Release Notes for the Cisco Catalyst IR1101 Rugged Series Router - Release 17.2.1
Image Information and Supported Platforms
Downgrading from 16.12.1 to 16.11.1x
Day-0 WebUI Feature Not Supported
Yang Data Model Support for Raw Socket Transport
Digital IO for IOx container applications
L2 Sticky Secure MAC Addresses
The following release notes support the Cisco IR1101 router. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.
This publication consists of the following sections:
■ Image Information and Supported Platforms
■ Caveats
The Cisco IR1101 Industrial Integrated Services Router is a next generation modular industrial router which has a base module with additional Pluggable Modules that can be added. The Pluggable Module provides the flexibility of adding different interfaces to the IR1101 platform, for example, a cellular module.
The IR1101 ISR also has an Expansion Module that adds key capabilities such as dual LTE Pluggables, mSATA SSD FRU, SFP, and Digital GPIO connections.
Note: Complete details on the IR1101 and both Expansion Modules can be found in the IR1101 Industrial Integrated Services Router Hardware Installation Guide.
Note : The IR-1100-SP Expansion Module is the same as the IR-1100-SPMI module, without the Digital I/O and mSATA components.
Note : You must have a Cisco.com account to download the software.
Cisco IOS-XE releases generally follow the schedule as follows:
■Standard Maintenance (SM) Release - Defect fixes for 6 months, and PSIRT fixes for 6 months.
■Extended Maintenance (EM) Release - Defect fixes for 24 months, and PSIRT fixes for 12 months.
There are typically 3 major releases each year:
■End of March - Standard Maintenance
Cisco IOS-XE Release 17.2.1 includes the following Cisco images:
■ir1101-universalk9.17.02.01.SPA.bin
■ir1101-universal9_npe.17.02.01.SPA.bin
Note : This release introduces a single image for both autonomous and SDWAN.
The latest software downloads for the IR1101 can be found at:
https://software.cisco.com/download/home/286287045
Click on the IR1101 link to take you to the specific software you are looking for.
This release has the following limitations or deviations for expected behavior:
Symptoms : If an IR1101 with RJ45 Gig0/0/0 WAN is downgraded from 16.12.1 to 16.11.1 x or earlier, it will cause the Gig0/0/0 to fail to come up because its media-type is set to media-type sfp. The problem occurs because 16.12.1 or later automatically selects the correct media-type of the Gig0/0/0 interface, while 16.11.1x and earlier does not have that capability.
Workaround : Specifically set the correct media-type for the Gig0/0/0 interface (e.g. media-type rj45) prior to any downgrade.
An IR1101 operating in SDWAN Controller-mode must not downgrade to Cisco IOS XE Release 17.1.1. This is not supported for SDWAN. Instead, use Cisco IOS XE Release 16.12.1.
Note: Cisco IOS XE Release 16.12.1 supports separate Autonomous (non-SDWAN) and SDWAN Controller-mode images.
The Day-0 WebUI feature is not supported with the 17.2.1 release. Users need to configure the Router to access Day-1 WebUI. Refer the Day-1 WebUI configuration webpage for further details.
https://www.cisco.com/c/en/us/td/docs/routers/access/1101/software/configuration/guide/b_IR1101config/m-open_plug_n_play_chapter.html
The following features are included in the Cisco IOS-XE release 17.2.1:
There is a new LTE pluggable module available, the P-LTEAP18-GL 4G module based on Telit LM960 Cat18 4G LTE modem.
Native Docker Support has been added to the 17.2.1 release. This feature enables users to deploy the docker applications on the IR1101. The application lifecycle process is similar to the procedure in the Installing and Uninstalling Apps section. For docker applications, entry point configuration is required as part of the application configuration. Please refer to the following example for the entry point configuration.
The output for docker applications is shown in the following example:
Release 17.2.1 adds support for additional Yang Data Models. These additional models include Raw Socket Transport.
Yang Data Models can be found here:
https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1721
There are two feature modules available for raw socket that belong to the main Cisco-IOS-XE-native model. They are:
This module contains a collection of YANG definitions for Raw Socket Transport Configuration commands.
This module has the following corresponding Cli commands:
■Cisco-IOS-XE-rawsocket-oper.yang
This module contains a collection of YANG definitions for Raw Socket Transport operational data.
This module has the following corresponding Cli commands:
The following is a list of the Dependent Modules:
Release 17.2.1 provides support for IOx container applications to be able to access the digital IO. There is a new CLI that has been added to the alarm contact command.
Enabling the attach-to-iox command will provide complete control of all Digital IO ports to IOx. The ports will be exposed as four character devices /dev/dio-[1-4] to IOX applications. You can use read/write functions to get/set values of the Digital IO ports.
If you wish to update the mode, you can write the mode value to the character device file. This is accomplished by IOCTL calls to read/write the state, change mode, and read the true analog voltage of the port. Following this method, you can attach analog sensors to the IR1101. All ports are initially set to Input mode with voltage pulled up to 3.3v.
This is a new feature for the IR1101, however, it has been long supported in Cisco IOS releases.
You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. The interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. All sticky secure MAC addresses are added to the running configuration.
The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost.
It is a security violation when one of these situations occurs:
■The maximum number of secure MAC addresses have been added to the address table, and a station whose MAC address is not in the address table attempts to access the interface.
■An address learned or configured on one secure interface is seen on another secure interface in the same VLAN.
You can configure the interface for one of three violation modes, based on the action to be taken if a violation occurs:
■protect—when the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred.
Note : If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.
■restrict—when the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.
■shutdown—a port security violation causes the interface to become error-disabled and to shut down immediately, and the port LED turns off. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.
■shutdown vlan—Use to set the security violation mode per-VLAN. In this mode, the VLAN is error disabled instead of the entire port when a violation occurs
Cisco Signed applications are now supported on the IR1101. In order to install a signed application, signed verification has to be enabled on the device. Signed verification can be enabled by following the following instructions.
After enabling the signed verification, follow the instructions in the Installing and Uninstalling Apps section under IOx Application Hosting in order to install the application.
The following documentation is available:
■All of the Cisco IR1101 Industrial Integrated Services Router documentation can be found here:
https://www.cisco.com/c/en/us/support/routers/1100-series-industrial-integrated-services-routers/tsd-products-support-series-home.html
■Cisco SD-WAN Configuration Guides:
https://www.cisco.com/c/en/us/support/routers/sd-wan/products-installation-and-configuration-guides-list.html
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Note : You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Benign bootup warning messages appear on the console.
Symptom : The following messages are seen during bootup:
Workaround : Ignore these messages. They are not indicating any problem, and will be removed in a future release.
mSATA module incorrectly displays OID value.
Symptoms : When the IR1101 is equipped with the IRM-1000-SPMI Expansion module, the mSATA displays same OID value as the IRM-1000-SPMI.
Workaround : None. Fix will be included in release 17.3.1.
When a Specific License Reservation (SLR) is applied, it will appear as authorized until the next reload. It does not persist through the router reload, but instead is reported as evaluation mode.
To restore the SLR after the reload, reinstall the authorization code.
For example use the following CLI:
Once the SLR is re-installed, it is reported as authorized:
Workaround : Re-install the SLR per the instructions above, or upgrade to IOS-XE 17.3.1
SPAN capture in both directions is only capturing in one direction.
Changing the out of the box baud rate in ROMMON to be 9600.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Model Driven Telemetry - gRPC Dial-Out: Expands existing Model Driven Telemetry capabilities with the addition of gRPC protocol support and Dial-Out (configured) telemetry subscriptions.
YANG Data Models: For the list of Cisco IOS XE YANG models available navigate to:
https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/
Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release.