Cisco NX-OS Release 11.0(1b) Release Notes
for Cisco Nexus 9000 Series ACI-Mode Switches

---

. Additional product documentation is listed in the “Related Documentation” section.

shows the online change history for this document.

Table 1 Online History Change

Date	Description
August 04, 2014	Created release notes for Release 11.0(1b).
August 14, 2014	Added several Known Behaviors related to clustering.
August 19, 2014	Added a Known Behavior about warm standby (stateless mode) for the supervisor module of a Cisco Nexus 9508 ACI-Mode switch.
August 22, 2014	Added CSCuo20106 to the Open CaveatsThis section lists the open caveats in Cisco NX-OS Release 11.0(1b). Click the Bug ID shown in Table 4 to access the Bug Search Tool and see additional information about the bug. section.
September 18, 2014	Added the Licensing Information section.
October 1, 2014	Removed the Licensing Information section.
October 6, 2014	Added the Software Upgrade Recommendation section.
October 20, 2014	Added “Resolved Caveats”section. Moved bug ID CSCuo81718 from Open Caveats to Resolved Caveats.
November 18, 2014	Added “Supported FEX Models”.
January 12, 2015	Removed ICMP from the protocol list in the “Usage Guidelines”.
February 2, 2015	Added a link to the APIC release notes in the “Usage Guidelines”.

Contents

This document includes the following sections:

• Introduction
• Cisco Nexus 9000 Series ACI-Mode
• Switch Features
• Software Upgrade Recommendation
• Supported Hardware
• Supported FEX Models
• Installation Notes
• Compatibility Information
• Usage Guidelines
• Caveats
• Related Documentation

Introduction

The Cisco Application Centric Infrastructure (ACI) is an architecture that allows the application to define the networking requirements in a programmatic way. This architecture simplifies, optimizes, and accelerates the entire application deployment life cycle.

guide provides complete details about the ACI, including its two major components:

• Cisco Application Policy Infrastructure Controller (APIC)
• ACI Fabric, including Cisco Nexus 9000 spine and leaf switches

guide also includes a glossary of terms that are used in the ACI.

Key features of the ACI include the following:

• Simplified automation with an application-driven policy model
• Common platform for managing physical, virtual, and cloud-based environments
• Centralized visibility with real-time, application health monitoring
• Operational simplicity, with common policy, management, and operation models across application, network, and security resources
• Open software flexibility for DevOps teams and ecosystem partner integration
• Scalable performance and secure multi-tenancy

ACI Fabric and Switches

A clustered replicated APIC appliance manages the ACI fabric. Cisco Nexus 9000 Series switches can run with the ACI-compatible software to run in the leaf/spine fabric mode. These switches form a “fat-tree” network by connecting each leaf node to each spine node; all other devices connect to the leaf nodes.

Figure 1shows the ACI Fabric with Cisco Nexus 9508, Cisco Nexus 9300 Series leaf switches, and the APIC.

Figure 1 ACI Fabric with Spine and Leaf Switches, and the APIC,

 

Cisco Nexus 9000 Series ACI-Mode

Cisco NX-OS Software for the Cisco Nexus 9000 Series is a data center, purpose-built, operating system designed with performance, resiliency, scalability, manageability, and programmability at its foundation. It provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in data centers

Cisco NX-OS Release 11.0 works only on Cisco Nexus 9000 Series switches in ACI Mode.

for a list of modules that are supported on Cisco Nexus 9000 Series switches in ACI Mode.

Switch Features

The Cisco Nexus 9000 Series switches have the following features:

• Predictable high performance
• Nonblocking, high-density 1 and 10 Gigabit Ethernet configuration
• Nonblocking, high-density 10 and 40 Gigabit Ethernet configuration
• Advanced optics
• Highly available, scalable, and robust solution
• Chassis designed for 2 to 3 future generations of line cards

Software Upgrade Recommendation

It is recommended that you upgrade your software to Cisco NX-OS Release 11.0(1d) because the release includes a resolution for the vulnerability of bash that is identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 and CVE-2014-7169.

Supported Hardware

lists the hardware that the Cisco Nexus 9000 Series ACI Mode switches support.

Table 2 Supported Hardware

Hardware Type	Product ID	Description
Spine switch	N9K-C9508-B1	Cisco Nexus 9508 chassis bundle with 1 supervisor module, 3 power supplies, 2 system controllers, 3 fan trays, and 3 fabric modules
Spine switch	N9K-C9508-B2	Cisco Nexus 9508 chassis bundle with 1 supervisor module, 3 power supplies, 2 system controllers, 3 fan trays, and 6 fabric modules
Chassis	N9K-C9508	Cisco Nexus 9508 chassis with 8 slots
Spine switch module	N9K-X9736PQ	Cisco Nexus 9500 36-port, 40 Gigabit Ethernet QSFP aggregation module
Switch module	N9K-SUP-A	Cisco Nexus 9500 Series supervisor module
Switch module	N9K-SC-A	Cisco Nexus 9500 Series system controller
Chassis component	N9k-PAC-3000W-B	Cisco Nexus 9500 3000W AC power supply, port side intake
Spine switch module	N9K-C9508-FM	Fabric module
Chassis component	N9K-C9508-FAN	Fan tray
Spine switch	N9K-C9336PQ	Cisco Nexus 9336PQ switch, 36-port 40 Gigabit Ethernet QSFP
Top-of-rack (ToR) leaf switch	N9K-C9396PX	Cisco Nexus 9300 48-port, 1/10 Gigabit Ethernet SFP+ and 12-port, 40 Gigabit Ethernet QSFP switch
Top-of-rack (ToR) leaf switch	N9K-C93128TX	Cisco Nexus 9300 96-port, 1-/10-Gbps BASE-T and 8-port, 40 Gigabit Ethernet QSFP switch

Supported FEX Models

.

---

Note FEX requires software version 5.x or later to be brought up successfully.

Table 3 Supported FEX Models

Product ID	Description
N2K-C2248PQ-10GE	Cisco Nexus 2248PQ 10GE Fabric Extender, 2PS, 4 Fan Module, 48x1/10GE (req SFP/SFP+) + 4x40G QSFP+(req QSFP+), choice of airflow and power supply
N2K-C2248TP-E-1GE	Cisco Nexus 2248TP-E Series 1GE Fabric Extender, 2PS, 1 Fan Module, 48x100/1000Base-T + 4x10GE (req SFP+), 32MB buffer, choice of airflow and power supply
N2K-C2248TP-1GE	Cisco Nexus 2248TP Series 1GE Fabric Extender, 2 AC PS, 1 Fan Module (Standard Airflow/port side exhaust), 48x100/1000Base-T + 4x10GE (req SFP+), same as N2K-C2248TP
N2K-C2232PP-10GE	Cisco Nexus 2232PP Series 10GE Fabric Extender, 2 AC PS, 1 Fan Module (Standard Airflow/port side exhaust), 32x1/10GE (req SFP/SFP+) + 8x10GE (req SFP+), same as N2K-C2232PP
N2K-C2232TM-E-10GE	Cisco Nexus 2232TM-E Series 10GBASE-T Fabric Extender, 2PS, 1 Fan Module, 32x1/10GBase-T + 8x10GE Module (req SFP+), choice of airflow and power supply

Installation Notes

Compatibility Information

Cisco NX-OS Release 11.0(1b) supports the following:

• Cisco APIC Release 1.0(1e)
• Cisco AVS, Release 4.2(1)SV2(2.3)
• Cisco ASA 5585, Release 8.4 and higher
• Cisco ASAv (virtual), Release 9.2.1
• F5, Big IP, LTM Physical, LTM Virtual, Version 11.4.1
• Citrix Netscaler, MPX, SDX, VPX, Release 10.1 and higher
• Citrix Netscaler 1000v, ESX 5.0 and higher
• VMware vCenter 5.1 and 5.5 and vShield 5.1 and 5.5

Usage Guidelines

• The current list of protocols that are allowed (and cannot be blocked through contracts) include the following. Some of the protocols have SrcPort/DstPort distinction.

---

Note Also see the APIC release notes for policy information: http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/products-release-notes-list.html

– UDP DestPort 161: SNMP. These cannot be blocked through contracts. Creating an SNMP ClientGroup with a list of Client-IP Addresses restricts SNMP access to only those configured Client-IP Addresses. If no Client-IP address is configured, SNMP packets are allowed from anywhere.

– TCP SrcPort 179: BGP

– TCP DstPort 179: BGP

– OSPF

– UDP DstPort 67: BOOTP/DHCP

– UDP DstPort 68: BOOTP/DHCP

– IGMP

– PIM

– UDP SrcPort 53: DNS replies

– TCP SrcPort 25: SMTP replies

– TCP DstPort 443: HTTPS

– UDP SrcPort 123: NTP

– UDP DstPort 123: NTP

Caveats

This section includes the following topics:

• Open CaveatsThis section lists the open caveats in Cisco NX-OS Release 11.0(1b). Click the Bug ID shown in Table 4 to access the Bug Search Tool and see additional information about the bug.
• Known Behaviors

Open Caveats

• This section lists the open caveats in Cisco NX-OS Release 11.0(1b). Click the Bug ID shown in Table 4 to access the Bug Search Tool and see additional information about the bug

to access the Bug Search Tool and see additional information about the bug.

Table 4 Open Caveats

Bug ID	Description
CSCun35596	command.
	Configuring the BGP maximum prefix policy is not supported.
CSCun88626	command for a port that is configured as a span-destination port does not show it as a span-destination port.
CSCun96495	Events and faults for interfaces are not updated under Ports in the GUI.
CSCuo20106	Unnecessary SNMP traps are generated when an I/O module is removed and inserted.
CSCup05629	The output of some CLI commands displays very slowly.
CSCup38579	command in the APIC is missing equipment sensors and FEXes.
CSCup41392	The clear counters command does not work when spaces are included in the interface name.
CSCup68324	When a spine port and a port context source are in the same session, the filter does not work for SPAN.
CSCup83680	command does not work if /32 address is provided as an argument.
CSCup81243	command brings up a port that is in admin down state.
CSCup88987	Remote ERSPAN packets are spanned when the destination port is a SPAN source.
CSCup92534	Continuous “threshold exceeded” messages are generated from the fabric.
CSCup93039	An SNMP named trap host configuration does not get restored after a configuration import.
CSCuq21358	After the same tag is configured for two interfaces, a new tag cannot be added or an existing tag associated with a third interface.
CSCuq21360	Following a FEX or switch reload, configured interface tags are no longer configured correctly.
CSCup97404	A vMotion vmk interface requires Arp flooding to be enabled on the inband bridge domain.
CSCuq04897	Pings from the ESX vtep to the ERSPAN destination VM fails.
CSCuq14160	The time between vMotion events for a VM should be greater than five minutes.
CSCuq15965	command does not work in the ibash shell.
CSCuq20273	A new router MAC address of an external router is not learned on both leaf switches of a vPC pair.
CSCuq21010	If you use the recovery image to reboot the active supervisor module on the Cisco Nexus 9508 switch, the supervisor goes to the loader prompt.
CSCuq23255	The following power redundancy modes are supported: non-redundant, redundant, and power output redundancy (N+1).

Resolved Caveats

to access the Bug Search Tool and see additional information about the bug.

Table 5 Resolved Caveats

Bug ID	Description
CSCuo81718	Glean is not occurring for destination IP addresses of the shared services.

Known Behaviors

to access the Bug Search Tool and see additional information about the bug.

Table 6 Known Behaviors

Bug ID	Description
CSCuo37016	Layer 3 switched packets that go out of a FEX Hif interface are not spanned.
CSCuo50533	When output span is enabled on a port where the filter is VLAN, multicast traffic in that VLAN that goes out of that port is not spanned.

• The Cisco Nexus 9508 ACI-mode switch supports warm (stateless) standby where the state is not synched between the active and the standby supervisor modules. For an online insertion and removal (OIR) or reload of the active supervisor module, the standby supervisor module becomes active, but all modules in the switch are reset because the switchover is stateless. In the output of the show system redundancy status command, warm standby indicates stateless mode.
• When a recommissioned APIC controller rejoins the cluster, GUI and CLI commands can time out while the cluster expands to include the recommissioned APIC controller.
• If connectivity to the APIC cluster is lost while a switch is being decommissioned, the decommissioned switch may not complete a clean reboot. In this case, the fabric administrator should manually complete a clean reboot of the decommissioned switch.
• Before expanding the APIC cluster with a recommissioned controller, remove any decommissioned switches from the fabric by powering down and disconnecting them. Doing so will ensure that the recommissioned APIC controller will not attempt to discover and recommission the switch.

IGMP Snooping Known Behaviors:

• Multicast router functionality is not supported when IGMP queries are received with VxLAN encapsulation.
• IGMP Querier election across multiple Endpoint Groups (EPGs) or Layer 2 outsides (External Bridged Network) in a given Bridge Domain (BD) is not supported. Only one EPG or Layer 2 outside for a given BD should be extended to multiple multicast routers if any.
• The rate of the number of IGMP reports sent to a leaf switch should be limited to 1000 reports per second.
• Unknown IP multicast packets are flooded on ingress leaf switches and border leaf switches, unless “unknown multicast flooding” is set to “Optimized Flood” in a BD. This knob can be set to “Optimized Flood” only for a maximum of 50 BDs per leaf.

If “Optimized Flood” is enabled for more than the supported number of BDs on a leaf, follow these configuration steps to recover:

– Set “unknown multicast flooding” to “Flood” for all BDs mapped to a leaf.

– Set “unknown multicast flooding” to “Optimized Flood” on needed BDs.

Related Documentation

This section lists the product documentation for the Cisco ACI.

Web-Based Documentation

• Cisco APIC Management Information Model Reference
• Cisco APIC Online Help Reference
• Cisco APIC Python API and SDK
• Cisco ACI MIB Support List

Downloadable Documentation

• Cisco ACI Fundamentals
• Cisco APIC Getting Started Guide
• Cisco APIC REST API User Guide
• Cisco APIC Command Line Interface User Guide
• Cisco ACI Switch CLI Command Reference, NX-OS Release 11.0
• Cisco APIC Faults, Events, and Error Messages Guide
• Cisco ACI System Messages Reference Guide
• Cisco ACI Troubleshooting Guide
• Cisco NX-OS to APIC Mapping Guide
• Cisco APIC Layer 4 to Layer 7 Device Package Development Guide
• Cisco APIC Layer 4 to Layer 7 Services Deployment Guide
• Cisco AVS Configuration Guide
• Cisco AVS Installation and Upgrade Guide
• Cisco ACI MIB Quick Reference
• Cisco ACI Fabric Hardware Installation Guide
• Cisco ACI MIB Quick Reference
• Cisco APIC Release Notes
• Cisco Application Centric Infrastructure Release Notes

Hardware Documentation

This document is to be used in conjunction with the documents listed in the “Related Documentation” section.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2014 Cisco Systems, Inc. All rights reserved.