Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.
 Note |
Explore Content Hub, the all new portal that offers an enhanced product documentation experience. Content Hub offers the following features to personalize your content experience.
|
New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.12.1a
New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.1a
-
Unclassified MAC Initiator with IANA—ISG IPv6 sessions are based on the unclassified MAC address of the subscriber. If you use DHCPv6 for IPv6 addresses, ISG creates subscriber sessions based on DHCPv6 packets with the IANA option.
-
Online Diagnostics —The online diagnostics contain tests to check different hardware components and to verify status of the software process and interfaces. The online diagnostics tests detect problems in areas such as hardware components, software process, and interfaces.
-
IPv6 Prefix for VxLAN Static Route—IPv6 over IPv6 and IPv6 over IPv4 encapsulation is introduced for VxLAN tunnels. The VxLAN tunnels that operate at more than 10 Gbps now has the following encapsulations :
-
IPv6 over IPv4
-
IPv6 over IPv6
-
IPv4 over IPv6
-
IPv4 over IPv4
-
-
Bridge-Domain Virtual IP Interface—The Bridge-Domain Virtual IP Interface (VIF) now connects multiple Bridge Domain Interfaces (BDI) with a single BD instance so that each IP subnet within an L2 network can be associated with a single VRF.
-
IPv6 support for Encrypted Traffic Analytics —Encrypted Traffic Analytics (ETA) uses passive monitoring, extraction of relevant data elements, and supervised machine learning with cloud-based global visibility. ETA is now extended to IPv6 addresses to identify malware communications in encrypted traffic.
-
Support for Federal Information Processing Standards (FIPS)—Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal Government for use in computer systems by non-military government agencies and government contractors. Ensure to configure devices to use only FIPS approved algorithms (even though devices prevent the use of non-FIPS compatible algorithms in the FIPs mode) because some functionalities may fail in the FIPS mode if the device attempts to use non-FIPS compliant algorithms.
-
EVC with MACSec—The Ethernet Virtual Circuit (EVC) support on MACsec and MKA feature provides the functionality to detect EVC and to bring up the physical interface that matches the EVC criteria. With this functionality, users can transport layer 2 traffic from multiple enterprises over a WAN link and independently secure their traffic with MACsec over EVC.
-
SISF support for multiple IA_NA and IA_PD—For Switch Integrated Security Features (SISF)-based device tracking, support has been added for multiple IA_NA and IA_PD. When SISF analyzes a DHCPv6 packet, it examines the IA_NA (Identity Association-Nontemporary Address) and IA_PD (Identity Association-Prefix Delegation) components of the packet, and extracts each IPv6 address contained in the packet, enabling SISF and any components that depend on SISF to be aware of all IPv6 addresses assigned to each network device.
-
Detailed error reporting of invalid commands in NETCONF session—Added the netconf detailed-error command, which adds helpful return codes to the network configuration protocol (NETCONF) output if an invalid command is executed in a NETCONF session.
-
BGP Support for TCP-AO—On a secure control plane, BGP uses Message Digest 5 (MD5) algorithm as the authentication mechanism. It uses TCP API to configure the keychain on a TCP connection. When authentication is enabled, any Transmission Control Protocol (TCP) segments belonging to BGP are exchanged between peers, verified and accepted only if authentication is successful.
-
Cisco Discovery Protocol over IPv6 Tunnels—The Cisco Discovery Protocol (CDP) delivers traffic through GRE IPv6 tunnels from other protocols and allows routing of IPv6 packets between private networks across public networks with globally routed IPv6 addresses.
-
PFS for GETVPN—If a Group Member (GM) is compromised, an attacker may access saved long-term keys and messages. With Perfect Forward Secrecy (PFS) for GETVPN, the attacker cannot use the keys and messages to obtain the keys of past or future sessions. Thus, the attacker cannot obtain keys to decrypt recorded or future communication.
-
TCP Authentication Option—TCP Authentication Option (TCP-AO) replaces TCP MD5, TCP-AO protects long-lived TCP connections against replays using stronger Message Authentication Codes (MACs) than TCP MD5. TCP-AO is resistant to collision attacks, and provides algorithmic agility and support for key management.
-
TCP-AO Support for SXP—CTS SXP peers exchange IP-SGT bindings over a TCP connection. TCP Authentication Option (TCP-AO) enables you to guard against spoofed TCP segments in CTS SXP sessions between the peers.
-
Web User Interface —Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on Web User Interface from Cisco IOS XE Gibraltar 16.12.1a:
-
Viewing File Manager
-
Configuring Trustsec
-
Monitoring Trustsec Statistics
-
-
Yang Data Models—For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16121/BIC Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release
-
Multi-SA Support for SVTI—You can define and associate an Access Control List (ACL) with an SVTI to select traffic between specific source and destination proxies. By associating the ACL, you are modifying the default configuration that uses a single any-any traffic selector and for every non-any-any traffic selector, IPSec SAs are created so that multiple SAs can be attached to an SVTI.
-
Show tech ospf—You can specify a vrf-instance with the show tech-support ospf command so that the following commands are executed for the specified VRF:
-
show ip route summary
-
show ip route ospf
-
-
Syslog Messages for excessive tmpfs usage—Two new syslog messages are generated to alert excess memory consumption by tmpfs.
PLATFORM-3-TMPFS_WARNING is generated when the tmpfs memory usage exceeds 40% of the total DRAM capacity.
PLATFORM-3-TMPFS_CRITICAL is generated when the tmpfs memory usage exceeds 50% of the total DRAM capacity.
-
Show command updates for SRTP Rollover Counter (ROC)—The output of the following commands is enhanced to display SRTP ROC information.
-
show voip fpi calls
-
show voip fpi stats
-
show voip rtp connections
-
Note |
The last supported release for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor (ASR1000-ESP20) is IOS XE release 16.12.x. |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.1a
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.1a
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
isdn cause-location command support for switch-type primary-ntt |
|
|
show running-config | format with DHCP pool results in a reload |
|
|
BGP event crash@bgp_afpriv_imp_is_imported_path |
|
|
config revert Rollback visible in console and locks up config from VTY |
|
|
BFD flaps everytime with dynamic tunnel creation in DMVPN |
|
|
Watchdog crash within mgcpapp_free_sys_event_Q event dequeue loop after running 'ccm-manager config' |
|
|
Crash seen after configuring SCP path under archive |
|
|
High CPU due to Alignment Corrections - SMEF & IWAN |
|
|
The requirement to shutdown dialer interface before its deletion causes an issue for vManage |
|
|
Router fails to reserve necessary ports for VPN traffic (UDP 500 & 4500) for ISAKMP |
|
|
netconf/yang or telemetry retrieval of /trustsec-state/cts-rolebased-policies breaks |
|
|
Router may crash when a SSH session is closed after configure TACACS |
|
|
Crash after CPUHOG in ISDN L2D SRQ Process |
|
|
Signaling interface inactive on "show snmp mib ifmib ifindex de" on IOS 16.6.3 |
|
|
ASR1000 node in HA pair might crash due to punt-keepalive failures |
|
|
MPLSoVPN: Change behavior of default route in NHRP. Must insert 0.0.0.0/0 instead of /32 |
|
|
MACsec SAP 128 Bits doesn't work with network-essentials license |
|
|
DSM-3-INTERNAL: Internal Error : No DSM handle provided traceback on TDM voice gateway |
|
|
Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656390E15 |
|
|
ASR1001-X throwing: ETH_SPA_MAC-3-SPI4_ERROR: SIP0/1: Marvel MAC |
|
|
Software crash due to memory corruption after packet trace was enabled. |
|
|
SR: CFLOW input intf index is 0xffffffff for Service-engine DSP module interface |
|
|
Netconf shows each overwrite of cts role-based sgt-map command |
|
|
ARP HA and other clients sync together causing high cpu on CBR |
|
|
DHCP Server sends Renew ACKs to Clients with 00:00:00:00:00:00 MAC in L2 frame |
|
|
Add support for DHCP "utilization" CLI in Cisco-IOS-XE-dhcp YANG model |
|
|
PBR doesn't work for dialer intf when it doesn't have fixed ip address |
|
|
ASR1002-HX crashed after huge traffic is transmitted over it |
|
|
Login banner does accept banners over 238 characters |
|
|
tclsh: socket -server open <port> allows multiple bindings in IOS-XE |
|
|
Device crashing if we unconfigure the NTP on the device |
|
|
Async line not visible in show run and show int brief output but visible in show line output |
|
|
Negating dialer watch-list command without alterning the entered CLI command. |
|
|
Crashed while checking condition debug |
|
|
Memory leak in SMD process due to AAA Idle-timer not being freed |
|
|
ASR1006X linecard down after Active RP3 OIR |
|
|
Crash while processing ISIS updates when DiffServ-TE is enabled |
|
|
MQIPC memory corruption resulting dot1x/MAB not working for wired clients |
|
|
Static Nat fails to translate SIP Trying L7 header |
|
|
3850 sending hostname as NAS-ID |
|
|
High Memory utilization due to Wireless Manager IOSD process |
|
|
With 3 KS in COOP, overlapping KSSID range is not detected |
|
|
Modified EIGRP timers on Virtual-Template put all associated Vi interfaces into passive mode |
|
|
NTP template attach fails with a non default vrf and source interface configured |
|
|
After reload, standby can't join stack due to crash in rbm_request_new() |
|
|
16.11:ASR1k:ESP-X: Lisp mroute verification failed for eid vrf. |
|
|
The WS-C3850-48XS stack crashes due to LACP |
|
|
VRF Associated to an interface is not considered as associated with pim sparse-mode configurations |
|
|
ASR1000-2T+20X1GE interface speed change from 100 to 1000 after switchover |
|
|
TCP port takes 4 minutes to get released after it is closed |
|
|
Reorder ip nat configuration - to be placed after ip http configuration |
|
|
C3PL (Cisco Common Classification Policy Language) changes for CSCvn56365 AppNav-XE WAAS issues |
|
|
ASR1000 Process = TUN ETHER Thread crash |
|
|
ASR1000 Crash on device when SNMP walk is done while configuring QoS on interface. |
|
|
TACACS group server is not seen, when "transport-map type console test" is configured. |
|
|
Incorrect Bandwidth Calculation for Priority Level 2 on 100 gig Interface |
|
|
RP3 Punt Interface May Drop Traffic Due to VLAN Filter Hardware |
|
|
Device is getting crashed on the "cts role-based enforcement" |
|
|
Cisco TrustSec crash while processing CoA update |
|
|
Static NAT configs missing in netconf get-config |
|
|
DMVPN Phase 2 shortcut triggered from a spoke behind PAT may end up in stuck DNX state |
|
|
class-attributes support in ISG radius proxy scenario |
|
|
Tunnel PMTUD not being aged out after PMTUD ager timer expires |
|
|
Router crashed when printing logs while constructing rekey packets (GETVPN) |
|
|
FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload |
|
|
Subscribers cannot re-login due to CoA time-out (lite-sessions in routed mode) |
|
|
%CTS-3-SAP_MANUAL_PMKID_MISMATCH: PMKID Mismatch when master switch failover in a 6 switch stack |
|
|
Input CRC counter increasing on Tengi interface. |
|
|
EIGRP session is not coming up if the dynamic PBR is applied on interface |
|
|
Router reloads on 'show track' command when there is track object for deleted serial sub-interface. |
|
|
AAA Common Criteria writes password in cleartext to configuration on change |
|
|
Int index is 0 for the Cellular inteface in the exported flow |
|
|
SISF-3-INTERNAL: Internal error, Cannot create binding entry -Process= "SISF Main Thread" |
|
|
Showing wrong release version in 'show eigrp plugins' |
|
|
Client can not get DHCP address again when the Client's ARP entry remained |
|
|
Split DNS in case of UDP query to WAN interface IP via LAN interface |
|
|
SUP reload after running the command " show plat hard qfp act infr bqs debug qmrt_dump " |
|
|
Radius attr 32 NAS-IDENTIFIIER not sending the FQDN. |
|
|
Correction to Quick RP3 recovery after the Punt Path XAUI link goes down |
|
|
%QFPOOR-4-TOP_EXMEM_USER reports negative memory allocation |
|
|
PKI "revocation check crl none" does not fallback if CRL not reachable |
|
|
Polaris : Changes for sending vlan attrs in access request |
|
|
Router crash while executing show commands using '|' (pipe) to filter the output. |
|
|
BUILT-IN-2T+20X1GE - VLAN bytes and packets counters are frozen. |
|
|
"no autostate" will auto add after re-configure svi interface |
|
|
Memory overlay crash when using include-cui |
|
|
Priority queueing on port-channel interfaces causes frame re-ordering. |
|
|
SCCP Application does not clear failed sockets leading to leak and socket pool exhaustion |
|
|
Packet drop occurs after acl permit configurations |
|
|
IPSLA IPv6 ICMP Probe is showing status as OK with no IPv6 connectivity |
|
|
ASR1001-X crashed upon receiving Radius Access-Accept message |
|
|
Reload initiated via SNMP on IOS-XE causes a crash |
|
|
Cellular interface lte Network Selection Mode switches to manual |
|
|
IPV4 routes on the global routing table learnt via BGP refreshes upon adding or removing a VRF |
|
|
Unable to remove "logging source-interface <if-name>" command on 3850 |
|
|
Router crashes when removing a crypto map |
|
|
Class map containing no-match result-type method dot1x none never results in success |
|
|
FMAN crash due to Flexible Netflow (fnf) |
|
|
SDA:16.9.2S - Arp issue during wired host mobility |
|
|
Crash on an LNS router in process ACCT Periodic Proc |
|
|
Replace all BGP/route-map communities in "set community" array with <edit-config> "replace" operatio |
|
|
PKI incorrect fingerprint calulation during CA authentication |
|
|
SRTE ODN: After removing "mpls traffic-eng router-id loopback" OSPF not adv links in TE opaque LSA |
|
|
Router crashing after upgrade due to Crypto commands "Block overrun at 284B2160 (red zone 000110DF)" |
|
|
Traceback: Error seen after tunnel flap: DATACORRUPTION-1-DATAINCONSISTENCY |
|
|
16121: ISIS local-LFA repair path has no label causing high convergence |
|
|
WSMA crash formatting show command output |
|
|
Crash at NAT clear |
|
|
Router crash when running show aaa user all command |
|
|
Crash during SSO config sync |
|
|
16.11.1-systest: Segmentation fault : CEF bgrnd process with DUT reload with Sw to Rtd port |
|
|
When roaming to another AP, services received from RADIUS are not applied to the session |
|
|
Interface is not joined to mcast map-notify after reload |
|
|
IOS-XE DHCP server creates option 125 with invalid format |
|
|
Dot1x Users MAc address not present on the correct Vlan after SSO |
|
|
MaxSusRate is not working with service class |
|
|
IOSXE - firewall corrupts half open list |
|
|
SDA-FHR not registering multicast source with RP |
|
|
Crash at Process = SCCP Auto Config |
|
|
SISF not honoring 1 IPv4-to-MAC rule when DHCP ACK comes from a different VLAN (via Relay) |
|
|
AirOS Parity : Local to Radius Fallback failing for Webaut and TACACS for 9800 |
|
|
CTS PACS not downloading to the devices |
|
|
CTS Environment-data is not getting refreshed on the device |
|
|
HSRP VIP is not reachable locally |
|
|
ASR1000/16.9.2 - Duplicate entries in dangling list |
|
|
FXS - no busy tone is generated on remote-onhook condition with call pickup scenario |
|
|
"ip nat translation port-timeout" limited to overflows after reaching 16bit |
|
|
GC NAT unable to detect dns packet |
|
|
ASR1000 crashes by handling DHCP packet |
|
|
IPSec-Session count in "show crypto eli" reaches max causing VPN failure |
|
|
Missing Calling-Station-ID in Accounting Ticket for Web-Tal locations |
|
|
dot1x dynamic voice assignment failure after data domain auth such |
|
|
MACSEC license is not being consumed for sub-interfaces |
|
|
When sending account-logon ISG do not reply with ACK nor NACK. |
|
|
Identity policy won't update after config changes. |
|
|
[SDA] [PI changes] No audio during first few seconds of voice call between 2 Fabric Edge |
|
|
ASR1001-HX: Excessive pause frames (IEEE802.3x compliant) affect traffic on other interfaces |
|
|
IOS-XE ACL port information preserved after encapsulation |
|
|
tdl_fw_stats in FMAN logs errors |
|
|
L3VNI:VPNv4 routes are not imported into BGP-EVPN upon reload/SSO while VPNV6 routes are imported |
|
|
Ping failure on Port-channel sub interface when is using EVC in main port channel |
|
|
GetCACaps is using wrong CA-IDENT when using enrollment profiles |
|
|
Crash when polling IPForwarding MIB |
|
|
Traffic stops flowing on Xconnect tunnel when upgraded to 16.9.2 |
|
|
Read and Write lock fix for ACL cache |
|
|
Observing 100% CPU utilization for sessmgrd |
|
|
Overlay BGP down when configured "ip nhrp server-only" |
|
|
When sourcing Radius from loopback in VRF, auth right out of boot up might fail |
|
|
Hierarchical QoS stops working on GRE tunnel if dest route flaps between 2nd tunnel and physical int |
|
|
Client with VNID override on roaming gets into authorization failure due to vlan 0 |
|
|
LISP: "flood" configuration broken under "instance / service ethernet" submode |
|
|
sdwan isr receiving any SOO changes AD to 252 |
|
|
Incoming ESP packets with SPI value starting with 0xFF are dropped due to Invalid SPI error |
|
|
L2VPN - Xconnect - filtering of LDP targeted hellos using ACL not working |
|
|
Nas Identifier not sent in Accounting Packet |
|
|
Delay on sub interface doesn't match physical interface causing issues for routing |
|
|
"no cts role-based enforcement " is not honored and enforcement continues to happen |
|
|
When FQDN used for APN, IOS DNS resolves FQDN to IP, but GTP stays in DNS pending and IP 0.0.0.0 |
|
|
ISR4K: Router crash due to twice memory release |
|
|
Tail drops on IPSLA sender when using scaled udp-jitter probes |
|
|
ASR1000: VLAN counter mismatch on sub-interfaces |
|
|
Bad root chunk pointer in chunk header post SSO - ASR1000 |
|
|
MGCP GW doesn't reset SSRC/ROC on receiving MDCX with new IP/port/SDP parameter for SRTP call. |
|
|
On-Prem DMVPN fails to establish a dynamic tunnel between Spoke nodes. |
|
|
GETVPN suite-B does not work on ASR1006x router |
|
|
static nat which has been deleted is shown when show ip nat translation |
|
|
VG3x0 - groundstart voice-port configuration removed after reload |
|
|
Incomplete arp in management interface |
|
|
Counters of interfaces are reporting inexistent peaks |
|
|
Engine keyword missing after "show utd engine standard statistics url-filtering" |
|
|
Crash due to too many DSPs |
|
|
%DATACORRUPTION-1-DATAINCONSISTENCY: due to PMIPv6 |
|
|
HTTP Client inside IOS-XE incorrectly reports "Invalid IP address in Hostname" for legal IP address |
|
|
ISG : Changes in circuit-id and remote-id are not reflected after roaming |
|
|
Crash when running show crypto map |
|
|
isdn cause-location command support for switch-type primary-ntt |
|
|
Should provide a repair path for the Strict SID even when the repair path is NOT a TI-LFA |
|
|
Router crashes when "tod-clock revertive" command is executed |
|
|
crash at sisf_show_counters after entering show device-tracking counters command |
|
|
ip dns primary command does not get removed |
|
|
Standby crash during ISSU |
|
|
Ucode crash when PfRv3 and IPv6 monitor are configured on the same tunnel with IPv6 VRF configured |
|
|
ASR1000: Crypto Engine remains in stuck state post dataplane crash |
|
|
IPsec SA installation fails with simultaneous negotiations despite fix for CSCve08418 |
|
|
Crash when "show running" is used |
|
|
no login on-success log CLI does not persist across device reloads |
|
|
Crash after Media monitor look up. |
|
|
"encr aes 256" config removed from CDB & invisible to netconf/yang and restconf |
|
|
NIM-2FXS/4FXOP crashing due to DSP failed to reply properly |
|
|
SRMS tries to build a snapshot when there are no SIDs |
|
|
CiscoFlashFile - Get-Next request takes longer time for last file on directory. |
Open Bugs for Cisco IOS XE Gibraltar 16.12.1a
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Polaris 16.3.1 : Machine and bus error failures in ESP20 |
|
|
3650: pnp profile config causes line console config to be copied over to vty after "show run" |
|
|
Excluding cisco802TapMIB or ciscoTap2MIB should not require Lawful Intercept licence |
|
|
BGP Oper model rpc reply error with aggregate bgp ipv6 route. |
|
|
ASR1000: RP3 crash due to punt-keepalive failures |
|
|
ASR1000 routers crashed when TCM received an illegal command from the ucode |
|
|
Add ERROR message over IOS console when HSPRDA TCAM region gets full |
|
|
EVPN Prefix import Count/Limit show incorrectly |
|
|
Async lines configuration is not retrievable over netconf |
|
|
BGP looped update among 3 peers |
|
|
"Radius-server attribute 31" command broken on LNS when LAC sends Remote-Id string |
|
|
QoS counter didn't generate at ASR1001-X |
|
|
ASR1001-HX: bay1 1G link stays up when Rx cable of remote end is removed |
|
|
Router crashes after snmpget to OID related to NHRP |
|
|
DMVPN - Packet is encapsulated but not encrypted going out DMVPN tunnel |
|
|
Error messages seen when configuring "logging persistent protected" on ASR1K routers |
|
|
16.12.1 SIT: UNIX-EXT-SIGNAL: Segmentation fault and Memory related crash during SXP bringup |
|
|
Additional display for incorrect profile with reset on backoff : |
|
|
Crash while BGP was updating rib table |
|
|
Device crashed @ radius_io_stats_timer_handler due to dynamic-author |
|
|
Revert the changes of CSCvo75201 in rel21 |
|
|
.py file check is not done while registering the policy and the error is seen |
|
|
BGP evpn table and vrf table out of sync |
|
|
SSH: host_key->name is not null after reload which prevents SSH from starting up |
|
|
Egress shaping on port-channel sub-intf tail dropping traffic long before rate |
|
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" |
|
|
ASR 1000 sub-interface counters wrong. |
|
|
BRI leased line can't come up automatically after remove/insert one side's cable |
|
|
Get-Config using NETCONF interrupted if authenticated with TACACS+ |
|
|
shaper of the internal crypto interface is incorrectly programmed |
|
|
IP SLA react for packetloss and successivepacketloss do not set $_ipsla_react_type in EEM |
|
|
AppNav: Optimization failed with Asymmetrical traffic, VRF, FNF and NBAR |
|
|
Router crashes with ZBF HA sync. |
|
|
OBS : PE ignores IGP metric while advertising the MED value to CE |
|
|
BGP YANG oper address-family fails with vpnv4-unicast |
|
|
BGP updates missing ISIS advertising-bits when redistribute level-1 is applied |
|
|
Unable to configure half duplex on cEdge |
|
|
The switch crashes when processing a 'unknown' message from 'PKISSL read mqipc'. |
|
|
Router is on Bootloop after QoS configuration. |
|
|
Interfaces with 'shutdown' configuration in UP state |
|
|
Netconf-yang service not starting properly |
|
|
CiscoFlashFile - Get-Next request takes longer time for last file on directory. |
|
|
"Clock: inserting leap second" message doesn't output on NTP client when leap second inserted |
|
|
F0: fman_fp unexpectedly crashed with exmem chunk alloc |
|
|
Delay during vrf aware bgp address-family configuration over netconf |
|
|
Static routing redistribution under RIP with route-map is not working after reload |
|
|
ASR 1000 BDI not working properly for packet fragmentation - very small fragments are getting dropped |
|
|
DMVPN | Spoke to Spoke traffic fails when Tunnel initiated by Tunnel IP to tunnel IP pings. |
|
|
ASR1000: ucode crash @ uidb_subblock_lookup__output_nat_sb |
|
|
Supervisor reloaded due to cpp_cp_svr process crashing |
|
|
cpp_cp_svr crash in cpp_bqs_rm_yoda_select_sch_exponent |
|
|
Supervisor reload due to cpp_cp_svr crash. |
|
|
mip crash reloading the router |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.2s
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2s
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
MAP-E: Remove embedded customer specific data from the image |
Open Bugs for Cisco IOS XE Gibraltar 16.12.2s
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
NA |
There are no open caveats in 16.12.2s |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.3
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.3
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Note |
In Cisco IOS XE Release 16.12.3, the semantic version number for the YANG models is not updated and is therefore not accurate. However, this limitation does not impact the functionality of the YANG models |
|
Caveat ID Number |
Description |
|---|---|
|
AFW_application_process triggers a crash with voice conference |
|
|
ISR 4000 Reloads Unexpectedly, Crashing in the "IP NAT Ager" Process |
|
|
CME/BE4K SNR: Crash when config changes are made while SNR call is active |
|
|
ASR 1000/ISR 4000 Calls fade to no-way audio due to media inactivity detection after 20 minutes |
|
|
ISR G3, ASR 1000 crash after VoIP AAA test |
|
|
Router crashes due to Segmentation Fault when 'ccb' gives a NULL Pointer |
|
|
IPSEC install failed IPSEC_PAL_SA shows "unexpected number of parents" |
|
|
Unexcpected reboot when copying anchorspi context from parent to child. |
|
|
ESP ucode crashed when running NAT with bpa (CGN) |
|
|
GetVPN-ISR4461// Getvpn traffic is failing with Transport mode with all the versions. |
|
|
ISR 4000 : Crash seen at Process Exec |
|
|
ISR 4461: Large un-fragmented IPSEC packets cause router to crash |
|
|
CUBE is updating the resolved IP only after the REGISTER expires |
|
|
C9800:ISSU: wncd crash@ crypto_engine_pk_crypto during ISSU downgrade scenario |
|
|
IOS-XE crash after doing a SCEP enrollment |
|
|
ISR 4000 router crash during updating the OpenDNS bypass whitelist |
|
|
Process = Exec crash seen on dmap longevity testbed with clear cry sa peer several times |
|
|
Crash triggered with IPv6, IPv4, PPPoE, PortChannel and NAT |
|
|
IWAN High CPU and Memory |
|
|
GETVPN: IpsecInvalidSA drops are seen on ESP200X/ESP100X after %LOGGER-6-DROPPED: message |
|
|
IWAN crash related to DCA channel |
|
|
Router crashed on removing trustpoint on dspfarm profile |
|
|
ISR 4000 only: MGCP status remains Down and does not register with CUCM after a reboot or power cycle |
|
|
ASR 1000 ucode crash after too many locks in ZBF pair setup |
|
|
ALG with NAT trigger a crash when a DNS writeback occurs |
|
|
IOS-XE ZBFW Crash When Exceeding Half-Open Session limit |
Open Bugs for Cisco IOS XE Gibraltar 16.12.3
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
Update statistics from Oecteon viptela code to platform |
|
|
Correct the severity level of logs generated by smart-agent |
|
|
Delay of 30 sec while creating a new config file for phone using tftp. |
|
|
IOS: Prevent crypto ACL change if already mapped with crypto map configuration |
|
|
ISR4k Crash seen in skinny_unreserve_xcode_stream on 16.9 |
|
|
CME Crash with call to shared line when 1 setup leg is NULL |
|
|
Need to check qfp ucode crash with RTCP traffic - chunk memory corruption in RTCP path |
|
|
Cube might crash when sending a SIP message over TLS |
|
|
HSRPv2 crash whilst retrieving group from received packet |
|
|
ASR 900 autoRP listener functionality issue |
|
|
Remove show ip/ipv6 access-list from syncfd-<ewlc-SIT>17.1-Observed Traceback followed by IOSD crash |
|
|
getvpn suiteb:KS sends delete payload to gm's while scheduled rekey after primary KS dead/readded |
|
|
ASR 1000 crash in NAT code when processing PPTP traffic |
|
|
yang missing for "ipv6 locator reachability minimum-mask-length 128 proxy-etr-only" |
|
|
power event detected when connect with switch module |
|
|
IOS crash in DHCPd Receive with Unnumbered interfaces |
|
|
Unexpected reload when issueing show ip mroute vrf <vrf> verbose |
|
|
17.1.1 - Memory leak @ SAMsgThread. |
|
|
"static ip addresses not configured for the list" message |
|
|
Memory leak in CC-API_VCM and CCSIP_SPI_CONTROL |
|
|
Pubd process on the controller goes down, managed by DNA-C 1.3.2 |
|
|
Enabling Telemetry can cause router to crash. |
|
|
SESM Policy-Interface on ISG ignoring Radius Requests on port 1812 |
|
|
Memory leak under CCSIP_UDP_SOCKET / MallocLite |
|
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" and "no shut" interface |
|
|
Cat9K/16.11.1c/SDA- Ingress QOS Service Policy not applying to interface |
|
|
Post SSO, if service template is getting downloaded and switch crashes, client is stuck in authc |
|
|
GETVPN generated core upon RP switchover, cpp_cp crashed |
|
|
SR Labels not installed in forwarding plane when there are multiple sources for the prefix SID |
|
|
rLFA for LDP causes loss of MPLS traffic after RSP switchover |
|
|
9800-L has crashed on Smart Licensing |
|
|
EVPN RMAC stale routes seen |
|
|
Catalyst 9300 Wrong implementation of CBQOS MIB |
|
|
Crash on BGP NSAP address-family when adding CLNS next-hop route-map |
|
|
While upgrading the IOS-XE version from 16.9.2 to 16.9.4 , smart licensing registration was lost |
|
|
Missing constraints and PRCs lead to broken model |
|
|
Random IPSEC drops on ESP200 with esp-gcm transform set |
|
|
Memory Leak in IPv6 ND Process |
|
|
SISF installing target IP of an ARP request when sent with src 0.0.0.0 |
|
|
User cannot login in GUI if present in both local database and AAA server |
|
|
OSPF process crash due to chunk corruption in Flood DB |
|
|
ISR4331/K9 Dialer cannot make calls suddenly |
|
|
RAR: RFC5578 does not work in 16.12 and later |
|
|
heavily oversubscribing the EGRESS interface IPv6 priority traffic is "silently" being dropped |
|
|
4331 16.9.4 QFP ucode crash due to null derefence |
|
|
SDWAN cEdge VRRP fail recovery take 10-15 mins for OMP tracking, with prefix list tracking no output |
|
|
ISR 4221 router with NIM switch module MAB/Dot1x does not start |
|
|
Updating an existing ZBFW policy requires a detach/re-attach to push successfully |
|
|
Interface does down when "l2vpn xconnect" command is removed |
Important Notes, Known Behavior, and Workaround
Important Notes
As of August 2017, Autonomic Networking is no longer supported in any version of Cisco IOS-XE software.
Recover from the ROMmon mode
When you upgrade your IOS software image, you might accidentally delete your old image without updating the boot statement. This could result in entering the ROMmon (ROMMonitor) mode. To recover from the ROMmon mode, the following enhancements are supported for different use cases.
Supported Workaround
|
Use Case |
Supported Enhancement |
|---|---|
|
Reload the router with config-reg configuration |
Before reloading, the routerchecks if the first boot statement points to an image that exists and verifies it. If the image is missing or invalid, the users are prompted for confirmation to proceed with reload of the router. |
|
Reload the router with config-register 0x2102–autoboot |
The router checks if the boot variableis set properly, and accordingly prompts the users to proceed with caution. |
|
Reload the router with config-register 0x2102 |
Auto boot and the boot variable (bootvar) is set, but there is no image in bootvar set path–The router checks if the bootvar is properly set and if there is any image set in the bootvar path. If there is no image in the bootvar path (harddisk/bootflash/flash,and so on), then the reload is aborted with a warning message,and the users are prompted to correct the boot statement or copy the image to hard disk |
|
Auto boot and boot variableis set |
If the image is present in the bootvar path, then the router reload is allowed. |
ROMmon Release Requirements
For more information on ROMmon support for Route Processors (RPs), Embedded Services Processors (ESPs), Modular Interface Processors (MIPs), and Shared Port Adapter Interface Processors (SIPs) on Cisco ASR 1000 Series Aggregation Services Routers, see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/rommon/asr1000-rommon-upg-guide.html
Related Documentation
-
Release Notes for Previous Versions of ASR 1000 Series Aggregation Services Routers
-
Hardware Guides for Cisco ASR 1000 Series Aggregation Services Routers
-
Configuration Guides for ASR 1000 Series Aggregation Services Routers
-
Command Reference Guides for ASR 1000 Series Aggregation Services Routers
-
Product Landing Page for ASR 1000 Series Aggregation Services Routers
-
Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers
-
Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide
Feedback