First Published: April 24, 2026

About Cisco 1000 Series Integrated Services Routers

The Cisco 1000 Series Integrated Services Routers (also referred to as router in this document) are powerful fixed branch routers based on the Cisco IOS XE operating system. They are multi-core routers with separate core for data plane and control plane. There are two primary models with 8 LAN ports and 4 LAN ports. Features such as Smart Licensing, VDSL2 and ADSL2/2+, 802.11ac with Wave 2, 4G LTE-Advanced and 3G/4G LTE and LTEA Omnidirectional Dipole Antenna (LTE-ANTM-SMA-D) are supported on the router.

Smart Licensing Using Policy

Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.

The licensing utilities and user interfaces that are affected by this limitation include only the following:

  • Cisco Smart Software Manager (CSSM),

  • Cisco Smart License Utility (CSLU), and

  • Smart Software Manager On-Prem (SSM On-Prem).

Product Field Notice

Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.

We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.

New and Changed Hardware Features

New and Changed Software Features in Cisco IOS XE 26.1.1

Table 1. New software features for Cisco 1000 Series Integrated Services Routers, Release 26.1.1

Product impact

Feature

Description

Ease of Setup

Unified Threat Defense Support for Cisco Catalyst IR8100 Heavy Duty Series Router

From this release, this feature supports selective activation of Unified Threat Defense (UTD) capabilities. Specifically, the IR8140 supports Intrusion Prevention System (IPS) and Intrusion Detection System (IDS).

Software Reliability

DNS Security and increase the support for Local domain bypass scale to 256

From this release, the scale for Fully Qualified Domain Name (FQDN) bypass entries has been increased to 256. This allows administrators to configure up to 256 FQDNs for local domain bypass, providing greater flexibility and control over domain-specific routing and access policies within Cisco Secure Access.

Software Reliability

Enhancements for NGFW in Policy Groups

This feature introduces support for NGFW Policy Groups, that includes import and export of firewall policies, display of rule hit counts, drag-and-drop rule reordering to update priority, visibility of policy and object usage references in the NGFW Dashboard, and retention of rule and policy names in the running CLI configuration.

Ease of Use

One minute granularity interface statistics using Cisco Catalyst SD-WAN Manager

This feature enables the collection of granular interface statistics from devices every minute, providing real-time insights for effective troubleshooting and ensuring optimal performance.

Upgrade

Firmware Upgrade

From Cisco IOS XE 26.1.1 release, you can use Cisco Catalyst SD-WAN Manager to select a device that either has a Wi-Fi module or Cellular module and perform firmware upgrade only for the specific device.

Ease of Use

BGP Advertisement Startup Delay

When a Border Gateway Protocol (BGP) process initializes during a router reload or when BGP routing sessions are reset by using the clear ip bgp* command, it could result in a temporary period of traffic loss. The BGP Advertisement Startup Delay feature addresses this issue by introducing a configurable delay before BGP begins advertising routes to its neighbors. This delay allows sufficient time for routes to be installed in the hardware, ensuring traffic forwarding is ready before new routes are announced.

CUBE FEATURES

Upgrade

Advanced TLS security compliance and control

From Cisco IOS XE 26.1.1 onwards, weaker TLS versions (v1.0, v 1.1) and associated ciphers are not supported in default configurations. However, these insecure configurations are supported in "insecure operation-mode" for CUBE and SRST, and support for non-compliant ciphers has been discontinued in both platforms.

Security

Dual certificate support for SIP trunk client and server functionality

From Cisco IOS XE 26.1.1 onwards, the feature allows provisioning and assigning separate certificates for client and server roles on each SIP trunk in CUBE.

Resilient Infrastructure

Software Reliability

Resilient Infrastructure

As part of the ongoing commitment to network security, this release introduces secure alternatives to legacy commands. These updates are designed to mitigate potential risks and assist in establishing a more robust and secure operational baseline.

The identified insecure commands are categorized as:

  • Line transport: Updates to secure remote access methods.

  • Device server configuration: Hardening of server-side settings.

  • File transfer protocols: Transitioning to encrypted transfer methods.

  • SNMP: Enhancements to secure management traffic.

  • Passwords: Strengthening authentication and credential management.

  • Miscellaneous: General security improvements for various system functions.

For all detected insecure configurations during device boot or upgrade, error messages are displayed.

In Cisco IOS XE 26.1.1 release, all insecure CLI commands are blocked by default to strengthen your network infrastructure. If your environment requires the use of a legacy command, you must enable the system mode insecure command in global configuration mode.

  • Recommendation: Do not use insecure mode. This mode is temporary and will be removed in a future release. Identify and replace all insecure commands with their secure alternatives.

  • Upgrade behavior: If you upgrade to Cisco IOS XE 26.1.1 release with insecure commands already present in the running configuration, the system mode insecure command is automatically added to your configuration to prevent service disruption.

For more information, refer this document Routing-SD-WAN Resilient Infrastructure

Cisco ISR1000 ROMmon Compatibility Matrix

The following table lists the ROMmon releases supported in Cisco IOS XE 16.x.x releases and Cisco IOS XE 17.x.x releases.


Warning
Device unrecoverable after upgrade failure

If a device running certain older Cisco IOS XE releases (earlier than 17.5.x) has password recovery disabled and experiences an upgrade failure to Cisco IOS XE 17.11.x or later, the device may become unrecoverable.

To mitigate this risk, upgrade the device to any Cisco IOS XE image between 17.5.x and 17.10.x before upgrading to the destination Cisco IOS XE release (17.11.x or later). Refer to the Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE 17.11.x for specific upgrade steps.

Subsequent release notes include this guidance. For example, refer to the Release Notes for Cisco ISR 1000 Series, Cisco IOS XE Dublin 17.13.1.


Warning
Recommendations before upgrade

Before you upgrade, consider these actions:

  • Configure the old working image as a backup image before performing the upgrade. For example:

Router(config)# no boot system
Router(config)# boot system bootflash:new.bin
Router(config)# boot system bootflash:old.bin

  • Enable password recovery before you upgrade. After the upgrade, reapply no service password-recovery for security. For example: 

Router(config)# service password-recovery

(After upgrade)

Router(config)# no service password-recovery

Note
Reset button behavior

The Reset button behavior changes when specific ROMmon and Cisco IOS XE versions are in use:

  • If ROMmon is 16.12(2r) or later, and Cisco IOS XE is 17.2.1 or later:

    The Reset button does not take effect if no service password-recovery strict is configured.

  • If ROMmon is earlier than 16.12(2r):

    The factory reset does not take effect, regardless of whether the strict option is included.

Note

To identify the manufacturing date, use the show license udi command. For example: 

Router#show license udi 
UDI: PID:C1131-8PLTEPWB,SN:FGLxxxxLCQ6

The xxxx in the command output represents the manufacturing date.

  • If the manufacturing date is greater than or equal to 0x2535, the manufactured ROMmon version is 17.6(1r) or higher.

  • If the manufacturing date is less than 0x2535, the ROMmon will be automatically upgraded to 17.5(1r) or above when the Cisco IOS XE 17.9.x release is installed.

  • The minimal or recommended ROMmon version for devices using Cisco IOS XE 17.5 or later is 17.5(1r) or later.

Note

To upgrade to Cisco IOS XE Dublin 17.12.x, follow these steps:

  1. If you are on a device that is running software version between Cisco IOS XE 16.x to Cisco IOS XE 17.4.x, upgrade to any IOS XE image between Cisco IOS XE 17.5.x to Cisco IOS XE 17.10.x.

  2. After performing step 1, upgrade to Cisco IOS XE 17.12.x.

  3. For devices that are running on software version Cisco IOS XE 17.5.x or later, you can upgrade to Cisco IOS XE 17.12.x directly.
Table 2. Minimum and Recommended ROMmon Releases Supported on Cisco 1000 Series Integrated Services Routers

Cisco IOS XE Release

Minimum ROMmon Release for IOS XE

Recommended ROMmon Release for IOS XE

26.1.x

17.5(1r)

26.1(1r)

Resolved and Open Bugs in Cisco IOS XE 26.1.x

Resolved Bugs in Cisco IOS XE 26.1.1


Note

Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.
Table 3. Resolved issues for Cisco 1000 Series Integrated Services Routers, Release 26.1.1

Identifier

Headline

CSCws40263

Microcode failure due to a stuck thread during Network Address Translation session database walk.

CSCwr30573

Transport Locator extension unable to program due to module boot-up timing.

CSCws89172

Failure at cft_engine_handle_vrf_associate_if_needed on device with Internet Protocol version 6 traffic.

CSCwr11064

Speed test session timeout notification is not clear enough for the user to retrieve details.

CSCwq77458

Forwarding Manager failure after Flexible NetFlow configuration changes.

CSCwr00088

Add CLI to change per MPLS label Cisco Express Forwarding statistics query interval on Forwarding Manager Forwarding Plane.

CSCwr06399

Certificate verification fails and identity certificate is not installed after device reload for certificates with Elliptic Curve Key 521.

CSCwr08462

Device issue where the Network Address Translation router is not responding to Address Resolution Protocol requests.

CSCws62501

IOSd failure with match authentication-status unauthenticated configured.

CSCwr44921

SD-WAN device: Failures due to Central Processing Unit usage exceeding thresholds from memory pressure.

CSCwq98154

Multicast traffic not forwarded over Point-to-Point Dynamic Multipoint Virtual Private Network phase 1 tunnel.

CSCwq43883

Converting Layer 2 routed port channel to Layer 3 is broken on the device.

CSCws11840

SNMP: snmpwalk for cellular Global Positioning System coordinates is missing decimals.

Open Bugs in Cisco IOS XE 26.1.1

This software release may contain open bugs first identified in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.

Table 4. Open issues for Cisco 1000 Series Integrated Services Routers, Release 26.1.1

Identifier

Headline

CSCwt60648

FIPS support for DC in 26.1.2 throttle.

CSCwt43938

Quality of Service (QoS) counters fail to increment for both the FQDN matching class and the default class.

CSCws66553

The device process fails during extended operation and when clearing specific network events.

CSCwt22006

Web UI bootstrapping failure due to invalid configuration causes persistent configuration merge errors, despite subsequent corrections.

CSCwt22873

High QFP Caused by "all-host" Limit in - Carrier Grade NAT mode.

CSCwt07572

RADIUS packets are being silently consumed by the UTD engine on the device.

CSCws98086

Update the "reason for state change: MAX" message in the BFD syslog.

CSCwt28048

The preferred-color-group restriction is not being honored in the data policy.

CSCws99246

Clarification regarding the operation that enables communication from outside the NAT.

CSCwt29648

Packets are dropped due to bad IP checksums when segment-routing is configured over encrypted tunnels on the device interface.

CSCwt27474

The hardcoded autonomous system number needs to be removed and replaced with an automatic detection mechanism.

CSCwt18839

A segmentation fault occurs in the control plane server process while printing trace data.

CSCws95387

The PCG configuration is not being removed from the forwarding plane.

CSCwr76176

BFD SD-WAN PMTUD: The PMTU converges unexpectedly to 970 bytes after a debug event on the device.

CSCws40270

SD-WAN device: Over 100 SSHd/Netconf sessions are active concurrently on the same device.

CSCwt21819

Device: A memory leak is occurring under the cfgmgr process.

CSCwq00263

IPv6 IPsec packets are being dropped in SVTI AH in transport mode, causing ping failures for packets of a specific size.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business results you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.

Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.