Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Cisco 4000 Series Integrated Services Routers Overview
Note |
Cisco IOS XE Dublin 17.12.1a is the first release for Cisco 4000 Series Integrated Services Routers in the Cisco IOS XE 17.12.x release series. |
The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).
Note |
Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation. The licensing utilities and user interfaces that are affected by this limitation include only the following:
|
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
System Requirements
The following are the minimum system requirements:
Note |
There is no change in the system requirements from the earlier releases. |
-
Memory: 4 GB DDR3 up to 32 GB
-
Hard Drive: 200 GB or higher (Optional). The hard drive is only required for running services such as Cisco ISR-WAAS.
-
Flash Storage: 4 GB to 32 GB
-
NIMs and SM-Xs: Modules (Optional)
-
NIM SSD (Optional)
For more information, see the Cisco 4000 Series ISRs Data Sheet.
Note |
For more information on the Cisco WAAS IOS-XE interoperability, see the WAAS Release Notes: https://www.cisco.com/c/en/us/support/routers/wide-area-application-services-waas-software/products-release-notes-list.html. |
Determining the Software Version
You can use the following commands to verify your software version:
-
For a consolidated package, use the show version command
-
For individual sub-packages, use the show version installed command
Upgrading to a New Software Release
To install or upgrade, obtain a Cisco IOS XE 17.12.x consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also must first download the consolidated package and extract the individual sub-packages from a consolidated package.
Note |
When you upgrade from one Cisco IOS XE release to another, you may see %Invalid IPV6 address error in the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias commands and save the configuration. The commands will be persistent on subsequent reloads. |
For more information on upgrading the software, see the Installing the Software section of the Software Configuration Guide for the Cisco 4000 Series ISRs.
Recommended Firmware Versions
The following table lists the recommended ROMMON and CPLD versions for Cisco IOS XE 17.2.x onwards releases.
Cisco 4000 Series ISRs |
Existing ROMMON |
Cisco Field-Programmable Devices |
CCO URL for the CPLD Image |
---|---|---|---|
Cisco 4461 ISR |
16.12(2r) |
21102941 |
|
Cisco 4451-X ISR |
16.12(2r) |
19042950 |
|
Cisco 4431 ISR |
16.12(2r) |
19042950 |
|
Cisco 4351 ISR |
16.12(2r) |
19040541 |
|
Cisco 4331 ISR |
16.12(2r) |
19040541 |
|
Cisco 4321 ISR |
16.12(2r) |
19040541 |
|
Cisco 4221 ISR |
16.12(2r) |
19042420 |
Note |
Upgrading Field-Programmable Hardware Devices
The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.
Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.
From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.
Feature Navigator
You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on cisco.com is not required.
New and Changed Information
New and Changed Hardware Features
There are no new hardware features for this release.
New and Changed Software Features in Cisco IOS XE 17.12.4a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.2
This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
Feature |
Description |
||||
---|---|---|---|---|---|
The Managed Cellular Activation solution provides a programmable subscriber identity module (SIM), called an eSIM, a physical SIM card that you can configure with a cellular service plan of your choice. When ordering a pluggable interface module (PIM) to provide cellular connectivity for your router, choose a PIM model with a preinstalled eSIM. The Managed Cellular Activation solution comes with a “bootstrap” cellular plan to provide internet connectivity with a limited amount of data intended only for Day 0 onboarding of the device to your cellular plan. For information about configuring Cisco SD-WAN Manager with the details of your cellular plan in preparation for onboarding the device, see the Cisco Managed Cellular Activation Configuration Guide. Prepare the configuration in Cisco SD-WAN Manager before powering on and onboarding the device, to avoid running out of the limited data in the bootstrap cellular plan. Added Cisco Managed Cellular Activation (eSIM) support for the following Pluggable Interface Module (PIM) model:
|
New and Changed Software Features in Cisco IOS XE 17.12.1a
Feature |
Description |
|
---|---|---|
End-of-Sale and End-of-Life Announcement for the Cisco 4000 Series Integrated Service Routers |
See the End-of-Sale and End-of-Life Announcement for the Cisco ISR4200, ISR4300 and select ISR4400 Series Platform page for information about the end-of-life milestones for the Cisco 4000 Series Integrated Service Routers. |
|
This feature allows you to perform management operations for SD-Routing devices using Cisco Catalyst SD-WAN Manager. You can use a single network manage system (Cisco Catalyst SD-WAN Manager) to monitor all the SD-Routing devices and therefore help in simplifying solution deployments. |
||
This feature allows you to delete the entries from the logging buffer. You can configure the local syslog retention period after which the entries are purged from the device automatically. To enable this feature, use the logging purge-log buffer days command. |
||
This feature introduces the factory-reset all secure command for Cisco 4000 Series ISRs. From Cisco IOS XE 17.12.1a, you can use the factory-reset all secure command to securely clear all the data in bootflash, hard disk, and ROMMONs. |
||
Cisco Unified Border Element (CUBE) Features |
||
From Cisco IOS XE Dublin 17.12.1a onwards, GCM cipher negotiation supports secure connectivity of WebSocket server. |
||
From Cisco IOS XE Dublin 17.12.1a onwards, High Availability in CUBE supports IPv6 flows. |
||
From Cisco IOS XE Dublin 17.12.1a onwards, VoIP Trace for SIP messages displays cause code in the cover buffer. |
Configure the Router for Web User Interface
This section explains how to configure the router to access Web User Interface. Web User Interface requires the following basic configuration to connect to the router and manage it.
-
An HTTP or HTTPs server must be enabled with local authentication.
-
A local user account with privilege level 15 and accompanying password must be configured.
-
Vty line with protocol SSH/Telnet must be enabled with local authentication. This is needed for interactive commands.
-
For more information on how to configure the router for Web User Interface, see Cisco 4000 Series ISRs Software Configuration Guide, Cisco IOS XE 17.
Resolved and Open Bugs
This section provides information about the bugs in Cisco 4000 Series Integrated Services Routers and describe unexpected behavior. Severity 1 bugs are the most serious bugs. Severity 2 bugs are less serious. Severity 3 bugs are moderate bugs. This section includes severity 1, severity 2, and selected severity 3 bugs.
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the bug that you have requested cannot be displayed, this may be due to one or more of the following reasons: the bug ID does not exist, the bug does not have a customer-visible description yet, or the bug has been marked Cisco Confidential. |
Resolved and Open Bugs in Cisco 4000 Series Integrated Services Routers
Resolved Bugs - Cisco IOS XE 17.12.4a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
CPP unexpectedly reboot due to QFP CPP stuck at waiting for rw_lock - Lock ID of 0 released. |
|
Endpoint tracker using DNS does not log "DOWN" message when DNS server reachability is lost. |
|
HTX: UTD snort crash at memif_shm_peek_first_packet (handle=0x0). |
|
Memory leak due to security violation by new MAC address and '"Del Pend" object increases - ACE_IPV4. |
|
ZBFW TCAM misprogramming after rules are reordered. |
|
Memory leak in fman_rp under acl_db. |
Open Bugs - Cisco IOS XE 17.12.4a
There are no open bugs in this release.
Resolved Bugs - Cisco IOS XE 17.12.4
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Crypto IKEv2 - Fragmented authentication packets detected as malformed on 3rd-party vendor device. |
|
Default setting of Global Punt Policer burst needs to be increased. |
|
GETVPN COOP KS | Wrong severity for rekey acknowledgement configuration mismatch log message. |
|
Router crashed upon increasing the gatekeeper cache size. |
|
FMFP-3-OBJ_DWNLD_TO_DP_FAILED observed when delete and configure zone-pair back. |
|
Kernel crash over continuous reloads. |
|
Memory leak in crypto IKEv2 due to C_NewObject. |
|
Unexpected reboot in WLC due to SSL. |
|
Memory leak in the Crypto IKMP process. |
|
mGRE tunnels with shared IPsec profile cause ucode crash. |
|
NAT46 translations are dropped when NAT64 router is also Carrier Supporting Carrier CE. |
|
crypto pki certificate pool in running configuration. |
|
Failure to communicate a period of time after the STP status changes. |
|
PnP gets stuck when Verizon cellular backhaul is used. |
|
Segmentation fault - process = IPSec dummy packet process. |
|
IPsec tunnel fails to establish due to error IPSec policy invalidated proposal. |
|
MGCP GW does not respond with 250 OK for a DLCX leading to DLCX loop from CUCM side. |
|
show sdwan policy service-path command gives inconsistent results with app name specified. |
|
Only one split-exclude subnet is pushed to client PC with IOS-XE headend for a RA VPN connection. |
|
NAT Pool does not work under prefix 16. Available address = zero. |
|
Unexpected reboot due to CPP ucode. |
|
Woodlawn SM-X - Marvell Phy Errata + MAC reset adjustment. |
|
Router crashed when port-channel interface flap with scale of per-tunnel QoS policies. |
|
ENH: Config parser issue for NAT with extendable and redundancy. |
|
Disabling PMTU-Discovery with MTU change and BFD flap breaks packet duplication. |
|
C-NIM-2T: MACsec not working under LACP port-channel member port. |
|
Trim installed certificate on upgrade. |
|
Reload in tcp_sanity due to l4 pointer not set. |
|
Device sends out BYE message with high RTT to CUCM (64.2.0/62.3.2/60.1.3). |
|
FW upgrade does not work properly on P-LTE-MNA. |
|
AnyConnect connection trough IPSec fails when connecting from an RDP user to an IOS/IOS-XE headend. |
|
Segmentation fault and core files are seen on IOS-XE due to speedtest. |
|
ipv6 tcp adjust-mss not working after delete and reconfigure. |
|
C-SM-16P4M2X stuck in bootloop when platform urpf command issued. |
|
AAA authorization failure during IKEv2 phase negotiation caused unexpected reboot. |
|
Unexpected reload when using the packet trace feature. |
Open Bugs - Cisco IOS XE 17.12.4
All open bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Front Panel (FPGE) Interface stops passing traffic. |
|
Create CLI to push at#enadis=0 followed with at#reboot to FN980 required when configuring Multi-PDN. |
|
NAT Command not readable after reloaded. |
|
Crash due a segmentation fault due a negative value. |
|
GETVPN / Migrating to new KEK RSA key does not trigger GM re-registration. |
|
DSL module gets stuck in a booting state. |
|
IOS-XE crash due to VFR fragment reassembly on ingress. |
|
UCSE interface's shutdown setting mismatch. |
|
Kernel crash over continuous reloads. |
|
Traceback seen @_nhrp_cache_delete due to negative global cache count. |
|
Unable to build two IPSec SAs w/same source/destination where one peer is PAT'd through the other. |
|
Watchdog crash during IPv6 cef adjacency routines. |
|
Startup configuration failure post PKI server enablement. |
|
WAN IP is allowed to be configured as SYSTEM IP. |
|
ZBFW TCAM misprogramming after rules are reordered. |
|
Repeated and endless messages "Network change event - activated 4G Carrier Aggregation." |
|
High CPU utilisation for confd_cli. |
|
Packets with unicast MAC get dropped on a port channel L2 Sub-intf after a router reboot. |
|
STCAPP command removed from VG410 after reload. |
|
After deleting a NAT configuration, the IP address still shows up in routing table. |
|
Key manager crash after hostname change with usage keys. |
|
Device reloaded due to ezManage mobile app service. |
|
Inbound calls through VG400 results in phantom calls (64.3.0, 60.1.4, 62.3.3). |
|
Unexpected reboot due to IOSXE-WATCHDOG DBAL EVENTS after cellular interface flap. |
|
Device crashed unexpectedly after a successful WGB/AP config deployment from OD. |
|
P-5GS6-GL FN980 modem fW upgrade failing with two modems. |
|
IOS XE: Traffic not encrypted and droped over IPSEC SVTI tunnel. |
|
DSL router crashing due to %PLATFORM-3-ELEMENT_CRITICAL memory level / iomd process. |
|
Unencrypted traffic due to non-functional IPsec tunnel in FLEXVPN hub & spoke setup. |
|
IKEv2 session is down after reload if identity local address is assigned to interface. |
Resolved Bugs - Cisco IOS XE 17.12.3a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Template attach fail with unknown element: ssh-version in /ios:native/ios:ip/ios:ssh |
|
PPPoE with NAT DIA feature validation failed post upgrade. |
Resolved Bugs - Cisco IOS XE 17.12.3
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Router keeps crashing when processing a firewall feature. |
|
IKEv2 - diagnose feature is taking 11% CPU during session bring up. |
|
Unexpected reboot after establishing control plane of EVPN MPLS and receiving packets. |
|
NAT HSL logging vrf-filter not working. |
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
SNMP unable to poll SDWAN Tunnel Data after a minute. |
|
SKA_PUBKEY_DB leak in TDL. |
|
Security policy w/IPS external syslog config failing generation. |
|
Endpoint tracker triggers a CPU hog. |
|
DSP reporting out of range utilization values in SNMP. |
|
ZBFW is not able to detect packets on TenGig interface. |
|
Add verbose log to indicate grant ra-auto un configures grant auto in PKI server. |
|
Wireless config not pushing to EWC. |
|
SM-X interface stops passing traffic. |
|
Interoperability issue between Cisco ISR and Juniper ACX/MX devices with a direct fiber connection. |
|
Device creates crooked NAT entry if 2 or more IP phone from NAT outside register to same server. |
|
Mobile-app causing excessive authorization attempts with a Null Username. |
|
Router may crash due to Crypto IKMP process. |
|
VG410 audio loss for 4 seconds. |
|
PKI crash after failing a CRL fetch. |
|
Router crash with segmentation fault(11), process = NHRP when processing NHRP traffic. |
|
CUBE router unexpectedly reloads while fetching certificate Trustpool for SIP TLS. |
|
One-Way RTP Issue including DSP Timeout Messages (63.2.0 / 62.3.1). |
|
EPBR will generate error when the policy is added and deleted multiple times. |
|
IOS-XE unexpected reboot due to critical process qfp_ucode_utah fault on fp_0_0 (rc=139). |
|
Unexpected reboot while dispalying information from cleared SSS session. |
|
PMTUD incorrectly converging without attempting to learn a higher MTU. |
|
Cannot disable DMVPN logging. |
|
Router should discard IKE Notification messages with incorrect DOI. |
|
Race condition crash on IOS-XE device. |
|
Frame relay DTE router crashes due to EXMEM exhaustion. |
|
cpp_mcplo_ucode crash with port-channel and NAT. |
|
FTMD crash observed in ENCS platform while running PWK suite. |
|
Fail to upgrade device due to error: System config has been modified. |
|
ATO: Session fails to come up with tunnel its shut no shut in loop(cable unplug-plug in customer) . |
|
IPsec traffic is being dropped when PPK is implemented. |
|
Packet drops observe between LISP EID over GRE tunnel. |
|
No voice in 3-way conference. |
|
AAA: Template push fail when aaa authorization is set to local. |
Open Bugs - Cisco IOS XE 17.12.3
All open bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Create CLI to push at#enadis=0 followed with at#reboot required when configuring Multi-PDN. |
|
Unexpected reload when using show running-config full | format. |
|
ipv6 tcp adjust-mss not working after delete and reconfigure. |
|
NAT command not readable after reloaded. |
|
Critical process cpp_ha_top_level_server fault on fp_0_0 (rc=69). |
Resolved Bugs - Cisco IOS XE 17.12.2
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
CPU usage mismatch in show sdwan system status vs show proc cpu platform. |
|
No dial tone on analog phones due to DSP going into Power Denial state. |
|
DDNS update retransmission timer fails to work with a traceback error. |
|
Using special characters in the password while generating TP generates an invalid TP. |
|
LED L remains green after port shutdown. |
|
Ten0/0/2 from port-channel going to suspended status applying platform qos port-channel-aggregate. |
|
Device crashes@crypto_map_unlock_map_head. |
|
Environmental syslog is not appearing when power cord is disconnected from the redundant PS. |
|
Crash when modifying tunnel after running show crypto commands. |
|
Device data plane crash in Umbrella/OpenDNS processing due to incorrect UDP length. |
|
The configure replace command fails due to the license udi PID XXX SN:XXXX line on Cisco IOS-XE devices. |
|
ITU channel configuration seems not working. |
|
Device crashed by TRACK client thread at access invalid memory location. |
|
Unable to migrate from ADSL to VDSL without reboot. |
|
Crash in IP input process during tunnel encapsulation. |
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is requested and deleted. |
|
IPv4 connectivity over PPP not restored after reload. |
|
Custom-app based policy triggering protocol deactivation and CPP traceback with traffic failure. |
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
Flowspec on device does not revoke. |
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
B2B NAT: when configration ip nat inside/outside on VASI intereface, ack/seq number abnormal. |
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z. |
|
Device observes memory leak at process "SSS Manager". |
|
Memory leak with pubd. |
|
ip name-server command not pushed. |
|
IOS process crash during VRRP hash table lookup. |
|
Device running IOS-XE crashes when removing FQDN ACL. |
|
NTP authentication removed after reload using more than 16 bytes. |
|
Segmentation fault at IPv6 BGP backup route notification. |
|
Cisco IOx application hosting environment privilege escalation vulnerability. |
|
WLC unexpected ueload due to segmentation fault in WNCD process. |
|
Unable to migrate from ADSL to VDSL without reboot. |
|
Extranet multicast code improvements for better handling of data structure. |
|
VC down due to control-word negotiation. |
|
BDI + NTP configuration puts DMI process in degraded mode. |
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper |
Open Bugs - Cisco IOS XE 17.12.2
All open bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Router keeps crashing when processing a firewall feature. |
|
WLC segmentation fault crash with Network Mobility Services Protocol (NMSP). |
|
Unexpected reboot after establishing control plane of EVPN MPLS and receiving packets. |
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
HSEC license installation from the workflow does not complete. |
|
SNMP unable to poll Cisco SD-WAN tunnel data after a minute. |
|
Renewal of certificates on PKI client fails after a few rollovers. |
|
SM-X interface stops passing traffic. |
|
Device requires Shut/No Shut to populate IP address from modem to host. |
|
Silent reload due to LocalSoftADR causes crash without core file. |
|
Router crash with segmentation fault(11), Process = NHRP when processing NHRP traffic. |
|
Router unexpectedly reloads while fetching certificate trustpool for SIP TLS. |
|
IOS-XE unexpected reboot due to critical process qfp_ucode_utah fault on fp_0_0 (rc=139). |
|
NAT pool not working under prefix 16. Available address = zero. |
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper. |
|
Unexpected reboot while dispalying information from cleared SSS session. |
|
PMTUD incorrectly converging without attempting to learn a higher MTU. |
|
Device crashed unexpectedly after a successful WGB/AP config deployment from OD. |
|
Packets with L2TP headers cause device to crash. |
|
NHRP phase 3 spoke-spoke cache got purged after 5-6 hours with always on traffic running. |
|
Cisco IOS XE:Traffic not encrypted and dropped over IPSec SVTI tunnel. |
|
Cannot disable DMVPN logging. |
|
Enable SoS/ROC feature for DSL. |
|
Frame relay DTE router crashes due to EXMEM exhaustion. |
|
IPv6 SPD min/max defaulting to values 1 and 2. |
|
High CPU due to MPLS MIB poll. |
|
WNCD process crashes. |
|
VPLS IRB not working when traffic came from VPNv4 and next-hop is learned over VPLS. |
|
pubd process showing high CPU utilization. |
|
1Gig int on device using GLC-SX-MMD are down/down after changing connection. |
|
Memory leak with pubd. |
|
Convergence improvement after device reboot with mVPN profile 14. |
|
NETCONF: DMI enters degraded mode caused by BGP neighbor configured under the SCOPE command. |
|
FIB/LFIB inconsistency after BGP flap. |
|
IOS XE router may experience "%FMANRP_QOS-4-MPOLCHECKDETAIL:" errors. |
|
EEM is running daily instead of weekly or monthly if special strings @weekly or @monthly are used. |
|
Mismatch between the resource allocation and "app-resource profile custom" configuration. |
|
Incorrect local MPLS label in CEF after BGP flap. |
|
Cisco IOS-XE IPv6 based subscription telemetry does not work. |
|
Guestshell connectivity not working with NAT overload. |
|
SDA - using "spt-threshold infinity" and having LHR+FHR can cause the S,G to be pruned on the RP. |
|
Unexpected reload when using rsh/rcmd. |
|
Locally generated traffic received on incorrect interface inbound and dropped by ACL. |
|
WLC unable to get telemetry data due to pubd unexpected reload and fail. |
|
Device crash due to dhcpd_binding_check. |
|
Site tag change wncd working/failing EAP-TLS. |
|
ARP incomplete in VRF Mgmt-intf - G0/0/0 - Switch -G0. |
|
LLDP location information not sent when configured. |
|
clear bgp command does not consider AFIs when used with update-group option. |
|
Device sending incomplete SGT to ISE. |
|
Only portion of HSRP config being pushed via CLI ADDON template. |
|
"match pktlen-range" does not work with GRE/IPSEC GRE. |
|
In the show tech file, "enable secret" does not get hidden. |
|
Unexpected reload on device ucode core @l2_dst_output_goto_output_feature_ext_path. |
|
ISIS crash in local uloop. |
|
Wrong /32 self, complete map-cache entry for fabric hosts on iBN when overlapping summary exists. |
|
Member interface config not applied with mis-match in pcakages.conf files. |
|
WLC not sending accounting start for user auth after machine auth on 9105AXW RLAN dot1x port. |
|
Router unexpectedly reloads while using DHCP for ISG. |
|
IOS-XE router not installing classless-static-routes from DHCP option 121. |
|
SVL, 10G link on the active chassis will go down after reload. |
|
Device sync fails when device prompt comes along with device banner and TACACS is used. |
|
Unexpected reboot in device due to SISF and STP initialization. |
|
Crash on device polling SPA sensor data. |
|
VLAN name mismatch when authorizing vlan name from radius server and enable vlan fallback. |
|
Password getting visible for the mask-secret in show logging. |
|
Upgrade failing with config check track-id-name. |
|
CTS CORE process crash after configuring role based ACL. |
|
IPv6 traffic is passing through when the client is in Webauth Pending state (CWA). |
|
Option 121 never requested by IOS-XE client. |
|
[IPv6 BGP] multiple sourced paths present for the same prefix. |
|
IP SPD queue thresholds are out of range. |
|
CBQoS polling for the object cbQosCMPostPolicyBitRate returns incorrect value. |
|
Device unexpected reload. |
|
After migration MAC/IP only MAC is advertised. |
|
"BGP Router" process crash. |
|
Memory leak under MallocLite/AAA proxy with NETCONF/RESTCONF. |
|
Memory leak in linux_iosd-imag due to SNMP. |
|
After a reboot, EAP-FAST/PEAP does not authenticate unless credentials are changed. |
Resolved Bugs - Cisco IOS XE 17.12.1a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Device having kernel NULL pointer dereference, address: 0000000000000138 kernel panic crash. |
|
Issues/discrepancies around CPU alarms generated and sent. |
|
Not all HSL entries get pushed if more than 1 HSL entries are configured. |
|
TLS control-connections down, traffic from controller dropped with SdwanImplicitAclDrop. |
|
MACsec remains marked as Secured, but randomly the traffic stops working. |
|
Route-map not getting effect when its applied in OMP for BGP routes. |
|
Unexpected behavior due to unstable power source. |
|
(EPC, packet-trace) for IPsec running COFF (Crypto Offload). |
|
Certificate output is not getting changed on renew when Cloud Certificate Authorization is automated. |
|
NAT ALG is changing the Call-ID within SIP message header causing calls to fail. |
|
Device upgrade fails due to advertise aggregate with VRF. |
|
AAR: BoW feature ignoring color preference from Tiered Transport preference configuration. |
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
Device drops packets with reason 55 (Forus) when port forwarding is enabled from outside to inside. |
|
Crash seen when umbrella/zscaler template pushed to device when name_lookup takes > 30 sec. |
|
NAT entries expire on standby router. |
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
Platform punt-policer is not configurable. |
|
For some error condition platform_properties may double free. |
|
Same label is assigned to different VRFs. |
|
Auto-update cycle incorrectly deletes certificates. |
|
All USB internal communcation is closed when using platform usb disable command. |
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write configuration with same crypto value. |
|
BFD session down with interface flap. |
|
Double GR_Additional log enablement defect. |
|
Segmentation fault when per-tunnel QoS configuration withdraw. |
|
No way audio when using secure hardware conference with secure endpoints. |
|
IOS-XE CPP crash when entering no ip nat create flow-entries. |
|
AAR overlay actions are applied to DIA traffic. |
|
Configuring entity-information xpath filter causes syslogs to print, does not return data. |
|
Device unexpected reload when doing IPS test with UTD IPS engine. |
|
Autotunnel IPsec tracker: Tracker does not come up at all. |
|
AppNav-XE: Policy-map edit on cluster with multiple service context fails to program TCAM. |
|
Non-fabric- load the minimal bootstrap configs again if device rebooted without saving the configurations. |
|
Port-channel DPI load-balancing not utilizing all the member-links. |
|
GARP on port up/up status from router is not received by remote peer device. |
|
Enable VFR CLI. |
|
Device is showing 4 additional NR bands support - 1, 3, 7, and 28. |
Open Bugs - Cisco IOS XE 17.12.1a
All open bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Changes to speed on the interface via CLI/GUI do not go through unless first done via shell access. |
|
Device unexpectedly reloads due to LocalSoft. |
|
Using special characters in the password while generating TP generates an invalid TP. |
|
APN password in plain text when device profile is configured. |
|
Punt keep alive failure crash on controller-managed device apparently due to data packets. |
|
With Pure IPv6, minimal bootstrap unable to onboard Non-Fabric - IPv6 config missing in WAN int G1. |
|
Misprograming during vpn-list change under data policy. |
|
SFP transceiver DOM not working after some time. However, interface forwards the traffic as expected. |
|
BFD going down for newly onboarded device. |
|
Device No licenses in use after upgrading from traditional to Smart licensing IOS-XE versions. |
|
Speed tests to internet from device will fail sometimes. |
|
Device unexpected rebooted while classifying packet with CTF (Common Flow Table). |
|
show run and other show commands not in sync after removing GigabitEthernet3. |
|
NAT64 prefix is not originated into OMP. |
|
Crash when modifying tunnel after running show crypto commands. |
|
SIP calls not working on device with ZBFW enabled. |
|
Could not access any device show commands at all. |
|
Device observes Memory Leak at process SSS Manager. |
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
Unable to migrate from ADSL to VDSL without reboot. |
|
SDRA-SSLVPN : The SSLVPN session closes with re-authentication error after some interval of time. |
|
Traffic forwarded to wrong VPN. Hence, traffic gets wrong zonepair matched and gets dropped. |
|
IPv4 connectivity over PPP not restored after reload. |
|
OMP to BGP redistribution leads to incorrect AS_Path Installation on chosen next-hop. |
|
Unexpected reboot due QFP UCode due to IPSec functions. |
|
BFD entries removed. |
|
Router has LocalSoftADR crash, writes flat core, and reloads. |
|
Multiple crashes observed on platform due to memory exhaustion. |
|
Static route keep advertising via OMP even though there is no route. |
|
Static NAT entry gets deleted from running configuration, but remains in startup configuration. |
|
B2B NAT: when configration ip nat inside/outside on VASI intereface, ack/seq number abnormal. |
|
Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over IPsec cannot be applied. |
|
C-NIM-2T: LED L remains green after port shutdown. |
|
Device crashes@crypto_map_unlock_map_head. |
|
Unable to configure crypto map on a physical interface due to which crypto map-based VPN's cannot be formed. |
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business results you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.