Cisco IOS XE 3S Release Notes
Release 3.2S Features and Important Notes
Downloads: This chapterpdf (PDF - 775.0KB) The complete bookPDF (PDF - 3.73MB) | Feedback

New Features in and Important Notes About Cisco IOS XE 3.2S Releases

Table Of Contents

New Features in and Important Notes About Cisco IOS XE 3.2S Releases

New and Changed Information

New Hardware Features in Cisco IOS XE Release 3.2.2S

New Software Features in Cisco IOS XE Release 3.2.2S

New Hardware Features in Cisco IOS XE Release 3.2.1S

New Software Features in Cisco IOS XE Release 3.2.1S

SSO/ISSU Support for Per-User IPv6 ACL for PPP Sessions

Frame Relay over MPLS

New Hardware Features in Cisco IOS XE Release 3.2.0S

Cisco ASR 1001 Router

Cisco ASR 1000-ESP40 and Cisco ASR 1000-SIP40 on the Cisco ASR 1004 Router

Cisco Synchronization Service SPA

Cisco DSP SPA

New Software Features in Cisco IOS XE Release 3.2.0S

ANCP Values Configuration Support on LNS

ANCP—CLI Technology Improvements

Any Transport over MPLS (AToM)—ATM AAL5 over MPLS (AAL5oMPLS)

Any Transport over MPLS (AToM)—ATM OAM Emulation

Any Transport over MPLS (AToM)—HDLC over MPLS (HDLCoMPLS)

Any Transport over MPLS (AToM)—PPP over MPLS (PPPoMPLS)

Application Inspection and Control for SMTP

ATM Routed Bridge Encapsulation (RBE)

BD (Bridge Domain) Infrastructure

BDI (Bridge Domain Interface)

BGP—RT-Constrained Route Distribution

Cisco IOS Software Activation

Cisco Unified Border Element (Enterprise)

Cisco Unified Border Element (SP Edition)—Unified Model

Cisco Unified Border Element (SP Edition)—Distributed Model

DHCP Lease Limit Per ATM/RBE Unnumbered Interface

DHCPv6 Bulk Lease Query

Easy Virtual Network EIGRP

Easy Virtual Network MIB and Context-based SNMP Simplification

Easy Virtual Network OSPF

EIGRP IPv6 VRF-Lite

Enhanced NBAR

EVC Infrastructure

Firewall ALG—SIP REFER Method

Firewall ALG—SIP Trunking Support

Flexible NetFlow—32-Bit AS Number Support

Hierarchical Color-Aware Policing

IEEE 802.1ag-2007 Compliant CFM

Inbound Policy Marking for dVTI

Ingress Packet Scheduling (Intra-CC and Inter-CC Ingress Scheduling)

IP Routing of RFC1483 ATM Bridge Encapsulation (RBE)

IP SLAs Metro-Ethernet 3.0 (ITU-T Y.1731)

IPv6 ACL—Template ACL

IPv6 Policy-Based Routing

ISSU—MPLS VPN 6VPE & 6PE ISSU Support

ISSU—RBE

Legacy QoS Command Deprecation—Removed Commands

MoFRR (Multicast Only Fast Reroute)

MQC Hierarchical Classmap

Multicast Live-Live

Multi-SA for DVTI

MVPN—Data MDT Enhancements

NAT ALG—SIP REFER Method

NAT ALG—SIP Trunking Support

New DSP SPA Software Features

OSPF—Demand Circuit Disable

PKI High Availability

Policy Accounting Phase 2

Port Level Shaping Concurrent with 4HQoS on ES+

PPP IP Unique Address/Prefix Detection

PPP—IPv6 Accounting Delay Enhancements

QoS—Time-Based Thresholds for WRED and Queue Limit

RADIUS Over IPv6

RADIUS Statistics VIA SNMP

RSVP-VRF Lite Admission Control

SNMP Enhancements for Cisco ASR 1000 Router

SSHv2 Enhancements for RSA Keys

SSO—MPLS VPN 6VPE and 6PE SSO Support

SSO—RBE

Stateless Network Address Translation 64

Synchronous Ethernet (SyncE): ESMC and SSM

Synchronous Ethernet Support

Tacacs over IPv6

VASI (VRF-Aware Software Infrastructure) Enhancements Phase II

VFR Enhancements

Virtual Network Trunk

VRF-Aware IPsec Phase III Support

VRF Route Replication

VRF-Aware Traceroute with VRF Name

Important Notes

Deferrals

Field Notices and Bulletins

Important Notes About IPSec Support on the Cisco ASR 1000 Series Router

NAT and Firewall ALG Support on the Cisco ASR 1000 Series Routers

Important Notes About Cisco IOS XE Release 3.2.1S

EzVPN Support on the Cisco ASR 1000 Series Routers

Maximum IP MTU for Loopback Interfaces

Important Notes About Cisco IOS XE Release 3.2.0S

Cisco ASR 1001-4XT3

SIP Trunk Over TCP

TCP Failover in Hardware High-Availability Mode

Extended ACL as a WCCP Redirect ACL

Important Notes About Cisco IOS XE Release 3.1.1S

SIP-40G:SPA-4XT-SERIAL

Important Notes About Cisco IOS XE Release 3.1.0S

Bidirectional Forwarding Detection (BFD)

DMVPN Spoke Support

Important Notes About Cisco IOS XE Release 2.6.0

Per-User Attribute on PPP Virtual Access

Legacy QoS Command Deprecation: Hidden Commands

VRF-Aware NAT

Important Notes About Cisco IOS XE Release 2.5.0

Embedded Packet Capture

QoS - Policing Support for GRE Tunnels

QoS: QoS support for GRE/sVTI Tunnel

VRF-Aware NAT

Important Notes About Cisco IOS XE Release 2.3.0

Any Transport Over MPLS (AToM) Support

MPLS TE Support

VRF-Aware NAT

Important Notes About Cisco IOS XE Release 2.2.2

SSO for L2TP Tunnel Switching Not Supported

VRF-Aware NAT

Important Notes About Cisco IOS XE Release 2.2.1

100M FX SFP Not Supported on Cisco 2-Port Gigabit Ethernet Shared Port Adapter

Intelligent Service Gateway (ISG) Features Not Supported

Per-Session Multicast Support

VRF-Aware NAT

Important Notes About Cisco IOS XE Release 2.1.1

Startup Configuration File Backup

VRF-Aware NAT

Important Notes About Cisco IOS XE Release 2.1.0

High-Level Feature Sets Not Supported for the Cisco ASR 1000 Series Routers


New Features in and Important Notes About Cisco IOS XE 3.2S Releases


This chapter provides information about the new features introduced in the Cisco IOS XE 3.2S releases. In addition, important notes about these releases are included in this chapter.

Cisco IOS XE 3S releases inherit all Cisco IOS XE Release 2 features that were released prior to the introduction of the Cisco IOS XE 3S releases with few exceptions. For information about inherited features that were introduced in Cisco IOS XE Release 2 releases, for a list of new and changed features, and important notes that apply to Cisco IOS XE Release 2, see the "New and Changed Information" section in Cisco IOS XE Release 2 Release Notes.

This chapter contains the following sections:

New and Changed Information

Important Notes

New and Changed Information

This section lists the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2S and contains the following sections:

New Hardware Features in Cisco IOS XE Release 3.2.2S

New Software Features in Cisco IOS XE Release 3.2.2S

New Hardware Features in Cisco IOS XE Release 3.2.1S

New Software Features in Cisco IOS XE Release 3.2.1S

New Hardware Features in Cisco IOS XE Release 3.2.0S

New Software Features in Cisco IOS XE Release 3.2.0S

New Hardware Features in Cisco IOS XE Release 3.2.2S

There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.2S.

New Software Features in Cisco IOS XE Release 3.2.2S

There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.2S.

New Hardware Features in Cisco IOS XE Release 3.2.1S

There are no new hardware features in the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.1S.

New Software Features in Cisco IOS XE Release 3.2.1S

The following are the new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.1S:

SSO/ISSU Support for Per-User IPv6 ACL for PPP Sessions

The SSO/ISSU Support for Per-User IPv6 ACL for PPP Sessions feature reproduces the IPv6 ACLs that are present on the active RP to the standby RP, and provides a consistent SSO and ISSU experience for active sessions. This feature also extends the ability to maintain Template ACLs (IPv6 only or dual stack) through ISSU and SSO.

For more information, see Implementing Traffic Filters and Firewalls for IPv6 Security at the following location:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-sec_trfltr_fw_xe.html

Frame Relay over MPLS

Frame Relay over MPLS encapsulates Frame Relay PDUs in MPLS packets and forwards them across the MPLS network. For Frame Relay, you can set up DLCI-to-DLCI connections or port-to-port connections.

For more information, see Any Transport over MPLS at the following location:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html

New Hardware Features in Cisco IOS XE Release 3.2.0S

The following new hardware features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.0S:

Cisco ASR 1001 Router

Cisco ASR 1001 Router is a small form factor router targeted for high-end branch offices needing integrated services including voice and security with high-speed connectivity (2.5Gbps w/optional SW license for 5 Gbps). Designed with integrated Cisco ASR1000-RP, Cisco ASR1000-SIP, Cisco ASR1000-ESP with Nitrox running IOS-XE software RLS 3.2S. Input/output options include a half-height SPA, 4x1GE built-in ports, and a factory-installed integrated daughter card (IDC) with different options.

For more information, see the following documents:

Cisco ASR 1000 Series Aggregation Services Router Hardware Installation Guide

http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html

Quick Start Guide for the Cisco ASR 1001 Router

http://www.cisco.com/en/US/docs/routers/asr1000/quick/start/guide/asr1_qs1.html

Cisco ASR 1000-ESP40 and Cisco ASR 1000-SIP40 on the Cisco ASR 1004 Router

To meet requirements from customers who have already installed the Cisco ASR 1004 Router and have limited rack space and require higher bandwidth, the Cisco ASR 1000-ESP40 and the Cisco ASR 1000-SIP40 are now supported on the Cisco ASR 1004 Router in Cisco IOS XE 3.20S Software Release.

For more information, see the following documents:

Cisco ASR 1000 Series Aggregation Services Router Hardware Installation Guide

http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

Cisco Synchronization Service SPA

Cisco Sychronization Service SPA is a 2 x1 GE SPA with specialized synchronization services function built in to provide Synchronization over packet networks including support for BITS, SyncE, SSM, 1588-2008, GPS receiver and timing interfaces.

For more information, see the following documents:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

Cisco DSP SPA

The Cisco DSP SPA for Cisco ASR 1000 Series Routers is a half-height SPA that provides voice transcoding and transrating functionalities for media streams using different codecs.

For more information, see the following documents:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

New Software Features in Cisco IOS XE Release 3.2.0S

The following new software features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.2.0S. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes.

ANCP Values Configuration Support on LNS

This feature will allow for two functionalities when the BRAS enables the tx/rx speed values for a subscriber, without the CLI:

1. From RADIUS (configured in profile)

2. From ANCP sent by DSLAM.

This new functionality provides away in configuring RX/TX connection speeds for both instances.

For more information, see Configuring AAA for VPDNs at the following location:

http://www.cisco.com/en/US/docs/ios/vpdn/configuration/guide/config_aaa_for_vpdn.html

ANCP—CLI Technology Improvements

To improve ANCP troubleshooting, the following commands were introduced or modified in Cisco IOS XE Release 3.2S:

debug ancp: Enables the display of debugging information related to Access Node Control Protocol (ANCP).

how ancp an-port: Displays information about ANCP Access Node (AN) ports.

how ancp an-port circuit-id: Displays information about an ANCP AN port and the corresponding subscriber access line identified by the subscriber circuit ID.

how ancp an-port neighbor description: Displays information about the AN ports associated with an ANCP neighbor identified by a description name.

how ancp an-port neighbor: Displays statistics of ANCP neighbor information and neighborship information with local ANCP ports.

how ancp neighbor description: Displays brief information about an ANCP neighbor that is identified by a description name.

how ancp neighbor sender-name: Displays brief information about an ANCP session that has a neighbor identified by an ANCP sender name.

how ancp neighbor statistics: Displays message statistics of all active or configured ANCP neighbors.

how ancp neighbor summary: Displays a summary of the ANCP neighbors.

For more information about these commands, see the following document:

http://www.cisco.com/en/US/docs/ios/ancp/command/reference/ancp_book.html

Any Transport over MPLS (AToM)—ATM AAL5 over MPLS (AAL5oMPLS)

The AAL5 Transport over MPLS feature provides an ATM permanent virtual circuit (PVC) transport service for transporting AAL5 PDUs across an IP/MPLS backbone with rate-limit policing and configurable PVC priority value. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html

Any Transport over MPLS (AToM)—ATM OAM Emulation

This feature allows for Any Transport over MPLS (AToM): ATM OAM Emulation support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html

Any Transport over MPLS (AToM)—HDLC over MPLS (HDLCoMPLS)

This feature allows for transport HDLC packets across an MPLS backbone.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html

Any Transport over MPLS (AToM)—PPP over MPLS (PPPoMPLS)

This feature allows for transport PPP protocol data units (PDUs) across an MPLS backbone.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_any_transport_xe.html

Application Inspection and Control for SMTP

The Application Inspection for SMTP feature provides an intense provisioning mechanism that can be configured to inspect packets on a granular level so that malicious network activity, related to the transfer of e-mail at the application level, can be identified and controlled. This feature qualifies the Cisco IOS firewall extended Simple Mail Transfer Protocol (ESMTP) module as an "SMTP application firewall," which protects in a similar way to that of an HTTP application firewall.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_app_insp_ctrl_smtp.html

ATM Routed Bridge Encapsulation (RBE)

The feature allows the router to receive RFC 1483 Ethernet frames on ATM interfaces that are routed on the Layer 3 header.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_atm_rbe.html

BD (Bridge Domain) Infrastructure

BD (Bridge Domain) Infrastructure feature allows for enabling bridging functionality on the Cisco ASR 1000 Router Series.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_evc-infra_xe.html

BDI (Bridge Domain Interface)

The BDI (Bridge Domain Interface) feature provides Layer 3 termination for the bridge domain.

For more information, see the following document:

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/bdi.html

BGP—RT-Constrained Route Distribution

This feature automates RT Filter implementation of RT-Constraint. For more information, see the following document:

http://www.cisco.com/en/US/partner/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-rt-filter.html

Cisco IOS Software Activation

Cisco Software Activation is a simplified approach to software deployment and management on the Cisco ASR 1000 Router Series.

This new infrastructure helps enable the following:

Speed deployment and roll out new Cisco Software Activation feature sets across global networks

Centrally and more accurately manage and track software and license compliance

Easily conduct software compliance audits to meet regulations without impacting network operations

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/csa/configuration/guide/csa_commands.html

Cisco Unified Border Element (Enterprise)

The following Cisco Unified Border Element (Enterprise) features were introduced in Cisco IOS XE Release 3.2.0S:

Box to Box (Interchassis) Redundancy

RTP Port Range Configurable per Interface

Stateful Switchover Between Redundancy Paired Intra or Inter-Box Devices

In addition, Cisco IOS XE Release 3.2.0S introduces support for Cisco Unified Border Element (Enterprise) DSP SPA:

Support for DSP-based functionality on CUBE (ENT) including Transcoding and Transrating

For information about these Cisco Unified Border Element (Enterprise) features, see the following documents:

Cisco Unified Border Element (Enterprise) Configuration Guide

http://www.cisco.com/en/US/docs/ios/ios_xe/voice_cube_-_ent/configuration/guide/cube_ent/vb_book_xe.html

Cisco Unified Border Element (Enterprise) Configuration Guide: SIP Trunking for PSTN Access:

http://www.cisco.com/en/US/docs/ios/ios_xe/voice_cube_-_ent/configuration/guide/vb_ch2_xe_ps5640_TSD_Products_Configuration_Guide_Chapter.html

Cisco Unified Border Element (Enterprise) Configuration Guide: SIP-to-SIP Connections on a Cisco Unified Border Element:

http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb-gw-sipsip.html

Cisco Unified Border Element (SP Edition)—Unified Model

The following Cisco Unified Border Element (SP Edition) features were introduced in Cisco IOS XE Release 3.2.0S:

Support on new ASR 1001 Chassis for Cisco Unified Border Element

Analysis, Routing, and Policy Enhancements

Billing: XML based billing

Emergency and Security Enhancements

Interchassis High Availability

Media: Media Interworking Enhancements

In addition, Cisco IOS XE Release 3.2.0S introduces support for Cisco Unified Border Element (SP Edition) DSP SPA:

Media:Transcoding:SBC Support For On-board DSP Services

Media:DTMF Interworking:InBand and RFC2833/OOB (SIP INFO/NOTIFY)

Media:DTMF Interworking:RFC2833 and OOB (SIP INFO/NOTIFY) for Calls Transcoded with Onboard DSPs

Media:Transcoding:SIP to SIP Voice Transcoding support

Media:Transcoding:Voice Transcoding Statistics and Error handling for SIP-SIP Calls

Media:Voice Transrating Support

SIP-SIP Call Capacity for DTMF Interworking between Inband and RFC2833

SIP-SIP Call Capacity for Transcoding and Transrating Capabilities

Support for DSP Based functionality including Transcoding and Transrating

For information about these Cisco Unified Border Element (SP Edition) features, see the following documents:

Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html

Cisco Unified Border Element (SP Edition) Command Reference: Unified Model

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html

For information about these Cisco Unified Border Element (SP Edition) Distributed Model features, see the following documents:

Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbc/2_xe/sbc_2_xe_book.html

Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html

Cisco Unified Border Element (SP Edition)—Distributed Model

In addition, Cisco IOS XE Release 3.2.0S introduces support for Cisco Unified Border Element (SP Edition) DSP SPA:

Media:Transcoding: SBC Support For On-board DSP Services

Media:DTMF Interworking:InBand and RFC2833/OOB

Media:DTMF Interworking:RFC2833 and OOB for Calls Transcoded with Onboard DSPs

Media:Voice Transrating support

Support for DSP Based functionality including Transcoding and Transrating

For information about these Cisco Unified Border Element (SP Edition) features, see the following documents:

Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html

Cisco Unified Border Element (SP Edition) Command Reference: Unified Model

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html

For information about these Cisco Unified Border Element (SP Edition) Distributed Model features, see the following documents:

Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbc/2_xe/sbc_2_xe_book.html

Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html

DHCP Lease Limit Per ATM/RBE Unnumbered Interface

This feature allows for DHCP Server and DHCP Relay Enhancements to limit the number of leases per ATM/RBE unnumbered interface.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_acct_sec.html

DHCPv6 Bulk Lease Query

This features provides support for RFC 5460 - DHCPv6 Bulk Lease query.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_rly_agt.html

Easy Virtual Network EIGRP

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe.html

Easy Virtual Network MIB and Context-based SNMP Simplification

This feature allows for VNET MIB Support Autoconfiguration Context Aware VRF-aware for config copy MIB.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_mgt_ts_xe.html

Easy Virtual Network OSPF

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe.html

EIGRP IPv6 VRF-Lite

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_eigrp/configuration/guide/ire_cfg_eigrp_xe.html

Enhanced NBAR

Cisco IOS XE 3.2S Release includes support for 32 new and 7 updated protocols.

For the complete list of supported and updated protocols, refer to the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html

EVC Infrastructure

The Cisco ASR 1000 Router EVC infrastructure provides the capability for the Cisco ASR 1000 to classify Layer 2 traffic to various Ethernet Service Instances (EFP) on a physical port. Subsequently these EFP can be mapped to a EVC based forwarding services to accomplish Layer 2 forwarding.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_evc-infra_xe.html

Firewall ALG—SIP REFER Method

The Firewall ALG - SIP REFER Method feature is used for call transfers. A REFER message is used to refer to a peer. The REFER method indicates that the recipient of a call, identified by a request Uniform Resource Identifier (URI) must contact a third party using the contact information provided in the request.

The Firewall ALG - SIP REFER Method feature supports two types of call transfers, unattended (blind) transfer and attended (consultative) transfer. For more information on call flows, see the SIP Call Flows document.

Firewall ALG—SIP Trunking Support

A SIP trunk is a direct connection of an IP PBX to a service provider over an IP network using SIP. There can be numerous concurrent calls in a SIP trunk. During the call setup process, all these calls use the same control channel for call establishment. More than one call uses the same control channel for call setup. Using the same control channel by more than one call confuses the stateful information stored in the control channel session. The SIP stateful information consists of the media channel information such as IP address and port number used by client/server endpoints to send media data. The media channel information is used to create a door for the data channel in the firewall. Because multiple calls use the same control channel for call setup, there will be multiple sets of media data. The Firewall ALG-SIP Trunking Support feature uses a local database to store all the media-related information within a SIP trunk. Call IDs of each call are used to index this local database.

TCP segmentation in a SIP trunk can cause unexpected behavior that includes packet drops, TCP reset, and slow response.

Flexible NetFlow—32-Bit AS Number Support

This feature will allow for IOS-BGP that extends all ASN value from ushort to ulong for RFC 4893. BGP fields are defined in NetFlow and should be extended accordingly.

Hierarchical Color-Aware Policing

The Hierarchical Color-Aware Policing feature provides two levels of policing where the policer ordering is evaluated from child to parent, and there is preferential treatment of certain traffic at the parent level.

Beginning in Cisco IOS XE Release 3.2S, this feature is enabled on the Cisco ASR 1000 series Aggregation Services Routers through the following support and changes:

Reverse the order of dataplane policing in hierarchical policies so that they are evaluated from child to parent. In prior releases, the policies are evaluated from parent to child.

Limited support for color-aware policing (RFC 2697 and RFC 2698) within Quality of Service (QoS) policies.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/qos-plcshp-hier-clr-plc.html

IEEE 802.1ag-2007 Compliant CFM

The feature allows IEEE 802.1ag (Draft 8.1) Compliant CFM (Bridge Domain Support) support on the Cisco ASR 1000 Router Series.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_cfm-ieee_xe.html

Inbound Policy Marking for dVTI

This feature provides marking on a dVTI (no policing, or queuing features are supported.) Scale: 1000 dVTIs with a flat marking policy.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/inbound_policy_marking_dvti_xe.html

Ingress Packet Scheduling (Intra-CC and Inter-CC Ingress Scheduling)

Ingress packet scheduling is applicable to packets entering the Cisco ASR 1000 Router through an interface.

For more information, see the following document:

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRimpqos.html

IP Routing of RFC1483 ATM Bridge Encapsulation (RBE)

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/bbdsl/configuration/guide/bba_atm_rbe_xe.html

IP SLAs Metro-Ethernet 3.0 (ITU-T Y.1731)

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ipsla/configuration/guide/sla_metro_ethernet.html

IPv6 ACL—Template ACL

The IPV6 Template ACL feature enables you to significantly scale the number of per-user access lists within a router

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-sec_trfltr_fw_xe.html

IPv6 Policy-Based Routing

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/xe-3s/ip6-pol-bsd-rtng.html

ISSU—MPLS VPN 6VPE & 6PE ISSU Support

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_6vpe_6pe_issu_sso_xe.html

ISSU—RBE

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_atm_rbe.html

Legacy QoS Command Deprecation—Removed Commands

This feature enables the qos legacy cli commands to be deprecated and replaced.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/legacy_qos_cli_deprecation_xe.html

MoFRR (Multicast Only Fast Reroute)

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipmulti/configuration/guide/imc_cfg_mofrr_xe.html

MQC Hierarchical Classmap

Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) allows multiple traffic classes (nested traffic classes, which are also called nested class maps or MQC hierarchical class maps) to be configured as a single traffic class.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_mqc_xe.html

Multicast Live-Live

The Multicast Live-Live feature delivers two multicast streams with the same content over diverse paths in the network. This functionality reduces packet loss due to network failures on any one of the paths.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipmulti/configuration/guide/imc_live_live_xe.html

Multi-SA for DVTI

This feature enables DVTI to support multiple IPsec security associations.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-ipsec-virt-tunnl.html

MVPN—Data MDT Enhancements

Multicast distribution tree (MDT) groups were selected at random when the traffic passed the threshold and there was a limit of 255 MDTs before they were reused. The MVPN-Data MDT Enhancements feature provides the ability to deterministically map the groups from inside the VPN routing and forwarding (S,G) entry to particular data MDT groups, through an access control list (ACL).

The user can now map a set of VPN routing and forwarding (S,G) to a data MDT group in one of the following ways:

1:1 mapping (1 permit in ACL)

Many to 1 mapping (many permits in ACL)

Many to many mapping (multiple permits in ACL and a nonzero mask data MDT)

Because the total number of configurable data MDTs is 1024, the user can use this maximum number of mappings in any of the described combinations.

NAT ALG—SIP REFER Method

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html

NAT ALG—SIP Trunking Support

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html

New DSP SPA Software Features

The following new DSP SPA software features have been introduced in this release:

Ability to disable comfort noise generation on system-wide basis

Ability to Support Multiple Applications

Ability to Translate Between Any Two Codec Types

Comfort Noise Generation

DSP Management (MIBs, Show Commands)

Dynamic Jitter Buffer for Packet Loss Concealment

Failed DSP Out of Allocation

Multiple DSP Pools from Same DSP SPA

Multiple Voice Codecs supported by DSPs

OIR Support

Pools of Multiple DSP SPAs

Restart Failed DSP within 1sec

Shared DSP Technology with IOS Voice Gateways

Support VoIP/Video over IPv4 as well as IPv6

Voice/Network Quality Stats Per Call Leg

For more information about Cisco ASR 1000 Series router support for the DSP SPA features, see:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

For more information about the DSP SPA features, see:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html

OSPF—Demand Circuit Disable

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_ospf/configuration/guide/iro_cfg_xe.html

PKI High Availability

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cfg_auth_rev_cert.html

Policy Accounting Phase 2

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_policy_accounting_xe_ps11174_TSD_Products_Configuration_Guide_Chapter.html

Port Level Shaping Concurrent with 4HQoS on ES+

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/port_level_shaping.html

PPP IP Unique Address/Prefix Detection

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/bbdsl/configuration/guide/bba_ppp_ip_uni_add_xe.html

PPP—IPv6 Accounting Delay Enhancements

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-adsl_dial_xe.html

QoS—Time-Based Thresholds for WRED and Queue Limit

This feature introduces support for QoS over a GRE/sVTI VRF tunnels.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_thld_wred_que_limit_xe.html

RADIUS Over IPv6

This feature allows for time-based thresholds for WRED and queue limit.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-adsl_dial_xe.html

RADIUS Statistics VIA SNMP

This feature will enable RADIUS to work over IPv6 transport.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_radius.html

RSVP-VRF Lite Admission Control

This feature allows for RSVP CAC for IP-sessions within the context of a VRF.

For more information, see the following document: URL:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_rsvp_vrf_lite.html

SNMP Enhancements for Cisco ASR 1000 Router

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/bbdsl/configuration/guide/bba_limit_legcfg_xe.html

SSHv2 Enhancements for RSA Keys

This feature adds support for the following functionatities:

RSA keys based user authentication for SSH

SSH server host key storage and verification.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_shell_v2.html

SSO—MPLS VPN 6VPE and 6PE SSO Support

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_6vpe_6pe_issu_sso_xe.html

SSO—RBE

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_atm_rbe.html

Stateless Network Address Translation 64

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_stateless_nat64_xe.html

Synchronous Ethernet (SyncE): ESMC and SSM

Supports Ethernet Synchronization Message Channel (ESMC) and the Synchronization Status Message (SSM) control protocol for SyncE to synchronize clock frequency over an Ethernet port with quality level selection.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_synce.html

Synchronous Ethernet Support

Synchronous Ethernet support is paramount for delivering timing information efficiently to the cellsite base stations. From Service Provider perspective, this solution overcomes the need to provide a separate TDM circuit for providing timing. SyncE will be as per ITU-T standards as defined in below mentioned Functional specifications. It will leverage physical layer of ethernet to transmit frequency to remote site.

For more information, see the following document:

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/SyncE.html

Tacacs over IPv6

This feature will enable TACACS+ to work over IPv6 Transport.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-adsl_dial_xe.html

VASI (VRF-Aware Software Infrastructure) Enhancements Phase II

This feature enhancement allows for VASI: VASI Enhancements with IPv6 unicast traffic and IPv4 dynamic routing protocols support (OSPF and EIGRP) support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_vasi_vrf_aware_software_infrastructure.html

VFR Enhancements

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_virt_frag_reassm_xe.html

Virtual Network Trunk

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_shared_svcs_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html

VRF-Aware IPsec Phase III Support

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec_xe.html

VRF Route Replication

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_shared_svcs_xe.html

VRF-Aware Traceroute with VRF Name

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_mgt_ts_xe.html

Important Notes

The following sections contain important notes about Cisco IOS XE 3S Releases and later running on Cisco ASR 1000 Series Routers.

Deferrals

Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:

http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Field Notices and Bulletins

Field Notices—We recommend that you view the field notices for this release to determine whether your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html

Bulletins—You can find bulletins at http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html

Important Notes About IPSec Support on the Cisco ASR 1000 Series Router

This section contains important notes about IPSec support on the Cisco ASR 1000 Series Router.

IPSec CLI Support Notes

This section contains important notes about IPSec CLI support on the Cisco ASR 1000 Series Router:

For information about Cisco IOS IPSec commands, see the Cisco IOS Security Command Reference at: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s5.html

The show crypto engine command, which displays information about the crypto engine, is not currently supported on the Cisco ASR 1000 Series Router. The unsupported show crypto engine subcommands include the following:

accelerator (Shows crypto accelerator information.)

brief (Shows all crypto engines in the system.)

configuration (Shows crypto engine configuration.)

connections (Shows connection information.)

qos (Shows QoS information.)

The Cisco ASR 1000 Series Router does not currently support the display of send and recv error statistics using the show crypto ipsec sa identity command.

The Cisco ASR 1000 Series Router does not support the clear and show crypto commands on the standby Route Processor (RP) by design.

Counters in the show platform software ipsec fp active flow identifier n command are flagged for reset on read. You can use the show crypto ipsec sa command to obtain integral counters.

The show access-list command output does not show a packet count matching the ACL.

The Cisco ASR 1000 Series Router displays debugging information about the consumption of IPsec datapath memory; use the show platform hardware qfp act feature ipsec datapath memory command in privileged EXEC or diagnostic mode.

The Cisco ASR 1000 Series Router displays debugging information about the crypto engine processor registers; use the show platform software ipsec f0 encryption-processor registers command in privileged EXEC or diagnostic mode.

Crypto Map Support

This section contains important notes about IPSec crypto map support on the Cisco ASR 1000 Series Router:

The Cisco ASR 1000 Series Router does not currently support IPSec tunnel configuration for crypto maps with same IP address on both the tunnel interface and the physical interface. Configurations with different IP addresses are supported.

A possible Embedded Services Processor (ESP) reload may occur if a large number (such as 2000) of crypto maps are removed simultaneously. When removing a large number of crypto maps, it is recommended you unconfigure 500 crypto maps at a time and wait 25 seconds between operations.

The Cisco ASR 1000 Series Router does not support the show access-lists id command under crypto maps.

The Cisco ASR 1000 Series Router does not currently support the interface range command when configuring crypto maps.

IPSec Packet Processing

This section contains important notes about IPSec packet processing on the Cisco ASR 1000 Series Router:

Reloading an Embedded Services Processor (ESP) on the Cisco ASR 1000 Series Router may cause a few IPSec packets to drop before the initialization completes, but the traffic will resume after a brief interval.

The Cisco ASR 1000 Series Router will not discard an incoming IP datagram containing a Payload Length other than 4 in the authentication header (AH). For example, a 96 bit authentication value plus the 3 32-bit word fixed portion for any non-null authentication algorithm will not be discarded.

The Cisco ASR 1000 Series Router does not forward incoming authenticated packets with the IP option field set.

GET VPN Support

This section contains important notes about Group Encrypted Transport VPN (GET VPN) support on the Cisco ASR 1000 Series Router:

To ensure normal traffic flow for a GET VPN configuration on a Cisco ASR 1000 Series Router, a Time Based Anti Replay (TBAR) window-size of greater than 42 seconds is recommended.

The Cisco ASR 1000 Series Router does not currently support the TBAR statistics display in the show crypto gdoi gm replay command.

The Cisco ASR 1000 Series Router does not currently support Easy VPN (EzVPN) and GET VPN on the same interface.

When a Cisco ASR 1000 Series Router is to apply the same Group Domain of Interpretation (GDOI) crypto maps to two interfaces, you should use local addresses for the crypto maps. Non-local address configuration is not supported.

The Cisco ASR 1000 Series Router does not currently support transport mode for TBAR.

The Cisco ASR 1000 Series Router only supports the reassembly of post-fragmented GET VPN packets that are destined for the local Cisco ASR 1000 Series Router in the GET VPN network

An enhancement is added to enable reassembly of IPsec transit traffic. This enhancement applies only to post-encryption fragmented IPsec packets. When this enhancement is enabled, IPsec will detect transit IPsec traffic and reassemble it before decryption. GET VPN transit IPsec traffic will be reassembled, decrypted, and forwarded to the destination. Non GET VPN transit IPsec traffic will be reassembled but not decrypted (because the Cisco ASR 1000 router is not the IPsec tunnel end point) and then forwarded to the destination.

To enable IPsec reassembly of transit traffic, use the platform ipsec reassembly transit command in global configuration mode. To disable IPsec reassembly of transit traffic, use the no form of this command.

platform ipsec reassembly transit

[no]platform ipsec reassembly transit

IPSec SSO and ISSU Support Notes

The Cisco ASR 1000 Series Router supports stateful IPSec sessions on ESP switchover. During ESP switchover, all IPSec sessions will stay up and no user intervention is needed to maintain IPSec sessions.

For an ESP reload (no standby ESP), the SA sequence number restarts from 0. The peer router drops packets that do not have the expected sequence number. User may need to explicitly reestablish IPSec sessions to work around this issue for systems that have a single ESP after an ESP reload. User may experience traffic disruption over the IPSec sessions in such cases for the duration of the reload.

The Cisco ASR 1000 Series Router currently does not support Stateful Switchover (SSO) IPSec sessions on Route Processors (RPs). The IPSec sessions will go down on initiation of the switchover, but will come back up when the new RP becomes active. No user intervention is needed. User will experience traffic disruption over the IPSec sessions for the duration of the switchover, until the sessions are back up.

The Cisco ASR 1000 Series Router currently does not support stateful ISSU for IPSec sessions. Before performing an ISSU, users must explicitly terminate all existing IPSec sessions or tunnels prior to the operation and reestablish them post ISSU. Specifically, users must ensure that there are no half-open or established IPSec tunnels present before performing ISSU. To do this, we recommend user do a interface shutdown in the case of interfaces that may initiate a tunnel setup, such as a routing protocol initiating a tunnel setup, or interfaces that have keepalive enabled or where there is an auto trigger for an IPSec session. Traffic disruption over the IPSec sessions during ISSU is obvious in this case.

Summarizing and restating the different caveats:

ESP - switchover (with standby ESP) : Stateful :

IPSec sessions should be up. No user intervention needed.

ESP - Reload (No standby ESP) : Stateless :

IPSec sessions will go down and come back up. Usually no user intervention is needed. However, user may need to explicitly reestablish Ipsec session again if anti replay is configured (sequence number checking).

RP - switchover (with standby RP) : Stateless :

IPSec sessions will go down on RP switchover and should reestablish themselves when the new RP gains active role. No user intervention is needed.

ISSU (irrespective of chassis type): Stateless :

User must explicitly terminate all IPSec sessions by shutting the interfaces, perform ISSU and then reestablish tunnels by enabling the interfaces. No other intervention needed.

Miscellaneous IPSec Support Notes

This section contains miscellaneous important notes about IPSec support on the Cisco ASR 1000 Series Router:

In the context of an IPSec DVTI connection, the Cisco ASR 1000 Router does not support dynamic download ACL rule (per-user attribute) from the AAA server.

For example, the following configurations are not supported:

cisco-avpair += "ip:inacl#1=permit ip any 2.2.2.0 0.0.0.255"
cisco-avpair += "ip:outacl#1=permit ip 2.2.2.0 0.0.0.255 any"
 
   

The Cisco ASR 1000 Router does not support the command of "if-state nhrp" in configuring the tunnel.

The Cisco ASR 1000 Router Dead Peer Detection behavior is different than the pre-defined behavior (i.e. when there is no traffic to be sent, no DPD is sent, while if any traffic to be sent, DPD is sent). A Cisco ASR 1000 Router DPD is sent out regardless there is outbound traffic needs to be sent out.

The Cisco ASR 1000 Router does not support SA Path MTU on data path.

The Cisco ASR 1000 Router does not support double ACL in dynamic crypto map.

VRF without crypto map configured on a physical interface causes dual esp reload on a Cisco ASR 1000 Router.

The command: show crypto ipsec sa identity does not log send and receive error counts.

The commands: clear crypto and show crypto on Standby RP are inconsistent with Active RP. At present most of other features disable 'clear commands' from Standby RP, but IPSec still allows to clear sa, session etc. from the standby.

The Cisco ASR 1000 Router does not support Cisco AAA av-pair "cisco-avpair += ip:sub-policy-In=policy1".

CLI allows both ikev1 and ikev2 profile configured under the same crypto map, even though it is not supported internally on the ASR 1000 Router.

For a Cisco ASR 1000 Router, the tunnel protection should be removed first before changing any configuration for tunnel protection.

The security association (SA) maximum transmission unit (MTU) calculation is based on the interface MTU instead of the IP MTU.

The Cisco ASR 1000 Series Router currently supports a maximum anti-replay window value of 512. If you attempt to configure a value larger than 512, the Cisco ASR 1000 Series Router defaults back to 512 internally (although the display still shows your user-configured value).

The Cisco ASR 1000 Series Router does not currently support nested SA transformation such as:

crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac 
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac 
 
   

The Cisco ASR 1000 Series Router does not currently support Cisco IOS Certificate Authority (CA) server features.

The Cisco ASR 1000 Series Router does not currently support COMP-LZS configuration.

On Cisco ASR 1000 Series Routers, when configuring GRE over IPSec, it is recommended that you use only the tunnel protection mode on the tunnel interface. Using crypto maps on both the tunnel interface and the physical interface to achieve GRE over IPSec is not the supported method of configuration.

When using dynamic VTI-based IPSec on a Cisco ASR 1000 Router, if there are multiple remote IPSec endpoints behind the same NAT device, only one of the endpoints has connectivity. In other words, multiple endpoints cannot have connectivity at the same time.

NAT and Firewall ALG Support on the Cisco ASR 1000 Series Routers

The NAT and Firewall ALG Support on Cisco ASR 1000 Series Routers matrix summarizes Network Address Translation (NAT) and Firewall Application Layer Gateway (ALG) feature support on Cisco ASR 1000 Series Routers in Cisco IOS XE  Release 2.1.0 and later releases. The matrix lists feature support by release. NAT and Firewall ALG support is cumulative; features introduced in earlier releases continue to be supported in later releases. You can find the matrix at

http://www.cisco.com/en/US/docs/routers/asr1000/technical_references/asr1000alg_support.pdf

Important Notes About Cisco IOS XE Release 3.2.1S

This section describes important notes about Cisco IOS XE Release 3.2.1S and later releases.

EzVPN Support on the Cisco ASR 1000 Series Routers

On a ASR Cisco 1000 Router, when an EzVPN session is ended, the EzVPN server sends out a Stop Accounting message. This message does not contain the Acct-Input-Octets, Acct-Output-Octets, Acct-Input-Packets, and Acct-Output-Packets fields. It might cause a disruption of accounting performed on traffic.

Maximum IP MTU for Loopback Interfaces

For loopback interfaces, the maximum IP MTU is now 4000. This is to match the serial interface limits.

Important Notes About Cisco IOS XE Release 3.2.0S

This section describes important notes about Cisco IOS XE Release 3.2.0S and later releases.

Cisco ASR 1001-4XT3

Cisco ASR1001-4XT3 chassis functionality is similar to the SPA-4XT3/E3 with the exception of E3 circuitry in Cisco IOS XE 3.2.0S Release.

SIP Trunk Over TCP

SIP TCP trunk calls may not activate if more than one complete SIP messages were contained in one TCP segment in Cisco IOS XE 3.2.0S Release.

This symptom occurs upon SIP trunk over TCP scenario. SIP ALG currently processes only one complete SIP message in one TCP segment (one complete or one complete plus one incomplete), refer to CSCti56370.

TCP Failover in Hardware High-Availability Mode

TCP failover is not supported in Hardware High-Availability mode. If the active node fails in Hardware High Availability mode and if the network is restored, it may take 5 to 10 minutes for the standby node to become the active node. This is because of the reboot and the peer negotiation delay. If the network is not restored, only the switched over active peer is available. Failover is not possible in this state.

Extended ACL as a WCCP Redirect ACL

The Cisco ASR 1000 Series Router supports the use of an extended ACL as a WCCP redirect ACL. However, the option to specify a port range is not supported.

Important Notes About Cisco IOS XE Release 3.1.1S

This section describes important notes about Cisco IOS XE Release 3.1.1S and later releases.

SIP-40G:SPA-4XT-SERIAL

Cisco SPA-4XT-SERIAL was not supported in 3.1.0S when plugged into an ASR1000 with SIP-40. This SPA is supported in Release 3.1.1S on SIP-40 linecard.

For more information, see the following documents:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation, see section for SPA-4XT-Serial SPA in Table 1-4 (SIP and SPA Compatibility for Serial SPAs).

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

Cisco ASR1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html

Important Notes About Cisco IOS XE Release 3.1.0S

This section describes important notes about Cisco IOS XE Release 3.1.0S and later releases.

Bidirectional Forwarding Detection (BFD)

In Cisco IOS XE Release 3.1.0S, Bidirectional Forwarding Detection (BFD) is no longer supported in IP Base software packages. For BFD support, use the Advanced IP Services or Advanced Enterprise Services packages.

DMVPN Spoke Support

In Cisco IOS XE Release 3.1.0S Cisco ASR 1000 Series Routers do not support the ip nhrp server-only command if they act as DMVPN spokes.

Important Notes About Cisco IOS XE Release 2.6.0

This section describes important notes about Cisco IOS XE Release 2.6.0 and later releases.

Per-User Attribute on PPP Virtual Access

In Cisco IOS XE Release 2.6.0 multiple instances of the per-user attribute `Cisco-Avpair=lcp:interface-config=<cmd>' is not supported.

For example:

Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen

Cisco-AVPair= lcp:interface-config=ip unnumbered loopback2

Should be configured like this in Cisco IOS XE Release 2.6.0:

Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen \nip unnumbered loopback2

"Multiple instances will be supported in Cisco IOS XE Release 2.6.1"

Legacy QoS Command Deprecation: Hidden Commands

To streamline Cisco IOS QoS (quality of service), certain commands are being hidden. Although these commands are available in Cisco IOS XE Release 2.6, the CLI interactive help does not display them. If

you attempt to view a command by entering a question mark at the command line, the command does not appear. However, if you know the command syntax, you can enter it. The system will accept the command and return a message explaining that it will soon be removed. These commands will be completely removed in a future release, which means that you will need to use the appropriate replacement commands.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/legacy_qos_cli_deprecation_xe.html

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes About Cisco IOS XE Release 2.5.0

This section describes important notes about Cisco IOS XE Release 2.5.0 and later releases.

Embedded Packet Capture

The Embedded Packet Capture (EPC) feature is not functional and not supported for the Cisco ASR 1000 Series Routers.

QoS - Policing Support for GRE Tunnels

When queuing feature on the GRE tunnel interface is not supported with crypto configured on the physical interface.

QoS: QoS support for GRE/sVTI Tunnel

With IOS XE 2.5.0, the Cisco ASR 1000 Router Series supports Quality-of Service (QoS) applied to

A GRE or sVTI tunnel with policing and marking only for INGRESS traffic

A GRE or sVTI tunnel with 2-level hierarchy allowing queuing on the second level for EGRESS traffic

When there are multiple egress physical interfaces for a tunnel, and the tunnel target physical interface changes as a result of tunnel target destination route change, either manually by user configuration or by routing protocol, IOS will not prevent the tunnel traffic from moving to an alternate egress physical interface. However, in IOS XE 2.5.0, QoS tunnel move feature is not supported. When tunnel traffic moved to an alternate egress physical interface, tunnel QoS policy may enter a suspended state. At this point, the tunnel QoS policy will have to be removed and reapplied to the tunnel interface for it to take effect. In addition, queuing features on the GRE tunnel interface are not supported when IPSec is configured on the physical interface.

VRF-Aware NAT

Integrating NAT with MPLS VPNs

This section provides information about integrating NAT with MPLS VPNs.

Prerequisites for integrating NAT with MPLS VPNs

Before performing the tasks in this module, you should be familiar with the concepts related to configuring NAT for IP address conservation. All access lists required for use with the tasks in this module should be configured prior to beginning the configuration task. For information about how to configure an access list, see IP Access List Sequence Numbering at the following location:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html


Note If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any command in the access list.


Restrictions for Integrating NAT with MPLS VPNs

The following functionality is not supported for VRF-Aware NAT:

VPN to VPN translations. In other words, VRF cannot be applied on the NAT outside interface.

Translation of multicast packets

Translations with inside destinations

Reversible route maps

MIBs

MPLS traffic engineering

Configuring inside dynamic translations defined with outside interface mappings is not supported.

Configuring inside static translations with interface mappings is not supported. The following commands, which do not include VRF, are not supported:

ip nat inside source static esp local-ip interface type number

ip nat inside source static local-ip global-ip route-map name

ip nat inside source static local-ip interface type number

ip nat inside source static tcp local-ip local-port interface type number global-port

ip nat inside source static udp local-ip local-port interface type number global-port

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes About Cisco IOS XE Release 2.3.0

This section describes important notes about Cisco IOS XE Release 2.3.0 and later releases.

Any Transport Over MPLS (AToM) Support

The configuration of Any Transport Over MPLS (AToM) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.3.0 is only supported on a subinterface; AToM cannot be configured on the main interface. In addition, you cannot have any IP configuration on the main interface when you have an AToM configuration on the subinterface. These configuration guidelines are applicable to VC mode, VP mode, and L2VPN PW redundancy.

MPLS TE Support

Cisco ASR 1000 Series Router users considering the implementation of MPLS TE are recommended to consult with their local Cisco technical support representative for Cisco IOS XE implementation details.

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes About Cisco IOS XE Release 2.2.2

This section describes important notes about Cisco IOS XE Release 2.2.2 and later releases.

SSO for L2TP Tunnel Switching Not Supported

If dual route processors (RPs) are used on the Cisco ASR 1000 Series Router in Cisco IOS XE Release 2.2.2 and L2TP Tunnel Switching is configured, then no l2tp sso enable must be configured.

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.2. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes About Cisco IOS XE Release 2.2.1

This section describes important notes about Cisco IOS XE Release 2.2.1 and later releases.

100M FX SFP Not Supported on Cisco 2-Port Gigabit Ethernet Shared Port Adapter

The 100M FX SFP is not supported on the Cisco 2-Port Gigabit Ethernet Shared Port Adapter (2x1GE SPA) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1.

Intelligent Service Gateway (ISG) Features Not Supported

The following Intelligent Service Gateway (ISG) features are not supported on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1:

ISG IP subscriber functionality on the following types of access interfaces: Gigabit EtherChannel (GEC) (Port Channel), generic routing encapsulation (GRE), PPP (virtual-template), and Layer 2 Tunneling Protocol (L2TP)

ISG prepaid billing

ISG IP interface sessions

Interface statistics for ISG multiservice interfaces

Access lists cannot be configured as match criteria in ISG Layer 4 redirect configuration. As an alternative, Layer 4 redirect should be configured in ISG traffic class services.

Stateful Switchover (SSO and in-service software upgrade (ISSU) for ISG IP subscriber sessions or traffic class sessions. Upon switchover, an IP session must be recreated or restarted (for Dynamic Host Configuration Protocol (DHCP) sessions) when the session becomes active again.

SSO and ISSU for any features on IP subscriber sessions or traffic class sessions

SSO and ISSU for the following features on ISG PPP sessions:

Port-Bundle Host Key

Layer 4 Redirect

Traffic Class

Per-Session Multicast Support

Enhancements to the IP multicast feature provide support for per-session multicast in broadband environments in Cisco IOS XE Release 2.2.1.

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.1. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes About Cisco IOS XE Release 2.1.1

This section describes important notes about Cisco IOS XE Release 2.1.1 and later releases.

Startup Configuration File Backup

As a matter of routine maintenance on any Cisco router, users should backup the startup configuration file by copying the startup configuration file from NVRAM onto one of the router's other file systems and, additionally, onto a network server. Backing up the startup configuration file provides an easy method of recovering the startup configuration file in the event the startup configuration file in NVRAM becomes unusable for any reason.

For users using any Cisco ASR 1000 Series Router with a single RP, including any Cisco ASR 1002 or Cisco ASR 1004 Router, backing up the startup configuration file onto another router file system is especially important due to CSCsq70140, which is documented in the Caveats section of these release notes. The workaround for users who run into this caveat is to replace the startup configuration file in NVRAM with a backup copy of the startup configuration file on the router; therefore, customers who have backed up their startup configuration files onto the router will be ready to resolve these caveats if they occur on their Cisco ASR 1000 Series Routers using a single RP.

Example 1: Copying Startup Configuration File to Bootflash

Router# dir bootflash:
Directory of bootflash:/
 
   
   11  drwx       16384   Dec 4 2007 04:32:46 -08:00  lost+found
86401  drwx        4096   Dec 4 2007 06:06:24 -08:00  .ssh
14401  drwx        4096   Dec 4 2007 06:06:36 -08:00  .rollback_timer
28801  drwx        4096  May 29 2008 16:31:41 -07:00  .prst_sync
43201  drwx        4096   Dec 4 2007 04:34:45 -08:00  .installer
   12  -rw-   208904396  May 28 2008 16:17:34 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
 
   
Router# copy nvram:startup-config bootflash:
Destination filename [startup-config]? 
 
   
3517 bytes copied in 0.647 secs (5436 bytes/sec)
 
   
Router# dir bootflash:
Directory of bootflash:/
 
   
   11  drwx       16384   Dec 4 2007 04:32:46 -08:00  lost+found
86401  drwx        4096   Dec 4 2007 06:06:24 -08:00  .ssh
14401  drwx        4096   Dec 4 2007 06:06:36 -08:00  .rollback_timer
28801  drwx        4096  May 29 2008 16:31:41 -07:00  .prst_sync
43201  drwx        4096   Dec 4 2007 04:34:45 -08:00  .installer
   12  -rw-   208904396  May 28 2008 16:17:34 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
13 -rw-        7516   Jul 2 2008 15:01:39 -07:00  startup-config

Example 2: Copying Startup Configuration File to USB Flash Disk

Router# dir usb0:
Directory of usb0:/
 
   
43261  -rwx   208904396  May 27 2008 14:10:20 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
 
   
255497216 bytes total (40190464 bytes free)
 
   
Router# copy nvram:startup-config usb0:
Destination filename [startup-config]? 
 
   
3172 bytes copied in 0.214 secs (14822 bytes/sec)
 
   
Router# dir usb0:
Directory of usb0:/
 
   
43261  -rwx   208904396  May 27 2008 14:10:20 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
43262 -rwx        3172   Jul 2 2008 15:40:45 -07:00  startup-config
 
   
255497216 bytes total (40186880 bytes free)

Example 3: Copying Startup Configuration File to a TFTP Server

Router# copy bootflash:startup-config tftp:
Address or name of remote host []? 172.17.16.81
Destination filename [pe24_asr-1002-confg]? /auto/tftp-users/user/startup-config
!!
3517 bytes copied in 0.122 secs (28828 bytes/sec)

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes About Cisco IOS XE Release 2.1.0

This section describes important notes about Cisco IOS XE Release 2.1.0 and later releases.

High-Level Feature Sets Not Supported for the Cisco ASR 1000 Series Routers

Table 1 describes some of the high-level feature sets that are not supported for the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.1.0 and later releases. Use Cisco Feature Navigator to confirm support for a specific feature. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Feature support is subject to change from release to release. Some high-level feature sets that were not supported in the initial Cisco IOS XE Release 2.1.0 are now supported. Table 1 has been updated to indicate when support has been introduced in later releases. For the latest feature information, see the New and Changed Information sections of these release notes and Cisco Feature Navigator.


Table 1 High-Level Feature Sets Not Supported for the Cisco ASR 1000 Series Routers 

Major Feature Category
Feature Not Supported

ATM

Support for ATM features begins in Cisco IOS XE Release 2.3.0. No ATM features are supported in earlier releases.

Broadband

Support for ANCP begins in Cisco IOS XE Release 2.4.0. ANCP is not supported in earlier releases.

IPv6 Intelligent Service Gateway (IPv6 ISG)

MLP over ATM (MLPoATM)

MLP over Ethernet (MLPoE)

Multilink PPP on L2TP Network Server (MLPPP on LNS)

Point-to-Point Protocol over Ethernet Tag (PPPoE Tag)

PPP over Q-in-Q (PPPoQinQ)

Ethernet OAM

Ethernet Operation, Administration, and Maintenance (OAM)

MPLS

Support for Carrier's Carrier begins in Cisco IOS XE Release 2.2.3. Carrier's Carrier is not supported in earlier releases.

Support for Ethernet over MPLS (EoMPLS) begins in Cisco IOS XE Release 2.4.0. Ethernet over MPLS (EoMPLS) is not supported in earlier releases.

Support for Inter-AS begins in Cisco IOS XE Release 2.2.2. Inter-AS is not supported in earlier releases.

IPv6 Provider Edge Router over MPLS (6PE)

IPv6 VPN over MPLS (6VPE)

Label Distribution Protocol (LDP) Session Protection

Support for Layer 2 VPN (L2VPN) begins in Cisco IOS XE Release 2.3.0. L2VPN is not supported in earlier releases.

Support for MPLS Traffic Engineering/Fast Reroute (MPLS TE/FRR) begins in Cisco IOS XE Release 2.3.0. MPLS TE/FRR is not supported in earlier releases.

 

Virtual Private LAN Service (VPLS)

Multicast

Multicast VPN

Routing

Performance Routing/Optimized Edge Routing (PFR/OER)

Security

Support for Group Encrypted Transport VPN (GET VPN) begins in Cisco IOS XE Release 2.3.0. GET VPN is not supported in earlier releases.

IPv6 IPSec

Support for Lawful Intercept begins in Cisco IOS XE Release 2.4.0. Lawful Intercept is not supported in earlier releases.

VRF-Aware Firewall

Support for VRF-Aware NAT when running ASRNAT this will not handle fragmented packets unless VFR is configured on all NAT interfaces.

Voice

Support for Cisco Unified Border Element (SP Edition) begins in Cisco IOS XE Release 2.4.0. Cisco Unified Border Element (SP Edition) is not supported in earlier releases. Earlier releases include support for Integrated Session Border Controller.