Image Information and Supported Platforms
Virtual LPWA support for LoRaWAN
IOS APIs to Enable Native IOx Applications
mSATA Card as Additional Storage
The following release notes support the Cisco IOS 15.7(3)M2 release. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.
This publication consists of the following sections:
■ Image Information and Supported Platforms
■ Caveats
Note : You must have a Cisco.com account to download the software.
Cisco IOS Release 15.7(3)M2 includes the following Cisco IOS images:
The latest image file for the IR800 series is:
https://software.cisco.com/download/navigator.html?mdfid=286287045&flowid=75322
Click on the 807, 809 or 829 link to take you to the specific software you are looking for.
The IR807 link shows only the image file.
The IR809 and IR829 links show three entries to choose:
The IR829 also includes downloads for the AP803 Access Point Module:
Note : The ir800-universalk9-bundle.SPA.157-3.M2 bundle can be copied via Trivial File Transfer Protocol (TFTP) or SCP to the IR800, and then installed using the bundle install flash: <image name> command. The ir800-universalk9-bundle.SPA.157-3.M2.bin file can NOT be directly booted using the boot system flash:/image_name. Detailed instructions are found in the Cisco IR800 Integrated Services Router Software Configuration Guide.
Note : The cipher dhe-aes-256-cbc-sha (which is used with the commands ip http client secure-ciphersuite and ip http secure-ciphersuite) is no longer available in IOS 15.6(3)M and later as part of the weak cipher removal process. This cipher was flagged as a security vulnerability.
Caution : On older IOS releases, a problem exists where the MCU upgrade fails to complete and the IR829 stays in bootloader mode. The router will get stuck in ROMMON mode and must be sent back to Cisco with a RMA. The IR829 should only be upgraded to IOS version 15.6(3)M x. For example:
If the IR829 is running 15.5(3)M2, DO NOT upgrade to 15.5(3)M2. Go straight to 15.6(3)M x.
The latest image file for the CGR 1000 Series Cisco IOS image is:
https://software.cisco.com/download/navigator.html?mdfid=284165761&flowid=75122
For details on the CGR1000 installation, please see:
http://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/cgr1000/ios/release/notes/OL-31148-05.html#pgfId-998856
This release has the following limitations or deviations for expected behavior:
Caveat CSCvf76265 crosses over several different IOS software releases, and is a platform driver code issue. It is included here as a known limitation with the IR800 and CGR Industrial Routers.
On both the CGR1000 and IR800, the core dump fails to write into the local flash. The IOS is running as a virtual machine and then hypervisor is running underneath. The local flash is provided by the hypervisor as a virtual disk. When a crash occurs, this virtual disk is no longer available therefore copying to flash will fail. The workaround is to use an ftp server to copy the core dump to.
The IR807 now supports Virtual LPWA in the same manner as the IR809/829.
See the Cisco Wireless Gateway for LoRaWAN Data Sheet for details.
For details on managing the LoRaWAN (IXM-LPWA-800) Gateway Module interface to IR800, refer to the Cisco IoT Field Network Director User Guide, Release 4.2.x and Release Notes for IoT Field Network Director, Release 4.2.x:
https://www.cisco.com/c/en/us/support/cloud-systems-management/iot-field-network-director/tsd-products-support-series-home.html
Note : The IOx Host Device Management service package needs to be installed for this feature to work.
A new configuration command, hdm-enable, has been added in this release to enable the Host Device Management service:
For more information on IOx, please visit:
https://www.cisco.com/c/en/us/support/cloud-systems-management/iox/tsd-products-support-series-home.html
Previously, IR829 IOx/Guest-OS legacy systems on which end users can host applications, came with a disk storage of 4GB to store user data. Functionality has been added to the IR829 allowing for a module to add 50 GB or 100 GB of mSATA storage.
The pluggable mSATA cards are NOT hot-swappable, the device must be powered down to install or remove it. The cards are installed in the mSATA slot (formerly known as Limited Modularity slot). Additional details are available in the Cisco IR829 Industrial Integrated Services Router Hardware Installation Guide.
mSATA SKUs lists the new SKUs.
Note : Functionality-wise, there are no configuration and troubleshooting differences to the end-user in IOS or IOx, with or without mSATA. The system simply recognizes the additional storage.
There are some CLI commands that will show information that pertains to the mSATA storage. Examples are show inventory, and show platform msata.
In the above example, new output is shown in blue. Note that the IR829 PID changed to IR829M if the mSATA is available. The mSATA PID states if it is a 50GB or 100GB module. The same information is displayed using the show diag command as well.
Note : The above information is shown in the show diag command as well.
There are some new SNMP OIDs created for the new IR829M SKUs.
See the following documentation for additional information:
Cisco IR829 Industrial Integrated Services Router Hardware Installation Guide.
Cisco IR800 Integrated Services Router Software Configuration Guide
Cisco IOx Documentation is found here:
https://www.cisco.com/c/en/us/support/cloud-systems-management/iox/tsd-products-support-series-home.html
The following documentation is available:
■Cisco IOS 15.7M cross-platform release notes:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/15-7m/release/notes/15-7-3-m-rel-notes.html
■All of the Cisco IR800 Industrial Integrated Services Router documentation can be found here:
http://www.cisco.com/c/en/us/support/routers/800-series-industrial-routers/tsd-products-support-series-home.html
■All of the Cisco CGR 1000 Series Connected Grid Routers documentation can be found here:
http://www.cisco.com/c/en/us/support/routers/1000-series-connected-grid-routers/tsd-products-support-series-home.html
■IoT Field Network Director, 4.2.x
https://www.cisco.com/c/en/us/support/cloud-systems-management/iot-field-network-director/products-installation-and-configuration-guides-list.html
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Note : You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
show run does not reflect show line stats when line configs pushed through stty from Guest-OS
Symptoms : Functionally there is no impact. the show line CLI reflects the correct data. The show run | i line' CLI alone reflects the same information for both line1 and line2, only when pushed from Guest-OS.
Workaround : N/A, no functional impact.
Serial relay line propagation not working from guest-os after making config edits in IOS
Workaround : Configuration can either be pushed from the Guest-OS or IOS. If using both interchangeably, you need to execute 'no relay line propagation' or ' relay line propagation' each time.
IOS image fails to boot if env var set in rommon mode
Symptoms : IOS image will not bootup from rommon2
Workaround : Set BOOT_IOS_SEQUENCE=0
Autoboot sequence sometimes stops at 16, instead of 20.
Symptoms : When there is a boot failure, for example a bootable image is not found, autoboot sequence failure should go all the way to 20. On occasion, the retries will only attempt 16 or 17 times.
The following caveats are fixed with this release:
Dynamic MAC learning fails with 'mac-address-table secure' configuration
Autoboot suspension on repeated toggle during IOS bootup changed from 4 to 20.
Symptoms : To prevent constant IOS boot loop, for example with a bad configuration, the reboot loop to has been locked at 20. This helps prevent battery drain. The previous value was 4, now it has changed to 20 to give more leeway.
Workaround : In rommon mode, manually set BOOT_IOS_SEQUENCE=0. This is a new feature enhancement.
Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability.
Symptoms : A vulnerability in the Cisco Network Plug and Play application of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data using an invalid certificate.
The vulnerability is due to insufficient certificate validation. An attacker could exploit this vulnerability by supplying a crafted certificate to the affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections.
Conditions : Device configured with the Cisco Plug and Play feature enabled and, with the PKI API feature enabled.
Special Note : Be aware that from this release going forward, Plug and Play made subject name alternative as mandatory field.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.