The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco MDS 9000 Series Switches, Release 9.4(4)
Cisco MDS 9000 Series Switches, Release 9.4(4)
This document describes the features, issues, and deployment guidelines for the Cisco MDS NX-OS software for use on the Cisco MDS 9000 Series Switches.
The Cisco MDS 9000 Series of Multilayer Directors and Fabric Switches provide best-in-class high availability, scalability, security, and management that enables to deploy high-performance storage area networks. Layering a rich set of intelligent features onto a high-performance switch fabric, the Cisco MDS 9000 Series has the flexibility to fit small deployments and to address the stringent requirements of large data center storage environments: high availability, security, scalability, sustainability, ease of management, and seamless integration of new technologies.
Note: Release notes are updated on an as needed basis with new information on restrictions and issues. See the following website for the most recent version of the Cisco MDS 9000 Series Release Notes: https://www.cisco.com/c/en/us/support/storage-networking/mds-9000-nx-os-san-os-software/products-release-notes-list.html.
Date |
Description |
August 8, 2025 |
Initial Release |
About Software Images
The Cisco MDS NX-OS operating system is shipped with the Cisco MDS 9000 Series Switches. The Cisco MDS NX-OS software consists of two images: the kickstart image and the system image. These images can be upgraded or downgraded to different versions. The versions of both images must match for the system to boot.
Each model of the Cisco MDS switch has unique kickstart and system images. To download the new Cisco MDS 9000 Series Switches NX-OS software, go to the Storage Networking Software download website at https://software.cisco.com/download/find/MDS.
Upgrade and Downgrade Paths
Cisco MDS NX-OS Release 9.4(4) supports non-disruptive upgrade and downgrade to other Cisco MDS NX-OS Releases. For upgrade and downgrade paths, and guidelines that are recommended for upgrading or downgrading Cisco MDS NX-OS software images, see Cisco MDS 9000 NX-OS Software Upgrade and Downgrade Guide, Release 9.x.
About Firmware Images
Cisco MDS 9000 Series Switches contain a number of hardware components with updatable firmware. The Transceiver Firmware bundle contains updates for various port transceivers. The EPLD Firmware bundle contains updates for programmable logic devices in the system.
These updates can be disruptive and so are not part of the Cisco NX-OS software image. They are released with every Cisco NX-OS release but do not frequently contain changes. Refer to the specific Release Notes for any recommended fixes.
For more information on Transceiver Firmware, see the Cisco MDS 9000 Series Transceiver Firmware Release Notes, Release 9.4(4).
For more information on EPLD bundles, see the Cisco MDS 9000 Series EPLD Release Notes, Release 9.4(4).
Components Supported
For information on supported software and hardware components, see Cisco MDS 9000 Series Compatibility Matrix.
IBM FICON Qualification Status
Cisco MDS NX-OS Release 9.4(4) is not IBM FICON qualified.
Cisco TrustSec FC Link Encryption
For more information about which set of interfaces on each module support FC-SP, see the Configuring Cisco TrustSec Fibre Channel Link Encryption chapter of the Cisco MDS 9000 Series Security Configuration Guide, Release 9.x.
Product Impact |
Feature |
Description |
Ease of Use |
Fabric Congestion and Diagnostics |
Support to send on-demand RDF commands to proactively inform HBAs of new fabric capabilities after a non-disruptive upgrade. For more information, see the Cisco MDS 9000 Series Interfaces Configuration Guide. |
System Information |
The show fabric switch information command has been enhanced to display switch serial numbers. For more information, see the Cisco MDS 9000 Series Command Reference. |
|
Display average frame size |
The show interface and show interface counters detailed commands have been enhanced to display average frame size for each interface. For more information, see the Cisco MDS 9000 Series Command Reference. |
|
Feature Set |
Smart Monitoring and Alerting (SMA) |
The SMA feature has been changed to production-ready. SMA provides unified monitoring and timely detection of important events or conditions. It generates proactive notifications and helps in maintaining the health of the system. SMA provides flexibility to configure custom thresholds based on your requirements. For more information, see Smart Monitoring and Alerting. |
FPIN Peer Congestion notifications |
Support for FPIN Peer Congestion and Clear notifications has been introduced. For more information, see Cisco MDS 9000 Series Interfaces Configuration Guide, Release 9.x. |
|
FPIN warning notifications |
Support for FPIN Congestion notifications with warning severity has been introduced. For more information, see Cisco MDS 9000 Series Interfaces Configuration Guide, Release 9.x. |
|
Interoperability |
RFC 5424 formatted Syslog Messages |
Support for RFC 5424 format and time zone control for syslog messages has been added. For more information, see the Cisco MDS 9000 Series Command Reference. |
Security |
AES-256 encryption for SNMP |
Support for AES-256 encryption key for SNMP has been added. For more information, see the Cisco MDS 9000 Series Security Configuration Guide. |
There are no new hardware features in Cisco MDS NX-OS Release 9.4(4).
Severity 2 (Severe) issues
Bug ID |
Headline |
Known Impacted Releases |
'pixmc' service crash when multiple interfaces flap in a port-channel |
9.4(2a) |
|
"analytics" service crashes |
9.4(1a), 9.3(2a) 8.4(2c) |
|
Switch hangs (control plane dead) after cpu stall |
9.4(2a) |
Severity 3 (Moderate) Issues
Bug ID |
Headline |
Known Impacted Releases |
Traffic disruption after a TCAM parity error |
8.4(2e), 8.4(2d) |
|
ISSU fails with return code 0x40930040 |
9.4(3), 9.4(2a) |
|
Default NX-API SSL protocols command not shown in 'show running-config all' |
9.4(2a) |
|
'copy run start' fails with error 0x401E004D because UUID 81(ascii-cfg) has held the lock |
9.4(1a) 8.4(2c) |
|
Reason is not displayed when an interface is error-disabled due to hardware forwarding programming failure |
9.4(3a), 9.4(2a) |
|
An FC port accepts a FLOGI and shows as 'up' but is actually offline |
8.4(2f) |
|
Reading power-management registers of standby supervisor causes loss of supervisor redundancy |
9.4(2a) |
|
Ingress frames lost from linecard to supervisor |
9.4(2a), 9.2(1a) |
|
NPU hung counter not working |
9.3(2a) |
|
Interfaces enabled with FCSP and ESP stay in notConnected state after losing link due to stuck RX credits |
9.4(2a), 9.4(1a) 8.4(2f) |
|
Remote user login failure in first attempt |
9.4(2a), 9.4(1a) 9.3(2a) |
|
tac-pac command does not collect driver info for first 32 Gbps fabric engine |
9.4(2a) |
|
"show tech-support details" fails to collect the complete information from an MDS 9700 switch |
9.4(2a) |
|
fabric binding feature disabled when FICON feature is enabled |
9.4(3b) |
|
Redefine B2B Credit range of virtual links (VL 0-3) in 64G ER_RDY enabled interfaces |
9.4(2a), 9.4(1a) |
|
Renaming the switch does not update the PI name in SSM On-Prem. |
9.4(2a) |
|
32 Gbps interface running at 16 Gbps with FEC enabled has CRC errors |
9.4(1a) |
|
High CPU and memory utilization on 64 Gpbs Fabric switch |
9.4(3) |
|
Tx/Rx datarate-burst rising/falling syslog messages when datarate-burst is not configured |
9.3(2a) |
|
Incomplete show tech-support details when pulled from Intersight |
9.4(2a) |
|
Switchover not triggered after SEU parity error in eobcsw |
9.4(2a) |
Severity 4 (Minor) Issues
Bug ID |
Headline |
Known Impacted Releases |
"Interface mgmt0 is up" without a corresponding "Interface mgmt0 is down" message. |
8.4(2c) |
|
'show topology isl' truncates switchnames |
9.4(2), 9.4(1a) |
|
show consistency-checker fwd-flow-validation - Adj idx error message has incorrect formatting |
9.4(2a) |
|
'%AUTHPRIV-3-SYSTEM_MSG: pam_unix(nginx:account): PAM conversation fail retval 19' syslog errors |
9.4(2a) |
|
Fabric-binding related commands are not included in show tech detail even if the feature is enabled |
9.4(2a) |
|
'Slowport' events logged when slowport is not configured |
9.2(1a) |
|
The 'rdl' service crashes with signal 11 |
8.4(2c) |
Severity 6 (Enhancement) Issues
Bug ID |
Headline |
Known Impacted Releases |
Conform syslog message to RFC 5424 standard (NILVALUE for STRUCTURED-DATA and MSGID fields) |
9.3(2) |
|
Add module number to 'show hardware internal f32_que/f64_xbar table ipa-pktcapmem' |
9.4(3) |
|
[MDS] Evaluation for CVE-2023-51385 CVE-2023-48795 CVE-2023-51384 CVE-2023-28531 |
9.4(2) |
|
Need meaningful diagnostics when MDS 9700 standby supervisor is in powered-up state |
8.1(1) |
|
Add ability to execute shell command in EXEC mode only |
9.4(2a) 8.4(1), 8.1(1) |
|
Need to include PSU serial number and alarm flags in exception log |
9.4(3) |
|
Add OUI for Nexus 93360YC-FX2 to MDS |
9.4(3b) |
Severity 3 (Moderate) Issues
Bug ID |
Headline |
Known Impacted Releases |
False SMA alarm or warning syslogs triggered for counters after policy activation |
9.4(4) |
|
[MDS] Evaluation for CVE-2024-38796 |
9.4(4) |
|
Congested devices not cleared after 3 rapid SMA service crashes |
9.4(4) |
|
Updating SNMP user password silently changes authentication to MD5 and privacy to AES-128 |
9.4(4) |
|
Duplicate warnings and alarms for tx-overutilization and txwait SMA counters |
9.4(4) |
|
"snmpd" service crash on MDS switch |
9.4(4) |
Severity 4 (Minor) Issues
Bug ID |
Headline |
Known Impacted Releases |
Remove misleading ficon stat 'merge failed' message in non- FICON VSAN |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) |
|
Linecard fails to boot up with '%PORT-5- MODULE_BRINGUP_NOT_ALLOWED' error |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a) 8.4(2e), 8.4(2c) 8.1(1) |
|
Power Supply status of "Powered-dn" causes Amber System Status LED |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a), 9.4(1) |
Severity 6 (Enhancement) Issues
Bug ID |
Headline |
Known Impacted Releases |
Need to automatically sync bootflash:/scripts directory between active and standby sups |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a), 9.4(1) 8.1(1a) |
|
Need to save nonvolatile logs about BIOS programming errors |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(2c), 8.4(2d), 8.4(2e) 8.3(2) |
|
A fabric module with a faulty link to a linecard is not powered down |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a) 8.4(1) |
|
Add option to 'show tech-support' to exclude and include subcommands |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a), 9.4(1) 8.1(1) |
|
Need a syslog warning when number of zone members exceeds maximum supported |
9.4(4) 9.4(3b), 9.4(3a), 9.4(3), 9.4(2a), 9.4(2), 9.4(1a) 8.4(2d) |
MD5 Hash in FCSP
Cisco MDS NX-OS Release 9.4(2) and later releases do not support the MD5 hash algorithm in Fibre Channel Security Protocol (FC-SP) as it is no longer considered secure. The default hash algorithm has been changed to SHA1.
10G and 40G FCoE linecards
Cisco MDS NX-OS Release 9.4(2) and later releases do not support the following FCoE linecards:
● DS-X9848-480K9 – 48-port 10-Gbps FCoE Switching Module
● DS-X9824-960K9 – MDS 9700 24-port 40-Gbps FCoE Switching Module
For more information, see the Cisco MDS 9700 Series Multilayer Directors Hardware Installation Guide.
SDV feature
Cisco MDS NX-OS Release 9.3(2) and later releases do not support Cisco SAN device virtualization (SDV).
Traditional and Smart Licensing Version 1.0 Licenses
Cisco MDS NX-OS Release 9.2(2) and later releases does not support installation of Product Authorization Key (PAK) or Smart Licensing version 1.0 licenses. Licenses are now managed through Smart License using Policy (SLP).
For more information such as how to migrate licenses, see Smart Licensing Using Policy chapter in Cisco MDS 9000 Series Licensing Guide, Release 9.x.
Python 2
Support for Python 2 is deprecated from Cisco MDS NX-OS Release 9.2(2). Python 3 remains supported instead. Python 2 scripts should be checked for compatibility with Python 3 to ensure they continue to function as expected.
For more information, see the Python API chapter in the Cisco MDS 9000 Series Programmability Guide, Release 9.x.
Zoning Features
LUN zoning, read-only zones, and broadcast zones are no longer supported.
If these features are already configured, completely remove all the configurations that include these features before attempting to boot any module. In addition, you cannot configure these features after you bring up any module.
XRC Acceleration License
From Cisco MDS NX-OS Release 8.1(1a), the Cisco Extended Remote Copy (XRC) acceleration license is obsoleted on Cisco MDS 9000 Series Switches due to improvements in the mainframe XRC feature.
Virtual Router Redundancy Protocol (VRRP)
Cisco MDS NX-OS Release 8.3(1) and later releases do not support the VRRP feature on Cisco MDS 9000 Series Switches.
Data Encryption Standard (DES) for SNMP
From Cisco MDS NX-OS Release 8.5(1), AES-128 is the default encryption mechanism for SNMPv3. DES encryption for SNMP is supported only for DES users who upgrade from previous releases to Cisco MDS NX-OS Release 8.5(1). Ensure that you delete all the SNMPv3 users configured with DES encryption before upgrading to Cisco MDS NX-OS Release 8.5(1) and later releases. Any downgrades from Cisco MDS NX- OS Release 8.5(1) will be restricted if any of the SNMPv3 users have DES encryption configured as the privacy protocol. All such users will either need to be deleted or reconfigured to use no privacy protocol or AES128 encryption before downgrading.
For more information, see Cisco MDS 9000 Series System Management Configuration Guide, Release 9.x.
Fabric Performance Impact Notifications (FPIN)
FPIN is not supported on switches that are operating in NPV mode.
FCWA, XRC, DMM, SME
Cisco MDS NX-OS Release 8.1(1) and later releases do not support FCWA, XRC, DMM and SME features.
SAN Extension Tuner
SAN Extension Tuner (SET) is not supported on Cisco MDS 9220i switches in Cisco MDS NX-OS Release 8.5(1) or later.
Fibre Channel Read Diagnostic Parameters
Fibre Channel RDP querying is not supported on NP, Port Channel, or FCoE links.
Slow Drain Detection and Congestion Isolation
ER_RDY is not supported on FC interfaces running at 10 Gbps.
FCIP Support
● In Cisco MDS NX-OS Release 9.2(2) and later releases, simultaneous use of IVR and FCIP Write Acceleration features is not supported on FCIP tunnels configured on Cisco MDS 9700 Director switches.
● On Cisco MDS 24/10 Port SAN Extension Module, configuring multiple FSPF equal cost paths (ECMP) via port channels or non-port channel interfaces with FCIP members in the same VSAN is not a valid configuration. If this is configured, then the traffic flows through only one of the port channels or non-port channel interfaces.
iSCSI Support
iSCSI is not supported on Cisco MDS 9700 Directors with Cisco MDS 24/10 port SAN Extension Modules and Cisco MDS 9220i multiservice fabric switch.
The documentation set for the Cisco MDS 9000 Series includes the documents that are listed in this section. To find a document online, access the following URL:
https://www.cisco.com/en/US/products/ps5989/tsd_products_support_series_home.html
Release Notes
Documentation Suite
https://www.cisco.com/c/en/us/td/docs/storage/san_switches/mds9000/roadmaps/rel90.html
Statement of Volatility
Cisco Nexus Dashboard Fabric Controller (Formerly DCNM)
https://www.cisco.com/en/US/products/ps9369/tsd_products_support_series_home.html
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.