First Published: August 18, 2023

Last Updated: August 18, 2023

Introduction

The following release notes support the Cisco IOS 15.9(3)M8 release. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.

PSIRT ADVISORY

IMPORTANT INFORMATION - PLEASE READ!

FPGA and BIOS have been signed and updated to new versions.

For the 15.9 Release Train, this image (15.9-3.M) is considered as the baseline. Downgrade is STRICTLY UNSUPPORTED and bundle install to previous releases (158-3.M2a/157-3.M4b/156-3.M6b) will cause an error and fail if attempted. Any manual downgrade [non bundle operations] will impair router functionality thereafter.


Note
After upgrading to this release, make sure to delete any old image files that may still be in the flash: filesystem. This will prevent an unintended IOS downgrade.

For additional information on the PSIRT see the following:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Image Information and Supported Platforms


Note
You must have a Cisco.com account to download the software.

Cisco IOS Release 15.9(3)M8 includes the following Cisco IOS images:

IR8x9

System Bundled Image: ir800-universalk9-bundle.SPA.159-3.M8

This bundle contains the following components:

  • IOS: ir800-universalk9-mz.SPA.159-3.M8

  • Guest Operating System: ir800-ref-gos.img.1.15.0.8.gz

  • Hypervisor: ir800-hv.srp.SPA.3.1.36

  • FPGA: 2.B.0

  • BIOS: 29

  • MCU Application: 53

IR807

IOS Image: ir800l-universalk9-mz.SPA.159-3-M8

CGR1K

System Bundled image: cgr1000-universalk9-bundle.SPA.159-3-M8

This bundle contains the following components:

  • IOS Version: cgr1000-universalk9-mz.SPA.159-3-M8

  • Guest Operating System: cgr1000-ref-gos.img.1.8.2.22.gz

  • Hypervisor: cgr1000-hv.srp.SPA.3.0.70

  • FPGA: 2.E.0

  • BIOS: 18

Important Note Regarding 159-3.M8

CG-OS to IOS Migration:


Note
When migrating from CG-OS to IOS on the CGR1K, Cisco recommends to upgrading from the Golden image to the required IOS image. Refer to the following example:

CG-OS -> 15.8(3)M3b -> <latest version>

Software Downloads

This section contains the following:

IR800 Series

The latest image files for the IR800 product family can be found here:

https://software.cisco.com/download/navigator.html?mdfid=286287045&flowid=75322

Click on the 807, 809 or 829 link to take you to the specific software you are looking for.


Important
MANUAL [non-bundle] DOWNGRADE IS STRICTLY PROHIBITED. For newer releases with the PSIRT fix - while bundle downgrade to 158-3.M2a/157-3.M4b/156-3.M6b is supported, manual downgrade is unsupported.

Note
On the IR8x9 devices, the IR800 bundle image can be copied via Trivial File Transfer Protocol (TFTP) or SCP to the IR800, and then installed using the bundle install flash:<image name> command. The IR800 <image>.bin file can NOT be directly booted using the boot system flash:/image_name. Detailed instructions are found in the Cisco IR800 Integrated Services Router Software Configuration Guide .

Note
On the IR8x9 devices, the cipher dhe-aes-256-cbc-sha (which is used with the commands ip http client secure-ciphersuite and ip http secure-ciphersuite ) is no longer available in IOS 15.6(3)M and later as part of the weak cipher removal process. This cipher was flagged as a security vulnerability.

IR807

The IR807 link shows the following entries:

  • ir800l-universalk9-mz.SPA.<version> .bin

  • ir800l-universalk9_npe-mz.SPA.<version> .bin

IR809

The IR809 link shows the following entries:

  • IOS Software

    • ir800-universalk9-bundle.<version> .bin

    • ir800-universalk9_npe-bundle.<version> .bin

  • IOx Cartridges

    • Yocto 1.7.2 Base Rootfs (ir800_yocto-1.7.2.tar)

    • Python 2.7.3 Language Runtime (ir800_yocto-1.7.2_python-2.7.3.tar)

    • Azul Java 1.7 EJRE (ir800_yocto-1.7.2_zre1.7.0_65.7.6.0.7.tar)

    • Azul Java 1.8 Compact Profile 3 (ir800_yocto-1.7.2_zre1.8.0_65.8.10.0.1.tar)

IR829

The IR829 link shows the following entries:

Software on Chassis

  • IOS Software

    • ir800-universalk9-bundle.<version> .bin

    • ir800-universalk9_npe-bundle.<version> .bin

  • IOx Cartridges

    • Yocto 1.7.2 Base Rootfs (ir800_yocto-1.7.2.tar)

    • Python 2.7.3 Language Runtime (ir800_yocto-1.7.2_python-2.7.3.tar)

    • Azul Java 1.7 EJRE (ir800_yocto-1.7.2_zre1.7.0_65.7.6.0.7.tar)

    • Azul Java 1.8 Compact Profile 3 (ir800_yocto-1.7.2_zre1.8.0_65.8.10.0.1.tar)

AP803 Access Point Module

  • Autonomous AP IOS Software

    • WIRELESS LAN (ap1g3-k9w7-tar.153-3.JH1.tar)

  • Lightweight AP IOS Software

    • WIRELESS LAN (ap1g3-k9w8-tar.153-3.JH1.tar)

    • WIRELESS LAN LWAPP RECOVERY (ap1g3-rcvk9w8-tar.153-3.JH1.tar)

Warning about Installing the Image


Note
The bundle can be copied via Trivial File Transfer Protocol (TFTP), or Secure Copy Protocol (SCP) to the device, and then installed using the bundle install flash:<image name> command. The bin file can NOT be directly booted using the boot system flash:/image_name.

Caution
MANUAL [non-bundle] DOWNGRADE IS STRICTLY PROHIBITED.

Known Limitations

This release has the following limitations or deviations from expected behavior:

Space Limitation

The device requires a minimum 30MB additional space in the flash: file system before attempting an upgrade, or a downgrade between releases. Otherwise, the FPGA/BIOS will not have enough space to store files and perform the upgrade. In these current releases, the bundle installation will not display a warning, but future releases from September 2019 going forward will have a warning.

CSCvq88011 - IR809, IR829

Bundle install should internally handle “firmware downgrade enable” check

Symptoms : If you manually downgrade hypervisor and IOS only from releases (159-3.M+, 158-3.M3+, 156-3.M7+, 157-3.M5+) to the releases (158-3.M2a, 157-3.M4b, 156-3.M6b), the router will be stuck in a boot loop.

Workaround : If you use the recommended 'bundle install' to downgrade, the process will run correctly.

CSCvs86301 - IR8x9

CSCvs86301 - Different DHCP client-identifiers are sent during and after PnP Discovery.

After the 159-3.M1 release, the format of DHCP client-identifier for the IR8x9 device may vary during the PNP onboarding process.

Workaround - Users must re-configure / add the newer client-identifier format on their DHCP server if it was configured with DHCP reservations using the older DHCP client-identifier format.

Example:

Older Format: 004a.4146.3136.3033.414e.5450

Newer Format: 0063.6973.636f.2d30.3032.322e.6264.6535.2e66.6636.322d.4769.322f.32

Major Enhancements

There are no Major Enhancement for the 15.9(3)M8 release.

Caveats

Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.


Note
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account .

For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ .

Open Caveats

The following table lists open caveats for Cisco IOS Release 15.9(3)M8:

Item

Platform

Description

CSCwh20446

IR829

IR829 running 15.9(3)M7a does not remove 'DHCP—Statically Configured Routes' from routing table.

Symptoms: Even though WGB uplink is down and Vlan50 no longer has IP address (via DHCP), DHCP—Statically Configured Routes were not removed from routing table.

CSCwf41862

CGR2010

CGR2010 int g0/0 not sending packets over fiber link.

Symptoms: Fiber connection between CGR2010 and ASK1 randomly not sending packet due to L1 auto-negotiation setting half duplex randomly.

CSCwf85290

CGR1K

Description of the interface gets removed when converting a switch port to routed port or vice versa.

Symptom: When convert a port from switch port to a routed port or from routed port to switch port, the description of the interface gets removed.

Resolved Caveats

The following table lists resolved caveats for Cisco IOS Release 15.9(3)M8:

Item

Platform

Description

CSCwh05064

IR829

Graceful reboot Signal handler to be sent from IR829 to embedded WIFI AP 803 - Without save config.

Symptoms: During ignition timer shutdown, AP will also go for graceful reboot during that time config is saved which might cause random corruption.

CSCwe30292

IR807

PnP Reset will erase the BOOT variable if images present on flash:/managed/images.

Symptoms: In IR807 the Image will be booted from "flash:/managed/images" if there is no image present on flash:/<image>

CSCwf42797

IR829

ignition off-timer values gets auto changed to random values.

Symptoms: Ignition off-timer values gets auto changed from configured 1500 to random values like 0, 100, 400, 900

CSCwe62090

IR829

Devices going into rommon-2 mode and the boot variable is unset in 159(3)M7.

Symptoms: BOOT variable in nvram is not available causing the device to stop in rommon-2.

CSCvz33428

IR829

STATIC IP configured on SVI is lost when changing from DHCP if SVI flaps at the same time.

Symptoms: Static IP address configured on SVI is lost when changing from DHCP if SVI flaps at the same time. This appears to happen intermittently when copying day0 config file from flash to running-config.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.