First Published: July 27, 2022

Last Updated: October 10, 2023

Introduction

The following release notes support the Cisco IOS 15.9(3)M6a release. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.

PSIRT ADVISORY

IMPORTANT INFORMATION - PLEASE READ!

FPGA and BIOS have been signed and updated to new versions.

For the 15.9 Release Train, this image (15.9-3.M) is considered as the baseline. Downgrade is STRICTLY UNSUPPORTED and bundle install to previous releases (158-3.M2a/157-3.M4b/156-3.M6b) will cause an error and fail if attempted. Any manual downgrade [non bundle operations] will impair router functionality thereafter.


Note
After upgrading to this release, make sure to delete any old image files that may still be in the flash: filesystem. This will prevent an unintended IOS downgrade.

For additional information on the PSIRT see the following:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Image Information and Supported Platforms


Note
You must have a Cisco.com account to download the software.

Cisco IOS Release 15.9(3)M6a includes the following Cisco IOS images:

IR8x9

System Bundled Image: ir800-universalk9-bundle.SPA.159-3.M6a

This bundle contains the following components:

  • IOS: ir800-universalk9-mz.SPA.159-3.M6a

  • Guest Operating System: ir800-ref-gos.img.1.15.0.4.gz

  • Hypervisor: ir800-hv.srp.SPA.3.1.27

  • FPGA: 2.B.0

  • BIOS: 28

  • MCU Application: 53

IR807

IOS Image: ir800l-universalk9-mz.SPA.159-3-M6a

CGR1K

System Bundled image: cgr1000-universalk9-bundle.SPA.159-3-M6a

This bundle contains the following components:

  • IOS Version: cgr1000-universalk9-mz.SPA.159-3-M6a

  • Guest Operating System: cgr1000-ref-gos.img.1.8.2.21.gz

  • Hypervisor: cgr1000-hv.srp.SPA.3.0.69

  • FPGA: 2.E.0

  • BIOS: 18

Important Note Regarding 159-3.M6a

CG-OS to IOS Migration:


Note
When migrating from CG-OS to IOS on the CGR1K, Cisco recommends to upgrading from the Golden image to the required IOS image. Refer to the following example:

CG-OS -> 15.8(3)M3b -> <latest version>

Software Downloads

This section contains the following:

IR800 Series

The latest image files for the IR800 product family can be found here:

https://software.cisco.com/download/navigator.html?mdfid=286287045&flowid=75322

Click on the 807, 809 or 829 link to take you to the specific software you are looking for.


Important
MANUAL [non-bundle] DOWNGRADE IS STRICTLY PROHIBITED. For newer releases with the PSIRT fix - while bundle downgrade to 158-3.M2a/157-3.M4b/156-3.M6b is supported, manual downgrade is unsupported.

Note
On the IR8x9 devices, the IR800 bundle image can be copied via Trivial File Transfer Protocol (TFTP) or SCP to the IR800, and then installed using the bundle install flash:<image name> command. The IR800 <image>.bin file can NOT be directly booted using the boot system flash:/image_name. Detailed instructions are found in the Cisco IR800 Integrated Services Router Software Configuration Guide .

Note
On the IR8x9 devices, the cipher dhe-aes-256-cbc-sha (which is used with the commands ip http client secure-ciphersuite and ip http secure-ciphersuite ) is no longer available in IOS 15.6(3)M and later as part of the weak cipher removal process. This cipher was flagged as a security vulnerability.

IR807

The IR807 link shows the following entries:

  • ir800l-universalk9-mz.SPA.<version> .bin

  • ir800l-universalk9_npe-mz.SPA.<version> .bin

IR809

The IR809 link shows the following entries:

  • IOS Software

    • ir800-universalk9-bundle.<version> .bin

    • ir800-universalk9_npe-bundle.<version> .bin

  • IOx Cartridges

    • Yocto 1.7.2 Base Rootfs (ir800_yocto-1.7.2.tar)

    • Python 2.7.3 Language Runtime (ir800_yocto-1.7.2_python-2.7.3.tar)

    • Azul Java 1.7 EJRE (ir800_yocto-1.7.2_zre1.7.0_65.7.6.0.7.tar)

    • Azul Java 1.8 Compact Profile 3 (ir800_yocto-1.7.2_zre1.8.0_65.8.10.0.1.tar)

IR829

The IR829 link shows the following entries:

Software on Chassis

  • IOS Software

    • ir800-universalk9-bundle.<version> .bin

    • ir800-universalk9_npe-bundle.<version> .bin

  • IOx Cartridges

    • Yocto 1.7.2 Base Rootfs (ir800_yocto-1.7.2.tar)

    • Python 2.7.3 Language Runtime (ir800_yocto-1.7.2_python-2.7.3.tar)

    • Azul Java 1.7 EJRE (ir800_yocto-1.7.2_zre1.7.0_65.7.6.0.7.tar)

    • Azul Java 1.8 Compact Profile 3 (ir800_yocto-1.7.2_zre1.8.0_65.8.10.0.1.tar)

AP803 Access Point Module

  • Autonomous AP IOS Software

    • WIRELESS LAN (ap1g3-k9w7-tar.153-3.JH1.tar)

  • Lightweight AP IOS Software

    • WIRELESS LAN (ap1g3-k9w8-tar.153-3.JH1.tar)

    • WIRELESS LAN LWAPP RECOVERY (ap1g3-rcvk9w8-tar.153-3.JH1.tar)

Warning about Installing the Image


Note
The bundle can be copied via Trivial File Transfer Protocol (TFTP), or Secure Copy Protocol (SCP) to the device, and then installed using the bundle install flash:<image name> command. The bin file can NOT be directly booted using the boot system flash:/image_name.

Caution
MANUAL [non-bundle] DOWNGRADE IS STRICTLY PROHIBITED.

Known Limitations

This release has the following limitations or deviations from expected behavior:

Space Limitation

The device requires a minimum 30MB additional space in the flash: file system before attempting an upgrade, or a downgrade between releases. Otherwise, the FPGA/BIOS will not have enough space to store files and perform the upgrade. In these current releases, the bundle installation will not display a warning, but future releases from September 2019 going forward will have a warning.

CSCvq88011 - IR809, IR829

Bundle install should internally handle “firmware downgrade enable” check

Symptoms : If you manually downgrade hypervisor and IOS only from releases (159-3.M+, 158-3.M3+, 156-3.M7+, 157-3.M5+) to the releases (158-3.M2a, 157-3.M4b, 156-3.M6b), the router will be stuck in a boot loop.

Workaround : If you use the recommended 'bundle install' to downgrade, the process will run correctly.

Major Enhancements

This section provides details on new features and functionality available in this release. Each new feature is proceeded by the platform which it applies to.

Data Sanitization Feature

This feature applies to the IR8x9, IR807, CGR1000, CGR2000, and ESR C5915/C5930 platforms.

The enhancement has been brought in for enabling data sanitization on the legacy products providing a reliable way to remove all recoverable data from the Cisco products. User configs hold customer sensitive data such as IP details, routing details etc. User configs will be wiped out as a part of this support. Similarly, IOS & IOx data will also be sanitized during the process.

CLI implementation for enabling this feature will be under the execute command. Once the process is started it can't be reverted. User will be given the warning about this twice before proceeding. Upon executing the factory-reset process all the data in the device will be erased. The user can use TFTP or USB option to boot the IOS back once the process is completed. And it’s recommended to bundle install (For IR8x9, CGR1000) after recovering the device from rommon.

Table 1. Starting the Data Sanitization Process

Command

Description

Factory Reset

IR829#factory-reset

Enables the Data Sanitization Process.
Table 2. Fetching logs from a Previous Data Sanitization Process

Command

Description

Show Factory reset logs (IR8x9 and CGR1000 platforms)

IR829#show platform factory-reset-logs

Previous factory reset process details can be fetched and viewed using this CLI.
Table 3. Fetching logs from a Previous Data Sanitization Process

Command

Description

Show Factory reset logs (IR807, CGR2000, ESR, and C5915/C5930 platforms)

IR807#show factory-reset-logs

Previous factory reset process details can be fetched and viewed using this CLI.

Battery Firmware Upgrade

This release adds a new option to the battery command line interface for firmware upgrade. See the following example:

CGR1240-BBU#battery ?
  bbu                  Trigger BBU Status change for event logging
  cable                battery cable connect or disconnect
  charge-discharge     battery charge and discharge
                       enable/disable(deprecated;use battery enable/disable)
  disable              Disable battery
  enable               Enable battery
  firmware-uprade      upgrade battery firmware
  transportation-mode  battery transportation mode with minimal discharge

Note
See the Cisco 1000 Series Connected Grid Routers for more information.

Caveats

Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.


Note
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account .

For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ .

Open Caveats

The following table lists open caveats for Cisco IOS Release 15.9(3)M6a:

Item

Platform

Description

CSCwc00866

IR829

Modem 4G reset when receiving CTRL-C from an application.

Symptoms: 4G Modem is reset when receiving in the break sequence Ctrl + C in the NMEA interface from an IOx app.

Workaround: Use another break sequence (CTRL-^ then type x then disconnect) to properly disconnect from an existing session.

CSCwc37142

CGR2010

CGR2010 crashes when issuing the command sh interface transceiver.

Symptoms: This only happens in the case where there is an ESM module along with ATM module.

CSCwc63730

IR800

WSMA gives error despite configuration applied successfully.

Symptoms: When applying configuration using IoT-OD, the router keeps giving an error in WSMA debug, but the configuration is applied successfully in running configuration.

Workaround: Action CLI commands can be used to apply configurations.

Resolved Caveats

The following table lists resolved caveats for Cisco IOS Release 15.9(3)M6a:

Item

Platform

Description

CSCwa78755

IR800

4G: Some of the Serviceability logs on flash are not getting deleted automatically or manually.

Symptoms: Rare flash corruption observed. Some of the DM-logs found on flash could not be deleted after running about two weeks of longevity test. Error observed is “File in use in an incompatible mode”. Because of this corruption, it is possible that the router may not be able to boot up from image on flash if reloaded. If this occurs, the router may need to be booted using an image from TFTP server from ROMMON mode.

Workaround: Reboot the router to delete the older files.

CSCwc20006

CGR2010

Backoff algorithm is not working as expected with dual stack for reject code 33

Expected Results: For VDD-M and VDD-IC, once it is rejected with cause # 33, UE shall not attempt to send PDP Context Request for 5 minutes or more.

Actual Results: UE keeps on sending PDP request for 4 times (with 1 minute or less interval) even after reject cause #33.

CSCwc50545

IR800

IR829 hang after reload at 28V

Symptoms: IR829 hangs indefinitely when a reload is issued when the input power is greater than 24V. The only way to recover it is unplug and re-apply power.

Workaround: On reload, use MCU to power reset in IOS and rommon1 & rommon2 changes to handle reboot/reload using FPGA CPU reset.

Limitation: After BIOS and FPGA upgrade, the rommon1 of the older version image will trigger a reboot which will cause a hang when input power exceeds 24V and requires power cycle and then the BIOS/FPGA upgrade will be completed.

CSCwd22457

IR800

ACL filtering issue in advertising BGP routes to peer.

Symptoms: BGP Route redistribution did not happen, and random crash was seen.

Fix: Handled the ordering related intersections and fix is posted in 159M6a.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.