Cisco Nexus 3000 Series NX-OS Release Notes, Release 9.3(6)
This document describes the features, issues, and exceptions of Cisco NX-OS Release 9.3(6) software for use on Cisco Nexus 3000, 3100, 3200, 3400-S, 3500 and 3600 platform switches. For more information, see Related Content.
Note: The Cisco Nexus 34180YC and 3464C switches are not supported in Cisco NX-OS Release 9.3(6).
Note: The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.
Table 1: Online History Change
Date |
Description |
Jan 18, 2021 |
Updated the Upgrade and Downgrade section for Compact NX-OS Image. |
Nov 10, 2020 |
Cisco NX-OS Release 9.3(6) became available. |
Table 2: New Software Features
Feature |
Description |
Hide boot variable in running or starting config |
Support added for the service exclude-bootconfig command to exclude the boot nx-os image configuration from show and copy configuration commands. For more information, see the following documents: · Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x). · Cisco Nexus 3400-S NX-OS System Management Configuration Guide 9.3(x) · Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 9.3(x) · Cisco Nexus 3600 NX-OS System Management Configuration Guide, Release 9.3(x) . |
SVI Interfaces for BGP Interface Peering |
Support added for SVI Interfaces for BGP Interface Peering. For more information, see the following documents:
· Cisco Nexus 3000 NX-OS Unicast Configuration Guide, Release 9.3(x) · Cisco Nexus 3400-S NX-OS Unicast Configuration Guide, Release 9.3(x) · Cisco Nexus 3500 NX-OS Unicast Configuration Guide, Release 9.3(x) · Cisco Nexus 3600 NX-OS Unicast Configuration Guide, Release 9.3(x) |
Pre-compacted NX-OS Images |
Cisco Nexus 3048, 3064, 3132 (except for the N3K-C3132Q-V), and 3172 platform switches with a model number that does not end in -XL must run a “compact” NX-OS software image due to limited bootflash space. This “compact” image can be created using the NX-OS Compact Image procedure; alternatively, a compact NX-OS software image can be downloaded directly from Cisco's Software Download website. This requirement does not apply to any other model of Cisco Nexus 3000 or 3100 series switch. This requirement does not apply to the Nexus 3132Q-V switch. For more information, see the following documents: · “Upgrade and Downgrade” section in this document. · Cisco Nexus 3000 Series NX-OS Software Upgrade and Downgrade Guide, Release 9.3(x) |
Cisco NX-OS Release 9.3(6) does not include any new hardware.
Cisco Nexus 9000 Series switches and Cisco Nexus 3000 Series switches use the same NX-OS binary image also called the “unified" image. The binary image covers all the variations of the Cisco Nexus 3000 and 9000 series switches. Cisco NX-OS Release 9.2(1) was the first release that adopted unified version numbering. With unified version numbering, the platform designator is obsolete.
Moving forward for the previously identified platforms, we will be adopting the simplified 3-letter versioning scheme. For example, a release with X.Y(Z) would mean:
X – Unified release major
Y – Major / Minor release
Z – Maintenance release (MR)
Where the Z = 1 is always the first FCS release of a Major/Minor release.
An example of a previous release number is: 7.0(3)I7(4). In this format, the ‘I’ is the platform designator.
Note: In order to accommodate upgrade compatibility from an older software version that is expecting a platform designator, when the install all command is entered or the show install all impact command is entered, the version string appears as 9.3(6)I9(1). The “I9(1)” portion of the string can be safely ignored. It will later appear as 9.3(6).
Note: Cisco NX-OS Release 9.3(6) runs on all Cisco Nexus 3000 Series switches except the Cisco Nexus 34180YC and 3464C switches.
The following tables lists the open issues for Cisco Nexus 3000 Series switches in Cisco NX-OS Release 9.3(6). Click the Bug ID to search the Cisco Bug Search Tool for additional information about the bug.
■ Open Issues in Cisco Nexus 3000, 3100, 3200 and 3400-S Switches
■ Open Issues in Cisco Nexus 3500 Switches
Table 3: Open Issues in Cisco Nexus 3000, 3100, 3200 and 3400-S Series Switches
Bug ID |
Description |
Headline: Cyclic Redundancy Check (CRC) error on DR4(cmis4.0) to 100G FR on Cisco Nexus C3432D-S and C3408-S switches. Symptom: CRC seen on the 100G FR link.
Workaround: Flap the link that has CRC. |
The following tables list the resolved issues for Cisco Nexus 3000 Series switches in Cisco NX-OS Release 9.3(6). Click the Bug ID to search the Cisco Bug Search Tool for additional information about the bug.
■ Resolved Issues in Cisco Nexus 3000, 3100, 3200 and 3400-S Switches
■ Resolved Issues in Cisco Nexus 3500 Switches
Table 4: Resolved Issues in Cisco Nexus 3000, 3100, 3200, and 3400-S Series Switches
Bug ID |
Description |
Headline: Cisco Nexus C3132C-Z switches drops packets as input discards.
Symptom: The N3K-C3132C-Z is configured with trunk and traditional port-channel, directly connected devices with the VRRP and dot1q enabled. The VRRP can never come up (split brain master master), found the issue on N3k dropping the packets by input discard.
Workaround: 1. Create SVI for the corresponding VLAN 2. Disable IGMP snooping |
|
Headline: BCM-ATTACH optimization while BCM-SDK Initialization
Symptom: This is a rare failure while upgrading image using Fast Reload. Upgrade takes 3 minutes more than expected time of 30 seconds of Data plane downtime.
Workaround: None |
|
Headline: After fast reload upgrade IPv6 RA message sent out with a bit set though configured for a bit clear
Symptom: When you perform a fast-reload upgrade a Cisco Nexus 3064 switch from Cisco NX-OS Release 6.0(2)U6(7) to 7.0(3)I7(7a) the windows VM reportedly received IPv6 RA message from Cisco Nexus 3064 switch with a bit set though configured for a bit clear on VLAN SVI interface. This causes the VM to configure SLAAC Ipv6 address using RA message received. This caused VM to use SLAAC address over statis IPv6 address impacting VM reachability. interface Vlan702 ipv6 address 2603:10b0:90d:fcb2::1/64 ipv6 nd managed-config-flag ipv6 nd prefix 2603:10b0:90d:fcb2::/64 infinite infinite no-autoconfig
Workaround: None |
|
Headline: The allocated TCAM entries and slices are greater than the total on Cisco Nexus 3000 Switches
Symptom: After carving, the allocated entries and slices are greater than the total in the output of the command show system internal access-list globals
Workaround: None |
|
Headline: Cannot configure copp cir rate below 125 pps on N3K-C3408-S
Symptom: Following error is seen when configuring CIR rate below 125 pps for COPP class. (config-pmap-c)# police cir 100 pps bc 1 conform transmit violate drop ERROR PPS: Cir Value out of range[125:60000000 pps]
Workaround: None |
|
Headline: OSPF stuck in init status when vlan 1 vn-segment is configured
Symptom: OSPF stuck in init status and neighbor cannot be established after reload when vlan 1 vn-segment is configured.
Workaround: N/A |
|
Headline: “switchport dot1q ethertype 0x88a8” packets encapsulated in 0x8100 after chassis reload
Symptom: Ethernet II, Src: 70:6d:15:41:6b:43 (70:6d:15:41:6b:43), Dst: e4:c7:22:dc:f8:01 (e4:c7:22:dc:f8:01) Destination: e4:c7:22:dc:f8:01 (e4:c7:22:dc:f8:01) Address: e4:c7:22:dc:f8:01 (e4:c7:22:dc:f8:01) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: 70:6d:15:41:6b:43 (70:6d:15:41:6b:43) Address: 70:6d:15:41:6b:43 (70:6d:15:41:6b:43) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: 802.1Q Virtual LAN (0x8100) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Remains 0x8100 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 82 000. .... .... .... = Priority: 0 ...0 .... .... .... = CFI: 0 .... 0000 0101 0010 = ID: 82 Type: 802.1Q Virtual LAN (0x8100) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10 000. .... .... .... = Priority: 0 ...0 .... .... .... = CFI: 0 .... 0000 0000 1010 = ID: 10 Type: IP (0x0800)
Workaround: 1. default the ethertype after port flap no switchport dot1q ethertype 2. Re-apply the required ethertype switchport dot1q ethertype <> |
Table 5: Resolved Issues in Cisco Nexus 3500 Series Switches
Bug ID |
Description |
Headline: IF-MIB::ifInErrors. showing some error values even port is admin down / XCVR is not present
Symptom: IF-MIB::ifInErrors could show high error count even if interface is in shutdown state or if no transceiver is present. Also high level of input errors could be seen for multiple interfaces on "show interface" output even for the interfaces that are Down or have no transceiver inserted.
Workaround: Stop polling of stats on port 7891. |
|
Headline: %COPP-2-COPP_INVALID_POLICY_TEMPLATE: error observed with default COPP for copp-s-mpls
Symptom: Cisco Nexus 3500 Switches displays the following error message even when 1) no COPP class is missing 2) Default COPP is applied 3) setup command is ran to apply default copp-class 2020 Jul 13 13:52:18 switch %$ VDC-1 %$ %COPP-2-COPP_INVALID_POLICY_TEMPLATE: Current CoPP policy is missing system default class-maps. Please run "setup" command to configure missing class-maps.
Workaround: None
|
|
Headline: Incorrect LTL for Layer 2 multicast on Cisco Nexus 3500 switches
Symptom: A Cisco Nexus 3500 switch with IGMP snooping enabled may drop L2 multicast packets for some groups.
Workaround: Shut / no shut of outgoing interfaces may resolve the problem. |
|
Headline: L3 flow punted to CPU due to L3MTU failure
Symptom: Flapping SVI (VLAN is a non-vPC VLAN, and the SVI has customized MTU) many times could trigger the L3 flow punted to CPU. This issue impacts transmission performance at least, and affects the traffic goes out of the SVI with an MTU value of 1500.
Workaround: Apply an MTU value other than 1500 on the affected SVI, then re-apply MTU value -1500.
|
|
Headline: IP unicast reachability from SUP to any direct connect end host on Cisco Nexus 3548 Switches
Symptom: One of the Nexus across vPC is not reachable to direct connected device. All Control-plane generated IP unicast packet are impacted. L2 forwarding is fine on data plane. TX counter never increased.
Workaround: If we ping from the end host to the Nexus once, and everything for that specific Port-channel will start working again. ERSPAN with source interface as the peer-link and apply and than delete the static mac entry with exit port as peer-link will also bring the device out of the broken state. After reload, we will back to the broken state again. |
|
Headline: The transceiver is not recognized after configuring the command no negotiate auto
Symptom: After configuring no negotiate auto, even speed auto and negotiate auto again, the transceiver is not recognized.
Workaround: F340.09.02-3500-1(config-if)# negotiate auto F340.09.02-3500-1(config-if)# speed 10000 F340.09.02-3500-1(config-if)# no speed 40000 F340.09.02-3500-1(config-if)# copy run startup-config [########################################] 100% F340.09.02-3500-1(config-if)# show run int ethernet 1/1 all | include nego|speed speed auto negotiate auto F340.09.02-3500-1(config-if)# reload This command will reboot the system. (y/n)? [n] y |
|
Headline: MTC_USD crash seen while executing active buffer monitor show command
Symptom: switch(config)# 2020 Jul 18 05:10:06 switch %$ VDC-1 %$ %SYSMGR-SLOT1-2-SERVICE_CRASHED: Service "mtc_usd" (PID 28711) hasn't caught signal 11 (core will be saved). switch %$ VDC-1 %$ %SYSMGR-SLOT1-2-HAP_FAILURE_SUP_RESET: Service "mtc_usd" in vdc 1 has had a hap failure switch %$ VDC-1 %$ %SYSMGR-SLOT1-2-LAST_CORE_BASIC_TRACE: fsm_action_become_offline: PID 16896 with message Could not turn off console logging on vdc 1 error: mts req-response with syslogd in vdc 1 failed (0xFFFFFFFF) . switch %$ VDC-1 %$ %USER-2-SYSTEM_MSG: libsdk_tlv_dispatch:51: sse_call2 failed with rc=-1(Device Name:[0x3FF] Instance:[63] Error Type:[(null)] code:[255]) - iftmc switch %$ VDC-1 %$ %USER-2-SYSTEM_MSG: libsdk_tlv_fe_handler:216: TLV dispatch function failed, rc = -5(RPC error) - iftmc switch %$ VDC-1 %$ %USER-2-SYSTEM_MSG: libsdk_l3_route_stats_get:268: TLV front-end handler failed, rc = -5(RPC error) - iftmc switch %$ VDC-1 %$ %SYSMGR-SLOT1-2-LAST_CORE_BASIC_TRACE: core_client_main: PID 30213 with message filename = 0x102_mtc_usd_log.28711.tar.gz . switch %$ VDC-1 %$ %MODULE-2-MOD_DIAG_FAIL: Module 1 (Serial number: XXXXXXXXXX) reported failure due to Service on linecard had a hap-reset in device DEV_SYSMGR (device error 0x44a)
Workaround: Avoid executing below show commands. sh hardware profile buffer monitor buffer-block 1 detail sh hardware profile buffer monitor buffer-block 2 detail sh hardware profile buffer monitor buffer-block 3 detail |
|
Headline: Cisco Nexus 3500 Switches, L2 multicast drops when SVI with PIM enabled
Symptom: There is intermittent packet loss in L2 multicast traffic flowing through Cisco Nexus 3500 Switches when SVI with PIM is enabled for the same VLAN. This issue is not seen if SVI is removed or shutdown.
Workaround: Use one of the following methods: 1. remove SVI 2. shutdown SVI 3. remove PIM configuration from SVI 1. 4. configure static-oif to have particular S,G entry pre-populated in the mroute table |
The following tables lists the known behaviors in Cisco Nexus 3000 Series switches in Cisco NX-OS Release 9.3(6). Click the bug ID to search the Cisco Bug Search Tool for details about the bug.
Table 6: Known Behaviors in Cisco Nexus 3000 and 3100 Series Switches
Bug ID |
Description |
Headline: With switchport mac-learn disable command, MACs are still learnt on VNI enabled VLAN. Symptom: switchport mac-learn disable command/ configuration has no effect on VNI enabled VLAN. Workaround: None. |
|
Headline: The MPLS SR outputs stats incremented for all FECs with same next-hop during POP (swap with 3). Symptom: For Broadcom ASIC Based Trident series platform, In the MPLS SR topology the TX output stats are getting incremented for all FEC with same next hop. Workaround: None. |
Large core files are split into 3 or more files. For example:
■ 1405964207_0x101_iftmc_log.3679.tar.gzaa
■ 1405964207_0x101_iftmc_log.3679.tar.gzab
■ 1405964207_0x101_iftmc_log.3679.tar.gzac
To decode the multiple core files, first club the files to a single file:
$ cat 1405964207_0x101_iftmc_log.3679.tar.gz* > 1405964207_0x101_iftmc_log.3679.tar.gz
Table 7: Known Behaviors in Cisco Nexus 3500 Series Switches
Bug ID |
Description |
|
Headline: MTC does not support random-detect ECN. It only supports dctcp ecn. Unsupported cli has been removed for MTC. Symptom: MTC does not support random-detect ECN. It only supports dctcp ecn. Unsupported cli has been removed for MTC Workaround: Cisco Nexus 3500 switches support the command dctcp; but does not support random-detect ecn. The unsupported command (random-detect ecn) is removed in Cisco NX-OS Release 9.3(6). However, you may not get warnings or errors when you configure the command in releases earlier to Cisco NX-OS Release 9.3(6) and then upgrade to Cisco NX-OS Release 9.3(6). The unsupported command is retained in the running-configuration in such cases. |
The following tables list the Cisco Nexus 3000 Series hardware that Cisco NX-OS Release 9.3(6) supports. For additional information about the supported hardware, see the Hardware Installation Guide for your Cisco Nexus 3000 Series devices.
■ Cisco Nexus 3000 and 3100 Series Switches
■ Cisco Nexus 3000 and 3100 Series fans and fan trays and Power Supplies
■ Cisco Nexus 3200 Series Switches
■ Cisco Nexus 3400-S Series Switches
■ Cisco Nexus 3500 Series Switches
■ Cisco Nexus 3500 Series fans and fan trays, and Power Supplies
■ Cisco Nexus 3600 Series Switches
Table 8: Cisco Nexus 3000 and 3100 Series Switches
Product ID |
Description |
N3K-C3048TP-1GE |
Cisco Nexus 3048 switch |
N3K-C3064PQ |
Cisco Nexus 3064 switch |
N3K-C3064PQ-10GE |
Cisco Nexus 3064-E switch |
N3K-C3064PQ-10GX |
Cisco Nexus 3064-X switch |
N3K-C3064TQ-10GT |
Cisco Nexus 3064-TQ switch |
N3K-C31108PC-V |
Cisco Nexus 31108PC-V switch |
N3K-C31108TC-V |
Cisco Nexus 31108TC-V switch |
N3K-C31128PQ-10GE |
Cisco Nexus 31128PQ, 96 x 10 Gb-SFP+, 8 x 10-Gb QSFP+, 2-RU switch |
N3K-C3132C-Z |
Cisco Nexus 3132C-Z switch |
N3K-C3132Q-40GE |
Cisco Nexus 3132Q switch |
N3K-C3132Q-40GX |
Cisco Nexus 3132Q-X switch |
N3k-C3132Q-V |
Cisco Nexus 3132Q-V switch |
N3K-C3132Q-XL |
Cisco Nexus C3132Q-XL switch |
N3K-C3164Q-40GE |
Cisco Nexus 3164Q, 64 x 40-Gb SFP+, 2-RU switch |
N3K-C3172PQ-10GE |
Cisco Nexus 3172PQ switch |
N3K-C3172PQ-XL |
Cisco Nexus C3172PQ-XL switch |
N3K-C3172TQ-10GT |
Cisco Nexus 3172TQ switch |
N3K-C3172TQ-XL |
Cisco Nexus C3172TQ-XL switch |
Table 9: Cisco Nexus 3000 and 3100 Series Fans, Fan Trays and Power Supplies
Product ID |
Description |
N2200-PAC-400W |
Cisco Nexus 2000 or 3000 400W AC power supply, forward airflow (port side exhaust) |
N2200-PAC-400W-B |
Cisco Nexus 2000 or 3000 400W AC power supply, reverse airflow (port-side intake) |
N2200-PDC-400W |
Cisco Nexus 2000 or 3000 400W DC power supply, forward airflow (port side exhaust) |
N3K-C3048-FAN |
Cisco Nexus 3048 fan module with forward airflow (port-side exhaust) |
N3K-C3048-FAN-B |
Cisco Nexus 3048 fan module with reverse airflow (port-side intake) |
N3K-C3064-X-BA-L3 |
Cisco Nexus 3064-X reverse airflow (port-side intake) AC power supply |
N3K-C3064-X-BD-L3 |
Cisco Nexus 3064-X forward airflow (port-side intake) DC power supply |
N3K-C3064-X-FA-L3 |
Cisco Nexus 3064-X forward airflow (port-side exhaust) AC power supply |
N3K-C3064-X-FD-L3 |
Cisco Nexus 3064-X forward airflow (port-side exhaust) DC power supply |
N3K-PDC-350W-B |
Cisco Nexus 2000 DC power supply with reverse airflow (port-side intake) |
N3K-PDC-350W-B |
Cisco Nexus 2000 or 3000 350W DC power supply, reverse airflow (port side intake) |
NXA-FAN-30CFM-B |
Cisco Nexus 2000 or 3000 individual fan, reversed airflow (port-side intake) |
NXA-FAN-30CFM-F |
Cisco Nexus 2000 or 3000 individual fan, forward airflow (port-side exhaust) |
NXA-PAC-500W |
Cisco Nexus 3064-T 500W forward airflow (port-side exhaust) AC power supply |
NXA-PAC-500W-B |
Cisco Nexus 3064-T 500W reverse airflow (port-side intake) AC power supply |
Table 10: Cisco Nexus 3200 Series Switches
Product ID |
Description |
N3K-C3232C |
Cisco Nexus 3232C switch |
N3K-C3264C-E |
Cisco Nexus 3264C-E switch |
N3K-C3264Q |
Cisco Nexus 3264Q switch |
Table 11: Cisco Nexus 3400-S Series Switches
Product ID |
Description |
N3K-C3408-S |
Cisco Nexus 3408-S switch with 32 ports of QSFP-DD |
N3K-C3432D-S |
Cisco Nexus 3432D-S switch with 32 ports of QSFP-DD |
Table 12: Cisco Nexus 3500 Series Switches
Product ID |
Description |
N3K-C3524P-10G |
Cisco Nexus 3524 switch |
N3K-C3524P-10GX |
Cisco Nexus 3524 switch, 24 SFP+ |
N3K-C3524P-XL |
Cisco Nexus 3524-XL switch |
N3K-C3548P-10G |
Cisco Nexus 3548 switch |
N3K-C3548P-10GX |
Cisco Nexus 3548X switch, 48 SFP+ |
N3K-C3548P-XL |
Cisco Nexus 3548-XL switch |
Table 13: Cisco Nexus 3500 Series Fans, Fan Trays and Power Supplies
Product ID |
Description |
N2200-PAC-400W |
Cisco Nexus 2000 or 3000 400W AC power supply, forward airflow (port side exhaust) |
N2200-PAC-400W-B |
Cisco Nexus 2000 or 3000 400W AC power supply, reverse airflow (port side intake) |
N2200-PDC-400W |
Cisco Nexus 2000 or 3000 400W DC power supply, forward airflow (port side exhaust) |
N3K-PDC-350W-B |
Cisco Nexus 2000 or 3000 350W DC power supply, reverse airflow (port side intake) |
NXA-FAN-30CFM-B |
Cisco Nexus 2000 or 3000 individual fan, reverse airflow (port side intake) |
NXA-FAN-30CFM-F |
Cisco Nexus 2000 or 3000 individual fan, forward airflow (port side exhaust |
Table 14: Cisco Nexus 3600 Series Switches
Product ID |
Description |
N3K-C3636C-R |
The Cisco Nexus 3636C-R is a 1 rack unit (RU) switch with 36 100-Gigabit QSFP28 ports, 40-Gigabit QSFP, 2 management ports, 1 console port, and 1 USB port. The switch supports both port-side exhaust and port-side intake airflow schemes. The switch has two power supplies, one for operations and the other for redundancy. Both power supplies must be either AC power supplies or DC power supplies. |
N3K-C36180YC-R
|
The Cisco Nexus 36180YC-R is a 1 rack unit (RU) switch with 48 1/10/25-Gigabit SFP ports and 6 40-Gigabit QSFP/100-Gigabit QSFP28 ports, 1 management port, 1 console port, and 1 USB port. The switch supports both port-side exhaust and port-side intake airflow schemes. The switch has two power supplies, one for operations and the other for redundancy. Both power supplies must be either AC power supplies or DC power supplies. |
To perform a software upgrade for Cisco Nexus 3000 and 3100 Series switches that run in N3K mode, follow the instructions in the Cisco Nexus 3000 Series NX-OS Software Upgrade and Downgrade Guide, Release 9.3(x).
To perform a software upgrade for Cisco Nexus 3100 Series switches that run in N9K mode, follow the instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 9.3(x).
This section includes the following topics:
■ Upgrade Path to Cisco NX-OS Release 9.3(6)
■ Guidelines and Limitations - Upgrade
For the list of platforms and releases that support a non-disruptive In-Service Software Upgrade (ISSU) to Cisco NX-OS Release 9.3(6), see the Cisco NX-OS ISSU Support Matrix.
The following disruptive upgrade paths are supported:
· For Cisco Nexus 3000 and 3100 Series switches (except Cisco Nexus 3048, 3132C-Z, 3164Q, 31128PQ, and 3100-V switches), use one of the two following upgrade paths:
· Release 6.0(2)U5(1) -> Release 6.0(2)U6(10) -> Release 7.0(3)I7(8) -> Release 9.3(6)
· Release 9.2(1) -> Release 9.2(4) -> Release 9.3(6)
· For Cisco Nexus 3048 switches, use one of the two following upgrade paths:
· Release 6.0(2)U5(1) -> Release 6.0(2)U6(10) -> Release 7.0(3)I7(8) -> Release 9.3(6)
· Release 9.2(1) -> Release 9.2(4) -> Release 9.3(6)
· For Cisco Nexus 3132C-Z Series switches:
Release 9.2(2) or later -> Release 9.3(6)
· For Cisco Nexus 3164Q, 31128PQ, and 3100-V switches:
Release 7.0(3)I2(1) or later -> Release 9.3(6)
· For Cisco Nexus 3264C-E switches:
Release 9.2(1) -> Release 9.3(6)
The following guidelines and limitations are applicable when you upgrade to Cisco NX-OS Release 9.3(6):
■ Cisco Nexus 3048, 3064, 3132 (except for the N3K-C3132Q-V), and 3172 platform switches with a model number that does not end in -XL must run a “compact” NX-OS software image due to limited bootflash space. This “compact” image can be created using the NX-OS Compact Image procedure; alternatively, a compact NX-OS software image can be downloaded directly from Cisco's Software Download website. This requirement does not apply to any other model of Cisco Nexus 3000 or 3100 series switch. This requirement does not apply to the Nexus 3132Q-V switch.
■ The MD5/SHA512 checksum published on Cisco's Software Download website for a compact NX-OS software image may not match the MD5/SHA512 checksum of a compact image created through the NX-OS Compact Image procedure.
■ The only supported method of upgrading is install all from Release 6.0(2)U6(3a) or later due to the need to upgrade the BIOS. Without the Release 9.3(6) BIOS, the 9.3(2) image will not load.
■ While performing a non-disruptive ISSU, VRRP and VRRPV3 will display the following messages:
· If VRRPV3 is enabled:
2015 Dec 29 20:41:44 MDP-N9K-6 %$ VDC-1 %$ %USER-0-SYSTEM_MSG: ISSU ERROR: Service "vrrpv3" has sent the following message: Feature vrrpv3 is configured. User can change vrrpv3 timers to 120 seconds or fine tune these timers based on upgrade time on all Vrrp Peers to avoid Vrrp State transitions. – sysmgr
· If VRRP is enabled:
2015 Dec 29 20:45:10 MDP-N9K-6 %$ VDC-1 %$ %USER-0-SYSTEM_MSG: ISSU ERROR: Service "vrrp-eng" has sent the following message: Feature vrrp is configured. User can change vrrp timers to 120 seconds or fine tune these timers based on upgrade time on all Vrrp Peers to avoid Vrrp State transitions. – sysmgr
■ Change the port mode from oversubscribed to line-rate and then reload the switch:
§ On Nexus 31108PC-V and 31108TC-V switches, change from 48x10g+6x100g to 48x10g+4x100g+2x40g.
§ On Nexus 3132Q-V switches change from 32x40g or 26x40g to 24x40g.
■ Change the switching-mode from cut-through to store-and-forward and then reload the switch.
■ An error occurs when you try to perform an ISSU if you changed the reserved VLAN without entering the copy running-config save-config and reload commands.
■ Subinterfaces cannot be used as network ports.
§ Cisco Nexus 3000-XL platforms do not support breakout using speed 10000 CLI command. Use the interface breakout module 1 port <num> map 10g-4x CLI command instead.
§ Chunking is enabled while displaying XML output for any CLI, and html tags (& lt; and & gt;) are displayed instead of < and > both on the sandbox and while running the Python script (See CSCup84801).
This is expected behavior. Each chunk should be in XML format for you to parse it and extract everything inside the <body> tag. This is done so that it can be later concatenated with similar output from all the chunks of the CLI XML output. After all the chunks are concatenated to get the complete XML output for the CLI, this complete XML output can be parsed for any parameter.
The following workaround is recommended to address this issue:
· Concatenate the <body> outputs from each chunk
· Replace all the html tags (& lt; and & gt;) with < and >
· Parse for any XML tag needed
■ If you use the write erase command, you cannot view the output for the show startup feature command. To view the startup configuration, you must then use the show startup-config command. This limitation will remain until you run the copy running-config startup-config command. After that, the show startup-config feature command will display the feature-only configuration output as expected (See CSCuq15638).
■ A Python traceback is seen while running the show xml command by using the Python shell. The exception type is httplib.IncompleteRead. This happens when you use Python scripts to leverage the NXAPI for retrieving switch data through XML or JSON. You should handle the exceptions in your Python scripts (See CSCuq19257).
■ While upgrading to a new release, when you create a checkpoint without running the setup script, the checkpoint file does not contain the copp-s-mpls class. After you run the write erase command and reload the switch, the copp-s-mpls class is created when the default configuration is applied. When a rollback is done to this checkpoint file, it detects a change in the CoPP policy and tries to delete all class-maps. Because you cannot delete static class-maps, this operation fails, and, in turn, the rollback also fails.
This can also happen if you create a checkpoint, then create a new user-defined class and insert the new class before any other existing class (See CSCup56505).
The following workarounds are recommended to address this issue:
· Run setup after upgrading to a new release.
· Always insert the new classes at the end before a rollback.
■ When both the ip icmp-errors source and ip source intf icmp error commands are configured, then the command that is configured last takes effect.
Thereafter, if the last configured command is removed, the switch does not get configured with the command that was configured first.
■ Users who upgrade to 9.3(2) need to run the set-up script if they want to enable the MPLS static or the VRRpv3 feature.
■ The following Cisco Nexus 9000 features are not supported on the Cisco Nexus 3100 Series switches in N3K or N9K mode:
· FEX
· Multicast PIM Bidir
· Port VLAN (PV) switching and routing support for VXLAN
· Auto-Config
· Secure login enhancements:
· Ability to block login attempts and enforce a quiet period
· Ability to restrict the maximum login sessions per user
· Ability to restrict the password length
· Ability to prompt the user to enter a password after entering the username
· Ability to hide the shared secret used for RADIUS or TACACS+ authentication or accounting
· SHA256 hashing support for encrypted passwords
· SHA256 algorithm to verify operating system integrity
· Non-hierarchical routing mode
· NX-API REST
■ Link Level Flow Control (LLFC) is not supported on Cisco Nexus 3000 series and Cisco Nexus 3100 series switches.
■ You can disable IGMP snooping either globally or for a specific VLAN.
■ You cannot disable IGMP snooping on a PIM enabled SVIs. The warning message displayed is: IGMP snooping cannot be disabled on a PIM enabled SVIs. There are one or more VLANs with PIM enabled.
■ The Cisco Nexus 3000 Series switches (non-XL platforms, having 4 GB RAM) cannot tftpboot non-compacted 9.3(2) software image from the loader prompt. Hence, you must keep one working image in the bootflash. Tftp of non-compacted can be supported only on the Cisco Nexus Series switches having 8 GB or more RAM (XL platform).
■ Enhanced ISSU to Cisco NX-OS Release 9.3(6) is not supported.
■ The following switches do not support an ISSU (nondisruptive upgrade) to Cisco NX-OS Release 9.3(6):
· 3016Q
· 3048TP
· 3064PQ, 3064PQ-E, 3064PQ-X, and 3064TQ
· 3132Q, 3132Q-X, 3172PQ, and 3172TQ
■ Before performing an ISSU to Cisco NX-OS Release 9.3(6), you must configure the BGP graceful restart timer to 180 seconds for Cisco Nexus 3132Q-XL, 3132Q-V, 3172PQ-XL, 3172TQ-XL, N3K-C3232C, and N3K-C3264Q-S platform switches.
■ If you downgrade the Cisco Nexus device from Cisco NX-OS Release 9.3(6) to the previous NX-OS releases by setting the boot variables and reloading the switch, all earlier configurations of the segment-routing mpls will be lost.
To perform a software upgrade, follow the instructions in the Cisco Nexus 3400-S Series NX-OS Software Upgrade and Downgrade Guide, Release 9.3(x).
For the list of platforms and releases that support a non-disruptive In-Service Software Upgrade (ISSU) to Cisco NX-OS Release 9.3(6), see the Cisco NX-OS ISSU Support Matrix.
The following disruptive upgrade paths are supported:
§ For Cisco Nexus 3232C and 3264Q switches:
Release 7.0(3)I3(1) or later -> Release 9.3(6)
§ For Cisco Nexus 3264C-E switches:
Release 9.2(1) or 9.2(2) -> Release 9.3(6)
§ For Cisco Nexus 3408-S and 3432D-S switches:
Release 9.2(2t) to 9.2(2v) -> Release 9.3(6)
Release 9.2(2v) -> Release 9.3(6)
To perform a software upgrade, follow the instructions in the Cisco Nexus 3500 Series NX-OS Software Upgrade and Downgrade Guide, Release 9.3(x). This section includes the following topics:
■ Upgrade Path to Cisco NX-OS Release 9.3(6)
■ Guidelines and Limitations - Upgrade
The following disruptive upgrade paths are supported for the XL platforms:
§ Release 7.0(3)I7(2) or later -> Release 7.0(3)I7(8) -> Release 9.3(6)
§ Release 9.2(1) -> Release 9.2(4) -> Release 9.3(6)
The following disruptive upgrade paths are supported for the non-XL platforms:
· Release 6.0(2)A8(2) or later -> Release 6.0(2)A8(7b) or later -> Release 7.0(3)I7(8) or later -> 9.3(6)
· Release 6.0(2)A8(2) or later -> Release 6.0(2)A8(7b) or later -> Release 9.2(4) or later -> 9.3(6)
· Release 6.0(2)A7(2a) or earlier -> Release 6.0(2)A8(9) -> Release 7.0(3)I7(8) or later -> Release 9.3(6)
· Release 6.0(2)A7(2a) or earlier - > Release 6.0(2)A8(7b) or later -> Release 9.2(4) or later -> 9.3(6)
The following guidelines and limitations are applicable when you upgrade from Cisco NX-OS Release 7.0(3)I7(2) or later to Cisco NX-OS Release 9.3(6):
■ If a custom CoPP policy is applied after upgrading to Cisco NX-OS Release 7.0(3)I7(2) or later, and if the Nexus 3548 switch is downgraded to Cisco NX-OS Release 5.0, where changes to the CoPP policy are not permitted, the custom CoPP policy is retained and cannot be modified.
■ copy r s and reload is not a supported method for an upgrade.
■ You must run the setup script after you upgrade to Cisco NX-OS Release 9.3(6).
■ Cisco Nexus 3548 and 3548-X platform switches must run a “compact” NX-OS software image due to limited bootflash space. This “compact” image can be created using the NX-OS Compact Image procedure; alternatively, a compact NX-OS software image can be downloaded directly from Cisco's Software Download website. This requirement does not apply to the Cisco Nexus 3548-XL switch.
■ The MD5/SHA512 checksum published on Cisco's Software Download website for a compact NX-OS software image may not match the MD5/SHA512 checksum of a compact image created through the NX-OS Compact Image procedure.
■ install all is the only upgrade method supported because of a BIOS upgrade requirement.
■ The following limitations are applicable when you upgrade from Cisco NX-OS Release 6.0(2)A8(7b), 6.0(2)A8(8), or 6.0(2)A8(9) to Cisco NX-OS Release 9.3(6):
o If Cisco Catalyst devices are connected via a vPC to a pair of Nexus 3500 switches with the vPC peer switch feature enabled, a partial or complete network outage may be caused as a result of the Cisco Catalyst devices error-disabling their port-channel interfaces due to EtherChannel Guard. To prevent this from happening, we recommend that you temporarily disable the EtherChannel Guard feature on vPC-connected Cisco Catalyst devices while the Nexus 3500 devices are being upgraded. For more information, see CSCvt02249.
To perform a software upgrade, follow the instructions in the Cisco Nexus 3600 Series NX-OS Software Upgrade and Downgrade Guide, Release 9.3(x).
The following disruptive upgrade paths are supported:
■ Release 9.2(1) or 9.2(2)-> Release 9.3(6)
■ Release 7.0(3)F3(4) -> Release 9.3(6)*
■ Release 7.0(3)F3(3c) -> Release 9.3(6)*
■ Release 7.0(3)F3(3) -> Release 7.0(3)F3(4) -> Release 9.3(6)*
* These upgrade paths require write erase and reload.
The Cisco Management Information Base (MIB) list includes Cisco proprietary MIBs and many other Internet Engineering Task Force (IETF) standard MIBs. These standard MIBs are defined in Requests for Comments (RFCs). To find specific MIB information, you must examine the Cisco proprietary MIB structure and related IETF-standard MIBs supported by the Cisco Nexus 3000 Series switch. The MIB Support List is available at the following FTP sites:
ftp://ftp.cisco.com/pub/mibs/supportlists/nexus3000/Nexus3000MIBSupportList.html
The following features are not supported for the Cisco Nexus 3232C and 3264Q switches:
■ 3264Q and 3232C platforms do not support the PXE boot of the NX-OS image from the loader.
■ Automatic negotiation support for 25-Gb and 50-Gb ports on the Cisco Nexus 3232C switch.
■ Cisco Nexus 2000 Series Fabric Extenders (FEX)
■ Cisco NX-OS to ACI conversion (The Cisco Nexus 3232C and 3264Q switches operate only in Cisco NX-OS mode.)
■ DCBXP
■ Designated router delay
■ DHCP subnet broadcast is not supported
■ Due to a Poodle vulnerability, SSLv3 is no longer supported
■ Enhanced ISSU. NOTE: Check the appropriate guide to determine which platforms support Enhanced ISSU.
■ FCoE NPV
■ Intelligent Traffic Director (ITD)
■ MLD
■ NetFlow
■ PIM6
■ Policy-based routing (PBR)
■ Resilient hashing
■ SPAN on CPU as destination
■ Virtual port channel (vPC) peering between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 9300 platform switches or between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 3100 Series switches
■ VXLAN IGMP snooping
To determine which transceivers and cables are supported by Cisco Nexus 3000 Series switches, see the Transceiver Module (TMG) Compatibility Matrix.
To see the transceiver specifications and installation information, see https://www.cisco.com/c/en/us/support/interfaces-modules/transceiver-modules/products-installation-guides-list.html.
Cisco Nexus 3000 Series documentation: Cisco Nexus 3000 Series switch documentation
Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference: Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference
Cisco Nexus OpenConfig YANG Reference, Release 9.3(x): Cisco Nexus OpenConfig YANG, Release 9.3(x)
Licensing information:
Cisco Nexus 9000 and 3000 Series NX-OS Switch License Navigator
To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus3k-docfeedback@cisco.com. We appreciate your feedback.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
© 2021 Cisco Systems, Inc. All rights reserved.