 Feedback
|
Table Of Contents
Cisco MDS 9000 Family Release Notes
for Cisco MDS NX-OS Release 4.2(7a)MDS 9000 Chassis and Module Support in Cisco MDS NX-OS 4.x
Migrating from Supervisor-1 Modules to Supervisor-2 Modules
Determining the Software Version
Determining Software Version Compatibility
Selecting the Correct Software Image for an MDS 9100 Series Switch
Selecting the Correct Software Image for an MDS 9200 Series Switch
Selecting the Correct Software Image for an MDS 9500 Series Switch
Upgrading Your Cisco MDS NX-OS Software Image
Guidelines for Upgrading to NX-OS Release 4.2(7a)
Slow Drain Feature is On Following Upgrade
Debug Messages Displayed During Upgrade
Upgrading from NX-OS Release 4.2(5) to Release 4.2(7a) with DMM, IOA, or SME Configured
FICON Supported Releases and Upgrade Paths
Upgrading an MDS 9222i Switch with SANTap or Invista is Provisioned on the SSM
Enabling Telnet Required After an Upgrade
Reconfiguring SSM Ports Before Upgrading to NX-OS Release 4.2(7a)
Upgrading the SSI Image on Your SSM
Upgrading a Cisco MDS 9124 or Cisco MDS 9134 Switch
Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch
Resetting SNMP Notifications Following an Upgrade
Converting Automatically Created PortChannels Before an Upgrade
Downgrading Your Cisco MDS SAN-OS Software Image
General Downgrading Guidelines
Downgrading the SSI Image on Your SSM
Downgrading an MDS 9500 Series Switch with an 8-Gbps Module Installed
New Features in Cisco MDS NX-OS Release 4.2(7a)
Licensed Cisco NX-OS Software Packages
Storage Services Enabler Package
On-Demand Port Activation License
Storage Media Encryption Package
Generation 1 Module Limitation
Maximum Number of Zones Supported in Interop Mode 4
Using a RSA Version 1 Key for SSH Following an Upgrade
CFS Cannot Distribute All Call Home Information
Availability of F Port Trunking and F Port Channels
Reserved VSAN Range and Isolated VSAN Range Guidelines
Applying Zone Configurations to VSAN 1
Running Storage Applications on the MSM-18/4
RSPAN Traffic Not Supported on CTS Ports on 8-Gbps Switching Modules
I/O Accelerator Feature Limitations
Support for FCIP Compression Modes
Saving Copies of the Running Kickstart and System Images
Configuring Buffer Credits on a Generation 2 or Generation 3 Module
PPRC Not Supported with FCIP Write Acceleration
Rule Changes Between SAN-OS Release 3.3(1c) and NX-OS Release 4.2(1a) Affect Role Behavior
Configuring a Persistent FCID in an IVR Configuration with Brocade Switches
Regulatory Compliance and Safety Information
Software Installation and Upgrade
Intelligent Storage Networking Services Configuration Guides
Obtaining Documentation and Submitting a Service Request
Cisco MDS 9000 Family Release Notes
for Cisco MDS NX-OS Release 4.2(7a)
Release Date: August 23, 2010
Part Number: OL-19964-08 K0
This document describes the caveats and limitations for switches in the Cisco MDS 9000 Family. Use this document in conjunction with documents listed in the "Related Documentation" section.
This document also contains upgrading guidelines that are specific to upgrading to Cisco MDS NX-OS Release 4.2(7a). Before you begin the upgrade process, read the instructions in the "Guidelines for Upgrading to NX-OS Release 4.2(7a)" section.
Note
As of Cisco Fabric Manager Release 4.2(1a), Fabric Manager information will no longer appear in the Cisco MDS 9000 Family Release Notes for NX-OS releases. Cisco Fabric Manager Release Notes will include information that is exclusive to Fabric Manager as a management tool for Cisco MDS 9000 Family switches and Cisco Nexus 5000 Series switches. Refer to the following website for Release Notes for Cisco Fabric Manager:
http://www.cisco.com/en/US/products/ps10495/prod_release_notes_list.html
Release notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Family Release Notes: http://www.cisco.com/en/US/products/ps5989/prod_release_notes_list.html
Table 1 shows the on-line change history for this document.
Table 1 Online History Change
A0
08/23/2010
Created release notes.
B0
09/21/2010
Updated the description of the Slow Drain feature in the "New Features in Cisco MDS NX-OS Release 4.2(7a)" section to include the hardware components that do not support the feature.
C0
10/08/2010
Corrected the caveat number of DDTS CSCtc65411to DDTS CSCtc65441.
D0
02/09/2011
Updated the "Licensed Cisco NX-OS Software Packages" section.
E0
03/11/2011
Added the "Slow Drain Feature is On Following Upgrade" topic to the "Guidelines for Upgrading to NX-OS Release 4.2(7a)" section.
Added a note stating that the slow drain feature is enabled by default to the "New Features in Cisco MDS NX-OS Release 4.2(7a)" section.
F0
04/29/2011
•
•
•
G0
05/11/2011
Corrected the upgrade path to Release 4.2(7a) in Table 10.
H0
09/09/2011
Added the "Configuring a Persistent FCID in an IVR Configuration with Brocade Switches" section.
I0
03/11/2012
J0
05/03/2012
•
•
K0
05/18/2012
Added the "Converting Automatically Created PortChannels Before an Upgrade" section.
Contents
This document includes the following:
•
•
•
•
•
•
•
Introduction
The Cisco MDS 9000 Family of Multilayer Directors and Fabric Switches provides industry-leading availability, scalability, security, and management, allowing you to deploy high performance storage-area networks with lowest total cost of ownership. Layering a rich set of intelligent features onto a high performance, protocol agnostic switch fabric, the Cisco MDS 9000 Family addresses the stringent requirements of large data center storage environments: uncompromising high availability, security, scalability, ease of management, and seamless integration of new technologies.
Cisco MDS 9000 NX-OS Software powers the award winning Cisco MDS 9000 Series Multilayer Switches. It is designed to create a strategic SAN platform with superior reliability, performance, scalability, and features. Formerly known as Cisco SAN-OS, Cisco MDS 9000 NX Software is fully interoperable with earlier Cisco SAN-OS versions and enhances hardware platform and module support.
Components Supported
Table 2 lists the NX-OS software part numbers and hardware components supported by the Cisco MDS 9000 Family.
Note
MDS 9000 Chassis and Module Support in Cisco MDS NX-OS 4.x
Table 3 lists the MDS hardware chassis supported by Cisco MDS NX-OS 4.x.
Table 4 lists the MDS hardware modules supported by Cisco MDS NX-OS 4.x. For the list of MDS hardware modules supported by Cisco MDS SAN-OS 3.x, see Table 5.
Table 4 Module Support Matrix for Cisco MDS NX-OS 4.x
DS-X9530-SF2-K9
MDS 9500 Supervisor-2 Module
Yes
N/A
N/A
DS-X9530-SF2A-K9
MDS 9500 Supervisor-2A Module
Yes
N/A
N/A
DS-X9530-SF1-K9
MDS 9500 Supervisor-1 Module
No
N/A
N/A
DS-X9224-96K9
24-port 8-Gbps Fibre Channel Switching Module
Yes1
No
No
DS-X9248-96K9
48-port 8-Gbps Fibre Channel Switching Module
Yes1
No
No
DS-X9248-48K9
4/44-port Host Optimized8-Gbps Fibre Channel Switching Module
Yes
Yes
Yes
DS-X9316-SSNK9
16-port Storage Services Node (SSN-16)
Yes
Yes
No
DS-X9304-18K9
18/4-Port Multiservice Module (MSM-18/4)
Yes
Yes
Yes
DS-X9112
12-port 4-Gbps Fibre Channel Switching Module
Yes
Yes
Yes
DS-X9124
24-port 4-Gbps Fibre Channel Switching Module
Yes
Yes
Yes
DS-X9148
48-port 4-Gbps Fibre Channel Switching Module
Yes
Yes
Yes
DS-X9704
4-port 10-Gbps Fibre Channel Switching Module
Yes
Yes
Yes
DS-X9302-14K9
14/2-port Multiprotocol Services (MPS-14/2) Module
Yes
No
Yes
DS-X9016
16-port 1-, 2-Gbps Fibre Channel Switching Module
Yes
No
Yes
DS-X9032
32-port 1-, 2-Gbps Fibre Channel Switching Module
Yes
No
Yes
DS-X9032-SSM
32-port Storage Services Module (SSM)
Yes
Yes
Yes
DS-X9308-SMIP
8-port 1-, 2-Gbps IP Switching Module
No
No
No
DS-X9304-SMIP
4-port 1-, 2-Gbps IP Switching Module
No
No
No
1 Requires DS-13SLT-FAB2 in the MDS 9513.
Table 5 lists the MDS hardware modules supported by Cisco MDS SAN-OS 3.x.
Migrating from Supervisor-1 Modules to Supervisor-2 Modules
As of Cisco MDS SAN-OS Release 3.0(1), the Cisco MDS 9509 and 9506 Directors support both Supervisor-1 and Supervisor-2 modules. Supervisor-1 and Supervisor-2 modules cannot be installed in the same switch, except during migration. Both the active and standby supervisor modules must be of the same type, either Supervisor-1 or Supervisor-2 modules. For Cisco MDS 9513 Directors, both supervisor modules must be Supervisor-2 modules.
Caution
Note
To migrate from a Supervisor-1 module to a Supervisor-2 module, refer to the step-by-step instructions in the Cisco MDS 9000 NX-OS Release 4.1(x) and SAN-OS 3(x) Software Upgrade and Downgrade Guide.
Supervisor-2A Module
The Cisco MDS 9500 Series Supervisor-2A module, DS-X9530-SF2A-K9, is a new supervisor module for the Cisco MDS 9500 Series. The Supervisor-2A module is functionally equivalent to the Supervisor-2 module, but has these distinguishing features:
•
•
For additional information about the Supervisor-2A module, see the Cisco MDS 9500 Series Supervisor-2A Tech Note.
Software Download Process
Use the software download procedure to upgrade to a later version, or downgrade to an earlier version, of an operating system. This section describes the software download process for the Cisco MDS NX-OS software and includes the following topics:
•
•
•
•
•
Determining the Software Version
To determine the version of Cisco MDS NX-OS or SAN-OS software currently running on a Cisco MDS 9000 Family switch using the CLI, log in to the switch and enter the show version EXEC command.
To determine the version of Cisco MDS NX-OS or SAN-OS software currently running on a Cisco MDS 9000 Family switch using the Fabric Manager, view the Switches tab in the Information pane, locate the switch using the IP address, logical name, or WWN, and check its version in the Release column.
Determining Software Version Compatibility
Table 6 lists the software versions that are compatible in a mixed SAN environment, the minimum software versions that are supported, and the versions that have been tested. We recommend that you use the latest software release supported by your vendor for all Cisco MDS 9000 Family products.
Downloading Software
The Cisco MDS NX-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.
To download the latest Cisco MDS NX-OS software, access the Software Center at this URL:
http://www.cisco.com/public/sw-center
See the following sections in this release note for details on how you can nondisruptively upgrade your Cisco MDS 9000 switch. Issuing the install all command from the CLI, or using Fabric Manager to perform the downgrade, enables the compatibility check. The check indicates if the upgrade can happen nondisruptively or disruptively depending on the current configuration of your switch and the reason.
Compatibility check is done:Module bootable Impact Install-type Reason------ -------- -------------- ------------ ------1 yes non-disruptive rolling2 yes disruptive rolling Hitless upgrade is not supported3 yes disruptive rolling Hitless upgrade is not supported4 yes non-disruptive rolling5 yes non-disruptive reset6 yes non-disruptive resetAt a minimum, you need to disable the default device alias distribution feature using the no device-alias distribute command in global configuration mode. The show incompatibility system bootflash:1.3(x)_filename command determines which additional features need to be disabled.
Note
Selecting the Correct Software Image for an MDS 9100 Series Switch
The system and kickstart image that you use for an MDS 9100 series switch depends on which switch you use, as shown in Table 7.
Selecting the Correct Software Image for an MDS 9200 Series Switch
The system and kickstart image that you use for an MDS 9200 series switch depends on which switch you use, as shown in Table 8.
Selecting the Correct Software Image for an MDS 9500 Series Switch
The system and kickstart image that you use for an MDS 9500 Series switch depends on whether the switch is based on a Supervisor-1 module or a Supervisor-2 module, as shown in Table 9.
Table 9 Software Images for Supervisor Type
9513, 9509, and 9506
Supervisor-2 module
Filename begins with m9500-sf2ek9
Use the show module command to display the type of supervisor module in the switch. The following is sample output from the show module command on a Supervisor -2 module:
switch# show moduleMod Ports Module-Type Model Status--- ----- -------------------------------- ------------------ ------------......7 0 Supervisor/Fabric-2 DS-X9530-SF2-K9 active *8 0 Supervisor/Fabric-2 DS-X9530-SF2-K9 ha-standbyUpgrading Your Cisco MDS NX-OS Software Image
This section lists the guidelines recommended for upgrading your Cisco MDS NX-OS software image and includes the following topics:
•
•
•
•
•
•
•
•
•
•
Note
For detailed instructions for performing a software upgrade using Cisco Fabric Manager, see the Cisco Fabric Manager Release Notes for Release 4.2(1a), which is available from the following website:
http://www.cisco.com/en/US/products/ps10495/prod_release_notes_list.html
Guidelines for Upgrading to NX-OS Release 4.2(7a)
This section lists guidelines that are specific to upgrading your Cisco MDS NX-OS software image to NX-OS Release 4.2(7a), and includes the following topics:
•
•
•
Slow Drain Feature is On Following Upgrade
Cisco NX-OS Release 4.2(7a) includes the slow drain feature. This new feature is enabled by default, so it is on once you upgrade to Release 4.2(7a). For additional information about this feature and a link to the documentation for it, see the "New Features in Cisco MDS NX-OS Release 4.2(7a)" section.
Debug Messages Displayed During Upgrade
If you have the port monitor enabled when you upgrade to NX-OS Release 4.2(7a), the following messages are displayed:
2010 Jul 19 04:29:16 interop-9509 %PMON-SLOT2-2-PMON_CRIT_INFO: Port Monitor Critical Information: policy slowdrain invalid,object 1 interval is 0; setting to default 10.
2010 Jul 19 04:29:16 interop-9509 %PMON-SLOT2-2-PMON_CRIT_INFO: Port Monitor Critical Information: policy slowdrain invalid,object 2 interval is 0; setting to default 10.These debug messages are displayed if you upgrade to an NX-OS release that has slow drain enabled by default, such as NX-OS Release 4.2(7a), from a release that did not have the slow drain feature, such as NX-OS Release 4.2(5). The messages are triggered when a module becomes aware of the new slow drain feature that was not present in NX-OS software prior to NX-OS Release 4.2(7a). These message are harmless and can be ignored.
You should not see these messages when you upgrade from a release that has the slow drain feature to another release that also has the slow drain feature, such as when you upgrade from NX-OS Release 4.2(7x) to Release 5.0(4b).
Upgrading from NX-OS Release 4.2(5) to Release 4.2(7a) with DMM, IOA, or SME Configured
If you plan to upgrade from NX-OS Release 4.2(5) to NX-OS Release 4.2(7a), be aware that in some corner cases, the upgrade might be disruptive if you have one of the following applications configured on your switch: DMM, IOA, or SME.
You can detect this issue by entering the following command:
switch#show incompatibility-all system bootflash:isan-427
The following configurations on active are incompatible with the system image
1) Service : fc-redirect , Capability : CAP_FEATURE_FC_REDIRECT_IVR_SUPPORT_ENABLED
Description : FC-Redirect IVR Support is Enabled
Capability requirement : STRICT
Disable command : a. FC-Redirect ivr-support is enabled on this switch. This feature requires all IVR-enabled switches and switches with FC-Redirect based application nodes to have a NX-OS version that supports the feature.
b. If no FC-Redirect config for IVR flows exists, please disable the feature using the command 'no fc-redirect ivr-support enable' and try again.
switch#The following corner cases can lead to this issue:
–
–
•
•
In both these cases, enter the show incompatibilities command to verify if the symptom exists.
The steps for working around this issue depend on your switch configuration and are described in the following sections.
Single Supervisor System
On a single supervisor system, you cannot perform a nondisruptive upgrade or downgrade. You must perform a disruptive upgrade or downgrade. This workaround applies to all the three applications: DMM, IOA, and SME.
Dual Supervisor System
On a dual supervisor system, the workaround is different for each application:
•
Follow these steps:
1.
2.
•
Follow these steps:
1.
a.
switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#sme cluster c1
switch(config-sme-cl)#shutdown
This change can be disruptive. Please ensure you have read the "SME Cluster Recovery Procedure" in the configuration guide. -- Are you sure you want to continue? (y/n) [n]y
switch(config-sme-cl)# 2010 Jul 20 17:03:34 sw2-qa05 %CLUSTER-2-CLUSTER_LOCAL_NODE_EXIT: Local
Node 0x1 has left the Cluster 0x2e3b547fee001f20
switch(config-sme-cl)#show sme cluster c1 node summary
-------------------------------------------------------------------------------
Switch Status Master
-------------------------------------------------------------------------------
local switch unknown (cluster is offline)
172.25.245.195 unknown (cluster is offline)b.
switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#sme cluster c1
switch(config-sme-cl)#no node 172.25.245.193
switch#show sme cluster c1 node summary
-------------------------------------------------------------------------------
Switch Status Master
-------------------------------------------------------------------------------
local switch online yes2.
switch#system switchover3.
switch#show incompatibility-all system bootflash:isan-427
No incompatible configurations4.
switch(config)#sme cluster c1
switch((config-sme-cl)#node 172.25.245.193
switch((config-sme-cl-node)#fabric f1
switch((config-sme-cl-node)#interface sme 8/1 force•
Follow these steps:
–
1.
switch#show ioa cluster2.
switch#show ioa cluster <cluster-name> interfaceFrom the output, find all the IOA interfaces that belong to this switch.
3.
switch#conf t
switch(config)#interface ioa <slot/port>
switch(config)#shutdown–
1.
switch#show ioa cluster2.
switch#show ioa internal info cluster <cluster name> flowgroupsFind the flow group name, host, and target information for each flow.
3.
switch#conf t
switch(config)#ioa cluster <cluster name>
switch(config)#flowgroup <flowgroup name>
switch(config)#no host <host pwwn> target <target pwwn>General Upgrading Guidelines
Note
Use the following guidelines when upgrading to Cisco MDS NX-OS Release 4.2(7a):
•
•
•
•
•
•
•
•
–
–
–
–
–
Note
Use Table 10 to determine your nondisruptive upgrade path to Cisco MDS NX-OS Release 4.2(7a), find the image release number you are currently using in the Current column of the table, and use the path recommended.
Note
FICON Supported Releases and Upgrade Paths
Cisco MDS NX-OS Release 4.2(7a) is not a FICON-qualified release.
Table 11 lists additional SAN-OS and NX-OS releases that support FICON. Refer to the specific release notes for FICON upgrade path information.
Table 11 FICON Supported Releases
NX-OS
Release 4.2(1b)
Release 4.1(1c)
SAN-OS
Release 3.3(1c)
Release 3.2(2c)
Release 3.0(3b)
Release 3.0(3)
Release 3.0(2)
Release 2.0(2b)
Use Table 12 to determine your FICON nondisruptive upgrade path to Cisco MDS NX-OS Release 4.2(1b) Find the image release number you are currently using in the Current Release with FICON Enabled column of the table and follow the recommended path.
Upgrading an MDS 9222i Switch with SANTap or Invista is Provisioned on the SSM
On an MDS 9222i switch, if SANTap or Invista is provisioned on a Storage Services Module (SSM) in slot 2, then an In Service Software Upgrade (ISSU) to NX-OS Release 4.2(1b) is not supported. The upgrade to NX-OS Release 4.2(1b) is supported if you set boot variables, save the configuration, and reload the switch. If the switch is running SAN-OS Release 3.3(1a) or earlier, first upgrade to SAN-OS Release 3.3(1c) and then upgrade to NX-OS Release 4.2(1b).
Enabling Telnet Required After an Upgrade
Following an upgrade from SAN-OS 3.x to NX-OS 4.x, you need to enable the Telnet server if you require a Telnet connection. As of MDS NX-OS Release 4.1(1b), the Telnet server is disabled by default on all switches in the Cisco MDS 9000 Family. In earlier releases, the Telnet server was enabled by default.
Upgrading Effect on VSAN 4079
If you are upgrading from a SAN-OS Release 3.x to NX-OS Release 4.2(1b), and you have not created VSAN 4079, the NX-OS software will automatically create VSAN 4079 and reserve it for EVFP use.
If VSAN 4079 is reserved for EVFP use, the switchport trunk allowed vsan command will filter out VSAN 4079 from the allowed list, as shown in the following example:
switch(config-if)# switchport trunk allowed vsan 1-40801-4078,4080switch(config-if)#
If you have created VSAN 4079, the upgrade to NX-OS Release 4.2(1b) will have no affect on VSAN 4079.
If you downgrade after NX-OS Release 4.2(1b) creates VSAN 4079 and reserves it for EVFP use, the VSAN will no longer be reserved.
Upgrading with IVR Enabled
An Inter-Switch Link (ISL) flap resulting in fabric segmentation or a merge during or after an upgrade from Cisco MDS SAN-OS Release 2.0(x) to a later image where IVR is enabled might be disruptive. Some possible scenarios include the following:
•
•
•
If this problem occurs, syslogs indicate a failure and the flapped ISL could remain in a down state because of a domain overlap.
This issue was resolved in Cisco SAN-OS Release 2.1(2b); you must upgrade to Release 2.1(2b) before upgrading to Release 3.3(1c). An upgrade from Cisco SAN-OS Releases 2.1(1a), 2.1(1b), or 2.1(2a) to Release 2.1(2b) when IVR is enabled requires that you follow the procedure below. If you have VSANs in interop mode 2 or 3, you must issue an IVR refresh for those VSANs.
To upgrade from Cisco SAN-OS Releases 2.1(1a), 2.1(1b), or 2.1(2a) to Release 2.1(2b) for all other VSANs with IVR enabled, follow these steps:
Step 1
Note
Step 2
Note
Step 3
2005 Aug 31 21:52:04 switch %FCDOMAIN-2-EPORT_ISOLATED:%$VSAN 2005%$ Isolation of interfacePortChannel 52 (reason: unknown failure)2005 Aug 31 21:52:04 switch %FCDOMAIN-2-EPORT_ISOLATED: %$VSAN 2005%$Isolation of interface PortChannel 51(reason: domain ID assignment failure)Step 4
switch(config)# vsan databaseswitch(config-vsan-db)# vsan vsan-id suspendswitch(config-vsan-db)# no vsan vsan-id suspendStep 5
Step 6
Step 7
Note
Reconfiguring SSM Ports Before Upgrading to NX-OS Release 4.2(7a)
Starting with Cisco MDS SAN-OS Release 3.0(1), the SSM front panel ports can no longer be configured in auto mode, which is the default for releases prior to Release 3.0(1).
Note
For more information on upgrading SAN-OS software, see the "Upgrading Your Cisco MDS NX-OS Software Image" section.
If the configuration is not updated before the upgrade, the installation process for the new image will automatically convert all ports configured in auto mode to Fx mode. This change in mode might cause a disruption if the port is currently operating in E mode.
To upgrade the image on your SSM without any traffic disruption, follow these steps:
Step 1
switch# show interface fc 2/1 - 32fc2/1 is upHardware is Fibre Channel, SFP is short wave laser w/o OFC (SN)Port WWN is 20:4b:00:0d:ec:09:3c:00Admin port mode is auto <-------- shows port is configured in auto modesnmp traps are enabledPort mode is F, FCID is 0xef0300 <-------- shows current port operational mode is FPort vsan is 1Speed is 2 GbpsTransmit B2B Credit is 3Step 2
a.
switch# config tswitch(config)# interface fc 2/1switch(config-if)# switchport mode fxb.
switch# config tswitch(config)# interface fc 2/5switch(config-if)# switchport mode eStep 3
a.
switch# config tswitch(config)# interface fc 2/2switch(config-if)# switchport mode fxb.
switch# config tswitch(config)# interface fc 2/2switch(config-if)# shutdownStep 4
switch# copy running-config startup-config
Upgrading the SSI Image on Your SSM
Use the following guidelines to nondisruptively upgrade the SSI image on your SSM:
•
•
–
–
–
–
–
Upgrading a Cisco MDS 9124 or Cisco MDS 9134 Switch
If you are upgrading from Cisco MDS SAN-OS Release 3.1(1) to Cisco NX-OS Release 4.2(7a) on a Cisco MDS 9124 or MDS 9134 Switch, follow these guidelines:
•
•
•
•
•
•
Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch
Cisco MDS SAN-OS software upgrades are disruptive on the Cisco MDS 9216i switch, which has a single supervisor. If you are performing an upgrade on this switch, you should follow the nondisruptive upgrade path shown in Table 10, even though the upgrade is disruptive. Following the nondisruptive upgrade path ensures that the binary startup configuration remains intact.
If you do not follow the upgrade path, (for example, you upgrade directly from SAN-OS Release 2.1(2) or earlier version to NX-OS Release 4.2(x)), the binary startup configuration is deleted because it is not compatible with the new image, and the ASCII startup configuration file is applied when the switch comes up with the new upgraded image. When the ASCII startup configuration file is applied, there may be errors. Because of this, we recommend that you follow the nondisruptive upgrade path.
Note
Resetting SNMP Notifications Following an Upgrade
The SNMP notification configuration resets to the default settings when you upgrade to Cisco NX-OS Release 4.2(1b). Use the snmp-server enable traps command to reenable your required SNMP notifications.
Converting Automatically Created PortChannels Before an Upgrade
Before upgrading from NX-OS Release 4.1(x) or 4.2(x) to Release 5.x, ensure that you do not have any automatically created PortChannels present in the switch configuration. Use the port-channel persistent command to convert an automatically created PortChannel to a persistent PortChannel. Failure to convert automatically created PortChannels prior to the upgrade can result in traffic disruption because Autocreation of PortChannels is a deprecated feature as of NX-OS Release 4.1(1b).
Downgrading Your Cisco MDS SAN-OS Software Image
This section lists the guidelines recommended for downgrading your Cisco MDS SAN-OS software image and includes the following topics:
•
•
General Downgrading Guidelines
Use the following guidelines to nondisruptively downgrade your Cisco MDS NX-OS Release 4.2(1b):
•
•
•
•
•
–
–
–
–
–
Note
1.
2.
If these conditions exist, remove the application configuration for these targets and hosts before proceeding with the downgrade.
Use Table 13 to determine the nondisruptive downgrade path from Cisco NX-OS Release 4.2(1b). Find the SAN-OS image you want to downgrade to in the To SAN-OS Release column of the table and use the path recommended.
Note
FICON Downgrade Paths
Table 14 lists the downgrade paths for FICON releases. Find the image release number that you want to downgrade to in the To Release with FICON Enabled column of the table and follow the recommended downgrade path.
Downgrading the SSI Image on Your SSM
Use the following guidelines when downgrading your SSI image on your SSM:
•
•
•
•
–
–
–
Downgrading an MDS 9500 Series Switch with an 8-Gbps Module Installed
If you attempt to perform a nondisruptive software downgrade from NX-OS Release 4.x to SAN-OS Release 3.x on an MDS 9500 Series switch that has an 8-Gbps module installed, the switch should display a message that the module is unsupported and stop the downgrade. Instead, the switch displays a message that the module is unsupported and proceeds with a disruptive downgrade. The following table shows the actual and expected behavior of the switch for a software downgrade.
Table 15 Downgrade Behavior on an MDS 9500 Series Switch with 8-Gbps Module Installed
DB mode1
MDS 9513 with 8-Gbps module
4.2(7a)
3.3(x)
Disruptive
Abort. Disruptive after powerdown of 8-Gbps module.
DB mode
MDS 9513 without 8-Gbps module
4.2(7a)
3.3(x)
Disruptive
Disruptive.
BM mode2
MDS 9513 with 8-Gbps module
4.2(7a)
3.3(x)
Abort
Abort. Nondisruptive after powerdown of 8-Gbps module.
BM mode
MDS 9513 without 8-Gbps module
4.2(7a)
3.3(x)
Nondisruptive
Nondisruptive.
BM mode
MDS 9509 or 9506 with 8-Gbps module
4.2(7a)
3.3(x)
Abort
Abort. Nondisruptive after powerdown of 8-Gbps module.
BM mode
MDS 9509 or 9506 without 8-Gbps module
4.2(7a)
3.3(x)
Nondisruptive
Nondisruptive.
1 DB mode is the fabric mode that supports Generation 3 8-Gbps modules in an MDS 9513 switch chassis.
2 BM mode is the fabric mode that does not support Generation 3 8-Gbps modules in an MDS 9513 switch chassis.
New Features in Cisco MDS NX-OS Release 4.2(7a)
Cisco MDS NX-OS Release 4.2(7a) is a maintenance release. It includes bug fixes and the following new features:
•
The slow drain feature provides various enhancements to detect slow drain devices that cause congestion in the network and lead to an ISL credit shortage in the traffic destined for these devices. The credit shortage affects the unrelated flows in the fabric that use the same ISL link even though destination devices do not experience slow drain. The slow drain feature also includes a congestion avoidance function.
Note
The slow drain feature is not supported on the following Cisco MDS 9000 components:
–
–
–
•
Objects were added to the FC-FE-MIB.
The following objects were added to FcIfErrorEntry:
–
–
–
–
Documentation for MIBs is available in the Cisco MDS 9000 Family MIB Quick Reference.
Licensed Cisco NX-OS Software Packages
Most Cisco MDS 9000 family software features are included in the standard package. However, some features are logically grouped into add-on packages that must be licensed separately, such as the Cisco MDS 9000 Enterprise package, SAN Extension over IP package, Mainframe package, Fabric Manager Server (FMS) package, Storage Services Enabler (SSE) package, Storage Media Encryption package, and Data Mobility Manager package. On-demand ports activation licenses are also available for the Cisco MDS Blade Switch Series and 4-Gbps Cisco MDS 9100 Series Multilayer Fabric switches.
Enterprise Package
The standard software package that is bundled at no charge with the Cisco MDS 9000 Family switches includes the base set of features that Cisco believes are required by most customers for building a SAN. The Cisco MDS 9000 family also has a set of advanced features that are recommended for all enterprise SANs. These features are bundled together in the Cisco MDS 9000 Enterprise package. Refer to the Cisco MDS 9000 Enterprise package fact sheet for more information.
SAN Extension over IP Package
The Cisco MDS 9000 SAN Extension over IP package allows the customer to use FCIP to extend SANs over wide distances on IP networks using the Cisco MDS 9000 family IP storage services. Refer to the Cisco MDS 9000 SAN Extension over IP package fact sheet for more information.
Mainframe Package
The Cisco MDS 9000 Mainframe package uses the FICON protocol and allows control unit port management for in-band management from IBM S/390 and z/900 processors. FICON VSAN support is provided to help ensure true hardware-based separation of FICON and open systems. Switch cascading, fabric binding, and intermixing are also included in this package. Refer to the Cisco MDS 9000 Mainframe package fact sheet for more information.
Storage Services Enabler Package
The Cisco MDS 9000 SSE package allows network-based storage applications and services to run on the Cisco MDS 9000 family SSMs, Cisco MDS 9000 18/4-Port Multiservice Module (MSM-18/4), and Cisco MDS 9222i. Intelligent fabric applications simplify complex IT storage environments and help organizations gain control of capital and operating costs by providing consistent and automated storage management. Refer to the Cisco MDS 9000 SSE package fact sheet for more information.
On-Demand Port Activation License
On-demand ports allow customers to benefit from Cisco NX-OS Software features while initially purchasing only a small number of activated ports on 4-Gbps Cisco MDS 9100 Series Multilayer Fabric switches. As needed, customers can expand switch connectivity by licensing additional ports.
Storage Media Encryption Package
The Cisco MDS 9000 Storage Media Encryption package enables encryption of data at rest on heterogeneous tape devices and virtual tape libraries as a transparent fabric service. Cisco SME is completely integrated with Cisco MDS 9000 Family switches and the Cisco Fabric Manager application, enabling highly available encryption services to be deployed without rewiring or reconfiguring SANs, and allowing them to be managed easily without installing additional management software. Refer to the Cisco MDS 9000 Storage Media Encryption package fact sheet for more information. The Storage Media Encryption package is for use only with Cisco MDS 9000 Family switches.
Data Mobility Manager Package
The Cisco MDS 9000 Data Mobility Manager package enables data migration between heterogeneous disk arrays without introducing a virtualization layer or rewiring or reconfiguring SANs. Cisco DMM allows concurrent migration between multiple LUNs of unequal size. Rate-adjusted migration, data verification, dual Fibre Channel fabric support, and management using Cisco Fabric Manager provide a complete solution that greatly simplifies and eliminates most downtime associated with data migration. Refer to the Cisco MDS 9000 Data Mobility Manager package fact sheet for more information. The Data Mobility Manager package is for use only with Cisco MDS 9000 Family switches.
I/O Accelerator Package
The Cisco I/O Accelerator (IOA) package activates IOA on the Cisco MDS 9222i fabric switch, the Cisco MDS 9000 18/4 Multiservice Module (MSM-18/4), and on the SSN-16 module. The IOA package is licensed per service engine and is tied to the chassis. The number of licenses required is equal to the number of service engines on which the intelligent fabric application is used.The SSN-16 requires a separate license for each engine on which you want to run IOA. Each SSN-16 engine that you configure for IOA checks out a license from the pool managed at the chassis level. SSN-16 IOA licenses are available as single licenses.
XRC Acceleration License
The Cisco Extended Remote Copy (XRC) acceleration license activates FICON XRC acceleration on the Cisco MDS 9222i switch and on the MSM-18/4 in the Cisco MDS 9500 Series directors. One license per chassis is required. You must install the Mainframe Package and the SAN Extension over FCIP Package before you install the XRC acceleration license. The Mainframe Package enables the underlying FICON support, and the FCIP license or licenses enable the underlying FCIP support. XRC acceleration is not supported on the SSN-16.
Limitations and Restrictions
This section lists the limitations and restrictions for this release. The following limitations are described:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IPv6
The management port on Cisco MDS switches supports one user-configured IPv6 address, but does not support auto-configuration of an IPv6 address.
User Roles
In SAN-OS Release 3.3(x) and earlier, when a user belongs to a role which has a VSAN policy set to Deny and the role allows access to a specific set of VSANs (for example, 1 through 10), the user is restricted from performing the configuration, clear, execute, and debug commands which had a VSAN parameter outside this specified set. Beginning with NX-OS Release 4.1(1b), these users are still prevented from performing configuration, clear, execute, and debug commands as before, however, they are allowed to perform show commands for all VSANs. The ability to execute the show command addresses the following:
•
•
Red Hat Enterprise Linux
The Linux kernel core dump is not supported in NX-OS Release 4.1(1b) and later versions and therefore the CLI command has been removed. A syntax error message will be displayed if you import configurations from SAN-OS Release 3.3(x) and earlier to NX-OS Release 4.1(1b) and later. These syntax errors do not affect the application of other commands in the configuration and can be safely ignored. To address this, remove the kernel core configuration from the ASCII configuration file before importing the configuration.
Generation 1 Module Limitation
When a Cisco or other vendor switch port is connected to a Generation 1 module port (ISL connection), the receive buffer-to-buffer credit of the port connected to a Generation 1 module port should not exceed 255.
Schedule Job Configurations
As of MDS NX-OS Release 4.1(1b) and later, the scheduler job configurations need to be entered in a single line with a semicolon(;) as the delimiter.
Job configuration files created with SAN-OS Release 3.3(1c) and earlier, are not supported. However, you can edit the job configuration file and add the delimiter to support Cisco NX-OS Release 4.1(3a).
Maximum Number of Zones Supported in Interop Mode 4
In interop mode 4, the maximum number of zones that is supported in an active zone set is 2047, due to limitations in the connected vendor switch.
When IVR is used in interop mode 4, the maximum number of zones supported, including IVR zones, in the active zone set is 2047.
InterVSAN Routing
When using InterVSAN Routing (IVR), it is recommended to enable Cisco Fabric Services (CFS) on all IVR-enabled switches. Failure to do so may cause mismatched active zone sets if an error occurs during zone set activation.
Java Web Start
When using Java Web Start, it is recommended that you do not use an HTML cache or proxy server. You can use the Java Web Start Preferences panel to view or edit the proxy configuration. To do this, launch the Application Manager, either by clicking the desktop icon (Microsoft Windows), or type ./javaws in the Java Web Start installation directory (Solaris Operating Environment and Linux), and then select Edit> Preferences.
If you fail to change these settings, you may encounter installation issues regarding a version mismatch. If this occurs, you should clear your Java cache and retry.
VRRP Availability
The Virtual Router Redundancy Protocol (VRRP) is not available on the Gigabit Ethernet interfaces on the MSM-18/4 module or module 1 of the MDS 9222i switch, even though it is visible on these modules. The feature is not implemented in the current release.
Using a RSA Version 1 Key for SSH Following an Upgrade
For security reasons, NX-OS Release 4.2(1b) does not support RSA version 1 keys. As a result, if you upgrade to NX-OS Release 4.2(1b) from an earlier version that did support RSA version 1 keys, and you had configured a RSA version 1 key for SSH, then you will not be able to log in through SSH following the upgrade.
If you have a RSA version 1 key configured for SSH, before upgrading to NX-OS Release 4.2(7a), follow these steps:
Step 1
Step 2
Step 3
Step 4
Proceed with the upgrade to NX-OS Release 4.2(7a).
If you upgrade before disabling SSH and creating RSA version 2 keys, follow these steps:
Step 1
Step 2
Step 3
Step 4
CFS Cannot Distribute All Call Home Information
In MDS NX-OS Release 4.2(1b), CFS cannot distribute the following Call Home commands that can be configured with the destination-profile command:
•
•
The output of the show running-config callhome command shows configured Call Home commands:
switch#show running-config callhome> version 4.1(3)> callhome> email-contact abc@cisco.com <mailto:abc@cisco.com>> phone-contact +14087994089> streetaddress xyxxyx> distribute> destination-profile testProfile> destination-profile testProfile format XML> no destination-profile testProfile transport-method email> destination-profile testProfile transport-method http> destination-profile testProfile http https://xyz.abc.com> destination-profile testProfile alert-group all> transport email smtp-server 64.104.140.134 port 25 use-vrf management> transport email from abc@cisco.com <mailto:abc@cisco.com>> enable> commitWhen you attempt to apply these commands in the ASCII configuration, the following commands fail:
> no destination-profile testProfile transport-method email> destination-profile testProfile transport-method http> destination-profile testProfile http https://xyz.abc.comTo work around this issue, issue these commands after the commit command.
Availability of F Port Trunking and F Port Channels
Trunking F ports and trunking F port channels are not supported on the following MDS 9000 components:
•
•
Trunking F ports, trunking F port channels and regular F port channels are not supported on the following MDS 9000 components:
•
•
•
•
For configuration information, refer to the "Configuring Trunking" section in the Cisco MDS 9000 NX-OS Interfaces Configuration Guide.
Reserved VSAN Range and Isolated VSAN Range Guidelines
On an NPV switch with a trunking configuration on any interface, or on a regular switch where the feature fport_channel_trunk command has been issued to enable the Trunking F PortChannels feature, follow these configuration guidelines for reserved VSANs and the isolated VSAN:
•
•
•
The following VSAN IDs are assigned in the Fibre Channel Framing and Signaling (FC-FS) interface standard:
Applying Zone Configurations to VSAN 1
In the setup script, you can configure system default values for the default-zone to be permit or deny, and you can configure default values for the zone distribution method and for the zone mode.
These default settings are applied when a new VSAN is created. However, the settings will not take effect on VSAN 1, because it exists prior to running the setup script. Therefore, when you need those settings for VSAN 1, you must explicitly issue the following commands:
•
•
•
Running Storage Applications on the MSM-18/4
The Cisco MDS 9000 18/4-Port Multiservice Module (MSM-18/4) does not support multiple, concurrent storage applications. Only one application, such as SME or DMM, can run on the MSM-18/4 at a time.
RSPAN Traffic Not Supported on CTS Ports on 8-Gbps Switching Modules
An inter-switch link (ISL) that is enabled for Cisco TrustSec (CTS) encryption must be brought up in non-CTS mode to support remote SPAN (RSPAN) traffic on the following modules:
•
•
•
If the ISL link is brought up with CTS enabled, random packets drops of both RSPAN traffic and normal traffic will occur on the receiver port switch.
I/O Accelerator Feature Limitations
In NX-OS Release 4.2(7a), IOA does not support the following NX-OS features:
•
•
•
•
Support for FCIP Compression Modes
In Cisco NX-OS Release 4.2(7a), FCIP compression mode 1 and compression mode 3 are not supported on the Cisco MSM-18/4 module and on the SSN-16 module.
Saving Copies of the Running Kickstart and System Images
After you upgrade to MDS NX-OS Release 4.2(7a), you are not allowed to delete, rename, move, or overwrite the kickstart and system images that are in the current system bootvar settings on an active or standby MDS Supervisor-2 module on any Cisco MDS 9500 Series switch. This restriction does not apply to the integrated supervisor module on the MDS 9200 and MDS 9100 series switches.
Configuring Buffer Credits on a Generation 2 or Generation 3 Module
When you configure port mode to auto or E on a Generation 2 module, one of the ports will not come up for the following configuration:
•
•
•
When you configure port mode to auto or E on a Generation 3 module, one or two of the ports will not come up for the following configuration:
•
•
•
When you configure port mode to auto or E for all ports in the global buffer pool, you need to reconfigure buffer credits on one or more of the ports. The total number of buffer credits configured for all the ports in the global buffer pool should be reduced by 64.
PPRC Not Supported with FCIP Write Acceleration
IBM Peer to Peer Remote Copy (PPRC) is not supported with FCIP Write Acceleration.
Rule Changes Between SAN-OS Release 3.3(1c) and NX-OS Release 4.2(1a) Affect Role Behavior
The rules that can be configured for roles were modified between SAN-OS Release 3.3(1c) and NX-OS Release 4.2(1a). As a result, roles do not behave as expected following an upgrade from SAN-OS Release 3.3(1c) to NX-OS Release 4.2(1a). Manual configuration changes are required to restore the desired behavior.
Rule 4 and Rule 3: after the upgrade, exec and feature are removed. Change rule 4 and rule 3 as follows:
rule 4 permit exec feature debug
rule 4 permit debug
rule 3 permit exec feature clear
rule 3 permit clear
Rule 2: after the upgrade, exec feature license is obsolete.
rule 2 permit exec feature license
Not available in Release 4.2(1).
Rule 9, Rule 8, and Rule 7: after the upgrade, you need to have the feature enabled to configure it. In SAN-OS Release 3.3(1c), you could configure a feature without enabling it.
Configuring a Persistent FCID in an IVR Configuration with Brocade Switches
The following information is relevant if you have a fabric that consists of Cisco MDS 9000 switches and Brocade switches, and the Cisco MDS switches are running either NX-OS Release 4.x or Release 5.x and Brocade is running FOS higher than 6.x. In an IVR configuration, when IVR NAT is enabled on a Cisco MDS 9000 switch, the device in the native VSAN should be configured with a persistent FCID. Assuming the FCID is 0xAABBCC, AA should be configured with the virtual IVR domain ID of the VSAN that contains the ISLs and BB should be configured in the following range:
•
•
This configuration ensures that the devices connected to the Cisco MDS 9000 switch can be seen in the name server database on the Brocade switch.
Caveats
This section lists the open and resolved caveats for this release. Use Table 16 to determine the status of a particular caveat. In the table, "O" indicates an open caveat and "R" indicates a resolved caveat.
Resolved Caveats
•
Symptom: A watchdog timeout error may cause a Cisco MDS 9124 switch to fail and reload. This symptom may occur when there is excessive traffic or errors on the mgmt0 port.
Workaround: This issue is resolved.
•
Symptom: The RSCN process on a Cisco MDS 9513 switch fails because of a heartbeat failure and the following error message is displayed.
switch#
> version 4.1(3)This symptom might occur if the there are multiple MTS requests for RCSN to process.
Workaround: This issue is resolved.
•
Symptom: FICON Tape Acceleration (FTA) may unexpectedly reload when unplugging or reinitializing a host or tape Control unit port. This symptom may be seen when a host or tape control unit port is unplugged or re-initialized after an FCIP link fails over from one higher FSPF cost FCIP link to another lower FSPF cost link. Both FCIP links must be trunking the same VSAN and FTA must be configured for that VSAN.
Workaround: This issue is resolved.
•
Symptom: Operations involving CIM elements in the fabric profile fail.
Workaround: This issue is resolved.
•
Symptom: With XRC running, two FCIP links in a PortChannel went down. When they came back up, the PortChannel was stuck in the UP state on one side and in the initializing state on the other side. As a result, the FICON traffic did not route across the link.
Workaround: This issue is resolved.
•
Symptom: If you perform an In-Service Software Upgrade to NX-OS Release 4.2(7a), the following error message is displayed in the port monitor log.
> callhomeThis symptom might occur if the switch hardware is not configured to count the buffer credit wait time.
Workaround: This issue is resolved.
•
Symptom: The SSM module failed because of a problem with the ACL Manager.
Workaround: This issue is resolved.
•
Symptom: If the other end of the management interface on an MDS 9222i switch is configured full duplex and the MDS 9222i switch management interface is configured full duplex, the MDS 9222i switch management interface will come up in half duplex rather than full duplex. This symptom may be seen with the counterpart of the MDS 9222i switch management interface is configured in full duplex mode.
Workaround: This issue is resolved.
•
Symptom: If you enter the show device-alias status command while a service of device-alias is waiting for a CFS response, the output that is displayed may not be correct.
Workaround: This issue is resolved.
•
Symptom: The Com1 interface is not supported in MDS 9100 Series switches, but the related configuration and show commands are exposed.
Workaround: This issue is resolved.
•
Symptom: You cannot create VSAN 4093 on a Cisco MDS 9134 Switch after you perform an In-Service Software Upgrade from NX-OS Release 4.2(1a) to NX-OS Release 5.0(1a).
Workaround: This issue is resolved.
•
Symptom: On an MDS 9222i switch running Cisco NX-OS Release 4.2(3), if the mgmt0 port is configured to 100/full, it may come up as 100/half.
Workaround: This issue is resolved.
•
Symptom: Scheduled jobs start failing approximately 24 to 48 hours after they are configured. This symptom may be seen when AAM remote authentication is configured, but does not appear in the running or saved configuration.
Workaround: This issue is resolved.
•
Symptom: When Write Acceleration is enabled and in use with FCIP, and a third-party WAN optimization appliance takes actions on the FCIP frames, the peer FCIP switch may experience a port software failure that results in a core file.
Workaround: This issue is resolved.
•
Symptom: Invalid TCAM threshold messages were written to syslog.
Workaround: This issue is resolved.
•
Symptom: Cisco Discovery Protocol (CDP) cannot be enabled on a Gigabit Ethernet interface on an MDS 9000 switch running NX-OS Release 4.1(1b).
Workaround: This issue is resolved.
•
Symptom: Upgrading the SSI image on an MSM-18/4 module in slot 2 of an MDS 9222i switch causes the Gigabit Ethernet ports in module 1 to fail with the status:
> email-contact abc@cisco.com <mailto:abc@cisco.com>
> phone-contact +14087994089
> streetaddress xyxxyx
> distribute
> destination-profile testProfile
> destination-profile testProfile format XML
> no destination-profile testProfile transport-method email
> destination-profile testProfile transport-method httpWorkaround: This issue is resolved.
•
Symptom: Users are no longer able to log in to an MDS 9000 switch via SSH. The following error is seen in the log file:
> destination-profile testProfile http https://xyz.abc.comAt the same time the /dev/root file system is 100 percent in use.
This symptom might occur if there are many HTTP requests that go to the built-in MDS web server. The log file of the service continues to grow until it consumes all available space in /dev/root.
Workaround: This issue is resolved.
•
Symptom: Configuration commands for pWWN based zone members fail if the WWW has digits only. The colon (:) separator is required as part of the format.
Workaround: This issue is resolved.
•
Symptom: FCIP on a Cisco MDS 9000 Family switch fails with the following message:
> destination-profile testProfile alert-group allThis symptom may be seen when devices using iSCSI are sending in repeated TCP SYNs to the MDS 9000 switch. The iSCSI interfaces are configured and up but are not being used. The repeated TCP SYNs cause a memory leak in the IP services module.
Workaround: This issue is resolved.
•
Symptom: The QoS Manager on the SSM failed because of a heartbeat failure. This symptom might be seen when the module reloads and then there are multiple programming requests. The QoS Manager can then get stuck in a loop.
Workaround: This issue is resolved.
•
Symptom: Quoted strings are not permitted in the Call Home configuration for Customer ID and Site ID.
Workaround: This issue is resolved.
•
Symptom: The remote procedure call (RPC) program that was packaged as a part of Linux exposed a vulnerability, so RPC was removed from the Linux package.
Workaround: This issue is resolved.
•
Symptom: A failure of the ACL manager caused the SSM to reload.
Workaround: This issue is resolved.
•
Symptom: The feature ficon command enables FICON when the fabric-binding database does not have domain ID configured.
Workaround: This issue is resolved.
•
Symptom: NX-OS does support returning the fully qualified domain name (FQDN) from an SNMP walk in the system.sysname MIB.
Workaround: This issue is resolved.
•
Symptom: The FCIP Write Acceleration feature in NX-OS Release 4.2(x) is incompatible with earlier releases. Invalid OXID messages are displayed when Write Acceleration is enabled over FCIP links when one FCIP peer switch is running NX-OS Release 4.2(x) and the other peer is running an earlier release.
Workaround: This issue is resolved.
•
Symptomless zone server process may fail under the following conditions:
–
–
The possible scenarios that might cause an error while building the full database are as follows:
–
–
–
The memory leak may be seen only if an active zoneset is present in the incoming request and is successfully parsed.
Workaround: This issue is resolved.
•
Symptom: In a two switch setup, the host and target are connected to the same switch, and use a VSAN in the second switch as a transit VSAN. After removing the transit VSAN from the IVR topology and disconnecting the ISL between the two switches, the host cannot reach the tape device.
Workaround: This issue is resolved.
•
Symptom: When multiple rules are defined for a role and one feature appears in the multiple rules for the same role, then the view of a switch chassis may appear blank in Device Manager. This symptom occurs because only the first rule for the feature is used and other rules are ignored.
Workaround: This issue is resolved.
•
Symptom: %FCS-4-BAD_CT_FRAME syslog messages are logged. This symptom may seen when FCS does not get a response from a remote FCS within five seconds and a timeout occurs.
Workaround: This issue is resolved.
•
Symptom: Call Home e-mail names do not support special characters.
Workaround: This issue is resolved. The following characters are now supported:
! # $ % & ' * + - / = ? ^ _ ` . { | } ~
Note
•
Symptom: The MDS fcanalyzer cannot suppress screen output while writing a trace file with the
write parameter.
Workaround: This issue is resolved.
•
Symptom: IP name resolution does not work following an upgrade from Cisco SAN-OS Release 3.3 to Cisco NX-OS Release 4.2(5).
Workaround: This issue is resolved.
•
Symptom: If you copy and paste the EEM SNMP policy configuration output from the show running-config command, it fails when applied to a device.
Workaround: This issue is resolved.
•
Symptom: Modules failed to upgrade and they reloaded disruptively due to a lack of space to copy the new image.
Workaround: This issue is resolved.
•
Symptom: The path rootfs or /dev/root is full on an MDS 9000 module:
> transport email smtp-server 64.104.140.134 port 25 use-vrf managementWorkaround: This issue is resolved.
•
Symptom: The bundle indices of PortChannels are not restored properly from an old persistent storage service.
Workaround: This issue is resolved.
•
Symptom: A warning is needed when moving an application between user-defined CFS regions.
Workaround: This issue is resolved.
•
Symptom: When the number of zone members in the database approaches the 20,000 member limit, zone set activation may fail and the following error message may be displayed:
> transport email from abc@cisco.com <mailto:abc@cisco.com>Workaround: This issue is resolved.
•
Symptom: If you enter the sh logging onboard timeout0-drops command on a Cisco MDS 9222i switch, the output that is displayed may not be correct.
Workaround: This issue is resolved.
•
Symptom: The port group monitor feature on a Cisco MDS 9000 Family switch fails to generate an alarm when the configured port group bandwidth limit is exceeded.
Workaround: This issue is resolved.
•
Symptom: The port hardware fails with the following error message.
> enableWorkaround: This issue is resolved.
•
Symptom: The Call Home service on a Cisco MDS 9000 Family switch fails. This symptom might occur if the message level is configured before configuring the license and syslog-group-port settings.
Workaround: This issue is resolved.
Open Caveats
•
Symptom: The fcdomain service on both supervisor modules fails, which results in a reload of the device. An error message similar to the following is displayed:
'' %SYSMGR-2-SERVICE_CRASHED: Service ''fcdomain'' (PID 4688) hasn't caught signal 11 (core will be saved)''This issue affects the following products when they have SNMP configured:
–
–
The following products are confirmed not vulnerable:
–
–
Workaround: The following workaround is available:
Infrastructure Access Control Lists
Caution
Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks. Infrastructure Access Control Lists (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example below should be included as part of the deployed infrastructure access-list which will protect all devices with IP addresses in the infrastructure IP address range:
!---!--- Feature: SNMP!---!---!--- Permit SNMP traffic from trusted sources.!---ip access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARDINFRASTRUCTURE_ADDRESSES WILDCARD eq port snmpip access-list 150 permit tcp TRUSTED_SOURCE_ADDRESSES WILDCARDINFRASTRUCTURE_ADDRESSES WILDCARD eq port snmp!---!--- Deny SNMP traffic from all other sources.!---ip access-list 150 deny udp any any eq port snmpip access-list 150 deny tcp any any eq port snmp!---!--- Permit/deny all other Layer 3 and Layer 4 traffic in!--- accordance with existing security policies and!--- configurations. Permit all other traffic to transit the!--- device.!---access-list 150 permit ip any any!--- Apply access-list to management interfaceinterface serial 2/0ip access-group 150 inFor more information on IP Access Control Lists see the "Configuring IPv4 and IPv6 Access Control List" section in the Cisco MDS 9000 Family NX-OS Security Configuration Guide at the following location:
For more information on IP Access Control Lists see the "Configuring ACLs" section in the Cisco Nexus 5000 Series NX-OS Software Configuration Guide at the following location:
•
Symptom: On certain hardware, certain Cisco MDS 9000 Series features and applications do not work. These include IVR, IOA, DMM, SME, fcflow, and SPAN.
The following devices with hardware revision 1.5 are affected by this issue:
–
–
–
The following devices with hardware revision 1.0 are affected by this issue:
–
For this module, the affected version is 73-14372-01A0 hardware version 1.0 (due to the new 73-number)–
For this switch, the affected version is 73-14373-01A0 hardware version 1.0 (due to the new 73-number)For the DS-X9248-96K9, DS-X9248-48K9 and DS-X9224-96K9 modules, the output of the show module command indicates whether or not the device is affected.
switch# sh mod 2Mod Ports Module-Type Model Status--- ----- ----------------------------------- ------------------ ----------2 24 1/2/4/8 Gbps FC Module DS-X9224-96K9 okMod Sw Hw World-Wide-Name(s) (WWN)--- -------------- ------ --------------------------------------------------2 5.2(1) <B>1.0</B> 20:41:00:0d:ec:24:f4:c0 to20:58:00:0d:ec:24:f4:c0In the preceding output, the device is hardware revision 1.0 and therefore not affected.
For the DS-X9304-18K9 and the DS-C9222i-K9, the show module command might indicate hardware version 1.0 due to new part numbers; however the show sprom module command shows the affected parts.
switch# sh mod 9Mod Ports Module-Type Model Status--- ----- ----------------------------------- ------------------ ----------9 22 4x1GE IPS, 18x1/2/4Gbps FC Module DS-X9304-18K9 okMod Sw Hw World-Wide-Name(s) (WWN)--- -------------- ------ --------------------------------------------------9 5.2(1) 1.0 22:01:00:0d:ec:25:e9:80 to 22:12:00:0d:ec:25:e9:80Mod MAC-Address(es) Serial-Num--- -------------------------------------- ----------9 00-1a-e2-03-4c-5c to 00-1a-e2-03-4c-64 JAE1131SCBWswitch# sh sprom module 9 1 |egrep "Part|Serial"Serial Number : JAE1131SCBWPart Number : 73-10688-06 <-- Not 73-14372-01 so h/w ver 1.0 is OKPart Revision : A0Workaround: Upgrade to software release that has the fix for this issue.
–
–
–
•
Symptom: A SCSI flow that is configured for Fibre Channel write acceleration might disappear after a module reloads. This symptom can be seen under the following conditions:
–
–
Workaround: To work around this issue, follow these steps:
1.
> commitshow scsi-flow2.
KERN Critical SYSTEM_MSG mts_is_q_space_available():1050:Total mtsbuf size 5027136 for sap 21, exceeds the allowable limit of 15 percof 16777216 - kernelno scsi-flow flow-id <flow-id>Enter this command separately for each configured SCSI flow.
3.
UTC RSCN Critical MTS_FAILED RSCN MTS operation failed: MTS Send notification failed:: Device or resource busyscsi-flow flow-id <flow-id> initiator-vsan <initiator-vsan> initiator-pwwn <initiator-pwwn> target-vsan <target-vasn> target-pwwn <target-pwwn>4.
BB Credit not availablescsi-flow flow-id <flow-id> statistics
%IMAGE_DNLD-SLOT2-2-IMG_DNLD_STARTED: Module image download process. Please wait until completion...scsi-flow flow-id <flow-id> write-acceleration>•
Symptom: When you try to save a configuration, you might see the following message:
%IMAGE_DNLD-SLOT2-2-IMG_DNLD_COMPLETE: Module image download process. Download successful.copy run start
%PORT-5-IF_TRUNK_DOWN: %$VSAN 1%$ Interface fcip1, vsan 1 is down (Tunnel port src interface unbound)
%PORT-5-IF_TRUNK_DOWN: %$VSAN 20%$ Interface fcip1, vsan 20 is down (Tunnel port src interface unbound)
%PORT-5-IF_DOWN_SRC_PORT_NOT_BOUND: %$VSAN 1%$ Interface fcip1 is down (Tunnel port src interface unbound)
%ETHPORT-5-IF_DOWN_UPGRADE_IN_PROGRESS: Interface GigabitEthernet1/1 is down (Linecard upgrade in progress)
GigabitEthernet1/1 swFailure
GigabitEthernet1/2 swFailure
unable to lock password file
%PORT-5-IF_DOWN_PEER_RESET: %$VSAN 1%$ Interface fcip1 is down(TCP conn. reset by peer)
/var/log/wtmp is consuming the ramdisk space on the linecard
2010 Jun 19 03:45:33 switchname %ZONE-2-ZS_CHANGE_ACTIVATION_FAILED_RESN_DOM: %$VSAN XXX%$ Activation failed : reason SFC retry exceeded domain XXX
IP_FCMAC_ERRThis symptom was seen because the Call Home feature had duplicate message throttling disabled and there were flapping interfaces that generated thousands of Call Home messages. These messages filled up the ISAN directory.
Workaround: To work around this issue, enable Call Home duplicate message throttling. If you find that the /isan directory is 100 percent full, open a TAC case to get assistance with deleting the files.
Related Documentation
The documentation set for NX-OS for the Cisco MDS 9000 Family includes the following documents. To find a document online, access the following web site:
http://www.cisco.com/en/US/products/ps5989/tsd_products_support_series_home.html
The documentation set for Cisco Fabric Manager appears in the Cisco Fabric Manager Release Notes for Release 4.2(5), which is available from the following website:
http://www.cisco.com/en/US/products/ps10495/prod_release_notes_list.html
Release Notes
•
•
•
•
Regulatory Compliance and Safety Information
•
Compatibility Information
•
•
•
•
•
•
Hardware Installation
•
•
•
•
Software Installation and Upgrade
•
•
•
Cisco NX-OS
•
•
•
•
•
•
•
•
•
•
•
Command-Line Interface
•
Intelligent Storage Networking Services Configuration Guides
•
•
•
•
•
•
Troubleshooting and Reference
•
•
•
•
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2010 Cisco Systems, Inc. All rights reserved.
