Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
About The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms
The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are best-of-breed, 5G-ready, cloud edge platforms designed for accelerated services, multi-layer security, cloud-native agility, and edge intelligence to accelerate your journey to cloud.
Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms with Cisco IOS XE SD-WAN Software deliver Cisco’s secure, cloud-scale SD-WAN solution for the branch. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are built for high performance and integrated SD-WAN Services along with flexibility to deliver security and networking services together from the cloud or on premises. It provides higher WAN port density and a redundant power supply capability. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms have a wide variety of interface options to choose from—ranging from lower and higher module density with backward compatibility to a variety of existing WAN, LAN, voice, and compute modules. Powered by Cisco IOS XE, fully programmable software architecture, and API support, these platforms can facilitate automation at scale to achieve zero-touch IT capability while migrating workloads to the cloud. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms also come with Trustworthy Solutions 2.0 infrastructure that secures the platforms against threats and vulnerabilities with integrity verification and remediation of threats.
The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are well suited for medium-sized and large enterprise branch offices for high WAN IPSec performance with integrated SD-WAN services.
For more information on the features and specifications of Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms, refer to the Cisco Catalyst 8300 Series Edge platforms datasheet.
![]() Note |
Sections in this documentation apply to all models of Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms unless a reference to a specific model is made explicitly. |
![]() Note |
Cisco IOS XE Dublin 17.12.1a is the first release for the Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms in the Cisco IOS XE Dublin 17.12.x release series. |
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
New and Changed Hardware and Software Features
Feature Navigator
You can use Cisco Feature Navigator (CFN) to find information about the software features, platform, and software image support on Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.
![]() Note |
To access CFN, you do not require an account on cisco.com. |
New and Changed Hardware Features
Hardware |
Description |
---|---|
The C-NIM-8M are the next generation LAN/WAN NIM modules that provide enhanced security, reliability, and performance. The Cisco C-NIM-8M module provides 2.5 Gbps mGig connectivity and supports UPoE+. Also, Cisco C-NIM-8M supports Layer 2 and Layer 3 configurable Ethernet network. |
New and Changed Software Features in Cisco IOS XE 17.12.6
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.5c
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.5b
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.5a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.4b
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.4a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.2
This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
Feature |
Description |
||||
---|---|---|---|---|---|
The Managed Cellular Activation solution provides a programmable subscriber identity module (SIM), called an eSIM, a physical SIM card that you can configure with a cellular service plan of your choice. When ordering a pluggable interface module (PIM) to provide cellular connectivity for your router, choose a PIM model with a preinstalled eSIM. The Managed Cellular Activation solution comes with a “bootstrap” cellular plan to provide internet connectivity with a limited amount of data intended only for Day 0 onboarding of the device to your cellular plan. For information about configuring Cisco SD-WAN Manager with the details of your cellular plan in preparation for onboarding the device, see the Cisco Managed Cellular Activation Configuration Guide. Prepare the configuration in Cisco SD-WAN Manager before powering on and onboarding the device, to avoid running out of the limited data in the bootstrap cellular plan. Added Cisco Managed Cellular Activation (eSIM) support for the following Pluggable Interface Module (PIM) model:
|
New and Changed Software Features in Cisco IOS XE 17.12.1a
Feature |
Description |
---|---|
The IPv6 Unicast Support feature introduces support for IPv6 dataplane to RAR Dynamic Link Exchange Protocol. |
|
This feature allows you to perform management operations for SD-Routing devices using Cisco Catalyst SD-WAN Manager. You can use a single network management system (Cisco Catalyst SD-WAN Manager) to monitor all the SD-Routing devices and therefore help in simplifying solution deployments. |
|
This enhancement introduces support for Quantum-Safe Encryption using Post-Quantum Preshared Keys for the following platforms:
|
|
Segment Routing (SR) can currently be applied on Multiprotocol Label Switching (MPLS) dataplane. From Cisco IOS XE 17.12.1a, SR is supported over the IPv6 dataplane for the following protocols:
In addition, the following functionalities are available for Segment Routing over IPv6 dataplane:
|
|
This feature allows you to delete the entries from the logging buffer. You can configure the local syslog retention period after which the entries are purged from the device automatically. To enable this feature, use the logging purge-log buffer days command. |
|
TrustSec and Software-Defined Access Scale Measurement |
With this feature, the scale numbers for TrustSec and Software-Defined Access (SDA) are measured for the following:
|
ROMMON Compatibility Matrix
The following table lists the ROMMON releases supported in Cisco IOS XE 17.12.x releases.
Platforms |
Cisco IOS XE Release |
Minimum ROMMON Release Supported for IOS XE |
Recommended ROMMON Release Supported for IOS XE |
---|---|---|---|
Catalyst 8300 Series Edge Platforms |
|||
C8300-1N1S-4T2X|6T |
17.12.1a |
17.3(1r) |
17.6(6r) |
C8300-2N2S-4T2X|6T |
17.12.1a |
17.3(1.2r) |
17.7(1r) |
Catalyst 8200 Series Edge Platforms |
|||
C8200-1N-4T |
17.12.1a |
17.4(1r) |
17.6(8.1r) |
C8200L-1N-4T |
17.12.1a |
17.5(1.1r) |
17.6(8.1r) |
Resolved and Open Bugs for Cisco IOS XE 17.12.x
Resolved Bugs in Cisco IOS XE 17.12.6
Identifier |
Headline |
---|---|
Multiple inside local addreses are translated to same inside global IP address and port. |
|
Endpoint tracker remains up status when DNS is reachable from the other interface. |
|
Large number of BFD sessions stuck due to out of window drops reported with control connections NAT flaps. |
|
SNMPwalk fails to consistently return tunnel names due to incomplete tunnel setup. |
|
Device reloaded with reason: Critical process cpp_ha_top_level_server fault on fp_0_0 (rc=69). |
|
Device - Deprecate "request platform software package expand" commands for upgrades. |
|
IKEv2 fails to parse certain route-set prefix Cisco VSA attributes from Radius server . |
|
Crash when clearing L2TP tunnels with the command "clear vpdn tunnel l2tp <ID>". |
|
BFD flap on public IP change on a private color tloc. |
|
Device crashes when applying a service-policy to a PO interface used as Tunnel source. |
|
Serial interface configuration lost after reload. |
|
FlexVPN - IP address assigned to spoke changes to unassigned. |
|
Configuring "access-class xx in vrf Mgmt-vrf" on line vty causes the âLogin Block" to be inactive. |
|
Startup config lost for interfaces NIM-(1|2)GE-CU-SFP. |
|
Unexpected reload due Critical process linux_iosd_image fault on rp_0_0 (rc=139). |
|
Adding "authorization bypass" to vDSP EEM scripts. |
|
Unexpected reload on cEdge due to performance monitor with packet service insertion from spoke. |
|
Cache Coherency rare timing race condition. |
|
Functional SJC Alpha 9840 eWLC HA- Standby eWLC reloads after upgrade to 17.17.1. |
|
cEdge unexpected reboot during dialer initialization. |
|
ip vrf receive command adds connected route to vrf table even though interface admin down. |
|
Device Terminal Server Drops protocol Sessions upon executing "Show Memory" Command. |
|
Memory leak on Chunk Manager via DBAL EVENTS process. |
|
Out of CGM (Class-Group Manager) memory intermittently with scaled ZBFW policy. |
|
Administrative distance of IPv6 static route to Cellular interface overwrite with 254. |
|
NTP will not authenticate with open source NTP servers using 32B cmac-aes-128. |
|
Device crashes with "Bad magic number in chunk header", with ACL logging hash-generation. |
|
Unexpected reload due to Segmentation fault on IP SLA DynHostName Process. |
|
Unexpected reboot on IOS-XE due prune on mcast. |
|
Unexpected reload of Standby during PKI Trustpoint removal. |
|
Ping failure from VRRP backup to VRRP primary virtual address when enabling security policy. |
|
Missing Calling-Station-ID (31) in Radius Accounting. |
|
Tx/Rx optical power values diffrent for "show int" and "show hw-module". |
|
Traecbacks seen on curie router while applying config on a clean router. |
|
Device High CPU on Virtual EXEC and TTY Background. |
|
ACL delete and reapply removes PBR mapping but TCAM is populated. |
|
Device crashes when running a NWPI trace initiated from vManage on version 20.12.4. |
|
Enable strict-kex support in IOS-SSH to address CVE-2023-48795 (aka Terrapin Attack). |
|
PPP is not establishing when l2tp over ipsec. |
|
FLOWDB_OOM condition can lead to packet loss with GRE non-IPSEC tunnel. |
|
Memory Leak observed in IPSEC/IKE session bringup with Cert-based Authentication. |
|
Memory leak in nbar-sdavc-scheduler. |
|
Tunnel delete/create flaps unexpectedly for PWK case for private control NAT changes |
|
Crash When "show running-config full | format" Begins to Print QoS Policy-map Config. |
|
Crash occurs during haripin call. |
|
Crash when receiving BGP MVPN update/withdraw with BGP MVPN update debug enabled. |
|
ESP crash @stile_check_and_run_mpe_after_ft (). |
|
Device: confd_cli high cpu utilization after executing "show zbfw-dp sessions | tab" |
Open Bugs in Cisco IOS XE 17.12.6
Identifier |
Headline |
---|---|
Missing Calling-Station-ID in radius messages. |
|
Unexpected reload after importing subca chain. |
|
Device: confd / SMP crash. |
|
Unexpected reload while running a Speed Test from vManage and leaving the page before it completes. |
|
"NHRP Encap Error for Purge Request" populates on spoke despite correct routing at HUB. |
|
Device: Subject polaris_iosd_t denials. |
|
RP crash while debugging IKEv2. |
|
CTS Trustpoint loop triggers PKI segfault. |
Resolved Bugs in Cisco IOS XE 17.12.5c
Identifier |
Headline |
---|---|
FNF AOR might have double-free risk. |
|
After upgrade to 17.9.4a, Cellular Interface IP ADDRESS NEGOTIATED mismatch. |
|
Silent reboot with "cpp_ha_top_level_server fault on fp_0_0", CpuCatastrophicError. |
Open Bugs in Cisco IOS XE 17.12.5c
There are no customer impacting bugs that were identified in this release.
Resolved Bugs - Cisco IOS XE 17.12.5b
Identifier |
Headline |
---|---|
IPsec-related crash on an IOS-XE device. |
Open Bugs - Cisco IOS XE 17.12.5b
There are no customer impacting bugs that were identified in this release.
Resolved Bugs in Cisco IOS XE 17.12.5a
Bug ID |
Description |
---|---|
vDSP container network mask mismatches with VPG interface. |
|
Ping failed on cellular interface - tail drop observed on Cellular interface. |
|
GETVPN / Migrating to new KEK RSA key doesn't trigger GM re-registration. |
|
Config and dp show command don’t match the dp oper output. |
|
Device DSL module gets stuck in a booting state. |
|
IOS-XE Port-channel sub-interface overload Port-channel interface must be created first and delete. |
|
Deleting and adding the rules in a ZBFW policy with 510 rules results in traffic drop. |
|
Software crash on device - Last reload reason: Critical software exception. |
|
Found Core files in device for suit cEdgePolicy_serv_ipv6_trans_ipv4. |
|
IOSd crash after radium boot up and online. |
|
Enable BFD L2 messages in the Punt path for devices. |
|
Device: C-NIM-1M with 1G; Memb-intf add to portchannel fails with 'Error: Interface type mismatch'. |
|
IPv6 flowspec nexthop redirect policy not redirecting the traffic on IOS XE. |
|
Unexpected reload due to "cpp-mcplo-ucode" Process when handling fragments with SRv6 routing. |
|
Unencrypted traffic due to Non-Functional IPsec tunnel in FLEXVPN hub & spoke setup. |
|
Device crashed due to IOSXE_INFRA-2-FATAL_NO_PUNT_KEEPALIVE. |
|
OMP is redistributing summary routes in the service VPN even though the exact networks don't exist. |
|
C-NIM-1X sometimes print "FPGA firmware is upgraded. Need to reload the module". |
|
Device null-way audio within the same layer2. |
|
Inbound calls through VG400 results in phantom calls (64.3.0, 60.1.4, 62.3.3). |
|
LLDP packets dropped when came through active port-channel interface. |
|
P-5GS6-GL FN980 modem fW upgrade failing when two modems on device. |
|
Endpoint Tracker does not fail if default route is removed. |
|
Cellular connection is picking the wrong profile. |
|
RRI static not populating route after reload if stateful IPSec is configured. |
|
MGCP GW fails to respond with 250 OK when there's a delay from dataplane in gathering stats. |
|
Procyon synchronize DTL does not wait until complete due to compiler optimization. |
|
Cisco IOS and IOS XE SNMP Denial of Service Vulnerabilities. |
|
Cisco IOS, IOS XE, and IOS XR SNMP Denial of Service Vulnerabilities. |
|
Cisco IOS and IOS XE SNMP Denial of Service Vulnerabilities. |
|
Cisco IOS and IOS XE SNMP Denial of Service Vulnerabilities. |
|
Cisco IOS and IOS XE SNMP Denial of Service Vulnerabilities. |
|
Cisco IOS and IOS XE SNMP Denial of Service Vulnerabilities. |
|
Dial-peer never recovers an active state if it goes partial or busyout. |
|
Dial-peer never recovers an active state if it goes partial or busyout. |
|
CUBE gets forked 180 and 183 with SDP, CUBE is not adding SRTP key when sending 183, causing failure. |
|
CUBE incorrectly offers rtp instead of srtp in 200OK for srtp fallback scenario. |
|
CDR file accounting creates dummy files. |
|
Optimize voip trace handling with tenants. |
|
Crash observed on router, while performing the conference call. |
|
Router crash during SGW sync in VOICE REG BG Process. |
|
CUBE doesn't relay/pass 488 Media Unacceptable from one leg to another leg for FAX (T.38) Re-INVITEs. |
|
IOS-XE unexpected reboot after CLI "show sip-ua connection". |
|
Memory leak under *Dead* caused by AFW_application_proc. |
|
Router cube sip-ua commands lost after reload. |
|
CDR file accounting credentials exposure. |
|
MWI app not registering on Vcube. |
|
Cannot dial to/from phone after it reboots in survivability mode. |
|
CUBE memory leak for SIP out-of-dialog SUBSCRIBE under CCSIP_SPI_CONTROL process. |
|
"setPthruCryptoData: mfPthruCrypto NULL" showing up excessively in the log. |
|
OOD Subscribe with event message-summary is causing memory leak on CUBE. |
|
No audio issue on call transfer and conference. |
|
HA Module DSP_MSP reported CALL_MODIFY RECREATE failure on standby. |
|
Memory leak under *Dead* caused by AFW_application_proc. |
Open Bugs in Cisco IOS XE 17.12.5a
Identifier |
Headline |
---|---|
Device Breakout Port fails to initialize. |
|
BFD flapping on PWK ipsec-rekey on all cEdge. |
|
Upgrade from vmanage declared successful even though device boots up with different version than requested. |
Resolved Bugs - Cisco IOS XE 17.12.4b
There are no customer impacting bugs that were fixed in this release.
Open Bugs - Cisco IOS XE 17.12.4b
There are no customer impacting bugs that were identified in this release.
Resolved Bugs in Cisco IOS XE 17.12.4a
Identifier |
Headline |
---|---|
ZBFW TCAM misprogramming after rules are reordered on the device - CCE changes. |
|
CPP unexpectedly reboot due to QFP CPP stuck at waiting for rw_lock - Lock id of 0 released. |
|
Endpoint tracker using DNS does not log "DOWN" message when DNS server reachability is lost. |
|
HTX: UTD snort crash at memif_shm_peek_first_packet (handle=0x0). |
|
Memory Leak due to security violation by new MAC address and '"Del Pend" object increases - ACE_IPV4. |
|
ZBFW TCAM misprogramming after rules are reordered on the device. |
|
Memory leak in fman_rp under acl_db. |
|
SAP traffic impacted by UTD security on the device. |
|
CPP crashed during UTD security policy config on the device. |
Open Bugs in Cisco IOS XE 17.12.4a
There are no customer impacting bugs that were identified in this release.
Resolved Bugs in Cisco IOS XE 17.12.4
Identifier |
Headline |
---|---|
Fragmented authentication packets in the Crypto IKEv2 protocol are being identified as malformed by devices from third-party vendors. |
|
Default setting of Global Punt Policer burst needs to be increased. |
|
GETVPN COOP KS: Incorrect severity level for rekey acknowledgement configuration mismatch log message. |
|
Device: Router crashed on increasing the gatekeeper cache size. |
|
Device: Port-channel with service instances down on C-NIM-2T module. |
|
UCS-E160S module remains in a booting state with the device. |
|
The SFP EN LED on the device does not light up after the interface is enabled with the no shutdown command. |
|
Device: Kernel crash over continuous reloads. |
|
The SFP interface on the device is shut down, but the interface on the connected device remains up. |
|
Unexpected reboot in WLC due to SSL. |
|
Device: PCM captures on voice-port fail or cause NIM module reloads. |
|
Memory leak in the crypto IKMP process . |
|
Device: ROMMON 17.6(8.1r) release for auto-upgrade. |
|
NAT46 translations are dropped when the NAT64 router also functions as a Carrier Supporting Carrier (CSC) Customer Edge (CE) device. |
|
"crypto pki certificate pool" in the running configuration. |
|
Failure to communicate a period of time after the stp status changes. |
|
The IR1800 PnP process gets stuck when using Verizon cellular backhaul. |
|
Segmentation Fault - The process causing the issue is the IPSec dummy packet process. |
|
IPsec tunnel fails to establish due to error IPSec policy invalidated proposal. |
|
MGCP GW does not respond with 250 OK for a DLCX leading to DLCX loop from CUCM side. |
|
show sdwan policy service-path command displays inconsistent results with app name specified. |
|
Only one split-exclude subnet is pushed to client PC with IOS-XE headend for a RA VPN connection. |
|
The NAT pool is not functioning under a 16 prefix. The number of available addresses is zero. |
|
Unexpected reboot due cpp ucode on device. |
|
Router unable to boot with C-NIM-8T module. |
|
Memory leak in Crypto IKEv2 due to C_NewObject. |
|
The router crashed when the port-channel interface flapped while using a large number of per-tunnel QoS policies. |
|
Device: In IOS XE 17.9, the entSensorThresholdValue OID for PDU1 is missing. |
|
Enhancement: Configuration parser issue for NAT with extendable and redundancy options. |
|
Disabling PMTU Discovery along with an MTU change and BFD flap disrupts packet duplication. |
|
C-NIM-2T: macsec not working under LACP port-channel member port. |
|
Trim installed certificate on upgrade. |
|
Reload in tcp_sanity due to l4 pointer not set. |
|
(SWI Case 01257768) Firmware upgrade does not work properly on P-LTE-MNA with IOS versions 17.12.1a and 17.12.2. | |
AnyConnect connection trough IPSec fails when connecting from an RDP user to an IOS/IOS-XE headend. |
|
Segmentation fault and core files are seen on IOS-XE in controller-manged SD-WAN due to speedtest. |
|
ipv6 tcp adjust-mss not working after delete and reconfigure. |
|
AAA authorization failure during IKEv2 phase negotiation caused unexpected reboot. |
|
Device: Unexpected reload when using the packet trace feature. |
|
Device can only store 64 FQDN patterns, but config accepts more than 64. |
|
CUBE - "rtp port range" configuration lost under "voice service voip" after reload. |
|
Wrong audio rtp packet marking for SCCP SRST. |
|
Password created with "key config-key password-encrypt" ending with a "\" are lost after reload. |
|
SIPREC Secure media forking -1 of 2 Audio Streams is encrypted due to same key sent for both streams. |
|
CUBE incorrectly changes the dtmf payload in asymmetric case. |
|
History-Info header compatibility between CUBE and MS Direct Routing. |
|
CUBE Media Proxy(CMP) dual forking not working after upgrade. |
|
Router may crash during transfer call flow in SRST. |
|
Unexpected reload caused by crash in 'Skinny Msg Server' process. |
|
Media forking not working in CUBE. |
|
SIP cause code incorrect for CCAPI cause code 31. |
|
"authentication" command under dial-peer is missing "challenge. |
|
Router experiences memory leak in ucode_pkt_PPE0 process. |
|
No memory seen in standby router . |
|
AOR is not updating the number, when SGW initiates a call to TDM. |
|
After reload, SRST running on router fails to register SCCP phones. |
Open Bugs in Cisco IOS XE 17.12.4
Identifier |
Headline |
---|---|
Unconfiguring EVC will not restore the original MAC filter table entries on the interface. |
|
Create CLI to push at#enadis=0 followed with at#reboot to FN980 required when configuring Multi-PDN. |
|
After the device is reloaded, the NAT (Network Address Translation) command becomes unreadable or is not displayed correctly. |
|
GETVPN / Migrating to new KEK RSA key does not trigger GM re-registration. |
|
DSL module gets stuck in the booting state. |
|
UCSE interface shutdown setting mismatch. |
|
Kernel crash after continuous reloads. |
|
Traceback observed @_nhrp_cache_delete due to negative global cache count. |
|
Unable to build two IPSec SAs w/same source/destination where one peer is PAT'd through the other |
|
Mean queue calculation is incorrect on WRED hierarchical QoS. |
|
Watchdog crash during IPv6 cef adjacency routines. |
|
Startup configuration failure post PKI server enablement. |
|
IOS XE Controller Mode: WAN IP can be configured as the SYSTEM IP. |
|
17.13 : 8300 2 RU : confd / SMP crash. |
|
C-NIM-1M with 1G; Memb-intf add to portchannel fails with the error: Interface type mismatch. |
|
10G front-panel port does not go down on single-mode fiber when the Rx side goes down. |
|
SD-WAN ZBFW TCAM misprogramming occurs after rules are reordered on the device. |
|
Unencrypted traffic due to a non-functional IPsec tunnel in a FlexVPN hub-and-spoke setup. |
|
100G/40G QSFP fiber link reports a link-flap error when the peer device reloads. |
|
High CPU utilisation for confd_cli. |
|
Crash due a segmentation fault due to a negative value. |
|
The STCAPP command is no longer present in the configuration after the device undergoes a reload. |
|
C-NIM-1X occasionally prints "FPGA firmware is upgraded. Need to reload the module." |
|
After deleting a NAT configuration, the IP address still shows up in routing table. |
|
Key manager crashes after changing the hostname with usage keys. |
|
Device reloaded due to ezManage mobile app service. |
|
Inbound calls through VG400 results in phantom calls (64.3.0, 60.1.4, 62.3.3) |
|
Unexpected reboot due to IOSXE-WATCHDOG DBAL EVENTS after Cellular interface flap. |
|
Device crashed unexpectedly after a successful WGB/AP configuration deployment from OD. |
|
FN980 modem firmware upgrade fails when two modems are present on the device. |
|
IOS XE: Traffic is not encrypted and is dropped over the IPSEC SVTI tunnel. |
|
C1118-8P / DSL router crashing due to %PLATFORM-3-ELEMENT_CRITICAL memory level / iomd process. |
|
Repeated and endless messages "Network change event - activated 4G Carrier Aggregation." |
|
IKEv2 session goes down after a reload if the local identity address is assigned to an interface on the switch. |
Resolved Bugs - Cisco IOS XE 17.12.3a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Bug ID |
Description |
---|---|
Template attach fail with unknown element: ssh-version in /ios:native/ios:ip/ios:ssh |
|
PPPoE with NAT DIA feature validation failed post upgrade. |
Resolved Bugs in Cisco IOS XE 17.12.3
Identifier |
Headline |
---|---|
Device keeps crashing when processing a firewall feature. |
|
IKEv2 - diagnose feature is taking 11% CPU during the session bring up. |
|
Platform USB disable will not work once USB is removed and inserted in a device. |
|
NAT HSL logging vrf-filter does not work on the device. |
|
Warning and critical CPU utilization thresholds not recomputed when using data-plane-heavy mode. |
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
SNMP unable to poll SD-WAN tunnel data after a minute. |
|
SKA_PUBKEY_DB leak in TDL. |
|
Security policy w/IPS external syslog config failing generation for specific device models. |
|
Endpoint tracker triggers a CPU hog. |
|
ZBFW is not able to detect packets on TenGig interface. |
|
Adding verbose log to indicate grant ra-auto un configures grant auto in PKI server. |
|
C-NIM-2T cannot boot up in full configuration: 6x C-NIM-2T + IOS 17.12.02. |
|
When two or more IP phones located on the NAT outside network register with the same server, the device generates incorrect or malformed NAT entries. |
|
Mobile-app causing excessive authorization attempts with a Null Username. |
|
The system experienced an unexpected reboot after setting up the control plane for EVPN MPLS and is starting to receive packets. |
|
Device may crash due to Crypto IKMP process. |
|
VG410 audio loss for 4 seconds. |
|
PKI crash after failing a CRL fetch. |
|
Device crash with segmentation fault(11), Process = NHRP when processing NHRP traffic. |
|
CUBE device unexpectedly reloads while fetching certificate trustpool for SIP TLS. |
|
Epbr will generate error when the policy is added and deleted multiple times. |
|
One-way RTP issue including DSP Timeout Messages. |
|
Unexpected reboot while dispalying information from cleared SSS session . |
|
PMTUD incorrectly converging without attempting to learn a higher MTU. |
|
Cannot disable DMVPN logging in IOS-XE 17.8 and higher. |
|
Device should discard IKE notification messages with incorrect DOI. |
|
Device dropping IPsec traffic when SVI is used as source for DMVPN tunnel. |
|
Race condition crash on device. |
|
Frame Relay DTE router crashes due to EXMEM exhaustion. |
|
cpp_mcplo_ucode crash with port-channel and NAT. |
|
ftmd crash observed in ENCS platform while running PWK suite. |
|
When attempting an ATO (Assured Tactical Operations), the session fails to establish through the tunnel after repeatedly shutting down and re-enabling the connection in a loop, which simulates unplugging and plugging back in the cable on the customer's end. |
|
IPsec traffic is being dropped on Strongswan when PPK is implemented. |
|
Packet drops observed between LISP EID over GRE tunnel. |
|
Failed to upgrade device via Cisco SD-WAN Manager due to error: system config has been modified. |
|
C-NIM-2T w/SwitzerCC in unable to boot up in IOS. |
|
AAA:Template push fail when aaa authorization is set to local. |
Open Bugs in Cisco IOS XE 17.12.3
Identifier |
Headline |
---|---|
Creating a CLI to push at#enadis=0 followed with at#reboot to FN980 is required when configuring Multi-PDN. |
|
Device SFP interface shut down, but opposing device interface is still up. |
|
Critical process cpp_ha_top_level_server fault on fp_0_0 (rc=69). |
|
Device: L2TP xconnect stops forwarding traffic after a new subinterface is added. |
|
NAT command is not readable after the system is reloaded. |
|
Device: Shared HSRP vMAC between multiple interfaces causes a data plane problem. |
|
After deleting and reconfiguring the IPv6 TCP adjust-MSS setting, it is not functioning correctly. |
|
The system unexpectedly restarts when executing the command 'show running-config full | format'. |
|
When the peer device restarts, the device, which uses a QSFP fiber connection for 100G/40G, reports a link-flap error. |
|
The UCS-E160S module is stuck in the booting state while being used in a device. |
|
The device has a limitation of storing only 64 Fully Qualified Domain Name (FQDN) patterns, yet the configuration allows the input of more than 64 FQDNs. |
Resolved Bugs in Cisco IOS XE 17.12.2
Identifier |
Headline |
---|---|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z. |
|
Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over IPsec cannot be applied. |
|
Using special characters in the password while generating TP generates an invalid TP. |
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is requested and deleted. |
|
DDNS update retransmission timer fails to work with a traceback error. |
|
Device HSRP received unexpected active hello packet when the interface is recovered. |
|
Device crashes@crypto_map_unlock_map_head. |
|
Device data plane crash in Umbrella/OpenDNS processing due to incorrect UDP length. |
|
Crashed by track client thread at access invalid memory location. |
|
CPU usage mismatch in show sdwan system status vs show process cpu platform |
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
Flowspec on device does not revoke. |
|
Crash when modifying tunnel after running show crypto command. |
|
Device observes memory leak at process "SSS Manager". |
|
Memory leak with pubd. |
|
ip name-server command not pushed. |
|
IOS process crash during VRRP hash table lookup. |
|
Device running IOS-XE crashes when removing FQDN ACL. |
|
NTP authentication removed after reload using more than 16 bytes. |
|
Segmentation fault at IPv6 BGP backup route notification. |
|
Cisco IOx application hosting environment privilege escalation vulnerability. |
|
WLC unexpected ueload due to segmentation fault in WNCD process. |
|
Unable to migrate from ADSL to VDSL without reboot. |
|
Extranet multicast code improvements for better handling of data structure. |
|
VC down due to control-word negotiation. |
|
BDI + NTP configuration puts DMI process in degraded mode. |
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper |
Open Bugs in Cisco IOS XE 17.12.2
Identifier |
Headline |
---|---|
Router keeps crashing when processing a firewall feature. |
|
Segmentation fault crash with Network Mobility Services Protocol (NMSP). |
|
The platform USB disable will not work once USB is removed and inserted. |
|
Warning and critical CPU utilization thresholds not recomputed when using data-plane-heavy mode. |
|
Displays faulty Output for show int te0/0/0 transceiver command. |
|
HSEC license installation from the workflow does not complete. |
|
SNMP unable to poll Cisco SD-WAN tunnel data after a minute. |
|
Add verbose log to indicate grant ra-auto un configures grant auto in PKI server. |
|
Unexpected reboot after establishing control plane of EVPN MPLS and receiving packets. |
|
Device requires Shut/No Shut to populate IP address from modem to host. |
|
Router unexpectedly reloads while fetching certificate trustpool for SIP TLS. |
|
Silent reload due to LocalSoftADR causes crash without core file. |
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
Router crash with segmentation fault (11), Process = NHRP when processing NHRP traffic |
|
Device driver is not sending NGIO packets to UCSE after the router reload. |
|
NAT Pool does not working under prefix 16. Available address = zero. |
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper. |
|
Unexpected reboot while dispalying information from cleared SSS session. |
|
PMTUD incorrectly converging without attempting to learn a higher MTU. |
|
Device crashed unexpectedly after a successful WGB/AP config deployment from OD. |
|
Packets with L2TP headers cause device to crash. |
|
NHRP phase 3 spoke-spoke cache got purged after 5-6 hours with always on traffic running. |
|
After removing the USB from the device, the files copied to it will be deleted. |
|
IOS XE:Traffic not encrypted and droped over PSec SVTI tunnel. |
|
Unable to disable DMVPN logging. |
|
Enable SoS/ROC feature for DSL. |
|
Frame relay DTE router crashes due to EXMEM exhaustion. |
|
IPv6 SPD min/max defaulting to values 1 and 2. |
|
High CPU due to MPLS MIB poll. |
|
WNCD process crashes. |
|
VPLS IRB not working when traffic came from VPNv4 and next-hop is learned over VPLS. |
|
pubd process showing high CPU utilization. |
|
1Gig int on device using GLC-SX-MMD are down/down after changing connection. |
|
Memory leak with pubd. |
|
Convergence improvement after device reboot with mVPN profile 14. |
|
NETCONF: DMI enters degraded mode caused by BGP neighbor configured under the SCOPE command. |
|
FIB/LFIB inconsistency after BGP flap. |
|
IOS XE router may experience "%FMANRP_QOS-4-MPOLCHECKDETAIL:" errors. |
|
EEM is running daily instead of weekly or monthly if special strings @weekly or @monthly are used. |
|
Mismatch between the resource allocation and "app-resource profile custom" configuration. |
|
Incorrect local MPLS label in CEF after BGP flap. |
|
Cisco IOS-XE IPv6 based subscription telemetry does not work. |
|
Guestshell connectivity not working with NAT overload. |
|
SDA - using "spt-threshold infinity" and having LHR+FHR can cause the S,G to be pruned on the RP. |
|
Unexpected reload when using rsh/rcmd. |
|
Locally generated traffic received on incorrect interface inbound and dropped by ACL. |
|
WLC unable to get telemetry data due to pubd unexpected reload and fail. |
|
Device crash due to dhcpd_binding_check. |
|
Site tag change wncd working/failing EAP-TLS. |
|
ARP incomplete in VRF Mgmt-intf - G0/0/0 - Switch -G0. |
|
LLDP location information not sent when configured. |
|
clear bgp command does not consider AFIs when used with update-group option. |
|
Device sending incomplete SGT to ISE. |
|
Only portion of HSRP config being pushed via CLI ADDON template. |
|
"match pktlen-range" does not work with GRE/IPSEC GRE. |
|
In the show tech file, "enable secret" does not get hidden. |
|
Unexpected reload on device ucode core @l2_dst_output_goto_output_feature_ext_path. |
|
ISIS crash in local uloop. |
|
Wrong /32 self, complete map-cache entry for fabric hosts on iBN when overlapping summary exists. |
|
Member interface config not applied with mis-match in pcakages.conf files. |
|
WLC not sending accounting start for user auth after machine auth on 9105AXW RLAN dot1x port. |
|
Router unexpectedly reloads while using DHCP for ISG. |
|
IOS-XE router not installing classless-static-routes from DHCP option 121. |
|
SVL, 10G link on the active chassis will go down after reload. |
|
Device sync fails when device prompt comes along with device banner and TACACS is used. |
|
Unexpected reboot in device due to SISF and STP initialization. |
|
Crash on device polling SPA sensor data. |
|
VLAN name mismatch when authorizing vlan name from radius server and enable vlan fallback. |
|
Password getting visible for the mask-secret in show logging. |
|
Upgrade failing with config check track-id-name. |
|
CTS CORE process crash after configuring role based ACL. |
|
IPv6 traffic is passing through when the client is in Webauth Pending state (CWA). |
|
Option 121 never requested by IOS-XE client. |
|
[IPv6 BGP] multiple sourced paths present for the same prefix. |
|
IP SPD queue thresholds are out of range. |
|
CBQoS polling for the object cbQosCMPostPolicyBitRate returns incorrect value. |
|
Device unexpected reload. |
|
After migration MAC/IP only MAC is advertised. |
|
"BGP Router" process crash. |
|
Memory leak under MallocLite/AAA proxy with NETCONF/RESTCONF. |
|
Memory leak in linux_iosd-imag due to SNMP. |
|
After a reboot, EAP-FAST/PEAP does not authenticate unless credentials are changed. |
Resolved Bugs in Cisco IOS XE 17.12.1a
Identifier |
Headline |
---|---|
Not all HSL entries get pushed to device if more than 1 HSL entries are configured. |
|
Issues/discrepancies around CPU alarms generated and sent to device. |
|
FHRP stay in active/active state after physical interface flap. |
|
TLS control-connections down, traffic from controller dropped with SDWAN Implicit ACL Drop. |
|
MACsec remains marked as secured, but randomly the traffic stops working. |
|
Route-map not getting effect when its applied in OMP for BGP routes. |
|
Unexpected behavior due to unstable power source. |
|
(EPC, packet-trace) for IPsec running COFF (Crypto Offload). |
|
Certificate output is not getting changed on renew when Cloud Certificate Authorization is Automated. |
|
NAT ALG is changing the Call-ID within SIP message header causing calls to fail. |
|
Router upgrade fails due to advertise aggregate with VRF. |
|
AAR: BoW feature ignoring color preference from Tiered Transport preference configuration. |
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
ROMMON for auto-upgrade. |
|
Crash seen when umbrella/zscaler template pushed to device when name_lookup takes > 30 sec. |
|
NAT entries expire on Standby Router. |
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
Platform punt-policer is not configurable. |
|
For some error condition platform_properties may double free. |
|
Same label is assigned to different VRFs. |
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
Auto-Update Cycle incorrectly deletes certificates. |
|
All usb internal communcation is closed when using platform usb disable command. |
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value. |
|
Device BFD Session Down with interface flap. |
|
Double GR_Additional log enablement defect. |
|
Segmentation fault in PB rx when per-tunnel qos config withdraw. |
|
No way audio when using secure Hardware conference with secure endpoints. |
|
IOS-XE cpp crash when entering no ip nat create flow-entries. |
|
AAR overlay actions are applied to DIA traffic. |
|
Configuring entity-information xpath filter causes syslogs to print, does not return data. |
|
Device unexpected reload when doing ips test with UTD IPS engine. |
|
Autotunnel Ipsec tracker: Tracker does not come up at all on vedge. |
|
AppNav-XE: Policy-map edit on cluster with multiple service context fails to program TCAM. |
|
Non-fabric- Load the minimal bootstrap configs again if device rebooted without saving the configs. |
|
Port-channel DPI Load-Balancing not utilizing all the member-links. |
|
GARP on port up/up status from router is not received by remote peer device. |
|
Enable VFR CLI. |
|
Telstra Cert: FN980 modem (P-5GS6-GL) is showing 4 additional NR bands support - 1, 3, 7, and 28. |
Open Bugs in Cisco IOS XE 17.12.1a
Identifier |
Headline |
---|---|
Changes to speed on the interface via CLI/GUI dont go through unless first done via shell access. |
|
Unable to configure crypto map on a physical interface due to which crypto map-based VPN's cannot be formed. |
|
Router unexpectedly reloads due to 'LocalSoft'. |
|
Using special characters in the password while generating TP generates an invalid TP. |
|
APN password in plain text when Cellular controller profile is configured. |
|
Punt keep alive failure crash on controller managed device apparently due to data packets. |
|
With Pure IPV6, minimal bootstrap unable to onboard Non-Fabric - ipv6 config missing in wan int G1. |
|
Misprograming during vpn-list change under data policy. |
|
Router Silent Reload due to CpuCatastrophicError. |
|
SFP transceiver DOM not working after some time, however interface forwards the traffic as expected. |
|
BFD going down for newly onboarded device. |
|
Rapid memory leak on ngiolite process. |
|
No licenses in use after upgrading from Traditional to Smart licensing IOS-XE versions. | |
Speed tests to internet from device triggered will fail sometimes. |
|
Unexpected reboot due QFP UCode due to IPSec functions. |
|
Show run and other show commands not in sync after removing GigabitEthernet3. |
|
NAT64 prefix is not originated into OMP. |
|
Crash when modifying tunnel after running show crypto commands. |
|
SIP calls not working on device with ZBFW enabled. |
|
Could not access any device show commands at all. |
|
RP3 observes Memory Leak at process SSS Manager. |
|
Configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
ITU channel configuration seems not working on router. |
|
Unable to migrate from ADSL to VDSL without reboot on device. |
|
SDRA-SSLVPN : The SSLVPN session closes with re-authentication error after some interval of time. |
|
Traffic forwarded to wrong VPN hence traffic gets wrong zonepair matched and gets dropped. |
|
IPv4 connectivity over PPP not restored after reload. |
|
OMP to BGP Redistribution Leads to Incorrect AS_Path Installation on Chosen Next-Hop. |
|
Unexpected reboot due qfp Ucode due to IPsec functions. |
|
BFD Entries Removed. |
|
Router has Local Soft ADR crash, writes flat core, and reloads. |
|
Multiple Crashes observed on device platform due to Memory Exhaustion. |
|
Static route keep advertising via OMP even though there is no route. |
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
B2B NAT: when configration ip nat inside/outside on VASI intereface,ack/seq number abnormal. |
|
Device crashes with crypto map unlock map head. |
|
Device uses the NIM-1T/4T card for interconnection, and NAT with GRE over IPsec cannot be applied. |
|
C-NIM-2T: LED L remains green after port shutdown. |
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business results you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.