Cisco DCNM OVA/ISO deployments from Release 11.3(1).

  • From Cisco DCNM Release 11.3(1), you cannot download the SAN Client package from the Software Downloads page. You must install Cisco DCNM, launch Web UI to download the SAN Client and Device Manager. For more information, Cisco DCNM Installation and Upgrade Guide for SAN Deployment.

  • In Releases prior to 11.4, if you have installed a preview feature, perform the following before you upgrade to Release 11.4(1):

    • Remove the configuration from older release setup.

    • Reset the property to enable the preview feature. On the Cisco DCNM Web UI, choose Administration > DCNM Server > Server Properties. Reset the enable preview feature property.

Certain commands must not be executed on Cisco DCNM, as they may harm the functionality of various components on the network. The following table shows the commands and specifies the reason why they must not be executed.

Table 1. List of Commands that must not be executed on Cisco DCNM

Command

Reason

systemctl restart network

This is a common Linux command that the network administrators use when editing the interface properties. The command has shown to render the DCNM useless when converting to the cluster mode.

ifconfig ethx y.y.y.y/zz

Any change in the IP addresses of the DCNM nodes must be done with the appmgr update network-properties command. This includes changing the FQDN, adding static routes, adding/removing NTP servers etc.

Checking TPM Partition before Converting DCNM-SE to Nexus Dashboard

A few Cisco Application Services Engine (SE) nodes that was factory pre-installed with DCNM 11.5(4) or earlier may have a corrupted TPM partition. This causes the installation of Cisco Nexus Dashboard software to fail. You must check the TPM Partition before upgrading from Cisco DCNM-SE to Cisco Nexus Dashboard.


Note


TPM is not a requirement for DCNM 11.x releases. Therefore, this issue does not affect existing DCNM 11.x functionality of the device, even if the device is affected by this issue. No further action is required until you decide to upgrade to Cisco Nexus Dashboard.


To identify if your Cisco DCNM-SE is affected by this issue, perform the following steps:

Procedure


Step 1

SSH to Cisco Application Services Engine using sysadmin user.

Step 2

Run the following command to view the list of models and their vendors.

lsblk-S

[root@dcnm-se-active sysadmin]$ lsblk -S
NAME   HCTL       TYPE     VENDOR   MODEL             REV TRAN
...
sdc    0:2:2:0    disk     Cisco    UCSC-RAID12G-2GB  5.10
sdd    0:2:3:0    disk     Cisco    UCSC-RAID12G-2GB  5.10
sde    0:2:4:0    disk     Cisco    UCSC-RAID12G-2GB  5.10
sdf    7:0:0:0    disk     UNIGEN   PQT8000           1100 usb  /*identiifying device from UNIGEN Vendor*/
sdg    8:0:0:0    disk     UNIGEN   PHF16H0CM1-ETG    PMAP usb
sdl    1:0:0:0    disk     ATA      Micron_5100_MTFD  H072 sata
...

Applications Services Engine from UNIGEN vendor is detected with device name sdf.

Step 3

Run the following command to view the partitions in the disk.

lsblk -s or lsblk

  • Example1

    The following example shows functioning TPM disk with two partitions sdf1 and sdf2. This can be installed with Cisco Nexus Dashboard software with no issues.

    [root@dcnm-se-active sysadmin]$ lsblk
    NAME                 MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
    ... 
    sdc                    8:32   0   2.2T  0 disk
    sdd                    8:48   0   2.2T  0 disk
    sde                    8:64   0   371.6G  0 disk
    sdf                    8:80   1   7.7G  0 disk  /*functioning TPM with partition*/
     |--sdf1                 8:81   1    60M  0 part
     |--sdf2                 8:82   1   3.7G  0 part
    nvme0n1              259:0    0   1.5T  0 disk
     |--nvme0n1p1          259:1    0   1.5T  0 part
       |--flashvg-flashvol 253:3    0   1.5T  0 lvm  /var/afw/vols/data/flash
    ...
  • Example2

    The following example shows defective or corrupted TPM disk with no partitions defined on device sdf. This unit cannot be used to install Cisco Nexus Dashboard software, and must be replaced.

    [root@dcnm-se-active sysadmin]$ lsblk
    NAME                 MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
    ... 
    sdc                    8:32   0   2.2T  0 disk
    sdd                    8:48   0   2.2T  0 disk
    sde                    8:64   0   371.6G  0 disk
    sdf                    8:80   1   16G  0 disk  /*corrupted TPM without partition*/
    nvme0n1              259:0    0   1.5T  0 disk
     |--nvme0n1p1          259:1    0   1.5T  0 part
       |--flashvg-flashvol 253:3    0   1.5T  0 lvm  /var/afw/vols/data/flash
    ...

Step 4

If your device has a TPM disk with no partitions, contact Cisco Technical Assistance Center (TAC) to initiate RMA and replace the device.

No further action is required if your TPM has partitions.