Release Notes for Cisco Catalyst 9300 Series Switches, Cisco IOS XE Everest 16.5.1a

Release Notes for Cisco Catalyst 9300 Series Switches, Cisco IOS XE Everest 16.5.1a

---

First Published: June 20, 2017

This release note gives an overview of the hardware and software with Cisco IOS XE Everest 16.5.1a, on the Cisco Catalyst 9300 Series Switches.
Unless otherwise noted, the terms switch and device refer to a standalone switch and to a switch stack.

• For information about unsupported features, see Important Notes.
• For information about software and hardware restrictions and limitations, see Limitations and Restrictions.
• For information about open issues with the software, see Caveats.

Introduction

Cisco Catalyst 9300 Series Switches are Cisco’s lead stackable access platforms for the next-generation enterprise. It has been purpose-built to address emerging trends of Security, IoT, Mobility, and Cloud.

Cisco Catalyst 9300 Series Switches deliver complete convergence in terms of ASIC architecture with a Unified Access Data Plane (UADP) 2.0. The platform runs an Open Cisco IOS XE that supports model driven programmability, has the capacity to host containers, and run 3rd party applications and scripts natively within the switch (by virtue of x86 CPU architecture, local storage, and a higher memory footprint). The series forms the foundational building block for SD-Access, which is Cisco’s lead enterprise architecture.

The series offers 1Gigabit copper Ethernet switches with 80G uplink bandwidth and the industry’s highest 480 Gigabit stacking bandwidth solution. It also provides a highly resilient and efficient power architecture with StackPower that delivers high density of UPoE and PoE+ ports.

Important Notes

The following are the unsupported hardware and software features for the Cisco Catalyst 9300 Series Switches. For the list of supported features, go to http://www.cisco.com/go/cfn.

• Unsupported Hardware Features

– The rear USB 3.0 port

– Breakout cables

• Unsupported Software Features:

– IPsec with FIPS

These features are supported on the Cisco Catalyst 3850 Series Switches, but not on the Cisco Catalyst 9300 Series Switches:

– 256-bit AES MACsec (IEEE 802.1AE) host link encryption with MACsec Key Agreement (MKA)

– Autonomic Networking Infrastructure

– Audio Video Bridging (including IEEE802.1AS, IEEE 802.1Qat, and IEEE 802.1Qav)

– Bluetooth

– Cisco Discovery Protocol (CDP) Bypass

– Cisco TrustSec Network Device Admission Control (NDAC) on Uplinks

– Converged Access for Branch Deployments

– Gateway Load Balancing Protocol (GLBP)

– Network-Powered Lighting (including COAP Proxy Server, 2-event Classification, Perpetual POE, Fast PoE)

– Cisco Plug-in for OpenFlow 1.3

– Performance Monitoring (PerfMon)

– IPv4 Preboot eXecution Environment (iPXE)

– Boot Integrity Visibility

– Virtual Router Redundancy Protocol(VRRP), VRRPv3, and VRRPv3 Object Tracking

– VRF Aware Web-Authentication

Supported Hardware

Web UI System Requirements

The following sections list the hardware and software required, in order to access the Web UI:

Finding the Software Version

The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).

You can use the show version privileged EXEC command to see the software version that is running on your switch.

Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.

You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.

Table 5 Software Images

Licensing

Starting with Cisco IOS XE Everest 16.5.1a, features for Cisco Catalyst 9000 Series Switches come in licensing packages that are different from existing Cisco Catalyst switching platforms.

Ordering with Smart Accounts

We recommend that you use Smart Accounts to order devices as well as licenses. Smart Accounts enable you to manage all of your software licenses for switches, routers, firewalls, access-points or tools from one centralized website. To create Smart Accounts, use the Cisco Smart Software Manager (Cisco SSM).

---

Note This is especially relevant to the term licenses that you order, because information about the expiry of term licences is available only through the Cisco SSM website.

---

For more information about Cisco SSM, see: http://www.cisco.com/c/en/us/buy/smart-accounts/software-licensing.html

The possible deployment modes are:

• Right-to-use (RTU) licensing mode—Supported on Cisco Catalyst 9000 Series Switches. See The RTU Licensing Mode.
• Smart Licensing mode—Currently not supported on Cisco Catalyst 9000 Series Switches. It is on the roadmap for future releases.

The RTU Licensing Mode

This is the currently supported licensing mode for Cisco Catalyst 9000 Series Switches.

Right-to-use (RTU) licensing allows you to order and activate a specific license type for a given license level, and then to manage license usage on your switch.

---

Note The RTU licensing structure has been modified to match the packaging model that will be used with Smart Licensing mode in the future. Unified licensing structures across the RTU and Smart Licensing modes, along with usage reports, will simplify migration and reduce the implentation time required for Smart Licensing.

---

The license right-to-use command (privilege EXEC mode) provides options to activate or deactivate any license supported on the platform.

Options for Base Licenses

license right-to-use [ activate | deactivate ] [ network-essentials | network-advantage ] [ all | evaluation | subscription { all | slot <1-8> }] [ acceptEULA ]

Options for Add-On Licenses

license right-to-use [ activate | deactivate ] addon [ dna-essentials | dna-advantage ] [ all | evaluation | subscription { all | slot <1-8> } ][ acceptEULA ]

Scaling Guidelines

For information about feature scaling guidelines, see the Cisco Catalyst 9300 Series Switches datasheet at:

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9300-series-switches/datasheet-c78-738977.html

Limitations and Restrictions

• Cisco TrustSec restrictions—Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
• FNF limitations

– You cannot configure NetFlow export using the Ethernet Management port (g0/0)

– You can not configure a flow monitor on logical interfaces, such as SVI, port-channel, loopback, tunnels.

– You can not configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction.

• Memory leak—When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may fail. As a workaround, disable the logging discriminator on the device.
• QoS restrictions:

– When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.

– For QoS policies, only switched virtual interfaces (SVI) are supported for logical interfaces.

– QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.

• Secure Shell (SSH)

– Use SSH Version 2. SSH Version 1 is not supported.

– When the device is running SCP (Secure Copy Protocol) and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.

Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can take upto 40 or 50 percent of CPU memory, but they do not cause the device to shutdown.

• Stacking:

– A switch stack supports up to eight stack members.

– Mixed stacking is not supported. Cisco Catalyst 9300 Series Switches cannot be stacked with Cisco Catalyst 3850 Series Switches.

– Auto upgrade for a new member switch is supported only in the install mode.

• Smart Install—Although the commands are visible on the CLI, the Smart Install feature is not supported. Enter the no vstack command in global configuration mode and disable the feature.
• VLAN Restriction: It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
• Wired AVC limitations:

– NBAR2 (QoS and Protocol-discovery) configuration is allowed only on wired physical ports. It is not supported on virtual interfaces, for example, VLAN, port channel nor other logical interfaces.

– NBAR2 based match criteria ‘match protocol’ is allowed only with marking or policing actions. NBAR2 match criteria will not be allowed in a policy that has queuing features configured.

– ‘Match Protocol’: up to 256 concurrent different protocols in all policies.

– NBAR2 attributes based QoS is not supported (‘match protocol attribute’).

– NBAR2 and Legacy NetFlow cannot be configured together at the same time on the same interface. However, NBAR2 and wired AVC Flexible NetFlow can be configured together on the same interface.

– Only IPv4 unicast (TCP/UDP) is supported.

– AVC is not supported on management port (Gig 0/0)

– NBAR2 attachment should be done only on physical access ports. Uplink can be attached as long as it is a single uplink and is not part of a port channel.

– Performance—Each switch member is able to handle 2000 connections per second (CPS) at less than 50% CPU utilization. Above this rate, AVC service is not guaranteed.

– Scale— Able to handle up to 20000 bi-directional flows per 24 access ports and per 48 access ports.

• YANG data modeling limitations—A maximum of 20 simultaneous NETCONF sessions are supported.

Caveats

Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.

• Cisco Bug Search Tool
• Open Caveats in Cisco IOS XE Everest 16.5.1a

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:

http://www.cisco.com/en/US/support/index.html

Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.

Related Documentation

• Cisco Catalyst 9300 Series Switches documentation at this URL:

http://www.cisco.com/go/c9300

• Cisco IOS XE 16 documentation at this URL:

http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html

• Cisco SFP and SFP+ modules documentation, including compatibility matrixes at this URL:

http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html

• Cisco Validated Designs documents at this URL:

http://www.cisco.com/go/designzone

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation, which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.