Cisco 4000 Series Integrated Services Routers Overview


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).

The following table lists the router models that belong to the Cisco 4000 Series ISRs.

Cisco 4400 Series ISR

Cisco 4300 Series ISR

Cisco 4200 Series ISR

Cisco 4431 ISR

Cisco 4321 ISR

Cisco 4221 ISR

Cisco 4451 ISR

Cisco 4331 ISR

Cisco 4351 ISR

System Requirements

The following are the minimum system requirements:

  • Memory: 4GB DDR3 up to 16GB

  • Hard Drive: 200GB or higher (Optional). (The hard drive is only required for running services such as Cisco ISR-WAAS.)

  • Flash Storage: 4GB to 32GB

  • NIMs and SM-Xs: Modules (Optional)

  • NIM SSD (Optional)

Determining the Software Version

You can use the following commands to verify your software version:

  • For a consolidated package, use the show version command

  • For individual sub-packages, use the show version installed command

Upgrading to a New Software Release

To install or upgrade, obtain a Cisco IOS XE Everest 16.4.1 consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html . To run the router using individual sub-packages, you also need to first download the consolidated package and extract the individual sub-packages from a consolidated package.

For information about upgrading software, see the “How to Install and Upgrade Software” section in the Software Configuration Guide for the Cisco 4000 Series ISRs.

Recommended Firmware Versions

Table 1 provides information about the recommended Rommon and CPLD versions for releases prior to Cisco IOS XE Everest 16.4.1.

Table 1. Recommended Firmware Versions

Cisco 4000 Series ISRs

Existing RoMmon

Cisco Field-Programmable Devices

Cisco 4451 ISR

15.3(3r)S1

15010638

Note 
Upgrade CLI output has a typo and it would show the version incorrectly as 15010738 instead of 15010638. This does not impact the upgrade.

Cisco 4431 ISR

15.4(2r)S

15010638

Note 
Upgrade CLI output has a typo and it would show the version incorrectly as 15010738 instead of 15010638. This does not impact the upgrade.

Cisco 4351 ISR

15.4(3r)S3

14101324

Cisco 4331 ISR

15.4(3r)S5

14101324

Cisco 4321 ISR

15.4(3r)S5

14101324

Cisco 4221 ISR

15.4(3r)S5

14101324

Upgrading Field-Programmable Hardware Devices

The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.

Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.

From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs .

Feature Navigator

You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on cisco.com is not required.

Limitations and Restrictions

The following limitations and restrictions apply to all releases:

Smart Licensing

Ensure that the device is running the Cisco IOS XE Everest 16.6.1 version that supports the Smart Licensing mode.

Cisco Unified Threat Defense

The Cisco Unified Threat Defense (UTD) service requires a minimum of 1 to 4 GB of DRAM.

Cisco ISR-WAAS and AppNav-XE Service

The Cisco ISR-WAAS/AppNav service requires a system to be configured with a minimum of8GB of DRAM and 16GB flash storage. For large service profiles, 16GB of DRAM and 32GB flash storage is required. Also, Cisco ISR-WAAS requires a minimum of 200GB SSD.

IPsec Traffic

IPsec traffic is restricted on the Cisco ISR 4451-X. The router has the same IPsec functionality as a Cisco ISR G2. The default behavior of the router will be as follows (unless an HSECK9 license is installed):

  • If the limit of 225 concurrent IPsec tunnels is exceeded, no more tunnels are allowed and the following error message appears:

%CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.
  • When the throughput value for the inbound (decrypted) traffic exceeds 85Mbps, subsequent IPsec traffic in that direction will be dropped and the following message will be displayed:

%IOSXE-4-PLATFORM:cpp_cp: QFP:0.0 Thread:001 TS:00000001786413378010 %CERM_DP-4-DP_RX_BW_LIMIT: Maximum Rx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
  • To avoid this restriction and enable full IPsec functionality on the router, install an HSECK9 feature license.
  • The Cisco 4000 Series ISR does not currently support nested SA transformation such as:

crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac 
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac 
  • The Cisco 4000 Series ISR does not currently support COMP-LZS configuration.

CUBE–SRTP Calls

Cisco IOS XE Everest release 16.5.1 is not recommended for Cisco Unified Border Element deployment involving SRTP calls.

USB Etoken

USB Etoken is not supported on Cisco IOS XE Denali 16.2.1.

Unified Communication on Cisco 4000 Series ISR

  • For T1/E1 clocking design and configuration changes, For detailed information, see the following Cisco document: T1/E1 Voice and WAN Configuration Guide.

  • For Cisco ISR 4000 Series UC features interpretation with CUCM versions, For detailed information, see the following Cisco document: Compatibility Matrix .

  • For High density DSPfarm PVDM (SM-X-PVDM) and PVDM4 DSP planning, For detailed information, see the following Cisco document: DSP Calculator for DSP planning .

Yang Data Models

Effective with Cisco IOS XE Everest 16.5.1b, the Cisco IOS XE YANG models are available in the form of individual feature modules with new module names, namespaces and prefixes. Revision statements embedded in the YANG files indicate if there has been a model revision.

Navigate to https://github.com/YangModels/yang > vendor > cisco > xe >1651, to see the new, main cisco-IOS-XE-native module and individual feature modules attached to this node.

There are also XPATH changes for the access-list in the Cisco-IOS-XE-acl.yang schema.

The README.md file in the above Github location highlights these and other changes with examples.

New Features and Important Notes About Cisco 4000 Series ISRs Release Everest 16.6

This section describes new features in Cisco IOS XE Everest 16.6 that are supported on the Cisco 4000 Series ISRs.

New and Changed Information

New Software Features in Cisco 4000 Series ISR Release Cisco IOS XE Everest 16.6.2

The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Everest 16.6.2:

New Hardware Features in Cisco IOS XE Everest 16.6.1

The following are the new hardware features in Cisco 1100 Series Integrated Service Routers in Cisco IOS XE Everest 16.6.1:

  • Cisco 1100 Series Integrated Services Routers—The Cisco 1100 Series ISRs are fixed branched routers based on the Cisco IOS XE Everest 16.6.1 operating system, multi-core data plane. The two types of platforms of Cisco 1100 Series ISRs are high-end and midrange service and enterprise platforms. The Cisco 1100 Series ISR Software Configuration Guide explains supported features such as Smart Licensing, VDSL2 and ADSL2/2+, WLAN, 4G LTE-Advanced, and so on.

  • Simplified Factory Reset Support on Cisco 4000 Series ISRs—There is no system configuration required to use the factory reset command. Use the command with all options enabled.

    The Factory Reset requirement is to remove all customer specific data that have been added on Cisco 4000 Series ISRs since they are shipped from the factory. The factory-reset all command erases all content from the NVRAM to validate a successful completion of the factory-reset operation. Resetting the Cisco 4000 Series ISRs to factory configuration is part of Cisco Secure Development Lifecycle (CSDL) requirement.

    For this requirement, all the customer specific data on a router are removed (Data can be configuration, log files, boot variables, core files, credentials (SUDI certificates, PKI keys, FIPS related keys). Two scenarios where the factory reset feature is used are:

    RMAing the device— If you want to return the device to Cisco for RMA, remove all customer-specific data before obtaining a Return Material Authorization (RMA) certificate for the device.

    Recovering the compromised device— If the key material or credentials stored on the device is compromised, reset the device to factory configuration and then reconfigure the device.

New Software Features in Cisco 4000 Series ISR Release Cisco IOS XE Everest 16.6.1

The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Everest 16.6.1:

Configure the Router for Web User Interface

This section explains how to configure the router to access Web User Interface. Web User Interface require the following basic configuration to connect to the router and manage it.

  • An HTTP or HTTPs server must be enabled with local authentication.

  • A local user account with privilege level 15 and accompanying password must be configured.

  • Vty line with protocol ssh/telnet must be enabled with local authentication. This is needed for interactive commands.

  • You can use the Cisco IOS CLI to enter the necessary configuration commands. To use this method, see Entering the Configuration Commands Manually.

Entering the Configuration Commands Manually

To enter the Cisco IOS commands manually, complete the following steps:

Before you begin

If you do not want to use the factory default configuration because the router already has a configuration, or for any other reason, you can use the procedure in this section to add each required command to the configuration.

Procedure


Step 1

Log on to the router through the Console port or through an Ethernet port.

Step 2

If you use the Console port, and no running configuration is present in the router, the Setup command Facility starts automatically, and displays the following text:

--- System Configuration Dialog ---
 
Continue with configuration dialog? [yes/no]:

Enter no so that you can enter Cisco IOS CLI commands directly.

If the Setup Command Facility does not start automatically, a running configuration is present, and you should go to the next step.

Step 3

When the router displays the user EXEC mode prompt, enter the enable command, and the enable password, if one is configured, as shown in the following example:

Router> enable
password password
Step 4

Enter config mode by entering the configure terminal command, as shown in the following example.

Router> config terminal
Router(config)#
Step 5

Using the command syntax shown, create a user account with privilege level 15.

Step 6

If no router interface is configured with an IP address, configure one so that you can access the router over the network. The following example shows the interface Fast Ethernet 0 configured.

Router(config)# int FastEthernet0
Router(config-if)# ip address 10.10.10.1 255.255.255.248
Router(config-if)# no shutdown
Router(config-if)# exit
Step 7

Configure the router as an http server for nonsecure communication, or as an https server for secure communication. To configure the router as an http server, enter the ip http server command shown in the example:

Router(config)# ip http secure-server
Step 8

Configure the router for local authentication, by entering the ip http authentication local command, as shown in the example:

Router(config)# ip http authentication local
Step 9

Configure the vty lines for privilege level 15. For nonsecure access, enter the transport input telnet command. For secure access, enter the transport input telnet ssh command. An example of these commands follows:

Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport output telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# transport output telnet ssh
Router(config-line)# exit
Router(config)# line vty 5 15
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport output telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# transport output telnet ssh
Router(config-line)# end
 

Caveats

This section provides information about the caveats in Cisco 4000 Series Integrated Services Routers and describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.

The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool . This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool , each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.

In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:

  • Last modified date

  • Status, such as fixed (resolved) or open

  • Severity

  • Support cases

You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.


Note

If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.

We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:

http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html

Using the Cisco Bug Search Tool

For more information about how to use the Cisco Bug Search Tool , including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help & FAQ .

Before You Begin


Note

You must have a Cisco.com account to log in and access the Cisco Bug Search Tool . If you do not have one, you can register for an account.

SUMMARY STEPS

  1. In your browser, navigate to the Cisco Bug Search Tool .
  2. If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.
  3. To search for a specific bug, enter the bug ID in the Search For field and press Enter.
  4. To search for bugs related to a specific software release, do the following:
  5. To see more content about a specific bug, you can do the following:
  6. To restrict the results of a search, choose from one or more of the following filters:

DETAILED STEPS


Step 1

In your browser, navigate to the Cisco Bug Search Tool .

Step 2

If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Enter.

Step 4

To search for bugs related to a specific software release, do the following:

  1. In the Product field, choose Series/Model from the drop-down list and then enter the product name in the text field. If you begin to type the product name, the Cisco Bug Search Tool provides you with a drop-down list of the top ten matches. If you do not see this product listed, continue typing to narrow the search results.

  2. In the Releases field, enter the release for which you want to see bugs.

    The Cisco Bug Search Tool displays a preview of the results of your search below your search criteria.

Step 5

To see more content about a specific bug, you can do the following:

  • Mouse over a bug in the preview to display a pop-up with more information about that bug.

  • Click on the hyperlinked bug headline to open a page with the detailed bug information.

Step 6

To restrict the results of a search, choose from one or more of the following filters:

Filter

Description

Modified Date

A predefined date range, such as last week or last six months.

Status

A specific type of bug, such as open or fixed.

Severity

The bug severity level as defined by Cisco. For definitions of the bug severity levels, see Bug Search Tool Help & FAQ .

Rating

The rating assigned to the bug by users of the Cisco Bug Search Tool .

Support Cases

Whether a support case has been opened or not.

Your search results update when you choose a filter.


Caveats in Cisco 4000 Series Integrated Services Routers

This section contains the following topics:

Open Caveats - Cisco IOS XE Everest 16.6.4

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCuy75886

Chunk memory leak about SNMP SMALL CHUN and SNMP MEDIUM CHU.

CSCvb72829

The sh ipv6 neigh statistics not updated post RPSO for entries synced.

CSCvc73961

OSPF BGP LS: When seg mpls is disabled on the NBR, the unnumbered links not withdrawn from LSLIB.

CSCvd20054

Traceback @mpls_ldp_cfg_interface while enabling ISIS.

CSCvd65197

IOSd crashed when dialer disconnects the ISDN call.

CSCve05486

ISDN switch-type configure issue for BRI leased-line.

CSCve12319

ISIS SRTE: When one of ECMP path for prefix is not enabled for SR, SRTE tunnel does not come up.

CSCve16269

IKEv2 CoA does not work with ISE.

CSCve32648

Traceback@cpp_mlp_bundle_stats_query_all_cmn on fp reload.

CSCve39101

OSPF SROAM: "%ARP-3-ARPADJ: Internal software error during updating CEF Adjacency" when box comes up.

CSCve39572

BGP net should have inlabel if bgp mpls-local-label is configured.

CSCve54914

NDSSO vrf ha table to be populated correctly.

CSCve96308

Observing memory leak in AAA_MALLOC_LITE.

CSCvf21341

CME: Pushing call from desk phone to SNR phone failing if media-renegotiate CLI is configured

CSCvf22725

OSPF SR/SIDredistribute: when SID configured > avbl SRGB, that sid should not be advertised in EPL.

CSCvf28564

Show details soft key is not functioning in a conference call.

CSCvf34848

License synchronized to SSMS despite being removed from SL Portal.

CSCvf37923

Crash due to Stack overflow.

CSCvf51917

The dns-a-override CLI not working due to breakage since 16.4 IOS.

CSCvf76436

Combination of add-path, backup path and advertised-to leaves is not giving expected netconf values.

CSCvf86185

NIM-SSD: Inventory of disk0 and disk1 are interchanged on Cisco IOS XE 16.x.

CSCvf95739

Remove "dns-vrf-aware" CLI and make DNS vrf aware by default.

CSCvg06563

BE4K memory leak during bulk register request from portal.

CSCvg23363

Virtual-access interface MTU wrongly set when using ipsec ipv4.

CSCvg23820

CTS PAC download fails with VRF config on non-managenent interface.

CSCvg40893

BE4K Registration failed for REGISTER matching wrong voip dial-peer.

CSCvg42218

BE4K VRF failed to associate if binding is used in tenant.

CSCvg49910

BE4K OPTION messages not sent out with VRF+DNS.

CSCvg62139

The "show voice lmr port_number " on ISR4K do not show m-lead status.

CSCvg63956

BE4K Call failed to answer if SNr configured with no matching dial-peer.

CSCvg81772

VRF import config missing ipv4 unicast after no router bgp

CSCvg87102

BE4K group pickup failed when call xfered by AA with cause code 47.

CSCvh17679

BE4000/CME SNR call fails due to the extension COR list configuration.

CSCvh49364

PFRv3 Incorrect time-stamp in traffic-class router change history.

CSCvh57657

NAT MIB not populated when using traditional NAT.

CSCvh65955

CME: SIP Notify to clear NightService display message not sent to phones during de-activation.

CSCvh67422

IPSLA ICMP-jitter stats reporting some of the received packets as lost.

CSCvh67788

CME: COR functionality impacts CallFwd and SNR call flow scenarios.

CSCvh85031

Branch MC crashed@cent_send_syslog_on_violated_policies under stress test.

CSCvh93960

CME SIP: One way audio on consult transfer when SNR enabled on transfer target.

CSCvi06417

SIP stack matching the dial-peer when processing NOTIFY message causing call routing issues.

CSCvi10089

EXEC process stuck vty line where no exec is set.

CSCvi15955

Call failure after Bye-Also blind transfer from CUE requires failure indication.

CSCvi36351

The standby rp crash on removing member link from port-channel.

CSCvi37580

There is unexpected packets lost TCA reported on Cisco 4331 ISR platform.

CSCvi54372

%NHRP-3-PAKERROR | loop detected | Pak sanity failure.

CSCvi63425

Cisco 4400 ISR router cpp crashed when configured HSRP with PMIPv6.

CSCvi83419

Router crash when removing route-target and with hard clear.

CSCvi90729

IKEv2 CoA does not work with ISE (coa-push=TRUE instead of true).

CSCvi90964

Cisco 4331 ISR : Crash due to Segmentation fault(11), Process = Tunnel Security.

CSCvi92505

MWI info is not preserved on CME SIP phone after a reboot for unsolicited method.

CSCvi93431

CME/BE4k: Adding Support to allow whisper paging as a configurable option on SIP phones.

CSCvi93972

IWAN versions with prefix tracking only allow prefix splitting for internet and not enterprise.

CSCvi97233

CME radius accounting does not generate complete called number for EA.

CSCvj08942

SNMPwalk of cipslaPercentileLatestStatsTable does not give all the cipslaPercentileTypeVar types.

CSCvj09305

Slow convergence when configuring ha-mode sso for IPv6 peers.

CSCvj11263

NBAR: resource exhaustion might occur in FNF with vmware-vsphere and flow monitors.

CSCvj22081

Cisco 4331 ISR: Memory lock occurs when archive config and "wr" are executed at the same time

CSCvj25236

IPDT flapping after upgrade to 15.2(2)E7.

CSCvj26944

Cisco-IOS-XE-policy yang model does not support "set precedence"

CSCvj29514

CME: Toll fraud app not automatically trusting traffic from phones.

CSCvj35317

Ti-LFA Repair Path is not Loop-Free.

CSCvj44615

Ringback stops on REFER based xfer when CUBE receives 180 followed by 183 w/SDP media change.

CSCvj45781

QFP CGM Memory depletion during ISG session churn

CSCvj47270

IKEv2 sessions cannot establish due to CAC leakage.

CSCvj50644

Barge and cBarge failure on Incoming SIP trunk calls to BE4K.

CSCvj51929

Out of order ESP packets triggering IPSEC replay error message.

CSCvj57453

OSPF TILFA: tilfa repair path computation ALGORITHM fails with reason code BAD FH NBR.

CSCvj57487

OSPF TILFA: tilfa repair path computation ALGORITHM uses incorrect firsthop router-id.

CSCvj58359

SIP packets not sent out by BE4K when gig0/0/1 has vrf forwarding enabled.

CSCvj59152

Evaluation of all for May CPU Side-Channel Information Disclosure Vulnerabilities.

CSCvj60144

OSPF TILFA: tilfa ALGORITHM fails to get repair node n-sid label when vertex is beyond PGW node

CSCvj60749

Cisco 4000 Series ISRs handles MTU on Virtual-PPP interface differently and doesn't respect DF-bit on QFP level.

CSCvj64493

Standby switch crash whem removing kron scheduler command.

CSCvj66204

Initial SNMP traps take agent-addr from shutdown interface.

CSCvj67623

DNS ALG will not work when trying to match specific destination hosts.

CSCvj70568

FlexVPN || DHCP entries not flushing for ikev2 timed out reconnect sessions.

CSCvj72854

Router crash due to NHRP process Segmentation fault(11).

CSCvj74888

Kernel OOPS reporting ECC error.

CSCvj75853

Device crash after execute command "show lldp neighbor [int] detail".

CSCvj76285

Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06.

CSCvj76316

Subscriber template not cleared after idle time exceed as well as traceback generation.

CSCvj76662

GetVPN TBAR failure does not generate syslogs.

CSCvj78876

CUBE: FPI Hung Sessions and Provisioning Failures observed in Standby CUBE.

CSCvj81382

IPv6 AAA Prefix Support for 3rd party PPP clients no password for -dhcpv6 Access-Request.

CSCvj82095

NBAR mismatch cisco video traffic.

CSCvj83551

SISF crash in IPV6 neighbor discovery packets.

CSCvj84104

PLR channel is not muted for some time.

CSCvj84121

Cisco 4321 ISR Radius Chap authentication does not work.

CSCvj84158

PfRv3: BR May Crash due to Channel Creation/Modification and Next-Hop State.

CSCvj88265

CBR8 After SUP failover, some BSOD clients have no service, L2VPN

CSCvj89345

AVC license should be activated only in case of smart licensing model.

CSCvj90089

Device crashes while doing a conference call.

CSCvj90814

Crash due to Memory corruption in Cisco 4000 Series ISRs.

CSCvj92548

FlexVPN: Spoke to Spoke: Implicit NHRP entry due to expired resolution request handling.

Resolved Caveats - Cisco IOS XE Everest 16.6.4

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCsd58148

%SEC_LOGIN-4-LOGIN_FAILED does not show username in [user: ].

CSCuv14856

WATCHDOG timeout crash during IPSEC phase 2.

CSCuv90519

Map does not get updated with socket change on local address change.

CSCuw90084

DS: Download should print alerts in case of unresolved variables.

CSCvb34443

The ikev2 fragmentation not working with aes-gcm encryption - hmac failure.

CSCvb69966

Memory leak under LLDP Protocol process.

CSCvb88867

Excess BGP Traps Generated just after upgrade.

CSCvd14310

IP TUNNELS: Overlapping Loopback Interface Causes Incorrect Forwarding Decision with AppNav and PfR.

CSCvd47657

Cisco 4000 Series ISRs routers may crashed with Segmentation Fault in AFW Application Process.

CSCvd50613

Cisco 4431 ISR crashes with UNIX-EXT-SIGNAL: Segmentation fault(11), Process = HTTP CP.

CSCvd90410

Router loses RSA keys upon boot with private-config encryption and config archive enabled.

CSCve11959

Memory leak occurs on DHCP client.

CSCve41775

Crash over CCSIP_SPI_CONTROL process due to null pointer / segmentation fault.

CSCve55004

OSPF GIR BASE: not all repair paths calculated for AS ext routes when routes rxed with maxmetric.

CSCve61143

CME SIP sip-ua do not send registration request when vrf forwarding is enabled.

CSCvf05864

BGP RR changes tunnel parameters for bgp evpn route type 3.

CSCvf06123

Route-map not checked when packet is flowing from OUT to IN with Static NAT.

CSCvf07153

SIP Date header format not in GMT Format.

CSCvf07576

Router reloaded when doing show BGP RT filter routes.

CSCvf16374

CME SNR Does not get ringback for PRI calls.

CSCvf19460

CTS Pac download fails with ISE reachability through loopback interface over vrf.

CSCvf23485

DS: Increase the size of command and prompt strings.

CSCvf26916

RTCP/RTP based Media Inactivity timers for MGCP GW do not work in newer releases.

CSCvf38050

Voice Gateway crash due to memory corruption while finding DN index during redirect.

CSCvf49126

Stub is not leaking the network as expected.

CSCvf51773

NHRP redirect overriding routing table.

CSCvf52766

Dual Ringback in Semi-consult transfer on CME.

CSCvf53053

Crash when issuing no dspfarm profile x stuck on DOWN_PENDING state.

CSCvf57090

CUBE automatically considers re-INVITE with a=silenceSupp:off - - - - as fax call.

CSCvf66030

OSPF SR: When SRGB range is changed, mapping server entries do not get re-installed.

CSCvf66860

IOS crash in SOCK TCP Test Server process.

CSCvf70383

Crash in SDP Passthru when T.38 as 1st mline in mid-call SDP.

CSCvf73693

Cisco 4321 ISR crash @ BGP Router for bfd bgp when sending traffic.

CSCvf80363

Rotate nginx access/error log files.

CSCvf81931

Loopback interface not appearing in RIB after upgrade.

CSCvf84528

False "voip_rtp_allocate_port:Possible port leak" errors.

CSCvf88705

Malformed GETVPN message %GDOI-4-COOP_KS_UNAUTH.

CSCvf89894

GETVPN // Primary KS sending rekey first to GM's and then to Secondary KS via scheduled rekey.

CSCvf96009

OSPF SR: When loopback isconfigured with prefix suppression, EPL should be withdrawn.

CSCvf96294

MIB counter for IPSec tunnels does not decrement under high tunnel scale and churn.

CSCvf97908

When NSSA ASBR is reloaded, ECMP to ext routes not installed in other routers.

CSCvf98378

IOSXE_INFRA-6-PROCPATH_CLIENT_HOG: IOS shim client fman stats bipc has taken xx msec.

CSCvg01774

OSPF SSPF: when seg area is disabled and enabled, mapping server EPL entries not re-generated.

CSCvg03444

Hub MC continues to send EIGRP SAF hellos after adjacency removed.

CSCvg05172

Crash in VOIP media loop detection.

CSCvg05452

IOS-XE router crash from memory corruption during CCB cleanup.

CSCvg06142

IPSM Tunnel Entry and Crypto IKMP memory leak due to IKE tunnel entry not deleted.

CSCvg08471

OSPF; process ospf segmentation fault when shut and no shut is performed in active RP.

CSCvg08768

OSPF BGP LS: After fail over, error msg seen: %LSLIB-4-EOD: Producer OSPF-0x0 did not send EOD.

CSCvg12605

Corrupted NOTIFY leads to %CRYPTO-4-IKMP_BAD_MESSAGE, stale ISAKMP SA and traffic failure.

CSCvg16234

ISR receives a control packet (CDP) with a CMD tag it should process it, not drop it

CSCvg18094

GETVPN: show crypto gdoi ks member summary missing last octet in IP address

CSCvg19259

MPLSoFlexVPN: Hub doesn't forward resolution req when default route is advertised to spokes

CSCvg25874

Toggling the switchport then default the interface, load-interval config reapplied

CSCvg30991

IOS-XE routers: Memory leak observed on process ivr: peer_item_t in AFW_application_process

CSCvg32701

Night-Service fails if it overlaps with FAC codes.

CSCvg32858

Snort control plane connectivity with Mgmt-intf is broken.

CSCvg33454

Pass load balancing information in IP header to container.

CSCvg34167

Unexpected reboot of voice gateway Cisco 4400 ISR.

CSCvg34986

Media recording on IOS-XE does not work if a refer is received immediately after the call is answered.

CSCvg36598

ISAKMP Fails When Multiple HSRP tunnel/SVTI Interfaces Configured.

CSCvg39082

Crash after TCP session timeout.

CSCvg41950

Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability.

CSCvg43263

when shutting interface with no isis adjacency, local micro-loop avoidance blocks FRR recalculation

CSCvg44135

OSPF SRTE: prefix information is not provided to SRTE when it is learnt via mapping server.

CSCvg45950

packet drop seen intermittently if 40G traffic sent via cts interface

CSCvg47453

Default route redistributed into RIP from EIGRP is not removed from RIP database

CSCvg48470

ISIS l1-l2 redistribution prefix doesnt get redistributed till clear isis rib redistribution is done

CSCvg48492

BE4000 one way audio seen line to trunk side call with VRF enabled

CSCvg51358

DHCPNAK is not sent in roaming scenario.

CSCvg53159

%SNMP-3-RESPONSE_DELAYED: processing GetNext of cafSessionEntry.2 seen on catalyst switch

CSCvg54267

CDP Protocol can run device out of memory

CSCvg56088

Getting "HA Module DSP_MSP reported CALL_MODIFY RECREATE failure" in CUBE HA.

CSCvg56110

Error and pending objects when mma policy flap with egress monitor for multi-VRF case.

CSCvg58096

Increase of dampening penalty on route refresh.

CSCvg58599

Syslog: Logging host is truncating lines causing debug output to be cutoff in the middle of a msg.

CSCvg59604

Cube crashes intermittently multiple times within every two days.

CSCvg61219

Crash seen during Blind Transfer in CME video call

CSCvg67028

VRF deletion status <being deleted> after removing the RD

CSCvg67820

HIGH CPU observation on FMAN RP ESS EVENT TRACING

CSCvg68391

ISIS SR: When seg mpls is shut globally, ISIS SID entries not withdrawn from the entire network.

CSCvg71944

OSPF SR: When loopback is defined as /24 address, EPL should not be sent for the prefix.

CSCvg75315

ASR1K BGP scanner crash when change VRF and BGP configuration

CSCvg75419

ISIS SRTE: Explicit SRTE keeps flapping when ISIS is not the winning route in the RIB

CSCvg76664

OSPF SSPF: With SRTE tunnel, constrained bind of SID0 uses invalid old repair path in some cases

CSCvg76990

Missing LSP sending after configuration change

CSCvg78770

Router resets while processing fragmented/encrypted packet

CSCvg82855

OSPF SSPF: mapping-server strict SID is processed by images which are not strict spf capable

CSCvg84181

"CLID restrict" on outbound leg is setting "Privacy=Full" on inbound leg.

CSCvg85146

OSPFv2 Encoding for local-id in LLS needs to be fixed.

CSCvg85879

BGP sets the wrong Local Preference for routes validated by RPKI server.

CSCvg89163

CUBE does not acknowledge Session-Expires header in UPDATE.

CSCvg91126

BE4K Group pickup failed if agent configured for cfwd no answer

CSCvg91169

3850 standby switch reloads due to configuration-mismatch after use "exception crashinfo" command

CSCvg94978

CUBE Router crashed - Critical software exception, Process = CCH323_CT

CSCvg95213

ISR4k: speed/duplex disappear from 'show run' after shut down & reload.

CSCvg96936

IOS-XE : PAT entry using the same port which is configured for static NAT

CSCvg97010

load-balance advanced moving traffic to fallback path when primary path are not over utilized

CSCvg97824

service-controller - mDNS API's did not free the ID's for mDNS SD HANDLES process.

CSCvg99559

OSPF SSPF/TILFA: TILFA ECMP tunnels are not created when the last segment is adjacency sid.

CSCvh00630

ISRv/QOS - service-policy defined in bootstrap config may not be applied

CSCvh01652

Multicast IPSLA UDP Jitter throws Socket open error if vrf interface is configured on responder

CSCvh02109

WSMA: Server responds with HTTP 404 on wsma-exec with http transport profile

CSCvh03359

EIGRP network statement reappearing after reboot

CSCvh03788

EIGRP Name mode Summary route is not being apply on Virtual-Access on HUB

CSCvh05611

IOSd crash while applying dial peer configuration

CSCvh06249

Crash when receiving EVPN NLRI with incorrect NLRI length field value

CSCvh09334

SDA-IPV6::SISF traceback @ar_relay_create_entry - L2 Binding tbl entry insertion failed

CSCvh09525

CME: BLF monitor function fails intermittently with TCP connection

CSCvh10607

ISG : IETF-Disc-Cause = 0 if DHCP SIP disconnect.

CSCvh15336

OSPF SSPF: ECMP combination of SRTE tunnels and MPLS-TE tunnels does not work properly sometimes.

CSCvh15484

ISIS SR: When the SRGB range is increased, the local SIDs which are in new range are re-installed.

CSCvh18001

Crash due to race condition caused by IOS radioactive trace code.

CSCvh18015

AppNav-XE cluster may cause router crash and reload.

CSCvh21564

AAA Attrbute list leak in Polaris 16.6.2

CSCvh21909

LISP: Overlapping prefix causes "probe-down" for map-cache entry

CSCvh21973

QFP crashed to while sending oversubscribe traffic.

CSCvh22278

OSPF Hello timer 10sec is not applied in network type non-broadcast

CSCvh22300

Update IOS XE OSPFv2 ELL private TLVs to IANA codepoints

CSCvh24315

Memory leak for CCSIP_TCP_SOCKET and CCSIP_UDP_SOCKET on CUBE

CSCvh25624

ISIS SR: When seg mpls is shut under ISIS, sid entries not cleared in the local router.

CSCvh26072

EIGRP SAF Adjacency doesn't form with /31 mask

CSCvh28323

ASR1002HX FP Crash post LNS path switchover

CSCvh29821

CME should send out a refer with notify_clear when night-service is manually disabled

CSCvh30968

ISIS BGP LS: When distribute link state changed from level 1 to level 2, entries not given to BGP LS

CSCvh32216

Sporadic Crashes Due to IPSec (during ISAKMP AAA interaction)

CSCvh32224

8800 KEM module not getting detected on 88XX phones with CME 12,11.6

CSCvh45744

CME Call Park: Dead air experienced on parked PSTN (TDM/FXO) calls

CSCvh48085

OSPF SSPF/SRTE: when we have ABR with multiple interfaces to backbone area, SPF keeps running.

CSCvh48610

IWAN router crash while updating pmi policy.

CSCvh49600

Output "sh sip-ua connections tcp tls detail" shows that CUBE has stuck connection ids.

CSCvh51038

[168] OSPF process crash on P router when router ospf <> is unconfigured on another PE or P router.

CSCvh53691

FP reload with IMGR deregister interface.

CSCvh53764

RP Unexpected reboot when using conditional debugging with CCSIP debug.

CSCvh54672

VRRP doesnt work over Port-channel L3 interface.

CSCvh56594

EIGRP offset-list still active if ACL used in offset-list is removed before offset-list.

CSCvh57061

Cisco 4000 Series ISRs-PPTP passthrough traffic not working with PAT, GRE packet consumed by router.

CSCvh57108

CPUHOG on QoS statistics collection for DMVPN. QoS crash with DMVPN/NHRP.

CSCvh57340

DMVPN: Crypto session stuck into UP-IDLE status after reconfiguring tunnel.

CSCvh57402

Ciso 4451-X ISR sometime drop the packet when volume -based rekey occurred.

CSCvh58909

OSPFv3 cost calculation not correct in some specific topology.

CSCvh61453

NULL remote_hostname from LAC.

CSCvh62532

System reload when clearing cts pac.

CSCvh62615

There is junk entry in route-import table on branch when shutdown/no shutdown WAN interface.

CSCvh63932

Noisy debugs in "periodic" tracelog.

CSCvh66033

IKEv2 - Crash with segmentation fault when debugs crypto ikev2 are enabled.

CSCvh66642

uIDB leaks at the DMVPN hub if the route to remote NBMA is not learned

CSCvh68228

CUBE Unsolicited NOTIFY returns 481 Subscription does not exist

CSCvh70297

Redundancy Mode None does not Sync.

CSCvh70557

CPP crash in MMA.

CSCvh70570

MGCP fallback mode remains ON after CUCM registered.

CSCvh71856

IOSd crash when enabling dot1q in a port-channel sub-interface.

CSCvh72700

CME: GUI user page doesn't load correctly. It is showing "View Window".

CSCvh73805

Explicit SRTE tunnels are not come up when a prefix is redistributed between levels.

CSCvh75132

CPP crash stuck thread detected multikey_hash_replace_int.

CSCvh77733

RR does not send VPNv4 routes to peer.

CSCvh79067

Call Park with standard FAC fails if phones extensions overlap with FAC codes.

CSCvh79640

Cisco 4000 Series ISRs: BDI unreachable when interface has HSRP-enabled subinterfaces.

CSCvh79942

Chunk corruption crash related to PNP or Guestshell.

CSCvh82112

Routers - Memory leak under process RECMSPAPP in IOSd.

CSCvh83215

IOS-XE Voice NIM/PVDM Service-Engine Admin Down leads to one-way audio.

CSCvh85788

Local LAN-only prefix present in master route-import table but not present in site prefix DB.

CSCvh88330

VAI Leaks with IKEv1 DVTI.

CSCvh88975

Performance-monitor does not report classification after tunnel shutdown.

CSCvh92130

Downloaded policies hit by traffics were all gone after the second SSO.

CSCvh92378

High CPU utlization with presence feature when reset is issued under voice register global.

CSCvh93071

Redistributing connected route with AIGP attribute is being continuously readvertised.

CSCvh96542

CCSIP_SPI_CONTRO holding memory increasing.

CSCvh96670

Cisco 4000 Series ISRs packet drop when shutdown or no shutdown interface.

CSCvh97246

Cisco 4000 Series ISRs - ucode crash with fw_base_flow_create.

CSCvh97691

Tacacs-server is missing keyword "key" in argument/option available.

CSCvh97818

The "show voice call <x/y/z>" missing print out dsp statistics in Cisco 4000 Series ISRs.

CSCvh99576

LACP Rate defaults to fast with no way to change it to normal.

CSCvh99651

AAA-Proxy errors in dmiauthd tracelogs.

CSCvh99949

Options Keepalive not triggered on applying profile to dial-peer.

CSCvi01558

iBGP dynamic peer using TTL 1.

CSCvi01650

SIP Out-of-Dialog OPTIONS Ping Group Shows Dial-Peers Marked as None.

CSCvi01805

Router with SIP traffic crashes at ccsip_free_kpml_info.

CSCvi02816

ZBF not able to identify the WAAS optimized flow and drops ACK.

CSCvi03339

[ECA-SIT] IOSd crash seen on xTR with baseline @ sisf_macdb_get_vlanid.

CSCvi04666

ISIS SRTE: SRTE tunnel not created due to R-flag set.

CSCvi05126

ISAKMP Notification messages carry unnecessary data.

CSCvi05408

Memory leak due to asnl.

CSCvi06312

Subsystem stopped: ios-emul-oper-db due to bgp table issue.

CSCvi06480

OSPF SSPF: EPL not sent for secondary addresses on loopback interfaces.

CSCvi06897

The dialpeer matching for inbound SIP profile fails with VRFs.

CSCvi07387

The ip dhcp excluded-address deletion issues via netconf.

CSCvi11123

FMFP-3-OBJ_DWNLD_TO_DP_FAILED error after modifying QoS policy.

CSCvi11665

Virtual-service guest IP accepts broadcast address.

CSCvi11970

Abnormal output for show pnp tech-support.

CSCvi13686

Cisco 4000 Series ISR - Outbound faxes originating from certain fax servers may fail to send.

CSCvi14656

Loss TCA is not generated for traffic with DSCP0 when 0-SLA enabled.

CSCvi15772

The ephone-dn with shared line sip in ESRST GW causing call incoming failure.

CSCvi15950

DTMF fails when mid-call renegotiation changes DTMF method.

CSCvi16306

Cube sends reinvite with annexb=yes even when it receives annexb=no.

CSCvi16454

Router crash due to PuntInject Keepalive Process - kmalloc failures.

CSCvi19685

ISDN - BRI - 'progress_ind command does not work.

CSCvi20882

Netconf IP-SLA udp-jitter case missing leaf codec.

CSCvi21288

PFRv3 RC FIA is not enabeld on interfaces with one of sub-interface with xconnect configuration.

CSCvi24515

IOS-XE - FTP closing connection as NAT device does not process the 230 reply message.

CSCvi26061

RP crash @policymap_associated_to_multiple_instances.

CSCvi26398

"%LISP-4-LOCAL_EID_RLOC_INCONSISTENCY" should be supporessed in SDA context.

CSCvi28362

Unexpected metric value for route redistribution from BGP to OSPF.

CSCvi34260

16.8.1:dot1x Clients stops responding ( ping to clinet IP fails) after SSO (CSCvh68810) (PD changes).

CSCvi34314

Cisco ISR:interface down/up does not renew dhcp assigned ip address.

CSCvi35143

Repeatedly Tracebacks seen : %INFRA-3-INVALID_GPM_ACCESS: Invalid GPM Load.

CSCvi35232

CME/BE4K crashes when trying to check help command for new device type BEKEM.

CSCvi35960

VRF aware CUBE fails to send OOD OPTIONS pings.

CSCvi36290

Incorrect BDI configuration state shown by NETCONF on interface creation.

CSCvi38244

IPv6 VRRP Master is using using vlan BIA MAC while sending Neighbor advertisements (NA).

CSCvi38391

H.245 messages are not translated by NAT outside when H.323 video call is initiated from Out-2-In.

CSCvi38916

Persistent Telnet and SSH crashes when configured in 16.6.2.

CSCvi40033

802.1x authentications are failing if there was interface template config applied before.

CSCvi41050

PFRv3 route-control is inconsistently set to "Disabled" on BR devices.

CSCvi41465

All router mcast is removed by "no ipv6 mld router" in specific timing.

CSCvi42002

CDP packets not getting encapsulated over multipoint GRE tunnel.

CSCvi44298

Cisco 4451 ISR Installs 2 IPsec SAs with different peers having same proxy identities.

CSCvi44476

IS-IS unnecessarily updates RIB when in metric-style narrow.

CSCvi48837

Ensure load-balance internet TCs do not match class DEFAULT if configured.

CSCvi50061

Evaluate NTP February 2018 Vulnerabilities.

CSCvi52659

Incorrect "Hop count" obsearbed in IPv6 EIGRP

CSCvi54878

Memory leaks seen at PKI_name_list_add(0xa139cc0)+0x3e

CSCvi55920

ISR 4K Crashes issuing "show call active voice"

CSCvi56463

Unexpected Reset, Crypto IKMP Segmentation fault with IPSec AAA Configuration

CSCvi56919

Radius source interface command is not taking effect on ISR 4k

CSCvi57096

MATM RP Shim Process memory leak @aaa_attr_list_alloc make_a_sublist_max

CSCvi58526

CPUHog and crash on DNS-SRV-1 process

CSCvi61745

Crash when running MPLS Tunnel protection command

CSCvi64534

Remove stack 1+1 CLI for WS-C3850-48XS

CSCvi67613

Protocol type for GRE header doesn't work consistently with "cts sgt inline" enable over auto-tunnel

CSCvi71376

OSPF SSPF: tilfa ALGORITHM fails to compute repair path, reports incorrect reason of too many labels

CSCvi72996

NMR TTL is wrongly considering eid-record of 0.0.0.0/0 for its calculation

CSCvi74088

link local multicast packets are received when the SVI is in down state

CSCvi75086

Rapid TDL memory leak in SMD process leads to crash of active switch in stack for ipv6 clients

CSCvi76084

Device-tracking entry stuck in TENTATIVE for certain Mac Pro hosts configured with static IP

CSCvi77760

SNMP cafSessionMethodState not unsupported after Denali 16.3.3 upgrade on 3850

CSCvi79948

OSPF TILFA: tilfa ALGORITHM preference rules does not pick repair path with lowest number of labels

CSCvi86983

ZBFW HA: active router stuck in cold standby state after shut no shut the wan interface

CSCvi91714

IPv6 address not assigned or delayed when RA Guard is enabled

CSCvi92571

On IOSXE neighbor command under pseudowire interface is rejected

CSCvi93967

EEM: event mat mac-address not triggered on router with NIM-ES2-8-P

CSCvi94425

TBAR issues on KS after running "clear crypto gdoi ks coop role"

CSCvi95775

Reverse-tunnel routes under PMIPv6 MAG config not using configured distance metric

CSCvi96874

ASR1001 has crashed with cgm_avlmgr_find_node

CSCvi96933

mac-move doesn't work on IBNS 2.0 unless you disable it then enable it back

CSCvi97411

Average queue depth calculation tops out prematurely

CSCvi97590

AppNav-XE cause delays for locally source traffic on router

CSCvj00858

CPP Microcode Crash during sRTP Call Encryption

CSCvj01098

Evaluation of IOS-XE and IOS for OpenSSL CVE-2018-0739 and CVE-2018-0733

CSCvj02955

ISR4221 16.6.2 - SIP NAT ALG not sending packets out of WAN interface

CSCvj03263

H225 gatekeeper request dropping under "ALG PARSER" with ZBF

CSCvj04717

OSPF SSPF: With SRTE tunnel scale, SRTE SID0 constraint Label Bind fails with LABEL_BROKER error msg

CSCvj05446

Initial Trustpool installation not successful before PKI is ready

CSCvj06388

Type 7 password parsed incorrectly in dot1x credentials causing auth failure.

CSCvj06909

Reverse-route configuration is unsupported under gdoi crypto map.

CSCvj09541

Cisco 4000 Sereis ISR IOS-XE PBR fails when next hop is recursive over tunnel.

CSCvj14521

Web redirect clients do not get redirected, Create IO ctx, too many intercepted connections.

CSCvj16818

Cisco 4431 ISR crashing immediately following auto-CA certificate renewal.

CSCvj16825

"VoIP dial-Peer is Up" incorrectly log prints at every up interval when server-group is configured.

CSCvj20302

Cisco 4000 Series ISR MTP not performing RFC2833 payload type conversion.

CSCvj21692

UNIX-EXT-SIGNAL: Segmentation fault(11), Process = ACCT Periodic Proc.

CSCvj23301

IOS: Crypto Ruleset fails to get deleted.

CSCvj24940

Voice VRF with No Bind OPTIONS Ping response not sent.

CSCvj27172

Crash during Generic Call Filter Module cleanup

CSCvj27526

BGP attribute map for aggre address can not set attribute.

CSCvj29126

RADIUS client on network fails to solicit PAC key from CTS even though the device has a valid PAC.

CSCvj30023

DNS Debug seen without enabling any debug.

CSCvj38384

%PMIPV6-5-TUNNELDELETE:

CSCvj39346

OSPF SSPF: When sid 0 is removed, wrong implicit-null label used for inter-area prefix.

CSCvj41224

Crash when doing SNMP walk and applying QOS over a GRE tunnel.

CSCvj41550

Default channel operation state changing from I/O to D/O failed when zero-sla enabled.

CSCvj42152

No Audio for SRTP enabled calls in Cisco 4000 Series ISRs.

CSCvj49476

Telnet Sessions Hang/Become unavailable at execution of "show run".

CSCvj50410

Cisco 4331 ISR no collisions count up on duplex mismatch condition.

CSCvj52231

ACEs after an object-group reference not being processed in software if ACL has more than 13 ACEs.

CSCvj52681

Dynamic VLAN assignment causes all sisf entires under the port to be deleted.

CSCvj57502

Memory leak@CENT-BR-0 when change the path label frequently.

CSCvj61603

"dtmf-interworking rtp-nte" command breaking software MTP.

CSCvj65296

"ip rsvp bandwidth" max value llimitation to 10GE

Open Caveats - Cisco IOS XE Everest 16.6.3

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCvf84528

False indication of RTP port leak on Cisco 4000 Series ISRs.

CSCvf89894

GETVPN/Primary KS sending rekey first to GM's and then to Secondary KS via scheduled rekey.

CSCvf96294

MIB counter for IPSec tunnels does not decrement under high tunnel scale and churn.

CSCvg16234

Cisco ISR receives a control packet (CDP) with a CMD tag it should process it, not drop it.

CSCvg43408

IOS-XE Router crashed unexpectedly with critical process fault, fman_fp_image, fp_0_0, rc=134.

CSCvg60185

Cisco 4000 Series ISR discards private RSA key after upgrade and reload with WAAS module.

CSCvg79608

PFR: Overlapping Loopback Interface Causes Incorrect Forwarding Decision with AppNav and PfR.

CSCvh05611

IOSd crash while applying dial peer configuration.

CSCvh09525

CME: BLF monitor function fails intermittently with TCP connection.

CSCvh09620

Continuous crash in "/kernel/mki/src/free" after upgrade to version 15.5(3)S6.

CSCvh24730

PfRv3: Crash while Printing the Same TCA message.

CSCvh26241

Crash after crypto map removal.

CSCvh32216

Sporadic Crashes Due to IPSec (during ISAKMP AAA interaction).

CSCvh32224

8800 KEM module not getting detected on 88XX phones with CME 12,11.6.

CSCvh48610

IWAN router crash while updating pmi policy.

CSCvh49600

Output "sh sip-ua connections tcp tls detail" shows that CUBE has stuck connection ids.

CSCvh50515

Cisoc 4331 ISR crashed due to SA creation failure

CSCvh52882

Memory Leak due to nbar configuration.

CSCvh53691

FP crash with scaled IKE sessions.

CSCvh57108

CPUHOG on QoS statistics collection for DMVPN. QoS crash with DMVPN/NHRP.

CSCvh59195

Ciosc 4000 Series ISR: QFP crashed due to NAT memory leak.

CSCvh66445

Cisco 4000 Series ISR router crashes during status check on WAAS Express.

Resolved Caveats - Cisco IOS XE Everest 16.6.3

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCua00661

Memory leak seen while creating vlans using Tclsh.

CSCvc60745

Memory leak - refcount not reduced when packet dropped.

CSCvd04871

Crash after IWAN does a recalculation in the RIB.

CSCvd64670

SCEP enrollment failing with HTTP/1.1 500.

CSCvd97768

Cisco 4000 ISR crashes at sstrncpy using voice.

CSCve08418

IPsec/IKEv2 Installation sometimes fails with simultaneous negotiations.

CSCve32330

A pseudo-random number was generated twice in succession.

CSCve55089

BGP crashes at bgp_ha_sso_enable_ssomode.

CSCve64341

Mid Point LSP creation failure after reload with latest polaris Image.

CSCve66601

Crash is seen in CISCO-SLB-EXT-MIB code.

CSCve75919

In-dialog options ping received post ACK (call completion) cause cube to change codec and no audio.

CSCvf31368

Router crash after EEM-wanfailover script triggered.

CSCvf36269

Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability.

CSCvf39474

GETVPN: TBAR sync "timer is not running" after KS upgrade causing anti-reply drops and GM outages.

CSCvf48159

Router crash during T38 fax bitrate negotiation.

CSCvf60862

Cisco IOS and IOS XE software IOS daemon Cross-Site scripting vulnerability.

CSCvf68261

Crash when printing IPSEC anti-replay error.

CSCvf84349

Router crash on polling cEigrpPeerEntry.

CSCvg05896

IWAN EIGRP SAF - seq number mismatch after branch reload.

CSCvg07428

PfRv3 triggers List Header leak in FN.F

CSCvg09010

KS merge fails for groups with TBAR due to PST update failure on primary KS.

CSCvg14256

Crash at cc_detect_mute_call.

CSCvg22515

After upgrade of IOS, SSH passwords longer than 25 characters do not work.

CSCvg29183

Cisco 4000 Sereis ISR: XE 16.3.4 - SIP-TDM GW - FLEXDSPRM-3-TDM_CONNECT errors and unexpected reboot.

CSCvg30722

EAPTLS:- Session manger crashing with MKA/EAPTLS session bring up with newly installed certificates.

CSCvg31607

IPv4 PLU mtrie lookup return invalid oce_chain_p.

CSCvg34731

IOS-XE MOS scores always show 4.x even with massive packet loss.

CSCvg38307

CME/BE4000 crash occurs when call is made to invalid SNR destination.

CSCvg40430

Cisco 4431 ISR QFP crashes by a LLC packet received in a serial interface.

CSCvg40784

Session not comming up after certificate expired.

CSCvg52560

Traceback: OCSP creates a large number of lists and triggers a memory problem.

CSCvg60288

Device IP address AV pair replaced with 192.168.1.5

CSCvg71566

"no cdp enable" is rewritten to "no cdp tlv app" after reload.

CSCvg74048

PKI: All SCEP requests fail with "Failed to send the request. There is another request in progress".

CSCvg76912

PnP configuration upgrade failed when IFS returns size 0 for all TFTP files.

CSCvg84039

Traceback: Crash on WAAS menu prompt for WAN Interface.

CSCvg84989

List Header leak with PfR enabled.

CSCvg90226

Crypto Traceback: Router crash at 'Crypto Support' segmentation fault.

CSCvg94908

Mgig stack keeps crashing while configuring with Radius commands

CSCvg98890

IOS-XE GM router might crash after the rekey method is changed from unicast to multicast.

CSCvh00038

Device IP address AV pair replaced with 192.16X.1.X.

CSCvh17481

PKI: Device crash during crl download with multiple CDP URI.

CSCvh32416

Evaluation of all for CPU Side-Channel Information Disclosure Vulnerabil

CSCvh54813

Output Qos policy is removed from Dialer interface after reloading the device if input policy exists.

CSCvh60525

CLI 'aaa common-criteria' not available on IPBASEK9 license.

Open Caveats - Cisco IOS XE Everest 16.6.2

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCvc23012

Ciso 4300 and 4400 ISR Silently Crashes with "Reload Reason:Localsoft" and No Core / Crashinfo File.

CSCvd65197

IOSd crashed when dialer disconnect the ISDN call.

CSCve18549

CME/BE4000 Intermittently Crash when making configuration changes.

CSCve54914

NDSSO vrf ha table to be populated correctly.

CSCve78446

[1661]- Switch number is missing in stack merged logs.

CSCvf33947

CUBE cannot handle mid-call re-invite when midcall-signalling passthrough mediachange is configured.

CSCvf39868

Cisco 4431 ISR crashes while verifying IPv6 CEF scalability.

CSCvf65079

CUBE 1K reloaded with reason: RG-application reload on voice-b2bha RG.

CSCvf68261

Crashes when printing IPSEC anti-replay error.

CSCvf70383

Crashes in SDP Passthru when T.38 as 1st mline in mid-call SDP.

CSCvf71066

Router crash due to memory corruption in PKI.

CSCvf84349

Router crashes on polling cEigrpPeerEntry.

CSCvf89399

Flexible NetFlow crash.

CSCvf93129

Mid-call failure because all available Crypto is not Offered in SDP.

CSCvg05452

IOS-XE router crash from memory corruption during CCB cleanup.

CSCvg09010

KS merge fails for groups with TBAR due to PST update failure on primary KS.

CSCvg15158

DMVPN session get stuck in NHRP and UP-NO-IKE state without active IKEv2 session until rekey.

CSCvg16357

Copying file larger than 2GB to FTP destination fails with "Invalid argument."

CSCvg19259

MPLSoFlexVPN: Hub doesn't forward resolution req when default route is advertised to spokes.

CSCvg28614

Cisco 4000 Series ISR traceroute is abnormal although communication is OK.

CSCvg29183

Cisco 4000 Series ISRs - XE 16.3.4 - SIP-TDM GW - FLEXDSPRM-3-TDM_CONNECT errors and crash.

CSCvg30928

Management ARP entry disappears after a period of time.

CSCvg33403

Incoming call fails with 'Lower layer disconnected call cause=47' error.

CSCvg34685

IKEv1 Stuck Virtual-access interface&RRI 15.4(3)s6.

CSCvg34889

IKEv2 VPN tunnel does not establish when destiantion ip address changes during the AUTH exchange.

CSCvg38307

BE4K crashed @ContactingDest_SnrOtherDestroyDone

CSCvg40430

4431 QFP crashes by a LLC packet received in a Serial Interface

Resolved Caveats - Cisco IOS XE Everest 16.6.2

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCuv47069

DHCP crashed when configure a manual binding in an interface.

CSCux22473

IPv6 Tracking for route learned from IBGP Neighbor is Down.

CSCuy09470

ISIS hello stops to be sent after RSP switchover.

CSCvc78492

DMVPN : IOS-XE - Unable to pass traffic if spoke to spoke fails to build in phase 2.

CSCvd16501

High CPU due to SNMP ENGINE when polling mplsTunnelHopEntry.

CSCve00909

16.6 : Ping failure on re-add of ip address to Dialer Interface.

CSCve07263

IPSec Tunnel stuck in Up/Down state after shut/no-shut - VPN Interop.

CSCve09104

Command "segment-routing mpls" under router isis 1 not getting NVGEN'd.

CSCve13491

Router might crash due watchdog when creating a new swidb at if_index_allocate_index.

CSCve15722

The second and later PfRv3 VRF configs are missing after reload.

CSCve23090

16.6 OBS: Local LFA is used incorrectly when TI-LFA Node Protection enabled.

CSCve35209

16.6:Kignpin @ Kernal errors kernel-source/kernel/softirq.c:150 __local_bh_enable_ip+0x3b/0x9c().

CSCve47826

Memory leak Crypto IKEv2 at ikev2_ios_psh_set_route_info.

CSCve51657

Slow convergence with scale after a core link flaps.

CSCve53984

Cisco 4300 ISR crashed while importing certificate.

CSCve54486

Crash when attempting to assign nonexistent/shutdown VLAN to 802.1x port.

CSCve57788

Web authentication clients do not receive redirect URL and HTTP Intercept, Invalid appl_id error smd.

CSCve62353

Startup-config missing after power outage.

CSCve64336

RSP1-Continous ESMC tracebacks observed after IMA8T OIR followed by SSO.

CSCve66119

Router crash due to process "Crypto Support" segmentation fault.

CSCve68911

Nested Enhanced Route Refresh requests triggers Stale Prefixes.

CSCve76827

NAT policy-map that is large takes long time to download.

CSCve76945

:Router crashed when a sh bgp command was executed.

CSCve77011

SSL handshake failure when validating certification with name-constraints.

CSCve78101

Inconsistent Behavior on Link states with different SFP's plugged into the module.

CSCve81985

Subscriber session not synced to standby while assigning static ip in DHCP.

CSCve89668

Router crashed when "clear ip bgp vpnv4 u update-group <nei>.

CSCve90812

Cisco 4431 ISR drops all received packets due to CRC error after power off/on.

CSCve94399

Router crash when importing BGP routes - EVPN.

CSCve95243

Internal interface missing from L2FIB output list.

CSCve97061

Unable to remove 'mpls tp' configuration from Router.

CSCve98056

ESP ucode crash with ALG for PPTP traffic and PAP is enabled.

CSCve98223

Two PW-Group switchover notifications are triggered from PI to PD for a single event.

CSCvf02131

IP SLA can trigger crash when used with MPLS probe.

CSCvf03810

Cisco 4221 ISR boot loop when Gig0/0/0 up

CSCvf05616

Traffic drop, on reconfiguring l2vpn sessions after sso on peer.

CSCvf11237

Memory leak seen@crypto_init_show_instance.

CSCvf11776

VRRPv3 with VRRS remains NOT READY after shutdown Port-channel IF.

CSCvf12746

Cisco 4331 ISR packet drop when shut/no shut interface that not transport traffic.

CSCvf16448

No all IPv6 GRE crypto tunnels may come up or recover from flapping at scale.

CSCvf18162

Crash observed in Mlpp-Bacd scenario.

CSCvf18470

IOS-XE CUBE HA crash.

CSCvf19607

Cisco 4000 Series ISR not correctly handling forked 18X responses with SDP.

CSCvf24607

Ipsec Session Fail After Up/down Link Between Dmvpn Tunnel.

CSCvf24713

Stale path message for that prefix is noticed when dampening is configured.

CSCvf27072

NBAR not working on 16.5.1a in switch if name-server is configured.

CSCvf29213

PFRV3: Site Prefix shows unreachable after removing and adding the specific route for the prefix.

CSCvf30703

Watchdog crash at sla_resp_config_command when executing the "show run" command.

CSCvf30772

Cisco 4331 ISR - ATM - T1 CAS - One Way Audio: Dropping Packets due to Tail Drop

CSCvf33443

FEW Inter xTR roam scale 400/sec hit on CSR1KV-Map server causes delay in L2&L3 lisp updates to xTR.

CSCvf33570

Crash while BGP-RR Unconfiguration.

CSCvf34835

IOS-XE GETVPN KS crashes while sending cgmGdoiKeyServerRegistrationComplete trap after GM reg.

CSCvf35507

Crash in SSH Process due to SCP memory corruption.

CSCvf40147

C9300: ASIC Ballot failed message seen on during bootup in overnight reload test

CSCvf40983

TSN-H: Sometimes boot C1111-8PLTEW and see the DHCPD receive traceback in the log

CSCvf41539

CAT3K SDA border/LISP crashed with segmentation fault

CSCvf42300

ISIS SR: segmentation fault in ISIS when "no seg mpls" command is given.

CSCvf44501

ISR4K slow responsiveness when interface state goes from UP to DOWN compared to Cat6880X

CSCvf44638

Numbered extended IP ACLs break config sync

CSCvf51341

Crash after show ip ospf database summary command

CSCvf54314

Crashes due to a null pointer dereference on htsp structure.

CSCvf59923

DNS : Split DNS reg-expression issue in IOS-XE (16.x).

CSCvf62916

Router crashes when doing "show ip bgp neighbor" on a flapping BGP neighborship.

CSCvf63541

BGP with global import/export crashes when several nbrs deleted simultaneously.

CSCvf64377

Ping fail with many ACL rules and dialer profiles configured when using ISDN DDR on Cisco 4000 Series ISR.

CSCvf65643

Unicast ping stops working when "ip pim sparse-mode" removed from SVI.

CSCvf68602

E1r2-Cas is not working when adding "invert-abcd 1 0 0 0"

CSCvf69272

SNMP ENGINE high CPU usage observed with 1.3.6.1.2.1.185.1.1.1(mgmdHostInterfaceEntry).

CSCvf73320

Cisco 4431 ISR crashes while finding NDR with max oif number per multicast grp at scale.

CSCvf74154

SGACL: cpp_sp_svr crash during CFM EDIT request with reseq_enable = TRUE.

CSCvf74829

CRL download fails due to "failed to create getcacert message".

CSCvf76512

Option 82 circuit-id-tag restricted by 6 bytes.

CSCvf76535

B2B NAT HA: Stale NAT translations stuck on primary router after communication loss with standby.

CSCvf80495

IPv6 BGP network advertized not seen in the peer.

CSCvf80757

NETCONF-YANG/RESTCONF edit config fails silently, subsequent get config reports false-positive.

CSCvf88590

After disabling http server/https server on netconf, IP-Adm-V4-Int-ACL-global delete.

CSCvf89608

Missing ip route to cellular interface after router reload or modem power cycle.

CSCvf92057

CUBE is unable to send PRACK to Skype server for inbound calls.

CSCvf94948

Cisco 4331 ISR: Input policy-map classify traffic incorrectly.

CSCvf95077

Stale Mac entry in MLRIB.

CSCvf95141

ZBF crashes on standby.

CSCvf96035

ISIS redistribute connected not working for IPV6 routes.

CSCvg03498

The "copy run start all" makes the router stuck.

CSCvg06514

BE4K crashed due to CS_Placecall_Sharedln.

CSCvg08979

Martian check for distance command needs to be removed.

CSCvg13049

ISR G2: dot1p marking fails if service-policy applied on the Dialer.

CSCvg31493

Stale Mac entry in MLRIB.

CSCvg31495

NMR calculation is wrongly considering eid-record of 0.0.0.0/0 in SDA.

Open Caveats - Cisco IOS XE Everest 16.6.1

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCve95037

Traceback found for PLATFORM_INFRA-5-IOS_INTR_OVER_LIMIT part 2

CSCvf23190

IPSec install failing with dynamic crypto map scale.

CSCve90812

Cisco 4431 ISR drops all received packets due to CRC error after power OFF and ON.

CSCvf12746

Cisco 4331 ISR packet drops when the shut/no shut interface does not transport traffic.

CSCve92165

Packet drop issue is seen on Cisco 4000 Series ISR with EVC configuration.

CSCve62353

Startup configiration is missing after the power outage.

CSCvf24588

Cisco 4331 ISR Fman_Fp crashes with just a single tunnel configured.

CSCvf27563

Cisco 4000 Sereies ISR crashes in fman_fp during IPSec flow deletion.

CSCvf02875

Reducing the memory utilized by ISR-WAAS-200.

CSCve45274

A Cisco router may crash when issuing the 'show dmvpn detail | in Virtual-Access with up/down|INTF.

CSCuv90519

Map doesn't get updated with socket change on local address change.

CSCvf16626

IWAN router crash while updating pmi policy.

CSCvc46230

PfRv3: Unexpected reload while evaluating/moving TC's between channels.

CSCvf18856

Cisco 4000 Series ISR with SM-X - Switch module does not recover gracefully following bcm crash.

CSCve99492

DMVPN Ph-2: spoke to spoke traffic drops, NHRP entry incomplete, if crypto session fails to come up.

CSCve89095

Cisco 4221 ISR router crashed on fw_icmp6_get_ntuple.

CSCve69182

Logs filled with conn_array_empty messages

CSCvc89226

Connection goes down randomly on Cisco 4321 ISR/K9.

CSCvf27566

OpenDNS local-domain bypass on Cisco 4000 Series ISR stop working after reboot.

Resolved Caveats - Cisco IOS XE Everest 16.6.1

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCuu68879

Cisco 4300 ISR shows abnormal large RTT/jitter value in IP SLA udp-jitter v2/v3.

CSCvd19860

OSPFv3 AUTH breaks IPv6 traffic intermittently

CSCve71068

The show platform software cerm-information command is not displaying the statistics information.

CSCve47826

Memory leak Crypto IKEv2 at ikev2_ios_psh_set_route_info.

CSCve20522

The show crypto map command displays incorrect wildcard mask for crypto access-list.

CSCvf11237

Memory leak is seen at crypto_init_show_instance.

CSCve63482

Phase1 comes up and DPDs being exchanged even if the tunnel interface is shut down.

CSCvc79296

Redundancy inter-device is not working with security ipsec.

CSCve66119

Router crash due to process Crypto Support segmentation fault.

CSCvd97524

Fixed versions for CSCuz15131 crash when traffic with maximum size is on wire.

CSCve14080

Error message "LID: Handle 0x0 is invalid" filling console logs

CSCve77011

SSL handshake failure when validating certification with name-constraints

CSCve74862

Crash due to memory corruption when using PNP feature

CSCve76827

large NAT policy-map takes long time to download

Related Documentation

Cisco IOS Software Documentation

The Cisco IOS XE Everest 16.x software documentation set consists of Cisco IOS XE Everest 16.x configuration guides and Cisco IOS command references. The configuration guides are consolidated platform-independent configuration guides organized and presented by technology. There is one set of configuration guides and command references for the Cisco IOS XE Everest 16.x release train. These Cisco IOS command references support all Cisco platforms that are running any Cisco IOS XE Everest 16.x software image.

See http://www.cisco.com/en/US/products/ps11174/tsd_products_support_series_home.html

Information in the configuration guides often includes related content that is shared across software releases and platforms.

Additionally, you can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on cisco.com is not required.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.

To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the . RSS feeds are a free service.