Cisco CSR 1000v Series Cloud Services Routers Overview
Note |
Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.
Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience. Do provide feedback about your experience with the Content Hub. |
Virtual Router
The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.
When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.
Secure Connectivity
CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.
Technologies Supported by a Platform
A platform’s product landing page lists technology configuration guides for Cisco IOS XE technologies that the platform supports.
In each technology configuration guide, a Feature Information table indicates when a feature was introduced to the technology. For some features, the table also indicates when additional platforms have added support for the feature.
To determine whether a particular platform supports a technology, view the list of technology configuration guides posted on the platform’s product landing page. For example, see Cisco Cloud Services Router 1000v Series.
System Requirements
Hardware Requirements
For hardware requirements and installation instructions, see the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide .
Software Images and Licenses
The following sections describe the licensing and software images for CSR 1000V.
Cisco Smart Licensing
The Cisco CSR 1000V router supports Cisco Smart Licensing. To use Cisco Smart Licensing, you must first configure the Call Home feature and obtain the Cisco Smart Call Home Services. For more information, see Installing CSR 1000V Licenses and Smart Licensing Guide for Access and Edge Routers.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
Cisco CSR 1000v Evaluation Licenses
Evaluation license availability depends on the software version:
-
Evaluation licenses valid for 60 days are available at the Cisco Software Licensing (CSL) portal: http:/www.cisco.com/go/license
The following evaluation licenses are available:
-
IPBASE technology package license with 10 Gbps maximum throughput
-
SEC technology package license with 5 Gbps maximum throughput
-
APPX technology package license with 5 Gbps maximum throughput
-
AX technology package license with 2.5 Gbps maximum throughput
If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.
For instructions on obtaining and installing evaluation licenses, see the “Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later” section of the Cisco CSR 1000v Software Configuration Guide .
Cisco CSR 1000v Software Licenses
Cisco CSR 1000v software licenses are divided into feature set licenses. The supported feature licenses depend on the release.
Current License Types
The following are the license types that are supported (Cisco IOS XE Everest 16.4.1 or later):
-
IPBase: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)
-
Security: IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)
-
AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)
-
APPX Package: IPBase package + Advanced Networking features - Security features (IP security features not supported)
Legacy License Types
The three legacy technology packages - Standard, Advanced, and Premium - were replaced in the Cisco IOS XE Release 3.13 with the IPBase, Security, and AX technology packages.
Features Supported by License Packages
For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.
Throughput
The Cisco CSR 1000v router provides both perpetual licenses and term subscription licenses that support the feature set packages for the following maximum throughput levels:
-
10 Mbps
-
50 Mbps
-
100 Mbps
-
250 Mbps
-
500 Mbps
-
1 Gbps
-
2.5 Gbps
-
5 Gbps
-
10 Gbps
The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.
Memory Upgrade
A memory upgrade license is available to add memory to the Cisco CSR 1000v router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.
Additional Information about Licenses and Activation
For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.
Software Image Nomenclature for OVA, ISO, and QCOW2 Installation Files
The Cisco CSR 1000v installation file nomenclature indicates properties supported by the router in a given release.
For example, these are filename examples for the Cisco IOS XE Everest 16.4.1 release:
-
csr1000v-universalk9.16.04.01.ova
-
csr1000v-universalk9.16.04.01.iso
-
csr1000v-universalk9.16.04.01.qcow2
The filename attributes are listed below, along with the release properties.
Filename Attribute |
Properties |
---|---|
Example:universalk9 |
Installed image package. |
03.09.00a.S.153-2.S0a |
Indicates that the software image is for the Cisco IOS XE 3.9.0aS release image (mapped to the Cisco IOS 15.3(2) release). |
std or ext |
Standard release or extended maintenance support release. |
Features and Notes: Cisco IOS XE Everest 16.6
Features
Features—Cisco IOS XE Everest 16.6.2
The following software feature is supported on the Cisco CSR 1000v for Cisco IOS XE Everest 16.6.2.
Encrypted Traffic Analytics
For detailed information, see the following Cisco documents:
Features—Cisco IOS XE Everest 16.6.1
The following software features were introduced on the Cisco CSR 1000v for Cisco IOS XE Everest 16.6.1.
BGP - SR: BGP Prefix SID Redistribution
For detailed information, see the following Cisco document:
BGP Feature Monitoring
Effective with Cisco IOS XE Everest 16.6.1, the Cisco IOS XE YANG models are supported for Border Gateway Protocol (BGP).
ISIS - SR OAM: ISIS FEC
For detailed information, see the following Cisco document:
ISIS - SR: uLoop Avoidance
For detailed information, see the following Cisco document:
NAT-Serviceability
For detailed information, see the following Cisco document:
OSPFv2: SR-OAM LSP Support
For detailed information, see the following Cisco document:
PBR Named Ordering Rules Support for Yang
For detailed information, see the following Cisco document:
PfRv3 Remote Prefix Tracking
For detailed information, see the following Cisco document:
PfRv3 Per Interface Probe Tuning
For detailed information, see the following Cisco document:
PfRv3-Inter-DC-Optimization
For detailed information, see the following Cisco document:
SCP Performance Improvement
For detailed information, see the following Cisco document:
SD-AVC Auto-update Capability
For detailed information, see the following Cisco document:
SD-AVC NBAR Export Capability
For detailed information, see the following Cisco document:
SR:OAMIGPFEC, BGPFEC
For detailed information, see the following Cisco document:
SXP Enhancements for Filtering (IP prefix and SGT) and Fail-open
For detailed information, see the following Cisco document:
Web User Interface
Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplify device deployment and manageability, and enhanced user experience. The following features are supported on the Web User Interface from Cisco IOS XE Everest 16.6.1:
Dynamic Multipoint VPN—The Dynamic Multipoint VPN feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).
Snort IPS/IDS—The Snort IPS feature enables Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) for branch offices on Cisco 4000 Series Integrated Services Routers and Cisco Cloud Services Router 1000v Series. This feature uses the open source Snort solution to enable IPS and IDS.
Zone-Based Firewall—Allows you to easily manage Cisco IOS unidirectional firewall policy between groups of interfaces known as zones.
HTTPS: UC Gateway Services API
For detailed information, see the following Cisco document:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/CUCIS_API/CUCIS_API_Guide.html
SSL VPN
Effective with Cisco IOS XE Everest 16.6.1, the command sslvpn use-pd has been introduced to enable the PD (platform dependent) solution for SSL VPN on the Cisco Cloud Services Router 1000v Series.
RESTCONF Programmability Interface
For detailed information, see the following Cisco document:
Transit VPC using AWS
The Transit VPC design in the Amazon Web Services (AWS) marketplace uses multiple instances of the Cisco CSR 1000v. The Transit VPC design provides secure transit routing between spoke Virtual Private Clouds (VPCs) and the public internet or private data center.
For detailed information, see the following Cisco document: Transit Virtual Private Cloud Deployment Guide using Cisco CSR 1000v for Amazon Web Services
Notes
The following section includes important notes about Cisco CSR 1000v routers for Cisco IOS XE Everest 16.6.
3DES and AES-CBC Ciphers Disabled
(Cisco IOS XE Everest 16.6.1 or higher) For SSH, the cipher Triple Data Encryption Standard (3DES) and AES Cipher Block Chaining (AES-CBC) ciphers are now disabled by default. We recommend that you use the later Advanced Encryption Standard Counter Mode (AES-CTR) ciphers instead.
If you are using 3DES or AES-CBC ciphers; for example, in SSH client software, the network administrator must change the ciphers
to be one of the AES-CTR ciphers used in 16.6.1;that is: aes128-ctr
, aes192-ctr
, and aes256-ctr
.
The following example command defines the ciphers/encryption algorithms to be used by the SSH server and client:
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
For more information on SSH encryption algorithms, see: SSH Algorithms for Common Criteria Certification.
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
https://tools.cisco.com/security/center/publicationListing.x
Field Notices
-
Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
http://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html
Licensing
In Cisco IOS XE Everest 16.6.1, Bidirectional Forwarding Detection (BFD) is included in the IP Base license.
Limitations and Restrictions in Cisco IOS XE Everest 16.6
There are no new limitations and restrictions in Cisco IOS XE Everest 16.6
Caveats
Overview
Caveats, or “bugs,” describe unexpected behavior. Severity 1 caveats are the most serious. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.
Terminology
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
http://docwiki.cisco.com/wiki/Category:Internetworking_Terms_and_Acronyms_(ITA)
Bug Search Tool
If you have an account on Cisco.com, you can also use the Bug Search Tool (BST) to find select caveats of any severity. To reach the Bug Search Tool, log into Cisco.com and go to https://tools.cisco.com/bugsearch/search .
If a defect that you have requested cannot be displayed, it may be because the defect number does not exist or the defect does not have a description available.
You can use to the Bug Search Tool to view new and updated caveats: https://tools.cisco.com/bugsearch/search .
For Best Bug Search Tool Results
For best results when using the Bug Search Tool:
-
In the Product field, enter Cloud Services Router.
-
In the Releases field, enter one or more Cisco IOS XE releases of interest. The search results include caveats related to any of the releases entered in this field.
The tool provides autofill while you type in these fields to assist in entering valid values.
A search using release number 16.6 should find the caveats for Cisco IOS XE Everest 16.6.1.
Field Notices
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/c/en/US/support/tsd_products_field_notice_summary.html
Caveats: Cisco IOS XE Everest 16.6.1
Open Caveats—Cisco IOS XE Everest 16.6.1
Caveat |
Description |
---|---|
"default interface <name>" config command reports different vty then actually executed the command |
|
CDB doesn't sync after OIR of slot/subslot components |
|
Restconf query parameters fields and depth doesn't work properly together |
|
Restconf GET /restconf/data?depth=1&content=nonconfig results in malformed JSON(missing closing "}") |
|
Restconf "fields" query param - malformed JSON and setting value to leaf from different model |
Resolved Caveats—Cisco IOS XE Everest 16.6.1
Caveat |
Description |
---|---|
Cisco CSR 1000v reboots randomly every 1–2 days with only minor passing of traffic |
Caveats: Cisco IOS XE Everest 16.6.2
Open Caveats—Cisco IOS XE Everest 16.6.2
Caveat ID Number |
Description |
---|---|
Crash when deleting an interface on CSR1000v |
|
ENCS—ISRv WAN SRIOV interface sometimes fails to be brought up |
|
VRRP v3 link state flaps on ASR903 with 3.14.2 image, deployed with G8032 |
|
3850 03.06.04.E software clean force verbose command authz fails |
|
LISP: tracebacks on cleanup on ASR1k |
|
sh ipv6 neigh statistics not updated post RPSO for entries synced |
|
IPSLA Y1731 start time is much greater than sysUpTime while doing snmpwalk |
|
VPDN not switching traffic to new path after link failover or routing protocol convergence |
|
Member link of Port channel gets removed on doing a SSO on the peer end |
|
OSPF BGP LS: When seg mpls is disabled on the nbr, the unnumbered links not withdrawn from LSLIB. |
|
OSPF SRTE: Invalid primary paths and metric seen with SRTE autoroute announce with metric option |
|
Crash after IWAN does a recalculation in the RIB |
|
Polaris 16.4: Traceback @mpls_ldp_cfg_interface while enabling isis |
|
RSP3:CFM up mep on PC over xconnect/FAT-PW does not work after certain steps |
|
IOSd crashed when dialer disconnect the ISDN call |
|
Un-controlled TC in DISCARDED state is dropped instead of RIB-routed |
|
ISDN switch-type configure issue for BRI leased-line |
|
ISIS SRTE: When one of ECMP path for prefix is not enabled for SR, SRTE tunnel does not come up. |
|
"show track" does not display Embedded Event Manager applet name on IOS-XE |
|
IKEv2 CoA does not work with ISE |
|
CME/BE4000 Intermittently Crash when making configuration changes |
|
CUBE no DTMF after transfer to UCCX when midcall-signaling passthru media-change |
|
BOOT variable won't update when configure large number of boot system |
|
[0-SLA]enable 0-SLA on current SP, path not changed even with big jitter between spk2spk |
|
%UTIL-6-RANDOM: A pseudo-random number was generated twice in succession |
|
Traceback@cpp_mlp_bundle_stats_query_all_cmn on fp reload |
|
Switch sends duplicate accounting message, that causing ISE to generate Misconfigured NAS Alarms |
|
OSPF SROAM: "%ARP-3-ARPADJ: Internal software error during updating CEF Adjacency" when box comes up |
|
NDSSO vrf ha table to be populated correctly |
|
Phase1 comes up and DPDs being exchanged even if the tunnel interface is shut d |
|
920 : Mid Point LSP creation failure after reload with latest polaris Image |
|
WCCP bypassed packets dropped by ACL on WAN interface |
|
In-dialog options ping received post ACK (call completion) cause cube to change codec and no audio |
|
[1661]- Switch number is missing in stack merged logs. |
|
Observing memory leaks in AAA_STRDUP_GREEN_PARSER_SG_NAME1 |
|
Observing memory leak in command handler after CoA reauth |
|
Call queue notification delay with SIP phones |
|
Observing memory leak in AAA_MALLOC_LITE |
|
Device Based BLF monitoring stops working after subscription expires in CME |
|
Channel with remote end point 0.0.0.0 is available instead of unavailable |
|
gaps in NBAR classification for protocol ms-sms |
|
iwan router crash while updating pmi policy |
|
OSPF SR/SIDredistribute: when SID configured > avbl SRGB, that sid shouldn't be advertised in EPL. |
|
Observing tracebacks after ISSU @ NETWORK_RF_API-3-ISSU_START_NEGO_SES |
|
Show details soft key is not functioning in a conference call |
|
CUBE can't handle mid-call re-invite when midcall-signalling passthrough mediachange is configured |
|
[UniScale]isr4431 crashes while verifying IPv6 CEF scalability |
|
Traceback: Stack master crash at dot1x authentication |
|
Webauth not releasing allocated IDs from hash table for sockets with no data on INIT timer expiry |
|
Stub is not leaking the network as expected |
|
FXO Outgoing calls crashes the NIM module |
|
dns-a-override CLI not working due to breakage since 16.4 IOS |
|
Unable to retrieve components from CSR1Kv |
|
CME SIP: call-forward Unregister fails when shared-line enabled on DN |
|
ASR CUBE 1K reloaded with reason: RG-application reload on voice-b2bha RG |
|
British English used in Cisco-IOS-XE-cdp-oper model |
|
Cat 3850 and 3650 release 16.6.1 "show platform sudi certificate" displays wrong certificate |
|
Crash when printing IPSEC anti-replay error |
|
802.1x authentication fails between cos Access Points and NGWC 16.3.x |
|
cnonce value is sent as "FFFFFFFF" in SIP REGISTER Authorization header |
|
Crash in SDP Passthru when T.38 as 1st mline in mid-call SDP |
|
CME SIP On timeout, calls to parallel voice hunt-group don't hit final extension |
|
Router crash due to memory corruption in PKI |
|
prefix missed in map-cache output |
|
BGP Crimson: RIB query stuck in loop for VPN AF with imported nets |
|
ASR1000 Interface may be unusable due to an error deleting previous configs |
|
ipv6 summary-prefix stuck in LSP after reconfiguring from level-2 to level-1 |
|
CM JM procedure is not triggered on dm814x |
|
Call drop with cause code 47 when call is put on hold after signaling forking |
|
Router crash on polling cEigrpPeerEntry |
|
IWAN Performance degredation on PI32 images |
|
When handling CUCM's CS_OFFHOOK, need to set ccb its proper role |
|
Malformed GETVPN message %GDOI-4-COOP_KS_UNAUTH |
|
Flexible NetFlow crash |
|
ASR1K RP2 crash due to CPUHOG occourred by arp input process infinite loop |
|
Failing to collect router info via netconf |
|
Invalid Static routes exist in VRF ip route |
|
Mid-call failure because all available Crypto is not Offered in SDP |
|
If Pcm-dump caplog FFF is assigned to a h323 Dial-peer, hold/resume result in one way audio |
|
Remove "dns-vrf-aware" CLI and make DNS vrf aware by default. |
|
MIB counter for IPSec tunnels does not decrement under high tunnel scale and churn |
|
RE-INVITE and OPTIONS Glare not handled by CUBE |
|
3650/3850: neconf return if-index value as 0 |
|
ASR1K display configuration when bootup with huge config and netconf-yang cli |
|
ASR1K CGN NAT ASR1K ESP100 crashed with clear ip nat translation * |
|
IOS-XE NAT: IP header of tunneled traffic is translated twice (in inner and outer header) |
|
Command Authorization with no shared secret key fails. |
|
GM_FAILED_TO_INSTALL_POLICIES message seen when IPv6 crypto map configured on Tunnel434 interface |
|
IOS-XE router crash from memory corruption during CCB cleanup |
|
3800 Access points failing 802.1x authentication, sending wrong EAP Parameters |
|
IBNS 2.0 triggering event Server Dead after Access Reject |
|
Host name with . as last character is handled incorrectly on 6800 platforms |
|
BE4K Memory leak during bulk register request from portal |
|
BE4K Memory leak observed list header and sipResponseHeadersToAvListAdapter |
|
List Header leak with PfR enabled |
|
OSPF; process ospf segmentation fault when shut and no shut is performed in active RP. |
|
KS merge fails for groups with TBAR due to PST update failure on primary KS |
|
OPTIONS not replied by CUBE over TCP without interface bind |
|
IPv6 DAD detected msgs seen on SVI when connected to device with same SVI w/o IPv6 address |
|
DMVPN session get stuck in NHRP and UP-NO-IKE state without active IKEv2 session until rekey |
|
IKEv2 - IPSec rekey fails because fragments are assigned incorrect Message id |
|
Copying file larger than 2GB to FTP destination fails with "Invalid argument" (revisit CSCug41449) |
|
ASR1000 IOS XE 03.16.02.S unable to reestablish MKA session after interface flap/bounce |
|
Heavy icmpv6 No-route punt occurred during changing default route |
|
GETVPN: show crypto gdoi ks member summary missing last octet in IP address |
|
MPLSoFlexVPN: Hub doesn't forward resolution req when default route is advertised to spokes |
|
Multple GETVPN GM crashes after migration to new KS pair |
|
ASR1k losing VXLAN NVE Peer |
|
OSPF SSPF : TE-SBFD Session create failed error |
|
ISR4K SW MTP configured as TRP does not relay PLI/RTCP messages. |
|
OSPF SSPF: With ECMP combination of MPLS TE and SRTE tunnels, all RTP tunnel paths marked as SRTE |
|
After upgrade of IOS, SSH passwords longer than 25 characters do not work |
|
ospfv3 maximum-paths doesn't apply to output of 'show ipv6 cef' CLI |
|
CTS PAC download fails with VRF config on non-managenent interface |
|
C1111-4PWQ : 16.06.01a.prd3 : RP memory doesnt come down after BGP scaling test. |
|
Issues related to Night Service feature |
|
"pass-thru content sdp mode non-rtp" leading to FPI leaks. |
|
OSPF SSPF: CstrPath flag not removed when RSVP TE tunnel config changed to SRTE |
|
Traceback is observed during mid-call media IP and port change |
|
IPCP: Route not installed |
|
Management ARP Entry Disappears After A Period of Time |
|
Cat3k: Crash with chunk corruption in DynCmd object |
|
OSPF SSPF: With ECMP of SRTE and RSVP-TE auto-announce tunnels, RSVP-TE is not installed as MFI path |
|
Active call status is displaying as 0 when resume in remote for the first time |
|
BE4K Video intermitient freeze |
|
Incoming call fails with 'Lower layer disconnected call cause=47' error |
|
Multicast pkts doesn't counted as multicast on sub-IF's inteface MIB |
|
Unknown Protocol pkts count mismatch between Sub-IF and Physical-IF's sh int cli and IF MIB counters |
|
Unexpected reboot of voice gateway 4400ISR |
|
IKEv1 Stuck Virtual-access interface&RRI 15.4(3)s6 |
|
Device crashes due to crypto pki functions |
|
IKEv2 VPN tunnel does not establish when destiantion ip address changes during the AUTH exchange. |
|
Media recording on IOS-XE doesn't work if a refer is received immediately after the call is answered |
|
OSPF SSPF: with Non-ECMP SRTE+RSVPTE, Native paths installed for RSVP TE tunnel with metric option |
|
3650 unable to use loopback as radius source interface |
|
dot1x-err : Dot1x authentication already running for<MAC>with different handle |
|
C9410 - "ip http authentication aaa" does not work with built-in WebUI |
|
ISR4K goes into booting loop with "Flash:" in boot statement |
|
ISR4300 display configuration when bootup with huge config and netconf-yang cli |
|
BE4K crashed @ContactingDest_SnrOtherDestroyDone |
|
Crash while SNMP invokes TTY trap |
|
IKEv2 packet debug shows incorrect port value for IKE_AUTH Request packet |
|
PfRv3 Communication failure often happens for several seconds after removing a cable from HUB-MC |
|
[c94k aaa] %RADIUS-4-RADIUS_DEAD error after provisioned by DNAC |
|
4431 QFP crashes by a LLC packet received in a Serial Interface |
|
BE4K Registration failed for REGISTER matching wrong voip dial-peer |
Resolved Caveats—Cisco IOS XE Everest 16.6.2
Caveat ID Number |
Description |
---|---|
AWS/Azure - unable to ssh into CSR1000v if configured with 192.x.x.x subnet |
|
CSR1000V: Core Files during extended operation - 1vCPU CSR1000V ESXI vSwitch |
|
High memory utilization in the QFP over QM RM process |
|
After on the vnic edit on the fly changes - LAN-SRIOV sub interface ping fails after Reboot of ISRv |
|
AWS CSR redundancy fails to create bfd client if AWS redundancy conf'd prior to BFD intf coming up. |
|
ISIS hello stops to be sent after RSP switchover |
|
IPv6 Tracking for route learned from IBGP Neighbor is Down. |
|
ASR 920 crash on sla with on-demand udp-jitter command |
|
OSPF NSSA Translator ABR does not Translate Type 7 to 5 with only VRF Superbackbone as non-NSSA area |
|
OSPF SRTE: When the prefix is not the best route in the RIB, OSPF does not provide prefix to SRTE |
|
High CPU due to SNMP ENGINE when polling mplsTunnelHopEntry |
|
Enabling ICMP jitter probe support on IOS-XE platforms |
|
OSPF RLFA: when i/f is shut, "%OSPF-3-INTERNALERR: Internal error: Stale release node is referenced" |
|
OSPF SRTE : OSPF External Routes handling - No Native paths marked by OSPF in LRIB. |
|
ISIS: when trying to change cost, "no fibidb for backup interface - ifnum 34" msg appears on the log |
|
OSPF SR: Local prefix DB entry created for translated EPL not deleted in certain scenarios |
|
OSPF: NSSA route not installed in OSPF RIB and GRIB after deleting summary address |
|
Command "segment-routing mpls" under router isis 1 not getting NVGEN'd |
|
OSPF SRTE: Once we disable and enable traffic-engineering, ospf route comes up with out RIB flag. |
|
16.6 OBS: Local LFA is used incorrectly when TI-LFA Node Protection enabled |
|
OSPF SR TE: with multicast-intact option,handling of inter area prefixes incorrect in some scenerios |
|
Path doesn't got installed properly for isis rib output |
|
Tunnels goes down when SR is shut and no shut in latest polaris |
|
OSPF SR: ECMP routes not programmed in MPLS Forwarding table whenever there are Non-Tunnel paths |
|
flow monitor applied on vlan not showing up in show command |
|
eBGP vrf next-hop setting behaviour is changed by CSCuv07111. |
|
Slow convergence with scale after a core link flaps |
|
Incorrect Track Resolution Metric for GRE Tunnel |
|
OSPF GIR BASE: When 1 of NSSA ABR router goes to GIR mode, other nodes do not calculate repair paths |
|
OSPF SR: OSPF External Routes with non zero FWD Address - LRIB original (native) Paths/route missing |
|
RSP1-Continous ESMC tracebacks observed after IMA8T OIR followed by SSO |
|
Nested Enhanced Route Refresh requests triggers Stale Prefixes. |
|
SSO support for VRRP V3 |
|
XE16.7.1:Router crashed when a sh bgp command was executed |
|
Eigrp hmac-sha-256 secret string changes when show running-config is executed |
|
OSPF SIDRedist/BGPLS: directly connected prefixes not provided to BGP LS ... |
|
XE16.7.1:Router crashed when "clear ip bgp vpnv4 u update-group <nei> |
|
ISIS SIDRedist: when seg mpls is disabled and enabled under ISIS, routes not redistributed with sids |
|
OSPF PADJ: Generation of ELL with B bit is inconsistent in some scenerios. |
|
router crash when importing BGP routes - EVPN |
|
Internal interface missing from L2FIB output list |
|
Unable to remove 'mpls tp' configuration from Router. |
|
Two PW-Group switchover notifications are triggered from PI to PD for a single event |
|
IP SLA can trigger crash when used with MPLS probe |
|
BGP Advertised originator as 0.0.0.0 when router sends update-message |
|
Observed multiple Traceback messages on16.3.5 build |
|
"show ptp clock running domain 0 " at TC shows garbage |
|
Traffic drop, on reconfiguring l2vpn sessions after sso on peer |
|
XE16.7.1:sh bgp <AF> u all summ shows double the route count after clear ip bgp * |
|
BGP Crimson: skip next net with same prefix |
|
ISIS BGP LS: When we configure same BGP LS inst id to 2 ISIS instances, it accepts without error msg |
|
ASR1k netflow crash at flow_def_field_list_copy_with_callback |
|
VRRPv3 with VRRS remains NOT READY after shutdown Port-channel IF. |
|
Router crashes while running EIGRP due to double free condition |
|
OSPF SRTE/TI-LFA: When we have autoroute configured, TILFA repair path not computed for native paths |
|
OSPF TILFA: post convergence flag and PRIMARYPATH property not set for some repair paths. |
|
EIGRP Segmentation Fault When Removing VPNV4 LFA |
|
ASR1K RSP crash when command 'show ip rsvp sender detail' was executed |
|
CODM : "platform software status control-processor" missing CPU averages |
|
stale path message for that prefix is noticed when dampening is configured. |
|
Watchdog crash at sla_resp_config_command when executing the "show run" command |
|
ISIS SR : when 2 prefixe cfged with same sid, SRAPP detect conflict, ISIS use same sid for both pfix |
|
Cisco-IOS-XE-bgp-oper: failed to retrieve table table too big |
|
FEW Inter xTR roam scale 400/sec hit on CSR1KV-Map server causes delay in L2&L3 lisp updates to xTR |
|
ISIS FRR : FRR ReOpt Issue, FRR state pointing to Label backup even with primary link up |
|
Crash while BGP-RR Unconfiguration. |
|
Enable "mtu" config in flow exporter |
|
CAT3K SDA border/LISP crashed with segmentation fault |
|
ISIS SR: segmentation fault in ISIS when "no seg mpls" command is given. |
|
Numbered extended IP ACLs break config sync |
|
OSPF SRTE: when SRTE tunnel is down, CSTR flag is not removed from RIB at certain scenerios. |
|
Crash after show ip ospf database summary command |
|
OSPF SRTE: When TE is unconfigured on area , RI LSA is not sent without TE attribute in opaque LSA. |
|
BGP VRF route redistribution into global routing table fails after a VRF route flap |
|
ISIS BGP LS: The TE tunnel link is not displayed in the show lslib link command. |
|
tunnel interface missing in frr-manager |
|
Router crashes when doing "show ip bgp neighbor" on a flapping BGP neighborship |
|
BGP w/global import/export crashes when several nbrs deleted simultaneously |
|
OSPF SR: Stale srgb handle used after changing the SRGB range |
|
IS-IS support for mult-instance redistribution for IPv6. |
|
SNMP ENGINE high CPU usage observed with 1.3.6.1.2.1.185.1.1.1(mgmdHostInterfaceEntry) |
|
ISIS BGP LS: unconfiguring BGP LS in single level results in stale LSLIB database |
|
VRRP non-zero authentication data on 16.3.3 |
|
OSPF TI LFA: when we have TILFA tunnel with more than 1 segment, label not calculated correctly. |
|
OSPF SID Redist: when virtual link is un-configured and NSSA area is configured ext sids not cleared |
|
IPv6 BGP network advertized not seen in the peer |
|
NETCONF-YANG/RESTCONF edit config fails silently, subsequent get config reports false-positive |
|
OSPF SR: %SR-3-SR_INTERNAL_ERR due to stale srgb handle used after changing the SRGB range |
|
Setting snmp-server via netconf takes more than 30 seconds |
|
After disabling http server/https server on netconf, IP-Adm-V4-Int-ACL-global delete |
|
AWS/Azure - unable to ssh into CSR1000v if configured with 192.x.x.x subnet |
|
Stale Mac entry in MLRIB |
|
ISIS redistribute connected not working for IPV6 routes |
|
Martian check for Distance command needs to be removed |
|
3850 AVB Domain state changing CORE <--> BOUNDARY |
|
Stale Mac entry in MLRIB additional fix |
|
NMR calculation is wrongly considering eid-record of 0.0.0.0/0 in SDA |
Caveats: Cisco IOS XE Everest 16.6.3
Open Caveats—Cisco IOS XE Everest 16.6.3
Caveat ID Number |
Description |
---|---|
Skywalker: Failed to create, Pseudowire interface |
|
Excess BGP Traps Generated just after upgrade |
|
OSPF SRTE: Invalid primary paths and metric seen with SRTE autoroute announce with metric option |
|
IP TUNNELS: Overlapping Loopback Interface Causes Incorrect Forwarding Decision with AppNav and PfR |
|
IOSd crashed when dialer disconnect the ISDN call |
|
NDSSO vrf ha table to be populated correctly |
|
Crash when it tries to write over a TTY session |
|
Crash in SDP Passthru when T.38 as 1st mline in mid-call SDP |
|
GETVPN // Primary KS sending rekey first to GM's and then to Secondary KS via scheduled rekey. |
|
MIB counter for IPSec tunnels does not decrement under high tunnel scale and churn |
|
IOSXE_INFRA-6-PROCPATH_CLIENT_HOG: IOS shim client man stats bipc has taken 278 msec |
|
IOS-XE router crash from memory corruption during CCB cleanup |
|
MPLSoFlexVPN: Hub does not forward resolution req when default route is advertised to spokes |
|
CTS PAC download fails with VRF config on non-managenent interface |
|
IOS-XE Router crashed unexpectedly with critical process fault, fman_fp_image, fp_0_0, rc=134 |
|
%SNMP-3-RESPONSE_DELAYED: processing GetNext of cafSessionEntry.2 seen on catalyst switch |
|
ISR 4000 discards private RSA key after upgrade and reload with WAAS module |
|
ASR1K BGP scanner crash when change VRF and BGP configuration |
|
PFR: Overlapping Loopback Interface Causes Incorrect Forwarding Decision with AppNav and PfR |
|
Crash when downloading configuration from APIC-EM server |
|
IOSd crash in config_dialpeer_descr while applying a DP |
|
Continuous crash in "/kernel/mki/src/free" after upgrade to version 15.5(3)S6 |
|
XE316: throughput is licensed throughput when idcert renew is failed and EVAL mode |
|
"HTTP CORE" Process Crashes When Parsing PNP Transport Config |
|
CSR1000v HA vCUBE IP-4-DUPADDR detected after Active router goes down. |
|
PfRv3: Crash while Printing the Same TCA Message |
|
Crash after crypto map removal |
|
Sporadic Crashes Due to IPSec (during ISAKMP AAA interaction) |
|
Nexthop is wrong in route-import table on branch when delete WAN interface and reconfigure it |
|
iwan router crash while updating pmi policy |
|
Memory Leak due to nbar config |
|
FP crash with scaled IKE sessions. |
|
CPUHOG on QoS statistics collection for DMVPN. QoS crash with DMVPN/NHRP. |
|
ISR4k router crashes during status check on WAAS Express |
Resolved Caveats—Cisco IOS XE Everest 16.6.3
Caveat ID Number |
Description |
---|---|
Memory leak seen while creating vlans using Tclsh |
|
tcp_getbuffer memory leak - refcount not reduced when packet dropped |
|
Crash after IWAN does a recalculation in the RIB |
|
SCEP enrollment failing with HTTP/1.1 500 Internal Error |
|
IPsec/IKEv2 Installation Sometimes Fails With Simultaneous Negotiations |
|
CME/BE4000 Intermittently Crashes when making configuration changes |
|
%UTIL-6-RANDOM: A pseudo-random number was generated twice in succession |
|
BGP crashes at bgp_ha_sso_enable_ssomode |
|
920 : Mid Point LSP creation failure after reload with latest polaris Image |
|
In-dialog options ping received post ACK (call completion) cause cube to change codec and no audio |
|
voiprtp_register_transport_port_manager_and_reserve: Alloc ports failed, min: 8000, max: 48199 248 |
|
IWAN router crash while updating pmi policy |
|
QFP exmem memory leak in cpp_fm_sce_result_chunk |
|
Router crash after EEM-wanfailover script triggered |
|
CUBE cannot handle mid-call re-invite when midcall-signalling passthrough mediachange is configured |
|
Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability |
|
IOS-XE DMVPN Per-tunnel QoS not working on CSR1k without AX license |
|
GETVPN: TBAR sync "timer is not running" after KS upgrade causing anti-reply drops and GM outages |
|
Traceback: Stack master crash at dot1x authentication |
|
Router crash during T38 fax bitrate negotiation |
|
ISRv: Hot add of multiple vnics fails to add some |
|
Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability |
|
Crash when printing IPSEC anti-replay error |
|
Router crash on polling cEigrpPeerEntry |
|
Mid-call failure because all available Crypto is not Offered in SDP |
|
Router crashed after triggers with debug |
|
IWAN EIGRP SAF - seq number mismatch after branch reload |
|
KS merge fails for groups with TBAR due to PST update failure on primary KS |
|
Crash at cc_detect_mute_call |
|
DMVPN session get stuck in NHRP and UP-NO-IKE state without active IKEv2 session until rekey |
|
Polaris: Crash observed while client association with key-wrap enabled in controller. |
|
After upgrade of IOS, SSH passwords longer than 25 characters do not work |
|
EAPTLS:- Session manger crashing with MKA/EAPTLS session bring up with newly installed certificates. |
|
In HA system, with secure storage, the private-config is being encrypted multiple times |
|
IOS-XE MOS scores always show 4.x even with massive packet loss. |
|
CME/BE4000 crash occurs when call is made to invalid SNR destination |
|
Traceback: OCSP creates a large number of lists and triggers a memory problem |
|
Device IP address AV pair replaced with 192.168.1.5 |
|
"no cdp enable" is rewritten to "no cdp tlv app" after reload. |
|
PKI: All SCEP requests fail with "Failed to send the request. There is another request in progress" |
|
Polaris 16.3.5: Crash at auth_mgr_show_dc_details |
|
CFD: pnp config upgrade failed when IFS returns size 0 for all TFTP files |
|
Traceback: Crash on WAAS menu prompt for WAN Interface |
|
Crypto Traceback: Router crash at "Crypto Support" segmentation fault |
|
AToM: MSPW VC Down with Reason as No VC Remote Label Binding Received on RP SSO |
|
Mgig stack keeps crashing while configuring with Radius commands |
|
IOS-XE GM router might crash after the rekey method is changed from unicast to multicast |
|
Device IP address AV pair replaced with 192.168.1.5 |
|
Cannot add static route through dynamic NEMO tunnel interface |
|
PKI: Device crash during crl download with multiple CDP URI |
|
Evaluation of all for CPU Side-Channel Information Disclosure Vulnerabil |
|
Spoke-to-spoke site-prefix reachability checking should be removed |
|
Output QoS policy is removed from Dialer interface after reloading the device if input policy exists |
|
CLI "aaa common-criteria" not available on IPBASEK9 license |
Caveats: Cisco IOS XE Everest 16.6.4
Open Caveats—Cisco IOS XE Everest 16.6.4
Caveat ID Number |
Description |
---|---|
CSR 1000v on AWS Gateway Redundancy not working |
|
CSR 1000v High platform memory utilization reported with memory add-on License |
|
sh ipv6 neigh statistics not updated post RPSO for entries synced |
|
OSPF BGP LS: When seg mpls is disabled on the nbr, the unnumbered links not withdrawn from LSLIB. |
|
Cisco IOS XE 16.4: Traceback @mpls_ldp_cfg_interface while enabling isis |
|
RSP3:CFM up mep on PC over xconnect/FAT-PW does not work after certain steps |
|
IOSd crashed when dialer disconnect the ISDN call |
|
ISDN switch-type configure issue for BRI leased-line |
|
ISIS SRTE: When one of ECMP path for prefix is not enabled for SR, SRTE tunnel does not come up. |
|
Traceback@cpp_mlp_bundle_stats_query_all_cmn on fp reload |
|
OSPF SROAM: "%ARP-3-ARPADJ: Internal software error during updating CEF Adjacency" when box comes up |
|
BGP net should have inlabel if bgp mpls-local-label is configured |
|
NDSSO vrf ha table to be populated correctly |
|
[1661]- Switch number is missing in stack merged logs. |
|
Observing memory leak in AAA_MALLOC_LITE |
|
OSPF SR/SIDredistribute: when SID configured > avbl SRGB, that sid should not be advertised in EPL |
|
Crash due to Stack overflow |
|
Combination of add-path, backup path and advertised-to leaves is not giving expected netconf values |
|
CTS PAC download fails with VRF config on non-managenent interface |
|
Cisco ASR 1000: for Cisco IOS XE 16.5 and later: tracelogs/punt_debug.log* missing when punt keepalive timeout / crash occurs |
|
VRF import config missing ipv4 unicast after no router bgp |
|
IPSLA ICMP-jitter stats reporting some of the received packets as lost. |
|
EXEC process stuck vty line where 'no exec' is set |
|
standby rp crash on removing member link from port-channel |
|
Cisco ASR 1000 Segmentation fault in dhcp_sip process |
|
Router crash when removing route-target and with hard clear |
|
Switch reloads when kron job scheduled in 0 minutes |
|
Console authentication fails on non-master switches of C3850 stack. |
|
SNMP walk of cipslaPercentileLatestStatsTable does not give all the cipslaPercentileTypeVar types |
|
slow convergence when configuring ha-mode sso for IPv6 peers |
|
Cisco ISR 4331@ memory lock occurs when archive config and "wr" ware executed at the same time |
|
IPDT flapping after upgrade to 15.2(2)E7 |
|
Cisco-IOS-XE-policy yang model does not support "set precedence" |
|
Ti-LFA Repair Path is not Loop-Free |
|
QFP CGM Memory depletion during ISG session churn |
|
OSPF TILFA: tilfa repair path computation ALGORITHM fails with reason code BAD FH NBR |
|
OSPF TILFA: tilfa repair path computation ALGORITHM uses incorrect firsthop router-id |
|
Evaluation of all for May CPU Side-Channel Information Disclosure Vulnerabilities |
|
Evaluation of Cisco CAT 9300 for May CPU Side-Channel Information Disclosure Vulnerabilities |
|
Evaluation of Cisco CAT 9400 for May CPU Side-Channel Information Disclosure Vulnerabilities |
|
Evaluation of Cisco CAT 9500 for May CPU Side-Channel Information Disclosure Vulnerabilities |
|
OSPF TILFA: tilfa ALGORITHM fails to get repair node n-sid label when vertex is beyond PGW node |
|
Cisco ISR 4000 handles MTU on Virtual-PPP interface differently and does not respect DF-bit on QFP level |
|
Standby switch crash whem removing kron scheduler command |
|
initial SNMP traps take agent-addr from shutdown interface |
|
ASR1K crash in tplus_handle_req_timeout |
|
Kernel OOPS reporting ECC error |
|
Device crash after execute command "show lldp neighbor [int] detail" |
|
Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06 |
|
Subscriber template not cleared after idle time exceed as well as traceback generation |
|
IPv6 AAA Prefix Support for 3rd party PPP clients no password for -dhcpv6 Access-Request |
|
3650 mab failover does not work after first failed dot1x authentication |
|
SISF crash in IPV6 neighbor discovery packets |
|
Cisco ISR 4321 Radius Chap authentication does not work |
|
Called-Station-Id attribute not included in Radius Access-Request |
|
3650/3850 do not send reload message to Syslog |
|
CBR8 After SUP failover, some BSOD clients have no service, L2VPN |
|
Cisco ASR 1000 No kernel/coredump generated with watchdog reload event |
|
AVC license should be activated only in case of smart licensing model |
Resolved Caveats—Cisco IOS XE Everest 16.6.4
Caveat ID Number |
Description |
---|---|
%SEC_LOGIN-4-LOGIN_FAILED does not show username in [user: ] |
|
Memory leak under LLDP Protocol process |
|
Excess BGP Traps Generated just after upgrade |
|
IP TUNNELS: Overlapping Loopback Interface Causes Incorrect Forwarding Decision with AppNav and PfR |
|
Router loses RSA keys upon boot with private-config encryption and config archive enabled |
|
Memory leak occurs on DHCP client |
|
OSPF GIR BASE: not all repair paths calculated for AS ext routes when routes rxed with maxmetric |
|
BGP RR changes tunnel parameters for bgp evpn route type 3 |
|
router reloaded when doing show BGP RT filter routes |
|
CTS Pac download fails with ISE reachability through loopback interface over vrf |
|
Stub is not leaking the network as expected |
|
OSPF SR: When SRGB range is changed, mapping server entries do not get re-installed. |
|
IOS crash in SOCK TCP Test Server process |
|
isr4321 crash @ BGP Router for bfd bgp when sending traffic |
|
rotate nginx access/error log files |
|
Loopback interface not appearing in RIB after upgrade |
|
OSPF SR: When loopback isconfigured with prefix suppression, EPL should be withdrawn |
|
When NSSA ASBR is reloaded, ECMP to ext routes not installed in other routers. |
|
OSPF SSPF: when seg area is disabled and enabled, mapping server EPL entries not re-generated. |
|
Hub MC continues to send EIGRP SAF hellos after adjacency removed |
|
OSPF; process ospf segmentation fault when shut and no shut is performed in active RP. |
|
OSPF BGP LS: After fail over, error msg seen: %LSLIB-4-EOD: Producer OSPF-0x0 did not send EOD |
|
ISR receives a control packet (CDP) with a CMD tag it should process it, not drop it |
|
Toggling the switchport then default the interface, load-interval config reapplied |
|
ISAKMP Fails When Multiple HSRP tunnel/SVTI Interfaces Configured |
|
Crash after TCP session timeout |
|
Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability |
|
When shutting interface with no isis adjacency, local micro-loop avoidance blocks FRR recalculation |
|
OSPF SRTE: prefix information is not provided to SRTE when it is learnt via mapping server. |
|
Default route redistributed into RIP from EIGRP is not removed from RIP database |
|
ISIS l1-l2 redistribution prefix doesnt get redistributed till clear isis rib redistribution is done |
|
DHCPNAK is not sent in roaming scenario. |
|
%SNMP-3-RESPONSE_DELAYED: processing GetNext of cafSessionEntry.2 seen on catalyst switch |
|
CDP Protocol can run device out of memory |
|
Increase of dampening penalty on route refresh |
|
VRF deletion status <being deleted> after removing the RD |
|
HIGH CPU observation on FMAN RP ESS EVENT TRACING |
|
ISIS SR: When seg mpls is shut globally, ISIS SID entries not withdrawn from the entire network. |
|
OSPF SR: When loopback is defined as /24 address, EPL should not be sent for the prefix. |
|
Cisco ASR 1000 BGP scanner crash when change VRF and BGP configuration |
|
ISIS SRTE: Explicit SRTE keeps flapping when ISIS is not the winning route in the RIB |
|
OSPF SSPF: With SRTE tunnel, constrained bind of SID0 uses invalid old repair path in some cases |
|
Missing LSP sending after configuration change |
|
OSPF SSPF: mapping-server strict SID is processed by images which are not strict spf capable |
|
OSPFv2 Encoding for local-id in LLS needs to be fixed |
|
BGP sets the wrong Local Preference for routes validated by RPKI server |
|
Incorrect pass-through statistics seen during soak run |
|
3850 standby switch reloads due to configuration-mismatch after use "exception crashinfo" command |
|
OSPF SSPF/TILFA: TILFA ECMP tunnels are not created when the last segment is adjacency sid. |
|
Cisco ISRv QOS -service-policy defined in bootstrap config may not be applied |
|
Multicast IPSLA UDP Jitter throws Socket open error if vrf interface is configured on responder |
|
WSMA: Server responds with HTTP 404 on wsma-exec with http transport profile |
|
EIGRP network statement reappearing after reboot |
|
EIGRP Name mode Summary route is not being apply on Virtual-Access on HUB |
|
Crash when receiving EVPN NLRI with incorrect NLRI length field value |
|
SDA-IPV6::SISF traceback @ar_relay_create_entry - L2 Binding tbl entry insertion failed |
|
ISG : IETF-Disc-Cause = 0 if DHCP SIP disconnect |
|
OSPF SSPF: ECMP combination of SRTE tunnels and MPLS-TE tunnels does not work properly sometimes. |
|
ISIS SR: When the SRGB range is increased, the local SIDs which are in new range are re-installed. |
|
Crash due to race condition caused by IOS radioactive trace code |
|
AAA Attrbute list leak in Polaris 16.6.2 |
|
LISP: Overlapping prefix causes "probe-down" for map-cache entry |
|
OSPF Hello timer 10sec is not applied in network type non-broadcast |
|
Update IOS XE OSPFv2 ELL private TLVs to IANA codepoints |
|
ISIS SR: When seg mpls is shut under ISIS, sid entries not cleared in the local router. |
|
EIGRP SAF Adjacency doesn't form with /31 mask |
|
ASR1002HX FP Crash post LNS path switchover |
|
ISIS BGP LS: When distribute link state changed from level 1 to level 2, entries not given to BGP LS |
|
OSPF SSPF/SRTE: when we have ABR with multiple interfaces to backbone area, SPF keeps running. |
|
[168] OSPF process crash on P router when 'router ospf <>' is unconfigured on another PE or P router |
|
VRRP doesnt work over Port-channel L3 interface |
|
EIGRP offset-list still active if ACL used in offset-list is removed before offset-list |
|
OSPFv3 cost calculation not correct in some specific topology |
|
NULL remote_hostname from LAC |
|
System reload when clearing cts pac |
|
Noisy debugs in "periodic" tracelog |
|
Redundancy Mode None does not Sync |
|
Command "show aaa servers" reloads the switch |
|
IOSd crash when enabling dot1q in a port-channel sub-interface |
|
Explicit SRTE tunnels are not come up when a prefix is redistributed between levels |
|
RR does not send VPNv4 routes to peer |
|
Chunk corruption crash related to PNP or Guestshell |
|
Cat9300 not responding to ARP request for GW Anycast IP |
|
downloaded policies hit by traffics were all gone after the second SSO |
|
Redistributing connected route with AIGP attribute is being continuously readvertised |
|
ASR 1000 reloaded after IPv4 RR stress test |
|
Cisco ASR 1004 started relaying client's DHCP Discover messages to DHCP Server with the wrong IP address |
|
tacacs-server is missing keyword "key" in argument/option available |
|
LACP Rate defaults to fast with no way to change it to normal |
|
AAA-Proxy errors in dmiauthd tracelogs |
|
iBGP dynamic peer using TTL 1 |
|
[ECA-SIT] IOSd crash seen on xTR with baseline @ sisf_macdb_get_vlanid |
|
Throughput defaults to 1000kbps after license expires |
|
ISIS SRTE: SRTE tunnel not created due to R-flag set |
|
3850 show policy-map int cannot display complete |
|
Subsystem stopped: ios-emul-oper-db due to bgp table issue |
|
OSPF SSPF: EPL not sent for secondary addresses on loopback interfaces. |
|
ip dhcp excluded-address deletion issues via netconf |
|
FMFP-3-OBJ_DWNLD_TO_DP_FAILED error after modifying QoS policy |
|
Virtual-service guest IP accepts broadcast address |
|
Abnormal output for show pnp tech-support |
|
Netconf IP-SLA udp-jitter case missing leaf codec |
|
RP crash @policymap_associated_to_multiple_instances |
|
"%LISP-4-LOCAL_EID_RLOC_INCONSISTENCY" should be supporessed in SDA context |
|
Unexpected metric value for route redistribution from BGP to OSPF |
|
3850 crashes multiple times due to issue in ( ipv6_encap_and_send ) |
|
Cisco IOS XE 16.8.1:dot1x Clients stops responding ( ping to clinet IP fails) after SSO (CSCvh68810) (PD changes) |
|
Cisco ISR/C1100: interface down/up does not renew dhcp assigned ip address |
|
Repeatedly Tracebacks seen : %INFRA-3-INVALID_GPM_ACCESS: Invalid GPM Load |
|
Incorrect BDI configuration state shown by NETCONF on interface creation |
|
IPv6 VRRP Master is using using vlan BIA MAC while sending Neighbor advertisements (NA) |
|
Persistent Telnet and SSH crashes when configured in 16.6.2 |
|
802.1x authentications are failing if there was interface template config applied before |
|
All router mcast is removed by "no ipv6 mld router" in specific timing |
|
CDP packets not getting encapsulated over multipoint GRE tunnel |
|
IS-IS unnecessarily updates RIB when in metric-style narrow |
|
C1111-8P: random commands may trigger TACACS+ to crash |
|
Evaluate NTP February 2018 Vulnerabilities. |
|
Incorrect "Hop count" obsearbed in IPv6 EIGRP |
|
Radius source interface command is not taking effect on ISR 4k |
|
MATM RP Shim Process memory leak @aaa_attr_list_alloc make_a_sublist_max |
|
CPUHog and crash on DNS-SRV-1 process |
|
Crash when running MPLS Tunnel protection command |
|
Remove stack 1+1 CLI for WS-C3850-48XS |
|
OSPF SSPF: tilfa ALGORITHM fails to compute repair path, reports incorrect reason of too many labels |
|
NMR TTL is wrongly considering eid-record of 0.0.0.0/0 for its calculation |
|
link local multicast packets are received when the SVI is in down state |
|
Rapid TDL memory leak in SMD process leads to crash of active switch in stack for ipv6 clients |
|
Device-tracking entry stuck in TENTATIVE for certain Mac Pro hosts configured with static IP |
|
SNMP cafSessionMethodState not unsupported after Denali 16.3.3 upgrade on 3850 |
|
OSPF TILFA: tilfa ALGORITHM preference rules does not pick repair path with lowest number of labels |
|
IPv6 address not assigned or delayed when RA Guard is enabled |
|
On IOSXE neighbor command under pseudowire interface is rejected |
|
Reverse-tunnel routes under PMIPv6 MAG config not using configured distance metric |
|
mac-move doesn't work on IBNS 2.0 unless you disable it then enable it back |
|
OSPF SSPF: With SRTE tunnel scale, SRTE SID0 constraint Label Bind fails with LABEL_BROKER error msg |
|
Initial Trustpool installation not successful before PKI is ready |
|
type 7 password parsed incorrectly in dot1x credentials causing auth failure |
|
Cisco ISR 4000 IOS-XE PBR fails when next hop is recursive over tunnel |
|
Web redirect clients do not get redirected, Create IO ctx, too many intercepted connections |
|
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = ACCT Periodic Proc |
|
BGP attribute map for aggre address can not set attribute |
|
RADIUS client on network fails to solicit PAC key from CTS even though the device has a valid PAC |
|
DNS Debug seen without enabling any debug |
|
ASR 1000 - exhausted IP Session Handles - %IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0) |
|
%PMIPV6-5-TUNNELDELETE: |
|
OSPF SSPF: When sid 0 is removed, wrong implicit-null label used for inter-area prefix. |
|
Memory size in smand process increases on 3850/3650 without any services, uplinks nor configuration |
|
Crash when doing SNMP walk and applying QOS over a GRE tunnel |
|
Telnet Sessions Hang/Become unavailable at execution of "show run" |
|
ACEs after an object-group reference not being processed in software if ACL has more than 13 ACEs |
|
Dynamic vlan assignment causes all sisf entires under the port to be deleted |
|
C9400- When PoE interface comes up with specific config, causes High CPU %, IOSd , IOMd crashes |
|
"ip rsvp bandwidth" max value limited to 10 GE |
Caveats: Cisco IOS XE Everest 16.6.5
Resolved Caveats—Cisco IOS XE Everest 16.6.5
Caveat ID Number |
Description |
---|---|
Watchdog crash after "% AAA/AUTHEN/CONT: Bad state in aaa_cont_login()." |
|
SNMP Error: OID not increasing: @ipAddressIfIndex.ipv6z |
|
Catalyst switch crashes when editing wireless controller settings through web interface on c3650 |
|
QoS Overrides loadbalancing to per prefix even with only session level policing applied |
|
Standby RP Reloads due to Config Sync Failure When Applied Service-insertion WAAS on Physical Int |
|
CLI show aaa clients detailed command triggered SSH to crash |
|
Standby RP crashes due to shortage of memory when running OSPF |
|
ASR1k | Segmentation fault in dhcp_sip process |
|
Crash with IOSXE-WATCHDOG: Process = IPv6 RIB Event Handler |
|
Router crash when removing route-target and with hard clear |
|
ZBFW HA: Configuring redundancy RII on virtual template auto-tunnel does not take effect |
|
Router crashed when lsp-mtu is changed |
|
Reload removing ipv6 VRRP group |
|
Standby switch crashes when flow-exporter destination configured with Hostname |
|
Crash in XDR process: "fib_rp_table_broker_encode_buf.size <= FIB_RP_TABLE_BROKER_ENC_BUF_SZ" |
|
16.10 ASR1K: IOSd crash @SSS Manager during sessions teardown |
|
QFP CGM Memory depletion during ISG session churn |
|
ASR1K crash in tplus_handle_req_timeout |
|
Backup path incorrect for ring topology where high ISIS cost is configured on 1 link. |
|
Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06 |
|
subscriber template not cleared after idle time exceed as well as traceback generation |
|
Shimming have some issue over selecting idb |
|
mtu cli is disappeared from show run when interface dialer sh/no shu |
|
Missing interface source template model |
|
sgt-map gets cleared for some of the end points for unknown reason |
|
SISF crash in IPV6 neighbor discovery packets |
|
Zero Touch Provisioning (ZTP) fails to apply certain service instance configuration. |
|
Observing bmalloc smd leaks at OBJ_WEBAUTH_LOGOUT_URL with webauth |
|
bgp crash while running show command and same time bgp peer reset |
|
ISRv: ONEP process crash during day0 bringup |
|
ASR1001-HX crashed due to critical software exception on operation group-object add/remove |
|
SSH V2 crash |
|
ASR1k PWLAN: Cisco-AVPair = remote-id-tag=5 missing after roaming |
|
ASR1001-X crash due to free block at tty_handle |
|
CSR1000v: crash at mempool_add_region when adding memory |
|
CSR1000v running inside Citrix XenServer 7.0 crashed |
|
3850 crash with smd fault on rp_0_0 |
|
DNA Center SWIM Upgrade fails and unable to upgrade manually |
|
Device Tracking - Memory leak observed with IPv6 NS/NA Packets . |
|
500~600 secs Increase in boot time when "ip domain lookup" configured. |
|
Crash in xoslib code for onepk process when using yang-netconf |
|
Memleak (IP: RIB Alternate Preference): provides fix for CSCvk68355 |
|
ISR/CSR - Memory Corruption of mdl_tbl due to fia-history CLI |
|
ASR1K: ipv6 telnet session with vrf is failing |
|
CFD: PNP DNS discovery with trust pool flow uses IP address in PNP profile instead of FQDN |
|
[IBNS 2.0] aaa-available event is not being triggered when using authentication/authorization list |
|
2nd phase fix for CSCvk45142 |
|
SNMP v3 discloses password in the parser warning syslog trap |
|
BGP updates missing ISIS advertising-bits led to LDP label purge on peer. |
|
"autoroute announce" and "loose" path not working on intra-area TE tunnel |
|
POLARIS: HOLE is not created when 'acl default passthrough' configured |
Open Caveats—Cisco IOS XE Everest 16.6.5
Caveat ID Number |
Description |
---|---|
IOSd crashed when dialer disconnect the ISDN call |
|
NDSSO vrf ha table to be populated correctly |
|
[1661]- Switch number is missing in stack merged logs. |
|
License synchronized to SSMS despite being removed from SL Portal |
|
CTS PAC download fails with VRF config on non-managenent interface |
|
Complete content for interface templates |
|
Quake-sessmgrd Huge Mem Leak After Master switchover |
|
BGP Traceback/Crash seen with 20k IPv4 BGP scale after reload/clearing bgp |
|
QoS stats process crash |
|
netconf/yang or telemetry retrieval of /trustsec-state/cts-rolebased-policies breaks |
|
ATOM CW is not exchanged after node reload |
|
Signaling interface inactive on "show snmp mib ifmib ifindex de" on IOS 16.6.3 |
|
'hw-module subslot 0/2 reload' CLI does not activate the container after harddisk format |
|
config-sync failure 'aaa authorization commands' |
|
Crash after issuing "no ip dhcp snooping VLAN <VLAN #>" command |
|
DHCP Server sends Renew ACKs to Clients with 00:00:00:00:00:00 MAC in L2 frame |
|
No MPLS label after SSO with ISIS segment routing |
|
ISR4331 Routers May Crash When "eigrp default-route-tag" Configured on IPv4 AF |
Caveats: Cisco IOS XE Everest 16.6.6
Resolved Caveats - Cisco IOS XE Everest 16.6.6
Caveat ID Number |
Description |
---|---|
SNMP with Extended ACL |
|
BGP event crash@bgp_afpriv_imp_is_imported_path |
|
NAT MIB not populated when using traditional NAT |
|
Router shows "Flash disk quota exceeded" during the reload, but it still has 60% of free memory left |
|
CME with external SIP trunk registration results into crash. |
|
QoS stats process crash |
|
IKE Fragmentation payload incorrectly marked as critical |
|
Router may crash when a SSH session is closed after configure TACACS |
|
Standby switch crashes when adding a host name to an object-group |
|
ACL dropping packets after updating it - %CPPEXMEM-3-NOMEM |
|
Crash under AFW_application_process with shared-line configuration |
|
[EIGRP] a summary route is updated by an external route |
|
'hw-module subslot 0/2 reload' CLI does not activate the container after harddisk format |
|
MPLSoVPN: Change behavior of default route in NHRP. Must insert 0.0.0.0/0 instead of /32 |
|
CME Consult Transfer and PARK Transfer Result in call-fwd-all Added to the Configuration |
|
CUBE Crash in sipSPIAppAddCallInfoUI |
|
Device running IOS-XE 16 Polaris Sees Crash When Performing NAT ALG on FTP Packet |
|
Router Crashes When PKI-CRL-IO_0 Runs out of Stack Space During Failed DNS Lookup for CA Server |
|
Cube crash with %SDP-3-SDP_PTR_ERROR |
|
NHRP process is crashing |
|
PBR doesn't work for dialer intf when it doesn't have fixed ip address |
|
CUBE doesn't forward INVITE with "midcal-signalling passthru media-change" during a video escalation |
|
Crash while processing ISIS updates when DiffServ-TE is enabled |
|
Static Nat fails to translate SIP Trying L7 header |
|
Modified EIGRP timers on Virtual-Template put all associated Vi interfaces into passive mode |
|
FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload |
|
Router reloads on 'show track' command when there is track object for deleted serial sub-interface. |
|
Split DNS in case of UDP query to WAN interface IP via LAN interface |
|
zbfw with ip sla icmp echos builds tcp syn session |
|
CLI "nat force-on" in voice service voip not working as expected |
|
FMAN crash due to Flexible Netflow (fnf) |
|
Crash due to chunk corruption in ISIS code |
|
PKI incorrect fingerprint calulation during CA authentication |
|
Crash at Process = SCCP Auto Config |
|
DHCP discover packets were being dropped at firewall since UDP source port as 0. |
Open Caveats - Cisco IOS XE Everest 16.6.6
Caveat ID Number |
Description |
---|---|
Memory leak under CCSIP_UDP_SOCKET / MallocLite |
|
SSS Manager Traceback observer when test MLPPP |
|
Crash noticed when routes are getting imported twice(from vpnv4 to vrf to evpn) with route churn |
|
IOS-XE Router may crash when attempting to Fragment Corrupted IPv4 Packet |
|
IPSec-Session count in "show crypto eli" reaches max causing VPN failure |
|
IOS-XE ACL port information preserved after encapsulation |
|
Crash when polling IPForwarding MIB |
|
Crash at mpass_restore_nonbl_persist_state due to invalid vector |
|
After Configuring a New VRF Routes Are Not Imported From WAN Into l2vpn EVPN For Unrelated VRF |
|
Memory leak happens at CCSIP_SPI_CONTR process for every trunk out-of-dialog message with "contact" header in it. |
Caveats: Cisco IOS XE Everest 16.6.7
Resolved Caveats - Cisco IOS XE Everest 16.6.7
Caveat ID Number |
Description |
---|---|
CSR1000v HA vCUBE IP-4-DUPADDR detected after Active router goes down. |
|
TCP 3WAY handshake fail for redirected packet using PBHK. |
|
On-Prem DMVPN fails to establish a dynamic tunnel between Spoke nodes. |
|
Connectivity is broken on ingress-replication L2DP/VXLAN. |
Caveats: Cisco IOS XE Everest 16.6.8
Resolved Caveats - Cisco IOS XE Everest 16.6.8
Caveat ID Number |
Description |
---|---|
cpp_bqs_srt_yoda_csr_tree_seid_initialize:1744 is not in "placed" state |
|
CPP traceback generated on interface flap with L2 Bridging configured in CSR1000v |
Caveats: Cisco IOS XE Everest 16.6.9
Resolved Caveats - Cisco IOS XE Everest 16.6.9
Caveat ID Number |
Description |
---|---|
Duplicate entries seen in MAC filter table |
Open Caveats - Cisco IOS XE Everest 16.6.9
Caveat ID Number |
Description |
---|---|
e2e ping is failed after configuring profiles qos-de and aaaauth1 |
|
Packet-tracer error message % Error: Failed to collect packet info |
|
FRR feature not working in ESP100 and ESP200 |
|
Incomplete arp in management interface |
|
CDETS to follow up fix "P-bit Sev Err Secs" increasing in patterns of 256 in SM-X-1T3/E3 in ISR4451 |
|
NIM interfaces go into shutdown after router bootup. |
|
Crash observed in QFP in ASR1001-X running 16.06.05 when GPM is running low |
|
Dataplane QFP crash with CAPWAP traffic when CAPWAP stripping is enabled |
|
IGMP snooping table not populated on ISR4k |
|
Crash at the moment of calculating tcp header |
Related Documentation
For information about the Cisco CSR 1000v Series and associated services, see: Documentation Roadmap for Cisco CSR 1000v Series, Cisco IOS XE 16.