Cisco Application Policy Infrastructure Controller Release Notes, Release 4.2(5)
Available Languages
Cisco Application Policy Infrastructure Controller Release Notes, Release 4.2(5)
The Cisco Application Centric Infrastructure (ACI) is an architecture that allows the application to define the networking requirements in a programmatic way. This architecture simplifies, optimizes, and accelerates the entire application deployment lifecycle. Cisco Application Policy Infrastructure Controller (APIC) is the software, or operating system, that acts as the controller.
This document describes the features, issues, and limitations for the Cisco APIC software. For the features, issues, and limitations for the Cisco NX-OS software for the Cisco Nexus 9000 series switches, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(5).
For more information about this product, see Related Content.
| Date |
Description |
| December 9, 2022 |
In the Open Bugs section, added bug CSCvw33061. |
| November 18, 2022 |
In the Open Issues section, added bug CSCwc66053. |
| October 7, 2022 |
In the New Software Features section, added an entry for port bring-up delay. |
| August 1, 2022 |
In the Miscellaneous Compatibility Information section, added: ■ 4.2(2a) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(2k) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) |
| June 30, 2022 |
In the section Miscellaneous Compatibility, added information about Cisco Nexus Dashboard Insights creating the cisco_SN_NI user. |
| March 21, 2022 |
In the Miscellaneous Compatibility Information section, added: ■ 4.1(3f) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) |
| February 23, 2022 |
In the Miscellaneous Compatibility Information section, added: ■ 4.1(2g) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) |
| November 15, 2021 |
In the Open Issues section, added bugs CSCvy55588 and CSCvz31155. |
| November 2, 2021 |
In the Miscellaneous Compatibility Information section, added: ■ 4.1(3d) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) |
| August 9, 2021 |
In the Open Issues section, added bug CSCvx32437. In the Resolved Issues section, added bug CSCvw33277, CSCvu84392, and CSCvu36682. |
| August 4, 2021 |
In the Open Issues section, added bugs CSCvy30453, CSCvy44940, CSCvv18827, CSCvx54410, CSCvx74210, CSCvx90048, CSCvy30683, CSCvx59910, and CSCvx28313. |
| July 26, 2021 |
In the Miscellaneous Compatibility Information section, the CIMC 4.1(3c) release is now recommended for UCS C220/C240 M5 (APIC-L3/M3). |
| May 17, 2021 |
In the Open Issues section, added bugs CSCvt23284, CSCvx31968, and CSCvx79980. |
| May 13, 2021 |
Moved bug CSCvt00629 from the Open Issues section to the Resolved Issues section. This bug was resolved in the 4.2(5k) release. |
| March 25, 2021 |
In the Resolved Issues section, added bug CSCvu74478. |
| March 11, 2021 |
In the Miscellaneous Compatibility Information section, for CIMC HUU ISO, added: ■ 4.1(3b) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) Changed: ■ 4.1(2b) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3) To: ■ 4.1(2b) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2 |
| March 5, 2021 |
Removed bug CSCvs04899 from the open issues table. This bug was resolved in the 4.2(4) release. Moved bug CSCvv53757 from the open issues table to the resolved issues table. This bug was resolved in the base 4.2(5l) release. |
| February 19, 2021 |
Moved bug CSCvs29556 from the open issues table to the resolved issues table. This bug was resolved in the base 4.2(5k) release. |
| February 3, 2021 |
In the Miscellaneous Compatibility Information section, for CIMC HUU ISO, added: ■ 4.1(2b) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3) |
| October 19, 2020 |
Release 4.2(5n) became available. Added the open and resolved issues for this release. |
| October 6, 2020 |
In the Open Issues section, added bug CSCvu67494 for the k release. In the Resolved Issues section, added bug CSCvu67494 for the l release. |
| September 29, 2020 |
In the Miscellaneous Compatibility Information section, specified that the 4.1(1f) CIMC release is deferred. The recommended release is now 4.1(1g). |
| September 16, 2020 |
In the Known Issues section, added the issue that begins with: Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. |
| September 15, 2020 |
Release 4.2(5l) became available. Added the open and resolved issues for this release. |
| August 22, 2020 |
Release 4.2(5k) became available. |
Contents
New Software Features
| Description |
Guidelines and Restrictions |
|
| Improved Precision Time Protocol support |
You can now enable the Precision Time Protocol (PTP) on a leaf switch's front panel ports to connect the PTP nodes, clients, or grandmaster. The PTP implementation on fabric ports are still the same as the previous releases, except that the PTP parameters for fabric ports can now be adjusted. With this change, you can use the Cisco ACI fabric to propagate time synchronization using PTP with Cisco ACI switches as PTP boundary clock nodes. Prior to this release, the only approach Cisco ACI had was to use PTP only within the fabric for the latency measurement feature or to forward PTP multicast or unicast messages transparently as a PTP unaware switch from one leaf switch to another as a tunnel. For more information, see the Cisco APIC System Management Configuration Guide, Release 4.2(x). |
For the guidelines and restrictions, see the Cisco APIC System Management Configuration Guide, Release 4.2(x). |
| Link flap policies |
You can create a link flap policy in interface policies, which sets the state of an access port or fabric port to "error-disable" after the port flaps for specified number of times during a specified interval of time. For more information, see the Cisco APIC Basic Configuration Guide, Release 4.2(x). |
This feature is not honored on fabric extender (FEX) host interface (HIF) ports nor on leaf switch models without -EX, -FX, -FX2, -GX, or later designations in the product ID. |
| Port bring-up delay |
When you configure a link level policy, you can set the Port bring-up delay (milliseconds) parameter, which specifies a time in milliseconds that the decision feedback equalizer (DFE) tuning is delayed when a port is coming up. The delay begins when an incoming signal is detected, and can help avoid CRC errors in a specific circumstance. You should set the delay only as required; in most cases, you do not need to set a delay. For more information, see the Cisco APIC Basic Configuration Guide, Release 4.2(x). |
This feature is not honored on fabric extender (FEX) ports. |
| UCSC-PCIE-IQ10GC Intel X710 Quad Port 10GBase-T network interface card support |
You can now use the UCSC-PCIE-IQ10GC Intel X710 Quad Port 10GBase-T network interface card in the Cisco APIC M3/L3 servers for 10GBase-T connectivity to Cisco ACI leaf nodes. |
None. |
| Upgrade enhancements |
Various enhancements have been made to the upgrade process, including: ■ The restriction on the number of pods that you can upgrade in parallel has been relaxed so that you can upgrade multiple pods at the same time for pod nodes in Multi-Pod configurations. Switches in a Multi-Pod configuration that are part of the same maintenance group can now be upgraded in parallel. ■ Upgrades or downgrades might be blocked if certain issues are present. ■ Additional information is provided in the GUI for each stage of the APIC upgrade or downgrade process. ■ The default concurrency in a group has changed from 20 to unlimited (the default number of leaf or spine switches that can be upgraded at one time is unlimited). ■ When upgrading nodes in an upgrade group using the GUI, Download Progress field is available in the Work pane, which provides a status on the progress of the download of the firmware for the node upgrade. For more information, see Cisco APIC Installation, Upgrade, and Downgrade Guide. |
None. |
New Hardware Features
For new hardware features, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(5).
Changes in Behavior
For the changes in behavior, see the Cisco ACI Releases Changes in Behavior document.
Open Issues
Click the bug ID to access the Bug Search Tool and see additional information about the bug. The "Exists In" column of the table specifies the 4.2(5) releases in which the bug exists. A bug might also exist in releases other than the 4.2(5) releases.
| Bug ID |
Description |
Exists in |
| When the global endpoint discover policy is enabled and deployed, during an upgrade or downgrade, if the leaf switch does not have -EX, -FX, -FX2, -GX or a later suffix in the product ID, a limitation in the hardware might cause the Cisco APIC to lose connectivity with the leaf switch during the upgrade or downgrade. |
4.2(5l) and later |
|
| A Cisco APIC upgrade gets stuck in the scheduled state. |
4.2(5l) and later |
|
| After an APIC has finished upgrading and has reloaded, the ifc_reader crashes about 6x times in 7 minutes. Afterward, the ifc_reader service stops, which causes Cisco APIC communication issues. ifc_reader DME issues are not reflected in the AV health values, rvread, nor the Cisco APIC GUI. acidiag avread, rvread, and the Cisco APIC GUI report a fully fit cluster. Cisco APIC GUI alarms raise a "split fabric" alert, and crashes in the NGINX process may be observed. |
4.2(5l) and 4.2(5k) |
|
| - Duplicate DHCP leases are leased out by a Cisco APIC to a Cisco ACI Virtual Edge virtual machine VTEP intfs (kni0/kni2). - OpflexODev managed objects are not created due to duplicate opflexIDEp managed objects for these overlapping Cisco ACI Virtual Edge virtual machine VTEP intfs - The affected Cisco APIC sets a DHCP Pool to available (usable-recovery) again instead of "recovery". The latter prevents leases from being allocated from the pool. - The affected Cisco APIC will keep this until the DHCPD DME is shut down on it manually, which requires root access. - This issue is caused by a race condition whereby the Cisco APIC recovers the DHCP managed objects (lease/client) before reading the fabric node vector (FNV) entries. - After an firmware upgrade, the Cisco APICs can only recover the DHCP client/lease managed objects by reading the FNV entries first, and therefore this needs to happen in that order. |
4.2(5l) and 4.2(5k) |
|
| After logging into the Cisco APIC GUI on release 4.2(4) and later and you open multiple tabs, after several minutes the browser becomes slower and there are high spikes in the client CPU and memory usage. This causes the GUI to slow down. |
4.2(5l) and 4.2(5k) |
|
| The fault F3227 "ACI failed processing an already accepted configuration change" continuously gets raised. |
4.2(5l) and 4.2(5k) |
|
| Cisco APICs diverge and the Cisco APIC cluster doesn't reach the fully-fit state during a Cisco APIC fabric upgrade or Cisco APIC reboot. The Cisco APIC cluster diverges and does not reach the 'fully-fit' state if both of the following conditions are true: 1) A Cisco APIC is upgrading or downgrading from 4.2(5l) to another release, or a Cisco APIC is rebooting. 2) The Attachable Entity Profile (AEP) for the Cisco APIC connected port has Infra VLAN enabled. The Infra VLAN is deployed on the Cisco APIC connected port explicitly by the user configuration. |
4.2(5l) |
|
| The Port ID LLDP Neighbors panel displays the port ID when the interface does not have a description. Example: Ethernet 1/5, but if the interface has description, the Port ID property shows the Interface description instead of the port ID. |
4.2(5k) and later |
|
| This enhancement is to change the name of "Limit IP Learning To Subnet" under the bridge domains to be more self-explanatory. Original : Limit IP Learning To Subnet: [check box] Suggestion : Limit Local IP Learning To BD/EPG Subnet(s): [check box] |
4.2(5k) and later |
|
| A tenant's flows/packets information cannot be exported. |
4.2(5k) and later |
|
| Requesting an enhancement to allow exporting a contract by right clicking the contract itself and choosing "Export Contract" from the right click context menu. The current implementation of needing to right click the Contract folder hierarchy to export a contract is not intuitive. |
4.2(5k) and later |
|
| For strict security requirements, customers require custom certificates that have RSA key lengths of 3072 and 4096. |
4.2(5k) and later |
|
| When a VRF table is configured to receive leaked external routes from multiple VRF tables, the Shared Route Control scope to specify the external routes to leak will be applied to all VRF tables. This results in an unintended external route leaking. This is an enhancement to ensure the Shared Route Control scope in each VRF table should be used to leak external routes only from the given VRF table. |
4.2(5k) and later |
|
| The connectivity filter configuration of an access policy group is deprecated and should be removed from GUI. |
4.2(5k) and later |
|
| The action named 'Launch SSH' is disabled when a user with read-only access logs into the Cisco APIC. |
4.2(5k) and later |
|
| This is an enhancement request to add policy group information to the properties page of physical interfaces. |
4.2(5k) and later |
|
| Support for local user (admin) maximum tries and login delay configuration. |
4.2(5k) and later |
|
| Error "mac.add.ress not a valid MAC or IP address or VM name" is seen when searching the EP Tracker. |
4.2(5k) and later |
|
| We do not support a bridge domain in hardware proxy mode for flood in encapsulation. However, there is no warning or validation in the GUI. This bug is to add validation and a warning message when the user is trying to configure flood in encapsulation. |
4.2(5k) and later |
|
| Post reload, the IGMP snooping table is not populated even when the IGMP report is sent by the receiver. |
4.2(5k) and later |
|
| A leaf switch gets upgraded when a previously-configured maintenance policy is triggered. |
4.2(5k) and later |
|
| New port groups in VMware vCenter may be delayed when pushed from the Cisco APIC. |
4.2(5k) and later |
|
| The application EPG or the corresponding bridge domain's public subnet may be advertised out of an L3Out in another VRF instance without a contract with the L3Out under certain conditions. |
4.2(5k) and later |
|
| In a RedHat OpenStack platform deployment running the Cisco ACI Unified Neutron ML2 Plugin and with the CompHosts running OVS in VLAN mode, when toggling the resolution immediacy on the EPG<->VMM domain association (fvRsDomAtt.resImedcy) from Pre-Provision to On-Demand, the encap VLANs (vlanCktEp mo's) are NOT programmed on the leaf switches. This problem surfaces sporadically, meaning that it might take several resImedcy toggles between PreProv and OnDemand to reproduce the issue. |
4.2(5k) and later |
|
| Disabling dataplane learning is only required to support a policy-based redirect (PBR) use case on pre-"EX" leaf switches. There are few other reasons otherwise this feature should be disabled. There currently is no confirmation/warning of the potential impact that can be caused by disabling dataplane learning. |
4.2(5k) and later |
|
| Currently, under Fabric > Inventory > Pod > Leaf Switch > General, the memory usage takes in consideration the MemFree field rather than the MemAvailable, which would be a more accurate representation of the usable memory in the system.In some cases, the GUI might show that the memory utilization is around 90% while in reality it's 50%, because there is still the cached/buffered memory to take into account. This buffered/cached memory will free up a big chunk of memory in case more memory is needed. |
4.2(5k) and later |
|
| When a Cisco ACI fabric upgrade is triggered and a scheduler is created and associated to the maintenance group, the scheduler will remain associated to the maintenance group. If the version is changed in the maintenance group, it will trigger the upgrade. This enhancement is to avoid unwanted fabric upgrades. Post-upgrade, the association of the scheduler should be removed from the maintenance group after the node upgrade reaches 100%. |
4.2(5k) and later |
|
| There should be a description field in the subnet IP address tables. |
4.2(5k) and later |
|
| This bug is an enhacement to add an option to configure an interface description for subport blocks in the Cisco APIC GUI. |
4.2(5k) and later |
|
| While configuring a logical node profile in any L3Out, the static routes do not have a description. |
4.2(5k) and later |
|
| After exiting Maintenance (GIR) mode, the switch reloads automatically after 5 minutes without warning.This enhancement will provide messaging in the GUI to indicate that the reload is expected. |
4.2(5k) and later |
|
| Cisco Application Policy Infrastructure Controller (APIC) includes a version of SQLite that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:CVE-2019-5018This bug was opened to address the potential impact on this product. |
4.2(5k) and later |
|
| Creating a new interface policy group with a different LACP policy or LLDP/CDP policy results in changes in the VMM vSwitch policy of the AEP, which brings down the DVS. |
4.2(5k) and later |
|
| OpenStack supports more named IP protocols for service graph rules than are supported in the Cisco APIC OpenStack Plug-in. |
4.2(5k) and later |
|
| This is an enhancement request for schedule-based Tech Support for leaf and spine switches. |
4.2(5k) and later |
|
| The following example shows UNIX time in the subject header: Subject: Configuration import/export job 2020-01-27T09-00-16 finished with status: success Created: 1580144423366 ContentType: plain/text |
4.2(5k) and later |
|
| The paths list in UCSM Integration Tab->Policy is empty. There are no paths and therefore no VLANs listed. The Leaf-Enforced mode on UCSM Integration filters out all VLANs, resulting in traffic loss. |
4.2(5k) and later |
|
| If the DVS version is 6.6 or later or the VMware vCenter version is 7.0, using basic LACP will raise errors on the VMware vCenter, as these releases of DVS and VMware vCenter no longer support LACP. |
4.2(5k) and later |
|
| UCSM Integration shows an old topology when the connection between the fabric interconnect and leaf switch pair is removed, because LooseNode information is not updated when LLDP connections go away. This persists even after you delete the integration and add the UCSM as a new integration. |
4.2(5k) and later |
|
| The UCSM app fails to configure a native VLAN on the UCSM if you configure an EPG with the native VLAN set. The app sets the VLAN as a normal trunk-tagged VLAN on the UCSM. This causes the blackholing of traffic. |
4.2(5k) and later |
|
| This bug is an enhancement to enable the configuring of SNMPv3 with SHA2 and AES256. This configuration is needed for as a security enhancement. |
4.2(5k) and later |
|
| CloudSec encryption may not function when certain features are enabled, such as remote leaf switches and Cisco ACI Multi-Site intersite L3Outs. |
4.2(5k) and later |
|
| Changes to a Cisco APIC configuration are no longer pushed to the Cisco APIC. |
4.2(5k) and later |
|
| In the Cisco APIC GUI, external EPGs under L2Out and L3Out in tenants are called "External Network Instance Profile". This is the official name for object (l2extInstP and l3extInstP). However, these are typically referred to as external EPGs. This is an enhancement to update the GUI label from "External Network Instance Profile" to "External EPG". |
4.2(5k) and later |
|
| Fault F0948 is raised in the fabric, where the child-most affected object is "rsBDToProfile". |
4.2(5k) and later |
|
| A TEP endpoint can expire on the leaf switch if the host does not respond on a unicast ARP refresh packet initiated by the leaf switch. |
4.2(5k) and later |
|
| Deploy the TACACS server for in-band management. When adding or modifying the TACACS+ provider key, the Cisco APIC can be reached only through SSH and the login fails on the fabric. After deleting the provider entry and reconfiguring, the fabric can be logged into. |
4.2(5k) and later |
|
| Faults F115712 and F114632 are seen on virtual leaf switch interfaces and the faults are repeatedly raised and cleared every few minutes. |
4.2(5k) and later |
|
| APIC ->System- >Controller -> topology displays that APIC2 is connected to both pod1 and pod2 |
4.2(5k) and later |
|
| A tunnel endpoint doesn't receive a DHCP lease. This occurs with a newly deployed or upgraded Cisco ACI Virtual Edge. |
4.2(5k) and later |
|
| DHCP clients in the Cisco ACI fabric fail to obtain addresses from a DHCP server if inter-VRF DHCP is being used and the DHCP provider is an L3Out in a different VRF table than the client. |
4.2(5k) and later |
|
| Syslog messages are not sent to the inband virtual machine after adding or deleting an inband VRF table. |
4.2(5k) and later |
|
| Traffic drops between select EPGs involved in shared-service contract.The shared routes gets programmed with a pctag of 0 which causes traffic from the source EPG to the destination to get dropped. |
4.2(5k) and later |
|
| When using the Visibility & Troubleshooting tool for the reachability of two endpoints, there are errors such as "Bad Gateway" and "The server is temporarily busy due to a higher than usual request volume. Please try again later." |
4.2(5k) and later |
|
| When a Cisco UCS M5 (M3 APIC) with an Intel copper-based NIC is downgraded to any release prior to 4.2(5), the Cisco APIC will not join the fabric because this Intel copper-based NIC is not supported in older releases. |
4.2(5k) and later |
|
| After a switch replacement, the Cisco APIC will no longer be able to run show commands on it, such as "fabric 101 show int bri", where "101" is the Node ID of the replaced switch. The Cisco APIC will be able to send the command to the switch, but the return will be empty due to an old SSH key (the key of the old switch). |
4.2(5k) and later |
|
| APIC fabricId is incorrectly reported as 1 by topSystem MO , even if APIC fabricId is configured as a different value at initial setup. |
4.2(5k) and later |
|
| When using the command "show run vpc context," some of the leaf switch pairs are not included in the output.show run vpc context | egrep leaf vpc context leaf 103 104 vpc context leaf 105 106 vpc context leaf 107 108 vpc context leaf 203 204--> vpc context leaf 205 206 missingSAPFRACI01# show run vpc context leaf 205 206# Command: show running-config vpc context leaf 205 206# Time: Wed Jul 1 16:55:27 2020 vpc context leaf 205 206 <Snip> |
4.2(5k) and later |
|
| The DHCP server response is dropped at the external router. |
4.2(5k) and later |
|
| DHCP response is dropped at the border leaf switch. |
4.2(5k) and later |
|
| In the GUI, after expanding the contract and clicking on the subject, it takes approximately 10-20 seconds to load the configured filters. |
4.2(5k) and later |
|
| The DHCP response does not reach the client. |
4.2(5k) and later |
|
| The "Locator LED" and "Indicator LED Color" fields in the Cisco APIC GUI for a physical interface do not accurately reflect the state of the locator LED. If you change the state of the Locator LED, the change will not be reflected in the GUI, but will be pushed to the switch correctly.To view, go to Fabric > Pod > Leaf > Interfaces > Physical Interfaces > Interface > Operational Tab. This the state of the Locator LED can also be seen using moquery, though note this issue also impacts moquery and the change to the Locator LED status will not be reflected here:moquery -d topology/pod-<pod #>/node-<node #>/sys/ch/lcslot-1/lc/leafport-<port #>/locled-1 |
4.2(5k) and later |
|
| Visibility & Troubleshooting tool returns "Internal query error:list index out of range" followed by "Server API calls return error. Please click OK to go back to the first page.". |
4.2(5k) and later |
|
| Cisco ACI snapshots cannot be compared and the following error is generated:File SNAPSHOT_NAME is not a valid snapshot. Could not parse NAPSHOT_NAME_1.json: Invalid control character at: line 1 column X |
4.2(5k) and later |
|
| The data in the Cisco APIC database may get deleted during an upgrade from a 3.0 or 3.1 release to a 4.0 or 4.1 release if the target release is rolled back to current running release within 2 minutes after the upgrade was started. The upgrade will continue anyway, but the Cisco APIC will lose all data in the database and a user with admin credentials cannot log in. Only the rescue-user/admin can log in. All shards for a process show as unexpected, and the database files are removed. The last working pre-upgrade database files are copied to the purgatory directory. |
4.2(5k) and later |
|
| The Cisco APIC does not allow an upgrade to be cancelled. Rolling back the target version after an upgrade is started does not stop the upgrade and may cause Cisco APIC database loss. This enhancement is filed to block a Cisco APIC target version change unless the following conditions are met:1. All Cisco APICs are online and the cluster is fully fit.2. The upgrade job (maintUpgJob) for all Cisco APICs are completed.3. The Installer.py process is not running on any of the Cisco APICs. |
4.2(5k) and later |
|
| After a delete/add of a Cisco ACI-managed DVS, dynamic paths are not programmed on the leaf switch and the compRsDlPol managed object has a missing target. The tDn property references the old DVS OID instead of the latest value.# moquery -c compRsDlPol |
4.2(5k) and later |
|
| A bridge domain subnet is explicitly marked as public. The same EPG subnet has the shared flag enabled and has an implicit private scope. The private scope should take precedence over the public scope and should not get advertised. However, the bridge domain subnet does get advertised through the L3Out. |
4.2(5k) and later |
|
| The configuration of a bridge domain subnet scope as "public" and an EPG scope as "private" should not be allowed. |
4.2(5k) and later |
|
| In the Common tenant, clicking on an FHS policy for the first time generates a POST and that gets sent from the GUI as the logged in user to create the child raguardpol. There is no confirmation or notification. However, in the audit logs, there is an entry to log this configuration.Location in GUI:First Hop Security policy under Common tenant ---> Policies ---> Protocol ---> First Hop Security ---> Feature Policies --> Default |
4.2(5k) and later |
|
| Interface counters are cleared successfully in the CLI, but the original CRC stomped value is still observed in the GUI. |
4.2(5k) and later |
|
| Mroute will not be populated into MRIB. Leaf shows we process the PIM register which should in turn populate the mroute entry but it does not due to this threshold being exceeded. |
4.2(5k) and later |
|
| EIGRP summary routes are not advertised from one of the many interfaces under same interface profile. |
4.2(5k) and later |
|
| The following errors are seen on a Cisco APIC.GUI:Error the messaging layer was unable to deliver the stimulus (connection error, Address already in use)CLI:apic# show controllerBind failed. Error Code : 98 Message: Address already in use |
4.2(5k) and later |
|
| Port-groups named "||" may be created in VMware vCenter when a vmmEpPD MO (VMM port group) is not present when the l3extRsDynPathAtt (L3Out dynamic attachment) associated with a vmmDom is deleted. L3Out dynamic attachments in VMM are created when the floating SVI feature is implemented on the L3Outs.The port-groups named "||" that get installed in VMware vCenter can cause bug CSCvu41160 to occur, where the Cisco APIC is unable to properly parse the port group names. Bug CSCvu41160 prevents the parsing issue, while this bug aims to prevent the "||" port-group creation in the first place. |
4.2(5k) and later |
|
| Configuring Logical Interface Profile in L3Out, "Forwarding IP Address" box may or may not show up.This symptom occurs when configuring "Routed Sub-Interface" and "SVI". 1. Tenants > Networking > L3Out > Logical Interface Profiles > InterfaceProfile Select "Routed Sub-Interfaces" or "SVI" tub and click "+" button. In this moment, "Forwarding IP address" is not shown. 2. Click "Direct Port Channel" tab in "Path Type" once. 3. Then Re-click "Port" tab in "Path Type" In this moment, "Forwarding IP address" is shown as mandatory item. |
4.2(5k) and later |
|
| When executing "show running-config" or "show running-config vpc" from the Cisco APIC while running a 4.2 release, the following errors can be seen: |
4.2(5k) and later |
|
| The configuration from the GUI is accepted, but is reverted back after submission. The underlying problem is that the Cisco APIC policy distributor process continues to retry the same tasks after 4 to 5 minutes because there is no ACK for the completion by the Cisco APIC policy manager. Because of this issue, any recently-implemented configuration (using the GUI or REST API) is not processed, but gets stuck in the queue. |
4.2(5k) and later |
|
| Without Intersight enabled, there is an alert under the GUI notifications:Intersight Proxy not configuredConfigure Intersight Proxy to use the Network Insights - Base application for free. Configure Proxy from Intersight |
4.2(5k) and later |
|
| The following error message in appears in the GUI for Fibre Channel interfaces on N9K-C93180YC-FX:"Configuration is mismatch with applied interface" |
4.2(5k) and later |
|
| A leaf switch reloads due to an out-of-memory condition after changing the contract scope to global. |
4.2(5k) and later |
|
| An SNMP v3 trap is sent 2 minutes after a PSU is removed from the Cisco APIC. |
4.2(5k) and later |
|
| After deleting the OnDemand tech-support policy following the workaround for CSCvk60397, one fault F0756 was still seen. |
4.2(5k) and later |
|
| vAPIC does not take the latest passphrase from the GUI when sending a certificate request. |
4.2(5k) and later |
|
| A standby Cisco APIC doesn't upgrade during a Cisco APIC cluster upgrade and raises fault F1824. |
4.2(5k) and later |
|
| The policy manager crashes consistently and eventually stops running. The Cisco APIC cluster becomes diverged. |
4.2(5k) and later |
|
| After deleting the OnDemand tech-support policy following the workaround for CSCvk60397, one fault F0756 was still seen. |
4.2(5k) and later |
|
| In the L3Out creation wizard, the node profile and interface profile name changes to default if you change the node profile and interface profile names on page 2, then you return to page 1. The values of the other fields retain their configured values. For the interface profile name, this issue is only seen with an SVI vPC. |
4.2(5k) and later |
|
| The Logical Interface Profiles (Folder) shows different IP addresses assigned to each interface than what is configured in the interface profile. This is a cosmetic issue because the interfaces are programmed correctly. |
4.2(5k) and later |
|
| Some configuration is missing on a switch node due to the corresponding policies not being pushed to the switch from the Cisco APIC. This may manifest as a vast variety of symptoms depending on which particular policies weren't pushed. |
4.2(5k) and later |
|
| When a route-map is configured using match rules (prefix-list), the CLI output of show running-config shows the wrong prefix length. Only "le 32|128" is displayed in the CLI regardless of the actual range configured in GUI. |
4.2(5k) and later |
|
| The appliance element DME fails to subscribe to the policy from policymgr DME, which prevents the Cisco APIC from being able to configure the inband interface. |
4.2(5k) and later |
|
| If a Cisco APIC is accidentally powered off while the initial setup script running, the initial setup will not start at next boot time. The previous admin password can be used to log in, and the Cisco APIC boots with the last running configuration. |
4.2(5k) and later |
|
| The Cisco APIC fails to start the auditd service and the following message is displayed on the console when apic boots up:[FAILED] Failed to start Security Auditing Service. |
4.2(5k) and later |
|
| When creating a new SNMP monitoring destination group, you will get a warning that "the value in this field is invalid" if you start the string with numbers for the community name. This was allowed in previous versions. |
4.2(5k) and later |
|
| An interface between a leaf switch and spine switch is brought down into the out-of-service state, accompanied with fault F0454 (out of service due to Controller UUID mismatch). |
4.2(5k) and later |
|
| + ACI reports fault F1419. |
4.2(5k) and later |
|
| If a PBR service graph is applied between two EPGs of the same VRF table, then when the PBR node is located in a different VRF table (which is not a supported configuration), a drop rule gets installed in the PBR VRF table to drop all traffic with a source pcTag of the provider of the service graph. |
4.2(5k) and later |
|
| Traffic loss is observed from multiple endpoints deployed on two different vPC leaf switches. |
4.2(5k) and later |
|
| The message "Faults/health summary disabled due to max limit reached" is visible under Fabric -> Inventory -> Topology -> Summary, even when the user has not reached the documented limit. |
4.2(5k) and later |
|
| Selecting an external IP address that is reachable from a single L3Out, the Cisco APIC shows the following error: |
4.2(5k) and later |
|
| If a service graph gets attached to the inter-VRF contract after it was already attached to the intra-VRF contract, the pctag for the shadow EPG gets reprogrammed with a global value. The zoning-rule entries that matched the previous pctag as the source and EPG1 and EPG2 as the destination do not get reprogrammed and they remain in a stale status in the table. Traffic between EPG1 and EPG2 gets broken as the packets flowing from the PBR get classified with the new global pctag. |
4.2(5k) and later |
|
| On a recurring basis, after several days, ssh/GUI access is lost to some Cisco APICs using either a local account or remote user. For example, the same user can log in to APIC3, but not APIC1 nor APIC2. Restarting nginx eliminates the issue for several days, but the issue then occurs again. The Cisco APIC cluster is fully fit and no cores are seen. |
4.2(5k) and later |
|
| When pushing the new VMware VMM domain to VMware vCenter 7, the task "Reconfigure Distributed Port Group" for the DV-uplink-group completes with a status of "Link Aggregation Control Protocol group configured on <VMM_domain_name> conflicts with the Link Aggregation Control Protocol API version multipleLag." No fault is raised on the Cisco APIC. |
4.2(5k) and later |
|
| When a power supply is disconnected for one PSU, it typically takes 5 minutes, but up to 20 minutes, to reflect the correct status in the Cisco APIC. A similar delay is observed when the power supply is connected again. |
4.2(5k) and later |
|
| An endpoint move from a microsegmentation EPG to a base EPG causes the endpoint to disconnect for tag-based microsegmentation. |
4.2(5k) and later |
|
| Running "Visibility & Troubleshooting Reporting" gives a report of "Status - Pending" after trying for the second time. The first attempt works fine, but the second attempt gets stuck in the pending state. This issue is observed on all Cisco APICs, on all the browsers, and with different PCs. |
4.2(5k) and later |
|
| One Cisco APIC experiences high Java CPU utilization, reaching over 400%. |
4.2(5k) and later |
|
| In a setup with 3 hosts from the same domain that have some number of virtual machines under them and the reserve host and other parameters are selected, after starting the "Migrate to ACI Virtual Edge" process, all hosts start to move at same time, causing a resource crunch. This issue occurs only once in a while. In a normal scenario, the hosts migrate one by one. |
4.2(5k) and later |
|
| The load time of the operational tab of an interface under a node is significantly longer the first time it is viewed. After this initial load, going to other interfaces under that same switch is comparatively faster. |
4.2(5k) and later |
|
| For a Cisco ACI fabric that is configured with fabricId=1, if APIC3 is replaced from scratch with an incorrect fabricId of "2," APIC3's DHCPd will set the nodeRole property to "0" (unsupported) for all dhcpClient managed objects. This will be propagated to the appliance director process for all of the Cisco APICs. The process then stops sending the AV/FNV update for any unknown switch types (switches that are not spine nor leaf switches). In this scenario, commissioning/decommissioning of the Cisco APICs will not be propagated to the switches, which causes new Cisco APICs to be blocked out of the fabric. |
4.2(5k) and later |
|
| The "show" and "fabric" commands on the Cisco APIC CLI become unresponsive. |
4.2(5k) and later |
|
| APIC symptoms: After a Cisco APIC has finished upgrading and has reloaded, the ifc_reader crashes about 6 times in 7 minutes. Afterward, the ifc_reader service stops, which causes Cisco APIC communication issues. ifc_reader DME issues are not reflected in the AV health values, rvread, nor the Cisco APIC GUI. acidiag avread, rvread, and the Cisco APIC GUI report a fully fit cluster. Cisco APIC GUI alarms raise a "split fabric" alert, and crashes in the NGINX process may be observed. |
4.2(5k) and later |
|
| "Show Usage" in the GUI for a TACACS policy in the fabric monitoring common policy do not work in release 4.2(5k) and later. |
4.2(5k) and later |
|
| The show usage screen in the Cisco APIC GUI has empty output. |
4.2(5k) and later |
|
| The GIPo address is only visible on APIC 1 when using the command "cat /data/data_admin/sam_exported.config". The command output from the other APICs outputs do not show the GIPo address. |
4.2(5k) and later |
|
| Preconfiguration validations for L3Outs that occur whenever a new configuration is pushed to the Cisco APIC might not get triggered. |
4.2(5k) and later |
|
| Logging in using TACACS to 1 or multiple Cisco APICs can intermittently fail while showing fault F0023. TCPDump shows that the Cisco APIC is resetting the 3-way-handshake. Sometimes, the following error message displays: The server is temporarily busy due to higher than usual request volume. Please try again later. Unable to deliver the message, Resolve timeout from (type/num/svc/shard) = |
4.2(5k) |
|
| When "global EP Listen Policy" is enabled on Cisco APIC, the following faults might be raised: F1190: if the policy is enforced on a Layer3 port on switch F0532: if the policy is enforced on a port which is operationally down The fix for this bug will ensure that the policy will not be enforced on the following types of ports: 1. Layer 3 ports. 2. Ports that are operationally down. |
4.2(5k) |
|
| Visore displays blank pages when loaded from a switch that is running release 14.2(5k). |
4.2(5k) |
Resolved Issues
Click the bug ID to access the Bug Search Tool and see additional information about the bug. The "Fixed In" column of the table specifies whether the bug was resolved in the base release or a patch release.
| Description |
Fixed in |
|
| After an APIC has finished upgrading and has reloaded, the ifc_reader crashes about 6x times in 7 minutes. Afterward, the ifc_reader service stops, which causes Cisco APIC communication issues. ifc_reader DME issues are not reflected in the AV health values, rvread, nor the Cisco APIC GUI. acidiag avread, rvread, and the Cisco APIC GUI report a fully fit cluster. Cisco APIC GUI alarms raise a "split fabric" alert, and crashes in the NGINX process may be observed. |
4.2(5n) |
|
| - Duplicate DHCP leases are leased out by a Cisco APIC to a Cisco ACI Virtual Edge virtual machine VTEP intfs (kni0/kni2). - OpflexODev managed objects are not created due to duplicate opflexIDEp managed objects for these overlapping Cisco ACI Virtual Edge virtual machine VTEP intfs - The affected Cisco APIC sets a DHCP Pool to available (usable-recovery) again instead of "recovery". The latter prevents leases from being allocated from the pool. - The affected Cisco APIC will keep this until the DHCPD DME is shut down on it manually, which requires root access. - This issue is caused by a race condition whereby the Cisco APIC recovers the DHCP managed objects (lease/client) before reading the fabric node vector (FNV) entries. - After an firmware upgrade, the Cisco APICs can only recover the DHCP client/lease managed objects by reading the FNV entries first, and therefore this needs to happen in that order. |
4.2(5n) |
|
| After logging into the Cisco APIC GUI on release 4.2(4) and later and you open multiple tabs, after several minutes the browser becomes slower and there are high spikes in the client CPU and memory usage. This causes the GUI to slow down. |
4.2(5n) |
|
| Cisco APICs diverge and the Cisco APIC cluster doesn't reach the fully-fit state during a Cisco APIC fabric upgrade or Cisco APIC reboot. The Cisco APIC cluster diverges and does not reach the 'fully-fit' state if both of the following conditions are true: 1) A Cisco APIC is upgrading or downgrading from 4.2(5l) to another release, or a Cisco APIC is rebooting. 2) The Attachable Entity Profile (AEP) for the Cisco APIC connected port has Infra VLAN enabled. The Infra VLAN is deployed on the Cisco APIC connected port explicitly by the user configuration. |
4.2(5n) |
|
| The fault F3227 "ACI failed processing an already accepted configuration change" continuously gets raised. |
4.2(5n) |
|
| Logging in using TACACS to 1 or multiple Cisco APICs can intermittently fail while showing fault F0023. TCPDump shows that the Cisco APIC is resetting the 3-way-handshake. Sometimes, the following error message displays: The server is temporarily busy due to higher than usual request volume. Please try again later. Unable to deliver the message, Resolve timeout from (type/num/svc/shard) = |
4.2(5l) |
|
| When "global EP Listen Policy" is enabled on Cisco APIC, the following faults might be raised: F1190: if the policy is enforced on a Layer3 port on switch F0532: if the policy is enforced on a port which is operationally down The fix for this bug will ensure that the policy will not be enforced on the following types of ports: 1. Layer 3 ports. 2. Ports that are operationally down. |
4.2(5l) |
|
| Visore displays blank pages when loaded from a switch that is running release 14.2(5k). |
4.2(5l) |
|
| The Cisco APIC setup script will not accept an ID outside of the range of 1 through 12, and the Cisco APIC cannot be added to that pod. This issue will be seen in a multi-pod setup when trying add a Cisco APIC to a pod ID that is not between 1 through 12. |
4.2(5k) |
|
| Fault delegates are raised on the Cisco APIC, but the original fault instance is already gone because the affected node has been removed from the fabric. |
4.2(5k) |
|
| A previously-working traffic is policy dropped after the subject is modified to have the "no stats" directive. |
4.2(5k) |
|
| There is an event manager process crash. |
4.2(5k) |
|
| Fault alarms get generated at a higher rate with a lower threshold. There is no functional impact. |
4.2(5k) |
|
| The Cisco APIC GUI produces the following error messages when opening an EPG policy: Received Invalid Json String. The server returned an unintelligible response.This issue might affect backup/restore functionality. |
4.2(5k) |
|
| When configuring local SPAN in access mode using the GUI or CLI and then running the "show running-config monitor access session<session>" command, the output does not include all source span interfaces. |
4.2(5k) |
|
| This is an enhancement to add columns in "Fabric > Inventory> Fabric Membership" to show BGP Route Reflectors for within pod and across pods (external BGP RR). |
4.2(5k) |
|
| L3Out encapsulated routed interfaces and routed interfaces do not have any monitoring policy attached to them. As a result, there is no option to change the threshold values of the faults that occur due to these interfaces. |
4.2(5k) |
|
| Fibre Channel conversion is allowed on an unsupported switch. The only switch that supports Fibre Channel conversion is the Cisco N9K-C93180YC-FX. |
4.2(5k) |
|
| The GUI does not provide a "Revert" option for interfaces that are converted to Fibre Channel. |
4.2(5k) |
|
| An app does not get fully removed from all Cisco APICs. |
4.2(5k) |
|
| When logging into the Cisco APIC using "apic#fallback\\user", the "Error: list index out of range" log message displays and the lastlogin command fails. There is no operational impact. |
4.2(5k) |
|
| "*,G" got created in both MRIB and MFDM, is present for nearly 9 minutes, and then got expired. |
4.2(5k) |
|
| The policy manager (PM) crashes after upgrading the Cisco APIC, which results in the cluster being diverged. |
4.2(5k) |
|
| After upgrading to APIC release 4.2(3l), the remote leaf switch does not rejoin the fabric. |
4.2(5k) |
|
| A switch entered into a bootloop and an upgrade is triggered multiple times if the maintenance policy is pushed with a REST API call that has the incorrect version. |
4.2(5k) |
|
| The global QoS class congestion algorithm is always incorrectly shown as 'Tail Drop' even though it changed as WRED. The managed object shows correctly when it changed; this is a cosmetic issue. |
4.2(5k) |
|
| Route-map entry on the Cisco ACI Multi-Site speaker spine node to change the BGP next-hop from PTEP to R-TEP for routes advertised by the border leaf node is absent. Routes will be advertised with PTEP to the other site. |
4.2(5k) |
|
| Cisco APIC interfaces e2/3 and 2/4 persist in the GUI and the MIT after disabling and enabling the port channel on the VIC. |
4.2(5k) |
|
| The login history of local users is not updated in Admin > AAA > Users > (double click on local user) Operational > Session. |
4.2(5k) |
|
| - Leaf or spine switch is stuck in 'downloading-boot-script' status. The node never fully registers and does not become active in the fabric. - You can check the status by running 'cat /mit/sys/summary | grep state' on the CLI of the spine or leaf. If the state is set to 'downloading-boot-script' for a long period of time (> 5 minutes), you may be running into this issue. - Checking policy element logs on the spine or leaf switch will confirm if the bootscript file cannot be found on the Cisco APIC: 1. Change directory to /var/log/dme/log. 2. Grep all svc_ifc_policyelem.log files for "downloadUrl - failed, error=HTTP response code said error". If you see this error message, check to make sure all Cisco APICs have the node bootscript files located in /firmware/fwrepos/fwrepo/boot. |
4.2(5k) |
|
| Fault F1298 raised and states that "Delivered,Node belongs to different POD"Actually Node belongs to correct POD and fault is misleading |
4.2(5k) |
|
| There is a stale fvIfConn entry after physically removing the ESXi host after a host is removed from the datacenter or VMware vCenter. |
4.2(5k) |
|
| The 'Primary VLAN for Micro-Seg' field does not show without putting a check in the Allow Micro-Segmentation check box. |
4.2(5k) |
|
| In the Cisco APIC GUI, after removing the Fabric Policy Group from "System > Controllers > Controller Policies > show usage", the option to select the policy disappears, and there is no way in the GUI to re-add the policy. |
4.2(5k) |
|
| When you have a single VMM domain deployed in 2 different VMware vCenters in same SSO domain and you uninstall all Cisco ACI Virtual Edge virtual machines on one of the VMware vCenters by using VCPlugin for the VMM domain, then the VCPlugin on the other VMware vCenter for the same VMM domain shows the existing AVE as "not installed". This happens because the cisco-ave and cisco-ave-<vmm-domain> tags are removed on the other VMware vCenter for the Cisco ACI Virtual Edge virtual machines. |
4.2(5k) |
|
| The Cisco APIC GUI does not expose the 'destName' property of the vnsRedirectDest managed object. |
4.2(5k) |
|
| After VMware vCenter generates a huge amount of events and after the eventId increments beyond 0xFFFFFFFF, the Cisco APIC VMM manager service may start ignoring the newest event if the eventId is lower than the last biggest event ID that Cisco APIC received. As a result, the changes to virtual distributed switch or AVE would not reflect to the Cisco APIC, causing required policies to not get pushed to the Cisco ACI leaf switch. For AVE, missing those events could put the port in the WAIT_ATTACH_ACK status. |
4.2(5k) |
|
| With DHCP in which the node is not properly decommissioned, the DHCP process released the IP address and allocated the IP address to another TEP, which caused a duplicate TEP and caused an outage. |
4.2(5k) |
|
| SNMP poll/walk to the Cisco APIC does not work . The error message "unknown username" is received. |
4.2(5k) |
|
| After decommissioning/removing a node ID from the Cisco APIC, wait for 10 minutes before re-adding the same node back into fabric. Re-adding the node too early can result in unexpected behavior, such as the node that is being decommissioned does not get wiped properly and ends up retaining the TEP address that was allocated by the Cisco APIC. |
4.2(5k) |
|
| The Authentication Type displays as "Use SSH Public/Private Files." However, Cisco APIC acts as a client to the (outside) server, and so "Private" should be the only configurable key in the "SSH Key Contents" area. |
4.2(5k) |
|
| Editing a remote location with a private key that doesn’t have a passphrase is blocked due to form validation. |
4.2(5k) |
|
| After creating a BGP-peer connectivity profile with the loopback option (no presence loopback on L3Out node) in a vPC setup, the BGP session is getting established with a secondary IP address. |
4.2(5k) |
|
| SSD lifetime can be exhausted prematurely if unused Standby slot exists |
4.2(5k) |
|
| - After decommissioning a fabric node, it is not displayed in the maintenance group configuration anymore. - Due to the lingering configuration pointing to the decommissioned node, F1300 gets raised with the description: "A Fabric Node Group (fabricNodeGrp) configuration was not deployed on the fabric node <#> because: Node Not Registered for Node Group Policies" - The dn mentioned in the fault will point to a maintenance group (maintgrp). |
4.2(5k) |
|
| The per feature container for techsupport "objectstore_debug_info" fails to collect on spine nodes due to an invalid filepath. |
4.2(5k) |
|
| After creating a Global Alias Field on an EPG in a user tenant and submitting the change, the tag can be seen as successfully created on the EPG. However, operations such as renaming or deleting do not update the tag after submitting the change. |
4.2(5k) |
|
| Code F1527 occurrs in /data/log on a Cisco APIC. After collecting the "show tech file" for the Cisco APIC, the percentage is shown as only 71%. |
4.2(5k) |
|
| AAEP gets deleted while changing some other policy in the policy group. This only happens when using Firefox and changing a value in the leaf access port policy group. The issue is not seen when using other browsers. |
4.2(5k) |
|
| The MD5 checksum for the downloaded Cisco APIC images is not verified before adding it to the image repository. |
4.2(5k) |
|
| Traffic from newly added subnet(s) is allowed on one or more Cisco APIC(s) and blocked on the other one or more Cisco APIC(s). As Ext Mgmt NW Inst Prof Subnets are applied/programmed on all Cisco APICs, traffic should work on all Cisco APICs. |
4.2(5k) |
|
| There is a message in the Cisco APIC GUI saying that vleaf_elem has restarted several times and may not have recovered, and there are core files of the vleaf_elem process. |
4.2(5k) |
|
| Enhancement request to provide a warning prompt to users if they do a configuration export without enabling AES Encryption. |
4.2(5k) |
|
| In the Cisco APIC GUI, under Fabric -> Inventory -> Pod 1 -> Leaf/Spine -> Summary -> Hardware Usage -> Memory, a memory usage value over 80% is colored red. |
4.2(5k) |
|
| A switch entered into a bootloop and an upgrade is triggered multiple times if the maintenance policy is pushed with a REST API call that has the incorrect version. |
4.2(5k) |
|
| This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the Cisco Application Policy Infrastructure Controller (APIC).This defect track an enhancement to add the ability to block ICMP Timestamp Requests (type 13) and ICMP Timestamp Replies (type 14) |
4.2(5k) |
|
| Inside the /firmware/fwrepos/fwrepo/boot directory, there is a Node-0 bootscript that seemingly points to a random leaf SN, depending on the Cisco APIC from which you're viewing the directory. |
4.2(5k) |
|
| The Smart Licensing GUI page fails to load due to the JavaScript function erroring out while trying to parse an invalid LicenseManager object. The JavaScript error can be seen in the browser developer tools - console logs. |
4.2(5k) |
|
| AVE is not getting the VTEP IP address from the Cisco APIC. The logs show a "pending pool" and "no free leases". |
4.2(5k) |
|
| Fabric > Inventory > Topology > Topology shows the wrong Cisco APIC counts (Active + Standby) in different pods. |
4.2(5k) |
|
| The Cisco APIC setup script will not accept an ID outside of the range of 1 through 12, and the Cisco APIC cannot be added to that pod. This issue will be seen in a multi-pod setup when trying add a Cisco APIC to a pod ID that is not between 1 through 12. CSCvm64933 was filed for similar issue. |
4.2(5k) |
|
| Protocol information is not shown in the GUI when a VRF table from the common tenant is being used in any user tenant. |
4.2(5k) |
|
| Physical Interface Configuration's VLAN tab shows incorrect VLAN assignments on all ports. Ports with no EPGs deployed will show the entire switch VLAN assignment instead of no assigned VLANs. |
4.2(5k) |
|
| When the productSpec of a DVS is changed from Cisco Systems to Vmware Inc as a workaround for bug CSCvr86180, if the VMware vCenter is reloaded after that point, that will result in a change of the object type at the VMware vCenter (DistributedVirtualSwitch to VmwareDistributedVirtualSwitch). That has the effect of the Cisco APIC deleting the hvsLNode the next time it pulls inventory from the VMware vCenter after the VMware vCenter comes back up. When the productSpec is switched back to Cisco Systems, a new hvsLNode is created with most of the fields left as uninitialized, which raises faults on the DVS. Lnode(DVS) gets deleted on the external VMM controller and the MTU on the DVS is different than the MTU in the policy. This is a cosmetic issue. There is no functionality impact. |
4.2(5k) |
|
| The following error message is seen when configuring: Prepend AS: Error 400 - Invalid lastnum: 1. lastnum must be 0 when criteria is prepend. |
4.2(5k) |
|
| A spine switch doesn't advertise the bridge domain or host routes to the GOLF router via BGP, and the bgpPfxLeakP managed object is missing for all bridge domain subnets. |
4.2(5k) |
|
| When a multi-pod environment is deployed in a non-home pod, the hyper-v servers cannot establish a successful connection to the leaf switch, and the opflexODev and OpflexIDEp objects are not created on the leaf switch. This results in a traffic outage, as the on-demand EPGs will be removed from the setup. |
4.2(5k) |
|
| After upgrading to release 4.2(3q), the Event Manger generates a core and crashes continuously, leading to a diverged cluster. |
4.2(5k) |
|
| The following error is encountered when accessing the Infrastructure page in the ACI vCenter plugin after inputting vCenter credentials. "The Automation SDK is not authenticated" VMware vCenter plug-in is installed using powerCLI. The following log entry is also seen in vsphere_client_virgo.log on the VMware vCenter: /var/log/vmware/vsphere-client/log/vsphere_client_virgo.log [ERROR] http-bio-9090-exec-3314 com.cisco.aciPluginServices.core.Operation sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed |
4.2(5k) |
|
| VMware vCenter is offline according to the Cisco APIC. The Cisco APIC is unable to push port groups into VMware vCenter. The leader Cisco APIC for VMware vCenter connections shows as disconnected. There are faults on the VMM domain related to incorrect credentials, but the credentials are actually correct. The same credentials can be used to log in to the VMware vCenter GUI successfully. The "administrator@vsphere.local" account does not work either, so permissions should not be a problem. |
4.2(5k) |
|
| - The configuration is not pushed from the Cisco APIC to RHVM. For example, when attaching a VMM domain to an EPG, the EPG is not created as a logical network in RHVM. - vmmmgr logs indicate that Worker Q is at 300 with Max Q of 300. - When the Q reaches 300, it appears this is caused by the class definition 'ifc:vmmmgr:taskCompHvGetHpNicAdjQualCb' using up the entire worker Q. - There are numerous logs indicating that the sendtoController failed and the Worker is busy. |
4.2(5k) |
|
| Associating an EPG to a FEX interface from Fabric->Inventory->Pod1->leaf->interface in the Cisco APIC GUI creates an unexpected tDn. As a side effect, this type of static EPG association will cause an error if you use Cisco APIC CLI to verify the leaf node configuration. The error message can be cleared by deleting all static EPG associations created from the Inventory. Use moquery to verify which configuration needs to be cleared. |
4.2(5k) |
|
| Periodically, the OpFlex session disconnects. This Issue was seen in K8 integration with Cisco ACI due to an ARP refresh issue for the host VTEP address. |
4.2(5k) |
|
| When trying to assign a description to a FEX downlink/host port using the Config tab in the Cisco APIC GUI, the description will get applied to the GUI, but it will not propagate to the actual interface when queried using the CLI or GUI. |
4.2(5k) |
|
| When changing the SNMP policy from policy1 to policy2 and if policy2 has the same SNMP v3 user configured with a different authentication key, the pod policy reports fault F2194 for all switches. The Cisco APICs in the cluster will accept the new policy; however, the switches in the fabric will not and will continue using the older policy1. |
4.2(5k) |
|
| Cisco APIC accepts the "_" (underscore) symbol as delimiter for VMware VMM Domain Association, even though it is not a supported symbol. This is an enhancement request to implement a check in the Cisco APIC GUI to not accept "_". |
4.2(5k) |
|
| VMware vCenter and the Cisco APIC display different information about the location of the attached virtual machines. |
4.2(5k) |
|
| A new APIC-L3 or M3 server will not be able to complete fabric discovery. LLDP, "acidiag verifyapic," and other general checks will not exhibit a problem. When you check the appliancedirector logs of a Cisco APIC within the cluster to which you are trying to add the affected controller, there will be messages indicating that the rejection is happening due to being unable to parse the certificate subject. |
4.2(5k) |
|
| For an EPG containing a static leaf node configuration, the Cisco APIC GUI returns the following error when clicking the health of Fabric Location: Invalid DN topology/pod-X/node-Y/local/svc-policyelem-id-0/ObservedEthIf, wrong rn prefix ObservedEthIf at position 63 |
4.2(5k) |
|
| There are recurring crashes and core dumps on different Cisco APICs (which are VMM domain shard leaders), as well as high CPU utilization (around 200% so to 2x maxed out CPU cores) for the VMMMGr process, as well as multiple inv sync issues. These issues are preventing the VMMMGr process from processing any operational/configuration changes that are made on the RHVs. |
4.2(5k) |
|
| When creating a VMware VMM domain and specifying a custom delimiter using the character _ (underscore), it is rejected, even though the help page says it is an acceptable character. |
4.2(5k) |
|
| TACACS+ users are unable to login to a Cisco APIC when an AV pair is in use with a dot '.' character in the domain portion. Users may be able to login with minimal permissions if the "Remote user login policy" allows it. The following example shows an AV pair that causes the issue: shell:domains = aci.domain/admin/ Additionally, NGINX logs on the Cisco APIC show the following log line: 23392||2020-06-16T21:04:56.534944300+00:00||aaa||INFO||||Failed to parse AVPair string (shell:domains = aci.domain/admin/) into required data components - error was Invalid shell:domains string (shell:domains = aci.domain/admin/) received from AAA server||../svc/extXMLApi/src/gen/ifc/app/./pam/PamRequest.cc||813 This log can be found at /var/log/dme/log/nginx.bin.log on the Cisco APIC. |
4.2(5k) |
|
| VMM floating L3Out basic functionality does not work. The L3Out port group on a VMware vCenter does not match the configuration in the Cisco APIC. For example, there can be a VLAN mismatch. Cisco APIC visore will show missing compEpPConn, and the port-group's hvsExtPol managed object will not form hvsRsEpPD to the L3Out compEpPD. |
4.2(5k) |
|
| This product includes a version of Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2020-11022 This bug was opened to address the potential impact on this product. |
4.2(5k) |
|
| The /data2 partition is filled up with docker temporary files. Output of "df -hu /data2" will indicate 100% usage. Login as root and check the usage under /data2/docker/tmp. Confirm that this is the folder causing the partition to be full. |
4.2(5k) |
|
| A prefix with an aggregate entry gets removed from Cisco APIC when downgrading the Cisco APIC from 4.2(5) to an earlier release. Due to this, the route map does not get created on the switches, and so routes are not advertised externally. |
4.2(5k) |
|
| There is a BootMgr memory leak on a standby Cisco APIC. If the BootMgr process crashes due to being out of memory, it continues to crash, but system will not be rebooted. After the standby Cisco APIC is rebooted by hand, such as by power cycling the host using CIMC, the login prompt of the Cisco APIC will be changed to localhost and you will not be able to log into the standby Cisco APIC. |
4.2(5k) |
|
| The policy-mgr crashes on multiple Cisco APICs during an upgrade. |
4.2(5k) |
|
| Tenant > Policies > netflow > netflow exporters When Tenant has large amount of EPGs configured, such as over one thousand, when navigating to the network exporters pane, when clicking the policy, it takes several seconds for the application EPG to be displayed. When a lower number of EPGs are present, there is no delay in the EPG being populated. This is a cosmetic defect due to scale. |
4.2(5k) |
|
| After a Cisco APIC upgrade from a pre-4.0 release to a post-4.0 release, connectivity issues occur for devices behind Cisco Application Virtual Edge Switches running on VMWare. |
4.2(5k) |
|
| Using the filter feature for application profiles always returns all of the application profiles. |
4.2(5k) |
|
| The default firmware policy is not displayed in the GUI after setting the policy, logging out, and logging in again. The field will be blank and there is no area detailing the current default policy. |
4.2(5k) |
|
| VMware vCenter Event logs in the Cisco APIC are not visible in release 4.2(4i). |
4.2(5k) |
|
| An SNMPD process crash is observed on two of the Cisco APICs in three Cisco APIC cluster. |
4.2(5k) |
|
| For a tenant name starting with "infra," such as "infratest," the L3Out create wizard does not allow the user to select a particular VRF. Only overlay-1 is allowed, which is the default for infra. Another issue is the Add Pod option does not work in this scenario. |
4.2(5k) |
|
| The VMM process crashes and produces core files when looking in Admin -> Import/Export -> Export Policies -> Core -> default -> Operational tab. |
4.2(5k) |
|
| During a policy upgrade, the upgrade fails for some of the Cisco APICs with the Traceback error "Exception while waiting for turn". 2020-07-19 07:05:35,474|ERROR|28470|installer:577 Exception while waiting for turn: Traceback (most recent call last): File "/tmp/tmpIfTqGl/insieme/mgmt/support/insieme/installer.py", line 575, in install installer.waitForTurn() File "/tmp/tmpIfTqGl/insieme/mgmt/support/insieme/installer.py", line 89, in waitForTurn thisIndex = ids.index(myId) ValueError: 0 is not in list |
4.2(5k) |
Known Issues
Click the Bug ID to access the Bug Search Tool and see additional information about the bug. The "Exists In" column of the table specifies the 4.2(5) releases in which the known behavior exists. A bug might also exist in releases other than the 4.2(5) releases.
| Bug ID |
Description |
Exists in |
| The "show run leaf|spine <nodeId>" command might produce an error for scaled up configurations. |
4.2(5k) and later |
|
| With a uniform distribution of EPs and traffic flows, a fabric module in slot 25 sometimes reports far less than 50% of the traffic compared to the traffic on fabric modules in non-FM25 slots. |
4.2(5k) and later |
|
| When you click Restart for the Microsoft System Center Virtual Machine Manager (SCVMM) agent on a scaled-out setup, the service may stop. You can restart the agent by clicking Start. |
4.2(5k) and later |
|
| One of the following symptoms occurs: ■ App installation/enable/disable takes a long time and does not complete. ■ Nomad leadership is lost. The output of the acidiag scheduler logs members command contains the following error: Error querying node status: Unexpected response code: 500 (rpc error: No cluster leader) |
4.2(5k) and later |
|
| The CRC and stomped CRC error values do not match when seen from the APIC CLI compared to the APIC GUI. This is expected behavior. The GUI values are from the history data, whereas the CLI values are from the current data. |
4.2(5k) and later |
|
| Upgrading Cisco APIC from a 3.x release to a 4.x release causes Smart Licensing to lose its registration. Registering Smart Licensing again will clear the fault. |
4.2(5k) and later |
|
| In the 4.x and later releases, if a firmware policy is created with different name than the maintenance policy, the firmware policy will be deleted and a new firmware policy gets created with the same name, which causes the upgrade process to fail. |
4.2(5k) and later |
|
| N/A |
Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. Because of the validation, when TCP is configured as the IP SLA type, Cisco APIC no longer accepts an IP SLA port value of 0, which was allowed in previous releases. An IP SLA monitor policy from a previous release that has an IP SLA port value of 0 becomes invalid if the Cisco APIC is upgraded to release 4.1(1) or later. This results in a failure for the configuration import or snapshot rollback. The workaround is to configure a non-zero IP SLA port value before upgrading the Cisco APIC, and use the snapshot and configuration export that was taken after the IP SLA port change. |
4.2(5k) and later |
| N/A |
If you use the REST API to upgrade an app, you must create a new firmware.OSource to be able to download a new app image. |
4.2(5k) and later |
| N/A |
In a multipod configuration, before you make any changes to a spine switch, ensure that there is at least one operationally "up" external link that is participating in the multipod topology. Failure to do so could bring down the multipod connectivity. For more information about multipod, see the Cisco Application Centric Infrastructure Fundamentals document and the Cisco APIC Getting Started Guide. |
4.2(5k) and later |
| N/A |
With a non-english SCVMM 2012 R2 or SCVMM 2016 setup and where the virtual machine names are specified in non-english characters, if the host is removed and re-added to the host group, the GUID for all the virtual machines under that host changes. Therefore, if a user has created a micro segmentation endpoint group using "VM name" attribute specifying the GUID of respective virtual machine, then that micro segmentation endpoint group will not work if the host (hosting the virtual machines) is removed and re-added to the host group, as the GUID for all the virtual machines would have changed. This does not happen if the virtual name has name specified in all english characters. |
4.2(5k) and later |
| N/A |
A query of a configurable policy that does not have a subscription goes to the policy distributor. However, a query of a configurable policy that has a subscription goes to the policy manager. As a result, if the policy propagation from the policy distributor to the policy manager takes a prolonged amount of time, then in such cases the query with the subscription might not return the policy simply because it has not reached policy manager yet. |
4.2(5k) and later |
| N/A |
When there are silent hosts across sites, ARP glean messages might not be forwarded to remote sites if a leaf switch without -EX or a later designation in the product ID happens to be in the transit path and the VRF is deployed on that leaf switch, the switch does not forward the ARP glean packet back into the fabric to reach the remote site. This issue is specific to transit leaf switches without -EX or a later designation in the product ID and does not affect leaf switches that have -EX or a later designation in the product ID. This issue breaks the capability of discovering silent hosts. |
4.2(5k) and later |
Compatibility Information
Virtualization Compatibility Information
This section lists virtualization compatibility information for the Cisco APIC software.
■ For a table that shows the supported virtualization products, see the ACI Virtualization Compatibility Matrix.
■ For information about Cisco APIC compatibility with Cisco UCS Director, see the appropriate Cisco UCS Director Compatibility Matrix document.
■ This release supports the following additional virtualization products:
| Product |
Supported Release |
Information Location |
| Microsoft Hyper-V |
■ SCVMM 2019 RTM (Build 10.19.1013.0) or newer ■ SCVMM 2016 RTM (Build 4.0.1662.0) or newer ■ SCVMM 2012 R2 with Update Rollup 9 (Build 3.2.8145.0) or newer |
N/A |
| VMM Integration and VMware Distributed Virtual Switch (DVS) |
6.5, 6.7, and 7.0 |
Hardware Compatibility Information
This release supports the following Cisco APIC servers:
| Product ID |
Description |
| APIC-L1 |
Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports) |
| APIC-L2 |
Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports) |
| APIC-L3 |
Cisco APIC with large CPU, hard drive, and memory configurations (more than 1200 edge ports) |
| APIC-M1 |
Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports) |
| APIC-M2 |
Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports) |
| APIC-M3 |
Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1200 edge ports) |
The following list includes general hardware compatibility information:
■ For the supported hardware, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(5).
■ Contracts using matchDscp filters are only supported on switches with "EX" on the end of the switch name. For example, N9K-93108TC-EX.
■ When the fabric node switch (spine or leaf) is out-of-fabric, the environmental sensor values, such as Current Temperature, Power Draw, and Power Consumption, might be reported as "N/A." A status might be reported as "Normal" even when the Current Temperature is "N/A."
■ First generation switches (switches without -EX, -FX, -GX, or a later suffix in the product ID) do not support Contract filters with match type "IPv4" or "IPv6." Only match type "IP" is supported. Because of this, a contract will match both IPv4 and IPv6 traffic when the match type of "IP" is used.
The following table provides compatibility information for specific hardware:
| Hardware |
Information |
| Cisco UCS M3/L3-based Cisco APIC |
You can now use the UCSC-PCIE-IQ10GC Intel X710 Quad Port 10GBase-T network interface card in the Cisco APIC M3/L3 servers for 10GBase-T connectivity to Cisco ACI leaf nodes. |
| Cisco UCS M4-based Cisco APIC |
The Cisco UCS M4-based Cisco APIC and previous versions support only the 10G interface. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration. |
| Cisco UCS M5-based Cisco APIC |
The Cisco UCS M5-based Cisco APIC supports dual speed 10G and 25G interfaces. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration. |
| N2348UPQ |
To connect the N2348UPQ to Cisco ACI leaf switches, the following options are available: ■ Directly connect the 40G FEX ports on the N2348UPQ to the 40G switch ports on the Cisco ACI leaf switches ■ Break out the 40G FEX ports on the N2348UPQ to 4x10G ports and connect to the 10G ports on all other Cisco ACI leaf switches. Note: A fabric uplink port cannot be used as a FEX fabric port. |
| N9K-C9348GC-FXP |
This switch does not read SPROM information if the PSU is in a shut state. You might see an empty string in the Cisco APIC output. |
| N9K-C9364C-FX |
Ports 49-64 do not supporFut 1G SFPs with QSA. |
| N9K-C9508-FM-E |
The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch. |
| N9K-C9508-FM-E2 |
The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch. The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS switch CLI. |
| N9K-C9508-FM-E2 |
This fabric module must be physically removed before downgrading to releases earlier than Cisco APIC 3.0(1). |
| N9K-X9736C-FX |
The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS Switch CLI. |
| N9K-X9736C-FX |
Ports 29 to 36 do not support 1G SFPs with QSA. |
Adaptive Security Appliance (ASA) Compatibility Information
This section lists ASA compatibility information for the Cisco APIC software.
■ This release supports Adaptive Security Appliance (ASA) device package version 1.2.5.5 or later.
■ If you are running a Cisco Adaptive Security Virtual Appliance (ASA) version that is prior to version 9.3(2), you must configure SSL encryption as follows:
(config)# ssl encryption aes128-sha1
Miscellaneous Compatibility Information
This release supports the following products:
| Product |
Supported Release |
| Cisco NX-OS |
14.2(5) |
| Cisco AVS |
5.2(1)SV3(4.10) For more information about the supported AVS releases, see the AVS software compatibility information in the Cisco AVS Release Notes, Release 5.2(1)SV3(4.10). |
| Cisco UCS Manager |
2.2(1c) or later is required for the Cisco UCS Fabric Interconnect and other components, including the BIOS, CIMC, and the adapter. |
| ■ 4.2(3e) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.2(3b) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.2(2a) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3m) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3f) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3d) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3c) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(2m) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(2k) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(2g) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(2b) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(1g) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3) ■ 4.1(1f) CIMC HUU ISO for UCS C220 M4 (APIC-L2/M2) (deferred release) ■ 4.1(1d) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3) ■ 4.1(1c) CIMC HUU ISO for UCS C220 M4 (APIC-L2/M2) ■ 4.0(4e) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3) ■ 4.0(2g) CIMC HUU ISO for UCS C220/C240 M4 and M5 (APIC-L2/M2 and APIC-L3/M3) ■ 4.0(1a) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3) ■ 3.0(4d) CIMC HUU ISO for UCS C220/C240 M3 and M4 (APIC-L2/M2) ■ 3.0(3f) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 2.0(13i) CIMC HUU ISO ■ 2.0(9c) CIMC HUU ISO ■ 2.0(3i) CIMC HUU ISO |
|
| Network Insights Base, Network Insights Advisor, and Network Insights for Resources |
For the release information, documentation, and download links, see the Cisco Network Insights for Data Center page. For the supported releases, see the Cisco Day-2 Operations Apps Support Matrix. |
■ This release supports the partner packages specified in the L4-L7 Compatibility List Solution Overview document.
■ A known issue exists with the Safari browser and unsigned certificates, which applies when connecting to the Cisco APIC GUI. For more information, see the Cisco APIC Getting Started Guide, Release 4.2(x).
■ For compatibility with OpenStack and Kubernetes distributions, see the Cisco Application Policy Infrastructure Controller Container Plugins Release 4.2(3), Release Notes.
■ For compatibility with Day-2 Operations apps, see the Cisco Day-2 Operations Apps Support Matrix.
■ Cisco Nexus Dashboard Insights creates a user in Cisco APIC called cisco_SN_NI. This user is used when Nexus Dashboard Insights needs to make any changes or query any information from the Cisco APIC. In the Cisco APIC, navigate to the Audit Logs tab of the System > History page. The cisco_SN_NI user is displayed in the User column.
Related Content
See the Cisco Application Policy Infrastructure Controller (APIC) page for the documentation.
You can watch videos that demonstrate how to perform specific tasks in the Cisco APIC on the Cisco ACI YouTube channel.
Temporary licenses with an expiry date are available for evaluation and lab use purposes. They are strictly not allowed to be used in production. Use a permanent or subscription license that has been purchased through Cisco for production purposes. For more information, go to Cisco Data Center Networking Software Subscriptions.
The documentation includes installation, upgrade, configuration, programming, and troubleshooting guides, technical references, release notes, and knowledge base (KB) articles, as well as other documentation. KB articles provide information about a specific use case or a specific topic.
By using the "Choose a topic" and "Choose a document type" fields of the APIC documentation website, you can narrow down the displayed documentation list to make it easier to find the desired document.
The following table provides links to the release notes, verified scalability documentation, and new documentation:
| Document |
Description |
| The release notes for Cisco ACI Virtual Edge. |
|
| The release notes for Cisco ACI Virtual Pod. |
|
| Cisco Application Centric Infrastructure Simulator Appliance Release Notes, Release 4.2(5) |
The release notes for the Cisco ACI Simulator Appliance. |
| Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(5) |
The release notes for Cisco NX-OS for Cisco Nexus 9000 Series ACI-Mode Switches. |
| Cisco APIC System Management Configuration Guide, Release 4.2(x) |
This guide contains information about system management. Currently, the document contains information only about the precision time protocol, but it will be populated with other relevant topics in future releases. |
| This guide contains the maximum verified scalability limits for Cisco Application Centric Infrastructure (ACI) parameters for Cisco APIC, Cisco ACI Multi-Site, and Cisco Nexus 9000 Series ACI-Mode Switches. |
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, send your comments to apic-docfeedback@cisco.com. We appreciate your feedback.
Legal Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2020-2024 Cisco Systems, Inc. All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)