Cisco MDS 9000 Series Release Notes for Cisco MDS NX-OS Release 6.2(3n)
MDS 9000 Chassis and Module Support
Determining the Software Version
Determining Software Version Compatibility
Selecting the Software Image for an MDS 9148 Switch
Selecting the Software Image for an MDS 9200 Series Switch
Selecting the Software Image for an MDS 9500 Series Switch
Selecting the Software Image for an MDS 9710 Switch
Upgrading Your Cisco MDS NX-OS Software Image
FICON Supported Releases and Upgrade Paths
Downgrading Your Cisco MDS SAN-OS Software Image
General Downgrading Guidelines
New Software Features in Cisco NX-OS Release 6.2(3)
New Software Features in Cisco NX-OS Release 6.2(1)
Licensed Cisco NX-OS Software Packages
On-Demand Port Activation License
Deprecated and Changed Features
FCoE on the Cisco MDS 9710 Director
ASCII File Can Be Copied to the Startup Configuration
Fibre Channel Security Protocol (FC-SP) Not Supported
Install Module Command Changes
IOA Scaling Support on Supervisor-2 Module
Regulatory Compliance and Safety Information
Software Installation and Upgrade
Cisco NX-OS Configuration Guides
Intelligent Storage Networking Services Configuration Guides
Obtaining Documentation and Submitting a Service Request
This document describes the caveats and limitations for switches in the Cisco MDS 9000 Series. Use this document in conjunction with documents listed in the “Obtaining Documentation and Submitting a Service Request” section.
Release notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Series Release Notes : http://www.cisco.com/en/US/products/ps5989/prod_release_notes_list.html.
Table 1 shows the on-line change history for this document.
|
||
Added open caveat CSCvs57660. |
||
Added open caveat CSCuv76123. |
This document includes the following:
The Cisco MDS 9000 Series of Multilayer Directors and Fabric Switches provides industry-leading availability, scalability, security, and management, allowing you to deploy high performance storage-area networks with lowest total cost of ownership. Layering a rich set of intelligent features onto a high performance, protocol agnostic switch fabric, the Cisco MDS 9000 Series addresses the stringent requirements of large data center storage environments: uncompromising high availability, security, scalability, ease of management, and seamless integration of new technologies.
Cisco MDS 9000 NX-OS software powers the award-winning Cisco MDS 9000 Series Multilayer Switches. It is designed to create a strategic SAN platform with superior reliability, performance, scalability, and features. Formerly known as Cisco SAN-OS, Cisco MDS 9000 NX-OS software is fully interoperable with earlier Cisco SAN-OS versions and enhances hardware platform and module support.
Table 2 lists the NX-OS software part numbers and hardware components supported by the Cisco MDS 9000 Series.
Note For the latest information about supported transceivers, see the Cisco MDS 9000 Family Pluggable Transceivers data sheet.
Table 3 lists the part numbers and optical components supported by the Cisco MDS 9000 Series.
Table 4 lists the MDS hardware chassis supported by Cisco MDS NX-OS Release 6.2 3.
Table 5 lists the MDS hardware chassis supported by Cisco MDS NX-OS Release 5.x.
Table 6 lists the MDS hardware modules supported Cisco MDS NX-OS Release 6.2 Table 7 lists the MDS hardware modules supported by Cisco MDS NX-OS 5.x. For the list of MDS hardware modules supported by Cisco MDS SAN-OS 4.x, see Table 8 . For the list of MDS hardware modules supported by Cisco MDS SAN-OS 3.x, see Table 9 .
Yes 1 |
||||
Yes 1 |
||||
Yes 1 |
||||
Yes 1 |
||||
4/44-port Host Optimized 8-Gbps Fibre Channel Switching Module |
||||
Table 9 lists the MDS hardware modules supported by Cisco MDS SAN-OS 3.x.
Yes9 |
||||||
4/44-port Host Optimized8-Gbps Fibre Channel Switching Module |
||||||
18/4-Port Multiservice Module (MSM-18/4)10 |
||||||
Use the software download procedure to upgrade to a later version, or downgrade to an earlier version, of an operating system. This section describes the software download process for the Cisco MDS NX-OS software and includes the following topics:
To determine the version of Cisco MDS NX-OS or SAN-OS software currently running on a Cisco MDS 9000 Series switch using the CLI, log in to the switch and enter the show version EXEC command.
To determine the version of Cisco MDS NX-OS or SAN-OS software currently running on a Cisco MDS 9000 Series switch using Cisco DCNM for SAN, view the Switches tab in the Information pane, locate the switch using the IP address, logical name, or WWN, and check its version in the Release column.
Table 10 lists the software versions that are compatible in a mixed SAN environment, the minimum software versions that are supported, and the versions that have been tested. We recommend that you use the latest software release supported by your vendor for all Cisco MDS 9000 Series products.
The Cisco MDS NX-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.
To download the latest Cisco MDS NX-OS software, access the Software Center at this URL:
http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm
See the following sections in this release note for details on how you can nondisruptively upgrade your Cisco MDS 9000 switch. Issuing the install all command from the CLI, or using Cisco DCNM for SAN to perform the downgrade, enables the compatibility check. The check indicates if the upgrade can happen nondisruptively or disruptively depending on the current configuration of your switch and the reason.
At a minimum, you need to disable the default device alias distribution feature using the no device-alias distribute command in global configuration mode. The show incompatibility system bootflash: system image filename command determines which additional features need to be disabled.
Note If you would like to request a copy of the source code under the terms of either GPL or LGPL, please send an e-mail to mds-software-disclosure@cisco.com.
The system and kickstart image that you use for an MDS 9148 switch is shown in Table 11 .
The system and kickstart image that you use for an MDS 9222i switch is shown in Table 12 .
The system and kickstart image that you use for an MDS 9500 Series switch with a Supervisor-2 or Supervisor-2A module is shown in Table 13 . Cisco NX-OS Release 6.x. Release 5.x and Release 4.x do not support the Supervisor-1 module.
Use the show module command to display the type of supervisor module in the switch. The following is sample output from the show module command on a Supervisor-2 module:
The system and kickstart image that you use for an MDS 9710 switch is shown in Table 14 .
No payload encryption (NPE) images are available with Cisco MDS NX-OS Release 6.2(3) software. The NPE images are intended for countries who have import restrictions on products that encrypt payload data.
To differentiate an NPE image from the standard software image, the letters npe are included in the image name as follows:
When downloading software, ensure that you select the correct software images for you Cisco MDS 9000 Series switch. Nondisruptive software upgrades or downgrades between NPE images and non-NPE images are not supported.
This section lists the guidelines recommended for upgrading your Cisco MDS NX-OS software image and includes the following topics:
Note Before you begin the upgrade process, review the list of chassis and modules that Cisco MDS NX-OS Release 6.2(3) supports. See the “MDS 9000 Chassis and Module Support” section.
For detailed instructions for performing a software upgrade using Cisco DCNM, see the Cisco DCNM Release Notes, Release 6.2, which is available from the following website:
http://www.cisco.com/en/US/products/ps10495/prod_release_notes_list.html
Before upgrading your Cisco NX-OS software, you must determine if the following issue has occurred in your switch:
An ISSU or ISSD involves a supervisor switchover, so it is very important that you determine if this issue is present before a supervisor switchover occurs. If this issue is detected before the supervisor switchover, the affected interfaces can be restored easily by entering the shutdown and no shutdown command sequence.
The following example shows how to determine if the issue has occurred before a supervisor switchover:
Look for the value for a Max flogi key that is greater than 65535.
In the example, the fc4/32 interface has encountered this issue, but the fc6/32 interface is normal.
If you see that an interface has a Max flogi key greater than 65535 before a system switchover, ISSU, or ISSD, you must disable the interface and then reenable it by using the shutdown command followed by the no shutdown command. This process disrupts the devices on the interface that is being shut down. After the devices relogin, the Max flogi key is reset to 1 and you can avoid this issue.
If an install and/or ISSU, or supervisor switchover has occurred, compare the number of devices fabric login (FLOGI) with the number of devices in the Fibre Channel Name Server (FCNS) local database. Enter the show flogi database and the show fcns database local commands and use the CLI outputs for comparison. If the FLOGI database has fewer entries than the FCNS local database, the issue has occurred.
Also, if the following error message appears after an install, ISSU, or supervisor switchover, the issue might bug may have been encountered:
If you observe either of the above situations, open a case with the Cisco TAC.
Note If the Max flogi key value is a large number and is incrementing, it indicates that a device is repeatedly logging in. This situation might be a separate problem that needs further investigation. For assistance, contact the Cisco TAC.
In addition, follow these general guidelines before performing a software upgrade:
– Fibre Channel Ports : Fibre Channel ports can be nondisruptively upgraded without affecting traffic on the ports. See Table 15 for the nondisruptive upgrade path for all NX-OS and SAN-OS releases.
– Gigabit Ethernet Ports : Traffic on Gigabit Ethernet ports is disrupted during an upgrade or downgrade. This includes IPS modules and the Gigabit Ethernet ports on the MSM-18/4 module and the MDS 9222i switch. Those nodes that are members of VSANs traversing an FCIP ISL are impacted, and a fabric reconfiguration occurs. iSCSI initiators connected to the Gigabit Ethernet ports lose connectivity to iSCSI targets while the upgrade is in progress.
– FICON : If you have FICON enabled, the upgrade path is different. See the “FICON Supported Releases and Upgrade Paths” section.
Note In addition to these guidelines, you may want to review the information in the “Limitations and Restrictions” section prior to a software upgrade to determine if a feature may possibly behave differently following the upgrade.
Use Table 15 to determine your nondisruptive upgrade path to Cisco MDS NX-OS Release 6.2(3). Find the image release number you are currently using in the “Current Release” column of the table and follow the steps in the order specified to perform the upgrade.
Note The software upgrade information in Table 15 applies only to Fibre Channel switching traffic. Upgrading system software disrupts IP traffic and intelligent services traffic.
Cisco MDS NX-OS Release 6.2(3) is not a FICON-certified release.
Table 16 lists the SAN-OS and NX-OS releases that are certified for FICON. Refer to the specific release notes for FICON upgrade path information.
Use Table 17 to determine the nondisruptive upgrade path for FICON-certified releases. Find the image release number you are currently using in the Current Release with FICON Enabled column of the table and follow the recommended path.
This section lists the guidelines recommended for downgrading your Cisco MDS SAN-OS software image and includes the following topics:
Follow these general guidelines before you perform a a software downgrade:
– Fibre Channel Ports : Fibre Channel ports can be nondisruptively downgraded without affecting traffic on the ports. See Table 18 for the nondisruptive downgrade path for all SAN-OS releases.
– Gigabit Ethernet Ports : Traffic on Gigabit Ethernet ports is disrupted during a downgrade. This includes IPS modules and the Gigabit Ethernet ports on the MSM-18/4 module, and the MDS 9222i switch. Those nodes that are members of VSANs traversing an FCIP ISL are impacted, and a fabric reconfiguration occurs. iSCSI initiators connected to the Gigabit Ethernet ports lose connectivity to iSCSI targets while the downgrade is in progress.
– FICON : If you have FICON enabled, the downgrade path is different. See the “FICON Downgrade Paths” section.
Use Table 18 to determine the nondisruptive downgrade path from Cisco NX-OS Release 6.2(3). Find the NX-OS or SAN-OS image that you want to downgrade to in the To SAN-OS Release column of the table and follow the steps in the order specified to perform the downgrade.
Note The software downgrade information in Table 18 applies only to Fibre Channel switching traffic. Downgrading system software disrupts IP and intelligent services traffic.
Table 19 lists the downgrade paths for FICON releases. Find the image release number that you want to downgrade to in the To Release with FICON Enabled column of the table and follow the recommended downgrade path.
This section briefly describes the new software features introduced in Cisco NX-OS Release 6.2(3).
– Changed the CLI output for the show fcdomain vsan command.
– Deprecated the show interface counters performance command.
This section briefly describes the new software features introduced in Cisco NX-OS Release 6.2(1).
Starting with Cisco NX-OS Release 6.2(1), the Cisco MDS 9000 Series supports the generic online diagnostics (GOLD) feature. With online diagnostics, you can test and verify the hardware functionality of a device while the device is connected to a live network. In particular, the online diagnostics help you verify that hardware and internal data paths are operating as designed so that you can rapidly isolate faults.
For more information about this feature, see the Cisco MDS 9000 System Management Configuration Guide at this URL:
http://www.cisco.com/en/US/products/ps5989/products_installation_and_configuration_guides_list.html
For more information about this feature, see the Cisco MDS 9000 Security Configuration Guide, at this URL:
http://www.cisco.com/en/US/products/ps5989/products_installation_and_configuration_guides_list.html
– Enhance the clear snmp counters command.
– Display ISL related information.
– Display a warning messages for a shared port interface when you bring down the port.
– Display throughput information for all ports on a line card or ISL or on a switch or chassis.
– Provide an estimated time for DMM job completion.
– Shorten the show dmm job job-id 50571379 session session_id (1-20) command to show dmm job-id 50571379 session_id 1
Information about the modified CLI commands can be found in the Cisco MDS 9000 Command Reference at this URL:
http://www.cisco.com/en/US/products/ps5989/prod_command_reference_list.html
Most Cisco MDS 9000 Series software features are included in the standard package. However, some features are logically grouped into add-on packages that must be licensed separately, such as the Cisco MDS 9000 Enterprise package, SAN Extension over IP package, Mainframe package, and Data Mobility Manager package. On-demand ports activation licenses are also available for the MDS 9148 48-Port Multilayer Fabric Switch and the Cisco MDS 8-Gb Fabric Switch for HP c-Class Blade System.
Note A license is not required to use the Cisco MDS 9000 8-port 10-Gbps Fibre Channel over Ethernet (FCoE) module (DS-X9708-K9).
Additional information about licensed Cisco NX-OS software packages is available at this URL:
http://www.cisco.com/en/US/partner/products/ps6029/products_data_sheets_list.html
The standard software package that is bundled at no charge with the Cisco MDS 9000 Series switches includes the base set of features that Cisco believes are required by most customers for building a SAN. The Cisco MDS 9000 Series also has a set of advanced features that are recommended for all enterprise SANs. These features are bundled together in the Cisco MDS 9000 Enterprise package. Refer to the Cisco MDS 9000 Enterprise package fact sheet for more information.
The Cisco MDS 9000 SAN Extension over IP package allows the customer to use FCIP to extend SANs over wide distances on IP networks using the Cisco MDS 9000 Series IP storage services. Refer to the Cisco MDS 9000 SAN Extension over IP package fact sheet for more information.
The Cisco MDS 9000 Mainframe package uses the FICON protocol and allows control unit port management for in-band management from IBM S/390 and z/900 processors. FICON VSAN support is provided to help ensure true hardware-based separation of FICON and open systems. Switch cascading, fabric binding, and intermixing are also included in this package. Refer to the Cisco MDS 9000 Mainframe package fact sheet for more information.
The Cisco MDS 9000 Data Mobility Manager package enables data migration between heterogeneous disk arrays without introducing a virtualization layer or rewiring or reconfiguring SANs. Cisco DMM allows concurrent migration between multiple LUNs of unequal size. Rate-adjusted migration, data verification, dual Fibre Channel fabric support, and management using Cisco DCNM for SAN provide a complete solution that greatly simplifies and eliminates most downtime associated with data migration. Refer to the Cisco MDS 9000 Data Mobility Manager package fact sheet for more information. The Data Mobility Manager package is for use only with Cisco MDS 9000 Series switches.
On-demand ports allow customers to benefit from Cisco NX-OS Software features while initially purchasing only a small number of activated ports on the MDS 9148 48-Port Multilayer Fabric Switch and the Cisco MDS 8-Gb Fabric Switch for HP c-Class Blade System. As needed, customers can expand switch connectivity by licensing additional ports.
The Cisco I/O Accelerator (IOA) package activates IOA on the Cisco MDS 9222i fabric switch, the Cisco MDS 9000 18/4 Multiservice Module (MSM-18/4), and on the SSN-16 module. The IOA package is licensed per service engine and is tied to the chassis. The number of licenses required is equal to the number of service engines on which the intelligent fabric application is used.The SSN-16 requires a separate license for each engine on which you want to run IOA. Each SSN-16 engine that you configure for IOA checks out a license from the pool managed at the chassis level. SSN-16 IOA licenses are available as single licenses.
The Cisco Extended Remote Copy (XRC) acceleration license activates FICON XRC acceleration on the Cisco MDS 9222i switch and on the MSM-18/4 in the Cisco MDS 9500 Series directors. One license per chassis is required. You must install the Mainframe Package and the SAN Extension over FCIP Package before you install the XRC acceleration license. The Mainframe Package enables the underlying FICON support, and the FCIP license or licenses enable the underlying FCIP support.
LUN zoning, read-only zones, and broadcast zones are no longer supported. These features affect the following hardware:
You cannot bring up these modules if these features are already configured. You should completely remove all configurations that include these features before you attempt to bring up these modules. In addition, you cannot configure these features after you bring up these modules.
In addition, the following software features are not supported or are changed in Cisco MDS NX-OS Release 6.2(5a):
The following software features are not supported or are changed in Cisco MDS NX-OS Release 6.2(3):
Cisco NX-OS Release 6.2(3) does not support the following hardware:
This section lists the limitations and restrictions. The following limitations are described:
The Cisco MDS 9710 Director does not support FCoE. However, the following command-line interface (CLI) commands display information about FCoE, even though the FCoE functionality does not work on the Cisco MDS 9710 switch:
The copy bootflash:runnig-config.ascii startup-config command that was deprecated in an earlier Cisco NX-OS release, is enabled from the Cisco NX-OS Release 6.2(1).
Cisco NX-OS Release 6.2(1) does not support the Fibre Channel Security Protocol (FC-SP) feature only on the Cisco MDS 9710 Director.
The install module module-number bios command is not supported on the Cisco MDS 9710 switch in Cisco NX-OS Release 6.2(1) and later releases. Use the install all command to upgrade the bios during a software upgrade.
The install module module-number bios command continues to be supported in Cisco NX-OS Release 6.2(1) on Cisco MDS 9500 Series switches.
This section lists the open and resolved caveats for this release. Use Table 20 to determine the status of a particular caveat. In the table, “O” indicates an open caveat and “R” indicates a resolved caveat.
Symptom: Zone crash or switch reload occurs after renaming an enhanced device-alias.
Condition: This issue applies to the following NX-OS versions or platform combinations only:
– The Cisco MDS switches running MDS NX-OS Release 5.2(6), 5.2(6a), 5.2(6b), 5.2(8), 5.2(8a), or 6.2(1).
– The Cisco Nexus 7000 switches running NX-OS version 6.1(3) or 6.1(4).
In addition, the following conditions must be true:
– Device-alias is set to enhanced mode by using the device-alias mode enhanced command.
– Multiple commands are performed on the same device-alias before a commit and one of which is the rename command.
Note This issue occurs in both zone mode basic and zone mode enhanced.
Workaround: This issue is resolved.
Symptom: The SNMPD process crashes with the following error:
This situation occurs when the message and transaction service (MTS) messages flows are piled up at a faster rate than the SNMPD server can process.
Workaround: This issue is resolved.
Symptom: Nexus 7000 may experience a crash at the snmpd process.
Condition: MTS buffers may leak and after a few minutes, triggers snmpd to crash.
KERN-2-SYSTEM_MSG [ 7920.428773] mts_is_q_space_available_new(): NO SPACE
Symptom: A Cisco MDS 9000 switch can experience a memory issue leading to unexpected reload when polling for transceiver information which is part of ENTITY-SENSOR-MIB.
Condition: This situation occurs during the SNMP polling for ENTITY-SENSOR-MIB.
Workaround: This issue is resolved.
Symptom: Links go down and they do not recover; modules display the following error:
Condition: This issue rarely occurs and only occurs with Cisco MDS Generation 4 modules. In some cases, a link sync loss between a Generation 4 module and the fabric switching module might cause congested ports. This might lead the peer devices on the ports trying to reset the links and go down.
Workaround: Reset any Cisco MDS Generation 4 module that displays this error.
Symptom : The VSH process fails when the line length is greater than 471 characters.
Condition: This issue occurs if the line length configured in the scheduler is greater than 471 characters.
Workaround : This issue is resolved.
Symptom : Bootflash files cannot be copied from the switch to the TFTP server using Device Manager.
This symptom might be seen on the Cisco MDS 9513. When it occurs, SNMP immediately returns 14 (deviceBusy). When it occurs on the Cisco MDS 9710, SNMP immediately returns 2 (success).
Workaround : This issue is resolved.
Symptom : You cannot use Cisco Data Center Network Manager (DCNM) to configure a Data Mobility Manager (DMM) job.
Condition: This situation occurs when if you use DCNM Release 6.2.1 to configure a DMM job.
Workaround : This issue is resolved.
Symptom : The power consumption displayed in the output of the show environment power command is different than the actual power consumption. The command output shows a higher value than the actual value.
Condition: This symptom might be seen under normal operating conditions for the Cisco MDS 9710 switch.
Workaround : This issue is resolved.
One of the following type of exceptions are logged in the module exception log:
If the TACACS accounting is enabled, the following messages are displayed in the syslog:
Condition: This issue occurs only in Cisco MDS DS-X9232-256K9 and DS-X9248-256K9 modules. You can see the AAA message only if the AAA command authorization is configured.
Workaround: This issue is resolved.
Symptom : Logs for Cisco MDS Generation 4 Fibre Channel switching module DS-X9232-259K9 and DS-X9248-256K9 are displayed in a format that does not identify the specific interface.
Condition: This situation occurs only for the DS-X9232-259K9 and DS-X9248-256K9 Fibre Channel switching modules.
Workaround: This issue is resolved.
Symptom: Several types of Embedded Event Manager (EEM) events on Cisco MDS Fibre Channel switching modules fail to be logged on the supervisor.
Condition: This situation occurs only for events that originate from the Cisco MDS DS-X9232-256K9 and DS-X9248-256K9 switching modules.
Workaround: This issue is resolved.
Symptom: The operational status of a virtual storage area network (VSAN) is displayed as Down.
Condition: This issue occurs when one of these conditions is met:
– After the suspend and no suspend command for a VSAN, which is carried on an E port.
– In the VSAN 1, without any trigger, the F ports associated to the VSAN 1 go Down.
Workaround: This issue is resolved.
Symptom : When both the Enterprise Package and the Mainframe Package licenses are installed and the fabric binding feature is enabled, the standby supervisor module goes into a failure state.
Condition: This situation occurs only when both the MAINFRAME and ENTERPRISE license are installed.
Workaround : This issue is resolved.
Symptom : After performing an SNMP set operation to the CONFIG-COPY-MIB from Cisco Datacenter Network Manager (DCNM), polling the ccCopyState OID returns successful even if the operation fails.
Condition: This situation occurs during the config copy operation to a TFTP server.
Workaround: This issue is resolved.
Symptom : The DCBX local information shows LLS DCBX registration when a port is in the shut state:
In this example 006/001 is the LLS TLV.
In general, all the other DCBX features are deregistered on a port down and this symptom is not seen in the DCBX output. However, the LLS is not deregistered when a port is shut, and therefore it keeps appearing in the output.
Condition: This situation occurs after a switchover or module reload.
Workaround : This issue is resolved.
Symptom : Duplicate entries of the IP hosts are displayed when the ow startup-config command is entered
Symptom : The command-line interface (CLI) service crashes multiple times after a reload of the supervisor, triggering another supervisor reload. show logging nvram command shows the following syslog messages:
%SYSMGR-2-SERVICE_CRASHED: Service CLIs have not caught signal 11 (core will be saved). %USER-2-SYSTEM_MSG: Failed to initialize CLI server - CLIs show system reset-reason command shows the following reason:
– Reason: Reset triggered due to HA policy of Reset
No core files are actually saved.
Workaround : Remove "feature fcrxbbcredit extended" before ISSU and reconfigure it after ISSU.
Symptom : When an ISSU occurs from Cisco NX-OS Release 5.2(6b) to Release 6.2(1), LLDP CLI commands are not available. In this situation, LLDP is running and traffic is flowing normally even after the ISSU, but the CLI commands are not available.)
This symptom might be seen when feature-set fcoe was enabled on the original image, and feature lldps commands were working in the original image. Following the ISSU to Cisco NX-OS Release 6.2.1 image, the commands are not available.
Workaround : Following the ISSU, enter the feature lldp command on the switch to make the LLDP commands available on the switch.
Symptom: When Cisco MDS switches are upgraded to or running Cisco MDS NX-OS Software Release 6.2(1) or 6.2(3), the Fibre Channel over IP (FCIP) tunnel throughput is reduced considerably. Devices that use these FCIP tunnels might experience latency issues and application outages.
Condition: This issue applies to FCIP tunnels on 16-Port Storage Services Node (SSN16) (DS-X9316-SSNK9) modules only.
Workaround: You must upgrade to Cisco MDS NX-OS Release 6.2(5).
Symptom: After a switch upgrade to NX-OS 6.2(1) or later, a previously working AAA authenticated user who is configured for non network-operator privileges (such as network-admin) only receives network-operator privileges. This user is no longer able to configure the switch via CLI or SNMP.
The CLI user will show as having 'network-operator' role:
If the SNMP user exists, it will show as having 'network-operator' role:
Condition: This issue only affects logins that meet all of the following conditions:
2) are authenticated remotely via RADIUS
3) have multiple vendor-specific attributes (VSAs) defined as a single Cisco-AV Pair, for example, shell and SNMP version 3 settings:
This issue does not occur if the 'shell:roles' VSA is defined alone (even with multiple roles assigned).
Workaround: On the AAA server, create a separate RADIUS policy for NX-OS 6.2(x) users that splits Cisco-AV Pairs into true attribute pairs. For example:
Assign this policy conditionally on the requesting RADIUS client IP address (that is, a Cisco MDS switch mgmt0 IP address). Continue to use the original policy with the old format for RADIUS authentication requests from switches running NX-OS earlier than 6.2(1).
If the RADIUS server does not support conditional assignment of policies by RADIUS client IP address then an alternate method is possible. Create a local user on the switch with local role assignment which will override the remotely supplied role using the following commands:
Symptom : An FCSP-ESP enabled (encrypted) port that was working fails to come up after ISSU/ISSD followed by link flap.
Condition : This issue only affects FCSP encrypted ports on MDS 9700 DS-X9448-768K9 and MDS 9500 DS-X9248-256K9 and DS-X9232-256K9 switching modules after an ISSU or ISSD to an affected version of NX-OS.
Workaround : Only a switch reload will recover from this situation. The switch must be running a fixed release of NX-OS (NX-OS 6.2(11) or above) before the reload to prevent the issue from recurring after recovery.
None of the following steps alone will not recover the port functionality:
– Shut/no-shut the affected port.
– Reloading the affected linecard.
– Removing the FCSP configuration and re-configuring FCSP.
– Upgrading to NX-OS 6.2(11) or above.
Symptom : On the MDS 9513 switch, when an MSM-18/4 module boots up, it sends a request to the supervisor module to mount the modflash on the MSM-18/4 module. If there is a timeout or error in response, the following syslog message displays:
2011 Jul 14 01:18:13 sw-dc5-br2-12 %LC_MNT_MGR-SLOT3-2-LC_MNT_MGR_ERROR: SUP mount failed. MTS receive timedout
2011 Jul 14 01:19:06 sw-dc5-br2-12 %PROC_MGR-SLOT3-2-ERR_MSG: ERROR: PID 1144 (lc_mnt_mgr) exited abnormally, exit status (0xa)
2011 Jul 14 01:19:06 sw-dc5-br2-12 %MODULE-2-MOD_MINORSWFAIL: Module 3 (serial: JAE1141ZB43) reported a failure in service lc_mnt_mgr
This issue might be seen when the supervisor module is unusually busy and cannot process the mount request from the MSM-18/4 module, or the actual mount command on the supervisor takes a long time.
Workaround : Reload the MSM-18/4 module in the same slot/module where the modflash mount failed. A request will be sent to the supervisor to mount the modflash.
Symptom: After an In Service Software Upgrade (ISSU), In Service Software Downgrade (ISSD), or supervisor switchover, devices fail to FLOGI into the switch, and the following error is logged in the syslog:
%FLOGI-1-MSG_FLOGI_REJECT_FCID_ERROR after upgrade/switchover
Condition: This situation occurs if one or all of the following occur:
1. The Max flogi key is greater than 65535. The key can get this high if there are repeated FLOGIs on an interface. After the key exceeds 65535, this issue occurs. However, this situation does not impact end devices.
2. If a supervisor switchover, such as ISSU, ISSD, or system switchover occurs when the key is greater than 65535, Fibre Channel Identifiers (FC IDs) can be dropped from the FLOGI table. The end devices continue to function normally until they are logged out and then attempt to relogin.
3. If after both 1 and 2 above have occurred and then an end device is rebooted on the affected interface, that end device might not be able to log back in.
Workaround: You must first resolve the issue with the device on the interface with the Max flogi key over 65535, such as FLOGI rejects or port security, to prevent the FLOGI key from incrementing.
If the Max flogi key value is greater than 65535 before any supervisor switchover, ISSU, or ISSD, use the shutdown and then no shutdown command on the interface. Consequently, the Max flogi key value must be checked before any supervisor switchover. However, if the supervisor switchover has already occurred and logging in are failing, you must follow either of these steps:
– Contact Cisco TAC to implement a nondisruptive recovery. This requires special files not accessible to customers.
– Suspend the VSAN and wait for 5 minutes and then unsuspend the VSAN of the affected devices on the switch. This action is disruptive to all devices in that VSAN connected to this switch.
More Information: For detailed information about this issue, see the General Upgrading Guidelines.
Symptom : If beaconing is configured on some ports, they might stop blinking after a supervisor switchover or module reload.
Condition: This might be seen following a supervisor switchover or module reload.
Symptom: One of the symptoms are observed:
– ARegistered State Change Notification (RSCN) is not sent to zone members.
– The device-mapping entry, port world wide name (pWWN) associated to a device alias is not displayed in the Dynamic Port VSAN Membership (DPVM) database
– The show running-configuration ivr command does not display the changes when a device alias member in an Inter-VSAN routing zone (IVR zone) is renamed.
– The port world wide name (pWWN) associated with the device alias is found dissociated in the port security database.
– Adevice alias member is not found in the port security database.
Condition: This situation occurs when all or one of the conditions is met:
– A user attempts to perform a device-alias operation in batch, such as renaming an offline device alias to an existing online device alias or vice versa.
– A device alias was deleted and an existing device alias is renamed to the deleted device alias in the same commit.
– A device alias, which is not configured, resides in the DPVM database and an online device is renamed to the former.
– The IVR distribute option is enabled and the device alias is in enhanced mode, and the changes in a device alias is not updated to the IVR running configuration.
Workaround: Add the offline member to the device alias database, revert to the previous name if you have renamed a device alias, and flap the ports that are connected to the affected zone member.
Symptom: Although the http-server feature is enabled by default, Element Manager cannot be downloaded.
Condition: This situations occurs on the Cisco MDS 9710 Director running MDS NX-OS Release 6.2(3) software.
Workaround: You must enable the http-server by using the feature http-server command.
Symptom The Cisco MDS 9710 Director does not allow a copy running saving configurations and a switch reload operation.
Condition: Active Fibre Channel Redirect (FC-Redirect) configurations are present in Cisco MDS 9710 Director.
Workaround : Remove the MDS 9710 Director from the fabric.
Symptom : The “Bad IPv6 host address” error appears when the snmp-server hostname is configured instead of the IP address. This issue occurs when the domain name and the name-server IP address are configured.
Workaround : Configure the IP addresses instead of the host name.
Symptom : In a virtual SAN (VSAN), the Inter-switch Link (ISL) might fail after entering the suspend command followed by the no suspend command.
Condition: This situation occurs if the no suspend command is entered after a VSAN suspend operation.
Workaround: After entering the suspend command, wait 10 to 15 at least 5 minutes and then use the no suspend command.
Symptom : The full zoneset database in one or more VSANs may be empty after a supervisor switchover.
Conditions : This issue only occurs after the supervisors fail over or a user-initiated switch over occurs (but not an in service switchover situation, ie ISSU/ISSD). The precondition is created before the switchover by activating zone changes (such as adding or removing zones from a zoneset) and is more likely to occur on systems with very large zone configurations.
The symptom described here can occur if zones are modified while a switch is running any NX-OS release 5.2(2) to 5.2(8c) (inclusive), and 6.2(1) to 6.2(5) (inclusive).
Workaround : To recover from this condition follow these steps:
[i] If the full zoneset db for the affected VSAN contains multiple zonesets (ie, inactive zonesets) follow these steps:
a. add dummy zone to any zoneset in the full zoneset db for the vsan on a *neighbouring* switch, and then
b. if zoning mode is basic distribute the change or if the zoning mode is enhanced commit the change, and then
c. the dummy zone may be removed now and the zoneset redistributed/recommitted.
[ii] If the full zoneset db for the affected VSAN contains only a single zoneset (ie, no inactive zonesets) follow these steps:
a. copy the active zoneset db to the full zoneset db on the *affected* switch (it is only necessary to copy zonesets for VSANs that have empty databases), For example:
2. In both cases, save the config on the *affected* switch after step 1, For example:
To recover from condition 2 (isolated ISL) contact Cisco TAC for assistance.
Symptom : After a supervisor switchover, a subsequent ISL flap results in one or more VSAN becoming isolated on the ISL.
Conditions : These issues only occur in situations after the supervisors fail over or a user-initiated switch over ocuurs (but not an in service switchover situation, ie ISSU/ISSD). The preconditions are created before the switchover by activating zone changes (such as adding or removing zones from a zoneset) and is more likely to occur on systems with very large zone configurations.
The symptoms described here can occur if zones are modified while a switch is running any NX-OS release 5.2(2) to 5.2(8c) (inclusive), and 6.2(1) to 6.2(5) (inclusive).
Symptom : The security service crashes when configuring an SSH authentication key.
Configuring SSH keys multiple times within 10 minutes results in a HAP reset that resets the active supervisor.
Condition : This issue intermittently occurs when configuring an SSH authentication key.
Workaround : To avoid the supervisor reset, do not configure more than 2 SSH keys per 10 minutes.
Symptom : The RSCN or ZONE service crashes with the following syslog message:
A Cisco MDS 9700 switch can incur a switchover, however in most cases, the crash occurs again before the standby is available and the dual supervisor switch will reload.
Condition : This issue occurs only when "port" format RSCNs are configured and an RSCN is sent on the relevant VSAN. RSCNs are sent, for example, after activating zoneset changes or a link changing state. Further, only the following platforms are affected:
This issue does not occur when RSCNs are sent with "fabric" format.
Workaround : Use the default RSCN address format by removing the following lines from the switch configuration:
no zone rscn address-format port vsan
Note that some end devices may not support receiving RSCNs in this format.
Further Problem Description: This wrong data is constructed by the zone server. It can corrupt its own heap while creating the payload to put into MTS.
The crash can be either in the zone server or RSCN. It is just which module runs into the issue first. The fix that went in is to prevent both.
Symptom : An ISL connected over a DWDM path does not reach link up state.
Condition : This issue only applies to MDS 9700 DS-X9448-768K9 modules used with some DWDM vendors.
Further Problem Description : show interface shows the link in "Link failure or not-connected" with OLS/LRR and NOS increasing in both directions.
Symptom : An ISL does not initialize quickly across a DWDM connection. The link can take minutes, hours or even days to connect. Once connected, it is stable.
Condition : This issue only applies to DS-X9248-256K9 and DS-X9232-256K9 modules when connecting an ISL over a Tellabs 7100 DWDM path.
Further Problem Description : show interface shows the link in "Link failure or not-connected" with OLS/LRR and NOS increasing in both directions.
Symptom : Callhome stops working and callhome tests fail.
Condition : Only destination profiles of full_txt are configured.
Workaround : To prevent from hitting this defect, configure an additional destination profile that is either short_txt or XML.
To recover from this defect after it has already been hit, perform a system switchover or reload the switch.
Symptom : MDS fabric switch running in NPV mode fails to generate port-monitor alerts.
Condition : Applies to all MDS fabric switches running in NPV mode using port-monitor.
Applies to all versions prior to NX-OS 6.2(13).
Will occur only in the following conditions:
- After one or more upstream NP or TNP ports goes down and then back up.
- For each (T)NP port that flaps, one F port at the end of the range of ports
will no longer be scanned for port-monitor counter events. For example, if the
(T)NP port fc1/1 flaps then the last F port being used(ex. fc1/48) will no
longer be scanned for port-monitor counter events.
Workaround : There are two workarounds, one temporary and one permanent:
1 - Contact the TAC and they can assist with killing the port-monitor process. Once the port-monitor process restarts, all ports will be once again scanned.
This is only temporary in the sense that if an upstream (T)NP port flaps again the problem will recur
2 - Move the (T)NP ports to the end of the ports on the switch. For example, if there are four (T)NP uplinks on a MDS 9148 or MDS 9148S, then move them to fc1/45-fc1/48. Once this has been done the problem will not recur.
Further Problem Description : The fix is integrated into NX-OS 6.2(13) and later versions.
The documentation set for the Cisco MDS 9000 Series includes the documents listed in this section. To find a document online, access the following URL:
http://www.cisco.com/en/US/products/ps5989/tsd_products_support_series_home.html
The documentation set for Cisco Prime Data Center Network Manager is available from the following URL:
http://www.cisco.com/en/US/products/ps9369/tsd_products_support_series_home.html
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.