Cisco 4000 Series Integrated Services Routers Release Notes, Cisco IOS XE 3S
Cisco 4000 Series Integrated Services Routers Overview
Cisco IOS XE 3S Releases and Cisco IOS Release Number Mapping
Determining the Software Version
Upgrading to a New Software Release
Upgrading Field-Programmable Hardware Devices
Limitations and Restrictions in Release 3.14S
Limitations and Restrictions in Release 3.10S
Cisco 4451 ISR and Cisco 4431 ISR FPGE Changes in Release 3.13.1
Cisco 4351 ISR, Cisco 4331 ISR, and Cisco 4321 ISR FPGE Changes in Release 3.13.1
Unified Communication on Cisco 4000 Series ISR
New Features and Important Notes About Cisco 4000 Series ISRs Release 3.17S
New Software Features in Cisco 4000 Series ISR Release 3.17S
New Features and Important Notes About Cisco 4000 Series ISRs Release 3.16C
New Software Features in Cisco 4000 Series ISR Release 3.16C
New Features and Important Notes About Cisco 4000 Series ISRs Release 3.15S
New Software Features in Cisco 4000 Series ISR Release 3.15S
Configuring Auxiliary Port for Modem Connection
Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module
Cisco 1GE-CU-SFP and 2GE-CU-SFP Network Inteface Modules
New Features and Important Notes About Cisco 4000 Series ISRs Release 3.14S
New Software Features in Cisco 4000 Series ISR Release 3.14.0S
New Features and Important Notes About Cisco 4000 Series ISRs Release 3.13S
New Software Features in Cisco 4000 Series ISRs Release 3.13.0S
Cisco 1-Port, 2-Port, and 4-Port Serial Network Interface Modules
Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Modules
Cisco 4-port GE SFP and 1-port 10 GE SFP Service Module
New Features and Important Notes About Cisco ISR 4400 Series Release 3.12S
New Software Features in Cisco ISR 4400 Series Release 3.12.0S
Cisco Multi-protocol Synchronous Serial NIM
New Features and Important Notes About Cisco ISR 4451-X Release 3.11S
New Software Features in Cisco ISR 4451-X Release 3.11.0S
New Features and Important Notes About Cisco ISR 4451-X Release 3.10S
Configurable RTP port range per IP Address for RTP session connectivity (Release 3.10.2)
Cisco AppNav Drops TCP Packets during Reboot of Router (Release 3.10.2)
8-Port Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module (Release 3.10.2)
Software Features in Cisco ISR 4451-X (Release 3.10.0S)
Using the Cisco Bug Search Tool
Caveats in Cisco 4000 Series Integrated Services Routers
Open Caveats - Cisco IOS XE Release 3.17.4S
Resolved Caveats - Cisco IOS XE Release 3.17.4S
Open Caveats - Cisco IOS XE Release 3.17.2S
Resolved Caveats - Cisco IOS XE Release 3.17.2S
Open Caveats - Cisco IOS XE Release 3.17.1S
Resolved Caveats - Cisco IOS XE Release 3.17.1S
Open Caveats - Cisco IOS XE Release 3.17S
Resolved Caveats - Cisco IOS XE Release 3.17S
Open Caveats - Cisco IOS XE Release 3.16.10S
Resolved Caveats - Cisco IOS XE Release 3.16.10S
Open Caveats - Cisco IOS XE Release 3.16.9S
Resolved Caveats - Cisco IOS XE Release 3.16.9S
Open Caveats - Cisco IOS XE Release 3.16.8S
Resolved Caveats - Cisco IOS XE Release 3.16.8S
Open Caveats - Cisco IOS XE Release 3.16.7bS
Resolved Caveats - Cisco IOS XE Release 3.16.7bS
Open Caveats - Cisco IOS XE Release 3.16.7aS
Resolved Caveats - Cisco IOS XE Release 3.16.7aS
Open Caveats - Cisco IOS XE Release 3.16.7S
Resolved Caveats - Cisco IOS XE Release 3.16.7S
Open Caveats - Cisco IOS XE Release 3.16.6S
Resolved Caveats - Cisco IOS XE Release 3.16.6S
Open Caveats - Cisco IOS XE Release 3.16.5S
Resolved Caveats - Cisco IOS XE Release 3.16.5S
Open Caveats - Cisco IOS XE Release 3.16.4bS
Resolved Caveats - Cisco IOS XE Release 3.16.4bS
Open Caveats - Cisco IOS XE Release 3.16.3S
Resolved Caveats - Cisco IOS XE Release 3.16.3S
Open Caveats - Cisco IOS XE Release 3.16.2S
Resolved Caveats - Cisco IOS XE Release 3.16.2S
Open Caveats - Cisco IOS XE Release 3.16.1A
Resolved Caveats - Cisco IOS XE Release 3.16.1A
Open Caveats - Cisco IOS XE Release 3.16.0C
Resolved Caveats - Cisco IOS XE Release 3.16.0C
Open Caveats - Cisco IOS XE Release 3.15.2S
Resolved Caveats - Cisco IOS XE Release 3.15.2S
Open Caveats - Cisco IOS XE Release 3.15.1C
Resolved Caveats - Cisco IOS XE Release 3.15.1C
Open Caveats - Cisco IOS XE Release 3.15S
Resolved Caveats - Cisco IOS XE Release 3.15S
Open Caveats - Cisco IOS XE Release 3.14.3S
Resolved Caveats - Cisco IOS XE Release 3.14.3S
Open Caveats - Cisco IOS XE Release 3.14.2S
Resolved Caveats - Cisco IOS XE Release 3.14.2S
Open Caveats - Cisco IOS XE Release 3.14.1S
Resolved Caveats - Cisco IOS XE Release 3.14.1S
Open Caveats - Cisco IOS XE Release 3.14S
Resolved Caveats - Cisco IOS XE Release 3.14S
Open Caveats - Cisco IOS XE Release 3.13.9S
Resolved Caveats - Cisco IOS XE Release 3.13.9S
Open Caveats - Cisco IOS XE Release 3.13.8S
Resolved Caveats - Cisco IOS XE Release 3.13.8S
Open Caveats - Cisco IOS XE Release 3.13.5S
Resolved Caveats - Cisco IOS XE Release 3.13.5S
Open Caveats - Cisco IOS XE Release 3.13.4S
Resolved Caveats - Cisco IOS XE Release 3.13.4S
Open Caveats - Cisco IOS XE Release 3.13.3S
Resolved Caveats - Cisco IOS XE Release 3.13.3S
Open Caveats - Cisco IOS XE Release 3.13.2S
Resolved Caveats - Cisco IOS XE Release 3.13.2S
Open Caveats - Cisco IOS XE Release 3.13.1S
Resolved Caveats - Cisco IOS XE Release 3.13.1
Open Caveats - Cisco IOS XE Release 3.13.0S
Resolved Caveats - Cisco IOS XE Release 3.13.0S
Open Caveats - Cisco IOS XE Release 3.12.2
Resolved Caveats - Cisco IOS XE Release 3.12.2
Open Caveats - Cisco IOS XE Release 3.12.1
Resolved Caveats - Cisco IOS XE Release 3.12.1
Open Caveats - Cisco IOS XE Release 3.12.0S
Resolved Caveats - Cisco IOS XE Release 3.12.0S
Open Caveats - Cisco IOS XE Release 3.11.0S
Resolved Caveats - Cisco IOS XE Release 3.11.0S
Open Caveats - Cisco IOS XE Release 3.10.6S
Resolved Caveats - Cisco IOS XE Release 3.10.6S
Open Caveats - Cisco IOS XE Release 3.10.5S
Resolved Caveats - Cisco IOS XE Release 3.10.5S
Open Caveats - Cisco IOS XE Release 3.10.4S
Resolved Caveats - Cisco IOS XE Release 3.10.4S
Open Caveats - Cisco IOS XE Release 3.10.3S
Resolved Caveats - Cisco IOS XE Release 3.10.3S
Open Caveats - Cisco IOS XE Release 3.10.2S
Resolved Caveats - Cisco IOS XE Release 3.10.2S
Open Caveats - Cisco IOS XE Release 3.10.1S
Resolved Caveats - Cisco IOS XE Release 3.10.1S
Open Caveats - Cisco IOS XE Release 3.10.0S
Resolved Caveats - Cisco IOS XE Release 3.10.0S
Open Caveats - Cisco IOS XE Release 3.9.1S
Platform-Specific Documentation
Cisco IOS Software Documentation
Obtaining Documentation and Submitting a Service Request
This document provides information about the Cisco IOS XE 3S software release for the Cisco 4000 Series Integrated Services Routers (ISRs) and consists of the following sections:
The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).
The following table lists the router models that belong to the Cisco 4000 Series ISRs.
Releases for the Cisco 4000 Series Integrated Services Routerscorrespond to the Cisco IOS XE releases.
Table 1 lists the mappings between the Cisco IOS XE 3S software releases and their associated Cisco IOS software releases.
You can use the following commands to verify your software version:
To install or upgrade, obtain a Cisco IOS XE 3S consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also need to first download the consolidated package and extract the individual sub-packages from a consolidated package.
For information about upgrading software, see the “How to Install and Upgrade Software” section in the Software Configuration Guide for the Cisco 4000 Series ISRs.
Table 2 provides information about the recommended Rommon and CPLD versions for the Cisco 4000 Series Integrated Services Routers.
The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.
Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.
From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.
You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not required.
The following limitations and restrictions apply to all releases:
The Cisco ISR-WAAS/AppNav service requires a system to be configured with a minimum of
8GB of DRAM and 16GB flash storage. For large service profiles, 16GB of DRAM and 32GB flash storage is required.
IPsec traffic is restricted on the Cisco ISR 4451-X. The router has the same IPsec functionality as a Cisco ISR G2. The default behavior of the router will be as follows (unless an HSECK9 license is installed):
L2TPv2 and IPSec are not supported in any of the IOS-XE releases.
There is a new “Performance” feature license. This license enables the performance feature, which gives an increased throughput of 2Gbps compared to a default throughput of 1Gbps. The performance feature is part of the ipbasek9 technology package.
Enable the feature by ordering the performance license (part number FL-44-PERF-K9). After the license is installed, it will be displayed as the “throughput” license in Cisco IOS command output.
To configure the feature, use the platform hardware throughput command, as shown in the following example:
From Cisco IOS XE 3.13.1 release, each FPGE interface has two reserved MACs and 24 additional filters which can be shared across all four FPGE interfaces. Earlier to this release, each Front Panel Gigabit Ethernet (FPGE) interface had a maximum of 8 MACs, with one reserved (BIA) and 7 filters.
Each Front Panel Gigabit Ethernet interface (FPGE) has a maximum of 16 MACs. with one reserved (BIA) and 15 filters.
This section describes new features in Cisco IOS XE 3.17S that are supported on the Cisco 4000 Series ISRs.
The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Release 3.17S:
This section describes new features in Cisco IOS XE 3.16C that are supported on the Cisco 4000 Series ISRs.
The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Release 3.16C:
This section describes new features in Cisco IOS XE 3.15S that are supported on the Cisco 4000 Series ISRs.
The following voice features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Release 3.15S:
Cisco 4000 Series ISR supports connecting a modem to the router Auxiliary port for EXEC dial in connectivity. When a modem is connected to the auxiliary port, a remote user can dial in to the router and configure it. This connection cannot be used as a backup forwarding interface to pass traffic. For further information on configuring the auxiliary port, see the Cisco 4000 Series ISRs Software Configuration Guide.
The Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module (NIM) integrates the Layer 2 features and provides a 1-Gbps connection to the multigigabit fabric (MGF) for intermodule communication. For more information on configuring the Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch NIM, see http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/4_8PortGENIM.html.
The Cisco 1GE-CU-SFP and 2GE-CU-SFP Network Interface Modules (NIMs) are software-configurable high-speed connectivity routing port service modules for the Cisco 4000 Series Integrated Services Routers (ISR). These service modules provide increased density of Ethernet interfaces on the Cisco 4000 Series ISR. For more information on configuring the Cisco 1GE-CU-SFP and 2GE-CU-SFP Network Interface Modules in Cisco 4000 Series Integrated Services Routers, see http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/cfgGENIMs.html.
This section describes new features in Cisco IOS XE 3.14S that are supported on the Cisco 4000 Series ISRs.
The following voice features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Release 3.14S:
This section describes new features in Cisco IOS XE 3.13S that are supported on the Cisco 4000 Series ISRs.
The following voice features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Release 3.13S:
The Cisco 1-port, 2-port, and 4-port Serial NIMs are multi-protocol synchronous serial network interface modules (NIMs) supported on the Cisco 4400 Series ISRs. The Cisco 1-port, 2-port, and 4-port Serial NIMs expand the capabilities of the router to provide connectivity for synchronous interfaces in a wide range of applications including up to 8Mbps date rate for high speed high-level data link control (HDLC). These capabilities can be utilized as Point-to-Point Cisco HDLC WAN interface or frame relay interface. The Cisco 1-port, 2-port, and 4-port Serial NIMs have their own serial communication controllers (SCC) and they do not rely on the host router for SCCs. For further information on configuring this NIM, see:
http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/S_NIM/software/configuration/guide/snim_config.html
The Cisco Fourth-Generation 1-port, 2-port, 4-port, and 8-PortT1/E1Multiflex Trunk Voice and WAN Network Interface Modules (NIMs) are inserted into the NIM slot on the Cisco 4451-X Integrated Services Routers to provide T1, fractional T1, E1, and fractional E1 support for data and voice applications. For further information on configuring this NIM, see:
http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/ConfT1E1NIM.html
The Cisco 4-port GE SFP and 1-port 10 GE SFP Service Module (SM-X-4x1GE-1x10GE) is software-configurable high-speed connectivity routing port service module for the Cisco ISR 4400 Series routers. This service module provides increased density of Ethernet interfaces on the Cisco ISR 4400 Series routers. For further information on configuring this service module, see:
http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/sm/software/configuration/guide/cfg-6-10ge.html
This section describes new features in Cisco IOS XE 3.12S that are supported on the Cisco ISR 4400 Series routers.
The following features are supported by the Cisco ISR 4400 Series routers for Cisco IOS XE Release 3.12S:
Support was added for network clocking or synchronization between the router and a NIM such as the Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module.
For further information, see the following Cisco document:
Network Synchronization for the Cisco ISR 4400 Series.
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_te_path_setup/configuration/xe-3s/mp-te-interarea-tun.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_te_path_setup/configuration/xe-3s/mp-te-tun-select-xe.html
For further information, see the following Cisco document:
http://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/15_1/sec_data_plane_15_1_book/sec_object_group_acl.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/lsmmldp.html
For further information, see the following Cisco site:
https://developer.cisco.com/web/onepk/home
Enable the appxk9 license set on Cisco ISR 4451-X router to configure OTV. For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-xe-3s-book.html
The Cisco Multi-protocol Synchronous Serial NIM is inserted into the NIM slot of the router and provides connectivity for synchronous interfaces in applications such as the high speed high-level data link control (HDLC) to 8 Mbps. This capability can be utilized as Point-to-Point Cisco HDLC WAN interface or frame relay interface. The NIM software is capable of anti-counterfeit protection and provides periodic system status information. Serial NIMs have their own serial communication controllers (SCCs) and do not rely on the host platform for SCCs. For further information on configuring this NIM, see:
http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/S_NIM/software/configuration/guide/snim_config.html
This section describes new features in Cisco IOS XE 3.11S that are supported on the Cisco ISR 4451-X and on other platforms.
The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Release 3.11S.
The enforced lawful intercept license allows the Lawful Intercept (LI) feature to be used.
Lawful Intercept (LI) is the process by which law enforcement agencies conduct electronic surveillance as authorized by judicial or administrative order. For further information on LI, see Introduction to Lawful Intercept.
For further information on using the LI feature, see Lawful Intercept Architecture, in the Cisco User Security Configuration Guide.
For further information on the LI feature license for the Cisco ISR 4451-X, see Feature Licenses, in the Software Configuration Guide for the Cisco 4451-X Integrated Services Router.
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/solutions_docs/avc/ios_15.4_1T_ios_xe3_11/avc_user_guide_ios_15.4_1T_iosxe3_11.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_lisp/configuration/15-mt/irl-isp-support-for-disjoint-rloc-domains.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/zbf -enable-alg-aic.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-prevent-export-storms.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-mt/sec-cfg-recon-flex.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-tunls-gre-entropy-xe.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-ip4-acl-chng-sup.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_isis/configuration/15-2s/irs -rmte-lfa-frr.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-mt/sec-cfg-recon-flex.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-mpl s-vpnomgre-xe.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/lsmmldp.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp600/nbar-prot-pack600.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s//iro-ipfrr-lfa.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-3s/s ec-conn-dmvpn-per-tunnel-qos.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_tcp_x e.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-s/iro-ipfrr-lfa.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-mpls-vpnomgre-xe.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/pp600/nbar-prot-pack600.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/solutions_docs/avc/ios_15.4_1T_ios_xe3_11/avc_user_guide_ios_15.4_1T_iosxe3_11.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dns/configuration/15-sy/dns-15-sy-book_chapter_0100.html
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/access/4400/software/configuration/guide/isr4400swcfg.html
A Cisco 6-port GE SFP service module is a Gigabit Ethernet module that can be inserted into the SM slot of the Cisco ISR 4451-X to provide Gigabit Ethernet features on routable external interfaces. For further information on configuring this service module, see:
Software Configuration Guide for the Cisco 6-port GE SFP Service Module
For Cisco 4000 Series ISRs, the RTP port range has been increased to a range of 8000 to 48200 to scale high call volumes. This port range allows up 10000 calls on a single interface.
For AppNav Controller Group (ACG) scenarios, a new CLI ( service-insertion acg-reload-delay) provides a time delay before enabling WAN traffic for a router that has just rebooted. During the delay, the router drops all TCP packets passing through the WAN interface. This enables the router to synchronize flows before traffic is enabled, preventing unintended resetting of connections.
The 8-port Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module is supported for Cisco IOS XE Release 3.10.2 (SKU: NIM-8CE1T1-PRI).
This section describes features supported on the Cisco 4000 Series Integrated Services Routers in Cisco IOS XE 3.10S that are specific to this platform.
Multilink Point-to-point Protocol
For further information, see the following Cisco document:
Multilink PPP Support for the Cisco 4451-X Integrated Services Router.
For further information, see the following Cisco document:
Configuring No Service Password-Recovery on the Cisco ISR 4451-X
This section provides information about the caveats in Cisco 4000 Series Integrated Services Routers routers, Release 3S. Caveats describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
For more information about how to use the Cisco Bug Search Tool, including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help & FAQ.
Note You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
Step 1 In your browser, navigate to the Cisco Bug Search Tool.
Step 2 If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.
Step 3 To search for a specific bug, enter the bug ID in the Search For field and press Enter.
Step 4 To search for bugs related to a specific software release, do the following:
a. In the Product field, choose Series/Model from the drop-down list and then enter the product name in the text field. If you begin to type the product name, the Cisco Bug Search Tool provides you with a drop-down list of the top ten matches. If you do not see this product listed, continue typing to narrow the search results.
b. In the Releases field, enter the release for which you want to see bugs.
The Cisco Bug Search Tool displays a preview of the results of your search below your search criteria.
Step 5 To see more content about a specific bug, you can do the following:
Step 6 To restrict the results of a search, choose from one or more of the following filters:
A predefined date range, such as last week or last six months. |
|
The bug severity level as defined by Cisco. For definitions of the bug severity levels, see Bug Search Tool Help & FAQ. |
|
The rating assigned to the bug by users of the Cisco Bug Search Tool. |
|
Your search results update when you choose a filter.
This section contains the following topics:
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All open bugs for this release are available in the Cisco Bug Search Tool.
All resolved bugs for this release are available in the Cisco Bug Search Tool.
CPUHOG in SNMP Engine process and router crash with watchdog timeout may be seen while processing the SNMP request for ciscoEigrpMIB.
The crash occurs while polling OID - cEigrpInterfaceEntry (1.3.6.1.4.1.9.9.449.1.5.1.1) when VirtualPortGroup31 interface is present which gets added as part of ISR-WAAS config. The crash is seen even if this interface is down.
Apply the following view to exclude cEigrpInterfaceEntry from being polled:
– snmp-server view cutdown iso included
– snmp-server view cutdown 1.3.6.1.4.1.9.9.449.1.5.1.1 excluded
– snmp-server community < > view cutdown RO
– snmp-server community < > view cutdown RW
Cisco ISR 4331 border router might be reloaded unexpectedly with longevity stress traffic over dual IPsec DMVPN tunnels.
This problem occurs when you keep stress traffic with above 99% CPU utilization, and flap crypto SA session.
Cisco 4300 series platforms fail to boot up when you remove a problematic NIM-1T module and reinsert a working NIM-2T module.
This problem occurs when you remove a problematic NIM-1T module and reinsert a working NIM-2T module.
Reinsert the same type of SKU to resolve the problem.
Cisco ISR 4000 series platforms reload when you attempt to use jumbo frames larger than 2k bytes on the management interface GigabitEthernet0.
Cisco ISR4000 platforms allow up to 4k bytes jumbo frame configuration on the management interface GigabitEthernet0. However, the interface does not support jumbo frames, and if the device is configured with an MTU larger than 2k bytes, and packets larger than 2k bytes are sent to the interface, it will result in a system reload. All hardware versions of Cisco ISR 4000 series platforms are impacted by this problem.
Service module reloads after disabling IP routing at line rate.
This problem occurs when data traffic is sent to SM-X-ES3-24-P module CPU. CPU at 75% cannot handle control plane packet and results in module reload.
You can send data routing traffic with BDI interface on router as a default route instead of sending traffic to SM-X-ES3-24-P CPU VLAN interface.
The Micro-loader section of the output for the show software authenticity running command is missing.
This problem occurs when you issue the show software authenticity running command.
Cisco 4451 ISR reloads with large ping packets using a traffic generator while using multicast configuration.
Traffic Generator 1 --- ISR 4451 --- Traffic Generator 2
The router reloads while trying to ping using a large 1800-byte packet through it while using multicast configuration. The reload is not observed when a regular (or a small-sized) ping packet is sent.
Router reloads during boot up. Interfaces render unusable.
This problem occurs when user tries to upgrade or downgrade the image. Booting the same image through reload does not trigger this issue. This issue occurs once in thousand router reloads in development test environment.
The isdn incoming-voice voice command is not supported on Cisco 4321 ISR though the functionality is intact. CLI support is required for backward compatibility.
This problem occurs when you use the invalid isdn incoming-voice voice command.
Cisco 4400 ISR data-plane reloads.
This problem occurs due to heavy layer 2 control and egacy/for-us traffic and when a reload command is issued.
Shut down the external interface from which layer 2 control and legacy/for-us traffic is entering the system before issuing the reload command.
The IPSec tunnel bring up rate on Cisco 4351 ISR is low.
The rate at which IPSec tunnels come up is a little slow when the maximum supported tunnels (1500) are configured.
Traceback occurs when you clear the MPLS-Te configuration on Cisco 4351 platform.
This problem occurs when the MPLS-Te is configured.
Cisco 4300 Series ISRs will occasionally report “StuckInSleep" as the "Last reset cause” in the ROMMON initialization display. This display is an indication that the router has already automatically cleared the condition and can be safely ignored.
This condition is very rare and can occur on any type of router reset including a power cycle.
The display is an indication that the device has already automatically applied the workaround. No further workarounds are required, and the router can be safely used as normal with this display
Cisco 4300 ISRs may reload when SA is created with SPI value set to off.
The problem occurs during initial boot with modules inserted.
Reload the router to clear the problem.
Some of the Cisco 4300 ISRs modules do not come up.
This problem occurs during initial boot up or when a new module is inserted into the router.
Reload the router to recover from the problem.
Cisco 4400 ISR data-plane reloads.
This problem occurs after a bad memory read and when traffic is switched between two DMVPN tunnels.
Cisco 4400 ISR reloads when DMVPN tunnel comes up with pfrv3 interaction and the MTU value is set to greater than 8000.
This problem occurs when DMVPN tunnel comes up with pfrv3 interaction and the MTU value is set to greater than 8000.
You have to set the MTU value below 8000.
Cisco 4300 ISR Ucode reloads when the crypto session is cleared.
This problem occurs when the crypto session is cleared.
In Cisco 4300 Series platforms, OSPFV3 neighbor breaks when authentication is configured to protect OSPFV3 traffic. The same problem is seen when you configure IPSEC only with authentication functionality.
This problem occurs when you configure IPSEC only with authentication functionality. This impacts IPSEC-AH cases and IPSEC-ESP cases when we have null ciphers. For example, this problem is seen while configuring IPSec MD5 authentication on IPv6 OSPFV 3 using the command ipv6 ospf authentication ipsec spi 0x1000 md5 123456789a123456789b123456789c12.
A small number packets are dropped in the backplane switch (on the FFP port).
This problem occurs on some of the Cisco 4300 ISR routers while small packets (64-98 bytes) are flowing in an egress direction toward module interfaces (NIM or SM).
Memory leak is seen in 'fman_fp_image' process which can lead to a reload after the router runs out of memory. RP/0: Committed Memory value 95% exceeds warning level 90%
The output for show platform software memory forwarding-manager fp active brief shows 'fw-zone-pair' with a big difference in allocs/frees.
This problem occurs when the Zone-based firewall is configured and no need to attach the service-policy to zone-pair. This is not seen in releases prior to 3.13.0S.
With high traffic, EIGRP/OSPF relationship goes down resulting in removal of learned routes.
This problem occurs with DMVPN tunnel configuration.
SFPs on Cisco ISR 4451 fail during the installation.
This problem occurs with FINISAR and AVAGO SFPs.
SFP fails each time router boots up and during the first time installation. All SFPs are not affected.
Recover SFPs after bypassing authentication check on SFPs.
In a Cisco ISR 4430 installed with two power supplies, if one of the power supply is removed and re-inserted, the output of the show inventory command displays incorrect values.
This problem occurs when one of the two power supplies is removed from a Cisco ISR 4430 and an OIR command is issued.
The E-Series Server module shows memory leak issue and the router displays the following error message: NGIO control packet loss detected
.
As a result, the router sets the module in an “out of service” state.
This problem occurs when an E-Series Server module with CIMC Release 2.1 or 2.2 is installed in a Cisco ISR 4451-X router with Cisco IOS XE 3.13 or 15.4(3)S release.
When configuring eight or more sub-interfaces on Cisco ISR 4450 and enabling HSRP, the following message is displayed:
%IOSXE_RP_SPA-3-MAC_FILTER_ADD_FAIL: All the available 8 mac filters for interface have been consumed. Failed to add 0000.0c07.ac01 for interface GigabitEthernet0/0/0
This issue occurs when you configure the same group number HSRP under sub-interfaces of integrated Gigabit interfaces on a Cisco ISR 4451 router.
Use VRRP with same group number.
The router reloads due to low memory, fails to include IO related memory commands to assist in diagnosing the cause of the device running out of memory.
This problem occurs when the router reloads due to low memory.
Configure the exception crashinfo dump command and troubleshoot the memory issue.
UCSE sub-interface configuration is not available.
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# int ucse 1/0/0.1
% Invalid input detected at '^' marker.
Router(config)# int ucse 1/0/1.1
% Invalid input detected at '^' marker.
IPsec ECN status is shown as disabled by hardware status.
This problem occurs while checking show crypto ipsec sa output.
Traceback generated while allocating a scheduling node before the resources are depleted. The failure adversely affects the current and subsequent configuration events.
If the BQS resource manager returns synchronously after it has activated the scheduling node, it generates the following traceback after resuming processing of the same scheduling node to place the children in the tree and process the scheduling node rate:
IF:GigabitEthernet0/0/1.463: cpp_qm_event__proc_parent_activate:8332 alloc_schedule FairQueue_0x40000adc: OBJ_H: (0) 0/0x440000adc P_OBJ_H 0x40000ad7 flags: 0x4006 state: 0xc05 w/16 children adding 16 children failed
The failure gives a false alarm about resources outage. The traceback is caused by an erroneous logic when the scheduling node is already marked as ACTIVE before it is completely processed.
When NAT44 or NAT64 stateful is used on the Cisco ISR 4451-X.
When NAT44 or NAT64 stateful is used on the Cisco ISR 4451-X.
For NAT64, there is no workaround. For NAT44, PAT can be used.
This problem occurs when a large packet is sent over a small MTU and that results in more than eight fragments.
Ensure that the size of the largest MTU is set to no more than 8 times the smallest MTU.
Device reloads after CPUHOG messages are printed on the console.
When you add a modem to the auxiliary port of a Cisco ISR 4451-X and then configuring it, the router reloads.
Do not use a modem on the auxiliary port. This configuration is not supported.
Unable to set value on "cefIntLoadSharing" instance of CISCO-CEF-MIB.
After setting value for "cefIntLoadSharing" instance on "CISCO-CEF-MIB".
Encpas counter in show crypto ipsec sa command may occasionally show incorrect value.
This problem occurs when the IPSec tunnels configured and used on the device.
SSTE: leaks were seen at Cisco 4400 ISR dmvpn hub on call home process.
This problem occurs when the DMVPN crypto sessions are active.
Cisco 4451 ISR platform reloads with a segmentation fault.
This problem occurs when the Cisco 4451 ISR is configured as SRST, and the Skinny phones fallback to SRST.
Cisco 4400 ISR reloads when DMVPN tunnel comes up with pfrv3 interaction and the MTU value is set to greater than 8000.
This problem occurs when DMVPN tunnel comes up with pfrv3 interaction and the MTU value is set to greater than 8000.
You have to set the MTU value below 8000.
Cisco 4451 ISR and Cisco 4431 platforms reload when running traffic greater than 90Mbps without installing HSECK9 license.
This problem occurs when the traffic is greater than 90Mbps without installing HSECK9 license and when you configure the license boot level securityk9 command on the router.
IOS-XE unable to reach Cisco 4000 series ipsec tunnels with dmVPN EIGRP.
This problem occurs when the dmVPN with EIGRP is used on Cisco 4451 ISR.
A Cisco device does not give the necessary failure information when the crypto NIST/KAT tests on boot fail. During test failures, users will not be notified. The logs do not contain information on the failures.
This symptom occurs with a crypto NIST/KAT self-test and displays a generic message such as:
*Nov 5 17:48:19.128: %CMRP-3-CHASSIS_MONITOR_READY_TIME_EXCEEDED:cmand: Reloading F0 because it has failed to become ready for packet processing. This message doesn't give enough information for the user to take the proper course of action.
This message does not indicate that the crypto self-test has failed.
When you use the show power inline command on Cisco ISR 4451 device, it does not display any output about the power consumed by the PD connected to SM module(s).
You have to connect a PD to a front panel port of the SM module.
The Cisco ISR 4451-X device generates a traceback while allocating a scheduling node before the resources are depleted. The failure adversely affects the current and subsequent configuration events.
If the BQS resource manager returns synchronously after it has activated the scheduling node, it generates the following traceback after resuming processing of the same scheduling node to place the children in the tree and process the scheduling node rate.
IF:GigabitEthernet0/0/1.463: cpp_qm_event__proc_parent_activate:8332 alloc_schedule FairQueue_0x40000adc: OBJ_H: (0) 0/0x440000adc P_OBJ_H 0x40000ad7 flags: 0x4006 state: 0xc05 w/16 children adding 16 ch
ildren failed
The failure gives a false alarm about resources outage. The traceback is caused by an erroneous logic when the scheduling node is already marked as ACTIVE before it is completely processed.
In some conditions, Cisco ISR 4400 platform displays Cisco-proprietary internal keywords as part of the error message.
Displays Cisco-proprietary internal keywords as part of the error message.
MLP bundle flow control is not functional.
When you generate ICMP ECHREQ from the router to outside host over an MLP causes the bundle queuing process with a consequences of WRED malfunction. Also, the member links queue grows beyond the set queue-limits.
The Cisco ISR4400-X Ucode reloads on Cisco IOS Release 15.3(3)S, 15.4(1)S, and 15.4(2)S.
This problem occurs when a large packet is sent over a small MTU and that results in more than 8 fragments.
Ensure that the size of the largest MTU is not set to more than 8 times the smallest MTU.
Device reloads after CPUHOG messages are printed on the console.
When you add a modem to the auxiliary port of the Cisco ISR 4451-X device and then configuring it, the device reloads.
Do not use a modem on the auxiliary port. This configuration is currently unsupported.
CPLD upgrade is not supported for rp/0 message when the upgrade hw-programmable file bootflash:hwprg.pkg slot r0 command is executed.
The defect affects the ISR products. However, the MCP CPLD upgrade works fine.
The serial interface and Service-Engine share the same interface name.
This problem occurs when you install any kind of serial card and Service-Engine card, then run the show interface description command.
The serial interface and Service-Engine share the same interface name.
This problem occurs when you install any serial card and Service-Engine card, then run the show interface description command.
The device Ucode reloads when you perform analog forward inspect.
This problem occurs with the analog traffic and forward configuration.
Cisco ISR4400-X series device Ucode reloads with the special internal packet.
This problem occurs when the Cisco ISR4400-X series device interprets an internal packet as an Ethernet packet and drops the packet. This is treated as a fatal event.
When the route distance changes, the tunnel interface QoS may not work.
This happens when there are multiple tunnel interfaces and all the traffic is tunneled to the same physical interfaces, with multiple routes for each tunnel traffic, where route distance determines the physical interface for the tunnel traffic.
With QoS applied to the tunnel interfaces, when the tunnel traffic route distance is changed to select a different physical interface, the QoS on that tunnel interface no longer works, after the change.
Cisco ISR4400-X series device Ucode reloads with the special internal packet.
This problem occurs when Cisco ISR4400-X series device interprets an internal packet as an Ethernet packet and drops the packet. This is treated as a fatal event.
There are compatibility issues between the certain IOS-XE versions and SM-ES3X. With some of the combinations of SM-ES3X firmware and releases of IOS-XE, the SM-ES3X will not boot. With the unsupported combinations, the SM-ES3X will not boot and an error message is such as
will be displayed on the IOS-XE console and the SM-ES3X will go into 'out of service' state as shown in the show platform command.
This problem occurs when the versions of SM-ES3X modules is incompatible with some of the earlier IOS-XE releases. SM-ES3x version EJ1 is only compatible with the following releases:
– IOS XE Release 3.10.4 or later
After doing an “any-to-any” online insertion and removal (OIR) of a NIM-8CE1T1-PRI with a NIM-1CE1T1-PRI (both Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Modules) and then configuring the maximum number of channel-groups (31), %SNMP-3-DVR_DUP_REGN_ERR
tracebacks occur.
This problem occurs whenever maximum number of channel-groups are configured after an “any-to-any” OIR.
The router reloads, due to low memory, fails to include IO related memory commands to assist in diagnosing the cause of the device running out of memory.
This problem occurs when the router reloads due to low memory.
Configure exception crashinfo dump command and troubleshoot the memory issue.
Device reloads when you run traffic greater than 90Mbps without installing the HSECK9 license.
This problem occurs when the traffic rate is greater than 90 Mbps and if you run the traffic without the HSECK9 license.
UCSE sub-interface configuration not available.
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# int ucse 1/0/0.1
% Invalid input detected at '^' marker.
Router(config)# int ucse 1/0/1.1
% Invalid input detected at '^' marker.
IPsec ECN status is shown as disabled by hardware status.
This problem occurs while checking show crypto ipsec sa output.
Traceback generated while allocating a scheduling node before the resources are depleted. The failure adversely affects the current and subsequent configuration events.
If the BQS resource manager returns synchronously after it has activated the scheduling node, it generates the following traceback after resuming processing of the same scheduling node to place the children in the tree and process the scheduling node rate.
IF:GigabitEthernet0/0/1.463: cpp_qm_event__proc_parent_activate:8332 alloc_schedule FairQueue_0x40000adc: OBJ_H: (0) 0/0x440000adc P_OBJ_H 0x40000ad7 flags: 0x4006 state: 0xc05 w/16 children adding 16 ch
ildren failed
The failure gives a false alarm about resources outage. The traceback is caused by an erroneous logic when the scheduling node is already marked as ACTIVE before it is completely processed.
The number of translations on Cisco ISR 4451-X for NAT44 and NAT64 stateful is limited to 4K- to 6K.
When NAT44 or NAT64 stateful is used on the Cisco ISR 4451-X.
For NAT64, there is no workaround. For NAT44, PAT can be used.
This problem occurs when a large packet is sent over a small MTU and that results in more than 8 fragments.
Ensure that the size of the largest MTU is set to no more than 8 times the smallest MTU.
Device reloads after CPUHOG messages are printed on the console.
When you add a modem to the auxiliary port of a Cisco ISR 4451-X and then configuring it, the router reloads.
Do not use a modem on the auxiliary port. This configuration is currently unsupported.
Unable to set value on "cefIntLoadSharing" instance of CISCO-CEF-MIB.
After setting value for "cefIntLoadSharing" instance on "CISCO-CEF-MIB".
EVC works unexpectedly on port channel.
1) Create port-channel and enable EVC.
2) Bind interface to port-channel.
The interface is configured with EVC, MAC filtering is disabled.
3) Unbind interface from port-channel.
After step 3, MAC is configured to original MAC of interface, but the MAC filtering function is not enabled.
Remove the EVC configuration explicitly from the port-channel and then, remove the physical interface from the port-channel.
The “Lost carrier” counter displays 0 (zero) in the show interface output for the Ethernet interface even though the Ethernet cable is disconnected or the peer connection is shutdown.
The cable is disconnected or the peer connection is shutdown.
On the router, certain special characters sent to the module console session can result in a locked session which will no longer accept input.
This problem occurs when special non-keyboard characters such as a raw linefeed “\r” character is sent to the module console from a tool or script. It is not seen when using a normal interactive session with manual input.
The console session can be recovered by reloading the module in question via the hw-module subslot x/y reload command.
The show version running command is not populating the software version for NIM/RP/FP slot with a Cisco IOS XE 3.11 image.
This problem occurs while testing the ENTITY-MIB, running ENTITY-MIB script.
After enabling an appxk9 license on the host Cisco ISR 4451-X router and reloading the router, a ping from the host router through a Cisco SM-X Layer 2/3 EtherSwitch Service Module (24-port) to a peer fails. A ping in reverse, from Cisco SM-X Layer 2/3 EtherSwitch Service Module (24-port) to ISR 4451-X, also fails.
This problem occurs when an appxk9 license is enabled and the router is reloaded (to activate the license).
Reset the peer interface (shut / no shut).
Tracebacks with the following signature “%QFPOOR-4-LOWRSRC_PERCENT” are seen on the console with negative percentage complaining of resource depletion.
These tracebacks are usually seen on a clean-up operation performed on a router i.e manual removal of all configs. But it's not limited to only this operation and could be seen with router configuration as well.
EVC works unexpectedly on port channel.
1) Create port-channel, enable EVC.
2) Bind interface to port-channel.
The interface is configured with EVC, mac filtering is disabled.
3) Unbind interface from port-channel.
After step 3, MAC is configured to original mac of interface, but the MAC filtering function is not enabled.
Remove the EVC configuration explicitly from the port-channel and then, remove the physical interface from the port-channel.
The “Lost carrier” counter displays 0 (zero) in the show interface output for the ethernet interface even though the ethernet cable is disconnected or the peer connection is shutdown.
This problem occurs when the cable is disconnected or the peer connection is shutdown
A decrease in NDR (dropoff rate) occurs when using the FPGE interface.
For IPv6 traffic flow, where the prefix length is greater than 64 bits, the NDR decreases in steps of 10–20 Kpps.
On the router, certain special characters sent to the module console session can result in a locked session which will no longer accept input.
This problem occurs when special non-keyboard characters such as a raw linefeed “\r” character is sent to the module console from a tool or script. It is not seen when using a normal interactive session with manual input.
The console session can be recovered by reloading the module in question via the hw-module subslot x/y reload command.
The show version running command is not populating the software version for NIM/RP/FP slot with a Cisco IOS XE 3.11 image.
This problem occurs while testing the ENTITY-MIB, running ENTITY-MIB script.
Error messages with signatures “FP100: %QFPOOR-4-LOWRSRC_PERCENT” are repeatedly shown on the console whenever configurations are applied on the router or a clean-up operation is performed.
When configurations are made or clean-up operations are performed, incorrect error messages such as”“FP100: %QFPOOR-4-LOWRSRC_PERCENT” are shown on the console.
There is no workaround. These error messages are singular in nature and do not overfill the console.
Performing SNMP Get on entPhysicalFirmwareRev and entPhysicalSoftwareRev for NGWIC-8CE1T1-PRI returns a null value.
This problem occurs while querying ENTITY-MIB on NGWIC-8CE1T1-PRI module.
After enabling an appxk9 license on the host Cisco ISR 4451-X router and reloading the router, a ping from the host router through a Cisco SM-X Layer 2/3 EtherSwitch Service Module (24-port) to a peer fails. A ping in reverse, from Cisco SM-X Layer 2/3 EtherSwitch Service Module (24-port) to ISR 4451-X, also fails.
This problem occurs when an appxk9 license is enabled and the router is reloaded (to activate the license).
Reset the peer interface (shut / no shut).
Module takes three attempts to come up online when router is reloaded and module is inserted (OIR) with no extended attribute file in the router NVRAM.
1. Delete the extended attributes file from router NVRAM and reload the router.
2. Insert module in router again.
The command show version running is not populating software version for NIM/RP/FP slot with the Cisco IOS XE 3.11 image.
The problem occurs while testing the ENTITY-MIB, by running ENTITY-MIB script.
Router reloads with a Cisco IOS error message such as:
*Nov 5 17:48:19.128: %CMRP-3-CHASSIS_MONITOR_READY_TIME_EXCEEDED:cmand: Reloading F0 because it has failed to become ready for packet processing
During booting, the router does not run certain crypto NIST/KAT self-tests and displays a generic message which does not indicate the crypto self-test has failed.
Automated scripts fail after you copy and paste characters to the Cisco SM-X-1 T3/E3 module console; the characters are dropped or not displayed properly.
When use copy and paste option to enter characters to the module console, some of the characters can be dropped or are not displayed properly.
You should manually enter any input that are needed on the module console rather than using the copy and paste option to enter large amounts of text to the module console.
The following error message is displayed while issuing module commands such as show platform hardware subslot module or show platform software subslot module :
%IOMD-3-TIMER_FAIL:iomd: Failed to clear timer
If the Cisco ISR 4451-X and the Cisco SM-X-1 T3/E3 module and interfaces are running near line rate traffic and the command show platform hardware subslot module host-if statistics is used to obtain the statistics from the module.
When IPsec is configured, OneFW drops packets (about 5%) when inspecting traffic coming out of an IPSEC tunnel. The reason for the drop is “Asacx CRC checksum error”.
When the packet size is greater than 1450 bytes.
The router may unexpectedly reload at the Watchdog process “Timer Library”, after a physical WAN-GigE admin-shutdown, with all the GM's registered and waiting for the rekey.
When the Cisco ISR 4451-X is acting as a VRF-Lite GM.
When an 8-port Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module of E1 card type and 248 channel groups is configured, followed by OIR with a 1-port module configured with full 31 channel groups (E1), then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
When the 8-port T1/E1 module is configured, followed by OIR with a 1-port module configured with full 31 channel groups, then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
Remove the failed channel groups, and re-configure them.
Potential starving of features that are able to use recycle queue resources because Cisco AppNav queue is made high priority.
A large amount of traffic exhausts the Cisco AppNav recycle queues, which are used by mpass infrastructure.
Potential starving of features that are able to use recycle queue resources because Cisco AppNav queue is made high priority.
A large amount of traffic exhausts the Cisco AppNav recycle queues, which are used by mpass infrastructure.
When a Cisco T1/E1 NIM’s E1 interface has channel-groups and ds0-group, some ds0-groups may not come up on the remote side (suppose it's argot), and voice call cannot be made.
This happens when both channel groups and ds0-groups are configured on the same Cisco T1/E1 NIM.
Always configure ds0-group first, then configure channel-group or tdm-group.
The front panel Gigabit Ethernet interface is a dual media interface. When the RJ45 port is operational and an SFP transceiver is inserted, the RJ45 link bounces (up -> down -> up).
Using a GLC-T or GLC-GE-100FX SFP transceiver.
Very large numbers are seen sometimes in the output of “backplane switch” counters - show platform hardware backplane R0... statistics after clearing the counters via clear platform hardware backplane R0 statistics.
After clearing the backplane switch counters. This does not impact the interface counters and other statistics.
Issue the clear command again to clear the counters properly.
The “Internal_service” license state shows as “Active, Not In Use” even after it has expired. The system Linux Shell cannot be accessed after the “Internal_service” 1 Day license has expired, which is expected. However, if a new 1 Day license is installed again, even though the license state comes up as “Active, In Use”, the Linux Shell still cannot be accessed.
Install a 1-day Internal_service license. Let the license expire and then install another 1-day Internal_service license.
Configure and unconfigure the platform shell command to recover the license so that it is in a proper working state.
Router(config)#
platform shell
Router(config)#
no platform shell
Router(config)#
platform shell
The System Linux Shell is now accessible.
The following examples of tracebacks are seen on the router console:
*Oct 22 17:21:02.089 IST: %IDBINDEX_SYNC-3-IDBINDEX_LINK: Driver for IDB type '27' changed the Identity of interface "Ethernet-Internal1/0/0" without deleting the old Identity first (rc=8) -Process= "CWAN OIR Handler", ipl= 0, pid= 151
-Traceback= 1#a09998a000c6775399bb03536911aed5 :400000+B54D71 :400000+391F380 :400000+391EA76 :400000+3D33CE7 :400000+3D33953 :400000+3D72B1E :400000+437F8EC :400000+363274A :400000+3631F28 :400000+3613515 :400000+3613BF5 :400000+4358A3F :400000+4358F7E :400000+267EEBE :400000+435A381 :400000+435A243
*Oct 31 14:36:45.526: %IDBINDEX_SYNC_KEY-3-UNKNOWN_TYPE: Interface type is unknown and cannot be synced: "", 0 -Process= "CWAN OIR Handler", ipl= 0, pid= 158
-Traceback= 1#42d0348895d7f998d3747a45d48d89b8 :400000+B54E31 :400000+393430A :400000+393C0DA :400000+393C7D8 :400000+3938CF4 :400000+362F0D0 :400000+362EF0A :400000+4377CCA :400000+26993EC :400000+4375801 :400000+43756C3 :400000+4397DBF :400000+3806CDB :400000+3806B6C
*Oct 31 14:36:45.529: -Traceback= 1#42d0348895d7f998d3747a45d48d89b8 :400000+B54177 :400000+393430F :400000+393C0DA :400000+393C7D8 :400000+3938CF4 :400000+362F0D0 :400000+362EF0A :400000+4377CCA :400000+26993EC :400000+4375801 :400000+43756C3 :400000+4397DBF :400000+3806CDB :400000+3806B6C
Several possible conditions cause these symptoms:
1) When one etherswitch module is inserted and remove in about 35 seconds and replaced with another etherswitch module, some tracebacks or error messages will be observed on the router console.
2) When the NIM-2CE1T1-PRI module is stopped via the hw-module command.
3) Booting the router with NIM-2CE1T1-PRI module.
Do not perform rapid online insertion/removal; let the module come up properly before removing it.
Do not perform a hw-module stop of the NIM-2CE1T1-PRI module.
Some tracebacks may not have a workaround.
Traffic is dropped for Trustsec over DMVPN on the Cisco ISR 4451-X.
An issue in secure boot process of the Cisco 4400 Series Integrated Services Routers could allow a user to overwrite the revocation key on the bootflash of the device. The issue is due to improper storage of the revocation key on bootflash.
This problem is seen in device running with default configuration and running an affected version of software which supports secure boot.
When forcing manual rekeys from a key server in a GetVPN environment, intermittently ISR spokes may re-register even if there is no policy changes.After the re-registration the traffic will flow correctly.
This problem occurs when you use manual rekeys without policy changes.
Limit the number of forced rekeys that will minimize this condition.
GLC-T SFP is not working properly in an OVLD system.
This problem occurs when OVLD built-in ports with autoselect is enabled.
SFPs on Cisco ISR 4451 fail during installation.
This problem occurs with FINISAR and AVAGO SFPs.
SFP fails each time router boots up and during the first time installation. All SFPs are not affected.
Recover SFPs after bypassing authentication check on SFPs.
Router# hw-module subslot 0/0 reload
A Cisco device does not give the necessary failure information when the crypto NIST/KAT tests on boot fail. During test failures, users will not be notified. The logs do not contain information on the failures.
This symptom occurs with a crypto NIST/KAT self-test and displays a generic message such as:
*Nov 5 17:48:19.128: %CMRP-3-CHASSIS_MONITOR_READY_TIME_EXCEEDED:cmand: Reloading F0 because it has failed to become ready for packet processing. This message doesn't give enough information for the user to take the proper course of action.
This message does not indicate that the crypto self-test has failed.
Cisco ISR4400-X series device Ucode reloads with the special internal packet.
This problem occurs when Cisco ISR4400-X series device interprets an internal packet as an Ethernet packet and drops the packet. This is treated as a fatal event.
When the route distance changes, the tunnel interface QoS may not work.
This issue occurs when there are multiple tunnel interfaces and all the traffic is tunneled to the same physical interfaces, with multiple routes for each tunnel traffic, where route distance determines the physical interface for the tunnel traffic.
With QoS applied to the tunnel interfaces, when the tunnel traffic route distance is changed to select a different physical interface, the QoS on that tunnel interface does not work.
Change the routes for all tunnels to the same physical interface.
Memory leak is observed during POST in Cisco ISR 4451 routers.
Cisco ISR4400-X series device Ucode reloads with the special internal packet.
This problem occurs when Cisco ISR4400-X series device interprets an internal packet as an Ethernet packet and drops the packet. This is treated as a fatal event.
A Cisco device can experience a memory leak due to "Crypto IKMP" process. This can occur if the multiple DHCP servers are configured under crypto configuration as shown in this example.
This problem occurs when multiple DHCP servers are configured under crypto.
Use only a single DHCP server. Due to an error in the code, only the memory structures associated with data from the last DHCP server are properly released after a lookup. Data from other servers in the list is retained indefinitely with each lookup.
When a device has an empty ACL, it fails to deny all traffic.
This problem occurs when an empty ACL is present in the policy.
Ensure that the ACL is not empty in the class-map.
When you oversubscribe the MLPP traffic with member link, the Out-of-Resource error can occur.
This problem occurs when the MLPPP traffic with the member link over-subscription.
Avoid oversubscribing the member link. This can be done by keeping the MLP bundle throughput rate at less than 95% of the line rate.
When you boot the device, the device does not provide the necessary failure information when the crypto NIST/KAT test fails. Also, the user is not notified and the logs do not contain information on the failure(s). Because of this, the TAC will not be able to help the user.
Router reloads on boot with the following Cisco IOS error message in the event of a Crypto NIST/KAT self-test. The message below is a generic message and not specific to a crypto self-test failure.
When a router has an empty ACL, it fails to deny all traffic.
Ensure the ACL is not empty in the class-map.
Out-of-Resource error may happen with MLPPP traffic when oversubscribed.
MLPPP traffic with member link oversubscription.
Avoid oversubscribing the member link. This can be done by keeping the MLP bundle throughput rate at less than 95% of the line rate.
Router does not give the necessary failure information if the crypto NIST/KAT tests on boot fails. In the event of some test failures, the user will not be notified. The logs will also contain no information on the failure(s) so TAC will not be able to help the user.
Router reloads on boot with the following Cisco IOS error message in the event of a Crypto NIST/KAT self test. The message below is a generic message and not specific to a crypto self test failure.
*Nov 5 17:48:19.128: %CMRP-3-CHASSIS_MONITOR_READY_TIME_EXCEEDED:cmand: Reloading F0 because it has failed to become ready for packet processing. This message does not give enough information for the user to take the proper course of action.
Loss of keepalive packets caused by a low priority flow being raised to high priority.
When FRF.12 is enabled, the priority is raised to high priority and keepalive packets may be lost due to congestion.
HP2 traffic is throttled even when under-subscribed. Modules need to absorb bursts without impact to priority handling, latency and throughput.
LLQ burst borrowing is enabled.
Tracebacks with the following signature “%QFPOOR-4-LOWRSRC_PERCENT” are seen on the console with negative percentage complaining of resource depletion.
These tracebacks are usually seen on a clean-up operation performed on a router i.e manual removal of all configs. But it's not limited to only this operation and could be seen with router configuration as well.
Internal_service license state shows as “Active, Not In Use” even after its expiry. The system Linux Shell cannot be accessed upon expiry of the “Internal_service' 1 Day license which is expected. However if an new 1 Day license is installed again, the license state comes up as “Active, In Use”, but Linux Shell cannot be accessed.
Install 1 Day “Internal_service” license. Let the license expire then install another 1 Day “Internal_service” license.
Configure and unconfigure the platform shell configuration command to recover the license to proper working state.
The user will see the system shaping to too low a rate when a tunnel moves to a faster interface, and shaping to too high a rate when a tunnel moves to a slower interface.
Upon a dynamic move of a tunnel to a link with a different speed and the QoS configuration option “shape average percent” has been applied, then rates are not automatically re-calculated.
The workaround to this issue is to avoid “shape average percent” whenever possible. If it is not possible, then after a tunnel moves occurs, modify the shaping percent by plus or minus 1 percent, and then restore to original value, because this forces a recalculation of the shaping rate.
Serial interface protocol status shows down.
Perform OIR and configure few channel-groups. Then swap original board back.
Router is not able to detect a PoE device that is attached to the FPGE PoE port.
PoE device is attached to FPGE PoE port and the PoE port is configured with power inline auto and no shutdown.
Perform shutdown, no shutdown, or power inline never, power inline auto in the GigE port where the PoE device is plugged in.
Re-registration time is recalculated on GM nodes upon receiving a TBAR rekey, based on the remaining TEK lifetime at the time of the TBAR rekey. This effectively causes a much-shorter re-registration window compared to the one obtained at the GM registration, even if the original TEK lifetime was configured with a long value.
This symptom is observed when TBAR is configured and long TEK lifetime used (more than 7200 seconds).
Classification by ACL in QoS is broken when using it with IPsec tunnel.
Use ACL for classification in policy-map and apply a QoS to physical interface. QoS pre-classify is configured under IPsec tunnel
8-port CT1E1 controller’s channel groups fail to come up after doing OIR with a 1-port controller.
1. Using an 8-port CT1E1 controller, with the E1 card type and 248 channel groups configured, followed by 2. OIR with a 1-port model (configured with 31 channel groups), then 3. OIR back to the original 8-port CT1E1, which results in the first controller's channel groups failing to come up.
Remove the failed channel groups, and re-configure them for the controller.
The “Internal_service” license state shows as “Active, Not In Use” even after it has expired. The system Linux Shell cannot be accessed after the “Internal_service” 1 Day license has expired, which is expected. However, if a new 1 Day license is installed again, even though the license state comes up as “Active, In Use” the Linux Shell still cannot be accessed.
Install a 1 Day “Internal_service” license. Let the license expire and then install another 1 Day “Internal_service” license.
Configure and unconfigure the “platform shell” command to recover the license so that it is in a proper working state.
Router(config)#
platform shell
Router(config)#
no platform shell
Router(config)#
platform shell
The System Linux Shell is now accessible.
Failure message Embedded hash verification failed is returned during copy operations on non-image files.
When “file verify auto” is enabled in the running configuration and a local copy operation is done for a file that does not contain a signature; for example, a log file or configuration backup, the copy fails.
Use copy/no verify or disable “file verify auto”.
When a Cisco T1/E1 NIM’s E1 interface has channel-groups and ds0-group, some ds0-groups may not come up on the remote side (suppose it's argot), and voice call cannot be made.
This happens when both channel groups and ds0-groups are configured on the same Cisco T1/E1 NIM.
Current work around is to always configure ds0-group first, then configure channel-group or tdm-group.
Any traffic going through the Cisco ISR4451's data plane is dropped.
Issue is seen only after power cycling the box multiple times.
Power cycle the box again to recover from the issue.
IPsec drops packets with an HMAC error: “%IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error”
When packets are large-sized (over 9150 bytes) and the Cisco ISR 4451-X is terminating an IPSEC session.
Use a packet size of less than 9150 bytes.
A Cisco SM-X-1 T3/E3 module is not reloaded for recovery on the Cisco ISR 4451-X if there is any loss of control packet or configuration messages from the host.
When the module is unresponsive to host control packets.
Use the hw-module subslot slot / subslot reload command to bring the module up.
When IPsec is configured, OneFW drops packets (about 5%) when inspecting traffic coming out of an IPSEC tunnel. The reason for the drop is “Asacx CRC checksum error”.
When the packet size is greater than 1450 bytes.
Some kernel failure messages (for example, “COMRESET failed”) appear in the console logs.
During online insertion and removal (OIR) of a NIM-SSD module or after the chassis comes up after a power cycle.
The error message “%IOMD-3-TIMER_FAIL:iomd: Failed to clear timer.” appears while issuing module commands such as show platform hardware subslot module or
show platform software subslot module.
If the Cisco ISR 4451-X and the Cisco SM-X-1 T3/E3 module and interfaces are running near line rate traffic and the command show platform hardware subslot module host-if statistics is used to obtain the statistics from the module.
Automated scripts fail after you copy/paste characters to the Cisco SM-X-1 T3/E3 module console; the characters are dropped or not displayed properly.
When copy/paste is used to enter characters to the module console, some characters may be dropped or are not displayed properly.
Manually enter any input needed on the module console rather than using cut/paste to enter large amounts of text to the module console.
The following Kernel message appears:
On every reboot of the Cisco ISR 4451-X with a UCSE double-wide module.
The show memory debug leak chunk command displays a chunk memory leak in function mcp_spa_tdl_alloc.
During bootup of the router’s DMVPN hub loaded with a Cisco IOS XE 3.10.0S image.
This section documents the unexpected behavior that might be seen in the Cisco ISR 4451-X in
Cisco IOS XE Release 3.10.0S.
A few fragmented IPsec packets are dropped and appear as IpFormatErr in the error counts.
If a configuration results in fragmented packets being received, decrypted and then re-encrypted for transmission on an interface different than the receiving interface, a packet may *rarely* be dropped. The packet drops will be shown as IpFormatEr in the error counts.
The error message “%IOMD-3-TIMER_FAIL:iomd: Failed to clear timer.” appears while issuing module commands such as show platform hardware subslot module or
show platform software subslot module.
If the Cisco ISR 4451-X and the Cisco SM-X-1 T3/E3 module and interfaces are running near line rate traffic and the command show platform hardware subslot module host-if statistics is used to obtain the statistics from the module.
Some kernel failure messages (for example, “COMRESET failed”) appear in the console logs.
During online insertion and removal (OIR) of a NIM-SSD module or after the chassis comes up after a power cycle.
Automated scripts fail after you copy/paste characters to the Cisco SM-X-1 T3/E3 module console; the characters are dropped or not displayed properly.
When copy/paste is used to enter characters to the module console, some characters may be dropped or are not displayed properly.
Manually enter any input needed on the module console rather than using cut/paste to enter large amounts of text to the module console.
IPsec drops packets with an HMAC error: “%IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error”
When packets are large-sized (over 9150 bytes) and the Cisco ISR 4451-X is terminating an IPSEC session.
Use a packet size of less than 9150 bytes.
Failure message Embedded hash verification failed is returned during copy operations on non-image files.
When “file verify auto” is enabled in the running configuration and a local copy operation is done for a file that does not contain a signature; for example, a log file or configuration backup, the copy fails.
Use copy/noverify or disable “file verify auto”.
When IPsec is configured, OneFW drops packets (about 5%) when inspecting traffic coming out of an IPSEC tunnel. The reason for the drop is “Asacx CRC checksum error”.
When the packet size is greater than 1450 bytes.
When an 8-port Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module of E1 card type and 248 channel groups is configured, followed by OIR with a 1-port module configured with full 31 channel groups (E1), then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
When the 8-port T1/E1 module is configured, followed by OIR with a 1-port module configured with full 31 channel groups, then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
Remove the failed channel groups, and re-configure them.
CISCO-ENTITY-PERFORMANCE-MIB is unsupported. The MIB tables do not populate.
When querying CISCO-ENTITY-PERFORMANCE-MIB(ciscoEntityPerformanceMIB) using SNMP.
The show platform software ipsec FP active inventory command does not display correct entries for “ipsec flow count” and “sa cont count”.
While verifying EzVPN into MPLS/VPN across an MPLS backbone, and IVRF=FVRF in client mode.
The router may unexpectedly reload at the Watchdog process “Timer Library”, after a physical WAN-GigE admin-shutdown, with all the GM's registered and waiting for the rekey.
When the Cisco ISR 4451-X is acting as a VRF-Lite GM.
A Cisco SM-X-1 T3/E3 module is not reloaded for recovery on the Cisco ISR 4451-X if there is any loss of control packet or configuration messages from the host.
When the module is unresponsive to host control packets.
Use the hw-module subslot slot / subslot reload command to bring the module up.
SNMP tracebacks are seen since MIBS are not removed on unplugging the module during any-to-any OIR.
During any-to-any OIR, when configurations are made under a channel-group, MIBS are not removed after unplugging the module.
The show memory debug leak chunk command displays a chunk memory leak in function mcp_spa_tdl_alloc.
During bootup of the router’s DMVPN hub loaded with a Cisco IOS XE 3.10.0S image.
Control plane ping with packet size > 600 bytes fails on a Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module.
test platform software tdl ping subslot module endpoint 0 repeat 100 size 1800
The control plane communication to the service module fails silently. Any command (CLI) that requires a response from the module may fail.
Examples of commands that may fail include:
show platform hardware subslot x/y module firmware
The error “module unresponsive” is displayed on the console.
– Output of show platform software iomd x/y rel statistics shows a “packets lost” counter not equal to 0.
– Configurations from the host may fail to take effect.
One example condition is found while using the Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module, after execution of the command:
test plat soft tdl ping subslot x/y module endp 0 size (where size > 600)
The error may also occur when using other service modules under different conditions.
Reload the service module using the command hw-module subs <x/y> reload.
The following Kernel message appears:
On every reboot of the Cisco ISR 4451-X with a UCSE double-wide module.
Potential starving of features that are able to use recycle queue resources because Cisco AppNav queue is made high priority.
A large amount of traffic exhausts the Cisco AppNav recycle queues, which are used by mpass infrastructure.
A serial interface of the Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module (Cisco T1/E1 NIM) with High-Level Data Link Control (HDLC) encapsulation, stays down.
Using a Cisco T1/E1 NIM, and with FR encapsulation configured on the default serial interface, the serial interfaces stay down.
1. Configure FR encapsulation.
3. Default serial interface on both uut and peer.
4. Serial interfaces are down.
5. Shut and no shut of interface, causes that particular serial interface to toggle, but all interfaces don't come up.
shutdown and no shutdown of the controller brings up the interfaces.
When a Cisco T1/E1 NIM’s E1 interface has channel-groups and ds0-group, some ds0-groups may not come up on the remote side (suppose it's argot), and voice call cannot be made.
This happens when both channel groups and ds0-groups are configured on the same Cisco T1/E1 NIM.
Current work around is to always configure ds0-group first, then configure channel-group or tdm-group.
On Cisco T1/E1 NIM after an FPGA upgrade, the winmon upgrade fails from a bundled image if both have upgraded versions.
If there is a new winmon coupled with new FPGA, only FPGA upgrade happens and no winmon upgrade kicks in.
Memory leaks occur after running “SM-X-ES3-24-P” regression scripts.
The Cisco ISR 4451-X with one or two “SM-X-ES3-24-P” modules inserted where the modules have at least one IP phone (9971 or 9951) connected to its front-panel ports.
Any traffic going through the Cisco ISR4451's data plane is dropped.
Issue is seen only after power cycling the box multiple times.
The show ipv6 cef exact-route command does not show the correct egress interface for traffic.
In a network with multiple parallel paths, the show ipv6 cef exact-route command does not show the correct egress interface for traffic streams. This happens when using any of the following cef load sharing algorithms:
The system is reset after the port-channel load-balancing vlan-manual command is entered, while traffic is running.
When the port-channel load-balancing vlan-manual command is entered to create a port-channel, while traffic is running, the CPP reloads and the system is reset.
Ensure there is no traffic running when you configure a port channel using the
port-channel load-balancing vlan-manual command.
The number of octets shown in the drop statistics, is 0 (zero), as shown in the following example:
Global Drop Stats Packets Octets
Firewall Nonsession 24384124 0
Although the number of dropped packets is shown correctly, the number of octets is shown as 0 (zero).
This section documents the unexpected behavior that might be seen in the Cisco ISR 4451-X in
Cisco IOS XE Release 3.9.1S.
The show ipv6 cef exact-route command does not show the correct egress interface for traffic.
In a network with multiple parallel paths, the show ipv6 cef exact-route command does not show the correct egress interface for traffic streams. This happens when using any of the following cef load sharing algorithms:
Cisco IOS software command output shows a negative file size for core files which are larger than 2GB (kernel core dump).
Whenever a core file with a size greater than 2GB is generated, Cisco IOS will show it as negative file size.
The output which appears showing the file size as negative is not the main issue. The main issue is that a file greater than 2GB in size, cannot be copied via the management port or using tftp. If you need to copy a large file such as this, please contact Cisco TAC to help you copy the file using the platform shell.
The system is reset after the port-channel load-balancing vlan-manual command is entered, while traffic is running.
When the port-channel load-balancing vlan-manual command is entered to create a port-channel, while traffic is running, the CPP reloads and the system is reset.
Ensure there is no traffic running when you configure a port channel using the
port-channel load-balancing vlan-manual command.
The number of octets shown in the drop statistics, is 0 (zero), as shown in the following example:
Global Drop Stats Packets Octets
Firewall Nonsession 24384124 0
Although the number of dropped packets is shown correctly, the number of octets is shown as 0 (zero).
For information about the Cisco 4000 Series ISRs and associated services and modules, see:
The Cisco IOS XE 3S software documentation set consists of Cisco IOS XE 3S configuration guides and Cisco IOS command references. The configuration guides are consolidated platform-independent configuration guides organized and presented by technology. There is one set of configuration guides for the Cisco IOS release train and another for the Cisco IOS XE 3S release train. However, there is only one set of command references because they are platform independent. These Cisco IOS command references support all Cisco platforms that are running any Cisco IOS or Cisco IOS XE software image.
See http://www.cisco.com/en/US/products/ps11174/tsd_products_support_series_home.html
Note All content included in Cisco IOS configuration guides is shared with and included in the Cisco IOS XE 3S configuration guides. As a result, some information for features introduced as part of Cisco IOS XE 3S may also be displayed in Cisco IOS configuration guides.
Information in the configuration guides often includes related content that is shared across software releases and platforms. Some features referenced in these configuration guides may not be supported by Cisco IOS XE 3S or by the Cisco 4000 Series ISR.
Additionally, you can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not required.
For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.