| |
|
Alert Type: | New |
Bug Id: | CSCuz88813 | Title: | pxe boot hangs in the middle of tftp download if across aci fabric |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: | Symptom:
PXE boot across the fabric may hang during tftp download.
Conditions:
Workaround:
Apply a Qos policy to the EPG where the transfer is happening.
Further Problem Description:
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 11.3(1g) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy87642 | Title: | MCP inactive interface forwards traffic when bundled in port-channel |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A loop is formed when looping back interfaces between leafs in the same fabric. A wiring fault is raised and the physical interface is placed into out-of-service (OOS) state but it continues to forward a subset of traffic.
Conditions:
This has been observed when configuring a port-channel or vpc policy and connecting the interfaces in a way where the port-channel is still capable of bundling. For example,
- leaf-101 interface eth1/1 connected to leaf-102 interface eth1/1.
- both interfaces configured in an LACP port-channel
- although MCP raises a fault, port-channel bundles and interfaces continue to forward traffic.
Workaround:
None at this time.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: * | 1.3(1.19), 11.3(0.237), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy41701 | Title: | APIC Reimage or upgrade to 1.2(1m) stuck at Password prompt |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When upgrading or reimage of APIC using KVM you may see a message similar to the following:
"Password for /dev/mapper/vg_ifc0-rfs1 (luks-793...): "
Conditions:
- policy upgrade to 1.2(1m)
- reimage/fresh install using 1.2(1m)
Workaround:
1. Hard reboot/Power cycle APIC
2. From CIMC/Console boot from rfs2 (by default it chooses rfs1). This will boot the old image and try upgrade again
3. Fresh install of higher image ISO (don't do 1.2(2h) or 1.2(2g)) and downgrade to 1.2(1m)
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1m) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.41), 1.3(1g), 2.0(0.206) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz04110 | Title: | vspan failed for Interhost/Intrahost when config Apic with NXOS CLI |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Configuring vspan destination group from cli doesn't seem to work properly.
Conditions:
1. Configure vspan dest group from cli and assign it to the vmware domain
Workaround:
There are 2 options :
1. Configure vspan entirely using GUI.
2. If CLI is used to create vspan source and destination groups then use GUI to update the destination group as CLI naming convention is different.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g), 1.3(0.107) |
|
Known Fixed Releases: * | 1.3(0.125a), 1.3(0.128), 1.3(1g), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy63393 | Title: | 'Install ACI Service Catalog' erroneously deletes all service blueprints |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Using the 'Install ACI Service Catalog' blueprint erroneously deletes all (including non-Cisco) service blueprints on the target system
Conditions:
Customer has existing service blueprints before running install workflow
Workaround:
Either
a) Avoid using the service blueprint for installation.
b) Comment out line 35 of the 'Install ACI Service Catalog' subtask 'Scriptable Task (Delete all service blueprints)'
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.61), 1.3(1g), 2.0(0.222) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy39945 | Title: | [Platform] Downgrade Path is broken for Sapporho+ ToR |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Compatibility checks are turned off when you create a switch
firmware group. As a result, when you downgrade to older versions such as
1.1.2m which do not support Sapporo+ switches, the downgrade is not
blocked as incompatible. This leads to Sapporo+ switches not working
correctly.
Conditions:
When Customer tries to downgrade from 2h or 2g of BZMR1 image to Bramahaputra or Amazon release.
Workaround:
You can turn on compatibility checks using API. Example below:
https://ifav40-ifc1.insieme.local/api/node/mo/uni/fabric.xml
After turning on compatibility checks on the firmware group, if you start
a downgrade to 1.1.2m, then the downgrade will fail with reason as
"incompatible".
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1m) |
|
Known Fixed Releases: | 1.2(2h), 1.3(0.30), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy43013 | Title: | in-band managment ip address is deleted when arpflood is enabled |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
In-band IP address becomes 0.0.0.0 in show switch command.
ip addresses are actually deleted from the node and in-band management does not work.
Conditions:
Unknown L2 uni-cast (arpFlood) is changed from proxy to flood for in-band management BD.
Workaround:
The best way to resolve this is to change the BD for the in-band EPG to 'default', wait for a few seconds, and move it back to 'inb' (or original) BD. This will re-trigger a programming of the BD configuration including the in-band management IP addresses for the nodes.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 11.2(1k) |
|
Known Fixed Releases: * | 1.2(2g), 1.3(0.36), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz25908 | Title: | leaked routes being advertised out L3out due to stale route-map entry |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Routes leaked from one VRF Y to another VRF X are advertised from L3out of VRF X.
Leaked routes are BD subnets in VRF Y.
Even though leaked routes are not allowed to advertised, they are advertised from L3out.
Conditions:
Trigger 1:
VRF X has a global contract (which is exported to VRF Y) provided by l3out.
AEPG-1 from VRF Y consumed the contract interface.
AEPG-1 from VRF Y remove the consumption of the contract interface.
Trigger 2:
VRF X has a global contract (which is exported to VRF Y) provided by l3out.
AEPG-1 from VRF Y consumed the contract interface.
AEPG-2 from VRF Y consumed the same contract interface.
Both of these would result of stale route-map entry like below. Due to Route-map Entry 7801 does not have IPV4 prefix-list, all the IPV4 route are redistributed to OSPF/Eigrp which is controlled by exp-ctx-st-2293762
route-map exp-ctx-st-2293762, permit, sequence 7801
Match clauses:
ip address prefix-lists: IPv6-deny-all
Set clauses:
route-map exp-ctx-st-2293762, permit, sequence 7802
Match clauses:
ip address prefix-lists: IPv6-deny-all IPv4-st26-2293762-exc-int-inferred-export-dst
Set clauses:
route-map exp-ctx-st-2293762, permit, sequence 7803
Match clauses:
ip address prefix-lists: IPv6-deny-all
Set clauses:
Workaround:
1. issue "acidiag touch clean" from the border leaf then reboot. Then do not trigger either of the conditions any more.
2. Contact TAC for using test-api to remove the stale route-map entry. Then do not trigger either of the conditions any more.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.3(0.137), 1.3(1g), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut57733 | Title: | ACI : N9396px Kernel panic - not syncing: ERROR: Memory MBERR |
|
Status: * | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Switch resets unexpectedly with message such as:
Reset Cause (HW): 0x24
Conditions:
Normal
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 7.2(0)ZN(99.124) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux72575 | Title: | Maintenance mode profile config lost after reload |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
The configure maintenance profile commands are lost in the startup config.
Conditions:
The following sequence will cause this to happen after the configure maintenance profiles have been set.
1. show startup-config or show startup-config mmode
2. copy running-config startup-config
3. Change any mmode configuration
4. copy running-config startup-config
Workaround:
If configure maintenance profile is empty in show startup-config but exists in show running-config.
Do the following to restore contents to startup-config
1. Show maintenance profile - save maintenance profile contents.
2. no configure maintenance profile
3. configure maintenance profile
4. enter saved profile contents
5. Repeat for all profiles
6. copy running-config startup-config
Further Problem Description:
None
|
|
Last Modified: | 07-MAY-2016 |
|
Known Affected Releases: | 7.0(3)IAB3(0.69), 7.0(3)IAB3(0.71) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.108), 7.0(3)F1(0.188), 7.0(3)I3(0.238), 7.0(3)I3(1), 7.0(3)IAB3(0), 7.0(3)IAB3(0.72), 7.0(3)IAB3(0.73), 7.0(3)IAB3(1), 7.0(3)IDP3(1.78), 7.0(3)IDP3(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy56043 | Title: | fabric track service crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Service 'fabrictrack' could crash and cause hap reset.
leaf1# show system reset-reason
*************** module reset reason (1) *************
0) At 2016-02-25T05:01:25.123+09:00
Reason: reset-triggered-due-to-ha-policy-of-reset
Service:fabrictrack hap reset
Version: 11.2(1k)
Conditions:
This could very occasionally happen if spine/leaf running affected version.
Workaround:
none. Upgrade is recommended.
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 11.2(1k) |
|
Known Fixed Releases: * | 11.2(2f) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy08607 | Title: | Pervasive subnet missing in epmc |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Pervasive subnet is missing in EPMC.
Conditions:
This problem occurs when you:
a. Reload the primary VPC (for example, leaf2).
b. Relearn the orphan endpoints on leaf2.
After this, EPM and EPMC are not synchronized for some of the endpoints. EPM has both IPv4 and IPv6 addresses. EPMC has only an IPv6 address; the IPv4 address is missing. The IP prefix check rejects the IPv4 information because the pervasive subnet is missing in EPMC.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 11.3(0.191) |
|
Known Fixed Releases: | 11.2(3e), 11.3(0.201) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz52389 | Title: | Evaluation of fabric-apic for OpenSSL May 2016 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176
And disclosed in https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
This bug has been opened to address the potential impact on this product.
Cisco has analyzed the vulnerabilities and concluded that this product may be affected by the following vulnerabilities:
Padding oracle in AES-NI CBC MAC check CVE-2016-2107
EVP_EncryptUpdate overflow CVE-2016-2106
ASN.1 BIO excessive memory allocation CVE-2016-2109
This product is not affected by the following vulnerability:
EBCDIC overread CVE-2016-2176
Memory corruption in the ASN.1 encoder CVE-2016-2108
EVP_EncodeUpdate overflow CVE-2016-2105
Conditions:
Exposure is not configuration dependent.
Workaround:
None
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as of the time of evaluation is: 5.1
https://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
The score reflects the maximum score for all the vulnerabilities mentioned in this bug information
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 1.3(1g), 2.0(0.269) |
|
Known Fixed Releases: * | 2.0(0.324) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu33882 | Title: | sup switch over crashed with feature-mgr - possible corrupted config |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
feature-mgr process might crash in failover due to corrupted config.
Conditions:
corrupted config
Workaround:
none
Further Problem Description:
the corrupted config was fixed in another internal found bug and fixed in 7.0(3)I2(1) and onwards.
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I2(0.282) |
|
Known Fixed Releases: | 7.0(3)I2(0.334), 7.0(3)I2(1), 7.0(3)ITI2(1), 7.0(3)ITI2(1.36), 8.3(0)CV(0.72) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz52396 | Title: | Evaluation of n9k-standalone-sw for OpenSSL May 2016 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176
And disclosed in https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
This bug has been opened to address the potential impact on this product.
Cisco has analyzed the vulnerabilities and concluded that this product may be affected by the following vulnerabilities:
Memory corruption in the ASN.1 encoder CVE-2016-2108
EVP_EncodeUpdate overflow CVE-2016-2105
EVP_EncryptUpdate overflow CVE-2016-2106
ASN.1 BIO excessive memory allocation CVE-2016-2109
This product is not affected by the following vulnerability:
EBCDIC overread CVE-2016-2176
Padding oracle in AES-NI CBC MAC check CVE-2016-2107
Conditions:
Exposure is not configuration dependent.
Workaround:
None
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as of the time of evaluation is: 5.1
https://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
The score reflects the maximum score for all the vulnerabilities mentioned in this bug information
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I4(1) |
|
Known Fixed Releases: * | 7.0(3)I2(2e), 7.0(3)I4(0.137), 7.0(3)I4(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz44770 | Title: | Traffic stops with deletion of copy device with single node FW Graph |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: | Symptom:
When a Copy Device (vnsLDevVip) is deleted for a deployed graph, then the traffic flowing between the two EPG's and the Copy traffic will be impacted (i.e. dropped). This will happen even if the case where there are not Firewalls or Load Balancers and the traffic is flowing only between two EPG's directly but is being copied.
It is important to note that the correct way to disable copy service is to first remove the graph attachment from the contract and then delete the copy device.
Conditions:
Delete CopyDevice / CopyCluster for a deployed graph instance.
Workaround:
The correct way to stop traffic from being copied is to remove the graph attachment under the contract. Once this step is performed, traffic flowing between the two EPG's will be not impacted even when the the copy device or copy cluster is deleted.
Further Problem Description:
|
|
Last Modified: | 23-MAY-2016 |
|
Known Affected Releases: * | 2.0(0.277a), 2.0(0.315a) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy65473 | Title: | Prefixes still shown on the leaf after the l3out is deleted |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Prefixes under l3Out are not deleted after l3Out is deleted.
Conditions:
RtdEpPInfoHolder is deleted in a transaction before RtdEpP is deleted.
Deleting External EPG (Network) can also result in this, even if L3Out is not deleted.
Workaround:
1.Use testapi to remove the entry from switch:
or
2. Statelessly reboot the leaf by command below:
acidiag touch clean
reload
Further Problem Description:
|
|
Last Modified: | 23-MAY-2016 |
|
Known Affected Releases: | 1.2(2h), 1.3(0.54a) |
|
Known Fixed Releases: | 1.2(3a), 1.2(3c), 1.3(0.74), 1.3(1g), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz81314 | Title: | 'sh sys int fcfwd mpmap vfcs' on N9k does't show breakout port correctly |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
On N9k 'sh sys int fcfwd mpmap vfcs' members coloumn doesn't show does't show the bind interface of breakout ports correctly.
Conditions:
This is seen only with the vfc's on the 40G breakout ports.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I4(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz82873 | Title: | kernel error throttling |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Some processes could crash like sysmgr, t2usd and commands may timeout on the CLI. show run may not complete for example.
Conditions:
This is a rare issue that has only been seen when there is very high volume of hardware errors being printed by the kernel.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 26-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I3(4b) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu58251 | Title: | Missing HSRP VIP v6 link-local after reload of both HSRP routers |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
The HSRP VIP v6 link-local address of the SVI is missing in the output of "show ipv6 interface vlan x". As a result v6 hosts will not learn the RA messages from the router.
Conditions:
Reload of HSRP routers at the same time.
Workaround:
Remove the HSRP v6 configuration from the affected SVI and re-add.
Further Problem Description:
|
|
Last Modified: | 28-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I1(3.4) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.127), 7.0(3)DEV1(1), 7.0(3)DEV1(1.5), 7.0(3)I1(2.6), 7.0(3)I1(3), 7.0(3)I2(0.428), 7.0(3)I2(1), 7.0(3)ITI2(1), 7.0(3)ITI2(1.36), 7.1(3)ZD(0.133) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz81100 | Title: | N9K does not flood ARP req if outer SA MAC and inner ARP MAC mismatch |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: * | Symptom:Pings from Unicast mode configured NLB server to a directly connected 9500 will fail
Conditions:Pings will fail in either of the below topologies;
a) if NLB server is directly connected on an orphan port(via trunk or access vlan x port configuration)
b) If NLB server is directly connected to N9k on a vPC Port channel
c) If NLB server is connected within a non-vPC setup and inbound ARP requests on a non-vPC vlan.
Workaround:none(Pings from NLB server will only work fine if the ARP requests from the NLB server to the N9k(SVI IP) lands on peer link;
All other conditions will be failing
The issue is not seen in 6.1.2.I3.5a
More Info:This issue is nothing to do with NLB. When a device sends mis-matched ARP request (NLB happens to do that) with SA-MAC of outer and inner MAC of ARP are different, the DA-MAC is not known. So, switch needs to flood the packet in the vlan, and that doesn't seem to work.
In case the packet traverses the peer-link a different path is taken in the ARP response check and hence the flooding works.
|
|
Last Modified: | 28-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I3(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz86494 | Title: | ifav41: Not able to deploy EPGs on ToRs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
EPG deployment fails due to insufficient VLANs available
Conditions:
This can happen when isolated EPGs (for intra-EPG deny) are configured and then deleted. The internal ID for these remain in use on the leaf.
Workaround:
Clean reboot the leaf
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 2.0(0.335b) |
|
Known Fixed Releases: * | 2.0(0.337g), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv36614 | Title: | policy manager core on changing port from pc to policy-grp |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
-202 Error when attempting changes in fabric>access policies.
-Policymgr cores
Conditions:
Workaround:
Using Visore on the APIC, query for the object infraHostCfg
This object should have a attribute called accGrpDn
accGrpDn references an access port and infraHostCfg references an override policy group
If any infraHostCfg has an an accGrpDn that is "no object found" when clicking that link in visore, that is where the bug comes from.
Work around:
For all the accGrpDn that do not exist, go to the GUI and recreate using the exact same name found in visore starting after "accportgrp-"
Changes should be possible in the GUI at this point.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.1(1j), 1.2(0.3a) |
|
Known Fixed Releases: * | 1.1(1.119), 1.1(2h), 1.2(0.13), 1.2(0.32), 1.2(1.17), 1.2(1i), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy42763 | Title: | BZMR1: policymgr core when deleting config zone: infrazoneNode not found |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
multiple policymgr cores when config zone is set to triggered state
Conditions:
If a config zone is set to triggered state (in GUI, Deployment Mode is Disabled and user selects Deploy Now) multiple policymgr shards will core.
Workaround:
Triggered mode (Deploy Now) should not be used in this release due to this. Only Enabled and Disabled deployment mode should be used.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.2(2h), 1.3(0.36), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy29818 | Title: | PSU information for APIC-M2 cannot be retrieved |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Can not get PSU information for APIC-M2 from GUI nor CLI.
Conditions:
APIC-M2.
Workaround:
n/a.
Further Problem Description:
This defect is still under investigation.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.2(2e), 1.2(2g), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux09521 | Title: | serviceGraph delete: all the host entries are not getting flushed on ASA |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Dynamic object group entries are not deleted or added from/to ASA on a service graph delete
Conditions:
When many endpoints are added or deleted from fabric at the same instant, corresponding action is not performed on ASA dynamic object group entries
Workaround:
1. Issue a requery for device validate on the device cluster
2. Manually add or delete the endpoint in the object group on the service device
Please note that 1) is the preferred option
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.1(4e), 1.2(1.208e) |
|
Known Fixed Releases: | 1.1(4h), 1.2(2f), 1.3(0.26), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy28366 | Title: | interleak policy resolution inconsistent if multiple l3out on same node |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Ospf interleak for BGP is configured with permit-all route-map instead of interleak route-map
Conditions:
If OSPF is main protocol for VRF on Node and multiple L3 Outs deployed on the node where at least One L3 Out doesn't have interleak policy, further updates from L3 Out(s) with no interleak policy will overwrite OSPF interleak route-map under BGP by changing it to permit -all
Workaround:
Define same interleak policy for all L3 Outs
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1.208) |
|
Known Fixed Releases: * | 1.2(2c), 1.2(2g), 1.3(0.24a), 1.3(0.26), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy09939 | Title: | Exporting/reimporting a snapshot seems to break the diff |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
A snapshot that was imported and used as the base for a diff reports "Failed to get diff".
Conditions:
A json snapshot was initially exported to a remote location then imported for use. In this release, json diff is not supported.
Workaround:
Generate snapshot locally onto apic so that it shows in the left pane, THEN right click and export to remote location. This seems to get past whatever is causing the diff to fail.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1.192b), 1.2(1.206), 1.2(1k) |
|
Known Fixed Releases: * | 1.2(1.200), 1.2(2g), 1.3(0.11a), 1.3(0.16), 1.3(0.19), 1.3(0.6a), 1.3(0.9), 1.3(1g), 2.0(0.191) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy26779 | Title: | Traffic loss after downgrade from bzmr1 to Brazos for some tenants |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Traffic loss after downgrade from bzmr1 to Brazos for some tenants
Conditions:
Missing actrlPfxEntry after downgrading to brazos
Workaround:
Unset / reset import-security bit on the affected subnet.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1m) |
|
Known Fixed Releases: * | 1.2(2f), 1.2(2g), 1.3(0.29), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy32056 | Title: | Firmware missing from APIC Firmware Repository |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
New firmware has not been added to the Firmware Repository after an hour.
Conditions:
Uploaded new firmware from APIC GUI; Firmware Repository does not reflect that firmware has been uploaded, even though it is present in the /firmware/fwrepos/fwrepo/ folder.
Workaround:
Used "firmware add /firmware/fwrepos/fwrepo/" with the missing APIC image; the command outputs that it fails, but the firmware is now available in the Firmware Repository.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.1(1o), 1.2(1k) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.36), 1.3(0.61), 1.3(0.85a), 1.3(0.87a), 1.3(0.88), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy20938 | Title: | Opflex in Send functionality for more than 12 minutes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
AVS opflex hand-shake is delayed for upto 5 mins after VIB upgrade when there is an high-load of VMotions in progress.
Conditions:
AVS VIB upgraded before VMotion events (due to host being put in maintenance mode) get soaked by APIC/fabric.
Workaround:
- opflex communication will recover and state will be 'active' once VMotion events are soaked by APIC/fabric.
- to avoid this delay, wait for 10 minutes between putting the host in maintenance mode and starting the VIB update.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1.192) |
|
Known Fixed Releases: * | 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv34286 | Title: | many acidiag options are not documented |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Cisco APIC CLI acidiag command documentation missing several arguments.
Conditions:
Numerous options for the APIC CLI command acidiag allow for checking and impacting system performance. Several of these options are not documented and should not be run unless while working with the TAC.
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.1(1j) |
|
Known Fixed Releases: * | 1.3(0.62a), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux92577 | Title: | Individual l3instp route-map fails when default-import configured |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Subnet level policy not applied
Conditions:
When default-import policy is present and incomplete
Workaround:
Remove or fix incomplete default-import policy
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1.143) |
|
Known Fixed Releases: * | 1.2(1.194), 1.2(2g), 1.3(0.3b), 1.3(0.6a), 1.3(0.9), 1.3(1g), 2.0(0.191) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux96520 | Title: | Taboo rule s-any-d-pctag missing with image 1l |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Taboo rule missing on EPG when multiple taboo contracts under an EPG use the same filter
Conditions:
This can happen when an EPG has multiple taboo contracts using the same filter, and then one of the taboo contracts is deleted.
Workaround:
Touch the configuration (even just descr) of the remaining taboo contract.
Or avoid this configuation by only using a single taboo contract under the EPG.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 11.2(1.184), 11.2(1.192), 11.2(1k) |
|
Known Fixed Releases: * | 1.2(1.208e), 1.2(1.210b), 1.2(1.214), 1.2(2g), 1.3(0.19), 1.3(1g), 2.0(0.191), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus63206 | Title: | fvns:UcastAddrBlk To and From Addresses Should Not Use Mask Bits |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The From and To IP addresses under Management IP Address Pools (vnsAddrInst) require IP addresses in the format:
x.x.x.x/y
and do not perform input validation to restrict entries in an invalid format.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.0(2m) |
|
Known Fixed Releases: * | 1.0(2.145a), 1.0(2.146), 1.0(3f), 1.1(0.647), 1.1(1j), 1.3(0.94), 1.3(1g), 2.0(0.260) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut12974 | Title: | JSON REST API requests fail depending on the order of the contents |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The Cisco APIC may process JSON requests in an inconsistent manner.
Conditions:
The order of the contents of the requests may cause the request to fail. For example if the "children" array comes before an attributes object, the request may fail.
Workaround:
Sort the keys for objects in an alphabetical order so that attributes always come before the children.
Further Problem Description:
The rest api error has been updated to say:
invalid data at line '1'. Attributes are missing, tag 'attributes' must be specified first, before any other tag
This restriction will not be lifted.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.0(3f) |
|
Known Fixed Releases: * | 1.2(0.1), 1.2(1.17), 1.3(0.24a), 1.3(0.26), 1.3(1g), 2.0(0.202a), 2.0(0.203), 2.0(0.95) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy30816 | Title: | VNID allocation issue in shrd service after moving bd to diff ctx & back |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Traffic loss in shared service after following configuration changes:
Toggle shared service provider's BD between consumer's ctx and provider's ctx.
This operation will disable/enable shared service.
Conditions:
Shared service between application EPgs.
Workaround:
Delete and readd relation to contract from one of the consumer epg.
Further Problem Description:
rwEncap on the provider's subnet leaked into consumer's vrf gets set to consumer's vrf vnid rather then provider's vrf vnid.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.3(0.11a) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.28), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy34239 | Title: | Error seen on trigger of techsupport local |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | "trigger techsupport local" command throws warnings in APIC CLI.Symptom:User will see the following output as part of "trigger techsupport local" command.
# trigger techsupport local
Running bash commands
Completed 1 of 11 commands
Completed 2 of 11 commands
Completed 3 of 11 commands
Completed 4 of 11 commands
Completed 5 of 11 commands
Completed 6 of 11 commands
Completed 7 of 11 commands
Completed 8 of 11 commands
Completed 9 of 11 commands
Completed 10 of 11 commands
Completed 11 of 11 commands
Starting data compression
Writing output to /data/techsupport/local_ifav98-apic2_2016-02-18T18-20.tgz
/bin/tar: Removing leading `/' from member names
/bin/tar: Removing leading `/' from hard link targets
/bin/tar: /var/log/dme/oldlog/lost+found: Warning: Cannot open: Permission denied
/bin/tar: /var/log/external/messages: Warning: Cannot stat: No such file or directory
/bin/tar: /data/devicescript/*/logs: Warning: Cannot stat: No such file or directory
Conditions:tech support local collects and pass the predefined list files to tar command. If the specified file is missing or if it's a link. the tar command throws out the warnings mentioned in the symptom section. No information/logs are lost due to this warnings.
Workaround:Please use GUI to collect techsupport from controller or switch.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2a), 1.3(0.11a), 2.0(0.191) |
|
Known Fixed Releases: * | 1.2(2d), 1.2(2g), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy40276 | Title: | CLI: inherit-profile under route-map match bridge-domain doesn't work |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Public subnets in a Bridge-domain can be advertised out through a routing protcol using a "match bridge-domain " in the route-map associated with the protcol. Route control properties such as "set tag"or "set metric" can be set for these public subnets through "inherit route-profile " under the "match bridge-domain" command.
If the route-profile name is not equal to "default-export", then the route control properties are not set correctly on the exported BD subnets.
Conditions:
Use of "inherit route-profile " under match bridge-domain, where profile Name is not equal to "default-export"
Workaround:
Workaround is to set required route control in "default-export" route-profile.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2f) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.45), 1.3(1g), 2.0(0.206) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy60386 | Title: | Wizard to add interface in APIC pushing wrong config |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When you create Access port Selector profile using Wizard "Configure an interface, PC, and VPC" under Fabric->Access Policies-> quick start.From the Wizard if you perform following steps to add an interface.
1. Select and existing Switch Profile name.
2 Add the the interface
3. Select an existing Interface Policy group.
4. Save and Submit
you will see that Access port selector will be created under the right Interface profile . But instead of using existing Interface policy group defined by user, it will create a new interface group and use that.
Conditions:
When using wizard and using existing interface policy group
Workaround:
manually create the access port selector when using an existing interface policy group.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.49), 1.3(0.66), 1.3(1g), 2.0(0.222) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz12865 | Title: | could not bring up the ACL to edit in GUI |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Missing graphs from edit ACL, cannot use GUI to apply graph name parameter on folder.
Conditions:
Workaround:
Using Post
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.1(4k) |
|
Known Fixed Releases: * | 1.3(0.123a), 1.3(0.124a), 1.3(0.125a), 1.3(0.128), 1.3(1g), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy40062 | Title: | not able to consume imported contract on inband epg |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
An administrator attempts to configure a consumed contract interface on the in-band EPG via the Cisco APIC GUI, but is not given the option.
Conditions:
The option to add a consumed contract interface is not provided in the APIC GUI for the in-band management EPG.
The consumed contract interface is able to be configured via REST POST.
Workaround:
The following POST makes the same configuration without using the APIC GUI using the default in-band EPG:
URL: https://APIC_IP/api/node/mo/uni/tn-mgmt/mgmtp-default/inb-default.xml
Method: POST
Payload:
<mgmtInB name"default" dn="uni/tn-mgmt/mgmtp-default/inb-default" descr="">
<fvRsConsIf tnVzCPIfName="CONTRACT_INTERFACE"/>
</mgmtInB>
Replace APIC_IP and CONTRACT_INTERFACE as needed.
Alternatively, the following APIC CLI commands make the same change:
cd /aci/tenants/mgmt/node-management-epgs/default/in-band/default/consumed-contract-intefaces/
mocreate CONTRACT_INTERFACE
moconfig commit
Replace CONTRACT_INTERFACE as needed.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k), 1.2(2f) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.29), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy65545 | Title: | Service Graph Stuck in Applying/vnsREPpInfo shows pcTag = any |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Service graphs tied to a particular device are stuck in the Applying state
At least one of the function connectors for the device shows a classID/pcTag of any
The BD placement of the connectors of the device have been changed while graphs were deployed on the device
Conditions:
Using a L4-L7 device for Service Graph deployment
Modifying the BD placement of the connectors of the device while graphs were deployed
Workaround:
Remove the current graphs and problem L4-L7 device.
Recreate the L4-L7 device and re-deploy the graphs
Further Problem Description:
In the broken state, vnsREPpInfo for the BD of the problem device will show any in the pcTag field.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.70a), 1.3(0.72b), 1.3(0.74), 1.3(1g), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy84982 | Title: | DHCPd process continuous crash, no core file |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
DHCPd crashes continuously; no core file found
Conditions:
Workaround:
Upgrade
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1i) |
|
Known Fixed Releases: * | 1.3(0.137), 1.3(1g), 2.0(0.230a), 2.0(0.232), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy39527 | Title: | fault delegate does not succeed if shard leader changes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
A fault created on an object on APIC does not get properly delegated.
Conditions:
The defect may trigger in rare circumstances involving faults being raised while there are ongoing cluster geometry changes
Workaround:
retriggering the condition that created the fault, if possible, will address the misalignment.
Further Problem Description:
No operational impact besides the missing fault delegate
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2e) |
|
Known Fixed Releases: * | 1.3(0.41), 1.3(1g), 2.0(0.206) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy40206 | Title: | DSCP not getting set in shared L3Out rules when L3out is consumer |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
DSCP not getting set in shared L3Out rules when L3out is consumer
Conditions:
This will occur when l3Out is configured as consumedIf and EPG as provider
Workaround:
Configure l3Out as provider and EPG as consumer
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2e) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.45), 1.3(1g), 2.0(0.206) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy51472 | Title: | ACI:DOC caution about interface counter reset on interface flap |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
need explanation about interface counter reset on interface flap
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1i) |
|
Known Fixed Releases: * | 1.3(0.62a), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy41710 | Title: | MTU getting reset to default value when l3extInstP is deleted. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
L3 sub-interface MTU value is reset to inherited fabric policy value when l3extInstP is deleted
Conditions:
When there are multiple external routed networks (l3extInstP) with sub-interface configuration, and if the sub-interface has explicit MTU value configured, deletion of one of the l3extInstP will cause the sub interface mtu to be reset to the fabric policy value.
Workaround:
If this happens, reconfigure the sub-interface mtu (on l3extRsPathL3OutAtt object) by toggling the value to something else, then back to the desired value.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.36), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy94595 | Title: | DNS provider updates ignored by VMM |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
VMM is unable to resolve DNS for hostname. For Vmware VMM domain, the following fault may be seen:
fault code: F606262
[FSM:FAILED]: Add-FSM for VM Controller: vcenter1 VM Domain: (vmm domain) VM Provider: VMware Error: Failed to retrieve ServiceContent from the vCenter server (vcenter hostname) (FSM:ifc:vmmmgr:CompCtrlrAdd)
Under the vmmgr log, the following error is seen:
10206||16-03-28 12:34:06.044-04:00||ifc_vmmmgr||INFO|||| Could not get IP Address for hostname: (hostname) ||../svc/vmmmgr/src/gen/ifc/app/./imp/vmm/Common.cc||324
Conditions:
This issue has been observed after adding/removing/editing DNS providers. The VMM process may continue to perform DNS lookups for hostname against an old DNS provider or non-primary provider even though DNS successfully resolves when manually performing an DNS lookup on the APIC.
Workaround:
Reload of the affected APIC will resolve the issue. More graceful workarounds are under investigation.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.3(0.111), 1.3(1g), 2.0(0.260), 2.0(0.266a), 2.0(0.267a), 2.0(0.269) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy77213 | Title: | ACI: CallHome Query Configured with Empty Class Name is Invalid |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
CallHome emails are not being sent to the destinations in a destination group.
The email is only being sent to the some or none of the configured destination in the destination group.
Conditions:
CallHome configured with destinations with AML/XML format.
CallHome Query is configured with type as class, and the class name is left blank.
Workaround:
Remove CallHome Query that has an empty class name or input a valid class name for the CallHome Query.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g), 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.87a), 1.3(0.88), 1.3(1g), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz38748 | Title: | N9K-X9732C-EX: 100G CU links not coming up with N3K-C3232C with autoneg |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
100G copper link between N9K-X9732C-EX linecard and N3K-C3232C does not come up when Auto Negotiation is enabled on the link.
Conditions:
When the 100G copper link between N9K-X9732C-EX linecard and N3K-C3232C is configured in Auto-Negotiation mode, link does not come up.
Workaround:
Workaround is to disable Auto Negotiation using ''speed 100000'.
Use forced speed on this link instead of Auto Negotiation.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 7.0(3)IM3(1.72) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux19134 | Title: | F1419 shellinaboxd service has failed fault is stale |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
F1419 shellinaboxd service has failed fault will not clear even after the service has successfully restarted
Conditions:
1.1(1o)
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: * | 1.1(1o), 1.1(4e) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz49573 | Title: | UI: Creating a routed sub-intf making SVI and routed intf generated too |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
UI: Creating a routed sub-intf making SVI and routed intf generated too
Conditions:
all
Workaround:
none
Further Problem Description:
none
|
|
Last Modified: | 04-MAY-2016 |
|
Known Affected Releases: | 2.0(0.276) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy97770 | Title: | Bash Shell script show up the incorrect outputs randomly |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Bash Shell script show up the incorrect outputs randomly.
Sometimes it could show minus value due to it is smaller than previous one for the amount of next time packets.
(Formula : Current - Previous)
Conditions:
Bash shell script with "do while" function without stop condition.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 04-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I3(4b) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz14703 | Title: | Stale l3extInstP |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
-Fault F0467: "Configuration failed for instP due to Prefix Entry Already used in another EPG"
-Stale External Instance Profile under the Border Leaf at: /mit/sys/ipv4/inst/dom-/rt-[]
Conditions:
-Seems to be related to multiple adding and deleting of subnets/InstP
Workaround:
Clean reboot of leaf
Further Problem Description:
|
|
Last Modified: | 04-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz17875 | Title: | AVS L4L7 services - Route peering failures with ASAv |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | AVS + RHI is not supported
Symptom:
VMs behind AVS cannot route peer with ACI fabric
Conditions:
VMs behind AVS need to act as a router
Workaround:
None - Only non-l3out connectivity for VMs behind AVS is supported until this issue is addressed
Further Problem Description:
|
|
Last Modified: | 07-MAY-2016 |
|
Known Affected Releases: | 1.3(0.101a) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy11992 | Title: | L4-7 Device subnet doesn't immediately deploy and advertise after submit |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Any subnets added under Device Selection Policy after the service graph is rendered are not pushed to the leaf.
Conditions:
This happens when there is a VRF split in the fabric and operator has to configure subnets to leak between VRF.
Workaround:
Detach and re-attach contract/graph association.
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.2(1.200), 1.2(1.210b), 1.2(1.214), 1.2(2g), 1.3(0.11a), 1.3(0.16), 1.3(1.3), 1.3(1f), 1.3(1g), 2.0(0.191) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz38956 | Title: | VzAny RtMap is hit when Pfx is removed under L3instP |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Stale route map after deletion of l3 prefix
Conditions:
This can happen if there is a L3 Out provider, and a vzAny consumer
Workaround:
Once in this state, stale route map can be deleted via testapi:
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 11.3(1b) |
|
Known Fixed Releases: * | 1.3(1.3), 1.3(1e), 1.3(1g), 2.0(0.282), 2.0(0.300) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz60455 | Title: | core.svc_ifc_dbg APIC reboots randomly |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
APIC Drops off the fabric randomly
Conditions:
Workaround:
Powercycle the server
Further Problem Description:
|
|
Last Modified: | 14-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy47950 | Title: | ACI policy upgrade does not upgrade EPLD/FPGA on both supervisors |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
After completing the switch firmware upgrade from the APIC GUI, fault F1582 (firmware-version-mismatch) is raised for one of the supervisors of the switch.
Conditions:
After completing the switch firmware upgrade from the APIC GUI, EPLD/FPGA needs to be upgraded on both supervisors on a switch.
Workaround:
Downgrade the switch, then put the supervisor that needs the EPLD/FPGA to be upgraded as standby, then upgrade the switch again.
Further Problem Description:
NOTE: You have to initiate the upgrade from a version that has the fix before it upgrades both supervisors. Upgrading from an older version to a version that has the fix does not upgrade both supervisors. The installer is run from the current running version.
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: | 11.2(3a), 11.3(0.220) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz70931 | Title: | dscp class-COS translation policy won't work with COS preservation |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
The cos preservation feature is not supported in multipod setup. However we can still make sure of cos preservation of inside the POD but across the POD it is not supported. However when you user is configuring CLASS to DSCP marking for multipod qos then this feature is not supported even inside the POD.
Conditions:
Cos preservation feature is supported only inside the POD, it is not supported across the POD.
CLASS to DSCP marking for multipod qos policy is not supported with cos preservation.
Workaround:
class to dscp and cos preservation features are not supported simultaneously.
Further Problem Description:
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 12.0(0.121) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz71262 | Title: | Multicast flow drop less than 40Gbps traffic at fabric |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Multicast flow drop less than 40Gbps traffic at fabric
Conditions:
- Send multicast traffic on two vlan.
- Ingress port is 10G and egress port is 40G.
- One vlan has 30Gbps and other one ha 20Gbps and output different port.
- One egress port has traffic less than 40Gbps but drop is occurring.
- Fabric interface count QoS tx drop (MCQ)
F8.N9372PX# show hardware internal fabric interface asic counters module 1
Counters for Fabric Ports:
--------------------------
Important Counters/Drops
--------------- --------- --------- --------- --------- --------- ---------
FabricInterface Forward Forward Error Pkt Error Pkt QOS Rx QOS Tx
RxDrops TxDrops RxDrops TxDrops Drops Drops
--------------- --------- --------- --------- --------- --------- ---------
0 / 1 / HG0 2 0 0 0 0 0
0 / 2 / HG1 0 0 0 0 0 0
0 / 3 / HG2 192 0 0 0 0 189495409224 <<< increase continually
0 / 4 / HG3 2 0 0 0 0 0
0 / 5 / HG4 0 0 0 0 0 0
0 / 6 / HG5 192 0 0 0 0 189461532608 <<< increase continually
--------------- --------- --------- --------- --------- --------- ---------
(snip)
F8.N9372PX# show hardware internal interface asic counters module 1 | egrep ^-|^I|Drops|2[7-9]|3[0-1]
Important Counters/Drops
--------------- --------- --------- --------- --------- --------- ---------
Interface Name Forward Forward Error Pkt Error Pkt QOS Rx QOS Tx
RxDrops TxDrops RxDrops TxDrops Drops Drops
--------------- --------- --------- --------- --------- --------- ---------
Ethernet1/27 1342895822 0 0 0 0 0 <<< currently do not increase
Ethernet1/28 1342790250 0 0 0 0 0 <<< currently do not increase
Ethernet1/29 1342654428 0 0 0 0 0 <<< currently do not increase
Ethernet1/30 1319406587 0 0 0 0 0 <<< currently do not increase
Ethernet1/31 1331216961 0 0 0 0 0 <<< currently do not increase
--------------- --------- --------- --------- --------- --------- ---------
(snip)
F8.N9372PX# bcm-shell module 1 "show counters" | egrep DROP
MCQ_DROP_PKT(3).hg2 : 189,861,660,653 +366,251,429 16,722,014/s <<< increase continually
MCQ_DROP_BYTE(3).hg2 : 12,151,146,281,792 +23,440,091,456 1,070,208,921/s <<< increase continually
MCQ_DROP_PKT(3).hg5 : 189,809,012,212 +347,479,604 16,721,624/s <<< increase continually
MCQ_DROP_BYTE(3).hg5 : 12,147,776,781,568 +22,238,694,656 1,070,183,964/s <<< increase continually
Workaround:
use port-channel to egress port
Further Problem Description:
|
|
Last Modified: | 19-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I3(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz74042 | Title: | ACI HW Proxy forwarding ARP with MAC address from a different BD |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
ARP Traffic gets forwarded to an endpoint in a different BD if the Endpoint has been learned.
Conditions:
Workaround:
Enable ARP Flooding under the Bridge Domain
Further Problem Description:
|
|
Last Modified: | 19-MAY-2016 |
|
Known Affected Releases: | 11.2(2h) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz44145 | Title: | Evaluation of fabric-apic for NTP_April_2016 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Cisco Application Policy Infrastructure Controller (APIC) includes a version of ntpd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2015-8138, CVE-2016-1550, CVE-2015-7704, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549
And disclosed in http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
This product is affected by one or more of the listed CVE ids.
Conditions:
Device configured with NTP.
Cisco has reviewed and concluded that this product is affected by the following Common Vulnerability and Exposures (CVE) IDs:
* CVE-2016-2518 - Network Time Protocol Crafted addpeer With hmode > 7 Causes Array Wraparound With MATCH_ASSOC
* CVE-2015-8138 - Network Time Protocol Zero Origin Timestamp Bypass
* CVE-2016-1550 - Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks
* CVE-2015-7704 - Network Time Protocol Original Fix For NTP Bug 2901 Broke Peer Associations
* CVE-2016-1548 - Network Time Protocol Interleave-pivot Denial Of Service Vulnerability
* CVE-2016-1549 - Network Time Protocol Sybil Vulnerability: Ephemeral Association Attack
* CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
* CVE-2016-2516: Network Time Protocol Duplicate IPs On Unconfig Directives Will Cause An Assertion Botch In ntpd
* CVE-2016-2519 - Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked
* CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
* CVE-2016-1547 - Network Time Protocol CRYPTO-NAK Denial Of Service Vulnerability
Workaround:
Not available.
Further Problem Description:
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 6.4/5.3
http://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:L/IR:L/AR:
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 1.3(1g) |
|
Known Fixed Releases: * | 2.0(0.324) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz66812 | Title: | Multiple interfaces err-disable after PHY doesn't complete CMD handler |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Multiple N9K-9372TX interfaces are err-disabled due to sequence timeout.
Conditions:
Issue appears to be triggered by many servers attempting to PXE boot continuously.
Only reported with Intel X520 NIC and fully populated 9372TX leaf.
Workaround:
Disable / Enable the affected interface
Further Problem Description:
|
|
Last Modified: | 23-MAY-2016 |
|
Known Affected Releases: | 11.2(3d) |
|
Known Fixed Releases: | 11.3(1.281) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz72593 | Title: | ACI: leaf not translate encap vlan during commission of vpc peer switch |
|
Status: | Open |
|
Severity: * | 3 Moderate |
Description: | Symptom:
Leaf switch sends traffic with hw id instead of encap vlan during commission of vpc peer switch.
Conditions:
This symptom is observed when vpc is configured on leaf switches. It occurs when one leaf switch is running and another switch is commissioned.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 23-MAY-2016 |
|
Known Affected Releases: | 11.2(1i) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut19297 | Title: | Failed invalid parameter error in OBFL as part of EEM uncorrected_parity |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
when parity error detected on Nexus9000, the following log is output many times.
%-SLOT1-2-BCM_UNCORRECTABLE_PARITY_ERR?log out put.
Conditions:
when parity error happen
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I3(2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy56044 | Title: | If MAC and IP LooseNode is created, cardinality-violation occurs. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
VLANS will fail to be programmed on interfaces going to blade switches when using any deployment mode for VMM domain other then "pre-provision"
Conditions:
You are doing VMM integration with ACI, and when you deploy the VMM domain on the EPG using anything but "pre-provision", you notice that the VLAN's are not added to the interfaces that connect to that blade switch. Traffic does not work to the fabric. When looking at the following object, you see a "cardinality-violation" for the interface or port-channel in question:
on Leaf switch, run "moquery -c "leqptRsLsNodeToIf"
# leqpt.RsLsNodeToIf
tDn : sys/aggr-[po4]
childAction :
dn : sys/lsnode-192.168.1.1/rslsNodeToIf-[sys/aggr-[po4]]
forceResolve : no
lcOwn : local
modTs : 2016-02-05T18:17:12.049+00:00
rType : mo
rn : rslsNodeToIf-[sys/aggr-[po4]]
state : cardinality-violation stateQual : none
status :
tCl : pcAggrIf
tSKey : po4
tType : mo
Workaround:
Use "pre-provision" as the resolution immediacy when deploying the VMM domain.
To remove the stale objects, issue the following command on the leaf, then reload it when it's finished running:
"setup-clean-config.sh"
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: * | 1.2(2h), 2.0(0.324) |
|
Known Fixed Releases: | 1.3(0.62a), 1.3(0.66), 1.3(0.79), 1.3(1g), 2.0(0.222), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCus73649 | Title: | lcache error in pktmgr: No memory available for pcm entry ifindex |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
LACP PDUs not received by the CPU. As a results, port-channel members are suspended.
Nexus# show system internal pktmgr internal event-history lcache-err
No Memory available for pcm entry ifindex
Conditions:
This issue is seen in Nexus 9000 running 6.1(2)I3 releases.
Workaround:
None.
Further Problem Description:
This is related to internal debug data msg and no functional impact.
Data in debug msg log is mis-leading
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I3(3.53) |
|
Known Fixed Releases: | 7.0(3)I4(0.101), 7.0(3)I4(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz33138 | Title: | vxlan: BUM encap failure on lac/dav, rpf_bd set to incorrect value |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
BUM traffic was failing which would result ARP resolution to fail
Conditions:
In vPC VTEP setup if any one of the VTEP for encap path does not have OIF then that VTEP will still encap the BUM traffic and send to peer over MCT . And if the Peer has OIF then the traffic should go to spine and eventually to other side of VxLan cloud.
Here the ingress VTEP was encapsulating Broadcast traffic in this case ARP request and was forwarding to peer over vPC peer link.
However the peer after reeving it was de encapsulating it in stead of forwarding towards SPine even for given group OIF was present.
Workaround:
No Work around
Further Problem Description:
|
|
Last Modified: | 27-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I4(0.90) |
|
Known Fixed Releases: | 7.0(3)I4(0.108), 7.0(3)I4(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz77146 | Title: | In Eigrpv6 0::0/0 advertised when no defaultRtLeak policy configured. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Even After Removing Default RtLeak policy for IPv6, EIGRP advertises IPv6 default route.
Conditions:
EIGRP is running on IPv6, and Default route leak policy has been configured and de-configured.
Workaround:
clear ipv6 eigrp topology 0::/0 vrf
Further Problem Description:
|
|
Last Modified: | 27-MAY-2016 |
|
Known Affected Releases: | 11.3(1.280) |
|
Known Fixed Releases: * | 11.3(1.285), 11.3(1.286) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz47165 | Title: | APIC upgrade - File checksum validation |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When attempting to copy a presumed good file (a checksum was not performed after the download completes) into the repository via the command line, if the file fails its checksum, no error will be given in response to the "firmware repository add " command. The command line will return in the same manner as if a valid file were moved into the repository. However, the file will never appear in the repository via the GUI and the available space in the 'firmware-repository' partition decrements will each failed attempt. So the file is being moved into the partition but not added to the catalog. The partition fills up and there is no way to delete the corrupted files.
Conditions:
Copying a file to the /home/admin directory via SCP using either an application such as WinSCP or SCP via the command line. After the file is copied to the listed directory, the "firmware repository add " command is used to add the file to the firmware repository.
Workaround:
None
Further Problem Description:
The customer would like a message that says that the file has failed it's checksum validation.
|
|
Last Modified: | 30-MAY-2016 |
|
Known Affected Releases: | 1.2(2h), 1.2(3c) |
|
Known Fixed Releases: * | 1.3(1.20a), 1.3(1.21a), 1.3(1.22), 2.0(0.295a), 2.0(0.300), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz87828 | Title: | High CPU on APIC after deploying FEX vPC to VMM Domain |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
While using the APIC, you notice the GUI is very slow and some policy is not being deployed on the switches. When you SSH to the APIC, and run "top", you see very high CPU utilization on "policymgr" and "eventmgr"
Conditions:
This happens after configuring a FEX vPC and tying it to an AEP using a vmm domain.
Workaround:
use a static path binding instead of VMM< domain for FEX VPC
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur84296 | Title: | removing sec ip on external SVI removes operational static route |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When removing the Secondary IP on an external SVI interface, static routes defined in the VRF or context of the SVI are removed causing traffic to be looped in the fabric.
Conditions:
Occurs when deleting the Secondary IP on an external SVI interface
Workaround:
To delete the Secondary IP on an external SVI, delete the External SVI interface and then add the primary IP.
Further Problem Description:
|
|
Last Modified: | 30-MAY-2016 |
|
Known Affected Releases: | 11.0(2.901), 11.0(2m) |
|
Known Fixed Releases: * | 1.3(1.19), 11.0(2.904), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz71294 | Title: | ACI:unable to migrate mgmt vmk from vswitch to AVS |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
migration of mgmt vmk on ESXi to AVS port-group fails
Conditions:
vmk to be migrated is used for ESXi management traffic between vCenter.
This happens only from 1.3.x releases.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.3(1g) |
|
Known Fixed Releases: * | 1.3(1.21a), 1.3(1.22), 1.3(1h), 2.0(0.337d), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw11670 | Title: | Queries for fault counts return wrong results or broken responses |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Fault counts queries for controller fabric node and fault class queries using rsp-subtree-include for fabricNode class return incomplete fault count information..
Conditions:
This occurs on all versions of APIC software.
Workaround:
There is no workaround for the issue with the mo query for a controllers fault count.
Rather than doing a class query for fabric nodes and asking for a fault-count, do a mo query for the node but include the fltCnts relative name at the end so you are querying the switches fault count instead.
Further Problem Description:
Queries for fault counts for the controller fabric nodes returns a totalcount in the response of 1 but then the imdata is empty.
Class queries for fault counts using rsp-subtree-include against the fabricNode class returns an incomplete fault count subtree and the counters are all zero.
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.1(2h) |
|
Known Fixed Releases: * | 1.1(3.4), 1.2(0.113b), 1.2(0.115a), 1.2(0.116), 1.2(1.17), 1.2(1i), 1.3(0.49), 1.3(0.67c), 1.3(0.70a), 1.3(0.72b) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz88054 | Title: | Unicast ARP request is flooded |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When receiving unicast arp request for SVI, this is flooded to the other ports within the VLAN.
Conditions:
Nexus 9300 series running 7.0(3)I2(1) or later releases.
This behavior is not observed when running 7.0(3)I1(3b) or prior.
Workaround:
Currently none.
Further Problem Description:
This symptom is currently under investigation.
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 7.0(3)I2(1), 7.0(3)I4(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz27965 | Title: | File size of iso image displayed incorrectly in the backend. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
GUI/moquery is showing incorrect file size although file on FS is with the proper file size
Conditions:
When viewing the files size in the APIC repository when the APIC image is greater than 4G; for example 1.2(3c) or 1.3(1g).
To view the files in the repository, this can be done through the GUI through the Admin->Firmware tab or through ssh with the "show firmware repository" command.
The incorrect file does in this particular case does not impact functionality.
Workaround:
To see the correct size, view the file through ssh with the command "ls -l /firmware/fwrepo/fwrepo/"
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.3(0.137), 1.3(0.91a) |
|
Known Fixed Releases: * | 1.3(1.20a), 1.3(1.21a), 1.3(1.22), 2.0(0.276), 2.0(0.277), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut21401 | Title: | Add note about default /32 to l3extLifP and l3extLp |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
User deploys /32 route unknowingly
Conditions:
User did not enter a subnet mask when creating SVI Interface or Secondary IP Address on an External Routed Network's Logical Interface Profile
Workaround:
Delete and reconfigure the SVI with a subnet mask defined
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.0(2m), 1.0(3f) |
|
Known Fixed Releases: * | 1.0(3.34), 1.1(0.737a), 1.3(0.67c), 1.3(0.70a), 1.3(0.72b), 1.3(0.74), 1.3(1.19), 1.3(1g), 2.0(0.222), 2.0(0.345a) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz89136 | Title: | ACI: 40g Interfaces at 10g after OIR of N9K-X9736PQ |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Following OIR of N9K-X9736PQ, all 40g interfaces are showing 10g speed which causes links to stay down.
Conditions:
CONGO release
OIR N9K-X9736PQ
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 12.0(0.128) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu56402 | Title: | s-any-to-d-15 implicit deny rule seen with traffic type unenforced |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
when the Ctx was changed from enforced to un-enforced, an extra rule from any to destination EPG 15 existed in leaf.
ifav113-leaf1# show zoning-rule | grep 512
4097 0 0 implicit enabled 2752512 permit
4122 0 15 implicit enabled 2752512 deny,log
ifav113-leaf1#
Conditions:
Workaround:
1. issue command "setup-config-clean.sh"
2. Reload the leaf
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.1(0.917a) |
|
Known Fixed Releases: * | 1.2(0.1), 1.2(1.17), 1.3(1.19), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a), 2.0(0.351), 2.0(0.95) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv18090 | Title: | Duplicate l3extRsPathL3OutAtt.addr prevents DHCP Relay creation |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
An administrator attempts to configure a DHCP Relay Policy under a tenant and defines a DHCP server that is located outside the Cisco ACI fabric using an L3out. The following error is generated:
"Server Error:400 - child (Rn) of class dhcpGwDef is already attached. dn[(Dn0)] Dn0=, Rn=gwdef-[IP_ADDRESS],"
The administrator may also be attempting to configure a second Logical Interface Profile with the same IP address as the first on an L3out and a DHCP Relay Policy already exists that specifies the L3out.
Conditions:
An L3out is configured that has two Logical Interface Profiles that have matching IP addresses. This includes VPC SVI configurations that have 0.0.0.0 configured by default and cannot be changed.
Workaround:
Remove the second Logical Interface Profile that has the same IP address as the first on an L3out. This may restrict potential L3out configurations.
Change the IP address of the second Logical Interface Profile. This is not possible with a VPC configuration using SVI.
Provide DHCP services via an alternative means, such as via an Application EPG or L2 External Network.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.1(1j), 1.2(0.1) |
|
Known Fixed Releases: * | 1.1(1.101a), 1.1(1.105a), 1.1(1.109a), 1.1(1.112a), 1.1(1.114a), 1.1(1.119), 1.1(2h), 1.2(0.16), 1.2(1.17), 1.2(1i) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut21435 | Title: | DHCP Relay address not removed after removing dhcpRelayPolicy and label |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
dhcp relay policy continues to work even after the dhcp relay label and policy are deleted from the tenant.
Conditions:
After a dhcp relay policy and label are created and applied, dhcp relay works as expected. But if the dhcp relay label and\or the dhcp relay policy is deleted, the dhcp relay policy continues to work. The dhcp relay policy remains programmed in hardware.
Workaround:
erase the switch configuration and reboot. The switch will reload and reconfigure without the deleted dhcp relay policy. Note: If you reconfigure a dhcp relay policy and dhcp relay label, the same symptoms and conditions will reappear if you delete the dhcp relay configuration.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.0(3f) |
|
Known Fixed Releases: * | 1.0(3.15), 1.0(3.34), 1.1(0.764), 1.3(1.19), 2.0(0.345a), 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz77449 | Title: | Contract export to common tenant failed with error message |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Contract export to common tenant failed with error message
Conditions:
This can happen when the configuration contains an EPG associated with to a contract interface and also there is a vzAny (and the Epg is behind this) to contract interface . This configuration is not needed
Workaround:
Remove one of the redundant contract interface associations.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.1(4k) |
|
Known Fixed Releases: * | 1.3(2d), 2.0(0.340), 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz88373 | Title: | QoS marking on T2 interface not working |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
On Nexus9332PQ(7.0.3.I2.3) , when try to apply QoS marking policy-map base on COS&DSCP value class (T2 interface), traffic can not be assigned into different qos-group.
Traffic pattern : L3 traffic which needs to be routed by Nexus 9332PQ.
AQ6-PT-9332PQ-02# show policy-map interface port-channel 1002 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!Service-policy qos applied correctly on T2 L3 port-channel
Global statistics status : enabled
port-channel1002
Service-policy (qos) input: trust_dscp
Class-map (qos): Q1 (match-all)
Aggregate forwarded :
0 packets
Match: cos 4,6
Match: dscp 32-39,48-55
set qos-group 1
Class-map (qos): Q3 (match-all)
Aggregate forwarded :
0 packets
Match: cos 5,7
Match: dscp 40-47,56-63
set qos-group 3
Class-map (qos): Q2 (match-all)
Aggregate forwarded :
0 packets
Match: cos 2-3
Match: dscp 16-31
set qos-group 2
Class-map (qos): class-default (match-any)
Aggregate forwarded :
0 packets
set qos-group 0
AQ6-PT-9332PQ-02# show queuing interface ethernet 1/31
slot 1
=======
Egress Queuing for Ethernet1/31 [Interface]
------------------------------------------------------------------------------
QoS-Group# Bandwidth% PrioLevel Shape QLimit
Min Max Units
------------------------------------------------------------------------------
3 - 1 - - - 6(D)
2 20 - - - - 6(D)
1 45 - - - - 6(D)
0 35 - - - - 6(D)
Port Egress Statistics
--------------------------------------------------------
Pause Flush Drop Pkts 0
+-------------------------------------------------------------------+
| QOS GROUP 0 |
+-------------------------------------------------------------------+
| Tx Pkts | 106995070| Dropped Pkts | 0| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!all packets enter QoS group 0
Conditions:
Hardware:Nexus 9332PQ
Software version:7.0.3.I2.3
Traffic pattern: Brideged/routed packets and pure L3 routed packets.
Example
Briedged/routed:South-----P201(FEX)--N9K01(Bridged/routed:SVI 20/P1001.20)--P1001.20(T2)------North
Routed : South-----P1000.20(ALE)--N9K02(routed)--P1002.20(T2)------North
Workaround:
No workaround
Further Problem Description:
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.0(3)I2(3) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy40279 | Title: | CLI: default-export route-profile with single set command won't deploy |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
match statements on a route-map such as match bridge-domain, community, prefix-list which do not have specific route-profiles defined under the match statement use the default-export route-profiles when the route-map is applied in the export direction and default-import route-profile when the route-map is applied in the import direction.
Route-profile set action associated with "default-export", "default-import" route-profiles does not take effect on the route-map under certain conditions.
Conditions:
All of the following conditions need to apply for the set action on the default-export, default-import route-profile not to take effect:
1. The "default-export"/"default-import" route-profile has only one set action.
2. Route-map is already created and associated with a routing protocol before adding the set action to the "default-export"/"default-import" route-profile.
If either one of the above conditions are not true, the problem does not happen.
Workaround:
Configure the "set " under the template route-profile default-export command one more time.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2f) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.30), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy31228 | Title: | ACI - L3 external STATS not visible on GUI |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Counters are counting double the packets.
Conditions:
Workaround:
Check Physical/VPC interface stats.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1m) |
|
Known Fixed Releases: * | 1.2(2c), 1.2(2g), 1.3(0.28), 1.3(0.41), 1.3(1g), 2.0(0.202a), 2.0(0.203), 2.0(0.206) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv94475 | Title: | F0469-dhcp-policy-not-present still raised even dhcpRelay labels removed |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
If customer removes the DHCP replay policy from the tenant before removing the DHCP Relay Labels (which refer to the DHCP relay policy) from the BD, the faults F0469 would remain raised even the BD is not referring to that DHCP policy any more.
Conditions:
Remove the DHCP relay policy before removing the DHCP Relay Labels under the BD.
Workaround:
Remove the DHCP Relay Labels from the BD at first.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.1(2h) |
|
Known Fixed Releases: * | 1.1(2.26a), 1.1(2.30), 1.1(3f), 1.2(0.86a), 1.2(0.89), 1.2(1.17), 1.2(1i), 1.3(0.32a), 1.3(0.34), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy20146 | Title: | Block Configuration when attempting to deploy multiple encaps on l3out |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
L3 out not working as expected
Conditions:
Two or more encaps configured on the same SVI based L3out or using Untagged access and Trunk.
Workaround:
Use the same encap on all interfaces when doing an L3 out via an SVI.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.2(3a), 1.2(3c), 1.3(0.16), 1.3(0.19), 1.3(1g), 2.0(0.191) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy83221 | Title: | Add OSPF Stub area help information to APIC |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Cisco ACI fabrics as of 1.2 now supports OSPF Stub area. The online documentation available through the APIC does not reflect that as one of the options.
Conditions:
APIC running 1.2 or later release support OSPF Stub area. Online help available through the GUI (https:///help/content/index.html#l3ext_infoROut.html) does not reflect this option.
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.115), 1.3(0.120a), 1.3(0.122), 1.3(1g), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy46629 | Title: | ACI - L3 external STATS not visible on GUI |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Tenants > Tenant_ID > Tenant Tenant_ID > Networking > External Routed Networks > L3 external profile > Stats
L3 external Stats doesn't show any statistics while traffic is passing, it will show "no stats data to display".
Packets are counted by Hardware, stats can be seen for Physical interfaces, and VPCs, as well as broadcom level.
Conditions:
Workaround:
Check Physical/VPC interface stats.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g), 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.43), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy53915 | Title: | show port-channel internal lacp-channels causes Segmentation fault |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
show port-channel internal lacp-channels interface port-channel 1
Segmentation fault (core dumped)
Conditions:
na
Workaround:
na
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h), 2.0(0.202a) |
|
Known Fixed Releases: * | 1.3(0.62a), 1.3(0.67c), 1.3(0.70a), 1.3(0.72b), 1.3(0.74), 1.3(1g), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy63429 | Title: | "show module internal all" returns "No such file or directory" |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Cisco N9K switch running in ACI mode, issuing the command "show module internal all" returns "No such file or directory"
Conditions:
N9K running in ACI module while access the ishell CLI shell on the fabric node.
Workaround:
Enter into vsh module first before trying the "show module internal all" command.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: * | 1.3(0.112a), 1.3(0.115), 1.3(0.85a), 1.3(0.87a), 1.3(0.88), 1.3(1g), 11.3(0.240), 2.0(0.243), 2.0(0.260) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy49357 | Title: | APIC GUI: Inventory/interface : attached ip/mac output showing html code |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
in ACI GUI
Fabric---> Inventory -->POD---> Leaf---> Interfaces--->Physical interface-- Ethx/x
Attached mac/IP shows HTML in the output. Attached Mac : 5C:83:8F:69:BB:D1, AA:AA:BB:BB:CC:CC Conditions:na Workaround:na Further Problem Description: |
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.3(0.36), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz05625 | Title: | second logical interface on L3 out can be configured on same encap vlan |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Second logical interface on L3 out should not be able to configure as same encap vlan that is used on another one.
Conditions:
Step to recreate:
-configure a SVI on L3 Out with Ip address 10.0.11.2/24 with encap vlan 110
-configure another SVI on this L3 Out with ip address 10.0.10.2/24 with encap vlan 110, no error prompt And you will get below configuration on the SVI:
120-Leaf1# show ip int vlan 28
IP Interface Status for VRF "ten_shdu:vrf-shdu"
vlan28, Interface status: protocol-up/link-up/admin-up, iod: 81,
IP address: 10.0.11.2, IP subnet: 10.0.11.0/24
IP address: 10.0.11.1, IP subnet: 10.0.11.0/24 secondary
IP address: 10.0.10.2, IP subnet: 10.0.10.0/24
IP address: 10.0.10.1, IP subnet: 10.0.10.0/24 secondary
IP broadcast address: 255.255.255.255
IP primary address route-preference: 1, tag: 0
Workaround:
N/A
Further Problem Description:
This will mislead customer about configuration done, but will actually lead to some other issue.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.115), 1.3(1g), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy50191 | Title: | Inband EPG does not allow contract with a - in the name |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
-missing-target message when configuring a consumed contract under a inband EPG
Conditions:
contract with a "-" in the name
Workaround:
create a new contract without a "-" in the name
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1m) |
|
Known Fixed Releases: * | 1.3(0.19b), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz48518 | Title: | Shellinaboxd failed after upgrade from 1.0(2J) to 1.1(4E) |
|
Status: | Other |
|
Severity: | 4 Minor |
Description: | Symptom:
APIC displays the following fault - F1419: Service shellinaboxd failed on APIC after upgrade
Conditions:
Upgraded from 1.0(2J) to 1.1(4E)
Workaround:
Upgrade to a code version of 1.2 or later.
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 1.1(4e) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz33928 | Title: | Stale Route-map Found for Shared Service's Provider VRF |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Step 1: Epg-(tn-Prod/ap-ebiz/epg-data) consumed a contract interface (Stage_Contact_Intf) which is a global contract exported from tn-Stage where it is provided by a shared l3out (tn-Stage/out-BackBone/instP-local). which create a route-map entry matches ipv4 prefix list "IPv4-st49156-2850816-reg-2260992-16327-shared-svc-int-dst"
Step 2: Then Epg-(tn-Prod/ap-ebiz/epg-data) provided a global contract (Inter-VRF-contract) defined from the common VRF and consumed by epg (tn-Stage/ap-prod/epg-avswin), Which changed the epg-data's pcTag from local to global. Which create a new route-map entry matches ipv4 prefix "IPv4-st49156-2850816-reg-2260992-26-shared-svc-int-dst"
Here we can see two issues: The first issue is while switch create a new route-map entry in step 2, the previous route-map entry created in step 1 should be removed because the pcTag has changed from local to global. The second issues is even customer removes the contract relations between EPG and l3extInstP, the route-map entry created from step 2 will not be removed, only the route-map entry created from step 1 is cleared.
Conditions:
Workaround:
1. Remove the shared service contract relations between the EPG and l3extInstP.
Or
2. contact TAC and using testapi to delete the route-map entry.
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 1.2(1k), 1.3(0.139a), 1.3(0.141a) |
|
Known Fixed Releases: * | 1.3(1.3), 1.3(1b), 1.3(1g), 2.0(0.282) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz28614 | Title: | ACI - F1386 Appears when creating a new Bridge Domain |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
When creating a new Bridge Domain with the following Settings:
Forwarding: Custom
L2 unknown Unicast: Flood
L3 Unknown Multicast Flooding: Flood
Multi Destination Flooding: Flood in BD
Uncheck Unicast Routing without checking ARP Flooding (ARP Flooding check box instantly disappears)
Results in error:
F1386
Severity:warning
Description:
ARP flooding must be enabled when L2 unknown unicast is set to flood
But checkbox for ARP Flooding is grayed out.
Conditions:
Workaround:
* Change the L2 Unicast to Hardware Proxy
* Check the ARP Flooding Checkbox
* Move L2 Unicast back to Flood mode.
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.141a), 1.3(1.3), 1.3(1a), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz56525 | Title: | APIC config export several objects missing dn tag |
|
Status: | Terminated |
|
Severity: | 4 Minor |
Description: | Symptom:
Inside of configuration export files, several objects have their dn tag set to the empty string ("").
Conditions:
Performed a configuration export from the APIC.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 07-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz56584 | Title: | APIC config export does not contain Relation Target (Rt) objects |
|
Status: | Terminated |
|
Severity: | 4 Minor |
Description: | Symptom:
The configuration export file does not contain any Relation Target (Rt) objects in either XML or JSON.
Conditions:
Perform a configuration export from an APIC.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 07-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz34707 | Title: | stats collection for VMM domains not working with same vmm.CtrlrP |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
If we use same VMM controller (vmm.CtrlrP) name for multiple VMM Domains. because of overlapping name the stats collection only works for one of them.
Conditions:
using same name for all VMM controllers
Workaround:
use unique VMM controller names for each VMM domain.
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.3(1.3), 1.3(1b), 1.3(1g), 2.0(0.300) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz48319 | Title: | Stale fvSharedService MO after removing contract |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
If you look at the MO fvSharedService on the APIC, you will see references to EPG's with contracts that do not exist anymore on the system.
Conditions:
At one point, there was an EPG that was providing a contract that made it a Shared Service EPG. The contract was then deleted, but the reference the Shared Services was not.
Workaround:
Delete the EPG that was providing Shared Services and recreate it.
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: * | 1.3(1.4), 2.0(0.292), 2.0(0.300) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz21123 | Title: | ACI need to document privilege descriptions |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
Customers have requested that we document default privileges assigned to each role , and document what each privilege means. Currently this is not documented in any detail on any external document
Conditions:
NA
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 1.2(1i) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz45137 | Title: | Do not enforce a beginning "/" for ftp folder path |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * | Symptom:
Unable to ftp files to an ftp server using the syntax:
ftp://x.x.x.x//myFolder/
you get an error about being unable to change dir, or see an error 553 with syntax:
ftp://x.x.x.x//myFolder
Conditions:
Attempting to ftp to certain servers, for exmaple, an EMC Isilon
Workaround:
This can be configured through the NXOS style CLI:
apic1# configure
apic1(config)# remote path myFiles
apic1(config-remote)# user admin5
You must reset the password when modifying the path:
Password:
Retype password:
apic1(config-remote)# path sftp filehost.example.com:21 remote-directory /reports/apic
You must reset the password when modifying the path:
Password:
Retype password:
Further Problem Description:
|
|
Last Modified: | 12-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: | 2.0(0.280b), 2.0(0.282) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus13433 | Title: | N9K: Packets Destined to SVI MAC Are Dropped When Transparent Bridging |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * | Symptom:
Packets destined to SVI MAC address are dropped in Layer 2 only VLAN when transiting the Nexus 9000 which owns the destination mac address on another SVI.
If traffic is destined to peer IP SVI mac address, Nexus 9k1 that receives the packet bypasses bridging, punts it to CPU, routes L2 packet to peer SVI.
Conditions:
Traffic received on L2 only vlan, destined to its own mac address of another SVI that this box owns.
Likely scenarios to see this condition include:
- transparent firewall bridging
- hair pinning traffic
- L2 load balancers
Workaround:
*Configure user defined BIA on the SVI. (This has a limit of 16.) See CSCuq68188.
*Configuring single leg HSRP member may also work. This should only be used as a last resort.
Further Problem Description:
This behavior is due to a platform limitation.
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I3(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz67044 | Title: | Doc: TEP Subnet line is misleading as defined |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Customer reads the following upgrade/downrade doc:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/apic_upgrade_downgrade/b_APIC_Software_Upgrade_Downgrade_Guide/b_APIC_Software_Upgrade_Downgrade_Guide_chapter_010.html
Conditions:
Customer sees the following:
There is a line that is repeated a few times:
The TEP subnet size must be /22 or lower.
which has potential to be interpreted incorrectly
Workaround:
The proposed update is to instead have it say the following:
"The TEP subnet mask should be in the range of /8 to /22. The recommended minimum mask is /19."
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 1.3(1g) |
|
Known Fixed Releases: * | 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz80407 | Title: | Add Arizona Time Zone |
|
Status: | Other |
|
Severity: | 4 Minor |
Description: * | Symptom:
MST and PDT alternately are correct timezones for Arizona without DST. No option for this exists in ACI Time and Date Policies
Conditions:
N/A
Workaround:
Switch between MST and PDT. Since there is nothing south of Arizona using the same timezone w/o DST, no workaround exists.
Further Problem Description:
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 1.3(1g) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz56398 | Title: | Moscow Timezone (MSK) reflects the wrong time |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Moscow timezone reflects UTC+4 instead of UTC+3
Conditions:
Workaround:
Set the timezone in fabric policies to a timezone in UTC+3
Further Problem Description:
|
|
Last Modified: | 26-MAY-2016 |
|
Known Affected Releases: * | 1.2(3c), 1.3(1g) |
|
Known Fixed Releases: | 2.0(0.324) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy37246 | Title: | Doc Bug : APIC GUI stop expanding container if have more then 40 objects |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
any container, in my case Application profiles under a Tenant. if have more then 40 profiles, in GUI, we cannot click on it and expand it on the left panel. we have to select one profile from the right panel and then expand one at a time.
this is day 1 behavior with APIC GUI. we need to document this behavior.
under Navigation Pane section http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/b_APIC_Getting_Started_Guide/b_APIC_Getting_Started_Guide_chapter_01.html#concept_F78261EF17CC44C3B3DBD327081B8AD4 have them add this information as a tip/note would be the best place for it.
Conditions:
more then 40 objects in any container.
Workaround:
na
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1m) |
|
Known Fixed Releases: * | 1.3(0.30), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy18545 | Title: | F607575 Decommissioned Node Causes Policy Deployment Completion Failure |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
Fault F607575 is identified after decommissioning a Cisco ACI leaf switch.
==================================
Fault code: F607575
Severity: major
Last Transition: 2015-01-01T00:00:00.000-00:00
Lifecycle: Raised
Affected Object: pcons/rcomp-102329473611173-110
Description:
[FSM:FAILED]: Notify node 110 about policy deployment completion(TASK:ifc:policymgr:PconsResolveCompleteRefPolicyDeploymentDone)
Explanation:
This fault is raised when the message to notify leaf/spine about policy deployment completion fails
Recommended Action:
This task is automatically retried. If you see repeated failures, collect tech-support file and contact Cisco TAC.
==================================
Conditions:
A leaf switch is decommissioned and fault F607575 is generated.
Workaround:
Recommissioning the node with the same node ID as specified in the fault will clear the fault.
Further Problem Description:
If a node in a fabric is decommissioned during a small window of time when that node is also registering for policies from the APIC, fault F607575 may be generated.
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.2(1.208), 1.2(2g), 1.3(0.11a), 1.3(0.16), 1.3(1g), 2.0(0.191) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy56643 | Title: | Documentation for "L4-L7 Virtual IPs" field needed |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
Documentation missing about "L4-L7 Virtual IPs" field under epgs
Conditions:
ACI documentation.
Workaround:
Field is use for (DSR) Direct Server Return which is specific for load balancers
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.3(0.91), 1.3(1g) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy77116 | Title: | (firefox) OSPF Route Summ. Policy is not reflected under the subnet |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
OSPF Route Summarization Policy is not reflected under the subnet
Conditions:
L3 out is OSPF and Route Summarization Policy is configured for the subnet.
This issue is with FireFox version (44,45) for MAC
Workaround:
Use Chrome
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.91), 1.3(1g), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz02971 | Title: | ACI Create Physical Domain Window width is too small |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
Create Physical Domain Window width is too small to view the entire Security Domains table.
Conditions:
When following these steps from a Switch Profile:
1. Click + under Associated Interface Selector Profiles
2. Create Interface Profile
3. Click + under Interface Selectors
4. Create Access Port Selector
5. Create Access Port Policy Group
6. Create Attachable Access Entity Profile
7. Create Physical Domain
Workaround:
N/A.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h), 1.2(3a) |
|
Known Fixed Releases: * | 1.3(0.111), 1.3(1g), 2.0(0.260) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy63023 | Title: | ACI GUI: Create Callhome Source window is too small |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
While creating a Callhome source in the APIC GUI, the window resizes, where it is difficult to select the Query Group.
Conditions:
After typing in the name of the Callhome source, the GUI window scroll area reduces.
Workaround:
N/A.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.3(0.61), 1.3(1g), 2.0(0.222) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz02980 | Title: | ACI GUI CallHome Query DN or Class Name is a required field |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
CallHome Query DN or Class Name is required field; the GUI does not show that the field is required.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.109), 1.3(1g), 2.0(0.260) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz00884 | Title: | Fault F0053: Improve description when there's a permissions error |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
A configuration export policy fails, fault F0053 is raised with the following description:
Upload error: Upload failed (at start/before it took off)
or
Upload error: No such file or directory. Error in the SSH layer
Conditions:
When the user configured in the remote location policy doesn't have the correct permissions to write to the remote directory.
Workaround:
Verify the permissions are properly set on the remote server for the user configured on the remote location policy in ACI.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g), 1.2(2h) |
|
Known Fixed Releases: * | 1.3(0.118a), 1.3(0.120a), 1.3(0.122), 1.3(1g), 2.0(0.260), 2.0(0.273a), 2.0(0.276) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux60574 | Title: | OSPF Timers Show Sub-Second, Negative or Offset Timestamps |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
In the Leaf CLI, OSPF timers show as sub-second, negative or not matching system time.
Leaf# show ip ospf neighbors vrf all
OSPF Process ID default VRF L3Test2:L3Out2_VPC
Total number of neighbors: 3
Neighbor ID Pri State Up Time Address Interface
100.0.0.1 1 TWO-WAY/DROTHER 0.756030 10.0.0.1 Vlan22 <--- Sub-second Up Time
100.0.0.5 1 FULL/BDR 0.252539 10.0.0.4 Vlan22 <--- Sub-second Up Time
100.0.0.8 1 FULL/DR 0.163662 10.0.0.2 Vlan22 <--- Sub-second Up Time
Leaf# show ip route vrf L3:L3Test
IP Route Table for VRF "L3:L3Test"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
*via 10.0.0.1, vlan22, [110/5], -07:32:50, ospf-default, intra <--- Negative timer
100.0.0.8/32, ubest/mbest: 1/0
*via 10.0.0.2, vlan22, [110/5], -07:32:50, ospf-default, intra <--- Negative timer
Leaf# date
Thu Dec 17 18:49:06 UTC 2015 <--- Not matching event-history entries
Leaf# show ip ospf event-history adj
Adjacency events for OSPF Process "ospf-default"
2015 Dec 17 10:49:02.695349 ospf default [5042]: TID 5153:ospfv2_send_nbr_ddesc:535:(L3:L3Test-base) mtu 9000, opts: 0x42, ddbits: 0, seq: 0x7270265c
2015 Dec 17 10:49:02.695339 ospf default [5042]: TID 5153:ospfv2_send_nbr_ddesc:531:(L3:L3Test-base) Sent DBD with 0 entries to 10.0.0.4 on Vlan22
Conditions:
Command output for OSPF on Leaf switches show timers that exhibit the same issues described in Symptoms.
Workaround:
Ensuring the Time Zone and Display Format in Fabric Pod Policies match. For example, use the following settings for PDT or PST time zones:
Time Zone: America/Los Angeles
Display Format: Local
This workaround has shown to resolve time stamp issues only in some cases.
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 11.1(3f), 11.2(1i) |
|
Known Fixed Releases: * | 1.2(2e), 1.3(0.24a), 1.3(0.26), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy43872 | Title: | GUI do not shows correct certificate status after upgrade to 1.2(2g) |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
Gui is not showing certificate status correctly after upgrade to Brazos MR1
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(2g) |
|
Known Fixed Releases: * | 1.2(2h), 1.3(0.32a), 1.3(0.34), 1.3(1g), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy70476 | Title: | "show environment" output doesn't include all sensors |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
When a sensor (Ex. temperature or voltage sensor) fails, it is no longer listed in the "show environment" output.
Conditions:
When a sensor has failed
Workaround:
On the affected device, issue the following command:
cd /mit/sys/ch/supslot-1/sup/sensor-X (where X is the affected sensor number)
cat summary (look for the operSt)
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: * | 1.3(0.224), 1.3(0.81a), 1.3(0.82), 1.3(1g), 11.3(0.224), 2.0(0.243) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz23676 | Title: | EventMgr/Syslog: Suppress /etc/ssh/ssh_host_ed25519_key error |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
The following log message is seen within eventmgr logs or sent via syslog from switch:
%LOG_LOCAL7-3-SYSTEM_MSG [E4204936][transition][major][sys] Feb 4 12:00:00 %LOG_AUTH-3-SYSTEM_MSG: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Conditions:
After a leaf has been reloaded.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: * | 11.3(1.279), 12.0(0.114) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz72867 | Title: | APIC Online Help for OSPF Interface Policy is wrong |
|
Status: | Open |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
OSPF Interface Policy Online Help doc has incorrect URL
Conditions:
When viewing the online help documentation for OSPF Interface Policies in the APIC GUI
Workaround:
Navigate to https:///help/content/index.html#ospf_intfPolicyInfo.html instead.
Further Problem Description:
|
|
Last Modified: | 19-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz60936 | Title: | ACI: bash command from CIMC KVM console returns unary operator expected |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
bash: [: ==: unary operator expected
Conditions:
Using the CIMC KVM console for the APIC, after issuing the "bash" command, there is an output of "bash: [: ==: unary operator expected" prior to switching to bash mode from ishell mode.
Workaround:
N/A; cosmetic.
Further Problem Description:
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 1.2(1k), 1.3(1g) |
|
Known Fixed Releases: * | 2.0(0.321a), 2.0(0.324) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz76480 | Title: | LPM percentage utilization does not account for alpm carve |
|
Status: | Open |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
"show hardware internal forwarding table utilization" command does not take account for the "hardware profile ipv6 alpm carve-value X" command when determining IPv4/IPv6 LPM percentage utilization. Due to this, IPv6 LPM percentage utilization is incorrect with knob ("hardware profile ipv6 alpm carve-value 3072") and IPv4 LPM percentage utilization is incorrect with the knob configured.
Conditions:
"show hardware internal forwarding table utilization" command does not take account for the "hardware profile ipv6 alpm carve-value X" command when determining IPv4/IPv6 LPM percentage utilization. Due to this, IPv6 LPM percentage utilization is incorrect with knob ("hardware profile ipv6 alpm carve-value 3072") and IPv4 LPM percentage utilization is incorrect with the knob configured.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 21-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I3(4a), 6.1(2)I3(4b), 6.1(2)I3(4c), 6.1(2)I3(4d) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy18060 | Title: | Remove WAP portal dependency on Cloud Cruiser extensions |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
* In WAP Admin Portal navigate to ACI -> Networks or ACI -> Shared Services
* Result: No content is shown, not even the table header and no refresh button.
Conditions:
WAP Cloud Cruiser extensions not installed on the WAP Admin Portal server
Workaround:
Install WAP Cloud Cruiser extensions on the WAP Admin Portal server
Further Problem Description:
none
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1k) |
|
Known Fixed Releases: * | 1.3(0.28), 1.3(1g), 2.0(0.197a), 2.0(0.198a), 2.0(0.202a), 2.0(0.203) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy38914 | Title: | clear system internal epm endpoint key vrf <x> ip <x> fails in bash |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Command does not work in iBash
Conditions:
Need to clear a specific endpoint
Workaround:
enter VSH and run the same command
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 11.2(1m), 11.2(2e), 12.0(0.91) |
|
Known Fixed Releases: * | 1.3(0.40), 1.3(1g), 2.0(0.206), 2.0(0.218a), 2.0(0.220) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy98597 | Title: | ACI: The L4-L7 service parameter window should resizable |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
The L4-L7 service parameter window should be resizable so that it can be increased.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 1.2(1g) |
|
Known Fixed Releases: * | 1.3(0.111), 1.3(1g), 2.0(0.260) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy70472 | Title: * | ACI Add support for multiple Set Attributes on Imp/Export Route Profiles |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Only Context 0 under Route Control Profile will be applied to the prefixes advertised externally
Conditions:
Route Control Profile is set in Export Direction and more than one context is configured under Route Control Profile
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz51288 | Title: | Invalid IP enforced by bd-subnet get learned by egress leaf |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
EP- - Ingress Leaf (IP not learned due to bd-subnet enforcement) - - spine - - Egress Leaf (L3 XR learned)
With the scenario given above, if any EP spoofs the IP of the other, even the ingress leaf's has bd-subnet enforced, the egress leaf (could be a border-leaf) still learns the EP's IP address as a L3 XR.
When the EP, that is the real owner of the IP, sends the packet over the border-leaf, the spoofing is periodically mis-leading the returned packet. As a result, intermittent packet drop or consistent packet drop happens.
Conditions:
IP spoof inside of fabric
Workaround:
Further Problem Description:
|
|
Last Modified: | 04-MAY-2016 |
|
Known Affected Releases: | 11.2(2g), 11.3(1g) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup05629 | Title: | Switch CLI: Some CLI cmds are very slow in displaying the o/p |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Some CLI commands become very slow in displaying the output.
Conditions:
This mainly happens in the scaled environment when the switches are heavily loaded with the configuration.
Workaround:
There is no workaround for this issue. One has to wait to get the complete CLI output.
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 11.0(0.800) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq43520 | Title: | APIC should provide TAC service contract info for the entire fabric |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Service and support contract information is not available from the Application Policy Infrastructure Controller (APIC).
Conditions:
This is a feature request to have the APIC be able to provide information on which service and support contracts
cover which components within the fabric. It applies under all conditions.
Workaround:
None.
Further Problem Description:
None
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 1.0(1e) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo36576 | Title: | TOR : Support for learnt routes caching over SVI interface |
|
Status: | Terminated |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Traffic switched from NS ports to T2 ports, can leverage the extra buffer in Northstar ASIC. We support this extra buffer for L2 hosts and L3 hosts connected to Trident ports on TOR.
In case of SVIs interfaces towards Trident ports, this extra buffer functionality is supported for Directly connected Hosts. But this functionality is NOT supported (cant leverage extra buffers) for Routed (Learned or Statically configured) Hosts on SVI interface(with Nexthop as SVI connected host). Please note that there is functional or forwarding issue, just that extra buffers cant be leveraged for such hosts.
Conditions:
This issue is only applicable TOR platforms using NS ASIC: 9396 and 93128. Same functionality works for Direct hosts and hosts learned through OSPF and for Static Routes.
Workaround:
Move to non-SVI(to complete L3) deployment.
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I2(1.36) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq81938 | Title: | Native VLAN mismatch alerts should only be seen when BPDUs are receiverd |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Log files show error message : "LLDP neighbor is bridge and its port vlan 1 mismatches with the local port vlan unspecified" for fault F0351.
When CDP is enabled, a similar fault is seen for F1390 - "CDP native vlan Unspecified mismatched with the neighbor 1"
Conditions:
When a external switch is connected to the leaf in the fabric via a PC/vPC
Workaround:
Disable the native vlan from being advertised by the external switch connected to the leaf using 'no vlan dot1q tag native'. Shut/no shut the port to clear the faults.
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 11.0(1b), 11.0(1d), 7.1(0)ZN(91.99) |
|
Known Fixed Releases: * | 1.1(2.56a), 1.1(2.60a), 1.2(0.1), 1.2(1.17), 11.1(2.20), 2.0(0.95) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur67228 | Title: | APIC : Ensure upgrade ISO is complete, raise fault if not |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
If APIC ISO file isn't fully download, it may still be shown in Firmware repository
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 1.0(2f) |
|
Known Fixed Releases: * | 1.2(1.17), 1.2(2g), 2.0(0.95) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq78913 | Title: | ENH: Need to preserve CoS across ACI Fabric for IP packets |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
CoS is not preserved across the fabirc for IP traffic.
Conditions:
IP traffic comes into the ACI fabric over a trunk with Dot1p markings.
Workaround:
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 11.0(1b) |
|
Known Fixed Releases: * | 1.2(0.110a), 1.2(0.112a), 1.2(0.113b), 1.2(0.115a), 1.2(0.116), 1.2(0.89), 1.2(1.17), 11.2(0.41), 11.2(0.46), 11.2(0.61) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq02624 | Title: | Command to determine outgoing port VXLAN loadbalance |
|
Status: | Other |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Enhancement request:
Add a command to help determine outgoing interface in an ECMP setup for VXLAN
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 6.1(2)I2(2a) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq53126 | Title: | Reuse Node Profile in External Bridged/External Routed |
|
Status: | Other |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
have to create a the same node profile multiple times
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 7.0(0)DME(0.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq90291 | Title: | Need filter for Even/Odd Nodes in APIC GUI for Firmware Upgrades |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
This is an enhancement that would allow a user to check a single box that would select all of the even or odd nodes at once rather than having to select them one at a time.
Conditions:
Normal Use
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 1.0(1h) |
|
Known Fixed Releases: | 1.0(3.34), 1.1(0.584), 1.1(1j) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz48900 | Title: | [GUI Enhancemant] Add Techsupport and Core File Sizes to GUI |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
When viewing the Operations tab of Techsupports, On-demand Techsupports and Core files, the administrator is unable to view the files sizes of successful exports.
Conditions:
An export of a Techsupport, On-demand Techsupport or Core file has completed successfully and the administrator wishes to view the file sizes of these exports.
Workaround:
Use the following command on the APIC CLI to view the file sizes of techsupport or core files. This may need to be run on each APIC to find the relevant files.
ls -lah /data/techsupport
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 1.1(1o), 1.2(2h), 1.2(3c) |
|
Known Fixed Releases: * | 1.3(1.4), 2.0(0.300) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz12782 | Title: | Pre-provision vlan for initial deployment of AVS VXLAN |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This is an enhancement to allow a per-provision vlan during the initial deployment of AVS on VXLAN.
Conditions:
New VMM host deployment using AVS vxlan and inband management.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz58244 | Title: | Lacrosse: display "show queueing" in Tablular form |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Lacrosse: display "show queueing" in Tablular form
Conditions:
view of "show queuing"
Workaround:
n/a
Further Problem Description:
|
|
Last Modified: | 10-MAY-2016 |
|
Known Affected Releases: | 7.2(0)IMP(0.9) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz48306 | Title: | Virtualization guide needs to mentioned that we can't do Vxlan and L4L7 |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
L4-L7 integration doesn't work when L4-L7 device is virtual and located on the host which uses VXLAN encapsulation (e.g. AVS with VXLAN) to talk to the fabric
Conditions:
VXLAN encapsulation is used on host.
Workaround:
None. Currently such combination isn't supported
Further Problem Description:
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 1.2(3d) |
|
Known Fixed Releases: * | 1.2(3d) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux87714 | Title: | VMM Integration Change Portgroup Pipe Naming Convention |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
When Cisco ACI deploys an EPG as a portgroup in VMWare VMM Integration, it names it in the following manner:
tenant|application profile|EPG
The pipe '|' character can cause problems for third party tools that are unable to properly parse the portgroup name.
Cisco ACI does not currently allow this naming convention to be modified.
Conditions:
A tool or language is used to read the name of a portgroup deployed by Cisco ACI but fails due to the pipe '|' character.
Workaround:
Modify the tool or script to allow the pipe '|' character to be read properly.
Further Problem Description:
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 1.1(3f), 1.2(1k) |
|
Known Fixed Releases: * | 2.0(0.226), 2.0(0.304) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz58452 | Title: | True VRF option should be available for route-leaking |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: * | Symptom:
Configuring an overlapping subnet in two VRFs when route leaking does not raise fault, and moreover, does not meet shortest prefix matching properly in a VRF containing a supernet where a subnet is on the L3Out of the shared services L3Out due to Programming rules setting Vrf/Subnet before *,subnet entries.
Routing to a /24 subnet path fails when the /24 is in the shared services VRF when there is a route-entry to a larger subnet i.e. /16 which encompasses the /24. In all other routing platforms, more specific subnets take priority.
show ip route vrf common will show the correct routes, but gst-l3-tcam forces routing to vrf-local routes before a correct and more specific route to the shared services exported subnet.
Conditions:
Shared Services Route-Leaking
Workaround:
Eternal Routing, convoluted configurations to customize route paths on external devices.
Further Problem Description:
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 11.2(2g) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz72307 | Title: | Lacrosse: show Q-limit value in cells not Alpha |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Q-limit shows value in terms of cells not Alpha.
Conditions:
n/a
Workaround:
n/a
Further Problem Description:
|
|
Last Modified: | 19-MAY-2016 |
|
Known Affected Releases: | 7.2(0)IMP(0.9) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux61962 | Title: | Adj gets deleted when the host is in a disconnected state |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:VM's lose connectivity through ACI while a Host is disconnected to vCenter or vcenter does not retrieve information from vcenter
Conditions:Issue Summary:
1. ESXi host loses connectivity to vCenter
2. If ACI performs an inventory sync during this time, the host adjacency gets deleted
3. As a result, the policy is removed from the corresponding leaves
Workaround:1) Set the effected EPGs to use Pre-Provision for the VMM_Domain
2) Or, Restore connectivity from ESXi to vCenter
3) try to restore connectivity by manually doing an inventory resync
More Info:This bug resolves an issue where a communication error retrieving information from the vcenter results in no information shown under the vcenter in the APIC GUI. Before this fix, the APIC was not able to recover completely from this communication error.
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 1.1(3f) |
|
Known Fixed Releases: | 1.1(4j), 1.2(1.122), 1.2(2g), 2.0(0.154) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw12565 | Title: | BD Learning Disabled Fault should have more information about the flap |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Enhancement request when bridge domain learning is disabled to identify the players involved and what is causing the issue.
Conditions:
Workaround:
go to each switch and look through /var/log/dme/log/epm-trace.txt and look for mac update and then compare each one to see what is changing and whether the mac address is changing for the ip address or the mac address is moving between EPGs or moving between links.
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 1.1(2h) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz80811 | Title: | N9K NXOS: Support 1x50GE Interface on Physical 100GE QSFP28 Interface |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This is a new feature request to support 1x50GE interface per physical 100GE interface.
Conditions:
Only required when you want to connect a single (non-breakout) cable to a 100GE port.
This is typically less efficient than using a 2x50GE breakout cable and connecting two 50GE devices to a single port.
Workaround:
Leverage one of the two logical 50GE interfaces when configured for 2x50GE mode.
Further Problem Description:
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 7.0(3) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz69394 | Title: | Share service is not working for inband management on Spine |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Configure inter-vrf leaking between normal EPG and mgmt:inb. subnet is leaked properly on leaf in vrf mgmt:inb but not leafed to spine:
120-Spine1# show ip route vrf mgmt:inb
IP Route Table for VRF "mgmt:inb"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
10.2.2.201/32, ubest/mbest: 2/0, attached, direct
*via 10.2.2.201, lo7, [1/0], 01:46:20, local, local
*via 10.2.2.201, lo7, [1/0], 01:46:20, direct
120-Spine1# show ip route vrf mgmt:inb
IP Route Table for VRF "mgmt:inb"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
10.2.2.201/32, ubest/mbest: 2/0, attached, direct
*via 10.2.2.201, lo7, [1/0], 01:49:14, local, local
*via 10.2.2.201, lo7, [1/0], 01:49:14, direct
120-Leaf1# show ip route vrf mgmt:inb
IP Route Table for VRF "mgmt:inb"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
10.2.2.0/24, ubest/mbest: 1/0, attached, direct, pervasive
*via 10.0.160.64%overlay-1, [1/0], 00:49:31, static
10.2.2.1/32, ubest/mbest: 1/0, attached, pervasive
*via 10.2.2.1, vlan18, [1/0], 00:49:31, local, local
10.2.2.3/32, ubest/mbest: 1/0, attached
*via 10.2.2.3, vlan18, [1/0], 01:48:20, local, local
192.168.15.0/24, ubest/mbest: 1/0, attached, direct, pervasive
*via 10.0.160.64%overlay-1, [1/0], 00:05:45, static
Conditions:
Share service is not working for inband management on Spine.
Configure share service between normal EPG and inband EPG on mgmt tenant, subnet on internal EPG is not leaked to vrf mgmt:inb on spine.
Workaround:
if you are about using share service, then there is no workaround.
Further Problem Description:
|
|
Last Modified: | 28-MAY-2016 |
|
Known Affected Releases: * | 11.2(2g) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux18396 | Title: | Next hop not removed when deleting a bd subnet if an L3 out route exist |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
If a subnet has been configured on a BD but also present as L3 out route (eg when configuring a static route), deleting the bd subnet won't remove the corresponding next hop.
Conditions:
Having a subnet configured in a BD and in present as a L3 out static route.
Workaround:
Delete both the BD subnet and the l3 static route. Reconfigure again the static route.
Further Problem Description:
|
|
Last Modified: | 27-MAY-2016 |
|
Known Affected Releases: | 1.1(1f) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu45286 | Title: | MSFT:D++ Provide SNMP MIB for Err-Disable State - CISCO-ERR-DISABLE-MIB |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
A user cannot poll the Interface Err-Disable state via SNMP (OID
Conditions:
This is only an issue when polling the data via SNMP
Workaround:
Use the CLI or XML to collect the data.
Further Problem Description:
|
|
Last Modified: | 28-MAY-2016 |
|
Known Affected Releases: | 7.0(3) |
|
Known Fixed Releases: * | 7.0(3)I4(1.7), 7.0(3)I4(1.8), 7.0(3)I4(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz78429 | Title: | Provide class to query disk usage on switches |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
class eqptStorage has objects only related to disk usage on APICs, not switches.
This is enhancement to add another class that can track disk usage on switches or add switches to this one.
Conditions:
None
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.2(2h) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz43099 | Title: | Lift 1MB file size limit for POST of config to APIC |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Cannot POST json or xml config files larger than 1MB in size to an APIC
Conditions:
default nginx body size limit
Workaround:
Break down the file into smaller files
Further Problem Description:
.
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 1.2(3c) |
|
Known Fixed Releases: * | 2.0(0.347a), 2.0(0.349a), 2.0(0.351) |
|
|
| |
:
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论