Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I3(1)
This document describes the features, caveats, and limitations for Cisco NX-OS Release 7.0(3)I3(1) software for use on the Cisco Nexus 9000 Series switches, the Cisco Nexus 31128PQ switch, and the Cisco Nexus 3164Q switch. Use this document in combination with documents listed in Related Documentation.
Note: Starting with Cisco NX-OS Release 7.0(3)I2(1), the Cisco NX-OS image filename has changed to start with "nxos" instead of "n9000."
Table 1 shows the online change history for this document.
Table 1. Online History Change
Date |
Description |
September 28, 2020 |
Upgrade and Downgrade section revised. |
September 4, 2017 |
Updated the instructions for upgrading from Cisco NX-OS Releases 7.0(3)I1(2), 7.0(3)I1(3), or 7.0(3)I1(3a). |
June 21, 2017 |
Replace X9564TX2 with X9464TX2. |
February 9, 2016 |
Created the release notes for Release 7.0(3)I3(1). |
February 11, 2016 |
■ Added CSCux24692 to Open Caveats. ■ Added micro-burst detection to the list of new features for 3232C and 3264Q switches. ■ Removed SSLv3 from unsupported features ■ Removed TAP aggregation from the list of unsupported features for 3232C and 3264Q switches. ■ Removed “A private VLAN port can be configured as a SPAN source port” from Limitations with Other Features. |
February 12, 2016 |
■ Added CSCux69872 to Resolved Caveats. ■ Added CSCuy16277 to Open Caveats. |
February 15, 2016 |
Removed VM tracker from the list of unsupported Cisco Nexus 3232C and 3264 Q switch features. |
February 24, 2016 |
Moved CSCuw02188 to Resolved Caveats. Removed the following bugs from Open Caveats: ■ CSCuj51631 ■ CSCuq68788 ■ CSCuu15598 ■ CSCuu37225 ■ CSCuu87126 ■ CSCux52183 ■ CSCuv63473 |
February 25,2016 |
■ Noted that N9K-C9272Q supports breakout only on ports 38-72 (changed to ports 37-71 on April 14, 2016). ■ Added more detail about the following in the New Software Features section: ¯ Cisco Nexus 9000 FCoE Features ¯ Cisco Nexus 9000 QoS Features ¯ Cisco Nexus 9000 Interfaces Features |
February 26, 2016 |
■ Added the 9516 switch to the list of switches that ISSU (In-Service Software Upgrade) is supported on. ■ Added NAT and Segment Routing to the unsupported note for ISSU. ■ Added the 3232C and 3264Q switches to New Hardware Features. |
February 29, 2016 |
Clarified the statement in the Supported FEX Modules note. |
March 3, 2016 |
■ Added info to the Upgrade Instructions about the required patch for upgrading with specific platforms. ■ Removed CSCux29578. ■ Added a power supply (N9K-PDC-3000W-B) to New Hardware Features. |
March 4, 2016 |
■ Updated the Cisco Software Releases table. ■ Updated Limitations. ■ Updated Supported FEX Modules. |
March 15, 2016 |
Merged two similar notes in the Supported FEX Modules section. |
March 23, 2016 |
Removed the bullets stating that private VLANs support PVLAN across switches: ■ Through a regular trunk port-channel ■ Through a regular vPC-port |
April 4, 2016 |
Added dynamic breakout support to the list of new Cisco Nexus 3232C and 3264Q features. |
April 5, 2016 |
■ Added N9K-PUV-3000W-B to New Hardware Features ■ Added SNMP to list of Other Unsupported Features. |
April 8, 2016 |
■ Added the following statement to Limitations: The N9K-X9408PC-CFP2 line card does not support port channeling. ■ Added the resilient hashing for ECMP feature to the list of limitations for Cisco Nexus 9200 Series Switches. |
April 14, 2016 |
The N9K-C9272Q supports breakout only on ports 37-71. |
April 15, 2016 |
Corrected the breakout support description for the Cisco Nexus C92160YC switch. |
April 28, 2016 |
Added the following to New Software Features: ■ VXLAN EVPN is now supported on the following Cisco Nexus switches: ¯ 92160YC-X ¯ 9272Q ¯ 92304QC ■ VXLAN Flood and Learning is now supported on the following Cisco Nexus switches: ¯ 92160YC-X ¯ 9272Q ¯ 92304QC |
May 5, 2016 |
Removed CSCux42376 from Open Caveats. |
May 10, 2016 |
Added guidelines to the IP Unnumbered interface feature. |
May 25, 2016 |
■ Added Cisco Nexus 9408 Line Card and 9300 Series Leaf Switches section ■ Added to FEX limitations: VTEP connected to FEX host interface ports is not supported. ■ Added to the Supported FEX Modules section: Note: For Cisco Nexus 9500 switches, 4x10G breakout for FEX connectivity is not supported. Native 10G or 40G should be used. |
June 2, 2016 |
Changed the description of the N9K-C9272Q. |
June 6, 2016 |
■ Updated Table 2 ■ Added link to Cisco Nexus 31128PQ Switch - Read Me First |
Guidelines and Limitations for Private VLANs
Obtaining Documentation and Submitting a Service Request
Cisco NX-OS software is a data center-class operating system designed for performance, resiliency, scalability, manageability, and programmability at its foundation. The Cisco NX-OS software provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in mission-critical data center environments. The modular design of the Cisco NX-OS operating system makes zero-impact operations a reality and enables exceptional operational flexibility.
The Cisco Nexus 9000 Series uses an enhanced version of Cisco NX-OS software with a single binary image that supports every switch in the series, which simplifies image management.
This section includes the following sections:
■ Supported Cisco Software Releases
Table 2 summarizes information about the Cisco Nexus platforms and software release versions that Cisco OpenFlow Plug-in supports.
Table 2. Cisco Plug-in for OpenFlow Compatibility Matrix
Switches |
Cisco Plug-in for OpenFlow |
Cisco Nexus 9300 Series switches and Cisco Nexus 31128PQ, 3232C, and 3264Q switches NX-OS 7.0(3)I3(1) |
ofa-2.1.4-r2-nxos-SPA-k9.ova |
Cisco Nexus 9300 Series switches and Cisco Nexus 31128PQ switches NX-OS 7.0(3)I2(1) |
ofa-2.1.0-r1-nxos-SPA-k9.ova |
Table 3 lists the Cisco Nexus 9000 Series hardware that Cisco NX-OS Release 7.0(3)I3(1) supports. For additional information about the supported hardware, see the Hardware Installation Guide for your Cisco Nexus 9000 Series device.
Table 3. Cisco Nexus 9000 Series Hardware
Product ID |
Hardware |
Quantity |
N9K-X9464TX |
Cisco Nexus 9400 Series 48-port, 1-/10-Gbps BASE-T plus 4-port QSFP I/O module |
■ Up to 8 in the Cisco Nexus 9508 ■ Up to 4 in the Cisco Nexus 9504 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9564PX |
Cisco Nexus 9500 Series 48-port, 1-/10-Gbps SFP+ plus 4-port QSFP I/O module |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9536PQ |
Cisco Nexus 9500 36-port, 40 Gigabit Ethernet QSFP aggregation module |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9636PQ |
Cisco Nexus 9500 Series 36-port 40-Gigabit QSFP I/O module Note: Not supported on the Cisco Nexus 9516 switch (N9K-C9516). |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 |
N9K-X9464PX |
Cisco Nexus 9500 Series 48-port 10-Gigabit SFP+ plus 4-port QSFP I/O module |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9464TX |
Cisco Nexus 9500 Series 48-port 10-GBASE-T plus 4-port QSFP I/O module |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9464TX2 |
Cisco Nexus 9500 Series 48-port 10-GBASE-T plus 4-port QSFP I/O module |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9432C-S |
A 32-port 100-Gigabit QSFP28 I/O module. This module is supported only on chassis with four generation 2 fabric modules (N9K-C9508-FM-S) installed (currently, that is only on the Cisco Nexus 9508 chassis). |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-X9432PQ |
Cisco Nexus 9500 Series 32-port 40-Gigabit QSFP I/O module Note: The Cisco Nexus X9432PQ I/O module supports static breakout. |
Up to 8 in the Cisco Nexus 9508 |
N9K-X9408PC-CFP2 |
Cisco Nexus 9500 Series 8-port 100-Gigabit CFP2 I/O module for the Cisco Nexus 9504, 9508, and 9516 modular switches |
■ Up to 4 in the Cisco Nexus ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 16 in the Cisco Nexus 9516 |
N9K-SC-A |
Cisco Nexus 9500 Series System Controller Module |
2 |
N9K-SUP-A |
Cisco Nexus 9500 Series supervisor module |
2 |
N9K-SUP-B |
Cisco Nexus 9500 Series supervisor B module |
2 |
N9K-PAC-3000W-B |
Cisco Nexus 9500 Series 3000 W AC power supply |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 10 in the Cisco Nexus 9516 |
N9K-PDC-3000W-B |
Cisco Nexus 9500 Series 3000 W DC power supply |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 10 in the Cisco Nexus 9516 |
N9K-PUV-3000W-B |
Cisco Nexus 9500 3-kW Universal AC/DC power supply |
■ Up to 4 in the Cisco Nexus 9504 ■ Up to 8 in the Cisco Nexus 9508 ■ Up to 10 in the Cisco Nexus 9516 |
N9K-C9516-FM |
Cisco Nexus 9500 Series fabric module |
3-6 depending on the line card |
N9K-C9508 |
Cisco Nexus 9508 8-slot chassis |
1 |
N9K-C9508-FAN |
Cisco Nexus 9508 fan trays |
3 |
N9K-C9508-FM |
Cisco Nexus 9508 Series fabric module |
3-6 depending on the line card |
N9K-C9508-FM-S |
A generation 2 fabric module that is required for the 100-Gigabit (-S) I/O modules. When used, there must be 4 of these fabric modules installed in fabric slots 22, 23, 24, and 26. Currently, this fabric module is supported on only the Cisco Nexus 9508 modular chassis. |
4 |
N9K-C9504 |
Cisco Nexus 9504 4-slot chassis |
1 |
N9K-C9504-FAN |
Cisco Nexus 9504 fan trays |
3 |
N9K-C9504-FM |
Cisco Nexus 9504 fabric module |
3 to 6 depending on line card |
N9K-C9396PX |
Cisco Nexus 9300 48-port, 1/10-Gigabit Ethernet SFP+ and 12-port, 40-Gigabit Ethernet QSPF switch |
1 |
N9K-C9396TX |
Cisco Nexus 9300 48-port, 1/10-Gigabit Ethernet BASE-T and 12-port, 40-Gigabit Ethernet QSFP switch |
1 |
N9K-C9372PX |
Cisco Nexus 9300 48-port, 1/10-Gigabit Ethernet SFP+ and 6-port, 40-Gigabit Ethernet QSFP switch |
1 |
N9K-C9372PX-E |
An enhanced version of the N9K-C9372PX. |
|
N9K-C9372TX |
Cisco Nexus 9300 48-port, 1/10-Gigabit Ethernet BASE-T and 6-port, 40-Gigabit Ethernet QSFP switch |
1 |
N9K-C9372TX-E |
An enhanced version of the N9K-C9372TX. |
1 |
N9K-C9332PQ |
Cisco Nexus 9300 32-port, 40-Gigabit Ethernet QSFP switch with support for 4x10G breakout mode ■ Ports 1 to 26 (except 13 and 14) support 4x10G breakout mode. ■ Ports 27 to 32 (ALE uplink ports) support using QSA for 10G SFP/SFP+ transceivers in QSFP+ ports |
1 |
N9K-C93128TX |
Cisco Nexus 9300 switch with 96 1-/10-Gigabit BASE-T ports and eight 40-Gigabit Ethernet QSPF ports (The 1-/10-Gigabit BASE-T ports also support a speed of 100 Megabits.) |
1 |
N9K-C93120TX |
Cisco Nexus 93120TX switch with 96 1-/10-Gigabit BASE-T ports and 6 QSFP uplink ports |
1 |
N9K-PAC-650W |
Cisco Nexus 9300 650 W AC power supply, hot air out (red) Note: For use with the Cisco Nexus 9396 switch (N9K-C9396PX). |
2 or less |
N9K-PAC-650W-B |
Cisco Nexus 9300 650 W AC power supply, cold air in (blue) Note: For use with the Cisco Nexus 9396 switch (N9K-C9396PX). |
2 or less |
N9K-PAC-1200W |
Cisco Nexus 9300 1200 W AC power supply, hot air out (red) Note: For use with the Cisco Nexus 93128 switch (N9K-C93128TX). |
2 or less |
N9K-PAC-1200W-B |
Cisco Nexus 9300 1200 W AC power supply, cold air in (blue) Note: For use with the Cisco Nexus 93128 switch (N9K-C93128TX). |
2 or less |
N9K-C9300-FAN1 |
Cisco Nexus 9300 fan 1, hot air out (red) Note: For use with the Cisco Nexus 9396 switch (N9K-C9396PX). |
3 |
N9K-C9300-FAN1-B |
Cisco Nexus 9300 fan 1, cold air in (blue) Note: For use with the Cisco Nexus 9396 switch (N9K-C9396PX). |
3 |
N9K-C9300-FAN2 |
Cisco Nexus 9300 fan 2, port side intake (red) Note: For use with the Cisco Nexus 93128 switch (N9K-C93128TX). |
3 |
N9K-C9300-FAN2-B |
Cisco Nexus 9300 fan 2, port side exhaust (blue) Note: For use with the Cisco Nexus 93128 switch (N9K-C93128TX). |
3 |
NXA-FAN-30CFM-F |
Cisco Nexus 9300 fan, port-side exhaust Note: For use with the Cisco Nexus 9332PQ, 9372PX, and 9372TX switches (N9K-C9332PQ, N9K-C9372PX, and N9K-9372TX). |
4 |
NXA-FAN-30CFM-B |
Cisco Nexus 9300 fan, port-side intake Note: For use with the Cisco Nexus 9332PQ, 9372PX, and 9372TX switches (N9K-C9332PQ, N9K-C9372PX, and N9K-9372TX). |
4 |
N9K-M12PQ |
Cisco Nexus GEM 9300 uplink module, 12-port, 40-Gigabit Ethernet QSPF Note: The front-panel ports on these GEM modules do not support auto negotiation with copper cables. Manually configure the speed on the peer switch. |
1 (required) |
N9K-C9272Q |
Cisco Nexus 9200 2 rack unit switch with 72 40-Gigabit QSFP+ ports. Up to 35 of the ports (ports 37-71) also support breakout cables providing up to 140 10-Gigabit ports. |
1 |
N9K-C92160YC-X |
Cisco Nexus 9200 1 rack unit switch with 48 10-/25-Gigabit SFP+ downlink ports and 6 QSFP+ uplink ports with 4 of the uplink ports capable of supporting QSFP28 transceivers (100-Gigabits). |
1 |
N9K-M6PQ |
Cisco Nexus GEM 6-port 40-Gigabit Ethernet uplink module for the Cisco Nexus 9396PX, 9396TX, and 93128TX switches Note: The front-panel ports on these GEM modules do not support auto negotiation with copper cables. Manually configure the speed on the peer switch. |
1 |
N9K-M6PQ-E |
An enhanced version of the N9K-M6PQ. |
|
N9K-M4PC-CFP2 |
Cisco Nexus 9300 uplink module for the 93128TX (2 active ports), 9396PX (4 active ports), and 9396TX (4 active ports) Top-of-rack switches |
1 |
Table 4 lists the Cisco Nexus 3164Q switch hardware that Cisco NX-OS Release 7.0(3)I3(1) supports.
Table 4. Cisco Nexus 3164Q Switch Hardware
Product ID |
Hardware |
Quantity |
N3K-C3164Q-40GE |
Cisco Nexus 3164Q switch |
1 |
N9K-C9300-FAN3 |
Cisco Nexus 3164Q fan module |
3 |
N9K-PAC-1200W |
Cisco Nexus 3164Q 1200W AC power supply |
2 |
For additional information about the supported hardware, see the Cisco Nexus 3000 Series Hardware Installation Guide.
Table 5 lists the Cisco Nexus 31128PQ switch hardware that Cisco NX-OS Release 7.0(3)I3(1) supports.
Table 5 Cisco Nexus 31128PQ Switch Hardware
Product ID |
Hardware |
Quantity |
N3K-C31128PQ-10GE |
Nexus 31128PQ, 96 SFP+ ports, 8 QSFP+ ports, 2RU switch |
1 |
Table 6 lists the 3232C switch hardware that Cisco NX-OS Release 7.0(3)I3(1) supports.
Table 6 Cisco Nexus 3232C and 3264Q Switch Hardware
Product ID |
Hardware |
Quantity |
N3K-C3232C |
Cisco Nexus 3232C, 32 x 40G/100G 2 x 10G SFP+, 1-RU switch |
1 |
N3K-C3264Q |
Cisco Nexus 3264Q, 64 x 40G 2 x 10G SFP+, 2-RU switch |
1 |
See the Cisco 10-Gigabit Ethernet Transceiver Modules Compatibility Matrix for a list of supported optical components.
Cisco NX-OS Release 7.0(3)I3(1) supports the following FEXes (Fabric extenders) on Cisco Nexus 9332PQ, 9372PX, 9372PX-E, 9396PX and 9500 Series Switches:
■ Cisco Nexus 2224TP
■ Cisco Nexus 2232PP
■ Cisco Nexus 2232TM and 2232TM-E
■ Cisco Nexus 2248PQ
■ Cisco Nexus 2248TP and 2248TP-E
■ Cisco Nexus 2348TQ
■ Cisco Nexus 2348UPQ
■ Cisco Nexus B22Dell
■ Cisco Nexus B22HP
■ Cisco Nexus NB22FTS
■ Cisco Nexus NB22IBM
Note: Please note the following:
■ The 9408 line card is not supported with the 2300 FEX.
■ Cisco Nexus 9300 Series switches do not support FEX on uplink modules (ALE).
■ For FEX HIF port channels, Cisco recommends that you enable STP port type edge using the spanning tree port type edge [trunk] command.
■ The Cisco 2248PQ, 2348TQ, and 2348UPQ FEXes support connections to the Nexus 9300 or 9500 switches by using supported breakout cables to connect a QSFP+ uplink on the FEX and an SFP+ link on the parent switch (4x10G links).
Note: For Cisco Nexus 9500 switches, 4x10G breakout for FEX connectivity is not supported. Native 10G or 40G should be used.
This section lists the following topics:
■ New Hardware Features in Cisco NX-OS Release 7.0(3)I3(1)
■ New Software Features in Cisco NX-OS Release 7.0(3)I3(1)
Cisco NX-OS Release 7.0(3)I3(1) supports the following new hardware:
■ N3K-C3232C – 32 x 40G/100G 2 x 10G SFP+, 1-RU switch
■ N3K-C3264Q – Cisco Nexus 3264Q, 64 x 40G 2 x 10G SFP+, 2-RU switch
■ N9K-C92160YC-X – A 1 rack unit switch with 48 10-/25-Gigabit SFP+ downlink ports and 6 QSFP+ uplink ports with 4 of the uplink ports capable of supporting QSFP28 transceivers (100-Gigabits).
■ N9K-C9272Q – A 2 rack unit switch with 72 40-Gigabit QSFP+ ports. Up to 35 of the ports (ports 37-71) also support breakout cables providing up to 140 10-Gigabit ports.
■ N9K-C9372TX-E – An enhanced Cisco Nexus 9300 48-port, 1/10-Gigabit Ethernet BASE-T and 6-port, 40-Gigabit Ethernet QSFP switch Enhanced 9372TX.
■ N9K-PDC-3000W-B – A 3000 W DC power supply for the Cisco Nexus 9504, 9508, 9516 modular switches.
■ N9K-PUV-3000W-B–A Cisco Nexus 9500 3-kW Universal AC/DC power supply.
■ N9K-X9432C-S – A 32-port 100-Gigabit QSFP28 I/O module. This module is supported only on chassis with four generation 2 fabric modules (N9K-C9508-FM-S) installed (currently that is only on the Cisco Nexus 9508 chassis).
Note: The following is not supported:
¯ Resilient hashing
¯ Having both T2 and TH LCs on the chassis
¯ FEX
■ N9K-C9508-FM-S – A generation 2 fabric module that is required for the 100-Gigabit (-S) I/O modules. When used, there must be 4 of these fabric modules installed in fabric slots 22, 23, 24, and 26. Currently, this fabric module is supported on only the Cisco Nexus 9508 modular chassis.
Note: The following is not supported:
¯ Resilient hashing
¯ Having both T2 and TH FMs on the chassis
■ N9K- X9464TX2 – Cisco Nexus 9400 Series 48-port, 1-/10-Gbps BASE-T plus 4-port QSFP I/O module.
Cisco NX-OS Release 7.0(3)I3(1) supports the following new software features:
Cisco Nexus 3232C and 3264Q Features
■ Delayed Link Aggregation Control Protocol (LACP).
■ DHCP client – Added support on the Cisco Nexus 3232C and 3264Q switches.
■ DHCP snooping – Added support on the Cisco Nexus 3232C and 3264Q switches.
■ Dynamic ARP Inspection (DAI) – Added support on the Cisco Nexus 3232C and 3264Q switches.
■ Dynamic breakout support – Beginning with Cisco NX-OS Release 7.0(3)I3(1), the 3264Q switch supports breakout with the 10G-2x interface.
■ LLDP
■ Micro-burst detection
■ IP source guard (IPSG) – Added support on the Cisco Nexus 3232C and 3264Q switches.
■ Precision Time Protocol (PTP) - Added support on the Cisco Nexus 3232C and 3264Q switches.
■ Private VLANs (PVLANs).
■ Q-in-Q VLAN tunnels.
■ Switchport blocking..
Cisco Nexus 9000 FCoE Features
■ Support for FCoE NPV – Fiber Channel over Ethernet (FCoE) N-port Virtulization (NPV) is an enhanced form of FCoE Initialization Protocol (FIP) snooping that provides a secure method to connect FCoE-capable hosts to an FCoE-capable FCoE forwarder (FCF) device.
Note: FCoE is not supported on Nexus 9200 Series switches.
■ FCoE NPV support for DCBX – FCoE NPV supports the Data Center Bridging Exchange Protocol (DCBX).
■ FCoE NPV is supported on Cisco Nexus 9300 Series devices and Cisco Nexus 9500 Series devices.
¯ Nexus 9332PQ switch
¯ Nexus 9372PX switch
¯ Nexus 9372PX-E switch
¯ Nexus C9396PX switch
¯ Nexus C9504 and Nexus C9508 switches with the following line cards:
X9432PQ
X9464PX
X9536PQ
X9564PX
X9636PQ
For more information, see the Cisco Nexus 9000 Series NX-OS FCoE Configuration Guide.
Cisco Nexus 9000 Interfaces Features
■ IP Unnumbered feature – The IP unnumbered feature enables the processing of IP packets on a point to point (p2p) interface without explicitly configuring a unique IP address on it. This approach borrows an IP address from another interface and conserves address space on point to point links.
¯ An admin-shutdown command on a loopback interface that is a numbered interface does not bring down the IP unnumbered interface. This means that the routing protocols running over the IP unnumbered interface continue to be up. (7.0(3)I3(1) and later)
¯ Static routes running over the IP unnumbered interface should use pinned static routes. (7.0(3)I3(1) and later)
Note The IP unnumbered interface through which the route is resolved needs to be specified.
¯ An IP unnumbered interface is supported only on physical and sub-interfaces. (7.0(3)I3(1) and later)
¯ Only loopback interfaces can use unnumbered interfaces as numbered interfaces. (7.0(3)I3(1) and later)
¯ OSPF over an IP unnumbered interface is supported. (7.0(3)I3(1) and later)
¯ ISIS over an IP unnumbered interface is supported. (7.0(3)I3(1) and later)
¯ BGP over a loopback interface is supported by IP unnumbered interfaces. (7.0(3)I3(1) and later)
¯ The default and non-default VRF is supported by IP unnumbered interfaces. (7.0(3)I3(1) and later)
¯ When an IP unnumbered interface is configured, a loopback interface should be in the same VRF as the IP unnumbered interface.
■ Breakout interface support on specific switches – Breakout interfaces are supported on:
¯ Cisco Nexus C92160YC switch provides 2 * 100G ports for breakout mode (ports 50 and 52). Ports 50 and 52 can be dynamically broken out in 2x100G and 4x100G mode.
¯ Cisco Nexus C9272Q switch provides 35 40G ports for breakout mode (ports 37-71).
■ Breakout interface support for FEX connectivity:
¯ Cisco Nexus C9332PQ switch provides 24 40G ports for breakout mode and supports connection to four 10G NIF ports on a FEX.
For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.
Cisco Nexus 9000 QoS Features
■ Micro-burst monitoring feature – The micro-burst monitoring feature allows you to monitor traffic to detect unexpected data bursts within a very small time window (microseconds). This allows you to detect traffic in the network that is at risk for data loss and for network congestion.
■ DCBX is supported on specific switches – DCBX protocol is supported on Cisco Nexus 9300 Series devices and Cisco Nexus 9500 Series devices.
¯ Nexus 9332PQ switch
¯ Nexus 9372PX switch
¯ Nexus 9372PX-E switch
¯ Nexus C9396PX switch
¯ Nexus 9500 Series switches with the following line cards:
X9432PQ
X9464PX
X9464TX
X9536PQ
X9564PX
X9564TX
X9636PQ
■ TCAM carving template support – Support to create and apply custom templates to configure ACL TCAM region sizes.
For more information, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide.
Intelligent Traffic Director (ITD) Features
■ Include ACL – Assigns an ACL to an ITD service. For each access control entry (ACE) with the permit method in the ACL, this feature filters the unwanted traffic and generates IP access lists and a route map to load-balance the permitted traffic. Load balancing is supported using either the source or destination IP address.
■ Nondisruptive addition or deletion of nodes in an ITD device group - Enables you to add or delete nodes in a device group without shutting down the ITD service. Doing so prevents traffic disruption, which can occur when you shut down the ITD service.
■ Peer synchronization – Adds the ability to synchronize the node health status across two ITD peer services in sandwich mode. It is useful in preventing traffic loss if a link on one of the ITD peer services goes down.
■ Support for the TCP, UDP, or DNS protocol as the probe for an ITD service.
■ Support for multiple device groups in an ITD service.
■ ITD support for 40G ports.
For more information, see the Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide.
Label Switching Features
■ Segment routing – Adds the ability to encode the path followed by a packet in the packet itself. A node steers a packet through a controlled set of instructions, called segments, by prepending the packet with a segment routing header. In order to support segment routing, BGP requires the ability to advertise a segment identifier (SID) for a BGP prefix. Prefix segments steer packets along the shortest path to the destination, using all available equal-cost multi-path (ECMP) paths.
■ Static MPLS - Replaces the mpls ip static command with the mpls ip forwarding command to enable MPLS on an interface.
For more information, see the Cisco Nexus 9000 Series NX-OS Label Switching Configuration Guide.
Programmability Features
Guest Shell 2.1 is required for Cisco NX-OS Release 7.0(3)I3(1).
Security Features
■ CoPP enhancements:
¯ Static CoPP ACLs are being introduced only for Cisco Nexus 9200 Series switches. Dynamic CoPP ACLs work only for Forwarding Information Base (FIB)-based supervisor redirected packets, and static CoPP ACLs work for ACL-based supervisor redirected packets. Dynamic CoPP ACLs are supported for myIP and link-local multicast traffic, and static CoPP ACLs are supported for all other types of traffic. Static CoPP ACLs take priority over dynamic CoPP ACLs, regardless of their position in the CoPP policy and the order in which they are configured.
¯ The policer rate for Cisco Nexus 9200 Series switches is configured in bits per second (rather than in packets per second as required for all other Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q, 31128PQ, 3232C, and 3264Q switches).
■ TCAM templates – Adds the ability to create and apply custom templates to configure ACL TCAM region sizes. You can use a template or the hardware access-list tcam region command to configure ACL TCAM regions sizes for the Cisco Nexus 3164Q, 31128PQ, 3232C, and 3264Q switches and all of the Cisco Nexus 9200, 9300, and 9500 Series switches, except for NFE2-enabled devices (such as the X9432C-S 100G line card and the C9508-FM-S fabric module), which require that a template be used.
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
Software Upgrade and Downgrade Features
■ ISSU (In-Service Software Upgrade) - Enables you to upgrade the device software while the switch continues to forward traffic. An ISSU, also known as a nondisruptive upgrade, reduces or eliminates the downtime typically caused by software upgrades. ISSUs are supported only on the following devices:
¯ Cisco Nexus 3164Q and 31128PQ switches.
¯ Cisco Nexus 9332PQ, 9372PX, 9372PX-E, 9372TX, 9372TX-E, 9396PX, 9396TX, 93120TX, and 93128TX switches.
¯ Cisco Nexus 9504, 9508, and 9516 switches with X9432PQ, X9464PX, X9464TX, X9536PQ, X9564PX, X9564TX, or X9636PQ line cards, dual supervisor modules, and a minimum of two system controllers and two fabric modules.
Note:
■ Some timers, such as UDLD and BFD, will be set to an extended value to enable ISSU to go through.
■ FEX, NAT, Segment Routing, and VXLAN are not supported on ISSU.
For more information, see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide and the Cisco Nexus 9000 Series High Availability and Redundancy Guide.
System Management Features
■ LLDP – Adds support for the Data Center Bridging Exchange Protocol (DCBXP), which is used to announce, exchange, and negotiate node parameters between peers. DCBXP parameters are packaged into a DCBXP TLV, which is designed to provide an acknowledgment to the received LLDP packet. DCBXP for LLDP is supported only for the Cisco Nexus 9332PQ, 9372PX, 9372PX-E, and 9396PX switches and the Cisco Nexus 9504 and 9508 switches with X9432PQ, X9464PX, X9536PQ, X9564PX, and X9636PQ line cards.
■ Origin ID for syslog messages - Appends the hostname, an IP address, or a text string to syslog messages that are sent to remote syslog servers.
For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.
Unicast Routing Features
■ OSPFv2 authentication – Adds support for RFC 5709 and hash-based message authentication code secure hash algorithm (HMAC-SHA) cryptographic authentication, which offer more security than MD5.
■ OSPFv3 authentication – Adds support for IPSec authentication and partial support for RFC 4552. You can configure IPSec authentication for an OSPFv3 process, area, or interface.
For more information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.
VXLAN Features
■ VXLAN EVPN is now supported on the following Cisco Nexus switches:
¯ 92160YC-X
¯ 9272Q
¯ 92304QC
■ VXLAN Flood and Learning is now supported on the following Cisco Nexus switches:
¯ 92160YC-X
¯ 9272Q
¯ 92304QC
This section includes the following topics:
■ Resolved Caveats—Cisco NX-OS Release 7.0(3)I3(1)
■ Open Caveats—Cisco NX-OS Release 7.0(3)I3(1)
Table 7 lists the Resolved Caveats in Cisco NX-OS Release 7.0(3)I3(1). Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 7 Resolved Caveats in Cisco NX-OS Release 7.0(3)I3(1)
Record Number |
Description |
Ports on the FEX flap when one port is connected, flapped or speed is changed. |
|
Nexus 9300 switches may not learn MAC addresses on FEX HIF ports. |
|
The Dynamic Twice NAT CLIs are not removable after upgrading the switch to 7.0(3)I2(1). Also, the Dynamic Twice NAT outside entry is not programmed in the hardware. |
|
storm-control multicast is incorrectly dropping known multicast packets exceeding the configured level. Only unknown multicast packets exceeding this configured level should be dropped. |
|
POAP on 9312x switches fail with below syslog message: POAP-2-POAP_FAILURE: POAP Powerup Phase timedout |
|
aclqos crashed repeatedly and might trigger shut down of the line card N9K-X9408PC-CFP2. |
|
Some VLANs are suspended on vPC leg despite remote leg having the VLANs allowed. |
|
ALE ports should not show "FEX Fabric: yes" in show interface ethx/y capabilities output. This functionality is not supported and cannot be configured. |
|
Duplicate ping6 reply is seen when pinging vPC vtep's loopback in VRF. |
|
In rfc5952- 4.2.2. Handling One 16-Bit 0 Field The symbol "::" MUST NOT be used to shorten just one 16-bit 0 field. For example, the representation 2001:db8:0:1:1:1:1:1 is correct, but 2001:db8::1:1:1:1:1 is not correct. |
|
Cisco Nexus 9000 switch stops responding to ARP requests or packets sourced from the Cisco Nexus 9000 switch do not make it to the CPU destined for a MAC address that has been associated with multiple IP addresses. The issue can be seen hosts enabled for DHCP. The issue can be seen more frequently if DHCP lease expiry timer is very aggressive. |
|
Username with multiple numeric characters fails TACACS authentication. |
|
Cisco-Finisar optics are not recognized after upgrade |
|
The copy run start command fails due to the /var/sysmgr folder being 100%. The /var/sysmgr/ folder was full due to uncollect debug files. If the system fails to zip the core file, it should delete the uncollect file to avoid this issue. |
Table 8 lists the open caveats in the Cisco NX-OS Release 7.0(3)I3(1) release. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 8 Open Caveats in Cisco NX-OS Release 7.0(3)I3(1)
Bug ID |
Description |
HSRP packet decoding fails with an assertion error. |
|
All VLANs are suspended if one has a QoS policy, but the TCAM is not configured. |
|
Microsoft NLB traffic being routed into the destination VLAN is experiencing packet loss. |
|
The show policy-map type queuing command does not show statistics for FEX HIF interfaces. |
|
When QoS Lite TCAM is configured, policer violated statistics shown as part of the show policy-map interface command is reported as 0 instead of NA (Not-Applicable). |
|
When copying the tunnel configuration file to running, the tunnel may flap before stabilizing. |
|
Policer action is not supported when a QoS policy of type “qos” is applied with the no-stats keyword. |
|
Even though there are no QoS classification policies currently active on any of the FEX HIF interfaces, the show incompatibility command still reports FEX QoS incompatibility during downgrade from 3.2 to earlier versions of software. |
|
Traffic cannot be routed using policy-based routing if the next-hop reachability is across the vPC peer link and the local vPC leg is down. |
|
ERPSAN sessions with a destination on the port-channel sub-interface are not supported. |
|
When a remote end of a vPC port channel member is shut down, the local end takes ~10 seconds to shut down. This only occurs when the port channel is 'active' (i.e., has LACP enabled). |
|
Vntag-mgr times out after changing VLANS for a range of 20 vPC port-channels. |
|
When a user reloads the active supervisor, the standby supervisor also reloads. During the reload process, the Service Policy Manager (SPM) cannot send data to the standby supervisor. A syslog is observed, notifying the active supervisor that the SPM has not successfully updated its data base to the standby supervisor. The active supervisor reloads the standby supervisor again, and the standby supervisor eventually reaches a good standby state. |
|
ERSPAN packets are dropped on the intermediate switches if more than one ERSPAN session resolves over 40 Gig uplinks on a ToR. |
|
An ITD policy is shown in no shut state. However, no policy is actually applied to the ingress policy if an invalid ACL is used for "exclude." |
|
When access-list is configured for ITD service, this error is received: "ACL cannot apply when more than one node is active.” |
|
Using a port channel range command for pv mapping causes VLAN membership to not get programmed for all the member ports. |
|
Packets are accepted on HIFPC members in suspended state. |
|
For single label mpls/stripped tap-agg packets, when the mpls strip dest-mac xxxx.xxxx.xxxx CLI is configured, dmac is not re-written on the modular (EOR) setup. The same will work on ToRs. |
|
A generic error occurs in response to many CLIs when volatile gets full. |
|
FET-40G transceivers show unreliable connectivity on Tomahawk-based systems. |
|
When policy-map is copied through qos copy policy-map, the newly created policy-map cannot be modified or deleted. |
|
Routed ACLs will not match for packets with Multicast Ethernet MAC addresses as the destination. |
|
Enabling more features/scale config cause ISSU fail/time out |
|
Not able to move FEX PO to base port. |
|
Multicast Bidir Protocol: If the SVI is designated as a router on the switch, and also happens to be a non-designated forwarder to the RP and for the traffic coming onto this SVI, bridged multicast traffic is not forwarded to the receivers on the SVI. |
|
Install may fail with following message on Nexus 9500 switches if previous install attempts were terminated. sys03-eor1(config)# install all nxos bootflash:nxos.7.0.3.I2.2a.bin parallel Installer will perform compatibility check first. Please wait. Installer is forced disruptive Pre-upgrade check failed. Return code 0x40930062 (free space in the filesystem is below threshold). sys03-eor1(config)# sys03-eor1(config)# |
|
NAT CLI Command clear ip nat translation all takes more than 5 minutes in scale setup where number of nat translations are at the maximum limit 1023. |
|
RIPng neighborship will not come-up between peers when configured above Ipv4 tunnel. |
|
DV: Ethpm changes to handle conversion from 4c to 2c mode. |
|
7.0(3)I3(1) release is backwards compatible with EPLD versions of the previous NxOS releases. However, 7.0(3)I3(1) establishes base versions of Bios and EPLD images for non-disruptive upgrade to work. In 7.0(3)I3(1), when customer tries non-disruptive upgrade, the baseline EPLD version check is not enforced and the non-disruptive upgrades is allowed to proceed. This may result in customer experiencing issues with non-disruptive upgrades with symptoms like link down or traffic failures. |
|
In a setup with VTEP over vPC (budnode), remote VTEPs receive duplicate copies for BUM traffic. |
To perform a software upgrade or downgrade, follow the instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x.
For information about an In Service Software Upgrade (ISSU), see the Cisco NX-OS ISSU Support application.
Note: Upgrading from Cisco NX-OS 7.0(3)I1(2), 7.0(3)I1(3), or 7.0(3)I1(3a) requires installing a patch for Cisco Nexus 9500 platform switches only. For more information on the upgrade patch, see Upgrade Patch Instructions.
This section lists limitations related to Cisco NX-OS Release 7.0(3)I3(1).
■ Generation 1 100G line cards (N9K-X9408PC-CFP2) and generic expansion modules (N9K-M4PC-CFP2) only support 40G flows.
■ N9K-X9408PC-CFP2 line cards do not support port channeling.
■ CoPP (Control Plane Policing) cannot be disabled. If you attempt to disable it in Cisco NX-OS Release 7.0(3)I3(1), an error message appears. In previous releases, attempting to disable CoPP causes packets to be rate limited at 50 packets per seconds.
■ Skip CoPP policy option has been removed from the Cisco NX-OS initial setup utility because using it can impact the control plane of the network.
■ hardware profile front portmode command is not supported on the Cisco Nexus 9000 Series switches.
■ PV (Port VLAN) configuration through an interface range is not supported.
■ Layer 3 routed traffic for missing Layer 2 adjacency information is not flooded back onto VLAN members of ingress units when the source MAC address of routed traffic is a non-VDC (Virtual Device Context) MAC address. This limitation is for hardware flood traffic and can occur when the SVI (Switched Virtual Interface) has a user-configured MAC address.
■ neighbor-down fib-accelerate command is supported in a BGP (Border Gateway Protocol)-only environment.
■ Uplink modules should not be removed from a Cisco Nexus 9300 Series switch that is running Cisco NX-OS Release 7.0(3)I3(1). The ports on uplink modules should be used only for uplinks.
■ PortLoopback and BootupPortLoopback tests are not supported.
■ PFC (Priority Flow Control) and LLFC (Link-Level Flow Control) are supported for all Cisco Nexus 9300 and 9500 Series hardware except for the 100G 9408PC line card and the 100G M4PC generic expansion module (GEM).
■ FEXes configured with 100/full-duplex speed, without explicitly configuring the neighboring device with 100/full-duplex speed, will not pass data packet traffic properly. This occurs with or without the link appearing to be “up.”
¯ no speed–Auto negotiates and advertises all speeds (only full duplex).
¯ speed 100–Does not auto negotiate; pause cannot be advertised. The peer must be set to not auto negotiate (only 100 Mbps full duplex is supported).
¯ speed 1000–Auto negotiates and advertises pause (advertises only for 1000 Mbps full duplex).
■ Eight QoS groups are supported only on modular platforms with the Cisco Nexus 9300 N9K-M4PC-CFP2 uplink module, and the following Cisco Nexus 9500 Series line cards:
¯ N9K-X9432PQ
¯ N9K-X9464PX
¯ N9K-X9464TX
¯ N9K-X9636PQ
■ Cisco NX-OS Release 7.0(3)I3(1) supports flooding for Microsoft Network Load Balancing (NLB) unicast mode on Cisco Nexus 9500 Series switches but not on Cisco Nexus 9300 Series switches. NLB is not supported in max-host system routing mode. NLB multicast mode is not supported on Cisco Nexus 9500 or 9300 Series switches.
Note: To work around the situation of Unicast NLB limitation, Cisco can statically hard code the address resolution protocol (ARP) and MAC address pointing to the correct interface. Please refer to bug ID CSCuq03168 in detail in the Open Caveats section.
■ TCAM resources are not shared when:
¯ Applying VACL (VLAN ACL) to multiple VLANs
¯ Routed ACL (Access Control List) is applied to multiple SVIs in the egress direction
■ Cisco Nexus 9000 Series switch hardware does not support range checks (layer 4 operators) in egress TCAM. Because of this, ACL/QoS policies with layer 4 operations-based classification need to be expanded to multiple entries in the egress TCAM. Egress TCAM space planning should take this limitation into account.
■ Applying the same QoS policy and ACL on multiple interfaces requires applying the qos-policy with the no-stats option to share the label.
■ Multiple port VLAN mappings configured on an interface during a rollback operation causes the rollback feature to fail.
■ The following switches support QSFP+ with the QSA (QSFP to SFP/SFP+ Adapter) (40G to 10G QSA):
¯ N9K-C93120TX
¯ N9K-C93128TX
¯ N9K-C9332PQ
¯ N9K-C9372PX
¯ N9K-C9372PX-E
¯ N9K-C9372TX
¯ N9K-C9396PX
¯ N9K-C9396TX
Note: The Cisco Nexus 9300 support for the QSFP+ breakout has the following limitations:
■ Only 10G can be supported using QSA on 40G uplink ports on Cisco Nexus 9300 switches in NX-OS.
■ 1G with QSA is not supported.
■ For the Cisco Nexus 9332PQ switch, all ports except 13-14 and 27-32 can support breakout
■ All ports in the QSA speed group must operate at the same speed (see the configuration guide)
■ The following switches support the breakout cable (40G ports to 4x10G ports):
¯ N9K-C9332PQ
¯ N9K-X9436PQ
¯ N9K-X9536PQ
■ Weighted ECMP (Equal-Cost Multi-Path) Nexus 3000 feature is not supported on the Cisco Nexus 9000 Series switch.
■ Limitations for ALE (Application Link Engine) uplink ports are listed at the following URL:
This section provides guidelines and limitations for configuring private VLANs.
■ Secondary and Primary VLAN Configuration
■ Private VLAN Port Configuration
■ Limitations with Other Features
Private VLANs have the following configuration guidelines and limitations:
■ Private VLANs must be enabled before the device can apply the private VLAN functionality.
■ VLAN interface feature must be enabled before the device can apply this functionality.
■ VLAN network interfaces for all VLANs that you plan to configure as secondary VLANs should be shut down before being configured.
■ When a static MAC is created on a regular VLAN, and then that VLAN is converted to a secondary VLAN, the Cisco NX-OS maintains the MAC that was configured on the secondary VLAN as the static MAC.
■ Private VLANs support port modes as follows:
¯ Community host
¯ Isolated host
¯ Isolated host trunk
¯ Promiscuous
¯ Promiscuous trunk
■ When configuring PVLAN promiscuous or PVLAN isolated trunks, it is recommended to allow non-private VLANs in the list specified by the switchport private-vlan trunk allowed id command.
■ Private VLANs are mapped or associated depending on the PVLAN trunk mode.
■ Private VLANs support the following:
¯ Layer 2 forwarding
¯ PACLs (Port Access Control Lists)
¯ Promiscuous trunk
¯ PVLAN across switches through a regular trunk port
¯ RACLs (Router Access Control Lists)
■ Private VLANs support SVIs as follows:
¯ HSRP (Hot Standby Router Protocol) on the primary SVI
¯ Primary and secondary IPs on the SVI
¯ SVI allowed only on primary VLANs
■ Private VLANs support STP as follows:
¯ MST (Multiple Spanning Tree)
¯ RSTP (Rapid Spanning Tree Protocol)
■ Private VLANs port mode is not supported on the following:
¯ 40G interfaces of the Cisco Nexus C9396PX or Cisco Nexus C93128TX
¯ Cisco Nexus 3164Q
■ Private VLANs do not provide port mode support for the following:
¯ Port channels
¯ vPCs (Virtual Port Channels) interfaces
■ Private VLANs do not provide support on breakout.
■ Private VLANs do not provide support for the following:
¯ DHCP (Dynamic Host Channel Protocol) snooping
¯ IP multicast or IGMP snooping
¯ PVLAN QoS
¯ SPAN (Switch Port Analyzer) when the source is a PVLAN VLAN
¯ Tunnels
¯ VACLs
¯ VTP (VLAN Trunk Protocol)
¯ VXLANs
■ Shared interfaces cannot be configured to be part of a private VLAN. For more details, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.
■ Configuring multiple isolated VLAN configurations per PVLAN group is allowed by the Cisco NX-OS CLI. However, such a configuration is not supported. A PVLAN group can have at most one isolated VLAN.
Follow these guidelines when configuring secondary or primary VLANs in private VLANs:
■ Default VLANs (VLAN1), or any of the internally allocated VLANs, cannot be configured as primary or secondary VLANs.
■ VLAN configuration (config-vlan) mode must be used to configure private VLANs.
■ Primary VLANs can have multiple isolated and community VLANs associated with it. An isolated or community VLAN can be associated with only one primary VLAN.
■ Private VLANs provide host isolation at Layer 2. However, hosts can communicate with each other at Layer 3.
■ PVLAN groups can have one isolated VLAN at most. Multiple isolated VLAN configurations per primary VLAN configurations are not supported.
■ When a secondary VLAN is associated with the primary VLAN, the STP parameters of the primary VLAN, such as bridge priorities, are propagated to the secondary VLAN. However, STP parameters do not necessarily propagate to other devices. You should manually check the STP configuration to ensure that the spanning tree topologies for the primary, isolated, and community VLANs match exactly so that the VLANs can properly share the same forwarding database.
■ For normal trunk ports, note the following:
¯ Separate instances of STP exist for each VLAN in the private VLAN.
¯ STP parameters for the primary and all secondary VLANs must match.
¯ Primary and all associated secondary VLANs should be in the same MST instance.
■ For non-trunking ports, STP is aware only of the primary VLAN for any private VLAN host port; STP runs only on the primary VLAN for all private VLAN ports.
Note: Cisco recommends that you enable BPDU Guard on all ports that you configure as a host port; do not enable this feature on promiscuous ports.
■ Private VLAN promiscuous trunk ports allow you to configure a maximum of 16 private VLAN primary and secondary VLAN pairs on each promiscuous trunk port.
■ For private VLAN isolated trunk ports, note the following:
¯ You can configure a maximum of 16 private VLAN primary and secondary VLAN pairs on each isolated trunk port.
¯ The native VLAN must be either a normal VLAN or a private VLAN secondary VLAN. You cannot configure a private VLAN primary port as the native VLAN for a private VLAN isolated trunk port.
■ Downgrading a system that has private VLAN ports configured requires unconfiguring the ports.
■ Before configuring a VLAN as a secondary VLAN, you must shut down the VLAN network interface for the secondary VLAN.
Follow these guidelines when configuring private VLAN ports:
■ Deleting a VLAN used in the private VLAN configuration causes private VLAN ports (promiscuous ports or host ports, not trunk ports) that are associated with the VLAN to become inactive.
■ Layer 2 access ports that are assigned to the VLANs that you configure as primary, isolated, or community VLANs are inactive while the VLAN is part of the private VLAN configuration. Layer 2 trunk interfaces, which may carry private VLANs, are active and remain part of the STP database.
■ Use only the private VLAN configuration commands to assign ports to primary, isolated, or community VLANs.
Consider these configuration limitations with other features when configuring private VLANs:
Note: In some cases, the configuration is accepted with no error messages, but the commands have no effect.
■ After configuring the association between the primary and secondary VLANs and deleting the association, all static MAC addresses that were created on the primary VLANs remain on the primary VLAN only.
■ After configuring the association between the primary and secondary VLANs:
¯ Static MAC addresses for the secondary VLANs cannot be created.
¯ Dynamic MAC addresses that learned the secondary VLANs are aged out.
■ Destination SPAN ports cannot be isolated ports. However, a source SPAN port can be an isolated port.
■ Ensure consistent PVLAN type, states and configuration across vPC peers. There is currently no PVLAN consistency check for vPC. Inconsistent PVLAN configs across vPV peers may end up in incorrect forwarding and impacts.
■ In private VLANs, STP controls only the primary VLAN.
■ Private VLAN host or promiscuous ports cannot be SPAN destination ports.
■ Private VLAN ports can be configured as SPAN source ports.
■ vPC pairing between T2 and TH platforms is not recommended.
Note: See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide for information on configuring static MAC addresses.
This section lists features that are not supported in the current release.
■ VXLAN
■ DHCP
■ FEX
■ Cisco Nexus 3232C and 3264Q Switches
■ Cisco Nexus 9200 Series switches
■ Cisco Nexus 9408 Line Card and 9300 Series Leaf Switches
This section lists VXLAN features that are not supported.
■ ACL and QoS for VXLAN traffic in the network-to-access direction is not supported.
■ Consistency checkers are not supported for VXLAN tables.
■ DHCP snooping and DAI features are not supported on VXLAN VLANs.
■ IGMP snooping is not supported on VXLAN VLANs.
■ Native VLANs for VXLAN are not supported. All traffic on VXLAN Layer 2 trunks needs to be tagged.
■ QoS buffer-boost is not applicable for VXLAN traffic.
■ QoS classification is not supported for VXLAN traffic in the network-to-access direction.
■ Static MAC pointing to remote VTEP (VXLAN Tunnel End Point) is not supported with BGP EVPN (Ethernet VPN).
■ TX SPAN (Switched Port Analyzer) for VXLAN traffic is not supported for the access-to-network direction.
■ VXLAN routing and VXLAN Bud Nodes features on the 3164Q platform are not supported.
The following ACL related features are not supported:
■ Ingress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the network-to-access direction (decapsulated path)
■ Egress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the access-to-network direction (encapsulated path)
■ Egress VACL for decapsulated VXLAN traffic
Note: Cisco recommends that you use a PACL or VACL on the access side to filter out traffic entering the overlay network.
DHCP subnet broadcast is not supported.
■ VTEP connected to FEX host interface ports is not supported.
■ ASCII replay with FEX needs be done twice for HIF configurations to be applied. The second time should be done after the FEXs have come up.
■ Cisco Nexus 9300 Series switches do not support FEX on uplink modules (ALE).
■ FEX is supported only on the Cisco Nexus 9332PQ, 9372PX, 9372PX-E and 9396PX and 9500 switches. It is not supported on the other Cisco Nexus 9300 Series.
■ FEX vPC is not supported between any model of FEX and the Nexus 9300 (TOR) and 9500 Switches (EOR) as the parent switches.
■ IPSG (IP Source Guard) is not supported on FEX ports.
The following features are not supported for the Cisco Nexus 3232C and 3264Q switches:
■ 3264PX and 3232C platforms do not support the PXE boot of the NXOS image from the loader.
■ Automatic negotiation support for 25G and 50G ports on the Cisco Nexus 3232C switch
■ Cisco Nexus 2000 Series Fabric Extenders (FEX)
■ Cisco NX-OS to ACI conversion (The Cisco Nexus 3232C and 3264Q switches operate only in Cisco NX-OS mode.)
■ DCBXP
■ Designated router delay
■ DHCP subnet broadcast is not supported
■ Due to a Poodle vulnerability, SSLv3 is no longer supported
■ FCoE NPV
■ Intelligent Traffic Director (ITD)
■ ISSU
■ Policy-based routing (PBR)
■ Port loopback tests
■ Resilient hashing
■ Virtual port channel (vPC) peering between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 9300 Series switches or between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 3100 Series switches
■ VXLAN
The following features are not supported for the Cisco Nexus 9200 Series switches:
■ 64-bit ALPM routing mode
■ 9272PQ and 92160YC platforms do not support the PXE boot of the NXOS image from the loader.
■ ACL filters to span subinterface traffic on the parent interface
■ Cisco Nexus 2000 Series Fabric Extenders
■ DCBXP for LLDP
■ Egress port ACLs
■ Egress QoS policer or marking
■ FCoE NPV
■ GRE v4 payload over v6 tunnels
■ Intelligent Traffic Director
■ IP length-based matches
■ IPinIP on 92160
■ ISSU
■ Layer 2 Q-in-Q, due to a hardware limitation
■ Micro-burst detection
■ MTU (Multi Transmission Unit) checks for packets received with an MPLS header
■ OpenFlow, due to a hardware limitation
■ Packet-based statistics for traffic storm control (only byte-based statistics are supported)
■ Policy-based routing
■ PV routing for VXLAN
■ PVLANs
■ Q-in-VNI and Q-in-Q for VXLAN, due to a hardware limitation
■ Resilient hashing for ECMP
■ Resilient hashing for port-channel
■ Rx SPAN for multicast if the SPAN source and destination are on the same slice and no forwarding interface is on the slicet
■ set-erspan-gre-proto and set-erspan-dscp actions for the ERSPAN ACL
■ sFlow
■ SPAN/ERSPAN for forward drops
■ Traffic storm control for copy-to-CPU packets
■ Traffic storm control with unknown multicast traffic
■ Tx SPAN for multicast, unknown multicast, and broadcast traffic
■ UDF-based SPAN/ERSPAN
■ VACL redirects for TAP aggregation
The following features are not supported for the Cisco Nexus line card (N9K-X9408PC-CFP2) and Cisco Nexus 9300 Series leaf switches with generic expansion modules (N9K-M4PC-CFP2):
■ Breakout ports
■ Port-channel (No LACP)
■ vPC
■ MCT (Multichassis EtherChannel Trunk)
■ FEX
■ PTP (Precision Time Protocol)
■ PFC/LLFC
■ 802.3x
■ PVLAN
■ Storm Control
■ VXLAN access port.
■ SPAN destination/ERSPAN destination IP
■ Shaping support on 100g port is limited
The following lists other features not supported in the current release:
■ Cisco Nexus 9300 Series switches do not support the 64-bit ALPM routing mode.
■ Due to a Poodle vulnerability, SSLv3 is no longer supported.
■ IPSG is not supported on the following:
¯ The last six 40G physical ports on the 9372PX, 9372TX, and 9332PQ switches
¯ All 40G physical ports on the 9396PX, 9396TX, and 93128TX switches
The entire Cisco Nexus 9000 Series NX-OS documentation set is available at the following URL:
The Cisco Nexus 3164Q Switch - Read Me First is available at the following URL:
The Cisco Nexus 31128PQ Switch - Read Me First is available at the following URL:
■ Cisco Nexus 92160YC-X NX-OS Mode Switch Hardware Installation Guide
■ Cisco Nexus 9272Q NX-OS Mode Switch Hardware Installation Guide
■ Cisco Nexus 9000 Series and Cisco Nexus 3000 Series FPGA/EPLD Upgrade Release Notes, Release 7.0(3)I3(1)
To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com. We appreciate your feedback.
For information on obtaining documentation and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Open a service request online at:
https://tools.cisco.com/ServiceRequestTool/create/launch.do
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I3(1)
© 2016 Cisco Systems, Inc. All rights reserved.