Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.


Note

Explore Content Hub, the all new portal that offers an enhanced product documentation experience. Content Hub offers the following features to personalize your content experience.

  • Faceted Search to help you find content that is most relevant

  • Customized PDFs

  • Contextual Recommendations


New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.12.1a

New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.1a

  • Unclassified MAC Initiator with IANA—ISG IPv6 sessions are based on the unclassified MAC address of the subscriber. If you use DHCPv6 for IPv6 addresses, ISG creates subscriber sessions based on DHCPv6 packets with the IANA option.

  • Online Diagnostics —The online diagnostics contain tests to check different hardware components and to verify status of the software process and interfaces. The online diagnostics tests detect problems in areas such as hardware components, software process, and interfaces.

  • IPv6 Prefix for VxLAN Static Route—IPv6 over IPv6 and IPv6 over IPv4 encapsulation is introduced for VxLAN tunnels. The VxLAN tunnels that operate at more than 10 Gbps now has the following encapsulations :

    • IPv6 over IPv4

    • IPv6 over IPv6

    • IPv4 over IPv6

    • IPv4 over IPv4

  • Bridge-Domain Virtual IP Interface—The Bridge-Domain Virtual IP Interface (VIF) now connects multiple Bridge Domain Interfaces (BDI) with a single BD instance so that each IP subnet within an L2 network can be associated with a single VRF.

  • IPv6 support for Encrypted Traffic Analytics —Encrypted Traffic Analytics (ETA) uses passive monitoring, extraction of relevant data elements, and supervised machine learning with cloud-based global visibility. ETA is now extended to IPv6 addresses to identify malware communications in encrypted traffic.

  • Support for Federal Information Processing Standards (FIPS)—Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal Government for use in computer systems by non-military government agencies and government contractors. Ensure to configure devices to use only FIPS approved algorithms (even though devices prevent the use of non-FIPS compatible algorithms in the FIPs mode) because some functionalities may fail in the FIPS mode if the device attempts to use non-FIPS compliant algorithms.

  • QSFP-100G-SM-SR on EPA-QSFP-1X100GE

  • EVC with MACSec—The Ethernet Virtual Circuit (EVC) support on MACsec and MKA feature provides the functionality to detect EVC and to bring up the physical interface that matches the EVC criteria. With this functionality, users can transport layer 2 traffic from multiple enterprises over a WAN link and independently secure their traffic with MACsec over EVC.

  • SISF support for multiple IA_NA and IA_PD—For Switch Integrated Security Features (SISF)-based device tracking, support has been added for multiple IA_NA and IA_PD. When SISF analyzes a DHCPv6 packet, it examines the IA_NA (Identity Association-Nontemporary Address) and IA_PD (Identity Association-Prefix Delegation) components of the packet, and extracts each IPv6 address contained in the packet, enabling SISF and any components that depend on SISF to be aware of all IPv6 addresses assigned to each network device.

  • Detailed error reporting of invalid commands in NETCONF session—Added the netconf detailed-error command, which adds helpful return codes to the network configuration protocol (NETCONF) output if an invalid command is executed in a NETCONF session.

  • BGP Support for TCP-AO—On a secure control plane, BGP uses Message Digest 5 (MD5) algorithm as the authentication mechanism. It uses TCP API to configure the keychain on a TCP connection. When authentication is enabled, any Transmission Control Protocol (TCP) segments belonging to BGP are exchanged between peers, verified and accepted only if authentication is successful.

  • Cisco Discovery Protocol over IPv6 Tunnels—The Cisco Discovery Protocol (CDP) delivers traffic through GRE IPv6 tunnels from other protocols and allows routing of IPv6 packets between private networks across public networks with globally routed IPv6 addresses.

  • PFS for GETVPN—If a Group Member (GM) is compromised, an attacker may access saved long-term keys and messages. With Perfect Forward Secrecy (PFS) for GETVPN, the attacker cannot use the keys and messages to obtain the keys of past or future sessions. Thus, the attacker cannot obtain keys to decrypt recorded or future communication.

  • TCP Authentication Option—TCP Authentication Option (TCP-AO) replaces TCP MD5, TCP-AO protects long-lived TCP connections against replays using stronger Message Authentication Codes (MACs) than TCP MD5. TCP-AO is resistant to collision attacks, and provides algorithmic agility and support for key management.

  • TCP-AO Support for SXP—CTS SXP peers exchange IP-SGT bindings over a TCP connection. TCP Authentication Option (TCP-AO) enables you to guard against spoofed TCP segments in CTS SXP sessions between the peers.

  • Web User Interface —Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on Web User Interface from Cisco IOS XE Gibraltar 16.12.1a:

    • Viewing File Manager

    • Configuring Trustsec

    • Monitoring Trustsec Statistics

  • Yang Data Models—For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16121/BIC Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release

  • Multi-SA Support for SVTI—You can define and associate an Access Control List (ACL) with an SVTI to select traffic between specific source and destination proxies. By associating the ACL, you are modifying the default configuration that uses a single any-any traffic selector and for every non-any-any traffic selector, IPSec SAs are created so that multiple SAs can be attached to an SVTI.

  • Show tech ospf—You can specify a vrf-instance with the show tech-support ospf command so that the following commands are executed for the specified VRF:

    • show ip route summary

    • show ip route ospf

  • Syslog Messages for excessive tmpfs usage—Two new syslog messages are generated to alert excess memory consumption by tmpfs.

    PLATFORM-3-TMPFS_WARNING is generated when the tmpfs memory usage exceeds 40% of the total DRAM capacity.

    PLATFORM-3-TMPFS_CRITICAL is generated when the tmpfs memory usage exceeds 50% of the total DRAM capacity.

  • Show command updates for SRTP Rollover Counter (ROC)—The output of the following commands is enhanced to display SRTP ROC information.

    • show voip fpi calls

    • show voip fpi stats

    • show voip rtp connections

Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.1a

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.1a

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Caveat ID Number

Description

CSCua57391

isdn cause-location command support for switch-type primary-ntt

CSCva76745

show running-config | format with DHCP pool results in a reload

CSCvb87675

BGP event crash@bgp_afpriv_imp_is_imported_path

CSCvh73576

config revert Rollback visible in console and locks up config from VTY

CSCvh92659

BFD flaps everytime with dynamic tunnel creation in DMVPN

CSCvi26188

Watchdog crash within mgcpapp_free_sys_event_Q event dequeue loop after running 'ccm-manager config'

CSCvi86071

Crash seen after configuring SCP path under archive

CSCvj28921

High CPU due to Alignment Corrections - SMEF & IWAN

CSCvk27129

The requirement to shutdown dialer interface before its deletion causes an issue for vManage

CSCvk71047

Router fails to reserve necessary ports for VPN traffic (UDP 500 & 4500) for ISAKMP

CSCvk75838

netconf/yang or telemetry retrieval of /trustsec-state/cts-rolebased-policies breaks

CSCvm07353

Router may crash when a SSH session is closed after configure TACACS

CSCvm10850

Crash after CPUHOG in ISDN L2D SRQ Process

CSCvm25921

Signaling interface inactive on "show snmp mib ifmib ifindex de" on IOS 16.6.3

CSCvm46362

ASR1000 node in HA pair might crash due to punt-keepalive failures

CSCvm75066

MPLSoVPN: Change behavior of default route in NHRP. Must insert 0.0.0.0/0 instead of /32

CSCvm91642

MACsec SAP 128 Bits doesn't work with network-essentials license

CSCvm94112

DSM-3-INTERNAL: Internal Error : No DSM handle provided traceback on TDM voice gateway

CSCvm94788

Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656390E15

CSCvm96960

ASR1001-X throwing: ETH_SPA_MAC-3-SPI4_ERROR: SIP0/1: Marvel MAC

CSCvn00104

Software crash due to memory corruption after packet trace was enabled.

CSCvn03502

SR: CFLOW input intf index is 0xffffffff for Service-engine DSP module interface

CSCvn09468

Netconf shows each overwrite of cts role-based sgt-map command

CSCvn17073

ARP HA and other clients sync together causing high cpu on CBR

CSCvn23906

DHCP Server sends Renew ACKs to Clients with 00:00:00:00:00:00 MAC in L2 frame

CSCvn24992

Add support for DHCP "utilization" CLI in Cisco-IOS-XE-dhcp YANG model

CSCvn27449

PBR doesn't work for dialer intf when it doesn't have fixed ip address

CSCvn37237

ASR1002-HX crashed after huge traffic is transmitted over it

CSCvn44400

Login banner does accept banners over 238 characters

CSCvn45150

tclsh: socket -server open <port> allows multiple bindings in IOS-XE

CSCvn45732

Device crashing if we unconfigure the NTP on the device

CSCvn49351

Async line not visible in show run and show int brief output but visible in show line output

CSCvn51557

Negating dialer watch-list command without alterning the entered CLI command.

CSCvn52019

Crashed while checking condition debug

CSCvn53969

Memory leak in SMD process due to AAA Idle-timer not being freed

CSCvn54470

ASR1006X linecard down after Active RP3 OIR

CSCvn56017

Crash while processing ISIS updates when DiffServ-TE is enabled

CSCvn56579

MQIPC memory corruption resulting dot1x/MAB not working for wired clients

CSCvn57165

Static Nat fails to translate SIP Trying L7 header

CSCvn57771

3850 sending hostname as NAS-ID

CSCvn57892

High Memory utilization due to Wireless Manager IOSD process

CSCvn58922

With 3 KS in COOP, overlapping KSSID range is not detected

CSCvn59020

Modified EIGRP timers on Virtual-Template put all associated Vi interfaces into passive mode

CSCvn59626

NTP template attach fails with a non default vrf and source interface configured

CSCvn60318

After reload, standby can't join stack due to crash in rbm_request_new()

CSCvn61479

16.11:ASR1k:ESP-X: Lisp mroute verification failed for eid vrf.

CSCvn63084

The WS-C3850-48XS stack crashes due to LACP

CSCvn63309

VRF Associated to an interface is not considered as associated with pim sparse-mode configurations

CSCvn66258

ASR1000-2T+20X1GE interface speed change from 100 to 1000 after switchover

CSCvn67837

TCP port takes 4 minutes to get released after it is closed

CSCvn67870

Reorder ip nat configuration - to be placed after ip http configuration

CSCvn68370

C3PL (Cisco Common Classification Policy Language) changes for CSCvn56365 AppNav-XE WAAS issues

CSCvn68893

ASR1000 Process = TUN ETHER Thread crash

CSCvn70066

ASR1000 Crash on device when SNMP walk is done while configuring QoS on interface.

CSCvn71041

TACACS group server is not seen, when "transport-map type console test" is configured.

CSCvn71505

Incorrect Bandwidth Calculation for Priority Level 2 on 100 gig Interface

CSCvn72208

RP3 Punt Interface May Drop Traffic Due to VLAN Filter Hardware

CSCvn72973

Device is getting crashed on the "cts role-based enforcement"

CSCvn74807

Cisco TrustSec crash while processing CoA update

CSCvn76107

Static NAT configs missing in netconf get-config

CSCvn76837

DMVPN Phase 2 shortcut triggered from a spoke behind PAT may end up in stuck DNX state

CSCvn77783

class-attributes support in ISG radius proxy scenario

CSCvn78113

Tunnel PMTUD not being aged out after PMTUD ager timer expires

CSCvn78203

Router crashed when printing logs while constructing rekey packets (GETVPN)

CSCvn78349

FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload

CSCvn78961

Subscribers cannot re-login due to CoA time-out (lite-sessions in routed mode)

CSCvn81585

%CTS-3-SAP_MANUAL_PMKID_MISMATCH: PMKID Mismatch when master switch failover in a 6 switch stack

CSCvn82063

Input CRC counter increasing on Tengi interface.

CSCvn82245

EIGRP session is not coming up if the dynamic PBR is applied on interface

CSCvn83172

Router reloads on 'show track' command when there is track object for deleted serial sub-interface.

CSCvn84682

AAA Common Criteria writes password in cleartext to configuration on change

CSCvn85422

Int index is 0 for the Cellular inteface in the exported flow

CSCvn86400

SISF-3-INTERNAL: Internal error, Cannot create binding entry -Process= "SISF Main Thread"

CSCvn87990

Showing wrong release version in 'show eigrp plugins'

CSCvn99748

Client can not get DHCP address again when the Client's ARP entry remained

CSCvo00585

Split DNS in case of UDP query to WAN interface IP via LAN interface

CSCvo00664

SUP reload after running the command " show plat hard qfp act infr bqs debug qmrt_dump "

CSCvo00968

Radius attr 32 NAS-IDENTIFIIER not sending the FQDN.

CSCvo01298

Correction to Quick RP3 recovery after the Punt Path XAUI link goes down

CSCvo01504

%QFPOOR-4-TOP_EXMEM_USER reports negative memory allocation

CSCvo03458

PKI "revocation check crl none" does not fallback if CRL not reachable

CSCvo05751

Polaris : Changes for sending vlan attrs in access request

CSCvo06817

Router crash while executing show commands using '|' (pipe) to filter the output.

CSCvo08132

BUILT-IN-2T+20X1GE - VLAN bytes and packets counters are frozen.

CSCvo09059

"no autostate" will auto add after re-configure svi interface

CSCvo10145

Memory overlay crash when using include-cui

CSCvo11361

Priority queueing on port-channel interfaces causes frame re-ordering.

CSCvo11786

SCCP Application does not clear failed sockets leading to leak and socket pool exhaustion

CSCvo12745

Packet drop occurs after acl permit configurations

CSCvo15201

IPSLA IPv6 ICMP Probe is showing status as OK with no IPv6 connectivity

CSCvo17287

ASR1001-X crashed upon receiving Radius Access-Accept message

CSCvo17528

Reload initiated via SNMP on IOS-XE causes a crash

CSCvo17738

Cellular interface lte Network Selection Mode switches to manual

CSCvo18177

IPV4 routes on the global routing table learnt via BGP refreshes upon adding or removing a VRF

CSCvo18415

Unable to remove "logging source-interface <if-name>" command on 3850

CSCvo19395

Router crashes when removing a crypto map

CSCvo19984

Class map containing no-match result-type method dot1x none never results in success

CSCvo20934

FMAN crash due to Flexible Netflow (fnf)

CSCvo23199

SDA:16.9.2S - Arp issue during wired host mobility

CSCvo25785

Crash on an LNS router in process ACCT Periodic Proc

CSCvo26034

Replace all BGP/route-map communities in "set community" array with <edit-config> "replace" operatio

CSCvo27553

PKI incorrect fingerprint calulation during CA authentication

CSCvo29096

SRTE ODN: After removing "mpls traffic-eng router-id loopback" OSPF not adv links in TE opaque LSA

CSCvo30329

Router crashing after upgrade due to Crypto commands "Block overrun at 284B2160 (red zone 000110DF)"

CSCvo30641

Traceback: Error seen after tunnel flap: DATACORRUPTION-1-DATAINCONSISTENCY

CSCvo31617

16121: ISIS local-LFA repair path has no label causing high convergence

CSCvo36031

WSMA crash formatting show command output

CSCvo36188

Crash at NAT clear

CSCvo36948

Router crash when running show aaa user all command

CSCvo36969

Crash during SSO config sync

CSCvo38655

16.11.1-systest: Segmentation fault : CEF bgrnd process with DUT reload with Sw to Rtd port

CSCvo41815

When roaming to another AP, services received from RADIUS are not applied to the session

CSCvo41879

Interface is not joined to mcast map-notify after reload

CSCvo42105

IOS-XE DHCP server creates option 125 with invalid format

CSCvo43597

Dot1x Users MAc address not present on the correct Vlan after SSO

CSCvo46127

MaxSusRate is not working with service class

CSCvo47436

IOSXE - firewall corrupts half open list

CSCvo47655

SDA-FHR not registering multicast source with RP

CSCvo47866

Crash at Process = SCCP Auto Config

CSCvo49876

SISF not honoring 1 IPv4-to-MAC rule when DHCP ACK comes from a different VLAN (via Relay)

CSCvo51252

AirOS Parity : Local to Radius Fallback failing for Webaut and TACACS for 9800

CSCvo58098

CTS PACS not downloading to the devices

CSCvo58118

CTS Environment-data is not getting refreshed on the device

CSCvo58195

HSRP VIP is not reachable locally

CSCvo58854

ASR1000/16.9.2 - Duplicate entries in dangling list

CSCvo61610

FXS - no busy tone is generated on remote-onhook condition with call pickup scenario

CSCvo61772

"ip nat translation port-timeout" limited to overflows after reaching 16bit

CSCvo61914

GC NAT unable to detect dns packet

CSCvo65415

ASR1000 crashes by handling DHCP packet

CSCvo66216

IPSec-Session count in "show crypto eli" reaches max causing VPN failure

CSCvo70504

Missing Calling-Station-ID in Accounting Ticket for Web-Tal locations

CSCvo71381

dot1x dynamic voice assignment failure after data domain auth such

CSCvo71445

MACSEC license is not being consumed for sub-interfaces

CSCvo71721

When sending account-logon ISG do not reply with ACK nor NACK.

CSCvo73205

Identity policy won't update after config changes.

CSCvo73897

[SDA] [PI changes] No audio during first few seconds of voice call between 2 Fabric Edge

CSCvo73954

ASR1001-HX: Excessive pause frames (IEEE802.3x compliant) affect traffic on other interfaces

CSCvo74486

IOS-XE ACL port information preserved after encapsulation

CSCvo75992

tdl_fw_stats in FMAN logs errors

CSCvo76021

L3VNI:VPNv4 routes are not imported into BGP-EVPN upon reload/SSO while VPNV6 routes are imported

CSCvo83945

Ping failure on Port-channel sub interface when is using EVC in main port channel

CSCvo87488

GetCACaps is using wrong CA-IDENT when using enrollment profiles

CSCvo87827

Crash when polling IPForwarding MIB

CSCvo94211

Traffic stops flowing on Xconnect tunnel when upgraded to 16.9.2

CSCvp00271

Read and Write lock fix for ACL cache

CSCvp03655

Observing 100% CPU utilization for sessmgrd

CSCvp05070

Overlay BGP down when configured "ip nhrp server-only"

CSCvp09091

When sourcing Radius from loopback in VRF, auth right out of boot up might fail

CSCvp10711

Hierarchical QoS stops working on GRE tunnel if dest route flaps between 2nd tunnel and physical int

CSCvp10830

Client with VNID override on roaming gets into authorization failure due to vlan 0

CSCvp14338

LISP: "flood" configuration broken under "instance / service ethernet" submode

CSCvp16606

sdwan isr receiving any SOO changes AD to 252

CSCvp16730

Incoming ESP packets with SPI value starting with 0xFF are dropped due to Invalid SPI error

CSCvp19568

L2VPN - Xconnect - filtering of LDP targeted hellos using ACL not working

CSCvp20770

Nas Identifier not sent in Accounting Packet

CSCvp21680

Delay on sub interface doesn't match physical interface causing issues for routing

CSCvp23796

"no cts role-based enforcement " is not honored and enforcement continues to happen

CSCvp24981

When FQDN used for APN, IOS DNS resolves FQDN to IP, but GTP stays in DNS pending and IP 0.0.0.0

CSCvp25052

ISR4K: Router crash due to twice memory release

CSCvp27220

Tail drops on IPSLA sender when using scaled udp-jitter probes

CSCvp30475

ASR1000: VLAN counter mismatch on sub-interfaces

CSCvp32910

Bad root chunk pointer in chunk header post SSO - ASR1000

CSCvp38317

MGCP GW doesn't reset SSRC/ROC on receiving MDCX with new IP/port/SDP parameter for SRTP call.

CSCvp38424

On-Prem DMVPN fails to establish a dynamic tunnel between Spoke nodes.

CSCvp46197

GETVPN suite-B does not work on ASR1006x router

CSCvp46381

static nat which has been deleted is shown when show ip nat translation

CSCvp47792

VG3x0 - groundstart voice-port configuration removed after reload

CSCvp49863

Incomplete arp in management interface

CSCvp56737

Counters of interfaces are reporting inexistent peaks

CSCvp62811

Engine keyword missing after "show utd engine standard statistics url-filtering"

CSCvp63616

Crash due to too many DSPs

CSCvp66049

%DATACORRUPTION-1-DATAINCONSISTENCY: due to PMIPv6

CSCvp66443

HTTP Client inside IOS-XE incorrectly reports "Invalid IP address in Hostname" for legal IP address

CSCvp66980

ISG : Changes in circuit-id and remote-id are not reflected after roaming

CSCvp70211

Crash when running show crypto map

CSCvp70443

isdn cause-location command support for switch-type primary-ntt

CSCvp70707

Should provide a repair path for the Strict SID even when the repair path is NOT a TI-LFA

CSCvp71303

Router crashes when "tod-clock revertive" command is executed

CSCvp72220

crash at sisf_show_counters after entering show device-tracking counters command

CSCvp72379

ip dns primary command does not get removed

CSCvp73344

Standby crash during ISSU

CSCvp75121

Ucode crash when PfRv3 and IPv6 monitor are configured on the same tunnel with IPv6 VRF configured

CSCvp77100

ASR1000: Crypto Engine remains in stuck state post dataplane crash

CSCvp81102

IPsec SA installation fails with simultaneous negotiations despite fix for CSCve08418

CSCvp85916

Crash when "show running" is used

CSCvp87488

no login on-success log CLI does not persist across device reloads

CSCvp92334

Crash after Media monitor look up.

CSCvp95070

"encr aes 256" config removed from CDB & invisible to netconf/yang and restconf

CSCvq18793

NIM-2FXS/4FXOP crashing due to DSP failed to reply properly

CSCvq20005

SRMS tries to build a snapshot when there are no SIDs

CSCvq39840

CiscoFlashFile - Get-Next request takes longer time for last file on directory.

Open Bugs for Cisco IOS XE Gibraltar 16.12.1a

All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Caveat ID Number

Description

CSCva53392

Polaris 16.3.1 : Machine and bus error failures in ESP20

CSCvd75992

3650: pnp profile config causes line console config to be copied over to vty after "show run"

CSCvg68226

Excluding cisco802TapMIB or ciscoTap2MIB should not require Lawful Intercept licence

CSCvo46253

BGP Oper model rpc reply error with aggregate bgp ipv6 route.

CSCvo56553

ASR1000: RP3 crash due to punt-keepalive failures

CSCvo67036

ASR1000 routers crashed when TCM received an illegal command from the ucode

CSCvp08353

Add ERROR message over IOS console when HSPRDA TCAM region gets full

CSCvp16862

EVPN Prefix import Count/Limit show incorrectly

CSCvp27139

Async lines configuration is not retrievable over netconf

CSCvp30081

BGP looped update among 3 peers

CSCvp38407

"Radius-server attribute 31" command broken on LNS when LAC sends Remote-Id string

CSCvp47006

QoS counter didn't generate at ASR1001-X

CSCvp53001

ASR1001-HX: bay1 1G link stays up when Rx cable of remote end is removed

CSCvp69393

Router crashes after snmpget to OID related to NHRP

CSCvp79485

DMVPN - Packet is encapsulated but not encrypted going out DMVPN tunnel

CSCvp89419

Error messages seen when configuring "logging persistent protected" on ASR1K routers

CSCvp91554

16.12.1 SIT: UNIX-EXT-SIGNAL: Segmentation fault and Memory related crash during SXP bringup

CSCvp96086

Additional display for incorrect profile with reset on backoff :

CSCvp97235

Crash while BGP was updating rib table

CSCvq00263

Device crashed @ radius_io_stats_timer_handler due to dynamic-author

CSCvq01379

Revert the changes of CSCvo75201 in rel21

CSCvq09061

.py file check is not done while registering the policy and the error is seen

CSCvq18004

BGP evpn table and vrf table out of sync

CSCvq18328

SSH: host_key->name is not null after reload which prevents SSH from starting up

CSCvq19808

Egress shaping on port-channel sub-intf tail dropping traffic long before rate

CSCvq20685

ESP40 crash in CGN mode after apply "ip nat setting mode cgn"

CSCvq23869

ASR 1000 sub-interface counters wrong.

CSCvq25297

BRI leased line can't come up automatically after remove/insert one side's cable

CSCvq25320

Get-Config using NETCONF interrupted if authenticated with TACACS+

CSCvq26821

shaper of the internal crypto interface is incorrectly programmed

CSCvq29953

IP SLA react for packetloss and successivepacketloss do not set $_ipsla_react_type in EEM

CSCvq31129

AppNav: Optimization failed with Asymmetrical traffic, VRF, FNF and NBAR

CSCvq31871

Router crashes with ZBF HA sync.

CSCvq33073

OBS : PE ignores IGP metric while advertising the MED value to CE

CSCvq33994

BGP YANG oper address-family fails with vpnv4-unicast

CSCvq34054

BGP updates missing ISIS advertising-bits when redistribute level-1 is applied

CSCvq35581

Unable to configure half duplex on cEdge

CSCvq35925

The switch crashes when processing a 'unknown' message from 'PKISSL read mqipc'.

CSCvq36130

Router is on Bootloop after QoS configuration.

CSCvq36179

Interfaces with 'shutdown' configuration in UP state

CSCvq36984

Netconf-yang service not starting properly

CSCvq39840

CiscoFlashFile - Get-Next request takes longer time for last file on directory.

CSCvq40443

"Clock: inserting leap second" message doesn't output on NTP client when leap second inserted

CSCvq42239

F0: fman_fp unexpectedly crashed with exmem chunk alloc

CSCvq42607

Delay during vrf aware bgp address-family configuration over netconf

CSCvq44860

Static routing redistribution under RIP with route-map is not working after reload

CSCvq45088

ASR 1000 BDI not working properly for packet fragmentation - very small fragments are getting dropped

CSCvq46526

DMVPN | Spoke to Spoke traffic fails when Tunnel initiated by Tunnel IP to tunnel IP pings.

CSCvq48438

ASR1000: ucode crash @ uidb_subblock_lookup__output_nat_sb

CSCvq49000

Supervisor reloaded due to cpp_cp_svr process crashing

CSCvq58144

cpp_cp_svr crash in cpp_bqs_rm_yoda_select_sch_exponent

CSCvq58237

Supervisor reload due to cpp_cp_svr crash.

CSCvq61062

mip crash reloading the router

Important Notes, Known Behavior, and Workaround

Important Notes

As of August 2017, Autonomic Networking is no longer supported in any version of Cisco IOS-XE software.

Recover from the ROMmon mode

When you upgrade your IOS software image, you might accidentally delete your old image without updating the boot statement. This could result in entering the ROMmon (ROMMonitor) mode. To recover from the ROMmon mode, the following enhancements are supported for different use cases.

Supported Workaround

Table 1. Exiting from ROMmon Mode

Use Case

Supported Enhancement

Reload the router with config-reg configuration

Before reloading, the routerchecks if the first boot statement points to an image that exists and verifies it. If the image is missing or invalid, the users are prompted for confirmation to proceed with reload of the router.

Reload the router with config-register 0x2102–autoboot

The router checks if the boot variableis set properly, and accordingly prompts the users to proceed with caution.

Reload the router with config-register 0x2102

Auto boot and the boot variable (bootvar) is set, but there is no image in bootvar set path–The router checks if the bootvar is properly set and if there is any image set in the bootvar path. If there is no image in the bootvar path (harddisk/bootflash/flash,and so on), then the reload is aborted with a warning message,and the users are prompted to correct the boot statement or copy the image to hard disk

Auto boot and boot variableis set

If the image is present in the bootvar path, then the router reload is allowed.

ROMmon Release Matrix