The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides information about the new features introduced in the Cisco IOS XE 3.1S releases. In addition, important notes about these releases are included in this chapter.
Cisco IOS XE 3S releases inherit all Cisco IOS XE Release 2 features that were released prior to the introduction of the Cisco IOS XE 3.1S releases with few exceptions. For information about inherited features that were introduced in Cisco IOS XE Release 2 releases, for a list of new and changed features, and important notes that apply to Cisco IOS XE Release 2, see the "New and Changed Information" section in Cisco IOS XE Release 2 Release Notes.
This chapter contains the following sections:
This section lists the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1S and contains the following sections:
•New Hardware Features in Cisco IOS XE Release 3.1.4S
•New Software Features in Cisco IOS XE Release 3.1.4S
•New Hardware Features in Cisco IOS XE Release 3.1.3S
•New Software Features in Cisco IOS XE Release 3.1.3S
•New Hardware Features in Cisco IOS XE Release 3.1.2S
•New Software Features in Cisco IOS XE Release 3.1.2S
•New Hardware Features in Cisco IOS XE Release 3.1.1S
•New Software Features in Cisco IOS XE Release 3.1.1S
•New Hardware Features in Cisco IOS XE Release 3.1.0S
•New Software Features in Cisco IOS XE Release 3.1.0S
There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.4S.
There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.4S.
There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.3S.
There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.3S.
There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.2S.
There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.2S.
There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.1S.
The following new software features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.1S. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes.
Flexible NetFlow Egress allows the user to monitors traffic that the router is transmitting on an interface or subinterface.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html
This feature allows users to enable Flexible NetFlow to collect Flow Records for every packet.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html
Flexible NetFlow feature allows users to collect flow records from IPv4 Unicast packet streams on the router.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html
Flexible NetFlow feature allows users to collect flow records from IPv4 Unicast packet streams on router.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html
Flexible NetFlow MPLS Egress accounting feature enables the user to account for Flows exiting from an MPLS network to an IP network. This feature will be useful for capacity planning and account for flows to a data center.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html
Flexible NetFlow feature enables the user to define their own records by specifying the key and non-key fields to customize the data collection to your specific requirements
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html
This enhancement of Flexible NetFlow will allow for L7 visibility from NBAR into Flow Records.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cust_fnflow_rec_mon_xe.html
This feature allows for Flows records (IPv4, IPv6, etc.) to be exported to the collector over IPv4.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html
This feature defines a flexible export format for NetFlow defined by RFC 3954 to cover current and future technologies.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html
This feature defines Netflow v5 export protocol support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html
The feature enables a new NetFlow CLI to configure Flow record definition, Flow monitors, Flow Exporters and Sampler for Flexible NetFlow.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cust_fnflow_rec_mon_xe.html
This feature provisions QoS and crypto on Flexible NetFlow export packets.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html
Flow samplers are created as separate components in a router's configuration. Flow samplers are used to reduce the load on the device that is running Flexible NetFlow by limiting the number of packets that are selected for analysis. Samplers use either random or deterministic sampling techniques (modes):
•Deterministic—The same sampling position is used each time a sample is taken.
•Random—A randomly selected sampling position is used each time a sample is taken.
Flow sampling exchanges monitoring accuracy for router performance. When you apply a sampler to a flow monitor, the overhead load on the router of running the flow monitor is reduced because the number of packets that the flow monitor must analyze is reduced. The reduction in the number of packets that are analyzed by the flow monitor causes a corresponding reduction in the accuracy of the information stored in the flow monitor's cache. Samplers are combined with flow monitors when they are applied to an interface with the ip flow monitor command.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cust_fnflow_rec_mon_xe.html
The following new hardware features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.0S.
The Cisco ASR 1013 router extends the Cisco ASR 1000 Series Routers to a chassis that can hold six SIPs and provides superslots (more height and power) for the Cisco ASR1000-RPs (route processor) and the ASR1000-ESPs (forwarding processor).
The Cisco ASR 1013 Router is a 24-SPA,3-rack-unit (RU), hardware-redundant chassis with two Embedded Services Processor (ESP) slots, two Route Processor (RP) slots, and six SIP slots that allows for full Route-Processor hardware redundancy, NSF, ISSU, and future Route-Processor service upgrades.
For information about the Cisco ASR 1013 Router, see Cisco ASR 1000 Series Aggregation Services Routers Hardware Installation Guide at the following location:
http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html
Beginning with Cisco IOS XE Release 3.1.0S, Cisco ASR 1000 Series Routers have the capability to allow users to perform upgrades in the field on programmable hardware devices. Field programmable hardware devices include the Complex Programmable Logic Device (CPLD) and the field programmable gate array (FPGA). In Cisco IOS XE Release 3.1.0S and later releases, a CPLD field upgrade is required to upgrade incompatible versions of firmware on the Cisco ASR1000-RP2 and Cisco ASR1000-SIP10 components in the Cisco ASR 1013 Router. A hardware programmable package is released to customers for the CPLD upgrade.
For more information, see Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers.
Cisco IOS XE Release 3.1.0S introduces support for the following new Embedded Services Processors (ESPs):
The Cisco ASR1000-ESP40 is a 40Gbps, QFP-based forwarding processor for the Cisco ASR 1000 Series Aggregation Services Router platform.
•See Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide at the following location:
•See Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide at the following location:
•For information about the ASR1000-ESP40, see Cisco ASR 1000 Series Aggregation Services Routers Hardware Installation Guide at the following location:
http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html
Note While both the Cisco ASR1000-ESP40 and ASR1000-ESP20 exceed the 16 Mbps forwarding rate, the ASR1000-ESP40 packets per second rate is slightly less than ASR1000-ESP20 when sending continuous stream of small, 64-byte packets. However, at 92 bytes and larger, the ASR1000-ESP40 outperforms the Cisco ASR1000-ESP20. The difference at small packet sizes is a side-effect of optimizations made to achieve 40 Gbps for medium to large packets.
The following new software features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.0S. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes.
1+1 Single Router APS without Bridging feature is used when asserting LAIS on a non-active link.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/interface/configuration/guide/ir_sraps_without_bridging_xe.html
This feature allows for multipath (load balancing) support on 6PE.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html
The following PDL support will be updated/added: Youtube/dicom/cifs/Aim/msn/Sap/Vnc/Softphone + skinny parity/Mapi pdl/Bittorrent/Gnutella/Skype/Winmx parity/Sip parity/Cifs
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html
BGP - Remove/Replace Private AS Filter feature provides the ability for customers to remove/replace Private AS Numbers in the as-path from outgoing BGP updates.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/xe_3s/irg_xe_3s_book.html
BGP Dynamic Neighbors allow for configuration of prefix ranges which should accept incoming TCP sessions and dynamically create a BGP neighbor relationship with the source IP.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/xe_3s/irg_xe_3s_book.html
BGP Peers belonging to the same update group can be starved of route advertisements/withdrawals if there is a slow peer present in that update group. This feature detects the slow peers and moves them to a new update group so that other non slow peers can accept the update messages.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_slow_peer_xe.html
The following Cisco Unified Border (Enterprise) features were introduced in Cisco IOS XE Release 3.1.0S:
•Interworking of Secure RTP calls for SIP and H323
•RFC4040 based Clear Channel Codec Signaling with SIP
•Session Border Controller Enhancements for H.323-SIP and SIP-SIP Supplementary Services, Transcoding Optimization and Firewall Integration.
•SIP-SIP Basic Feature Functionality for Session Border Controller (SBC)
•SIP-SIP Extended Feature Functionality for Session Border Controller (SBC)
•SIP-Support for SIP Video Calls with Flow Around Media
•SIP Diversion Header Enhancements
•SIP History INFO
•SIP SRTP Fallback to Nonsecure RTP for CUBE
•SIP to SIP Supplementary Services for Session Border Controller (SBC)
•SIP Video Support for Telepresence Calls
•SIP Gateway Support for the bind Command
•Support Ability to Configure Source IP Address for Signaling and Media per SIP Trunk
•Support for Configurable Pass-through of SIP INVITE Parameters
•Support for Configuring Error Response Code Upon Out-of-dialog OPTIONS Ping Failure
•Support for dynamic payload type interworking for DTMF and codec packets for SIP to SIP calls
•Support for Expires timer reset on receiving or sending SIP 183 message
•Support for generating Out-of-dialog SIP OPTIONS Ping messages to monitor SIP Servers
•Support for interworking between RSVP capable and RSVP incapable networks
•Support for MIB to report call volume and call rate related statistics on the Cisco Unified Border Element
•Support for Multiple Registrars on SIP Trunks on a Cisco Unified Border Element, on Cisco IOS SIP TDM Gateways, and on Cisco Unified Communications Manager Express
•Support for PAI, PPI, Privacy, P-Called-Party-ID and P-Associated-URI headers on Cisco Unified Border Element
•Support for selective filtering of outgoing provisional responses
•Support for SIP 181 'call is being forwarded' message
•Transparent Tunneling of QSIG and Q.931 over SIP-SIP Cisco Unified Border Element
For information about these Cisco Unified Border Element (Enterprise) features, see the following documents:
Cisco Unified Border Element (Enterprise) Configuration Guide:
Cisco Unified Border Element (Enterprise) Configuration Guide: SIP Trunking for PSTN Access:
Cisco Unified Border Element (Enterprise) Configuration Guide: SIP-to-SIP Connections on a Cisco Unified Border Element:
The following Cisco Unified Border Element (SP Edition) features were introduced in Cisco IOS XE Release 3.1.0S:
•Call-routing:Customized System Error Messages
•Call-routing:ENUM Client
•DBE:Ia Profile:Allow b line parameter to be optional
•DBE:Ia Profile:ETSI BGF Profile support
•IMS:Rx Support
•IMS:Subscribe to Users Registration state
•Media:Asymmetric Payload-Type pass-through in both signaling (SIP/H.323) and media (RTP)
•Media:DTMF method interworking and ACCEPT header handling
•Media:SRTP to RTP support
•Regulation-Compliance:CALEA IRI interface support
•Release 3.1.0 General Enhancements
•SIP Destination ID & SIP Source ID handling
•SIP:IPv6 VRF Support
•SIP:Redundant Signaling Peer
•SIP:Support re-offer of a dynamic codec without an rtpmap present in the re-offered SDP
For information about these Cisco Unified Border Element (SP Edition) features, see the following documents:
Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html
Cisco Unified Border Element (SP Edition) Command Reference: Unified Model
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html
For information about these Cisco Unified Border Element (SP Edition) Distributed Model features, see the following documents:
Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbc/2_xe/sbc_2_xe_book.html
Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html
IOS DHCP relay is enhanced to add an encapsulated option 82. Encapsulated option 82 is a composite option 82 created from the existing option 82 in the received DHCP message plus new information added by the IOS DHCP Relay.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/isg/configuration/guide/isg_auth_dhcp_op60_82_xe.html
The DHCP Server offers user authentication. An IP address is handed out if the requestor client authenticated itself.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_dhcp_ovrvw_xe.html
The Cisco IOS Embedded Event Manager is an infrastructure feature that provides unique customization capabilities and event driven automation within Cisco products.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_cli.html
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.html
The feature provides the user with a means to turn on/off ASR NAT High-Speed Logging on a per VRF basis.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_monmain_nat_xe.html
This feature provides RFC support for the Expression MIB and a command line user interface for configuring the Event and Expression MIBs.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/netmgmt/configuration/guide/nm_cfg_snmp_sup_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html
Firewall: GPI (Granular Protocol Inspection) Phase-2 feature enables support for additional protocols.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_fwall_stateful_inter-chassis_redundancy_xe.html
Hot-Stand By Router Protocol (HSRP) for IP version 6 (IPv6). HSRP for IPv6 uses link local addresses and is compatible with IPv6 MPLS VPN (6VPE) when available.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-fhrp_xe.html
This feature allows for ingress packet scheduling applicable to packets entering the ASR 1000 Router through an interface.
For information about Ingress Packet scheduling (both intra-CC & inter-CC ingress scheduling) and other SPAs supported on the Cisco ASR 1000 Series Routers, see the following document:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide at:
The feature allows for input packet classification at the Carrier Card based on various packet types and fields.
For information about Input packet classification on SPA Interface Processor card (SIP) and other SPAs supported on the Cisco ASR 1000 Series Routers, see the following document:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide at:
This feature implements 6RD draft and allows cost effective deployment of IPv6 over IPv4 core using v6 over v4 tunneling mechanism. This is an extension of 6 to 4 feature support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-tunnel_xe.html
This feature provides a method of sending IPv6 packets originating from an IPv6 Edge router across an MPLS network backbone running an IPv4 control plane, without making changes to the software on the MPLS PE routers.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-over_mpls_xe.html
IPv6 VPN features over a MPLS/IPv4 core infrastructure (6VPE), includes IPv6 VRF-Lite support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html
IPv6 VPN features over a MPLS/IPv4 core infrastructure (6VPE), includes Inter-AS option a, b, c support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-mptcl_bgp_xe.html#wp1027129
ISG needs to support option 60/82 based TAL for provisioning per service QoS and VPN-ID sub-option for provisioning IP wholesale services. Currently IP Sessions cannot differentiate between devices behind a Layer3 CPE for. By adding Option 60 support, IP sessions can be set up for PCs and set top boxes separately, for example.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/isg/configuration/guide/isg_auth_dhcp_op60_82_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_dhcp_svr_cfg_xe.html
BGP Nonstop Routing (NSR) maintains BGP sessions and state information across ISSU support on a PE device providing MPLS VPN services.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_nsr_sso_xe.html
This feature enables ISSU Support on HSRPv6 feature on VRF interfaces.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-fhrp_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_hsrp_xe.html
This feature provides support for per-node RSVP Graceful Restart Hello's in 12.2S IOS release, to allow interoperability with 12.0S IOS.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_rsvp_grace.html
This feature allows a MPLS VPN PE router to forward temporarily MPLS VPN packets received from the MPLS core via another PE temporarily when the local PE-CE link goes down. This improves end to end VPN traffic loss as the connectivity reestablishment does not depend on BGP network convergence over the MPLS/IGP core.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_vpn_pece_lnk_prot_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-roadmap_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_vpn_pece_lnk_prot_xe.html
This functionality allows operators to provide 6VPE functionality over GRE tunnel instead of using MPLS LSP to reach the BGP nexthop (remote PE).
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html
This feature allow for the ability to carry MPLS Layer 3 VPN traffic over mGRE.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/interface/configuration/guide/ir_mplsvpnomgre_xe.html
NAT now supports 1200 overloaded single range pools.
This features allows NAT to be a part of NetBIOS ALG support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html
This features adds RTSP NAT ALG support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html
This feature allows for NAT Stateful Inter-Chassis redundancy support.
For more information, see the following document:
Classifying Network Traffic Using NBAR in Cisco IOS XE Software.
For more information, see the following document:
This feature allows NBAR to detect with classify a set of Protocol & Applications standardized by IANA.
For more details about this list, go to http://www.cisco.com/go/nbar and edit the IANA Protocol Pack1 document.
This feature enables NSF/SSO support for HSRPv6 on VRF interfaces.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/ha/configuration/guide/ha-nonstp_fwdg_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/ha/configuration/guide/ha-stfl_swovr_xe.html
BGP Nonstop Routing (NSR) maintains BGP sessions and state information across Stateful SwitchOver (SSO) functions.
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_nsr_sso_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_00.html
The QoS: Egress Service Policy 3 level Hierarchy (IPv4) feature supports 3 level policy-map hierarchy with queuing in the leaf level.
The parent level is the top or root level. It supports the default class with shape configured; a user cannot define a class. The parent level supports the following queuing services:
•Shaping
•Bandwidth Remaining Ratio (BRR)
•Shaping and BRR
The child level is the middle level. It supports the following queuing services:
•Shaping
•BRR
•Shaping and BRR
•Bandwidth Remaining Percentage (BRP)
•WRED
•Fair Queue
Bandwidth and Priority are supported in a class at the child level as long as the class does not have a queuing policy as a child. This means the class is not directly part of a three level queuing hierarchy.
Users can over-provision shapers at child and parent levels. For example, users can have two child shapers of 50 Mbps and a parent shaper of 75 Mbps.
The grandchild level is the leaf level. It supports queuing services on the following interfaces:
•Physical Interface
•VLAN (GE)
•subinterface (FR or serial)
•GRE tunnel (IPv4)
•sVTI (IPv4)
Mixed queuing and non-queuing features (marking and policing) are supported at the grandchild level.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_policies_agg_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/isg/configuration/guide/isg_radius_proxy_xe.html
RADIUS Virtual Circuit (VC) Logging allows to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3s/RADIUS_VC_Logging.html
VRF-Aware Service Infrastructure (VASI) refers to the capability to use services within different VPN routing and forwarding instances (VRFs). VASI interfaces are virtual interface pairs, where each of the interfaces in the pair is associated with a different VRF.
For more information, see the following document:
This feature allows for IPSec VRF-Aware support for sVTI, Crypto Map-based ezVPN and DMVPN.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec_xe.html
This feature allows for TCP segment and reassembly support for ALG.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_vtcp_alg_sup_xe.html
This feature allows for the ability to configure the router ID which WCCP will use rather than relying on the router's selection mechanism.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
Permits WCCP services to configured such that the absence of an active client results in intercepted packets being dropped, rather than forwarded.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
This feature increases the number of WCCP services that can be configured from 7 to 256.
For more information, see the following document
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
The WCCP Fast Timers feature enables WCCP to establish redirection more quickly when a WCCP client is added to a service group or when a WCCP client fails.
WCCP routers and WCCP clients exchange keepalive messages at a fixed interval. Prior to the introduction of the WCCP Fast Timers feature, the WCCP message interval is fixed at 10 seconds. The WCCP Fast Timers feature enables use of message intervals ranging from .5 seconds to 60 seconds and a timeout value scaling factor of 1 to 5.
The WCCP message interval capability introduced by the WCCP Fast Timers feature defines the transmission interval that WCCP clients and WCCP routers use when sending keepalive messages and defines a scaling factor used when calculating the timeout value. The WCCP router uses the timeout value to determine if a WCCP client is no longer available and to redirect traffic as a result.
The WCCP router enforces a single message interval per service group. WCCP clients with incompatible message intervals are prevented from joining a service group.
If a default message interval that is smaller than the default 10 seconds is used, there will be an increase in CPU usage.
You can use the show ip wccp service-number detail command to display information about the message interval settings being used in a WCCP service group. No output is displayed if the default 10-second message interval is used.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/xe-3s/iap-wccp.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html
For customers and partners needing to remotely adapt and control the behavior of Cisco devices, XML-PI 1.0 provides unambiguous and robust information access and control without the complexity and expense of screen-scraping technologies or external XML-to-CLI gateways.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_xmlpi_v1.html
The following sections contain important notes about Cisco IOS XE 3.1.0S Releases running on Cisco ASR 1000 Series Routers.
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine if your software release is affected:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
•Field Notices—We recommend that you view the field notices for this release to determine whether your software or hardware platforms are affected. You can access field notices from http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html.
•Bulletins—You can access bulletins from http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html.
This section contains important notes about IPSec support on the Cisco ASR 1000 Series Router:
IPSec CLI Support Notes
This section contains important notes about IPSec CLI support on the Cisco ASR 1000 Series Router:
For information about Cisco IOS IPSec commands, see the Cisco IOS Security Command Reference at: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s5.html
•The show crypto engine command, which displays information about the crypto engine, is not currently supported on the Cisco ASR 1000 Series Router. The unsupported show crypto engine subcommands include the following:
–accelerator (Shows crypto accelerator information.)
–brief (Shows all crypto engines in the system.)
–configuration (Shows crypto engine configuration.)
–connections (Shows connection information.)
–qos (Shows QoS information.)
•The Cisco ASR 1000 Series Router does not currently support the display of send and recv error statistics using the show crypto ipsec sa identity command.
•The Cisco ASR 1000 Series Router does not support the clear and show crypto commands on the standby Route Processor (RP) by design.
•Counters in the show platform software ipsec fp active flow identifier n command are flagged for reset on read. You can use the show crypto ipsec sa command to obtain integral counters.
•The show access-list command output does not show a packet count matching the ACL.
•The Cisco ASR 1000 Series Router displays debugging information about the consumption of IPsec datapath memory; use the show platform hardware qfp act feature ipsec datapath memory command in privileged EXEC or diagnostic mode.
•The Cisco ASR 1000 Series Router displays debugging information about the crypto engine processor registers; use the show platform software ipsec f0 encryption-processor registers command in privileged EXEC or diagnostic mode.
Crypto Map Support
This section contains important notes about IPSec crypto map support on the Cisco ASR 1000 Series Router:
•The Cisco ASR 1000 Series Router does not currently support IPSec tunnel configuration for crypto maps with same IP address on both the tunnel interface and the physical interface. Configurations with different IP addresses are supported.
•A possible Embedded Services Processor (ESP) reload may occur if a large number (such as 2000) of crypto maps are removed simultaneously. When removing a large number of crypto maps, it is recommended you unconfigure 500 crypto maps at a time and wait 25 seconds between operations.
•The Cisco ASR 1000 Series Router does not support the show access-lists id command under crypto maps.
•The Cisco ASR 1000 Series Router does not currently support the interface range command when configuring crypto maps.
IPSec Packet Processing
This section contains important notes about IPSec packet processing on the Cisco ASR 1000 Series Router:
•Reloading an Embedded Services Processor (ESP) on the Cisco ASR 1000 Series Router may cause a few IPSec packets to drop before the initialization completes, but the traffic will resume after a brief interval.
•The Cisco ASR 1000 Series Router will not discard an incoming IP datagram containing a Payload Length other than 4 in the authentication header (AH). For example, a 96 bit authentication value plus the 3 32-bit word fixed portion for any non-null authentication algorithm will not be discarded.
•The Cisco ASR 1000 Series Router does not forward incoming authenticated packets with the IP option field set.
Group Encrypted Transport VPN Support on Cisco ASR 1000 Series Routers
When Group Encrypted Transport VPN is configured on a router, the "deny udp any any port=848" ACL rule is not added by default. You must manually add this rule in the Key Server ACL or Group Member ACL.
GET VPN Support
This section contains important notes about Group Encrypted Transport VPN (GET VPN) support on the Cisco ASR 1000 Series Router:
•In Cisco ASR 1000 series router, group member policies downloaded from key server are treated as shared policy among all group members. So, it does not use the "reversed" policy to check for ingress packet. This behavior is different from other (Cisco7200/ISR) platform. To enable the same behavior as (Cisco 7200/ISR), use the platform ipsec godi accept-both command in global configuration mode. To disable, use the no form of this command as follows:
platform ipsec gdoi accept-both
no platform ipsec gdoi accept-both
•Cisco ASR 1000 group member starts re-registration immediately when the local policies are modified. If user adds or removes multiple policies, then re-registration happens with every policy change.
•To ensure normal traffic flow for a GET VPN configuration on a Cisco ASR 1000 series router, a Time Based Anti Replay (TBAR) window-size of greater than 42 seconds is recommended.
•The Cisco ASR 1000 series router does not currently support the TBAR statistics display in the show crypto gdoi gm replay command.
•If a Cisco ASR 1000 group member receives empty rekey message from key server, then it loses all its security associations.
•The Cisco ASR 1000 series router does not currently support Easy VPN (EzVPN) and GET VPN on the same interface.
•When a Cisco ASR 1000 series router is to apply the same Group Domain of Interpretation (GDOI) crypto maps to two interfaces, you should use local addresses for the crypto maps. Non-local address configuration is not supported.
•The Cisco ASR 1000 series router does not currently support transport mode for TBAR.
•The Cisco ASR 1000 series router only supports the reassembly of post-fragmented GET VPN packets that are destined for the local Cisco ASR 1000 Series Router in the GET VPN network
•An enhancement is added to enable reassembly of IPsec transit traffic. This enhancement applies only to post-encryption fragmented IPsec packets. When this enhancement is enabled, IPsec will detect transit IPsec traffic and reassemble it before decryption. GET VPN transit IPsec traffic will be reassembled, decrypted, and forwarded to the destination. Non GET VPN transit IPsec traffic will be reassembled but not decrypted (because the ASR 1000 router is not the IPsec tunnel end point) and then forwarded to the destination.
To enable IPsec reassembly of transit traffic, use the platform ipsec reassembly transit command in global configuration mode. To disable IPsec reassembly of transit traffic, use the no form of this command as follows:
platform ipsec reassembly transit
no platform ipsec reassembly transit
IPSec SSO and ISSU Support Notes
•The Cisco ASR 1000 Series Router supports stateful IPSec sessions on ESP switchover. During ESP switchover, all IPSec sessions will stay up and no user intervention is needed to maintain IPSec sessions.
•For an ESP reload (no standby ESP), the SA sequence number restarts from 0. The peer router drops packets that do not have the expected sequence number. User may need to explicitly reestablish IPSec sessions to work around this issue for systems that have a single ESP after an ESP reload. User may experience traffic disruption over the IPSec sessions in such cases for the duration of the reload.
•The Cisco ASR 1000 Series Router currently does not support Stateful Switchover (SSO) IPSec sessions on Route Processors (RPs). The IPSec sessions will go down on initiation of the switchover, but will come back up when the new RP becomes active. No user intervention is needed. User will experience traffic disruption over the IPSec sessions for the duration of the switchover, until the sessions are back up.
•The Cisco ASR 1000 Series Router currently does not support stateful ISSU for IPSec sessions. Before performing an ISSU, users must explicitly terminate all existing IPSec sessions or tunnels prior to the operation and reestablish them post ISSU. Specifically, users must ensure that there are no half-open or established IPSec tunnels present before performing ISSU. To do this, we recommend user do a interface shutdown in the case of interfaces that may initiate a tunnel setup, such as a routing protocol initiating a tunnel setup, or interfaces that have keepalive enabled or where there is an auto trigger for an IPSec session. Traffic disruption over the IPSec sessions during ISSU is obvious in this case.
Summarizing and restating the different caveats:
ESP - switchover (with standby ESP) : Stateful :
•IPSec sessions should be up. No user intervention needed.
ESP - Reload (No standby ESP) : Stateless :
•IPSec sessions will go down and come back up. Usually no user intervention is needed. However, user may need to explicitly reestablish Ipsec session again if anti replay is configured (sequence number checking).
RP - switchover (with standby RP) : Stateless :
•IPSec sessions will go down on RP switchover and should reestablish themselves when the new RP gains active role. No user intervention is needed.
ISSU (irrespective of chassis type): Stateless :
•User must explicitly terminate all IPSec sessions by shutting the interfaces, perform ISSU and then reestablish tunnels by enabling the interfaces. No other intervention needed.
Miscellaneous IPSec Support Notes
This section contains miscellaneous important notes about IPSec support on the Cisco ASR 1000 Series Router:
•The security association (SA) maximum transmission unit (MTU) calculation is based on the interface MTU instead of the IP MTU.
•The Cisco ASR 1000 Series Router currently supports a maximum anti-replay window value of 512. If you attempt to configure a value larger than 512, the Cisco ASR 1000 Series Router defaults back to 512 internally (although the display still shows your user-configured value).
•The Cisco ASR 1000 Series Router does not currently support nested SA transformation such as:
crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac
•The Cisco ASR 1000 Series Router does not currently support Cisco IOS Certificate Authority (CA) server features.
•The Cisco ASR 1000 Series Router does not currently support COMP-LZS configuration.
•For the Cisco ASR 1000 Series Router, when configuring GRE over IPSec, user is recommended to use only Tunnel protection mode on the Tunnel interface. Using crypto maps on both tunnel and physical interface to achieve GRE over IPSec is not the supported method of configuration.
•The Cisco ASR 1000 Series Router does not currently support VRF-Aware IPSec.
The NAT and Firewall ALG Support on Cisco ASR 1000 Series Routers matrix summarizes Network Address Translation (NAT) and Firewall Application Layer Gateway (ALG) feature support on Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.1.0 and later releases. The matrix lists feature support by release. NAT and Firewall ALG support is cumulative; features introduced in earlier releases continue to be supported in later releases. You can access the matrix from the following location:
http://www.cisco.com/en/US/docs/routers/asr1000/technical_references/asr1000alg_support.pdf
If you are going to power cycle a Cisco ASR 1013 Router, we recommend that you first perform a graceful reload on the router. Power cycling the router without first performing a graceful reload might cause a loss of data stored in the NVRAM. In other words, the configuration file might be lost. Note that this is not observed when a power failure occurs because each active power supply in the two power supply zones is power cycled at the same time during a power failure. If there is a chance that the router might be power cycled without a graceful reload, we recommend that you use the boot config file-system:configuration-file nvbypass command to specify a file system other than the NVRAM for storing the configuration file. The following are examples:
Router(config)# boot config harddisk:config_file.cfg nvbypass
Router(config)# boot config bootflash:configuration_data.cfg nvbypass
This section describes important notes about Cisco IOS XE Release 3.1.1S and later releases.
SPA-4XT-SERIAL was not supported in 3.1.0S when plugged into an ASR1000 with SIP-40. This SPA is supported in Release 3.1.1S on SIP-40 linecard.
For more information, see the following documents:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation, see section for SPA-4XT-Serial SPA in Table 1-4 (SIP and SPA Compatibility for Serial SPAs)
Cisco ASR1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide
This section describes important notes about Cisco IOS XE Release 3.1.0S and later releases.
In Cisco IOS XE Release 3.1.0S Bidirectional Forwarding Detection (BFD) is no longer supported in IP Base software packages. For BFD support, use the Advanced IP Services or Advanced Enterprise Services packages.
In Cisco IOS XE Release 3.1.0S Cisco ASR 1000 Series Routers do not support the ip nhrp server-only command if they perform as DMVPN spokes.
Multiple GDOI groups with the same identity number (for example, 1234) can be configured on a group member as long as a different key server address is specified for each group. This is because both the group identity number and the server address are required to uniquely identify a group on a group member.
The Cisco ASR 1000 Series Router supports GRE keepalive with tunnel protection. However, the keepalive packet that is returned is not encrypted. This limitation is also mentioned in the "Limitations and Restrictions in Cisco IOS XE Release 3.1.0S" section.
This section describes important notes about Cisco IOS XE Release 2.6.0 and later releases.
In Cisco IOS XE Release 2.6.0 multiple instances of the per-user attribute `Cisco-Avpair=lcp:interface-config=<cmd>' is not supported.
For example:
Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen
Cisco-AVPair= lcp:interface-config=ip unnumbered loopback2
Should be configured like this in Cisco IOS XE Release 2.6.0:
Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen \nip unnumbered loopback2
"Multiple instances will be supported in Cisco IOS XE Release 2.6.1"
To streamline Cisco IOS QoS, certain commands are being hidden. Although these commands are available in Cisco IOS XE Release 2.6, the CLI interactive help does not display them. If you attempt to view a command by entering a question mark at the command line, the command does not appear. However, if you know the command syntax, you can enter it. The system will accept the command and return a message explaining that it will soon be removed. These commands will be completely removed in a future release, which means that you will need to use the appropriate replacement commands.
For more information, see the following document:
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.5.0 and later releases.
The Embedded Packet Capture (EPC) feature is not functional and not supported for the Cisco ASR 1000 Series Routers.
When queuing feature on the GRE tunnel interface is not supported with crypto configured on the physical interface.
With IOS XE 2.5.0, the Cisco ASR 1000 Router Series supports Quality-of Service (QoS) applied to
•A GRE or sVTI tunnel with policing and marking only for INGRESS traffic
•A GRE or sVTI tunnel with 2-level hierarchy allowing queuing on the second level for EGRESS traffic
When there are multiple egress physical interfaces for a tunnel, and the tunnel target physical interface changes as a result of tunnel target destination route change, either manually by user configuration or by routing protocol, IOS will not prevent the tunnel traffic from moving to an alternate egress physical interface.
However, in IOS XE 2.5.0, QoS tunnel move feature is not supported. When tunnel traffic moved to an alternate egress physical interface, tunnel QoS policy may enter a suspended state. At this point, the tunnel QoS policy will have to be removed and reapplied to the tunnel interface for it to take effect.
In addition, queuing features on the GRE tunnel interface are not supported when IPSec is configured on the physical interface.
Integrating NAT with MPLS VPNs
Prerequisites for integrating NAT with MPLS VPNs
Before performing the tasks in this module, you should be familiar with the concepts related to configuring NAT for IP address conservation. All access lists required for use with the tasks in this module must be configured before you begin the configuration task. For information about how to configure an access list, see IP Access List Sequence Numbering at the following location:
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html
Note If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any command in the access list.
Restrictions for Integrating NAT with MPLS VPNs
•The following functionality is not supported for VRF-Aware NAT:
–VPN to VPN translations. In other words, VRF cannot be applied on the NAT outside interface.
–Translation of multicast packets
–Translations with inside destinations
–Reversible route maps
–MIBs
–MPLS traffic engineering
•Configuring inside dynamic translations defined with outside interface mappings is not supported.
•Configuring inside static translations with interface mappings is not supported. The following commands, which do not include VRF, are not supported:
–ip nat inside source static esp local-ip interface type number
–ip nat inside source static local-ip global-ip route-map name
–ip nat inside source static local-ip interface type number
–ip nat inside source static tcp local-ip local-port interface type number global-port
–ip nat inside source static udp local-ip local-port interface type number global-port
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.3.0 and later releases.
The configuration of Any Transport Over MPLS (AToM) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.3.0 is only supported on a subinterface; AToM cannot be configured on the main interface. In addition, you cannot have any IP configuration on the main interface when you have an AToM configuration on the subinterface. These configuration guidelines are applicable to VC mode, VP mode, and L2VPN PW redundancy.
Cisco ASR 1000 Series Router users considering the implementation of MPLS TE are recommended to consult with their local Cisco technical support representative for Cisco IOS XE implementation details.
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.2.2 and later releases.
If dual route processors (RPs) are used on the Cisco ASR 1000 Series Router in Cisco IOS XE Release 2.2.2 and L2TP Tunnel Switching is configured, then no l2tp sso enable must be configured.
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.2. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.2.1 and later releases.
The 100M FX SFP is not supported on the Cisco 2-Port Gigabit Ethernet Shared Port Adapter (2x1GE SPA) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1.
The following Intelligent Service Gateway (ISG) features are not supported on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1:
•ISG IP subscriber functionality on the following types of access interfaces: Gigabit EtherChannel (GEC) (Port Channel), generic routing encapsulation (GRE), PPP (virtual-template), and Layer 2 Tunneling Protocol (L2TP)
•ISG prepaid billing
•ISG IP interface sessions
•Interface statistics for ISG multiservice interfaces
•Access lists cannot be configured as match criteria in ISG Layer 4 redirect configuration. As an alternative, Layer 4 redirect should be configured in ISG traffic class services.
•Stateful Switchover (SSO and in-service software upgrade (ISSU) for ISG IP subscriber sessions or traffic class sessions. Upon switchover, an IP session must be recreated or restarted (for Dynamic Host Configuration Protocol (DHCP) sessions) when the session becomes active again.
•SSO and ISSU for any features on IP subscriber sessions or traffic class sessions
•SSO and ISSU for the following features on ISG PPP sessions:
–Port-Bundle Host Key
–Layer 4 Redirect
–Traffic Class
Enhancements to the IP multicast feature provide support for per-session multicast in broadband environments in Cisco IOS XE Release 2.2.1.
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.1. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.1.1 and later releases.
As a matter of routine maintenance on any Cisco router, users should backup the startup configuration file by copying the startup configuration file from NVRAM onto one of the router's other file systems and, additionally, onto a network server. Backing up the startup configuration file provides an easy method of recovering the startup configuration file in the event the startup configuration file in NVRAM becomes unusable for any reason.
For users using any Cisco ASR 1000 Series Router with a single RP, including any Cisco ASR 1002 or Cisco ASR 1004 Router, backing up the startup configuration file onto another router file system is especially important due to CSCsq70140, which is documented in the Caveats section of these release notes. The workaround for users who run into this caveat is to replace the startup configuration file in NVRAM with a backup copy of the startup configuration file on the router; therefore, customers who have backed up their startup configuration files onto the router will be ready to resolve these caveats if they occur on their Cisco ASR 1000 Series Routers using a single RP.
Example 1: Copying Startup Configuration File to Bootflash
Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 May 29 2008 16:31:41 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
12 -rw- 208904396 May 28 2008 16:17:34 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
Router# copy nvram:startup-config bootflash:
Destination filename [startup-config]?
3517 bytes copied in 0.647 secs (5436 bytes/sec)
Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 May 29 2008 16:31:41 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
12 -rw- 208904396 May 28 2008 16:17:34 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
13 -rw- 7516 Jul 2 2008 15:01:39 -07:00 startup-config
Example 2: Copying Startup Configuration File to USB Flash Disk
Router# dir usb0:
Directory of usb0:/
43261 -rwx 208904396 May 27 2008 14:10:20 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
255497216 bytes total (40190464 bytes free)
Router# copy nvram:startup-config usb0:
Destination filename [startup-config]?
3172 bytes copied in 0.214 secs (14822 bytes/sec)
Router# dir usb0:
Directory of usb0:/
43261 -rwx 208904396 May 27 2008 14:10:20 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
43262 -rwx 3172 Jul 2 2008 15:40:45 -07:00 startup-config
255497216 bytes total (40186880 bytes free)
Example 3: Copying Startup Configuration File to a TFTP Server
Router# copy bootflash:startup-config tftp:
Address or name of remote host []? 172.17.16.81
Destination filename [pe24_asr-1002-confg]? /auto/tftp-users/user/startup-config
!!
3517 bytes copied in 0.122 secs (28828 bytes/sec)
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must not manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.1.0 and later releases.
Table 1 describes some of the high level feature sets that are not supported for the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.1.0 and later releases. Use Cisco Feature Navigator to confirm support for a specific feature. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Feature support is subject to change from release to release. Some high-level feature sets that were not supported in the initial Cisco IOS XE Release 2.1.0 are now supported. Table 1 has been updated to indicate when support has been introduced in later releases. For the latest feature information, see the New and Changed Information sections of these release notes and Cisco Feature Navigator.