Tips: Limitations and Restrictions for Catalyst 9300 Switches

Cisco Catalyst 9300 Series is the best replacement for Cisco installed-base Access switches-3560-X, 3750-X series, 3750G series and Catalyst 3850 Series.

Learn more: Why Migrate to Cisco Catalyst 9300 Switches?

But here we’d like to share the Limitations and Restrictions Tips for Catalyst 9300 Switches.

Limitations and Restrictions

Cisco TrustSec restrictions—Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.

FNF limitations

  1. –You cannot configure NetFlow export using the Ethernet Management port (g0/0)
  2. –You cannot configure a flow monitor on logical interfaces, such as SVI, port-channel, loopback, tunnels.
  3. –You cannot configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction.

Memory leak—When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may fail. As a workaround, disable the logging discriminator on the device.

QoS restrictions:

–When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.

–For QoS policies, only switched virtual interfaces (SVI) are supported for logical interfaces.

–QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.

Secure Shell (SSH)

  • –Use SSH Version 2. SSH Version 1 is not supported.
  • –When the device is running SCP (Secure Copy Protocol) and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.

Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can take upto 40 or 50 percent of CPU memory, but they do not cause the device to shutdown.

Stacking:
  1. –A switch stack supports up to eight stack members.
  2. –Mixed stacking is not supported. Cisco Catalyst 9300 Series Switches cannot be stacked with Cisco Catalyst 3850 Series Switches.
  3. –Auto upgrade for a new member switch is supported only in the install mode.
Learn more: How Many Catalyst 9300 Models can I Stack together?

Smart Install—Although the commands are visible on the CLI, the Smart Install feature is not supported. Enter the no vstack command in global configuration mode and disable the feature.

Wired AVC limitations:

  1. –NBAR2 (QoS and Protocol-discovery) configuration is allowed only on wired physical ports. It is not supported on virtual interfaces, for example, VLAN, port channel nor other logical interfaces.
  2. –NBAR2 based match criteria ‘match protocol’ is allowed only with marking or policing actions. NBAR2 match criteria will not be allowed in a policy that has queuing features configured.
  3. –‘Match Protocol’: up to 256 concurrent different protocols in all policies.
  4. –NBAR2 attributes based QoS is not supported (‘match protocol attribute’).
  5. –NBAR2 and Legacy NetFlow cannot be configured together at the same time on the same interface. However, NBAR2 and wired AVC Flexible NetFlow can be configured together on the same interface.
  6. –Only IPv4 unicast (TCP/UDP) is supported.
  7. –AVC is not supported on management port (Gig 0/0)
  8. –NBAR2 attachment should be done only on physical access ports. Uplink can be attached as long as it is a single uplink and is not part of a port channel.
  9. –Performance—Each switch member is able to handle 2000 connections per second (CPS) at less than 50% CPU utilization. Above this rate, AVC service is not guaranteed.
  10. –Scale— Able to handle up to 20000 bi-directional flows per 24 access ports and per 48 access ports.

YANG data modeling limitations—A maximum of 20 simultaneous NETCONF sessions are supported.

Info from https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-5/release_notes/ol-16-5-9300.html#pgfId-1443405

More Related

Cisco Catalyst 9300 Series–Tech Overview

Cisco Catalyst 9000 Family-Technical Deep Dive

Cisco Catalyst 9000 Platform Transitions

Cisco’s New Intent-based Networking & New Line of Catalyst 9000 Switches

Share This Post

Post Comment