Cisco IOS Release 15.7(3)M2 - Release Notes for Cisco IR800 Industrial Integrated Services Routers and Cisco 1000 Series Connected Grid Routers

Available Languages

Download Options

  • PDF     (352.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (91.4 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (93.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 28, 2019

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Table of Contents

Cisco IOS Release 15.7(3)M2 - Release Notes for Cisco IR800 Industrial Integrated Services Routers and Cisco 1000 Series Connected Grid Routers

Contents

Image Information and Supported Platforms

IR800

CGR1K

Software Downloads

IR800

CGR1K

Known Limitations

Major Enhancements

Virtual LPWA support for LoRaWAN

IOS APIs to Enable Native IOx Applications

mSATA Card as Additional Storage

Software Configuration

Related IOx Documentation

Related Documentation

Caveats

Cisco IOS Release 15.7(3)M2

Open Caveats

Resolved Caveats

Cisco IOS Release 15.7(3)M2 - Release Notes for Cisco IR800 Industrial Integrated Services Routers and Cisco 1000 Series Connected Grid Routers

The following release notes support the Cisco IOS 15.7(3)M2 release. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.

Contents

This publication consists of the following sections:

blank.gif Image Information and Supported Platforms

blank.gifSoftware Downloads

blank.gifKnown Limitations

blank.gifMajor Enhancements

blank.gifRelated Documentation

blank.gif Caveats

Image Information and Supported Platforms

Note : You must have a Cisco.com account to download the software.

Cisco IOS Release 15.7(3)M2 includes the following Cisco IOS images:

IR800

blank.gifSystem Bundled Image: ir800-universalk9-bundle.SPA.157-3.M2

This bundle contains the following components:

blank.gifIOS: ir800-universalk9-mz.SPA.157-3.M2

blank.gifGuest Operating System: ir800-ref-gos.img.1.6.3.1.gz

blank.gifHypervisor: ir800-hv.srp.SPA.3.0.39

blank.gifFPGA: 2.7.0

blank.gifBIOS: 13

blank.gifMCU Application: 31

CGR1K

blank.gifSystem Bundled image: cgr1000-universalk9-bundle.SPA.157-3.M2

blank.gifIOS Version: cgr1000-universalk9-mz.SPA.157-3.M2

blank.gifGuest Operating System: cgr1000-ref-gos.img.1.6.3.1.gz

blank.gifHypervisor: cgr1000-hv.srp.SPA.3.0.17

blank.gifFPGA: 2.9.0

blank.gifBIOS: 14

Software Downloads

IR800

The latest image file for the IR800 series is:

https://software.cisco.com/download/navigator.html?mdfid=286287045&flowid=75322

Click on the 807, 809 or 829 link to take you to the specific software you are looking for.

The IR807 link shows only the image file.

The IR809 and IR829 links show three entries to choose:

blank.gifIOS Software

blank.gifIOx Cartridges

blank.gifIOx Fog Node Software

The IR829 also includes downloads for the AP803 Access Point Module:

blank.gif Autonomous AP IOS Software

blank.gif Lightweight AP IOS Software

Note : The ir800-universalk9-bundle.SPA.157-3.M2 bundle can be copied via Trivial File Transfer Protocol (TFTP) or SCP to the IR800, and then installed using the bundle install flash: <image name> command. The ir800-universalk9-bundle.SPA.157-3.M2.bin file can NOT be directly booted using the boot system flash:/image_name. Detailed instructions are found in the Cisco IR800 Integrated Services Router Software Configuration Guide.

Note : The cipher dhe-aes-256-cbc-sha (which is used with the commands ip http client secure-ciphersuite and ip http secure-ciphersuite) is no longer available in IOS 15.6(3)M and later as part of the weak cipher removal process. This cipher was flagged as a security vulnerability.

Caution : On older IOS releases, a problem exists where the MCU upgrade fails to complete and the IR829 stays in bootloader mode. The router will get stuck in ROMMON mode and must be sent back to Cisco with a RMA. The IR829 should only be upgraded to IOS version 15.6(3)M x. For example:
If the IR829 is running 15.5(3)M2, DO NOT upgrade to 15.5(3)M2. Go straight to 15.6(3)M x.

Known Limitations

This release has the following limitations or deviations for expected behavior:

Caveat CSCvf76265 crosses over several different IOS software releases, and is a platform driver code issue. It is included here as a known limitation with the IR800 and CGR Industrial Routers.

On both the CGR1000 and IR800, the core dump fails to write into the local flash. The IOS is running as a virtual machine and then hypervisor is running underneath. The local flash is provided by the hypervisor as a virtual disk. When a crash occurs, this virtual disk is no longer available therefore copying to flash will fail. The workaround is to use an ftp server to copy the core dump to.

Major Enhancements

Virtual LPWA support for LoRaWAN

The IR807 now supports Virtual LPWA in the same manner as the IR809/829.

See the Cisco Wireless Gateway for LoRaWAN Data Sheet for details.

For details on managing the LoRaWAN (IXM-LPWA-800) Gateway Module interface to IR800, refer to the Cisco IoT Field Network Director User Guide, Release 4.2.x and Release Notes for IoT Field Network Director, Release 4.2.x:

https://www.cisco.com/c/en/us/support/cloud-systems-management/iot-field-network-director/tsd-products-support-series-home.html

IOS APIs to Enable Native IOx Applications

Note : The IOx Host Device Management service package needs to be installed for this feature to work.

A new configuration command, hdm-enable, has been added in this release to enable the Host Device Management service:

ir829-01(config)#iox ?
aaa IOX AAA options
client Configure iox client
hdm-enable Enable IOX Host Device Management(HDM) service
hypervisor Configure hypervisor policy
recovery-enable Set Guest OS image recovery
 

For more information on IOx, please visit:

https://www.cisco.com/c/en/us/support/cloud-systems-management/iox/tsd-products-support-series-home.html

mSATA Card as Additional Storage

Previously, IR829 IOx/Guest-OS legacy systems on which end users can host applications, came with a disk storage of 4GB to store user data. Functionality has been added to the IR829 allowing for a module to add 50 GB or 100 GB of mSATA storage.

The pluggable mSATA cards are NOT hot-swappable, the device must be powered down to install or remove it. The cards are installed in the mSATA slot (formerly known as Limited Modularity slot). Additional details are available in the Cisco IR829 Industrial Integrated Services Router Hardware Installation Guide.

mSATA SKUs lists the new SKUs.

Table 1 mSATA SKUs

SKU
Description
IR-SSD-MSATA-50G
50 GB mSATA storage module for IR829
IR-SSD-MSATA-100G
100 GB mSATA storage module for IR829
IR-SSD-MSATA-50G=
50 GB mSATA storage module for IR829
IR-SSD-MSATA-100G=
100 GB mSATA storage module for IR829

IR-SSD-MSATA-50++=
50 GB mSATA storage module for IR829

IR-SSD-MSATA-1H++=
100 GB mSATA storage module for IR829
IR829M-LTE-LA-ZK9
IR829 + mSATA (Base board) + POE for Brazil and Australia
IR829M-2LTE-EA-BK9
IR829 + mSATA + POE for US
IR829M-2LTE-EA-EK9
IR829 + mSATA + POE for Europe
IR829M-2LTE-EA-AK9
IR829 + mSATA + POE for Canada
IR829M-LTE-EA-BK9
Single LTE IR829 + mSATA + POE for US
IR829M-LTE-EA-EK9
Single LTE IR829 + mSATA + POE for Europe
IR829M-LTE-EA-AK9
Single LTE IR829 + mSATA + POE for Canada
IR829M-2LTE-LA-ZK9
Dual LTE IR829 + mSATA + POE for Brazil and Australia
IR829B-2LTE-EA-BK9
Dual LTE IR829 for US
IR829B-2LTE-EA-EK9
Dual LTE IR829 for Europe
IR829B-LTE-EA-AK9
Single LTE IR829 for Canada

Software Configuration

Note : Functionality-wise, there are no configuration and troubleshooting differences to the end-user in IOS or IOx, with or without mSATA. The system simply recognizes the additional storage.

There are some CLI commands that will show information that pertains to the mSATA storage. Examples are show inventory, and show platform msata.

IR829#show inventory
NAME: "IR829M-2LTE-EA-EK9", DESCR: "IR829M-2LTE-EA-EK9 chassis"
PID: IR829M-2LTE-EA-EK9, VID: V01, SN: FGL214591HB
NAME: "IR800-IL-POE", DESCR: "POE module"
PID: IR800-IL-POE, VID: V01, SN: FOC21452WHT
NAME: "mSATA module", DESCR: "mSATA module 100G"
PID: IR-SSD-mSATA-100G, VID: V00, SN:
NAME: "Modem in slot 0 on Cellular1/0", DESCR: "Sierra Wireless MC7455 4G-EA"
PID: MC7455, VID: 1.0, SN: 352009080067148
NAME: "1000BASE-T SFP", DESCR: "1000BASE-T SFP"
PID: GLC-TE, VID: G3., SN: AVC193822W4
NAME: "Modem in slot 1 on Cellular0/0", DESCR: "Sierra Wireless MC7455 4G-EA"
PID: MC7455, VID: 1.0, SN: 352009080067155
 

In the above example, new output is shown in blue. Note that the IR829 PID changed to IR829M if the mSATA is available. The mSATA PID states if it is a 50GB or 100GB module. The same information is displayed using the show diag command as well.

Note : The above information is shown in the show diag command as well.

IR829#show platform msata
SSD Lifetime:
Lifetime Remaining: 99% -> 99% of the net disk read/write lifetime is remaining
Memory:
Size: 99G. -> Total disk size in Gigabytes
Used: 93G. -> Used disk space, inclusive of IOx CAF, Iox application, data, etc.
Available: 6.1G. -> Remaining disk space in Gigabytes
Usage: 94%. -> Usage in percentage, same as Guest-OS 'df -h' command output display
 
In the above example, note that the output shows SSD lifetime remaining, disk storage size, usability and availability in Gigabytes.
There are also entries shown in the syslog when 15%, 10%, and 5% of the lifetime limit remain:
*Jan 30 19:03:00.257: %IOX-4-IOX_SSD_LIFETIME_WARN: SSD Lifetime remaining in module:15
*Jan 30 19:02:30.157: %IOX-2-IOX_SSD_LIFETIME_CRITICAL: SSD Lifetime remaining in module:5
 

There are some new SNMP OIDs created for the new IR829M SKUs.

SKU
OID
IR829M-2LTE-EA-AK9
1.3.6.1.4.1.9.1.2610

IR829M-2LTE-EA-BK9
1.3.6.1.4.1.9.1.2610

IR829M-2LTE-EA-EK9
1.3.6.1.4.1.9.1.2610
IR829M-LTE-EA-AK9
1.3.6.1.4.1.9.1.2673
IR829M-LTE-EA-BK9
1.3.6.1.4.1.9.1.2673
IR829M-LTE-EA-EK9
1.3.6.1.4.1.9.1.2673
IR829M-LTE-LA-ZK9
1.3.6.1.4.1.9.1.2609

Related Documentation

The following documentation is available:

blank.gifCisco IOS 15.7M cross-platform release notes:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/15-7m/release/notes/15-7-3-m-rel-notes.html

blank.gifAll of the Cisco IR800 Industrial Integrated Services Router documentation can be found here:

http://www.cisco.com/c/en/us/support/routers/800-series-industrial-routers/tsd-products-support-series-home.html

blank.gifAll of the Cisco CGR 1000 Series Connected Grid Routers documentation can be found here:

http://www.cisco.com/c/en/us/support/routers/1000-series-connected-grid-routers/tsd-products-support-series-home.html

blank.gifIoT Field Network Director, 4.2.x

https://www.cisco.com/c/en/us/support/cloud-systems-management/iot-field-network-director/products-installation-and-configuration-guides-list.html

Caveats

Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.

Note : You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.

For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.

Cisco IOS Release 15.7(3)M2

The following sections list caveats for Cisco IOS Release 15.7(3)M2:

Open Caveats

blank.gif CSCvi59098

show run does not reflect show line stats when line configs pushed through stty from Guest-OS

Symptoms : Functionally there is no impact. the show line CLI reflects the correct data. The show run | i line' CLI alone reflects the same information for both line1 and line2, only when pushed from Guest-OS.

Workaround : N/A, no functional impact.

blank.gif CSCvi59013

Serial relay line propagation not working from guest-os after making config edits in IOS

Workaround : Configuration can either be pushed from the Guest-OS or IOS. If using both interchangeably, you need to execute 'no relay line propagation' or ' relay line propagation' each time.

blank.gif CSCvi14609

IOS image fails to boot if env var set in rommon mode

Symptoms : IOS image will not bootup from rommon2

Workaround : Set BOOT_IOS_SEQUENCE=0

blank.gif CSCvi61559

Autoboot sequence sometimes stops at 16, instead of 20.

Symptoms : When there is a boot failure, for example a bootable image is not found, autoboot sequence failure should go all the way to 20. On occasion, the retries will only attempt 16 or 17 times.

Workaround : There is no workaround.

Resolved Caveats

The following caveats are fixed with this release:

blank.gif CSCvh00968

Dynamic MAC learning fails with 'mac-address-table secure' configuration

blank.gif CSCve34257

Autoboot suspension on repeated toggle during IOS bootup changed from 4 to 20.

Symptoms : To prevent constant IOS boot loop, for example with a bad configuration, the reboot loop to has been locked at 20. This helps prevent battery drain. The previous value was 4, now it has changed to 20 to give more leeway.

Workaround : In rommon mode, manually set BOOT_IOS_SEQUENCE=0. This is a new feature enhancement.

blank.gif CSCvf36269

Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability.

Symptoms : A vulnerability in the Cisco Network Plug and Play application of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data using an invalid certificate.

The vulnerability is due to insufficient certificate validation. An attacker could exploit this vulnerability by supplying a crafted certificate to the affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections.

Conditions : Device configured with the Cisco Plug and Play feature enabled and, with the PKI API feature enabled.

Special Note : Be aware that from this release going forward, Plug and Play made subject name alternative as mandatory field.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2018 Cisco Systems, Inc. All rights reserved.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products