Cisco 4000 Series Integrated Services Routers Overview


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).

The following table lists the router models that belong to the Cisco 4000 Series ISRs.

Cisco 4400 Series ISR

Cisco 4300 Series ISR

Cisco 4200 Series ISR

Cisco 4431 ISR

Cisco 4321 ISR

Cisco 4221 ISR

Cisco 4451 ISR

Cisco 4331 ISR

Cisco 4461 ISR

Cisco 4351 ISR

System Requirements

The following are the minimum system requirements:

  • Memory: 4GB DDR3 up to 16GB

  • Hard Drive: 200GB or higher (Optional). (The hard drive is only required for running services such as Cisco ISR-WAAS.)

  • Flash Storage: 4GB to 32GB

  • NIMs and SM-Xs: Modules (Optional)

  • NIM SSD (Optional)

For more information, see the .

Determining the Software Version

You can use the following commands to verify your software version:

  • For a consolidated package, use the show version command

  • For individual sub-packages, use the show version installed command

Upgrading to a New Software Release

To install or upgrade, obtain a Cisco IOS XE Fuji 16.9.1 consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also must first download the consolidated package and extract the individual sub-packages from a consolidated package.

For information about upgrading software, see the “How to Install and Upgrade Software” section in the Software Configuration Guide for the Cisco 4000 Series ISRs.

Recommended Firmware Versions

Table 1 provides information about the recommended Rommon and CPLD versions for releases prior to Cisco IOS XE Everest 16.4.1.

Table 1. Recommended Firmware Versions

Cisco 4000 Series ISRs

Existing RoMmon

Cisco Field-Programmable Devices

Cisco 4451 ISR

16.7(4r)

15010638

Note 
Upgrade CLI output has a typo and it would show the version incorrectly as 15010738 instead of 15010638. This does not impact the upgrade.

Cisco 4431 ISR

16.7(4r)

15010638

Note 
Upgrade CLI output has a typo and it would show the version incorrectly as 15010738 instead of 15010638. This does not impact the upgrade.

Cisco 4351 ISR

16.7(3r)

14101324

Cisco 4331 ISR

16.7(3r)

14101324

Cisco 4321 ISR

16.7(3r)

14101324

Cisco 4221 ISR

16.7(3r)

14101324

Upgrading Field-Programmable Hardware Devices

The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.

Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.

From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs .

Feature Navigator

You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on cisco.com is not required.

Limitations and Restrictions

The following limitations and restrictions apply to all releases:

Cisco Unified Threat Defense

The Cisco Unified Threat Defense (UTD) service requires a minimum of 1 to 4 GB of DRAM.

Cisco ISR-WAAS and AppNav-XE Service

The Cisco ISR-WAAS/AppNav service requires a system to be configured with a minimum of 8GB of DRAM and 16GB flash storage. For large service profiles, 16GB of DRAM and 32GB flash storage is required. Also, Cisco ISR-WAAS requires a minimum of 200GB SSD.

IPsec Traffic

IPsec traffic is restricted on the Cisco ISR 4451-X. The router has the same IPsec functionality as a Cisco ISR G2. The default behavior of the router will be as follows (unless an HSECK9 license is installed):

  • If the limit of 1000 concurrent IPsec tunnels is exceeded, no more tunnels are allowed and the following error message appears:

%CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 1000 reached for Crypto functionality with securityk9 technology package license.
  • The throughput encrypted traffic supports 250 Mbps.
  • The Cisco 4000 Series ISR does not currently support nested SA transformation such as:

crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac 
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac 
  • The Cisco 4000 Series ISR does not currently support COMP-LZS configuration.

USB Etoken

USB Etoken is not supported on Cisco IOS XE Denali 16.2.1.

Unified Communication on Cisco 4000 Series ISR

  • For T1/E1 clocking design and configuration changes, For detailed information, see the following Cisco document: T1/E1 Voice and WAN Configuration Guide.

  • For Cisco ISR 4000 Series UC features interpretation with CUCM versions, For detailed information, see the following Cisco document: Compatibility Matrix .

  • For High density DSPfarm PVDM (SM-X-PVDM) and PVDM4 DSP planning, For detailed information, see the following Cisco document: DSP Calculator for DSP planning .

Yang Data Models

Effective with Cisco IOS XE Everest 16.5.1b, the Cisco IOS XE YANG models are available in the form of individual feature modules with new module names, namespaces and prefixes. Revision statements embedded in the YANG files indicate if there has been a model revision.

Navigate to https://github.com/YangModels/yang > vendor > cisco > xe >1651, to see the new, main cisco-IOS-XE-native module and individual feature modules attached to this node.

There are also XPATH changes for the access-list in the Cisco-IOS-XE-acl.yang schema.

The README.md file in the above Github location highlights these and other changes with examples.

New and Changed Information

New Software Features in Cisco 4000 Series ISR Release Cisco IOS XE Fuji 16.9.2

There are no new features introduced for Cisco IOS XE Fuji Release 16.9.2.

.

New Hardware Features in Cisco IOS XE Fuji 16.9.1

No new hardware features were introduced for Cisco 4000 Series ISRs in Cisco IOS XE Fuji 16.9.1.

New Software Features in Cisco 4000 Series ISR Release Cisco IOS XE Fuji 16.9.1

The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Fuji 16.9.1:

Configure the Cellular Back-off Operation

For a router with 3G/4G interface, sometimes service provider network might be busy, congested, in maintenance or in fault state. In such circumstances, service provider network rejects session activation request from the router by returning reject cause code 33 as a response of the activation request. After the router receives the reject cause, the router uses the back-off operation with the pre-defined timer value which could be carrier-specific. While back-off operation is in progress, no new session activation request is sent out from the router. After the back-off period is up, new session activation request is sent out from the router.

Note: There is no command to disable the cellular back-off feature on the router.

The following example shows how to configure the cellular back-off feature to stop continuous session activation requests back to the router:

Router#show cell 0/2/0 all
Profile 1, Packet Session Status = INACTIVE
Profile 2, Packet Session Status = INACTIVE
Profile 3, Packet Session Status = INACTIVE
.
.
.
Success rate is 0 percent (0/5)
Router#show cell 0/2/0 c     
Profile 1, Packet Session Status = INACTIVE
Profile 2, Packet Session Status = INACTIVE
Profile 3, Packet Session Status = INACTIVE
RouterCall end mode = 3GPP
RouterSession disconnect reason type = 3GPP specification defined(6)
RouterSession disconnect reason = Option unsubscribed(33)
RouterEnforcing cellular interface back-off
	Period of back-off = 1 minute(s)
Profile 4, Packet Session Status = INACTIVE
...
Profile 16, Packet Session Status = INACTIVE

.
.
.
Profile 16, Packet Session Status = INACTIVE

Configure the Router for Web User Interface

This section explains how to configure the router to access Web User Interface. Web User Interface require the following basic configuration to connect to the router and manage it.

  • An HTTP or HTTPs server must be enabled with local authentication.

  • A local user account with privilege level 15 and accompanying password must be configured.

  • Vty line with protocol ssh/telnet must be enabled with local authentication. This is needed for interactive commands.

  • You can use the Cisco IOS CLI to enter the necessary configuration commands. To use this method, see Entering the Configuration Commands Manually.

Entering the Configuration Commands Manually

To enter the Cisco IOS commands manually, complete the following steps:

Before you begin

If you do not want to use the factory default configuration because the router already has a configuration, or for any other reason, you can use the procedure in this section to add each required command to the configuration.

Procedure


Step 1

Log on to the router through the Console port or through an Ethernet port.

Step 2

If you use the Console port, and no running configuration is present in the router, the Setup command Facility starts automatically, and displays the following text:

--- System Configuration Dialog ---
 
Continue with configuration dialog? [yes/no]:

Enter no so that you can enter Cisco IOS CLI commands directly.

If the Setup Command Facility does not start automatically, a running configuration is present, and you should go to the next step.

Step 3

When the router displays the user EXEC mode prompt, enter the enable command, and the enable password, if one is configured, as shown in the following example:

Router> enable
password password
Step 4

Enter config mode by entering the configure terminal command, as shown in the following example.

Router> config terminal
Router(config)#
Step 5

Using the command syntax shown, create a user account with privilege level 15.

Step 6

If no router interface is configured with an IP address, configure one so that you can access the router over the network. The following example shows the interface Fast Ethernet 0 configured.

Router(config)# int FastEthernet0
Router(config-if)# ip address 10.10.10.1 255.255.255.248
Router(config-if)# no shutdown
Router(config-if)# exit
Step 7

Configure the router as an http server for nonsecure communication, or as an https server for secure communication. To configure the router as an http server, enter the ip http server command shown in the example:

Router(config)# ip http secure-server
Step 8

Configure the router for local authentication, by entering the ip http authentication local command, as shown in the example:

Router(config)# ip http authentication local
Step 9

Configure the vty lines for privilege level 15. For nonsecure access, enter the transport input telnet command. For secure access, enter the transport input telnet ssh command. An example of these commands follows:

Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport output telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# transport output telnet ssh
Router(config-line)# exit
Router(config)# line vty 5 15
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport output telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# transport output telnet ssh
Router(config-line)# end
 

Resolved and Open Bugs

This section provides information about the caveats in Cisco 4000 Series Integrated Services Routers and describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.

The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool . This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.

In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:

  • Last modified date

  • Status, such as fixed (resolved) or open

  • Severity

  • Support cases

You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.


Note

If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.

We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:

http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html

Using the Cisco Bug Search Tool

For more information about how to use the Cisco Bug Search Tool , including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help & FAQ .

Before You Begin


Note

You must have a Cisco.com account to log in and access the Cisco Bug Search Tool . If you do not have one, you can register for an account.

SUMMARY STEPS

  1. In your browser, navigate to the Cisco Bug Search Tool .
  2. If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.
  3. To search for a specific bug, enter the bug ID in the Search For field and press Enter.
  4. To search for bugs related to a specific software release, do the following:
  5. To see more content about a specific bug, you can do the following:
  6. To restrict the results of a search, choose from one or more of the following filters:

DETAILED STEPS


Step 1

In your browser, navigate to the Cisco Bug Search Tool .

Step 2

If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.

Step 3

To search for a specific bug, enter the bug ID in the Search For field and press Enter.

Step 4

To search for bugs related to a specific software release, do the following:

  1. In the Product field, choose Series/Model from the drop-down list and then enter the product name in the text field. If you begin to type the product name, the Cisco Bug Search Tool provides you with a drop-down list of the top ten matches. If you do not see this product listed, continue typing to narrow the search results.

  2. In the Releases field, enter the release for which you want to see bugs.

    The Cisco Bug Search Tool displays a preview of the results of your search below your search criteria.

Step 5

To see more content about a specific bug, you can do the following:

  • Mouse over a bug in the preview to display a pop-up with more information about that bug.

  • Click on the hyperlinked bug headline to open a page with the detailed bug information.

Step 6

To restrict the results of a search, choose from one or more of the following filters:

Filter

Description

Modified Date

A predefined date range, such as last week or last six months.

Status

A specific type of bug, such as open or fixed.

Severity

The bug severity level as defined by Cisco. For definitions of the bug severity levels, see Bug Search Tool Help & FAQ .

Rating

The rating assigned to the bug by users of the Cisco Bug Search Tool .

Support Cases

Whether a support case has been opened or not.

Your search results update when you choose a filter.


Resolved and Open Bugs in Cisco 4000 Series Integrated Services Routers

This section contains the following topics:

Open Caveats - Cisco IOS XE Fuji 16.9.3

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCvj17588

Cisco 4000 Series ISRs may reload in ""BGP Router" process when interface flap occurs with IPv6 MPLS per vrf routes

CSCvn56017

Crash while processing ISIS updates when DiffServ-TE is enabled.

CSCvn78203

Router crashed when printing logs while constructing rekey packets (GETVPN).

CSCvo09246

Cisco 4351 ISR communication down few minute after shutdown/no shutdown interface.

CSCvo18177

IPV4 routes on the global routing table learnt via BGP refreshes upon adding or removing a VRF.

CSCvo22398

Cisco 4000 Series ISRs with NIM-ES2 do not forward STP Uplink Fast dummy packet

CSCvo24170

Crash due to chunk corruption in ISIS code.

CSCvo35606

Dialer interface shutdown caused crash of router.

CSCvo36188

Crash at NAT clear.

CSCvo43897

Cisco4331 ISR , wrongly adding to Port to subscriber field after translation.

CSCvo46405

qfp ucode crashed with sRTP traffic - chunk memory corruption.

CSCvo47436

IOS-XE - firewall corrupts half open list.

CSCvo62122

IOS-XE Router may crash when attempting to Fragment Corrupted IPv4 Packet

CSCvo62584

DHCP discover packets were being dropped at firewall since UDP source port as 0.

Resolved Caveats - Cisco IOS XE Fuji 16.9.3

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCvg29037

Traceback is observed during mid-call media IP and port change.

CSCvh77984

Router shows "Flash disk quota exceeded" during the reload, but it still has 60% of free memory left.

CSCvj45781

QFP CGM Memory depletion during ISG session churn.

CSCvk20560

491 not sent in a multiple re-invites in DO2EO scenario.

CSCvk62792

IKE Fragmentation payload incorrectly marked as critical.

CSCvk73696

MGCP auto-config: Port command under pots dial-peer goes missing from the configuration.

CSCvm01420

CUBE crashes at sipSPI_ipip_vcc_CheckCodecSetType.

CSCvm19399

CRL file is getting overwritten when PKI server turns up after reload.

CSCvm39894

False authorizations and authentications even without radius server for dot1x/mab.

CSCvm42441

Router crash when clearing ip nat translations.

CSCvm45068

IOS CUBE Ent does not show 'media anti-trombone' in configuration.

CSCvm51112

"clear crypto sa vrf MyVrf" triggers crash after updating pre-shared-keys.

CSCvm58960

"VoIP dial-Peer <XX> is Busied out" printed in log every 2 minutes when destination is not reachable.

CSCvm59483

Host crashes the DSP if ipv6 commands are configured under Service-Engine [Purge ipv6 config option].

CSCvm61279

Crash under AFW_application_process with shared-line configuration.

CSCvm62419

Crash at CCB of RTPSPI at the moment of creating a disconnect timer.

CSCvm65384

SNMP PKI trap are generated with wrong OID of 6999 instead of 854 per OID assignment.

CSCvm74894

PKI authentication should proceed even if GetCACaps return any http failure.

CSCvm76295

[SAP] syncfd fails to start on reload after upgrade to new ES image.

CSCvm76452

IPSec background crash while sending SNMP trap.

CSCvm76590

CUBE doesn't forward 200 OK in SRTP-RTP scenario with TCL script on Dial-peer.

CSCvm83720

Cisoc 4431 ISR GW crashed due to flex_dsprm_vtsp_close.

CSCvm86397

CUBE: Crash observed at rbuf_ooh_handler.

CSCvm92019

Media Ant-Trombone does not properly handle a Re-Invite utilizing a Replaces Header.

CSCvm93603

IP change on dialer-int does not trigger a correct "local cryto entpt"in DMVPN.

CSCvm94112

DSM-3-INTERNAL: Internal Error : No DSM handle provided traceback on TDM voice gateway.

CSCvm94788

Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656390E15.

CSCvm94891

Crash caused by a "TLB Modification exception" after processing a null chunk in "IP Input" process.

CSCvm99036

CUBE Crash in CCSIP_SPI_CONTROL process.

CSCvm99045

IOS-XE PKI: Certificate with 4 dashes imported in trustpool gets lost after reboot.

CSCvn00218

CUBE Crash in sipSPIAppAddCallInfoUI.

CSCvn01507

ISR not re-calculating the hash value correctly after payload change.

CSCvn01681

IPv6 To/From headers malformed with TCL IVR Script and header-passing.

CSCvn02419

Device running IOS-XE 16 Polaris Sees Crash When Performing NAT ALG on FTP Packet.

CSCvn07614

Out of Band DTMF Events Not Passing to CUCM via SCCP When Using IOS MTP.

CSCvn14737

Crash with SIP call.

CSCvn15588

Loss of two way audio with Skinny Phone, Line instance does not work until the next reboot.

CSCvn15647

ISR4k: "mach vlan" support on Ethernet-internal interface.

CSCvn17062

ISR4K: add SCCP MTP single-VRF support with a limitation no traffic from/to other VRF

CSCvn18500

Certificate map does not work always with UPN in SAN field.

CSCvn18790

Cube crash with %SDP-3-SDP_PTR_ERROR.

CSCvn27579

Cisco 4000 Series ISRs%FMFP-3-OBJ_DWNLD_TO_DP_FAILED:fman_fp_image.

CSCvn33961

SSRC-field in RTCP gets changes to 0 when going through TRP present in the media path.

CSCvn36359

CUBE does not forward INVITE with "midcal-signalling passthru media-change" during a video escalation.

CSCvn37915

Crash in cpp_bqs_rm_yoda_proc_pend_fc_cb.

CSCvn41467

Recommit of CSCvm99778 - eca/ewlc/qwlc/mewlc Sanity : AP join failed.

CSCvn47534

RTP/SRTP interworking fails when 18x w/o SDP is before 183 w/SDP.

CSCvn51553

QFP crashes with a HW interrupt.

CSCvn53969

Memory leak in SMD process due to AAA Idle-timer not being freed.

CSCvn55148

Router not closing TCP connections when "reload" is executed.

CSCvn64296

Crash when making an external call.

CSCvn64397

Incorrect syntax in CRL download URL cause crash.

CSCvn67837

TCP port takes 4 minutes to get released after it is closed.

CSCvn71041

TACACS group server is not seen, when "transport-map type console test" is configured.

CSCvn78349

FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload.

CSCvn78961

Subscribers cannot re-login due to CoA time-out (lite-sessions in routed mode).

CSCvo00968

Radius attr 32 NAS-IDENTIFIIER not sending the FQDN.

CSCvo08337

Crash when inserting second NIM-2MFT-T1/E1 in Cisco 4331 ISR.

CSCvo15141

CLI "nat force-on" in voice service voip not working as expected.

Open Caveats - Cisco IOS XE Fuji 16.9.2

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCvj12370

cpp_cp_svr crash in bqs while running QMRT test tool.

CSCvj17588

Cisco 4000 Series ISRs may reload in ""BGP Router" process when interface flap occurs with IPv6 MPLS per vrf routes.

CSCvj45781

QFP CGM memory depletion during ISG session churn.

CSCvk10212

Unable to migrate from ADSL to VDSL without a reboot.

CSCvk59169

Strict SID has NOT been enabled in ISIS segment-routing..

CSCvm59483

Host crashes the DSP if ipv6 commands are configured under Service-Engine [Purge ipv6 config option].

CSCvm61279

Crash under AFW_application_process with shared-line configuration.

CSCvm76590

CUBE does not forward 200 OK in SRTP-RTP scenario with TCL script on Dial-peer.

CSCvm78822

The config-sync failure is seen while using 'aaa authorization' commands.

CSCvm91323

Router crash with reload reason: LocalSoftADR and core file generated 'cpp-mcplo-ucode'.

CSCvm94788

Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656xxxx.

CSCvn01507

Cisco 4000 Series ISR is not recalcluating the hash value correctly after payload change.

CSCvn02047

More than 5k NAT entries is causing high CPU utilization even with no traffic.

Resolved Caveats - Cisco IOS XE Fuji 16.9.2

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCuz14861

IOS-XE fails to correctly populate RTCP SSRC field.

CSCve31475

SNMP Error: OID not increasing: @ipAddressIfIndex.ipv6zr

CSCvi08303

Standby RP reloads due to config sync failure when Applied Service-insertion WAAS on physical Int.

CSCvi63425

Cisco 4400 ISR router cpp crashed when configured HSRP with PMIPv6.

CSCvi92528

ZBFW HA: Configuring redundancy RII on virtual template auto-tunnel does not take effect.

CSCvj16209

CME with external SIP trunk registration results into crash.

CSCvj24940

Voice VRF with No Bind OPTIONS ping response not sent.

CSCvj25678

The router crashes after failing to modify xcode.

CSCvj27172

The router crashes during Generic Call Filter Module clean-up.

CSCvj43156

Crash in XDR process: "fib_rp_table_broker_encode_buf.size <= FIB_RP_TABLE_BROKER_ENC_BUF_SZ".

CSCvj50005

Ciso 4000 Series ISR PPE ucode crashes when processing ipsec traffic on CWS tunnel.

CSCvj69654

OSPF originates default route without "default-information originate".

CSCvj73544

OSPF routing loop for external route with multiple VLINKs/ABRs.

CSCvj76285

Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06.

CSCvj78647

MTU CLI is disappeared from show run when interface dialer sh/no shut.

CSCvj90426

Dash i2c kernel message outputted during boot up.

CSCvj90814

Crash due to memory corruption in Cisco 4000 Series ISR.

CSCvj91448

PKI:-IP address parsing issue while printing the subject name if classless IP is used in Trustpoin.

CSCvj92862

Netconf returns 255 length byte-stream chars instead of actual length for OSPFV2 Key-string.

CSCvj95351

OSPF SR uloop : After issuing "clear ip ospf process". ospf process crashed.

CSCvk00446

BGP high CPU when config 256k vxlan static route.

CSCvk02072

Hoot-n-holler multicast traffic marked with DSCP 0.

CSCvk07838

CUBE is using wrong source IP address to send SIP error.

CSCvk10633

BGP crashes while running show command and same time bgp peer reset.

CSCvk10909

ISRv: ONEP process crash during day0 bringup.

CSCvk12152

Unable to remove command 'ip nat inside destination.'

CSCvk12448

ESP crashes due to fatal error.

CSCvk15062

Modification to ZBFW access-lists do not reflect in TCAM.

CSCvk27007

MGCP status remains Down after IOS upgrade caused by CSCvh70570.

CSCvk37875

High Availability system crashes with two Voice Gateways.

CSCvk44570

16.9 memory leak when create VLAN on ISRs.

CSCvk53405

Router crash - AFW_application_process.

CSCvk56331

Initial contact in IKEv1 phase 2 rekey (QM1) causes all crypto sessions to drop.

CSCvk56356

NETCONF the IP routes with DHCP are not presented in a consistent way for rpc-reply.

CSCvk60184

Random crash of data plane with SRTP-SRTP / SRTP-RTP load tests.

CSCvk65072

Crashes due ZBF + NAT.

CSCvk65354

Extension Mobility Not working when used with Greek locale on SIP CME.

CSCvk66880

CUBE incorrectly fomats SIP SDP.

CSCvk69075

No calls shown in output "show call active voice brief" on CUBE and stale entries are present.

CSCvk69093

CUBE is not responding to SIP INFO.

CSCvm02627

Incorrect contact port 5060 used instead of 5061 by CUBE in "302 Moved Temporarily" message.

CSCvm03744

"%FMFP-3-OBJ_DWNLD_TO_DP_FAILED:fman_fp_image:xxx" appears when configured "ip port-map" on Cisco 4400 Series ISRs.

CSCvm06270

ICMP unrechables are not sent to the client on Cisco 1117 ISR platform.

CSCvm14346

Cisco ISR/CSR: Memory Corruption of mdl_tbl due to fia-history CLI.

CSCvm16619

CPP-mcplo-ucode crash while encrypting SIP packets with ALG NAT for SIP.

CSCvm17883

Standby switch crashes when adding a host name to an object-group.

CSCvm21219

Crash on Running "show vpdn tunnel summary" command.

CSCvm36190

Traceback seen when attempting to recover sw port from bpduguard err-disable state

CSCvm51739

SNMP v3 discloses password in the parser warning syslog trap.

CSCvm53491

SIP CME Crashes when Calling Shared Line.

CSCvm56592

CME/BE4K: Corrupted config file for Auto Registered IP Phones after reload.

CSCvm56670

ACL dropping packets after updating it - %CPPEXMEM-3-NOMEM.

CSCvm66103

Crash due to communication failure - IPC (Inter-Procedure Call) messages between DSP and RP.

CSCvm67419

Cisco 4400 Series ISRs MACsec drops small frames.

Open Caveats - Cisco IOS XE Fuji 16.9.1

All open bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Severity

Description

CSCuz14861

2

IOS-XE Fails to correctly populate RTCP SSRC Field

CSCve31475

2

SNMP Error: OID not increasing: @ipAddressIfIndex.ipv6z

CSCvi08303

1

Standby RP Reloads due to Config Sync Failure When Applied Service-insertion WAAS on Physical Int

CSCvi63425

2

ISR4400 router cpp crashed when configured HSRP with PMIPv6

CSCvi92528

2

ZBFW HA: Configuring redundancy RII on virtual template auto-tunnel does not take effect

CSCvj16209

2

CME with external SIP trunk registration results into crash.

CSCvj24940

2

Voice VRF with No Bind OPTIONS Ping response not sent

CSCvj25678

2

Crash after failing to modify xcode

CSCvj27172

2

Crash during Generic Call Filter Module cleanup

CSCvj43156

1

Crash in XDR process: "fib_rp_table_broker_encode_buf.size <= FIB_RP_TABLE_BROKER_ENC_BUF_SZ"

CSCvj50005

2

ISR4K PPE ucode crash when processing ipsec traffic on CWS tunnel

CSCvj69654

2

OSPF originates default route without "default-information originate"

CSCvj73544

2

ospf routing loop for external route with multiple VLINKs/ABRs

CSCvj76285

2

Snmp v2 breaks due to Authentication failure, bad community string, 16.03.06

CSCvj78647

2

mtu cli is disappeared from show run when interface dialer sh/no shu

CSCvj90426

3

Dash i2c Kernel message outputted during boot up

CSCvj90814

2

Crash due to Memory corruption in ISR4k

CSCvj91448

2

PKI:-IP address parsing issue while printing the subject name if classless IP is used in Trustpoint

CSCvj92862

2

Viptela-netconf returns 255 length byte-stream chars instead of actual length for OSPFV2 Key-string

CSCvj95351

2

OSPF SR uloop : After issuing "clear ip ospf process". ospf process crashed.

CSCvk00446

2

BGP high CPU when config 256k vxlan static route

CSCvk02072

2

Hoot-n-holler multicast traffic marked with DSCP 0

CSCvk07838

2

CUBE is using wrong source IP address to send SIP error

CSCvk10633

2

bgp crash while running show command and same time bgp peer reset

CSCvk10909

1

ISRv: ONEP process crash during day0 bringup

CSCvk12152

2

Unable to remove command 'ip nat inside destination'

CSCvk12448

2

ESP crash due to fatal error

CSCvk15062

2

Modification to ZBFW access-lists do not reflect in TCAM

CSCvk27007

2

MGCP status remains Down after IOS upgrade caused by CSCvh70570

CSCvk37875

2

High Availability system with two Voice Gateways - Crash

CSCvk44570

2

16.9 Memory leak when create VLAN on ISRs

CSCvk53405

1

Router crash - AFW_application_process

CSCvk56331

2

Initial contact in IKEv1 phase 2 rekey (QM1) causes all crypto sessions to drop

CSCvk56356

2

NETCONF the IP routes with DHCP are not presented in a consistent way for rpc-reply

CSCvk60184

2

Random crash of data plane with SRTP-SRTP / SRTP-RTP load tests

CSCvk65072

2

Crash due ZBF + NAT

CSCvk65354

2

Extension Mobility Not working when used with Greek locale on SIP CME

CSCvk66880

2

CUBE incorrectly fomats SIP SDP

CSCvk69075

2

No calls shown in output "show call active voice brief" on CUBE & stale entries are present

CSCvk69093

2

CUBE is not responding to SIP INFO

CSCvm02627

2

Incorrect Contact port 5060 used instead of 5061 by CUBE in "302 Moved Temporarily" message

CSCvm03744

2

"%FMFP-3-OBJ_DWNLD_TO_DP_FAILED:fman_fp_image:xxx" appears when configured "ip port-map" on ISR44xx.

CSCvm06270

2

ICMP unrechables are not sent to the client on C1117 platform

CSCvm14346

3

ISR/CSR - Memory Corruption of mdl_tbl due to fia-history CLI

CSCvm16619

1

CPP-mcplo-ucode crash while encrypting SIP packets with ALG NAT for SIP

CSCvm17883

2

Standby switch crashes when adding a host name to an object-group

CSCvm21219

1

Crash on Running "show vpdn tunnel summary" command.

CSCvm36190

3

Traceback seen when attempting to recover sw port from bpduguard err-disable state

CSCvm51739

1

SNMP v3 discloses password in the parser warning syslog trap

CSCvm53491

2

SIP CME Crashes when Calling Shared Line

CSCvm56592

2

CME/BE4K: Corrupted config file for Auto Registered IP Phones after reload

CSCvm56670

2

ACL dropping packets after updating it - %CPPEXMEM-3-NOMEM

CSCvm66103

2

Crash due to communication failure - IPC (Inter-Procedure Call) messages between DSP and RP.

CSCvm67419

1

ISR4400 MACsec drops small frames

Resolved Caveats - Cisco IOS XE Fuji 16.9.1

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Caveat ID Number

Description

CSCve78802

Cisco 4451 ISR: GLC-TE SFP module cannot up after OIR during traffic

CSCvf68261

Crash when printing IPSEC anti-replay error.

CSCvf73320

Cisco 4431 ISR crashes while finding NDR with max oif number per multicast grp at scale.

CSCvf76101

First drop error cause Tracebacks observed with IWAN stress.

CSCvf76535

B2B NAT HA: Stale NAT translations stuck on primary router after communication loss with standby.

CSCvf84340

IOS crash when logging rx dsp ctrl message out_of_sequence count syslog.

CSCvf85386

Incorrect counters in output of "show macsec statistics".

CSCvf86185

NIM-SSD: Inventory of disk0 and disk1 are interchanged onIOS XE 16.x.

CSCvf87437

High memory utilization in the QFP of QM RM process.

CSCvf95141

Zone-based Firewall crashes on standby.

CSCvf98231

Broadcast counters issue on Cisco 4000 Series ISRs.

CSCvg00696

Throughput configuration CLI should log the message "write mem and reload" instead of just relaod.

CSCvg01760

Traceback-CPUHog seen on the device.

CSCvg03498

The "copy run start all" makes the router stuck.

CSCvg03981

IOS-XE NAT: IP header of tunneled traffic is translated twice (in inner and outer header).

CSCvg05599

Router does not recalculate UDP checksum after NAT.

CSCvg19203

SBC re-latch does not work as expected in case of ipv4 mask/0.

CSCvg21196

Cisco 4000 Series ISRs: SW MTP configured as TRP does not relay PLI/RTCP messages.

CSCvg26073

QFP Memory leak in cpp_cp_svr with CPP List Hdr chunk.

CSCvg31373

Cisco 4000 Series ISRs : Error Msg (SYS-2-CHUNKEXPANDFAIL: Could not expand chunk pool for ASR1000 SPA TDL).

CSCvg31929

Extended the retries on UCSE before NGIO control packet loss is detected.

CSCvg33403

Incoming call fails with lower layer disconnected call cause=47 error caused by T.38 calls.

CSCvg33454

Pass load balancing information in IP header to container.

CSCvg39934

SL mode, unthrottled configuration and relaod without saving puts the system in inconsistent state.

CSCvg40430

Cisco 4431 ISR: QFP crashes by a LLC packet received in a serial interface.

CSCvg52180

Cisco 4000 Series ISRs: ROMMON upgrade fails on certain IOS-XE 16.x releases.

CSCvg63492

Cisco 4000 Series ISRs :IOS-XE 16.x: CWS CLI present but the feature is not supported.

CSCvg65632

CPP 0 failure Stuck Thread resulting in Unexpected Reboot

CSCvg89742

Incorrect pass-through statistics seen during soak run.

CSCvg94908

Mgig stack keeps crashing while configuring with Radius commands.

CSCvi63840

VIG interface counters do not increment with multicast service reflection on IOS-XE.

CSCvj51510

Crash after service-policy APPNAV change on WAAS instance.

.

CSCuy30367

ENH: IOS-XE should allow "ip address dhcp" on Tunnel interface.s

CSCvb69966

Memory leak under LLDP Protocol process.

CSCvd62086

ISR4xxx needs to generate puntinject_stats.log.xxxx and save in bootflash.

CSCvf19460

CTS Pac download fails with ISE reachability through loopback interface over vrf

.

CSCvf37923

Crash due to stack overflow.

CSCvf80363

Rrotate nginx access/error log files

CSCvg16234

ISR receives a control packet (CDP) with a CMD tag it should process it, not drop it.

CSCvg51358

DHCPNAK is not sent in roaming scenario.

CSCvh02516

Cannot add static route through dynamic NEMO tunnel interface.

CSCvh16650

Netconf Get routing-state received an errored RPC response.

CSCvh20041

UDP SLA Probes not working through PMIPv6 tunnel with GETVPN.

CSCvh26828

Crash in SNMP ENGINE when polling lldpRemChassisId object.

CSCvh32416

Evaluation of all for CPU Side-Channel Information Disclosure Vulnerability.

CSCvh57050

IGMP multicast SSM-map with DNS does not work with IGMPv3.

CSCvh60525

CLI aaa common-criteria not available on IPBASEK9 license.

CSCvh60871

Unexpected Reboot following show platform software adjacency oce [ID].

CSCvh61453

NULL remote_hostname from LAC.

CSCvh62532

System reload when clearing cts pac.

CSCvh63932

Noisy debugs in "periodic" tracelog.

CSCvh68810

16.8.1:dot1x Clients stops responding ( ping to clinet IP fails) after 2nd SSO.

CSCvh69518

%SYS-3-TIMERNEG:Cannot start timer with negative offset Process= "ARP Background"

CSCvh70297

Redundancy Mode None does not Sync.

CSCvh73134

ISDN memory leak.

CSCvh77637

ISDN pri-group cause router get into a loop.

CSCvh80485

CTS pacs and cts credentials are lost after SSO.

CSCvh92275

QoS Overrides loadbalancing to per prefix even with only session level policing applied

CSCvh97226

Ordering isssue for crypto keyring and crypto isakmp profile.

CSCvh99651

AAA-Proxy errors in dmiauthd tracelogs.

CSCvi07387

IP dhcp excluded-address deletion issues via netconf.

CSCvi07402

No increment for input errors in show i/f counters for pkts larger than configured MTU+30 byte.

CSCvi11665

Virtual-service guest IP accepts broadcast address.

CSCvi12341

Unable to see device-sensor in accounting message on ISE (MUD URI).

CSCvi20882

Netconf IP-SLA udp-jitter case missing leaf codec.

CSCvi22603

Flex-LSP tunnel flap on failing active protecting link without WRAP enabled.

CSCvi22835

Vz: Non-XE to XE ISSU compatibility issue.

CSCvi24614

XE 16.8.1: MKA session not coming up consistently after SSO and keepalive timeout.

CSCvi25507

Session Mgrd crah obsered with XE 16.8.1 image.

CSCvi31493

Configuration of BGP auto-summary using NETCONF fails.

CSCvi35143

Repeatedly Tracebacks seen : %INFRA-3-INVALID_GPM_ACCESS: Invalid GPM Load.

CSCvi36290

Incorrect BDI configuration state shown by NETCONF on interface creation.

CSCvi36351

Standby rp crash on removing member link from port-channel.

CSCvi36875

Restored DB is session-lock locked out with insane timeout after boot

CSCvi60900

DHCP Leasequery Padding contains previously used data.

CSCvi72769

UDP SLA echo packets not getting encrypted.

CSCvi89742

Excessive memory (20MB)) allocated for event tracing by lslib subsys.

CSCvj29095

High CPU due to Alignment Corrections - DNS and NBAR.

CSCvj55797

NETCONF does not list all the ip nat configuration.

CSCvj56303

NETCONF issue when updating NAT config with VRF keyword.

CSCvj69569

The "show authentication session sw st" broken and session monitoring sessions coming in show auth sess in legacy mode.

CSCvj79542

Missing interface source template model.

CSCvj87392

DHCP server with option 249 pushes only the routes confiugred in the first instance.

CSCvj89345

AVC license should be activated only in case of smart licensing model.

Related Documentation

Cisco IOS Software Documentation

The Cisco IOS XE Fuji 16.x software documentation set consists of Cisco IOS XE Fuji 16.x configuration guides and Cisco IOS command references. The configuration guides are consolidated platform-independent configuration guides organized and presented by technology. There is one set of configuration guides and command references for the Cisco IOS XE Fuji 16.x release train. These Cisco IOS command references support all Cisco platforms that are running any Cisco IOS XE Fuji 16.x software image.

See http://www.cisco.com/en/US/products/ps11174/tsd_products_support_series_home.html

Information in the configuration guides often includes related content that is shared across software releases and platforms.

Additionally, you can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on cisco.com is not required.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.