The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
◦
Introduction
Visibility into application traffic is important for infrastructure operations to maintain security and compliance, and to perform resource planning and troubleshooting. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.
Cisco Nexus Dashboard Data Broker with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution well-suited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.
Cisco Nexus Dashboard Data Broker also provides a software-defined, programmable solution to perform inline inspection of the network traffic for monitoring and visibility purpose. Inline traffic inspection is performed on specific traffic by redirecting it through multiple security tools before it enters or exits a network.
Note: The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.
Date |
Description |
November 23, 2023 |
Updated the Interoperability Matrix table to indicate support for NX-OS releases, 9.3(12) and 10.2(6). |
October 30, 2023 |
Updated the Compatibility Matrix table to indicate support for Nexus C93180YC-FX3 and C9332D-GX2B switches. |
March 31, 2023 |
Updated the Interoperability Matrix table to indicate support for NX-OS release 9.3(10). |
March 12, 2023 |
Updated the Supported APIC Versions table to indicate support for APIC version 5.2(6e). |
February 16, 2023 |
Updated the Interoperability Matrix table to indicate support for NX-OS release 10.3(1). |
December 20, 2022 |
Updated the Interoperability Matrix table to indicate support for NX-OS release 10.2(4). |
July 28, 2022 |
Updated the Interoperability Matrix table to indicate support for NX-OS release 9.3(9). |
July 11, 2022 |
Release 3.10.2 became available. |
No new features for this release.
Enhanced Security Updates
To fix vulnerability issues, the following enhancements have been made in Release 3.10.2:
● Supported Jetty version - 9.4.45
● Supported OSGi version – 3.17.200
Issues
Cisco Bug Search Help Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.Use the Bug Search Tool to search for a specific bug or to search for all bugs in a release.
This section includes the following topics:
● Open Issues
● Resolved Issues
● Known Issues
Open Issues
Open Issues for Cisco Nexus Dashboard Data Broker.
Bug ID |
Description |
Exists In |
“Could not commit transaction” exception thrown at NDB. |
3.7.0 and above |
|
Port Channel Configuration is not getting exported. |
3.9.0 and above |
|
Port-channel operations on ISL links results in failure of Link discovery. |
3.9.0 and above |
|
Auto-priority connection with intersecting port range filters not working. |
3.10.0 and above |
|
A NDB shouldn't use "session manager" way for MPLS ACLs configuration. |
3.10.0 and above |
|
Port-channel is not getting recreated and reconfigured port hit upgrade. |
3.10.0 and above |
|
Direction change should be supported while editing span session. |
3.8.0 and above |
|
NDB reprograms ISL ACL/ACEs without any flag enabled. |
3.10.0 and above |
|
ISL portchannel is attached with port and global acl after upgrade from 3.7 to 3.10.1. |
3.10.1 and above |
|
RMA of device is not getting successful on upgraded setup. |
3.10.1 and above |
Resolved Issues
Resolved Issues for Cisco Nexus Dashboard Data Broker.
Bug ID |
Description |
Resolved In |
Nexus Data Broker - HSTS Missing From HTTPS Server (RFC 6797 & Qualys ID 11827). |
3.10.2 |
|
Vulnerability on NDB Jetty version. |
3.10.2 |
|
Controller crashes when configuring a span session with ACI-AAEP settings. |
3.10.2 |
|
Inconsistencies seen on upgrade from 3.10.0.a to 3.10.1. |
3.10.2 |
|
Not able to install connection with filter having IPv6/IPV4+VLAN in 10.1(2) NXOS. |
3.10.2 |
Known Issues (NX-OS)
Bug ID |
Description |
Exists In |
NDB Limitation: Can't match MAC address in IP packet, it will hit deny any any in IP ACLs. |
9.2.1 and above |
|
Need Error handling for feature SFLOW with ERSPAN destination since they are mutually exclusive. |
9.2.1 and above |
|
Can't match MAC address in IP packet, it will hit deny any any in IP ACLs. |
9.2.1 and above |
|
MPLS tapagg should allow deny ACE without redirection option. |
9.2.2 and above |
|
Not able to use ipv6 + vlan on the ISL link. |
7.3.0 and above |
|
IP ACL with UDF match removes internal VLAN tag in Cisco NX-OS Release 9.3(2). - Fixed in 9.3(3). |
9.3.2 |
|
Re-direct STP, CDP packets similar to LLDP port for OpenFlow. |
7.0.3 and above |
|
Not able to convert Layer 2 ports to layer 3 in 9.3(3). |
9.3.3 |
|
ACL with HTTP tcp-option-length redirect statement are not matching traffic correctly in 9.3(3). |
9.3.3 |
|
ERSPAN Dest doesn't work when L2 port with mode tap-aggregation is converted to L3 port in 9.3(3). |
9.3.4 |
|
Duplicate sequence number error in NXOS 9.3(6). |
9.3.6 |
|
Dot1q-tunnel(QinQ) is not programmed correctly for port-channel members in NXOS 9.3(5). |
9.3.5, 9.3.6 |
|
After device reload Guest Shell activation fails due to low memory on devices for NXOS 9.3(5) version. |
9.3.5 |
|
Not seeing timestamptag on interface after configuring the cmds on C9504 platform in nxos 9.3.7. |
9.3.7 |
|
Username is shown as ‘guestshell’ irrespective of user executes the guestshell. |
9.3.7 |
Compatibility Matrix
The following table lists the compatibility information for Cisco Nexus Dashboard Data Broker, Release 3.10.2.
Device |
Minimum Cisco Nexus Dashboard Data Broker Version |
Supported Use Case |
Cisco Nexus 3000 Series Switch Cisco Nexus 3100 Series Switch Cisco Nexus 3200 Series Switch Cisco Nexus 3164Q Series Switch |
3.0 or later |
Tap/SPAN aggregation |
Cisco Nexus 31100 Series Switch |
3.7 or later |
Tap/SPAN aggregation |
Cisco Nexus 9200 Series Switch |
3.1 or later |
Tap/SPAN aggregation |
Cisco Nexus 9300 Series Switch |
3.0 or later |
Tap/SPAN aggregation |
Cisco Nexus 9300-EX Series Switch |
3.1 or later |
Tap/SPAN aggregation |
Cisco Nexus 9300-FX Series Switch |
3.5 or later |
Tap/SPAN aggregation |
Cisco Nexus 9300-FX2 Series Switch |
3.7 or later |
Tap/SPAN aggregation |
Cisco Nexus 9300-FX3 Series Switch Supported Modules:
● C93180YC-FX3
|
3.10.2 or later |
Tap/SPAN aggregation |
Cisco Nexus 9300-GX Series Switch |
3.10 or later |
Tap/SPAN aggregation |
Cisco Nexus C9332D-GX2B Switch |
3.10.2 or later |
Tap/SPAN aggregation |
Cisco Nexus 9332C Switch Cisco Nexus 9364C Switch |
3.8 or later |
Tap/SPAN aggregation |
Cisco Nexus 9500 Series Switch – 9504, 9508, 9516 Supported Modules:
● N9K-X97160YC-EX
● N9K-X9732C-EX
● N9K-X9732C-FX
● N9K-X9736C-EX
● N9K-X9736C-FX
● N9K-X9788TC-FX
|
3.5 or later |
Tap/SPAN aggregation |
Interoperability Matrix
The following table lists the hardware and software interoperability matrix for Cisco Nexus Dashboard Data Broker, Release 3.10.2.
Implementation Type: NX-API
Supported NX-OS Versions |
|
Cisco Nexus 3000 Series Switch1 – 3048, 3064 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9). |
Cisco Nexus 3100 Series Switch1 – 3132C-Z, 3172, 3164, 3164Q |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9). |
Cisco Nexus 3200 Series Switch – 3232 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.2(4), 10.3(1). Note: NX-OS release 9.3(12) is supported only on 3232C. |
Cisco Nexus 31100 Series Switch |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9). Note: 31108PCV also supports (besides the releases listed above) NX-OS releases, 9.3(10), 9.3(12), 10.2(4), 10.3(1). |
Cisco Nexus 9200 Series Switch - C92304QC1, C92160YC Note: Cisco Nexus 9200 Series switches support only one switch deployment. |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5), 9.3(7), 9.3(7a), 9.3(8), 9.3(9),10.1(2), 10.2(2). |
Cisco Nexus 9300 Series Switch - C93128TX1, C9396TX1 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9),10.1(2), 10.2(2). |
Cisco Nexus 9300-EX Series Switch - C93180LC-EX1, C93180YC-EX, C93108TC-EX |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1). Note: NX-OS Releases, 9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1) are supported only on C93108TC-EX. |
Cisco Nexus 9300-FX Series Switch - C93108TC-FX, C93180YC-FX |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.3(1). Note: NX-OS Releases, 9.3(10), 10.2(4), 10.3(1) are supported only on C93108TC-FX. |
Cisco Nexus 9300-FX2 Series Switch - N9K-9336C-FX2, 93240YC-FX2 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9), 10.1(2), 10.2(2), 10.2(3), 10.3(1). |
Cisco Nexus 9300-FX2 Series Switch - C93360YC-FX2 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1). |
Cisco Nexus 9300-FX3 Series Switch - C93180YC-FX3 |
9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1). |
Cisco Nexus 9300-GX Series Switch - 93600CD-GX, 9364C-GX,9316D-GX |
9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1). Note: NX-OS Releases, 9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1) are supported only on 93600CD-GX. |
Cisco Nexus 9332C Switch |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1). |
Cisco Nexus 9364C Switch |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1). |
Cisco Nexus C9332D-GX2B Switch |
9.3(10), 10.2(4), 10.2(6), 10.3(1). |
Cisco Nexus 9500 Series Switch Supported Modules: • N9K-X9464TX |
9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6). Note: NX-OS Releases 9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1) are supported only on 9504. |
Cisco Nexus 9500-EX Series Switch Supported Modules: • N9K-X97160YC-EX • N9K-X9732C-EX |
9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 10.1(2), 10.2(2), 10.2(3). |
Cisco Nexus 9500-FX Series Switch Supported Modules: • N9K-X9732C-FX |
9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 10.1(2), 10.2(2), 10.2(3). |
1- NX-OS Release 10.x(x) is not supported on these platforms.
Unsupported Features
Unsupported features for Cisco Nexus Dashboard Data Broker, Release 3.10.2:
● Embedded mode (OVA) deployment in NX-OS version I(4) or lower is not supported.
● Communication between the Nexus Dashboard Data Broker controller and devices using OpenFlow is not supported.
● Inline redirection of traffic is not supported.
Supported APIC Versions
The table displays the supported APIC versions.
APIC Version |
Minimum Cisco Nexus Dashboard Data Broker Version |
Supported Deployment Mode |
5.2(4d),5.2(4e), 5.2(6e) |
3.10.2 |
Centralized |
Verified Scalability Limits
The table displays the supported verified scalability limits.
Description |
Small |
Medium |
Large |
Number of switches used for TAP and SPAN aggegation |
25 |
50 |
75 - 100 |
Guidelines and Limitations
This section lists the guidelines and limitations for Cisco Nexus Dashboard Data Broker:
Specific for Release 3.10.2
● Upgrade from Nexus Data Broker, Release 3.9.2, to Nexus Dashboard Data Broker, Release 3.10.2, is not supported.
● Nexus Dashboard Data Broker, Release 3.10.2 is not supported on ND/vND.
● The recommended RHEL version for deploying Cisco Nexus Dashboard Data Broker, Release 3.10.2 is RHEL 7.7.
● Cisco Nexus Dashboard Data Broker, Release 3.10.2, supports the following versions:
Cisco Product |
Supported Version(s) |
Catalyst 9300-24UB, C9500-32QC1 |
16.12.02 and above |
Catalyst C9200-48PXG, C9200L-24T-4X, C9407R, C9606R |
17.03.01 and above |
DNAC |
2.2.2.4 |
Nexus 3550-F Fusion L1 |
1.15.0 and 1.16.0 |
1 - C9500 with version 16.12 should have the same show version output as C9300.
General
● A Cisco Nexus Dashboard Data Broker instance can support only the NX-API configuration mode.
● By default, the Nexus Dashboard Data Broker cluster URL is https://<IP_address>:8443
● The switchport mode trunk and spanning-tree bpdufilter enable command should be enabled for all switch ports on all Cisco Nexus Dashboard Data Broker managed switches.
● Cisco Nexus switches managed by Cisco Nexus Dashboard Data Broker in NX-API mode must have LLDP feature enabled. Disabling LLDP may cause inconsistencies and require switch rediscovery for NX-API switches.
● For secured communication between Cisco Nexus Dashboard Data Broker and switch through HTTPS, start the Cisco Nexus Dashboard Data Broker in TLS mode for the first time only. Subsequent restarts does not require TLS mode.
For more details, see Cisco Nexus Dashboard Data Broker Configuration Guide.
● The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Dashboard Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS
./ndb config-keystore-passwords [--user {user} --password {password} --url {url} –verbose --prompt --keystore-password {key-store_password} --truststore-password {truststore_password}
● Cisco Nexus 92xx series switches do not support Q-in-Q; you cannot use this switch in a multi-switch environment.
● Dry Run feature is disabled by default. To enable this feature, see the Configuration Guide.
● Do not configure TACACS on the Cisco NDB devices. You can configure it only for authentication and authorization. It is not to be used for accounting.
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, send your comments to ciscodcnapps-docfeedback@cisco.com. We appreciate your feedback.
Legal Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2023 Cisco Systems, Inc. All rights reserved.