Downloads |
Table Of Contents
Cisco NX-OS Release Notes, Release 4.0
IPv6 Routing Protocols—OSPFv3 and PIM ASM
Prestandard MST Interoperability
EIGRP Maximum Paths Default Change
QoS Maximum Policing Rate Increased
Layer 2 Switching, Layer 3 Routing, and IP Services
Open Caveats—Cisco NX-OS Release 4.0(4)
Resolved Caveats—Cisco NX-OS Release 4.0(4)
Resolved Caveats—Cisco NX-OS Release 4.0(3)
Resolved Caveats—Cisco NX-OS Release 4.0(2)
Resolved Caveats—Cisco NX-OS Release 4.0(1a)
Resolved Caveats—Cisco NX-OS Release 4.0(1)
Obtaining Documentation and Submitting a Service Request
Cisco NX-OS Release Notes, Release 4.0
Date: November 22, 2008Part Number: OL-16034-05 D0This document describes the features, caveats, and limitations for Cisco NX-OS software. Use this document in combination with documents listed in the "Related Documentation" section.
Note
Release notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of the Cisco NX-OS Release Notes: http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_0/nx-os/release/notes/401_nx-os_release_note.html
Note
Table 1 Online History Change
OL-16034-01
A0
April 1, 2008
Created release notes.
OL-16034-02
A0
April 21, 2008
Created release notes for Release 4.0(1a).
B0
April 24, 2008
Added CSCso92283 to the open caveats.
C0
April 25, 2008
Removed references to Data Center Network Manager (DCNM)
D0
May 7, 2008
Added CSCso84540 and CSCsq03175 to the open caveats.
E0
May 8, 2008
Removed CSCsq03175 from the open caveats,
OL-16034-03
A0
June 13, 2008
Created release notes for Release 4.0(2).
B0
June 16, 2008
Removed CoPP default policy assignment from the "Cisco NX-OS Release 4.0(2)" section.
C0
June 17, 2008
Added CoPP default policy assignment to the "Cisco NX-OS Release 4.0(2)" section.
D0
June 24, 2008
Added resolved caveat CSCsq60582.
OL-16034-04
A0
August 21, 2008
Created release notes for Release 4.0(3).
B0
August 22, 2008
Added CSCsq47196 to the open caveats, moved CSCsr56858 from the open caveats to the resolved caveats, and added CSCsr39659 to the resolved caveats.
C0
August 25, 2008
Added CSCsr30773 to the resolved caveats.
D0
August 29, 2008
Added CSCsr96589 to the open caveats.
E0
September 11, 2008
Added CSCsu41395 and CSCsu45752 to the open caveats.
OL-16034-05
A0
November 3, 2008
Created release notes for Release 4.0(4)
B0
November 7, 2008
Added CSCsv47908 to the open caveats.
C0
November 10, 2008
Added CSCsv49677 to the open caveats.
D0
November 22, 2008
Added CSCsv84522 to the open caveats.
Contents
This document includes the following sections:
•
Introduction
The Cisco NX-OS software is a data center-class operating system that is based on the Cisco SAN-OS software.
The Cisco NX-OS software fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) similar to Cisco IOS software.
System Requirements
This section includes the following topics:
Hardware Supported
Cisco NX-OS supports the Nexus 7000 Series 10-slot chassis. You can find detailed information about supported hardware in the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.
Memory Requirements
Cisco NX-OS requires 4 GB of memory.
New Software Features
This section briefly describes the new features introduced in the releases of the Cisco NX-OS software. For detailed information about the features listed, see the documents listed in the "Related Documentation" section. The "New and Changed Information" section in each of these books provides a detailed list of all new features and includes links to the feature description or new command.
This section includes the following topics:
Cisco NX-OS Release 4.0(3)
This section briefly describes the new features introduced in this release and includes the following topics:
•
•
IPv6 Routing Protocols—OSPFv3 and PIM ASM
Open Shortest Path First version 3 (OSPFv3) is a link-state protocol that uses Dijkstra's algorithm to find the shortest path to a destination. OSPFv3 is defined in IETF RFC 2740. OSPFv3 expands on OSPFv2 to provide support for IPv6 routing prefixes and the larger size of IPv6 addresses. OSPFv3 uses link-local IPv6 addresses for neighbor discovery and IPv6 for authentication.
Protocol Independent Multicast Any Source Multicast (PIM ASM) for IPv6 provides support for IPv6 addresses and is called PIM6.
Tunnels (GRE)
Cisco NX-OS supports Generic Route Encapsulation (GRE) tunnels.
Tunneling allows you to encapsulate arbitrary packets inside a transport protocol. This feature is implemented as a virtual interface to provide a simple interface for configuration. The tunnel interface provides the services necessary to implement any standard point-to-point encapsulation scheme.
VRRP
Virtual Routing Redundancy Protocol (VRRP) allows for a transparent failover at the first-hop IP router, by configuring a group of routers to share a virtual IP address. VRRP selects a master router in that group to handle all packets for the virtual IP address. The remaining routers are in standby and take over in the event that the master router fails.
SNMP Multiple Instances
Cisco NX-OS supports the CISCO-CONTEXT-MAPPING-MIB to map between Simple Network Management Protocol (SNMP) contexts and logical network entities. You can associate an SMNP context to a virtual routing and forwarding instance (VRF), protocol instance, or topology.
CMP Enhancements
The following enhancements to the Connectivity Management Processor (CMP) were added in Release 4.0(3):
•
•
•
–
–
–
–
–
Cisco NX-OS Release 4.0(2)
This section briefly describes the new features introduced in this release and includes the following topics:
•
•
Telnet IPv6 Support
You can use the telnet6 command to create Telnet sessions with IPv6 addressing.
CoPP Configuration Status
You can use the show copp status command to display the control plane policing (CoPP) configuration status information.
Prestandard MST Interoperability
Although the Cisco NX-OS software does not run prestandard Multiple Spanning Tree (MST), the NX-OS software allows an interface running MST to respond with a prestandard MST message if it receives a prestandard message from the device at the other end of a link. In Cisco NX-OS Release 4.0(2) and later releases, you can force the interface running MST to send prestandard, rather than standard, MST messages using the spanning-tree mst pre-standard command in interface configuration mode. This example shows how to enable prestandard MST interoperability:
switch# configure terminalswitch(config)# interface ethernet 2/1switch(config-if)# spanning-tree mst pre-standardEIGRP Maximum Paths Default Change
The default number of EIGRP maximum path changed to 8.
CoPP Default Policies
You can assign a different default CoPP policy using the setup command at the CLI prompt. Also, the CoPP default policies have the following changes:
•
•
•
Cisco NX-OS Release 4.0(1a)
This section briefly describes the new features introduced in this release and includes the following topics:
•
QoS Maximum Policing Rate Increased
The QoS maximum policing rate is increased to 80 Gbps.
Cisco NX-OS Release 4.0(1)
This release is the initial release of the Cisco NX-OS software and includes features in the following categories:
•
Software Compatibility
Cisco NX-OS Release 4.0(1) interoperates with Cisco products that run any variant of the Cisco IOS software operating system. Cisco NX-OS Release 4.0(1) also interoperates with any networking operating system that conforms to the networking standards listed as supported in the
Cisco NX-OS Fundamentals Configuration Guide, Release 4.0.This section includes the following topics:
•
Common Software Throughout the Data Center
The Cisco NX-OS software provides a unified operating system (OS) that is designed to run the data center network LAN and Layer 4 through Layer 7 network services. The NX-OS software integrates technologies such as Ethernet, Layer 4 through Layer 7 services (such as firewall services), and virtualization.
Modular Software Design
The Cisco NX-OS software supports distributed multithreaded processing on symmetric multiprocessors (SMPs), multi-core CPUs, and distributed module processors. Computationally intensive tasks, such as hardware table programming, can be offloaded to dedicated processors distributed across the modules. The Cisco NX-OS software creates modular processes on demand, each in a separate protected memory space. These processes are started and system resources allocated only when a feature is enabled. A real-time preemptive scheduler helps to ensure the timely processing of critical functions.
Virtual Device Contexts
The Cisco NX-OS software can segment OS and hardware resources into virtual contexts that emulate virtual devices. Each virtual device context (VDC) has its own software processes, dedicated hardware resources (interfaces), and an independent management environment. With VDCs, you can consolidate separate networks onto a common infrastructure, maintaining the administrative boundary separation and fault isolation characteristics of physically separate networks while providing many of the operational cost benefits of a single infrastructure. For more information, see the
Cisco NX-OS Virtual Device Context Configuration Guide, Release 4.0.Serviceability
The Cisco NX-OS software has serviceability functions that allow you take early action based on network trends and events. These features help with network planning and improving response times.
This section includes the following topics:
Switched Port Analyzer
The switched port analyzer (SPAN) feature allows you to analyze all traffic between ports (called the SPAN source ports) by nonintrusively directing the SPAN session traffic to a SPAN destination port that has an external analyzer attached to it. For more information about SPAN, see the Cisco NX-OS System Management Configuration Guide, Release 4.0.
Ethanalyzer
Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark for capturing and decoding packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic. For more information about Ethanalyzer, see the Cisco NX-OS Troubleshooting Guide, Release 4.0.
Call Home
The Call Home feature continuously monitors hardware and software components to provide e-mail-based notification of critical system events. A versatile range of message formats is available for optimal compatibility with pager services, standard e-mail, and XML-based automated parsing applications. It offers alert grouping capabilities and customizable destination profiles. This feature can be used, for example, to directly page a network support engineer, send an e-mail message to a networks operation center (NOC), and employ Cisco AutoNotify services to directly generate a case with the Cisco Technical Assistance Center (TAC). This feature enables networking devices to inform IT when a problem occurs and helps to ensure that the problem is acted on quickly, reducing the time for a resolution and maximizing the system uptime. For more information about Call Home, see the
Cisco NX-OS System Management Configuration Guide, Release 4.0.Online Diagnostics
The Cisco generic online diagnostics (GOLD) are a suite of diagnostic facilities to verify that hardware and internal data paths are operating as designed. Boot-time diagnostics, continuous monitoring, and on-demand and scheduled tests are part of the Cisco GOLD feature set. GOLD allows rapid fault isolation and continuous system monitoring. For information about configuring GOLD, see the
Cisco NX-OS System Management Configuration Guide, Release 4.0.Embedded Event Manager
The Embedded Event Manager (EEM) is a device management technology built into the Cisco NX-OS software. EEM allows you to customize the behavior of the device based on network events as they occur. For information about configuring EEM, see the Cisco NX-OS System Management Configuration Guide, Release 4.0.
NetFlow
The Cisco NX-OS NetFlow implementation supports version 5 and version 9 exports. It also supports the Flexible NetFlow configuration model and hardware-based Sampled NetFlow for enhanced scalability. For more information about NetFlow, see the Cisco NX-OS System Management Configuration Guide, Release 4.0.
Manageability
This section includes the following topics:
•
•
•
•
Simple Network Management Protocol
The Cisco NX-OS software is compliant with Simple Network Management Protocol (SNMP) version 1, version 2, and version 3. A rich collection of Management Information Bases (MIBs) is supported. For more information about SNMP, see the
Cisco NX-OS System Management Configuration Guide, Release 4.0.Configuration Verification and Rollback
With the Cisco NX-OS software, you can verify the consistency of a configuration and the availability of necessary hardware resources prior to committing the configuration. You can preconfigure a device and apply the verified configuration at a later time. Configurations also include checkpoints that allow you to roll back to a known good configuration as needed. For more information about rollbacks, see the Cisco NX-OS System Management Configuration Guide, Release 4.0.
Role-Based Access Control
With role-based access control (RBAC), the Cisco NX-OS software enables you to limit access to device operations by assigning roles to users. You can customize access and restrict it to the users who require it. For more information about RBAC, see the Cisco NX-OS Security Configuration Guide, Release 4.0.
Connectivity Management Processor
The Cisco NX-OS software supports the use of a Connectivity Management Processor (CMP) for lights-out remote platform management. The CMP provides an out-of-band access channel to the device console. For more information about CMP, see the Cisco Nexus 7000 Series Connectivity Management Processor Configuration Guide.
Cisco NX-OS Device Configuration Methods
You can configure NX-OS features on your device using the following methods:
•
•
Layer 2 Switching, Layer 3 Routing, and IP Services
This section includes the following topics:
•
Ethernet Switching
The Cisco NX-OS software supports high-density, high-performance Ethernet systems and provides the following data center-class Ethernet switching features:
•
•
•
•
•
•
•
•
Spanning Tree Protocol enables transparent upgrades using in-service software upgrades (ISSUs) in Spanning Tree Protocol environments, Bridge Protocol Data Unit (BPDU) guard, loop guard, root guard, BPDU filters, bridge assurance, and jumbo frame support.
For more information, see the Cisco NX-OS Interfaces Configuration Guide, Release 4. 0 and the
Cisco NX-OS Layer 2 Switching Configuration Guide, Release 4.0.IP Unicast Routing
The Cisco NX-OS software supports IP versions 4 and 6 (IPv4 and IPv6) and the following routing protocols:
•
•
•
•
•
The implementations of these protocols are fully compliant with the latest standards and include 4-byte autonomous system numbers (ASNs) and incremental Shortest Path First (SPF). All unicast protocols support Non-Stop Forwarding Graceful Restart (NSF-GR). All protocols support all interface types, including Ethernet interfaces, switched virtual interfaces (VLAN interfaces) and subinterfaces, port channels, tunnel interfaces, and loopback interfaces. For more information, see the Cisco NX-OS Unicast Routing Configuration Guide, Release 4.0.
Layer 3 and Layer 2 Multicast
The Cisco NX-OS software includes the following multicast protocols and functions:
•
–
–
Note
–
•
•
•
•
•
•
•
•
All protocols support all interface types, including Ethernet interfaces, switched virtual interfaces (VLAN interfaces) and subinterfaces, port channels, tunnel interfaces, and loopback interfaces.
For more information, see the Cisco NX-OS Multicast Routing Configuration Guide, Release 4.0.
IP Services
The following IP services are available in the Cisco NX-OS software:
•
All routing protocols and IP services are VRF aware.
•
•
•
•
•
•
For more information about the IP services, see the Cisco NX-OS Unicast Routing Configuration Guide, Release 4.0.
The Cisco NX-OS software also supports Unicast Reverse Path Forwarding (Unicast RPF).
For more information about Unicast RPF, see the
Cisco NX-OS Security Configuration Guide, Release 4.0.Quality of Service
The Cisco NX-OS software provides Quality of Service (QoS) functions for classification, marking, queuing, policing, and scheduling. The Modular QoS CLI (MQC) supports all QoS features. You can use MQC to uniformly configure QoS across various Cisco platforms. For more information, see the
Cisco NX-OS Quality of Service Configuration Guide, Release 4.0.Network Security
Note
This section includes the following topics:
•
Cisco TrustSec
The Cisco TrustSec security feature provides data confidentiality and integrity and supports standard IEEE 802.1AE link-layer cryptography with 128-bit Advanced Encryption Standard (AES) cryptography. Link-layer cryptography guarantees end-to-end data privacy while allowing the insertion of security service devices along the encrypted path. Security-group access control lists (SGACLs) are based on security group tags instead of IP addresses, which enables policies that are more concise and easier to manage due to their topology independence. For more information, see the Cisco NX-OS Security Configuration Guide, Release 4.0.
Additional Network Security Features
In addition to Cisco TrustSec, the Cisco NX-OS software includes the following security features:
•
•
•
•
•
•
•
•
•
•
•
For more information about the above features, see the Cisco NX-OS Security Configuration Guide, Release 4.0.
The Cisco NX-OS software also supports SNMP Version 3 (SNMPv3)
For more information about SNMPv3, see the Cisco NX-OS System Management Configuration Guide, Release 4.0.
Licensing
The Cisco NX-OS licensing feature allows you to access premium features on the device after you install the appropriate license for that feature. Any feature not included in a license package is bundled with the Cisco NX-OS software and is provided to you at no extra charge.
You must purchase and install a license for each device.
Note
For detailed information about the features that require licensing and NX-OS license installation, see the Cisco NX-OS Licensing Guide, Release 4.0.
For information about troubleshooting licensing issues, see the Cisco NX-OS Troubleshooting Guide, Release 4.0.
Limitations
This section describes the limitations in Cisco NX-OS Release 4.0.
This section includes the following topics:
Cisco TrustSec
The Cisco NX-OS Release 4.0(2) and earlier releases do not fully support the following commands:
•
•
•
•
•
•
•
SNMP MIB Traps
Cisco NX-OS Release 4.0(2) and earlier releases support only SNMP MIBs and traps for the default VRF of the first instance of the Layer 3 protocol.
Control Plane Policing
Cisco NX-OS Release 4.0(2) and earlier releases do not support egress policing on VLAN interfaces.
Tunnel Interfaces and VRFs
Cisco NX-OS Release 4.0(3) and earlier releases do not support assigning tunnel interfaces to nondefault Virtual Routing and Forwarding instances (VRFs).
VLANs
The Cisco Nexus series 7000 device can scale a maximum of 4000 VLANs across the entire system. These VLANs can be configured in single VDC or across multiple VDCs. If the total number of VLANs configured on the device across all VDCs exceeds 4000, there are known issues with multiple modules.
Caveats
This section includes the following topics:
•
•
•
•
•
•
Open Caveats—Cisco NX-OS Release 4.0(4)
•
Symptom: A maximum of 60 concurrent SSH and Telnet sessions are supported.
Conditions: If more than 60 concurrent SSH and Telnet sessions are attempted, the results are unpredictable.
Workaround: No workaround.
•
Symptom: A maximum of 200 VRFs are supported.
Conditions: If more than 200 VRFs are configured, the results are unpredictable.
Workaround: No workaround.
•
Symptom: ACL logging does not occur for packets matched by software ACL processing.
Conditions: Packets processed in the software are not logged when they match an ACL with logging enabled.
Workaround: No workaround.
•
Symptom: QoS match-all criteria is not supported.
Conditions: When you configure match all for a QoS class map using the class-map type qos match-all command, the match-all option does not work. Instead, the match criteria is always treated as match any.
Workaround: No workaround.
•
Symptom: Record-route does not work correctly when Policy Based Routing (PBR) is configured.
Conditions: Any IP traffic redirected due to PBR is not sent to the supervisor module. As a result, record-route does not work for packets redirected due to PBR.
Workaround: No workaround.
•
Symptom: Adjacency statistics reset after a supervisor module switchover.
Conditions: The counter values in the output of show ip adjacency {statistics | detail} command are cleared after a supervisor module switchover.
Workaround: No workaround.
•
Symptom: QoS statistics require a policing action in order for marking actions to produce statistics.
Conditions: When you define a QoS service policy with only marking actions, the statistics do not work. The statistics features works only when the service policy has a policing action defined also.
Workaround: You can get statistics for marking only policy by applying a dummy policing action to the policies. For example, in addition to the marking actions, you should define a policing action that permits 100 percent traffic. Configure the violate and conform action as transmit.
•
Symptom: The on-demand diagnostics for the port loopback test are not supported on the 32-port 10-Gbps Ethernet modules.
Conditions: The show diagnostic result module command output indicates untested (U) for the 32-port 10-Gbps Ethernet modules after on-demand diagnostic testing of the port loopback feature with the diagnostic start module command.
Workaround: No workaround.
•
Symptom: An interface is disabled when more than 50,000 port-VLAN instances go down at the same time.
Conditions: When more than 50,000 port-VLAN instances go down at the same time, the interface times out and becomes disabled. The following system message displays:
%$ VDC-1 %$ %ETHPORT-2-SEQ_TIMEOUT: Component MTS_SAP_L2FM timed out on response to opcode:MTS_OPC_ETHPM_PORT_LOGICAL_CLEANUP (for:RID_PORT: Ethernet9/46)Workaround: No workaround. This message is not seen when less than 500,000 Port-VLAN instances go down.
•
Symptom: Logging to an external syslog server using an IPv6 address does not work.
Conditions: If you configure IPv6 addresses for an external syslog server, then logging does not work for the server.
Workaround: No workaround.
•
Symptom: Removing the management IP and VRF configuration with the write erase boot command does not work.
Conditions: The write erase boot command does not remove the management IP and VRF configuration.
Workaround: To erase the management IP or VRF configuration, use the following command sequence:
1.
2.
•
Symptom: A checkpoint creation or rollback operation can fail when an in-service software upgrade (ISSU) is in progress.
Conditions: If you roll back the configuration or create a checkpoint while an ISSU is in progress, then the rollback or checkpoint creation operation can fail.
Workaround: Avoid performing a checkpoint creation or rollback operation at the same time while an ISSU is in progress. Instead, perform the checkpoint creation or rollback operation after the ISSU is complete.
•
Symptom: One checkpoint is missing after a supervisor module switchover.
Conditions: If the ascii-cfg-server process restarts or if the active supervisor module switches over to the standby supervisor module while a checkpoint operation is in progress, then the checkpoint operation may not complete.
Workaround: Recreate the checkpoint after a supervisor module switchover if the checkpoint is missing.
•
Symptom: CoPP crashes with large policy maps.
Conditions: CoPP crashes if you attach more than 300 classes to the policy map.
Workaround: Reduce the number of classes attached to the CoPP policy map.
•
Symptom: There is no warning that configuration changes are not saved.
Conditions: Under the following conditions, the device does not warn you about unsaved changes:
–
–
Workaround: No workaround.
•
Symptom: Address Resolution Protocol (ARP) ACLs are not supported on private VLANs.
Conditions: If you configure an ARP ACL on a primary VLAN using the ip arp inspection filter vlan-id command, it is not propagated to the secondary VLAN.
Workaround: No workaround.
•
Symptom: The "use burn-in address (BIA)" feature for HSRP is not automatically applied to the main interface and all subinterfaces.
Conditions: If you configure HSRP to use the BIA for an interface or subinterface using the hsrp use-bia command, the configuration is only applied to that interface or subinterface. The configuration is not, then, also applied to the main interface and all subinterfaces.
Workaround: Manually enter the hsrp use-bia command for all the interfaces and subinterfaces on which it is required.
•
Symptom: The device name does not display with the login prompt.
Conditions: If you configure a device name using the switchname command, the name does not display at the login prompt on the standby.
Workaround: If a supervisor module switchover occurs, the device name can be restored on the new active supervisor module by reentering the switchname command.
•
Symptom: If you open the ejector levers on the supervisor and reload the chassis, the supervisor module attempts to come up and as the ejector levers are detected as open, the system reloads the supervisor module again. This situation results in the standby supervisor module going through repeated reboot cycles.
Conditions: This symptom occurs when you attempt to reload the chassis with the supervisor module still seated but with the ejector levers open.
Workaround: Ensure that you either completely remove the supervisor module from the chassis or insert the supervisor module completely into the chassis and close the ejector levers before you reload the chassis.
•
Symptom: IGMP reports received on a VLAN interface cannot be policed with CoPP.
Conditions: IGMP reports and queries received on a VLAN interface are not subjected to control plane policing. The packets can only be rate limited using the receive rate limiter.
Workaround: Configure the platform rate-limit receive to rate limit IGMP packets received on VLAN interfaces.
Note
•
Symptom: If significant traffic triggers ICMP redirects, it can cause the loss of OSPF adjacency.
Conditions: ICMP redirect is enabled by default on all Layer 3 interfaces. If enough traffic is present to trigger ICMP redirects, it can affect OSPF control traffic. If OSPF packets are dropped because data packets are being copied to the supervisor module for ICMP redirect, it can lead to OSPF adjacency loss.
Workaround: Disable ICMP redirect on Layer 3 interfaces by using the no ip redirects command in interface configuration mode.
•
Symptom: No binding entries are created for VLAN 1 when you enable DHCP snooping on a trunk interface with multiple VLANs.
Conditions: After you enable DHCP snooping on a trunk interface that has multiple VLANs, the NX-OS software creates binding entries for all VLANs except VLAN 1.
Workaround: Do not use VLAN 1 as a trunking VLAN.
•
Symptom: The device does not apply the shutdown process for following OSPF and OSPFv3 commands: the shutdown command in the router configuration mode and the ip ospf/ospf3 shutdown command in the interface configuration mode.
Conditions: This situation occurs under all conditions.
Workaround: Enter the no form of the command and then reenter the shutdown command.
•
Symptom: A VRF remains in the Admin Down pending state after a VRF shutdown and supervisor module switchover.
Conditions: If you perform a supervisor module switchover immediately after shutting down a VRF, the VRF remains in the Admin down pending state.
Workaround: Wait from 5 to 10 seconds after shutting down the VRF before you perform a supervisor module switchover.
•
Symptom: Configuring Equal Cost Multipath Protocol (ECMP) load sharing may cause some packets to be duplicated in some exceptions.
Conditions: Packets that are sent to the software because of the same interface exception may be forwarded in both the hardware and software.
Workaround: No workaround.
•
Symptom: With more than 1,000 interfaces or subinterfaces in the startup configuration, the device may fail.
Conditions: If you are running an extremely large startup configuration, such as more than 1,000 interfaces or subinterfaces, the configuration server may exhaust its memory and fail.
Workaround: No workaround.
•
Symptom: The IP EIGRP topology table does not show the next hop after changing the delay.
Conditions: After you change the delay and enter the show ip eigrp topology command, the next hop information displayed is incorrect.
Workaround: No workaround.
•
Symptom: Changing the LACP hello timers from normal to fast or from fast to normal may not work.
Conditions: This symptom can occur in all conditions.
Workaround: Configure the port channels in on mode, rather than using LACP.
•
Symptom: A rollback does not work correctly if the NetFlow record is modified.
Conditions: If a NetFlow record is modified during a rollback, the rollback does not work properly.
Workaround: If you are using a rollback, create a different NetFlow record.
•
Symptom: The tunnel interface is not detected when you are processing an SNMP MIB walk.
Conditions: This situation occurs under all conditions and does not affect functionality.
Workaround: No workaround.
•
Symptom: When you enter the show interface tunnel number command, the device displays the operational state of the tunnel as up when that tunnel source interface is down.
Conditions: This situation occurs under all conditions.
Workaround: Enter the no shutdown command on the tunnel source interface to bring it up or configure another interface as the tunnel source.
•
Symptom: The show blink function that displays the blink/beacon status for all devices is not available.
Conditions: This symptom exists under all conditions.
Workaround: No workaround.
•
Symptom: NX-OS supports only prefix length; it does not support wildcard masks that have a 0 bit anywhere after the first 1 bit. You cannot have an ACL that offers the same granularity as Cisco IOS ACL provides.
Conditions: This symptom occurs under all conditions.
Workaround: No workaround.
•
Symptom: The clear counters command does not clear the counters for tunnel interfaces.
Conditions: This situation occurs under all conditions.
Workaround: No workaround.
•
Symptom: When tracking a Layer 2 interface using Virtual Router Redundancy Protocol (VRRP), the VR priority is not correctly updated.
Conditions: When you configure VRRP to track a Layer 2 interface, the VR priority is not updated correctly to reflect the state of the interface.
Workaround: Enter the shutdown and no shutdown commands for the specified interfaces.
•
Symptom: You cannot work with EIGRP multi-instance MIBs without defining the SNMP context.
Conditions: This symptom occurs when you are running more than one instance of EIGRP on a single device or operating an EIGRP process in a nondefault VRF.
Workaround: Create an SNMP context on the switch by entering the snmp-server context context-name instance instance-name vrf vrf-name topology topology-name command. When you are using SNMPv3, supply the context name in the walk command; when you are using SNMPv2, supply the community string in the walk command, map the community string on the device, and enter the snmp-server mib community-map community-string context context-name command.
•
Symptom: The Nexus 7000 Series device scales up to a maximum of 4000 VLANs across the entire system. These VLANs can be configured in single VDCs or across multiple VDCs. Problems can occur with multiple modules if the total number of VLANs configured on the device across all VDCs exceeds 4000.
Conditions: This symptom can occur in all conditions.
Workaround: Restrict the total number of VLANs configured on the device to be fewer than 4000.
•
Symptom: After you upgrade to Release 4.0(4) from a previous release and you enter the show eltm table command from a module, the display may not show output for the module.
Conditions: This symptom can occur in all conditions.
Workaround: Run the command from the supervisor module.
•
Symptom: When you move a tunnel source interface to another VDC, the device should bring that tunnel interface down, but it is still up.
Conditions: This situation occurs whenever you move a tunnel interface to another VDC.
Workaround: Enter the shutdown command to bring the tunnel interface down manually or configure another interface as the tunnel source interface.
•
Symptom: When the device restarts the Netstack process, some IPV6 multicast protocols, such as OSPFv3, do not receive protocol packets.
Conditions: After the device restarts the Netstack process, those IPV6 multicast protocols that do not receive protocol packets do not establish neighbors.
Workaround: Restart the affected IPv6 multicast protocol.
•
Symptom: The device displays the CMP as operationally up, even when there is no cable connection to the CMP.
Conditions: The output for the show interface cmp-management command shows the interface as up, even when there is no cable connection to the CMP.
Workaround: No workaround.
•
Symptom: When you are saving the configuration in a nondefault VDC using the show running-config startup-config command and you enter the show startup-config command in the default VDC, the device does not display the startup-config and returns the following error:
configuration change in progress
Conditions: If you enter the show startup-config command in the default VDC when there is an ongoing show running-config startup-config command in a nondefault VDC.Workaround: Reenter the show start-up config command after the copy command mentioned above completes.
•
Symptom: When two devices are connected using CTS, do not perform ISSU simultaneously on both switches.
Conditions: This symptom may occur in all conditions.
Workaround: Perform an ISSU on one device and wait for the process to complete. Then, perform an ISSU on the second device connected with CTS.
•
Symptom: No syslog message is sent when you insert either the standby supervisor or the fabric module.
Conditions: The device does not send a syslog message when you insert either the standby supervisor or the fabric module.
Workaround: Enter the show module command to check that the standby supervisor or the fabric module has been inserted.
•
Symptom: Ports may go into the error-disabled state when you apply a large ACL to a port channel with many interfaces and you reload the module with the interfaces.
Conditions: This situation may occur when you restart a module with a large ACL applied to a port channel with many interfaces on that module. When the module restarts, the ACL policies may not reach that module and cause the related ports to remain down and move into the error-disabled state.
Workaround: Manually bring up each port that is in the error-disabled state.
•
Symptom: After you reinitialize a module with port-channel subinterfaces that run Relay ACLs, the Relay ACL is removed from the port-channel interfaces.
Conditions: You enabled the Relay function on the device by entering the service dhcp command. The module is configured with subinterfaces on a port channel with active members. After you reinitialize the module, some of the port-channel member interfaces are moved to a different VDC. The Relay ACL is removed from the port channel and port channel-subinterface on that module.
Workaround: After you reinitialize a module with port-channel subinterfaces that run Relay ACLs, disable the Relay ACLs by entering the no service dhcp command and then reenable the Relay ACLs by entering the service dhcp command.
•
Symptom: When you enter the show ip arp vrf nondefault-vrf | last num command for a nondefault, VRF, the device does not return the shell prompt.
Conditions: When this situation occurs, you can press Ctrl- C to return the device to its normal state.
Workaround: Enter the show ip arp vrf nondefault-vrf | tail lines num command.
•
Symptom: When you are replaying ASCII configuration scripts in nondefault VDCs, various private-vlan configuration commands fail.
Conditions: When you replay ASCII configuration scripts in a nondefault VDC, the generated feature private-vlan command does not fall in the correct place. As a result, all other private-vlan commands fail.
Workaround: Manually move the feature private-vlan command to come after the other commands that enable features in your ASCII configuration script for nondefault VDCs.
•
Symptom: If you configure a minimum MTU value for path-mtu-discovery that is greater than the actual value discovered, the device does not fall back to the default value until the default ager times out in 10 minutes.
Conditions: If you configure a minimum MTU value for path-mtu-discovery that is greater than the actual value discovered. the device should immediately fall back to the default value. However, the device waits until the ager times out (the default is 10 minutes) before it falls back to the default minimum value.
Workaround: Enter the tunnel configuration mode, enter the no tunnel path-mtu-discovery command, and then enter the tunnel path-mtu-discovery min-mtu mtu-value to disable and then reenable the process, or you can wait for the ager to time out and the value will be reset.
•
Symptom: You may see high CPU utilization on the Nexus 7000 series device if the network is passing a lot of packets that require fragmentation or are hitting the TTL expiry time.
Conditions: The device sends packets that require fragmentation or are hitting the TTL expiry time to the supervisor to forward or generate ICMP errors. Rate limiters do not take effect for this traffic. The device sends these packets to the supervisor using the copy mechanism, and so the packets are limited only by the copy rate-limiter. A high rate of such traffic can increase CPU utilization.
Workaround: Configure the network so that the device does not receive a large number of these packets.
•
Symptom: If you configure a large number of port ACLS on a port-channel member, member port may be set to the error-disabled or suspended state.
Conditions: When you apply a large PACL policy for the first time, some of the affected port-channel members may be put into the error-disabled or suspended state during initialization. Note that ACL policies are applied only once during the first initialization and remain persistent in the hardware. Subsequent port initializations do not trigger the device to download policies to the hardware.
Workaround: To recover, enter the shutdown command and then enter the no shutdown command on the error-disabled or suspended ports from the Interface configuration mode.
•
Symptom: After you enable the path-mtu-discovery process, the device may fragment tunneled packets, which may lead to packet drops at the tunnel destination because of rate limiters.
Conditions: This situation occurs when the path MTU for two or more devices in the tunnel path are configured for a lower MTU than the tunnel destination MTU.
Workaround: Configure the tunnel interface MTU to be the lowest possible value and disable the path-mtu-discovery process.
•
Symptom: After you upgrade from the NX-OS Release 4.0.2 to the Release 4.0.3, the statistics for rate limiting may show incorrect values.
Conditions: After you upgrade from the NX-OS Release 4.0.2 to the Release 4.0.3 and enter the show hardware rate-limit command, the resulting display may show incorrect values.
Workaround: Enter the clear hardware rate-limit command after
