DNAC CIMC 4.1(1f) Support

Damien Miller · ‎05-13-2020

Hello all,

Can anyone confirm if it is OK to update a DNAC Server to CIMC 4.1(1f)? I have both both DN1 and DN2 hardware that could use updating. There is a field notice telling us not to exceed 4.0(4b) since 4.0(4c) will prevent it from booting.
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70456.html

The field notice cites two bugs, one DNAC specific indicating that it may be fixed as of 4.0(4f).
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr16833

The other that cites it is fixed in 4.1 as well.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq38078

Dan Rowe · ‎05-14-2020

Here are the current CIMC supported & recommended firmware versions for the latest version of DNA center:

Supported Firmware

Cisco Integrated Management Controller (Cisco IMC) versions are independent from Cisco DNA Center releases. This release of Cisco DNA Center has been validated against the following firmware:
• Cisco IMC Version 3.0(3f) for appliance model DN1-HW-APL
• Cisco IMC Version 3.1(2c) for appliance model DN2-HW-APL
• Cisco IMC Version 3.1(3a) for appliance model DN2-HW-APL-L
• Cisco IMC Version 4.0(1a) for appliance model DN2-HW-APL-XL
The preceding versions are the minimum firmware versions. While some later versions are also supported, Cisco DNA Center is not compatible with Cisco IMC 4.0(4c) and later. Do not update later than Cisco IMC 4.0(4b).

Raoul1971 · ‎06-03-2020

greetings,

4.0(4b) was released back in april 2019.

do you think the newer firmwares will be qualified against the newer dna appliance software in the near future?

quite a number of CVEs have been addressed since then, noteably the mds side-channel fixes for intel cpus.

thank you,

raoul.

tpoulose · ‎06-10-2020

4.0.(4i) is supported see https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr35414

Raoul1971 · ‎06-10-2020

thank you for this information.

the bug report that you cited even mentions that newer versions might be compatible:

"With the release of 4.0(4i) firmware, UEFI secure boot is withdrawn for DNAC PID, so it is possible to upgrade to 4.0(4i) and higher. Do not use 4.0(4c) -- 4.0(4g)."

this would indicate that 4.0(4k) and 4.1(1f) should be compatible.

can you confirm?

cheers,

raoul.

Leo Laohoo · ‎05-25-2021

Hi @danirowe & @tpoulose

What is the "latest" TAC recommendation?

FN–70456 says “UCS Cisco IMC Firmware Version 4.0(4b) is the latest release supported on affected Cisco DNA Center Appliances until Cisco announces support for the Secure Boot feature in the Cisco DNA Center software”, however, FN-70432 (mentioned in FN-70456) says 4.0(4b) is in the “affected” table.

Mike.Cifelli · ‎05-26-2021

Hi @Leo Laohoo just adding some information that may assist. I am currently running a 3 node cluster (DN2-HW-APL) with 4.0(4m) firmware. I worked with TAC ~2-3 months ago on this same concern. Per this guide: Release Notes for Cisco DNA Center, Release 2.1.2.x - Cisco

Do not update later than Cisco IMC 4.0(4b), unless you update to 4.0(4k) or later. See 'Supported Firmware' section. HTH!

Leo Laohoo · ‎05-26-2021

@Mike.Cifelli wrote:

Do not update later than Cisco IMC 4.0(4b), unless you update to 4.0(4k) or later.

Hi @Mike.Cifelli,

Thanks for this info. So DNAC v2.1.2, anything higher than 4.0(4k) (but stay in 4.0). This is how I read it.

With DNAC v2.2.2, 4.1(1h) is the recommended release.

Best Regards/Leo