Cisco IOS-XE Release Schedule

Cisco IOS-XE releases generally follow the schedule as follows:

■Standard Maintenance (SM) Release - Defect fixes for 6 months, and PSIRT fixes for 6 months.

■Extended Maintenance (EM) Release - Defect fixes for 24 months, and PSIRT fixes for 12 months.

There are typically 3 major releases each year:

■End of March - Standard Maintenance

■End of July - Extended Maintenance

■End of November - Standard Maintenance

Cisco IOS-XE Release 17.2.1

Cisco IOS-XE Release 17.2.1 includes the following Cisco images:

■ir1101-universalk9.17.02.01.SPA.bin

■ir1101-universal9_npe.17.02.01.SPA.bin

Note : This release introduces a single image for both autonomous and SDWAN.

The latest software downloads for the IR1101 can be found at:

https://software.cisco.com/download/home/286287045

Click on the IR1101 link to take you to the specific software you are looking for.

Table 1 Hardware Interface Naming Convention

Port	Naming Convention
Gigabit Ethernet combo port	Gigabitethernet 0/0/0
Gigabit Ethernet SFP port on Expansion Module	Gigabitethernet 0/0/5
Fast Ethernet ports	Fastethernet0/0/1-0/0/4
Cellular Interface on IR1101 Base	Cellular 0/1/0 and Cellular 0/1/1
Cellular Interface on Expansion Module	Cellular 0/3/0 and Cellular 0/3/1
Asynchronous Serial Interface	Async 0/2/0
USB	usbflash0:
mSATA	msata
IR1101 Base Unit Alarm input	alarm contact 0
GPIO on Expansion Module	alarm contact 1-4

Downgrading from 16.12.1 to 16.11.1x

Symptoms : If an IR1101 with RJ45 Gig0/0/0 WAN is downgraded from 16.12.1 to 16.11.1 x or earlier, it will cause the Gig0/0/0 to fail to come up because its media-type is set to media-type sfp. The problem occurs because 16.12.1 or later automatically selects the correct media-type of the Gig0/0/0 interface, while 16.11.1x and earlier does not have that capability.

Workaround : Specifically set the correct media-type for the Gig0/0/0 interface (e.g. media-type rj45) prior to any downgrade.

An IR1101 operating in SDWAN Controller-mode must not downgrade to Cisco IOS XE Release 17.1.1. This is not supported for SDWAN. Instead, use Cisco IOS XE Release 16.12.1.

Note: Cisco IOS XE Release 16.12.1 supports separate Autonomous (non-SDWAN) and SDWAN Controller-mode images.

Day-0 WebUI Feature Not Supported

The Day-0 WebUI feature is not supported with the 17.2.1 release. Users need to configure the Router to access Day-1 WebUI. Refer the Day-1 WebUI configuration webpage for further details.

https://www.cisco.com/c/en/us/td/docs/routers/access/1101/software/configuration/guide/b_IR1101config/m-open_plug_n_play_chapter.html

Support for New Modem

There is a new LTE pluggable module available, the P-LTEAP18-GL 4G module based on Telit LM960 Cat18 4G LTE modem.

Native docker support

Native Docker Support has been added to the 17.2.1 release. This feature enables users to deploy the docker applications on the IR1101. The application lifecycle process is similar to the procedure in the Installing and Uninstalling Apps section. For docker applications, entry point configuration is required as part of the application configuration. Please refer to the following example for the entry point configuration.

The output for docker applications is shown in the following example:

Yang Data Model Support for Raw Socket Transport

Release 17.2.1 adds support for additional Yang Data Models. These additional models include Raw Socket Transport.

Yang Data Models can be found here:

https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1721

There are two feature modules available for raw socket that belong to the main Cisco-IOS-XE-native model. They are:

■Cisco-IOS-XE-rawsocket.yang

This module contains a collection of YANG definitions for Raw Socket Transport Configuration commands.

This module has the following corresponding Cli commands:

■Cisco-IOS-XE-rawsocket-oper.yang

This module contains a collection of YANG definitions for Raw Socket Transport operational data.

This module has the following corresponding Cli commands:

The following is a list of the Dependent Modules:

■Cisco-IOS-XE-native

■ Cisco-IOS-XE-features

■ ietf-inet-types

■ Cisco-IOS-XE-interfaces

■ Cisco-IOS-XE-ip

■ Cisco-IOS-XE-vlan

■ ietf-yang-types @ (any revision)

■ cisco-semver

Digital IO for IOx container applications

Release 17.2.1 provides support for IOx container applications to be able to access the digital IO. There is a new CLI that has been added to the alarm contact command.

Enabling the attach-to-iox command will provide complete control of all Digital IO ports to IOx. The ports will be exposed as four character devices /dev/dio-[1-4] to IOX applications. You can use read/write functions to get/set values of the Digital IO ports.

If you wish to update the mode, you can write the mode value to the character device file. This is accomplished by IOCTL calls to read/write the state, change mode, and read the true analog voltage of the port. Following this method, you can attach analog sensors to the IR1101. All ports are initially set to Input mode with voltage pulled up to 3.3v.

The following are examples of IOCTL calls:

Read Digital IO Port:

Write to Digital IO Port:

Change mode:

List of IOCTLs supported:

Read State using IOCTL:

Change mode using IOCTL:

L2 Sticky Secure MAC Addresses

This is a new feature for the IR1101, however, it has been long supported in Cisco IOS releases.

You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning. The interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. All sticky secure MAC addresses are added to the running configuration.

The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost.

Security Violations

It is a security violation when one of these situations occurs:

■The maximum number of secure MAC addresses have been added to the address table, and a station whose MAC address is not in the address table attempts to access the interface.

■An address learned or configured on one secure interface is seen on another secure interface in the same VLAN.

You can configure the interface for one of three violation modes, based on the action to be taken if a violation occurs:

■protect—when the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred.

Note : If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.

■restrict—when the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.

■shutdown—a port security violation causes the interface to become error-disabled and to shut down immediately, and the port LED turns off. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.

■shutdown vlan—Use to set the security violation mode per-VLAN. In this mode, the VLAN is error disabled instead of the entire port when a violation occurs

Command Line Interface

Under switch interface, add port-security cli.

Signed Application Support

Cisco Signed applications are now supported on the IR1101. In order to install a signed application, signed verification has to be enabled on the device. Signed verification can be enabled by following the following instructions.

After enabling the signed verification, follow the instructions in the Installing and Uninstalling Apps section under IOx Application Hosting in order to install the application.

Open Caveats

■ CSCvu75971

Benign bootup warning messages appear on the console.

Symptom : The following messages are seen during bootup:

Workaround : Ignore these messages. They are not indicating any problem, and will be removed in a future release.

■ CSCvt74109

mSATA module incorrectly displays OID value.

Symptoms : When the IR1101 is equipped with the IRM-1000-SPMI Expansion module, the mSATA displays same OID value as the IRM-1000-SPMI.

Workaround : None. Fix will be included in release 17.3.1.

■ CSCvv66502

When a Specific License Reservation (SLR) is applied, it will appear as authorized until the next reload. It does not persist through the router reload, but instead is reported as evaluation mode.

Symptoms :

For example:

To restore the SLR after the reload, reinstall the authorization code.

For example use the following CLI:

Once the SLR is re-installed, it is reported as authorized:

Workaround : Re-install the SLR per the instructions above, or upgrade to IOS-XE 17.3.1

Resolved Caveats

■ CSCvs73854

SPAN capture in both directions is only capturing in one direction.

■ CSCvs39466

Changing the out of the box baud rate in ROMMON to be 9600.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Model Driven Telemetry - gRPC Dial-Out: Expands existing Model Driven Telemetry capabilities with the addition of gRPC protocol support and Dial-Out (configured) telemetry subscriptions.

YANG Data Models: For the list of Cisco IOS XE YANG models available navigate to:

https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/

Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release.

© 2019-2020 Cisco Systems, Inc. All rights reserved.