The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document also covers later releases. If a new Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes document isn’t available, then that means that these are the latest available numbers for upgrade.
The following table lists the changes to this document.
Table 1. Changes to this Document
Date |
Description |
April 26, 2022 |
Release 10.2(3)
became available.
|
Introduction
The Cisco Nexus 9000 Series NX-OS mode switches contain several programmable logical devices (PLDs) that provide hardware functionalities in all modules. Cisco provides electronic programmable logic device (EPLD) image upgrades to enhance hardware functionality or to resolve known issues. PLDs include electronic programmable logic devices (EPLDs), field programmable gate arrays (FPGAs), and complex programmable logic devices (CPLDs), but they do not include ASICs. In this document, the term EPLD is used for FPGA and CPLDs.
The advantage of having EPLDs for some module functions is that when you need to upgrade those functions, you just upgrade their software images instead of replacing their hardware.
Note: EPLD image upgrades for a line card disrupt the traffic going through the module because the module must power down briefly during the upgrade. The system performs EPLD upgrades on one module at a time, so at any one time the upgrade disrupts only the traffic going through one module.
Cisco provides the latest EPLD images with each release. Typically, these images are the same as provided in earlier releases but occasionally some of these images are updated. These EPLD image updates are not mandatory unless otherwise specified. The EPLD image upgrades are independent from the Cisco In Service Software Upgrade (ISSU) process, which upgrades the system image with no impact on the network environment.
When Cisco makes an EPLD image upgrade available, these release notes announce their availability, and you can download the EPLD images from https://software.cisco.com/download/navigator.html.
When to Upgrade EPLDs
When new EPLD images are available, the upgrades are always recommended if your network environment allows for a maintenance period in which some level of traffic disruption is acceptable. If such a disruption is not acceptable, then consider postponing the upgrade until a better time.
Note: The EPLD upgrade operation is a disruptive operation. Execute this operation only at a programmed maintenance time. The system ISSU upgrade is a nondisruptive upgrade.
Note: Do not perform an EPLD upgrade during an ISSU system upgrade.
Note: EPLD version is backward compatible.
Switch Requirements
The Cisco Nexus 9000 Series switch must be running the Cisco NX-OS operating system
You must be able to access the switch through a console, SSH, or Telnet (required for setting up a switch running in NX-OS mode).
You must have administrator privileges to work with the Cisco Nexus 9000 Series switch.
EPLD Upgrades Available for NX-OS Mode Releases 10.1(2) through 10.2(3)
Each EPLD image that you can download from Software Download page, is a bundle of EPLD upgrades. To see the recent updated EPLD versions for the Cisco Nexus 9200, 9300, 9300-EX, 9300-FX, and 9500 platforms, see the following tables.
Note: All updates to an image are shown in boldface. If more than one release is shown for a column, the boldface applies to the first release listed for the column.
Note: The 10.2(3) release of EPLD, addresses the Secure Boot Hardware Tampering vulnerability for the Nexus 3K and Nexus 9000 Series switches. Please refer to Security Advisory.
Please review the advisory for affected HW-PIDs (see below table) for more details on how to apply the patch. The 10.2(1)) release epld requires a specific sequence of upgrade.
Vulnerable Products addressed in Security Advisory (cisco-sa-20190513-secureboot)
Table 2. Nexus 9000 Series Switches
PID |
Fixed IO FPGA Version |
N9K-C93180YC-EX |
0x15
|
N9K-C93108TC-EX |
0x15
|
N9K-C93180YC-FX |
0x20
|
N9K-C93108TC-FX |
0x20
|
N9K-C9348GC-FXP |
0x10
|
N9K-C93240YC-FX2 |
0x10
|
N9K-C9336C-FX2 |
0x10
|
N9K-C9364C |
0x6
|
N9K-C9332C |
0x10
|
N9K-C93180YC-FX |
0x20
|
N9K-C9232C |
0x8
|
N9K-SUP-A+ |
0x14
|
N9K-SUP-B+ |
0x14
|
N9K-SUP-B |
0x30
|
N9K-SUP-A |
0x30
|
Cisco Secure Boot Hardware Tampering Vulnerability - Remediation Steps
The following section details updating your EPLD version for affected switches listed in: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
Nexus 9000 Modular chassis with dual supervisor:
Note: It is required to update both Golden and Primary regions of FPGA to address this particular vulnerability. It is by design, that we don't allow updating both primary and golden at the same time (to avoid programming errors, that may cause switch to not boot, hence only one region is allowed to be programmed per reload).
Please do not attempt to upgrade Golden region of FPGA once it is on a fixed version.
1. Copy the EPLD image to bootflash (e.g. used n9000-epld.10.2.3.img).
2. If you have dual supervisor, determine which is the standby Supervisor by doing 'show module' and start upgrading it first. On the N9K, Only supervisors need upgrade for this vulnerability. LC/FM/SC cards are not affected.
3. Assuming standby supervisor is slot 28. Update the Primary FPGA region of standby supervisor.
install epld bootflash:n9000-epld.10.2.3.img module 28
Expected result: Switch will update primary EPLD of standby supervisor and will reload the standby supervisor module automatically. Please don't interrupt, power cycle or reload when EPLD update is happening. Once standby is booted, it will again come up as standby supervisor. A 'show version module 28 epld' will continue to show old version.
switch# show mod | grep SUP
27 0 Supervisor Module N9K-SUP-A active *
28 0 Supervisor Module N9K-SUP-A ha-standby
27 9.3(0.416) 1.0 SUP1
28 9.3(0.416) 0.3011 SUP2
switch# show version module 28 epld
EPLD Device Version
---------------------------------------
IO FPGA 0x27
This is expected, as the switch would have booted from Golden FPGA which is still not updated. You can verify this from syslog which would say:
%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 28 IOFPGA booted from Golden
4. Update the Golden (also called backup) FPGA region of the standby supervisor.
install epld bootflash:n9000-epld.10.2.3.img module 28 golden
Module 28 : IO FPGA [Programming ] : 100.00% ( 64 of 64 total sectors)
Module 28 EPLD upgrade is successful.
Module Type Upgrade-Result
------ ------------------ --------------
28 SUP Success
Expected result: Switch will update the golden EPLD of standby supervisor and will reload the standby supervisor module automatically. Please don't interrupt, power cycle or reload when EPLD update is happening. Once standby is booted, it will again come up as ha-standby supervisor.
Once this is done, when you check 'show version module 28 epld' you will see FPGA version that is >= to the fixed version for the standby supervisor. Your switch has the fixed version for standby supervisor.
switch# show version module 28 epld
EPLD Device Version
---------------------------------------
IO FPGA 0x30
Repeat Step 3 and 4, for the active supervisor. At the end of Step 3, supervisor in slot 27 will reload and hence now will be-come standby supervisor. The active supervisor will be Supervisor in slot 28.
(considering SUP 27 is active to begin with, for the above activity, such as steps 3 and 4, commands would have 27 in place of 28.)
Log below shows what happens when epld upgrade happens for active supervisor.
Module 27 : IO FPGA [Programming] : 100.00% ( 64 of 64 sectors)
Module 27 EPLD upgrade is successful.
Module Type Upgrade-Result
------ ------------------ --------------
27 SUP Success
EPLDs upgraded. Performing switchover.
Once the supervisor in Slot 27 becomes ha-standby complete step 4 for Slot 27, and it will again boot and become ha-standby. Both the supervisors now have the vulnerability fixed version of FPGA.
At the end of the upgrades, switch should boot with primary for both SUPs, logs below
switch# show logging log | grep -i fpga | grep -i 27
2019 Jul 10 07:55:04 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 27 IOFPGA booted from Primary
switch# show logging log | grep -i fpga | grep -i 28
2019 Jul 10 07:58:01 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 28 IOFPGA booted from Primary
Nexus 9000 Modular chassis with single supervisor:
Note: It is required to update both Golden and Primary regions of FPGA to address this particular vulnerability. It is by design, that we don't allow updating both primary and golden at the same time (to avoid programming errors, that may cause switch to not boot, hence only one region is allowed to be programmed per reload).
Please do not attempt to upgrade Golden region of FPGA once it is on a fixed version.
1. Copy the EPLD image to bootflash (e.g. used n9000-epld.10.2.3.img).
2. Assuming the supervisor is in Slot27. Update the Primary FPGA region.
install epld bootflash:n9000-epld.10.2.3.img module 27
Expected result: Switch will update primary EPLD of the supervisor and will reload the switch automatically. Please don't interrupt, power cycle or reload when EPLD update is happening. Once the supervisor is booted, the 'show version module 27 epld' will continue to show old version
Switch#show version module 27 epld
-------------------------------------------------------------------
Name InstanceNum Version Date
-------------------------------------------------------------------
IO FPGA 0 0x27 20160111
BIOS version v08.35(08/31/2018)
Alternate BIOS version v08.32(10/18/2016)
This is expected, as the switch would have booted from Golden FPGA which is still not updated. You can verify this from syslog which would say:
%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 27 IOFPGA booted from Golden
3. Since in this case there is only one supervisor, update the Golden (also called backup) FPGA region.
install epld bootflash:n9000-epld.10.2.3.img module 27 golden
Module 27 : IO FPGA [Programming ] : 100.00% ( 64 of 64 total sectors)
Module 27 EPLD upgrade is successful.
Module Type Upgrade-Result
------ ------------------ --------------
27 SUP Success
Expected result: Switch will update the golden EPLD of the supervisor and will reload the switch automatically. Please don't interrupt, power cycle or reload when EPLD update is happening.
Once this is done, when you check ‘show version module 27 epld' you will see FPGA version that is >= to the fixed version for the supervisor. Your supervisor has the vulnerability fixed version of FPGA.
SWITCH# show version module 27 epld
-------------------------------------------------------------------
Name InstanceNum Version Date
-------------------------------------------------------------------
IO FPGA 0 0x30 20190625
BIOS version v08.35(08/31/2018)
Alternate BIOS version v08.32(10/18/2016)
At the end of the upgrades, switch should boot with primary for the SUP, log below
switch# show logging log | grep -i fpga | grep -i 27
2019 Jul 10 07:55:04 switch %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 27 IOFPGA booted from Primary
IMPORTANT NOTE:
If you attempt to upgrade the Golden region of the FPGA once it is on the fixed version, the system will not automatically al-low you to upgrade the Golden region of SUP, and will provide the following prompt:
switch# install epld bootflash:n9000-epld.10.2.3.img module all golden
Digital signature verification is successful
Compatibility check:
Module Type Upgradable Impact Reason
------ ----------------- ---------- ---------- ------
22 FM Yes disruptive Module Upgradable
24 FM Yes disruptive Module Upgradable
27 SUP No none Golden Not Upgradable
28 SUP No none Golden Not Upgradable
29 SC Yes disruptive Module Upgradable
30 SC Yes disruptive Module Upgradable
Retrieving EPLD versions.... Please wait.
Images will be upgraded according to following table:
Module Type EPLD Running-Version New-Version Upg-Required
------ ---- ------------- --------------- ----------- ------------
22 FM IO FPGA 0x19 0x19 Yes
24 FM IO FPGA 0x19 0x19 Yes
29 SC IO FPGA 0x17 0x20 Yes
30 SC IO FPGA 0x17 0x20 Yes
Module 27 (EPLD ver 0x29) Golden upgrade not supported
Module 28 (EPLD ver 0x30) Golden upgrade not supported
The above modules require upgrade.
Since both System Controller modules need an upgrade,a chassis reload will happen at the end of the upgrade.
Do you want to continue (y/n) ? [n] y
Nexus 9000 and Nexus 3000 TOR:
Note: It is required to update both Golden and Primary regions of FPGA to address this particular vulnerability. It is by design, that we don't allow updating both primary and golden at the same time (to avoid programming errors, that may cause switch to not boot, hence only one region is allowed to be programmed per reload).
Please do not attempt to upgrade Golden region of FPGA once it is on a fixed version.
1. Copy the EPLD image to bootflash (e.g. used n9000-epld.10.2.3.img).
2. Update the Primary FPGA region.
install epld bootflash:n9000-epld.10.2.3.img module 1
Expected result: Switch will update EPLD and will reload automatically. Please don't interrupt, power cycle or reload when EPLD update is happening. Switch would boot up with golden FPGA, ‘show version module 1 epld’ would show the old Fpga version for IO, due to this. This is expected.
show version module 1 epld
-------------------------------------------------------------------
Name InstanceNum Version Date
-------------------------------------------------------------------
IO FPGA 0 0x06 20180920
MI FPGA 0 0x01 20170609
BIOS version v01.14(06/15/2019)
Alternate BIOS version v01.12(07/25/2018)
You can verify this from syslog which would say:
%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 1 IOFPGA booted from Golden
%CARDCLIENT-2-FPGA_BOOT_GOLDEN: IOFPGA booted from Golden
3. Update the Golden (also called backup) FPGA region.
install epld bootflash:n9000-epld.10.2.3.img module 1 golden
Expected result: Switch will update EPLD and will reload automatically. Please don't interrupt, power cycle or reload when EPLD update is happening.
Once this is done, when you check 'show version module 1 epld' you will see FPGA version that is >= to the fixed version.
show version module 1 epld
-------------------------------------------------------------------
Name InstanceNum Version Date
-------------------------------------------------------------------
IO FPGA 0 0x07 20180920
MI FPGA 0 0x01 20170609
BIOS version v01.14(06/15/2019)
Alternate BIOS version v01.12(07/25/2018)
After uprade is complete, switch should boot up with primary, shown logs below
show logging log | grep -i fpga
2019 Jul 9 19:46:11 Deervalley4 %CARDCLIENT-2-FPGA_BOOT_PRIMARY: IOFPGA booted from Primary
2019 Jul 9 19:46:11 Deervalley4 %CARDCLIENT-2-FPGA_BOOT_PRIMARY: MIFPGA booted from Primary
2019 Jul 9 19:46:11 Deervalley4 %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 1 IOFPGA booted from Primary
2019 Jul 9 19:46:11 Deervalley4 %CARDCLIENT-5-MOD_BOOT_PRIMARY: Module 1 MIFPGA booted from Primary
Note: For N3K-C36180YC-R and N3K-C3636C-R, CPU FPGA will have the fix, so look for CPU FPGA instead of IO.
Table 3. Available EPLD Images for the Cisco Nexus 9200, 9300, 9300-EX, and 9300-FX Platform Switches
Release 10.1(2) |
Release 10.2(1) |
Release 10.2(2) |
|||
Cisco Nexus 92348GC-X |
IOFPGA |
0x14 (0.020) |
0x14 (0.020) |
0x14 (0.020) |
0x14 (0.020) |
0x15 (0.021) |
0x15 (0.021) |
0x15 (0.021) |
|||
0x2 (0.002) |
0x2 (0.002) |
0x2 (0.002) |
|||
0x22 (0.034) |
0x22 (0.034) |
0x22 (0.034) |
|||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
0x2 2 (0.03 4 ) |
0x2 2 (0.03 4 ) |
0x2 2 (0.03 4 ) |
|||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
0x15 (0.021) |
0x15 (0.021) |
0x15 (0.021) |
|||
0x6 (0.006) |
0x6 (0.006) |
0x6 (0.006) |
|||
Cisco Nexus 931
80Y
C-FX
3
|
IOFPGA |
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
MIFPGA |
0x15 (0.021) |
0x15 (0.021) |
0x16 (0.021) |
0x18 (0.024) |
|
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
|||
0x15 (0.021) |
0x15 (0.021) |
0x15 (0.022) |
|||
0x15 (0.021) |
0x15 (0.021) |
0x15 (0.021) |
|||
0x4 (0.004) |
0x4 (0.004) |
0x4 (0.004) |
|||
0x22 (0.034) |
0x22 (0.034) |
0x22 (0.034) |
|||
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
|||
0x16 (0.022) |
0x16 (0.022) |
0x16 (0.022) |
|||
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|||
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|||
0x13 (0.019) |
0x13 (0.019) |
0x13 (0.019) |
|||
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
||
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
||
0x13 (0.019) |
0x13 (0.019) |
0x13 (0.019) |
0x13 (0.019) |
||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
Cisco Nexus 9332D-GX2B |
IOFPGA |
N/A |
N/A |
0x11 (0.017) |
0x11 (0.017) |
MIFPGA |
N/A |
N/A |
0x13 (0.019) |
0x13 (0.019) |
|
0x13 (0.019) |
0x13 (0.019) |
0x13 (0.019) |
|||
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|||
Cisco Nexus 9336C-FX2-E |
IOFPGA |
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
MIFPGA |
0x4 (0.004) |
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|
0x16 (0.022) |
0x16 (0.022) |
0x16 (0.022) |
|||
0x4 (0.004) |
0x4 (0.004) |
0x4 (0.004) |
|||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
|||
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
|||
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
|||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
0x15 (0.021) |
0x15 (0.021) |
0x15 (0.021) |
|||
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
|||
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
|||
0x11 (0.017) |
0x11 (0.017) |
0x11 (0.017) |
|||
0x4 (0.004) |
0x4 (0.004) |
0x4 (0.004) |
|||
0x6 (0.006) |
0x6 (0.006) |
0x6 (0.006) |
|||
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|||
0x4 (0.004) |
0x4 (0.004) |
0x4 (0.004) |
Table 4. Available EPLD Images for the Cisco Nexus 9500 Platform Switches
Release 10.1(2) |
Release 10.2(1) |
Release 10.2(2) |
|||
0x31 (0.049) |
0x31 (0.049) |
0x31 (0.049) |
|||
0x17 (0.023) |
0x17 (0.023) |
0x17 (0.023) |
|||
0x30 (0.049) |
0x30 (0.049) |
0x30 (0.049) |
|||
0x17 (0.023) |
0x17 (0.023) |
0x17 (0.023) |
|||
0x22 (0.034) |
0x22 (0.034) |
0x22 (0.034) |
|||
0x14 (0.020) |
0x14 (0.020) |
0x14 (0.020) |
|||
0x4 (0.004) |
0x4 (0.004) |
0x4 (0.004) |
|||
32-port 100-Gigabit QSFP28 line card |
0x13 (0.019) |
0x13 (0.019) |
0x13 (0.019) |
||
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
|||
32-port 100-Gigabit QSFP28 line card |
0x11 (0.017) |
0x11 (0.017) |
0x11 (0.017) |
||
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|||
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
|||
0x2 (0.002) |
0x2 (0.002) |
0x2 (0.002) |
|||
16-port 400-Gigabit QSFP-DD line card (N9K-X9716D-GX) |
IOFPGA |
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
MIFPGA |
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
|
0x13 (0.019) |
0x13 (0.019) |
0x13 (0.019) |
|||
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
|||
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
|||
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
|||
48-port 1/10GBASE-T and 4-port |
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
||
0x8 (0.008) |
0x8 (0.008) |
0x8 (0.008) |
|||
48-port 1-/10-/25-Gigabit SFP28 and |
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
||
0x5 (0.005) |
0x5 (0.005) |
0x5 (0.005) |
|||
48-port 10-Gigabit SFP+ and |
0x4 (0.004) |
0x4 (0.004) |
0x4 (0.004) |
||
0x6 (0.006) |
0x6 (0.006) |
0x6 (0.006) |
|||
48-port 10-Gigabit SFP+ and
|
0x6 (0.006) |
0x6 (0.006) |
0x6 (0.006) |
||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
Fabric module for Cisco Nexus 9504 |
0x15 (0.021) |
0x15 (0.021) |
0x15 (0.021) |
||
Fabric module for Cisco Nexus 9504 |
0x11 (0.017) |
0x11 (0.017) |
0x11 (0.017) |
||
Fabric module for Cisco Nexus 9508 |
0x14 (0.020) |
0x14 (0.020) |
0x14 (0.020) |
||
Fabric module for Cisco Nexus 9508 |
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
||
Fabric module for Cisco Nexus 9508 |
0x11 (0.017) |
0x11 (0.017) |
0x11 (0.017) |
||
Fabric module for Cisco Nexus 9516 |
0x11 (0.011) |
0x11 (0.011) |
0x11 (0.011) |
||
0x8 (0.008) |
0x8 (0.008) |
0x8 (0.008) |
Table 5. Available EPLD Images for the Cisco Nexus 9500 Platform Switches with R Line Cards
Release 10.1(2) |
Release 10.2(1) |
Release 10.2(2) |
Release 10.2(3) |
||
0x18 (0.024) |
0x18 (0.024) |
0x18 (0.024) |
|||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
0x12 (0.018) |
0x12 (0.018) |
0x12 (0.018) |
|||
0x9 (0.009) |
0x9 (0.009) |
0x9 (0.009) |
|||
0x19 (0.025) |
0x19 (0.025) |
0x19 (0.025) |
|||
0x3 (0.003) |
0x3 (0.003) |
0x3 (0.003) |
|||
0xD |
0xD |
0xD |
|||
0xF |
0xF |
0xF |
|||
0xE |
0xE |
0xE |
|||
Fabric module for Cisco Nexus 9504 |
0x7 (0.007) |
0x7 (0.007) |
0x7 (0.007) |
||
0x10 (0.016) |
0x10 (0.016) |
0x10 (0.016) |
Determining Whether to Upgrade EPLD Images
EPLD image number, you can skip the upgrade.
● To determine the EPLD upgrades needed for a Cisco Nexus 9000 Series switch, use the show install impact epld bootflash: command on that switch and indicate the n9000-epld.10.2.3 image. In the following example, the MIFPGA, and IOFPGA EPLD images do not need to be upgraded.
switch# show install all impact epld n9000-epld.10.2.3.img
Retrieving EPLD versions.... Please wait.
Images will be upgraded according to following table:
Module Type EPLD Running-Version New-Version Upg-Required
------ ---- ------------- --------------- ----------- ------------
1 LC MI FPGA 0x0f 0x0f No
1 LC IO FPGA 0x0d 0x0d No
1 LC DB FPGA 0x0e 0x0e No
21 FM IO FPGA 0x07 0x07 No
27 SUP IO FPGA 0x15 0x15 No
28 SUP IO FPGA 0x15 0x15 No
29 SC IO FPGA 0x20 0x20 No
30 SC IO FPGA 0x20 0x20 No
Compatibility check:
Module Type Upgradable Impact Reason
-------------------------------------------------
1 LC Yes disruptive Module Upgradable
21 SUP Yes disruptive Module Upgradable
27 SUP Yes disruptive Module Upgradable
28 SUP Yes disruptive Module Upgradable
29 SC Yes disruptive Module Upgradable
30 SC Yes disruptive Module Upgradable
Upgrade During ISSU
This feature offers the option to upgrade EPLD images during disruptive system (NXOS) upgrade. You will designate the target EPLD image using the ISSU cli. The EPLD image will be validated during the pre-upgrade stage of the installation and the actual EPLD upgrade will be done before reloading the system. When the system comes back online, all EPLDs and NXOS system (including BIOS) will be upgraded to the new versions.
To upgrade your EPLD image using the ISSU cli, enter the EPLD image to be installed using the install all nxos <nxos-image> epld <epld-image> command.
For additional information about ISSU, please see the Cisco Nexus 9000 Series NX-OS Software Upgrade and Downgrade Guide.
Displaying the Status of EPLD Upgrades
To display the status of EPLD upgrades on the switch, use the show install epld status command.
Limitations
When EPLDs are upgraded, the following guidelines and observations apply:
● If a module is not online, you cannot upgrade its EPLD images.
● If there are two supervisors that are installed in the switch (Cisco Nexus 9504, 9508, and 9516 switches only), you can either upgrade only the standby or upgrade all modules (including both supervisor modules) by using the following commands:
◦ install epld bootflash: image module standby-supervisor-slot-number (upgrades only the standby supervisor module)
Note: After you use this command, you can switchover the active and standby supervisor modules and then upgrade the other supervisor.
◦ install epld bootflash: image module all (upgrades all of the modules)
● If there is only one supervisor that are installed in the switch, your upgrading or downgrading of EPLD images is disruptive.
Related Documentation
The entire Cisco NX-OS 9000 Series documentation set.
Release Notes
The entire Cisco NX-OS 9000 Series release notes set.
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments to nexus9k-docfeedback@cisco.com. We appreciate your feedback.
Legal Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2022 Cisco Systems, Inc. All rights reserved.