The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides information about the new features introduced in the Cisco IOS XE 3.2S releases. In addition, important notes about these releases are included in this chapter.
Cisco IOS XE 3S releases inherit all Cisco IOS XE Release 2 features that were released prior to the introduction of the Cisco IOS XE 3S releases with few exceptions. For information about inherited features that were introduced in Cisco IOS XE Release 2 releases, for a list of new and changed features, and important notes that apply to Cisco IOS XE Release 2, see the "New and Changed Information" section in Cisco IOS XE Release 2 Release Notes.
This chapter contains the following sections:
This section lists the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2S and contains the following sections:
•New Hardware Features in Cisco IOS XE Release 3.2.2S
•New Software Features in Cisco IOS XE Release 3.2.2S
•New Hardware Features in Cisco IOS XE Release 3.2.1S
•New Software Features in Cisco IOS XE Release 3.2.1S
•New Hardware Features in Cisco IOS XE Release 3.2.0S
•New Software Features in Cisco IOS XE Release 3.2.0S
There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.2S.
There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.2S.
There are no new hardware features in the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.1S.
The following are the new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.1S:
The SSO/ISSU Support for Per-User IPv6 ACL for PPP Sessions feature reproduces the IPv6 ACLs that are present on the active RP to the standby RP, and provides a consistent SSO and ISSU experience for active sessions. This feature also extends the ability to maintain Template ACLs (IPv6 only or dual stack) through ISSU and SSO.
For more information, see Implementing Traffic Filters and Firewalls for IPv6 Security at the following location:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-sec_trfltr_fw_xe.html
Frame Relay over MPLS encapsulates Frame Relay PDUs in MPLS packets and forwards them across the MPLS network. For Frame Relay, you can set up DLCI-to-DLCI connections or port-to-port connections.
For more information, see Any Transport over MPLS at the following location:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html
The following new hardware features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.0S:
Cisco ASR 1001 Router is a small form factor router targeted for high-end branch offices needing integrated services including voice and security with high-speed connectivity (2.5Gbps w/optional SW license for 5 Gbps). Designed with integrated Cisco ASR1000-RP, Cisco ASR1000-SIP, Cisco ASR1000-ESP with Nitrox running IOS-XE software RLS 3.2S. Input/output options include a half-height SPA, 4x1GE built-in ports, and a factory-installed integrated daughter card (IDC) with different options.
For more information, see the following documents:
Cisco ASR 1000 Series Aggregation Services Router Hardware Installation Guide
http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html
Quick Start Guide for the Cisco ASR 1001 Router
http://www.cisco.com/en/US/docs/routers/asr1000/quick/start/guide/asr1_qs1.html
To meet requirements from customers who have already installed the Cisco ASR 1004 Router and have limited rack space and require higher bandwidth, the Cisco ASR 1000-ESP40 and the Cisco ASR 1000-SIP40 are now supported on the Cisco ASR 1004 Router in Cisco IOS XE 3.20S Software Release.
For more information, see the following documents:
Cisco ASR 1000 Series Aggregation Services Router Hardware Installation Guide
http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide
Cisco Sychronization Service SPA is a 2 x1 GE SPA with specialized synchronization services function built in to provide Synchronization over packet networks including support for BITS, SyncE, SSM, 1588-2008, GPS receiver and timing interfaces.
For more information, see the following documents:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide
The Cisco DSP SPA for Cisco ASR 1000 Series Routers is a half-height SPA that provides voice transcoding and transrating functionalities for media streams using different codecs.
For more information, see the following documents:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide
The following new software features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.0S. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes.
This feature will allow for two functionalities when the BRAS enables the tx/rx speed values for a subscriber, without the CLI:
1. From RADIUS (configured in profile)
2. From ANCP sent by DSLAM.
This new functionality provides away in configuring RX/TX connection speeds for both instances.
For more information, see Configuring AAA for VPDNs at the following location:
http://www.cisco.com/en/US/docs/ios/vpdn/configuration/guide/config_aaa_for_vpdn.html
To improve ANCP troubleshooting, the following commands were introduced or modified in Cisco IOS XE Release 3.2S:
•debug ancp: Enables the display of debugging information related to Access Node Control Protocol (ANCP).
•how ancp an-port: Displays information about ANCP Access Node (AN) ports.
•how ancp an-port circuit-id: Displays information about an ANCP AN port and the corresponding subscriber access line identified by the subscriber circuit ID.
•how ancp an-port neighbor description: Displays information about the AN ports associated with an ANCP neighbor identified by a description name.
•how ancp an-port neighbor: Displays statistics of ANCP neighbor information and neighborship information with local ANCP ports.
•how ancp neighbor description: Displays brief information about an ANCP neighbor that is identified by a description name.
•how ancp neighbor sender-name: Displays brief information about an ANCP session that has a neighbor identified by an ANCP sender name.
•how ancp neighbor statistics: Displays message statistics of all active or configured ANCP neighbors.
•how ancp neighbor summary: Displays a summary of the ANCP neighbors.
For more information about these commands, see the following document:
http://www.cisco.com/en/US/docs/ios/ancp/command/reference/ancp_book.html
The AAL5 Transport over MPLS feature provides an ATM permanent virtual circuit (PVC) transport service for transporting AAL5 PDUs across an IP/MPLS backbone with rate-limit policing and configurable PVC priority value. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html
This feature allows for Any Transport over MPLS (AToM): ATM OAM Emulation support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html
This feature allows for transport HDLC packets across an MPLS backbone.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html
This feature allows for transport PPP protocol data units (PDUs) across an MPLS backbone.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html
The Application Inspection for SMTP feature provides an intense provisioning mechanism that can be configured to inspect packets on a granular level so that malicious network activity, related to the transfer of e-mail at the application level, can be identified and controlled. This feature qualifies the Cisco IOS firewall extended Simple Mail Transfer Protocol (ESMTP) module as an "SMTP application firewall," which protects in a similar way to that of an HTTP application firewall.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_app_insp_ctrl_smtp.html
The feature allows the router to receive RFC 1483 Ethernet frames on ATM interfaces that are routed on the Layer 3 header.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_atm_rbe.html
BD (Bridge Domain) Infrastructure feature allows for enabling bridging functionality on the Cisco ASR 1000 Router Series.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_evc-infra_xe.html
The BDI (Bridge Domain Interface) feature provides Layer 3 termination for the bridge domain.
For more information, see the following document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/bdi.html
This feature automates RT Filter implementation of RT-Constraint. For more information, see the following document:
Cisco Software Activation is a simplified approach to software deployment and management on the Cisco ASR 1000 Router Series.
This new infrastructure helps enable the following:
•Speed deployment and roll out new Cisco Software Activation feature sets across global networks
•Centrally and more accurately manage and track software and license compliance
•Easily conduct software compliance audits to meet regulations without impacting network operations
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/csa/configuration/guide/csa_commands.html
The following Cisco Unified Border Element (Enterprise) features were introduced in Cisco IOS XE Release 3.2.0S:
•Box to Box (Interchassis) Redundancy
•RTP Port Range Configurable per Interface
•Stateful Switchover Between Redundancy Paired Intra or Inter-Box Devices
In addition, Cisco IOS XE Release 3.2.0S introduces support for Cisco Unified Border Element (Enterprise) DSP SPA:
•Support for DSP-based functionality on CUBE (ENT) including Transcoding and Transrating
For information about these Cisco Unified Border Element (Enterprise) features, see the following documents:
Cisco Unified Border Element (Enterprise) Configuration Guide
Cisco Unified Border Element (Enterprise) Configuration Guide: SIP Trunking for PSTN Access:
http://www.cisco.com/en/US/docs/ios/ios_xe/voice_cube_-_ent/configuration/guide/vb_ch2_xe_ps5640_TSD_Products_Configuration_Guide_Chapter.html
Cisco Unified Border Element (Enterprise) Configuration Guide: SIP-to-SIP Connections on a Cisco Unified Border Element:
http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb-gw-sipsip.html
The following Cisco Unified Border Element (SP Edition) features were introduced in Cisco IOS XE Release 3.2.0S:
•Support on new ASR 1001 Chassis for Cisco Unified Border Element
•Analysis, Routing, and Policy Enhancements
•Billing: XML based billing
•Emergency and Security Enhancements
•Interchassis High Availability
•Media: Media Interworking Enhancements
In addition, Cisco IOS XE Release 3.2.0S introduces support for Cisco Unified Border Element (SP Edition) DSP SPA:
•Media:Transcoding:SBC Support For On-board DSP Services
•Media:DTMF Interworking:InBand and RFC2833/OOB (SIP INFO/NOTIFY)
•Media:DTMF Interworking:RFC2833 and OOB (SIP INFO/NOTIFY) for Calls Transcoded with Onboard DSPs
•Media:Transcoding:SIP to SIP Voice Transcoding support
•Media:Transcoding:Voice Transcoding Statistics and Error handling for SIP-SIP Calls
•Media:Voice Transrating Support
•SIP-SIP Call Capacity for DTMF Interworking between Inband and RFC2833
•SIP-SIP Call Capacity for Transcoding and Transrating Capabilities
•Support for DSP Based functionality including Transcoding and Transrating
For information about these Cisco Unified Border Element (SP Edition) features, see the following documents:
Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html
Cisco Unified Border Element (SP Edition) Command Reference: Unified Model
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html
For information about these Cisco Unified Border Element (SP Edition) Distributed Model features, see the following documents:
Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbc/2_xe/sbc_2_xe_book.html
Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html
In addition, Cisco IOS XE Release 3.2.0S introduces support for Cisco Unified Border Element (SP Edition) DSP SPA:
•Media:Transcoding: SBC Support For On-board DSP Services
•Media:DTMF Interworking:InBand and RFC2833/OOB
•Media:DTMF Interworking:RFC2833 and OOB for Calls Transcoded with Onboard DSPs
•Media:Voice Transrating support
•Support for DSP Based functionality including Transcoding and Transrating
For information about these Cisco Unified Border Element (SP Edition) features, see the following documents:
Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html
Cisco Unified Border Element (SP Edition) Command Reference: Unified Model
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html
For information about these Cisco Unified Border Element (SP Edition) Distributed Model features, see the following documents:
Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbc/2_xe/sbc_2_xe_book.html
Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html
This feature allows for DHCP Server and DHCP Relay Enhancements to limit the number of leases per ATM/RBE unnumbered interface.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_acct_sec.html
This features provides support for RFC 5460 - DHCPv6 Bulk Lease query.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_rly_agt.html
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe.html
This feature allows for VNET MIB Support Autoconfiguration Context Aware VRF-aware for config copy MIB.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_mgt_ts_xe.html
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe.html
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_eigrp/configuration/guide/ire_cfg_eigrp_xe.html
Cisco IOS XE 3.2S Release includes support for 32 new and 7 updated protocols.
For the complete list of supported and updated protocols, refer to the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html
The Cisco ASR 1000 Router EVC infrastructure provides the capability for the Cisco ASR 1000 to classify Layer 2 traffic to various Ethernet Service Instances (EFP) on a physical port. Subsequently these EFP can be mapped to a EVC based forwarding services to accomplish Layer 2 forwarding.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_evc-infra_xe.html
The Firewall ALG - SIP REFER Method feature is used for call transfers. A REFER message is used to refer to a peer. The REFER method indicates that the recipient of a call, identified by a request Uniform Resource Identifier (URI) must contact a third party using the contact information provided in the request.
The Firewall ALG - SIP REFER Method feature supports two types of call transfers, unattended (blind) transfer and attended (consultative) transfer. For more information on call flows, see the SIP Call Flows document.
A SIP trunk is a direct connection of an IP PBX to a service provider over an IP network using SIP. There can be numerous concurrent calls in a SIP trunk. During the call setup process, all these calls use the same control channel for call establishment. More than one call uses the same control channel for call setup. Using the same control channel by more than one call confuses the stateful information stored in the control channel session. The SIP stateful information consists of the media channel information such as IP address and port number used by client/server endpoints to send media data. The media channel information is used to create a door for the data channel in the firewall. Because multiple calls use the same control channel for call setup, there will be multiple sets of media data. The Firewall ALG-SIP Trunking Support feature uses a local database to store all the media-related information within a SIP trunk. Call IDs of each call are used to index this local database.
TCP segmentation in a SIP trunk can cause unexpected behavior that includes packet drops, TCP reset, and slow response.
This feature will allow for IOS-BGP that extends all ASN value from ushort to ulong for RFC 4893. BGP fields are defined in NetFlow and should be extended accordingly.
The Hierarchical Color-Aware Policing feature provides two levels of policing where the policer ordering is evaluated from child to parent, and there is preferential treatment of certain traffic at the parent level.
Beginning in Cisco IOS XE Release 3.2S, this feature is enabled on the Cisco ASR 1000 series Aggregation Services Routers through the following support and changes:
•Reverse the order of dataplane policing in hierarchical policies so that they are evaluated from child to parent. In prior releases, the policies are evaluated from parent to child.
•Limited support for color-aware policing (RFC 2697 and RFC 2698) within Quality of Service (QoS) policies.
For more information, see the following document:
The feature allows IEEE 802.1ag (Draft 8.1) Compliant CFM (Bridge Domain Support) support on the Cisco ASR 1000 Router Series.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_cfm-ieee_xe.html
This feature provides marking on a dVTI (no policing, or queuing features are supported.) Scale: 1000 dVTIs with a flat marking policy.
For more information, see the following document:
Ingress packet scheduling is applicable to packets entering the Cisco ASR 1000 Router through an interface.
For more information, see the following document:
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/bbdsl/configuration/guide/bba_atm_rbe_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ipsla/configuration/guide/sla_metro_ethernet.html
The IPV6 Template ACL feature enables you to significantly scale the number of per-user access lists within a router
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-sec_trfltr_fw_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/xe-3s/ip6-pol-bsd-rtng.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_6vpe_6pe_issu_sso_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_atm_rbe.html
This feature enables the qos legacy cli commands to be deprecated and replaced.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/legacy_qos_cli_deprecation_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipmulti/configuration/guide/imc_cfg_mofrr_xe.html
Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) allows multiple traffic classes (nested traffic classes, which are also called nested class maps or MQC hierarchical class maps) to be configured as a single traffic class.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_mqc_xe.html
The Multicast Live-Live feature delivers two multicast streams with the same content over diverse paths in the network. This functionality reduces packet loss due to network failures on any one of the paths.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipmulti/configuration/guide/imc_live_live_xe.html
This feature enables DVTI to support multiple IPsec security associations.
For more information, see the following document:
Multicast distribution tree (MDT) groups were selected at random when the traffic passed the threshold and there was a limit of 255 MDTs before they were reused. The MVPN-Data MDT Enhancements feature provides the ability to deterministically map the groups from inside the VPN routing and forwarding (S,G) entry to particular data MDT groups, through an access control list (ACL).
The user can now map a set of VPN routing and forwarding (S,G) to a data MDT group in one of the following ways:
•1:1 mapping (1 permit in ACL)
•Many to 1 mapping (many permits in ACL)
•Many to many mapping (multiple permits in ACL and a nonzero mask data MDT)
Because the total number of configurable data MDTs is 1024, the user can use this maximum number of mappings in any of the described combinations.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html
The following new DSP SPA software features have been introduced in this release:
•Ability to disable comfort noise generation on system-wide basis
•Ability to Support Multiple Applications
•Ability to Translate Between Any Two Codec Types
•Comfort Noise Generation
•DSP Management (MIBs, Show Commands)
•Dynamic Jitter Buffer for Packet Loss Concealment
•Failed DSP Out of Allocation
•Multiple DSP Pools from Same DSP SPA
•Multiple Voice Codecs supported by DSPs
•OIR Support
•Pools of Multiple DSP SPAs
•Restart Failed DSP within 1sec
•Shared DSP Technology with IOS Voice Gateways
•Support VoIP/Video over IPv4 as well as IPv6
•Voice/Network Quality Stats Per Call Leg
For more information about Cisco ASR 1000 Series router support for the DSP SPA features, see:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html
For more information about the DSP SPA features, see:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_ospf/configuration/guide/iro_cfg_xe.html
For more information, see the following document:
For more information, see the following document:
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/port_level_shaping.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/bbdsl/configuration/guide/bba_ppp_ip_uni_add_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-adsl_dial_xe.html
This feature introduces support for QoS over a GRE/sVTI VRF tunnels.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_thld_wred_que_limit_xe.html
This feature allows for time-based thresholds for WRED and queue limit.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-adsl_dial_xe.html
This feature will enable RADIUS to work over IPv6 transport.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_radius.html
This feature allows for RSVP CAC for IP-sessions within the context of a VRF.
For more information, see the following document: URL:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_rsvp_vrf_lite.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/bbdsl/configuration/guide/bba_limit_legcfg_xe.html
This feature adds support for the following functionatities:
•RSA keys based user authentication for SSH
•SSH server host key storage and verification.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_6vpe_6pe_issu_sso_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_atm_rbe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_stateless_nat64_xe.html
Supports Ethernet Synchronization Message Channel (ESMC) and the Synchronization Status Message (SSM) control protocol for SyncE to synchronize clock frequency over an Ethernet port with quality level selection.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_synce.html
Synchronous Ethernet support is paramount for delivering timing information efficiently to the cellsite base stations. From Service Provider perspective, this solution overcomes the need to provide a separate TDM circuit for providing timing. SyncE will be as per ITU-T standards as defined in below mentioned Functional specifications. It will leverage physical layer of ethernet to transmit frequency to remote site.
For more information, see the following document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/SyncE.html
This feature will enable TACACS+ to work over IPv6 Transport.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-adsl_dial_xe.html
This feature enhancement allows for VASI: VASI Enhancements with IPv6 unicast traffic and IPv4 dynamic routing protocols support (OSPF and EIGRP) support.
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_vasi_vrf_aware_software_infrastructure.html
For more information, see the following document:
For more information, see the following documents:
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_shared_svcs_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe.html
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_shared_svcs_xe.html
For more information, see the following document:
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_mgt_ts_xe.html
The following sections contain important notes about Cisco IOS XE 3S Releases and later running on Cisco ASR 1000 Series Routers.
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
•Field Notices—We recommend that you view the field notices for this release to determine whether your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
•Bulletins—You can find bulletins at http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html
This section contains important notes about IPSec support on the Cisco ASR 1000 Series Router.
IPSec CLI Support Notes
This section contains important notes about IPSec CLI support on the Cisco ASR 1000 Series Router:
For information about Cisco IOS IPSec commands, see the Cisco IOS Security Command Reference at: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s5.html
•The show crypto engine command, which displays information about the crypto engine, is not currently supported on the Cisco ASR 1000 Series Router. The unsupported show crypto engine subcommands include the following:
–accelerator (Shows crypto accelerator information.)
–brief (Shows all crypto engines in the system.)
–configuration (Shows crypto engine configuration.)
–connections (Shows connection information.)
–qos (Shows QoS information.)
•The Cisco ASR 1000 Series Router does not currently support the display of send and recv error statistics using the show crypto ipsec sa identity command.
•The Cisco ASR 1000 Series Router does not support the clear and show crypto commands on the standby Route Processor (RP) by design.
•Counters in the show platform software ipsec fp active flow identifier n command are flagged for reset on read. You can use the show crypto ipsec sa command to obtain integral counters.
•The show access-list command output does not show a packet count matching the ACL.
•The Cisco ASR 1000 Series Router displays debugging information about the consumption of IPsec datapath memory; use the show platform hardware qfp act feature ipsec datapath memory command in privileged EXEC or diagnostic mode.
•The Cisco ASR 1000 Series Router displays debugging information about the crypto engine processor registers; use the show platform software ipsec f0 encryption-processor registers command in privileged EXEC or diagnostic mode.
Crypto Map Support
This section contains important notes about IPSec crypto map support on the Cisco ASR 1000 Series Router:
•The Cisco ASR 1000 Series Router does not currently support IPSec tunnel configuration for crypto maps with same IP address on both the tunnel interface and the physical interface. Configurations with different IP addresses are supported.
•A possible Embedded Services Processor (ESP) reload may occur if a large number (such as 2000) of crypto maps are removed simultaneously. When removing a large number of crypto maps, it is recommended you unconfigure 500 crypto maps at a time and wait 25 seconds between operations.
•The Cisco ASR 1000 Series Router does not support the show access-lists id command under crypto maps.
•The Cisco ASR 1000 Series Router does not currently support the interface range command when configuring crypto maps.
IPSec Packet Processing
This section contains important notes about IPSec packet processing on the Cisco ASR 1000 Series Router:
•Reloading an Embedded Services Processor (ESP) on the Cisco ASR 1000 Series Router may cause a few IPSec packets to drop before the initialization completes, but the traffic will resume after a brief interval.
•The Cisco ASR 1000 Series Router will not discard an incoming IP datagram containing a Payload Length other than 4 in the authentication header (AH). For example, a 96 bit authentication value plus the 3 32-bit word fixed portion for any non-null authentication algorithm will not be discarded.
•The Cisco ASR 1000 Series Router does not forward incoming authenticated packets with the IP option field set.
GET VPN Support
This section contains important notes about Group Encrypted Transport VPN (GET VPN) support on the Cisco ASR 1000 Series Router:
•To ensure normal traffic flow for a GET VPN configuration on a Cisco ASR 1000 Series Router, a Time Based Anti Replay (TBAR) window-size of greater than 42 seconds is recommended.
•The Cisco ASR 1000 Series Router does not currently support the TBAR statistics display in the show crypto gdoi gm replay command.
•The Cisco ASR 1000 Series Router does not currently support Easy VPN (EzVPN) and GET VPN on the same interface.
•When a Cisco ASR 1000 Series Router is to apply the same Group Domain of Interpretation (GDOI) crypto maps to two interfaces, you should use local addresses for the crypto maps. Non-local address configuration is not supported.
•The Cisco ASR 1000 Series Router does not currently support transport mode for TBAR.
•The Cisco ASR 1000 Series Router only supports the reassembly of post-fragmented GET VPN packets that are destined for the local Cisco ASR 1000 Series Router in the GET VPN network
•An enhancement is added to enable reassembly of IPsec transit traffic. This enhancement applies only to post-encryption fragmented IPsec packets. When this enhancement is enabled, IPsec will detect transit IPsec traffic and reassemble it before decryption. GET VPN transit IPsec traffic will be reassembled, decrypted, and forwarded to the destination. Non GET VPN transit IPsec traffic will be reassembled but not decrypted (because the Cisco ASR 1000 router is not the IPsec tunnel end point) and then forwarded to the destination.
To enable IPsec reassembly of transit traffic, use the platform ipsec reassembly transit command in global configuration mode. To disable IPsec reassembly of transit traffic, use the no form of this command.
platform ipsec reassembly transit
[no]platform ipsec reassembly transit
IPSec SSO and ISSU Support Notes
•The Cisco ASR 1000 Series Router supports stateful IPSec sessions on ESP switchover. During ESP switchover, all IPSec sessions will stay up and no user intervention is needed to maintain IPSec sessions.
•For an ESP reload (no standby ESP), the SA sequence number restarts from 0. The peer router drops packets that do not have the expected sequence number. User may need to explicitly reestablish IPSec sessions to work around this issue for systems that have a single ESP after an ESP reload. User may experience traffic disruption over the IPSec sessions in such cases for the duration of the reload.
•The Cisco ASR 1000 Series Router currently does not support Stateful Switchover (SSO) IPSec sessions on Route Processors (RPs). The IPSec sessions will go down on initiation of the switchover, but will come back up when the new RP becomes active. No user intervention is needed. User will experience traffic disruption over the IPSec sessions for the duration of the switchover, until the sessions are back up.
•The Cisco ASR 1000 Series Router currently does not support stateful ISSU for IPSec sessions. Before performing an ISSU, users must explicitly terminate all existing IPSec sessions or tunnels prior to the operation and reestablish them post ISSU. Specifically, users must ensure that there are no half-open or established IPSec tunnels present before performing ISSU. To do this, we recommend user do a interface shutdown in the case of interfaces that may initiate a tunnel setup, such as a routing protocol initiating a tunnel setup, or interfaces that have keepalive enabled or where there is an auto trigger for an IPSec session. Traffic disruption over the IPSec sessions during ISSU is obvious in this case.
Summarizing and restating the different caveats:
ESP - switchover (with standby ESP) : Stateful :
•IPSec sessions should be up. No user intervention needed.
ESP - Reload (No standby ESP) : Stateless :
•IPSec sessions will go down and come back up. Usually no user intervention is needed. However, user may need to explicitly reestablish Ipsec session again if anti replay is configured (sequence number checking).
RP - switchover (with standby RP) : Stateless :
•IPSec sessions will go down on RP switchover and should reestablish themselves when the new RP gains active role. No user intervention is needed.
ISSU (irrespective of chassis type): Stateless :
•User must explicitly terminate all IPSec sessions by shutting the interfaces, perform ISSU and then reestablish tunnels by enabling the interfaces. No other intervention needed.
Miscellaneous IPSec Support Notes
This section contains miscellaneous important notes about IPSec support on the Cisco ASR 1000 Series Router:
•In the context of an IPSec DVTI connection, the Cisco ASR 1000 Router does not support dynamic download ACL rule (per-user attribute) from the AAA server.
For example, the following configurations are not supported:
cisco-avpair += "ip:inacl#1=permit ip any 2.2.2.0 0.0.0.255"
cisco-avpair += "ip:outacl#1=permit ip 2.2.2.0 0.0.0.255 any"
•The Cisco ASR 1000 Router does not support the command of "if-state nhrp" in configuring the tunnel.
•The Cisco ASR 1000 Router Dead Peer Detection behavior is different than the pre-defined behavior (i.e. when there is no traffic to be sent, no DPD is sent, while if any traffic to be sent, DPD is sent). A Cisco ASR 1000 Router DPD is sent out regardless there is outbound traffic needs to be sent out.
•The Cisco ASR 1000 Router does not support SA Path MTU on data path.
•The Cisco ASR 1000 Router does not support double ACL in dynamic crypto map.
•VRF without crypto map configured on a physical interface causes dual esp reload on a Cisco ASR 1000 Router.
•The command: show crypto ipsec sa identity does not log send and receive error counts.
•The commands: clear crypto and show crypto on Standby RP are inconsistent with Active RP. At present most of other features disable 'clear commands' from Standby RP, but IPSec still allows to clear sa, session etc. from the standby.
•The Cisco ASR 1000 Router does not support Cisco AAA av-pair "cisco-avpair += ip:sub-policy-In=policy1".
•CLI allows both ikev1 and ikev2 profile configured under the same crypto map, even though it is not supported internally on the ASR 1000 Router.
•For a Cisco ASR 1000 Router, the tunnel protection should be removed first before changing any configuration for tunnel protection.
•The security association (SA) maximum transmission unit (MTU) calculation is based on the interface MTU instead of the IP MTU.
•The Cisco ASR 1000 Series Router currently supports a maximum anti-replay window value of 512. If you attempt to configure a value larger than 512, the Cisco ASR 1000 Series Router defaults back to 512 internally (although the display still shows your user-configured value).
•The Cisco ASR 1000 Series Router does not currently support nested SA transformation such as:
crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac
•The Cisco ASR 1000 Series Router does not currently support Cisco IOS Certificate Authority (CA) server features.
•The Cisco ASR 1000 Series Router does not currently support COMP-LZS configuration.
•On Cisco ASR 1000 Series Routers, when configuring GRE over IPSec, it is recommended that you use only the tunnel protection mode on the tunnel interface. Using crypto maps on both the tunnel interface and the physical interface to achieve GRE over IPSec is not the supported method of configuration.
•When using dynamic VTI-based IPSec on a Cisco ASR 1000 Router, if there are multiple remote IPSec endpoints behind the same NAT device, only one of the endpoints has connectivity. In other words, multiple endpoints cannot have connectivity at the same time.
The NAT and Firewall ALG Support on Cisco ASR 1000 Series Routers matrix summarizes Network Address Translation (NAT) and Firewall Application Layer Gateway (ALG) feature support on Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.1.0 and later releases. The matrix lists feature support by release. NAT and Firewall ALG support is cumulative; features introduced in earlier releases continue to be supported in later releases. You can find the matrix at
http://www.cisco.com/en/US/docs/routers/asr1000/technical_references/asr1000alg_support.pdf
This section describes important notes about Cisco IOS XE Release 3.2.1S and later releases.
On a ASR Cisco 1000 Router, when an EzVPN session is ended, the EzVPN server sends out a Stop Accounting message. This message does not contain the Acct-Input-Octets, Acct-Output-Octets, Acct-Input-Packets, and Acct-Output-Packets fields. It might cause a disruption of accounting performed on traffic.
For loopback interfaces, the maximum IP MTU is now 4000. This is to match the serial interface limits.
This section describes important notes about Cisco IOS XE Release 3.2.0S and later releases.
Cisco ASR1001-4XT3 chassis functionality is similar to the SPA-4XT3/E3 with the exception of E3 circuitry in Cisco IOS XE 3.2.0S Release.
SIP TCP trunk calls may not activate if more than one complete SIP messages were contained in one TCP segment in Cisco IOS XE 3.2.0S Release.
This symptom occurs upon SIP trunk over TCP scenario. SIP ALG currently processes only one complete SIP message in one TCP segment (one complete or one complete plus one incomplete), refer to CSCti56370.
TCP failover is not supported in Hardware High-Availability mode. If the active node fails in Hardware High Availability mode and if the network is restored, it may take 5 to 10 minutes for the standby node to become the active node. This is because of the reboot and the peer negotiation delay. If the network is not restored, only the switched over active peer is available. Failover is not possible in this state.
The Cisco ASR 1000 Series Router supports the use of an extended ACL as a WCCP redirect ACL. However, the option to specify a port range is not supported.
This section describes important notes about Cisco IOS XE Release 3.1.1S and later releases.
Cisco SPA-4XT-SERIAL was not supported in 3.1.0S when plugged into an ASR1000 with SIP-40. This SPA is supported in Release 3.1.1S on SIP-40 linecard.
For more information, see the following documents:
Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation, see section for SPA-4XT-Serial SPA in Table 1-4 (SIP and SPA Compatibility for Serial SPAs).
Cisco ASR1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html
This section describes important notes about Cisco IOS XE Release 3.1.0S and later releases.
In Cisco IOS XE Release 3.1.0S, Bidirectional Forwarding Detection (BFD) is no longer supported in IP Base software packages. For BFD support, use the Advanced IP Services or Advanced Enterprise Services packages.
In Cisco IOS XE Release 3.1.0S Cisco ASR 1000 Series Routers do not support the ip nhrp server-only command if they act as DMVPN spokes.
This section describes important notes about Cisco IOS XE Release 2.6.0 and later releases.
In Cisco IOS XE Release 2.6.0 multiple instances of the per-user attribute `Cisco-Avpair=lcp:interface-config=<cmd>' is not supported.
For example:
Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen
Cisco-AVPair= lcp:interface-config=ip unnumbered loopback2
Should be configured like this in Cisco IOS XE Release 2.6.0:
Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen \nip unnumbered loopback2
"Multiple instances will be supported in Cisco IOS XE Release 2.6.1"
To streamline Cisco IOS QoS (quality of service), certain commands are being hidden. Although these commands are available in Cisco IOS XE Release 2.6, the CLI interactive help does not display them. If
you attempt to view a command by entering a question mark at the command line, the command does not appear. However, if you know the command syntax, you can enter it. The system will accept the command and return a message explaining that it will soon be removed. These commands will be completely removed in a future release, which means that you will need to use the appropriate replacement commands.
For more information, see the following document:
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.5.0 and later releases.
The Embedded Packet Capture (EPC) feature is not functional and not supported for the Cisco ASR 1000 Series Routers.
When queuing feature on the GRE tunnel interface is not supported with crypto configured on the physical interface.
With IOS XE 2.5.0, the Cisco ASR 1000 Router Series supports Quality-of Service (QoS) applied to
•A GRE or sVTI tunnel with policing and marking only for INGRESS traffic
•A GRE or sVTI tunnel with 2-level hierarchy allowing queuing on the second level for EGRESS traffic
When there are multiple egress physical interfaces for a tunnel, and the tunnel target physical interface changes as a result of tunnel target destination route change, either manually by user configuration or by routing protocol, IOS will not prevent the tunnel traffic from moving to an alternate egress physical interface. However, in IOS XE 2.5.0, QoS tunnel move feature is not supported. When tunnel traffic moved to an alternate egress physical interface, tunnel QoS policy may enter a suspended state. At this point, the tunnel QoS policy will have to be removed and reapplied to the tunnel interface for it to take effect. In addition, queuing features on the GRE tunnel interface are not supported when IPSec is configured on the physical interface.
Integrating NAT with MPLS VPNs
This section provides information about integrating NAT with MPLS VPNs.
Prerequisites for integrating NAT with MPLS VPNs
Before performing the tasks in this module, you should be familiar with the concepts related to configuring NAT for IP address conservation. All access lists required for use with the tasks in this module should be configured prior to beginning the configuration task. For information about how to configure an access list, see IP Access List Sequence Numbering at the following location:
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html
Note If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any command in the access list.
Restrictions for Integrating NAT with MPLS VPNs
•The following functionality is not supported for VRF-Aware NAT:
–VPN to VPN translations. In other words, VRF cannot be applied on the NAT outside interface.
–Translation of multicast packets
–Translations with inside destinations
–Reversible route maps
–MIBs
–MPLS traffic engineering
•Configuring inside dynamic translations defined with outside interface mappings is not supported.
•Configuring inside static translations with interface mappings is not supported. The following commands, which do not include VRF, are not supported:
–ip nat inside source static esp local-ip interface type number
–ip nat inside source static local-ip global-ip route-map name
–ip nat inside source static local-ip interface type number
–ip nat inside source static tcp local-ip local-port interface type number global-port
–ip nat inside source static udp local-ip local-port interface type number global-port
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.3.0 and later releases.
The configuration of Any Transport Over MPLS (AToM) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.3.0 is only supported on a subinterface; AToM cannot be configured on the main interface. In addition, you cannot have any IP configuration on the main interface when you have an AToM configuration on the subinterface. These configuration guidelines are applicable to VC mode, VP mode, and L2VPN PW redundancy.
Cisco ASR 1000 Series Router users considering the implementation of MPLS TE are recommended to consult with their local Cisco technical support representative for Cisco IOS XE implementation details.
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.2.2 and later releases.
If dual route processors (RPs) are used on the Cisco ASR 1000 Series Router in Cisco IOS XE Release 2.2.2 and L2TP Tunnel Switching is configured, then no l2tp sso enable must be configured.
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.2. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.2.1 and later releases.
The 100M FX SFP is not supported on the Cisco 2-Port Gigabit Ethernet Shared Port Adapter (2x1GE SPA) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1.
The following Intelligent Service Gateway (ISG) features are not supported on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1:
•ISG IP subscriber functionality on the following types of access interfaces: Gigabit EtherChannel (GEC) (Port Channel), generic routing encapsulation (GRE), PPP (virtual-template), and Layer 2 Tunneling Protocol (L2TP)
•ISG prepaid billing
•ISG IP interface sessions
•Interface statistics for ISG multiservice interfaces
•Access lists cannot be configured as match criteria in ISG Layer 4 redirect configuration. As an alternative, Layer 4 redirect should be configured in ISG traffic class services.
•Stateful Switchover (SSO and in-service software upgrade (ISSU) for ISG IP subscriber sessions or traffic class sessions. Upon switchover, an IP session must be recreated or restarted (for Dynamic Host Configuration Protocol (DHCP) sessions) when the session becomes active again.
•SSO and ISSU for any features on IP subscriber sessions or traffic class sessions
•SSO and ISSU for the following features on ISG PPP sessions:
–Port-Bundle Host Key
–Layer 4 Redirect
–Traffic Class
Enhancements to the IP multicast feature provide support for per-session multicast in broadband environments in Cisco IOS XE Release 2.2.1.
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.1. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.1.1 and later releases.
As a matter of routine maintenance on any Cisco router, users should backup the startup configuration file by copying the startup configuration file from NVRAM onto one of the router's other file systems and, additionally, onto a network server. Backing up the startup configuration file provides an easy method of recovering the startup configuration file in the event the startup configuration file in NVRAM becomes unusable for any reason.
For users using any Cisco ASR 1000 Series Router with a single RP, including any Cisco ASR 1002 or Cisco ASR 1004 Router, backing up the startup configuration file onto another router file system is especially important due to CSCsq70140, which is documented in the Caveats section of these release notes. The workaround for users who run into this caveat is to replace the startup configuration file in NVRAM with a backup copy of the startup configuration file on the router; therefore, customers who have backed up their startup configuration files onto the router will be ready to resolve these caveats if they occur on their Cisco ASR 1000 Series Routers using a single RP.
Example 1: Copying Startup Configuration File to Bootflash
Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 May 29 2008 16:31:41 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
12 -rw- 208904396 May 28 2008 16:17:34 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
Router# copy nvram:startup-config bootflash:
Destination filename [startup-config]?
3517 bytes copied in 0.647 secs (5436 bytes/sec)
Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 May 29 2008 16:31:41 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
12 -rw- 208904396 May 28 2008 16:17:34 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
13 -rw- 7516 Jul 2 2008 15:01:39 -07:00 startup-config
Example 2: Copying Startup Configuration File to USB Flash Disk
Router# dir usb0:
Directory of usb0:/
43261 -rwx 208904396 May 27 2008 14:10:20 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
255497216 bytes total (40190464 bytes free)
Router# copy nvram:startup-config usb0:
Destination filename [startup-config]?
3172 bytes copied in 0.214 secs (14822 bytes/sec)
Router# dir usb0:
Directory of usb0:/
43261 -rwx 208904396 May 27 2008 14:10:20 -07:00 asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
43262 -rwx 3172 Jul 2 2008 15:40:45 -07:00 startup-config
255497216 bytes total (40186880 bytes free)
Example 3: Copying Startup Configuration File to a TFTP Server
Router# copy bootflash:startup-config tftp:
Address or name of remote host []? 172.17.16.81
Destination filename [pe24_asr-1002-confg]? /auto/tftp-users/user/startup-config
!!
3517 bytes copied in 0.122 secs (28828 bytes/sec)
Dependency of NAT on VFR
ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.
This section describes important notes about Cisco IOS XE Release 2.1.0 and later releases.
Table 1 describes some of the high-level feature sets that are not supported for the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.1.0 and later releases. Use Cisco Feature Navigator to confirm support for a specific feature. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Feature support is subject to change from release to release. Some high-level feature sets that were not supported in the initial Cisco IOS XE Release 2.1.0 are now supported. Table 1 has been updated to indicate when support has been introduced in later releases. For the latest feature information, see the New and Changed Information sections of these release notes and Cisco Feature Navigator.