Cisco Nexus 9000 Series NX-OS Release Notes, Release 10.4(2)F

Available Languages

Download Options

  • PDF
    (892.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub
    (70.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)
    (149.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 14, 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (892.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub
    (70.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)
    (149.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 14, 2023
 

 

Introduction

The Cisco Nexus 9000 Series NX-OS Release Notes document describes the features, issues, and exceptions of Cisco NX-OS Release 10.4(2)F software for use on Cisco Nexus 9000 Series switches.

Note: The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.

Changes to this document:

Date

Description

August 5, 2024

Added CSCwi60493 to Resolved Issues.

December 14, 2023

Cisco NX-OS Release 10.4(2)F became available.

New and Enhanced Software Features

New Features

Product Impact

Feature

Description

Ease of Use

Class-E IP addressing support across all NX-OS features and functions

Beginning with Cisco NX-OS Release 10.4(2)F, if the IPv4 address space is exhausted, you can configure all NX-OS features using class E IP addresses.

See Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide, Release 10.4(x).

QoS Policy for default route

Beginning with Cisco NX-OS Release 10.4(2)F, a new ACE configuration, filter route-tag default-route, is introduced to enable the filtering of traffic for QoS classification when the traffic matches with the default route.

See Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.4(x).

Feature Set

VXLAN EVPN and TRM with IPv6 Multicast Underlay

Cisco NX-OS Release 10.4(2)F supports VXLAN EVPN and TRM with IPv6 Multicast Underlay. Hosts in the overlay can be IPv4 or IPv6. This feature requires IPv6 versions of the unicast routing protocols and utilizes IPv6 multicast in the underlay (PIMv6). Any multi-destination overlay traffic (such as TRM, BUM) can use the IPv6 multicast underlay.

See Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 10.4(x).

Traffic analytics support for NXOS and NDI

The Traffic Analytics feature allows for identification of services that are provided by servers behind a switch. This feature identifies server and client using TCP flags in a 3-way handshake to provide aggregated analytics data. The flow of TCP sessions is aggregated based on source IP address (SIP), destination IP address (DIP), source port (SP) for server to client traffic and SIP, DIP, destination port (DP) for client to server traffic.

See Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

NetFlow generation for MPLS traffic 

The Ingress NetFlow generation for MPLS traffic feature allows the Nexus switches to capture IPv4 or IPv6 flow information from MPLS packets and send the flow information to the collector. This feature is supported on Cisco Nexus 9300-FX, 9300-FX2, 9300-FX3, 9300-GX, 9300-GX2, and 9500-FX and GX switches.

See Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

Programmability

Multi interface support for ThousandEyes in CAF

Beginning with Cisco NX-OS Release 10.4(2)F, multi interface support is introduced for ThousandEyes Agent running on application hosting capabilities as the container. With the help of ThousandEyes Agent, you can have visibility into application experience with deep insights into the Internet, cloud providers, and enterprise networks.

See Cisco Nexus 9000 Series NX-OS Programmability Guide, Release 10.4(x).

DME support for IPSLA and NVE

DME support is now introduced for IPSLA CLIs and logging-level NVE CLIs.

See Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.4(x).

New OC Model (MACsec, MACsec types)

OpenConfig support is now introduced for MACsec statistics.

See Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.4(x).

The enhanced features listed below are existing features that are introduced in earlier releases, but enhanced to support new platforms in Cisco NX-OS Release 10.4(2)F.

Enhanced Features

Product Impact

Feature

Description

Licensing

Licensing support for N9K-C93400LD-H1 and N9K-C93108TC-FX3

Smart Licensing using Policy is now supported on the following switches: N9K-C93400LD-H1 and N9K-C93108TC-FX3.

See Cisco Nexus 9000 and 3000 Series NX-OS Smart Licensing Using Policy User Guide.

Ease of use

Dynamic MAC limit per VLAN support

The dynamic MAC limit per VLAN configuration feature is now supported on Cisco Nexus 9300 platform switches. This feature allows you to set the limit of dynamic MAC entries per VLAN to protect the control plane from MAC flood attacks.

See Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 10.4(x).

ARP cache limit per interface

From Cisco NX-OS Release 10.4(2)F, the ip arp cache intf-limit command allows you to configure the number of maximum ARP cache entries allowed per interface.

See Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide, Release 10.4(x).

Security

Flexible configuration of SSH to customize Ciphers, MACs, and Keytypes

From Cisco NX-OS Release 10.4(2)F, new CLI options are introduced to customize SSH cryptographic algorithms.

See Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.4(x).

MACsec rate counter support on 9300-FX3 platforms

Beginning with Cisco NX-OS Release 10.4(2)F, the MACsec Rate statistics and rate-related counters are supported on Cisco Nexus 9300-FX3 switches. You can use the show macsec secy statistics command to view the MACsec rate counters and rate-related OIDs in CISCO-SECY-EXT-MIB.

See Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.4(x).

BGP support for TCP Authentication Option  (TCP-AO)

The TCP Authentication Option (TCP AO) is now introduced to enhance the security of long-lived TCP connections using strong Message Authentication codes (MACs). You can use TCP AO to protect long-lived TCP connections against replays.

See Cisco Nexus 9000 Series NX-OS Security Configuration Guide and Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide, Release 10.4(x).

Ease of Setup/Deployment

Segment Routing ISSU

Nondisruptive ISSU is now supported for segment routing traffic engineering (SR-TE) features with BGP as underlay on Cisco Nexus 9300 and 92348GC-X platform switches. However, the following features are not supported:

  SR L2EVPN
  IS-IS and OSPF underlay
  vPC configuration with segment-routing
  Egress Peer engineering

See Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 10.4(x).

Support for ASIC SFP+ ports on N9K-C9408

ASIC SFP+ ports are now supported on N9K-C9408 switches.

See Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 10.4(x).

Feature Set

IPv6 Multicast support on 9800 platform

Beginning with Cisco NX-OS Release 10.4(2)F, IPv6 Multicast is supported on Cisco Nexus N9K-C9808 and 9804 switches.

See Cisco Nexus 9000 Series NX-OS Multicast Routing Configuration Guide, Release 10.4(x).

Ingress ACL Drop support for SPAN

From Cisco NX-OS Release 10.4(2)F, the SPAN on ACL drop feature, which allows mirroring of ACL dropped packets, is supported in the ingress direction for the ERSPAN source session on N9K-C9332D-H2R platform switch.

See Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

vPC(MLAG) parity for 'dci-advertise-pip' on 9300-GX

You can now use the dci-advertise-pip command to enable the advertisement of Type-2/Type-5 routes received from the site-internal network to the Data Center Interconnect (DCI) with next-hop as Proxy Information Protocol (PIP) of the vPC Border Gateway (BGW) on Cisco Nexus 9300-GX platform switches.

See Cisco Nexus 9000 Series NX-OS Verified Scalability Guide, Release 10.4(x).

Configuration Replace multiline support

The configuration replace feature is now supported for LDAP on Cisco NX-OS devices.

See Cisco Nexus 9000 Series NX-OS Security Configuration Guide and Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

SPAN and ERSPAN on port-channel interface on Silicon One platforms

From Cisco NX-OS Release 10.4(2)F, support for Layer 3 Port-channel interface is provided for SPAN and ERSPAN as follows:

  SPAN source is supported on 9808, and 9804 platform switches.
  ERSPAN source and destination are supported on 9804 and 9808 platform switches.

See Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

Support for HA on N9K-C9804

 

 

Dual-Supervisors support for High Availability is now provided on Cisco Nexus 9804 switches.

See Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide, Release 10.4(x).

PMN - L2 multicast Flow Visibility

Beginning from Cisco NX-OS Release 10.4(2)F, PMN supports Layer 2 port information along with Layer 3 port flow information.

See Cisco Nexus 9000 Series NX-OS IP Fabric for Media Solution Guide, Release 10.4(x).

Support for PTP Class C on N9K-C93400LD-H1

PTP Class C feature is now supported on N9K-C93400LD-H1 platform switch.

See Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

PTP G.8275.2 Telecom profile support

From Cisco NX-OS Release 10.4(2)F, PTP G.8275.2 Telecom profile is supported on Cisco Nexus 9300-FX3, 9332D-H2R, and 9408 platform switches.

See Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.4(x).

Scalability

Scale enhancements

For Cisco NX-OS Release 10.4(2)F Scale Enhancements, See Cisco Nexus 9000 Series NX-OS Verified Scalability Guide, Release 10.4(2)F.

Hardware Features

New Hardware Features

The following new hardware features are introduced in Cisco NX-OS Release 10.4(2)F.

N9K-C93400LD-H1

The Cisco Nexus 93400LD-H1 switch (N9K-C93400LD-H1) is a 1-RU fixed-port, L2/L3 switch, designed for deployment in data centers. This switch has 48 50G SFP56 ports, and 4 400G QSFP-DD uplink ports.

This switch includes the following user-replaceable components:

   Fan modules (5) with the following airflow choices:

o         Port-side intake airflow with burgundy coloring (NXA-SFAN-35CFM-PI)

o         Port-side exhaust airflow with blue coloring (NXA-SFAN-35CFM-PE)

   Power supply modules (two—One for operations and one for redundancy [1+1]) with the following choices (a mix of AC and DC power sources is only supported for hot swapping purposes, with a time limit of 15 minutes, but do not mix airflow directions) :

o         1400-W AC power supply with port-side intake airflow (burgundy coloring) (NXA-PAC-1400W-PI)

o         1400-W AC power supply with port-side exhaust airflow (blue coloring) (NXA-PAC-1400W-PE)

o         2000-W DC power supply with port-side intake airflow (burgundy coloring) (NXA-PDC-2KW-PI)

o         2000-W DC power supply with port-side exhaust airflow (blue coloring) (NXA-PDC-2KW-PE)

o         2000-W HVDC power supply with port-side intake airflow (burgundy coloring) (NXA-PHV-2KW-PI)

For details on Cisco Nexus 93400LD-H1 Switch, see Cisco Nexus  NX-OS Mode Switch Hardware Installation Guide.

N9K-C93108TC-FX3

The Cisco Nexus 93108TC-FX3 switch (N9K-C93108TC-FX3) is a 1-rack unit (RU), fixed-port switch designed for deployment in data centers.

This switch includes the following ports:

   Forty-eight 100M/1G/10GBASE-T ports (ports 1-48).

   Six 40/100-Gigabit ports QSFP28 (ports 49-54)

   Two management ports (one 10/100/1000BASE-T port and one SFP port)

   One console port (RS-232)

   One USB port

Note:      N9K-C93108TC-FX3 does not support 1G on QSA/QSA28 adaptor.

This switch includes the following user-replaceable components:

   Fan modules (4) with the following airflow choices:

o         Port-side exhaust fan module with blue coloring (NXA-SFAN-35CFM-PE)

o         Port-side intake fan module with burgundy coloring (NXA-SFAN-35CFM-PI)

   Power supply modules (two—One for operations and one for redundancy [1+1]) with the following choices:

o         500-W port-side intake AC power supply with burgundy coloring (NXA-PAC-500W-PI)

o         500-W port-side exhaust AC power supply with blue coloring (NXA-PAC-500W-PE)

o         1200-W port-side intake HVAC/HVDC dual-direction power supply with white coloring (N9K-PUV-1200W)

o         930-W port-side intake DC power supply with burgundy coloring (NXA-PDC-930W-PI)

o         930-W port-side exhaust DC power supply with blue coloring (NXA-PDC-930W-PE)

For details on Cisco Nexus 93108TC-FX3 Switch, see Cisco Nexus  NX-OS Mode Switch Hardware Installation Guide.

Enhanced Hardware Features

N9K- C93108TC-FX3P

The PSU enhancement for N9K- C93108TC-FX3P is as follows:

   715-W port-side intake DC power supply with blue coloring (NXA-PDC-715W-PI) 

N9K-C9348GC-FX3 and N9K-C9348GC-FX3PH

The PSU enhancements for N9K-C9348GC-FX3 and N9K-C9348GC-FX3PH are as follows:

   350-W PHV power supply with port-side intake airflow (burgundy coloring) (NXA-PHV-350W-PI)

   350-W PHV power supply with port-side exhaust airflow (blue coloring) (NXA-PHV-350W-PE)

   440-W DC power supply with port-side intake airflow (burgundy coloring) (NXA-PDC-440W-PI)

   440-W DC power supply with port-side exhaust airflow (blue coloring) (NXA-PDC-440W-PE)

QDD-400G-ZR and QDD-400G-ZRP-S

The QDD-400G-ZR and QDD-400G-ZRP-S optics support is provided on the following switches and line cards in 1x400 and 4x100 speed:

   93600CD-GX and 9316D-GX switches

   9508 and 9504 switches with X9716D-GX line cards

   9804 and 9808 switches with X98900CD-A and X9836DM-A line cards.

See Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 10.4(x).

For details on Cisco Nexus switch, see Cisco Nexus NX-OS Mode Switch Hardware Installation Guide.

For details about transceivers and cables that are supported on a switch, see the Transceiver Module (TMG) Compatibility Matrix.

Unsupported Features on N9K-C92348GC

Beginning with Cisco NX-OS Release 10.1(1), the following features are not supported on N9K-C92348GC:

   VXLAN

   SW/HW Telemetry

   NetFlow/Analytics

   iCAM

   PTP

   NX-SDK

   DME, Device YANG, OpenConfig YANG, gRPC, NETCONF, and RESTCONF

Note:      NXAPI CLI and XML Agent (NETCONF over SSH) are supported on this platform.

Release Image

In Cisco NX-OS Release 10.4(2)F, the following two 64-bit images are supported:

   The 64-bit Cisco NX-OS image filename with "nxos64-cs” as the prefix (for example, nxos64-cs.10.4.2.F.bin) is supported on all Cisco Nexus 9000 series switches except Cisco Nexus 9500 -R and -R2 switches and cards.

   The 64-bit Cisco NX-OS image filename with "nxos64-msll” as the prefix (for example, nxos64-msll.10.4.2.F.bin) is supported on Cisco Nexus 9000 -R and -R2 series modular switches.

The 32-bit image is no longer supported.

Open Issues

Bug ID                    

Description

CSCwf92752

Headline: Intermittent - Interface NVE is not created after disruptive upgrade from Cisco NX-OS Release 10.2.x to 10.4.x.

Symptoms: interface nve 1 is not created after a stateful upgrade to 10.4.x releases
long-Sumpin-4(config)# interface nve 1
                                 ^
Invalid interface format at '^' marker.
DME CC will also fail as shown below post upgrade:
# show consistency-checker dme running-config enhanced | no-more
DME consistency checker is locking the running config till it completes.
Getting snapshot of ascii config
Consistency Checking In Progress  ##             [ 10%]
Replaying ascii config....
Consistency Checking In Progress  #######  [ 89%]
generate consistency check report....
Consistency Checking In Progress  ######   [ 95%]
================
Extra config Mo(s) in DME database
=================
sys/eps/epId-1
sys/eps/epId-1/nws/vni-10193
sys/eps/epId-1/nws/vni-10602
sys/eps/epId-1/nws/vni-21063
. . .
CC_DME_RUNNING: Consistency Check: FAILED

Workarounds: Perform the following workaround:

1.     no feature nv overlay

2.     feature nv overlay

3.     Add back the interface NVE1 and all the configuration under interface NVE1.

CSCwf94140

Headline: RACL counters support along with Tunnels counters on Nexus 9800.

Symptoms: When multiple features are configured on scaled EOR setup, it fails to install the counters for all the features due to limited hardware resource for counter banks.

Workarounds: None.

CSCwh51363

Headline: After SSO LC is stuck in powered-dn after LC reload.

Symptoms: In N9K-9800 platform, image download to any line card fails. This is due to DHCP running on the SUP not being able to receive DHCP request from the line card. DHCPd on active sup fails to read the DHCP request from the socket and does not send back a DHCP response. This causes the line card to fail the image download. This issue can also happen after switchover, when the newly active sup completes switchover or DHCPd is restarted, the DHCPd can enter this failed state, and the line card reload can cause image download failure. This issue is not always seen, that is, DHCPd entering failure state is only seen a few times (for example, 2–3 times). There can be multiple reloads and 150 switchover with reloads and the issue may not be reproduced. This issue is rare and takes place during the reboot of the switch or during switchover.

Workarounds: Restart the DHCPd in active sup.
/etc/init.d/dhcp restart

CSCwh88500

Headline: HSRP - Duplicates packets received only for SVI 3999.

Symptoms: N-S traffic landing on SVI interface with VLAN ID 3999 routes and forwards the packets to egress port but other duplicate copies are forwarded from SUP to egress port.

Workarounds: Do not change the default reserved VLAN range.

CSCwh90159

Headline: After changing VLANs on sel-QinVNI port, tagged traffic MAC add is learned on native VLAN.

Symptoms: Tagged Layer 2 packets are sent continuously on interface/port-channel, and when the no switchport vlan mapping trigger is executed, MAC learning transiently happens on native VLAN.

Workarounds: Perform the following workaround:

1.     Remove the native VLAN from the allowed VLAN list.

2.     Shut the interface before applying the trigger.

CSCwi02546

Headline: ESG_SGACL: Not able to remove class-map policy-map and contract from dual stage with one commit.

Symptoms: Unable to remove class-map policy-map and contract in a single dual stage session commit due to multilevel dependency. Issue is only with Dual stage mode commit. Normal config mode is not impacted.

Workarounds: Use multiple commits.

CSCwi08584

Headline: 9300-FX2/SR/ISSU - permanent ucast traffic loss after ND-ISSU (bin2upg) on FX2 leaf.

Symptoms: Permanent unicast traffic drop after performing an ND-ISSU (bin2upg) with 10.4(2) Cisco.com image.

Workarounds: Remove STP configuration before performing the ND-ISSU. Then re-apply the STP configuration after the upgrade process is completed.

CSCwi30568

Headline: BGP should not install mixed-path flag for routes whose best path is a type-2 route.

Symptoms: ARP refresh is not being sent with a failure reason of subnetMismatch. This leads to a stale IP path in URIB during MAC-IP move. The stale IP path is seen in the old VTEP that the MAC-IP moved away from.

Workarounds: Perform shut/no shut svi interface on the old VTEP.

CSCwi37453

Headline: When configuring secondary IP on an interface, the no ip redirects command is not programmed correctly on ELTM.

Symptoms: When performing a secondary IP configuration, the switch indicates that ip redirects will be disabled for the interface. This is reflected in the output of the show run command, but not in the ELTM outputs.

Workarounds: Perform the following workaround:

1.     Remove the secondary IP from the relevant interface.

2.     Manually configure the no ip redirects command.

3.     Add the secondary IP to the interface.

CSCwi37698

Headline: vlan access-map name with > 31 chars for ERSPAN filter config/unconfig creates stale entry on interface.

Symptoms: Configure ERSPAN session with filter vlan access-map where vlan access-map is more than 31 characters. Then remove the same vlan access-map from the ERSPAN session. The filter still has the programming on the source interface of the ERSPAN session.

Workarounds: Configure a VLAN access-map name with less than or equal to 31 characters.

CSCwi39052

Headline: When trying to open or close the file using VIM -  E1187: Failed to source defaults.vim.

Symptoms: VIM ver 9.0: File access with VI or VIM results in missing dafaults.vim error. However, there is no operational problem.
# run bash sudo su
bash-4.4# pwd
/bootflash/home/admin
bash-4.4# cd /bootflash/
bash-4.4# vim test_220.py
E1187: Failed to source defaults.vim
Press ENTER or type command to continue

Workarounds: Create the .vim.rc file within your home directory by executing the following command:
touch $HOME/.vim.rc

CSCwi39232

Headline: The deny action is removed from the SGACL policy-map when no permit is configured.

Symptoms: Configuring no permit as the action under a class in a policy map of type security removes any existing deny action for the same class.

Workarounds: Use only positive commands deny or permit to change action for a class. Refrain from issuing no permit or no deny.

CSCwi42086

Headline: EOR - Mixed-Mode - Analytics flow records not exported if system monitor is applied before NetFlow.

Symptoms: In mixed-mode (Analytics+NetFlow) configuration the Analytics flow records are not getting exported to the collector. Both NetFlow and Analytics records are seen on the switch and netflow records do get exported to the collector. The issue is only with Analytics records.

Workarounds: Configure the v9 keyword for Analytics exporter for the collector destination. For example:
analytics
flow exporter an-exporter
  destination a.b.c.d v9

CSCwi44292

Headline: Pre-upgrade check on nxos64-msll images does not display the new version correctly during downgrade.

Symptoms: During downgrade from an impacted NXOS version to a previous version, pre-upgrade check displays the New BIOS version as blank in 10.4(2)F on the following impacted platforms:

  N9K-X96XX with N9K-X9636Q-R, N9K-X9636C-RX, N9K-X9624D-R2, N9K-X96136YC-R line cards

Workarounds: None.

CSCwi45695

Headline: During BIOS downgrade, N9K-X96XX modules may experience time-out.

Symptoms: BIOS downgrade for N9K-X96XX line card modules may report failure due to time-out.
Module 3: Refreshing compact flash and upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- FAIL.
Return code 0x40820011 (Job timedout).
CAUTION: The BIOS/loader/bootrom of above module may be in corrupted state. Please try programming it again.

Workarounds: If show install all impact ... indicates a lower BIOS version than the currently installed on the module, avoid using the bios-force flag during install operations.

Resolved Issues

Bug ID                    

Description

CSCvm52059

Headline: Nexus 9300 sends incorrect ARP/ADJ info to its vPC peer for host in non-vPC VLAN.

Symptoms: After ISSU upgrade from 8.0.1 to 8.2.1, newly created VRF's may not send IP traffic on the L3 VRF interface. The interface shows in an up/up state, ARP traffic goes through and completes successfully. IP traffic does not go out of the VRF interface. This issue can be seen by running a ping from switch to a destination IP in that VRF; ethanalyzer does not show packets generated for that ping.

Workarounds: Reloading switch to clear PSS corruption.

CSCvv35496

Headline: Nexus 9508 MACsec - interface stuck in Authorization pending state due to one-way traffic.
Symptoms: The N9508 with N9K-X9732C-EXM doesn't establish MACsec session on random ports with port status in Authorization pending. The interface on the switch shows TX counters but no RX counters increment because of which the session is stuck in Authorization pending.N9508# show int eth1/14Ethernet1/14 is down (Authorization pending).
Workarounds: Reload of the affected card may help to bring up the stuck sessions. If the ports again go back into Authorization pending state, replacing the line card may help to bring up affected MACsec sessions.

CSCvw16064

Headline: NX-OS to be conformed with RFC 5424 (NILVALUE for STRUCTURED-DATA and MSGID fields)

Symptoms: In all Cisco NX-OS versions, the implementation of syslog does not follow RFC 5424 leading to the following problems:

  Adding NILVALUE for STRUCTURED-DATA field as we don't have structured data currently in syslog messages.
RFC 5424:6.3.  STRUCTURED-DATA
In case of zero structured data elements, the STRUCTURED-DATA field must contain the NILVALUE.
  Adding NILVALUE for MSGID in the syslog header as this must be there if no data is available for MSGID.
For the rest fields like APP-NAME, PROCID NILVALUE is not mandatory.
Workarounds: None

CSCwd53591

Headline: Silent Reload due to watchdog timeout.
Symptoms: Silent reload due to watchdog timeout. The box gets reloaded without any traces/cores. System reset reason indicates watchdog timeout or CATERR.

Workarounds: None.

CSCwf17674

Headline: Nexus 9300-GX2 - Unexpected Reboot due to CSUSD HAP Reset.

Symptoms: Nexus 9300-GX2 switches may reboot unexpectedly due to csusd process crash and log entries are generated when this occurs.

Workarounds: None.

CSCwf61686

Headline: Headline: Nexus 9500: Configuring feature nv overlay breaks non-VXLAN VLAN Multicast across FM-G modules.

Symptoms: The following symptoms are seen:

  Multicast across Fabric Modules drops silently. Inter-VLAN and intra-VLAN multicast across FMs is affected.
  Only Multicast received on Trunk ports is affected. Ingress Layer 3 or access ports is not affected.
  Multicast flows where the Source and Receiver are connected to the same line card do not appear to be affected as they bypass the Fabric Modules.

Workarounds: Disable feature nv overlay, if possible. The ingress port can be changed to an Access, Layer 3, or Layer 3 Subinterface. Otherwise, install non FM-G Fabric Modules.

CSCwf94981

Headline: PBR hits CoPP l3uc/glean class.
Symptoms: PBR traffic gets accounted against the glean CoPP meter potentially affecting real glean traffic. The PBR functionality works as expected only meter accounting is impacted.
Workarounds: Configure a static ARP or ND entry for the destination IP address.

CSCwf95517

Headline: Continuous xbc check_oor_r4, r5, r7 interrupts are seen on 9300-FX platforms.
Symptoms: On N9K-C9504-B3-G running on Cisco NX-OS Release 10.2(4), this can be seen on all interfaces from FX and EX modules. When the counters are monitored for a few minutes, it is noticed that they stop randomly. When the switch does not update the counters, the user doesn't receive data in a timely manner.
Workarounds: None.

CSCwh01493

Headline: Cisco Nexus 9300-FX3/GX random-detect threshold burst-optimized is causing packet drop.

Symptoms: The random-detect threshold burst-optimized command configured under class type queuing c-out-8q-q-default is causing drops on the interface where this service policy is applied.
The random-detect threshold burst-optimized ecn configuration causes the same issue.

Workarounds: Remove the random-detect threshold burst-optimized configuration.

CSCwh02830

Headline: Manual power cycle required while upgrading NX-OS N9K-C9500 switch with SUP A+ HW rev 1.0.

Symptoms: While upgrading the N9K-9500 switch, the following symptoms occur:

Nexus 9500 chassis with single or dual SUP A+ HW rev 1.0

Upgrade of Sup or SC EPLD (Just NXOS upgrade will not trigger this issue.)

After the reload, the active SUP module does not boot up and gets stuck with no console output and a continuously blinking amber STS LED.

Workarounds: The workaround is as follows:

1.     Physically re-seat the module (cold power-cycle).

2.     Remove all power to the chassis to allow the SUP module to power up again.

CSCwh14712

Headline: Nexus C93240YC-FX2 - URIB core is observed when flapping interfaces continuously.
Symptoms: When flapping all the interface with a moderate scale or higher configuration (in this case, 50K routes), URIB is busy processing change events for a prolonged period of time and stops responding to heartbeat requests from sysmgr. If the processing exceeds the sysmgr heartbeat threshold, it is killed by sysmgr resulting in a core file.
Workarounds: Avoid configurations where many routes can be impacted by an interface flap.

CSCwh17302

Headline: HMM /32 vrf leaking is not working with maximum-paths mixed.

Symptoms: The following symptoms occur:

  Trying to leak a /32 prefix from source VRF-A to target VRF-B  on a pair of Nexus 9000 switches
  Source-vrf views the /32 prefix locally from HMM
  Target VRF does not leak the /32 prefix
  When searching for the /32 prefix on the RIB only less specific route is leaked (less specific prefix is coming redistribute-direct of  SVI subnet where /32 is attached)

Workarounds: Perform any one of the following options:

Option 1: Clearing the less specific prefix on the target vrf resolves the problem

Option 2: Remove <maximum-paths mixed> from the source VRF.

CSCwh17395

Headline: Evaluation for CVE-2023-38408 on standalone NXOS N9K.
Symptoms: This product includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:CVE-2023-38408 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408. The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.
Workarounds: None.

CSCwh22483

Headline: Nexus 9000 is not encapsulating properly MACsec traffic into VXLAN.

Symptoms: In the scenario where a MACsec packet's size exceeds 344 bytes and must be sent over a VXLAN fabric, it is encapsulated. However, if the information contained in the Total Length field in the IP header is not properly set, this behavior is also seen for the length field in the UDP datagram header.

Workarounds: None.

CSCwh30962

Headline: NXOS - BGP Graceful Restart Helper ignores BFD down event when TCP FIN received from restarting peer.
Symptoms: When IOS-XE has BGP and BFD peering with NXOS and ASR1K is reloaded, NXOS continues to send traffic to ASR1K for up to 2 minutes, though the expected behavior for NXOS is to re-converge to a different path sooner.
Workarounds: Shutdown BGP neighbor before reload.

CSCwh32362

Headline: 9732C-EXM crash when incorrect register read is given.
Symptoms: 9732C-EXM card may reload while collecting data.
Workarounds: Ensure the correct register is issued typing the show command.

CSCwh49061

Headline: VLAN Mapping: strict incompatibility during downgrade from 10.3.x to 9.3.x
Symptoms: VLAN Mapping commands must be removed when downgrade from 10.3.x to 9.3.x versions.
Workarounds: Remove switchport vlan mapping command and re-add after downgrade.

CSCwh50989

Headline: Custom CoPP causing transit traffic to be punted to the CPU on 9300-GX2.
Symptoms: Custom CoPP causing transit traffic to be punted to the CPU on 9300-GX/GX2 platforms.
Workarounds: Custom CoPP policy using src/dst match mitigates punt for transit traffic.

CSCwh51709

Headline: netif_queue EDMA hang on N9K-C9364D-GX2A does not reset system (GOLD test hangs)
Symptoms: Inband control-plane protocols go down. Control protocols such as CDP and OSPF fail. The diagnostic L2ACLRedirect test fails.
Workarounds: Reset the system.

CSCwh54194

Headline: Nexus 9000 MPLS VPN traffic dropped after changing L3 port to L2 and back to L3
Symptoms: MPLS VPN packets with explicit null transport label and VPN label are dropped on the Nexus 9000 layer 3 Ethernet interface. This problem has been seen on the Nexus 9300 FX3 and 9300-GX series.
Workarounds: Reload the device.

CSCwh55376

Headline: Guestshell release v2.15 - CVE-2023-38408 and other critical CVE fixes.
Symptoms: This product includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2023-38408 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408. The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.
Workarounds: None.

CSCwh56822

Headline: 9300-GX fails to punt DHCP discover to CPU
Symptoms: DHCP Discover not punted to CPU on 9300-GX - without relay / snoop config.DHCP server functionality is not supported.
Workarounds: None.

CSCwh65169

Headline: Nexus 9300 sends incorrect ARP/ADJ info to its vPC peer for host in non-vPC VLAN.

Symptoms: Traffic blackholing through vPC topology flowing through non-vPC VLAN carried on Layer 2 trunk between vPC peers destined to single-homed Layer 3 host connected to other vPC peers on Layer 2 port.

Workarounds: Configure user-defined MAC-address on SVI of non-vPC VLAN or configure static ARP for FW/L3_device in non-vPC VLAN.

CSCwh72780

Headline: ARP Fails due to SubnetMismatch with Direct NH not first.
Symptoms: ARP replies are not being processed by VXLAN leaf with a failure reason of subnet mismatch and is visible in the output of the show ip arp internal event-history errors command. ARP incomplete is seen on the ARP table (No interface/ELAM drops). ARP replies sent to other vPC peers is processed and ARP entry is created successfully.
Workarounds: Clear the subnet route. Remove maximum-paths mixed under the VRF that the subnet route is in.

CSCwh76275

Headline: Nexus 9364GX2A - Slice 0 discards Multicast traffic after RTP Flow Monitor is enabled.

Symptoms: Nexus 9364GX2A discards Multicast traffic after RTP Flow Monitor is enabled and continues to discard it even after RTP Flow Monitor is disabled.

Workarounds: Remove rtp config and then reload.

CSCwh84282

Headline: After reload of 93108TC-FX3P  random copper/RJ45 interfaces might not come up.

Symptoms: After reload of 93108TC-FX3P device some RJ45 interfaces might not come up. This can happen with any reload reason (power up/down, upgrade, SW reset, crash). The issue is related only to the front panel interfaces Ethernet 1/1-48 (MGMT port is not affected).

Workarounds: FPGA upgrade.

CSCwh88559

Headline: Unable to delete a VLAN access-map although access map is not used in any filter.

Symptoms: Customer is having an issue with VACL, where they cannot delete the access-map although access map is not used in any VLAN filter.

Workarounds: Perform the following workaround:

1.     Remove vlan filter.

2.     Remove first access-map.

3.     Add an empty dummy access-map.

4.     Remove the second access-map.

5.     Remove dummy access-map. Although this step shows failure, it removes the dummy access-map.

CSCwh88614

Headline: Evaluation of n9k-standalone-sw for HTTP/2 Rapid Reset Attack vulnerability.

Symptoms: This bug has been filed to evaluate the Cisco Nexus 3000 Series Switches and Nexus 9000 Series Switches in standalone NX-OS mode against the following HTTP/2 vulnerability disclosed on October 10, 2023: CVE-2023-44487 - HTTP/2 Rapid Reset
Cisco has reviewed this product and concluded that it is affected by this vulnerability. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ 

Workarounds: Customers who do not require NX-API to support the HTTP/2 protocol can disable that as follows:

1.     Connect to the device CLI.

2.     Important: Save all current NX-API configuration as this configuration will be lost during the following process: switch# show run | inc ^nxapi.

3.     Enable the Bash shell feature and connect to the Bash shell.
switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# feature bash-shell
switch(config)# run bash
bash-4.4$

4.     Create a backup of the NX-API configuration script.
bash-4.4$           sudo              cp                -p
/var/nginx/script/nginx_fe.conf.tpl
/var/nginx/script/nginx_fe.conf.tpl.orig

5.     Disable the HTTP/2 protocol in the NX-API configuration script and quit the Bash shell.
bash-4.4$ sudo sed -i 's/ http2//' /var/nginx/script/nginx_fe.conf.tpl
bash-4.4$ exit
exit

6.     (Optional) Disable the Bash shell feature if you do not need it.
switch(config)# no feature bash-shell

7.     Restart the NX-API feature.
switch(config)# no feature nxapi
switch(config)# feature nxapi

8.     Re-apply the configuration that you saved in step 2.
To re-enable the HTTP/2 protocol for the NX-API feature, follow the same procedure as above, but skip step 4 and in step 5 use the following command sequence instead of what is listed above:
bash-4.4$ sudo sed -i 's/ssl;/ssl http2;/' /var/nginx/script/nginx_fe.conf.tpl
bash-4.4$ exit
exit

CSCwh93115

Headline: N9K-C93600CD-GX - OIR of 2nd, 3rd or 4th port in quad with QSA28 causes all ports in the quad to flap.

Symptoms: For N9K-C93600CD-GX, port 1–24 are gearbox ports and every 4 port belongs to a quad (that is, port 1–4, 5–8, ..., 21-24). If you insert four ports in one quad with QSA (QSFP to SFP Adapter), removing of one port causes other ports to flap within the same quad. Shut/no shut port should be okay.

Workarounds: None.

CSCwh99225

Headline: N9K-93108TC-FX3P - Unicast Routing ECMP-0 for size 2 creation failed INVALID PARAM(0) is seen.
Symptoms: On N9K-C93108TC-FX3P, after continuous interfaces flap, the following error is reported:
%IPFIB-SLOT1-2-UFIB_MULTIPATH_EGRESS_CREATE: Unicast Routing ECMP-0 for size 2 creation failed INVALID PARAM(0) (message repeated 441 times)
If the links continue to flap, packet loss is observed. ELAM capture shows that the traffic is dropped due to MPLS_LOOKUP_MISS.
Workarounds: Reload the device.

CSCwi01617

Headline: Nexus 9000 RADIUS Authentication on 10.4.1 fails with passwords over 16 characters long.
Symptoms: The users that were previously able to authenticate with longer passwords fail to authenticate after moving to Cisco NX-OS 10.4 code. The issue does not appear to be present on Cisco NX-OS 10.1.1, 10.2.5, or 10.3.2 codes.
Workarounds: Authenticate users whose password is less than or equal to 16 characters long or change the password to avoid the length issue.

CSCwi24154

Headline: Nexus 9000 with feature netconf enabled opening backdoor.
Symptoms: Nexus 9000 switch running 10.3(2) with netconf feature enable is opening backdoor where switch can be nmap scanned and any IP can connect to open TCP port listed on bash-4.4$ netstat -tnap. (Not all processes can be identified, nonowned process info is not shown, you have to be root to see it all.)
Workarounds: Disable netconf feature enable.

CSCwi37259

Headline: CDP core at cdpd_obj_delete_intf_addr_runtime_data.

Symptoms: Nexus 9300 reloads due to CDP crash.

Workarounds: None.

CSCwi60493

Headline: Confirm if CVE-2023-48795 impacts Nexus 9000

Symptom:

This product includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2023-48795 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.

Security researchers at Ruhr University Bochum on 18 December 2023 disclosed a protocol level vulnerability which has been assigned a CVE ID of CVE-2023-48795 and was named 'Terrapin Attack'.

The NX-OS Software uses CiscoSSH which is derived from OpenSSH and could be vulnerable to CVE-2023-48795 but the Security Impact Rating (SIR) is Low because the security impact of this attack very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user authentication from proceeding. In addition:

       The attacker needs to be on a privileged position and be able to intercept and modify the SSH initial session setup packet exchange, and

       The SSH server must either (only one is enough)

 * Offer the chacha20-poly1305@openssh.com as an encryption algorithm or

 * Using an encryption algorithm in CBC mode *and* an -etm@openssh.com hashing algorithm

Workaround: If the above conditions are true, disabling the vulnerable combinations would be an effective workaround.

Device Hardware

The following tables list the Cisco Nexus 9000 Series hardware that Cisco NX-OS Release 10.4(2)F supports. For additional information about the supported hardware, see the Hardware Installation Guide for your Cisco Nexus 9000 Series device.

Table 1.                 Cisco Nexus 9800 Switches

Product ID                        

Description

N9K-C9808

16-RU modular switch with slots for up to 8 Line Cards in addition to 2 supervisors, 8 fabric modules, 4 fan trays, and 3 power trays.

N9K-C9804

4-RU modular switch with slots for up to 4 Line Cards in addition to 2 supervisors, 8 fabric modules, 4 fan trays, and 2 power trays.

Table 2.                 Cisco Nexus 9800 Series Line Cards

Product ID                        

Description

N9K-X9836DM-A

Cisco Nexus 9800 36-port 400G QSFP-DD Line Card with MACsec.

N9K-X98900CD-A

Cisco Nexus 9800 14-port 400G QSFP-DD + 34-port 100G QSFP28 Line Card.

Table 3.                 Cisco Nexus 9800 Series Fabric Modules

Product ID                        

Description

N9K-C9808-FM-A

Cisco Nexus 9800 Fabric Module for 8-slot Chassis

N9K-C9804-FM-A

Cisco Nexus 9800 Fabric Module for 4-slot Chassis

Table 4.                 Cisco Nexus 9800 Supervisor Module

Product ID                        

Description

N9K-C9800-SUP-A

Cisco Nexus 9800 Platform Supervisor Module

Table 5.                 Cisco Nexus 9800 Fans and Fan Trays

Product ID                        

Description

N9K-C9808-FAN-A

Cisco Nexus 9800 8-slot chassis fan tray (1st Generation)

N9K-C9804-FAN-A

Cisco Nexus 9800 4-slot chassis fan tray (1st Generation)

Table 6.                 Cisco Nexus 9800 Power Supplies

Product ID                        

Description

NXK-HV6.3KW20A-A

Cisco Nexus 9800 6,300W 20A AC and HV Power Supply

Table 7.                 Cisco Nexus 9500 Switches

Product ID                        

Description

N9K-C9504

7.1-RU modular switch with slots for up to 4 Line Cards in addition to two supervisors, 2 system controllers, 3 to 6 fabric modules, 3 fan trays, and up to 4 power supplies.

N9K-C9508

13-RU modular switch with slots for up to 8 Line Cards in addition to two supervisors, 2 system controllers, 3 to 6 fabric modules, 3 fan trays, and up to 8 power supplies.

N9K-C9516

21-RU modular switch with slots for up to 16 Line Cards in addition to two supervisors, 2 system controllers, 3 to 6 fabric modules, 3 fan trays, and up to 10 power supplies.

Table 8.                 Cisco Nexus 9500 Cloud Scale Line Cards

Product ID                        

Description

Maximum Quantity

Cisco Nexus
9504

Cisco Nexus
9508

Cisco Nexus
9516

N9K-X9716D-GX

Cisco Nexus 9500 16-port 400G QSFP-DD Line Card

4

8

N/A

N9K-X9736C-FX

Cisco Nexus 9500 36-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

16

N9K-X9788TC-FX

Cisco Nexus 9500 48-port 1/10-G BASE-T Ethernet and 4-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

16

N9K-X97160YC-EX

Cisco Nexus 9500 48-port 10/25-Gigabit Ethernet SFP28 and 4-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

16

N9K-X9732C-FX

Cisco Nexus 9500 32-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

16

N9K-X9732C-EX

Cisco Nexus 9500 32-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

16

N9K-X9736C-EX

Cisco Nexus 9500 36-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

16

Table 9.                 Cisco Nexus 9500 R-Series Line Cards

Product ID                        

Description

Maximum Quantity

Cisco Nexus 9504

Cisco Nexus 9508

N9K-X9636C-R

Cisco Nexus 9500 36-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

N9K-X9636C-RX

Cisco Nexus 9500 36-port 40/100 Gigabit Ethernet QSFP28 Line Card

4

8

N9K-X9636Q-R

Cisco Nexus 9500 36-port 40 Gigabit Ethernet QSFP Line Card

4

8

N9K-X96136YC-R

Cisco Nexus 9500 16-port 1/10 Gigabit, 32-port 10/25 Gigabit, and 4-port 40/100 Gigabit Ethernet Line Card

4

8

N9K-X9624D-R2

Cisco Nexus 9500 24-port 400 Gigabit QDD Line Card

Not supported

8

Table 10.             Cisco Nexus 9500 Cloud Scale Fabric Modules

Product ID                        

Description

Minimum

Maximum

N9K-C9504-FM-E

Cisco Nexus 9504 100-Gigabit cloud scale fabric module

4

5

N9K-C9504-FM-G

Cisco Nexus 9500 4-slot 1.6Tbps cloud scale fabric module

4

5

N9K-C9508-FM-E

Cisco Nexus 9508 100-Gigabit cloud scale fabric module

4

5

N9K-C9508-FM-E2

Cisco Nexus 9508 100-Gigabit cloud scale fabric module

4

5

N9K-C9508-FM-G

Cisco Nexus 9500 8-slot 1.6Tbps cloud-scale fabric module

4

5

N9K-C9516-FM-E2

Cisco Nexus 9516 100-Gigabit cloud scale fabric module

4

5

Table 11.             Cisco Nexus 9500 R-Series Fabric Modules

Product ID                        

Description

Minimum

Maximum

N9K-C9504-FM-R

Cisco Nexus 9504 100-Gigabit R-Series fabric module

4

6

N9K-C9508-FM-R

Cisco Nexus 9508 100-Gigabit R-Series fabric module

4

6

N9K-C9508-FM-R2

Cisco Nexus 9508 400-Gigabit R-Series fabric module

4

6

Table 12.             Cisco Nexus 9500 Supervisor Modules

Supervisor                        

Description

Quantity

N9K-SUP-A

1.8-GHz supervisor module with 4 cores, 4 threads, and 16 GB of memory

2

N9K-SUP-A+

1.8-GHz supervisor module with 4 cores, 8 threads, and 16 GB of memory

2

N9K-SUP-B

2.2-GHz supervisor module with 6 cores, 12 threads, and 24 GB of memory

2

N9K-SUP-B+

1.9-GHz supervisor module with 6 cores, 12 threads, and 32 GB of memory

2

Note:      N9K-SUP-A and N9K-SUP-A+ are not supported on Cisco Nexus 9504 and 9508 switches with -R Line Cards.

Table 13.             Cisco Nexus 9500 System Controller

Product ID                        

Description

Quantity

N9K-SC-A

Cisco Nexus 9500 Platform System Controller Module

2

Table 14.             Cisco Nexus 9500 Fans and Fan Trays

Product ID                        

Description

Quantity

N9K-C9504-FAN

Fan tray for 4-slot modular chassis

3

N9K-C9504-FAN2

Fan tray that supports the Cisco N9K-C9504-FM-G fabric module

3

N9K-C9508-FAN

Fan tray for 8-slot modular chassis

3

N9K-C9508-FAN2

Fan tray that supports the Cisco N9K-C9508-FM-G fabric module

3

N9K-C9516-FAN

Fan tray for 16-slot modular chassis

3

Table 15.             Cisco Nexus 9500 Fabric Module Blanks with Power Connector

Product ID                        

Description

Minimum

Maximum

N9K-C9504-FAN-PWR

Nexus 9500 4-slot chassis 400G cloud scale fan tray power connector

1

2

N9K-C9508-FAN-PWR

Nexus 9500 4-slot chassis 400G cloud scale fan tray power connector

1

2

Table 16.             Cisco Nexus 9500 Power Supplies

Product ID                        

Description

Quantity

Cisco Nexus Switches

N9K-PAC-3000W-B

3 KW AC power supply

Up to 4

Up to 8

Up to 10

Cisco Nexus 9504

Cisco Nexus 9508

Cisco Nexus 9516

N9K-PDC-3000W-B

3 KW DC power supply

Up to 4

Up to 8

Up to 10

Cisco Nexus 9504

Cisco Nexus 9508

Cisco Nexus 9516

N9K-PUV-3000W-B

3 KW Universal AC/DC power supply

Up to 4

Up to 8

Up to 10

Cisco Nexus 9504

Cisco Nexus 9508

Cisco Nexus 9516

N9K-PUV2-3000W-B

3.15-KW Dual Input Universal AC/DC Power Supply

Up to 4

Up to 8

Up to 10

Cisco Nexus 9504

Cisco Nexus 9508

Cisco Nexus 9516

Table 17.             Cisco Nexus 9400 Switches

Product ID                        

Description

N9K-C9408

4-rack unit (RU) 8-slot LEM-based modular chassis switch, which is configurable with up to 128 200-Gigabit QSFP56 (256 100-Gigabit by breakout) ports or 64 400-Gigabit ports.

N9K-C9400-SUP-A

Cisco Nexus 9400 Supervisor Card

N9K-C9400-SW-GX2A

Cisco Nexus 9400 25.6Tbps Switch Card

N9K-X9400-8D

Cisco Nexus 9400 8p 400G QSFP-DD LEM

N9K-X9400-16W

Cisco Nexus 9400 16p 200G QSFP56 LEM

Note:      N9K-C9400-SW-GX2A Sup card ports 2xSFP Eth10/1-2 are not supported in Cisco NX-OS 10.3(x) and 10.4(1)F releases. However, from Cisco NX-OS Release 10.4(2)F, these ports are supported.

Table 18.             Cisco Nexus 9200 and 9300 Switches

Cisco Nexus Switch         

Description

N9K-C93400LD-H1

1-RU fixed-port, L2/L3 switch with 48 50G SFP56 ports and 4 400G QSFP-DD uplink ports.

N9K-C93108TC-FX3

1-RU fixed-port switch Forty-eight 100M/1G/10GBASE-T ports (ports 1-48), Six 40/100-Gigabit ports QSFP28 (ports 49-54), Two management ports (one 10/100/1000BASE-T port and one SFP port), One console port (RS-232), and one USB port.

N9K-C9332D-H2R

1-RU fixed-port switch with 400-Gigabit QSFP-DD ports (32), 10-Gigabit SFP+ ports (2), Management ports (one 10/100/1000BASE-T port and one SFP port), Console port (RS-232), and USB port.

N9K-C9348GC-FX3

1-RU fixed-port switch 48 10/100/1000M copper RJ45 downlink ports, 4 10-/25G SFP28 uplink ports, and 2 40-/100G QSFP28 uplink ports.

N9K-C9348GC-FX3PH

1-RU fixed-port switch 40 10M/100M/1G copper RJ45 downlink ports that support PoE/PoE+/PoE++ and 8 10M/100M copper RJ45 downlink ports that support PoE/PoE+/PoE++, 4 10-/25G SFP28 uplink ports, and 2 40-/100G QSFP28 uplink ports.

N9K-C93180YC-FX3H

1- RU fixed-port switch with 24 100M/1/10/25-Gigabit Ethernet SFP28 ports (ports 1-24), 6 10/25/40/50/100-Gigabit QSFP28 ports (ports 49-54), One management port (one 10/100/1000BASE-T port), and One console port (RS-232)

N9K-C9316D-GX

1-RU switch with 16x400/100/40-Gbps ports.

N9K-C9364C-GX

2-RU fixed-port switch with 64 100-Gigabit SFP28 ports.

N9K-C93600CD-GX

1-RU fixed-port switch with 28 10/40/100-Gigabit QSFP28 ports (ports 1-28), 8 10/40/100/400-Gigabit QSFP-DD ports (ports 29-36)

N9K-C9364C

2-RU Top-of-Rack switch with 64 40-/100-Gigabit QSFP28 ports and 2 1-/10-Gigabit SFP+ ports.

- Ports 1 to 64 support 40/100-Gigabit speeds.

 - Ports 49 to 64 support MACsec encryption.

Ports 65 and 66 support 1/10 Gigabit speeds.

N9K-C9332C

1-RU fixed switch with 32 40/100-Gigabit QSFP28 ports and 2 fixed 1/10-Gigabit SFP+ ports.

N9K-C9332D-GX2B

1-Rack-unit (1RU) spine switch with 32p 400/100-Gbps QSFP-DD ports and 2p 1/10 SFP+ ports.

N9K-C9348D-GX2A

48p 40/100/400-Gigabit QSFP-DD ports and 2p 1/10G/10G SFP+ ports

N9K-C9364D-GX2A

64p 400/100-Gigabit QSFP-DD ports and 2p 1/10 SFP+ ports

N9K-C93180YC-FX3

48 1/10/25 Gigabit Ethernet SFP28 ports (ports 1-48)

6 10/25/40/50/100-Gigabit QSFP28 ports (ports 49-54)

N9K-C93180YC-FX3S

48 1/10/25 Gigabit Ethernet SFP28 ports (ports 1-48)

6 10/25/40/50/100-Gigabit QSFP28 ports (ports 49-54)

N9K-C9336C-FX2-E

1- RU switch with 36 40-/100-Gb QSFP28 ports

N9K-C9336C-FX2

1-RU switch with 36 40-/100-Gb Ethernet QSFP28 ports

N9K-C93360YC-FX2

2-RU switch with 96 10-/25-Gigabit SFP28 ports and 12 40/100-Gigabit QSFP28 ports

N9K-C93240YC-FX2

1.2-RU Top-of-Rack switch with 48 10-/25-Gigabit SFP28 fiber ports and 12 40-/100-Gigabit Ethernet QSFP28 ports.

N9K-C93216TC-FX2

2-RU switch with 96 100M/1G/10G RJ45 ports, 12 40/100-Gigabit QSFP28 ports, 2 management ports (one RJ-45 and one SFP port), 1 console port, and 1 USB port.

N9K-C93180YC-FX

1-RU Top-of-Rack switch with 10-/25-/32-Gigabit Ethernet/FC ports and 6 40-/100-Gigabit QSFP28 ports. You can configure the 48 ports as 1/10/25-Gigabit Ethernet ports or as FCoE ports or as 8-/16-/32-Gigabit Fibre Channel ports.

N9K-C93180YC-FX-24

1-RU 24 1/10/25-Gigabit Ethernet SFP28 front panel ports and 6 fixed 40/100-Gigabit Ethernet QSFP28 spine-facing ports. The SFP28 ports support 1-, 10-, and 25-Gigabit Ethernet connections and 8-, 16-, and 32-Gigabit Fibre Channel connections.

N9K-C93108TC-FX

1-RU Top-of-Rack switch with 48 100M/1/10GBASE-T (copper) ports and 6 40-/100-Gigabit QSFP28 ports

N9K-C93108TC-FX-24

1-RU 24 1/10GBASE-T (copper) front panel ports and 6 fixed 40/100-Gigabit Ethernet QSFP28 spine-facing ports.

N9K-C93108TC-FX3P

1-RU fixed-port switch with 48 100M/1/2.5/5/10GBASE-T ports and 6 40-/100-Gigabit QSFP28 ports

N9K-C9348GC-FXP*

Nexus 9300 with 48p 100M/1 G, 4p 10/25 G SFP+ and 2p 100 G QSFP

N9K-C92348GC-X

The Cisco Nexus 92348GC-X switch (N9K-C92348GC-X) is a 1RU switch that supports 696 Gbps of bandwidth and over 250 mpps. The 1GBASE-T downlink ports on the 92348GC-X can be configured to work as 100-Mbps, 1-Gbps ports. The 4 ports of SFP28 can be configured as 1/10/25-Gbps and the 2 ports of QSFP28 can be configured as 40- and 100-Gbps ports. The Cisco Nexus 92348GC-X is ideal for big data customers that require a Gigabit Ethernet ToR switch with local switching.

*Note: For N9K-C9348GC-FXP the PSU SPROM is not readable when the PSU is not connected. The model displays as "UNKNOWN" and status of the module displays as "shutdown."

Table 19.             Cisco Nexus 9200 and 9300 Fans and Fan Trays

Product ID                        

Description

Quantity

Cisco Nexus Switches

NXA-SFAN-30CFM-PE

Fan module with port-side exhaust airflow (blue coloring)

3

9348GC-FX3

NXA-SFAN-30CFM-PI

Fan module with port-side intake airflow (burgundy coloring)

3

9348GC-FX3

NXA-SFAN-30CFM-PE

Fan module with port-side exhaust airflow (blue coloring)

3

9348GC-FX3PH

NXA-SFAN-30CFM-PI

Fan module with port-side intake airflow (burgundy coloring)

3

9348GC-FX3PH

NXA-SFAN-35CFM-PI

Fan module with port-side intake airflow (burgundy coloring)

6

 

5

 

4

9332D-H2R

 

93400LD-H1

 

93108TC-FX3

NXA-SFAN-35CFM-PE

Fan module with port-side exhaust airflow (blue coloring)

6

 

5

 

4

9332D-GX2B

 

93400LD-H1

 

93108TC-FX3

NXA-SFAN-35CFM-PI

Fan module with port-side intake airflow (burgundy coloring)

6

9332D-GX2B

NXA-FAN-160CFM-PE

Fan module with port-side exhaust airflow (blue coloring)

3

9364C [[1]]
93360YC-FX2

NXA-FAN-160CFM-PI

Fan module with port-side intake airflow (burgundy coloring)

3

9364C [1]

93360YC-FX2

NXA-FAN-160CFM2-PE

Fan module with port-side exhaust airflow (blue coloring)

4

9364C-GX

NXA-FAN-160CFM2-PI

Fan module with port-side intake airflow (burgundy coloring)

4

9364C-GX

NXA-FAN-30CFM-B

Fan module with port-side intake airflow (burgundy coloring)

3

93108TC-FX [1]
93180YC-FX
[1]
9348GC-FXP [1]

NXA-FAN-30CFM-F

Fan module with port-side exhaust airflow (blue coloring)

3

93108TC-FX [1]
93180YC-FX
[1]
9348GC-FXP

NXA-FAN-35CFM-PE

Fan module with port-side exhaust airflow (blue coloring)

4

 

 

 

 

 

 

6

 

 

 

92300YC [1]
9332C [1]
93180YC-FX3S [[2]]
93180YC-FX3
93108TC-FX3P
93180YC-FX3H

9336C-FX2-E
9316D-GX
93600CD-GX

 

NXA-FAN-35CFM-PI

Fan module with port-side intake airflow (burgundy coloring)

 

 

 

 

 

 

 

Fan module with port-side exhaust airflow (blue coloring)

4

 

 

 

 

 

6

 

6

92300YC [1]
9332C [1]
93180YC-FX3S [2]
93180YC-FX3
93108TC-FX3P
93180YC-FX3H

9316D-GX
93600CD-GX

 

9336C-FX2-E

NXA-FAN-65CFM-PE

Fan module with port-side exhaust airflow (blue coloring)

3

93240YC-FX2 [1]
9336C-FX2 [1]

NXA-FAN-65CFM-PI

Fan module with port-side exhaust airflow (burgundy coloring)

3

93240YC-FX2
9336C-FX2
[1]

Table 20.             Cisco Nexus 9200 and 9300 Power Supplies

Product ID                        

Description

Quantity

Cisco Nexus Switches

NXA-PDC-715W-PI

715-W DC power supply with port-side intake airflow (blue coloring)

2

93108TC-FX3P

NXA-PDC-440W-PE

440-W DC power supply with port-side exhaust airflow (blue coloring)

2

9348GC-FX3
9348GC-FX3PH

NXA-PDC-440W-PI

440-W DC power supply with port-side intake airflow (burgundy coloring)

2

9348GC-FX3

9348GC-FX3PH

NXA-PHV-350W-PE

350-W AC power supply with port-side exhaust airflow (blue coloring)

2

9348GC-FX3
9348GC-FX3PH

NXA-PHV-350W-PI

350-W AC power supply with port-side intake airflow (burgundy coloring)

2

9348GC-FX3

9348GC-FX3PH

NXA-PAC-350W-PE2

350-W AC power supply with port-side exhaust airflow (blue coloring)

2

9348GC-FX3
9348GC-FX3PH

NXA-PAC-350W-PI2

350-W AC power supply with port-side intake airflow (burgundy coloring)

2

9348GC-FX3

9348GC-FX3PH

NXA-PAC-1900W-PE

1900-W AC power supply with port-side exhaust airflow (blue coloring)

2

9348GC-FX3

9348GC-FX3PH

NXA-PAC-1900W-PI

1900-W AC power supply with port-side intake airflow (burgundy coloring)

2

9348GC-FX3

9348GC-FX3PH

NXA-PHV-2KW-PI

2000-W HVDC power supply with port-side intake airflow (burgundy coloring)

2

9332D-H2R

93400LD-H1

NXA-PAC-1500W-PE

1500-W AC power supply with port-side exhaust airflow (blue coloring)

2

9332D-GX2B

NXA-PAC-1500W-PI

1500-W AC power supply with port-side intake airflow (burgundy coloring)

2

9332D-GX2B

NXA-PAC-500W-PE

500-W AC power supply with port-side exhaust airflow (blue coloring)

2

93180YC-FX
93108TC-FX3

NXA-PAC-500W-PI

500-W AC power supply with port-side intake airflow (burgundy coloring)

2

93180YC-FX
93108TC-FX3

NXA-PAC-650W-PE

650-W AC power supply with port-side exhaust (blue coloring)

2

92300YC
93180YC-FX3S
93180YC-FX3

93180YC-FX3H

NXA-PAC-650W-PI

650-W AC power supply with port-side intake (burgundy coloring)

2

92300YC
93180YC-FX3S
93180YC-FX3

93180YC-FX3H

NXA-PAC-750W-PE

750-W AC power supply with port-side exhaust airflow (blue coloring) 1

2

9336C-FX2
9336C-FX2-E
9332C
93240YC-FX2

NXA-PAC-750W-PI

750-W AC power supply with port-side intake airflow (burgundy coloring) 1

2

9336C-FX2
9336C-FX2-E
9332C
93240YC-FX2

NXA-PAC-1100W-PE2

1100-W AC power supply with port-side exhaust airflow (blue coloring)

2

93240YC-FX2
9332C
9316D-GX
9336C-FX2
9336C-FX2-E
93600CD-GX

NXA-PAC-1100W-PI2

1100-W AC power supply with port-side intake airflow (burgundy coloring)

2

93240YC-FX2
9332C
9316D-GX
9336C-FX2
9336C-FX2-E
93600CD-GX

NXA-PAC-1100W-PI

Cisco Nexus 9000 PoE 1100W AC PS, port-side intake

2

93108TC-FX3P

NXA-PAC-1100W-PE

Cisco Nexus 9000 PoE 1100W AC PS, port-side exhaust

2

93108TC-FX3P

NXA-PAC-1900W-PI

Cisco Nexus 9000 PoE 1900W AC PS, port-side intake

2

93108TC-FX3P

NXA-PAC-1200W-PE

1200-W AC power supply with port-side exhaust airflow (blue coloring)

2

93360YC-FX2
9364C

NXA-PAC-1200W-PI

1200-W AC power supply with port-side intake airflow (burgundy coloring)

2

93360YC-FX2
9364C

NXA-PAC-1400W-PE

1400-W AC power supply with port-side exhaust airflow (blue coloring)

2

93400LD-H1

NXA-PAC-1400W-PI

1400-W AC power supply with port-side intake airflow (burgundy coloring)

2

93400LD-H1

N9K-PUV-1200W

1200-W Universal AC/DC power supply with bidirectional airflow (white coloring)

2

92300YC
93108TC-FX
93360YC-FX2
93180YC-FX3S
93180YC-FX
9364C
93108TC-FX3

NXA-PDC-930W-PE

930-W DC power supply with port-side exhaust airflow (blue coloring)

2

93360YC-FX2
93180YC-FX3S
93180YC-FX
9364C
93180YC-FX3H
93108TC-FX3

NXA-PDC-930W-PI

930-W DC power supply with port-side intake airflow (burgundy coloring)

2

93360YC-FX2
93180YC-FX3S
93180YC-FX
9364C
93180YC-FX3H
93108TC-FX3

NXA-PDC-1100W-PE

1100-W DC power supply with port-side exhaust airflow (blue coloring)

2

93240YC-FX2
93600CD-GX
9316D-GX
9332C
9336C-FX2
9336C-FX2-E

NXA-PDC-1100W-PI

1100-W DC power supply with port-side intake airflow (burgundy coloring)

2

93240YC-FX2
93600CD-GX
9316D-GX
9332C
9336C-FX2
9336C-FX2-E

NXA-PHV-1100W-PE

1100-W AC power supply with port-side exhaust airflow (blue coloring)

2

93240YC-FX2
9336C-FX2

NXA-PHV-1100W-PI

1100-W AC power supply with port-side intake airflow (burgundy coloring)

2

93240YC-FX2
9336C-FX2

NXA-PAC-2KW-PE

2000-W AC power supply with port-side exhaust airflow (blue coloring)

2

9364C-GX

 

NXA-PAC-2KW-PI

2000-W AC power supply with port-side intake airflow (burgundy coloring)

2

9364C-GX
9332D-H2R

NXA-PDC-2KW-PE

2000-W DC power supply with port-side exhaust airflow (blue coloring

2

9364C-GX

93400LD-H1

NXA-PDC-2KW-PI

2000-W DC power supply with port-side intake airflow (burgundy coloring)

2

9364C-GX

9332D-H2R

93400LD-H1

N2200-PAC-400W

400-W AC power supply with port-side exhaust airflow (blue coloring)

2

92348GC-X

N2200-PAC-400W-B

400-W AC power supply with port-side intake airflow (burgundy coloring)

2

92348GC-X

N2200-PDC-350W-B

350-W DC power supply with port-side intake airflow

2

92348GC-X

N2200-PDC-400W

400-W DC power supply with port-side exhaust airflow (blue coloring)

2

92348GC-X

Compatibility Information

Fabric Module and Line Card compatibility details are listed below:

Table 21.             Cisco Nexus 9500 Cloud Scale Line Cards

Product ID                        

N9K-C9504-FM-G

N9K-C9508-FM-G

N9K-C9504-FM-E

N9K-C9508-FM-E

N9K-C9508-FM-E2

N9K-C9516-FM-E2

N9K-X9716D-GX

4

4

No

No

No

No

N9K-X9736C-FX

5

5

5

5

5

5

N9K-X97160YC-EX

4

4

4

4

4

4

N9K-X9788TC-FX

4

4

4

4

4

4

N9K-X9732C-EX

4

4

4

4

4

4

N9K-X9736C-EX

4

4

4

4

4

4

N9K-X9732C-FX

4

5 (n+1 redundancy)

4

5 (n+1 redundancy)

4

5 (n+1 redundancy)

4

5 (n+1 redundancy)

4

5 (n+1 redundancy)

4

5 (n+1 redundancy)

Table 22.             Cisco Nexus 9500 R-Series Line Cards

Product ID                        

N9K-C9504-FM-R

N9K-C9508-FM-R

N9K-X9636C-RX

6

6

N9K-X9636Q-R

4

6 (n+2 redundancy)

4

6 (n+2 redundancy)

N9K-X9636C-R

5

6 (n+1 redundancy)

5

6 (n+1 redundancy)

N9K-X96136YC-R

6

6

Table 23.             Cisco Nexus 9500 R2-Series Line Cards

Product ID                        

N9K-C9508-FM-R2

N9K-X9624D-R2

6

Optics

For information about transceivers and cables supported on a switch, see the Transceiver Module (TMG) Compatibility Matrix. For the transceiver specifications and installation information, see the Install and Upgrade Guides.

Cisco Nexus Dashboard Insights for Data Center

Cisco NX-OS Release 10.4(2)F supports the Nexus Dashboard Insights on Cisco Nexus 9300-FX, 9300-FX2, 9300-FX3, 9300-GX, 9300-GX2, 9400, and 9800 platform switches and 9500 platform switches with -EX/FX/GX Line Cards. See the Cisco Nexus Insights documentation.  

Upgrade and Downgrade

To perform a software upgrade or downgrade, follow the instructions in the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide, Release 10.4(x). For information about an In Service Software Upgrade (ISSU), see the Cisco NX-OS ISSU Support Matrix.

Related Content

Document Title

Description

Cisco Nexus 9000 Series Switches

Cisco Nexus 9000 Series Switches documentation

Cisco NX-OS Software Strategy and Lifecycle Guide

Cisco NX-OS Software Release and Image-naming Convention

Cisco Nexus 3000 and 9000 Series NXAPI REST SDK User Guide and API Reference

Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference

Licensing Information

Note:      When you downgrade from Cisco NX-OS Release 10.4(2)F to an earlier release, the features that use the ACI+NX-OS Essentials, Advantage, and add-on licenses or the Hardware Streaming Telemetry license continue to work in honor mode in the downgraded version. In addition, the output of the show license usage command continues to include entries for these unsupported licenses.

Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide

Cisco Nexus 9000 Series Software Upgrade and Downgrade Guide, Release 10.4(x)

Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes

Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes, Release 10.4(2)

https://cisco.github.io/cisco-mibs/supportlists/nexus9000/Nexus9000MIBSupportList.html

Cisco NX-OS Supported MIBs

Cisco Nexus 9000 Series Switch FEX Support Matrix

Supported FEX modules

Cisco Nexus 9000 Series Hardware Installation Guides

Cisco Nexus 9000 Series Hardware Installation Guides

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com. We appreciate your feedback.

Legal Information

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URLhttps://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2023 Cisco Systems, Inc. All rights reserved.



[1] For specific fan speeds see the Overview section of the Hardware Installation Guide.
[2] This switch runs with +1 redundancy mode so that if one fan fails, the switch can sustain operation. But if a second fan fails, this switch is not designed to sustain operation. Hence before waiting for the major threshold temperature to be hit, the switch will power down due to entering the fan policy trigger command.

Learn more