First Published: August 15, 2025

Last Updated: December 3, 2025

Cisco 4000 Series Integrated Services Routers Overview


Note

Cisco IOS XE 17.18.1a is the first release for Cisco 4000 Series Integrated Services Routers in the Cisco IOS XE 17.18.x release series.


Note

See the End-of-Sale and End-of-Life Announcement for the Cisco ISR4200, ISR4300 and select ISR4400 Series Platform page for information about the end-of-life milestones for the Cisco 4000 Series Integrated Service Routers.


Note

See the End-of-Sale and End-of-Life Announcement for the Cisco ISR4461 Series Platform page for information about the end-of-life milestones for the Cisco ISR4461 series platform.

The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).


Note
Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.

The licensing utilities and user interfaces that are affected by this limitation include only the following:

  • Cisco Smart Software Manager (CSSM),

  • Cisco Smart License Utility (CSLU), and

  • Smart Software Manager On-Prem (SSM On-Prem).

Product Field Notice

Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.

We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#~tab-product-categories.

System Requirements

The following are the minimum system requirements:


Note

There is no change in the system requirements from the earlier releases.

  • Memory: 4 GB DDR3 up to 32 GB

  • Hard Drive: 200 GB or higher (Optional). The hard drive is only required for running services such as Cisco ISR-WAAS.

  • Flash Storage: 4 GB to 32 GB

  • NIMs and SM-Xs: Modules (Optional)

  • NIM SSD (Optional)

For more information, see the Cisco 4000 Series ISRs Data Sheet.


Note

For more information on the Cisco WAAS IOS-XE interoperability, see the WAAS Release Notes: https://www.cisco.com/c/en/us/support/routers/wide-area-application-services-waas-software/products-release-notes-list.html.

Determine the Software Version

You can use the following commands to verify your software version:

  • For a consolidated package, use the show version command

  • For individual sub-packages, use the show version installed command

Upgrade to a New Software Release

To install or upgrade, obtain a Cisco IOS XE 17.18.x consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also must first download the consolidated package and extract the individual sub-packages from a consolidated package.


Note

When you upgrade from one Cisco IOS XE release to another, you may see %Invalid IPV6 address error in the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias commands and save the configuration. The commands will be persistent on subsequent reloads.

For more information on upgrading the software, see the Installing the Software section of the Software Configuration Guide for the Cisco 4000 Series ISRs.

Upgrade Field-Programmable Hardware Devices

The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.

Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.

From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.

Feature Navigator

You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on cisco.com is not required.

New and Changed Information

New and Changed Hardware Features for Cisco IOS XE 17.18.1a

There are no new hardware features for this release.

New and Changed Software Features in Cisco IOS XE 17.18.1a

Table 2. New Software Features in Cisco IOS XE 17.18.1a
Product impact Feature Description

Ease of Use

 Hosted Edge Services for SD-Routing Devices From Cisco IOS XE 17.18.1a release, Cisco Catalyst SD-WAN Manager supports deployment of IOx applications such as Cyber Vision, Thousand Eyes, UTD, and so on. The support to monitor these applications is introduced through Hosted Edge Services monitoring dashboard which offers a simplified user experience for overseeing IOx container applications across multiple devices. The Hosted Edge Services monitoring dashboard is introduced on Cisco Catalyst SD-WAN Manager version 20.18.x.

Ease of Use

 Certificate Management on SD-Routing Devices This feature introduces a new certificate authorization setting, Enterprise Certificate Settings, which unifies certificate configurations for SD-Routing devices. Cisco SD-WAN Manager automates certificate management by leveraging protocols like EST (Enrolment over Secure Transport) and SCEP (Simple Certificate Enrolment Protocol). The feature automates the enrolment, and renewal of certificates.

Upgrade

 MVPN Ingress Replication (IR) over SRv6 This feature enables the transport of IPv4 MVPN traffic across an SRv6 network. It simplifies multicast deployment by using the existing SRv6 unicast infrastructure as the underlay. With this feature, the ingress PE router receives multicast traffic and creates a separate unicast SRv6-encapsulated copy for each egress PE router in the multicast group.

Upgrade

 SRv6 Path MTU Discovery This feature introduces a mechanism to determine the maximum transmission unit (MTU) for packets traversing an SRv6 underlay network. It ensures efficient packet forwarding by preventing fragmentation and packet drops, thereby allowing network devices to dynamically adjust packet sizes to avoid exceeding link MTU limits. The system relays ICMP Packet Too Big (PTB) messages from the SRv6 underlay to the IPv6/IPv4 overlay network, supporting both Transit-node and Headend-node PTB relay methods.

Upgrade

 SRv6 Flex-Algo with TI-LFA and uLoop Avoidance From Cisco IOS XE 17.17.1a, Flexible Algorithm enhances SRv6 by including functions like Topology Independent Loop-Free Alternate (TI-LFA) and microloop (uLoop) avoidance. This feature improves network resilience and efficiency.
Ease of Use Packet Drops The show drops command is introduced in Cisco IOS XE 17.18.1a. This command consolidates multiple platform and protocol-specific debugging tools into a single, user-friendly interface, enabling network operators to efficiently identify the root causes of packet drops. By streamlining the troubleshooting process, this feature significantly improves operational efficiency and network performance.
Ease of use Cisco Secure Routers Swim and Onboarding Tool Cisco IOS XE 17.18.1a introduces the Cisco Secure Routers Swim and Onboarding tool that helps customers upgrade and onboard autonomous hardware devices to cloud-hosted or on-premises Catalyst Cisco SD-WAN Manager
Ease of use Managing NGFW Policies from Security Cloud Control Security Cloud Control is a cloud-based multi-device manager that facilitates management of security policies to achieve consistent policy implementation. Security Cloud Control helps optimize your security policies by identifying inconsistencies with them and by giving you tools to fix the inconsistencies. From Cisco IOS XE 17.18.1a release, you can integrate Cisco SD-WAN Manager with Security Cloud Control, which allows you to import existing NGFW policies, security objects, and security profiles into Security Cloud Control. With this integration, you can share objects and policies as well as make configuration templates to promote policy consistency across devices.
CUBE Features
Ease of Use Enhanced support for serviceability in SIP recording From Cisco IOS XE 17.18.1a onwards, serviceability is enhanced to display consolidated information on forked and associated anchor call legs.
Upgrade Third-Party GUID capture for correlation between call transfers and SIP-based recording From Cisco IOS XE 17.18.1a onwards, the Third-Party GUID capture for correlation between calls and SIP-based recording is extended to support transmission of globally unique identifiers (GUIDs) to the recording server during call transfers.
Upgrade IOS UC apps reports smart licensing flex subscription entitlement tag From Cisco IOS XE 17.18.1a onwards, CUBE and SRST smart licensing reports flex subscription entitlement tag on all the supported platforms.

Configure the Router for Web User Interface

This section explains how to configure the router to access Web User Interface. Web User Interface requires the following basic configuration to connect to the router and manage it.

  • An HTTP or HTTPs server must be enabled with local authentication.

  • A local user account with privilege level 15 and accompanying password must be configured.

  • Vty line with protocol SSH/Telnet must be enabled with local authentication. This is needed for interactive commands.

  • For more information on how to configure the router for Web User Interface, see Cisco 4000 Series ISRs Software Configuration Guide, Cisco IOS XE 17.

Resolved and Open Bugs

This section provides information about the bugs in Cisco 4000 Series Integrated Services Routers and describe unexpected behavior. Severity 1 bugs are the most serious bugs. Severity 2 bugs are less serious. Severity 3 bugs are moderate bugs. This section includes severity 1, severity 2, and selected severity 3 bugs.

The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.

In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:

  • Last modified date

  • Status, such as fixed (resolved) or open

  • Severity

  • Support cases

You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.


Note
If the bug that you have requested cannot be displayed, this may be due to one or more of the following reasons: the bug ID does not exist, the bug does not have a customer-visible description yet, or the bug has been marked Cisco Confidential.

Resolved and Open Bugs in Cisco 4000 Series Integrated Services Routers

Resolved Bugs - Cisco IOS XE 17.18.1a

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Bug ID Description
CSCwo05703 Virtual Forwarding Router is not dynamically disabled after Zone-Based Firewall removal in SD-WAN deployments.

CSCwp23487

SGW offline with SSH error unable to open socket while establishing netconf session.
CSCwn26353 BFD sessions using Transport Locator Extension do not establish when IPv6 are dynamically changed.
CSCwo84428 Memory leak observed in the virtual daemon process during DTLS with SNMP polling.
CSCwm27749 Throughput and download speed are reduced when using Internet Protocol Security Encapsulating Security Payload with NULL transform and Zscaler.
CSCwn12594 Secure Internet Gateway Zscaler Internet Protocol Security does not create VPN credentials for the primary tunnel.
CSCwo75657 Maximum control connections do not match maximum Overlay Management Protocol sessions.
CSCwm72336 Data policy with Domain Name System redirects via overlay results in traffic loss with Cloud Exchange Point.
CSCwn69868 Control connections to controllers are not established after controllers are removed and re-added.
CSCwp24639 Device reloads unexpectedly after virtual private network configuration changes in SDWAN.
CSCwn42496 Encore process terminates at Bidirectional Forwarding Detection send and detect sleep time during extended operation.
CSCwo72675 All BFD for dialer interfaces are down, and Security Association Identifier is zero for all.
CSCwp91064 Null pointers dereference in Fault Tolerance and Management Daemon causes unexpected process termination

Open Bugs - Cisco IOS XE 17.18.1a

All open bugs for this release are available in the Cisco Bug Search Tool.

Bug ID Description
CSCwq40026 Device unexpectedly reloads due to Fault Tolerance and Management Daemon process.
CSCwq20326 Service-side static route is not installed to Cisco Express Forwarding after upgrade.
CSCwe19394 Device may boot with previous package configuration following a power outage.
CSCwo42664 Key manager process generates core files.
CSCwp01089 High latency observed at hub devices.
CSCwp12196 Device reloads due to memory corruption in Fault Tolerance and Management Daemon notification queue.
CSCwq27426 Bidirectional Forwarding Detection session remains down when outbound packets are unencrypted despite IPsec SA.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business results you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.

Troubleshoot

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.

Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.