Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes, Release 10.6(1)

Available Languages

Download Options

  • PDF
    (965.2 KB)
    View with Adobe Reader on a variety of devices
Updated:August 14, 2025

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (965.2 KB)
    View with Adobe Reader on a variety of devices
Updated:August 14, 2025
 

 

Note:      Beginning with Release 10.5(3), Cisco provides a single image for NXOS and EPLD images. There will no longer be separate images. Instead, the EPLD image is bundled with all NXOS images and so the image sizes are correspondingly larger.

Here’s the link to the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 10.5(x).

Starting with Release 10.5(3), these three 64-bit images are supported:

·       The 64-bit Cisco NX-OS image file name with nxos64-cs as the prefix (for example, nxos64-cs.10.6.1.F.bin) is supported on all Cisco Nexus 9000 series switches except Cisco Nexus 9500 -R and -R2 switches and line cards and Nexus 9800 switches.

·       The 64-bit Cisco NXOS image file name with nxos64-s1 as the prefix (for example, nxos64-s1.10.6.1.bin) is mandatory on Nexus 9800 switches and N9364E-SG2 switches and is supported from Cisco NXOS Release 10.5(3)F.

·       The 64-bit Cisco NXOS image file name with nxos64-msll as the prefix (for example, nxos64-msll.10.6.1.F.bin) is supported on Cisco Nexus 9000 Series -R and -R2 modular switches.

This document lists the current and past versions of EPLD images and describes how to update them for use with the Cisco Nexus 9000 Series switches.

This document also covers later releases. If a new Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes document isn’t available, that means that these are the latest available numbers for upgrade.

This table lists the changes to this document.

Table 1.        Changes to this Document

Date

Description

August 13, 2025

Release 10.6(1)F became available.

Introduction

The Cisco Nexus 9000 Series NX-OS mode switches contain several programmable logical devices (PLDs) that provide hardware functionalities in all modules. Cisco provides electronic programmable logic device (EPLD) image upgrades to enhance hardware functionality or to resolve known issues. PLDs include electronic programmable logic devices (EPLDs), field programmable gate arrays (FPGAs), and complex programmable logic devices (CPLDs), but they do not include ASICs. In this document, the term EPLD is used for FPGA and CPLDs.

The advantage of having EPLDs for some module functions is that when you need to upgrade those functions, you just upgrade their software images instead of replacing their hardware.

Note:      EPLD image upgrades for a line card disrupt the traffic going through the module because the module must power down briefly during the upgrade. The system performs EPLD upgrades on one module at a time, so at any one time the upgrade disrupts only the traffic going through one module.

Cisco provides the latest EPLD images with each release. Typically, these images are the same as provided in earlier releases but occasionally some of these images are updated. These EPLD image updates are not mandatory unless otherwise specified. The EPLD image upgrades are independent from the Cisco In Service Software Upgrade (ISSU) process, which upgrades the system image with no impact on the network environment.

When Cisco makes an EPLD image upgrade available, these release notes announce their availability, and you can download the EPLD images from https://software.cisco.com/download/navigator.html.

When choosing an EPLD version for upgrade, ensure you have already installed the corresponding NXOS software version first. It is generally not supported to upgrade to a newer EPLD image built for a future version of NXOS while running on an older NXOS version, unless explicitly supported as per the specific EPLD Release Notes. NXOS and EPLD images are labeled for their related version to avoid any unsupported upgrades.

When to Upgrade EPLDs

When new EPLD images are available, the upgrades are always recommended if your network environment allows for a maintenance period in which some level of traffic disruption is acceptable. If such a disruption is not acceptable, then consider postponing the upgrade until a better time.

Note:      The EPLD upgrade operation is a disruptive operation. Execute this operation only at a programmed maintenance time. The system ISSU upgrade is a nondisruptive upgrade.

Note:      The EPLD version is backward compatible. The NXOS software can be downgraded for the switch and the EPLD version does not have to be downgraded to match the older NXOS version.

Switch Requirements

·       The Cisco Nexus 9000 Series switch must be running the Cisco NX-OS operating system.

·       You must be able to access the switch through a console, SSH, or Telnet (required for setting up a switch running in NX-OS mode).

·       You must have administrator privileges to work with the Cisco Nexus 9000 Series switch.

EPLD Upgrades Available for NX-OS Mode Releases 10.4(3) through 10.6(1)

Each EPLD image that you can download from Software Download page is a bundle of EPLD upgrades packaged into a single EPLD image file. Beginning with NXOS Release 10.5(3), this EPLD image file is bundled with NXOS images. There will no longer be separate images. To see the available EPLD versions for the Nexus 9000 standalone and module switches on this release, see the tables.

Note:      All updates to an image are shown in boldface. If more than one release is shown for a column, the boldface applies to the first release listed for the column.

Note:      This release of EPLD addresses the Secure Boot Hardware Tampering vulnerability for Nexus 9000 Series switches. Please refer to this Security Advisory for more information - https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20190513-secureboot.html.

Table 2.        Available EPLD Images for the Cisco Nexus 9200, 9300, 9300-EX, and 9300-FX Platform Switches

Switch or Uplink Module

EPLD
Device

Release 10.4(3)

Release 10.4(4)

Release 10.4(5)

Release 10.5(1)

Release 10.5(2)

Release 10.5(3)

Release 10.6(1)

Cisco Nexus 92348GC-X
(N9K-C92348GC-X)

IOFPGA

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

Cisco Nexus 93108TC-FX
(N9K-C93108TC-FX)

IOFPGA

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

MIFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

Cisco Nexus 93108TC2-FX
(N9K-C93108TC2-FX)

IOFPGA

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

MIFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

Cisco Nexus 93108TC-FX3
(N9K-C93108TC-FX3)

IOFPGA

0x16 (0.022)

0x19 (0.025)

0x20 (0.032)

0x19 (0.025)

0x19 (0.025)

0x20 (0.032)

0x20 (0.032)

MIFPGA

0x12 (0.018)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

Cisco Nexus 93108TC-FX3H
(N9K-C93108TC-FX3H)

IOFPGA

0x8 (0.008)

0x8 x(0.008)

0x8 x(0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

MIFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

Cisco Nexus 93108TC-FX3P
(N9K-C93108TC-FX3P)

IOFPGA

0x8 (0.008)

0x8 x(0.008)

0x8 x(0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

MIFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

Cisco Nexus 9316D-GX
(N9K-C9316D-GX)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

MIFPGA

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

Cisco Nexus 93180YC-FX3
(N9K-C93180YC-FX3)

IOFPGA

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

MIFPGA

0x18 (0.024)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

Cisco Nexus 93180YC-FX3S
(N9K-C93180YC-FX3S)

IOFPGA

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

MIFPGA

0x17 (0.023)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

Cisco Nexus 93180YC-FX3H
(N9K-C93180YC-FX3H)

IOFPGA

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

MIFPGA

0x18 (0.024)

0x20 (0.032

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

Cisco Nexus 93180YC-EX
(N9K-C93180YC-EX)

IOFPGA

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

MIFPGA

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

Cisco Nexus 93180YC-FX
(N9K-C93180YC-FX)

IOFPGA

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

MIFPGA

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

Cisco Nexus 93216TC-FX2
(N9K-C93216TC-FX2)

IOFPGA

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

MIFPGA

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

MIFPGA2

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

Cisco Nexus 93240YC-FX2
(N9K-C93240YC-FX2)

IOFPGA

0x18 (0.023)

0x18 (0.023)

0x18 (0.023)

0x18 (0.023)

0x18 (0.023)

0x18 (0.023)

0x18 (0.023)

MIFPGA

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

MIFPGA2

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

Cisco Nexus 9332C (N9K-C9332C)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

MIFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

Cisco Nexus 9332D-GX2B
(N9K-C9332D-GX2B)

IOFPGA

0x13 (0.019)

0x13 (0.019)

0x14 (0.020)

0x13 (0.019)

0x13 (0.019)

0x14 (0.020)

0x14 (0.020)

MIFPGA

0x15 (0.021)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

Cisco Nexus 9332D-H2R
(N9K-C9332D-H2R)

IOFPGA

0x18 (0.024)

0x20 (0.032)

0x20 (0.032)

0x18 (0.023)

0x20 (0.032)

0x20 (0.32)

0x22 (0.034)

MIFPGA

0x10 (0.016)

0x12 (0.018)

0x13 (0.019)

0x10 (0.016)

0x12 (0.018)

0x13 (0.019)

0x13 (0.019)

Cisco Nexus 9336C-FX2
(N9K-C9336C-FX2)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

MIFPGA

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

Cisco Nexus 9336C-FX2-E
(N9K-C9336C-FX2-E)

IOFPGA

0x13 (0.019)

0x13 (0.019)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

MIFPGA

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

Cisco Nexus 9336C-SE1
(N9K-C9336C-SE1)

IOFPGA

N/A

N/A

N/A

N/A

N/A

N/A

0x22 (0.034)

MIFPGA

N/A

N/A

N/A

N/A

N/A

N/A

0x10 (0.016)

Cisco Nexus 93360YC-FX2
(N9K-C93360YC-FX2)

IOFPGA

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

MIFPGA0

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

MIFPGA1

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

Cisco Nexus 9348GC-8U-FXP
(N9K-C9348GC-FXP)

IOFPGA

N/A

N/A

N/A

N/A

N/A

N/A

0x3 (0.003)

MIFPGA

N/A

N/A

N/A

N/A

N/A

N/A

0x4 (0.004)

Cisco Nexus 9348GC-FXP
(N9K-C9348GC-FXP)

IOFPGA

0x14 (0.020)

0x14 (0.020)  

0x14 (0.020)  

0x14 (0.020)  

0x14 (0.020)  

0x14 (0.020)  

0x14 (0.020)  

MIFPGA

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

Cisco Nexus 9348GC-FXP
(N9K-C9348GC2-FXP)

IOFPGA

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

MIFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

Cisco Nexus 93600CD-GX
(N9K-C93600CD-GX)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

MIFPGA

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

Cisco Nexus 9348GC-FX3
(N9K-C9348GC-FX3)

IOFPGA

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

MIFPGA

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

Cisco Nexus 9348GC-FX3PH
(N9K-C9348GC-FX3PH)

IOFPGA

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

MIFPGA

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

Cisco Nexus 9348Y2C6D-SE1U
(N9K-9348Y2C6D-SE1U)

IOFPGA

N/A

N/A

N/A

N/A

N/A

N/A

0x5 (0.005)

MIFPGA

N/A

N/A

N/A

N/A

N/A

N/A

0x7 (0.007)

Cisco Nexus 9364C (N9K-C9364C)

IOFPGA

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

MIFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

MIFPGA2

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

Cisco Nexus 9364C-H1 (N9K-C9364C-H1)

IOFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x12 (0.018)

0x12 (0.018)

0x13 (0.019)

MIFPGA

0x15 (0.021)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

Cisco Nexus 9364C-GX
(N9K-C9364C-GX)

IOFPGA

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

MIFPGA

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

MIFPGA2

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

0x4 (0.004)

Cisco Nexus 9364D-GX2A (N9K-C9364D-GX2A)

IOFPGA

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

MIFPGA0

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

MIFPGA2

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

Cisco Nexus 9348D-GX2A (N9K-C9348D-GX2A)

IOFPGA

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

MIFPGA

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

MIFPGA2

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

Cisco Nexus 93400LD-H1 (N9K-C93400LD-H1)

MIFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

IOFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

Cisco Nexus 9324C-SE1U (N9324C-SE1U)

MIFPGA

N/A

N/A

N/A

N/A

N/A

0x18 (0.024)

0x18 (0.024)

IOFPGA

N/A

N/A

N/A

N/A

N/A

0x09 (0.09)

0x11 (0.17)

Cisco Nexus 9364E-SG2 (N9364E-SG2-O)

MIFPGA

N/A

N/A

N/A

N/A

N/A

0x010008

0x010008

IOFPGA

N/A

N/A

N/A

N/A

N/A

0x010007

0x010007

TAM FPGA

N/A

N/A

N/A

N/A

N/A

0x7000c

0x7000c

FB FPGA

N/A

N/A

N/A

N/A

N/A

0x1000d

0x1000d

Cisco Nexus 9364E-SG2 (N9364E-SG2-Q)

MIFPGA

N/A

N/A

N/A

N/A

N/A

0x010008

0x010008

IOFPGA

N/A

N/A

N/A

N/A

N/A

0x010007

0x010007

TAM FPGA

N/A

N/A

N/A

N/A

N/A

0x7000c

0x7000c

FB FPGA

N/A

N/A

N/A

N/A

N/A

0x1000d

0x1000d

Cisco Nexus 9358GY-FXP (N9358GY-FXP)

IOFPGA

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

Cisco Nexus N9K-C92348GC-FX3 (N92348GC-FX3)

MIFPGA

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

0x08 (0.008)

IOFPGA

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

 

Table 3.        Available EPLD Images for the Cisco Nexus 9400 Switches

Component 

EPLD
Device

Release 10.4(3)

Release 10.4(4)

Release 10.4(5)

Release 10.5(1)

Release 10.5(2)

Release 10.5(3)

Release 10.6(1)

Cisco Nexus 9408 (N9K-C9408)

IOFPGA

0x29 (0.041)

0x29 (0.041)

0x29 (0.041)

0x29 (0.041)

0x29 (0.041)

0x29 (0.041)

0x29 (0.041)

MIFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

22 Port (N9K-X9400-22L)

LEM MIFPGA

0x07 (0.007)

0x08 (0.008)

0x20 (0.032)

0x08 (0.008)

0x20 (0.032)

0x20 (0.032)

0x20 (0.032)

16 Port LEM (N9K-X9400-16W)

LEM MIFPGA

0x15 (0.021)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

8 Port LEM (N9K-X9400-8D)

LEM MIFPGA

0x15 (0.021)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

0x16 (0.022)

 

Table 4.        Available EPLD Images for the Cisco Nexus 9500 Platform Switches

Component 

EPLD
Device

Release 10.4(3)

Release 10.4(4)

Release 10.4(5)

Release 10.5(1)

Release 10.5(2)

Release 10.5(3)

Release 10.6(1)

Supervisor A (N9K-SUP-A)

IOFPGA

0x32 (0.050)

0x32 (0.050)

0x32 (0.050)

0x32 (0.050)

0x32 (0.050)

0x32 (0.050)

0x32 (0.050)

Supervisor A+ (N9K-SUP-A+)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

Supervisor B (N9K-SUP-B)

IOFPGA

0x30 (0.049)

0x30 (0.049)

0x30 (0.049)

0x30 (0.049)

0x30 (0.049)

0x30 (0.049)

0x30 (0.049)

Supervisor B+ (N9K-SUP-B+)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

System Controller (N9K-SC-A)

IOFPGA

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

0x23 (0.035)

32-port 100-Gigabit QSFP28 line card
(N9K-X9732C-EX) (for –E fabric modules)

IOFPGA

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

0x13 (0.019)

MIFPGA

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

32-port 100-Gigabit QSFP28 line card
(N9K-X9732C-EXM) (for –E fabric modules)

IOFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

MIFPGA

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

36-port 100-Gigabit QSFP28 line card (N9K-X9732C-FX)

IOFPGA

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

MIFPGA

0x2 (0.002)

0x2 (0.002)

0x2 (0.002)

0x2 (0.002)

0x2 (0.002)

0x2 (0.002)

0x2 (0.002)

16-port 400-Gigabit QSFP-DD line card (N9K-X9716D-GX)

IOFPGA

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

MIFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

36-port 100-Gigabit QSFP28 line card
(N9K-X9736C-EX)

IOFPGA

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

MIFPGA

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

36-port 100-Gigabit QSFP28 line card
(N9K-X9736C-FX)

IOFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

MIFPGA

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

36-port 100-Gigabit QSFP28 line card
(N9K-X9736C-FX3)

IOFPGA

N/A

N/A

N/A

N/A

0x5 (0.005)

0x5 (0.005)

0x7 (0.007)

MIFPGA

N/A

N/A

N/A

N/A

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

36-port 100-Gigabit QSFP28 line card
(N9K-X9736Q-FX)

IOFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

MIFPGA

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

48-port 1-/10-/25-Gigabit SFP28 and
4-port 40-/100-Gigabit QSFP28 line card
(N9K-X97160YC-EX)

IOFPGA

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

0x15 (0.021)

MIFPGA

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

0x5 (0.005)

48-port 10-Gigabit SFP+ and
4-port 100-Gigabit QSFP28 line card (N9K-X9788TC-FX)

IOFPGA

0x7 (0.007)

0x6 (0.006)

0x6 (0.006)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

MIFPGA

0x6 (0.006)

0x3 (0.003)

0x3 (0.003)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

48-port 10-Gigabit SFP+ and
4-port 100-Gigabit QSFP28 line card (N9K-X9788TC2-FX)

IOFPGA

0x6 (0.006)

0x18 (0.024)

0x18 (0.024)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

0x6 (0.006)

MIFPGA

0x3 (0.003)

0x11 (0.017)

0x11 (0.017)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

Fabric module for Cisco Nexus 9504
100-Gigabit –EX line (N9K-C9504-FM-E)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

Fabric module for Cisco Nexus 9504
100-Gigabit –G line (N9K-C9504-FM-G)

IOFPGA

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

Fabric module for Cisco Nexus 9508
100-Gigabit –EX line cards
(N9K-C9508-FM-E)

IOFPGA

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

0x14 (0.020)

Fabric module for Cisco Nexus 9508
100-Gigabit –EX line (N9K-C9508-FM-E2)

IOFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

Fabric module for Cisco Nexus 9508
100-Gigabit –G line (N9K-C9508-FM-G)

IOFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

Fabric module for Cisco Nexus 9516
100-Gigabit -EX and -FX line cards
(N9K-C9516-FM-E2)

MIFPGA

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

0x11 (0.017)

IOFPGA

0x8 (0.008)

0x18 (0.024)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

0x8 (0.008)

 

Table 5.        Available EPLD Images for the Cisco Nexus 9500 Switches with R Line Card

Component 

EPLD
Device

Release 10.4(3)

Release 10.4(4)

Release 10.4(5)

Release 10.5(1)

Release 10.5(2)

Release 10.5(3)

Release 10.6(1)

24-port 100-Gigabit QSFP28 line card (N9K-X9624CD-R2)

IOFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

MIFPGA

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

36-port 100-Gigabit QSFP28 line card (N9K-X9636C-RX)

IOFPGA

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

0x18 (0.024)

MIFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

36-port 100-Gigabit QSFP28 line card (N9K-X9636C-R)

IOFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

MIFPGA

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

0x9 (0.009)

36-port 40-Gigabit QSF+ line card
(N9K-X9636Q-R)

IOFPGA

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

0x19 (0.025)

MIFPGA

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

0x3 (0.003)

52-port 100-Gigabit –R line cards
(N9K-X96136YC-R)

 

IOFPGA

0xD

0xD

0xD

0xD

0xD

0xD

0xD

MIFPGA

0xF

0xF

0xF

0xF

0xF

0xF

0xF

DBFPGA

0xE

0xE

0xE

0xE

0xE

0xE

0xE

Fabric module for Cisco Nexus 9504
100-Gigabit –R line cards
(N9K-C9504-FM-R)

IOFPGA

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x7 (0.007)

0x8 (0.008)

Fabric module for Cisco Nexus 9508
100-Gigabit –R line cards (N9K-C9508-FM-R)

IOFPGA

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

0x10 (0.016)

F abric module for Cisco Nexus 9508
100-Gigabit –R line cards (N9K-C9508-FM-R2)

IOFPGA

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

0x12 (0.018)

 

Table 6.        Available EPLD Images for the Cisco Nexus 9800 Platform Switches

Component 

EPLD
Device

Release 10.4(3)

Release 10.4(4)

Release 10.4(5)

Release 10.5(1)

Release 10.5(2)

Release 10.5(3)

Release 10.6(1)

N9K-C9800-SUP-A

TMFPGA

0x010006

0x010006

0x010006

0x010006

0x010006

0x010006

0x010006

IOFPGA

0x010020

0x010020

0x010020

0x010020

0x010020

0x010020

0x010027

N9K-X9836DM-A

IOFPGA

0x10030

0x10030

0x10030

0x10030

0x10030

0x10033

0x10033

MIFPGA

0x1000e

0x1000e

0x1000e

0x1000e

0x1000e

0x10013

0x10014

N9K-X98900CD-A

IOFPGA

0x0005b

0x00061

0x00061

0x00061

0x00061

0x00061

0x00061

MIFPGA

0x1000c

0x1000c

0x1000c

0x1000c

0x1000c

0x1000c

0x1000c

N9K-C9804-FM-A

MIFPGA

0x10002

0x10002

0x10002

0x10002

0x10002

0x10006

0x10006

N9K-C9808-FM-A

MIFPGA

0x10002

0x10002

0x10002

0x10002

0x10002

0x10006

0x10006

 

Determining Whether to Upgrade EPLD Images

If the current EPLD image number for a card is greater than or matches the version expected for your current NXOS software version, you can skip the upgrade.

·       To determine the EPLD upgrades needed for a Cisco Nexus 9000 Series switch running 10.6(1) software, use the show install impact epld bootflash:<image-name> command on that switch, where the image-name given is nxos64-cs.10.6.1.F.bin or nxos64-msll.10.6.1.F.bin or nxos64-s1.10.6.1.F.bin. First, copy this file to the bootflash to proceed. In this example, the MIFPGA and IOFPGA EPLD images do not need to be upgraded.

Note:      The CLI content in this document is only an example. The CLI output might change depending on the hardware/software.

switch# show install all impact epld nxos64-cs.10.6.1.F.bin

Retrieving EPLD versions.... Please wait.

Images will be upgraded according to following table:

Module     Type        EPLD          Running-Version    Flashed-Version     New-Version        Upg-Required

------      ----        -----          --------------          ---------- -                -- -------------------

         1      SUP       MI FPGA             0x09                      0x09                       0x09                       No

         1      SUP       IO FPGA             0x18                      0x18                       0x18                        No

       27      SUP       MI FPGA             0x09                      0x09                       0x09                        No

       27      SUP       IO FPGA             0x18                       0x18                       0x18                       No

Compatibility check:

Module         Type          Upgradable               Impact                       Reason              

 -----           ----          ----------               -------                   ----------------

         27          SUP            Yes                       disruptive              Module Upgradable

switch#

EPLD Upgrade Using Install EPLD Command

To install the EPLD upgrades needed for a Cisco Nexus 9000 Series switch running 10.5(3) software, use the install epld bootflash:<image-name> module all command on that switch. Where the image-name given is nxos64-cs.10.6.1.F.bin or nxos64-msll.10.6.1.F.bin or nxos64-s1.10.6.1.F.bin. First, copy this file to the bootflash to proceed. In this example, the MIFPGA and IOFPGA EPLD images need to be upgraded.

Note:      The CLI content in this document is only an example. The CLI output might change depending on the hardware/software.

switch# install epld bootflash:nxos64-cs.10.6.1.F.bin module all

Compatibility check:

Module           Type             Upgradable               Impact                 Reason  

------             ----             ---------                ------                 -------

      27             SUP              Yes                          disruptive             Module Upgradable

Retrieving EPLD versions.... Please wait.

Images will be upgraded according to the following table:

Module       Type       EPLD          Running-Version       Flashed-Version     New-Version         Upg-Required

       27        SUP       MI FPGA         0x09                     0x09                        0x09                          No

       27        SUP       IO FPGA          0x15                    0x15                         0x18                         Yes

The above modules require upgrade. EPLD Upgrade may result in multiple modules going offline. The switch will be reloaded at the end of the upgrade.

Do you want to continue   (y/n)    ?     [n]   y

Proceeding to upgrade Modules.

Starting Module 27 EPLD Upgrade

Module 27 :      IO FPGA      [Programming] :  100.00%     (           64 of            64 sectors)

Module 27 EPLD upgrade is successful…

Module               Type                  Upgrade-Result

-------               -----                --------------

         27               SUP                  Success

Module 27 EPLD upgrade is successful.

Module               Type                   Upgrade-Result

------                ----                    ----------------

          27           SUP                        Success

 

Reseting Active SUP (Module 27) FPGAs.  
Please wait...

Reload in 10 seconds......

switch#

 

EPLD Upgrade During Install All

Beginning with Release 10.5(3), the EPLD image can be upgraded along with the nxos image during install all. To upgrade your EPLD image using the install all command, use install all nxos <image-name>. This command will upgrade both NXOS and EPLD, if required.

switch# install all nxos bootflash:nxos64-cs.10.6.1.F.bin

Installer will perform compatibility check first. Please wait.

Installer is forced disruptive    

Verifying image bootflash:/nxos64-cs.10.6.1.F.bin for boot variable "nxos".

[####################] 100% -- SUCCESS

Verifying EPLD/FPGA image //bootflash/nxos64-cs.10.6.1.F.bin.

[####################] 100% -- SUCCESS

Verifying image type.

[####################] 100% -- SUCCESS

Preparing "nxos" version info using image bootflash:/nxos64-cs.10.6.1.F.bin.

[####################] 100% -- SUCCESS

Preparing "bios" version info using image bootflash:/nxos64-cs.10.6.1.F.bin.

[####################] 100% -- SUCCESS

Performing module support checks.

[####################] 100% -- SUCCESS

Notifying services about system upgrade.

[####################] 100% -- SUCCESS

 

 

 

 

 

Compatibility check is done:

Module         bootable           Impact                Install-type          Reason                              

------          -------            --------            ----------          ---------------------

         1          yes                  disruptive            reset                     default upgrade is not hitless

       27          yes                  disruptive            none                     default upgrade is not hitless

 

 

Images will be upgraded according to the following table:

Module          Image         Running-Version(pri:alt)                          New-Version                   Upg-Required 

          1          lcn9k                                    10.5(3)                          10.6(1)                                             Yes

        27          nxos                                     10.5(3)                          10.6(1)                                              Yes

        27           bios     v05.53(01/22/2025):v05.43(11/22/2020)     v05.53(01/22/2025)                          No

 

FPGA microcode will be upgraded according to the following table:

Module       Type        EPLD            Running-Version     Flashed-Version    New-Version        Upg-Required

        27       SUP        MI FPGA        0x09                          0x09                      0x09                        No

        27       SUP        IO FPGA        0x15                      0x15                          0x18                        Yes

 

EPLD Upgrade may result in multiple modules going offline.

 

Switch will be reloaded for disruptive upgrade.

Do you want to continue with the installation   (y/n) ?   [n]   y

 

Install is in progress, please wait.

[#          ] 0%

Setting boot variables.

[####################] 100%

Performing configuration copy.

[####################] 100% -- SUCCESS

Performing configuration copy.

[####################] 100% -- SUCCESS

 

Module 1: Refreshing compact flash and upgrading bios/loader/bootrom.

Warning: please do not remove or power off the module at this time.

[#         ]  0%

 

Module 1: Refreshing compact flash and upgrading bios/loader/bootrom.

Warning: please do not remove or power off the module at this time.

[####################] 100% -- SUCCESS

 

Module 27: Refreshing compact flash and upgrading bios/loader/bootrom.

Warning: please do not remove or power off the module at this time.

[#      ]  0%

 

Module 27: Refreshing compact flash and upgrading bios/loader/bootrom.

Warning: please do not remove or power off the module at this time.

[####################] 100% -- SUCCESS

 

Performing EPLD/FPGA upgrade .

[#      ] 0%

 

Performing EPLD/FPGA upgrade.

[####################] 100% -- SUCCESS

 

Finishing the upgrade, switch will reboot in 10 seconds.

switch#

 

EPLD upgrades are disruptive. For non-disruptive NXOS system upgrade, use the install all nxos <image-name> non-disruptive command. This command will upgrade and load a new NXOS version and program the EPLD. However, explicit power cycle or reload of the switch is required for the new EPLD image to take effect.

To upgrade only NXOS, you can use the skip-epld option. Use this command:  install all nxos <image-name> skip-epld

For additional information about ISSU, please see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide.

Displaying the Status of EPLD Upgrades

To display the status of EPLD upgrades on the switch, use the show install epld status command.

Limitations

When EPLDs are upgraded, apply these guidelines and observations:

●     If a module is not online, you cannot upgrade its EPLD images.

●     If there are two supervisors that are installed in the switch (Cisco Nexus 9504, 9508, and 9516 switches only), you can either upgrade only the standby or upgrade all modules (including both supervisor modules) by using these commands:

    install epld bootflash:<image-name> module standby-supervisor-slot-number (upgrades only the standby supervisor module)

Note:      After you use this command, you can switchover the active and standby supervisor modules and then upgrade the other supervisor.

    install epld bootflash:<image-name> module all (upgrades all of the modules)

●     If there is only one supervisor installed in the switch, the upgrade or downgrade of the EPLD images is disruptive.

Cisco Secure Boot Hardware Tampering Vulnerability

This section details updating your EPLD version for affected switches listed in the link below. The table provides the PIDs exposed to the issue, as well as the fixed IO FPGA version for each PID, for validation purposes.

Secure Boot Hardware Tampering Vulnerability advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Vulnerable Products

These are the vulnerable products addressed in the Secure Boot Tampering Security Advisory (cisco-sa-20190513-secureboot).

Table 7.        Nexus 9000 Series Switches affected by the Secure Boot Hardware Tampering Vulnerability

PID

Fixed IO FPGA Version

N9K-C93180YC-EX

0x15

N9K-C93108TC-EX

0x15

N9K-C93180YC-FX

0x20

N9K-C93108TC-FX

0x20

N9K-C9348GC-FXP

0x10

N9K-C93240YC-FX2

0x10

N9K-C9336C-FX2

0x10

N9K-C9364C

0x6

N9K-C9332C

0x10

N9K-C93180YC-FX

0x20

N9K-C9232C

0x8

N9K-SUP-A+

0x14

N9K-SUP-B+

0x14

N9K-SUP-B

0x30

N9K-SUP-A

0x30

Cisco Secure Boot Hardware Tampering Vulnerability - Remediation Steps

Nexus 9000 Modular chassis with dual supervisor

Note:      RequirementUpdate both Golden and Primary regions of FPGA to address this particular vulnerability. It is by design that we don't allow updating both primary and golden at the same time (to avoid programming errors that may cause switch to not boot, so only one region is allowed to be programmed per reload).

Note:      Beginning with Release 10.5(3), Cisco provides a single image for NXOS and EPLD images. There will no longer be separate images. Instead, the EPLD image is bundled with all NXOS images and so the image sizes are correspondingly larger.

Please do not attempt to upgrade Golden region of the FPGA once it is on a fixed version.

1.     Copy the EPLD image to bootflash (e.g., this document will use the nxos64-cs.10.6.1.F.bin image).

2.     If you have dual supervisors, determine which is the standby supervisor by doing 'show module' to verify the status of the supervisors, and start upgrading the standby first. On the Nexus 9500, only supervisors need to be upgraded to address this vulnerability. Line cards/fabric modules/system controllers are not affected.

3.     Assuming the standby supervisor is slot 28, update the Primary FPGA region of the standby supervisor.

install epld bootflash: nxos64-cs.10.6.1.F.bin module 28

Expected result: The switch will update the primary EPLD of the standby supervisor and will reload the standby supervisor module automatically. Please don't interrupt, power cycle, or reload when EPLD update is happening. Once the standby is rebooted, it will again come up as the standby supervisor.  The command show version module 28 epld will continue to show the old version.

Note:    The CLI sequence used in this document is just an example. Your CLI sequence can be confirmed directly on the switch.

switch# show mod | grep SUP

27   0    Supervisor Module                     N9K-SUP-A             active *

28   0    Supervisor Module                     N9K-SUP-A             ha-standby           <<< standby supervisor

27   10.3(5)               1.0    SUP1

28   10.3(5)               0.3011 SUP2

switch# show version module 28 epld

EPLD Device                     Version

---------------------------------------

IO FPGA                          0x27

This is expected, as the switch would have booted from Golden FPGA which is still not updated. You can verify this from the syslog which would say:

%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 28 IOFPGA booted from Golden

4.     Update the Golden (also called backup) FPGA region of the standby supervisor.

install epld bootflash: nxos64-cs.10.6.1.F.bin module 28 golden

Module 28 : IO FPGA [Programming ] : 100.00% ( 64 of 64 total sectors)

Module 28 EPLD upgrade is successful.

Module        Type  Upgrade-Result

------  ------------------  --------------

28         SUP         Success

Expected result: Switch will update the golden EPLD of the standby supervisor and will reload the standby supervisor module automatically. Please don't interrupt, power cycle, or reload when EPLD update is happening. Once standby is booted, it will again come up as the standby supervisor.

Once this is done, check show version module 28 epld to confirm the FPGA version is greater than or equal to the fixed version for the standby supervisor.  Your switch has the fixed version for standby supervisor.

 

switch# show version module 28 epld

EPLD Device                     Version

---------------------------------------

IO FPGA                          0x30

Repeat Steps 3 and 4 for the active supervisor. At the end of Step 3, the supervisor in slot 27 will reload and so now will become the standby supervisor. The active supervisor will be the supervisor in slot 28.

For the situation where the active supervisor is in the other slot, considering SUP 27 is active to begin with, for the above activity, such as Steps 3 and 4, commands would have swapped 27 in place of 28.

Log below shows what happens when the EPLD upgrade happens for the active supervisor:

Module 27 : IO FPGA [Programming] : 100.00% (64 of 64 sectors)

Module 27 EPLD upgrade is successful.

Module        Type  Upgrade-Result

------  ------------------  --------------

27         SUP         Success 

EPLDs upgraded. Performing switchover.

Once the supervisor in Slot 27 becomes ha-standby, complete Step 4 for Slot 27 and it will again boot and become the ha-standby.  Both the supervisors now have the vulnerability fixed version of the FPGA.

At the end of the upgrades, the switch should boot with the primary EPLD image for both SUPs, as seen in the logs below:

switch# show logging log | grep -i fpga | grep -i 27

2019 Jul 10 07:55:04 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 27 IOFPGA booted from Primary

switch# show logging log | grep -i fpga | grep -i 28

2019 Jul 10 07:58:01 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 28 IOFPGA booted from Primary

Nexus 9000 Modular chassis with single supervisor

Note:      RequirementUpdate both Golden and Primary regions of FPGA to address this vulnerability. It is by design that we don't allow updating both primary and golden at the same time (to avoid programming errors that may cause switch to not boot, so only one region is allowed to be programmed per reload).

Please do not attempt to upgrade Golden region of FPGA once it is on a fixed version.

1.     Copy the NXOS image to bootflash (e.g., this document will use the nxos64-cs.10.6.1.F.bin image).

2.     Assuming the supervisor is in slot 27, update the Primary FPGA region.

install epld bootflash: nxos64-cs.10.6.1.F.bin module 27

Expected result: Switch will update the primary EPLD of the supervisor and will reload the switch automatically. Please don't interrupt, power cycle, or reload when EPLD update is happening. Once the supervisor is booted, the command show version module 27 epld will continue to show the old version.

Note:    The CLI sequence used in this document is just an example. Your CLI sequence can be confirmed directly on the switch.

Switch#show version module 27 epld

-------------------------------------------------------------------

Name                     InstanceNum           Version        Date

-------------------------------------------------------------------

IO FPGA                          0              0x27       20160111

BIOS version                     v08.35(08/31/2018)

Alternate BIOS version           v08.32(10/18/2016)

This is expected, as the switch would have booted from the Golden FPGA which is still not updated. You can verify this from the syslog which would say:

%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 27 IOFPGA booted from Golden

3.     Since in this case there is only one supervisor, next update the Golden (also called the backup) FPGA region.

install epld bootflash: nxos64-cs.10.6.1.F.bin module 27 golden

Module 27 : IO FPGA [Programming] : 100.00% (64 of 64 total sectors)

Module 27 EPLD upgrade is successful.

Module        Type  Upgrade-Result

------  ------------------  --------------

  27         SUP         Success

Expected result: The switch will update the golden EPLD of the supervisor and will reload the switch automatically. Please don't interrupt, power cycle, or reload the device while the EPLD update is in progress.

Once this is done, when you check the command show version module 27 epld to confirm that the FPGA version is greater than or equal to the fixed version for the supervisor. Your supervisor now has the vulnerability fixed version of FPGA.

 

Switch# show version module 27 epld

-------------------------------------------------------------------

Name                     InstanceNum           Version        Date

-------------------------------------------------------------------

IO FPGA                          0              0x30       20190625

BIOS version                     v08.35(08/31/2018)

Alternate BIOS version           v08.32(10/18/2016)

At the end of the upgrades, the switch should boot with the primary EPLD for the supervisor. The log to check is seen below:

switch# show logging log | grep -i fpga | grep -i 27

2019 Jul 10 07:55:04 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 27 IOFPGA booted from Primary

 

IMPORTANT NOTE:

If you attempt to upgrade the Golden region of the FPGA once it is on the fixed version, the system will not automatically allow you to upgrade the Golden region of the supervisor and will provide the prompt seen below:

 

switch# install epld bootflash: nxos64-cs.10.6.1.F.bin module all golden

Digital signature verification is successful                        

Compatibility check:                                                

Module        Type         Upgradable        Impact   Reason        

------  -----------------  ----------    ----------   ------        

    22             FM           Yes       disruptive   Module Upgradable

    24             FM           Yes       disruptive   Module Upgradable

    27            SUP            No             none   Golden Not Upgradable

    28            SUP            No             none   Golden Not Upgradable

    29             SC           Yes       disruptive   Module Upgradable   

    30             SC           Yes       disruptive   Module Upgradable   

 

Retrieving EPLD versions.... Please wait.

Images will be upgraded according to this table:

Module  Type   EPLD              Running-Version   New-Version  Upg-Required

------  ----  -------------      ---------------   -----------  ------------

    22    FM  IO FPGA                   0x19        0x19            Yes    

    24    FM  IO FPGA                   0x19        0x19            Yes    

    29    SC  IO FPGA                   0x17        0x20            Yes    

    30    SC  IO FPGA                   0x17        0x20            Yes    

Module 27 (EPLD ver 0x29) Golden upgrade not supported                     

Module 28 (EPLD ver 0x30) Golden upgrade not supported                     

The above modules require upgrade.                                         

Since both System Controller modules need an upgrade,a chassis reload will happen at the end of the upgrade.

Do you want to continue (y/n) ?  [n] y

Nexus 9000 TOR (standalone chassis) switch

Note:      It is required to update both the Golden and Primary regions of the FPGA to address this vulnerability. It is by design that we don't allow updating both primary and golden at the same time (to avoid programming errors that may lead to switch boot failure), so only one FPGA region is allowed to be programmed per reload.

Please do not attempt to upgrade Golden region of FPGA once it is on a fixed version.

1.     Copy the EPLD image to bootflash (e.g., this document will use the nxos64-cs.10.6.1.F.bin image).

2.     Update the Primary FPGA region.

install epld bootflash: nxos64-cs.10.6.1.F.bin module all

Expected result: The switch will update the EPLD and will reload automatically. Please don't interrupt, power cycle, or reload the switch while the EPLD update is in progress.  The switch will boot up with the golden FPGA. The command show version module 1 epld will show the old IO FPGA version at this time. This is expected.

Note:    The CLI sequence used in this document is just an example. Your CLI sequence can be confirmed directly on the switch.

Switch# show version module 1 epld

-------------------------------------------------------------------

Name                     InstanceNum           Version        Date

-------------------------------------------------------------------

IO FPGA                          0              0x06       20180920

MI FPGA                          0              0x01       20170609

BIOS version                     v01.14(06/15/2019)

Alternate BIOS version           v01.12(07/25/2018)

You can verify this from syslog which would say:

%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 1 IOFPGA booted from Golden

%CARDCLIENT-2-FPGA_BOOT_GOLDEN: IOFPGA booted from Golden

3.     Update the Golden (also called backup) FPGA region.

install epld bootflash: nxos64-cs.10.6.1.F.bin module all golden

Expected result: The switch will update the EPLD image and will reload automatically. Please don't interrupt, power cycle, or further reload the switch when the EPLD update is in progress.

Once this is done, when you check show version module 1 epld, you will see an FPGA version that is greater than or equal to the fixed version.

Switch# show version module 1 epld

-------------------------------------------------------------------

Name                     InstanceNum           Version        Date

-------------------------------------------------------------------

IO FPGA                          0              0x07      20180920

MI FPGA                          0              0x01       20170609

BIOS version                     v01.14(06/15/2019)

Alternate BIOS version           v01.12(07/25/2018)

After the upgrade is complete, the switch should boot up with the primary EPLD image as shown in the logs below:

Switch# show logging log | grep -i fpga

2019 Jul  9 19:46:11 switch %CARDCLIENT-2-FPGA_BOOT_PRIMARY: IOFPGA booted from Primary

2019 Jul  9 19:46:11 switch %CARDCLIENT-2-FPGA_BOOT_PRIMARY: MIFPGA booted from Primary

2019 Jul  9 19:46:11 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 1 IOFPGA booted from Primary

2019 Jul  9 19:46:11 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 1 MIFPGA booted from Primary

Related Documentation

The entire Cisco NX-OS 9000 Series documentation set.

Release Notes

The entire Cisco NX-OS 9000 Series release notes set.

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com. We appreciate your feedback.

Legal Information

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2025 Cisco Systems, Inc. All rights reserved.

Learn more