Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I7(1)
This document describes the features, caveats, and limitations of Cisco NX-OS Release 7.0(3)I7(1) software for use on the following switches:
■ Cisco Nexus 9000 Series
■ Cisco Nexus 31128PQ
■ Cisco Nexus 3164Q
■ Cisco Nexus 3232C
■ Cisco Nexus 3264Q
Use this document with documents listed in Related Documentation.
Table 1 shows the online change history of this document.
Table 1 Online History Change
Date |
Description |
September 28, 2020 |
Upgrade and Downgrade section revised. |
January 24, 2020 |
Added CSCvc95008 to Known Behaviors. |
April 23, 2019 |
Updated Transceiver Module Group URL. |
January 2, 2019 |
Updated the Upgrade Instructions regarding BGP EVPN to OSPF. |
September 13, 2018 |
Updated the Upgrade Instructions regarding upgrades from Release 7.0(3)I2(2b). |
August 1, 2018 |
Updated Transceiver Matrix link. |
July 25, 2018 |
Added CSCuy08187 to Open Caveats. |
July 23, 2018 |
Added TACACS issue to the Upgrade Instructions. |
June 15, 2017 |
CSCvg31939 added to the Open Caveats. |
May 9, 2018 |
Updated Limitations for auto-negotiation. |
April 25, 2018 |
Updated Limitations for 9364C switches. |
April 20, 2018 |
Updated FEX Unsupported Features. |
March 22, 2018 |
Removed Static MPLS from Label Switching Features. |
February 13, 2018 |
Updated Limitations for Microsoft NLB. |
February 5, 2018 |
Updated Limitations for multicast heavy template. |
January 31, 2018 |
Updated Limitations for IPv6 Multicast. |
December 18, 2017 |
Moved iCAM to its own section in the New Software Features. |
December 17, 2017 |
Updated iCAM description in the New Software Features. |
December 12, 2017 |
Added upgrade instruction for EVPN VXLAN to Upgrade Instructions. |
November 16, 2017 |
Added Pervasive Load Balancing to the New Software Features - VXLAN Features. |
October 25, 2017 |
Updated the ISSU list in the Upgrade Instructions. |
October 23, 2017 |
Updated the ISSU list in the Upgrade Instructions. |
October 2, 2017 |
Added upgrade issue for switches running vPC and connected to an IOS-based switch in Upgrade Instructions. |
September 28, 2017 |
Added VSH terminal session issue to the Limitations section. Added CSCvg05807 to Open Caveats. |
September 26, 2017 |
Added REST API issue to the Limitations section. |
September 25, 2017 |
Added “VXLAN/EVPN integration is not supported on the Cisco Nexus 9348GC-FXP switch” to the Limitations section. |
September 18, 2017 |
Added default interface command error to Limitations. |
September 7, 2017 |
Removed “50 Gb on the first 28 ports of the 93180LC-EX line card is not supported” from the Limitations section. |
September 6, 2017 |
Added a link to the Cisco NX-OS ISSU Support application in the Upgrade Instructions. |
September 5, 2017 |
Added iCAM feature to New Software Features in Cisco NX-OS Release 7.0(3)I7(1). |
September 4, 2017 |
Updated the instructions for upgrading from Cisco NX-OS Releases 7.0(3)I1(2), 7.0(3)I1(3), or 7.0(3)I1(3a). |
August 31, 2017 |
Created the release notes for Release 7.0(3)I7(1). |
Contents
Introduction. 4
System Requirements. 4
New and Changed Information. 12
Caveats. 19
Upgrade and Downgrade. 21
Limitations. 22
Guidelines and Limitations for Private VLANs. 27
Guidelines and Limitations for Fabric Extenders. 30
Unsupported Features. 31
Related Documentation. 35
Obtaining Documentation and Submitting a Service Request. 36
■
Cisco NX-OS software is a data center-class operating system designed for performance, resiliency, scalability, manageability, and programmability at its foundation. The Cisco NX-OS software provides a robust and comprehensive feature set that meets the requirements of virtualization and automation in mission-critical data center environments. The modular design of the Cisco NX-OS operating system makes zero-impact operations a reality and enables exceptional operational flexibility.
This section includes the following sections:
■ Supported Device Hardware
■ Supported Optics
■ Supported FEX Modules
The following tables list the Cisco Nexus 9000 Series hardware that Cisco NX-OS Release 7.0(3)I7(1) supports. For additional information about the supported hardware, see the Hardware Installation Guide for your Cisco Nexus 9000 Series device.
■ Table 2 lists the Cisco Nexus 9000 Series fabric modules
■ Table 3 lists the Cisco Nexus 9000 Series fans and fan trays
■ Table 4 lists the Cisco Nexus 9500 Series line cards
■ Table 5 lists the Cisco Nexus 9000 Series power supplies
■ Table 6 lists the Cisco Nexus 9500 Series supervisor modules
■ Table 7 lists the Cisco Nexus 9000 Series switches
■ Table 8 lists the Cisco Nexus 9000 Series uplink modules
■ Table 9 lists the Cisco Nexus 9500 Series System Controller
■ Table 10 lists the 3232C and 3264Q switch hardware
■ Table 11 lists the Cisco Nexus 3164Q switch hardware
■ Table 12 lists the Cisco Nexus 31128PQ switch hardware
Table 2 Cisco Nexus 9000 Series Fabric Modules
Product ID |
Hardware |
Quantity |
N9K-C9504-FM |
Cisco Nexus 9504 40-Gigabit fabric module |
3 to 6 depending on line cards |
N9K-C9504-FM-E |
100-Gigabit -E fabric module (for the Cisco Nexus 9504 chassis) that supports the 100-Gigabit (-EX) line cards. When used, there must be 4 of these fabric modules installed in fabric slots 22, 23, 24, and 26. |
4 |
N9K-C9504-FM-S |
100-Gb -S fabric module (for the Cisco Nexus 9504 chassis) that supports the 100-Gigabit (-S) line cards. When used, there must be 4 of these fabric modules installed in fabric slots 22, 23, 24, and 26. |
4 |
N9K-C9508-FM |
Cisco Nexus 9508 Series 40-Gigabit fabric module |
3-6 depending on the line cards |
N9K-C9508-FM-E |
100-Gigabit -E fabric module (for the Cisco Nexus 9508 chassis) that supports the 100-Gigabit (-EX) line cards. When used, there must be 4 of these fabric modules installed in fabric slots 22, 23, 24, and 26. |
4 |
N9K-C9508-FM-S |
100-Gigabit -S fabric module (for the Cisco Nexus 9508 chassis) that supports the 100-Gigabit (-S) line cards. When used, there must be 4 of these fabric modules installed in fabric slots 22, 23, 24, and 26. |
4 |
N9K-C9508-FM-Z |
Fabric blank with Fan Tray Power Connector module used in place of a fabric module that has been removed from fabric slots 22, 24, or 26 during lab verification test. |
1 |
N9K-C9516-FM |
Cisco Nexus 9500 Series 40-Gigabit fabric module |
3-6 depending on the line cards |
N9K-C9516-FM-E |
100-Gb –E fabric module (for the Cisco Nexus 9516 chassis_ that supports the 100-Gb (-EX) line cards. When used, there must be four of these fabric modules installed in fabric slots 22, 23, 24, and 26. |
4 |
N9K-C9516-FM-Z |
Fabric blank with Fan Tray Power Connector module used in place of a fabric module that has been removed from fabric slots 22, 24, or 26 during lab verification test. |
1 |
Table 3 Cisco Nexus 9000 Series Fans and Fan Trays
Table 4 Cisco Nexus 9500 Series Line Cards
Table 5 Cisco Nexus 9000 Series Power Supplies
Table 6 Cisco Nexus 9500 Series Supervisor Modules
Table 7 Cisco Nexus 9000 Series Switches
Cisco Nexus Switch |
Description |
N9K-C92160YC-X |
1-RU Top-of-Rack switch with 48 10-/25-Gigabit SFP+ ports and 6 40-Gigabit QSFP+ ports (4 of these ports support 100-Gigabit QSFP28 optics). |
N9K-C92300YC |
1.5-RU Top-of-Rack switch with 48 10-/25-Gigabit SFP28 ports and 18 fixed 40-/100-Gigabit QSFP28 ports. |
N9K-C92304QC |
2-RU Top-of-Rack switch with 56 40-Gigabit Ethernet QSFP+ ports (16 of these ports support 4x10 breakout cables) and 8 100-Gigabit QSFP28 ports. |
N9K-C9236C |
1-RU Top-of-Rack switch with 36 40-/100-Gigabit QSFP28 ports (144 10-/25-Gigabit ports when using breakout cables) |
N9K-C9272Q |
2-RU Top-of-Rack switch with 72 40-Gigabit Ethernet QSFP+ ports (35 of these ports also support 4x10 breakout cables for 140 10-Gigabit ports) |
N9K-C93108TC-EX |
1-RU Top-of-Rack switch with 48 10GBASE-T (copper) ports and 6 40-/100-Gigabit QSFP28 ports |
N9K-C93108TC-FX |
1-RU Top-of-Rack switch with 48 100M/1/10GBASE-T (copper) ports and 6 40-/100-Gigabit QSFP28 ports |
N9K-C93120TX |
2-RU Top-of-Rack switch with 96 1/10GBASE-T (copper) ports and 6 40-Gigabit QSFP+ ports |
N9K-C93128TX |
3-RU Top-of-Rack switch with 96 1/10GBASE-T (copper) ports and an uplink module up to 8 40-Gigabit QSFP+ ports |
N9K-C93180LC-EX |
1-RU Top-of-Rack switch with 24 40-/50-Gigabit QSFP+ downlink ports and 6 40/100-Gigabit uplink ports. You can configure 18 downlink ports as 100-Gigabit QSFP28 ports or as 10-Gigabit SFP+ ports (using breakout cables) |
N9K-C93180YC-EX |
1-RU Top-of-Rack switch with 48 10-/25-Gigabit SFP28 fiber ports and 6 40-/100-Gigabit QSFP28 ports |
N9K-C93180YC-FX |
1-RU Top-of-Rack switch with 48 10-/25-Gigabit SFP28 ports and 6 40-/100-Gigabit QSFP28 ports. You can configure the 48 ports as 1/10/25-Gigabit Ethernet ports or as FCoE ports or as 8-/16-/32-Gigabit Fibre Channel ports. |
N9K-C9332PQ |
1-RU switch with 32 40-Gigabit Ethernet QSFP+ ports (26 ports support 4x10 breakout cables and 6 ports support QSFP-to-SFP adapters) |
N9K-C9348GC-FXP |
Nexus 9300 with 48p 100M/1 G, 4p 10/25 G SFP+ and 2p 100 G QSFP |
N9K-C9372PX |
1-RU Top-of-Rack switch with 48 1-/10-Gigabit SFP+ ports and 6 40-Gigabit QSFP+ ports |
N9K-C9372PX-E |
An enhanced version of the Cisco Nexus 9372PX-E switch. |
N9K-C9372TX |
1-RU Top-of-Rack switch with 48 1-/10GBASE-T (copper) ports and 6 40-Gigabit QSFP+ ports |
N9K-C9372TX-E |
An enhanced version of the Cisco Nexus 9372TX-E switch. |
N9K-C9396PX |
2-RU Top-of-Rack switch with 48 1-/10-Gigabit Ethernet SFP+ ports and an uplink module with up to 12 40-Gigabit QSFP+ ports |
N9K-C9396TX |
2-RU Top-of-Rack switch with 48 1/10GBASE-T (copper) ports and an uplink module with up to 12 40-Gigabit QSFP+ ports |
N9K-C9504 |
7.1-RU modular switch with slots for up to 4 line cards in addition to two supervisors, 2 system controllers, 3 to 6 fabric modules, 3 fan trays, and up to 4 power supplies. |
N9K-C9508 |
13-RU modular switch with slots for up to 8 line cards in addition to two supervisors, 2 system controllers, 3 to 6 fabric modules, 3 fan trays, and up to 8 power supplies. |
N9K-C9516 |
21-RU modular switch with slots for up to 16 line cards in addition to two supervisors, 2 system controllers, 3 to 6 fabric modules, 3 fan trays, and up to 10 power supplies. |
Table 8 Cisco Nexus 9000 Series Uplink Modules
Table 9 Cisco Nexus 9500 Series System Controller
Table 10 Cisco Nexus 3232C and 3264Q Switch Hardware
Table 11 Cisco Nexus 3164Q Switch Hardware
Table 12 Cisco Nexus 31128PQ Switch Hardware
To determine which transceivers and cables are supported by this switch, see Transceiver Module (TMG) Compatibility Matrix.
To see the transceiver specifications and installation information, see https://www.cisco.com/c/en/us/support/interfaces-modules/transceiver-modules/products-installation-guides-list.html.
Cisco NX-OS Release 7.0(3)I7(1) supports the following FEXs (Fabric Extenders) on 9332PQ, 9372PX, 9372PX-E, 9396PX, 93108TC-EX, 93180LC-EX, 93180TC-EX, 93180YC-EX, and 9500 platform switches:
■ Cisco Nexus 2224TP
■ Cisco Nexus 2232PP
■ Cisco Nexus 2232TM and 2232TM-E
■ Cisco Nexus 2248PQ
■ Cisco Nexus 2248TP and 2248TP-E
■ Cisco Nexus 2332TQ
■ Cisco Nexus 2348TQ
■ Cisco Nexus 2348TQ-E
■ Cisco Nexus 2348UPQ
■ Cisco Nexus B22Dell
■ Cisco Nexus B22HP
■ Cisco Nexus NB22FTS
■ Cisco Nexus NB22IBM
■ For more information, see the Cisco Nexus 9000 Series Switch FEX Support page.
■
Note the following:
■ The Cisco Nexus 2332TQ supports the Cisco Nexus 9300, 9300-EX, and 9500 platform switches as the parent switch.
■ The N9K-X9408PC-CFP2 line card does not support the Cisco Nexus 2300 platform FEXs.
■ Cisco Nexus 9300 platform switches do not support FEXs on uplink modules (ALE).
■ For FEX HIF port channels, enable the STP port type edge using the spanning tree port type edge [trunk] command.
■ The Cisco Nexus 2248PQ, 2348TQ, and 2348UPQ FEXs support connections to the Cisco Nexus 9300 or 9500 platform switches by using supported breakout cables to connect a QSFP+ uplink on the FEX and an SFP+ link on the parent switch (4x10 G links).
Note: For Cisco Nexus 9500 platform switches, 4x10-Gb breakout for FEX connectivity is not supported.
This section lists the following topics:
■ New Hardware Features in Cisco NX-OS Release 7.0(3)I7(1)
■ New Software Features in Cisco NX-OS Release 7.0(3)I7(1)
Cisco NX-OS Release 7.0(3)I7(1) supports the following new hardware:
■ The Cisco Nexus 9348GC-FXP switch (N9K-C9348GC-FXP) is a 1-RU fixed-port, L2/L3 switch, designed for deployment in data centers. This switch has 48 100/1000-Megabit 1GBASE-T downlink ports, 4 10-/25-Gigabit SFP28 downlink ports, and 2 40-/100-Gigabit QSFP28 uplink ports.
■ The Cisco Nexus 93108TC-FX switch (N9K-C93108TC-FX) is a 1-RU, fixed-port switch designed for deployment in data centers. This switch has 48 10/1-Gigabit RJ45 downlink ports that you can configure to support 1-, 10-Gigabit Ethernet connections, and it has six fixed 40/100-Gigabit QSFP28 uplink ports that support 40- or 100-Gigabit ports.
■ The Cisco Nexus 93180YC-FX switch (N9K-C93180YC-FX) has 48 10/25-Gigabit SFP+ downlink ports that also support 8/16/32-Gigabit Fiber Channel connections and 6 40/100-Gigabit Ethernet QSFP28 uplink ports.
■ The Supervisor A+ module (N9K-SUP-A+) has 4 cores, 8 threads, 1.8 GHz, 16 GB of memory, and 64 GB of solid-state drives (SSD).
■ The Supervisor B+ module (N9K-SUP-B+) has 6 cores, 12 threads, 1.9 GHz, 32 GB of memory, and 256 GB of solid-state drives (SSD).
Cisco NX-OS Release 7.0(3)I7(1) supports the following new software features:
FCoE Features
■ FCoE NPV—Added support on the 93180YC-FX switch.
■ QoS—Added support for default FCoE policies for network-qos, queuing output, and queuing input.
■ Six QSFP+ ports as uplink ports or server ports—93180YC-FX switch supports using six QSFP+ ports (40 G) as uplink ports or server ports.
■ Slow drain device detection and congestion avoidance—Added support on the 93180YC-FX switch.
For more information, see the Cisco Nexus 9000 Series NX-OS FCoE Configuration Guide, Release 7.x
FEX Features
■ FEX support on breakout ports—Added support on platforms and ports that support breakout.
■ Layer 3 routing—Added support on FEX interfaces and port channel interfaces on Cisco Nexus 9300-EX platform switches.
■ Replay—Added support for ASCII replay and POAP replay.
■ Static routes and all routing protocols—Added support on FEX Layer 3 ports.
For more information, see the Cisco Nexus 2000 Series NX-OS Fabric Extender Configuration Guide for Cisco Nexus 9000 Series Switches, Release 7.x.
iCAM Features
■ Intelligent CAM Analytics and Machine-Learning (iCAM)—Provides the following features, natively on the router/switch:
o Current, historical, and predictive analytics for traffic, per hardware table entry. For example, TCAM-entry traffic.
o Current, historical, and predictive analytics for hardware table utilization per-feature.
o Streaming telemetry.
o Top and bottom percentage hitters. Sorting and filtering based on traffic.
o Historical analytics provide a history of traffic for a past date and time.
o Predictive traffic analytics provides traffic for a future date and time.
o iCAM provides the following for the previously listed items:
o Provides ACL, CoPP, NAT, PACL, QoS, PBR, WCCP, and VACL for 32 features and combinations of those features.
o Forwarding tables
o Multicast tables
For more information, see the Cisco Nexus 9000 Series NX-OS iCAM Configuration Guide, Release 7.x
Interfaces Features
■ ECMP resilient hashing—Added support for Cisco Nexus 9200 and 9300-EX platform switches.
■ HiGig interfaces–Added support for HiGig interface counters and per-queue statistics in the output of CLI commands. (Add a superscripted trademark symbol to HiGig.)
■ SVI unnumbered—Introduced this feature to facilitate end-to-end communication between hosts, in which hosts are configured in the same subnet and are a part of different VLANs. This feature requires primary VLAN and multiple secondary VLANs unnumbered to primary VLAN in the gateway. The host is a member of any of the primary and secondary VLAN. The feature implementation overcomes the legacy behavior with Cisco switches of disallowing multiple VLAN configuration with the same subnet in the Cisco switch.
■ vPC convergence—Added fast convergence and LACP convergence support on vPCs.
■ vPC role preempt—Enables you to switch vPC roles between vPC peers without impacting traffic flow. The vPC role switching is done based on the role priority value of the device under the vPC domain. A vPC peer device with lower role priority is selected as the primary vPC device during the vPC role switch.
For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x.
Label Switching Features
■ The following features are supported on the Cisco Nexus 9300-FX platform switches:
o Egress peer engineering
o Layer 3 EVPN over segment routing
o MPLS label stack imposition
o MPLS OAM
o MPLS stripping
o Segment routing (Node SID/Prefix SID)
For more information, see the Cisco Nexus 9000 Series NX-OS Label Switching Configuration Guide, Release 7.x.
Layer 2 Switching
■ Reflective relay—A switching option that is supported on the Cisco Nexus 93180LC-EX and 93180YC-EX switches. This option forwards all traffic to an external switch that applies a policy and sends the traffic back to the destination or target VM on the server as needed. There is no local switching. For broadcast or multicast traffic, reflective relay provides packet replication to each VM locally on the server.
For more information, see the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x.
Multicast Routing
■ Multicast VRF-lite route leaking–Added support for IPv4 multicast traffic across VRFs for all Cisco Nexus 9000 Series switches.
For more information, see the Cisco Nexus 9000 Series NX-OS Multicast Routing Configuration Guide, Release 7.x
Nexus 9000v Features
■ SNMP Support for the Nexus 9000v—You can use the Network Manager to manage the Cisco Nexus 9000v chassis node.
For more information, see the Cisco Nexus 9000v Guide.
NX-API Features
■ New NX-API REST commands have been added. The following table describes the markdown files and the name of the corresponding section in the Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference that were edited to include the Data Management Engine (DME)-ized commands made available for the 7.0(3)I7(1) release.
Markdown File Name |
Section Name |
_additional.md |
Configuring DHCP Added commands for configuring DHCP guard, ND RA Guard, and snooping policies. Also added neighbor binding, static binding, and hairpin forwarding. |
_bgp.md |
Configuring BGP Added commands for: · Allowing re-importation of VPN imported routes · Advertising a physical IP · Auto-generating routes for an EBGP neighbor in an EVPN address family · Configuring a neighbor-facing fabric border leaf of a neighbor · Configuring a neighbor-facing fabric border leaf of a neighbor template · Configuring a neighbor-facing fabric border leaf for a peer-session template · Configuring the redistribution of AM routes · Specifying target VPN extended communities as MVPN routes |
_snmp.md |
Configuring SNMP Added transceiver, modular temperature sensor, power supply, and fan tray DME information. |
_telemetry.md |
Configuring Telemetry ■ Added commands for configuring Gzip compression, data depth, and streaming ephemeral data. NOTE: When downgrading to an older release, unconfigure and reconfigure the telemetry feature after the new image comes up to avoid the failure of unsupported commands or command options. ■ Added commands for specifying the destination VRF for a destination profile and for specifying the UDP and HTTP protocols for a destination group. |
_vxlan.md |
Configuring VXLAN BGP EVPN · Added the nvoEps MO, which changed the DNs from the previous releases. · Added ephemeral DN queries. |
For more information, see the Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference.
Programmability Features
■ Authentication with self-signed SSL certificate—Added support for self-signed SSL certificate to configure SSL certificate based authentication and the encryption of streamed data.
■ UDP and secure UDP (DTLS) as telemetry transport protocols—Added support for telemetry transport protocols include UDP and secure UDP (DTLS) with GPB or JSON encoding.
■ Export rootfs of Guest Shell onto multiple devices—Support to export a specific Guest Shell rootfs and deploy it onto multiple devices.
■ NX-OS Programmable Interface Component RPM packages (agents, model, and infra) included in NX-OS image—NX-OS Programmable Interface Component RPM packages are installed automatically when NX-OS image is loaded. No need to download and install from the Cisco Artifactory.
■ Telemetry VRF feature—Telemetry VRF feature supports specification of a transport VRF.
■ Telemetry Compression for gRPC Transport—Telemetry data compression is available for gRPC transport.
For more information, see the Cisco Nexus 9000 Series NX-OS Programmability Guide, Release 7.x.
Programmable Fabric Features
■ CLI (Static-host) Trigger—You can add the static host configuration for a VNI at a particular interface using the fabric database static-host vni vni-id interface command. You can also use the static host VNI configuration with an optional overwrite-VLAN. The fabric database auto-pull [dot1qlvni] command should no longer be used. If the fabric database auto-pull command was used previously, it needs to be unconfigured before you upgrade to 7.0(3)I7(1) and use the new command fabric database static-host to reconfigure.
For more information, see the Cisco Programmable Fabric with VXLAN BGP EVPN Configuration Guide.
QoS Features
■ Priority flow control–Added PFC MIB support for HiGig interfaces.
For more information, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide, Release 7.x.
Security Features
§ 802.1X Port-Based Authentication and Authorization—Defines a client-server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a Cisco NX-OS device port.
§ First-Hop Security (FHS)—A set of features that provides end node protection and optimizes link operations on IPv6 or dual stack networks. Supports the following FHS features: RA Guard, DHCPv6 Guard, IPv6 Snooping.
§ Intelligent CAM Analytics and Machine-Learning (iCAM)—Provides the following features, natively on the router/switch:
o Current, historical, and predictive analytics for traffic, per hardware table entry. For example, TCAM-entry traffic.
o Current, historical, and predictive analytics for hardware table utilization per-feature.
o Streaming telemetry.
o Top and bottom percentage hitters. Sorting and filtering based on traffic.
o Historical analytics provide a history of traffic for a past date and time.
o Predictive traffic analytics provides traffic for a future date and time.
o iCAM provides the following for the previously listed items:
o Provides ACL, CoPP, NAT, PACL, QoS, PBR, WCCP, and VACL for 32 features and combinations of those features.
o Forwarding tables
o Multicast tables
§ Login Parameter command—The login block-for and login quiet-mode configuration mode commands have been renamed to system login block-for and system login quiet-mode, respectively.
§ Option 82 String Identifiers—You can enable the Option 82 to identify the subscriber device that connects to the network.
§ The Traffic Storm Control CLI—Provides an option to specify bandwidth level and a percentage of port capacity or packet-per-second.
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x.
Software Upgrade and Downgrade Features
■ In-service software upgrade (ISSU)–Added support for the following:
o Regular ISSU for the Cisco Nexus 93180LC-EX switch
For more information, see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x.
System Management Features
■ ERSPAN–Added the rfc-compliant option to the header-type 3 command to make the ERSPANv3 header RFC compliant for Application Leaf Engine (ALE) 40G uplink ports on Cisco Nexus 9300 and 9500 platform switches.
■ NetFlow–Introduced this feature for Cisco Nexus 9300-FX platform switches. NetFlow identifies packet flows for ingress IP packets and uses these flows to provide statistics for accounting, network monitoring, and network planning. You can export the data that NetFlow gathers to a remote NetFlow Collector, such as Cisco Stealthwatch.
■ PTP–Added PTP mixed mode support for the Cisco Nexus 9396 switch.
■ Resource management–Added the ability to monitor global resource utilization on the device and trigger an RMON alarm as soon as the user-configured threshold is crossed. The output of the show resource command displays the resource limits. All of the Cisco Nexus 9000 Series switches support this feature.
■ SNMP engine ID–Changed the requirements after configuring the SNMP local engine ID. You must reconfigure only the SNMP users and the community strings. You no longer need to reconfigure any host configured with V3 users.
■ SPAN–Added support for multicast Tx SPAN traffic across different leaf spine engine (LSE) slices on Cisco Nexus 9300-EX platform switches.
■ SPAN and ERSPAN-Added the ability to truncate SPAN and ERSPAN packets for Cisco Nexus 9300-EX and 9300-FX platform switches.
For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 7.x.
Unicast Routing Features
■ Local proxy ARP–Added the ip local-proxy-arp no-hw-flooding command to suppress ARP broadcasts on SVIs. All Cisco Nexus 9000 Series switches support this command.
For more information, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide, Release 7.x.
VXLAN Features
■ FHRP/HSRP over VXLAN (flood and learn only)—Added platform support for the Cisco Nexus modular 9732C-EX line card, Cisco Nexus 3132Q-V, 31108PC-V, and 31108TC-V switches.
■ Pervasive Load Balancing—Pervasive Load Balancing (PLB) provides Layer-3 and Layer-4 load balancing at Petabits/s speed without the need for any virtual or physical external load balancer equipment. Servers, L4-L7 appliances, Firewalls, VMs and containers attached to different ToR/leaf switches might be distributed across the fabric and this feature enables the switching fabric to load balance client-specific service requests to these servers/appliances.
In this feature, the same virtual IP (VIP) is assigned to the group of servers that might be distributed across the fabric. When different clients (local to the fabric or from a remote location) send requests for a given service, these requests are destined to the VIP of these servers. PLB enables fabric to act as a massive load-balancer and makes it capable of providing massive telemetry and analytics.
■ Policy Based Routing—Support has been added for Policy Based Routing (PBR) using VXLAN 2/5 routes as PBR next hop This feature is supported on the Cisco Nexus 9300-EX and 9300-FX top-of-rack platform switches and Cisco Nexus 9500-EX based line cards for IPv4 and IPv6.
■ Route-Leak for External IP Routing—Added support for centralizing VRF route leaks using default-routes. This feature facilitates the installation and configuration of new hardware or software that must coexist with legacy systems without any additional configuration overhead on the legacy nodes.
■ Tenant Routing Multicast—Enables multicast forwarding on the VXLAN fabric using BGP-based EVPN control pane. Tenant Routing Multicast (TRM) supports Layer 2 and Layer 3 multicast for sender and receivers on the same or different VTEPs in a tenant VRF.
■ VIP/PIP—Advertises type-5 routes using the primary IP address of the VTEP interfaces as the next hop address in the VXLAN EVPN fabric.
■ VXLAN EVPN Multisite—A solution to interconnect two or more BGP-based Ethernet VPN (EVPN) site’s fabrics in a scalable fashion over an IP-only network. This feature is supported on the Cisco Nexus 9300-EX and 9300-FX platform switches.
For more information, see the Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x.
Caveats
This section includes the following topics:
■ Resolved Caveats—Cisco NX-OS Release 7.0(3)I7(1)
■ Open Caveats—Cisco NX-OS Release 7.0(3)I7(1)
■ Known Behaviors—Cisco NX-OS Release 7.0(3)I7(1)
Resolved Caveats—Cisco NX-OS Release 7.0(3)I7(1)
The following table lists the Resolved Caveats in Cisco NX-OS Release 7.0(3)I7(1). Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 13 Resolved Caveats in Cisco NX-OS Release 7.0(3)I7(1)
Open Caveats—Cisco NX-OS Release 7.0(3)I7(1)
The following table lists the open caveats in the Cisco NX-OS Release 7.0(3)I7(1). Click the bug ID to access the Bug Search tool and see additional information about the bug.
Table 14 Open Caveats in Cisco NX-OS Release 7.0(3)I7(1)
Known Behaviors—Cisco NX-OS Release 7.0(3)I7(1)
There are no known behavior changes for this release.
Table 4 Known Behaviors in Cisco NX-OS Release 7.0(3)I7(1)
Bug ID |
Description |
CSCvc95008 |
On Cisco Nexus 9300-EX, 9348GC-FXP, 93108TC-FX, and 93180YC-FX switches, when 802.1q EtherType has changed on an interface, the EtherType of all interfaces on the same slice will be changed to the configured value. This change is not persistent after a reload of the switch and will revert to the EtherType value of the last port on the slice. |
Upgrade and Downgrade
To perform a software upgrade or downgrade, follow the instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 7.x.
For information about an In Service Software Upgrade (ISSU), see the Cisco NX-OS ISSU Support application.
Note: Upgrading from Cisco NX-OS 7.0(3)I1(2), 7.0(3)I1(3), or 7.0(3)I1(3a) requires installing a patch for Cisco Nexus 9500 platform switches only. For more information on the upgrade patch, see Upgrade Patch Instructions.
Limitations
This section lists limitations related to Cisco NX-OS Release 7.0(3)I7(1).
■ Auto-negotiation is not supported on 25-G Ethernet transceiver modules on Cisco Nexus 9200 and 9300-FX platform switches, and Cisco Nexus 9500 platform switches that use N9K-X9700-EX line cards.
■ On the Cisco Nexus 9364C switches, auto-negotiation might not work on ports 49-64 when bringing up 100G links using the QSFP-100G-CR4 cable. The workaround for this issue is that you must hard code the speed on ports 49-64 and disable auto-negotiation.
■ We recommend using multicast heavy template for optimal bandwidth utilization when using multicast traffic flows.
■ IPv6 multicast is not supported on Cisco Nexus 9500 platform switches.
■ If you enable and disable a feature using a script in one VSH terminal session and execute those feature related commands in another terminal session, the behavior is unpredictable. Configuring and deleting the same parser chain in multiple VSH sessions is not supported. You must refrain from entering feature specific show CLI commands from a different VSH session when the same feature is being disabled in another terminal session.
Doing so might even result in a VSH crash. There is no functional impact or SSO or reload due to this crash.
■ A delay of 10 to 15 seconds occurs when applying certain configurations to interfaces through the REST API. If you try to configure a port as a switch port and make it either an access or trunk port, a delay occurs in applying either the access or trunk VLANs to the port. This delay is only seen when trying to apply all of the configuration at once. If the port is already a switch port, the issue is not seen. This behavior is due to how NXAPI REST is programmed which concurrently sends requested changes to different processes.
■ VXLAN/EVPN integration is not supported on the Cisco Nexus 9348GC-FXP switch.
■ If the speed group is configured, the default interface command displays the following error:
Error: default interface is not supported as speed-group is configured
■ Line rate cannot be sustained across all 36 ports on the 9736C-EX line card.
■ You must use either the CLI or SNMP to configure a feature on your switch. Do not configure a feature using both interfaces to the switch.
■ Ingress DROP_ACL_DROP is seen with Cisco Nexus 9272Q, 9236C, and 92160YC-X switches on an ASIC during congestion. However, these drops do not impact the performance of the switch.
■ Ingress queuing policy is supported only at the system level (and not at the interface level) for Cisco Nexus 9508 switches with the X9732C-EX line card and Cisco Nexus 93108TC-EX and 93180YC-EX switches.
■ Q-in-VNI has the following limitations:
¯ Single tag is supported on Cisco Nexus 9300 platform switches. It can be enabled by unconfiguring the overlay-encapsulation vxlan-with-tag command from interface nve:
switch(config)# int nve 1
switch (config-if-nve)# no overlay-encapsulation vxlan-with-tag
switch # sh run int nve 1
!Command: show running-config interface nve1
!Time: Wed Jul 20 23:26:25 2016
version 7.0(3u)I4(2u)
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
member vni 900001 associate-vrf
member vni 2000980
suppress-arp
mcast-group 225.4.0.1
¯ Single tag is not supported on Cisco Nexus 9500 platform switches; only double tag is supported.
¯ Double tag is not supported on Cisco Nexus 9300-EX platform switches, only single tag is supported.
¯ When upgrading from Cisco NX-OS Release 7.0(3)I3(1) or 7.0(3)I4(1) to Cisco NX-OS Release 7.0(3)I7(1) with Cisco Nexus 9300 platform switches without the overlay-encapsulation vxlan-with-tag command under interface nve, you should add overlay-encapsulation vxlan-with-tag under the nve interface in the older release before starting the ISSU upgrade. We were only supporting double tag in Cisco NX-OS Release 7.0(3)I3(1) and 7.0(3)I4(1). We now support single tag also in Cisco NX-OS Release 7.0(3)I7(1).
¯ We do not support traffic between ports configured for Q-in-VNI and ports configured for trunk on Cisco Nexus 9300-EX platform switches.
■ Resilient hashing (port-channel load-balancing resiliency) and VXLAN configurations are not compatible with VTEPs using ALE uplink ports. Please note that resilient hashing is disabled by default.
■ Fast reload is supported only on the Cisco Nexus 9232C, and 92304QC switches starting with Cisco NX-OS Release 7.0(3)I6(1).
■ CoPP (Control Plane Policing) cannot be disabled. If you attempt to disable it in Cisco NX-OS Release 7.0(3)I7(1), an error message appears. In previous releases, attempting to disable CoPP causes packets to be rate limited at 50 packets per seconds.
■ Skip CoPP policy option has been removed from the Cisco NX-OS initial setup utility because using it can impact the control plane of the network.
■ hardware profile front portmode command is not supported on the Cisco Nexus 9000 Series switches.
■ PV (Port VLAN) configuration through an interface range is not supported.
■ Layer 3 routed traffic for missing Layer 2 adjacency information is not flooded back onto VLAN members of ingress units when the source MAC address of routed traffic is a non-VDC (Virtual Device Context) MAC address. This limitation is for hardware flood traffic and can occur when the SVI (Switched Virtual Interface) has a user-configured MAC address.
■ neighbor-down fib-accelerate command is supported in a BGP-only environment.
■ Uplink modules should not be removed from a Cisco Nexus 9300 platform switch that is running Cisco NX-OS Release 7.0(3)I7(1). The ports on uplink modules should be used only for uplinks.
■ PortLoopback and BootupPortLoopback tests are not supported.
■ PFC (Priority Flow Control) and LLFC (Link-Level Flow Control) are supported for all Cisco Nexus 9300 and 9500 platform switches except for the 100 Gb 9408PC line card and the 100 Gb M4PC generic expansion module (GEM).
■ FEXs configured with 100/full-duplex speed, without explicitly configuring the neighboring device with 100/full-duplex speed, will not pass data packet traffic properly. This occurs with or without the link appearing to be “up.”
¯ no speed–Auto negotiates and advertises all speeds (only full duplex).
¯ speed 100–Does not auto negotiate; pause cannot be advertised. The peer must be set to not auto negotiate (only 100 Mbps full duplex is supported).
¯ speed 1000–Auto negotiates and advertises pause (advertises only for 1000 Mbps full duplex).
■ Eight QoS groups are supported only on modular platforms with the Cisco Nexus 9300 N9K-M4PC-CFP2 uplink module, and the following Cisco Nexus 9500 platform line cards:
¯ N9K-X9432PQ
¯ N9K-X9464PX
¯ N9K-X9464TX
¯ N9K-X9636PQ
■ Flooding for Microsoft Network Load Balancing (NLB) unicast mode is supported only on Cisco Nexus 9200, 9300-EX, 9300-FX and 9500 platform switches. However, if the NLB servers are connected on FEX HIFs, flooding does not work. NLB is not supported in max-host system routing mode, and NLB multicast mode is not supported.
Note: To work around the situation of Unicast NLB limitation, Cisco can statically hard code the address resolution protocol (ARP) and MAC address pointing to the correct interface. Please refer to bug ID CSCuq03168.
■ TCAM resources are not shared when:
¯ Applying VACL (VLAN ACL) to multiple VLANs
¯ Routed ACL (Access Control List) is applied to multiple SVIs in the egress direction
■ Cisco Nexus 9000 Series switch hardware does not support range checks (layer 4 operators) in egress TCAM. Because of this, ACL/QoS policies with layer 4 operations-based classification need to be expanded to multiple entries in the egress TCAM. Egress TCAM space planning should take this limitation into account.
■ Applying the same QoS policy and ACL on multiple interfaces requires applying the qos-policy with the no-stats option to share the label.
■ Multiple port VLAN mappings configured on an interface during a rollback operation causes the rollback feature to fail.
■ The following switches support QSFP+ with the QSFP to SFP/SFP+ adapter (40 Gb to 10 Gb):
¯ N9K-C93120TX
¯ N9K-C93128TX
¯ N9K-C9332PQ
¯ N9K-C9372PX
¯ N9K-C9372PX-E
¯ N9K-C9372TX
¯ N9K-C9396PX
¯ N9K-C93108TC-EX
¯ N9K-C93180YC-EX
■
Note: The Cisco Nexus 9300 platforms support for the QSFP+ breakout has the following limitations:
■ Only 10 Gb can be supported using the QSFP-to-SFP Adapter on 40-Gb uplink ports on Cisco Nexus 9300 platform switches in NX-OS.
■ 1 Gb with QSFP-to-SFP Adapter is not supported.
■ For the Cisco Nexus 9332PQ switch, all ports except 13-14 and 27-32 can support breakout.
■ All ports in the QSFP-to-SFP Adapter speed group must operate at the same speed (see the configuration guide). This applies to the following switches:
o Cisco Nexus 9372PX
o Cisco Nexus 9372PX-E
o Cisco Nexus 9372TX
o Cisco Nexus 9372TX-E
o Cisco Nexus 9396PX
o Cisco Nexus 9396TX
o Cisco Nexus 93120TX
o Cisco Nexus 93128TX
■
■ The following switches support the breakout cable (40 Gb ports to 4x10-Gb ports):
o N9K-C9332PQ
o N9K-X9436PQ
o N9K-X9536PQ
o N9K-C93180LC-EX—last four ports are breakout capable (10x4, 24x4, 50x2)
o N9K-C93180YC-EX
o N9K-C93108TC-EX
o N9K-X9732C-EX line card
o N9K-X97160YC-EX
■ Weighted ECMP (Equal-Cost Multi-Path) is not supported on the Cisco Nexus 9000 Series switches.
■ Limitations for ALE (Application Link Engine) uplink ports are listed at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/ale_ports/b_Limitations_for_ALE_Uplink_Ports_on_Cisco_Nexus_9000_Series_Switches.html
This section provides guidelines and limitations for configuring private VLANs.
■ Configuring Private VLANs
■ Secondary and Primary VLAN Configuration
■ Private VLAN Port Configuration
■ Limitations with Other Features
For more information, see the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide.
Private VLANs have the following configuration guidelines and limitations:
■ Private VLANs must be enabled before the device can apply the private VLAN functionality.
■ VLAN interface feature must be enabled before the device can apply this functionality.
■ VLAN network interfaces for all VLANs that you plan to configure as secondary VLANs should be shut down before being configured.
■ When a static MAC is created on a regular VLAN, and then that VLAN is converted to a secondary VLAN, the Cisco NX-OS maintains the MAC that was configured on the secondary VLAN as the static MAC.
■ PVLANs support port modes as follows:
¯ Community host
¯ Isolated host
¯ Isolated host trunk
¯ Promiscuous
¯ Promiscuous trunk
■ When configuring PVLAN promiscuous or PVLAN isolated trunks, it is recommended to allow non-private VLANs in the list specified by the switchport private-vlan trunk allowed vlan command.
■ PVLANs are mapped or associated depending on the PVLAN trunk mode.
■ PVLANs support the following:
¯ Layer 2 forwarding
¯ PACLs (Port Access Control Lists)
¯ Promiscuous trunk
¯ PVLAN across switches through a regular trunk port
¯ RACLs (Router Access Control Lists)
■ PVLANs support SVIs as follows:
¯ HSRP (Hot Standby Router Protocol) on the primary SVI
¯ Primary and secondary IPs on the SVI
¯ SVI allowed only on primary VLANs
■ PVLANs support STP as follows:
¯ MST (Multiple Spanning Tree)
¯ RSTP (Rapid Spanning Tree Protocol)
■ PVLANs port mode is not supported on the following:
¯ 40-Gb interfaces of the Cisco Nexus ALE ports on Cisco Nexus 9300 platform switches.
¯ Cisco Nexus 3164Q
■ PVLANs are supported on breakout ports for the Cisco Nexus 9200 and 9300-EX platform switches.
■ PVLANs do not provide support for the following:
¯ DHCP (Dynamic Host Channel Protocol) snooping
¯ IP multicast or IGMP snooping
¯ PVLAN QoS
¯ SPAN (Switch Port Analyzer) when the source is a PVLAN VLAN
¯ Tunnels
¯ VACLs
¯ VTP (VLAN Trunk Protocol)
¯ VXLANs
■ Breakout ports cannot be configured to be part of a private VLAN on Cisco Nexus 9500 platform switches’ 40 G ports with the following line cards:
o N9K-X9636PQ
o N9K-X9564PX
o N9K-X9564TX
o N9K-X9536PQ
o N9K-X9432PQ
o N9K-X9464PX
o N9K-X9464TX
■ For more details, see the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide.
■ Configuring multiple isolated VLAN configurations per PVLAN group is allowed by the Cisco NX-OS CLI. However, such a configuration is not supported. A PVLAN group can have at most one isolated VLAN.
Follow these guidelines when configuring secondary or primary VLANs in private VLANs:
■ Default VLANs (VLAN1), or any of the internally allocated VLANs, cannot be configured as primary or secondary VLANs.
■ VLAN configuration (config-vlan) mode must be used to configure PVLANs.
■ Primary VLANs can have multiple isolated and community VLANs associated with it. An isolated or community VLAN can be associated with only one primary VLAN.
■ Private VLANs provide host isolation at Layer 2. However, hosts can communicate with each other at Layer 3.
■ PVLAN groups can have one isolated VLAN at most. Multiple isolated VLAN configurations per primary VLAN configurations are not supported.
■ When a secondary VLAN is associated with the primary VLAN, the STP parameters of the primary VLAN, such as bridge priorities, are propagated to the secondary VLAN. However, STP parameters do not necessarily propagate to other devices. You should manually check the STP configuration to ensure that the spanning tree topologies for the primary, isolated, and community VLANs match exactly so that the VLANs can properly share the same forwarding database.
■ For normal trunk ports, note the following:
¯ Separate instances of STP exist for each VLAN in the private VLAN.
¯ STP parameters for the primary and all secondary VLANs must match.
¯ Primary and all associated secondary VLANs should be in the same MST instance.
■ For non-trunking ports, STP is aware only of the primary VLAN for any private VLAN host port; STP runs only on the primary VLAN for all private VLAN ports.
Note: We recommend that you enable BPDU Guard on all ports that you configure as a host port; do not enable this feature on promiscuous ports.
■ PVLAN promiscuous trunk ports allow you to configure a maximum of 16 private VLAN primary and secondary VLAN pairs on each promiscuous trunk port.
■ For PVLAN isolated trunk ports, note the following:
¯ You can configure a maximum of 16 private VLAN primary and secondary VLAN pairs on each isolated trunk port.
¯ The native VLAN must be either a normal VLAN or a private VLAN secondary VLAN. You cannot configure a private VLAN primary port as the native VLAN for a private VLAN isolated trunk port.
■ Downgrading a system that has PVLAN ports configured to a release that does not support PVLAN requires unconfiguring the ports.
■ Before configuring a VLAN as a secondary VLAN, you must shut down the VLAN network interface for the secondary VLAN.
Follow these guidelines when configuring private VLAN ports:
■ Deleting a VLAN used in the PVLAN configuration causes PVLAN ports (promiscuous ports or host ports, not trunk ports) that are associated with the VLAN to become inactive.
■ Layer 2 access ports that are assigned to the VLANs that you configure as primary, isolated, or community VLANs are inactive while the VLAN is part of the PVLAN configuration. Layer 2 trunk interfaces, which may carry PVLANs, are active and remain part of the STP database.
■ Use only the PVLAN configuration commands to assign ports to primary, isolated, or community VLANs.
Consider these configuration limitations with other features when configuring PVLAN:
Note: In some cases, the configuration is accepted with no error messages, but the commands have no effect.
■ After configuring the association between the primary and secondary VLANs and deleting the association, all static MAC addresses that were created on the primary VLANs remain on the primary VLAN only.
■ After configuring the association between the primary and secondary VLANs:
¯ Static MAC addresses for the secondary VLANs cannot be created.
¯ Dynamic MAC addresses that learned the secondary VLANs are aged out.
■ Destination SPAN ports cannot be isolated ports. However, a source SPAN port can be an isolated port.
■ Ensure consistent PVLAN type, states, and configuration across vPC peers. There is currently no PVLAN consistency check for vPC. Inconsistent PVLAN configs across vPV peers may end up in incorrect forwarding and impacts.
■ In PVLANs, STP controls only the primary VLAN.
■ PVLAN host or promiscuous ports cannot be SPAN destination ports.
■ PVLAN ports can be configured as SPAN source ports.
■ vPC pairing between T2 and TH platforms is not recommended.
Note: See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide for information on configuring static MAC addresses.
This section lists configuration guidelines and limitations for the Cisco Nexus 2000 Series Fabric Extenders:
■ Post-routed flood is not supported.
■ The configuration is purged when:
o Straight-through FEXs are converted to dual-homed
o Dual-homed FEXs are converted to Straight-through.
■ Conversion from dual-homed FEX to straight-through or straight-through to dual-homed FEX requires a reload of the parent switch.
There are two cases for dual-home to straight-through conversion:
■ While the FEX is online: the FEX goes down as a dual-homed FEX on conversion and comes back up a straight-through FEX. The configuration is purged on bringup.
■ While the FEX is offline: the FEX goes down as a dual-homed FEX, then the no vpc id command is entered on the fabric port channel. No configuration purge takes place. In this scenario, default the configuration on FEX interfaces while toggling the mode from active-active to straight-through.
For more information, see the Cisco Nexus 2000 Series NX-OS Fabric Extender Configuration Guide for Cisco Nexus 9000 Series Switches, Release 7.x.
Unsupported Features
Notes regarding unsupported features:
■ Cisco Nexus 3232C and 3264Q Switches
■ Cisco Nexus 9200 and 9300-EX Series Switches
■ Cisco Nexus 9408 Line Card and 9300 Series Switches
■ Cisco Nexus 9732C-EX Line Card
■ DHCP
■ FEX
■ Other Unsupported Features
■ PVLAN
■ VXLAN
Cisco Nexus 3232C and 3264Q Switches
The following features are not supported for the Cisco Nexus 3232C and 3264Q switches:
■ 3264Q and 3232C platforms do not support the PXE boot of the NX-OS image from the loader.
■ Automatic negotiation support for 25-Gb and 50-Gb ports on the Cisco Nexus 3232C switch
■ Cisco Nexus 2000 Series Fabric Extenders (FEX)
■ Cisco NX-OS to ACI conversion (The Cisco Nexus 3232C and 3264Q switches operate only in Cisco NX-OS mode.)
■ DCBXP
■ Designated router delay
■ DHCP subnet broadcast is not supported
■ Due to a Poodle vulnerability, SSLv3 is no longer supported
■ FCoE NPV
■ Intelligent Traffic Director (ITD)
■ Enhanced ISSU. NOTE: Check the appropriate guide to determine which platforms support Enhanced ISSU.
■ MLD
■ NetFlow
■ PIM6
■ Policy-based routing (PBR)
■ Port loopback tests
■ Resilient hashing
■ SPAN on CPU as destination
■ Virtual port channel (vPC) peering between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 9300 platform switches or between Cisco Nexus 3232C or 3264Q switches and Cisco Nexus 3100 Series switches
■ VXLAN IGMP snooping
Cisco Nexus 9200 and 9300-EX Platform Switches
The following features are not supported for the Cisco Nexus 9200 platform switches and the Cisco Nexus 93108TC-EX and 93180YC-EX switches:
■ 64-bit ALPM routing mode
■ Cisco Nexus 9272PQ and Cisco Nexus 92160YC platforms do not support the PXE boot of the NXOS image from the loader.
■ ACL filters to span subinterface traffic on the parent interface
■ Egress port ACLs
■ Egress QoS policer or marking
■ FEX (supported for Cisco Nexus 9300-EX platform switches but not for Cisco Nexus 9200 platform switches.)
■ GRE v4 payload over v6 tunnels
■ Host to LPM spillover
■ IP length-based matches
■ IP-in-IP on Cisco Nexus 92160 switch
■ ISSU enhanced
■ Layer 2 Q-in-Q is supported only on Cisco Nexus 9300-EX platform switches (93108TC-EX and 93180YC-EX) and Cisco Nexus 9500 platform switches with the X9732C-EX line card.
■ MTU (Multi Transmission Unit) checks for packets received with an MPLS header
■ NetFlow
■ Packet-based statistics for traffic storm control (only byte-based statistics are supported)
■ PV routing for VXLAN
■ PVLANs (supported on Cisco Nexus 9300 and 9300-EX platform switches but not on Cisco Nexus 9200 platform switches)
■ Q-in-VNI is not supported on Cisco Nexus 9200 platform switches. Beginning with Cisco NX-OS Release 7.0(3)I5(1), Q-in-VNI is supported on Cisco Nexus 9300-EX platform switches.
■ Q-in-Q for VXLAN is not supported on Cisco Nexus 9200 and 9300-EX platform switches
■ Q-in-VNI is not supported on Cisco Nexus 9200 platform switches (supported on Cisco Nexus 9300-EX platform switches)
■ Resilient hashing for ECMP
■ Resilient hashing for port-channel
■ Rx SPAN for multicast if the SPAN source and destination are on the same slice and no forwarding interface is on the slice
■ SVI uplinks with Q-in-VNI are not supported with Cisco Nexus 9300-EX platform switches
■ Traffic storm control for copy-to-CPU packets
■ Traffic storm control with unknown multicast traffic
■ Tx SPAN for multicast, unknown multicast, and broadcast traffic
■ VACL redirects for TAP aggregation
Cisco Nexus 9500 Platform N9K-X9408PC-CFP2 Line Card and 9300 Platform Switches
The following features are not supported for the Cisco Nexus 9500 platform N9K-X9408PC-CFP2 line card and Cisco Nexus 9300 platform switches with generic expansion modules (N9K-M4PC-CFP2):
■ 802.3x
■ Breakout ports
■ FEX (this applies to the N9K-X9408PC-CFP2 and –EX switches, not all Cisco Nexus 9300 platform switches)
■ MCT (Multichassis EtherChannel Trunk)
■ NetFlow
■ Only support 40G flows
■ Port-channel (No LACP)
■ PFC/LLFC
■ PTP (Precision Time Protocol)
■ PVLAN (supported on Cisco Nexus 9300 platform switches)
■ Shaping support on 100g port is limited
■ SPAN destination/ERSPAN destination IP
■ Storm Control
■ vPC
■ VXLAN access port.
N9K-X9732C-EX Line Card
The following features are not supported for Cisco Nexus 9508 switches with an N9K-X9732C-EX line card:
■ FEX
■ IPv6 support for policy-based routing
■ LPM dual-host mode
■ SPAN port-channel destinations
■ TAP aggregation
DHCP
DHCP subnet broadcast is not supported.
FEX
■ Cisco Nexus 9300 platform switches do not support FEX on uplink modules (ALE).
■ FEX is supported only on the Cisco Nexus 9332PQ, 9372PX, 9372PX-E, 9396PX, 93180YC-EX, and 9500 platform switches (FEX is not supported on the N9K-X9732C-EX line card, and Cisco Nexus 9200 platforms).
■ FEX vPC is not supported between any model of FEX and the Cisco Nexus 9500 platform switches as the parent switches.
■ IPSG (IP Source Guard) is not supported on FEX ports.
■ VTEP connected to FEX host interface ports is not supported.
■ FEX Layer 3 is not supported on the Cisco Nexus 2348TQ-E fabric.
Other Unsupported Features
The following lists other features not supported in the current release:
■ Cisco Nexus 9300 platform switches do not support the 64-bit ALPM routing mode.
■ Due to a Poodle vulnerability, SSLv3 is no longer supported.
■ IPSG is not supported on the following:
¯ The last six 40-Gb physical ports on the Cisco Nexus 9372PX, 9372TX, and 9332PQ switches
¯ All 40G physical ports on the Cisco Nexus 9396PX, 9396TX, and 93128TX switches
PVLAN
This section lists PVLAN features that are not supported.
· PVLAN PO/VPC PO is not supported on Cisco Nexus N9K-X9632PC-QSFP100, N9K-X9432C-S.
This section lists VXLAN features that are not supported.
■ Consistency checkers are not supported for VXLAN tables.
■ DHCP snooping and DAI features are not supported on VXLAN VLANs.
■ IPv6 for VXLAN EVPN ESI MH is not supported.
■ Native VLANs for VXLAN are not supported. All traffic on VXLAN Layer 2 trunks needs to be tagged.
■ QoS buffer-boost is not applicable for VXLAN traffic.
■ QoS classification is not supported for VXLAN traffic in the network-to-host direction as ingress policy on uplink interface.
■ Static MAC pointing to remote VTEP (VXLAN Tunnel End Point) is not supported with BGP EVPN (Ethernet VPN).
■ TX SPAN (Switched Port Analyzer) for VXLAN traffic is not supported for the access-to-network direction.
■ VXLAN routing and VXLAN Bud Nodes features on the 3164Q platform are not supported.
VXLAN ACL Limitations
■ The following ACL related features are not supported:
■ Egress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the access-to-network direction (encapsulated path).
■ Ingress RACL that is applied on an uplink Layer 3 interface that matches on the inner or outer payload in the network-to-access direction (decapsulated path).
The entire Cisco Nexus 9000 Series NX-OS documentation set is available at the following URL:
https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/tsd-products-support-series-home.html
Cisco Nexus 9000 Series Software Upgrade and Downgrade Guide is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/upgrade/guide/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_7x.html
The Cisco Nexus 3164Q Switch - Read Me First is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3164/sw/6x/readme/b_Cisco_Nexus_3164Q_Switch_Read_Me_First.html
The Cisco Nexus 31128PQ Switch - Read Me First is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus31128/sw/readme/b_Cisco_Nexus_31128PQ_Switch_Read_Me_First.html
The Cisco Nexus 3232C/3264Q Switch - Read Me First is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3232and3264/sw/7x/readme/b_Cisco_Nexus_3232C_and_3264Q_Switch_Read_Me_First.html
The Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference is available at the following URL:
https://developer.cisco.com/site/nx-os/docs/n3k-n9k-api-ref/
The Cisco Nexus 9000 Series and Cisco Nexus 3000 Series FPGA/EPLD Upgrade Release Notes, Release 7.0(3)I7(1) is available at the following URL.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/epld_rn/guide/nxos_epldRN_703i71.html
The Cisco Nexus 9000 Series NX-OS Verified Scalability Guide, Release 7.0(3)I7(1) is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/scalability/guide_703I61/b_Cisco_Nexus_9000_Series_NX-OS_Verified_Scalability_Guide_703I71.html
The Cisco Nexus 9348GC-FXP NX-OS Mode Switch Hardware Installation Guide is available at the following URL:
http://www.cisco.com/c/en/us/td/docs//switches/datacenter/nexus9000/hw/n9348gcfxp_hig/guide/b_c9348gc-fxp_nxos_mode_hardware_install_guide.html
The Cisco Nexus 93108TC-FX NX-OS Mode Switch Hardware Installation Guide is available at the following URL:
https://www.cisco.com/c/en/us/td/docs//switches/datacenter/nexus9000/hw/n93108tcfx_hig/guide/b_c93108tc_fx_nxos_mode_hardware_install_guide.html
The Cisco Nexus 93108YC-FX NX-OS Mode Switch Hardware Installation Guide is available at the following URL:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/hw/n93180ycfx_hig/guide/b_n93180ycFX_nxos_hardware_installation_guide.html
To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com. We appreciate your feedback.
For information on obtaining documentation and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
https://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Open a service request online at:
https://tools.cisco.com/ServiceRequestTool/create/launch.do
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Nexus 9000 Series NX-OS Release Notes, Release 7.0(3)I7(1)
© 2017-2020 Cisco Systems, Inc. All rights reserved.