Release Notes for Cisco 4000 Series ISRs, Release 17.18.x
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Cisco ISR 4000 Integrated Services Routers , Release 17.18.1a
Cisco ISR 4000 Integrated Services Routers, Release 17.18.1a
Cisco IOS XE 17.18.1a is the first release for Cisco 4000 Series Integrated Services Routers in the Cisco IOS XE 17.18.x release series.
The key highlights of this release include these features and enhancements:
● Monitoring & Observability
● Cellular, IPv6, Voice, Virtualization
● SRv6 Enhancements
● Security and SASE enhancements.
Note: Cisco ISR4461 is the only supported platform within Cisco ISR 4000 Integrated Services Routers.
This section provides a brief description of the new software features introduced in this release.
Table 1. New software features for Cisco ISR 4000 Integrated Services Routers, Release 17.18.1a
| Product impact |
Feature |
Description |
| Ease of Use
|
From Cisco IOS XE 17.18.1a release, Cisco Catalyst SD-WAN Manager supports deployment of IOx applications such as Cyber Vision, Thousand Eyes, UTD, and so on. The support to monitor these applications is introduced through Hosted Edge Services monitoring dashboard which offers a simplified user experience for overseeing IOx container applications across multiple devices. The Hosted Edge Services monitoring dashboard is introduced on Cisco Catalyst SD-WAN Manager version 20.18.x. |
|
| Ease of Use
|
This feature introduces a new certificate authorization setting, Enterprise Certificate Settings, which unifies certificate configurations for SD-Routing devices. Cisco SD-WAN Manager automates certificate management by leveraging protocols like EST (Enrolment over Secure Transport) and SCEP (Simple Certificate Enrolment Protocol). The feature automates the enrolment, and renewal of certificates. |
|
| Upgrade
|
This feature enables the transport of IPv4 MVPN traffic across an SRv6 network. It simplifies multicast deployment by using the existing SRv6 unicast infrastructure as the underlay. With this feature, the ingress PE router receives multicast traffic and creates a separate unicast SRv6-encapsulated copy for each egress PE router in the multicast group. |
|
| Upgrade
|
This feature introduces a mechanism to determine the maximum transmission unit (MTU) for packets traversing an SRv6 underlay network. It ensures efficient packet forwarding by preventing fragmentation and packet drops, thereby allowing network devices to dynamically adjust packet sizes to avoid exceeding link MTU limits. The system relays ICMP Packet Too Big (PTB) messages from the SRv6 underlay to the IPv6/IPv4 overlay network, supporting both Transit-node and Headend-node PTB relay methods. |
|
| Upgrade
|
From Cisco IOS XE 17.17.1a, Flexible Algorithm enhances SRv6 by including functions like Topology Independent Loop-Free Alternate (TI-LFA) and microloop (uLoop) avoidance. This feature improves network resilience and efficiency. |
|
| Ease of Use |
Packet Drops |
The show drops command is introduced in Cisco IOS XE 17.18.1a. This command consolidates multiple platform and protocol-specific debugging tools into a single, user-friendly interface, enabling network operators to efficiently identify the root causes of packet drops. By streamlining the troubleshooting process, this feature significantly improves operational efficiency and network performance. |
| Ease of use |
Cisco IOS XE 17.18.1a introduces the Cisco Secure Routers Swim and Onboarding tool that helps customers upgrade and onboard autonomous hardware devices to cloud-hosted or on-premises Catalyst Cisco SD-WAN Manager |
|
| Ease of use |
Security Cloud Control is a cloud-based multi-device manager that facilitates management of security policies to achieve consistent policy implementation. Security Cloud Control helps optimize your security policies by identifying inconsistencies with them and by giving you tools to fix the inconsistencies. From Cisco IOS XE 17.18.1a release, you can integrate Cisco SD-WAN Manager with Security Cloud Control, which allows you to import existing NGFW policies, security objects, and security profiles into Security Cloud Control. With this integration, you can share objects and policies as well as make configuration templates to promote policy consistency across devices. |
|
| CUBE Features |
||
| Ease of Use |
From Cisco IOS XE 17.18.1a onwards, serviceability is enhanced to display consolidated information on forked and associated anchor call legs. |
|
| Upgrade |
Third-Party GUID capture for correlation between call transfers and SIP-based recording |
From Cisco IOS XE 17.18.1a onwards, the Third-Party GUID capture for correlation between calls and SIP-based recording is extended to support transmission of globally unique identifiers (GUIDs) to the recording server during call transfers. |
| Upgrade |
IOS UC apps reports smart licensing flex subscription entitlement tag |
From Cisco IOS XE 17.18.1a onwards, CUBE and SRST smart licensing reports flex subscription entitlement tag on all the supported platforms. |
This table lists the resolved issues in this specific software release.
Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.
Table 2. Resolved issues for Cisco ISR 4000 Integrated Services Routers, Release 17.18.1a
| Bug ID |
Description |
| Virtual Forwarding Router is not dynamically disabled after Zone-Based Firewall removal in SD-WAN deployments. |
|
| BFD sessions using Transport Locator Extension do not establish when IPv6 are dynamically changed. |
|
| Memory leak observed in the virtual daemon process during DTLS with SNMP polling. |
|
| Throughput and download speed are reduced when using Internet Protocol Security Encapsulating Security Payload with NULL transform and Zscaler. |
|
| Secure Internet Gateway Zscaler Internet Protocol Security does not create VPN credentials for the primary tunnel. |
|
| Maximum control connections do not match maximum Overlay Management Protocol sessions. |
|
| Data policy with Domain Name System redirects via overlay results in traffic loss with Cloud Exchange Point. |
|
| Control connections to controllers are not established after controllers are removed and re-added. |
|
| Device reloads unexpectedly after virtual private network configuration changes in SDWAN. |
|
| Encore process terminates at Bidirectional Forwarding Detection send and detect sleep time during extended operation. |
|
| All BFD for dialer interfaces are down, and Security Association Identifier is zero for all. |
|
| Null pointers dereference in Fault Tolerance and Management Daemon causes unexpected process termination |
This table lists the open issues in this specific software release.
Note: This software release may contain open bugs first identified in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.
Table 3. Open issues for Cisco ISR 4000 Integrated Services Routers, Release 17.18.1a
| Bug ID |
Description |
| Device unexpectedly reloads due to Fault Tolerance and Management Daemon process. |
|
| Service-side static route is not installed to Cisco Express Forwarding after upgrade. |
|
| Device may boot with previous package configuration following a power outage. |
|
| Key manager process generates core files. |
|
| High latency observed at hub devices. |
|
| Device reloads due to memory corruption in Fault Tolerance and Management Daemon notification queue. |
|
| Bidirectional Forwarding Detection session remains down when outbound packets are unencrypted despite IPsec SA. |
Upgrading to a New Software Release
To install or upgrade, obtain a Cisco IOS XE 17.18.x consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also must first download the consolidated package and extract the individual sub-packages from a consolidated package.
Note: When you upgrade from one Cisco IOS XE release to another, you may see %Invalid IPV6 address error in the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias commands and save the configuration. The commands will be persistent on subsequent reloads.
For more information on upgrading the software, see the Installing the Software section of the Software Configuration Guide for the Cisco 4000 Series ISRs.
Recommended Firmware Versions
The following table lists the recommended ROMMON and CPLD versions for Cisco IOS XE 17.2.x onwards releases.
Table 4. Recommended Firmware Versions
| Cisco 4000 Series ISRs |
Existing ROMMON |
Cisco Field-Programmable Devices |
CCO URL for the CPLD Image |
| Cisco 4461 ISR |
16.12(2r) |
21102941 |
|
| Cisco 4451-X ISR |
16.12(2r) |
19042950 |
|
| Cisco 4431 ISR |
16.12(2r) |
19042950 |
|
| Cisco 4351 ISR |
16.12(2r) |
19040541 |
|
| Cisco 4331 ISR |
16.12(2r) |
19040541 |
|
| Cisco 4321 ISR |
16.12(2r) |
19040541 |
|
| Cisco 4221 ISR |
16.12(2r) |
19042420 |
Note: Cisco 4461 ISR may require two upgrade packages to upgrade to 21102941. See CPLD-4-1 Release Notes.
Upgrading Field-Programmable Hardware Devices
The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.
Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.
From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.
● Release Notes for Previous Versions of Cisco 4000 Series ISRs
● Hardware Installation Guide for Cisco 4000 Series Integrated Services Routers
● Configuration Guides for Cisco 4000 Series ISRs
● Command Reference Guides for Cisco 4000 Series ISRs
● Product Landing Page for Cisco 4000 Series ISRs
● Datasheet for Cisco 4000 Series ISRs
● End-of-Sale and End-of-Life Announcement
● Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.