Cisco Application Policy Infrastructure Controller Release Notes, Release 4.2(3)
The Cisco Application Centric Infrastructure (ACI) is an architecture that allows the application to define the networking requirements in a programmatic way. This architecture simplifies, optimizes, and accelerates the entire application deployment lifecycle. Cisco Application Policy Infrastructure Controller (APIC) is the software, or operating system, that acts as the controller.
This document describes the features, bugs, and limitations for the Cisco APIC software.
For more information about this product, see Related Content.
Note: Use this document with the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(3).
Date |
Description |
December 9, 2022 |
In the Open Bugs section, added bug CSCvw33061. |
November 18, 2022 |
In the Open Issues section, added bug CSCwc66053. |
August 1, 2022 |
In the Miscellaneous Compatibility Information section, added: ■ 4.2(2a) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(2k) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) |
March 21, 2022 |
In the Miscellaneous Compatibility Information section, added: ■ 4.1(3f) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) |
February 23, 2022 |
In the Miscellaneous Compatibility Information section, added: ■ 4.1(2g) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) |
November 2, 2021 |
In the Miscellaneous Compatibility Information section, added: ■ 4.1(3d) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) |
August 9, 2021 |
In the Open Issues section, added bug CSCvw33277, CSCvu84392, and CSCvu36682. |
August 4, 2021 |
In the Open Issues section, added bugs CSCvy30453 and CSCvy44940. |
July 26, 2021 |
In the Miscellaneous Compatibility Information section, the CIMC 4.1(3c) release is now recommended for UCS C220/C240 M5 (APIC-L3/M3). |
May 17, 2021 |
In the Open Issues section, added bugs CSCvt23284. |
March 25, 2021 |
In the Open Issues section, added bug CSCvu74478. |
March 11, 2021 |
In the Miscellaneous Compatibility Information section, for CIMC HUU ISO, added: ■ 4.1(3b) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) Changed: ■ 4.1(2b) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3) To: ■ 4.1(2b) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2 |
February 9, 2021 |
In the Open Bugs section, added bug CSCvt07565. |
February 3, 2021 |
In the Miscellaneous Compatibility Information section, for CIMC HUU ISO, added: ■ 4.1(2b) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3) |
October 6, 2020 |
In the Open Issues section, added bug CSCvu67494. |
September 29, 2020 |
In the Miscellaneous Compatibility Information section, specified that the 4.1(1f) CIMC release is deferred. The recommended release is now 4.1(1g). |
September 16, 2020 |
In the Known Issues section, added the issue that begins with: Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. |
May 27, 2020 |
In the New Software Features section added the COOP endpoint dampening feature. |
April 17, 2020 |
In the Miscellaneous Compatibility Information section, updated the CIMC HUU ISO information to include the 4.1(1c) and 4.1(1d) releases. |
March 26, 2020 |
Release 4.2(3q) became available. Added the resolved issues for this release. |
March 6, 2020 |
In the Miscellaneous Compatibility Information section, updated the CIMC HUU ISO information for the 4.0(2g) and 4.0(4e) CIMC releases. |
February 20, 2020 |
In the Changes in Behavior section, added mention of the hypervisor topology view changes. |
January 24, 2020 |
Release 4.2(3n) became available; there are no changes to this document for this release. See the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(3) for the changes in this release. |
December 20, 2019 |
Release 4.2(3l) became available; there are no changes to this document for this release. See the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(3) for the changes in this release. |
December 9, 2019 |
Release 4.2(3j) became available. |
Description |
Guidelines and Restrictions |
|
COOP Endpoint Dampening |
When malicious or erroneous behavior causes unnecessary endpoint updates, the COOP process can become overwhelmed, preventing the processing of valid endpoint updates. The rogue endpoint detection feature of the leaf switch can prevent many erroneous updates from reaching the spine. In cases where the rogue endpoint detection is inadequate, the COOP process invokes endpoint dampening. To relieve pressure on COOP, the spine asks all leaf switches to ignore updates from the misbehaving endpoint for a specified period. For more information, see the Cisco APIC Basic Configuration Guide, Release 4.2(x). |
None. |
Enhancements for Match Prefix |
Two new fields (From Prefix and To Prefix fields) are now available in the Match Prefix field to specify the mask range when you create a prefix match rule and enable aggregation. For more information, see the Cisco APIC Layer 3 Networking Configuration Guide, Release 4.2(x). |
None. |
Filters-from-contract option in the service graph templates |
The filters-from-contract option is available in the service graph templates using the Cisco APIC GUI. This option uses the specific filter of the contract subject where the service graph is attached, instead of the default filter for zoning-rules that do not include the consumer EPG class ID as the source or destination. For more information, see the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide, Release 4.2(x). |
None. |
Increased range for equal-cost multi-path (ECMP) routing paths |
The range for the maximum number of equal-cost paths for eBGP and iBGP load sharing is now from 1 to 64, with a default value of 16. For more information, see the Cisco APIC Layer 3 Networking Configuration Guide, Release 4.2(x). |
None. |
Incremental enhancements to the read-only admin user capability on spine and leaf switches |
Switches running the 14.2(3) release now support L1 access (read-only privilege for an admin user) for the following things: ■ acidiag fnvread command ■ vsh_lc with the show commands ■ Tech support collection ■ show events command ■ PCAP under the visibility and troubleshooting section ■ BGP advertised and received routes (show bgp ipv4 unicast neighor <neighbor ip> advertised-routes vrf <vrf name>) ■ CRC command to identify stomped CRC and genuine CRC ■ Read-only access to the log files, such as BGP, BFD, and IPv6 ■ tcpdump command |
None. |
Python SDK (Cobra) support for Python 3.x and Wheel |
The Cisco APIC Python SDK adds support for Python 3.6 and later. A Wheel installation package is now included in addition to the egg files. |
None. |
Rogue EP Control in the First Time Setup wizard |
The Rogue EP Control option is now part of the First Time Setup wizard. For more information, see the Cisco APIC Basic Configuration Guide, Release 4.2(x). |
None. |
Stomped CRC errors and traditional CRC errors |
CRC align errors in interface counters are now broken out into stomped CRC errors and traditional CRC errors. Stomped CRC errors refer to frames that were received and cut-through switched before the FCS trailer was received. Rather than rewriting the CRC field based on the corrupted frame, the switch will insert a special value into the CRC that indicates the frame should be stomped by the end device or the first device in the path that does store-and-forward switching. "CRC error" frames refer to corrupted frames that are dropped on the ingress interface and are not forwarded. You can view the split in error statistics in the Cisco APIC GUI or by directly querying the eqptIngrCrcErrPkts object. Additionally you can view the statistics directly on the switch by running the "show interface" command. |
None. |
Support for custom EPG names for VMM domains |
You can now give EPGs a custom name that carries over to a VMware vCenter port group or a Microsoft VM network. The feature is available for VMware vSphere Distributed Switch, Microsoft System Center Virtual Machine Manager (SCVMM), and Cisco ACI Virtual Edge. If you do not provide a custom name, the domain association assigns a name in the format of tenant|app_profile|epg_name for a port group or tenant|application|epg|domain for a VM network. However, if you enter a custom name for the EPG, the same name is applied to the port group or VM network. For more information, see the "Custom EPG Names and Cisco ACI" chapter in the Cisco ACI Virtualization Guide, Release 4.2(x). |
Giving an EPG a custom name is a beta preview feature in this release. |
Support for QoS MIBs |
Selected OIDs from CISCO-CLASS-BASED-QOS-MIB and CISCO-SWITCH-QOS-MIB are added for leaf and spine switches. |
None. |
For new hardware features, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(3).
For the changes in behavior, see the Cisco ACI Releases Changes in Behavior document.
Click the bug ID to access the Bug Search Tool and see additional information about the bug. The "Exists In" column of the table specifies the 4.2(3) releases in which the bug exists. A bug might also exist in releases other than the 4.2(3) releases.
Bug ID |
Description |
Exists in |
The Cisco APIC GUI does not expose the 'destName' property of the vnsRedirectDest managed object. |
4.2(3q) and later |
|
Enhancement request to provide a warning prompt to users if they do a configuration export without enabling AES Encryption. |
4.2(3q) and later |
|
The Cisco APIC setup script will not accept an ID outside of the range of 1 through 12, and the Cisco APIC cannot be added to that pod. This issue will be seen in a multi-pod setup when trying add a Cisco APIC to a pod ID that is not between 1 through 12. CSCvm64933 was filed for similar issue. So there are two issues here |
4.2(3q) and later |
|
After upgrading to release 4.2(3q), the Event Manger generates a core and crashes continuously, leading to a diverged cluster. |
4.2(3q) and later |
|
This defect covers a patch for a condition similar to CSCvn15769 but not covered in the patch for it. There are recurring crashes and core dumps on different Cisco APICs (which are VMM domain shard leaders), as well as high CPU utilization (around 200% so to 2x maxed out CPU cores) for the VMMMGr process, as well as multiple inv sync issues. These issues are preventing the VMMMGr process from processing any operational/configuration changes that are made on the RHVs. This can be resolved these by repeatedly restarting the vmmmgr process (the aforementioned cores are NOT caused by the process restarts). However, restarting a DME is not a recommended workaround. |
4.2(3q) and later |
|
Logging in using TACACS to 1 or multiple Cisco APICs can intermittently fail while showing fault F0023. TCPDump shows that the Cisco APIC is resetting the 3-way-handshake. Sometimes, the following error message displays: The server is temporarily busy due to higher than usual request volume. Please try again later. Unable to deliver the message, Resolve timeout from (type/num/svc/shard) = |
4.2(3q) and later |
|
Interface counters are cleared successfully in the CLI, but the original CRC stomped value is still observed in the GUI. |
4.2(3q) and later |
|
Selecting an external IP address that is reachable from a single L3Out, the Cisco APIC shows the following error: |
4.2(3q) and later |
|
OID "1.3.6.1.4.1.9.9.117.2.0.0.2" in v1 SNMP trap cefcPowerStatusChange by Cisco APIC is observed. |
4.2(3n) and later |
|
Packet loss is observed across the spine switches for unicast traffic. |
4.2(3n) and later |
|
Legacy mode bridge domain is intended for a specific use case that requires higher bridge domain (VLAN) numbers per switch. As of Cisco APIC release 4.2, ~2000 normal bridge domains can be deployed on the same leaf switch, while 3500 legacy mode bridge domains can be deployed on the same leaf switch. However, as a trade-off for the bridge domain (VLAN) numbers, legacy mode bridge domains lose various Cisco ACI-specific capabilities, such as contracts, pervasive gateway (bridge domain subnet). This is an enhancement to update the name of Legacy Mode for a bridge domain to reflect its functionality and purpose in the Cisco APIC GUI. With this enhancement, Legacy Mode is presented as Scaled L2 Only Mode. |
4.2(3n) and later |
|
In the Cisco APIC GUI, external EPGs under L2Out and L3Out in tenants are called "External Network Instance Profile". This is the official name for object (l2extInstP and l3extInstP). However, these are typically referred to as external EPGs. This is an enhancement to update the GUI label from "External Network Instance Profile" to "External EPG". |
4.2(3n) and later |
|
The Cisco APIC fails to start the auditd service and the following message is displayed on the console when apic boots up: |
4.2(3n) and later |
|
We do not support a bridge domain in hardware proxy mode for flood in encapsulation. However, there is no warning or validation in the GUI. |
4.2(3l) and later |
|
Immediately after a Cisco APIC cluster upgrade, all EPG SCVMM networks are marked for deletion. Networks not attached to virtual machines are deleted. Networks that are attached to virtual machines fail to get deleted, as they are being used and the following fault gets raised on the Cisco APIC cluster for each network: F1471EPG deployment failed due to Powershell call failed. Error Message: Cannot Delete VmNetwork |
4.2(3l) and later |
|
The L3Out wizard shows the incorrect router_id from another VRF table. |
4.2(3l) and later |
|
In a Cisco vAPIC environment in which the administrative state of Eth1/2 is down, fault F0106 is presented for Eth1/2 of the Cisco vAPIC nodes. |
4.2(3l) and later |
|
If the DVS version is 6.6 or later or the VMware vCenter version is 7.0, using basic LACP will raise errors on the VMware vCenter, as these releases of DVS and VMware vCenter no longer support LACP. |
4.2(3l) and later |
|
This bug is an enhancement to enable the configuring of SNMPv3 with SHA2 and AES256. This configuration is needed for as a security enhancement. |
4.2(3l) and later |
|
Cisco APIC interfaces e2/3 & 2/4 persist in the GUI and the MIT after disabling and enabling the port channel on the VIC. |
4.2(3l) and later |
|
The CSSM receives an extremely high number of entitlement requests from a Cisco ACI fabric, in upwards of 25,000 over a 48-hour period. |
4.2(3l) and later |
|
Fault F1298 raised and states that "Delivered,Node belongs to different POD". Actually, the node belongs to the correct POD and fault is misleading. |
4.2(3l) and later |
|
There is a stale fvIfConn entry after physically removing the ESXi host after a host is removed from the datacenter or VMware vCenter. |
4.2(3l) and later |
|
CloudSec encryption may not function when certain features are enabled, such as remote leaf switches and Cisco ACI Multi-Site intersite L3Outs. |
4.2(3l) and later |
|
A Cisco vAPIC running release 4.2(3l) goes into a sh-4.2# prompt. Runing any command returns "Admin cookie not found". |
4.2(3l) and later |
|
With DHCP in which the node is not properly decommissioned, the DHCP process released the IP address and allocated the IP address to another TEP, which caused a duplicate TEP and caused an outage. |
4.2(3l) and later |
|
Fault F0948 is raised in the fabric, where the child-most affected object is "rsBDToProfile". |
4.2(3l) and later |
|
SNMP poll/walk to the Cisco APIC does not work . The error message "unknown username" is received. |
4.2(3l) and later |
|
After decommissioning/removing a node ID from the Cisco APIC, wait for 10 minutes before re-adding the same node back into fabric. Re-adding the node too early can result in unexpected behavior, such as the node that is being decommissioned does not get wiped properly and ends up retaining the TEP address that was allocated by the Cisco APIC. |
4.2(3l) and later |
|
When using Cisco APIC release 4.2(2l), the UCSM integration icon is broken in the GUI. |
4.2(3l) and later |
|
The Authentication Type displays as "Use SSH Public/Private Files." However, Cisco APIC acts as a client to the (outside) server, and so "Private" should be the only configurable key in the "SSH Key Contents" area. |
4.2(3l) and later |
|
Editing a remote location with a private key that doesn?t have a passphrase is blocked due to form validation. |
4.2(3l) and later |
|
After creating a Global Alias Field on an EPG in a user tenant and submitting the change, the tag can be seen as successfully created on the EPG. However, operations such as renaming or deleting do not update the tag after submitting the change. |
4.2(3l) and later |
|
Code F1527 occurrs in /data/log on a Cisco APIC. After collecting the "show tech file" for the Cisco APIC, the percentage is shown as only 71%. |
4.2(3l) and later |
|
In the Cisco APIC GUI, under Fabric -> Inventory -> Pod 1 -> Leaf/Spine -> Summary -> Hardware Usage -> Memory, a memory usage value over 80% is colored red. |
4.2(3l) and later |
|
- The configuration is not pushed from the Cisco APIC to RHVM. For example, when attaching a VMM domain to an EPG, the EPG is not created as a logical network in RHVM. - vmmmgr logs indicate that Worker Q is at 300 with Max Q of 300. - When the Q reaches 300, it appears this is caused by the class definition 'ifc:vmmmgr:taskCompHvGetHpNicAdjQualCb' using up the entire worker Q. - There are numerous logs indicating that the sendtoController failed and the Worker is busy. |
4.2(3l) and later |
|
Traffic drops between select EPGs involved in shared-service contract.The shared routes gets programmed with a pctag of 0 which causes traffic from the source EPG to the destination to get dropped. |
4.2(3l) and later |
|
After a switch replacement, the Cisco APIC will no longer be able to run show commands on it, such as "fabric 101 show int bri", where "101" is the Node ID of the replaced switch. The Cisco APIC will be able to send the command to the switch, but the return will be empty due to an old SSH key (the key of the old switch). |
4.2(3l) and later |
|
Visibility & Troubleshooting tool returns "Internal query error:list index out of range" followed by "Server API calls return error. Please click OK to go back to the first page.". |
4.2(3l) and later |
|
Cisco ACI snapshots cannot be compared and the following error is generated: |
4.2(3l) and later |
|
When executing "show running-config" or "show running-config vpc" from the Cisco APIC while running a 4.2 release, the following errors can be seen: |
4.2(3l) and later |
|
The fault F3227 "ACI failed processing an already accepted configuration change" continuously gets raised. |
4.2(3l) and later |
|
For a client (browser or ssh client) that is using IPv6, the Cisco APIC aaaSessionLR audit log shows "0.0.0.0" or some bogus value. |
4.2(3j) through 4.2(3n) |
|
When you run the 'show vpc map' command in the APIC CLI, it only prints the column headers, but none of the vPC information. If you go to the leaf switch CLI and run the 'show vpc extended' command, it will show the vPCs there. |
4.2(3j) through 4.2(3n) |
|
A VMMmgr crash maybe observed in a scaled environment with 20+ Floating L3Outs. |
4.2(3j) through 4.2(3n) |
|
The Port ID LLDP Neighbors panel displays the port ID when the interface does not have a description. Example: Ethernet 1/5, but if the interface has description, the Port ID property shows the Interface description instead of the port ID. |
4.2(3j) and later |
|
This enhancement is to change the name of "Limit IP Learning To Subnet" under the bridge domains to be more self-explanatory. Original : Limit IP Learning To Subnet: [check box] Suggestion : Limit Local IP Learning To BD/EPG Subnet(s): [check box] |
4.2(3j) and later |
|
A tenant's flows/packets information cannot be exported. |
4.2(3j) and later |
|
Requesting an enhancement to allow exporting a contract by right clicking the contract itself and choosing "Export Contract" from the right click context menu. The current implementation of needing to right click the Contract folder hierarchy to export a contract is not intuitive. |
4.2(3j) and later |
|
For strict security requirements, customers require custom certificates that have RSA key lengths of 3072 and 4096. |
4.2(3j) and later |
|
This is an enhancement to allow for text-based banners for the Cisco APIC GUI login screen. |
4.2(3j) and later |
|
When a VRF table is configured to receive leaked external routes from multiple VRF tables, the Shared Route Control scope to specify the external routes to leak will be applied to all VRF tables. This results in an unintended external route leaking. This is an enhancement to ensure the Shared Route Control scope in each VRF table should be used to leak external routes only from the given VRF table. |
4.2(3j) and later |
|
The connectivity filter configuration of an access policy group is deprecated and should be removed from GUI. |
4.2(3j) and later |
|
The action named 'Launch SSH' is disabled when a user with read-only access logs into the Cisco APIC. |
4.2(3j) and later |
|
This is an enhancement request to add policy group information to the properties page of physical interfaces. |
4.2(3j) and later |
|
Support for local user (admin) maximum tries and login delay configuration. |
4.2(3j) and later |
|
The Cisco APIC setup script will not accept an ID outside of the range of 1 through 12, and the Cisco APIC cannot be added to that pod. This issue will be seen in a multi-pod setup when trying add a Cisco APIC to a pod ID that is not between 1 through 12. |
4.2(3j) and later |
|
Error "mac.add.ress not a valid MAC or IP address or VM name" is seen when searching the EP Tracker. |
4.2(3j) and later |
|
Fault delegates are raised on the Cisco APIC, but the original fault instance is already gone because the affected node has been removed from the fabric. |
4.2(3j) and later |
|
Post reload, the IGMP snooping table is not populated even when the IGMP report is sent by the receiver. |
4.2(3j) and later |
|
A leaf switch gets upgraded when a previously-configured maintenance policy is triggered. |
4.2(3j) and later |
|
New port groups in VMware vCenter may be delayed when pushed from the Cisco APIC. |
4.2(3j) and later |
|
Description fields are not available for resource pools (VLAN, VSAN, Mcast, VXLAN etc). |
4.2(3j) and later |
|
The application EPG or the corresponding bridge domain's public subnet may be advertised out of an L3Out in another VRF instance without a contract with the L3Out under certain conditions. |
4.2(3j) and later |
|
In a RedHat OpenStack platform deployment running the Cisco ACI Unified Neutron ML2 Plugin and with the CompHosts running OVS in VLAN mode, when toggling the resolution immediacy on the EPG<->VMM domain association (fvRsDomAtt.resImedcy) from Pre-Provision to On-Demand, the encap VLANs (vlanCktEp mo's) are NOT programmed on the leaf switches. This problem surfaces sporadically, meaning that it might take several resImedcy toggles between PreProv and OnDemand to reproduce the issue. |
4.2(3j) and later |
|
Disabling dataplane learning is only required to support a policy-based redirect (PBR) use case on pre-"EX" leaf switches. There are few other reasons otherwise this feature should be disabled. There currently is no confirmation/warning of the potential impact that can be caused by disabling dataplane learning. |
4.2(3j) and later |
|
A previously-working traffic is policy dropped after the subject is modified to have the "no stats" directive. |
4.2(3j) and later |
|
This is an enhancement request for allowing DVS MTU to be configured from a VMM domain policy and be independent of fabricMTU. |
4.2(3j) and later |
|
Currently, under Fabric > Inventory > Pod > Leaf Switch > General, the memory usage takes in consideration the MemFree field rather than the MemAvailable, which would be a more accurate representation of the usable memory in the system. |
4.2(3j) and later |
|
There is an event manager process crash. |
4.2(3j) and later |
|
Fault alarms get generated at a higher rate with a lower threshold. There is no functional impact. |
4.2(3j) and later |
|
The Cisco APIC GUI produces the following error messages when opening an EPG policy: Received Invalid Json String. The server returned an unintelligible response.This issue might affect backup/restore functionality. |
4.2(3j) and later |
|
When configuring local SPAN in access mode using the GUI or CLI and then running the "show running-config monitor access session<session>" command, the output does not include all source span interfaces. |
4.2(3j) and later |
|
When a Cisco ACI fabric upgrade is triggered and a scheduler is created and associated to the maintenance group, the scheduler will remain associated to the maintenance group. If the version is changed in the maintenance group, it will trigger the upgrade. This enhancement is to avoid unwanted fabric upgrades. Post-upgrade, the association of the scheduler should be removed from the maintenance group after the node upgrade reaches 100%. |
4.2(3j) and later |
|
A leaf switch port flaps without raising a warning. |
4.2(3j) and later |
|
The API query /api/class/compCtrlr.json?rsp-subtree=full? returns a malformed JSON file. |
4.2(3j) and later |
|
There should be a description field in the subnet IP address tables. |
4.2(3j) and later |
|
When a user logs into the Cisco APIC GUI and selects the SAL login domain, the authorization fails and the user gets thrown back to the initial login screen. The Cisco APIC NGINX logs show a failure to parse the AVPair value that is sent back by the SAML IDP. When checking the AVPair value returned by the Okta SAML IDP "<inRole value="shell:domains=all//read-all"/>", the value seems to have correct syntax. |
4.2(3j) and later |
|
There is a minor memory leak in svc_ifc_policydist when performing various tenant configuration removals and additions. |
4.2(3j) and later |
|
This bug is an enhacement to add an option to configure an interface description for subport blocks in the Cisco APIC GUI. |
4.2(3j) and later |
|
While configuring a logical node profile in any L3Out, the static routes do not have a description. |
4.2(3j) and later |
|
Cisco ACI UCSM integration does not work as expected. The Cisco APIC cannot discover a loose node UCS Fabric interconnect 6400 series when it is connected to the Cisco ACI fabric with a 100G interface. |
4.2(3j) and later |
|
Dynamic VLANs are programmed on interfaces that are not associated to the VLAN pool/AEP. This behaviour is seen when a UCS Fabric Interconnect blade switch has multiple uplinks to the fabric. Although some of those uplinks are mapped to a different AEP and the is EPG set for pre-provision, dynamic EPGs still are reported for that EPG. |
4.2(3j) and later |
|
This is an enhancement to add columns in "Fabric > Inventory> Fabric Membership" to show BGP Route Reflectors for within pod and across pods (external BGP RR). |
4.2(3j) and later |
|
After exiting Maintenance (GIR) mode, the switch reloads automatically after 5 minutes without warning.This enhancement will provide messaging in the GUI to indicate that the reload is expected. |
4.2(3j) and later |
|
After removing and re-applying the IP SLA monitoring policy on a PBR policy, tracking does not work correctly. |
4.2(3j) and later |
|
L3Out encapsulated routed interfaces and routed interfaces do not have any monitoring policy attached to them. As a result, there is no option to change the threshold values of the faults that occur due to these interfaces. |
4.2(3j) and later |
|
Upgrading to the 4.2(1i) release, Layer 3 packet drops are no longer seen, but Layer 3 drop flows are still seen. However, Layer 3 drop flows do not give as much information. |
4.2(3j) and later |
|
Fibre Channel conversion is allowed on an unsupported switch. The only switch that supports Fibre Channel conversion is the Cisco N9K-C93180YC-FX. |
4.2(3j) and later |
|
The GUI does not provide a "Revert" option for interfaces that are converted to Fibre Channel. |
4.2(3j) and later |
|
An app does not get fully removed from all Cisco APICs. |
4.2(3j) and later |
|
An endpoint is unreachable from the leaf node because the static pervasive route (toward the remote bridge domain subnet) is missing. |
4.2(3j) and later |
|
A native VLAN for a VMM domain does not work if resolution immediacy is set to pre-provision. In this case, the untag policy is pushed to VMware vCenter and a port group is created (this is expected). However, the policy is programed as trunk on switch side, which prevents the ESXi vmkernal and switch from communicating. |
4.2(3j) and later |
|
Randomly, the Cisco APIC GUI alert list shows an incorrect license expiry time.Sometimes it is correct, while at others times it is incorrect. |
4.2(3j) and later |
|
If pre-provision is not in place, there can be a complete outage to VMM integrated endpoints. If the host discovery is not successful, the policy will not be dynamically pushed to the leaf switches because virtual machines are attached. |
4.2(3j) and later |
|
RADIUS authentication cannot be configured from the Cisco APIC GUI. |
4.2(3j) and later |
|
An SNMP v3 trap is sent 2 minutes after a PSU is removed from the Cisco APIC, and a core file for the eventmgr is generated. |
4.2(3j) and later |
|
For a DVS with a controller, if another controller is created in that DVS using the same host name, the following fault gets generated: "hostname or IP address conflicts same controller creating controller with same name DVS". |
4.2(3j) and later |
|
The Cisco APIC GUI hangs on a loading screen when trying to configure interfaces policies from the following location: Fabric -> Inventory -> Pod -> Leaf switch -> Interface tab -> Configuration mode. |
4.2(3j) and later |
|
When logging into the Cisco APIC using "apic#fallback\\user", the "Error: list index out of range" log message displays and the lastlogin command fails. There is no operational impact. |
4.2(3j) and later |
|
A Cisco ACI Virtual Edge host configured with Protective HA on the cluster might not come out of Quarantine mode. |
4.2(3j) and later |
|
In a Fabric Interconnect topology, a vPC may not be detected by the OpflexAgent on a HyperV host. |
4.2(3j) and later |
|
App techsupport collection does not work sometimes when triggered from the Cisco APIC GUI. |
4.2(3j) and later |
|
In Cisco ACI Virtual Edge, there are faults related to VMNICs. On the Cisco ACI Virtual Edge domain, there are faults related to the HpNic, such as "Fault F2843 reported for AVE | Uplink portgroup marked as invalid". |
4.2(3j) and later |
|
Host subnets (/32) that are created under an SCVMM-integrated EPG get pushed as a virtual machine subnet under the virtual machine network in SCVMM. Virtual machine networks on SCVMM do not support /32 virtual machine subnets and fail to come up. Virtual machines that were previously associated to the virtual machine networks lose connectivity. |
4.2(3j) and later |
|
A leaf switch crashes with the following reason: Reason: reset-triggered-due-to-ha-policy-of-reset Service:vleaf_elem hap reset |
4.2(3j) and later |
|
Configuration rollback fails with the following error: VRF Validation failed for VRF = : - ARP policy default in uni/tn-Prod/out-PROD_L3OUT/Inodep - L3OUT_PROD_LEAF103/lifp-PROD_L3OUT_INTERFACE/rsArplfPol is currently not supported on the interface |
4.2(3j) and later |
|
An admin read-only user can not see the System Settings tab in the Cisco APIC GUI. |
4.2(3j) and later |
|
The plgnhandler process crashes on the Cisco APIC, which causes the cluster to enter a data layer partially diverged state. |
4.2(3j) and later |
|
When physical domains and external routed domains are attached to a security domain, these domains are mapped as associated tenants instead of associated objects under Admin > AAA > security management > Security domains. |
4.2(3j) and later |
|
Special characters are not allowed in the GUI for the SNMP community string, but you can still post a configuration that has special characters in the string by using the REST API. |
4.2(3j) and later |
|
Cisco Application Policy Infrastructure Controller (APIC) includes a version of SQLite that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:CVE-2019-5018This bug was opened to address the potential impact on this product. |
4.2(3j) and later |
|
When the PSU is powered off, a fault indicates that it is in a failed state. |
4.2(3j) and later |
|
Creating a new interface policy group with a different LACP policy or LLDP/CDP policy results in changes in the VMM vSwitch policy of the AEP, which brings down the DVS. |
4.2(3j) and later |
|
In the Cisco APIC GUI, go to Admin->Firmware->Infrastructure->Nodes. Open an existing update group. While the group loads, the following text appears: "Click on + to add nodes to Node Upgrade Group". The text disappears after the nodes are loaded. The update groups cannot be edited (there is no "+" or "trash" symbol). |
4.2(3j) and later |
|
OpenStack supports more named IP protocols for service graph rules than are supported in the Cisco APIC OpenStack Plug-in. |
4.2(3j) and later |
|
A Cisco APIC-generated CSR contains the "unstructuredName" field, which does not work with some CA certificates. |
4.2(3j) and later |
|
When togging between "Configured and Operational" under Tenants >Tenant_name > Contracts > Contract_name > Topology, contract lines are not visible when the toggle is on operational mode even though contracts are still operational. |
4.2(3j) and later |
|
Clicking on Fabric --> Access Policies --> Interfaces --> Leaf Interfaces --> Profiles --> <any_profile> --> "Show Usage" --> "Nodes using this policy" --> "Usage details of node" results in logging off the user and freezing the GUI screen. |
4.2(3j) and later |
|
A Cisco ACI leaf switch does not have MP-BGP route reflector peers in the output of "show bgp session vrf overlay-1". As a result, the switch is not able to install dynamic routes that are normally advertised by MP-BGP route reflectors. However, the spine switch route reflectors are configured in the affected leaf switch's pod, and pod policies have been correctly defined to deploy the route reflectors to the leaf switch. Additionally, the bgpPeer managed objects are missing from the leaf switch's local MIT. |
4.2(3j) and later |
|
This is an enhancement request for schedule-based Tech Support for leaf and spine switches. |
4.2(3j) and later |
|
In a GOLF configuration, when an L3Out is deleted, the bridge domains stop getting advertised to the GOLF router even though another L3Out is still active. |
4.2(3j) and later |
|
The Name column of the the output of the "show zoning-rule" CLI command that is executed on a leaf switch running a 14.x release does not populate all of the expected contracts names. This issue makes it difficult to identify which rule ID is associated to which contract from the "show zoning-rule" command that is executed on a given leaf switch. |
4.2(3j) and later |
|
"*,G" got created in both MRIB and MFDM, is present for nearly 9 minutes, and then got expired. |
4.2(3j) and later |
|
The CLI command "show interface x/x switchport" shows VLANs configured and allowed through a port. However, when going to the GUI under Fabric > Inventory > node_name > Interfaces > Physical Interfaces > Interface x/x > VLANs, the VLANs do not show. |
4.2(3j) and later |
|
When viewing leaf switch interface profiles in access policies, the list cannot be sorted by name or description. |
4.2(3j) and later |
|
The following fault is raised on a Cisco ACI fabric that has VMM/UCS integration: F609530 ([FSM:FAILED]: Send configuration update to External Device Manager Regarding the Dom Def(TASK:ifc:policymgr:ExtdevRsDomDefConfigDomDef). |
4.2(3j) and later |
|
Time zone/local time on a Cisco APIC and switches differ when set to the EET timezone. |
4.2(3j) and later |
|
Selecting the RADIUS login domain from the GUI results in the following error: Error: 400 - unknown property value test, name realm, class aaaConsoleAuth [(Dn0)] Dn0=uni/userext/authrealm/consoleauth, |
4.2(3j) and later |
|
The tmpfs file system that is mounted on /data/log becomes 100% utilized. |
4.2(3j) and later |
|
The SSL Cipher Configuration table is too small. Second row is cut off even when scrolling to the bottom of the table. |
4.2(3j) and later |
|
The policy manager (PM) may crash when use testapi to delete MO from policymgr db. |
4.2(3j) and later |
|
It is difficult to configure interface selectors in the GUI, because "interface policy group" window is too narrow. |
4.2(3j) and later |
|
It is difficult to configure interface selectors, because there is no search option available for the interface policy group window. |
4.2(3j) and later |
|
The Cisco APIC PSU voltage and amperage values are zero. |
4.2(3j) and later |
|
SNMP does not respond to GETs or sending traps on one or more Cisco APICs despite previously working properly. |
4.2(3j) and later |
|
The following example shows UNIX time in the subject header: Subject: Configuration import/export job 2020-01-27T09-00-16 finished with status: success Created: 1580144423366 ContentType: plain/text |
4.2(3j) and later |
|
When navigating to System -> Controllers -> Cluster as Seen by Node for any Cisco APIC, the following error displays: The Request failed due to a server-side error. |
4.2(3j) and later |
|
Fault F3243 will be raised when changing the VMM configuration if the VMM domain has already been associated to the EPG, even though the change is not related to the current configuration. |
4.2(3j) and later |
|
Service Graph rendering fails if a service graph is attached to a unidirectional filter in a contract subject. For example: filter chain for provider to consumer: use service graph with PBR filter chain for consumer to provider: no service graph |
4.2(3j) and later |
|
Cisco APIC apps do not have connectivity using an inband network. |
4.2(3j) and later |
|
If a FEX hardware model is N2K-C2348UPQ-10GE, this FEX does not consume a FEX_48_10G license. |
4.2(3j) and later |
|
You might not be able to log in to a Cisco ACI leaf or spine switch. |
4.2(3j) and later |
|
TACACS external logging is not supported at the tenant level. |
4.2(3j) and later |
|
Hosts that require a DHCP-obtained address (Hyper-V, for example) from the Cisco APIC do not work. Checking the DHCP logs shows the DHCP discovers coming in frequently. |
4.2(3j) and later |
|
The policymgr DME process can crash because of an OOM issue, and there are many pcons.DelRef managed objects in the DB. |
4.2(3j) and later |
|
A Cisco APIC might report high memory utilization when polling through SNMP. |
4.2(3j) and later |
|
Zookeeper creates transactions files when the cluster is converging. During long periods of network unreachability, these files may get created at a more frequent rate, leading to space filling up. |
4.2(3j) and later |
|
The following symptoms are present: - The event manager generates a core - The APIC cluster is in a diverged state - The event manager is not running on APIC 1 and 2 - Service 3 shards are impacted |
4.2(3j) and later |
|
The eventmgr database size may grow to be very large (up to 7GB). With that size, the Cisco APIC upgrade will take 1 hour for the Cisco APIC node that contains the eventmgr database. In rare cases, this could lead to a failed upgrade process, as it times out while working on the large database file of the specified controller. |
4.2(3j) and later |
|
After removing a configuration from Cisco ACI Multi-Site, the fabric nodes started reloading. The "show system reset-reason" command shows the following: Reason: reset-triggered-due-to-ha-policy-of-reset Service:policy_mgr hap reset |
4.2(3j) and later |
|
In a transit L3Out, after adding one new static route (a subnet of a summary route) on a border leaf switch, the OSPF summary route disappears from the route table of the border leaf switch because the route is deleted. |
4.2(3j) and later |
|
VPC protection created in prior to the 2.2(2e) release may not to recover the original virtual IP address after fabric ID recovery. Instead, some of vPC groups get a new vIP allocated, which does not get pushed to the leaf switch. The impact to the dataplane does not come until the leaf switch had a clean reboot/upgrade, because the rebooted leaf switch gets a new virtual IP that is not matched with a vPC peer. As a result, both sides bring down the virtual port channels, then the hosts behind the vPC become unreachable. |
4.2(3j) and later |
|
Updating the interface policy group breaks LACP if eLACP is enabled on a VMM domain. If eLACP was enabled on the domain, Creating, updating, or removing an interface policy group with the VMM AEP deletes the basic LACP that is used by the domain. |
4.2(3j) and later |
|
When shuting down a leaf switch interface that is connected a Cisco APIC node, even if the Cisco APIC interface shows as down, the status in the GUI is not changed. You can view the interface status by going to: Admin > Controllers > APIC > controller-APIC |
4.2(3j) and later |
|
Fault F1527 is raised when the /data/log directory is over 75% full. The /data/log directory contains a large amount of gzipped 21M svc_ifc_licensemgr.bin.warnplus.log files. The /data/log directory does not reach 80% or 90% full. |
4.2(3j) and later |
|
Fault F0135 is raised when using an AVE VMM domain, stating "Unsupported remote operation detected on EPG: detected in controller: controller-ip with name controller-name in datacenter dc-name in domain vmm-domain-name, error [VLAN is set to none for port group on vcenter but untagged access is not enabled for EPG]" |
4.2(3j) and later |
|
A switch entered into a bootloop and an upgrade is triggered multiple times if the maintenance policy is pushed with a REST API call that has the incorrect version. |
4.2(3j) and later |
|
The VMM endpoint data plane verification function does not work well when a blade switch is in the middle. This might cause an unexpected DVS detach, or the VMM EPG VLAN might be removed on the leaf switch interface. |
4.2(3j) and later |
|
When migrating an EPG from one VRF table to a new VRF table, and the EPG keeps the contract relation with other EPGs in the original VRF table. Some bridge domain subnets in the original VRF table get leaked to the new VRF table due to the contract relation, even though the contract does not have the global scope and the bridge domain subnet is not configured as shared between VRF tables. The leaked static route is not deleted even if the contract relation is removed. |
4.2(3j) and later |
|
For Cisco APIC, snmpwalk/get returns unexpected values for object cpmCPUMemoryUsed and cpmCPUMemoryUsed. |
4.2(3j) and later |
|
The login history of local users is not updated in Admin > AAA > Users > (double click on local user) Operational > Session. |
4.2(3j) and later |
|
- Leaf or spine switch is stuck in 'downloading-boot-script' status. The node never fully registers and does not become active in the fabric. - You can check the status by running 'cat /mit/sys/summary | grep state' on the CLI of the spine or leaf switch: If the state is set to 'downloading-boot-script' for a long period of time (> 5 minutes) you may be running into this issue. - Checking the policy element logs on the spine or leaf switch will confirm if the bootscript file cannot be found on the Cisco APIC: 1. Change directory to /var/log/dme/log. 2. Grep all svc_ifc_policyelem.log files for "downloadUrl - failed, error=HTTP response code said error" If you see this error message, check to make sure all Cisco APICs have the node bootscript files located in /firmware/fwrepos/fwrepo/boot. |
4.2(3j) and later |
|
When using the Internet Explore browser, there is console error. This error will break some pages under Fabric -> Inventory -> [ANY POD] -> [ANY LEAF] / [ANY SPINE] -> Interfaces -> Physical, PC, VPC, FC, FC PC. |
4.2(3j) and later |
|
The 'Primary VLAN for Micro-Seg' field does not show without putting a check in the Allow Micro-Segmentation check box. |
4.2(3j) and later |
|
In the Cisco APIC GUI, after removing the Fabric Policy Group from "System > Controllers > Controller Policies > show usage", the option to select the policy disappears, and there is no way in the GUI to re-add the policy. |
4.2(3j) and later |
|
After VMware vCenter generates a huge amount of events and after the eventId increments beyond 0xFFFFFFFF, the Cisco APIC VMM manager service may start ignoring the newest event if the eventId is lower than the last biggest event ID that Cisco APIC received. As a result, the changes to virtual distributed switch or AVE would not reflect to the Cisco APIC, causing required policies to not get pushed to the Cisco ACI leaf switch. For AVE, missing those events could put the port in the WAIT_ATTACH_ACK status. |
4.2(3j) and later |
|
A Cisco ACI Virtual Edge EPG is not programmed on a port channel toward the blade switch after it is deleted and recreated. |
4.2(3j) and later |
|
After creating a BGP-peer connectivity profile with the loopback option (no presence loopback on L3Out node) in a vPC setup, the BGP session is getting established with a secondary IP address. |
4.2(3j) and later |
|
SSD lifetime can be exhausted prematurely if unused Standby slot exists |
4.2(3j) and later |
|
- After decommissioning a fabric node, it is not displayed in the maintenance group configuration anymore. - Due to the lingering configuration pointing to the decommissioned node, F1300 gets raised with the description: "A Fabric Node Group (fabricNodeGrp) configuration was not deployed on the fabric node <#> because: Node Not Registered for Node Group Policies" - The dn mentioned in the fault will point to a maintenance group (maintgrp). |
4.2(3j) and later |
|
A TEP endpoint can expire on the leaf switch if the host does not respond on a unicast ARP refresh packet initiated by the leaf switch. |
4.2(3j) and later |
|
The per feature container for techsupport "objectstore_debug_info" fails to collect on spines due to invalid filepath. Given filepath: more /debug/leaf/nginx/objstore*/mo | cat Correct filepath: more /debug/spine/nginx/objstore*/mo | cat TAC uses this file/data to collect information about excessive DME writes. |
4.2(3j) and later |
|
Deploy the TACACS server for in-band management. When adding or modifying the TACACS+ provider key, the Cisco APIC can be reached only through SSH and the login fails on the fabric. After deleting the provider entry and reconfiguring, the fabric can be logged into. |
4.2(3j) and later |
|
AAEP gets deleted while changing some other policy in the policy group. This only happens when using Firefox and changing a value in the leaf access port policy group. The issue is not seen when using other browsers. |
4.2(3j) and later |
|
The MD5 checksum for the downloaded Cisco APIC images is not verified before adding it to the image repository. |
4.2(3j) and later |
|
Traffic from newly added subnet(s) is allowed on one or more Cisco APIC(s) and blocked on the other one or more Cisco APIC(s). As Ext Mgmt NW Inst Prof Subnets are applied/programmed on all Cisco APICs, traffic should work on all Cisco APICs. |
4.2(3j) and later |
|
There is a message in the Cisco APIC GUI saying that vleaf_elem has restarted several times and may not have recovered, and there are core files of the vleaf_elem process. |
4.2(3j) and later |
|
A switch entered into a bootloop and an upgrade is triggered multiple times if the maintenance policy is pushed with a REST API call that has the incorrect version. |
4.2(3j) and later |
|
Inside the /firmware/fwrepos/fwrepo/boot directory, there is a Node-0 bootscript that seemingly points to a random leaf SN, depending on the Cisco APIC from which you're viewing the directory. |
4.2(3j) and later |
|
The Smart Licensing GUI page fails to load due to the JavaScript function erroring out while trying to parse an invalid LicenseManager object. The JavaScript error can be seen in the browser developer tools - console logs. |
4.2(3j) and later |
|
AVE is not getting the VTEP IP address from the Cisco APIC. The logs show a "pending pool" and "no free leases". |
4.2(3j) and later |
|
Fabric > Inventory > Topology > Topology shows the wrong Cisco APIC counts (Active + Standby) in different pods. |
4.2(3j) and later |
|
Protocol information is not shown in the GUI when a VRF table from the common tenant is being used in any user tenant. |
4.2(3j) and later |
|
When the productSpec of a DVS is changed from Cisco Systems to Vmware Inc as a workaround for bug CSCvr86180, if the VMware vCenter is reloaded after that point, that will result in a change of the object type at the VMware vCenter (DistributedVirtualSwitch to VmwareDistributedVirtualSwitch). That has the effect of the Cisco APIC deleting the hvsLNode the next time it pulls inventory from the VMware vCenter after the VMware vCenter comes back up. When the productSpec is switched back to Cisco Systems, a new hvsLNode is created with most of the fields left as uninitialized, which raises faults on the DVS. Lnode(DVS) gets deleted on the external VMM controller and the MTU on the DVS is different than the MTU in the policy. This is a cosmetic issue. There is no functionality impact. |
4.2(3j) and later |
|
APIC ->System- >Controller -> topology displays that APIC2 is connected to both pod1 and pod2 |
4.2(3j) and later |
|
The following error is encountered when accessing the Infrastructure page in the ACI vCenter plugin after inputting vCenter credentials. "The Automation SDK is not authenticated" VMware vCenter plug-in is installed using powerCLI. The following log entry is also seen in vsphere_client_virgo.log on the VMware vCenter: /var/log/vmware/vsphere-client/log/vsphere_client_virgo.log [ERROR] http-bio-9090-exec-3314 com.cisco.aciPluginServices.core.Operation sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed |
4.2(3j) and later |
|
VMware vCenter is offline according to the Cisco APIC. The Cisco APIC is unable to push port groups into VMware vCenter. The leader Cisco APIC for VMware vCenter connections shows as disconnected. There are faults on the VMM domain related to incorrect credentials, but the credentials are actually correct. The same credentials can be used to log in to the VMware vCenter GUI successfully. The "administrator@vsphere.local" account does not work either, so permissions should not be a problem. |
4.2(3j) and later |
|
Associating an EPG to a FEX interface from Fabric->Inventory->Pod1->leaf->interface in the Cisco APIC GUI creates an unexpected tDn. As a side effect, this type of static EPG association will cause the following error if you use Cisco APIC CLI to verify the leaf node configuration: Error while processing mode: configure Error: Key [eh101/1/218] is in FEX format, we expect in extpath format |
4.2(3j) and later |
|
A tunnel endpoint doesn't receive a DHCP lease. This occurs with a newly deployed or upgraded Cisco ACI Virtual Edge. |
4.2(3j) and later |
|
When trying to assign a description to a FEX downlink/host port using the Config tab in the Cisco APIC GUI, the description will get applied to the GUI, but it will not propagate to the actual interface when queried using the CLI or GUI. |
4.2(3j) and later |
|
When changing the SNMP policy from policy1 to policy2 and if policy2 has the same SNMP v3 user configured with a different authentication key, the pod policy reports fault F2194 for all switches. The Cisco APICs in the cluster will accept the new policy; however, the switches in the fabric will not and will continue using the older policy1. |
4.2(3j) and later |
|
Cisco APIC accepts the "_" (underscore) symbol as delimiter for VMware VMM Domain Association, even though it is not a supported symbol. This is an enhancement request to implement a check in the Cisco APIC GUI to not accept "_". |
4.2(3j) and later |
|
A new APIC-L3 or M3 server will not be able to complete fabric discovery. LLDP, "acidiag verifyapic," and other general checks will not exhibit a problem. When you check the appliancedirector logs of a Cisco APIC within the cluster to which you are trying to add the affected controller, there will be messages indicating that the rejection is happening due to being unable to parse the certificate subject. |
4.2(3j) and later |
|
For an EPG containing a static leaf node configuration, the Cisco APIC GUI returns the following error when clicking the health of Fabric Location: Invalid DN topology/pod-X/node-Y/local/svc-policyelem-id-0/ObservedEthIf, wrong rn prefix ObservedEthIf at position 63 |
4.2(3j) and later |
|
When creating a VMware VMM domain and specifying a custom delimiter using the character _ (underscore), it is rejected, even though the help page says it is an acceptable character. |
4.2(3j) and later |
|
TACACS+ users are unable to login to a Cisco APIC when an AV pair is in use with a dot '.' character in the domain portion. Users may be able to login with minimal permissions if the "Remote user login policy" allows it. The following example shows an AV pair that causes the issue: shell:domains = aci.domain/admin/ Additionally, NGINX logs on the Cisco APIC show the following log line: 23392||2020-06-16T21:04:56.534944300+00:00||aaa||INFO||||Failed to parse AVPair string (shell:domains = aci.domain/admin/) into required data components - error was Invalid shell:domains string (shell:domains = aci.domain/admin/) received from AAA server||../svc/extXMLApi/src/gen/ifc/app/./pam/PamRequest.cc||813 This log can be found at /var/log/dme/log/nginx.bin.log on the Cisco APIC. |
4.2(3j) and later |
|
This product includes a version of Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2020-11022 This bug was opened to address the potential impact on this product. |
4.2(3j) and later |
|
When using the Visibility & Troubleshooting tool for the reachability of two endpoints, there are errors such as "Bad Gateway" and "The server is temporarily busy due to a higher than usual request volume. Please try again later." |
4.2(3j) and later |
|
A prefix with an aggregate entry gets removed from Cisco APIC when downgrading the Cisco APIC from 4.2(5) to an earlier release. Due to this, the route map does not get created on the switches, and so routes are not advertised externally. |
4.2(3j) and later |
|
There is a BootMgr memory leak on a standby Cisco APIC. If the BootMgr process crashes due to being out of memory, it continues to crash, but system will not be rebooted. After the standby Cisco APIC is rebooted by hand, such as by power cycling the host using CIMC, the login prompt of the Cisco APIC will be changed to localhost and you will not be able to log into the standby Cisco APIC. |
4.2(3j) and later |
|
The policy-mgr crashes on multiple Cisco APICs during an upgrade. |
4.2(3j) and later |
|
The data in the Cisco APIC database may get deleted during an upgrade from a 3.0 or 3.1 release to a 4.0 or 4.1 release if the target release is rolled back to current running release within 2 minutes after the upgrade was started. The upgrade will continue anyway, but the Cisco APIC will lose all data in the database and a user with admin credentials cannot log in. Only the rescue-user/admin can log in. All shards for a process show as unexpected, and the database files are removed. The last working pre-upgrade database files are copied to the purgatory directory. |
4.2(3j) and later |
|
The Cisco APIC does not allow an upgrade to be cancelled. Rolling back the target version after an upgrade is started does not stop the upgrade and may cause Cisco APIC database loss. This enhancement is filed to block a Cisco APIC target version change unless the following conditions are met: |
4.2(3j) and later |
|
After a delete/add of a Cisco ACI-managed DVS, dynamic paths are not programmed on the leaf switch and the compRsDlPol managed object has a missing target. The tDn property references the old DVS OID instead of the latest value.# moquery -c compRsDlPol |
4.2(3j) and later |
|
A bridge domain subnet is explicitly marked as public. The same EPG subnet has the shared flag enabled and has an implicit private scope. The private scope should take precedence over the public scope and should not get advertised. However, the bridge domain subnet does get advertised through the L3Out. |
4.2(3j) and later |
|
The configuration of a bridge domain subnet scope as "public" and an EPG scope as "private" should not be allowed. |
4.2(3j) and later |
|
EIGRP summary routes are not advertised from one of the many interfaces under same interface profile. |
4.2(3j) and later |
|
Port-groups named "||" may be created in VMware vCenter when a vmmEpPD MO (VMM port group) is not present when the l3extRsDynPathAtt (L3Out dynamic attachment) associated with a vmmDom is deleted. L3Out dynamic attachments in VMM are created when the floating SVI feature is implemented on the L3Outs. |
4.2(3j) and later |
|
A leaf switch reloads due to an out-of-memory condition after changing the contract scope to global. |
4.2(3j) and later |
|
A standby Cisco APIC doesn't upgrade during a Cisco APIC cluster upgrade and raises fault F1824. |
4.2(3j) and later |
|
Some configuration is missing on a switch node due to the corresponding policies not being pushed to the switch from the Cisco APIC. This may manifest as a vast variety of symptoms depending on which particular policies weren't pushed. |
4.2(3j) and later |
|
If a Cisco APIC is accidentally powered off while the initial setup script running, the initial setup will not start at next boot time. The previous admin password can be used to log in, and the Cisco APIC boots with the last running configuration. |
4.2(3j) and later |
|
+ ACI reports fault F1419. |
4.2(3j) and later |
|
Traffic loss is observed from multiple endpoints deployed on two different vPC leaf switches. |
4.2(3j) and later |
|
If a service graph gets attached to the inter-VRF contract after it was already attached to the intra-VRF contract, the pctag for the shadow EPG gets reprogrammed with a global value. The zoning-rule entries that matched the previous pctag as the source and EPG1 and EPG2 as the destination do not get reprogrammed and they remain in a stale status in the table. Traffic between EPG1 and EPG2 gets broken as the packets flowing from the PBR get classified with the new global pctag. |
4.2(3j) and later |
|
For a Cisco ACI fabric that is configured with fabricId=1, if APIC3 is replaced from scratch with an incorrect fabricId of "2," APIC3's DHCPd will set the nodeRole property to "0" (unsupported) for all dhcpClient managed objects. This will be propagated to the appliance director process for all of the Cisco APICs. The process then stops sending the AV/FNV update for any unknown switch types (switches that are not spine nor leaf switches). In this scenario, commissioning/decommissioning of the Cisco APICs will not be propagated to the switches, which causes new Cisco APICs to be blocked out of the fabric. |
4.2(3j) and later |
|
Preconfiguration validations for L3Outs that occur whenever a new configuration is pushed to the Cisco APIC might not get triggered. |
4.2(3j) and later |
Click the bug ID to access the Bug Search Tool and see additional information about the bug. The "Fixed In" column of the table specifies whether the bug was resolved in the base release or a patch release.
Description |
Fixed in |
|
For a client (browser or ssh client) that is using IPv6, the Cisco APIC aaaSessionLR audit log shows "0.0.0.0" or some bogus value. |
4.2(3q) |
|
When you run the 'show vpc map' command in the APIC CLI, it only prints the column headers, but none of the vPC information. If you go to the leaf switch CLI and run the 'show vpc extended' command, it will show the vPCs there. |
4.2(3q) |
|
The AVS opflexODev managed object causes early SSD wearout on a switch. This issue has the following symptoms: 1. The SSD of a switch fails in less than two years and needs replacement. 2. The /mnt/pss/ssd_log_amp.log file shows daily P/E cycles that increase by 10+ each day. 3. The following fault is raised on the switch: "F3525: High SSD usage observed. Please check switch activity and contact Cisco Technical Support about high SSD usage." |
4.2(3q) |
|
This is an enhancement to include the managed object class name and isPersisted attribute in DME log line. |
4.2(3q) |
|
There is a VMM crash with floating L3Outs. |
4.2(3q) |
|
The stats for a given leaf switch rule cannot be viewed if a rule is double-clicked. |
4.2(3j) |
|
When authenticating with the Cisco APIC using ISE (TACACS), all logins over 31 characters fail. |
4.2(3j) |
|
The health status of DHCP was not updated after a leaf switch upgrade for some of the leaf switches. |
4.2(3j) |
|
There is no record of who acknowledged a fault in the Cisco APIC, nor when the acknowledgement occurred. |
4.2(3j) |
|
A port group cannot be renamed. This is an enhancement request to enable the renaming of port groups. |
4.2(3j) |
|
Inventory pull operations or VMware vCenter updates are delayed. |
4.2(3j) |
|
Configuration import fails due to a Global AES encryption key mismatch for pimIfPol. |
4.2(3j) |
|
F0467 fault is present on the infra overlay L3Out when the domain is not associated correctly. However, this fault should not be raised on infra overlay L3Out even when the domain association is incorrect. |
4.2(3j) |
|
When making a configuration change to an L3Out (such as contract removal or addition), the BGP peer flaps or the bgpPeerP object is deleted from the leaf switch. In the leaf switch policy-element traces, 'isClassic = 0, wasClassic =1' is set post-update from the Cisco APIC. |
4.2(3j) |
|
Plugin-handler triggers pre-remove the lifecycle hook for a scale-out app that is being removed. It keeps checking the status of pre-remove lifecycle hook using a Kron API, but if Kron is down, the plugin-handler waits for Kron to come back in the same transaction. This can cause the APIC cluster to diverge. |
4.2(3j) |
|
A service cannot be reached by using the APIC out-of-band management that exists within the 172.17.0.0/16 sub-net. This enhancement request implements the GUI option to change the Docker0 IP address. Bug CSCve84297 implements REST API way to change it. |
4.2(3j) |
|
There is a stale F2736 fault after configuring in-band IP addresses with the out-of-band IP addresses for the Cisco APIC. |
4.2(3j) |
|
When the VRF instance of both of the service device bridge domains is changed, the svcredirHealthGrp managed objects in the switch may not be created for the new VRF instance. As a result traffic will get impacted and there will be faults raised in the switch and in the APIC at the tenant level. |
4.2(3j) |
|
vmmPLInf objects are created with epgKey's and DN's that have truncated EPG names ( truncated at "."). |
4.2(3j) |
|
A static subnet can be configured under an EPG even if the EPG is a part of bridge domain that already is associated with another static subnet, and the subnet space is the same as or is a super range of the subnet space of the EPG. Therefore, there can be situations where both the bridge domain and associated EPG have the same subnets, or he EPG's subnet can be part of the bridge domain subnet at the same time. |
4.2(3j) |
|
Descending option will not work for the Static Ports table. Even when the user clicks descending, the sort defaults to ascending. |
4.2(3j) |
|
When using AVE with Cisco APIC, fault F0214 gets raised, but there is no noticeable impact on AVE operation: descr: Fault delegate: Operational issues detected for OpFlex device: ..., error: [Inventory not available on the node at this time] |
4.2(3j) |
|
Policies may take a long time (over 10 minutes) to get programmed on the leaf switches. In addition, the APIC pulls inventory from the VMware vCenter repeatedly, instead of following the usual 24 hour interval. |
4.2(3j) |
|
While configuring a node in band address using a wizard, or while configuring a subnet under the bridge domain (tenant > BD > Subnet), if "x.x.x.0/subnet" is chosen as the range, the following message displays: Incorrect message " Error 400 - Broadcast IP x.x.x.0/subnet" during inband config |
4.2(3j) |
|
When there are standby APICs in the fabric, the "show controller" command will take time to process the command. |
4.2(3j) |
|
In some circumstances, fault F1188 is generated. This fault is cosmetic. |
4.2(3j) |
|
If the current VMware vCenter crashes and is not recoverable, then a new VMware vCenter with an identical configuration is built, the Cisco APIC pushes the DVS and Quarantine port-groups. However, the APIC does not push the EPG port group. |
4.2(3j) |
|
The Cisco ACI Simulator version 4.2 gets stuck at the "installing the APIC software, this may take a few minutes...." screen and the installation does not proceed. |
4.2(3j) |
|
Fault: F3060 "license-manager-license-authorization-expired" is raised although "show license status" shows the REGISTERED status and the license authorization shows AUTHORIZED. |
4.2(3j) |
|
The admin password of ACI fabric is initially configured using the setup-script during the APIC node initialization, for example pw1. After that, customer may choose to change the admin password to a new one such as pw2. The new password pw2 is not preserved in the event of a database clean-up, which causes pw1 to be required for after a clean reload. The impact to the operation team is that they may not always document the very first Cisco APIC password, hence they will not be able to login to the Cisco APIC again due to forgetting the original admin password if the Cisco APIC had to be clean reloaded. |
4.2(3j) |
|
Cisco ACI plugin containers do not get updated. |
4.2(3j) |
|
When configuring a vzAny contract (regardless of the details) as a "Provided" contract, the command "show vrf XYZ detail" executed directly in the APIC CLI will display it as "Consumed", and if configured as "Consumed", it will show it as "Provided". |
4.2(3j) |
|
vPod deployment fails in the VMware vCenter plugin with the following error: "Deploy ACI Virtual Pod - An Error Occured" In the logs (/var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log), the following error can be seen: The following PortGroup could not be resolved |
4.2(3j) |
|
When trying to track an AVE endpoint IP address, running the "show endpoint ip x.x.x.x" command in the Cisco APIC CLI to see the IP address and checking the IP address on the EP endpoint in the GUI shows incorrect or multiple VPC names. |
4.2(3j) |
|
Process vmmmgr crashes while processing a DvsUpgradedEvent from VMware vCenter. |
4.2(3j) |
|
If a Cisco APIC is receiving a large number of DHCP requests with unique client addresses, each request will result in a unique dhcpClient managed object being created on the APIC in the requesting state. Depending on the number of unique requests, these could add up over time and cause the dhcpd process on the APIC to hit scale issues, potentially crashing, although the APIC itself will not crash and the dhcpd process will crash and recover. The dhcpd crashing issue was observed with the dhcpClient managed object count was over 4 million. |
4.2(3j) |
|
An APIC tenant purge fails after the OpenStack project is deleted if the public OpenStack endpoint URL access is blocked from the OpenStack mgmt network. |
4.2(3j) |
|
The scope for host routes should be configurable; however, the option to define the scope is not available. |
4.2(3j) |
|
Active uplinks are removed for a portgroup in VMware vCenter after changing the security settings (macChanges|forgedTransmits) in the "Edit VMM Domain Association" tab under the EPG domain configuration. |
4.2(3j) |
|
Configuring a static endpoint through the Cisco APIC CLI fails with the following error: Error: Unable to process the query, result dataset is too big Command execution failed. |
4.2(3j) |
|
When migrating an AVS VMM domain to Cisco ACI Virtual Edge, the Cisco ACI Virtual Edge that gets deployed is configured in VLAN mode rather than VXLAN Mode. Because of this, you will see faults for the EPGs with the following error message: "No valid encapsulation identifier allocated for the epg" |
4.2(3j) |
|
F2928 "KeyRing Certificate expired" faults raised and do not get cleared. |
4.2(3j) |
|
While using the UCSM plugin/VMM domain, during a vPC link failover test, VLANs from the vNIC template are removed. However, global (uplink) VLANs and the VLAN group remain untouched. In addition, the VMM domain is removed. |
4.2(3j) |
|
An error is raised while building an ACI container image because of a conflict with the /opt/ciscoaci-tripleo-heat-templates/tools/build_openstack_aci_containers.py package. |
4.2(3j) |
|
The vmmmgr process crashes, and the process is unable to restart properly and crashes after every restart. |
4.2(3j) |
|
There is high memory usage by the svc_ifc_ae.bin process (AE service). The AE process uses more than 3 GB and the memory usage constantly increases for the process. Check for "PERF-STATS-LOG" in the svc_ifc_ae.bin.log. If you see a value more than 1000 for "Configs:", then you are hitting this bug. This file is located at /var/log/dme/log. |
4.2(3j) |
Click the Bug ID to access the Bug Search Tool and see additional information about the bug. The "Exists In" column of the table specifies the 4.2(3) releases in which the known behavior exists. A bug might also exist in releases other than the 4.2(3) releases.
Bug ID |
Description |
Exists in |
The "show run leaf|spine <nodeId>" command might produce an error for scaled up configurations. |
4.2(3j) and later |
|
With a uniform distribution of EPs and traffic flows, a fabric module in slot 25 sometimes reports far less than 50% of the traffic compared to the traffic on fabric modules in non-FM25 slots. |
4.2(3j) and later |
|
When you click Restart for the Microsoft System Center Virtual Machine Manager (SCVMM) agent on a scaled-out setup, the service may stop. You can restart the agent by clicking Start. |
4.2(3j) and later |
|
One of the following symptoms occurs: ■ App installation/enable/disable takes a long time and does not complete. ■ Nomad leadership is lost. The output of the acidiag scheduler logs members command contains the following error: Error querying node status: Unexpected response code: 500 (rpc error: No cluster leader) |
4.2(3j) and later |
|
The CRC and stomped CRC error values do not match when seen from the APIC CLI compared to the APIC GUI. This is expected behavior. The GUI values are from the history data, whereas the CLI values are from the current data. |
4.2(3j) and later |
|
Upgrading Cisco APIC from a 3.x release to a 4.x release causes Smart Licensing to lose its registration. Registering Smart Licensing again will clear the fault. |
4.2(3j) and later |
|
In the 4.x and later releases, if a firmware policy is created with different name than the maintenance policy, the firmware policy will be deleted and a new firmware policy gets created with the same name, which causes the upgrade process to fail. |
4.2(3j) and later |
|
N/A |
Beginning in Cisco APIC release 4.1(1), the IP SLA monitor policy validates the IP SLA port value. Because of the validation, when TCP is configured as the IP SLA type, Cisco APIC no longer accepts an IP SLA port value of 0, which was allowed in previous releases. An IP SLA monitor policy from a previous release that has an IP SLA port value of 0 becomes invalid if the Cisco APIC is upgraded to release 4.1(1) or later. This results in a failure for the configuration import or snapshot rollback. |
4.2(3j) and later |
N/A |
If you use the REST API to upgrade an app, you must create a new firmware.OSource to be able to download a new app image. |
4.2(3j) and later |
N/A |
In a multipod configuration, before you make any changes to a spine switch, ensure that there is at least one operationally "up" external link that is participating in the multipod topology. Failure to do so could bring down the multipod connectivity. For more information about multipod, see the Cisco Application Centric Infrastructure Fundamentals document and the Cisco APIC Getting Started Guide. |
4.2(3j) and later |
N/A |
With a non-english SCVMM 2012 R2 or SCVMM 2016 setup and where the virtual machine names are specified in non-english characters, if the host is removed and re-added to the host group, the GUID for all the virtual machines under that host changes. Therefore, if a user has created a micro segmentation endpoint group using "VM name" attribute specifying the GUID of respective virtual machine, then that micro segmentation endpoint group will not work if the host (hosting the virtual machines) is removed and re-added to the host group, as the GUID for all the virtual machines would have changed. This does not happen if the virtual name has name specified in all english characters. |
4.2(3j) and later |
N/A |
A query of a configurable policy that does not have a subscription goes to the policy distributor. However, a query of a configurable policy that has a subscription goes to the policy manager. As a result, if the policy propagation from the policy distributor to the policy manager takes a prolonged amount of time, then in such cases the query with the subscription might not return the policy simply because it has not reached policy manager yet. |
4.2(3j) and later |
N/A |
When there are silent hosts across sites, ARP glean messages might not be forwarded to remote sites if a leaf switch without -EX or a later designation in the product ID happens to be in the transit path and the VRF is deployed on that leaf switch, the switch does not forward the ARP glean packet back into the fabric to reach the remote site. This issue is specific to transit leaf switches without -EX or a later designation in the product ID and does not affect leaf switches that have -EX or a later designation in the product ID. This issue breaks the capability of discovering silent hosts. |
4.2(3j) and later |
This section lists virtualization compatibility information for the Cisco APIC software.
■ For a table that shows the supported virtualization products, see the ACI Virtualization Compatibility Matrix.
■ For information about Cisco APIC compatibility with Cisco UCS Director, see the appropriate Cisco UCS Director Compatibility Matrix document.
■ This release supports the following additional virtualization products:
Product |
Supported Release |
Information Location |
Microsoft Hyper-V |
■ SCVMM 2019 RTM (Build 10.19.1013.0) or newer ■ SCVMM 2016 RTM (Build 4.0.1662.0) or newer ■ SCVMM 2012 R2 with Update Rollup 9 (Build 3.2.8145.0) or newer |
N/A |
VMM Integration and VMware Distributed Virtual Switch (DVS) |
6.5 and 6.7 |
This release supports the following Cisco APIC servers:
Product ID |
Description |
APIC-L1 |
Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports) |
APIC-L2 |
Cisco APIC with large CPU, hard drive, and memory configurations (more than 1000 edge ports) |
APIC-L3 |
Cisco APIC with large CPU, hard drive, and memory configurations (more than 1200 edge ports) |
APIC-M1 |
Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports) |
APIC-M2 |
Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1000 edge ports) |
APIC-M3 |
Cisco APIC with medium-size CPU, hard drive, and memory configurations (up to 1200 edge ports) |
The following list includes general hardware compatibility information:
■ For the supported hardware, see the Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(3).
■ Contracts using matchDscp filters are only supported on switches with "EX" on the end of the switch name. For example, N9K-93108TC-EX.
■ When the fabric node switch (spine or leaf) is out-of-fabric, the environmental sensor values, such as Current Temperature, Power Draw, and Power Consumption, might be reported as "N/A." A status might be reported as "Normal" even when the Current Temperature is "N/A."
■ First generation switches (switches without -EX, -FX, -GX, or a later suffix in the product ID) do not support Contract filters with match type "IPv4" or "IPv6." Only match type "IP" is supported. Because of this, a contract will match both IPv4 and IPv6 traffic when the match type of "IP" is used.
The following table provides compatibility information for specific hardware:
Hardware |
Information |
Cisco UCS M4-based Cisco APIC |
The Cisco UCS M4-based Cisco APIC and previous versions support only the 10G interface. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration. |
Cisco UCS M5-based Cisco APIC |
The Cisco UCS M5-based Cisco APIC supports dual speed 10G and 25G interfaces. Connecting the Cisco APIC to the Cisco ACI fabric requires a same speed interface on the Cisco ACI leaf switch. You cannot connect the Cisco APIC directly to the Cisco N9332PQ ACI leaf switch, unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the Cisco N9332PQ switch auto-negotiates to 10G without requiring any manual configuration. |
N2348UPQ |
To connect the N2348UPQ to Cisco ACI leaf switches, the following options are available: ■ Directly connect the 40G FEX ports on the N2348UPQ to the 40G switch ports on the Cisco ACI leaf switches ■ Break out the 40G FEX ports on the N2348UPQ to 4x10G ports and connect to the 10G ports on all other Cisco ACI leaf switches. Note: A fabric uplink port cannot be used as a FEX fabric port. |
N9K-C9348GC-FXP |
This switch does not read SPROM information if the PSU is in a shut state. You might see an empty string in the Cisco APIC output. |
N9K-C9364C-FX |
Ports 49-64 do not supporFut 1G SFPs with QSA. |
N9K-C9508-FM-E |
The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch. |
N9K-C9508-FM-E2 |
The Cisco N9K-C9508-FM-E2 and N9K-C9508-FM-E fabric modules in the mixed mode configuration are not supported on the same spine switch. The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS switch CLI. |
N9K-C9508-FM-E2 |
This fabric module must be physically removed before downgrading to releases earlier than Cisco APIC 3.0(1). |
N9K-X9736C-FX |
The locator LED enable/disable feature is supported in the GUI and not supported in the Cisco ACI NX-OS Switch CLI. |
N9K-X9736C-FX |
Ports 29 to 36 do not support 1G SFPs with QSA. |
This section lists ASA compatibility information for the Cisco APIC software.
■ This release supports Adaptive Security Appliance (ASA) device package version 1.2.5.5 or later.
■ If you are running a Cisco Adaptive Security Virtual Appliance (ASA) version that is prior to version 9.3(2), you must configure SSL encryption as follows:
(config)# ssl encryption aes128-sha1
This release supports the following products:
Product |
Supported Release |
Cisco NX-OS |
14.2(3) |
Cisco AVS |
5.2(1)SV3(4.10) For more information about the supported AVS releases, see the AVS software compatibility information in the Cisco AVS Release Notes, Release 5.2(1)SV3(4.10). |
Cisco UCS Manager |
2.2(1c) or later is required for the Cisco UCS Fabric Interconnect and other components, including the BIOS, CIMC, and the adapter |
CIMC HUU ISO |
■ 4.2(3e) CIMC HUU ISO (recommended) for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.2(3b) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.2(2a) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3m) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3f) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3d) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(3c) CIMC HUU ISO for UCS C220/C240 M5 (APIC-L3/M3) ■ 4.1(2m) CIMC HUU ISO (recommended) for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(2k) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(2g) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(2b) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 4.1(1g) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) and M5 (APIC-L3/M3) ■ 4.1(1f) CIMC HUU ISO for UCS C220 M4 (APIC-L2/M2) (deferred release) ■ 4.1(1d) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3) ■ 4.1(1c) CIMC HUU ISO for UCS C220 M4 (APIC-L2/M2) ■ 4.0(4e) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3) ■ 4.0(2g) CIMC HUU ISO for UCS C220/C240 M4 and M5 (APIC-L2/M2 and APIC-L3/M3) ■ 4.0(1a) CIMC HUU ISO for UCS C220 M5 (APIC-L3/M3) ■ 3.0(4d) CIMC HUU ISO for UCS C220/C240 M3 and M4 (APIC-L2/M2) ■ 3.0(3f) CIMC HUU ISO for UCS C220/C240 M4 (APIC-L2/M2) ■ 2.0(13i) CIMC HUU ISO ■ 2.0(9c) CIMC HUU ISO ■ 2.0(3i) CIMC HUU ISO |
Network Insights Base, Network Insights Advisor, and Network Insights for Resources |
For the release information, documentation, and download links, see the Cisco Network Insights for Data Center page. For the supported releases, see the Cisco Day-2 Operations Apps Support Matrix. |
■ This release supports the partner packages specified in the L4-L7 Compatibility List Solution Overview document.
■ A known issue exists with the Safari browser and unsigned certificates, which applies when connecting to the Cisco APIC GUI. For more information, see the Cisco APIC Getting Started Guide, Release 4.2(x).
■ For compatibility with OpenStack and Kubernetes distributions, see the Cisco Application Policy Infrastructure Controller Container Plugins Release 4.2(3), Release Notes.
■ For compatibility with Day-2 Operations apps, see the Cisco Day-2 Operations Apps Support Matrix.
See the Cisco Application Policy Infrastructure Controller (APIC) page for the documentation.
You can watch videos that demonstrate how to perform specific tasks in the Cisco APIC on the Cisco ACI YouTube channel.
Temporary licenses with an expiry date are available for evaluation and lab use purposes. They are strictly not allowed to be used in production. Use a permanent or subscription license that has been purchased through Cisco for production purposes. For more information, go to Cisco Data Center Networking Software Subscriptions.
The documentation includes installation, upgrade, configuration, programming, and troubleshooting guides, technical references, release notes, and knowledge base (KB) articles, as well as other documentation. KB articles provide information about a specific use case or a specific topic.
By using the "Choose a topic" and "Choose a document type" fields of the APIC documentation website, you can narrow down the displayed documentation list to make it easier to find the desired document.
The following table provides links to the release notes, verified scalability documentation, and new documentation:
Document |
Description |
The release notes for Cisco ACI Virtual Edge. |
|
The release notes for Cisco ACI Virtual Pod. |
|
Cisco Application Centric Infrastructure Simulator Release Notes, Release 4.2(3) |
The release notes for the Cisco ACI Simulator. |
The release notes for Cisco AVS. |
|
Cisco Nexus 9000 ACI-Mode Switches Release Notes, Release 14.2(3) |
The release notes for Cisco NX-OS for Cisco Nexus 9000 Series ACI-Mode Switches. |
This guide contains the maximum verified scalability limits for Cisco Application Centric Infrastructure (ACI) parameters for Cisco APIC, Cisco ACI Multi-Site, and Cisco Nexus 9000 Series ACI-Mode Switches. |
To provide technical feedback on this document, or to report an error or omission, send your comments to apic-docfeedback@cisco.com. We appreciate your feedback.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2019-2024 Cisco Systems, Inc. All rights reserved.