The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the features, issues, and deployment guidelines for the Cisco MDS NX-OS software for use on the Cisco MDS 9000 Series Switches.
Note:
● The documentation set for this product strives to use bias-free language. For this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.
● Release notes are updated on an as needed basis with new information on restrictions and issues. See the following website for the most recent version of the Cisco MDS 9000 Series Release Notes.
Date |
Description |
August 12, 2024 |
Added CSCwk33644 in the Open Issues section. |
July 26,2024 |
Initial Release |
Introduction
The Cisco MDS 9000 Series of Multilayer Directors and Fabric Switches provide best-in-class high availability, scalability, security, and management that enables to deploy high-performance storage area networks. Layering a rich set of intelligent features onto a high-performance switch fabric, the Cisco MDS 9000 Series has the flexibility to fit small deployments and to address the stringent requirements of large data center storage environments: high availability, security, scalability, sustainability, ease of management, and seamless integration of new technologies.
About Software Images
The Cisco MDS NX-OS operating system is shipped with the Cisco MDS 9000 Series Switches. The Cisco MDS NX-OS software consists of two images: the kickstart image and the system image. These images can be upgraded or downgraded to different versions. The versions of both images must match for the system to boot.
Each model of the Cisco MDS switch has unique kickstart and system images. For more information on the image names for each Cisco MDS switch, see the Cisco MDS 9000 NX-OS Software Upgrade and Downgrade Guide, Release 9.x.
To download the new Cisco MDS 9000 Series Switches NX-OS software, go to the Storage Networking Software download website at https://software.cisco.com/download/find/MDS.
Cisco MDS 9000 Series Switches contain a number of hardware components with updatable firmware. The Transceiver Firmware bundle contains updates for various port transceivers. The EPLD Firmware bundle contains updates for programmable logic devices in the system.
These updates can be disruptive and so are not part of the Cisco NX-OS software image. They are released with every Cisco NX-OS release but do not frequently contain changes. Refer to the specific Release Notes for any recommended fixes.
For more information on Transceiver Firmware, see the Cisco MDS 9000 Series Transceiver Firmware Release Notes, Release 9.4(2a).
For more information on EPLD bundles, see the Cisco MDS 9000 Series EPLD Release Notes, Release 9.4(2a).
Choosing Between Cisco MDS NX-OS Open Systems Releases
Cisco uses release numbering to indicate the maturity of a Cisco MDS NX-OS release train. Cisco MDS NX-OS major versions are incremented when significant software features or hardware support are added. Because of the focus on new features and hardware, all bugs may not yet have been fixed. After an initial release, minor version numbers of the release train are incremented as bugs are resolved, and minor feature enhancements and security patches are integrated. This provides increased stability to the new features and updated security.
For Cisco recommended MDS NX-OS releases for each type of hardware, see Recommended Releases for Cisco MDS 9000 Series Switches document.
Components Supported
For information on supported software and hardware components, see Cisco MDS 9000 Series Compatibility Matrix.
IBM FICON Qualification Status
Cisco MDS NX-OS Release 9.4(2a) is not IBM FICON qualified. For more information on releases that are IBM FICON qualified, see Cisco MDS 9000 NX-OS and SAN-OS Software Release Notes.
Upgrade and Downgrade Paths
The following sections provides information about nondisruptive upgrade and downgrade paths for Cisco MDS NX-OS Release 9.4(2a). For guidelines that are recommended for upgrading or downgrading Cisco MDS NX-OS software images, see the Cisco MDS 9000 NX-OS Software Upgrade and Downgrade Guide, Release 9.x.
Upgrading Cisco MDS NX-OS Software Image
Open Systems Nondisruptive Upgrade Paths
Nondisruptive Upgrade Paths to Cisco MDS NX-OS Release 9.4(2a).
Current MDS NX-OS Release |
Nondisruptive Upgrade Paths and Ordered Upgrade Steps |
9.4(x) |
Upgrade directly to MDS NX-OS Release 9.4(2a) |
9.3(x) |
Upgrade directly to MDS NX-OS Release 9.4(2a) |
9.2(x) |
Upgrade directly to MDS NX-OS Release 9.4(2a) |
8.5(1) |
Upgrade directly to MDS NX-OS Release 9.4(2a) |
8.4(2c), 8.4(2d), 8.4(2e), 8.4(2f) |
Upgrade directly to MDS NX-OS Release 9.4(2a) |
Any 8.x prior to 8.4(2c) |
Step 1. Upgrade to MDS NX-OS Release 8.4(2c). Step 2. Upgrade to MDS NX-OS Release 9.4(2a) |
7.3(1)DY |
Step 1. Upgrade to MDS NX-OS Release 8.1(1b) Step 2. Upgrade to MDS NX-OS Release 8.4(2c) Step 3. .Upgrade to MDS NX-OS Release 9.4(2a) |
6.2(29), 6.2(31), 6.2(33) |
Step 1. Upgrade to MDS NX-OS Release 8.4(2c) Step 2. Upgrade to MDS NX-OS Release 9.4(2a) |
Note: Upgrading MDS NX-OS from unsupported releases to MDS NX-OS Release 9.4(2a) is disruptive.
Downgrading Cisco MDS NX-OS Software Image
Open Systems Nondisruptive Downgrade Paths
Nondisruptive Downgrade Paths from NX-OS Release 9.4(2a)
Target MDS NX-OS Release |
Nondisruptive Downgrade Paths and Ordered Upgrade Steps |
9.4(x) |
Downgrade directly to the target release |
9.3(x) |
Downgrade directly to the target release |
9.2(x) |
Downgrade directly to the target release |
8.5(1) |
Downgrade directly to the target release |
8.4(2c), 8.4(2d), 8.4(2e), 8.4(2f) |
Downgrade directly to the target release |
Any 8.x prior to 8.4(2c) |
Step 1. Downgrade to MDS NX-OS Release 8.4(2c) or 8.4(2d) or 8.4(2e) or 8.4(2f) Step 2. Downgrade to the target release |
7.3(1)DY |
Step 1. Downgrade to MDS NX-OS Release 8.4(2c) Step 2. Downgrade to MDS NX-OS Release 8.1(1b) Step 3. Downgrade to the target release |
6.2(29), 6.2(31), 6.2(33) |
Step 1. Downgrade to MDS NX-OS Release 8.4(2c) Step 2. Downgrade to the target release. |
Note:
· Downgrading MDS NX-OS Release 9.4(2a) to unsupported MDS NX-OS releases is disruptive.
· Downgrading MDS NX-OS Release 9.4(2a) to MDS NX-OS Release 9.4(2) release is not recommended.
New Hardware Features
There are no new hardware features in Cisco MDS NX-OS Release 9.4(2a).
New and Enhanced Software Features
There are no new softeware features in Cisco MDS NX-OS Release 9.4(2a).
Unsupported Features
MD5 Hash in FCSP
From Cisco MDS NX-OS Release 9.4(2) and later releases, do not support the MD5 hash algorithm in Fibre Channel Security Protocol (FSCP) as it is no longer considered secure. The default hash algorithm has been changed to SHA1.
10G and 40G FCoE linecards
From Cisco MDS NX-OS Release 9.4(2) and later releases, do not support the following FCoE linecards:
· DS-X9848-480K9 – 48-port 10-Gbps FCoE Switching Module
· DS-X9824-960K9 – MDS 9700 24-port 40-Gbps FCoE Switching Module
For more information, see the Cisco MDS 9700 Series Multilayer Directors Hardware Installation Guide.
SDV feature
Cisco MDS NX-OS Release 9.3(2) and later releases do not support Cisco SAN device virtualization (SDV).
Traditional and Smart Licensing Version 1.0 Licenses
Cisco MDS NX-OS Release 9.2(2) and later releases does not support installation of Product Authorization Key (PAK) or Smart Licensing version 1.0 licenses. Licenses are now managed through Smart License using Policy (SLP).
For more information such as how to migrate licenses, see Smart Licensing Using Policy chapter in Cisco MDS 9000 Series Licensing Guide, Release 9.x.
Python 2
Support for Python 2 is deprecated from Cisco MDS NX-OS Release 9.2(2). Python 3 remains supported instead. Python 2 scripts should be checked for compatibility with Python 3 to ensure they continue to function as expected.
For more information, see the Python API chapter in the Cisco MDS 9000 Series Programmability Guide, Release 9.x.
Zoning Features
LUN zoning, read-only zones, and broadcast zones are no longer supported.
If these features are already configured, completely remove all the configurations that include these features before attempting to boot any module. In addition, you cannot configure these features after you bring up any module.
XRC Acceleration License
From Cisco MDS NX-OS Release 8.1(1a), the Cisco Extended Remote Copy (XRC) acceleration license is obsoleted on Cisco MDS 9000 Series Switches due to improvements in the mainframe XRC feature.
Virtual Router Redundancy Protocol (VRRP)
From Cisco MDS NX-OS Release 8.3(1) and later, the VRRP feature is not supported on Cisco MDS 9000 Series Switches.
Data Encryption Standard (DES) for SNMP
From Cisco MDS NX-OS Release 8.5(1), AES-128 is the default encryption mechanism for SNMPv3. DES encryption for SNMP is supported only for DES users who upgrade from previous releases to Cisco MDS NX-OS Release 8.5(1). Ensure that you delete all the SNMPv3 users configured with DES encryption before upgrading to Cisco MDS NX-OS Release 8.5(1) and later releases. Any downgrades from Cisco MDS NX- OS Release 8.5(1) will be restricted if any of the SNMPv3 users have DES encryption configured as the privacy protocol. All such users will either need to be deleted or reconfigured to use no privacy protocol or AES128 encryption before downgrading.
For more information, see Cisco MDS 9000 Series System Management Configuration Guide, Release 9.x.
Fabric Performance Impact Notifications (FPIN)
· FPIN is not supported on switches that are operating in NPV mode.
· FPIN notifications for oversubscription-based congestion are not supported.
FCWA, XRC, DMM, SME
FCWA, XRC, DMM, and SME features are not supported from Release 8.x.
SAN Extension Tuner
SAN Extension Tuner (SET) is not supported on Cisco MDS 9220i switches in Cisco MDS NX-OS Release 8.5(1) or later.
Fibre Channel Read Diagnostic Parameters
Fibre Channel RDP querying is not supported on NP, Port Channel, or FCoE links.
Slow Drain Detection and Congestion Isolation
ER_RDY is not supported on FC interfaces running at 10 Gbps.
FCIP Support
· In Cisco MDS NX-OS Release 9.2(2) and later releases, simultaneous use of IVR and FCIP Write Acceleration features is not supported on FCIP tunnels configured on Cisco MDS 9700 Director switches.
· On Cisco MDS 24/10 Port SAN Extension Module, configuring multiple FSPF equal cost paths (ECMP) port channels with FCIP members in the same VSAN is not a valid configuration. If this is configured, then the traffic flows through only one of the port channels.
iSCSI Support
iSCSI is not supported on Cisco MDS 9700 Directors with Cisco MDS 24/10 port SAN Extension Modules and Cisco MDS 9220i multiservice fabric switch.
Cisco TrustSec FC Link Encryption
Cisco TrustSec FC Link Encryption support is available only on certain ports for the following modules and switches:
Model |
Description |
Cisco TrustSec Capable Ports |
Encryption Key Length |
DS-X9748- 3072K9 |
64 Gbps Fibre Channel Switching module |
9, 11, 13, 15, 25, 27, 29, 31 |
AES 128 bit |
DS-X9648- 1536K9 |
32 Gbps Fibre Channel Switching Module |
9-12, 25-28, 41-44 |
AES 128 bit |
DS-X9448- 768K9 |
16 Gbps Fibre Channel Switching module |
All FC ports |
AES 128 bit |
DS-X9334-K9 |
24/10 Port SAN Extension Module |
All FC ports |
AES 128 bit |
DS-C9132T-K9 |
MDS 9132T Fabric Switch |
9-12, 25-28 |
AES 128 bit |
DS-C9148T-K9 |
MDS 9148T Fabric Switch |
9-12, 25-28, 41-44 |
AES 128 bit |
DS-C9396T-K9 |
MDS 9396T Fabric Switch |
Base ports: 9-12, 25-28, 41-44 LEM ports: 57-60, 73-76, 89-92 |
AES 128 bit |
DS-C9220I-K9 |
MDS 9220i 32 Gbps 12-Port Fibre Channel Fabric Switch |
9-12 |
AES 128 bit |
DS-C9124V- 24PEVK9 |
MDS 9124V 64 Gbps 24-Port Fibre Channel Fabric Switch |
9-12 |
AES 128 bit |
DS-C9148V- 48PETK9 |
MDS 9148V 64 Gbps 48-Port Fibre Channel Fabric Switch |
9-12, 33-36 |
AES 128 bit |
DS-C9396V-K9 |
64 Gbps 96 Port Fibre Channel switch |
1-4, 25-28, 57-60, 81-84 |
AES 128 bit |
Resolved Issues
Severity 2 (Severe) Issues
Bug ID |
Headline |
Known Impacted Releases |
analytics_client crash when trying to do bulk disable |
9.4(2), 9.4(1a), 9.4(1) 9.3(2a), 9.3(2), 9.3(1) |
|
Internal buffers leaked by TACACS service even though TACACS service is not enabled |
9.4(1) 9.3(2a) |
|
Cisco NX-OS Software CLI Command Injection Vulnerability |
9.4(2), 9.4(1a), 9.4(1) 9.3(2a), 9.3(2), 9.3(1) 9.2(2), 9.2(1a), 9.2(1) 8.5(1) 8.4(2f), 8.4(2e), 8.4(2d), 8.4(2c), 8.4(2b), 8.4(2a), 8.4(2), 8.4(1a), 8.4(1) 8.3(2), 8.3(1) 8.2(2), 8.2(1), 8.1(1b), 8.1(1a), 8.1(1) 7.3(1)DY(1), 7.3(1)D1(1), 7.3(0)DY(1), 7.3(0)D1(1) 6.2(9c), 6.2(9b), 6.2(9a), 6.2(9), 6.2(7), 6.2(5b), 6.2(5a), 6.2(5), 6.2(33), 6.2(31), 6.2(3), 6.2(29), 6.2(27), 6.2(25), 6.2(23), 6.2(21), 6.2(19), 6.2(17), 6.2(15), 6.2(13b), 6.2(13a), 6.2(13), 6.2(11e), 6.2(11d), 6.2(11c), 6.2(11b), 6.2(11), 6.2(1) |
|
TACACS authentication fails after ISSU to Cisco MDS NX-OS 9.4(2) |
9.4(2) |
|
Evaluation of mds-infra for OpenSSH regreSSHion vulnerability |
9.4(2) |
|
ISSD compatibility check failure from NX-OS 9.4(2) |
9.4(2) |
|
FDMI service crash while executing 'show fdmi database detail’ command |
9.4(2) |
Severity 4 (Minor) Issues
Bug ID |
Headline |
Known Impacted Releases |
9250i/9148S/9396S switches missing `show ssh version`command. |
9.4(2) |
Open Issues
Severity 3 (Moderate) Issues
Bug ID |
Headline |
Known Impacted Releases |
fwd-flow validation CC fails in 9132T after ISSU from NX-OS 8.4(2f) |
9.4(2a), 9.4(2), 9.4(1a), 9.4(1) 9.3(2a), 9.3(2), 9.3(1) |
|
FCSP service crash after reload or enabling the FCSP feature |
9.4(2a), 9.4(2), 9.4(1a), 9.4(1) 9.3(2a), 9.3(2), 9.3(1) |
|
Vport entries not deleted after FC LOGO |
9.4(2a) |
Severity 4 (Minor) Issues
Bug ID |
Headline |
Known Impacted Releases |
'show tech details' triggers 'pam_ftp(ftp:auth): conversation failed- ftpd' syslogs |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(1), 8.4(2), 8.4(2a), 8.4(2b), 8.4(2c), 8.4(2d). 8.4(2e) 8.3(2), 8.3(1) 8.2(2), 8.2(1) |
|
IPv6 source address not displayed in log in failure logs |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(1), 8.4(2), 8.4(2a), 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) 8.3(2), 8.3(1) |
|
SCSI target discovery service running even after removal of last DS-X9334-K9 module from switch |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(1), 8.4(1a), 8.4(2), 8.4(2a), 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) 8.3(1), 8.3(2) 8.2(1), 8.2(2) 8.1(1), 8.1(1a), 8.1(1b) |
|
Nondisruptive reload causes reinitialization of error disabled ports on other linecards |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(2), 8.4(2a), 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) |
|
Remove misleading ficon stat 'merge failed' message in non- FICON VSAN |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) |
|
Linecard fails to boot up with '%PORT-5- MODULE_BRINGUP_NOT_ALLOWED' error |
9.4(2a), 9.4(2), 9.4(1a) 8.4(2e), 8.4(2c) 8.1(1) |
|
Power Supply status of "Powered-dn" causes Amber System Status LED |
9.4(2a), 9.4(2) 9.4(1a), 9.4(1) |
Severity 6 (Enhancement) Issues
Bug ID |
Headline |
Known Impacted Releases |
All flows are briefly suspended while moving an IOA flow between 2 clusters |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(1), 8.4(2), 8.4(2a), 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) 8.3(2), 8.3(1) 8.2(2), 8.2(1) 8.1(1b), 8.1(1a), 8.1(1) |
|
Streaming to telemetry receiver stops, receiver stays in "idle" state |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(1), 8.4(2), 8.4(2a), 8.4(2b), 8.4(2c), 8.4(2d), 8.4(2e) |
|
Need to automatically sync bootflash:/scripts directory between active and standby sups |
9.4(2a), 9.4(2), 9.4(1a), 9.4(1) 8.1(1a) |
|
Need to save nonvolatile logs about BIOS programming errors |
9.4(2a), 9.4(2), 9.4(1a) 8.5(1) 8.4(2c), 8.4(2d), 8.4(2e) 8.3(2) |
|
A fabric module with a faulty link to a linecard is not powered down |
9.4(2a), 9.4(2), 9.4(1a) 8.4(1) |
|
Add option to 'show tech-support' to exclude and include subcommands |
9.4(2a), 9.4(2), 9.4(1a), 9.4(1) 8.1(1) |
|
Span tx is not working in NPV mode on all platforms, rx is working |
9.4(2a), 9.4(2), 9.4(1a), 9.4(1) |
|
Need a syslog warning when number of zone members exceeds maximum supported |
9.4(2a), 9.4(2), 9.4(1a) 8.4(2d) |
Related Documentation
The documentation set for the Cisco MDS 9000 Series includes the documents that are listed in this section. To find a document online, access the following URL:
http://www.cisco.com/en/US/products/ps5989/tsd_products_support_series_home.html
Cisco Nexus Dashboard Fabric Controller (Formerly DCNM)
http://www.cisco.com/en/US/products/ps9369/tsd_products_support_series_home.html
Release Notes
Licensing Information
Regulatory Compliance and Safety Information
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/hw/regulatory/compliance/RCSI.html
Compatibility Information
Installation and Upgrade
Configuration Guides
CLI
Troubleshooting and Reference
Statement of Volatility
Documentation Roadmap
https://www.cisco.com/c/en/us/td/docs/storage/san_switches/mds9000/roadmaps/rel90.html
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, send your comments to mds-docfeedback@cisco.com. We appreciate your feedback.
Legal Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2024 Cisco Systems, Inc. All rights reserved.