-
Schedule the upgrade when your network is stable and steady.
-
Avoid any power interruption, which could corrupt the software image, during the installation procedure.
-
On devices with dual supervisor modules, both supervisor modules must have connections on the console ports to maintain connectivity
when switchovers occur during a software upgrade. See the Hardware Installation Guide for your specific chassis.
-
Perform the installation on the active supervisor module, not the standby supervisor module.
-
The install all command is the recommended method for software upgrades because it performs configuration compatibility checks and BIOS upgrades
automatically. In contrast, changing the boot variables and reloading the device bypasses these checks and the BIOS upgrade
and therefore is not recommended.
Note
|
For Cisco Nexus 9500 platform switches with -R line cards, you must perform a write erase and reload the device to upgrade
from any release prior to Cisco NX-OS Release 7.0(3)F3(4). To upgrade from Cisco NX-OS Release 7.0(3)F3(4) or 9.2(x) to any
later release, we recommend that you use the install all command.
iCAM must be disabled before upgrading from Release 7.0(3)I7(1) → Release 9.2(x) or Release 9.3(x). Only Release 9.2(4) →
Release 9.3(1) can be performed if iCAM is enabled.
|
-
Detect a bad software image before performing an ISSU upgrade from an old release to a new release by checking the md5sum
after downloading the new image (with seg6).
-
When upgrading from Cisco Nexus 94xx, 95xx, and 96xx line cards to Cisco Nexus 9732C-EX line cards and their fabric modules,
upgrade the Cisco NX-OS software before inserting the line cards and fabric modules. Failure to do so can cause a diagnostic
failure on the line card and no TCAM space to be allocated. You must use the write_erase command followed by the reload command.
-
If you upgrade from a Cisco NX-OS release that supports the CoPP feature to a Cisco NX-OS release that supports the CoPP feature
with additional classes for new protocols, you must either run the setup utility using the setup command or use the copp profile command for the new CoPP classes to be available. For more information on these commands, see the "Configuring Control Plane
Policing" chapter in the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x.
-
For secure POAP, ensure that DHCP snooping is enabled and set firewall rules to block unintended or malicious DHCP servers.
For more information on POAP, see the Cisco Nexus 9000 Series Fundamentals Configuration Guide.
-
When you upgrade from an earlier release to a Cisco NX-OS release that supports switch profiles, you have the option to move
some of the running-configuration commands to a switch profile. For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.x.
-
When upgrading from Cisco NX-OS Release 9.2(4) or earlier releases to Cisco NX-OS Release 9.3(4) or later, running configuration
contains extra TCAM configuration lines. You can ignore these extra lines as they do not have an effect on the upgrade and
configuration.
-
By default, the software upgrade process is disruptive.
-
OpenFlow and LACP fast timer rate configurations are not supported for ISSU.
-
Guest Shell is disabled during an ISSU and reactivated after the upgrade.
-
ISSU supports only default hold timers for BGP peers.
-
During an ISSU on a Cisco Nexus 3164Q, 31128PQ, or 9300 platform switch, all First-Hop Redundancy Protocols (FHRPs) will cause
the other peer to become active if the node undergoing the ISSU is active.
-
Make sure that both vPC peers are in the same mode (regular mode or enhanced mode) before performing a nondisruptive upgrade.
Note
|
vPC peering between an enhanced ISSU mode (boot mode lxc) configured switch and a non-enhanced ISSU mode switch is not supported.
|
-
During an ISSU, the software reload process on the first vPC device locks its vPC peer device by using CFS messaging over
the vPC communications channel. Only one device at a time is upgraded. When the first device completes its upgrade, it unlocks
its peer device. The second device then performs the upgrade process, locking the first device as it does so. During the upgrade,
the two vPC devices temporarily run different releases of Cisco NX-OS; however, the system functions correctly because of
its backward compatibility support.
-
When redistributing static routes, Cisco NX-OS requires the default-information originate command to successfully redistribute the default static route starting in 7.0(3)I7(6).
-
ISSU is not supported when onePK is enabled. You can run the show feature | include onep command to verify that this feature is disabled before performing an ISSU or enhanced ISSU.
-
In general, ISSUs are supported for the following:
-
From a major release to any associated maintenance release.
-
From the last two maintenance releases to the next two major releases.
-
From an earlier maintenance release to the next two major releases.
- After performing ISSU on Cisco Nexus 9300 platform switches and the Cisco Nexus 3164Q switches, you may see the MTS_OPC_CLISH
message on the vPC peers. MTS_OPC_CLISH is the last MTS code that is sent from the back-end component to the VSH to specify
the end of the show command output.
If the user executes a show command that produces more output and keeps the session on for more than 3 minutes, the following
warning message may be displayed on the console. As a workaround, you can set the terminal length as 0 using the terminal length 0 command or the show <command> | no-more option.
--More--2018 Jun 5 19:11:21 Th-agg1 %$ VDC-1 %$ Jun 5 19:11:20 %KERN-2-SYSTEM_MSG: [12633.219113]
App vsh.bin on slot 1 vdc 1 SUP sap 64098(cli_api queue) did not drop MTS_OPC_CLISH with
msg_id 0x675ecf from sender sap 64132(NULL) in 180 sec, contact app owner - kernel
(config)# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 4801
Total number of (*,G) routes: 2400
Total number of (S,G) routes: 2400
Total number of (*,G-prefix) routes: 1
(*, 225.0.0.1/32), uptime: 00:09:32, igmp(1) pim(0) ip(0)
RPF-Source: 10.10.10.3 [11/110]
Data Created: No
VPC Flags
RPF-Source Forwarder
Stats: 15/720 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Ethernet1/1, RPF nbr: 12.0.0.2
LISP dest context id: 0 Outgoing interface list: (count: 1) (bridge-only: 0)
Vlan2001, uptime: 00:09:32, igmp (vpc-svi)
(60.60.60.2/32, 225.0.0.1/32), uptime: 00:09:31, ip(0) mrib(1) pim(0)
RPF-Source: 60.60.60.2 [20/110]
Data Created: Yes
VPC Flags
--More--2018 Jun 5 19:11:21 Th-agg1 %$ VDC-1 %$ Jun 5 19:11:20 %KERN-2-SYSTEM_MSG: [12633.219113] App vsh.bin on slot 1 vdc 1 SUP
sap 64098(cli_api queue) did not drop MTS_OPC_CLISH with msg_id 0x675ecf from sender sap 64132(NULL) in 180 sec,
contact app owner - kernel
There is no functionality impact or traffic loss due to this issue. All the MTS messages are drained once the show command
displays the complete output, the user enters CTRL+c, or the session gets closed.
-
Occasionally, while the switch is operationally Up and running, the Device not found logs are displayed on the console. These logs were disabled in releases prior to 9.2(1). This issue is observed because the
switch attempts to find an older ASIC version and the error messages for the PCI probe failure are enabled in the code. There
is no functionality impact or traffic loss due to this issue.
-
ISSU is not supported if EPLD is not at Cisco NX-OS Release 7.0(3)I3(1) or later.
-
Beginning with Cisco NX-OS Release 9.2(1), a simplified NX-OS numbering format is used for the platforms that are supported
in the release. In order to support a software upgrade from releases prior to Cisco NX-OS Release 7.0(3)I7(4) that have the
old release format, an installer feature supplies an I9(x) label as a suffix to the actual release during the install all operation. This label is printed as part of the image during the install operation from any release prior to Cisco NX-OS
Release 7.0(3)I7(4) to 9.2(x), and it can be ignored. See the following example.
switch# install all nxos bootflash:nxos.9.2.1.bin
Installer will perform compatibility check first. Please wait.
Installer is forced disruptive
Verifying image bootflash:/nxos.9.2.1.bin for boot variable "nxos".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Preparing "nxos" version info using image bootflash:/nxos.9.2.1.bin.
[####################] 100% -- SUCCESS
Preparing "bios" version info using image bootflash:/nxos.9.2.1.bin.
[####################] 100% -- SUCCESS
Performing module support checks.
[####################] 100% -- SUCCESS
Notifying services about system upgrade.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module bootable Impact Install-type Reason
------ -------- ------------ ------------ ------
1 yes disruptive reset Incompatible image for ISSU
Images will be upgraded according to following table:
Module Image Running-Version(pri:alt) New-Version Upg-Required
------ ------- -------------------------------------- -------------------- ------------
1 nxos 7.0(3)I7(3) 9.2(1)I9(1) yes
1 bios v05.31(05/17/2018):v05.26(11/06/2017) v05.31(05/17/2018) no
Switch will be reloaded for disruptive upgrade.
Do you want to continue with the installation (y/n)? [n] y
-
On performing a non-disruptive ISSU from Cisco NX-OS Release 7.0(3)I6(1) to any higher version, a traffic loss might occur
based on the number of VLANs configured. To avoid traffic loss, it is recommended to increase the routing protocol's graceful
restart timer to higher value. The recommended value of the graceful restart timer is 600 seconds. You can further increase
or decrease this value based on the scale of the configuration.
-
ISSUs are supported on the following platforms:
Note
|
An enhanced ISSU can be performed only from a Cisco NX-OS Release 7.0(3)I5(1) to a later image. The upgrade will be disruptive.
A non-disruptive standard ISSU is supported from Cisco NX-OS Release 7.0(3)I7(4), 7.0(3)I7(5), or 9.2(x) to a Cisco NX-OS
9.2(x) release. A non-disruptive enhanced ISSU to a Cisco NX-OS 9.2(x) release is not supported as there are kernel fixes
that cannot take effect without reloading the underlying kernel. The upgrade will be disruptive. For more information, see
the ISSU Support Matrix.
|
Series
|
Supported Platforms
|
Initial Release That Supports ISSU 1
|
Features Not Supported with ISSU2
|
Cisco Nexus 9200
|
Standard and enhanced ISSU: Cisco Nexus 9236C, 9272Q, 92160YC-X, 92300YC, and 92304QC
|
Standard ISSU: 7.0(3)I6(1)
Enhanced ISSU: 7.0(3)I7(3)
|
Segment routing, and Tetration
|
Cisco Nexus 9300
|
Standard and enhanced ISSU: Cisco Nexus 9332PQ, 9372PX, 9372PX-E, 9372TX, 9372TX-E, 9396PX, 9396TX, 93120TX, and 93128TX
Note
|
ISSU on one of these Cisco Nexus 9300 platform switches is supported when the switch is the spanning tree root. You can use
the show spanning-tree issu-impact command to verify if the switch meets this criteria.
|
|
Standard ISSU: 7.0(3)I3(1)
Enhanced ISSU: 7.0(3)I5(1)
|
Dual-homed FEX, segment routing, and VXLAN
Note
|
Straight-through FEX is supported on Cisco Nexus 9372PX and 9396PX switches starting with Cisco NX-OS Release 7.0(3)I4(1).
|
|
Cisco Nexus 9300-EX
|
Standard and enhanced ISSU: Cisco Nexus 93108TC-EX, 93180LC-EX, and 93180YC-EX
|
Standard ISSU for Cisco Nexus 93108TC-EX and 93180YC-EX: 7.0(3)I6(1)
Standard ISSU for Cisco Nexus 93180LC-EX: 7.0(3)I7(1)
Enhanced ISSU: 7.0(3)I7(3)
|
Straight-through and dual-homed FEX, segment routing, and Tetration
|
Cisco Nexus 9300-FX
|
Standard ISSU: None
Enhanced ISSU: None
|
|
|
Cisco Nexus 9500
|
Standard ISSU: Cisco Nexus 9504, 9508, and 9516 with 9432PQ, 9464PX, 9464TX, 9536PQ, 9564PX, 9564TX, or 9636PQ line cards,
dual supervisor modules, and a minimum of two system controllers and two fabric modules
Note
|
Cisco Nexus 9500 platform switches with -R, -EX, and -FX line cards do not support ISSU.
|
Enhanced ISSU: None
|
Standard ISSU: 7.0(3)I3(1)
|
Dual-homed FEX, segment routing, and VXLAN
Note
|
Straight-through FEX is supported on Cisco Nexus 9500 platform switches with a Cisco Nexus 9464PX or 9564PX line card starting
with Cisco NX-OS Release 7.0(3)I4(1).
|
|
Cisco Nexus 3000 that run Cisco Nexus 9000 NX-OS software
|
Standard ISSU: Cisco Nexus 3164Q, 31128PQ, 3132Q-V, 31108PC-V, 31108TC-V, 3232C, and 3264Q
Enhanced ISSU: 3164Q, 31128PQ, 3132Q-V, 31108PC-V, and 31108TC-V
|
Standard ISSU for Cisco Nexus 3164Q and 31128PQ: 7.0(3)I3(1)
Standard ISSU for 3132Q-V, 31108PC-V,31108TC-V, 3232C, and 3264Q: 7.0(3)I6(1)
Enhanced ISSU for 3164Q, 31128PQ, 3132Q-V, 31108PC-V, and 31108TC-V: 7.0(3)I5(1)
|
Segment routing, and VXLAN for Cisco Nexus 3164Q and 31128PQ
Segment routing for Cisco Nexus 3232C and 3264Q
|
-
Segment list configuration fails to apply after you cold boot upgrade from Cisco NX-OS 9.2x Releases. It is recommended to
upgrade using "install all" command.