About Cisco ASR 1000 Series Aggregation Services Routers
 Note |
Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.
Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience. Do provide feedback about your experience with the Content Hub. |
Cisco ASR 1000 Series Aggregation Services Routers are Cisco routers deployed as managed service provider routers, enterprise edge routers, and service provider edge routers. These routers use an innovative and powerful hardware processor technology known as the Cisco QuantumFlow Processor.
Cisco ASR 1000 Series Aggregation Services Routers run the Cisco IOS XE software and introduce a distributed software architecture that moves many operating system responsibilities out of the IOS process. In this architecture, Cisco IOS, which was previously responsible for almost all of the internal software processes, now runs as one of many Cisco IOS XE processes while allowing other Cisco IOS XE processes to share responsibility for running the router.
New Features and Important Notes
New and Changed Information
The following sections list the new hardware and software features that are supported on the Cisco ASR 1000 Series Aggregation Services Routers.
New Hardware Features in Cisco IOS XE Everest 16.5.1b
No new hardware features were introduced for Cisco ASR 1000 Series in Cisco IOS XE Everest 16.5.1b.
New Software Features in Cisco IOS XE Everest 16.5.1b
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Everest 16.5.1b.
ACI TrustSec Integration
For detailed information, see the following Cisco document:
Application Hosting
For detailed information, see the following Cisco document:
Attack Surface Reduction: Display Active TCP Ports
To display all the open ports on a device, use the show ip ports all command in User EXEC or privileged EXEC mode. This command provides a list of all open TCP/IP ports on the system including the ports opened using Cisco networking stack.
The show ip ports all command was integrated into ASR 1000 Series Aggregation Routers for the Cisco IOS XE Everest 16.5.1 release.
For detailed information, see the following Cisco document:
http://www.cisco.com/c/en/us/td/docs/ios/lanswitch/command/reference/lsw_book/lsw_s1.html
Autonegotiation Support for SFP-GE-T and GLC-TE
Effective with Cisco IOS XE Everest 16.5.1b, autonegotiation is supported on 1000BASE-T SFP module (SFP-GE-T) and 1000BASE-T SFP module (GLC-TE).
Cisco TrustSec: Externalizing Operational Data (IP-SGT mapping & RBACL permission)
For detailed information, see the following Cisco document:
CUBE Support for SRTP-SRTP and SRTP-RTP Interworking with NGE Cipher Suites
For detailed information, see the following Cisco document:
EEM Enhancements for Actions and Environment Variable Support in Python Policy
For detailed information, see the following Cisco document:
ERSPAN-on-QinQ-sub-interface
For detailed information, see the following Cisco document:
Fast Convergence Support in OSPFv2 and OSPFv3
For detailed information, see the following Cisco document:
Gx Diameter Support for ISG Sessions
For detailed information, see the following Cisco document:
ICMP Inspection Improvement
With the Internet Control Message Protocol (ICMP) Inspection enhancement, after configuring the icmp unreachable allow command, the ICMP packets are passed through the zone-based firewall (ZBFW) even if the ICMP packets do not have Access Control List (ACL) to match ICMP of type 3.
For detailed information, see the following Cisco document:
In Service Model Updates
For detailed information, see the following Cisco document:
ISIS Segment Routing enhancement - TI LFA FRR, SR-LDP interworking, Adj SID
For detailed information, see the following Cisco document:
Management & Control: Boot Integrity Visibility
For detailed information, see the following Cisco document:
NAT: Port Parity, Range and Preservation
For detailed information, see the following Cisco document:
One Global CLI to Disable Firewall
You can enable or disable firewall on an interface with a single command. To disable the zone-based firewall configurations that have been applied on the interfaces, use the platform inspect disable-all command. To enable zone-based firewall on the interfaces, use the no platform inspect disable-all command.
For detailed information, see the following Cisco document:
Preboot Execution Environment (PXE) Client
For detailed information, see the following Cisco document:
Provide the Capability to Select a VXLAN Source Port Range
For detailed information, see the following Cisco document:
Scripting: Python 2.7/3.0
For detailed information, see the following Cisco document:
Segment Routing TE Feature
For detailed information, see the following Cisco document:
SID-Redist-Default-optimize, SR-TE, SR-TE Static over ip unnumbered---- ISIS SR
For detailed information, see the following Cisco document:
Smart Licensing
For detailed information, see the following Cisco document:
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
Software License Solution
For detailed information, see the following Cisco document:
SR On Demand Next Hops (ODN) XE - L3 / L3VPN
For detailed information, see the following Cisco document:
SR-TE Dynamic
For detailed information, see the following Cisco document:
SR-TE IP Unnumbered support in OSPFv2
For detailed information, see the following Cisco document:
SR-TE On demand LSP
For detailed information, see the following Cisco document:
Support Multiple Static VXLAN Ingress-Replication Peers (One to Many Peers)
For detailed information, see the following Cisco document:
Tunnel QoS in load-Balancing Scenario
For detailed information, see the following Cisco document:
VFR Support on Default Zone
With Virtual Fragmentation Reassembly (VFR) now enabled on the default zones with Dynamic Multipoint VPN (DMVPN) tunnel and zone-based firewall, there is no drop of traffic when traffic is routed through the DMVPN tunnel.WebUI Behavior
Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on the Web User Interface from Cisco IOS XE Everest 16.5.1b:
-
Configuring Application Visibility—Enhanced to provide reports in a graphical representation format.
-
Troubleshooting—Allows you to troubleshoot some of the basic features.
Important Notes
The following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers.
CUBE—SRTP Calls
Cisco IOS XE Everest 16.5.1b is not recommended for Cisco Unified Border Element deployment involving SRTP calls.
Yang Data Models
Effective with Cisco IOS XE Everest 16.5.1b, the Cisco IOS XE YANG models are available in the form of individual feature modules with new module names, namespaces and prefixes. Revision statements embedded in the YANG files indicate if there has been a model revision.
Navigate to https://github.com/YangModels/yang > vendor > cisco > xe >1651, to see the new, main cisco-IOS-XE-native module and individual feature modules attached to this node.
There are also XPATH changes for the access-list in the Cisco-IOS-XE-acl.yang schema.
The README.md file in the above Github location highlights these and other changes with examples.
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
Field Notices and Bulletins
-
Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
-
Bulletins—You can find bulletins at the following location:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html
Caveats
Open and Resolved Bugs
The open and resolved bugs for a release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Using the Cisco Bug Search Tool
For more information about how to use the Cisco Bug Search Tool, including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help and FAQ.
Before You Begin
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
Procedure
| Step 1 |
In your browser, navigate to the Cisco Bug Search Tool. |
||||||||||||
| Step 2 |
If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In. |
||||||||||||
| Step 3 |
To search for a specific bug, enter the bug ID in the Search For field and press Enter. |
||||||||||||
| Step 4 |
To search for bugs related to a specific software release, do the following: |
||||||||||||
| Step 5 |
To see more content about a specific bug, you can do the following:
|
||||||||||||
| Step 6 |
To restrict the results of a search, choose from one or more of the following filters:
Your search results update when you choose a filter. |
Caveats in Cisco IOS XE Everest Release 16.5.1b
Open Caveats—Cisco IOS XE Everest Release 16.5.1b
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
ASR1000-6TGE : Byte counters reported from physical interface and child subinterface don't match |
|
|
ASR1001-X crashed when add QoS config |
|
|
Packet reordering due to “platform qos port-channel-aggregate” |
|
|
crash @ in __intel_security_check_cookie mcprp_ifdev_oper_up |
|
|
Downlink packet loss observed post RPSO across multiple streams with churn |
|
|
CUBE sRTP-RTP Call failures during bulk calls |
|
|
CT3 SPA controllers not coming UP sometimes after wr erase and reload |
|
|
crash after reload CPE with 255 EID prefix |
|
|
XE316:Prince interface flaps after soft OIR |
|
|
Looped multicast packets on dense-proxy-register border router |
Resolved Caveats—Cisco IOS XE Everest Release 16.5.1b
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
No kernel core when punt-keepalive crash and “no platform punt-keepalive disable-kernel-core” |
|
|
Speedracer, Kahuna and Nighster images do not support “show software authenticity” |
|
|
Random Netclock error messages appearing on console |
|
|
Applying ACL under ERSPAN session: Port matching using ‘eq’ doesn’t occur |
|
|
MACSEC capable 1G interfaces with CU-SFP mka could not recover when reload router |
|
|
ASR1001x - Fiber SFP LED status remains amber even though line status is up and line protocol is up |
|
|
Source IP of RST from ZBFW due to invalid ACK not translated to PAT IP when inter VRF configured |
|
|
“TestErrorCounterMonitor Skipped” diagnostic error on ASR1006 |
|
|
Increase Number of Supported DSP Conference Profiles |
|
|
IOS-XE Always Reporting “Returned to ROM by reload” |
|
|
cpp-mcplo-ucode crash decrypting 3821 - 3839 byte ipsec packet |
|
|
IKEV2 Tunnels are flapping, rekey request received from PD, lifetime kilobytes configured |
|
|
ICMP TTL messages not returned properly with NAT |
|
|
ASR1K ESP100 - Both ESP crashing due to cpp_bqs_srt_yoda_place_child_internal: failed to grow tree |
|
|
cpp_cp process crashed cpp_bqs_srt_yoda_destroy_tree |
|
|
cpp_cp process crashes due to sw wdog expiring while creating a queue |
|
|
Crash when bandwidth remaining percent <#> is removed then re-added to a class-map |
|
|
Dual QFP Crash triggered by removing service policy from interface with mixed shaper feature enabled |
|
|
Multiple Parent Events Per Node lead to a crash |
|
|
Secondary SUP keep crashing @ CPP Client process failed |
|
|
ESP100 crashes after manual failover |
|
|
Platform switchport svi command not supported on NIM UCSE |
|
|
“bootup e-lead off” behavior like "no bootup e-lead off” |
|
|
ASR1K- Polaris no kernel core produced on watchdog timeout |
Caveats in Cisco IOS XE Everest 16.5.2
Open Caveats—Cisco IOS XE Everest Release 16.5.2
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
"delay-start" command ignore after "delay-start vrf" command |
|
|
3850 16.3.3 not replying to CoA when connecting to CWA SSID |
|
|
Asr1k crashes at PPP process on pushing 4 or more per-user static ipv6 routes |
|
|
Framed-IPv6-Route attribute is not working for IPv6 full route with leading zeros |
|
|
Line-by-Line sync verifying failure on command: client test01 server-key 0 Password |
|
|
Observing incorrect server state in BINOS |
|
|
Observing memory leak in AAA_MALLOC_LITE |
|
|
Observing memory leaks in AAA_STRDUP_GREEN_PARSER_SG_NAME1 |
|
|
Cat3650 RADIUS Dynamic VLAN assignment fails for default VLAN |
|
|
PPPoA: NULL LCP Magic value in LCP echo reply |
|
|
Recommit CSCvf09355 - OBFL data not restored for ESP after router reload |
|
|
btelnet consumes 100% CPU |
|
|
kernel: fsid server error fileid changed |
|
|
R0/0: kernel: bullseye_i2c_master_xfer Error Repeats Every Hour |
|
|
To fix diag counters processing for RP and FP slots |
|
|
cpu got hiked up 100% after scaling 350 sxp connections with 50 IP-SGT bindings in ASR. |
|
|
SGACL does not enforce policy on Virtual Access interfaces |
|
|
Configured Speed/Duplex are not supported on Mgmt Eth port |
|
|
ASR1001-HX/ ASR1002-HX/ MIP-100 not able to send dot1q packet in EoMPLS. |
|
|
SPA modules on ASR1002-x show "missing" under show platform |
|
|
ASR1000-6TGE: Too many "Interface TenGigabitEthernet4/0/0, link down due to local fault" logs |
|
|
ASR1000 doesn't send PPP ECHO Reply |
|
|
Changing autoneg setting on ASR1K cause link failure on subsequent link flap ( connected to 2960XR) |
|
|
router may crash with ZBFW ACL modification |
|
|
Deletion of channel-group failed on QFP when FR encaps set on associated Serial Int. |
|
|
ESP crashed - double_exception_has_occured - malformed PIM packet over GRE tunnel & ERR_DTL_INV_ADDR |
|
|
ASR1004 -3.16.4aS: Continuous IKE error messages and 2000 BGP session goes down |
|
|
Crypto map decrypts transit ESP traffic in IOS-XE |
|
|
IOS-XE IPSec serviceability - Conditional droptype debug not working consistently |
|
|
ASR1K crashes due to crypto microcode with no corefile/crashinfo |
|
|
ASR1K encryption processor cores written to tracelogs |
|
|
ASR1K encryption processor trace file is not valid |
|
|
IOS shim free obj id AVL DB loop causing watchdog crash |
|
|
MIB counter, ipIfStatsHCOutOctets, does not show correct value |
|
|
ASR1k Regarding ifHCInBroadcastPkts value decreasing |
|
|
AVC Server Response Time Reports Negative Values Occasionally |
|
|
QFP ucode crash on ISR4300 with IWAN |
|
|
ISR4K:applying MPLS-TE command on an interface stops traffic completely |
|
|
ESP crash while doing NAT ALG |
|
|
Inbound H323 call fails |
|
|
Incorrect IP NAT translations |
|
|
NAT stops working for virtual interface |
|
|
Ports are not freed for non-EDM mapping when EDM mapping also exists |
|
|
Router crashes when NAT is moved from CGN mode to normal node. |
|
|
ASR1K - NBAR causing memory allocation failures leading to Pending-Objects |
|
|
NBAR control-plane crash while reloading corrupted protocol-pack |
|
|
CPP ucode crash in FNF fia |
|
|
Crash seen with FNF feature |
|
|
ESP Crash with FP Switchover |
|
|
IOS-XE DMVPN Per-tunnel QoS not working on CSR1k without AX license |
|
|
Traceback: ASR1001-X BUILT-IN-2T+6X1GE might go Out of Service after a reload |
|
|
ASR900 Traffic drop seen in MLDP partition MDT with core interface flap |
|
|
BGP scanner crashed with add/remove command bgp mpls-local-label |
|
|
BGP VRF route redistribution into global routing table fails after a VRF route flap |
|
|
BGP w/global import/export crashes when several nbrs deleted simultaneously |
|
|
Router crashes using show BGP commands |
|
|
variable 'i' is incremented both in the loop header and in the loop body |
|
|
FPI leak observed when ISDN call gets forwarded to voicemail thru BACD |
|
|
CME SIP Segmentation Fault crash occurs on calls to VHG with Shared Lines |
|
|
SIP Can not add participants to the Ad-hoc conference if SCCP is Ad-hoc conference creator |
|
|
CME GUI changes for 11.6 release |
|
|
Crash seen in Blind Transfer video call |
|
|
User receives "Transfer to is busy" when transferring calls to an Octo-line |
|
|
Call queue notification delay with SIP phones |
|
|
CME SIP: call-forward Unregister fails when shared-line enabled on DN |
|
|
CME/BE4000 Intermittently Crash when making configuration changes |
|
|
Remove "dns-vrf-aware" CLI and make DNS vrf aware by default. |
|
|
Router crashed in afw application |
|
|
Show details soft key is not functioning in a conference call |
|
|
Trust List / Toll Fraud Feature vulnerability on CME |
|
|
When Overlaping IP address is conifgured on BE4K with VRF , phone doesn't register on TCP |
|
|
Static when initiating conference from CME on ISR 4k |
|
|
Crash when delete an interface on CSR1000v |
|
|
AWS CSR redundancy fails to create bfd client if AWS redundancy conf'd prior to BFD intf coming up. |
|
|
Failing to collect router info via netconf |
|
|
NETCONF-YANG/RESTCONF edit config fails silently, subsequent get config reports false-positive |
|
|
Crash observed in DHCP SIP |
|
|
option 82 circuit-id-tag restricted by 6 bytes |
|
|
SNMP poll on cDhcpv4ServerSubnetTable is not returning subnet mask |
|
|
IP domain lookup with source interface takes over 20 mins for a invalid query |
|
|
query for NS record does not return A record in additional section |
|
|
Auth-fail vlan feature does not work |
|
|
EIGRP - Update from Hub to Spoke not send in DMVPN |
|
|
Eigrp hmac-sha-256 secret string changes when show running-config is executed |
|
|
Router crashes while running EIGRP due to double free condition |
|
|
ISR4K 4400 fail to boot up on 3.13.8S 3.12.3s 3.11.4s 3.10.9s (4300 fail to boot up on 3.13.8S) |
|
|
Overlord: GLC-TE SFP module cannot up after OIR during traffic |
|
|
Router incorrectly displays the Serial number for an on-board module |
|
|
ISR4000 - Change defaults for TDM clocking commands |
|
|
ISR4451 fails to power 8851 phones after a reload |
|
|
Crash when printing IPSEC anti-replay error |
|
|
Packet drop with CERM_DP-4-DP_TX_BW_LIMIT seen without HSECK9 (steady traffic rate) |
|
|
Voice-port shut down but PRI is still UP. |
|
|
Member link of Port channel gets removed on doing a SSO on the peer end |
|
|
"show track" does not display Embedded Event Manager applet name on IOS-XE |
|
|
EEM applet will not release the Config Session Lock if it ends when CLI is in configuration mode |
|
|
ASR1K ping failed after 'medium p2p' removed from interface config |
|
|
ISIS FRR : FRR ReOpt Issue, FRR state pointing to Label backup even with primary link up |
|
|
Enable "mtu" config in flow exporter |
|
|
Flexible NetFlow crash |
|
|
Revert FNF UT fixes done in previous commit that break ASR1K polaris_dev build |
|
|
Observing tracebacks after ISSU @ NETWORK_RF_API-3-ISSU_START_NEGO_SES |
|
|
IKEv1 IPsec HA: ISAKMP Fails When Multiple HSRP Interfaces Configured in Same Subnet |
|
|
RSP3C - Memory leak @ httpc_iox_resp_data_alloc |
|
|
Router might crash due watchdog when creating a new swidb at if_index_allocate_index |
|
|
FTP Write Process crash at process_add_wakeup |
|
|
Memory leak Crypto IKEv2 at ikev2_ios_psh_set_route_info |
|
|
3850 03.06.04.E software clean force verbose command authz fails |
|
|
IP Admission doesn't work if enabled on two LAN interfaces in Active-Active Mode |
|
|
ISR4k Timer corruption in auth component |
|
|
Webauth not releasing allocated IDs from hash table for sockets with no data on INIT timer expiry |
|
|
ART Server Bytes not exported correctly by ezPM |
|
|
B2B NAT HA: Stale NAT translations stuck on primary router after communication loss with standby |
|
|
FTP disconnection after failover on NAT BtoB |
|
|
icmp.id becomes 0x0 in ICMP reply |
|
|
ISR4k NAT selectively translating H323 payload |
|
|
ISR4K:ARP entry disappeared after delelte one of static port NAT entry |
|
|
NAT PAT Local High mapped to Local Low |
|
|
Crash seen in IOSXE-RP Punt Service Process |
|
|
Packet-tracer error message % Error: Failed to collect packet info |
|
|
ASR1k B2B HA active crashes when standby is reloaded |
|
|
BGP dampening commands causes crash |
|
|
High CPU utilization due to Virtual Exec process |
|
|
Invalid Static routes exist in VRF ip route |
|
|
Need API for ip best source address for given outgoing interface |
|
|
ROUTE-MAP--system deletes the first prefix-list while deleting no existing access-list |
|
|
3900E not able to handle ospf peerings after the spokes cross 300 numeric count in dual hub design. |
|
|
Crash during the show interface CMD while a multicast tunnel goes down |
|
|
Call drop with cause code 47 when call is put on hold after signaling forking |
|
|
Cannot connect a TLS session on an interface that contains a VRF that also uses a redundancy group |
|
|
CUBE doesn't Update the codec in UPDATE in signal forking early media renegotiation scenarios. |
|
|
CUBE is unable to send PRACK to Skype server for inbound calls |
|
|
CUBE isn't sending 200 OK during consulting transfer |
|
|
CUBE sends 488 When Codec Changed after Mid-call Invite with Midcall-Signaling commands |
|
|
dns-a-override CLI not working due to breakage since 16.4 IOS |
|
|
High CPU on ASR1001 when "media stats-disconnect" command is enabled. |
|
|
massive garbage output when video call is made on ASR1004 |
|
|
Mid-call failure because all available Crypto is not Offered in SDP |
|
|
One-way recoring issue with media forking. |
|
|
RE-INVITE and OPTIONS Glare not handled by CUBE |
|
|
Voice Class Tenant Bind Statement Fails in VRF |
|
|
ASR1K: IOSd crash in kmi_initial_check on null map dereference |
|
|
Crash when removing "crypto map ipv6" and then related IPv6 ACL |
|
|
ezvpn client config dissapears from dialer int when pppoe session flaps |
|
|
IKEv2 CREATE_CHILD_SA REKEY_SA may fail with specific transfrom order and INVALID_KE_PAYLOAD |
|
|
MIB counter for IPSec tunnels does not decrement under high tunnel scale and churn |
|
|
WATCHDOG timeout crash during IPSEC phase 2 |
|
|
After CRL expiry, reauth-msg isn't sent |
|
|
GETVPN // Primary KS sending rekey first to GM's and then to Secondary KS via scheduled rekey. |
|
|
Malformed GETVPN message %GDOI-4-COOP_KS_UNAUTH |
|
|
Behavior difference between XE3.17 and Polaris |
|
|
IKEv2 CoA does not work with ISE |
|
|
IKEv2 CoA does not work with ISE- unknown attributes should be ignored. |
|
|
IKEv2 CREATE_CHILD_SA REKEY_SA does not properly handle multiple DH transforms |
|
|
IKEv2 Frag: "debug cry ikev2" should display payload contents for received fragments |
|
|
IKEv2 IETF Frag: IPV6 Ikev2 incorrect Frag MTU used when set to default |
|
|
IKEv2 IETF Frag: Tunnel negotiation fails in IKE AUTH with lower value of MTU |
|
|
IKEv2 responder terminates negotiation if NAT-T is disabled (even if no nat is detected) |
|
|
IKEv2 when key-config key is lost, type 6 pre-shared key encrypted form is sent as pre-shared key |
|
|
"clear crypto sa peer <crypto peer name>" does not work on IOS |
|
|
Cisco IOS IKEv1 commencing deprecation for RSA encrypted nonces |
|
|
Cisco IOS and IOS XE System Software SNMP Subsystem Denial of Service Vulnerability |
|
|
Network monitoring tool is reporting a duplicate IPv6 HSRP virtual address. |
|
|
Crash on call establishment with 'isdn autodetect' enabled on BRI NIM |
|
|
ISDN process crashed unexpectedly |
|
|
IS-IS support for mult-instance redistribution for IPv6. |
|
|
ISIS SRTE: traceback when autoroute is configured or removed from explicit path SRTE tunnel. |
|
|
OSPF SID Conflict: even after conflict detected the SID used in ospf rib |
|
|
ISRG2+EHWIC-4ESG High cpu due to process "dx_mrvl_find_vidx" |
|
|
Crash in ADSL SNMP code |
|
|
show gtp parameters causes RP to crash |
|
|
Incorrect "last status change time" seen in show L2VPN VC detail |
|
|
VPLS does not go up after ISSU upgrade |
|
|
CSR1000v crashes when "ip ldap source-interface" command is entered |
|
|
AR: disabling eth map-server should clear all AR entries |
|
|
LISP LIG: lig should display when it has rejected a map-reply |
|
|
prefix missed in map-cache output |
|
|
show ip lisp database keeps reachable although threre are no routes to EID Prefix |
|
|
igmp ssm-map in VRF does not use the VRF name-server |
|
|
SNMP ENGINE high CPU usage observed with 1.3.6.1.2.1.185.1.1.1(mgmdHostInterfaceEntry) |
|
|
Polaris 16.4: Traceback @mpls_ldp_cfg_interface while enabling isis |
|
|
ISR4321 LSMPI-4-INJECT_FEATURE_ESCAPE: Egress IP packet delivered via legacy inject path |
|
|
AAA Acct sessions memory held up for LMA bindings even after cleanup |
|
|
Accounting Stop not sent for PMIPv6 tunnel in LMA |
|
|
MAG crash with traffic on and home interface config is removed |
|
|
ISR4k: Parser remembers Cellular interface commands after changing slots |
|
|
Traffic loss seen in endpoint_sso_after_path_protection_trigger Flex-LSP script RSP3, v165 |
|
|
ISIS/OSPF SRTE: dynamic tunnel not coming up after dest prefix SID removed and tunnel shut/no shut. |
|
|
OSPF SRTE: Even after OSPF is shut, verbatim SRTE tunnels are still up . |
|
|
MRCPv2 response fails with NULL string in middle of packet |
|
|
IPSec traffic may be classified as 'unknown' by NBAR |
|
|
NBAR incorrectly classifies RTP-AUDIO as Cisco-Jabber |
|
|
NBAR not classifying Citrix traffic when Citrix tags are used. |
|
|
NBAR Not Recognizing Netapp Snapmirror Traffic |
|
|
[IOS] Evaluation of CVE-2017-7529 (NGINX) for IOS Software |
|
|
Dreamliner: flowcontrol receive command on L2 ports does not take effect |
|
|
ISR4k with Two NIM-ES2 HSRP VIP not reply after reloading |
|
|
Mandatory lookup yields a path in another cloud |
|
|
3850 Stack may reload when making config changes |
|
|
After disabling NTP device drops all mode 6 NTP packets due to 'MODE_CONTROL ratecontrol' |
|
|
Evaluation of all for NTP June 2016 |
|
|
Evaluation of all for NTP November 2016 |
|
|
sys_leap variable(used for ntp status) is not updating properly when leap bit set |
|
|
ASR900 drops incoming MPLS encapsulated OSPF packets (Virtual link) |
|
|
OSPF BGP LS: When seg mpls is disabled on the nbr, the unnumbered links not withdrawn from LSLIB. |
|
|
OSPF SR TE: with multicast-intact option,handling of inter area prefixes incorrect in some scenerios |
|
|
OSPF SR: OSPF External Routes with non zero FWD Address - LRIB original (native) Paths/route missing |
|
|
OSPF SRTE: Invalid primary paths and metric seen with SRTE autoroute announce with metric option |
|
|
TILFA: "node prot reqd" not working for intra routes hosted on ASBR |
|
|
ENH: PKI, warn if trailing spaces are present in certificate map config |
|
|
Implementation for GetNextCACert in PKI Rollover on IOS needs to be changed |
|
|
IOS CA Server unable to read CRL file accessed over ftp/tftp after CRL file reaches a certain size |
|
|
Restored IOS CA Server Doesn't Start Without Reload |
|
|
Observing memory leak in command handler after CoA reauth |
|
|
Observing memory leaks in AAA_MALLOC_LITE after scale test |
|
|
Web authentication clients do not receive redirect URL and HTTP Intercept, Invalid appl_id error smd |
|
|
ppp ms-chap refuse don't work |
|
|
VTCP generated packet drop by punt inject infra |
|
|
QFP exmem memory leak in cpp_fm_sce_result_chunk |
|
|
ISR4K: RP crash seen @ bm_get_next_hqf_packet with CTS/DMVPN enabled |
|
|
ISR4000 ZBF crash |
|
|
IPSec GRE tunnel path-mtu-discovery does not work |
|
|
Crypto-DP preventive fix for GETVPN TBAR clock drift |
|
|
INFRA-3-INVALID_GPM_ACCESS error with ipv4_nat_set_appl_type_on_stby |
|
|
Reboots constantly after adding Static NAT statement |
|
|
ASK1k running polaris encountered a ucode crash |
|
|
Traffic shaping not working with percent command |
|
|
CBQOS MIB returns random value for value greater than 4.2Gbps/2Gbps |
|
|
3850 CTS manual encrypted sap pmk causes stack to reload due to config parsing error |
|
|
Crash during after IPSLA/IPPM frees packet store information |
|
|
Crash while deleting an ip sla scheduler group attached to a live probe |
|
|
IP SLA can trigger crash when used with MPLS probe |
|
|
rttMonEchoAdminTargetDomainName is not reflecting in SNMP as in CLI command |
|
|
IOS crash in SOCK TCP Test Server process |
|
|
Crash in SSH Process due to SCP memory corruption |
|
|
ASR1K - %IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0) |
|
|
ISG ASR1k Traceback %AAA-6-BADHDL: invalid hdl AAA |
|
|
Router repeatedly crashing with "%UTIL-3-TREE: Data structure error" |
|
|
Chance of crash when exiting a TCL script thread |
|
|
show dial-peer voice summary not showing server groups |
|
|
voice-class busyout/Busyout monitor command removed after reload |
|
|
CM JM procedure is not triggered on dm814x |
|
|
IOS crash when logging rx dsp ctrl message out_of_sequence count syslog |
|
|
If Pcm-dump caplog FFF is assigned to a h323 Dial-peer, hold/resume result in one way audio |
|
|
ISR4xxx router crashed due to voice IVR script - AFW_application_process |
|
|
Add plc configuration CLI for tdm voice and dspfarm |
|
|
Hung Transcoder sessions in complex call flows |
|
|
Invaild Session-ID header in ACK for Authentication |
|
|
Path header not included in 2nd REGISTER with authorization |
|
|
QSIG call redirection fails when using session server-group in dial-peer |
|
|
SIPREC XML metadata is missing on the INVITE if the session target is domain name |
|
|
Crash in SDP Passthru when T.38 as 1st mline in mid-call SDP |
|
|
Hung sccp and rtp session when media failure reported for transcoding call |
|
|
Standby processor config-sync failure and reload while adding BGP neighbor under 'scope vrf' |
|
|
ASR1K RP2 crash due to CPUHOG occourred by arp input process infinite loop |
|
|
VRRP non-zero authentication data on 16.3.3 |
|
|
ASR1001-X 1G GigE Ports do not Link up with RevB L1 PHY |
|
|
WCCP bypassed packets dropped by ACL on WAN interface |
|
|
%SCHED-3-THRASHING after running cellular commands |
Resolved Caveats—Cisco IOS XE Everest Release 16.5.2
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
3650 / 3850 Login Block "Quite Mode" ACL not Working on MGMT Port |
|
|
Crash in ALPS SNMP code |
|
|
RP crashed - UNIX-EXT-SIGNAL: Segmentation fault(11), Process = ANCP HA |
|
|
[DT]Crash oberseved while sending ANCP port up |
|
|
PPPoE crash: due to invalid dlidx while Virtual Access Interface is not yet attached to Dialer. |
|
|
"kernel: nfs: server xx not responding, timed out" message outputed when re-inserted "ASR1000-RP2" |
|
|
OBFL data not restored for ESP after router reload |
|
|
Recommit CSCvf41295/CSCvf09355 - OBFL data not restored for ESP after router reload |
|
|
CRIT LED behavior difference during IOS XE version |
|
|
Harddisk is not accessible from IOS sometimes after router reload |
|
|
Power supplies showing "ps fail" when they function fine |
|
|
Show plat hard slot R0 sensor producer all not works fine with 13RU(RP3). |
|
|
Incorrect status in show facility-alarm status after Gi0 no shut |
|
|
ASR1000-6TGE/2T+20X1GE:- Chunk corruption in XLIF pending process |
|
|
Recommit of CSCvd90801 - EPA-18x1GE/GLC-TE/ Ping failure at different speed settings |
|
|
ASR1001-X: dot3StatsDuplexStatus gives unknown for tengig and gig interfaces |
|
|
ASR1k 3.16 - ASR1k-ELC- XCVR disabled after router reload and interface is down |
|
|
CPAK-100G-SR10 V03 doesn't come up with ios images. |
|
|
CPAK-100GE-EPA sends out pause frames continuously when pause frames are received |
|
|
ASR1001-X crashes on smc_msg_send_fragment |
|
|
ISSU: 16.3.4 <-> 16.5.1 Config_Sync@lacp rate fast after Loadversion in RP2 platforms |
|
|
ISR4K crashes after assert failure in PA packet-buffer infrastructure |
|
|
Volume based rekey, old SA deleted 30 sec after soft-expiry regardless of new SA creation |
|
|
Crypto device microcode hangs and crashes on ASR1k routers |
|
|
IOS-XE Router Experiences Crash in "cpp_cp_svr" Process Due to "Double Free" of Buffer Used by MMA |
|
|
Egress Backbone PE does not decrement TTL correctly for mpls pop operation |
|
|
Crash due to FNF while collecting and adding entries to cache |
|
|
SPA-1XCHSTM1/OC3 : IDB Mismatch between Active & Standby RPs in ASR1k |
|
|
Input errors on glc-ge-100fx |
|
|
input frame and CRC counter increasing on administratively down Tengi interface |
|
|
Platform does not trigger license release when the port moves into error disable state |
|
|
PVC configuration missing on p2p subinterfaces |
|
|
bfd dampening disappears after reload |
|
|
RSP crashes seen in dampening code. |
|
|
After reload route policy processing not re-evaluate with route-map using match RPKI |
|
|
ASR903/RSP1B&RSP3C 3sec to 10sec loss on RSP switchover when SSO enabled |
|
|
BGP crashed configuring different update-source interface with v6 LL peering |
|
|
BGP crashes when removing advertise-map |
|
|
Duplicate BGP prefixes are not dropped |
|
|
eBGP vrf next-hop setting behaviour is changed by CSCuv07111. |
|
|
eVPN PMSI VNI decoding / encoding as MPLS label |
|
|
High CPU due to periodic route refresh to VPN peers using rtfilter AF |
|
|
Nested Enhanced Route Refresh requests triggers Stale Prefixes. |
|
|
Prefixes were not imported to Global BGP table |
|
|
router crash when importing BGP routes - EVPN |
|
|
Router crashes when doing "show ip bgp neighbor" on a flapping BGP neighborship |
|
|
RT Filter peer sometimes unable to receive vpnv4 or vpnv6 nets |
|
|
Slow convergence with scale after a core link flaps |
|
|
stale path message for that prefix is noticed when dampening is configured. |
|
|
Support of RFC7432 EVPN route type 4 of originating router IPv4/IPv6 address |
|
|
SYS-2-CHUNKSIBLINGS: when deleting vrf |
|
|
UUT failed to send vpnv4/v6 routes to peer |
|
|
vrf blue doesnt receive type 7 croute |
|
|
Wrong Source IP Selection for eBGP in EVN/VNET environment |
|
|
XE16.7.1:sh bgp <AF> u all summ shows double the route count after clear ip bgp * |
|
|
Crash in Bstun SNMP code |
|
|
Huge Memory Holding and MALLOCFAIL Tracebacks seen while Churning PTA |
|
|
Policy-map name 'policy-map PIN-G3/1/3.8' causes TB and subsequent RP Crash on Policy deletion/add. |
|
|
Crash While Accessing CallManager XML Config |
|
|
ISR SIP CME crashes when "reset" command is used or after a reload |
|
|
8845/8865/8821 registered to CME do not show call recents under Settings menu and VM button fails |
|
|
CME Local Directory fails blank page or XML error on IOS-XE platforms |
|
|
CME SIP: User Busy on Shared Line due to Call Leak |
|
|
Crash due memory corruption in AFW |
|
|
One way audio in conference when using voice-class codec in SIP CME |
|
|
sip phones are not notified when sccp phone answers the call (mixed shared line) |
|
|
CME SIP: Crash occurs when invalid SNR extension and debugs are enabled |
|
|
Can't create multiple nodes for Azure HA |
|
|
AWS: CSR1000v cannot be deployed in 10.0.3.0 network if using csr_mgmt container for HA |
|
|
climgr crashes on reload |
|
|
CSR AWS HA Fail |
|
|
CSR1000V: Core Files during extended operation - 1vCPU CSR1000V ESXI vSwitch |
|
|
DP Stats Caching is not Debuggable |
|
|
CSR Crashed During Normal Operation |
|
|
CSR Transparent VLAN broken for CSR 16.x Releases |
|
|
CSR1000v - GE interface output - Input queue "drops" counter miscalculation |
|
|
CSR1000v crash after vNIC interface command error message |
|
|
Traffic is not excluded from role-based permissions when enforcment is disabled on interface |
|
|
ASR1k - Crash within IOSd due to Segfault in DHCPD Timer |
|
|
ASR1k IOSD crash due to memory corruption in aaa accounting |
|
|
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability |
|
|
DHCP NAK is observed with Rebind request |
|
|
Different behavior seen in DHCP Init Reboot scenario |
|
|
ISG: IWAG-GTP has conflicting lease-time value in DHCPOFFER versus DHCPACK |
|
|
Subscriber session not synced to standby while assigning static ip in DHCP |
|
|
SUP7 DHCP snooping statistics incorrect drop untrusted port counter |
|
|
Delay in DNS resolve after network flap |
|
|
DNS : Split DNS reg-expression issue in IOS-XE (16.x) |
|
|
ngDNS : "restrict authenticated" in dns view-list does not work in IOS-XE (16.x) |
|
|
Crash using EIGRP and DVTI with IKEv2 |
|
|
EIGRP Segmentation Fault When Removing VPNV4 LFA |
|
|
Large EIGRP SAF updates close to max size may induce stale condition |
|
|
VNET global vrf neighbor is down after an interface flap |
|
|
ISR4431 drops all received packets due to CRC error after power off/on |
|
|
Inconsistent Behavior on Link states with different SFP's plugged into the module |
|
|
ISR4221 boot loop when Gig0/0/0 up |
|
|
ISR4451-X : CWDM-SFP-1530 SFP Rx power flutuates for built-in ports |
|
|
Privilege Escalation from level 15 to binos/root using picocom |
|
|
Startup-config missing after power outage |
|
|
Polaris crash in ADSL SNMP code |
|
|
Random Early Detection is too aggressive on ISR4Ks and CSR |
|
|
Tracebacks seen during transcoding calls with dspfarm on ISR4k |
|
|
Disconnect with remote when deleted VPLS configuration |
|
|
Policy suspension failed |
|
|
ASR920 reload at fib_chain_remove (Part 4) |
|
|
LISP Multicast software forwarding doesn't work |
|
|
ISR4431/ISR4451 CPP CP/SP/HA/FMAN FP process exits (rc 255) without producing core file |
|
|
Reduce impact of fingerprinting code on NVRAM access |
|
|
3850 crash with "IOSXE_INFRA-4-NO_PUNT_KEEPALIVE" when mgmt port down/not connected |
|
|
IOSXE - ucode crash in abort from utd_chk_proto |
|
|
static route is not getting redistributed into RIP database |
|
|
Static route of which next-hop intf is GRE tunnel remains even if the tunnel is down |
|
|
Unicast ping stops working when "ip pim sparse-mode" removed from SVI |
|
|
[AVC]context with name longer than 15 chars assignment fails |
|
|
"no default-information originate" doesnt work unless "default-information originate" is added first |
|
|
Crash in "show ipc all" @ ipc_print_ports_internal |
|
|
Crash in TCL/AFW processes |
|
|
CUBE sends two wsapi notifications for audio to fax-pthru esc and desc |
|
|
SIP Profile does incorrect modification - the variable name is added in signalling |
|
|
[Media flow around] One way audio after call resumed from hold |
|
|
FlexVPN Client not starting immediately after router is reloaded |
|
|
"show crypto map" displays incorrect wildcard mask for crypto access-list |
|
|
IPSec crash on ASR1k router while processing KMI |
|
|
IPsec: For sVTI after rekey old SAs are not getting deleted |
|
|
Memory leak seen@crypto_init_show_instance |
|
|
No all IPv6 GRE crypto tunnels may come up or recover from flapping at scale |
|
|
Session coming up late after RP failover due to PD delay in polaris |
|
|
DMVPN : IOS-XE - Unable to pass traffic if spoke to spoke fails to build in phase 2 |
|
|
IOS-XE GETVPN KS crashes while sending cgmGdoiKeyServerRegistrationComplete trap after GM reg |
|
|
lifetime mismatch after outage of primary key server |
|
|
asr1k is unable to recover from the tunnel flapping at scale for IKEv2 dmVPN/BGP |
|
|
IKEv2: IOS cannot parse INV_SPI notification with SPI size 0 - sends INVALID_SYNTAX |
|
|
IKEv2: Unable to initiate IKE session to a specific peer due to 'in-neg' SA Leak |
|
|
IOS IKEv2 profile NVgen local auth is rejected from startup configuration upon reload |
|
|
IPSec Tunnel stuck in Up/Down state after shut/no-shut - VPN Interop |
|
|
Call Admission Control active ISAKMP SA leak when ISAKMP SA deleted immediately after MM6 |
|
|
ISAKMP SA entries are not getting deleted |
|
|
Locally generated traffic may be dropped in a GETVPN over DMVPN setup |
|
|
Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability |
|
|
IPV6 alias: Shim the local route registries of ipv6_nd alias changes |
|
|
16.6 OBS: Local LFA is used incorrectly when TI-LFA Node Protection enabled |
|
|
2nd isis instance crashes after configuring new connected-prefix-sid-map due to no instance PDB |
|
|
Binding of strict-sid does not honor maximum-paths |
|
|
incorrect flag in redist rib for connected routes causes mpls ping to fail |
|
|
ISIS BGP LS: When we configure same BGP LS inst id to 2 ISIS instances, it accepts without error msg |
|
|
ISIS hello stops to be sent after RSP switchover |
|
|
isis redist rib not getting cleared after disabling segment-routing |
|
|
ISIS removing all connected ipv6 prefixes when removing 1 ipv6 scope |
|
|
ISIS RIB and Global RIB out of sync resulting in complete traffic loss |
|
|
ISIS route oscillation due to ldp sync and interface max metric |
|
|
ISIS SR: segmentation fault in ISIS when "no seg mpls" command is given. |
|
|
ISIS: FRR with unnumbered interface leads to traffic loss until TI-LFA repair path is removed |
|
|
ISIS: when trying to change cost, "no fibidb for backup interface - ifnum 34" msg appears on the log |
|
|
prefix SID missing in Redist rib during prefix conflict |
|
|
sh isis ip rib command(cli) is broken |
|
|
source router address for prefix does not get updated correctly |
|
|
Traceback @__be_isis_age_one_lsp_chain when we un-configure NET-ID after site bridge-domain bringup |
|
|
L2TP Account accuracy: SSS disconnect ACKs are not received for few sessions |
|
|
l2tp Sessions goes to dead state while disconnecting |
|
|
Radius attribute Acct-Terminate-Cause - 49 difference |
|
|
Router acting as LAC adds an extra byte to DSL line attribute Remote-ID |
|
|
Corrupt event trace output in AToM with CEM AC |
|
|
Traffic drop, on reconfiguring l2vpn sessions after sso on peer |
|
|
TU_AIS Alarm gets clear after SSO with TU_AIS condition by doing Tug Shut in PE. |
|
|
4K UCI Phase2: Crash @ lisp_dyn_eid_instance_route_update when changing to default vrf |
|
|
Cat3k: High CPU and Memory utilization seen after deleting eid-table on fabric edge node |
|
|
Dynamic-eid: 5.1.0.21 was not found in lisp dynamic-eid summary |
|
|
ipv6 lisp etr map-server key xxx hash-function sha2 is lost from cpe config upon reload |
|
|
LISP assert after disabling "ip routing" |
|
|
LISP to OSPF redistribution failing |
|
|
UCI-4k: Lisp Assert @ lisp_os_rib_watch_start with vrf delete and traffic loss with re-config |
|
|
assert stop processing leaks memory |
|
|
Unexpected reboot with NAT and Multicast configured |
|
|
Crash after the MPLS LDP neighbor flap in the NSR scenario |
|
|
ICMP Time exceed dropped due to uRPF on the MPLS PE (per-ce label) [PE-CE is eBGP] |
|
|
router crash due to mpls/ospf config on interface |
|
|
High CPU due to SNMP ENGINE when polling mplsTunnelHopEntry |
|
|
OSPF SRTE: When mpls traffic engii is not configured on the neighbor node, the tunnel is still UP. |
|
|
OSPF SRTE: When mpls traffic engineering is uncftged from i/f, tunnel not getting re-calculated. |
|
|
Unable to remove 'mpls tp' configuration from Router. |
|
|
681985688 - CPP ucode crashes at ESP20 / 16.03.02 |
|
|
Custom Nbar protocol is classifying traffic incorrectly. |
|
|
NBAR not working on 16.5.1a |
|
|
"speed" config is not display in show run |
|
|
DMVPN Ph-2: spoke to spoke traffic drops, NHRP entry incomplete, if crypto session fails to come up |
|
|
NHRP registration request non-compulsory experimental extension gets dropped |
|
|
16.6: Ospf neighbor failure in GigabitEthernet sub interface |
|
|
165: Stale entry in BGP LS topo when ospf interface is shut with 2 ABRs |
|
|
BGP LS: numbered point to point interfaces not given to LSLIB if SR or TE not enabled. |
|
|
Crash after show ip ospf database summary command |
|
|
MFI_LABEL_BROKER-3-INVALID_PARAM Traceback message on change of unnumbered to numbered IP address |
|
|
On unshutting one of the ECMP link, packets starts puting to ROUTING THROTTLE Q due to INCOMP ADJ. |
|
|
OSPF allocates extra size when sending HELLO's with cryptographic authentication enabled. |
|
|
OSPF FRR: repair path programming in FRR is wrong when we unconfigure L2 medium p2p from the i/f. |
|
|
OSPF IPFRR: cost of Ext2 external route repair path is wrong when node protection is enabled |
|
|
OSPF IPFRR: default policy not applied when all configured tiebreak policies are deleted |
|
|
OSPF NSSA Translator ABR does not Translate Type 7 to 5 with only VRF Superbackbone as non-NSSA area |
|
|
OSPF P-adj: segmentation fault in OSPF, when we unconfigure the IP address and ospf parameters. |
|
|
OSPF P-ADJ: When i/f is removed and added from the area, the p-adj sid is not getting created. |
|
|
OSPF P-ADJ: When protection disabled and enabled, p-adj sid comes up with repair path. |
|
|
OSPF P-ADJ: When SR is disabled and re-enabled on NBR, p-adj sids are created without repair path. |
|
|
OSPF PADJ: p-adj sid is not getting created when OSPF route becomes best route in RIBv4. |
|
|
OSPF retransmit behaviour issues |
|
|
OSPF RLFA: when i/f is shut, "%OSPF-3-INTERNALERR: Internal error: Stale release node is referenced" |
|
|
OSPF Rogue LSA with maximum sequence number vulnerability |
|
|
OSPF SID Conflict: Even after mapping server uncfed, SRMS entries shown in OSPF database. |
|
|
OSPF SID Conflict: Reworking translation logic |
|
|
OSPF SR ADJ: When i/f changed from unnumbered to numbered, MFI_LABEL_BROKER-3-INVALID_PARAM error |
|
|
OSPF SR SID Conflict: SRMS entries are not installed in the local advertising router. |
|
|
OSPF SR SID Conflict: two prefixes have the same sid and no conflict is detected. |
|
|
OSPF SR: ECMP routes not programmed in MPLS Forwarding table whenever there are Non-Tunnel paths |
|
|
OSPF SR: Extended Prefix Opaque LSA is not added to contributing list |
|
|
OSPF SR: Local prefix DB entry created for translated EPL not deleted in certain scenarios |
|
|
OSPF SR: Stale srgb handle used after changing the SRGB range |
|
|
OSPF SR: When intra prefix is changed to inter prefix, the prefix resolution happening wrongly. |
|
|
OSPF SR: When the neighbor is not SR enabled, OSPF should not install SR label path for nbr prefix. |
|
|
OSPF SRTE : InterArea routes handling - No Native Paths marked by OSPF in LRIB. |
|
|
OSPF SRTE : OSPF External Routes handling - No Native paths marked by OSPF in LRIB. |
|
|
OSPF SRTE: Not all the paths are given to SRTE after "clear ip ospf process" |
|
|
OSPF SRTE: Once nsr is enabled, OSPF does not provide TE parameters to standby SRTE process. |
|
|
OSPF SRTE: prefix resolution when more than 4 ECMP paths is not provided properly to SRTE. |
|
|
OSPF SRTE: Send LLS loc intf ID for all link types and ELL loc rmt ID TLV for P2P numbe and unnumbe |
|
|
OSPF SRTE: When i/f type changed from numbered to unnumbered, link info not given to SRTE properly. |
|
|
OSPF SRTE: when SRTE tunnel is down, CSTR flag is not removed from RIB at certain scenerios. |
|
|
OSPF SRTE: When the prefix is not the best route in the RIB, OSPF does not provide prefix to SRTE |
|
|
OSPF SRTE: with multi area adjacency, the tunnels not coming up to the multi area instance. |
|
|
OSPF SRTE; When SRTE tunnel changed to RSVP TE tunnel with forwarding adja, links not advt by OSPF. |
|
|
OSPF TI LFA: when we have TILFA tunnel with more than 1 segment, label not calculated correctly. |
|
|
OSPF TILFA SCALE: On reopt or clearing OSPF process, no. of protected prefixes goes down drastically |
|
|
OSPF TILFA SCALE: with 2K Inter-area Prefix Scale, some non-ECMP routes are not getting protected |
|
|
OSPF TILFA: inter-route withdrawn, no repair path for Ext2 computed |
|
|
OSPF TILFA: Micro-loop avoidance is not enabled by default when TI-LFA is enabled |
|
|
OSPF TILFA: post convergence flag and PRIMARYPATH property not set for some repair paths. |
|
|
OSPF: IPFRR repair path computation stopped after receiving type 10 opaque EPL lsa. |
|
|
OSPF: mapping server entries used after route replaced in RIB. |
|
|
OSPF: Not able to remove ospfv3 config under Virtual-Template |
|
|
OSPF: When anycast present in two areas, when one area is removed, rout not getting installed in RIB |
|
|
TILFA : repair path not created for NSSA learnt external routes. |
|
|
3.18.1.SP modem/s stuck in reject(pk) with PKI-3-CERTIFICATE_INVALID log message |
|
|
Crash during CRL fetch failure |
|
|
CSR 1000v router goes offline with polaris image when WCM creates self signed cert for router |
|
|
During PKI enrollment, Cisco router rejects CA/RA reply containing HTTP 500 "Internal Server Error" |
|
|
EST client pki authentication request goes out to default URL always |
|
|
EST client pki simpleenroll request goes out to default URL always |
|
|
ISR 4300 crashed while importing certificate |
|
|
OCSP SHA2 signature algorithms verification fails |
|
|
PKI Server: "Rollover RA Certificate" Becomes "Rollover ID Certificate" After Reload of Router |
|
|
PKI unable to enable PKI debugs immediately after system boot |
|
|
SSL handshake failure when validating certification with name-constraints |
|
|
Crash due to memory corruption when using PNP feature |
|
|
"password encryption aes" may break redundancy |
|
|
DBM Crash on Active Switch while changing DCA channels |
|
|
ASR1k:16.3_MR smd crash in FIPS Mode |
|
|
NAT YANG model: Static NAT with VRF and route-map results in incorrect CLI order |
|
|
MTU of the PPPoE Dialer interface resets to 1492 while doing any change in the MTU config |
|
|
PPPoE client uses RFC4638 tag of last PADO instead of selected PADO |
|
|
16.6: ASR1K: RP crash seen @cpp_bqs_rm_yoda_init_or_save_child. |
|
|
Both ESP crash on changing COS type on ATM VC |
|
|
Both ESP crash on changing shaper rate under port-channel |
|
|
Changing speed and negotiation causes crash |
|
|
cpp_cp_svr crash seen on ASR1002-X and device keeps rebooting with 16.5.1b |
|
|
Crash when interface with multiple tunnels sourced comes up |
|
|
fp crash while changing port-channel from vlan based mode to LACP |
|
|
omit a shaped GE from platform qos optimize-rate-ratios |
|
|
SUP crash @ cpp_bqs_rm_yoda_proc_pend_fc_cb |
|
|
Un-configuring and re-configuring QoS class-map post ISSU results in FP reload |
|
|
Yoda: Collapse HQF Aggregation Node |
|
|
Yoda: Collapse HQF Aggregation Node |
|
|
SGACL: cpp_sp_svr crash during CFM EDIT request with reseq_enable = TRUE |
|
|
CPP DRV: propagate CSCvc08848 to cbr-8 |
|
|
CPP DRV: Transit Entrenched Recycle Path Does Not Enforce Packet Order |
|
|
CPP DRV: Transit Entrenched Recycle Path Does Not Enforce Packet Order (cBR-8) |
|
|
QFP sorter interrupts related to REAL_DISTANCE are fatal when they should be informational |
|
|
PCP-IKE-IND are rate-limited too aggressively due to unbalanced hashing |
|
|
Memory leak under cpp_cp_svr process |
|
|
ASR1K ESP crash when creating QoS bind |
|
|
service policy removed from multilink interface after reload |
|
|
FIB has extra prefix when BGP and OSPF receive the same route |
|
|
tunnel interface missing in frr-manager |
|
|
ASR1K RSP crash when command 'show ip rsvp sender detail' was executed |
|
|
XE316:NIM serial interface flaps after soft OIR with traffic |
|
|
7600 ISSU: Traceback at sisf_issu_xmit_transform |
|
|
BT state not sync when interface shut/no-shut before switchover |
|
|
C6880 crashes when dot1x device moved across a client stack |
|
|
Cisco IOS and IOS XE IPv6 SEND Denial of Service Vulnerability |
|
|
Cisco IOS and IOS XE IPv6 Snooping Denial of Service Vulnerability |
|
|
Crash seen @ sisf_internal_error with scaled ipv6 client |
|
|
destination-glean recovery not shown in show snoop policy command |
|
|
Enh: Drop message misleading |
|
|
Exec/Standby service handler process Traceback @sisf_internal_error |
|
|
fhs-ask1k dynamic Binding Table number not include dhcp prefix entry |
|
|
FHSv6: Sdby reloads for RPR due to config-sync failure and ISSU_INCOMPAT |
|
|
IPv6 neighbor binding table not updated || 2960x |
|
|
LDRA not processing the packet received on the server facing interface |
|
|
LDRA: Switch crashes when sending v6 packet with "ipv6 snooping" enabled |
|
|
NG3K-7.65: IPv6 (internal)RAs forwarded as mcast RAs to Wireless clients |
|
|
PTA router crashes on configuring unclassifed mac-address |
|
|
SISF-3-INTERNAL: Set filter failed for 3333::/64 port Vl2 vlan 2 mac any |
|
|
sisfv4: SISF should accept moving more trusted entry when DOWN |
|
|
sisf_internal_error Traceback observerd in standby |
|
|
TB@sisf_mac_fsm_clean upon triggering dot1x/mab authentication |
|
|
Texel: fix SISF CLI (limited brd, device_role, prefix_list) |
|
|
Texel:DHCPv6 binding entries are not synced after switchover |
|
|
Texel:Inadequate IPv6 FHS behavior on private VLANs |
|
|
Texel:IPv6 FHS causes switch to come up in RPR mode |
|
|
Texel:IPv6 Snooping counter not reporting DHCP drops |
|
|
Texel:Policy info should be displayed in "show ipv6 nd suppress policy" |
|
|
validate-xml of sh ipv6 snoop policy and counters fail with some special sub-options set |
|
|
DNS probes are failing with type cname in the dns response |
|
|
OID for average jitter in ASR920 Y.1731 returning zero values |
|
|
Watchdog crash at sla_resp_config_command when executing the "show run" command |
|
|
Fatal Alignment Error Crash Due to Corrupted PC with SMEF |
|
|
"snmp-server ifindex persist" is not work for virtual port |
|
|
3850 "snmp-server queue-length" Value Back to Default 10 after Reload |
|
|
CHUNKBADREFCOUNT crash |
|
|
SSH logs showing empty username on successful authentication |
|
|
3.16.4 : Prepaid feature not installed if applied on service-stop evt |
|
|
Crash in TN3270E-RT-MIB code |
|
|
Crash in Voice DNIS SNMP code |
|
|
Crash observed in Mlpp-Bacd scenario |
|
|
DSPRM-3-DSPALARMINFO: DSP (4/1) Host GIGE ack failed when calls invoke transcoding |
|
|
fax relay t30 all-level-1 debug broken |
|
|
ISR 4451-X crashed with "Segmentation fault(11), Process = DSMP" |
|
|
ISR4K - Hoot and Holler E&M port cannot be co-located with multicast hub |
|
|
ISR4K - Hoot and Holler multicast replication issue |
|
|
ISR4K: Hung Inactive SCCP session in transcoder/MTP required call flow |
|
|
MGCP Gateway sends RTCP packet after T.38 switchover |
|
|
multiple ISR4K VGW's crashed with Segmentation fault(11), Process = DSMP |
|
|
IOS-XE software crash observed mid-call when receiving Port 4000 and a=sendonly - SRTP |
|
|
Code change for CLI "bootup e-lead on/off" for NIM-4E/M port |
|
|
Crash due to a null pointer dereference on htsp structure |
|
|
removed DC from NIM-FXO card and SM-X-FXS/FXO |
|
|
ASSERTION FAILED : ..vtsp.c: vtsp_cdb_assert: then crash |
|
|
Hairpin call to PSTN fails |
|
|
2951 crash due to Null Pointer Dereference |
|
|
CCSIP_SPI_CONTROL memory usage leads to crash - SIP subscribe messages |
|
|
Cisco Router 2921 sending cisco-rtp payload 121 for RFC2833 (rtp-nte) instead of 101. |
|
|
Crash while localhost CLI disabled with Options keepalive |
|
|
CUBE-161: S3: 639020025: Multiple SIP/SDP Spurious Crashes//2951//15.5(1)T3 |
|
|
IOS-XE CUBE HA crash |
|
|
ISR4351 running denali 16.3.3 crashes in AFW_application_process |
|
|
One-way audio on held-resumed calls after 20 mins |
|
|
Processor pool leak due to CCSIP_SPI_CONTROL |
|
|
SIP Timer Expires gets into 0 unexpectedly |
|
|
DSL line info attributes Upstream and downstream not converted to bps |
|
|
VRRPv3 with VRRS remains NOT READY after shutdown Port-channel IF. |
|
|
Packet drops seen between AppNav 694 and ASR1001X |
|
|
OpenDNS local-domain bypass on ISR4k stop working after reboot |
Caveats in Cisco IOS XE Everest 16.5.3
Resolved Caveats—Cisco IOS XE Everest Release 16.5.3
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability |
|
|
Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability |
|
|
Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability |
|
|
Crash after configuring ERSPAN on a ASR1001-HX |
|
|
16.6: vfr related drops are not observed in CSR platfrom |
Related Documentation
Platform-Specific Documentation
For information about associated services and modules in Cisco ASR 1000 Series Aggregation Services Routers, see: Documentation Roadmap for Cisco ASR 1000 Series, Cisco IOS XE 16.x Releases.
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Feedback