Find all the information you need about this release—new features, known behavior, resolved and open bugs, and related information.
![]() Note |
Explore Content Hub, the all new portal that offers an enhanced product documentation experience. Content Hub offers the following features to personalize your content experience.
|
New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.12.1a
New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.1a
-
Unclassified MAC Initiator with IANA—ISG IPv6 sessions are based on the unclassified MAC address of the subscriber. If you use DHCPv6 for IPv6 addresses, ISG creates subscriber sessions based on DHCPv6 packets with the IANA option.
-
Online Diagnostics —The online diagnostics contain tests to check different hardware components and to verify status of the software process and interfaces. The online diagnostics tests detect problems in areas such as hardware components, software process, and interfaces.
-
IPv6 Prefix for VxLAN Static Route—IPv6 over IPv6 and IPv6 over IPv4 encapsulation is introduced for VxLAN tunnels. The VxLAN tunnels that operate at more than 10 Gbps now has the following encapsulations :
-
IPv6 over IPv4
-
IPv6 over IPv6
-
IPv4 over IPv6
-
IPv4 over IPv4
-
-
Bridge-Domain Virtual IP Interface—The Bridge-Domain Virtual IP Interface (VIF) now connects multiple Bridge Domain Interfaces (BDI) with a single BD instance so that each IP subnet within an L2 network can be associated with a single VRF.
-
IPv6 support for Encrypted Traffic Analytics —Encrypted Traffic Analytics (ETA) uses passive monitoring, extraction of relevant data elements, and supervised machine learning with cloud-based global visibility. ETA is now extended to IPv6 addresses to identify malware communications in encrypted traffic.
-
Support for Federal Information Processing Standards (FIPS)—Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal Government for use in computer systems by non-military government agencies and government contractors. Ensure to configure devices to use only FIPS approved algorithms (even though devices prevent the use of non-FIPS compatible algorithms in the FIPs mode) because some functionalities may fail in the FIPS mode if the device attempts to use non-FIPS compliant algorithms.
-
EVC with MACSec—The Ethernet Virtual Circuit (EVC) support on MACsec and MKA feature provides the functionality to detect EVC and to bring up the physical interface that matches the EVC criteria. With this functionality, users can transport layer 2 traffic from multiple enterprises over a WAN link and independently secure their traffic with MACsec over EVC.
-
SISF support for multiple IA_NA and IA_PD—For Switch Integrated Security Features (SISF)-based device tracking, support has been added for multiple IA_NA and IA_PD. When SISF analyzes a DHCPv6 packet, it examines the IA_NA (Identity Association-Nontemporary Address) and IA_PD (Identity Association-Prefix Delegation) components of the packet, and extracts each IPv6 address contained in the packet, enabling SISF and any components that depend on SISF to be aware of all IPv6 addresses assigned to each network device.
-
Detailed error reporting of invalid commands in NETCONF session—Added the netconf detailed-error command, which adds helpful return codes to the network configuration protocol (NETCONF) output if an invalid command is executed in a NETCONF session.
-
BGP Support for TCP-AO—On a secure control plane, BGP uses Message Digest 5 (MD5) algorithm as the authentication mechanism. It uses TCP API to configure the keychain on a TCP connection. When authentication is enabled, any Transmission Control Protocol (TCP) segments belonging to BGP are exchanged between peers, verified and accepted only if authentication is successful.
-
Cisco Discovery Protocol over IPv6 Tunnels—The Cisco Discovery Protocol (CDP) delivers traffic through GRE IPv6 tunnels from other protocols and allows routing of IPv6 packets between private networks across public networks with globally routed IPv6 addresses.
-
PFS for GETVPN—If a Group Member (GM) is compromised, an attacker may access saved long-term keys and messages. With Perfect Forward Secrecy (PFS) for GETVPN, the attacker cannot use the keys and messages to obtain the keys of past or future sessions. Thus, the attacker cannot obtain keys to decrypt recorded or future communication.
-
TCP Authentication Option—TCP Authentication Option (TCP-AO) replaces TCP MD5, TCP-AO protects long-lived TCP connections against replays using stronger Message Authentication Codes (MACs) than TCP MD5. TCP-AO is resistant to collision attacks, and provides algorithmic agility and support for key management.
-
TCP-AO Support for SXP—CTS SXP peers exchange IP-SGT bindings over a TCP connection. TCP Authentication Option (TCP-AO) enables you to guard against spoofed TCP segments in CTS SXP sessions between the peers.
-
Web User Interface —Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on Web User Interface from Cisco IOS XE Gibraltar 16.12.1a:
-
Viewing File Manager
-
Configuring Trustsec
-
Monitoring Trustsec Statistics
-
-
Yang Data Models—For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16121/BIC Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release
-
Multi-SA Support for SVTI—You can define and associate an Access Control List (ACL) with an SVTI to select traffic between specific source and destination proxies. By associating the ACL, you are modifying the default configuration that uses a single any-any traffic selector and for every non-any-any traffic selector, IPSec SAs are created so that multiple SAs can be attached to an SVTI.
-
Show tech ospf—You can specify a vrf-instance with the show tech-support ospf command so that the following commands are executed for the specified VRF:
-
show ip route summary
-
show ip route ospf
-
-
Syslog Messages for excessive tmpfs usage—Two new syslog messages are generated to alert excess memory consumption by tmpfs.
PLATFORM-3-TMPFS_WARNING is generated when the tmpfs memory usage exceeds 40% of the total DRAM capacity.
PLATFORM-3-TMPFS_CRITICAL is generated when the tmpfs memory usage exceeds 50% of the total DRAM capacity.
-
Show command updates for SRTP Rollover Counter (ROC)—The output of the following commands is enhanced to display SRTP ROC information.
-
show voip fpi calls
-
show voip fpi stats
-
show voip rtp connections
-
![]() Note |
The last supported release for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor (ASR1000-ESP20) is IOS XE release 16.12.x. |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.1a
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.1a
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Caveat ID Number |
Description |
---|---|
isdn cause-location command support for switch-type primary-ntt |
|
show running-config | format with DHCP pool results in a reload |
|
BGP event crash@bgp_afpriv_imp_is_imported_path |
|
config revert Rollback visible in console and locks up config from VTY |
|
BFD flaps everytime with dynamic tunnel creation in DMVPN |
|
Watchdog crash within mgcpapp_free_sys_event_Q event dequeue loop after running 'ccm-manager config' |
|
Crash seen after configuring SCP path under archive |
|
High CPU due to Alignment Corrections - SMEF & IWAN |
|
The requirement to shutdown dialer interface before its deletion causes an issue for vManage |
|
Router fails to reserve necessary ports for VPN traffic (UDP 500 & 4500) for ISAKMP |
|
netconf/yang or telemetry retrieval of /trustsec-state/cts-rolebased-policies breaks |
|
Router may crash when a SSH session is closed after configure TACACS |
|
Crash after CPUHOG in ISDN L2D SRQ Process |
|
Signaling interface inactive on "show snmp mib ifmib ifindex de" on IOS 16.6.3 |
|
ASR1000 node in HA pair might crash due to punt-keepalive failures |
|
MPLSoVPN: Change behavior of default route in NHRP. Must insert 0.0.0.0/0 instead of /32 |
|
MACsec SAP 128 Bits doesn't work with network-essentials license |
|
DSM-3-INTERNAL: Internal Error : No DSM handle provided traceback on TDM voice gateway |
|
Device reloads when applying #client <IP> vrf Mgmt-vrf server-key 062B0C09586D590B5656390E15 |
|
ASR1001-X throwing: ETH_SPA_MAC-3-SPI4_ERROR: SIP0/1: Marvel MAC |
|
Software crash due to memory corruption after packet trace was enabled. |
|
SR: CFLOW input intf index is 0xffffffff for Service-engine DSP module interface |
|
Netconf shows each overwrite of cts role-based sgt-map command |
|
ARP HA and other clients sync together causing high cpu on CBR |
|
DHCP Server sends Renew ACKs to Clients with 00:00:00:00:00:00 MAC in L2 frame |
|
Add support for DHCP "utilization" CLI in Cisco-IOS-XE-dhcp YANG model |
|
PBR doesn't work for dialer intf when it doesn't have fixed ip address |
|
ASR1002-HX crashed after huge traffic is transmitted over it |
|
Login banner does accept banners over 238 characters |
|
tclsh: socket -server open <port> allows multiple bindings in IOS-XE |
|
Device crashing if we unconfigure the NTP on the device |
|
Async line not visible in show run and show int brief output but visible in show line output |
|
Negating dialer watch-list command without alterning the entered CLI command. |
|
Crashed while checking condition debug |
|
Memory leak in SMD process due to AAA Idle-timer not being freed |
|
ASR1006X linecard down after Active RP3 OIR |
|
Crash while processing ISIS updates when DiffServ-TE is enabled |
|
MQIPC memory corruption resulting dot1x/MAB not working for wired clients |
|
Static Nat fails to translate SIP Trying L7 header |
|
3850 sending hostname as NAS-ID |
|
High Memory utilization due to Wireless Manager IOSD process |
|
With 3 KS in COOP, overlapping KSSID range is not detected |
|
Modified EIGRP timers on Virtual-Template put all associated Vi interfaces into passive mode |
|
NTP template attach fails with a non default vrf and source interface configured |
|
After reload, standby can't join stack due to crash in rbm_request_new() |
|
16.11:ASR1k:ESP-X: Lisp mroute verification failed for eid vrf. |
|
The WS-C3850-48XS stack crashes due to LACP |
|
VRF Associated to an interface is not considered as associated with pim sparse-mode configurations |
|
ASR1000-2T+20X1GE interface speed change from 100 to 1000 after switchover |
|
TCP port takes 4 minutes to get released after it is closed |
|
Reorder ip nat configuration - to be placed after ip http configuration |
|
C3PL (Cisco Common Classification Policy Language) changes for CSCvn56365 AppNav-XE WAAS issues |
|
ASR1000 Process = TUN ETHER Thread crash |
|
ASR1000 Crash on device when SNMP walk is done while configuring QoS on interface. |
|
TACACS group server is not seen, when "transport-map type console test" is configured. |
|
Incorrect Bandwidth Calculation for Priority Level 2 on 100 gig Interface |
|
RP3 Punt Interface May Drop Traffic Due to VLAN Filter Hardware |
|
Device is getting crashed on the "cts role-based enforcement" |
|
Cisco TrustSec crash while processing CoA update |
|
Static NAT configs missing in netconf get-config |
|
DMVPN Phase 2 shortcut triggered from a spoke behind PAT may end up in stuck DNX state |
|
class-attributes support in ISG radius proxy scenario |
|
Tunnel PMTUD not being aged out after PMTUD ager timer expires |
|
Router crashed when printing logs while constructing rekey packets (GETVPN) |
|
FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload |
|
Subscribers cannot re-login due to CoA time-out (lite-sessions in routed mode) |
|
%CTS-3-SAP_MANUAL_PMKID_MISMATCH: PMKID Mismatch when master switch failover in a 6 switch stack |
|
Input CRC counter increasing on Tengi interface. |
|
EIGRP session is not coming up if the dynamic PBR is applied on interface |
|
Router reloads on 'show track' command when there is track object for deleted serial sub-interface. |
|
AAA Common Criteria writes password in cleartext to configuration on change |
|
Int index is 0 for the Cellular inteface in the exported flow |
|
SISF-3-INTERNAL: Internal error, Cannot create binding entry -Process= "SISF Main Thread" |
|
Showing wrong release version in 'show eigrp plugins' |
|
Client can not get DHCP address again when the Client's ARP entry remained |
|
Split DNS in case of UDP query to WAN interface IP via LAN interface |
|
SUP reload after running the command " show plat hard qfp act infr bqs debug qmrt_dump " |
|
Radius attr 32 NAS-IDENTIFIIER not sending the FQDN. |
|
Correction to Quick RP3 recovery after the Punt Path XAUI link goes down |
|
%QFPOOR-4-TOP_EXMEM_USER reports negative memory allocation |
|
PKI "revocation check crl none" does not fallback if CRL not reachable |
|
Polaris : Changes for sending vlan attrs in access request |
|
Router crash while executing show commands using '|' (pipe) to filter the output. |
|
BUILT-IN-2T+20X1GE - VLAN bytes and packets counters are frozen. |
|
"no autostate" will auto add after re-configure svi interface |
|
Memory overlay crash when using include-cui |
|
Priority queueing on port-channel interfaces causes frame re-ordering. |
|
SCCP Application does not clear failed sockets leading to leak and socket pool exhaustion |
|
Packet drop occurs after acl permit configurations |
|
IPSLA IPv6 ICMP Probe is showing status as OK with no IPv6 connectivity |
|
ASR1001-X crashed upon receiving Radius Access-Accept message |
|
Reload initiated via SNMP on IOS-XE causes a crash |
|
Cellular interface lte Network Selection Mode switches to manual |
|
IPV4 routes on the global routing table learnt via BGP refreshes upon adding or removing a VRF |
|
Unable to remove "logging source-interface <if-name>" command on 3850 |
|
Router crashes when removing a crypto map |
|
Class map containing no-match result-type method dot1x none never results in success |
|
FMAN crash due to Flexible Netflow (fnf) |
|
SDA:16.9.2S - Arp issue during wired host mobility |
|
Crash on an LNS router in process ACCT Periodic Proc |
|
Replace all BGP/route-map communities in "set community" array with <edit-config> "replace" operatio |
|
PKI incorrect fingerprint calulation during CA authentication |
|
SRTE ODN: After removing "mpls traffic-eng router-id loopback" OSPF not adv links in TE opaque LSA |
|
Router crashing after upgrade due to Crypto commands "Block overrun at 284B2160 (red zone 000110DF)" |
|
Traceback: Error seen after tunnel flap: DATACORRUPTION-1-DATAINCONSISTENCY |
|
16121: ISIS local-LFA repair path has no label causing high convergence |
|
WSMA crash formatting show command output |
|
Crash at NAT clear |
|
Router crash when running show aaa user all command |
|
Crash during SSO config sync |
|
16.11.1-systest: Segmentation fault : CEF bgrnd process with DUT reload with Sw to Rtd port |
|
When roaming to another AP, services received from RADIUS are not applied to the session |
|
Interface is not joined to mcast map-notify after reload |
|
IOS-XE DHCP server creates option 125 with invalid format |
|
Dot1x Users MAc address not present on the correct Vlan after SSO |
|
MaxSusRate is not working with service class |
|
IOSXE - firewall corrupts half open list |
|
SDA-FHR not registering multicast source with RP |
|
Crash at Process = SCCP Auto Config |
|
SISF not honoring 1 IPv4-to-MAC rule when DHCP ACK comes from a different VLAN (via Relay) |
|
AirOS Parity : Local to Radius Fallback failing for Webaut and TACACS for 9800 |
|
CTS PACS not downloading to the devices |
|
CTS Environment-data is not getting refreshed on the device |
|
HSRP VIP is not reachable locally |
|
ASR1000/16.9.2 - Duplicate entries in dangling list |
|
FXS - no busy tone is generated on remote-onhook condition with call pickup scenario |
|
"ip nat translation port-timeout" limited to overflows after reaching 16bit |
|
GC NAT unable to detect dns packet |
|
ASR1000 crashes by handling DHCP packet |
|
IPSec-Session count in "show crypto eli" reaches max causing VPN failure |
|
Missing Calling-Station-ID in Accounting Ticket for Web-Tal locations |
|
dot1x dynamic voice assignment failure after data domain auth such |
|
MACSEC license is not being consumed for sub-interfaces |
|
When sending account-logon ISG do not reply with ACK nor NACK. |
|
Identity policy won't update after config changes. |
|
[SDA] [PI changes] No audio during first few seconds of voice call between 2 Fabric Edge |
|
ASR1001-HX: Excessive pause frames (IEEE802.3x compliant) affect traffic on other interfaces |
|
IOS-XE ACL port information preserved after encapsulation |
|
tdl_fw_stats in FMAN logs errors |
|
L3VNI:VPNv4 routes are not imported into BGP-EVPN upon reload/SSO while VPNV6 routes are imported |
|
Ping failure on Port-channel sub interface when is using EVC in main port channel |
|
GetCACaps is using wrong CA-IDENT when using enrollment profiles |
|
Crash when polling IPForwarding MIB |
|
Traffic stops flowing on Xconnect tunnel when upgraded to 16.9.2 |
|
Read and Write lock fix for ACL cache |
|
Observing 100% CPU utilization for sessmgrd |
|
Overlay BGP down when configured "ip nhrp server-only" |
|
When sourcing Radius from loopback in VRF, auth right out of boot up might fail |
|
Hierarchical QoS stops working on GRE tunnel if dest route flaps between 2nd tunnel and physical int |
|
Client with VNID override on roaming gets into authorization failure due to vlan 0 |
|
LISP: "flood" configuration broken under "instance / service ethernet" submode |
|
sdwan isr receiving any SOO changes AD to 252 |
|
Incoming ESP packets with SPI value starting with 0xFF are dropped due to Invalid SPI error |
|
L2VPN - Xconnect - filtering of LDP targeted hellos using ACL not working |
|
Nas Identifier not sent in Accounting Packet |
|
Delay on sub interface doesn't match physical interface causing issues for routing |
|
"no cts role-based enforcement " is not honored and enforcement continues to happen |
|
When FQDN used for APN, IOS DNS resolves FQDN to IP, but GTP stays in DNS pending and IP 0.0.0.0 |
|
ISR4K: Router crash due to twice memory release |
|
Tail drops on IPSLA sender when using scaled udp-jitter probes |
|
ASR1000: VLAN counter mismatch on sub-interfaces |
|
Bad root chunk pointer in chunk header post SSO - ASR1000 |
|
MGCP GW doesn't reset SSRC/ROC on receiving MDCX with new IP/port/SDP parameter for SRTP call. |
|
On-Prem DMVPN fails to establish a dynamic tunnel between Spoke nodes. |
|
GETVPN suite-B does not work on ASR1006x router |
|
static nat which has been deleted is shown when show ip nat translation |
|
VG3x0 - groundstart voice-port configuration removed after reload |
|
Incomplete arp in management interface |
|
Counters of interfaces are reporting inexistent peaks |
|
Engine keyword missing after "show utd engine standard statistics url-filtering" |
|
Crash due to too many DSPs |
|
%DATACORRUPTION-1-DATAINCONSISTENCY: due to PMIPv6 |
|
HTTP Client inside IOS-XE incorrectly reports "Invalid IP address in Hostname" for legal IP address |
|
ISG : Changes in circuit-id and remote-id are not reflected after roaming |
|
Crash when running show crypto map |
|
isdn cause-location command support for switch-type primary-ntt |
|
Should provide a repair path for the Strict SID even when the repair path is NOT a TI-LFA |
|
Router crashes when "tod-clock revertive" command is executed |
|
crash at sisf_show_counters after entering show device-tracking counters command |
|
ip dns primary command does not get removed |
|
Standby crash during ISSU |
|
Ucode crash when PfRv3 and IPv6 monitor are configured on the same tunnel with IPv6 VRF configured |
|
ASR1000: Crypto Engine remains in stuck state post dataplane crash |
|
IPsec SA installation fails with simultaneous negotiations despite fix for CSCve08418 |
|
Crash when "show running" is used |
|
no login on-success log CLI does not persist across device reloads |
|
Crash after Media monitor look up. |
|
"encr aes 256" config removed from CDB & invisible to netconf/yang and restconf |
|
NIM-2FXS/4FXOP crashing due to DSP failed to reply properly |
|
SRMS tries to build a snapshot when there are no SIDs |
|
CiscoFlashFile - Get-Next request takes longer time for last file on directory. |
Open Bugs for Cisco IOS XE Gibraltar 16.12.1a
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
Caveat ID Number |
Description |
---|---|
Polaris 16.3.1 : Machine and bus error failures in ESP20 |
|
3650: pnp profile config causes line console config to be copied over to vty after "show run" |
|
Excluding cisco802TapMIB or ciscoTap2MIB should not require Lawful Intercept licence |
|
BGP Oper model rpc reply error with aggregate bgp ipv6 route. |
|
ASR1000: RP3 crash due to punt-keepalive failures |
|
ASR1000 routers crashed when TCM received an illegal command from the ucode |
|
Add ERROR message over IOS console when HSPRDA TCAM region gets full |
|
EVPN Prefix import Count/Limit show incorrectly |
|
Async lines configuration is not retrievable over netconf |
|
BGP looped update among 3 peers |
|
"Radius-server attribute 31" command broken on LNS when LAC sends Remote-Id string |
|
QoS counter didn't generate at ASR1001-X |
|
ASR1001-HX: bay1 1G link stays up when Rx cable of remote end is removed |
|
Router crashes after snmpget to OID related to NHRP |
|
DMVPN - Packet is encapsulated but not encrypted going out DMVPN tunnel |
|
Error messages seen when configuring "logging persistent protected" on ASR1K routers |
|
16.12.1 SIT: UNIX-EXT-SIGNAL: Segmentation fault and Memory related crash during SXP bringup |
|
Additional display for incorrect profile with reset on backoff : |
|
Crash while BGP was updating rib table |
|
Device crashed @ radius_io_stats_timer_handler due to dynamic-author |
|
Revert the changes of CSCvo75201 in rel21 |
|
.py file check is not done while registering the policy and the error is seen |
|
BGP evpn table and vrf table out of sync |
|
SSH: host_key->name is not null after reload which prevents SSH from starting up |
|
Egress shaping on port-channel sub-intf tail dropping traffic long before rate |
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" |
|
ASR 1000 sub-interface counters wrong. |
|
BRI leased line can't come up automatically after remove/insert one side's cable |
|
Get-Config using NETCONF interrupted if authenticated with TACACS+ |
|
shaper of the internal crypto interface is incorrectly programmed |
|
IP SLA react for packetloss and successivepacketloss do not set $_ipsla_react_type in EEM |
|
AppNav: Optimization failed with Asymmetrical traffic, VRF, FNF and NBAR |
|
Router crashes with ZBF HA sync. |
|
OBS : PE ignores IGP metric while advertising the MED value to CE |
|
BGP YANG oper address-family fails with vpnv4-unicast |
|
BGP updates missing ISIS advertising-bits when redistribute level-1 is applied |
|
Unable to configure half duplex on cEdge |
|
The switch crashes when processing a 'unknown' message from 'PKISSL read mqipc'. |
|
Router is on Bootloop after QoS configuration. |
|
Interfaces with 'shutdown' configuration in UP state |
|
Netconf-yang service not starting properly |
|
CiscoFlashFile - Get-Next request takes longer time for last file on directory. |
|
"Clock: inserting leap second" message doesn't output on NTP client when leap second inserted |
|
F0: fman_fp unexpectedly crashed with exmem chunk alloc |
|
Delay during vrf aware bgp address-family configuration over netconf |
|
Static routing redistribution under RIP with route-map is not working after reload |
|
ASR 1000 BDI not working properly for packet fragmentation - very small fragments are getting dropped |
|
DMVPN | Spoke to Spoke traffic fails when Tunnel initiated by Tunnel IP to tunnel IP pings. |
|
ASR1000: ucode crash @ uidb_subblock_lookup__output_nat_sb |
|
Supervisor reloaded due to cpp_cp_svr process crashing |
|
cpp_cp_svr crash in cpp_bqs_rm_yoda_select_sch_exponent |
|
Supervisor reload due to cpp_cp_svr crash. |
|
mip crash reloading the router |
Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.2
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Caveat ID Number |
Description |
---|---|
DHCP-pd reflect the Advertised prefix in Request message |
|
Excluding cisco802TapMIB or ciscoTap2MIB should not require Lawful Intercept licence |
|
Crash when IOS is adapting shaping with Adaptive QoS over DMVPN configured |
|
Memory leak VOIP *MallocLite* |
|
DataPlane (DP) crash observed in MMOH call flow |
|
qfp ucode crashed with sRTP traffic - chunk memory corruption |
|
Router unexpected reloads when doing ipv4_nat_destroy_addrport_bind |
|
cEdge - Template attach fails for a cedge device if theres a central policy with cflowd activated |
|
unable to modify interface speed for CSRv cEdge |
|
ISR4K CME no way audio on calls across E1/PRI, reboot resolves for sometime |
|
Router crashes after snmpget to OID related to NHRP |
|
Ucode crash in infra with injected jumbo packet after upgrading to 16.9.2 |
|
Error messages seen when configuring "logging persistent protected" on ASR1K routers |
|
Inband to OOB DTMF Fails to Be Passed On CUBE If Media Inactive Comes During Digit Processing |
|
Device crashed @ radius_io_stats_timer_handler due to dynamic-author |
|
ASR1002-X High Platform CPU for process mcpcc-lc-ms |
|
ASR1K-X WATCHDOG crashes while printing to console |
|
ASR1006-X: cpp_cp_svr: QFP0.0 CPP Driver LOCKDOWN encountered due to previous fatal error |
|
ASR1K ACTIVE ROUTER NAT ENTRIES SPIKE ISSUE |
|
Egress shaping on port-channel sub-intf tail dropping traffic long before rate |
|
ASR 1k sub-interface counters wrong. |
|
Voice gateway crash due to segmentation fault in process CCSIP_DNS |
|
AppNav: Optimization failed with Asymmetrical traffic, VRF, FNF and NBAR |
|
9300 crashed due to HTTP Core |
|
Router is on Bootloop after QoS configuration. |
|
Netconf-yang service not starting properly |
|
ISR4k crash during packet inspection due to stuck thread |
|
AppNaX Cluster do not send/log "clear" alarms from cluster |
|
ASR 1000 BDI not working properly for packet fragmentation - very small fragments are getting dropped |
|
ASR 1000: ucode crash @ uidb_subblock_lookup__output_nat_sb |
|
BFD session not coming up on tloc-extension interface due to wrong UID |
|
Cat 3000 crash in IGMP code due to invalid source count in DNS lookup |
|
ASR 1000 BGP PIC Repair path broke after link flap |
|
Crash after exiting RADIUS server configuration mode. |
|
ESP reload due to cpp_cp_svr exception at cpp_bqs_exponent_cnt_validate |
|
XE SDWAN router stuck in boot loop after power-cycle due to replaystore file corruption |
|
zbf drops hierarchical overlay traffic between spoke sites that go through hub ASR1001-X |
|
QFP ucode reloads unexpectedly while processing large packet with NBAR enabled |
|
flow data is not populated into /tmp/xml/fnf |
|
Crash after executing "show archive config differences" |
|
mVPN - Multicast packets dropped and "%MFIB-SW2-3-MFIB_CTXT_DEPTH_EXCEEDED" printed continuously |
|
IWAN router crash after upgrading to 16.3.8 |
|
Router crashes with ZBF HA sync. |
|
QoS configuration download failed when device reloading |
|
C1111-8P -- Crash with ipv4_nat_alg_get_appl |
|
[SDA] Crash due to Segmentation fault(11), Process = ARP Input |
|
CAT9800 WLC crashed due to Memory Corruption |
|
Local internet breakout (DIA) doesn't work on subinterfaces in IOS-XE SD-WAN 16.11.1a, 16.12.1b |
|
"DHCPD Receive" process crash |
|
Gi0/0/0 interface stays up/up and LED green after cable removed |
|
ASR1000-RP3: Punt Keepalive Failure (Punt LINK DOWN) or RP FREEZE |
|
AAA accounting issue after router reload when mGRE and L3VPN configured |
|
Punt fragment crash when receive EoGRE packets which have many fragments |
|
ISR4K Router CPP ucode Crash due IPv4 Fragmented packets |
|
fman-fp keeps on crashing after attach app-route policy with app-family |
|
High memory utilization under "ezman" due to excessive parity error logging |
|
nesd crash on XE SDWAN router when pushing large configuration |
|
ASR 1000 - Egress byte count is innacurate |
|
CPP crash with Packet Duplication enabled on path failover with IOS XE SDWAN router |
|
9800 WLC crashes by wncd process when modifying AAA configs from WebUI |
|
Removing and adding ACL to ASR1K is causing Tracebacks and download to DP failed errors |
|
FMAN crashed after firewall reconfiguration |
|
ASR 1000 - OMP prefix SLA_CLASS has HW handle: (nil) (not-created)_with GROUP-ID |
|
Observed Traceback with SRTP-RTP call after hold/resume |
|
ZBF: ICMP echo-reply drops when NAT64 and router next hop learned as link-local IPv6 address |
|
Cat9400- PNP fails with Dual Supervisor with non default startup vlan |
Open Bugs for Cisco IOS XE Gibraltar 16.12.2
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
Caveat ID Number |
Description |
---|---|
Polaris 16.3.1 : Machine and bus error failures in ESP20 |
|
RSP3: MSPW VC down after Switchover (Error Local access circuit is not ready for label advertise) |
|
Dialer watch not disconnecting the backup link even after the watched route exists in routing table. |
|
IOSd software crash when doing checks of the best crypto map. |
|
Delay of 30 sec while creating a new config file for phone using tftp. |
|
IOS: Prevent crypto ACL change if already mapped with crypto map configuration |
|
Stale Nat Entries On Secondary Router |
|
Cube might crash when sending a SIP message over TLS |
|
HSRPv2 crash whilst retrieving group from received packet |
|
ASR900 autoRP listener functionality issue |
|
mGRE L3VPN broken after reload |
|
NHRP process crash on using same tunnel address on multiple spokes |
|
ASR 1000 crash in NAT code when processing PPTP traffic |
|
Active switch crashed after standby reloaded |
|
netconf <edit-config> merge is not working properly |
|
ISR4451-X / 16.09.01 / Crash when IPSEC SA installation fails |
|
Crashes when trying to bring-up / bring-down IPsec crypto session for OSPFv3 |
|
Smart licensing PID and SN logs filling up the IOSRP tracelogs |
|
Dialer interface counter does not correlate to the counter of interfaces bounded to |
|
ASR 1000 / ISR 4000 Calls fade to no-way audio due to media inactivity detection after 20 minutes |
|
SNMP Reports Incorrect Values for Bias Current on EPA-CPAK-2X40GE for entSensorValue |
|
qfp ucode crash with media monitor |
|
SDA: Enhance WLC map-notify/AR registration for non-eid space on MS |
|
Router crashes due to Segmentation Fault when 'ccb' gives a NULL Pointer |
|
Crash on "BGP Router" process |
|
ASR1000-RP2/ASR1000-RP3: OIR after clock set doesn't save the time in RTC |
|
cEdge: Banner push failing in vmanage with very long string |
|
ASR1002-HX: BQS licensed throughput oversubscription drops remains 0 when oversubscription. |
|
BFD session not forming between XE SDWAN routers with 'ah-sha1-hmac' enabled |
|
ASR1000-2T+20X1GE card is not accepting the configuration of the interfaces after a reload |
|
Unexpected reload when issueing show ip mroute vrf <vrf> verbose |
|
Unexcpected reboot when copying anchorspi context from parent to child. |
|
Intermittent packets drops observed due to "In Pkts Not Valid" |
|
"sh macsec statistics int <>" and "sh macsec status interface <>" does not show output |
|
ASR 1000 - SPA crashed with various watchdog timeout |
|
ASR1K DSP MIB cdspTotalChannels not responding |
|
Router crash @ Crypto IKMP while configuring DHCP |
|
ESP ucode crashed when running NAT with bpa (CGN) |
|
Device becomes unresponsive when configuring l2vpn context |
|
IWAN path update can cause NHRP crash |
|
Switch crashes when using a single switch template in DNA-C |
|
IPSec background crash after entered command clear cry sa peer <ip address> |
|
sessmgrd crash with "clear dot1x mac" command |
|
Cat 9000 switch crashes during Authentication Failure of Wired Client |
|
show platform output displayed "insert time" stuck |
Important Notes, Known Behavior, and Workaround
Important Notes
As of August 2017, Autonomic Networking is no longer supported in any version of Cisco IOS-XE software.
Recover from the ROMmon mode
When you upgrade your IOS software image, you might accidentally delete your old image without updating the boot statement. This could result in entering the ROMmon (ROMMonitor) mode. To recover from the ROMmon mode, the following enhancements are supported for different use cases.
Supported Workaround
Use Case |
Supported Enhancement |
---|---|
Reload the router with config-reg configuration |
Before reloading, the routerchecks if the first boot statement points to an image that exists and verifies it. If the image is missing or invalid, the users are prompted for confirmation to proceed with reload of the router. |
Reload the router with config-register 0x2102–autoboot |
The router checks if the boot variableis set properly, and accordingly prompts the users to proceed with caution. |
Reload the router with config-register 0x2102 |
Auto boot and the boot variable (bootvar) is set, but there is no image in bootvar set path–The router checks if the bootvar is properly set and if there is any image set in the bootvar path. If there is no image in the bootvar path (harddisk/bootflash/flash,and so on), then the reload is aborted with a warning message,and the users are prompted to correct the boot statement or copy the image to hard disk |
Auto boot and boot variableis set |
If the image is present in the bootvar path, then the router reload is allowed. |
ROMmon Release Requirements
The following table provides information about field-replaceable units (FRUs) of Cisco ASR 1000 Series Aggregation Services Routers supported in each ROMmon release.
FRU |
16.2 (1r) |
16.2(2r) |
16.3 (2r) |
16.7 (1r) |
16.9(4r) |
16.9(5r) |
---|---|---|---|---|---|---|
ASR 1000 RP2 |
Yes |
— |
Yes |
— |
Yes |
Yes |
ASR 1000 RP3 |
— |
— |
Yes |
— |
Yes |
Yes |
ASR 1001-X |
Yes |
Yes |
Yes |
— |
Yes |
- |
ASR 1002-X |
Yes |
— |
Yes |
Yes |
— |
- |
ASR 1001-HX |
— |
Yes |
Yes |
— |
Yes |
- |
ASR 1002-HX |
— |
Yes |
Yes |
— |
Yes |
- |
ASR 1000- ESP20 |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- ESP40 |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- ESP100 |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- ESP200 |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- SIP40 |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- 2T+ 20x 1GE |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- 6TGE |
Yes |
— |
Yes |
— |
— |
- |
ASR 1000- MIP100 |
Yes |
— |
Yes |
— |
— |
- |
The following table lists the minimum ROMmon release supported for RP and ESP FRUs in Cisco IOS XE 16.x.x releases.
Cisco IOS XE Release |
ASR 1000 RP2 |
ASR 1000 RP3 |
ASR 1000-ESP20 |
ASR 1000-ESP40 |
ASR 1000-ESP100 |
ASR 1000-ESP200 |
---|---|---|---|---|---|---|
16.2.x |
16.2(1r) |
— |
16.2(1r) |
16.2(1r) |
16.2(1r) |
16.2(1r) |
16.3.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.4.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.5.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.6.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.7.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.8.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.9.x |
15.2(1r)S |
16.3(2r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.10.x |
16.9(5r) |
16.9(5r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.11.x |
16.9(5r) |
16.9(5r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
16.12.x |
16.9(5r) |
16.9(5r) |
XNC |
15.0(1r)S |
15.3(1r)S |
15.3(1r)S |
![]() Note |
If you are on ASR 1000-RP2 platform, after upgrading ROMmon to 16.9(5r), upgrade FPGA to asr1000rpx86-hw-programmables.16.08.01.SPA.pkg or greater [FPGA version >=17071402] To upgrade asr1000rpx86-hw-programmables.16.08.01.SPA.pkg, it is mandatory that you are on IOS XE Polaris 16.x image. Upgrading FPGA from IOS XE Denali 3.x is not supported. |
The following table lists the minimum ROMmon release supported for other FRUs in each Cisco IOS XE 16.x.x release.
Cisco IOS XE Release |
ASR 1001-X |
ASR 1002-X |
ASR 1001-HX |
ASR 1002-HX |
ASR 1000-2T+20 x1GE |
ASR 1000-6TGE |
ASR 1000-MIP100 |
ASR 1000-SIP40 |
---|---|---|---|---|---|---|---|---|
16.2.x |
16.2(1r) |
16.2(1r) |
— |
16.2(2r) |
16.2(1r) |
16.2(1r) |
16.2(1r) |
16.2(1r) |
16.3.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
15.5(3r)S1 |
15.4(2r)S |
15.5(3r)S1 |
15.3(1r)S |
16.4.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
15.5(3r)S1 |
15.4(2r)S |
15.5(3r)S1 |
15.3(1r)S |
16.5.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
15.5(3r)S1 |
15.4(2r)S |
15.5(3r)S1 |
15.3(1r)S |
16.6.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
15.5(3r)S1 |
15.4(2r)S |
15.5(3r)S1 |
15.3(1r)S |
16.7.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
16.3(2r) |
16.3(2r) |
15.5(3r)S1 |
15.3(1r)S |
16.8.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
16.3(2r) |
16.3(2r) |
15.5(3r)S1 |
15.3(1r)S |
16.9.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
16.3(2r) |
16.3(2r) |
15.5(3r)S1 |
15.3(1r)S |
16.10.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
16.3(2r) |
16.3(2r) |
15.5(3r)S1 |
15.3(1r)S |
16.11.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
16.3(2r) |
16.3(2r) |
15.5(3r)S1 |
15.3(1r)S |
16.12.x |
15.4(2r)S |
15.5(3r)S1 |
16.2(2r) |
16.2(2r) |
16.3(2r) |
16.3(2r) |
15.5(3r)S1 |
15.3(1r)S |
![]() Note |
Due to the effect of CSCve29180 on Cisco ASR 1002-X Router, it is recommended that the ROMMON release on Cisco ASR 1002-X Router be upgraded to 16.7(1r). |
The following table lists the recommended ROMmon release for RP and ESP FRUs in each Cisco IOS XE 16.x.x release.
Cisco IOS XE Release |
ASR 1000 RP2 |
ASR 1000 RP3 |
ASR 1000-ESP20 |
ASR 1000-ESP40 |
ASR 1000-ESP100 |
---|---|---|---|---|---|
16.2.x |
16.3(2r) |
— |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3.x |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.4.x |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.5.x |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.6.x |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.7.x |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.8.x |
16.9(5r) |
16.9(5r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.9.x |
16.9(5r) |
16.9(5r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.10.x |
16.9(5r) |
16.9(5r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.11.x |
16.9(5r) |
16.9(5r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.12.x |
16.9(5r) |
16.9(5r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
The following table lists the recommended ROMmon release for other FRUs in each Cisco IOS XE 16.x.x release.
Cisco IOS XE Release |
ASR 1001-X |
ASR 1002-X |
ASR 1001-HX |
ASR 1002-HX |
ASR 1000-2T+20x 1GE |
ASR 1000-6TGE |
ASR 1000-MIP100 |
ASR 1000-SIP40 |
---|---|---|---|---|---|---|---|---|
16.2.x |
16.3(2r) |
16.7(1r) |
— |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3.x |
16.3(2r) |
16.7(1r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.4.x |
16.3(2r) |
16.7(1r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.5.x |
16.3(2r) |
16.7(1r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.6.x |
16.3(2r) |
16.7(1r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.7.x |
16.3(2r) |
16.7(1r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.8.x |
16.9(1r) |
16.7(1r) |
16.9(1r) |
16.9(1r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.9.x |
16.9(4r) |
16.7(1r) |
16.9(4r) |
16.9(4r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.10.x |
16.9(4r) |
16.7(1r) |
16.9(4r) |
16.9(4r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.11.x |
16.9(4r) |
16.7(1r) |
16.9(4r) |
16.9(4r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.12.x |
16.9(4r) |
16.7(1r) |
16.9(4r) |
16.9(4r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
16.3(2r) |
Related Documentation
-
Release Notes for Previous Versions of ASR 1000 Series Aggregation Services Routers
-
Hardware Guides for Cisco ASR 1000 Series Aggregation Services Routers
-
Configuration Guides for ASR 1000 Series Aggregation Services Routers
-
Command Reference Guides for ASR 1000 Series Aggregation Services Routers
-
Product Landing Page for ASR 1000 Series Aggregation Services Routers
-
Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers
-
Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide