Cisco CSR 1000v Series Cloud Services Routers Overview
Note |
Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.
Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience. Do provide feedback about your experience with the Content Hub. |
Virtual Router
The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.
When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.
Secure Connectivity
CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.
System Requirements
Hardware Requirements
For hardware requirements and installation instructions, see the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide .
Software Images and Licenses
The following sections describe the licensing and software images for CSR 1000V.
Cisco Smart Licensing
The Cisco CSR 1000V router supports Cisco Smart Licensing. To use Cisco Smart Licensing, you must first configure the Call Home feature and obtain the Cisco Smart Call Home Services. For more information, see Installing CSR 1000V Licenses and Smart Licensing Guide for Access and Edge Routers.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
Cisco CSR 1000v Evaluation Licenses
Evaluation license availability depends on the software version:
-
Evaluation licenses valid for 60 days are available at the Cisco Software Licensing (CSL) portal: http:/www.cisco.com/go/license
The following evaluation licenses are available:
-
IPBASE technology package license with 10 Gbps maximum throughput
-
SEC technology package license with 5 Gbps maximum throughput
-
APPX technology package license with 5 Gbps maximum throughput
-
AX technology package license with 2.5 Gbps maximum throughput
If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.
For instructions on obtaining and installing evaluation licenses, see the “Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later” section of the Cisco CSR 1000v Software Configuration Guide .
Cisco CSR 1000v Software Licenses
Cisco CSR 1000v software licenses are divided into feature set licenses. The supported feature licenses depend on the release.
Current License Types
The following are the license types that are supported (Cisco IOS XE Everest 16.4.1 or later):
-
IPBase: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)
-
Security: IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)
-
AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)
-
APPX Package: IPBase package + Advanced Networking features - Security features (IP security features not supported)
Legacy License Types
The three legacy technology packages - Standard, Advanced, and Premium - were replaced in the Cisco IOS XE Release 3.13 with the IPBase, Security, and AX technology packages.
Features Supported by License Packages
For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.
Throughput
The Cisco CSR 1000v router provides both perpetual licenses and term subscription licenses that support the feature set packages for the following maximum throughput levels:
-
10 Mbps
-
50 Mbps
-
100 Mbps
-
250 Mbps
-
500 Mbps
-
1 Gbps
-
2.5 Gbps
-
5 Gbps
-
10 Gbps
The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.
Memory Upgrade
A memory upgrade license is available to add memory to the Cisco CSR 1000v router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.
Additional Information about Licenses and Activation
For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.
Software Image Nomenclature for OVA, ISO, and QCOW2 Installation Files
The Cisco CSR 1000v installation file nomenclature indicates properties supported by the router in a given release.
For example, these are filename examples for the Cisco IOS XE Everest 16.4.1 release:
-
csr1000v-universalk9.16.04.01.ova
-
csr1000v-universalk9.16.04.01.iso
-
csr1000v-universalk9.16.04.01.qcow2
The filename attributes are listed below, along with the release properties.
Filename Attribute |
Properties |
---|---|
Example:universalk9 |
Installed image package. |
03.09.00a.S.153-2.S0a |
Indicates that the software image is for the Cisco IOS XE 3.9.0aS release image (mapped to the Cisco IOS 15.3(2) release). |
std or ext |
Standard release or extended maintenance support release. |
Features and Notes: Cisco IOS XE Fuji 16.9.1
Features
Features—Cisco IOS XE Fuji 16.9.1
The following new software features are supported on the Cisco CSR 1000v for Cisco IOS XE Fuji 16.9.1.
-
Transit VPC with autoscaling for the Cisco CSR 1000v on Amazon Web Services(AWS). For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/b_csraws_transitVPC.html.
-
EoGRE support—EoGRE is supported on the Cisco CSR 1000v as a part of the virtual BNG solution, with 16K authentication sessions and 32K walk-by sessions. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iwag/configuration/xe-16/IWAG_Config_Guide_BookMap/spwifi-eogre.html.
-
Cisco CSR 1000v on Google Cloud Platform(GCP)—The Google Cloud Platform (GCP) network infrastructure provides a basic routing service which interconnects subnets within a Virtual Private Cloud(VPC) network. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/gcp/b_csrgcp.html.
-
High Availability (HA) Version 2 for Cisco CSR 1000v on Microsoft Azure—In HA version 2, you can configure redundancy nodes in the guestshell using Python scripts. HA Version 2 uses Microsoft Azure's Managed Service Identity(MSI) for authentication, instead of Azure Active Directory (AAD). For further information, see the following Cisco document: Cisco CSR 1000v Deployment Guide for Microsoft Azure.
-
Day 0 bootstrap file for Cisco CSR 1000v on Microsoft Azure—Create a "Day 0" bootstrap file, which includes the initial Cisco IOS XE configuration commands that you wish to run on the router and information about running Python packages, scripts, and licensing. Upload the Day 0 bootstrap file to create a Cisco CSR 1000v VM instance. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs//routers/csr1000/software/azu/b_csr1000config-azure.html.
-
Configuring LISP Layer 2 Extension to Cisco CSR 1000v on Amazon Web Services—Extends a Layer 2 domain, using one subnet, from the enterprise data center to the public cloud. This feature allows the migration of VMs from on-premises to the cloud. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/b_csraws.html.
-
Web Root URL filtering enhancements. For further information, see: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_utd/configuration/xe-16-9/sec-data-utd-xe-16-9-book.pdf.
-
AppFW—Application Awareness capability for ZBFW. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16-9/sec-data-zbf-xe-16-9-book/app-firewall-app-fw.html.
-
IKEv2 Event Trace Enhancements—For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-9/sec-flex-vpn-xe-16-9-book/sec-cfg-ikev2-flex.html.
-
IS-IS: Event Trace Improvements—For detailed information, see the following Cisco document:https://www.cisco.com/c/en/us/td/docs/ios/iproute_isis/command/reference/irs_book/irs_is2.html.
-
IS-IS: Provide Per-Interface Statistics for CLNS/ISIS Traffic—For detailed information, see the following Cisco document:https://www.cisco.com/c/en/us/td/docs/ios/iproute_isis/command/reference/irs_book/irs_is2.html.
-
Event trace for PFRv3 errors and PFRv3 channels. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfrv3/configuration/xe-16-9/pfrv3-xe-16-9-book/pfrv3-event-trace.html.
-
DMVPN Transit Vnet Support on Microsoft Azure. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/azu/b_csr1000config-azure.html.
-
Web User Interface—Supports an embedded GUI-based device-management tool that allows you to provision the router, and simplify management of the device. For information on how to access the Web User Interface, see: Using the Web User Interface.
The following features are supported on the Web User Interface from Cisco IOS XE Fuji 16.9.1:
-
Day Zero Configuration.
-
Open Shortest Path First (OSPF).
-
Snort IPS Enhancement
-
-
Programmability—YANG Data Models—For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1691. Revision statements that are embedded in the YANG files indicate if there has been a model revision. The README.md file in the same github location highlights changes that have been made in the release.
-
Programmability—Candidate Config Support—For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/169/b_169_programmability_cg/configuring_yang_datamodel.html.
-
Configuring LISP L2 Extension for CSR 1000v on AWS—For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/b_csraws/configure-lisp-layer2-extension.html.
Notes
The following section includes important notes about the Cisco CSR 1000v for Cisco IOS XE Fuji 16.9.
Encrypted Traffic Analytics records may not be exported after a reload if an "inactive timeout" command has been configured
When the router is reloaded with a large configuration, which generates many messages for initializing features in the data plane, the Encrypted Traffic Analytics (ETA) records may not be exported. This occurs if the ETA inactive timeout command is included in the configuration.
Workaround
Remove inactive timeout command from the ETA configuration. After a reload, you can add the inactive timeout command to the configuration.
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
https://tools.cisco.com/security/center/publicationListing.x
Field Notices
-
Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
http://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html
Limitations and Restrictions in Cisco IOS XE Fuji 16.9.1
There are no new limitations and restrictions in Cisco IOS XE Fuji 16.9.1.
Resolved and Open Bugs for Cisco IOS XE 16.x
Overview
Caveats, or bugs describe unexpected behavior. Severity 1 caveats are the most serious, severity 2 caveats are less serious, and severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.
Terminology
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
http://docwiki.cisco.com/wiki/Category:Internetworking_Terms_and_Acronyms_(ITA)
Bug Search Tool
If you have an account on Cisco.com, you can also use the Bug Search Tool (BST) to find select caveats of any severity. To reach the Bug Search Tool, log into Cisco.com and go to https://tools.cisco.com/bugsearch/search.
If a defect that you have requested is not displayed, it is possible that the defect number does not exist or the defect does not have a description available.
You can use the Bug Search Tool to view new and updated caveats. To search for bugs, go to https://tools.cisco.com/bugsearch/search .
For Best Bug Search Tool Results
For best results when using the Bug Search Tool:
-
In the Product field, enter Cloud Services Router.
-
In the Releases field, enter one or more Cisco IOS XE releases of interest. The search results include caveats related to any of the releases that you enter in this field.
The tool provides autofill while you type in these fields to assist in entering valid values. For example, a search using release number 16.6 should find the caveats for Cisco IOS XE Everest 16.6.1.
Caveats: Cisco IOS XE Fuji 16.9.x
Open Caveats—Cisco IOS XE Fuji 16.9.8
There are no open caveats in this release.
Resolved Caveats—Cisco IOS XE Fuji 16.9.8
All resolved caveats for this release are available in the Cisco Bug Search Tool.
Caveat ID Number |
Description |
---|---|
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability |
|
Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability |
|
High CPU usage caused by \"TCP Timer\" process |
|
Crash in SNMP Engine process while polling chassis id in lldp |
|
Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability |
|
Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability |
|
Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability |
Open Caveats—Cisco IOS XE Fuji 16.9.7
Caveat ID Number |
Description |
---|---|
RSA Keysize > 2048 may cause crash |
|
DNAC Wolverine - Crypto PKI-CRL-IO_1 process crashed in crypto_send_pki_request,crypto_crl_io_proc |
|
CUBE fails to send calls with below error after updating IOS to 16.9.5 Error (Resource busy) |
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
Memory Leak in MallocLite / Crypto IKMP |
|
Crash at the moment of calculating tcp header |
Resolved Caveats—Cisco IOS XE Fuji 16.9.7
Caveat ID Number |
Description |
---|---|
Mishandling of dsmpSession pointer causes a crash |
|
Hub router crashed when run test_mpol_policy_qos_policy_template testcase |
|
Router may unexpectedly be reloaded when collecting data from the interface using telemetry/Netconf. |
|
Evaluation of CVE-2020-11868 for IOS |
|
Crash due to a NULL pointer while bringing down PPPoE sessions. |
|
Memory leak "AAA SESS ATTR" |
|
ACLs may be partially loaded into hardware resulting in unexpected drop or permit |
|
3850 switch may crash after manipulating configuration |
|
ASR1K Crash on configuring IP NAT inside source list under VRF |
|
GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage |
|
ASR1K FMANFP crashes during bootup with memory corruption |
|
"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload |
|
Passive FTP doesn't work with NAT |
|
ISR router running 16.9.6 crashes authenticating crypto certificate |
|
APPNAV CFT Crashes |
|
unable to transfer 1500 byte IP packet when using BRI bundled Multilink |
|
LMR Unable to hear first seconds of audio |
Open Caveats - Cisco IOS XE Fuji 16.9.6
Caveat ID Number |
Description |
---|---|
AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa |
Resolved Caveats - Cisco IOS XE Fuji 16.9.5
Caveat ID Number |
Description |
---|---|
AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa |
Resolved Caveats - Cisco IOS XE Fuji 16.9.4
Caveat ID Number |
Description |
---|---|
CSR1000v - i40evf interface shows Up but does not pass traffic |
|
CSR1000v loses ssh/telnet connectivity on AWS and is unable to ping Elastic IP |
Open Caveats - Cisco IOS XE Fuji 16.9.4
Caveat ID Number |
Description |
---|---|
AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa |
|
CSR1000v AWS typo in user-data can break SSH connectivity |
|
Support status of Restapi container for CSR has not been documented |
|
Issue with installing CSR 1KV MEMORY 4G license with SLR |
Resolved Caveats—Cisco IOS XE Fuji 16.9.3
Caveat ID Number |
Description |
---|---|
16.9 - show bootflash: is empty when there is a loop in the filesystem |
|
Input errors when reloading CSR |
Open Caveats—Cisco IOS XE Fuji 16.9.2
Caveat ID Number |
Description |
---|---|
cpp_cp_svr crash in bqs while running QMRT test tool. |
|
QFP CGM Memory depletion during ISG session churn |
|
Strict SID has NOT been enabled in ISIS segment-routing |
|
Subscriber session hangs after the upgrade and reload |
|
CUBE doesn't forward 200 OK in SRTP-RTP scenario with TCL script on Dial-peer |
|
config-sync failure 'aaa authorization commands' |
|
Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656390E15 |
|
Crash seen on CSR1000V during NAT44 hsl scale test when clearing max NAT translations |
|
CSR1000V CUBE-Standard INVALID TAG |
Resolved Caveats—Cisco IOS XE Fuji 16.9.2
Caveat ID Number |
Description |
---|---|
Cisco IOS XE Software for Cisco ISRv Router Static Credential Vulnerability |
|
OSPF originates default route without "default-information originate" |
|
OSPF routing loop for external route with multiple VLINKs/ABRs |
|
CSRs fail to scale up to desired NAT64 stateful Dynamic translations |
|
CSR1k-FlexVPN: Spoke to Spoke: Implicit NHRP entry due to expired resolution request handling. |
|
Viptela-netconf returns 255 length byte-stream chars instead of actual length for OSPFV2 Key-string |
|
OSPF SR uloop : After issuing "clear ip ospf process" OSPF process crashed. |
|
BGP high CPU when config 256k vxlan static route |
|
BGP crash while running show command and same time bgp peer reset |
|
CSR1000v: crash at mempool_add_region when adding memory |
|
CSR1000v running inside Citrix XenServer 7.0 crashed |
|
CSR1v may crash in hal_process_ipc when performing "clear ip nat tr *" with max NAT pools |
|
CSCvj79145 fix exposed a latent DPDK issue leading to a crash with MPLS IPv6 per vrf prefix |
|
ASR920:Observed IPv6 Adj memory leaks |
|
ISR/CSR - Memory Corruption of mdl_tbl due to fia-history CLI |
|
Azure CSR1000v HAv1 VXE_CLOUD_HA-4-NOTCFGD, flags=0x7F0000 error |
Open Caveats—Cisco IOS XE Fuji 16.9.1
Caveat ID Number |
Description |
---|---|
CSR1000v: Throughput license not in use until reapplying the platform throughput config |
|
Router crashed due to stack corruption from buffer overflow |
|
uloop avoidance MUST NOT be done when there were unrelated topo changes |
|
SNMP dead loop @ipAddressIfIndex.ipv6z |
|
BGP Link Bandwidth community gets corrupted for a large values |
|
MEM leak on doing interface range shut/noshut (G.8032/MST) |
|
BGP PIC/Max-paths:150K scale device stuck with pending issues for huge time with network changes |
|
Console authentication fails on non-master switches of C3850 stack. |
|
OSPF TILFA: SRLG protect tilfa path computation ALGORITHM fails due to wrong directly connected flag |
|
High CPU Seen after CSCve30867 |
|
ISIS SRTE: verbatim tunnels stay UP even if the IGP is shut (happens after fail over) |
|
slow convergence when configuring ha-mode sso for IPv6 peers |
|
Display full IPv6 address in "sh l2tp tunnel" |
|
isr4431 crashes in ""BGP Router" process when interface flap occurs with IPv6 MPLS per vrf routes |
|
Cisco-IOS-XE-policy yang model doesn't support "set precedence" |
|
Ti-LFA Repair Path is not Loop-Free |
|
Operation Cisco-IOS-XE-rpc:reload return inconsistent value error. |
|
QFP CGM Memory depletion during ISG session churn |
|
CAT3k/9k does not create (S,G) due to RFP error "failed, internal error or RIB not converged yet" |
|
SF: mismatched interface drop counter compared to policy drop counters on longevity |
|
ASR1K crash in tplus_handle_req_timeout |
|
netconf: gnmib Not Running |
|
Overly aggressive initial SPF delay timer is configured -> SR uloop does not take effect |
|
Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06 |
|
IOS crash observed on bootup during resize_loggerQ |
|
SAP: YANG: Yang model for arp entries is missing arp alias support |
|
mtu cli is disappeared from show run when interface dialer sh/no shu |
|
Complete content for interface templates |
|
sgt-map gets cleared for some of the end points for unknown reason |
|
IPv6 AAA Prefix Support for 3rd party PPP clients no password for -dhcpv6 Access-Request |
|
FNF export not working after second switchover when ETA+FNF is configured |
|
Synchronization of built-in interface templates broken or never implemented |
|
cBR8 - 16.8.1 - Supervisor crash when entering 'guestshell run bash' |
|
ARP reply not accepted if sourced from nat alias address in other VRFs |
|
3650/3850 do not send reload message to Syslog |
|
Interface ifOperStatus should be notPresent when module is not installed |
|
Performance problems when configuring via CLI when netconf/restconf/gnmi is enabled |
|
VRF stuck in deletion mode |
|
Crash in ssh_process when removing pnp profile from switch |
|
cat9500 periodically crashing on SSH Process with Reload reason content is absent |
|
Unable to migrate from ADSL to VDSL without reboot |
|
ASR1001-HX crashed due to critical software exception on operation group-object add/remove |
|
Interface 'vrrp <group> preempt' default command not displayed in show run all |
|
Deletion of FHRP Configuration via NETCONF/RESTCONF/gNMI Fails |
|
Polaris: Host limit of 32 for session monitoring sessions |
|
ASR1001-X crash due to free block at tty_handle |
|
ASR920 crash in ISIS with SR Ti-LFA |
|
Crash when doing a new SSL Connection. |
|
MAB fails to start negotiation after device moves to another layer 2 adjacent switch |
|
Standby Reload Due to Parser Error when configuring TACACS |
|
MPLS TE + MLDP - TTL issue |
|
Device-sensor doesn't send data off initial boot |
|
mVPN Profile 0 Extranet Data MDT Flapping Dual Ingress PE |
|
QoS stats process crash |
|
LLDP TX not happening on few ports after box reload |
|
oc-system/telnet-server: "enable" leaf is false even if transport input/output is set to "all" |
|
Fman-fp in one c9300 crashed unexpectedly and took down the rest of stack members without failover |
|
IOS/IOS-XE 16.6.3 - SSH on VRF int is allowed irrespective of vrf-also key |
|
Display full IPv6 address in "sh l2tp tunnel" |
|
isr4431 crashes in ""BGP Router" process when interface flap occurs with IPv6 MPLS per vrf routes |
|
Cisco-IOS-XE-policy yang model doesn't support "set precedence" |
|
Ti-LFA Repair Path is not Loop-Free |
|
Operation Cisco-IOS-XE-rpc:reload return inconsistent value error. |
|
QFP CGM Memory depletion during ISG session churn |
|
CAT3k/9k does not create (S,G) due to RFP error "failed, internal error or RIB not converged yet" |
|
SF: mismatched interface drop counter compared to policy drop counters on longevity |
|
ASR1K crash in tplus_handle_req_timeout |
|
netconf: gnmib Not Running |
|
Overly aggressive initial SPF delay timer is configured -> SR uloop does not take effect |
|
Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06 |
|
IOS crash observed on bootup during resize_loggerQ. |
|
SAP: YANG: Yang model for arp entries is missing arp alias support. |
|
The mtu CLI disappeared from show run when interface dialer sh/no shu |
|
Complete content for interface templates. |
|
The sgt-map gets cleared for some of the end points for unknown reason. |
|
IPv6 AAA Prefix Support for 3rd party PPP clients no password for -dhcpv6 Access-Request |
|
FNF export not working after second switchover when ETA+FNF is configured |
|
Synchronization of built-in interface templates broken or never implemented |
|
cBR8 - 16.8.1 - Supervisor crash when entering 'guestshell run bash' |
|
ARP reply not accepted if sourced from nat alias address in other VRFs |
|
3650/3850 do not send reload message to Syslog |
|
Interface ifOperStatus should be notPresent when module is not installed |
|
Performance problems when configuring via CLI when netconf/restconf/gnmi is enabled |
|
VRF stuck in deletion mode |
|
Crash in ssh_process when removing pnp profile from switch |
|
cat9500 periodically crashing on SSH Process with Reload reason content is absent |
|
Unable to migrate from ADSL to VDSL without reboot |
|
ASR1001-HX crashed due to critical software exception on operation group-object add/remove |
|
out of the sync after no ip prefix-list |
|
Interface vrrp <group> preempt default command not displayed in show run all. |
|
Deletion of FHRP Configuration via NETCONF/RESTCONF/gNMI fails. |
|
Host limit of 32 for session monitoring sessions. |
|
Crash when doing a new SSL Connection. |
|
Device standby reloads Due to parser error when configuring TACACS. |
|
MPLS TE + MLDP - TTL issue. |
|
Device-sensor does not send data off initial boot. |
|
The mVPN Profile 0 Extranet Data MDT flapping dual ingress PE. |
|
QoS stats process crash. |
|
LLDP TX not happening on few ports after box reload. |
|
The oc-system/telnet-server: "enable" leaf is false even if transport input/output is set to "all" |
|
IOS/IOS-XE 16.6.3 - SSH on VRF int is allowed irrespective of vrf-also key. |
Resolved Caveats—Cisco IOS XE Fuji 16.9.1
Caveat ID Number |
Description |
---|---|
ISRv: Hot add of multiple vnics fails to add some |
|
After on the vnic edit on the fly changes - LAN-SRIOV sub interface ping fails after Reboot of ISRv |
|
Intermittent Errors when Hot Adding VNIC |
|
AWS/Azure - unable to ssh into CSR1000v if configured with 192.x.x.x subnet |
|
CSR: arp reply cannot be received through GEC sub-interfaces |
|
ISRV 16.06.01 traceback when issuing show controllers |
|
Azure: HA lost auth token when getting route table |
|
IOSXE router may reload when crypto session fails |
|
CSR1000v Interface Hot Add Crash |
|
ENH: IOS-XE should allow "ip address dhcp" on Tunnel interfaces |
|
Memory leak under LLDP Protocol process |
|
ASR1K and ISR4xxx needs to generate puntinject_stats.log.xxxx and save in bootflash |
|
RSP3 crashes @ fillin_mempool_pc_array, mempool_pc_summary_tty |
|
CTS Pac download fails with ISE reachability through loopback interface over vrf |
|
Crash due to Stack overflow |
|
rotate nginx access/error log files |
|
ISR receives a control packet (CDP) with a CMD tag it should process it, not drop it |
|
DHCPNAK is not sent in roaming scenario. |
|
%SNMP-3-RESPONSE_DELAYED: processing GetNext of cafSessionEntry.2 seen on catalyst switch |
|
Remove stack 1+1 CLI from C9500 |
|
ASR1K BGP scanner crash when change VRF and BGP configuration |
|
CrashKernel crashes with corrupted RAM disk on vWLC |
|
ISRv/QOS - service-policy defined in bootstrap config may not be applied |
|
Cannot add static route through dynamic NEMO tunnel interface |
|
UDP SLA Probes not working through PMIPv6 tunnel with GETVPN |
|
DNA-C/underlay automation/cat9300 stack - ip router isis failed due to parser return error |
|
Crash in SNMP ENGINE when polling lldpRemChassisId object |
|
ASR1002HX FP Crash post LNS path switchover |
|
Making SYSTEM MIB (1.3.6.1.2.1.1) VRF aware for ASR 1001-X |
|
Evaluation of all for CPU Side-Channel Information Disclosure Vulnerability |
|
IGMP multicast SSM-map with DNS doesn't work with IGMPv3 |
|
CLI 'aaa common-criteria' not available on IPBASEK9 license |
|
Unexpected Reboot following 'show platform software adjacency oce [ID]' |
|
NULL remote_hostname from LAC |
|
System reload when clearing cts pac |
|
Noisy debugs in "periodic" tracelog |
|
16.8.1:dot1x Clients stops responding ( ping to clinet IP fails) after 2nd SSO |
|
%SYS-3-TIMERNEG:Cannot start timer with negative offset Process= "ARP Background" |
|
Redundancy Mode None does not Sync |
|
Command "show aaa servers" reloads the switch |
|
ISDN memory leak |
|
isdn pri-group cause router get into a loop |
|
cts pacs and cts credentials are lost after SSO |
|
3850 - ACL application check on the FED failed |
|
QoS Overrides loadbalancing to per prefix even with only session level policing applied |
|
ASR1004 started relaying clients' DHCP Discover messages to DHCP Server with the wrong IP address |
|
Ordering isssue for crypto keyring and crypto isakmp profile |
|
AAA-Proxy errors in dmiauthd tracelogs |
|
ip dhcp excluded-address deletion issues via netconf |
|
no increment for 'input errors' in 'show i/f counters' for pkts larger than configured MTU+30 byte |
|
Virtual-service guest IP accepts broadcast address |
|
Unable to see Device-Sensor in accounting message on ISE (MUD URI) |
|
Netconf IP-SLA udp-jitter case missing leaf codec |
|
Flex-LSP tunnel flap on failing active protecting link without WRAP enabled |
|
Vz: Non-Polaris to Polaris ISSU compatibility issue |
|
16.8.1: MKA session not coming up consistently after SSO and keepalive timeout. |
|
Session Mgrd crah obsered with 16.8.1 image |
|
Configuration of BGP auto-summary using NETCONF fails |
|
16.8.1:dot1x Clients stops responding ( ping to clinet IP fails) after SSO (CSCvh68810) (PD changes) |
|
ISR/C1100: interface down/up does not renew dhcp assigned ip address |
|
Repeatedly Tracebacks seen : %INFRA-3-INVALID_GPM_ACCESS: Invalid GPM Load |
|
Incorrect BDI configuration state shown by NETCONF on interface creation |
|
standby rp crash on removing member link from port-channel |
|
Restored DB is session-lock locked out with insane timeout after boot |
|
active SUP crash when active run 16.7.1 and standby run 3.18.2aSP |
|
RBM-3-RBM_ERR: Returning from SISF handler as idb is NULL console error messages on FE node |
|
DHCP Leasequery Padding contains previously used data |
|
Remove stack 1+1 CLI for WS-C3850-48XS |
|
UDP SLA echo packets not getting encrypted |
|
Rapid TDL memory leak in SMD process leads to crash of active switch in stack for ipv6 clients |
|
Switch reloads when kron job scheduled in 0 minutes |
|
Excessive memory (20MB)) allocated for event tracing by lslib subsys |
|
High CPU due to Alignment Corrections - DNS & NBAR |
|
ASR1K - exhausted IP Session Handles - %IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0) |
|
Memory size in smand process increases on 3850/3650 without any services, uplinks nor configuration |
|
NETCONF doesn't list all the ip nat configuration |
|
NETCONF issue when updating NAT config with VRF keyword |
|
"sh auth sess sw st" broken and session monitoring sessions coming in sh auth sess in legacy mode. |
|
Missing interface source template model |
|
DHCP server with option 249 pushes only the routes confiugred in the first instance. |
|
AVC license should be activated only in case of smart licensing model |
|
CTS Pac download fails with ISE reachability through loopback interface over vrf . |
|
Crash due to stack overflow. |
|
Rrotate nginx access/error log files | |
ISR receives a control packet (CDP) with a CMD tag it should process it, not drop it. |
|
DHCPNAK is not sent in roaming scenario. |
|
Cannot add static route through dynamic NEMO tunnel interface. |
|
Netconf Get routing-state received an errored RPC response. |
|
UDP SLA Probes not working through PMIPv6 tunnel with GETVPN. |
|
Crash in SNMP ENGINE when polling lldpRemChassisId object. |
|
Evaluation of all for CPU Side-Channel Information Disclosure Vulnerability. |
|
IGMP multicast SSM-map with DNS does not work with IGMPv3. |
|
CLI aaa common-criteria not available on IPBASEK9 license. |
|
Unexpected Reboot following show platform software adjacency oce [ID]. |
|
NULL remote_hostname from LAC. |
|
System reload when clearing cts pac. |
|
Noisy debugs in "periodic" tracelog. |
|
16.8.1:dot1x Clients stops responding ( ping to clinet IP fails) after 2nd SSO. |
|
%SYS-3-TIMERNEG:Cannot start timer with negative offset Process= "ARP Background" |
|
Redundancy Mode None does not Sync. |
|
ISDN memory leak. |
|
ISDN pri-group cause router get into a loop. |
|
CTS pacs and cts credentials are lost after SSO. |
|
QoS Overrides loadbalancing to per prefix even with only session level policing applied |
|
Ordering isssue for crypto keyring and crypto isakmp profile. |
|
AAA-Proxy errors in dmiauthd tracelogs. |
|
IP dhcp excluded-address deletion issues via netconf. |
|
No increment for input errors in show i/f counters for pkts larger than configured MTU+30 byte. |
|
Virtual-service guest IP accepts broadcast address. |
|
Unable to see device-sensor in accounting message on ISE (MUD URI). |
|
Netconf IP-SLA udp-jitter case missing leaf codec. |
|
Flex-LSP tunnel flap on failing active protecting link without WRAP enabled. |
|
Vz: Non-XE to XE ISSU compatibility issue. |
|
XE 16.8.1: MKA session not coming up consistently after SSO and keepalive timeout. |
|
Session Mgrd crah obsered with XE 16.8.1 image. |
|
Configuration of BGP auto-summary using NETCONF fails. |
|
Repeatedly Tracebacks seen : %INFRA-3-INVALID_GPM_ACCESS: Invalid GPM Load. |
|
Incorrect BDI configuration state shown by NETCONF on interface creation. |
|
Standby rp crash on removing member link from port-channel. |
|
Restored DB is session-lock locked out with insane timeout after boot |
|
DHCP Leasequery Padding contains previously used data. |
|
UDP SLA echo packets not getting encrypted. |
|
Excessive memory (20MB)) allocated for event tracing by lslib subsys. |
|
High CPU due to Alignment Corrections - DNS and NBAR. |
|
NETCONF does not list all the ip nat configuration. |
|
NETCONF issue when updating NAT config with VRF keyword. |
|
The "show authentication session sw st" broken and session monitoring sessions coming in show auth sess in legacy mode. |
|
Missing interface source template model. |
|
DHCP server with option 249 pushes only the routes confiugred in the first instance. |
|
AVC license should be activated only in case of smart licensing model. |