Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Cisco 4000 Series Integrated Services Routers Overview
 Note |
Cisco IOS XE Bengaluru 17.6.1a is the first release for Cisco 4000 Series Integrated Services Routers in the Cisco IOS XE Bengaluru 17.6.x release series. |
The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).
The following table lists the router models that belong to the Cisco 4000 Series ISRs.
|
Cisco 4400 Series ISR |
Cisco 4300 Series ISR |
Cisco 4200 Series ISR |
|---|---|---|
|
Cisco 4431 ISR |
Cisco 4321 ISR |
Cisco 4221 ISR |
|
Cisco 4451-X ISR |
Cisco 4331 ISR |
|
|
Cisco 4461 ISR |
Cisco 4351 ISR |
Note |
Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation. The licensing utilities and user interfaces that are affected by this limitation include only the following:
|
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
System Requirements
The following are the minimum system requirements:
Note |
There is no change in the system requirements from the earlier releases. |
-
Memory: 4 GB DDR3 up to 32 GB
-
Hard Drive: 200 GB or higher (Optional). The hard drive is only required for running services such as Cisco ISR-WAAS.
-
Flash Storage: 4 GB to 32 GB
-
NIMs and SM-Xs: Modules (Optional)
-
NIM SSD (Optional)
For more information, see the Cisco 4000 Series ISRs Data Sheet.
Note |
For more information on the Cisco WAAS IOS-XE interoperability, see the WAAS Release Notes: https://www.cisco.com/c/en/us/support/routers/wide-area-application-services-waas-software/products-release-notes-list.html. |
Determining the Software Version
You can use the following commands to verify your software version:
-
For a consolidated package, use the show version command
-
For individual sub-packages, use the show version installed command
Upgrading to a New Software Release
To install or upgrade, obtain a Cisco IOS XE Begaluru 17.6.x consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also must first download the consolidated package and extract the individual sub-packages from a consolidated package.
Note |
When you upgrade from one Cisco IOS XE release to another, you may see %Invalid IPV6 address error in the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias commands and save the configuration. The commands will be persistent on subsequent reloads. |
For more information on upgrading the software, see the How to Install and Upgrade the Software section of the Software Configuration Guide for the Cisco 4000 Series ISRs.
Recommended Firmware Versions
The following table lists the recommended ROMMON and CPLD versions for Cisco IOS XE 17.2.x onwards releases.
|
Cisco 4000 Series ISRs |
Existing ROMMON |
Cisco Field-Programmable Devices |
CCO URL for the CPLD Image |
|---|---|---|---|
|
Cisco 4461 ISR |
16.12(2r) |
21102941 |
|
|
Cisco 4451-X ISR |
16.12(2r) |
19042950 |
|
|
Cisco 4431 ISR |
16.12(2r) |
19042950 |
|
|
Cisco 4351 ISR |
16.12(2r) |
19040541 |
|
|
Cisco 4331 ISR |
16.12(2r) |
19040541 |
|
|
Cisco 4321 ISR |
16.12(2r) |
19040541 |
|
|
Cisco 4221 ISR |
16.12(2r) |
19042420 |
Note |
Upgrading Field-Programmable Hardware Devices
The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.
Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.
From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.
Feature Navigator
You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on cisco.com is not required.
New and Changed Information
New Hardware Features in Cisco IOS XE 17.6.x
There are no new hardware features for this release.
New and Changed Software Features in Cisco IOS XE 17.6.8a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.6.6a
There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
New and Changed Software Features in Cisco IOS XE 17.6.6
There are no new software features in this release.
Note |
See the End-of-Sale and End-of-Life Announcement for the Cisco IPsec Static Crypto Map and Dynamic Crypto Map Feature in IOS XE page for information about the end-of-life milestones for the Cisco IPsec Static Crypto Map and Dynamic Crypto Map feature. |
New and Changed Software Features in Cisco IOS XE 17.6.5a
There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
New and Changed Software Features in Cisco IOS XE 17.6.5
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.6.4
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.6.3a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.6.2
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.6.1a
|
Feature |
Description |
|---|---|
|
This feature allows you to manage or change the lease renewal. It provides options to force renewal of lease and also detects when the lease is nearing the expiry date. |
|
|
CFM Operation and Action Command Support |
This feature introduces a NETCONF/YANG model to perform the following functions:
This model helps you to gain more visibility into the timing of the services operations and manage network devices from a centralised orchestration application such as Cisco DNAC. For more information, see the Programmability Configuration Guide. |
|
Cisco ThousandEyes application is a cloud-ready, enterprise network-monitoring tool that provides an end-to-end view across networks and services. This tool helps in analyzing the network performance and provides insights into the Internet and enterprise networks. |
|
|
From Cisco IOS XE 17.6.1 onwards, CUBE can transcode OPUS encoded media streams. Because Opus codecs perform very well over the Internet, this feature is particularly beneficial when routing calls between the PSTN and Cloud calling services. |
|
|
This feature lets you configure system reports that can provide critical information on issues that cause software crashes. |
|
|
This feature allows you to configure an SR policy as the preferred path for a Virtual Private Wire Service (VPWS) or Virtual Private LAN Service (VPLS) pseudowire. VPWS or VPLS pseudowires between same PEs can be routed over different SR policies based on the requirements. |
|
|
Phasing Out of Device-Specific HSECK9 Licenses |
With the introduction of Cisco Digital Network Architecture (Cisco DNA), there is a change in the entitlement tags for HSECK9 licenses supported on Cisco 4000 Series Integrated Services Routers. Instead of tagging licenses according to a router model (for example, ISR_4331_Hsec), HSECK9 licenses are tagged as Router US Export Lic for DNA (DNA_HSEC). Starting with this release, if you want to purchase new HSECK9 licenses for these products, we recommend that you buy only DNA_HSEC. If the software version running on the product instance is Cisco IOS XE Bengaluru 17.6.1a or later, it has the following implications:
For more information, see Phasing Out of Device-Specific HSECK9 Licenses. |
|
The PPPoE Client over VLAN interface enhancement allows you to configure the PPPoE client to establish a PPPoE session over a VLAN interface. |
|
|
Pyang version 2.x |
The updated pyang plugin version 2.x fixes existing issues such as XPATH validation and upstream pyang issues. Additionally, this version reports all errors in the YANG models to the users and enforces a strict model validation. |
|
This feature allows you to leak (or replicate) routes between the global VRF and service VPNs, and redistribute the leaked routes into the destination protocol BGP. The redistribution of the leaked routes occurs after replicating the routes into the corresponding VRF. Route leaking allows you to share common services that multiple VPNs need to access. The source protocols that support route leaking and redistribution of routes into the destination protocol BGP are as follows:
|
|
|
YANG models were developed for the following CLIs as part of the Class of Restriction configuration:
|
|
|
The Zone-Based Firewall (ZBFW) Reclassification feature is an enhancement to the Zone-Based Firewall feature. With this enhancement, any changes you make to the policy configuration on an existing firewall session is immediately enforced. |
|
Feature |
Description |
|---|---|
|
Snapshots for PAK Licenses |
The library that manages product activation key (PAK) licenses is being deprecated from the software image. To continue supporting and honouring any existing PAK licenses you may have, the system automatically takes a snapshot of the PAK license and triggers a Device-Led Conversion process, to convert the PAK license to a Smart License. For the system to take the snapshot, the software version running on your device must be one of the required releases. For information about the releases in which the system can take a snapshot, and the options that are available with respect to the device and the license, see Snapshots for PAK Licenses. |
Note |
From Cisco IOS XE Bengaluru 17.6.x, configuring a weak crypto algorithm generates a warning message. However, you can ignore this warning because the working of crypto algorithms is not impacted. For more information on weak crypto algorithms, see Supported Standards. |
Configure the Router for Web User Interface
This section explains how to configure the router to access Web User Interface. Web User Interface requires the following basic configuration to connect to the router and manage it.
-
An HTTP or HTTPs server must be enabled with local authentication.
-
A local user account with privilege level 15 and accompanying password must be configured.
-
Vty line with protocol SSH/Telnet must be enabled with local authentication. This is needed for interactive commands.
-
For more information on how to configure the router for Web User Interface, see Cisco 4000 Series ISRs Software Configuration Guide, Cisco IOS XE 17.
Resolved and Open Bugs
This section provides information about the bugs in Cisco 4000 Series Integrated Services Routers and describe unexpected behavior. Severity 1 bugs are the most serious bugs. Severity 2 bugs are less serious. Severity 3 bugs are moderate bugs. This section includes severity 1, severity 2, and selected severity 3 bugs.
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the bug that you have requested cannot be displayed, this may be due to one or more of the following reasons: the bug ID does not exist, the bug does not have a customer-visible description yet, or the bug has been marked Cisco Confidential. |
Resolved and Open Bugs in Cisco 4000 Series Integrated Services Routers
Resolved Bugs in Cisco IOS XE 17.6.8a
There are no resolved bugs for this release.
Open Bugs in Cisco IOS XE 17.6.8a
There are no open bugs in this release.
Resolved Bugs - Cisco IOS XE 17.6.7
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Router keeps crashing when processing a firewall feature. |
|
|
FTMD crash observed in platform while running PWK suite. |
|
|
NHRP reply processing may dequeue an unrelated request. |
|
|
CSDL Compliance failure: Use of 3DES by IPSec is denied. |
|
|
SM-X interface stops passing traffic. |
|
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
|
Crashed by TRACK client thread at access invalid memory location. |
|
|
PMTUD incorrectly converging without attempting to learn a higher MTU. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
Crash in IP input process during tunnel encapsulation. |
Open Bugs - Cisco IOS XE 17.6.7
All open bugs for this release are available in the Cisco Bug Search Tool.
There are no open bugs in this release.
Resolved Bugs in Cisco IOS XE 17.6.6a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
Open Bugs - Cisco IOS XE 17.6.6a
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
The output rate on port channel does not match with the total physical interface output rate. |
|
|
High CPU due to MPLS MIB poll. |
|
|
ISG FFR: ARP request to reroute nexthop IP is not triggered if ARP entry not in ARP table. |
|
|
SRTP cipher failure for RTCP packets when AEAD_AES_256_GCM Cipher is used for call. |
|
|
Unable to disable the call-home feature on devices. |
|
|
Cisco IOS XE Software Privilege Escalation Vulnerability. |
|
|
Tracebacks seen when configuring VRF with 32 characters or more. |
|
|
IOS XE router may experience unexpected reset while executing show utd engine standard statistics. |
|
|
Unable to apply the Service Policy on Tunnel Interface. |
|
|
Device is crashing while adding a trustpoint to the router. |
|
|
AOM objects (FMAN_OBJ_ACL_REF) might be missing intermittently after MMA flapping. |
|
|
Device-tracking database entry stuck on UNKNOWN state with temporal MAC address. |
|
|
QFP crash when configuring S2S VPN (IKEv2/IPSEC) with Azure vWAN/HUB. |
|
|
SFP transceiver DOM not working after some time, however interface forwards the traffic as expected. |
|
|
Unable to delete wrong interface name. |
|
|
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = IOSXE-RP Punt Service Process. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
CTS PI changes for adding new binding source priority for LISP sourced local host bindings. |
|
|
Unexpected reboot while dispalying information from cleared SSS session. |
|
|
OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site. |
|
|
CSDL compliance failure: Use of 3DES by IPSec is denied. |
|
|
Environmental syslog is not appearing when power cord is disconnected from the redundant PS. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
The device crashed after adding trustpoint. |
|
|
%IOSXE-3-PLATFORM: R0/0: /usr/sbin/pkg_to_tree: Failed to parse the key record 0. (28). |
|
|
Unexpected reload with segmentation fault due to Open DNS Dev-Reg process. |
|
|
Intf/System XML files are not generated. |
|
|
Crash when modifying tunnel after running show crypto commands. |
|
|
Unexpected reload generates pubd core. |
|
|
Slot 0/1 crash after changing switchport with allowed wide range VLANs from trunk to access. |
|
|
Device leaking memory in MallocLite because of telemetry subscription to collect FNF cache. |
|
|
Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over ipsec cannot be applied. |
|
|
GRACEFUL-RELOAD: Wrong state: 1 to recieve chasfs event. |
|
|
SOS/ROC Feature on NIM. |
|
|
Device data plane crash in Umbrella/OpenDNS processing due to incorrect UDP length. |
|
|
Router crash with segmentation fault(11), Process = NHRP when processing NHRP traffic. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
Unexpected reload on device ucode core @l2_dst_output_goto_output_feature_ext_path. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value. |
|
|
Flowspec on device won't revoke. |
|
|
Unable to migrate from ADSL to VDSL without reboot. |
|
|
Extranet multicast code improvements for better handling of data structure. |
|
|
Unexpected reload due to a watchdog on the kernel. |
|
|
Packets with L2TP headers cause device to crash. |
|
|
Performance issue on platform. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
|
Static NAT with HSRP stops working after removing / adding standby. |
|
|
Ucode crash when ZBFW is configured on inside interfaces. |
|
|
IPv4 connectivity over PPP not restored after reload. |
|
|
SM-X interface stops passing traffic. |
|
|
CTS CORE process crash after configuring role based ACL. |
|
|
Intermittent one way audio on RTP to SRTP calls with SSRC and seq num changes. |
|
|
Crashed by TRACK Client thread at access invalid memory location. |
|
|
DMI for RESTCONF/NETCONF enters degraded state due to discriminator configured. |
|
|
Unexpected reload when using RSH/RCMD. |
|
|
Router has LocalSoftADR crash, writes flat core, and reloads. |
|
|
Image info not updated in packages.conf when upgrading in autonomous mode. |
|
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
|
BDI + NTP configuration puts DMI process in degraded mode. |
|
|
Static NAT with HSRP stops working after removing / adding standby. |
|
|
SSM On-Prem responds with message completed to poll_id requests without ACK data. |
Resolved Bugs - Cisco IOS XE 17.6.6
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
Memory leak in Pubd when continuously trying to connect to remote peer. |
|
|
Standby BGP session receives incorrect routes from Active. |
|
|
NAT: Traffic is not translated to the same global address though PAP is configured. |
|
|
OMP route is being advertised although the route is not available. |
|
|
Unexpected reload after running show voice dsp command while an ISDN call disconnects. |
|
|
Crash when using dial-peer groups with STCAPP. |
|
|
SNMP MIB does not show correct firmware version. |
|
|
OID for SNMP monitoring of DSP resources are not working as expected. |
|
|
L2RIB thread crash when updating the MAC-IP. |
|
|
ISIS crash when performing TI-LFA calculation. |
|
|
Device crash with crashinfo files were generated with segmentation fault, process IPSEC key engine. |
|
|
Segmentation fault at IPv6 BGP backup route notification. |
|
|
Device frequent reloads. |
|
|
Filesystem leak on standby switch of device SVL setup. |
|
|
SNMP MIB OID changing its last index. |
|
|
L2RIB thread crash after removing EVPN member from bridge domain. |
|
|
Segmentation fault by process mDNS. |
|
|
Device displays incorrect values for Call Quality statistics (RTT/MOS). |
|
|
Username/Password under voice register pool gets deleted post CME reload. |
|
|
An unexpected removal of the underlay S, G entry resulting ~20s disruption in the multicast flow SDA. |
|
|
NBAR DP traceback - "Failed to process non-graph batch message: wrong batch id" is logged. |
|
|
NHRP cache entries flood matching a /32 default route. |
|
|
Router IOS-XE crash while executing AES crypto functions. |
|
|
Watchdog crash while importing a large CRL file into switch. |
|
|
Device observes memory leak at process "SSS Manager". |
|
|
Telemetry subscription fails to connect to GRPC receiver when multiple XPATH changes are made to it. |
|
|
DTMF is failing through IOS MTP during call on-hold |
|
|
Check nexthop reachability before installing route for a prefix. |
|
|
Intermittent one way audio issue after hold and resume. SRTP to RTP. |
|
|
snmpwalk: Authentication failure, with MD5 SNMPv3 user. |
|
|
Memory leak found @nfra/green/cep/src/cep.c. |
|
|
LSPVif removal on OIF for RP discovery group 224.0.1.40 with timing related trigger. |
|
|
Device is crashing after importing the trustpoint with RSA keypair. |
|
|
Auto-update cycle incorrectly deletes certificates. |
|
|
Memory allocation failure with extended antireplay enabled. |
|
|
IOS XE device may experience an unexpected reset with High Volume of Multicast. |
|
|
Device crashes when applying a service-policy to a newly created tunnel. |
|
|
Configuring "entity-information" xpath filter causes syslogs to print, does not return data. |
|
|
vBond tracker. |
|
|
Unexpected reload on device caused by WNCD process after removing a VLAN from a VLAN-GROUP. |
|
|
Keyman process crash. |
|
|
LISP failed to recreate the more specific away table entries after less specific entries toggled. |
|
|
Gateway disconnecting incoming calls when FPI Correlator is not released after disconnect on PRI Leg. |
|
|
Observe Traceback message when BVM client do Inter-xTR roaming. |
|
|
Observed qfp-ucode-wlc crash. |
|
|
SIPREC recording fails in transfer scenario when certian options are enabled in configuration. |
|
|
IOS process crash during VRRP hash table lookup. |
|
|
ATTN-3-SYNC_TIMEOUT after upgrading. |
|
|
CUBE memory leak sdp_copy_all_attrs sdp_parse_attribute sdp_add_new_attr. |
|
|
FlexVPN: Stale client routes stuck in RIB on FlexServer. |
|
|
MCID (Malicious Call Identification) gets broken due to Custom prefix setting under STCAPP FAC. |
|
|
hide cisco-smart-*.yang from device by adding tailf:hidden full annotations. |
|
|
IOS XE software crash while validating certification trust. |
|
|
MPLS VPN traffic dropped due FDB OOM with cause FIAError under scale flow number (<1M) |
|
|
Device can lose its config during a triggered resync process if lines are in an off-hook state. |
|
|
Not triggering any alarms when RPM of a fan is 0. |
|
|
TACACS+ authentication stops working after changing AES encryption key on the WLC. |
|
|
Segmentation fault - crash - SSH - when changing AAA group configs. |
|
|
Device seeing out of service when using new DC power supply. |
|
|
Device VMWI race condition causes no ringing for analog phones. |
|
|
No dial tone on analog phones due to DSP going into Power Denial State. |
|
|
Spoke-spoke cache refresh not working correctly in case of multiple cache entries for same next hop. |
|
|
MallocLite memory leak observed in HTTP CORE allocator. |
|
|
Device running IOS-XE crashes when removing FQDN ACL. |
|
|
Router crashes due to CPUHOG when walking ciscoFlashMIB @snmp_platform_get_flash_file_info. |
|
|
Logging in get-config processing affecting the template push fail. |
|
|
Device memory leak in pubd causes reload. |
|
|
DSP resource can not be release after end the call. |
|
|
ISDN memory leak when PRI link flaps, crashes router. |
|
|
show DMVPN command displays incorrect state. |
|
|
I/O middle pool leaking when VOIP trace is enabled. |
|
|
NAT entries expire on standby router. |
|
|
Radius attribute 31 not being sent on device for CTS Pac provisioning. |
|
|
GARP on port up/up status from router is not received by remote peer. device. |
|
|
IOS-XE device may experience a segmentation fault with L2VPN EVPN when clearing duplicate MAC. |
|
|
Cube reloads due to a segmentation fault in CCSIP_SPI_CONTROL process. |
|
|
Invalid TCP checksum in SYN flag packets passing through router. |
|
|
VC down due to control-word negotiation. |
|
|
Netflow stops working when flow monitor reaches cache limit. |
|
|
ISG: L2-connected subscriber: IPv6 prefix delegation is not reachable when packet are switched. |
|
|
Device crashes unexpectedly due to a fault in the 'TLSCLIENT_PROCESS'. |
|
|
MACsec remains marked as SECURED, but randomly the traffic stops working. |
Open Bugs - Cisco IOS XE 17.6.6
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
The output rate on port channel does not match with the total physical interface output rate. |
|
|
High CPU due to MPLS MIB poll. |
|
|
ISG FFR: ARP request to reroute nexthop IP is not triggered if ARP entry not in ARP table. |
|
|
SRTP cipher failure for RTCP packets when AEAD_AES_256_GCM Cipher is used for call. |
|
|
Unable to disable the call-home feature on devices. |
|
|
Cisco IOS XE Software Privilege Escalation Vulnerability. |
|
|
Tracebacks seen when configuring VRF with 32 characters or more. |
|
|
IOS XE router may experience unexpected reset while executing show utd engine standard statistics. |
|
|
Unable to apply the Service Policy on Tunnel Interface. |
|
|
Device is crashing while adding a trustpoint to the router. |
|
|
AOM objects (FMAN_OBJ_ACL_REF) might be missing intermittently after MMA flapping. |
|
|
Device-tracking database entry stuck on UNKNOWN state with temporal MAC address. |
|
|
QFP crash when configuring S2S VPN (IKEv2/IPSEC) with Azure vWAN/HUB. |
|
|
SFP transceiver DOM not working after some time, however interface forwards the traffic as expected. |
|
|
Unable to delete wrong interface name. |
|
|
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = IOSXE-RP Punt Service Process. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
CTS PI changes for adding new binding source priority for LISP sourced local host bindings. |
|
|
Unexpected reboot while dispalying information from cleared SSS session. |
|
|
OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site. |
|
|
CSDL compliance failure: Use of 3DES by IPSec is denied. |
|
|
Environmental syslog is not appearing when power cord is disconnected from the redundant PS. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
The device crashed after adding trustpoint. |
|
|
%IOSXE-3-PLATFORM: R0/0: /usr/sbin/pkg_to_tree: Failed to parse the key record 0. (28). |
|
|
Unexpected reload with segmentation fault due to Open DNS Dev-Reg process. |
|
|
Intf/System XML files are not generated. |
|
|
Crash when modifying tunnel after running show crypto commands. |
|
|
Unexpected reload generates pubd core. |
|
|
Slot 0/1 crash after changing switchport with allowed wide range VLANs from trunk to access. |
|
|
Device leaking memory in MallocLite because of telemetry subscription to collect FNF cache. |
|
|
Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over ipsec cannot be applied. |
|
|
GRACEFUL-RELOAD: Wrong state: 1 to recieve chasfs event. |
|
|
SOS/ROC Feature on NIM. |
|
|
Device data plane crash in Umbrella/OpenDNS processing due to incorrect UDP length. |
|
|
Router crash with segmentation fault(11), Process = NHRP when processing NHRP traffic. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
Unexpected reload on device ucode core @l2_dst_output_goto_output_feature_ext_path. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value. |
|
|
Flowspec on device won't revoke. |
|
|
Unable to migrate from ADSL to VDSL without reboot. |
|
|
Extranet multicast code improvements for better handling of data structure. |
|
|
Unexpected reload due to a watchdog on the kernel. |
|
|
Packets with L2TP headers cause device to crash. |
|
|
Performance issue on platform. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
|
Static NAT with HSRP stops working after removing / adding standby. |
|
|
Ucode crash when ZBFW is configured on inside interfaces. |
|
|
IPv4 connectivity over PPP not restored after reload. |
|
|
SM-X interface stops passing traffic. |
|
|
CTS CORE process crash after configuring role based ACL. |
|
|
Intermittent one way audio on RTP to SRTP calls with SSRC and seq num changes. |
|
|
Crashed by TRACK Client thread at access invalid memory location. |
|
|
DMI for RESTCONF/NETCONF enters degraded state due to discriminator configured. |
|
|
Unexpected reload when using RSH/RCMD. |
|
|
Router has LocalSoftADR crash, writes flat core, and reloads. |
|
|
Image info not updated in packages.conf when upgrading in autonomous mode. |
|
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
|
BDI + NTP configuration puts DMI process in degraded mode. |
|
|
Static NAT with HSRP stops working after removing / adding standby. |
|
|
SSM On-Prem responds with message completed to poll_id requests without ACK data. |
Resolved Bugs in Cisco IOS XE 17.6.5a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
Open Bugs - Cisco IOS XE 17.6.5a
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
Device controller crash when sending Full line rate of traffic with >5 Intel AX210 stations. |
|
|
Unexpected reload after running show voice dsp command while an ISDN call disconnects. |
|
|
Check nexthop reachability before installing route for a prefix. |
|
|
OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site. |
|
|
Clear ISG existing lite-session upon reception of DHCP packet for same client. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
show dmvpn command displays incorrect state. |
|
|
MPLS VPN traffic dropped due FDB OOM with cause FIAError under scale flow number (<1M). |
|
|
Outgoing number of bytes decrease in router interface. |
|
|
Not triggering any alarms when RPM of a fan is 0. |
|
|
Slot 0/1 crash after changing switchport with allowed wide range VLANs from trunk to access. |
|
|
L2-connected subscriber: IPv6 prefix delegation is not reachable when packet are switched. |
Resolved Bugs - Cisco IOS XE 17.6.5
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
%HW_FLOWDB-3-HW_FLOWDB_DBLDEL_FEATOBJ: FlowDB featobj cannot be deleted twice. |
|
|
CSDL Compliance: Add CLI to disable CSDL compliance. |
|
|
QFP crash when ZBFW configuration features log dropped-packets configuration. |
|
|
GetVPN long SA - GM re-registration after encrypting 2^32-1 of packets in one IPSEC SA. |
|
|
FMAN crash seen in SGACL@ fman_sgacl_calloc. |
|
|
Standby WLC crash @ fman_acl_remove_default_ace. |
|
|
Lack of MAC address in Inform Event message. |
|
|
Device might reboot when supporting explicit IV joins the network. |
|
|
Device unexpected reload due to QFP ucode crash. |
|
|
DSPware 58.5.2 release. |
|
|
Data Plane crash on device when making QoS configuration changes. |
|
|
NHRP process taking more CPU because of FlexVPN event trace. |
|
|
RTSP Traffic not being rewritten by NAT. |
|
|
Wired guest client stuck at IP_LEARN with dhcp packets not forwarded out of the foreign to anchor. |
|
|
LTE modem doesn't show GSM bands. |
|
|
Need CLI option to disable ALG. |
|
|
LAN Module is down when high CPU noticed. |
|
|
ERROR info: Router configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt. |
|
|
Intermittent double DTMF due to changing timestamp on a DTMF event. |
|
|
Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
Device uses identifier mac-address 0000.0000.0000 when DHCP LQ does not reply. |
|
|
File is incomplete when running admin-tech. |
|
|
GETVPN : Traffic drops seen on GM after rekey installing policies. |
Open Bugs - Cisco IOS XE 17.6.5
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
Device controller crash when sending Full line rate of traffic with >5 Intel AX210 stations. |
|
|
Unexpected reload after running show voice dsp command while an ISDN call disconnects. |
|
|
Check nexthop reachability before installing route for a prefix. |
|
|
OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site. |
|
|
Clear ISG existing lite-session upon reception of DHCP packet for same client. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
show dmvpn command displays incorrect state. |
|
|
MPLS VPN traffic dropped due FDB OOM with cause FIAError under scale flow number (<1M). |
|
|
Outgoing number of bytes decrease in router interface. |
|
|
Not triggering any alarms when RPM of a fan is 0. |
|
|
Slot 0/1 crash after changing switchport with allowed wide range VLANs from trunk to access. |
|
|
L2-connected subscriber: IPv6 prefix delegation is not reachable when packet are switched. |
Resolved Bugs - Cisco IOS XE 17.6.4
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
Packet sanity failed for resolution reply on spoke due to missing SMEF capability. |
|
|
VFR is enabled by feature NAT but there is no NAT configured on the interface. |
|
|
Revocation-check crl none does not failover to NONE DNAC-CA. |
|
|
EWC Ha pair expereincing IOS tracebacks, followed by KEYMAN crash. |
|
|
Source address translation for multicast traffic fails with route-map. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Cellular interface tracker down but NAT route persists in the Service VPN Routing Table. |
|
|
RG B2B(Box to Box), Interchassis HA, STBY is stuck in STANDBY COLD-BULK. |
|
|
Platforms should not show warning message during reload. |
|
|
IOS PKI client uses incorrect search filter for CRL retrieval using LDAPv3. |
|
|
RP Switchover causes linecard NFS mount failure resulting in memory leak. |
|
|
Crash seen with umbrella config during soak run. |
|
|
BFD tunnel uptime not showing correct values post upgrade. |
|
|
OMPd crash during RIB-out attribute aspath/community processing. |
|
|
IPSec Key Engine process holding memory continuously and not freeing up. |
|
|
Device crashed with last reload reason Critical process cxpd fault. |
|
|
Device is not able to bring up SIG tunnels after reboot. |
|
|
Fix mishandling of policy sequence programming failures and notify with syslog/notification. |
|
|
CDP/LLDP not working when 10GE interface enabled with MACsec. |
|
|
UDP based DNS resolution doesn't work with IS-IS EMCP on IOX-XE. |
|
|
Device reloads when group-range is configured under an interface Group-Async. |
|
|
CSR generated from hardware contains / in Common Name. |
|
|
IOS sending UP Event for the sub interface which is in down state. |
|
|
Service Chain is not created when Tracking is disabled. |
|
|
Speed Test to internet failing. |
|
|
Per Class BFD - echo response pkts. |
|
|
IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error seen for TLOCExt setup after upgrade. |
|
|
DNS Packets are not redirected to configured custom DNS after Umbrella Template edit. |
|
|
ZBFW dropping return packets from tunnel post upgrade. |
|
|
Large number of IPSec tunnel flapping occurs when underlay is restored. |
|
|
Device loses control connections after installing new enterprise hardware wan edge cert. |
|
|
Device is changing ICMP ID in ICMP echo replies intermittently. |
|
|
HUB with firewall configured incorrectly dropping return packets when routing between VRFs. |
|
|
Support IGMP on voice vlan. |
|
|
AOM pending objects with loopbacks binded to tloc-extended interfaces. |
|
|
Memory leaks on keyman process when key is not found. |
|
|
CSDL failure: Use of MD5 by IPSEC key engine is denied. |
|
|
MACsec not working on subinterfaces using dot1q >255. |
|
|
Traceroute not working on device with NAT. |
|
|
E1 R2 - dnis-digits cli not working. |
|
|
IOS-XE: Devices running crypto ipsec policy installation fails. |
|
|
Endpoint-tracker cannot be configured on a 100G interface. |
|
|
Per-tunnel QoS counters and shapers not working for some BFD tunnel with stale 'nh_overlay' objects. |
|
|
NAT translations do not work for FTP traffic. |
|
|
CSDL failure: IPSec QM Use of DES by encrypt proc is denied. |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
Traceback after enabling ipsec_pwk and reboot. |
|
|
CPP uCode crash due to ipc congestion from dp to cp. |
|
|
Device incorrectly drops ip fragments due to reassembly timeout. |
|
|
ucode crash due to SIGABRT from bnxt_start_xmit. |
|
|
Interface comes up with only an SFP inserted. |
|
|
CPP unexpected reboot while freeing CVLA chunk. |
|
|
Internet SpeedTest with Loopback binding mode doesn't work with implicit ACL drop for return traffic. |
|
|
Serial interface stuck in "line protocol is down" state after it went down and it is recovered. |
|
|
Checks of route leaks creates memory corruption. |
|
|
NAT translation don’t show (or use) correct timeout value for an established TCP session. |
|
|
ZBFW policy stops working after modifying the zone pair. |
|
|
Device crash @ imgr_n2_ipsec_sa_ctx_register. |
|
|
FN980 new signed Telit modem firmware FN980M_38.02.X92 upgrade failed. |
|
|
Device crash for stuck threads in cpp on packet processing. |
|
|
Device crash observed after enabling NWPI trace with IPv6 traffic. |
|
|
IPsec SIG auto tunnels are not coming up. |
|
|
IKEv2 fragmentation causes wrong message ID used for EAP authentication. |
|
|
NHRP network resolution not working with link-local ipv6 address. |
|
|
CSR BFD tunnel are zero. |
|
|
Incorrect reload reason - Last reload reason: LocalSoft for Netconf Initiated request. |
|
|
The [service timestamps log datetime msec localtime] command cannot be pushed via CLI Addon template. |
|
|
CRL verification failure result 400 Bad Request with DigiCert. |
|
|
Installing new enterprise wan edge cert does not remove old cert causing device to use old cert. |
|
|
Missing IOS config (voice translation rule) on upgrade. |
|
|
After upgrade, umbrella dns config set to NONE in show umbrella config. |
|
|
Umbrella DNS security policy doesn't work with Cloud onRamp with SIG tunnels. |
|
|
Sig Autotunnels:tunnel 409 response received. |
|
|
Inconsistency between Path MTU Discovery result and Tunnel MTU. |
|
|
CISCO-SDWAN-BFD-MIB request gives results intermittently. |
|
|
Device bootflash breakage unable to format bootflash. |
|
|
Incorrect check of the TCP sequence number causing return ICMP error packets to drop (Thousandeyes). |
|
|
High CPU utilization and memory utilization by Smart Licensing Agent. |
Open Bugs - Cisco IOS XE 17.6.4
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
NIM-LTE-EA No Data - Requires subslot reload to recover. |
|
|
Memory leak due to FTMd process. |
|
|
Unable to set specific speed and duplex values on SFP ports on IOS-XE routing platforms. |
|
|
OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site. |
|
|
UTD: Exception in utd_logger.py due to missing extra-data in AMP alert. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
Device may crash when doing speedtest with WAN flapping. |
|
|
Device flows are not distributed and load-balanced evenly and consistently. |
|
|
Firewall drop seen stating “FirewallL4”. |
|
|
RTSP traffic not being rewritten by NAT. |
|
|
Yang-management process confd is not running in controller mode. |
|
|
Router can not be upgraded. |
|
|
Traceback: QFP core after pushing data policy with IPv6 interface. |
|
|
Not triggering any alarms when RPM of a fan is 0. |
|
|
Statistics collection causing service-side BFD to flap on every collection interval. |
|
|
Lack of MAC address in Inform Event message. |
|
|
CRC errors seen after upgrade. |
|
|
BFD sessions not coming UP because of ANTI-REPLAY-FAILURES. |
|
|
IOS-XE no ip nat config is allowed to be committed and removes nat routes among other nat config. |
|
|
Ping fail to VRRP virtual IP address. |
Resolved Bugs - Cisco IOS XE 17.6.3a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
4461 Sub-interface may not forward traffic after a reload. |
|
|
Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command. |
|
|
QFP core due to NAT scaling issue. |
|
|
17.5 ZBFW + NAT: Traffic flow In2Out scenario failed. |
|
|
10G interfaces supports multirate: Mismatch in autoneg/speed in sh run and sh sdwan run. |
|
|
Shut/no shut of endpoint-tracker attached tunnel, doesn't create probe again on 17.6.2. |
|
|
ZBFW : FirewallPolicy drops seen with RTSP traffic in steady state. |
|
|
SdwanImplicitAclDrop seen on non-SDWAN interface after upgrade to 17.6.1. |
|
|
Punt keepalive crashed due to bqs related interrupt. |
|
|
TCAM parity error - SDRA: CPP crash on scaling to 5K RA sessions. |
|
|
Call Placing issue from SCCP phones. |
|
|
Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device. |
|
|
Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit. |
|
|
VRF-aware static NAT with route-map and reversible not working. |
|
|
CoS preservation not working for the services EVPL and EPL tunnel. |
|
|
Prefetch CRL download fails. |
|
|
SELINUX-5-Mismatch Log. |
|
|
Attach gateways failed in cloud express. |
|
|
Infinite output from command show sdwan tunnel sla. |
|
|
IKEv2 deprecated ciphers denied by Crypto Engine CDSL - Cicso PSB Security Compliance. |
|
|
dhcpv6_relay:dhcp-client on branch not receive IPv6 address. |
|
|
IKEv2 deprecated ciphers denied by Crypto Engine CDSL - Cicso PSB Security Compliance. |
|
|
Crypto PKI-CRL-IO process crash when PKI trustpoint is being deleted. |
|
|
E1 configurations (under Serial interface) lost after reload. |
|
|
Partial multicast drops are seen after a failover event in a site with two cEdges. |
|
|
Hostname not allowed beginning with numbers. |
|
|
Static mapping for the hub lost on one of the spokes. |
|
|
17.6.1a// Unexpected reload due IPV6 UDP fragment header in VxLAN. |
|
|
Router crash due to Stuck Thread with appnav-xe dual controller mode. |
|
|
Router may crash due to Crypto IKMP process. |
|
|
Flapping bidirectional/unidirectional packet capture option with IPv4 filter for long time failed. |
Open Bugs - Cisco IOS XE 17.6.3a
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
VFR is enabled by feature NAT but there is no NAT configured on the interface. |
|
|
Active FTP not working with UTD+HTX for security and Unified policy. |
|
|
CG522: Cannot transfer files. |
|
|
RG B2B (Box to Box), Interchassis HA, STBY is stuck in STANDBY COLD-BULK on ISR 4461. |
|
|
[17.5 Umbrella] DNS Packets are not redirected to configured Custom DNS after Umbrella Template Edit. |
|
|
ISR4461: CDP/LLDP not working when 10GE interface enabled with MACSEC. |
|
|
cEdge traffic is getting dropped/blackholed due to OCE_ADJ_DROP reason. |
|
|
(Rework): After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
Throughput drop of 10% from 17.3 to 17.6 Release. |
|
|
Inter-VRF route leaking not working and packet drop seen due to Ipv4Unclassified. |
|
|
ZBFW dropping return packets from Zscalar tunnel post cedge upgrade to 17.3.4. |
|
|
Bay 2 startup config of 40Gbps not applied on reload. |
|
|
Traceback: CPP ucode core generated after HSRP priority change. |
|
|
Cisco makefile changes to build the PHY API SW 4.67.05. |
|
|
SDWan HUB with firewall configured incorrectly dropping return packets when routing between VRFs. |
|
|
SNMP v2 community name encryption problem. |
|
|
E1 R2 - dnis-digits CLI not working. |
|
|
AOM pending objects with loopbacks binded to tloc-extended interfaces. |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
DMVPN phase 2 connectivity issue between two spokes. |
|
|
CPP unexpected reboot while freeing CVLA chunk. |
|
|
IOS XE 17.3.2 / high CPU on LC process mcpcc-lc-ms and link flaps. |
|
|
Checks of route leaks creates memory corruption. |
|
|
cEdge rebooted 2 time with CPP 0 failure Stuck Thread. |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
ZBFW policy stops working after modifying the zone pair. |
|
|
FN980 new signed Telit modem firmware FN980M_38.02.X92 upgrade failed. |
|
|
SCEP fails if AAAA DNS repy is received and source interface has no IPv6 address. |
|
|
17.6.2 IOS XE SD-WAN - vdaemon file is incomplete when running admin-tech. |
|
|
Show DMVPN command displays incorrect state. |
|
|
ZBFW seeing the SIP ALG incorrectly dropping traffic and resetting connection. |
|
|
IPSec Led doesn't lit even though module is correctly installed. |
|
|
"Shutdown" command visible in running config after reload. |
|
|
Umbrella DNS security policy doesn't work with Cloud onRamp. |
Resolved Bugs - Cisco IOS XE 17.6.2
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
Console port goes unresponsive, reboot required to restore it. |
|
|
LA LED turns green when just inserted SFP-10G-LR on ISR4k without cable connecting. |
|
|
IP Phone in Voice vlan can't get IP via DHCP if DHCP snooping enabled. |
|
|
Nested IPSec tunnels encryption does not work as expected. |
|
|
VLAN IP config missing on bootup due to missing startup configs. |
Open Bugs - Cisco IOS XE 17.6.2
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
Promethium: Observing low performance compare to UP performance numbers. |
|
|
ISR 4K running in sdwan controller mode experiencing module reload due to NGIO control packet loss. |
|
|
DP CPU degradation in Collab and Contact center flows on ISR4451 platform on 17.3 throttle. |
|
|
17.6 to 17.7: Continious 4461 Octean crypto crash. does not stay up. |
|
|
ISR4k:BFD scaling: Not able to scale more that 2048 BFD sessions. |
|
|
SIT: vedaemon assert noticed in the ISR 4221 over weekend longevity. |
|
|
Buffer Leak - IPSEC reply msg getting dropped. |
|
|
Router running 17.x.x crashes due to CPUHOG when walking CiscoFlashMIB. |
|
|
IPv6 connectivity issues on the service side. |
|
|
ISR prefixing F's to h323-conf-id field. |
Resolved Bugs - Cisco IOS XE 17.6.1a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
C8000v new PAYG Azure Cloud deployments do not boot with correct throughput level and tech package. |
|
|
ISR4461: MACsec should secure mode not work with front panel GE. |
|
|
Subslot module C1111-ES-8 going "out of service". |
|
|
fman_fp_image crashed with ZBFW config change. |
|
|
ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent. |
|
|
ISR4431/K9 rebooting due to CPP crashing becaue of UTD feature. |
|
|
PWK - Overlay tunnel goes down with overnight traffic (No Crash). |
|
|
[DMM/SLM test issue] CFM crash when using physical port, DMM/SLM doesn't work on EVC. |
|
|
IPv6 DMVPN - NBMA address not getting preserved. |
|
|
[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled. |
|
|
A router may crash when processing an NHRP packet. |
|
|
An IOS XE device might crash at DoubleExceptionVector. |
|
|
"insufficient resources" NHRP-ERROR while receiving small rate of NHRP Resolution Requests/second. |
|
|
Port enters err-disabled state (BPDU guard) when LLDP packet with MAC DA:0180.c200.0000. |
|
|
Packets dropped due to firewall + data policy interop issue. |
|
|
SCEP: CA server fails to rollover CA certificate with error: "Storage not accessible". |
|
|
On vManage 20.4.1, traceroute on cEdge leads to outage at the site. |
|
|
Router may crash under ZBF configuration (cpp_cp_svr). |
|
|
BFD tunnels stuck in down state after port-hop. |
|
|
ISR4331 are crashing frequently 17.4.1b. |
|
|
CSDL failure when it should be allowing RSA keys with 1024 length. |
|
|
IOS-XE cpp ucode crash with fragmented packets. |
|
|
ISR4461 NIM-2GE-CU-SFP - Sub-interfaces not transmitting traffic. |
|
|
On MTT vManage system IP persists after invalidating and deleting the edge devices. |
|
|
CPP ucode crash with route-map and overload at ipv4_nat_rmap_walk_find. |
|
|
Signature update failure - SSL-CERTIFICATE_VERIFY_FAILED. |
|
|
Data-policy local-tloc with app-route is dropping packets when SLA is not met. |
|
|
ccedge C1121-4P crahed with Localsoft error. |
|
|
URL Filtering regex pattern match not working on large pattern. |
|
|
tdm-group timeslot 31 failed to create/connect. |
|
|
BFD tunnel uptime not showing correct values post upgrade to 17.6.01. |
|
|
GETVPN: Clearing members on Key Server causing rekey processing failure on GMs. |
|
|
[SSL-Proxy-Policy] Webroot - url cloud lookup timeout is 60s (way too long to hold the traffic). |
|
|
c1111 vtcp may cause packet drop for sip packets causing phones to reset. |
|
|
Crash when issuing "show crypto isakmp peers config". |
|
|
Cannot remove NAT configuration from the template in a single operation if NAT translation is active. |
|
|
Wrong reload reason reflected after a power outage. |
|
|
Cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging. |
|
|
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed due to ip rtp header-compression iphc-format. |
|
|
Data plane VPLS traffic generating Control Word on all Label Switched Headers. |
|
|
SDWAN cedge : traffic simulation tool shows traffic blackhole. |
|
|
NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut. |
|
|
ISR4321 | After enabling "cts manual" the interfaces start flapping. |
|
|
vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset. |
|
|
cEdge fails to capture sdwan-related outputs to admin-tech. |
|
|
cEdge running 17.4.1b crashing with NAT Backtraces everytime we shut no-shut PPPoE. |
|
|
Software MTP should support encrypted TLS connection. |
|
|
UTD: Pickup latest SPPI library with fix for CSCvy00963. |
|
|
"Best of Worst" Fallback mode causes reachability issue when routes flap. |
|
|
vManage fails to push template - interface config stuck. |
|
|
Segmentation fault(11), Process = CTS CORE - crash in ISR 4K. |
|
|
Adding multilink frame relay sub-interface to SDWAN fails; "Aborted: application error". |
|
|
cEdge: High CPU usage due to Multicast and Data Policy configuration. |
|
|
ISR1K // ethernet loopback not working. |
Open Bugs - Cisco IOS XE 17.6.1a
All open bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID Number |
Description |
|---|---|
|
cEdge: Cellular related AOM pending objects after IOS-XE upgrade. |
|
|
On MTT vManage system IP persists after invalidating and deleting the edge devices. |
|
|
Active ftp not working with UTD+HTX for security and Unified policy. |
|
|
17.6: AAR not working properly as configured SLA classes are not shown under app-route stats. |
|
|
BFD session flap/down while control connection with vManage is going down. |
|
|
cEdge rebooted 2 time with CPP 0 failure Stuck Thread. |
|
|
FireWall Policy Drops are seen when the OG/ACE's are reconfigured multiple times. |
|
|
Not able to upgrade cEdge from vManage | from 16.12.3 to 17.3.3. |
|
|
Ucode crash with test calls from the SIP trunk to the POTS lines. |
|
|
NetApp: Issues with traffic does not get forwarded via TLOC extended interface. |
|
|
After uploading the serial file list to the vmanage, the edges lost Control Con. and BFD sessions. |
|
|
cEdge ISR4221 cpp_cp_svr crash in ZBF component. |
|
|
Switchport Feature Template is unable to create VLANs- Missing VLANs on VLAN-database. |
|
|
SDWAN tunnels are not coming up in Multilink Frame relay sub-interface. |
|
|
VG450 Crashes Repeatedly in IOSd due to HTSP. |
|
|
ISR4331/K9 running 16.12.04 crashed with Segmentation fault(11), Process = Cellular CNM. |
|
|
ISR4K/NIM-4G-LTE-GA 17.3.2 Cellular interfaces automatically unshut after reboot. |
|
|
Router getting %CELLWAN-2-DYING_GASP_POWER_FAILURE without feature configured. |
|
|
Router unexpectedly routes traffic with broadcast dst MAC. |
|
|
SSL VPN fails to establish if 'match url' is configured under crypto ssl profile. |
|
|
DMVPN phase 2 connectivity issue between two spokes. |
|
|
OSPFv3 IPSec encryption failure when IPv4 address-family not configured in VRF. |
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback