Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.
 Note |
Explore Content Hub, the all new portal that offers an enhanced product documentation experience. Content Hub offers the following features to personalize your content experience.
|
New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.12.1a
Note |
When you upgrade from one IOS XE release to another, you may see |
New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.1a
-
Unclassified MAC Initiator with IANA—ISG IPv6 sessions are based on the unclassified MAC address of the subscriber. If you use DHCPv6 for IPv6 addresses, ISG creates subscriber sessions based on DHCPv6 packets with the IANA option.
-
Online Diagnostics —The online diagnostics contain tests to check different hardware components and to verify status of the software process and interfaces. The online diagnostics tests detect problems in areas such as hardware components, software process, and interfaces.
-
IPv6 Prefix for VxLAN Static Route—IPv6 over IPv6 and IPv6 over IPv4 encapsulation is introduced for VxLAN tunnels. The VxLAN tunnels that operate at more than 10 Gbps now has the following encapsulations :
-
IPv6 over IPv4
-
IPv6 over IPv6
-
IPv4 over IPv6
-
IPv4 over IPv4
-
-
Bridge-Domain Virtual IP Interface—The Bridge-Domain Virtual IP Interface (VIF) now connects multiple Bridge Domain Interfaces (BDI) with a single BD instance so that each IP subnet within an L2 network can be associated with a single VRF.
-
IPv6 support for Encrypted Traffic Analytics —Encrypted Traffic Analytics (ETA) uses passive monitoring, extraction of relevant data elements, and supervised machine learning with cloud-based global visibility. ETA is now extended to IPv6 addresses to identify malware communications in encrypted traffic.
-
Support for Federal Information Processing Standards (FIPS)—Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal Government for use in computer systems by non-military government agencies and government contractors. Ensure to configure devices to use only FIPS approved algorithms (even though devices prevent the use of non-FIPS compatible algorithms in the FIPs mode) because some functionalities may fail in the FIPS mode if the device attempts to use non-FIPS compliant algorithms.
-
EVC with MACSec—The Ethernet Virtual Circuit (EVC) support on MACsec and MKA feature provides the functionality to detect EVC and to bring up the physical interface that matches the EVC criteria. With this functionality, users can transport layer 2 traffic from multiple enterprises over a WAN link and independently secure their traffic with MACsec over EVC.
-
SISF support for multiple IA_NA and IA_PD—For Switch Integrated Security Features (SISF)-based device tracking, support has been added for multiple IA_NA and IA_PD. When SISF analyzes a DHCPv6 packet, it examines the IA_NA (Identity Association-Nontemporary Address) and IA_PD (Identity Association-Prefix Delegation) components of the packet, and extracts each IPv6 address contained in the packet, enabling SISF and any components that depend on SISF to be aware of all IPv6 addresses assigned to each network device.
-
Detailed error reporting of invalid commands in NETCONF session—Added the netconf detailed-error command, which adds helpful return codes to the network configuration protocol (NETCONF) output if an invalid command is executed in a NETCONF session.
-
BGP Support for TCP-AO—On a secure control plane, BGP uses Message Digest 5 (MD5) algorithm as the authentication mechanism. It uses TCP API to configure the keychain on a TCP connection. When authentication is enabled, any Transmission Control Protocol (TCP) segments belonging to BGP are exchanged between peers, verified and accepted only if authentication is successful.
-
Cisco Discovery Protocol over IPv6 Tunnels—The Cisco Discovery Protocol (CDP) delivers traffic through GRE IPv6 tunnels from other protocols and allows routing of IPv6 packets between private networks across public networks with globally routed IPv6 addresses.
-
PFS for GETVPN—If a Group Member (GM) is compromised, an attacker may access saved long-term keys and messages. With Perfect Forward Secrecy (PFS) for GETVPN, the attacker cannot use the keys and messages to obtain the keys of past or future sessions. Thus, the attacker cannot obtain keys to decrypt recorded or future communication.
-
TCP Authentication Option—TCP Authentication Option (TCP-AO) replaces TCP MD5, TCP-AO protects long-lived TCP connections against replays using stronger Message Authentication Codes (MACs) than TCP MD5. TCP-AO is resistant to collision attacks, and provides algorithmic agility and support for key management.
-
TCP-AO Support for SXP—CTS SXP peers exchange IP-SGT bindings over a TCP connection. TCP Authentication Option (TCP-AO) enables you to guard against spoofed TCP segments in CTS SXP sessions between the peers.
-
Web User Interface —Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on Web User Interface from Cisco IOS XE Gibraltar 16.12.1a:
-
Viewing File Manager
-
Configuring Trustsec
-
Monitoring Trustsec Statistics
-
-
Yang Data Models—For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16121/BIC Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release
-
Multi-SA Support for SVTI—You can define and associate an Access Control List (ACL) with an SVTI to select traffic between specific source and destination proxies. By associating the ACL, you are modifying the default configuration that uses a single any-any traffic selector and for every non-any-any traffic selector, IPSec SAs are created so that multiple SAs can be attached to an SVTI.
-
Show tech ospf—You can specify a vrf-instance with the show tech-support ospf command so that the following commands are executed for the specified VRF:
-
show ip route summary
-
show ip route ospf
-
-
Syslog Messages for excessive tmpfs usage—Two new syslog messages are generated to alert excess memory consumption by tmpfs.
PLATFORM-3-TMPFS_WARNING is generated when the tmpfs memory usage exceeds 40% of the total DRAM capacity.
PLATFORM-3-TMPFS_CRITICAL is generated when the tmpfs memory usage exceeds 50% of the total DRAM capacity.
-
Show command updates for SRTP Rollover Counter (ROC)—The output of the following commands is enhanced to display SRTP ROC information.
-
show voip fpi calls
-
show voip fpi stats
-
show voip rtp connections
-
Note |
The last supported release for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor (ASR1000-ESP20) is IOS XE release 16.12.x. |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.1a
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.1a
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
isdn cause-location command support for switch-type primary-ntt |
|
|
show running-config | format with DHCP pool results in a reload |
|
|
BGP event crash@bgp_afpriv_imp_is_imported_path |
|
|
config revert Rollback visible in console and locks up config from VTY |
|
|
BFD flaps everytime with dynamic tunnel creation in DMVPN |
|
|
Watchdog crash within mgcpapp_free_sys_event_Q event dequeue loop after running 'ccm-manager config' |
|
|
Crash seen after configuring SCP path under archive |
|
|
High CPU due to Alignment Corrections - SMEF & IWAN |
|
|
The requirement to shutdown dialer interface before its deletion causes an issue for vManage |
|
|
Router fails to reserve necessary ports for VPN traffic (UDP 500 & 4500) for ISAKMP |
|
|
netconf/yang or telemetry retrieval of /trustsec-state/cts-rolebased-policies breaks |
|
|
Router may crash when a SSH session is closed after configure TACACS |
|
|
Crash after CPUHOG in ISDN L2D SRQ Process |
|
|
Signaling interface inactive on "show snmp mib ifmib ifindex de" on IOS 16.6.3 |
|
|
ASR1000 node in HA pair might crash due to punt-keepalive failures |
|
|
MPLSoVPN: Change behavior of default route in NHRP. Must insert 0.0.0.0/0 instead of /32 |
|
|
MACsec SAP 128 Bits doesn't work with network-essentials license |
|
|
DSM-3-INTERNAL: Internal Error : No DSM handle provided traceback on TDM voice gateway |
|
|
Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656390E15 |
|
|
ASR1001-X throwing: ETH_SPA_MAC-3-SPI4_ERROR: SIP0/1: Marvel MAC |
|
|
Software crash due to memory corruption after packet trace was enabled. |
|
|
SR: CFLOW input intf index is 0xffffffff for Service-engine DSP module interface |
|
|
Netconf shows each overwrite of cts role-based sgt-map command |
|
|
ARP HA and other clients sync together causing high cpu on CBR |
|
|
DHCP Server sends Renew ACKs to Clients with 00:00:00:00:00:00 MAC in L2 frame |
|
|
Add support for DHCP "utilization" CLI in Cisco-IOS-XE-dhcp YANG model |
|
|
PBR doesn't work for dialer intf when it doesn't have fixed ip address |
|
|
ASR1002-HX crashed after huge traffic is transmitted over it |
|
|
Login banner does accept banners over 238 characters |
|
|
tclsh: socket -server open <port> allows multiple bindings in IOS-XE |
|
|
Device crashing if we unconfigure the NTP on the device |
|
|
Async line not visible in show run and show int brief output but visible in show line output |
|
|
Negating dialer watch-list command without alterning the entered CLI command. |
|
|
Crashed while checking condition debug |
|
|
Memory leak in SMD process due to AAA Idle-timer not being freed |
|
|
ASR1006X linecard down after Active RP3 OIR |
|
|
Crash while processing ISIS updates when DiffServ-TE is enabled |
|
|
MQIPC memory corruption resulting dot1x/MAB not working for wired clients |
|
|
Static Nat fails to translate SIP Trying L7 header |
|
|
3850 sending hostname as NAS-ID |
|
|
High Memory utilization due to Wireless Manager IOSD process |
|
|
With 3 KS in COOP, overlapping KSSID range is not detected |
|
|
Modified EIGRP timers on Virtual-Template put all associated Vi interfaces into passive mode |
|
|
NTP template attach fails with a non default vrf and source interface configured |
|
|
After reload, standby can't join stack due to crash in rbm_request_new() |
|
|
16.11:ASR1k:ESP-X: Lisp mroute verification failed for eid vrf. |
|
|
The WS-C3850-48XS stack crashes due to LACP |
|
|
VRF Associated to an interface is not considered as associated with pim sparse-mode configurations |
|
|
ASR1000-2T+20X1GE interface speed change from 100 to 1000 after switchover |
|
|
TCP port takes 4 minutes to get released after it is closed |
|
|
Reorder ip nat configuration - to be placed after ip http configuration |
|
|
C3PL (Cisco Common Classification Policy Language) changes for CSCvn56365 AppNav-XE WAAS issues |
|
|
ASR1000 Process = TUN ETHER Thread crash |
|
|
ASR1000 Crash on device when SNMP walk is done while configuring QoS on interface. |
|
|
TACACS group server is not seen, when "transport-map type console test" is configured. |
|
|
Incorrect Bandwidth Calculation for Priority Level 2 on 100 gig Interface |
|
|
RP3 Punt Interface May Drop Traffic Due to VLAN Filter Hardware |
|
|
Device is getting crashed on the "cts role-based enforcement" |
|
|
Cisco TrustSec crash while processing CoA update |
|
|
Static NAT configs missing in netconf get-config |
|
|
DMVPN Phase 2 shortcut triggered from a spoke behind PAT may end up in stuck DNX state |
|
|
class-attributes support in ISG radius proxy scenario |
|
|
Tunnel PMTUD not being aged out after PMTUD ager timer expires |
|
|
Router crashed when printing logs while constructing rekey packets (GETVPN) |
|
|
FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload |
|
|
Subscribers cannot re-login due to CoA time-out (lite-sessions in routed mode) |
|
|
%CTS-3-SAP_MANUAL_PMKID_MISMATCH: PMKID Mismatch when primary switch failover in a 6 switch stack |
|
|
Input CRC counter increasing on Tengi interface. |
|
|
EIGRP session is not coming up if the dynamic PBR is applied on interface |
|
|
Router reloads on 'show track' command when there is track object for deleted serial sub-interface. |
|
|
AAA Common Criteria writes password in cleartext to configuration on change |
|
|
Int index is 0 for the Cellular inteface in the exported flow |
|
|
SISF-3-INTERNAL: Internal error, Cannot create binding entry -Process= "SISF Main Thread" |
|
|
Showing wrong release version in 'show eigrp plugins' |
|
|
Client can not get DHCP address again when the Client's ARP entry remained |
|
|
Split DNS in case of UDP query to WAN interface IP via LAN interface |
|
|
SUP reload after running the command " show plat hard qfp act infr bqs debug qmrt_dump " |
|
|
Radius attr 32 NAS-IDENTIFIIER not sending the FQDN. |
|
|
Correction to Quick RP3 recovery after the Punt Path XAUI link goes down |
|
|
%QFPOOR-4-TOP_EXMEM_USER reports negative memory allocation |
|
|
PKI "revocation check crl none" does not fallback if CRL not reachable |
|
|
Polaris : Changes for sending vlan attrs in access request |
|
|
Router crash while executing show commands using '|' (pipe) to filter the output. |
|
|
BUILT-IN-2T+20X1GE - VLAN bytes and packets counters are frozen. |
|
|
"no autostate" will auto add after re-configure svi interface |
|
|
Memory overlay crash when using include-cui |
|
|
Priority queueing on port-channel interfaces causes frame re-ordering. |
|
|
SCCP Application does not clear failed sockets leading to leak and socket pool exhaustion |
|
|
Packet drop occurs after acl permit configurations |
|
|
IPSLA IPv6 ICMP Probe is showing status as OK with no IPv6 connectivity |
|
|
ASR1001-X crashed upon receiving Radius Access-Accept message |
|
|
Reload initiated via SNMP on IOS-XE causes a crash |
|
|
Cellular interface lte Network Selection Mode switches to manual |
|
|
IPV4 routes on the global routing table learnt via BGP refreshes upon adding or removing a VRF |
|
|
Unable to remove "logging source-interface <if-name>" command on 3850 |
|
|
Router crashes when removing a crypto map |
|
|
Class map containing no-match result-type method dot1x none never results in success |
|
|
FMAN crash due to Flexible Netflow (fnf) |
|
|
SDA:16.9.2S - Arp issue during wired host mobility |
|
|
Crash on an LNS router in process ACCT Periodic Proc |
|
|
Replace all BGP/route-map communities in "set community" array with <edit-config> "replace" operatio |
|
|
PKI incorrect fingerprint calulation during CA authentication |
|
|
SRTE ODN: After removing "mpls traffic-eng router-id loopback" OSPF not adv links in TE opaque LSA |
|
|
Router crashing after upgrade due to Crypto commands "Block overrun at 284B2160 (red zone 000110DF)" |
|
|
Traceback: Error seen after tunnel flap: DATACORRUPTION-1-DATAINCONSISTENCY |
|
|
16121: ISIS local-LFA repair path has no label causing high convergence |
|
|
WSMA crash formatting show command output |
|
|
Crash at NAT clear |
|
|
Router crash when running show aaa user all command |
|
|
Crash during SSO config sync |
|
|
16.11.1-systest: Segmentation fault : CEF bgrnd process with DUT reload with Sw to Rtd port |
|
|
When roaming to another AP, services received from RADIUS are not applied to the session |
|
|
Interface is not joined to mcast map-notify after reload |
|
|
IOS-XE DHCP server creates option 125 with invalid format |
|
|
Dot1x Users MAc address not present on the correct Vlan after SSO |
|
|
MaxSusRate is not working with service class |
|
|
IOSXE - firewall corrupts half open list |
|
|
SDA-FHR not registering multicast source with RP |
|
|
Crash at Process = SCCP Auto Config |
|
|
SISF not honoring 1 IPv4-to-MAC rule when DHCP ACK comes from a different VLAN (via Relay) |
|
|
AirOS Parity : Local to Radius Fallback failing for Webaut and TACACS for 9800 |
|
|
CTS PACS not downloading to the devices |
|
|
CTS Environment-data is not getting refreshed on the device |
|
|
HSRP VIP is not reachable locally |
|
|
ASR1000/16.9.2 - Duplicate entries in dangling list |
|
|
FXS - no busy tone is generated on remote-onhook condition with call pickup scenario |
|
|
"ip nat translation port-timeout" limited to overflows after reaching 16bit |
|
|
GC NAT unable to detect dns packet |
|
|
ASR1000 crashes by handling DHCP packet |
|
|
IPSec-Session count in "show crypto eli" reaches max causing VPN failure |
|
|
Missing Calling-Station-ID in Accounting Ticket for Web-Tal locations |
|
|
dot1x dynamic voice assignment failure after data domain auth such |
|
|
MACSEC license is not being consumed for sub-interfaces |
|
|
When sending account-logon ISG do not reply with ACK nor NACK. |
|
|
Identity policy won't update after config changes. |
|
|
[SDA] [PI changes] No audio during first few seconds of voice call between 2 Fabric Edge |
|
|
ASR1001-HX: Excessive pause frames (IEEE802.3x compliant) affect traffic on other interfaces |
|
|
IOS-XE ACL port information preserved after encapsulation |
|
|
tdl_fw_stats in FMAN logs errors |
|
|
L3VNI:VPNv4 routes are not imported into BGP-EVPN upon reload/SSO while VPNV6 routes are imported |
|
|
Ping failure on Port-channel sub interface when is using EVC in main port channel |
|
|
GetCACaps is using wrong CA-IDENT when using enrollment profiles |
|
|
Crash when polling IPForwarding MIB |
|
|
Traffic stops flowing on Xconnect tunnel when upgraded to 16.9.2 |
|
|
Read and Write lock fix for ACL cache |
|
|
Observing 100% CPU utilization for sessmgrd |
|
|
Overlay BGP down when configured "ip nhrp server-only" |
|
|
When sourcing Radius from loopback in VRF, auth right out of boot up might fail |
|
|
Hierarchical QoS stops working on GRE tunnel if dest route flaps between 2nd tunnel and physical int |
|
|
Client with VNID override on roaming gets into authorization failure due to vlan 0 |
|
|
LISP: "flood" configuration broken under "instance / service ethernet" submode |
|
|
sdwan isr receiving any SOO changes AD to 252 |
|
|
Incoming ESP packets with SPI value starting with 0xFF are dropped due to Invalid SPI error |
|
|
L2VPN - Xconnect - filtering of LDP targeted hellos using ACL not working |
|
|
Nas Identifier not sent in Accounting Packet |
|
|
Delay on sub interface doesn't match physical interface causing issues for routing |
|
|
"no cts role-based enforcement " is not honored and enforcement continues to happen |
|
|
When FQDN used for APN, IOS DNS resolves FQDN to IP, but GTP stays in DNS pending and IP 0.0.0.0 |
|
|
ISR4K: Router crash due to twice memory release |
|
|
Tail drops on IPSLA sender when using scaled udp-jitter probes |
|
|
ASR1000: VLAN counter mismatch on sub-interfaces |
|
|
Bad root chunk pointer in chunk header post SSO - ASR1000 |
|
|
MGCP GW doesn't reset SSRC/ROC on receiving MDCX with new IP/port/SDP parameter for SRTP call. |
|
|
On-Prem DMVPN fails to establish a dynamic tunnel between Spoke nodes. |
|
|
GETVPN suite-B does not work on ASR1006x router |
|
|
static nat which has been deleted is shown when show ip nat translation |
|
|
VG3x0 - groundstart voice-port configuration removed after reload |
|
|
Incomplete arp in management interface |
|
|
Counters of interfaces are reporting inexistent peaks |
|
|
Engine keyword missing after "show utd engine standard statistics url-filtering" |
|
|
Crash due to too many DSPs |
|
|
%DATACORRUPTION-1-DATAINCONSISTENCY: due to PMIPv6 |
|
|
HTTP Client inside IOS-XE incorrectly reports "Invalid IP address in Hostname" for legal IP address |
|
|
ISG : Changes in circuit-id and remote-id are not reflected after roaming |
|
|
Crash when running show crypto map |
|
|
isdn cause-location command support for switch-type primary-ntt |
|
|
Should provide a repair path for the Strict SID even when the repair path is NOT a TI-LFA |
|
|
Router crashes when "tod-clock revertive" command is executed |
|
|
crash at sisf_show_counters after entering show device-tracking counters command |
|
|
ip dns primary command does not get removed |
|
|
Standby crash during ISSU |
|
|
Ucode crash when PfRv3 and IPv6 monitor are configured on the same tunnel with IPv6 VRF configured |
|
|
ASR1000: Crypto Engine remains in stuck state post dataplane crash |
|
|
IPsec SA installation fails with simultaneous negotiations despite fix for CSCve08418 |
|
|
Crash when "show running" is used |
|
|
no login on-success log CLI does not persist across device reloads |
|
|
Crash after Media monitor look up. |
|
|
"encr aes 256" config removed from CDB & invisible to netconf/yang and restconf |
|
|
NIM-2FXS/4FXOP crashing due to DSP failed to reply properly |
|
|
SRMS tries to build a snapshot when there are no SIDs |
|
|
CiscoFlashFile - Get-Next request takes longer time for last file on directory. |
Open Bugs for Cisco IOS XE Gibraltar 16.12.1a
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Polaris 16.3.1 : Machine and bus error failures in ESP20 |
|
|
3650: pnp profile config causes line console config to be copied over to vty after "show run" |
|
|
Excluding cisco802TapMIB or ciscoTap2MIB should not require Lawful Intercept licence |
|
|
BGP Oper model rpc reply error with aggregate bgp ipv6 route. |
|
|
ASR1000: RP3 crash due to punt-keepalive failures |
|
|
ASR1000 routers crashed when TCM received an illegal command from the ucode |
|
|
Add ERROR message over IOS console when HSPRDA TCAM region gets full |
|
|
EVPN Prefix import Count/Limit show incorrectly |
|
|
Async lines configuration is not retrievable over netconf |
|
|
BGP looped update among 3 peers |
|
|
"Radius-server attribute 31" command broken on LNS when LAC sends Remote-Id string |
|
|
QoS counter didn't generate at ASR1001-X |
|
|
ASR1001-HX: bay1 1G link stays up when Rx cable of remote end is removed |
|
|
Router crashes after snmpget to OID related to NHRP |
|
|
DMVPN - Packet is encapsulated but not encrypted going out DMVPN tunnel |
|
|
Error messages seen when configuring "logging persistent protected" on ASR1K routers |
|
|
16.12.1 SIT: UNIX-EXT-SIGNAL: Segmentation fault and Memory related crash during SXP bringup |
|
|
Additional display for incorrect profile with reset on backoff : |
|
|
Crash while BGP was updating rib table |
|
|
Device crashed @ radius_io_stats_timer_handler due to dynamic-author |
|
|
Revert the changes of CSCvo75201 in rel21 |
|
|
.py file check is not done while registering the policy and the error is seen |
|
|
BGP evpn table and vrf table out of sync |
|
|
SSH: host_key->name is not null after reload which prevents SSH from starting up |
|
|
Egress shaping on port-channel sub-intf tail dropping traffic long before rate |
|
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" |
|
|
ASR 1000 sub-interface counters wrong. |
|
|
BRI leased line can't come up automatically after remove/insert one side's cable |
|
|
Get-Config using NETCONF interrupted if authenticated with TACACS+ |
|
|
shaper of the internal crypto interface is incorrectly programmed |
|
|
IP SLA react for packetloss and successivepacketloss do not set $_ipsla_react_type in EEM |
|
|
AppNav: Optimization failed with Asymmetrical traffic, VRF, FNF and NBAR |
|
|
Router crashes with ZBF HA sync. |
|
|
OBS : PE ignores IGP metric while advertising the MED value to CE |
|
|
BGP YANG oper address-family fails with vpnv4-unicast |
|
|
BGP updates missing ISIS advertising-bits when redistribute level-1 is applied |
|
|
Unable to configure half duplex on cEdge |
|
|
The switch crashes when processing a 'unknown' message from 'PKISSL read mqipc'. |
|
|
Router is on Bootloop after QoS configuration. |
|
|
Interfaces with 'shutdown' configuration in UP state |
|
|
Netconf-yang service not starting properly |
|
|
CiscoFlashFile - Get-Next request takes longer time for last file on directory. |
|
|
"Clock: inserting leap second" message doesn't output on NTP client when leap second inserted |
|
|
F0: fman_fp unexpectedly crashed with exmem chunk alloc |
|
|
Delay during vrf aware bgp address-family configuration over netconf |
|
|
Static routing redistribution under RIP with route-map is not working after reload |
|
|
ASR 1000 BDI not working properly for packet fragmentation - very small fragments are getting dropped |
|
|
DMVPN | Spoke to Spoke traffic fails when Tunnel initiated by Tunnel IP to tunnel IP pings. |
|
|
ASR1000: ucode crash @ uidb_subblock_lookup__output_nat_sb |
|
|
Supervisor reloaded due to cpp_cp_svr process crashing |
|
|
cpp_cp_svr crash in cpp_bqs_rm_yoda_select_sch_exponent |
|
|
Supervisor reload due to cpp_cp_svr crash. |
|
|
mip crash reloading the router |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.2s
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2s
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
IOS-XE NAT - protect customer data |
Open Bugs for Cisco IOS XE Gibraltar 16.12.2s
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
NA |
There are no open caveats in 16.12.2s |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.3
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.3
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Note |
In Cisco IOS XE Release 16.12.3, the semantic version number for the YANG models is not updated and is therefore not accurate. However, this limitation does not impact the functionality of the YANG models |
|
Caveat ID Number |
Description |
|---|---|
|
AFW_application_process triggers a crash with voice conference |
|
|
ISR 4000 Reloads Unexpectedly, Crashing in the "IP NAT Ager" Process |
|
|
CME/BE4K SNR: Crash when config changes are made while SNR call is active |
|
|
ASR 1000/ISR 4000 Calls fade to no-way audio due to media inactivity detection after 20 minutes |
|
|
ISR G3, ASR 1000 crash after VoIP AAA test |
|
|
Router crashes due to Segmentation Fault when 'ccb' gives a NULL Pointer |
|
|
IPSEC install failed IPSEC_PAL_SA shows "unexpected number of parents" |
|
|
Unexcpected reboot when copying anchorspi context from parent to child. |
|
|
ESP ucode crashed when running NAT with bpa (CGN) |
|
|
GetVPN-ISR4461// Getvpn traffic is failing with Transport mode with all the versions. |
|
|
ISR 4000 : Crash seen at Process Exec |
|
|
ISR 4461: Large un-fragmented IPSEC packets cause router to crash |
|
|
CUBE is updating the resolved IP only after the REGISTER expires |
|
|
C9800:ISSU: wncd crash@ crypto_engine_pk_crypto during ISSU downgrade scenario |
|
|
IOS-XE crash after doing a SCEP enrollment |
|
|
ISR 4000 router crash during updating the OpenDNS bypass allowed list |
|
|
Process = Exec crash seen on dmap longevity testbed with clear cry sa peer several times |
|
|
Crash triggered with IPv6, IPv4, PPPoE, PortChannel and NAT |
|
|
IWAN High CPU and Memory |
|
|
GETVPN: IpsecInvalidSA drops are seen on ESP200X/ESP100X after %LOGGER-6-DROPPED: message |
|
|
IWAN crash related to DCA channel |
|
|
Router crashed on removing trustpoint on dspfarm profile |
|
|
ISR 4000 only: MGCP status remains Down and does not register with CUCM after a reboot or power cycle |
|
|
ASR 1000 ucode crash after too many locks in ZBF pair setup |
|
|
ALG with NAT trigger a crash when a DNS writeback occurs |
|
|
IOS-XE ZBFW Crash When Exceeding Half-Open Session limit |
Open Bugs for Cisco IOS XE Gibraltar 16.12.3
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Update statistics from Oecteon viptela code to platform |
|
|
Correct the severity level of logs generated by smart-agent |
|
|
Delay of 30 sec while creating a new config file for phone using tftp. |
|
|
IOS: Prevent crypto ACL change if already mapped with crypto map configuration |
|
|
ISR4k Crash seen in skinny_unreserve_xcode_stream on 16.9 |
|
|
CME Crash with call to shared line when 1 setup leg is NULL |
|
|
Need to check qfp ucode crash with RTCP traffic - chunk memory corruption in RTCP path |
|
|
Cube might crash when sending a SIP message over TLS |
|
|
HSRPv2 crash whilst retrieving group from received packet |
|
|
ASR 900 autoRP listener functionality issue |
|
|
Remove show ip/ipv6 access-list from syncfd-<ewlc-SIT>17.1-Observed Traceback followed by IOSD crash |
|
|
getvpn suiteb:KS sends delete payload to gm's while scheduled rekey after primary KS dead/readded |
|
|
ASR 1000 crash in NAT code when processing PPTP traffic |
|
|
yang missing for "ipv6 locator reachability minimum-mask-length 128 proxy-etr-only" |
|
|
power event detected when connect with switch module |
|
|
IOS crash in DHCPd Receive with Unnumbered interfaces |
|
|
Unexpected reload when issueing show ip mroute vrf <vrf> verbose |
|
|
17.1.1 - Memory leak @ SAMsgThread. |
|
|
"static ip addresses not configured for the list" message |
|
|
Memory leak in CC-API_VCM and CCSIP_SPI_CONTROL |
|
|
Pubd process on the controller goes down, managed by DNA-C 1.3.2 |
|
|
Enabling Telemetry can cause router to crash. |
|
|
SESM Policy-Interface on ISG ignoring Radius Requests on port 1812 |
|
|
Memory leak under CCSIP_UDP_SOCKET / MallocLite |
|
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" and "no shut" interface |
|
|
Cat9K/16.11.1c/SDA- Ingress QOS Service Policy not applying to interface |
|
|
Post SSO, if service template is getting downloaded and switch crashes, client is stuck in authc |
|
|
GETVPN generated core upon RP switchover, cpp_cp crashed |
|
|
SR Labels not installed in forwarding plane when there are multiple sources for the prefix SID |
|
|
rLFA for LDP causes loss of MPLS traffic after RSP switchover |
|
|
9800-L has crashed on Smart Licensing |
|
|
EVPN RMAC stale routes seen |
|
|
Catalyst 9300 Wrong implementation of CBQOS MIB |
|
|
Crash on BGP NSAP address-family when adding CLNS next-hop route-map |
|
|
While upgrading the IOS-XE version from 16.9.2 to 16.9.4 , smart licensing registration was lost |
|
|
Missing constraints and PRCs lead to broken model |
|
|
Random IPSEC drops on ESP200 with esp-gcm transform set |
|
|
Memory Leak in IPv6 ND Process |
|
|
SISF installing target IP of an ARP request when sent with src 0.0.0.0 |
|
|
User cannot login in GUI if present in both local database and AAA server |
|
|
OSPF process crash due to chunk corruption in Flood DB |
|
|
ISR4331/K9 Dialer cannot make calls suddenly |
|
|
RAR: RFC5578 does not work in 16.12 and later |
|
|
heavily oversubscribing the EGRESS interface IPv6 priority traffic is "silently" being dropped |
|
|
4331 16.9.4 QFP ucode crash due to null derefence |
|
|
SDWAN cEdge VRRP fail recovery take 10-15 mins for OMP tracking, with prefix list tracking no output |
|
|
ISR 4221 router with NIM switch module MAB/Dot1x does not start |
|
|
Updating an existing ZBFW policy requires a detach/re-attach to push successfully |
|
|
Interface does down when "l2vpn xconnect" command is removed |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.4
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.4
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Note |
In Cisco IOS XE Release 16.12.4, the semantic version number for the YANG models is not updated and is therefore not accurate. However, this limitation does not impact the functionality of the YANG models |
|
Caveat ID Number |
Description |
|---|---|
|
enable platform ipsec control plane conditional debug might cause FP/QFP IPsec outbound SA leak |
|
|
PfRv3: Crash while Printing the Same TCA Message |
|
|
"logging origin-id ip" seen as 0.0.0.0 in the logs when used with VRF or Management port |
|
|
Crash at the moment of deleting a DVTI |
|
|
Performance Monitor crash |
|
|
CUBE router crashed due to memory corruption in subscription control block |
|
|
SIP phone paging party hears own voice |
|
|
getvpn suiteb:KS sends delete payload to gm's while scheduled rekey after primary KS dead/readded |
|
|
PIM process crashed during clear arp-cache |
|
|
ASR 1000 crash in NAT code when processing PPTP traffic |
|
|
IOS PKI | Intermittently SubCA fails to rollover |
|
|
Dialer interface counter does not correlate to the counter of interfaces bounded to |
|
|
KPML dialing fails after CSCvq20936 commit |
|
|
VSS Experiences Unexpected Reboot Due to PIM process |
|
|
Unexpected reload when issueing show ip mroute vrf <vrf> verbose |
|
|
17.1.1 - Memory leak @ SAMsgThread. |
|
|
ping is not working on port-channel after router reload |
|
|
With CRL fetch failed, stuck at Failed to send the request. There is another request in progress |
|
|
Memory leak in CC-API_VCM and CCSIP_SPI_CONTROL |
|
|
Enabling Telemetry can cause router to crash. |
|
|
Out of IDs in webauth module resulted crash due to memory leak |
|
|
FlexVPN Hub Memory Leak in AAA process when IKEv2 sessions are being established |
|
|
With should-secure traffic is getting blocked when mka moves to init state during key rollover |
|
|
IOS-XE device has memory leak in linux_iosd-imag |
|
|
x509 SSH authentication incorrect UPN value selected |
|
|
SRTP - RTP Crash on ASR with GCM Ciphers |
|
|
rLFA for LDP causes loss of MPLS traffic after RSP switchover |
|
|
NAT Alias not created for some configuration when using application redundancy |
|
|
AnyConnect fails to reconnect when original session expires |
|
|
Crash on BGP NSAP address-family when adding CLNS next-hop route-map |
|
|
show crypto pki server shows wrong expire certificate date |
|
|
Router crash upon receiving a BGP L3VPN route with a color extended community to be imported in EVPN |
|
|
SISF installing target IP of an ARP request when sent with src 0.0.0.0 |
|
|
16.12.3 ZBFW- Firewall stats file for vmanage not generated for inspect/drop traffic |
|
|
CUBE DNS cache clear should be limited only to the matched connection id |
|
|
User cannot login in GUI if present in both local database and AAA server |
|
|
Cisco IOS XE SD-WAN Software Command Injection Vulnerability |
|
|
esg:destination overwhelmed messages are seen on sending high rate TCP traffic leading to iosd crash |
|
|
RAR: RFC5578 does not work in 16.12 and later |
|
|
Config save prompt on reload even after saving config when configured via ZTP |
|
|
Memory leak present after BMP BGP server is enabled |
|
|
Crash due to DHCP relay |
|
|
ASR 1000 : OIR after clock set doesn't save the time in RTC(recommit of CSCvr27554) |
|
|
Interface does down when "l2vpn xconnect" command is removed |
|
|
SD-WAN router running 16.10.3 crashes with cpp_cp_svr fault |
|
|
bgp crash @ bgp_db_ipstr2address when get bgp neighbor via bgp-oper yang |
|
|
cpp_cp_svr fault and fman_fp_image fault on ASR 1002-X routers running 16.12.2r |
|
|
Active RP running Polaris crash when standby running 3.X inserted |
|
|
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability UTD |
|
|
BgpBackwardTransition was sent when peer device links up |
|
|
16.12.3 ZBFW-Mismatch in firewall stats between the device and vmanage |
|
|
ASR 1000 crash at SSS manager sss_info_get_next_elem() |
|
|
ASR 1000:Router stops forwarding traffic with MPLS TE & FRR when member link of port-channel is shut |
|
|
unexpected reload in CPP ucode forced by nat 514 . |
|
|
MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen |
|
|
Part of double encapsulated frames dropped with TunnelDecapTooManyTimes code reason |
|
|
Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI. |
|
|
ASR1002-HX crashing with IPSEC+QoS+DPI+FNF+NAT+ZBFW profile - half open list corrupted |
|
|
SNMP TIMETICKS difference between sysUpTime vs ipslaEtherJAggStatsStartTimeId |
|
|
Omp-tag is not being set via route-map configuration under bgp |
|
|
Route export not working as desired during failover testing |
|
|
Cisco 9800 reloads when processing AVC or FNF |
|
|
Device Crash observed with NAT and once there is traffic from outside |
|
|
cEdge crashes after the push of a template for Umbrella |
|
|
Process sessmgrd crash due to clear radius sg-stats command. |
|
|
Leaf sends packets to a wrong BVI MAC of ASR GOLF routers |
|
|
L2VPN Crash @ Process = XC Mgr |
|
|
Incorrect CEF programming for local SVI |
|
|
1731: ODN Policy for Global prefix still UP even after withdrawing global routes |
|
|
FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer |
|
|
Device reload due to tunnel flapping |
|
|
IWAN routers ISR4K unexpected reload multiple times |
|
|
Incorrect Source IP when resolving DNS |
|
|
CRC increasing on down int Te0/0/20 |
|
|
Incorrect CEF entry for LISP action signal-fwd |
|
|
BGP communities: changes to route-map which sets BGP communities discards existing communities |
|
|
CLI addition to tune MSRP timers |
|
|
IOS-XE MTP Fails to Interwork DTMF RFC2833 from Payload 100 to Payload 101 |
|
|
RAR: PADG and PADC are not being consumed properly. PPPoE session statistics are not matching. |
|
|
vManage FW dashboard doesn't show all matched applications |
|
|
Calls going through T1 are rejected with "no dsps found" Analog/TDM Hairpin calls |
|
|
AVB: msrp stream fails to re-establish after mcast addr change |
|
|
%IP-4-DUPADDR: Duplicate address issue at NAT-HSRP ISR4k router |
|
|
Router crashes frequently on NBAR |
Open Bugs for Cisco IOS XE Gibraltar 16.12.4
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
ASR 1000-lisp:Standby RP complains when eid-table removed from Active RP |
|
|
ASR 1000: lisp instance are not operational with vrf Deletion error |
|
|
Delay of 30 sec while creating a new config file for phone using tftp. |
|
|
Getting below error while pushing template:<bad-command>no license smart enable</bad-command> |
|
|
Remove show ip/ipv6 access-list from syncfd-<ewlc-SIT>17.1-Observed Traceback followed by IOSD crash |
|
|
Synchronization of running configuration failed to Netconf running datastore due to bfd min_rx |
|
|
netconf <edit-config> merge is not working properly |
|
|
vManage should be able to work with cEdge banners in the same way as with vEdges |
|
|
yang missing for "ipv6 locator reachability minimum-mask-length 128 proxy-etr-only" |
|
|
IOS crash in DHCPd Receive with Unnumbered interfaces |
|
|
SESM Policy-Interface on ISG ignoring Radius Requests on port 1812 |
|
|
CFLOW_INSERT ABORT errors continue to increment |
|
|
DDNS triggers a crash when an update is sent to delete an entry |
|
|
CPP crash due to a long QoS Policy and Class name |
|
|
Existing configuration on a cEdge could not be modified by a new template |
|
|
ASR1000 RP2 upgrade fails from 16.9.4 to the 16.9.5 |
|
|
BGP next-hop is unexpectedly set to self in confederation scenario |
|
|
Unexpected Reload due to Sessmgr |
|
|
Crash when configuring eBGP |
|
|
Unexpected reload when using "show radius server-group all" or "show aaa server" |
|
|
missing/corrupt IOS-XE PKSC10 format |
|
|
ASR1002-X ESP crash in multikey_hash_ager_tw_timer_to() |
|
|
ASR1001-X: 'show environment' is no longer monitoring R0 voltage sensors |
|
|
IOS-XE: ACL on Management Interface ignoring ICMP-Type information. |
|
|
IOS-XE device crashed with CGD shared memory corruption freed by FMAN-FP |
|
|
Cisco-IOS-XE-policy yang model incomplete support for match access-group |
|
|
CPUHOGS produced while executing the command - client fireall access-list ? |
|
|
CUBE keeps sending REINVITES to peer legs leading to high CPU and eventually crashes. |
|
|
RP failed after show ip cef command was executed |
|
|
Router May Crash When a SSH session is Closed After a TACACS Configuration Change (Part 2) |
|
|
LTE module unresponsive after test cellular command. |
|
|
EPC not working with netflow enabled. |
|
|
"req plat software trace archive" faills with "STORAGE_TARGET: unbound variable Operation failed" |
|
|
Crash due to a segmentation fault in the "IPsec background proc" process |
|
|
DHCP Offer is going out on the same PMIP tunnel that received it. |
|
|
ASR 1000 - valid Vendor Specific TLV dropped for invalid header length |
|
|
memory corruption in IOMEM in polaris 16.11.1 |
|
|
Crash when tearing down a PPPoE client session |
|
|
Traceback: Standby RSP3 reloads "HSCF Failed to sync private-config" |
|
|
Memory leak in "VTEMPLATE bkgrnd" process leading to isis_delete_isisidb |
|
|
ASR 1001-X in Partial Collection Failure |
|
|
CBR8: do not drop malformed dhcp option 125 packets |
|
|
ASR1000 - 16.9.4 - PLATFORM_INFRA-5-IOS_INTR_OVER_LIMIT +TB when sessions at scale |
|
|
CUBE fails to send calls with below error after updating IOS to 16.9.5 Error (Resource busy) |
|
|
RADIUS not sent for 802.1x |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.5
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.5
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.|
Caveat ID Number |
Description |
|---|---|
|
Mishandling of dsmpSession pointer causes a crash |
|
|
EIGRP IPv6: "show ipv6 protocols" might cause a crash when a route-map is used as a distribute list |
|
|
NHRP process crash on using same tunnel address on multiple spokes |
|
|
New IP/PPPoE subscribers not reachable after port-channel reduced to single member link |
|
|
Crash in dbal_tunnelmgr_tunnel_notify_dst_close, with tls tunnel |
|
|
DDNS triggers a crash when an update is sent to delete an entry |
|
|
CPP crash due to a long QoS Policy and Class name |
|
|
PI - Loopback IP are advertised with local-label instead of imp-null |
|
|
Router crash when doing show bgp ipv6 unicast summary' |
|
|
Unexpected Reload due to Sessmgr |
|
|
Physical policy cannot be clean up with QoS policy in suspended mode on PPPoE Dialer |
|
|
ASR1002-X ESP crash in multikey_hash_ager_tw_timer_to() |
|
|
ASR1001-X: show environment is no longer monitoring R0 voltage sensors |
|
|
IOS-XE: ACL on Management Interface ignoring ICMP-Type information. |
|
|
Remove duplicate license keyword from show platform software license command |
|
|
Unexpected reload when UC wsapi CLI is enabled. |
|
|
CSCvu04665: CUBE keeps sending REINVITES to peer legs leading to high CPU and eventually crashes. |
|
|
RP failed after show ip cef command was executed |
|
|
Router May Crash When a SSH session is Closed After a TACACS Configuration Change (Part 2) |
|
|
"req plat software trace archive" faills with "STORAGE_TARGET: unbound variable Operation failed" |
|
|
Crash when tearing down a PPPoE client session |
|
|
CLI should be auto-upgraded from "tacacs-server" cli to newer version while upgrading |
|
|
SSH/SCP does not work from vManage to cEdges in MT setup |
|
|
Evaluation of CVE-2020-10188 - Cisco IOS XE Persistent Telnet |
|
|
ASR 1000 / 16.9.4c / MKA control traffic not forwarded out on L2VPN |
|
|
cpp_cp_svr_ledp crash seen during SIT Regression |
|
|
Static NAT outside breaks locally generated TCP/UDP traffic |
|
|
High memory usage after enabling tunnel interface with "mpls nhrp" configured leading to crash |
|
|
Snort initiate reset and Failed to load - Real websites in Browser |
|
|
SRST router reload unexpectedly |
|
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
|
ASR-1002X lost all configuration after upgrade from 16.12 to 17.3 |
|
|
CUBE router crashed due to memory corruption in subscription control block |
|
|
Remote EID space prefix not installed in CEF when overlapping prefix exists as Local EID |
|
|
Assertion Failed in MFIB causes Catalyst 9500 Switch to crash |
|
|
ASR-1000: Tracebk at be_data_inconsistency_error_with_original_ra seen with latest images |
|
|
Unexpected Reload after running 'show voice dsp' command while an ISDN Call Disconnects |
|
|
Day 0 Config Bringup after Power OFF/ON | C1121X-8PLTEP |
|
|
Media innactivity detection getting triggered before timer expiry |
|
|
CUBE shouldnt crash when receiving an REINVITE with stun parameters and stun is not configured |
|
|
Catalyst Switch: SISF Crash due to a memory leak |
|
|
BMP BGP server can lead to CPUHOG and crashes |
|
|
Dynamic insertion/deletion of DTMF interworking fails for midcal negotiation w/REINVITE consumption |
|
|
Removing and Adding Bulk ACL leads to Tracebacks and Error-Objects |
|
|
Crash due to a NULL pointer while bringing down PPPoE sessions. |
|
|
The Cisco Catalyst 9800 Series Wireless Controller crashes when CPP threads get stuck |
|
|
Reload: IOS-XE router crashing due to DN mismatch |
|
|
WNCD crashed after mab failed to allocate memory |
|
|
LIG causes Map-Cache entry to override RIB |
|
|
ASR1001-X ftmd crash: ftm_tunnel_sla_tunnels_get_object |
|
|
Large ACLs may be partially loaded into hardware resulting in unexpected drop |
|
|
bgp crash in bgp_show_network_detail, bgp_imp_find_imported_path_topo |
|
|
PMTU Discovery may negotiate an incorrect MTU on IOS-XE SDWAN routers |
|
|
Large tcp stream fails DNS translation |
|
|
Router may crash when using Stateful NAT64 |
|
|
Having H323 and SIP protocol configured on Voice Gateway can cause crash |
|
|
ASR 1000 Crash on configuring IP NAT inside source list under VRF |
|
|
GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage |
|
|
ASR 1000 crash when ACL deleted following object-group modification |
|
|
Policy-map on a per session QoS is not shaping the traffic as expected |
|
|
SRTP traffic created a HW loop and the QFP crashed. |
|
|
ASR 1000 FMANFP crashes during bootup with memory corruption |
|
|
ASR 1000 NAT66 communication failure when change the NAT66 prefix configuration. |
|
|
"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload |
|
|
Router might crash after apply a class-map in input direction with bandwidth percentage |
|
|
INTRED: Crash seen on BNG+NAT setup with scaled pools and "max-entries all-host "limit being hit |
|
|
APPNAV CFT Crashes |
|
|
CPP ucode crash with fw_base_flow_create |
|
|
ASR 1000 Crashes in ipv6 mgd timer code when removing vrf config |
|
|
ASR 1000 doing KS role for GETVPN is sending malformed rekey packets |
|
|
Bulk-sync failure due to PRC mismatch causes C3k continuous reload |
|
|
erspan classify ucode crash |
|
|
Duplicate Bytes & Packet when Q in Q is configured |
Open Bugs for Cisco IOS XE Gibraltar 16.12.5
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
ASR 1000-lisp:Standby RP complains when eid-table removed from Active RP |
|
|
ASR 1000: lisp instance are not operational with vrf Deletion error |
|
|
Delay of 30 sec while creating a new config file for phone using tftp. |
|
|
IOS crash in DHCPd Receive with Unnumbered interfaces |
|
|
SESM Policy-Interface on ISG ignoring Radius Requests on port 1812 |
|
|
Standards-based IKE Support for Transport IPSec (cEdge) has Implicit ACL |
|
|
Incorrect guard logic between LISP and CEF |
|
|
ASR IOS-XE SDWAN router bfd sessions not coming up if BGP routing is not providing a local next hop. |
|
|
IOS-XE device crashed with CGD shared memory corruption freed by FMAN-FP |
|
|
ASR 1000: harddisk usage is always zero in "show platform resource" for consolidated platforms |
|
|
Punt-Keepalive crash with lsmpi_lo_drv and container app traffic. |
|
|
CBR8: do not drop malformed dhcp option 125 packets |
|
|
CUBE fails to send calls with below error after updating IOS to 16.9.5 Error (Resource busy) |
|
|
ASR1001-X: Issue a cpld reset instead of reboot in kcrash |
|
|
Memory leak in Session Manager Daemon (sessmgrd) by WEBAUTH |
|
|
VTY leaks in CWMP |
|
|
Data Plane fails over L2TPv3 while disabling VLAN limit restrictions with ASR1002-HX |
|
|
Enabling cts enforcement on policy applying FIA on all interfaces |
|
|
L3 connected lite session not coming up , stuck in data-plane(qfp) |
|
|
IOS-XE device fails to install new IPSec SAs |
|
|
NBAR not able to recognize application in a capwap-tunnel |
|
|
[CFD] All APs (1,900+ APs) suddenly lost site assignment from Inventory and are unpositioned on maps |
|
|
ISR4K - NIM-ES2 module soft-reload leads to a memory leak in iomd |
|
|
Disruption of IP communication due to AUTH_DRIVEN_DROP on uplinks when flapping downlink ports |
|
|
Functional: C9300 pki related crash while trying a swim upgrade from DNAC |
|
|
ASR 1000 configured with 'no ip unreachables' sending ICMP Type 3 Code 13 |
|
|
Duplicate entries seen in MAC filter table. |
|
|
ASR -1002-X: Punt keepalive crashed due to bqs related interrupt |
|
|
ASR 1000: fman_rp crash seen on 16.9.X when "show platform software nat RP active logging" is run |
|
|
cEdge directly-connected routes missing from routing table |
|
|
Memory corruption cause we expected a free block - allocated by ldap_perform_start_tls |
|
|
QFP crash in cpp_ess_tc_tgt_if_fm_edit_helper |
|
|
APPNAV CFT crash on ISR |
|
|
ASR 1000 400GB SSD Drive appearing as 20GB |
|
|
Opflex generated Route Distinguisher is not globally unique on ASR1k |
|
|
Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4 |
|
|
ASR 1000 cpp_cp crash w/hierarchical QoS on tunnel interface and source subinterface |
|
|
DDNS feature triggers crash on 16.X/17.X releases due to memory corruption |
|
|
Crash at the moment of calculating tcp header |
|
|
The BFD sessions between cEdge routers are down due to IN_US_V4_PKT_SA_NOT_FOUND_SPI |
|
|
Crash when issuing "show crypto isakmp peers config" |
|
|
ASR 1000 fails to install rekey causing traffic drop |
|
|
APPNAV SMU for CSCvt76844 and CSCvw34157 |
|
|
Memory Leak in IOS_EVENTQ_DB mounted on /tmp/rp/tdldb |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.6
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.6
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.|
Caveat ID Number |
Description |
|---|---|
|
Virtual-PPP interface stats counter is not incrementing for L2TP client initiated VPDN tunnelling |
|
|
GETVPN: Clearing members on Key Server causing rekey processing failure on GMs |
|
|
17.4: EFT Customer having issues while upgrading cEdges from vManage |
|
|
Unexpected reload in NHRP when access to an invalid memory region |
|
|
crypto ikev2 proposals are not processed separately |
|
|
IOS-xe does not correlate indices properly with cellular radio band output |
|
|
IKE should have a mechanism to alert or mitigate resource exhaustion due to QM flooding |
|
|
Rollover certification generation is not consistent on SUBCA |
|
|
handle the NULL ACL template in fman rp shim layer |
|
|
NAT TCP Load Balancing not working on IOS XE |
|
|
Wrong reload reason reflected after a power outage. |
|
|
[DMM/SLM test issue] CFM crash when using physical port, DMM/SLM doesn't work on EVC |
|
|
A router may crash when processing an NHRP packet |
|
|
"insufficient resources" NHRP-ERROR while receiving small rate of NHRP Resolution Requests/second |
|
|
VG400 ENVIRONMENTAL-1-ALERT: RPM: fan1, Location: P2, State: Warning, Reading: 3240 RPM |
|
|
Static NAT conflicts/overwrites with Port-forwarding |
Open Bugs for Cisco IOS XE Gibraltar 16.12.6
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Update statistics from Oecteon viptela code to platform |
|
|
Traceback: fman process generates core during ESP100 bootup |
|
|
ASR1002-HX: not able to initialize hw crypto-engine with non-sdwan image |
|
|
GD- Ucode crashed observed at tw_timer_m40_tick () |
|
|
Cisco 1000 Series ASR: harddisk usage is always zero in "show platform resource" for consolidated platforms |
|
|
ASR1001-X: Issue a cpld reset instead of reboot in kcrash |
|
|
Data Plane fails over L2TPv3 while disabling VLAN limit restrictions with ASR1002-HX |
|
|
ASR1000 ISG: Crash when processing DHCP Request |
|
|
ASR1002-X: Punt keepalive crashed due to bqs related interrupt |
|
|
ASR1001-X: Bug to further address CSCvt08179 : QFP crash due to hardware interrupt |
|
|
False positive alarm: IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL Fan Tray Bay 1 Fan Tray Module Missing |
|
|
Cisco 1000 Series ASR platform crashes when applying a hierarchical QoS policy on the tunnel interface |
|
|
WS-C3850-24XS-S |16.12.5 || High CPU during DNAC-Resync is causing timeout error for SNMP walk. |
|
|
MC-LAG feature cannot preserve administratively shut down sub-interfaces |
|
|
Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit |
|
|
MC-LAG feature on standby device, Subinterface shouldnt change status to UP during ADMIN NO SHUT |
|
|
ASR fails to install rekey causing traffic drop |
|
|
ASR1002-HX running 16.12.5 SDWAN image crashed due segmentation fault in cpp_ipsec_spd |
|
|
DMVPN phase 2 connectivity issue between two spokes |
|
|
Functional : [Shockwave-Patch] : ip helper-address global x.x.x.x is not pushed to FIAB device |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.7
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.7
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.|
Caveat ID Number |
Description |
|---|---|
|
128.0.0.0/2 is installed into CEF as unusable on a PETR after EID-Prefix is removed. |
|
|
Cannot force the switch to ask for option 12 to be assigened from the DHCP server |
|
|
Static NAT entry is injecting a route to Null0 |
|
|
CSR: Missing iid_certs for AWS invite-only regions |
|
|
Prefetch CRL Download Fails |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.8
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Open SSH Vulnerability for IOS-XE platforms. |
|
|
Standby switch crashed due to SISF BT MAC MOV. |
|
|
Catalyst switch reload due to SFF8472. |
|
|
Virtual VRRP IP address unreachable from the BACKUP VRRP. |
|
|
%SYS-2-INTSCHED: 'may_suspend' disabled -Process= "HSRP IPv4" log generate during boot up. |
|
|
RSP3:Err reading data from table dmi-general: Could not get boolean val for feature.side_effect_sync. |
|
|
Catalyst 3850 crashes on creating telemetry subscription. |
|
|
DHCPv6: Memory allocation of DHCPv6 relay option results in crash. |
|
|
LLDP System Description not correctly seen in ISE. |
|
|
SIP call fails egress dial-peer uses "session server-group" and "sip options-keepalive". |
ROMmon Release Requirements
For more information on ROMmon support for Route Processors (RPs), Embedded Services Processors (ESPs), Modular Interface Processors (MIPs), and Shared Port Adapter Interface Processors (SIPs) on Cisco ASR 1000 Series Aggregation Services Routers, see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/rommon/asr1000-rommon-upg-guide.html
Related Documentation
-
Release Notes for Previous Versions of ASR 1000 Series Aggregation Services Routers
-
Hardware Guides for Cisco ASR 1000 Series Aggregation Services Routers
-
Configuration Guides for ASR 1000 Series Aggregation Services Routers
-
Command Reference Guides for ASR 1000 Series Aggregation Services Routers
-
Product Landing Page for ASR 1000 Series Aggregation Services Routers
-
Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers
-
Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide
Feedback