Release Notes for Cisco IOS XE SD-WAN Release 16.9.x and Cisco SD-WAN Release 18.3.x
Note |
The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. |
These release notes accompany the Cisco IOS XE SD-WAN Software Release 16.9, which provides SD-WAN capabilities for Cisco IOS XE SD-WAN routers, and the compatible SD-WAN Software Release 18.3 for controller devices—including vSmart controllers, vBond orchestrators, and vManage NMSs—and vEdge routers. These release notes accompany Cisco IOS XE SD-WAN Releases 16.9.1 through 16.9.6, and Cisco SD-WAN Releases 18.3.0 through 18.3.8.
Supported Devices
The Cisco IOS XE SD-WAN software runs on the following devices.
Device Family |
Device Name |
---|---|
Cisco ASR 1000 Series Aggregation Services Routers |
|
Cisco ISR 1000 Series Integrated Services Routers |
|
Cisco 4000 Series Integrated Services Routers |
ISR 4221, ISR 4321, ISR 4331, ISR 4351 |
ENCS 5412 with T1/E1 and 4G NIM modules |
ISRv |
Product Features
All the Cisco IOS XE routers support all SD-WAN software features except the following:
-
Cloud Express service
-
Cloud onRamp service
-
Standard IPsec with IKE version 1 or IKE version 2 for service-side connections
-
IPsec/GRE cloud proxy
-
IPv6 on transport connections
-
Interface level QoS Policer
-
NAT pools on service-side connections
-
Reverse proxy
-
Cisco router interfaces—The SD-WAN software runs with DSL, 4G LTE, and multilink router interfaces. See VPN Interface DSL PPPoA, VPN Interface DSL PPPoE, VPN Interface Multilink, and VPN Interface SVI.
-
Cloud OnRamp—Within each cloud, AWS or Azure, you can map a transit VPC/VNet in one account to a host VPC/VNet in a different account. See Cloud OnRamp with AWS and Cloud OnRamp with Azure.
-
CoS marking—You can mark data traffic with 802.1p class of service (CoS) values. See Configuring Localized Data Policy and Policies.
-
Email notifications of alarms—You can configure the vManage server to send email notifications to an email address or to a webhook URL when selected alarms are generated. See Configure Email Notifications for Alarms and Alarms.
-
NAT pools—You can configure pools of public IP address and map them to private IP addresses. See Configuring Transport-Side NAT.
-
Single sign-on (SSO)—You can enable single sign-on for the vManage NMS to allow users to be authenticated using an external identity provider. This feature complies with the SAML Version 2.0 standard. See Settings.
-
Software image security—When you install a Release 18.3.1 or later version of the software on a Viptela device, after one week, all Release 18.1.x and earlier software images are automatically removed from the device, and you cannot reinstall them. (Release 18.2.x images are not removed.) This feature, which was added in Release 18.3.1, improves device security. In addition, after one week, a new, more secure boot loader is installed on hardware vEdge routers. The specific behavior is as follows: the device waits for one week's worth of seconds (604,800 seconds) from when a Release 18.3.x software version starts on the device, and it then removes any older images and installs the new boot loader. For this to occur, the device must be up continuously for one week. If you reboot the device before one week elapses, the one-week timer starts from the beginning; the uptime is not cumulative. If you do not want to wait one week, you can manually initiate removal of older software images and loading of the secure boot loader by issuing the request software secure-boot set command.
-
SR-IOV vEdgeCloud support—You can run vEdgeCloud on SR-IOV supported hardware.
-
VRRP virtual MAC addresses—VRRP complies with RFC 5798 with regards to virtual MAC addresses and gratuitous ARP requests. See Configuring VRRP.
Compatibility Matrix
Controllers |
ENCS/ISR/ASR |
ISRv |
vEDGE |
---|---|---|---|
18.3.5 |
16.9.4 |
16.9.4 with NFVIS 3.9.1FC1 or NFVIS 3.9.2-FC4 |
17.2 or higher |
Upgrade to SD-WAN Software Release 18.3
Note |
For details on upgrading the Viptela software, see Software Installation and Upgrade for vEdge Routers. |
Note |
You cannot install a Release 17.2 or earlier image on a vEdge router that is running Release 18.2.0 or later. This is the result of security enhancements implemented in Release 18.2.0. Note that if a Release 17.2 or earlier image is already present on the router, you can activate it. |
Note |
When the vManage NMS is running Release 18.3.1, all Cisco IOS XE SD-WAN routers in the overlay network must run Release 16.9.2. |
To upgrade your vEdge router to SD-WAN Software Release 18.3:
-
In vManage NMS, select the
-
Upgrade the controller devices to Release 18.3 in the following order:
-
First, upgrade the vManage NMSs in the overlay network.
-
Then, upgrade the vBond orchestrators.
-
Next, upgrade the vSmart controllers.
-
-
Select the
-
Select the devices you just upgraded, click the Control Connections tab, and verify that control connections have been established.
-
Select the
screen, and upgrade the vEdge routers.
Note |
After you upgrade software on a vManage NMS to any major release, you can never downgrade it to a previous major release. For example, if you upgrade the vManage NMS to Release 18.3, you can never downgrade it to Release 18.2 or to any earlier software release. The major release number consists of the first two numbers in the software release number. For Cisco IOS XE SD-WAN software, 16.9 is a major release, and 16.9.1 denotes the initial release of 16.9. For SD-WAN software, 18.3 and 18.2 are examples of major releases. Releases 18.3.0 and 18.2.0 denote the initial releases, and Releases 18.3.1 and 18.2.1 are maintenance releases. |
Note |
After you install Release 18.3 on any Viptela controller device or on a vEdge router, you cannot install an older version of the software (that is, Release 18.2 or earlier) on the device. If an older software image is already present on the device and you remove it from the device, either on the vManage screen or using the request software delete CLI command, you cannot re-install the older software image. However, if an older software image is present and you do not remove it, you can downgrade to it and, if necessary, you can install another older software version. |
Upgrade from Release 16.2 and Earlier Software Releases
Because of software changes in Release 16.3, you must modify the router configuration as follows before you upgrade from Release 16.2 or earlier to Release 18.3:
-
You can no longer configure RED drops on low-latency queuing (LLQ; queue 0). That is, if you include the policy qos-scheduler scheduling llq command in the configuration, you cannot configure drops red-drop in the same QoS scheduler. If your vEdge router has this configuration, remove it before upgrading to Release 17.2. If you do not remove the RED drop configuration, the configuration process (confd) will fail after you perform the software upgrade, and the Viptela devices will roll back to their previous configuration.
-
For vEdge 2000 routers, you can no longer configure interfaces that are not present in the router. That is, the interface names in the configuration must match the type of PIM installed in the router. For example, if the PIM module in slot 1 is a 10-Gigabit Ethernet PIM, the configuration must refer to the proper interface name, for example,10ge1/0, and not ge1/0. If the interface name does not match the PIM type, the software upgrade will fail. Before you upgrade from Release 16.2 or earlier to Release 17.2, ensure that the interface names in the router configurations are correct.
Resolved and Open Bugs in Cisco IOS XE SD-WAN Release 16.9.x and Cisco SD-WAN Release 18.3.x
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved bugs
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved bugs in Cisco SD-WAN Release 18.3.8
Caveat ID Number |
Description |
---|---|
Tracker doesn't work for DIA in case of centralised data-policy used |
|
Connectivity to the service side of vEdge cloud in Azure is lost when sending lot of tcp packets |
|
vEdge dropping VRRP packets if destination is its own sub interface on primary VRRP router |
|
Regression: OSPF route policy filters out NAT default route instead of OSPF routes in 18.3.6 |
|
vManage: ClusterManagement REST API Call may not provide correct info for the NMS services running |
|
Continuous nat-pool exhausted failure leads to map-db leak |
|
Transport interface tracker does not work properly with endpoint-dns-name |
|
Configurations show out of order in vManage and indicate changes when none were made |
|
Network > Device > Real Time options wont be displayed if we login with SSO |
|
Ping intermittently fails because vEdge sends wrong ICMP ident in the header |
|
vManange Cluster: vManage Details gives an error |
|
Zscaler tunnel failure (because NAT selects public port 0) |
|
MTT Network > Device > Real Time options wont be displayed if we login with SSO |
|
SVM: NMS app-server fails to start |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.6 and Cisco SD-WAN Release 18.3.7
Caveat ID Number |
Description |
---|---|
Cisco SD-WAN Solution Command Injection Vulnerabilities |
|
Cisco SD-WAN Solution Command Injection Vulnerabilities |
|
Cisco SD-WAN Solution Command Injection Vulnerabilities |
|
Cisco SD-WAN Solution Privilege Escalation Vulnerability |
|
SNMP traps on vedge not egressing out of the SNMP source |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.5 and Cisco SD-WAN Release 18.3.6
Caveat ID Number |
Description |
---|---|
QoS doesn't work properly on vEdge 100 cellular interfaces |
|
Bulk edit of feature template attached to ~500 ISR devices takes 5 min per device for config gen |
|
[Vistraprint] GUI unresponsive after upgrade to 18.3.4 |
|
WAN Interface stays down after an upgrade or reload of a vEdge 5000 |
|
'show system statistics diff' does not work |
|
vManage does not handle chassis id in uppercase when activating vEdge Cloud |
|
Config Diffs not aligned properly in vManage due to line spacing |
|
UI: Issue with type 8 hashes in CLI templates |
|
NTP issue on Cisco XE SD-WAN Router - cannot specify source interface in service VPN |
|
DHCP relay not forwarding dhcp request packets. |
|
NAT translation is not happening for return traffic |
|
Unable to commit if there are more than 24 sub-interface under same vrrp group. |
|
Unable to import Database with TACACS login details |
|
vEdge dropping DHCP offer when source ip and dhcp-helper does not match. |
|
C1111 router crashing even after ROMMON downgrade |
|
Edit vmanage from local host to ip before cluster addition failing |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.5 and Cisco SD-WAN Release 18.3.5
Caveat ID Number |
Description |
---|---|
The vManage DPI screen displays a DIA graph for a vEdge router on which local Internet exit is not c |
|
%Viptela-DC1-vEdge-1-FTMD-3-ERRO-1000011: FP Core 1 Died. Core file recorded at /var/crash/core.fp1. |
|
Adding dscp to AAR match clears counters that don't seem to increment |
|
Config Diff is not lining up properly |
|
/config/policy/app-visibility: the 'when' expression "/viptela-system:system/viptela-system:personal |
|
Device goes out-of-sync during network flap and never attempts template push after it is reachable |
|
Cisco SD-WAN Privilege Escalation Vulnerabilities |
|
DPI summary stats show no active flows incorrectly after switching in-n-out of OOM |
|
vManage fails to push template to cEdge with error "sleep interrupted" |
|
5k performance degradation between 18.3.0 and 18.3.1 |
|
Template push cEdge failing with: (ERR): Bad CLI source Loopback0, location 16 |
|
"Commit and-quit" exits to routers enable prompt instead of SD-WAN mode enable prompt |
|
Fetching devices for cloudexpress returns empty list and IndexOutOfBoundsException in log |
|
vManage: VPN Ethernet interface feature template with ICMP redirect will generate error message, can |
|
vManage: cEdge BGP per-neighbor next-hop-self is in a feature template, but not in the config-previe |
|
00019181 - In 18.3.1 we have replay-window set to 8192 but when doing a show security-info command, |
|
BFD configurations not applied to cEdge/SDWAN-XE router |
|
FIB is missing the NH programming causing route absence for the traffic |
|
after adding enterprise root cert, master_root.crt is not in syn on cluster setup |
|
vman_templates: Error on config preview "Template edit request has expired: Please try again" if te |
|
Sequence matching on port range and protocol causes DIA to fail |
|
feature template for ISR1K won't set interface to no autonegotiation |
|
New IPsec session is not initiated on tunnel-destination change |
|
vEdge5k control not coming up with vBond |
|
prefix-list changes are not causing OSPF route filtering reevaluation (refresh) |
|
vedge2k rebooted because FP core died |
|
cEdge - Unable to change OSPF cost on interface using template |
|
Control status dashboard shows wrong data under partial connections |
|
Help icon redirects to older viptela documentation URL |
|
Vmanage clustering port number missing under neo4j.conf after upgrade from 17.2.7 to 18.3.4 |
|
vManage does not generate proper config for cEdge OSPF stub and NSSA areas |
|
vManage should not generate "max-metric router-lsa" for cEdge if it's not configured in template |
|
vManage - VMAN does not gen proper config for DHCP static binding w/ hostname specified |
|
vManage does not produce proper configuration for localized route-policy default action "Accept" |
|
Add support for next-hop interface in static route definition in vManage for cEdge |
|
CVM: Control Status shows incorrect info |
|
vManage VPN Ethernet interface template: Loopback interface is not pushed to cEdge |
|
CVM: DPI stats went into bad state |
|
ENH - vManage not pushing "low-bandwidth-link" configuration to a cEdge. |
|
Application list CLI vs vM UI inconsistency |
|
Template push fail with "fail to finish task" for 140 ISR devices. |
|
Devices stuck in scheduled state when editing feature template with 200 devices |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.3 and Cisco SD-WAN Release 18.3.4
Caveat ID Number |
Description |
---|---|
Cflowd: APP ID Export in IPFIX packets with SNMP MIB table (PLMREQ 974) |
|
Throughput drop when using vlan tagged interfaces for transport |
|
IP NAT route command is not getting generated while configuring DIA via vManage template |
|
When show log messages is issued Ctrl C does not terminate the output |
|
cEdge GPS location is not updated through vManage feature template |
|
Interface is not getting programmed in VPN 0 when we move from Auto IP to static IP address assignme |
|
vEdge100m Crash when workstation requests DHCP adress |
|
ve100m throughput drop when QOS config is applied |
|
add support to expose internal fp_dump commands to customer |
|
OSPF router-ID with multi-tenant vmanage is getting messed up |
|
vManage: TLOC-Extension configuration is not generated for cEdge |
|
NAT Overload (PAT) assigns the same translated source port for first two consecutive hosts |
|
No allow service https is pushed as allow service in feature template |
|
00019228- Telefonica Business Solutions - can't access the vmanage via https, but ssh works. vManage |
|
Vmanage should send individual vlan configuration during (CSCvm70375)template push when vlan range i |
|
Memory leak with ttmd leads to segmentation fault |
|
ftmd crash with 'request admin-tech' |
|
vManage: cEdge qos rewrite rule is in the template, but not in the config-preview |
|
GE0/4 on vEdge100M doesn't accept packets with size greater than default mtu (1500) |
|
vManage creates Gig sub-interfaces when TenGig subs are defined for OSPF |
|
"ip helper-address" configuration is not being pushed from the vManage to the cEdge when we use sub- |
|
vEdge 5K: vDaemon crash while attempting to establish control connections at bootup |
|
vEdge does not translate the source-ip of ICMP return packet |
|
Pings above 1472 on vE5K fail on 10G interfaces |
|
vEdge100m-VZ Crashing after enabling cflowd and DPI. error fp_proc_flow. |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.3 and Cisco SD-WAN Release 18.3.3.1
Caveat ID Number |
Description |
---|---|
IP NAT route command is not getting generated while configuring DIA via vManage template |
|
cEdge GPS location is not updated through vManage feature template |
|
[GreatWall EFT]: Changing the device models in a Feature Template is NOT working |
|
VManage fail to generate the BGP per neighbor route-map configuration |
|
vManage shouldn't generate "ip vrf forwarding 0" configuration for TACACs in global table for cEdge |
|
vManage: TLOC-Extension configuration is not generated for cEdge |
|
AAA auth-order doesn't update based on template changes in vManage |
|
Loss Correction Delete / Remove button inoperable in Data Policy |
|
with default NGOAM xc hb-interval, xc tunnel ports continuously flap, MTS build up CFS & CFS core |
|
ENH: vmanage AAA template source-interface only accepting physical interfaces for cEdge |
|
vManage creates Gig sub-interfaces when TenGig subs are defined for OSPF |
|
"ip helper-address" configuration is not being pushed from the vManage to the cEdge when we use sub- |
|
Cannot create VPN Interface Ethernet Template |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.3 and Cisco SD-WAN Release 18.3.3
Caveat ID Number |
Description |
---|---|
ZTP should block15.4.4 vEdge from joining 17.2.x overlay |
|
[SF][D12]: port 12 from VLAN 513 should be removed from microinit of LC switch |
|
IP NAT route command is not getting generated while configuring DIA via vManage template |
|
snmpwalk timing out for viptela-omp for table ompRoutesTableFamilyEntriesReceivedAttributesOriginMet |
|
Unable to accept vrrp control packets in a data policy |
|
vEdge 2000 Temperature Sensors Board failed after upgrade to 18.3 |
|
Policy attach preview fails on vSmart after upgrading from 17.2.x to 18.3.0 |
|
seeing device off-line for a vEdge on a template push even when it has control up/up |
|
Multiple VRRP groups sending exact same VRRP advertisement causing VRRP split brain in 18.3.0 |
|
ompd crash |
|
tcpd core on vedge5k upon reloading with traffic |
|
Evaluation of vedge for CVE-2018-5391 (FragmentSmack) |
|
PS1 flapping - Logs reporting "Power supply '1' down or not present" the power supply is then report |
|
Ping from host to the virtual IP is failing when VRRP failover is executed twice. |
|
svi feature template missing for C1117-4P models. |
|
Template push fails because of '&' in interface description |
|
Cloud onRamp: Upgrading a 17.2 setup with COR elements to 18.3+ is broken |
|
DHCP server configs are not getting mapped for cedge if excluded address is not filled in |
|
vManage shouldn't generate "ip vrf forwarding 0" configuration for TACACs in global table for cEdge |
|
On push of a vSmart-data-policy w/ cflowd as accept causes vEdge(s) to crash with |
|
' logging source-interface "" ' created by vManage when enabling syslog |
|
Incorrect VRF name mapping for syslog source VPN in vManage |
|
Handling of O field and Enterprise Root CA with vEdge-Cloud is resulting in vEdge-Cloud bringup fail |
|
vManage creates invalid interface with incorrect VLAN interface format |
|
vManage: TLOC-Extension configuration is not generated for cEdge |
|
Instance of Cloud onRamp was deleted/Not migrated when update 17.2.8 to 18.3.1 |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.2a and Cisco SD-WAN Release 18.3.2
Caveat ID Number |
Description |
---|---|
IOSD core on: applying qos service-policy on interface X and running 'duplex' oper on interface Y |
|
I/O Errors on c5.4xlarge - vManage/vBond/vSmart |
|
PS1 flapping - Logs reporting "Power supply '1' down or not present" the power supply is then report |
|
ISR4331 crash seen with traffic and app router policies at Loblaw |
|
CoR: Expand limit of VPN Numbers for mapping |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.2 and Cisco SD-WAN Release 18.3.1.1
Caveat ID Number |
Description |
---|---|
I/O Errors on c5.4xlarge - vManage/vBond/vSmart |
|
svi feature template missing for C1117-4P models. |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.2 and Cisco SD-WAN Release 18.3.1
Caveat ID Number |
Description |
---|---|
CRL Key Usage Checking Issue |
|
port mirroring for inbound traffic flows fails when changing network addressing without removing acl |
|
vtracker crash interface after link bounces |
|
ASR1001-X : netconf interface goes into oper down state afer reboot tests |
|
vEdge NAT: 2 different source-private-ips mapped to same source-pub-ip + source-pub-port. Tloc exten |
|
SVM: template node missing edge |
|
cEdge policy: Policy download to dp failed with app-list in data policy |
|
cEdge need to read day0 bootstrap files from cdrom |
|
Cellular controller yang models not included for ISRv |
|
Need an exception to not check for site id when the devices are in staging during upgrade |
|
NAT translation is not working on ASR1002-HX |
|
vlan interface ip continue to advertise even though no physical interfaces associated |
|
WWAN : Support to configure user name/pass on AT&T firmware |
|
OMP daemon crash on vSmart running 17.2.6 |
|
Cellular - Last Resort : IP address is retained and LR interface comes UP when primary is stable |
|
vEdge NAT: Regular NAT interface on vEdge shows inconsistent behavior, once its private-to-public po |
|
Alarms not being populated in the vManage GUI |
|
Template attach failed with error: Vty line 0 doesn't exist |
|
18.2.0 to 18.3.0 code upgrade fails on vmanage |
|
unable to add 3rd device to cluster in 18.3.0 |
|
VRRP unable to reach the virtual ip |
|
Cannot set the main-interface/sub-interface mtu greater than 1500/1496 |
Resolved bugs in Cisco IOS XE SD-WAN Release 16.9.2 and Cisco SD-WAN Release 18.3.0
Caveat ID Number |
Description |
---|---|
cedge_policy: policy counters are not getting updated after changing the counter name. |
|
cEdge ospf password: On changing the ospf password, the commit fails |
|
vdaemon cash on TSN OPENSSL_cleanse |
|
If device is decommissioned from vmanage then request platform software sdwan config reset is throw |
|
realtime for zonepair sessions for vedge is throwing error in vmanage. |
Open Bugs
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
The following list contains open bugs for Cisco IOS XE SD-WAN Release 16.9.2 through 16.9.6 and Cisco SD-WAN Release 18.3.0 through 18.3.8.
Bug ID |
Description |
---|---|
Bulk sync failure with "bgp ha-mode sso prefer" |
|
OpenDNS local-domain bypass on ISR4k stop working after reboot |
|
Update IOS XE OSPFv2 ELL private TLVs to IANA codepoints |
|
cedge_policy: datapolicy with no seq default drop is not working from-service |
|
Invalid error message when a vsmart policy push fails |
|
In the AAA feature template, for radius, the secret key doesn't work even though the same for CLI wo |
|
On headend device, enabling DPI was making the traffic entering LLQ - q0 very bursty |
|
snmp interface description is limited to 32 characters |
|
vManage-cEdge: Unable to reset interface through UI |
|
After silent reboot vmanage was out of sync with cluster |
|
Stale BFD sessions resulted in a route absence for the traffic |
|
tabulation doesn't work with ping command |
|
last resort should not be activated when omp is in init or down state |
|
vSmart policy has been pushed to the devices but was not applied |
|
Unable to adjust MTU on interfaces that are part of a bridge interface |
|
Routes are being incorrectly installed in the routing table even though there is no bfd b/w the vEdg |
|
Default Management VPN incorrectly named "Transport VPN" |
|
Small packet loss seen when switching traffic from biz-internet tunnel to LTE |
|
Decouple buffer allocation for egress queues from the interface speed negotiated |
|
LFTS2.0: lsmpi-rx/4029/0x00000300 backtrace when control connections are coming up on cedge-TSN |
|
vmanage_zbfw: one vpn should not be configured as part of more than one zone. |
|
Cluster failover: If NMS services are down on one of the vManage, UI is stuck while performing any o |
|
Feature Template: BGP neighbor route-policy variable name shows as default value in feature policy t |
|
vManage-MTT-Cluster-Failover: Double failover of leader results in database issue |
|
ENH - all user groups for cEdge are configured with same privilege 15 |
|
hostnames that use a "." period will not fully display use a _ or - to workaround |
|
MT Cluster Failover: Cluster got into a bad shape when one vManage node was rebooted while vEdge ima |
|
localized policy- Qos Map: Queue shows classmap field as blank if user has deleted the class map fro |
|
Cannot change accept or drop in VPN Membership |
|
admin-tech enhancement for ATM/Dialer information |
|
The vManage DPI screen displays a DIA graph for a vEdge router on which local Internet exit is not c |
|
admin-tech enhancement for DSL debugs |
|
17.2.5 and seeing a bug similar to VIP-8344 - gzip consuming lots of CPU |
|
show omp tlocs advertised is not filtering correctly to the TLOC adv. routes |
|
GUI of vManage running 17.1.3 was not opening, seeing exceptions in vmanage-server.log |
|
Incorrect tag for omp routes |
|
cEdge doesn't revert configuration after WAN interfaces shut from vManage |
|
nesd crash on show platform software trace message nesd R0 on TSN |
|
AWS Instance Type Change from C3 to C4 Fails |
|
Some of the eem options are missing under confd |
|
Cellular profile not being written to the Modem |
|
vedge-cloud activate does not give feedback when no organization name is configured |
|
User may hit issue that packet capture failed at "Device Error: Failed to read server configuration" |
|
Config Diff is not lining up properly |
|
Optional parameters in template breaks XML stream towards devices |
|
Static IP configured on transport interface during PnP workflow |
|
messaging server ends up in bad state |
|
The requirement to shutdown Dialer interface before its deletion causes an issue for vManage |
|
Controller deletion from vManage should be ignored by device |
|
Sync up data stream configuration and provide a way to force the sync |
|
CPU utilization is seeing an upward trend on the vEdge 2000 and vEdge 1000 nodes |
|
removing dsl config from vmanage fails. |
|
Application communication failure on the vSmart |
|
ST and MTT ZTP failure - Failed to process install action: java.lang.NullPointerExceptio |
|
Handle ZTP constraint for MTT setup after upgrade |
|
cEdge: vpn 0 traffic is not nat'ed over tloc-extension interfaces |
|
zbfw_vmanage_cedge: zonepair statistics entries are not consistent with device. |
|
SSH terminal not working in multitenant vManage mode |
|
SVM: ZTP install causes a SW install task to fail |
|
CVM: deleting vManage instance from a cluster fails |
|
WRR scheduler favoring queues with large packets |
|
Control connection fail to come on interface with NAT and ACL with default-action drop |
|
Upgrade from 18.2.0 to 18.3.0 was failing |
|
Throughput degradation noticed on vEgde100 with IPv6 Underlay |
|
NCS entries are missing after upgrading the vManage from 17.2.6 to 18.3.0 |
|
Unable to reboot the device, and upgrade-confirm changes active to False. |
|
vManage fails to generate CSR |
|
Not all email alerts are getting generated consistency |
|
Update default timers for control |
|
Unable to ssh from vedge to vmanage |
|
[some] vEdges became unreachable up on vEdge-List push from vManage |
|
Template migration failed while upgrading from 17.2 to 18.2. (BEMS839161 Case: 00015295) |
|
cEdge GPS location is not updated through vManage feature template |
|
when we use UUID in upper case to activate vedge cloud, device-life cycle is not going through. |
|
vManage failed to activate 18.3.0 from 18.2.0 |
|
SVM: Cflowd should be removed from statistics settings |
|
cEdge-vDaemon: Sub-interface's control-local-properties shows state=UP even though it is admin-down |
|
Device goes out-of-sync during network flap and never attempts template push after it is reachable |
|
Not able to push the templates |
|
vmanage localized policy ACL when matching ports syntax issues |
|
DF bit is being set on cflowd template packets |
|
General Motors - 16671- after upgrade to 18.3.0 from 17.2.7 - vManage is reporting all vEdge 2000's |
|
vmanage no longer accepts "/" character in variable naming |
|
CLONE - On headend device, enabling DPI was making the traffic entering LLQ - q0 very bursty |
|
An '&' character in the organization-names breaks template pushes |
|
Added sub-int in VPN 0 does not appear in "show interface" output |
|
vEdge 100M Cellular VPN interface template can't be saved |
|
Cannot copy built-in App List Google_Apps and Microsoft_Apps |
|
Azure vEdge Cloud Public IP bound to management NIC |
|
Unable to instantiate new Azure vEdge Cloud on existing Resource Group |
|
Can't push vSmart policy because vManage thinks it is offline, but reachable |
|
An "&" in org-name/sp-org name causes CSR failure for vEdge cloud |
|
OSPF NSSA prefixes (N1, N2) are not advertised into OMP |
|
vEdge Crashed when issuing a "show ospf ... " command |
|
Packet drop observed on Finisar FCLF8521P2BTL SFP when speed changed from 1000 to 100. |
|
vEdge 1K silent reboot with reboot reason Soft Reset(Watchdog) |
|
SSO Requires browser cache to sign in after first login |
|
SVM: vbond cannot be upgraded |
|
2 software forced reloads with 18.3.0 on vEDGE-100m |
|
vEdge 5000 router rebooted multiple times. Error message : Software initiated FP core Watch dog fail |
|
Intermittent HMAC errors seen on TSN for ASR 1001-HX BFD sessions |
|
cEdge ISR4331: CPP Ucode Crash seen on multiple ISRs when LR condition is being removed |
|
ECMP is not working in some scenarios |
|
linux_iosd crash and router reload when un-configuring md5 on ospf interface |
|
Duplicate device entry created when activating vedge cloud chassis-id that is generated on PnP |
|
Drops not showing up in show interface queue |
|
Interface is not getting programmed in VPN 0 when we move from Auto IP to static IP address assignme |
|
DPI summary stats show no active flows incorrectly after switching in-n-out of OOM |
|
Device status on GUI configuration -> templates shows device status Out of Sync |
|
vEdge100m Crash when workstation requests DHCP adress |
|
upgrading from 16.2.10 to version 17.2.7 and internal script is failing during the upgrade /usr/bin |
|
vEdge 5K Template Attach - Null Error Msg |
|
Missing flow-sampling-interval in SNMP query |
|
ve100m throughput drop when QOS config is applied |
|
template push with static default not getting pushed until it is manually toggled |
|
Enabling cloud-qos on VE5K drops forwarding performance significantly less than 1.5M pps |
|
Activating Simply control policy causes 1of2 vsmarts to reboot |
|
OBS: cannot delete bfd from interface via netconf |
|
loss latency jitter not being calculated on cEdge |
|
5k performance degradation between 18.3.0 and 18.3.1 |
|
SD-WAN 18.3.1: 'Device Monitoring' privelege does not give access to 'Monitor-Georgraphy' in GUI |
|
Connection refused for template push, device is online |
|
vEdge 5000 control connections are not coming up after a reboot. |
|
"no exec" is pushed as part of console configs in a cedge tempate on 18.3.1 cuts off console access |
|
Incorrect VRF name mapping for NTP source VPN in vManage |
|
NTP source interface configuration is not genrated by vManage |
|
GC allocations errors causing GUI to be unresponsive |
|
vManage does not generate proper AAA configuration for Cisco XE SD-WAN Router |
|
ikev2 dpd retransmit always 1s and fails after one retry with "giving up after 1 retransmits" |
|
ftmd crash while changing rewrite rule PLP from high to low |
|
Unable to ping to the virtual gateway IP when VRRP is configured on 10G sub-interfaces on vEdge5K |
-
If you configure IPv6 on a cellular interface, the control connections might go down and come back up continuously. [VIP-21970]
-
When two routes exist to the same neighbor, if you specify a single IP address in the show ip routes command, the command might return only one of the routes, but if you specify an IPv4 prefix and prefix length, the command returns both routes. [VIP-32736]
-
For IEEE 802.1X, you cannot configure a RADIUS server for MAC authentication bypass (MAB). [VIP-18492]
-
In application-aware routing policy, the salesforce_chatter, oracle_rac, and google_photos applications might not be classified properly. [VIP-21866]
-
If you misconfigure the target VPN for NAT, the ICMP unreachable messages might contain the inside IP address. [VIP-43947]
-
When forwarded ports are not open on the inside client, NAT might block RST packets in the return path and might generate ones on behalf of outside client. [VIP-43950]
-
You might not be able to configure the Cloud Onramp VPC even when vEdge routers are present. [VIP-34655]
-
In vManage NMS, when you use the policy configuration wizard to create policies for a mesh topology, you might need to create an additional policy using a CLI template for the mesh policy to work. This situation is known to occur in a network that has two regions, where each region is mesh that is a subset of the entire network, where each region has its own data center, and where the branch vEdge routers in one region communicate with branch routers in the other region through the data centers. We will call these Region 1 and Region 2. Assume that Region 1 has a control policy that advertises its TLOCs to the data center in Region 2, and Region 2 has a control policy that prevents the spokes and data center in Region 2 from advertising TLOCs to the spokes in Region 1. The result is that the data center in Region 2 repeatedly attempts to form control tunnels to the data center in Region 1, but these attempts fail. As a workaround, you must a policy using a CLI template that allows the data center in Region 2 to exchange TLOCs with the data center in Region 1 and then attach that policy to the vEdge routers. [VIP-29933]
-
In an overlay network with three vSmart controllers, if a controller group list configured on a 100 vEdge router contains two vSmart controllers, the maximum number of controllers that the router can connect to is set to two, and the maximum number of OMP sessions on the router is set to two, 50 routers connect to each of two vSmart controllers. If you bring these two controllers down, all 100 connections then move to the third vSmart controller. However, if you then bring up one of the other vSmart controllers, 50 connections move to that controller, but the third controller might still have 100 connections. [VIP-27955]
-
When a certificate for controllers is about to expire, no syslog message is generated. [VIP-28960]
-
On vEdge routers, when you issue an nping command for IPv6, the command might fail, and a core file might be created on the router. From vManage NMS, you issue this command from the
. From the CLI, you use the tools nping command, specifying options "--ipv6". [VIP-31924] -
On a vEdge 100m router, after you execute the request software reset command, the router might reboot continuously. [VIP-24149]
-
If you try to configure a vEdge router using vManage configuration templates, you might see errors related to lock-denied problems. As a workaround, reboot the router. [VIP-23826]
-
You might not be able to edit configuration templates, with the vManage server reporting that multiple users are trying to edit the template at the same time. [VIP-27615]
-
When you use the vManage NMS and the CLI show system status command, the reboot reason is incorrect; it is shown as unknown. The /var/log/tmplog/vdebug logs shows that the system reboot happened because of a user-initiated upgrade to Release 17.1.3. [VIP-31222]
-
You might not be able to push configuration templates to vEdge routers. [VIP-34886]
Important Notes, Known Behavior, and Workaround
Known Behaviour - Hardware
The following are known behaviors of the hardware:
-
On vEdge 1000 routers, support for USB controllers is disabled by default. To attach an LTE USB dongle to a vEdge 1000 router, first attach the dongle, and then enable support for USB controllers on the vEdge router by adding the system usb-controller command to the configuration. When you enter this command in the configuration, the router immediately reboots. Then, when the router comes back up, continue with the router configuration. Also for vEdge 1000 routers, if you plug in an LTE USB dongle after you enable the USB controller, or if you hot swap an LTE USB dongle after you enable the USB controller, you must reboot the router in order for the USB dongle to be recognized. For information about enabling the USB controller, see USB Dongle for Cellular Connection.
-
For vEdge 2000 routers, if you change the PIM type from a 1-Gigabit Ethernet to a 10-Gigabit Ethernet PIM, or vice versa, possibly as part of an RMA process, follow these steps:
-
Delete the configuration for the old PIM (the PIM you are returning as part of the RMA process).
-
Remove the old PIM, and return it as part of the RMA process.
-
Insert the new PIM (the PIM you received as part of the RMA process).
-
Reboot the vEdge 2000 router.
-
Configure the interfaces for the new PIM.
-
-
On a vEdge 5000 router, you cannot enable TCP optimization by configuring the tcp-optimization-enabled command.
-
Cisco IOS XE SD-WAN devices with the SFP-10G-SR module do not support online insertion and removal (OIR) of this module.
Known Behaviour - Software
The following are known behaviors of the software:
Cellular Interfaces
-
On a vEdge 100m-NA and 100m-GB routers, when you configure profile 1 for a wireless WAN, you might see the error "Aborted: 'vpn 0 interface cellular0 profile': Invalid profile 1 : APN missing". [VIP-31721].
-
When configuring cellular attach-profile and data-profile on Cisco IOS XE routers running the XE SD-WAN software, you must use the default profile ID.
-
The vEdge 100wm router United States certification allows operation only on non-DFS channels.
-
When you are configuring primary and last-resort cellular interfaces with high control hello interval and tolerance values, note the following caveats:
-
When you configure two interfaces, one as the primary interface and the other as the last-resort interface, and when you configure a high control hello interval or tolerance values on the last-resort interface (using the hello-interval and hello-tolerance commands, respectively, the OMP state indicates init-in-gr even though it shows that the control connections and BFD are both Up. This issue was resolved in Release 16.2.3. However, the following caveats exist:
— You can configure only one interface with a high hello interval and tolerance value. This interface can be either the primary or the last-resort interface.
— In certain cases, such as when you reboot the router or when you issue shutdown and no shutdown commands on the interfaces, the control connections might take longer than expected to establish. In this case, it is recommended that you issue the request port-hop command for the desired color. You can also choose to wait for the vEdge router to initiate an implicit port-hop operation. The request port-hop command or the implicit port hop initiates the control connection on a new port. When the new connection is established, the stale entry is flushed from the vSmart controllers.
-
If the primary interface is Up, as indicated by the presence of a control connection and a BFD session, and if you configure a last-resort interface with higher values of hello interval and tolerance than the primary interface, if you issue a shutdown command, followed by a no shutdown command on the last-resort interface, the last-resort interface comes up and continuously tries to establish control connections. Several minutes can elapse before the operational status of the last-resort interfaces changes to Down. If this situation occurs, it is recommended that you issue a request port-hop command for the desired color.
-
If you have configured a primary interface and a last-resort interface that has higher hello interval and tolerance values than the primary interface, and if the last-resort interface has control connections to two vSmart controllers, if you issue a shutdown command, followed by a no shutdown command on the last-resort interface, a control connection comes up within a reasonable amount of time with only one of the vSmart controllers. The control connection with the second vSmart controller might not come up until the timer value configured in the hello tolerance has passed. If this situation occurs, it is recommended that you issue a request port-hop command for the desired color.
-
-
When you activate the configuration on a router with cellular interfaces, the primary interfaces (that is, those interfaces not configured as circuits of last resort) and the circuit of last resort come up. In this process, all the interfaces begin the process of establishing control and BFD connections. When one or more of the primary interfaces establishes a TLOC connection, the circuit of last resort shuts itself down because it is not needed. During this shutdown process, the circuit of last resort triggers a BFD TLOC Down alarm and a Control TLOC Down alarm on the vEdge router. These two alarms are cleared only when all the primary interfaces lose their BFD connections to remote nodes and the circuit of last resort activates itself. This generation and clearing of alarms is expected behavior.
-
For cellular interface profile, the profile number can be 0 through 15. Profile number 16 is reserved, and you cannot modify it.
Configuration and Command-line Interface
-
When you upgrade to Release 17.2 from any prior Cisco SD-WAN software release, the CLI history on the Cisco vEdge device is lost. The CLI history is the list of commands previously entered at the CLI prompt. You typically access the history using the up and down arrows on the keyboard or by typing Ctrl-P and Ctrl-N. When you upgrade from Release 17.2 to a later software release, the CLI history is maintained.
-
When you issue the request reset configuration command on a vEdge Cloud router, a vManage NMS, or a vSmart controller, the software pointer to the device's certificate might be cleared even though the certificate itself is not deleted. When the device reboots and comes back up, installation of a new certificate fails, because the certificate is already present. To recover from this situation, issue the request software reset command.
-
VRRP on vedge-cloud is not supported on ESXi x86 devices due to ESXi limitations. On vmxnet3, an error message will be thrown while attempting to configure VRRP. On E1000, error message will not be thrown, but VRRP will not function as configured.
Control and BFD Connections
-
When a vBond orchestrator, vManage NMS, or vSmart controller goes down for any reason and the vEdge routers remain up, when the controller device comes back up, the connection between it and the vEdge router might shut down and restart, and in some cases the BFD sessions on the vEdge router might shut down and restart. This behavior occurs because of port hopping: when one device loses its control connection to another device, it port hops to another port in an attempt to reestablish the connection. For more information, see the Firewall Ports for Viptela Deployments article. Two examples illustrate when this might occur:
-
When a vBond orchestrator goes down for any reason, the vManage NMS might take down all connections to the vEdge routers. The sequence of events that occurs is as follows: when the vBond orchestrator crashes, the vManage NMS might lose or close all its control connections. The vManage NMS then port hops, to try to establish connections to the vSmart controllers on a different port. This port hopping on the vManage NMS shuts down and then restarts all its control connections, including those to the vEdge routers.
-
All control sessions on all vSmart controllers go down, and BFD sessions on the vEdge routers remain up. When any one of the vSmart controllers comes back up, the BFD sessions on the routers go down and then come back up because the vEdge routers have port hopped to a different port in an attempt to reconnect to the vSmart controllers.
-
-
When a vEdge router running Release 16.2 or later is behind a symmetric NAT device, it can establish BFD sessions with remote vEdge routers only if the remote routers are running Release 16.2 or later. These routers cannot establish BFD sessions with a remote vEdge router that is running a software release earlier than Release 16.2.0.
-
When you add or remove an IPv4 address on a tunnel interface (TLOC) that already has an IPv6 address, or when you add or remove an IPv6 address on a TLOC that already has an IPv4 address, the control and data plane connections for that interface go down and then come back up.
-
Release 16.3 introduces a feature that you can use to configure the preferred tunnel interface to use to exchange traffic with the vManage NMS. In the vManage NMS, you configure this on cellular, Ethernet, and PPP Interface feature templates, in the vManage Connection Preference field under Tunnel Interface. In the CLI, you configure this with the vmanage-connection-preference command. The preference value can be from 0 through 8, with a lower number more preferable. The default value is 5. If you set the preference value to 0, that tunnel interface is never used to exchange traffic with the vManage NMS, and it is never able to send or receive any overlay network control traffic.
With this configuration option, there is one situation in which you can accidentally configure a device such that it loses all its control connections to all Viptela controller devices (the vManage NMSs and the vSmart controllers). If you create feature templates and then consolidate them into a device template for the first time, the NMS software checks whether each device has at least one tunnel interface. If not, a software error is displayed. However, when a device template is already attached to a device, if you modify one of its feature templates such that the connection preference on all tunnel interfaces is 0, when you update the device with the changes, no software check is performed, because only the configuration changes are pushed to the device, not the entire device template. As a result, these devices lose all their control connections. To avoid this issue, ensure that the vManage connection preference on at least one tunnel interface is set either to the default or to a non-0 preference value.
Interfaces
-
On virtual interfaces, such as IRB, loopback, and system interfaces, the duplex and speed attributes do not apply, and you cannot configure these properties on the interfaces.
-
When a vEdge router has two or more NAT interfaces, and hence two or more DIA connections to the internet, by default, data traffic is forwarding on the NAT interfaces using ECMP. To direct data traffic to a specific DIA interface, configure a centralized data policy on the vSmart controller that sets two actions—nat and local-tloc color. In the local-tloc color action, specify the color of the TLOC that connects to the desired DIA connection.
-
When configuring interfaces for an IOS XE router using one of the VPN Interface feature configuration templates, you must spell out the interface names completely. For example, you must type GigabitEthernet0/0/0. Also, you must define all the interfaces in the router even if you are not using them so that they are configured in the shutdown state and so that all default values for them are configured.
-
For IOS XE routers that have a DSLAM module plugged in, you must include the VPN Interface DSL PPPoA or the VPN Interface DSL PPPoE feature configuration template in the device configuration template to successfully configure the routers from vManage NMS.
IPsec
-
For IKE-enabled IPsec tunnels that use IKE Version 2, the SD-WAN software does not support Traffic Flow Confidentiality (TFC) padding for ESP Version 3, as defined in RFC 4303, IP Encapsulating Security Payload (ESP).
IPv6
-
You can configure IPv6 only on physical interfaces (ge and eth interfaces), loopback interfaces (loopback0, loopback1, and so on), and on subinterfaces (such as ge0/1.1).
-
For IPv6 WAN interfaces in VPN 0, you cannot configure more than two TLOCs on the vEdge router. If you configure more than two, control connections between the router and the Viptela controllers might not come up.
-
IPv6 transport is supported over IPsec encapsulation. GRE encapsulation is not supported.
-
You cannot configure NAT and TLOC extensions on IPv6 interfaces.
-
DHCPv6 returns only an IPv6 address. No default information is accepted. IPv6 router solicitation and router advertisement messages are not processed.
IRB
-
On integrated routing and bridging (IRB) interfaces, you cannot configure autonegotiation.
NAT
-
When you reboot a vSmart controller, the BFD sessions for all symmetric NAT devices go down and come back up. This is expected behavior.
Policy
-
In policy definitions, any application list or application family list that you define with an app-list option cannot have more than 10 items per list.
Routing Protocols
-
When a vEdge router transport interface is using an old IPv6 SLAAC address for control connections or BFD sessions, or both, the IP address used for control connections and BFD might become out of sync with the actual IPv6 address. This situation can happen when the IPv6 address that SLAAC advertises from the gateway router changes suddenly and the old IPv6 address has not first been invalidated. As a workaround, if the router has no mechanism to invalidate older prefixes when the IPv6 prefix changes, first remove the router-advertisement configuration on the default gateway router and then change the IPv6 address. To resolve this problem when it occurs on a vEdge router, shut down the interface and then restart it; that is, issue a shutdown command, followed by a no shutdown command.
-
When you configure OSPF using a vManage NMS device configuration template, the configuration of an NSSA area or a stub area and the configuration of an area range are not pushed to the router when you attach the device configuration template to the router. As a workaround, configure these parameters in CLI mode on the router, from the vManage Tools ► SSH Terminal screen, using the OSPF area and range configuration commands.
Security
-
It is recommended that you use IKE Version 2 only with Palo Alto Networks and Ubuntu strongSwan systems. Viptela has not tested IKE Version 2 with other systems.
SNMP
-
When you configure an SNMP trap target address, you must use an IPv4 address.
-
The Viptela interface MIB supports both 32-bit and 64-bit counters, and by default sends 64-bit counters. If you are using an SNMP monitoring tool that does not recognize 64-bit counters, configure it to read 32-bit MIB counters.
-
On a vEdge router, if you perform an snmpwalk getnext request for an OID for which there is no information, the response that is returned is the next available instance of that OID. This is the expected behavior.
T1/E1
-
If you wish to change the card and controller type on the device, you must first remove the previously configured card and controller and reboot the device.
-
You cannot configure rollback or load override features on a multilink interface.
-
PPP multilink QoS is currently not supported in the VPN Interface Multilink template.
-
PPP multilink NAT is currently not supported in the VPN Interface Multilink template.
-
For a vEdge Cloud VM instance on the KVM hypervisor, for Viptela Releases 16.2.2 and later, it is recommended that you use virtio interfaces. For software versions earlier than Release 16.2.2, if you are using the Ubuntu 14.04 or 16.04 LTS operating system, you can use IDE, virtio, or virtio-scsi interfaces.
vManage NMS
-
On a Viptela device that is being managed by a vManage NMS system, if you edit the device's configuration from the CLI, when you issue the commit command, you are prompted to confirm the commit operation. For example:
vEdge(config-banner)# commit
The following warnings were generated:
'system is-vmanaged': This device is being managed by the vManage. Any configuration changes to this device will be overwritten by the vManage. Proceed? [yes,no]
You must enter either yes or no in response to this prompt.
During the period of time between when you type commit and when you type either yes or no, the device's configuration database is locked. When the configuration database on a device is locked, the vManage NMS is not able to push a configuration to the device, and from the vManage NMS, you are not able to switch the device to CLI mode.
-
The members of a vManage cluster rely on timestamps to synchronize data and to track device uptime. For this time-dependent data to remain accurate, do not change the clock time on any one of the vManage servers of the cluster after you create the cluster.
-
When you use the vManage Maintenance ► Software Upgrade screen to set the default software version for a network device, that device must be running Release 16.1 or later at the time you set the default software version. If the network device is running Release 15.4 or earlier, use the CLI request software set-default command to set the default software version for that device.
-
When you are using a vManage cluster, when you are bring up a new vManage NMS in the cluster, use an existing vManage NMS to install the certificate on the new vManage NMS.
-
In vManage feature configuration templates, for the passwords listed below, you cannot enter a cleartext password that starts with $4 or $8. You can, however, use such passwords when you are configuring from the CLI.
-
Neighbor password, in the BGP feature configuration template.
-
User password, in the Cellular Profile feature configuration template.
-
Authentication type password and privacy type password, in the SNMP feature configuration template.
-
RADIUS secret key and TACACS+ secret key, in the System feature configuration template.
-
IEEE 802.1X secret key, in the VPN Interface Ethernet feature configuration template.
-
IPsec IKE authentication preshared key, in the VPN Interface IPsec feature configuration template.
-
CHAP and PAP passwords, in the VPN Interface PPP Ethernet feature configuration template.
-
Wireless LAN WPA key, in the WiFi SSID feature configuration template.
-
-
PPP CHAP is currently not supported in the VPN Interface Multilink template.
-
PPP multilink fragmentation is currently not supported in the VPN Interface Multilink template.
-
If a serial interface is bundled into a multilink interface, you cannot remove it from the vManage NMS.
-
Once you attach the VPN Interface Multilink template to a device, you cannot detach it from the device.
Licensing
-
The maximum aggregated cyrpto throughput for the ISR 1000 series routers is 250 Mbps.
-
Base licensing package of AX needs to be enabled for IOS-XE SDWAN ISRv during VM deployment on the ENCS portal.
YANG Files for Netconf and Enterprise MIB Files
Netconf uses YANG files to install, manipulate, and delete device configurations, and Cisco vEdge device supports a number of enterprise MIBs.