About Cisco 1000 Series Integrated Services Routers

The Cisco 1000 Series Integrated Services Routers (also referred to as router in this document) are powerful fixed branch routers based on the Cisco IOS XE operating system. They are multi-core routers with separate core for data plane and control plane. There are two primary models with 8 LAN ports and 4 LAN ports. Features such as Smart Licensing, VDSL2 and ADSL2/2+, 802.11ac with Wave 2, 4G LTE-Advanced and 3G/4G LTE and LTEA Omnidirectional Dipole Antenna (LTE-ANTM-SMA-D) are supported on the router.


Note

Explore Content Hub, the all new portal that offers an enhanced product documentation experience. Content Hub offers the following features to personalize your content experience:

  • Faceted Search to find relevant content

  • Customized PDFs

  • Contextual recommendations


New and Enhanced Hardware and Software Features

New and Changed Hardware Features

New Hardware Features

There are no new or changed hardware features in the Cisco IOS XE Amsterdam 17.2.1r release.

New and Changed Software Features

New Software Features

Cisco IOS XE Amsterdam 17.2.1r is the first release for Cisco 1000 Series Integrated Services Routers in the Cisco IOS XE Amsterdam 17.2.1 release series.

  • Install and Deploy Cisco IOS XE and Cisco IOS XE SD-WAN Functionality on Edge Routers: This feature supports the use of a single universalk9 image to deploy Cisco IOS XE SD-WAN and Cisco IOS XE functionality on all the supported devices. The universalk9 image supports two modes - Autonomous mode (IOS XE features) and controlled mode (SD-WAN features).

  • 6VPE over DMVPN with IPv6 Transport: With IPv6 support over DMVPN Provider Edge Routers (6VPE), you can create multi-tenant IPv6 LAN prefixes using an IPv6 DMVPN transport over the IPv4 overlay network

  • Block BGP Dynamic Neighbor Sessions: With this feature, you can block a router from establishing BGP dynamic neighbor sessions with certain nodes in a BGP peer group; these nodes are identified with their IP addresses. The ability to shut down or prevent the creation of BGP dynamic neighbor sessions may be useful when a peer needs maintenance.

  • CPLD Field-Programmable Upgrade: The field-programmable upgrade is performed on a need basis to address any specific issues with the hardware-programmable devices. During an upgrade, you can use field-programmable commands to display the package file version, display progress or perform a CPLD upgrade.

  • Control Router Access with Passwords and Privilege Levels: A simple way of providing terminal access control in your network is to use passwords and assign privilege levels. Password protection restricts access to a network or network device. Privilege levels define commands that users can enter after they have logged into a network device.

  • CUBE: Smart License Trunk Side Counting: Support for Smart Licensing is based on dynamic call counting.

  • Debug Commands for PIM and VRF: This feature introduces debug commands for VRF (debug condition vrf) and PIM (debug ip pim) details, where, the debug condition vrf command limits the debug output to a specific virtual routing and forwarding (VRF) instance. And the debug ip pim command displays the PIM packets received and transmitted, as well as any PIM related events.

  • DHCP Unicast Support on IOS-XE: This feature introduces support for unicast mode on DHCP, which helps in splitting the horizon, and therefore improving security of the network.

  • EBGP Route Propagation without Policies: With this feature, you can configure an EBGP router to not propagate routes to and from an EBGP neighbor when at least one inbound and one outbound policy are not configured for the neighbor.

  • Fail Close Revert Mode: When there is no rekey or the group member is unable to re-register to the key server, group members in GETVPN can remove the downloaded key server policy, and therefore returns to the fail close mode.

  • L2TP - Tunneling and Forwarding Protocols: The Layer2 Tunneling Protocol on the Cisco 1000 Integrated Services Routers platform now allows L2TP tunnelling and forwarding of Layer2 protocols.

  • L2TPv3 on Switch Virtual Interface: Routed interfaces and sub interfaces supports L2TPv3, which is now extended to Service Virtual interface (SVI).

  • LISP Support for TCP Authentication Option: Use TCP Authentication Option (TCP AO) to secure against spoofed TCP segments in the sessions between an ETR and an MS.

  • NetFlow Exported Packet with VPN-ID: With VPN-ID in netflow exported packet, you can now identify a VPN using the MPLS VPN-ID.

  • Partial Configuration on CPE: With this feature, you can now apply the partial configuration of the CPE using the download RPC method in CWMP instead of a manual configuration.

  • Reset Button: This functionality is used to recover the Cisco 1000 series ISRs that go into non-responsive mode. To boot a non-responsive device, press the Reset button to install the preconfigured “golden.bin” image and “golden.cfg” configurations.

  • Support for Spoke Nodes in MPLS over DMVPN: You can now configure a spoke node as either a P node or PE node in an MPLS over DMVPN deployment. To configure the spoke node, MP-BGP is required to redistribute the route or label information between the spoke node and a PE node behind it.

ROMmon Compatibility Matrix

The following table lists the ROMmon releases supported in Cisco IOS XE 16.x.x releases and Cisco IOS XE 17.x.x releases

Table 1. Minimum and Recommended ROMmon Releases Supported on Cisco 1000 Series Integrated Services Routers

Cisco IOS XE Release

Minimum ROMmon Release Supported for IOS XE

Recommended ROMmon Release Supported for IOS XE

16.6.x

16.6(1r)

16.6(1r)

16.7.x

16.6(1r)

16.6(1r)

16.8.x

16.8(1r)

16.8(1r)

16.9.x

16.9(1r)

16.9(1r)

16.10.x

16.9(1r)

16.9(1r)

16.11.x

16.9(1r)

16.9(1r)

16.12.x

16.9(1r)

16.12(1r)

17.2.x

16.9(1r)

16.12(1r)

Resolved and Open Bugs

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Resolved Bugs in Cisco IOS XE Amsterdam 17.2.1r

Caveat ID Number

Description

CSCvg79330

enable platform ipsec control plane conditional debug might cause FP/QFP IPsec outbound SA leak

CSCvp72039

Ucode crash in infra with injected jumbo packet

CSCvq43550

C1111-4P doesn't restart authentication for "clear authen session" if "authen open" the port

CSCvq47444

CLI "config-exchange request" for any ikev2 profile has inconsistent behavior between IOS and confd

CSCvq71864

Crash after executing "show archive config differences"

CSCvq75610

freed rpi_parent is hit when deleting parent route by route update event

CSCvq81620

Router crashes with ZBF HA sync.

CSCvq85556

QoS configuration download failed when device reloading

CSCvq85913

FlexVPN with password encryption -- after MasterKey change password in profile is not working

CSCvq87063

getvpn suiteb:KS sends delete payload to gm's while scheduled rekey after primary KS dead/readded

CSCvq90361

NHRP process crash on using same tunnel address on multiple spokes

CSCvq93850

Passive FTP will fail when going over NAT and either client or server are off a SM-X-ES3

CSCvq98095

Gi0/0/0 interface stays up/up and LED green after cable removed

CSCvq99498

Crashes when trying to bring-up / bring-down IPsec crypto session for OSPFv3

CSCvr00983

Unrecoverable Error with PVDM in 0/4 and Thule+dreamliner in 1/0 on ISR4300

CSCvr01327

incorrect Total number of translations on show ip nat translations

CSCvr01454

Punt fragment crash when receive EoGRE packets which have many fragments

CSCvr05193

IOS PKI | Intermittently SubCA fails to rollover

CSCvr05214

NAT translation table is removed before IKE SA deleted when idle timeout occur

CSCvr17169

qfp ucode crash with media monitor

CSCvr18570

When user cancel Call Forward All from the analog phone, user can't hear the confirmation tone

CSCvr24498

keyman_rp Memory Leak

CSCvr26524

Crash due to NBAR classification

CSCvr31188

GETVPN gikev2 Secondary KS doesn't push new policy after merging split condition

CSCvr33415

Router may crash unexpectedly with Segmentation fault(11), Process = DSMP

CSCvr39932

IPSEC install failed IPSEC_PAL_SA shows "unexpected number of parents"

CSCvr42776

FMAN crashed after firewall reconfiguration

CSCvr42823

Umbrella local domain bypass list is not programmed to DP, FMFP-3-OBJ_DWNLD_TO_DP_FAILED

CSCvr48349

ESP ucode crashed when running NAT with bpa (CGN)

CSCvr55746

Device becomes unresponsive when configuring l2vpn context

CSCvr57565

MGCP Calls with SRTP fail to connect with Cause Value=47 due to T.38 calls

CSCvr61217

GetVPN-ISR4461// Getvpn traffic is failing with Transport mode with all the versions.

CSCvr65986

ISR1K: dot1q-tunneling ports broadcast unknown unicast traffic to all other local switch ports

CSCvr89957

CFT crashed frequently

CSCvr89973

NIM interfaces go into shutdown after router bootup.

CSCvr96597

IOS-XE crash after doing a SCEP enrollment

CSCvs00410

MKA session up but unable to pass data across link using AES-256-XPN cipher

CSCvs02000

%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space

CSCvs04194

Process = Exec crash seen on dmap longevity testbed with clear cry sa peer several times

CSCvs05043

ESP40 crash in CGN mode after apply "ip nat setting mode cgn" and "no shut" interface

CSCvs07609

Portchannel stats not working on ASR1002-HX

CSCvs08681

Crash triggered with IPv6, IPv4, PPPoE, PortChannel and NAT

CSCvs13960

IWAN High CPU and Memory

CSCvs18317

C1111X-8P Sku tagged to 4P software tag incorrectly

CSCvs29535

IWAN crash related to DCA channel

CSCvs70052

ALG with NAT trigger a crash when a DNS writeback occurs

CSCvs86573

Connect message is never forwarded to the calling side

Open Caveats in Cisco IOS XE Amsterdam 17.2.1r

Caveat ID Number

Description

CSCvh24730

PfRv3: Crash while Printing the Same TCA Message

CSCvp88044

Performance Monitor crash