Full Cisco Trademarks with Software License

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

About The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms


Note

The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.


The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are best-of-breed, 5G-ready, cloud edge platforms designed for accelerated services, multi-layer security, cloud-native agility, and edge intelligence to accelerate your journey to cloud.

Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms with Cisco IOS XE SD-WAN Software deliver Cisco’s secure, cloud-scale SD-WAN solution for the branch. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are built for high performance and integrated SD-WAN Services along with flexibility to deliver security and networking services together from the cloud or on premises. It provides higher WAN port density and a redundant power supply capability. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms have a wide variety of interface options to choose from—ranging from lower and higher module density with backward compatibility to a variety of existing WAN, LAN, voice, and compute modules. Powered by Cisco IOS XE, fully programmable software architecture, and API support, these platforms can facilitate automation at scale to achieve zero-touch IT capability while migrating workloads to the cloud. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms also come with Trustworthy Solutions 2.0 infrastructure that secures the platforms against threats and vulnerabilities with integrity verification and remediation of threats.

The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are well suited for medium-sized and large enterprise branch offices for high WAN IPSec performance with integrated SD-WAN services.

For more information on the features and specifications of Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms, refer to the Cisco Catalyst 8300 Series Edge platforms datasheet.


Note

Sections in this documentation apply to all models of Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms unless a reference to a specific model is made explicitly.



Note

Starting with Cisco IOS XE Amsterdam 17.3.2, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.

The licensing utilities and user interfaces that are affected by this limitation include only the following:

  • Cisco Smart Software Manager (CSSM),

  • Cisco Smart License Utility (CSLU), and

  • Smart Software Manager On-Prem (SSM On-Prem)



Note

Cisco IOS XE Cupertino17.9.1a is the first release for the Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms in the Cisco IOS XE Cupertino 17.9.x release series.


Hardware and Software Features-New and Changed

New and Changed Hardware Features

There are no new hardware features in this release.

New and Changed Software Features

Feature Navigator

You can use Cisco Feature Navigator (CFN) to find information about the software features, platform, and software image support on Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.


Note

To access CFN, you do not require an account on cisco.com.


New Software Features

Table 1. Software Features in Cisco Catalyst 8200 and Cisco Catalyst 8300 Series Edge Platforms IOS XE Cupertino 17.9.1a

Feature

Discription

10G SFP Module Support on Cisco Catalyst 8300 Edge Series Platforms

Cisco Catalyst 8300 Edge Series Platforms now supports 10G SFP module. For the complete list of supported SFP modules, see the Optics Compatibility Matrix.

IPsec Dual Stack Support on Non Cisco Devices

This feature provides the capabilities to carry both IPv4 and IPv6 traffic using a single IPsec Security Association (SA) that is tunnelled over IPv4. From IOS XE release 17.9.1a onwards, Cisco supports specific subnets in the access control list when the ingress end of the tunnel interface is configured with a third party IPsec client. With the introduction of the SVTI single security association dual stack feature, you can now manage the business-to-business services and other IOT business efficiently.

Support for BGP additional paths with label-unicast unique mode

This enhancement introduces support for configuring BGP additional paths when label-unicast unique mode is configured.

Support for Unicast-to-Multicast Destination Reflection

This feature introduces support for configuration of unicast-to-multicast destination reflection to facilitate unicast-to-multicast destination translation and unicast-to-multicast destination splitting. It also provides the capability for users to translate externally received unicast destination addresses to multicast addresses.

Smart Licensing Using Policy Features

New mechanism to send data privacy related information

A new mechanism to send data privacy related information was introduced. This information is no longer included in a RUM report.

If data privacy is disabled (no license smart privacy {all|hostname|version} command in global configuration mode), data privacy related information is sent in a separate sync message or offline file.

Depending on the topology you have implemented, the product instance initiates the sending of this information in a separate message, or CSLU and SSM On-Prem initiates the retrieval of this information from the product instance, or this information is saved in an offline file.

For more information, see license smart (global config).

Hostname support

Support for sending hostname information was introduced.

If you configure a hostname on the product instance and disable the corresponding privacy setting (no license smart privacy hostname command in global configuration mode), hostname information is sent from the product instance, in a separate sync message or offline file.

Depending on the topology you have implemented, the hostname information is received by CSSM, CSLU, and SSM On-Prem. It is then displayed on the corresponding user interface.

For more information, see license smart (global config).

Note 

With the introduction of this enhancement, the hostname limitation which existed from Cisco IOS XE Amsterdam 17.3.2 to Cisco IOS XE Cupertino 17.8.x – is removed. In these earlier releases, hostname information is not sent or displayed on various licensing utilities (CSSM, CSLU, and SSM On-Prem).

RUM Report Throttling

For all topologies where the product instance initiates communication, the minimum reporting frequency is throttled to one day. This means the product instance does not send more than one RUM report a day.

The affected topologies are: Connected Directly to CSSM, Connected to CSSM Through CSLU (product instance-initiated communication), CSLU Disconnected from CSSM (product instance-initiated communication), and SSM On-Prem Deployment (product instance-initiated communication).

This resolves the problem of too many RUM reports being generated and sent for certain licenses. It also resolves the memory-related issues and system slow-down that was caused by an excessive generation of RUM reports.

You can override the reporting frequency throttling, by entering the license smart sync command in privileged EXEC mode. This triggers an on-demand synchronization with CSSM or CSLU, or SSM On-Prem, to send and receive any pending data.

RUM report throttling also applies to the Cisco IOS XE Amsterdam 17.3.6 and later releases of the 17.3.x train, and Cisco IOS XE Bengaluru 17.6.4 and later releases of the 17.6.x train. From Cisco IOS XE Cupertino 17.9.1, RUM report throttling is applicable to all subsequent releases.

Virtual Routing and Forwarding (VRF) Support

On a product instance where VRF is supported, you can configure the license smart vrf vrf_string command and use a VRF to send licensing data to CSSM, or CSLU, or SSM On-Prem.

Note 
When using a VRF, the supported transport types are smart and cslu only.)

For more information, see license smart (global config).

ROMMON Compatibility Matrix

The following table lists the ROMMON releases supported in Cisco IOS XE 17.9.x releases.

Table 2. Minimum and Recommended ROMMON Releases Supported on Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms respectively

Platforms

Cisco IOS XE Release

Minimum ROMMON Release Supported for IOS XE

Recommended ROMMON Release Supported for IOS XE

Catalyst 8300 Series Edge Platforms

C8300-1N1S-4T2X|6T

17.9.1

17.3(1r)

17.3(5r)

C8300-2N2S-4T2X|6T

17.9.1

17.3(1.2r)

17.3(4.1r)

Catalyst 8200 Series Edge Platforms

C8200-1N-4T

17.9.1

17.4(1r)

17.4(3r)

C8200L-1N-4T

17.9.1

17.5(1.1r)

17.5(2r)

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.

Resolved Bugs in Cisco IOS XE 17.9.2a

Identifier

Headline

CSCwc21739

NAT not requesting further for low ports after initial allocation when cli knob "reserved-ports" set.

CSCwc39012

Crash saving tracelogs after "Too many open files" error.

CSCwc03478

VTCP does not support Layer2 correctly.

CSCwc82140

QFP crashes when ZBFW configuration geatures "log dropped-packets" configuration.

CSCwd12591

Device ucode crash is seen during FW classification and the session is becomes free.

CSCwc99668

Device added by IKEV2 is getting deleted at responder.

CSCwc23077

Firewall drop is seen stating “FirewallL4” seen on the device.

CSCwc78528

DSPware 60.1.1 release targeting v179_throttle.

CSCwc44851

Bootstrap is failing on the device.

CSCwc96444

Device is not programming correct next-hop for unicast prefix with multicast config present.

CSCwc49715

Carsh is seen @ UNIX-EXT-SIGNAL: Aborted(6), Process = Check heaps, having PPPoe with cwmp configs.

CSCwb52324

Device unexpected reload due to QFP ucode crash.

CSCwc77183

Packet duplication is causing drops in payment transactions with SdwanGenericDrop code.

CSCwc20170

Device reloads unexpectedly due to critical FTMd fault when VRF configuration is pushed

CSCwb89958

Unified Policy HSL not sending properly NBAR application information.

CSCwc89328

Multiple devices experience crashes every 4 to 5 miniutes.

CSCwc11376

CefcFRUPowerOperStatus false report on the device.

CSCwc45950

ZBFW self zone policy drops SSH session on Mgmt-intf 512 ports.

CSCwc43794

Device VRF+NAT Outside Source Static - Drop packets during FTP (Active-mode) execution.

CSCwc28587

Crashed without generating any core (Critical process plogd fault on rp_0_0 (rc=75).

CSCwc32595

BFD sessions remains down if interface flap form up/down/up.

CSCwb90252

Automatically freeing up filesystems stale image or recovered folder (lost+found).

CSCvz89354

Device crashes due to CPUHOG when walking ciscoFlashMIB.

CSCwc39865

Subscriber session getting stuck and needs clearing it manually.

CSCwb48953

Device speed test failing with "Device Error: Speed test in progress".

CSCwc72923

ERROR information: Device r configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt.

CSCwc84967

Intermittent double DTMF due to changing timestamp on a DTMF event.

CSCwb08057

ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon.

CSCwd11365

Needs cert update - Azure CGW creation fails due to NVA provisioning failure.

CSCwc79145

Throughput degrades when Local TLOC specified in Data Policy goes down.

CSCwc29629

Crashes when Virtual-Access tries to bring-up/bring-down OSPFv3 ipsec crypto session authentication.

CSCwd13352

SSH from device tgetting closed after the device is updated.

CSCwc77177

BFD and control packets are dropped when ACL is applied on gigi to which loopback is bind.

CSCwc68132

SIG tunnel tracker packets are dropped by firewall with self zone policy.

Open Bugs in Cisco IOS XE 17.9.2a

Identifier

Headline

CSCwd45508

Device does not form BFD across Serial link when upgrading.

CSCwd23810

IOS-XE: A high CPU utilization caused by NHRP.

CSCwd45402

MSR Unicast-To-Multicast not working if the destinatio and source are the same in service reflect configuration.

CSCwd45363

IPSEC throughput level ambiguous outputs.

CSCwd13050

After upgrade, device moved into out of sync status.

CSCwd12955

NAT translation is not correctly sent to hub router from branch when SSNAT and UTD are configured.

CSCwc28468

Template is not pushed to the device if device is running in FIPS mode.

CSCwc99823

Fman crash is seen in SGACL@ fman_sgacl_calloc.

CSCwd34941

NAT configuration with no-alias option is not preserved after reload.

CSCwd15560

With 2 sequences, should not skip if the match is different and action is same.

CSCwd33966

Unable to configure the local BGP.

CSCwd37410

0365 and MS Teams applications access issues when using DIA with app-list match in data-policy.

CSCvz55282

Serviceability enhancements for config migration failures between releases.

CSCwd36621

CERM may kick in due to IPSec sessions initiated for on-demand tunnels.

CSCwd44006

Control Connection on the device does not come-up with reverse proxy using enterprise certificate.

CSCwd29334

Upgrade failures due to inability to establish netconf connection.

CSCwd11124

Device kernel crash - kernel NULL pointer dereference - error_code(0x0010) - not-present page.

CSCwa14636

Device stopped forwarding traffic. Suspect OMPd is busy.

CSCwd38626

Repeating SYS-2-PAK_SUBBLOCK_BADSIZE: 4 -Process= "<interrupt level>".

CSCwd33202

DHCP behavior issue is seen when BDI interface is enabled on WAN and SVI interface.

CSCwd17381

NAT and DIA traffic is skipping UTD in forward direction after  SSNAT  path from service-side.

CSCwd34860

Device see the increase of "Input errors" without any other specifc errors increasing under show interface command.

CSCwd12330

Invalid TCP checksum in SYN flag packets passing through device.

CSCwd18028

After delete CSP, new CCM bring up on existing CSP is stuck in "Initializing CCM" on MT cluster.

Resolved Bugs in Cisco IOS XE 17.9.1a

Identifier

Headline

CSCvz65764

Peer MSS value showing incorrect.

CSCwa95092

When Object-group used in a ACL is updated, it takes no effect.

CSCwb33968

Device failed to display active flows when flow count is high on the device.

CSCwb02142

Traceback: fman_fp_image core after clearing packet-trace conditions.

CSCwb49857

Memory leaks on keyman process when key is not found.

CSCwa65728

Large number of DH failures.

CSCwb11389

NAT translation stops suddenly(ip nat inside does not work).

CSCwa84919

Revocation-check crl none" does not failover to NONE DNAC-CA

CSCwb39098

Router crashed after new IPv6 address assigned when router use specific configuration.

CSCwa69101

ISG: initiator unclassified ip-address LQipv4 command has no effect.

CSCwa67886

UDP based DNS resolution does not work with IS-IS EMCP on IOX-XE.

CSCvz84588

Destination prefix packets getting dropped because forwarding plane is not programming the next hop.

CSCwb27486

New Key for NBAR app and NBAR category without OGREF optimized.

CSCwa72273

ZBFW dropping return packets from Zscalar tunnel post cedge upgrade to 17.3.4.

CSCwb32934

Device does not use QAT when malloc failure.

CSCwa49101

OMP origin protocol comparison clean-up.

CSCwb17282

Router crashing when clearing a VPDN session.

CSCwa49721

Deviee hub with firewall configured incorrectly dropping return packets when routing between VRFs.

CSCwb21645

NAT traffic gets dropped when default route changes from OMP to NAT DIA route

CSCwa98617

Memory Leak in AEM chunks related to Firewall.

CSCwb18223

SNMP v2 community name encryption problem.

CSCwb16723

Traceroute not working on cEdge with NAT.

CSCwb31587

Subject-alt-name attribute in certificate trustpoint causes Windows NDES/CA to reject SCEP requests.

CSCwb51238

Router reload unexpectedly two times when enter netflow show command.

CSCwb12647

Device crashes for stuck threads in cpp on packet processing.

CSCwa48512

CoR intercepted DNS reply packets dropped with drop code 52 (FirewallL4Insp) if UTD enabled.

CSCwa93664

ThousandEyes container may fail to get installed on the device.

CSCvz28950

DMVPN phase 2 connectivity issue between two spokes.

CSCwa78348

Traceback: IOS-XE reload after Segmentation fault on Process = SSS Manager

CSCvz81664

Enabling or Disabling OMP Overlay AS Prevents Connected Routes from Being Advertised in OMP.

CSCwb43423

IOS XE image installation fails.

CSCwa08847

ZBFW policy stops working after modifying the zone pair.

CSCwb15331

Keyman memory leak using public keys.

CSCvw50622

NHRP network resolution not working with link-local ipv6 address.

CSCwb59736

BFD tunnel are zero with SDWAN version 17.03.03.0.7.

CSCwa57873

Incorrect reload reason - Last reload reason: LocalSoft for Netconf Initiated request.

CSCwb51595

Missing IOS config (voice translation rule) on upgrade from 17.3 to 17.6.

CSCwb18315

Umbrella DNS security policy doesn't work with Cloud onRamp with SIG tunnels.

Open Bugs in Cisco IOS XE 17.9.1a

Identifier

Headline

CSCwc39012

Crash saving tracelogs after "Too many open files" error.

CSCwc20075

Unable to switch the technology from 4g to 3g.

CSCwb89958

Unified Policy HSL not sending properly NBAR application information.

CSCwc23077

Firewall drop seen stating “FirewallL4” seen on the device.

CSCwb74821

Yang-management process confd is not running, controller mode 17.6.2a.

CSCwc44851

Bootstrap failing on c8300 on 17.9.

CSCwc55684

SIG GRE: Layer 7 Health check doesn't work on Loopback interfaces.

CSCwc56896

Crash is seen in ipv6_tunnel_macaddr while adding/removing gre multi-point tunnel mode.

CSCwc52538

SDWAN flows are not distributed and load-balanced evenly and consistently.

CSCwc55260

Memory leak due to FTMd process.

CSCwc69881

Device lost configuration due to multiple power cycles on site.

CSCwc20170

Device reloads unexpectedly due to critical FTMd fault when VRF configuration is pushed.

CSCwb88621

Device unable to establish control connection with vBond due to out of order DTLS packets.

CSCwc37465

Static NAT configuration in CLI with the no-alias keyword cannot be retrieved via NETCONF/YANG.

CSCwc59598

Device statistics collection causing service-side BFD to flap on every collection interval.

CSCwc50477

Device crashed in ipv4_nat_create_out2in_session_entry

CSCwc67465

Device cannot be upgraded to 17.8.

CSCwc59650

The show sdwan app-fwd cflowd flows vpn X format table does not show all flows for vpn X

CSCwc32595

BFD sessions remains down if interface flap form up/down/up

CSCwc38529

Traffic seems not inspected by UTD when umbrella is set.

CSCwc63563

Unable to set specific speed and duplex values on SFP ports on IOS-XE routing platforms.

CSCwc39865

Subscriber Session getting stuck and needs clearing it manually.

CSCwc43973

DLC is not completing after upgrading to Smart licensing from CSL

CSCwc55467

BFD Tunnel on the router is not staying up, 1 out of 40 tunnels.

CSCwc42978

Device looses all BFD sessions with Invalid SPI.

CSCwc67171

Tracebacks at cgm_avlmgr_class_init and cpuhog_key_init

CSCwb08057

ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon.

CSCwc63337

Destination not reachable if configured as a next for a static route resolvable via non /32 OMP.

CSCwc29629

Crashes when Virtual-Access tries to bring-up/bring-down OSPFv3 ipsec crypto session authentication.

CSCwc27208

BFD sessions not coming UP because of ANTI-REPLAY-FAILURES.

CSCwc68132

SIG tunnel tracker packets are dropped by firewall with self zone policy.

CSCwc70468

CPA fail to send SIP Update for AsmT before "maxTermToneAnalysis" expiration.

CSCwc70511

URGENT ISR4331/K9 | Version 17.06.02 | Router Reloaded Unexpectedly.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.

Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.