Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
About Cisco ASR 1000 Series Aggregation Services Routers
The Cisco ASR 1000 Series Routers carry a modular yet integrated design, so network operators can increase their network capacity and services without a hardware upgrade. The routers are engineered for reliability and performance, with industry-leading advancements in silicon and security to help your business succeed in a digital world that's always on. The Cisco ASR 1000 Series is supported by the Cisco IOS XE Software, a modular operating system with modular packaging, feature velocity, and powerful resiliency. The series is well suited for enterprises experiencing explosive network traffic and network service providers needing to deliver high-performance services.
 Note |
For more information on the features and specifications of Cisco ASR 1000 Series Routers, refer to the Cisco ASR 1000 Series Routers datasheet. For information on the End-of-Life and End-of-Sale Announcements for Cisco ASR 1000 Series routers, refer to the ASR 1000 Series End-of-Life and End-of-Sale Notices. |
Note |
Cisco IOS XE Cupertino 17.9.1a is the first release for Cisco ASR 1000 Series Aggregation Services Routers in the Cisco IOS XE Cupertino 17.9.x release series. |
Note |
Starting from IOS XE 17.5, the following consolidated platforms (or with dual IOSd) will move to monolith packaging and will not enable upgrade/downgrade using separate packages:
|
Instead, use the install add file bootflash:<file name> activate commit command to upgrade using a single image that combines all the separate packages improves the boot time.
Starting from IOS XE 17.6, the ISSU on Cisco ASR 1000 Series Aggregation Services Routers will migrate to an install workflow that provides step-by-step upgrade/downgrade commands.
The ISSU load version commands will be deprecated and these commands include:
-
abortversion
-
acceptversion
-
checkversion
-
commitversion
-
config-sync
-
image-version
-
loadversion
-
runversion.
Additionally, dual IOSd ISSU commands and Bundle mode ISSU workflows will also be disabled.
Note |
The In-Service Software Upgrade (ISSU) in ASR 1000 is being migrated to an install workflow that provides a step-by-step upgrade/downgrade. Starting from IOS-XE 17.6.1, the following items will be disabled:
|
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
New and Changed Hardware Features
There are no new hardware features for this release.
New and Changed Software Features in Cisco IOS XE 17.9.4a
There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
New and Changed Software Features in Cisco IOS XE 17.9.4
There are no new software features in this release.
New and Changed Software Features for Cisco IOS XE 17.9.3a
|
Feature |
Description |
|
Support for broadband features and functionalities with DNA Network Advantage Tier 3 License |
From Cisco IOS XE 17.9.3 release, the following functionalities and features are supported on ESP100-X & ESP200-X platforms:
For more information, see: |
New and Changed Software Features in Cisco IOS XE 17.9.2a
There are no new software features in this release.
New and Changed Software Features for Cisco IOS XE 17.9.1a
|
Feature |
Description |
||
|---|---|---|---|
|
This feature allows you to manage or change the lease renewal in a shorter period of time than the actual lease that is granted by the DHCP server. You can enable this using the ip dhcp relay short lease command on the server or relay agent. |
|||
|
The show isis node command is updated to display information about link and prefix cache, and the show isis lspgen tlv neighbor command is introduced to display information about ISIS LSP TLV neighbors. |
|||
|
Increase ACE Scale Limit Per OGACL |
This feature provides an increase in the ACE scale limit per ACL and OGACL as the current implementation of CACE has a total limit of only 64K entries. The scale for this feature is 1D and the scale information for OGACL is 3000 ACE entries per OGACL, 2400 OGs and 100 networks per OG. |
||
|
The ip nat settings log-destination command is introduced in Carrier Grade Network Address Translation (CGN) mode to include the destination IP address and the destination port details in the add and delete HSL records. |
|||
|
Support for BGP additional paths with label-unicast unique mode |
This enhancement introduces support for configuring BGP additional paths when label-unicast unique mode is configured. |
||
|
Previously, a separate PDP policy was created for every default IGP/RIB learned path. This implementation would eventually increase the number of policies and would not scale. From Cisco IOS XE 17.9.1, RIB path is supported for PFP. This feature enables you to configure forwarding class in a per flow policy using the RIB path option. Instead of configuring a per destination policy, the RIB option uses the IGP shortest path to the policy destination. |
|||
|
This feature introduces support for configuration of unicast-to-multicast destination reflection to facilitate unicast-to-multicast destination translation and unicast-to-multicast destination splitting. It also provides the capability for users to translate externally received unicast destination addresses to multicast addresses. |
|||
|
Cisco Unified Border Element (CUBE) Features |
|||
|
CUBE: End-to-end Secure Calling for Courtesy Call Back and Unified Contact Center Survivability |
With the Cisco Voice Portal (CVP) application, a caller may request an automatedcallback, rather than wait in a queue for an extended period. When an agent becomes available, CVP sends a request to place a call to the original caller. When the call is answered, the agent is connected. With this update, outbound calls over a secure SIP PSTN trunk are possible. |
||
|
This enhancement to the DNS session target feature, provides effective call distribution and load balancing of calls based on the preference, priority and availability of hosts provided in DNS SRV Resource Records. This feature further simplifies configuration by allowing effective call distribution with a single dial-peer. |
|||
|
Previously, CUBE (Local Gateway) had to be configured with separate dial-peers to monitor the availability of individual proxies used in services such as Webex Calling. To simplify this configuration, all targets resolved from a DNS SRV record may now be monitored using a common Options Ping policy defined for a single dial-peer. If a remote server becomes unresponsive, CUBE will busy out that destination, allowing calls to be sent to alternative destinations. |
|||
|
Cisco IOS gateways can use FTP and now SFTP servers to transfer call accounting files. |
|||
|
Programmability Feature |
|||
|
Pubd Restartability |
The pubd process is restartable on all platforms in this release. Prior to this release, pubd was restartable only on certain platforms. On other platforms, to restart the pubd process, the whole device had to be restarted. |
||
|
Smart Licensing Using Policy Features |
|||
|
New mechanism to send data privacy related information |
A new mechanism to send data privacy related information was introduced. This information is no longer included in a RUM report. If data privacy is disabled (no license smart privacy{all|hostname|version} command in global configuration mode), data privacy related information is sent in a separate sync message or offline file. Depending on the topology you have implemented, the product instance initiates the sending of this information in a separate message, or CSLU and SSM On-Prem initiates the retrieval of this information from the product instance, or this information is saved in an offline file. For more information, see license smart (global config). |
||
|
Hostname support |
Support for sending hostname information was introduced. If you configure a hostname on the product instance and disable the corresponding privacy setting (no license smart privacy hostname command in global configuration mode), hostname information is sent from the product instance, in a separate sync message or offline file. Depending on the topology you have implemented, the hostname information is received by CSSM, CSLU, and SSM On-Prem. It is then displayed on the corresponding user interface. For more information, see license smart (global config).
|
||
|
RUM Report Throttling |
For all topologies where the product instance initiates communication, the minimum reporting frequency is throttled to one day. This means the product instance does not send more than one RUM report a day. The affected topologies are: Connected Directly to CSSM, Connected to CSSM Through CSLU (product instance-initiated communication), CSLU Disconnected from CSSM (product instance-initiated communication), and SSM On-Prem Deployment (product instance-initiated communication). This resolves the problem of too many RUM reports being generated and sent for certain licenses. It also resolves the memory-related issues and system slow-down that was caused by an excessive generation of RUM reports. You can override the reporting frequency throttling, by entering the license smart sync command in privileged EXEC mode. This triggers an on-demand synchronization with CSSM or CSLU, or SSM On-Prem, to send and receive any pending data. RUM report throttling also applies to the Cisco IOS XE Amsterdam 17.3.6 and later releases of the 17.3.x train, and Cisco IOS XE Bengaluru 17.6.4 and later releases of the 17.6.x train. From Cisco IOS XE Cupertino 17.9.1, RUM report throttling is applicable to all subsequent releases. |
||
|
Virtual Routing and Forwarding (VRF) Support |
On a product instance where VRF is supported, you can configure the license smart vrf vrf_string command and use a VRF to send licensing data to CSSM, or CSLU, or SSM On-Prem.
|
||
Resolved and Open Bugs for Cisco IOS XE 17.9.x
Resolved Bugs for Cisco IOS XE 17.9.5a
|
Bug ID |
Description |
|---|---|
|
Packets appeared out of order when using Embedded Packet Capture (EPC). |
|
|
EZMAN posted stats to APIs: Ingress and Egress Bytes counters suddenly jump for sub-interfaces. |
|
|
The MACsec session is in a secured state but stuck without sending any traffic. |
|
|
Device experiences a crash under @crypto_dev_proxy_ipc_ipsec_sa_crt_hndlr. |
|
|
Device ICMP replies should not be NATted. |
|
|
EPBR will generate an error when the policy is added and deleted multiple times. |
|
|
There is a crash due to DTL push/pop in the wait loop. |
|
|
EntSensorStatus is displaying as non-operational. |
|
|
A CPLD upgrade failed error message is logged during ROMmon upgrade. |
|
|
In EVPN, BUM traffic is not flooded to the bridge domain interface. |
|
|
The device creates a crooked NAT entry if two or more IP phones from the NAT outside register to the same server. |
|
|
Depletion in the process memory pool/IOSd after enabling virtualization on the IOS-XE platform. |
|
|
Crash when modifying tunnel after running show crypto commands. |
|
|
AOM objects (FMAN_OBJ_ACL_REF) might be missing intermittently after MMA flapping. |
|
|
Device's fifty-gig port returns a link-flap err-disabled status when the peer device reloads or bounces. |
|
|
Router keeps crashing when processing a firewall feature. |
|
|
Device observes memory leak at process SSS Manager. |
|
|
write or do write saves configuration, but RSA keys/SSH are lost after reload. |
|
|
Policy commit failure notification and alarm from management software. |
|
|
Using special characters in the password while generating a token generates an invalid token. |
|
|
Unexpected reboot after establishing control plane of EVPN MPLS and receiving packets. |
|
|
NHRP reply processing may dequeue an unrelated request. |
|
|
CPU usage mismatch in show sdwan system status vs show process CPU platform. |
|
|
Device crash with crash info files generated with segmentation fault, process IPSEC key engine. |
|
|
OMP route is being advertised although the route is not available. |
|
|
Interface from Port-channel going to suspended status after applying platform QoS port-channel-aggregate. |
|
|
NetFlow stops working when flow monitor reaches cache limit in the device. |
|
|
Certification: Modem is showing 4 additional NR bands support - 1, 3, 7, and 28. |
|
|
Running more than 4 tests on network agent causes tracebacks on device running software in a docker container. |
|
|
NAT HSL logging vrf-filter not working. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
UTD Packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Environmental syslog is not appearing when the power cord is disconnected from the redundant power supply. |
|
|
Device is crashing while adding a trust point to the router. |
|
|
Compliance failure: Use of 3DES by IPSEC is denied. |
|
|
Unexpected reload on device due to critical process fman_fp_image. |
|
|
Device reboots with SSL proxy and UTD enabled. |
|
|
Device data plane crash in DNS security processing due to incorrect UDP length. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
Unexpected reboot after configuring application redundancy. |
|
|
Router software forced reset during high IPC congestion with IPSec. |
|
|
ITU channel configuration seems not working on the device. |
|
|
Crashed by TRACK Client thread at access to invalid memory location. |
|
|
Unable to migrate from ADSL to VDSL without reboot on the device. |
|
|
Crash in IP Input process during tunnel encapsulation. |
|
|
Can't disable DMVPN logging. |
|
|
Crypto process crash when PKI trust point is being deleted. |
|
|
Crypto process crash when PKI trust point is requested and deleted. |
|
|
IPv4 connectivity over PPP not restored after reload. |
|
|
Spoke-spoke cache refresh not working correctly in case of multiple cache entries for the same next hop. |
|
|
Debug log should mention port-hop and reason prior to DISTLOC. |
|
|
Keyman process crash seen while re-generating SSH key in the device. |
|
|
B2B NAT: When configuring IP NAT inside/outside on the interface, ACK/SEQ number abnormal. |
Open Bugs for Cisco IOS XE 17.9.5a
|
Bug ID |
Description |
|---|---|
|
Unable to properly activate the Foundation Suite License on the device. |
|
|
Failure to upgrade the FPGA version on the standby RP module. |
|
|
Traceback seen @_nhrp_cache_delete due to a negative global cache count. |
|
|
Unexpected reboot of the ESP observed after enabling platform qos port-channel-aggregate. |
|
|
QoS with more than four remarks using set-cos does not work. |
|
|
Device's Tx queue depth is twice the q-limit, resulting in output discards. |
|
|
Duplicate telemetry updates for the environment-sensors path. |
|
|
Unable to configure the CIR rate higher than 67G. |
|
|
%IOSXE_MGMTVRF-3-INTF_ATTACH_FAIL error after configuring a loopback management VRF and then removing it. |
|
|
Endpoint tracker triggers a CPU usage spike. |
|
|
Static NAT with HSRP stops working after removing/adding standby. |
|
|
Packets with unicast MAC get dropped on a Port Channel Layer 2 sub-interface after a device reboot. |
|
|
Cosmetic issue causing distress to customers - Modem WCDMA 900 is displayed as Unknown. |
|
|
Device crash with segmentation fault (11), Process = NHRP when processing NHRP traffic. |
|
|
CPP CP SVR crash after decoding all packets to text (using L2 copy) on FIA trace. |
|
|
DSP reporting out-of-range utilization values in SNMP. |
|
|
Zone-Based Firewall drops transit packets due to 'Invalid ACK number'. |
|
|
Router might crash due to Cryptographic IKMP Process. |
|
|
Enable SOS/ROC feature for DSL. |
|
|
Device LED L remains green after port shutdown. |
|
|
IKEv2 - Diagnose feature is taking 11% CPU during session set up. |
|
|
DDNS update retransmission timer fails to work, resulting in a traceback error. |
|
|
Custom Application is marked as invalid. |
|
|
Router should discard IKE Notification messages with incorrect DOI. |
|
|
PKI crash after failing a CRL Fetch. |
|
|
Warning and critical CPU utilization thresholds not recomputed when using data-plane-heavy mode. |
|
|
NAT Command not readable after reload. |
|
|
PoE module is not providing enough power to activate the ports after an unexpected reload. |
|
|
Segmentation fault observed in ikev2_dupe_delete_reason. |
|
|
IPv6 TCP adjust-mss not working after delete and reconfigure. |
|
|
Packet drops observed between LISP EID over GRE Tunnel. |
|
|
Unknown appID in ZBFW HSL log. |
|
|
CWMP: Add vendor specific parameter for NBAR protocol pack version. |
|
|
Device with SwitzerCC can't boot up. |
|
|
Template push fail when AAA authorization is set to local. |
|
|
Traffic not encrypted and dropped over IPSEC SVTI tunnel. |
|
|
Device has multiple crashes, with cpp_cp_svr crash pointing to cpp_sdwan_policy_vrf_delete. |
Resolved Bugs - Cisco IOS XE 17.9.4a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
Open Bugs for Cisco IOS XE 17.9.4a
|
Bug ID |
Description |
|---|---|
|
IOS-XE CPP crash when entering no ip nat create flow-entries. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
|
NHRP BFD flaps randomly with dynamic tunnel (NHRP phase 3) in DMVPN. |
|
|
CLI template fails to attach to device with error access-denied. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Static NAT DIA inside static routes being advertised over OMP to remote sites. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
UTD packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Device reloads changing the resource profile. |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write configuration with same crypto value. |
|
|
Netflow stops working when flow monitor reaches cache limit in 8500L |
|
|
Unexpected reload due to memory corruption when modifying and access list. |
|
|
Device crash with crashinfo files were generated with segmentation fault, rocess IPSEC key engine. |
|
|
Device QoS more than four remark with set-cos not work. |
|
|
IOS XE - device debug log should mention port-hop and reason prior to DISTLOC. |
|
|
Packets with L2TP headers cause device to crash. |
|
|
Device is crashing while adding a trustpoint to the router. |
|
|
SNMP ifindex persist does not work. |
|
|
Output packet bytes calculation biase when we enable QoS on port channel. |
|
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
|
Failure to upgrade FPGA version to standby RP module. |
|
|
dot3StatsDuplexStatus gives unknown for tengig and gig interfaces. |
|
|
Crash due to DTL push/pop on wait loop. |
|
|
Duplicate telemetry updates for environment-seensors path. |
|
|
Unable to configure CIR rate higher then 67G. |
Resolved Bugs for Cisco IOS XE 17.9.4
|
Bug ID |
Description |
|---|---|
|
Stale client routes stuck in RIB on flex server. |
|
|
NAT ALG is changing the call-ID within SIP message header causing calls to fail. |
|
|
Device freezes for show SDWAN commands. |
|
|
SNMP MIB does not show correct firmware version for device LTE module. |
|
|
MACsec remains marked as SECURED, but the traffic stops working randomly. |
|
|
ALG breaks NBAR recognition impacting application firewall performance. |
|
|
NAT configuration with redundancy, mapping id and match-in-vrf options with no-alias support. |
|
|
Device crashes unexpectedly due to a fault in the 'TLSCLIENT_PROCESS'. |
|
|
NAT configuration with no-alias option is not preserved after reload. |
|
|
NHRP cache entries flood matching a /32 default route. |
|
|
Crashes while importing big CRL file into switch. |
|
|
DTMF is failing through IOS MTP during call on-hold. |
|
|
Unexpected reload with IPS. |
|
|
Auto-Update cycle incorrectly deletes certificates. |
|
|
Crash seen on device with traffic pointing to segfault in coff handler. |
|
|
Memory allocation failure with extended antireplay enabled. |
|
|
NAT entries expire on standby router. |
|
|
Segmentation fault in device PB rx when per-tunnel QoS config is withdrawn. |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
|
Device Punt-Policer is not configurable. |
|
|
[LTE] SNMP MIB OID changing its last index. |
|
|
Device is crashing after importing the trustpoint with rsakeypair. |
|
|
Device uses excessive memory when configuring ACLs with large object groups. |
|
|
Observed qfp-ucode-wlc crash. |
|
|
GARP on port up/up status from device is not received by remote peer device. |
|
|
MCID (Malicious Call Identification) gets broken due to custom prefix setting under STCAPP FAC. |
|
|
NAT: Traffic is not translated to the same global address though PAP is configured. |
|
|
Device can lose its configuration during a triggered resync process if lines are in an off-hook state. |
|
|
No way audio when using secure hardware conference with secure endpoints. |
|
|
VMWI race condition causes no ringing for analog phones. |
|
|
Configuring entity-information xpath filter causes syslogs to print, does not return data. |
|
|
Router crashes due to CPUHOG when walking Cisco Flash MIB @snmp_platform_get_flash_file_info. |
|
|
Router IOS-XE crash while executing AES crypto functions. |
|
|
Device Packet Duplication: Duplicate packets are counted on Primary Tunnel Interface Statistics. |
|
|
ISAKMP profile doesn't match as per configured certificate maps. |
|
|
Failed to ping gateway while configuring SharedLOM with console , te1 interface until router reload. |
|
|
ISG: L2-connected subscriber. IPv6 prefix delegation is not reachable when packet are switched. |
|
|
ARP is not completing on interface having CISCO-OPLINK SFP. |
|
|
QFP Ucode crash when clearing MACs under BD in EVPN scenario. |
|
|
No error log generated when EVC/bridge-domain reaches maximum MAC learning limit on device. |
|
|
IpFormatErr drops on device when bridge-domain/EVC MAC learning limit is exhausted. |
|
|
AppNav-XE: Policy-map edit on cluster with multiple service context fails to program TCAM. |
|
|
startup-config not parsed correctly after upgrading. |
|
|
Device going in disabled state after hw-module <slot> reload. |
|
|
Ingress and Egress bytes counters can suddenly increase and are not accurate for sub-interfaces. |
Open Bugs for Cisco IOS XE 17.9.4
|
Bug ID |
Description |
|---|---|
|
IOS-XE CPP crash when entering no ip nat create flow-entries. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
|
NHRP BFD flaps randomly with dynamic tunnel (NHRP phase 3) in DMVPN. |
|
|
CLI template fails to attach to device with error access-denied. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Static NAT DIA inside static routes being advertised over OMP to remote sites. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
UTD packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Device reloads changing the resource profile. |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write configuration with same crypto value. |
|
|
Netflow stops working when flow monitor reaches cache limit in 8500L |
|
|
Unexpected reload due to memory corruption when modifying and access list. |
|
|
Device crash with crashinfo files were generated with segmentation fault, rocess IPSEC key engine. |
|
|
Device QoS more than four remark with set-cos not work. |
|
|
IOS XE - device debug log should mention port-hop and reason prior to DISTLOC. |
|
|
Packets with L2TP headers cause device to crash. |
|
|
Device is crashing while adding a trustpoint to the router. |
|
|
SNMP ifindex persist does not work. |
|
|
Output packet bytes calculation biase when we enable QoS on port channel. |
|
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
|
Failure to upgrade FPGA version to standby RP module. |
|
|
dot3StatsDuplexStatus gives unknown for tengig and gig interfaces. |
|
|
Crash due to DTL push/pop on wait loop. |
|
|
Duplicate telemetry updates for environment-seensors path. |
|
|
Unable to configure CIR rate higher then 67G. |
|
|
CUBE - SIP Message Queuing Fails to Resume Transmission |
Resolved Bugs for Cisco IOS XE 17.9.3a
|
Bug ID |
Description |
|---|---|
|
MSR Unicast-To-Multicast not working if DST and SRC are the same in Service Reflect configuration. |
|
|
Unexpected reload after running show voice dsp command while an ISDN call disconnects. |
|
|
ISG FFR: ARP request to reroute nexthop IP is not triggered if ARP entry not in ARP table. |
|
|
Device-L controller crash when sending full line rate of traffic with >5 Intel AX210 stations, |
|
|
Service engine YANG support for ZBFW. |
|
|
GetVPN long SA - GM re-registration after encrypting 2^32-1 of packets in one IPSEC SA. |
|
|
QoS classification not working for DSCP or ACL + MPLS EXP. |
|
|
Clear ISG existing lite-session upon reception of DHCP packet for same client. |
|
|
FMAN crash seen in SGACL@ fman_sgacl_calloc. |
|
|
Standby WLC crash @ fman_acl_remove_default_ace. |
|
|
Interface VLAN placed in "shutdown" state when configured with ip address pool . |
|
|
Data plane crash on device when making per-tunnel QoS configuration changes with scale |
|
|
IKEv2/IPSec - phase 2 rekey failing when peer is behind NAT. |
|
|
CEF DPI load-balancing causes out of order packets. |
|
|
vCube crashing and restarting during call flow with new image. |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
|
DSL: erroneous atm interface counter at DSL retraining. |
|
|
CWMP : MAC address of ATM interface is not included in inform message. |
|
|
GETVPN: KS reject registration from a public IP. |
|
|
Unconditional excessive logging in EoGRE tunnel error handling case. |
|
|
MPLS VPN traffic dropped due FDB OOM with cause FIAError under scale flow number (<1M). |
|
|
Device unexpected reload after set ospfv3 authentication null command. |
|
|
DHCP behavior issue when BDI interface is enabled on WAN and SVI interface. |
|
|
Stale IP alias left after NAT statement got removed. |
|
|
ISG uses identifier mac-address 0000.0000.0000 when DHCP LQ does not reply. |
|
|
GETVPN: Traffic drops seen on GM after rekey installing policies on image. |
|
|
Single WAN Interface subslot 0/0 timing. |
|
|
Observed crash in CPP, UCode & FMAN while upgrading to with crypto module present. |
|
|
Memory leak under linux_iosd-imag related to SNMP. |
Open Bugs for Cisco IOS XE 17.9.3a
|
Bug ID |
Description |
|---|---|
|
IOS-XE CPP crash when entering no ip nat create flow-entries . |
|
|
Memory leak caused router reload. |
|
|
NAT: Traffic is not translated to the same global address though PAP is configured. |
|
|
OID for SNMP monitoring of DSP resources are not working as expected. |
|
|
ALG breaks NBAR recognition impacting application firewall performance. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Static NAT with HSRP stops working after removing/adding standby. |
|
|
UTD packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Router IOS-XE crash while executing AES crypto functions. |
|
|
Device frequent reloads. |
|
|
Device always fails to push any template to device if device is running in FIPS mode. |
|
|
Unable to match on customer profile based on certificate-map. |
|
|
PFP policy in SRTE, RIB resolution in FC bring down ipsec tunnel interface- stuck at linestate down. |
|
|
IP CEF load sharing command is being changed by the device. |
|
|
NAT configuration with no-alias option is not preserved after reload. |
|
|
Device seeing out of service on switch modules when using with new DC power supply. |
|
|
CUBE - SIP Message Queuing Fails to Resume Transmission |
Resolved Bugs for Cisco IOS XE 17.9.2a
|
Bug ID |
Description |
|---|---|
|
NAT not requesting further for low ports after initial allocation when CLI knob reserved-ports set. |
|
|
Crash saving tracelogs after Too many open files error. |
|
|
RP switchover causes linecard NFS mount failure resulting in memory leak. |
|
|
VTCP does not support L2 correctly. |
|
|
QFP crash when ZBFW configuration features log dropped-packets configuration. |
|
|
Device ucode crash during FW classification, session frees. |
|
|
Routes added by IKEv2 getting deleted at responder. |
|
|
Firewall drop seen stating FirewallL4 seen on device. |
|
|
DSPware 60.1.1 release targeting throttle. |
|
|
Bootstrap failing on device. |
|
|
Device is not programming correct next-hop for unicast prefix with multicast config present. |
|
|
Carsh @ UNIX-EXT-SIGNAL: Aborted(6), Process = Check heaps, having PPPoe with cwmp configs. |
|
|
IKEv2 Cert-based IPSEC not working between IOS-XE and AWS. |
|
|
Device unexpected reload due to QFP ucode crash. |
|
|
Device VRF+NAT Outside Source Static - Drop packets during FTP (Active-mode) execution. |
|
|
Packet duplication is causing drops in payment transactions. |
|
|
Device reloads unexpectedly due to critical FTMD fault when VRF configuration is pushed. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
Multiple devices experienced crashes every 4-5 min. |
|
|
Flows are not distributed and load-balanced evenly and consistently. |
|
|
ZBFW self zone policy drops ssh session on Mgmt-intf 512 ports. |
|
|
Automatically freeing up filesystems stale image or recovered folder (lost+found). |
|
|
Throughput degrades when Local TLOC specified in Data Policy goes down. |
|
|
BFD sessions remains down if interface flap form up/down/up. |
|
|
CLI template push fails with error: 'Error: on line 48: line-mode single-wire line 0'. |
|
|
Crash due to IOSXE-WATCHDOG due to management port traffic storm. |
|
|
Router running crashes due to CPUHOG when walking cisco flash MIB. |
|
|
Subscriber session getting stuck and needs clearing it manually. |
|
|
Device speed test failing with Device Error: Speed test in progress. |
|
|
Needs cert update - Azure CGW creation fails due to NVA provisioning failure. |
|
|
ERROR info: Router configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt. |
|
|
Intermittent double DTMF due to changing timestamp on a DTMF event. |
|
|
ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
Crashes when Virtual-Access tries to bring-up/bring-down OSPFv3 ipsec crypto session authentication. |
|
|
SSH from device getting closed after update. |
|
|
BFD and control packets are dropped when ACL is applied on gigi to which loopback is bind. |
|
|
SIG tunnel tracker packets are dropped by firewall with self zone policy. |
|
|
Interface stats are not getting updated for port-channel. |
|
|
UTD skipped when interface UTD config is used to enable/disable UTD. |
|
|
BFD sessions are not coming up after flapping the interface due to low ftm rate. |
Open Bugs for Cisco IOS XE 17.9.2a
|
Bug ID |
Description |
|---|---|
|
Control Connection on device doesn't come-up with reverse proxy using Enterprise Certificate. |
|
|
Unable to configure the local BGP as-path-list via device. |
|
|
A high CPU utilization caused by NHRP. |
|
|
Router crashing with reason CPU usage due to Memory Pressure exceeds threshold (Reboot). |
|
|
Device stopped forwarding traffic. Suspect OMPd is busy. |
|
|
Repeating SYS-2-PAK_SUBBLOCK_BADSIZE: 4 -Process= "<interrupt level>". |
|
|
Serviceability enhancements for config migration failures between releases. |
|
|
NAT/DIA traffic is skipping UTD in forward direction after SSNAT path from service-side. |
|
|
After upgrade, device moves into Out of Sync status. |
|
|
NAT translation is not correctly sent to hub router from branch when SSNAT and UTD are configured. |
|
|
With 2 sequences, should not skip if the match is different and action is same. |
|
|
CERM may kick in due to IPSec sessions initiated for on-demand tunnels. |
|
|
Login banner config is changed after upgrade. |
|
|
0365 and MS Teams applications access issues when using DIA with app-list match in data-policy. |
|
|
Device always fails to push any template if it is running in FIPS mode. |
|
|
fman crash seen in SGACL@ fman_sgacl_calloc. |
|
|
Upgrade failures due to inability to establish netconf connection from device to upgrade-confirm. |
|
|
Device does not form BFD across Serial link when upgrading. |
|
|
Configuring entity-information xpath filter causes syslogs to print, does not return data. |
|
|
NAT configuration with no-alias option is not preserved after reload. |
|
|
After delete CSP, new CCM bring up on existing CSP is stuck in Initializing CCM on MT cluster. |
Resolved Bugs for Cisco IOS XE 17.9.1a
|
Bug ID |
Description |
|---|---|
|
When MACSEC dot1q-in-clear 1 is enabled on interfaces there is traffic drop. |
|
|
Incorrect Tx/Rx optical power values reported for QSFP transceivers. |
|
|
Simulated flows with PPPoE with NAT DIA result in crash consistently. |
|
|
Router linecard crashed on doing issu-mdr-force issu. |
|
|
FTP data traffic broken when UTD IPS enabled in both service VPN. |
|
|
Device may show input/output rate values even if the interface is in admin down state. |
|
|
Peer MSS value showing incorrect. |
|
|
When object-group used in a ACL is updated, it takes no effect. |
|
|
Device failed to display active flows when flow count is high on the device. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Memory leaks on keyman process when key is not found. |
|
|
Large number of DH failures. |
|
|
NAT translation stops suddenly (ip nat inside doesn't work). |
|
|
"Revocation-check crl none" does not failover to NONE DNAC-CA. |
|
|
Router crashed after new IPv6 address assigned when router use specific configuration. |
|
|
ISG: initiator unclassified ip-address LQIPv4 command has no effect. |
|
|
UDP based DNS resolution doesn't work with IS-IS EMCP on IOX-XE/ |
|
|
Destination prefix packets getting dropped because forwarding plane is not programming the next hop. |
|
|
New key for NBAR app and NBAR category without OGREF optimized. |
|
|
ZBFW dropping return packets from tunnel post upgrade. |
|
|
OMP origin protocol comparison cleanup. |
|
|
Router crashing when clearing a VPDN session. |
|
|
Hub with firewall configured incorrectly dropping return packets when routing between VRFs. |
|
|
NAT traffic gets dropped when default route changes from OMP to NAT DIA route. |
|
|
Memory Leak in AEM chunks related to firewall. |
|
|
SNMP v2 community name encryption problem. |
|
|
Traceroute not working with NAT. |
|
|
Subject-alt-name attribute in certificate trustpoint causes Windows NDES/CA to reject SCEP requests. |
|
|
Router reload unexpectedly two times when enter netflow show command. |
|
|
Router crash for stuck threads in cpp on packet processing. |
|
|
CoR intercepted DNS reply packets dropped with drop code 52 (FirewallL4Insp) if UTD enabled also. |
|
|
ThousandEyes container may fail to get installed on device. |
|
|
DMVPN phase 2 connectivity issue between two spokes. |
|
|
Traceback: IOS-XE reload after Segmentation fault on Process = SSS Manager. |
|
|
Enabling or disabling OMP overlay AS prevents connected routes from being advertised in OMP. |
|
|
Device image installation fails. |
|
|
ZBFW policy stops working after modifying the zone pair. |
|
|
Keyman memory leak using public keys. |
|
|
NHRP network resolution not working with link-local IPv6 address. |
|
|
CSR BFD tunnel are zero. |
|
|
Incorrect reload reason - last reload reason: LocalSoft for Netconf Initiated request. |
|
|
Missing IOS config (voice translation rule) on upgrade. |
|
|
Umbrella DNS security policy doesn't work with Cloud on Ramp with SIG tunnels. |
Open Bugs for Cisco IOS XE 17.9.1a
|
Bug ID |
Description |
|---|---|
|
Crash due to IOSXE-WATCHDOG due to management port traffic storm. |
|
|
"Total output drops" counter in "show interface" on Port-channel doesn't work properly. |
|
|
Crash seen after enabling "platform qos port-channel-aggregate". |
|
|
Router crashes due to CPUHOG when walking Cisco Flash MIB. |
|
|
Fragmented packets crashes while allocating memory. |
|
|
cpp_cp_svr crash when port-channel configured. |
|
|
High CPU on SIP (mip100) due to mcpcc-lc-ms caused by link up/down interrupts. |
|
|
TLB miss for lock address during FNF cache lookup. |
|
|
Crash saving tracelogs after "Too many open files" error. |
|
|
Crash in IPv6_tunnel_macaddr while adding/removing GRE multi-point tunnel mode. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
Firewall drop seen stating “FirewallL4”. |
|
|
Yang-management process confd is not running, controller mode. |
|
|
Bootstrap failing on device. |
|
|
Layer 7 health check doesn't work on loopback interfaces. |
|
|
Device flows are not distributed and load-balanced evenly and consistently. |
|
|
Memory leak due to FTMD process. |
|
|
Device lost configuration due to multiple power cycles on site. |
|
|
Device reloads unexpectedly due to critical FTMD fault when VRF configuration is pushed. |
|
|
Device unable to establish control connection with vBond due to out of order DTLS packets. |
|
|
Static NAT configuration in CLI with the no-alias keyword cannot be retrieved via NETCONF/YANG. |
|
|
Statistics collection causing service-side BFD to flap on every collection interval. |
|
|
Device crashed in IPv4_nat_create_out2in_session_entry. |
|
|
Router can not be upgraded. |
|
|
Show device app-fwd cflowd flows vpn X format tabled does not show all flows for vpn X. |
|
|
BFD sessions remains down if interface flap form up/down/up. |
|
|
Traffic seems not inspected by UTD when umbrella is set. |
|
|
Unable to set specific speed and duplex values on SFP ports on IOS-XE routing platforms. |
|
|
Subscriber session getting stuck and needs clearing it manually. |
|
|
DLC is not completing after upgrading to Smart licensing from CSL. |
|
|
IOS-XE "no ip nat" config is allowed to be committed and removes NAT routes among other NAT config. |
|
|
BFD tunnel on router is not staying up, 1 out of 40 tunnels. |
|
|
Device looses all BFD sessions with invalid SPI. |
|
|
Tracebacks at cgm_avlmgr_class_init and cpuhog_key_init. |
|
|
ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
Destination not reachable if configured as a next for a static route resolvable via non /32 OMP. |
|
|
Crashes when Virtual-Access tries to bring-up/bring-down OSPFv3 ipsec crypto session authentication. |
|
|
BFD sessions not coming UP because of ANTI-REPLAY-FAILURES. |
|
|
SIG tunnel tracker packets are dropped by firewall with self zone policy. |
|
|
Router reloaded unexpectedly. |
ROMmon Release Requirements
For more information on ROMmon support for Route Processors (RPs), Embedded Services Processors (ESPs), Modular Interface Processors (MIPs), and Shared Port Adapter Interface Processors (SIPs) on Cisco ASR 1000 Series Aggregation Services Routers, see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/rommon/asr1000-rommon-upg-guide.html.
Note |
After upgrading the ROMmon to version 17.3(1r), you cannot revert it to a version earlier than 17.3(1r) for the following platforms:
This restriction is only applicable for these platforms. If you have upgraded to ROMmon version 17.3(1r) on any other platform, reverting to an earlier version of ROMmon is permitted and does not cause any technical issues. |
Related Documentation
-
Release Notes for Previous Versions of ASR 1000 Series Aggregation Services Routers
-
Hardware Guides for Cisco ASR 1000 Series Aggregation Services Routers
-
Configuration Guides for ASR 1000 Series Aggregation Services Routers
-
Product Landing Page for ASR 1000 Series Aggregation Services Routers
-
Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers
-
Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback