Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
About The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms
The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are best-of-breed, 5G-ready, cloud edge platforms designed for accelerated services, multi-layer security, cloud-native agility, and edge intelligence to accelerate your journey to cloud.
Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms with Cisco IOS XE SD-WAN Software deliver Cisco’s secure, cloud-scale SD-WAN solution for the branch. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are built for high performance and integrated SD-WAN Services along with flexibility to deliver security and networking services together from the cloud or on premises. It provides higher WAN port density and a redundant power supply capability. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms have a wide variety of interface options to choose from—ranging from lower and higher module density with backward compatibility to a variety of existing WAN, LAN, voice, and compute modules. Powered by Cisco IOS XE, fully programmable software architecture, and API support, these platforms can facilitate automation at scale to achieve zero-touch IT capability while migrating workloads to the cloud. The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms also come with Trustworthy Solutions 2.0 infrastructure that secures the platforms against threats and vulnerabilities with integrity verification and remediation of threats.
The Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms are well suited for medium-sized and large enterprise branch offices for high WAN IPSec performance with integrated SD-WAN services.
For more information on the features and specifications of Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms, refer to the Cisco Catalyst 8300 Series Edge platforms datasheet.
 Note |
SFP ports on C8200-1N-4T platforms can only support 1 GB speed even though the copper SFP module does support the 10/100M speed. |
Note |
Sections in this documentation apply to all models of Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms unless a reference to a specific model is made explicitly. |
Note |
Cisco IOS XE Cupertino17.9.1a is the first release for the Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms in the Cisco IOS XE Cupertino 17.9.x release series. |
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
New and Changed Hardware and Software Features
New and Changed Hardware Features
There are no new hardware features in this release.
New and Changed Software Features
Feature Navigator
You can use Cisco Feature Navigator (CFN) to find information about the software features, platform, and software image support on Cisco Catalyst 8200 and Catalyst 8300 Series Edge Platforms. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.
Note |
To access CFN, you do not require an account on cisco.com. |
New and Changed Software Features in Cisco IOS XE 17.9.5a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.9.4a
There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
New and Changed Software Features in Cisco IOS XE 17.9.4
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.9.3a
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.9.2a
There are no new software features in this release.
New Software Features
|
Feature |
Discription |
||
|---|---|---|---|
|
10G SFP Module Support on Cisco Catalyst 8300 Edge Series Platforms |
Cisco Catalyst 8300 Edge Series Platforms now supports newer 10G SFP module. For the complete list of supported SFP modules, see the Optics Compatibility Matrix. |
||
|
This feature provides the capabilities to carry both IPv4 and IPv6 traffic using a single IPsec Security Association (SA) that is tunnelled over IPv4. From IOS XE release 17.9.1a onwards, Cisco supports specific subnets in the access control list when the ingress end of the tunnel interface is configured with a third party IPsec client. With the introduction of the SVTI single security association dual stack feature, you can now manage the business-to-business services and other IOT business efficiently. |
|||
|
Support for BGP additional paths with label-unicast unique mode |
This enhancement introduces support for configuring BGP additional paths when label-unicast unique mode is configured. |
||
|
This feature introduces support for configuration of unicast-to-multicast destination reflection to facilitate unicast-to-multicast destination translation and unicast-to-multicast destination splitting. It also provides the capability for users to translate externally received unicast destination addresses to multicast addresses. |
|||
|
Smart Licensing Using Policy Features |
|||
|
New mechanism to send data privacy related information |
A new mechanism to send data privacy related information was introduced. This information is no longer included in a RUM report. If data privacy is disabled (no license smart privacy {all|hostname|version} command in global configuration mode), data privacy related information is sent in a separate sync message or offline file. Depending on the topology you have implemented, the product instance initiates the sending of this information in a separate message, or CSLU and SSM On-Prem initiates the retrieval of this information from the product instance, or this information is saved in an offline file. For more information, see license smart (global config). |
||
|
Hostname support |
Support for sending hostname information was introduced. If you configure a hostname on the product instance and disable the corresponding privacy setting (no license smart privacy hostname command in global configuration mode), hostname information is sent from the product instance, in a separate sync message or offline file. Depending on the topology you have implemented, the hostname information is received by CSSM, CSLU, and SSM On-Prem. It is then displayed on the corresponding user interface. For more information, see license smart (global config).
|
||
| RUM Report Throttling |
For all topologies where the product instance initiates communication, the minimum reporting frequency is throttled to one day. This means the product instance does not send more than one RUM report a day. The affected topologies are: Connected Directly to CSSM, Connected to CSSM Through CSLU (product instance-initiated communication), CSLU Disconnected from CSSM (product instance-initiated communication), and SSM On-Prem Deployment (product instance-initiated communication). This resolves the problem of too many RUM reports being generated and sent for certain licenses. It also resolves the memory-related issues and system slow-down that was caused by an excessive generation of RUM reports. You can override the reporting frequency throttling, by entering the license smart sync command in privileged EXEC mode. This triggers an on-demand synchronization with CSSM or CSLU, or SSM On-Prem, to send and receive any pending data. RUM report throttling also applies to the Cisco IOS XE Amsterdam 17.3.6 and later releases of the 17.3.x train, and Cisco IOS XE Bengaluru 17.6.4 and later releases of the 17.6.x train. From Cisco IOS XE Cupertino 17.9.1, RUM report throttling is applicable to all subsequent releases. |
||
|
Virtual Routing and Forwarding (VRF) Support |
On a product instance where VRF is supported, you can configure the license smart vrf vrf_string command and use a VRF to send licensing data to CSSM, or CSLU, or SSM On-Prem.
For more information, see license smart (global config). |
||
ROMMON Compatibility Matrix
The following table lists the ROMMON releases supported in Cisco IOS XE 17.9.x releases.
|
Platforms |
Cisco IOS XE Release |
Minimum ROMMON Release Supported for IOS XE |
Recommended ROMMON Release Supported for IOS XE |
|---|---|---|---|
|
Catalyst 8300 Series Edge Platforms |
|||
|
C8300-1N1S-4T2X|6T |
17.9.4 |
17.3(1r) |
17.6(6r) |
|
C8300-2N2S-4T2X|6T |
17.9.4 |
17.3(1.2r) |
17.6(6.1r) |
|
Catalyst 8200 Series Edge Platforms |
|||
|
C8200-1N-4T |
17.9.4 |
17.4(1r) |
17.6(6r) |
|
C8200L-1N-4T |
17.9.4 |
17.5(1.1r) |
17.6(6r) |
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
Resolved Bugs - Cisco IOS XE 17.9.5a
|
Identifier |
Headline |
|---|---|
|
Router keeps crashing when processing a firewall feature. |
|
|
Using special characters in the password while generating TP generates an invalid TP. |
|
|
Device: write or do write saves configuration but RSA keys /SSH lost after reload. |
|
|
Policy commit failure notification and alarm from Cisco Catalyst SD-WAN Controller. |
|
|
Unexpected reboot after establishing control plane of EVPN MPLS and receiving packets. |
|
|
NAT HSL logging vrf-filter is not working. |
|
|
CPU usage mismatch between the show sdwan system status and show proc cpu platform commands. |
|
|
Device crashes with crashinfo files when generated with the segmentation fault, process IPSEC key engine. |
|
|
OMP route is advertised although the route is not available. |
|
|
Ten0/0/2 from port-channel suspends the status when applying the platform qos port-channel-aggregate command. |
|
|
Netflow stops working when flow monitor reaches cache limit. |
|
|
Modem (P-5GS6-GL) is showing four additional NR bands support - 1, 3, 7, and 28. |
|
|
Running tests on ThousandEyes Agent causes tracebacks on device running TE in docker container. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
UTD packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Device is crashing while adding a trustpoint to the router . |
|
|
CSDL Compliance failure : Use of 3DES by IPSec is denied. |
|
|
Unexpected reload on device due to critical process fman_fp_image. |
|
|
Device observes memory leak at process SSS Manager. |
|
|
Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over IPsec cannot be applied. |
|
|
Device data plane crash in Umbrella/OpenDNS processing due to incorrect UDP length. |
|
|
The configure replace command fails due to the license UDI PID XXX SN:XXXX line on IOS-XE devices. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is requested and deleted. |
|
|
Unexpected reboot after configuring application redundancy. |
|
|
ITU channel configuration seems not working on the device. |
|
|
Crashed by Track Client thread at access invalid memory location. |
|
|
Unable to migrate from ADSL to VDSL without reboot. |
|
|
Crash in IP Input process during tunnel encapsulation. |
|
|
DMVPN logging cannot be disabled. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is deleted. |
|
|
Device dropping Speedtest/IPerf packets with drop reason DROP 19 (Ipv4NoRoute). |
|
|
IPv4 connectivity over PPP not restored after reload. |
|
|
The device HSRP received unexpected active hello packet when interface is recovered. |
|
|
Vdaemon debug log must mention port-hop and reason prior to Distloc. |
|
|
Keyman process crash seen while re-generating SSH key in the device. |
|
|
B2B NAT: when configration IP Nat inside/outside on Vasi intereface, ack/seq number abnormal. |
|
|
Device: show platform hardware throughput crypto command displays ambiguous outputs. |
Open Bugs - Cisco IOS XE 17.9.5a
|
Identifier |
Headline |
|---|---|
|
C-NIM-2T: LED L remains green after port shutdown. |
|
|
IKEv2 - diagnose feature is taking 11% CPU during session bring up. |
|
|
Device platform USB will not work once the USB is removed and inserted. |
|
|
Warning and critical CPU utilization thresholds not recomputed when using data-plane-heavy mode. |
|
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
|
Segmentation fault observed in ikev2_dupe_delete_reason. |
|
|
Enable SoS/ROC feature for DSL. |
|
|
Endpoint tracker triggers a CPU Hog. |
|
|
Cosmetic 3G issue causing distress - device is displayed as unknown. |
|
|
SFP interface shut down, but the opposing device interface is still up and running. |
|
|
PKI crash after failing a CRL Fetch. |
|
|
NAT command is not readable after being reloaded. |
|
|
DSP reporting out of range utilization values in SNMP. |
|
|
EntSensorThresholdValue OID for PDU1 is missing. |
|
|
Device crashes due to crypto IKMP process. |
|
|
Packets with unicast MAC are dropped on a port channel L2 sub-intf after the device is rebooted. |
|
|
CWMP: Add vendor specific parameter for NBAR protocol pack version . |
|
|
Device must discard IKE Notification messages with incorrect DOI. |
|
|
Device crashes with segmentation fault(11), process = NHRP when processing NHRP traffic. |
|
|
ZBF drops transit WAAS PSH/ACK packet due to invalid ACK number. |
|
|
Unknown appID in ZBFW HSL log. |
|
|
Traffic not encrypted and droped over IPsec SVTI tunnel. |
|
|
Static NAT with HSRP stops working after removing /adding standby. |
|
|
Device dropping IPsec traffic when SVI is used as source for DMVPN tunnel. |
|
|
DDNS update retransmission timer fails to work with a traceback error. |
|
|
CPP CP SVR crashes after decoding all packets to text (using l2 copy) on fia trace . |
|
|
Cisco SD-WAN custom application is marked as invalid . |
|
|
IPv6 TCP adjust-mss not working after delete and reconfigure. |
|
|
Packet drops observed between LISP EID over GRE tunnel. |
|
|
C-NIM-2T cannot boot up in IOS. |
|
|
AAA: Template push fails when aaa authorization is set to local. |
Resolved Bugs - Cisco IOS XE 17.9.4a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
Open Bugs in Cisco IOS XE 17.9.4a
|
Identifier |
Headline |
|---|---|
|
Unexpected reload due to memory corruption when modifying and access list. |
|
|
CLI template fails to attach to CG418-E with error access-denied. |
|
|
Netflow stops working when flow monitor reaches cache limit in the Device. |
|
|
Output packet Bytes calculation biase when we enable QoS on port channel. |
|
|
NHRP BFD flaps randomly with dynamic tunnel (NHRP phase 3) in DMVPN. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Static NAT DIA inside static routes being advertised over OMP to remote sites. |
|
|
UTD Packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Device is crashing while adding a trustpoint to the router. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
|
The Configure replace command fails due to the "license udi PID XXX SN:XXXX" line on Cisco IOS XE devices. |
|
|
Device reloads changing the resource profile. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value. |
|
|
QoS more than four remark with set-cos not work. |
|
|
Packets with L2TP headers cause device to crash |
|
|
Cisco IOS XE cpp crash is seen when entering no ip nat create flow-entries command |
|
|
Device crashes with crashinfo files were generated with segmentation fault, process IPSEC key engine. |
|
|
HSRP received unexpected active hello packet when interface recovered. |
|
|
Static NAT entry gets deleted from running config; but remains in startup configiration. |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
|
Cisco IOS XE - debug log should mention port-hop and reason prior to DISTLOC |
|
|
SNMP ifindex persist does not work. |
Resolved Bugs in Cisco IOS XE 17.9.4
|
Identifier |
Headline |
|---|---|
|
FlexVPN: Stale client routes stuck in RIB on FlexServer. |
|
|
NAT ALG is changing the Call-ID within SIP message header causing calls to fail. |
|
|
Device freezes for show sdwan command. |
|
|
Control connection over L3 Tloc extension failing as no NAT table entry created. |
|
|
MACsec remains marked as SECURED, but randomly the traffic stops working. |
|
|
ALG breaks NBAR recognition impacting application firewall performance. |
|
|
NAT configuration with redundancy, mapping id and match-in-vrf options with no-alias support. |
|
|
Device crashes unexpectedly due to a fault in the TLSCLIENT_PROCESS. |
|
|
NAT configuration with no-alias option is not preserved after reload. |
|
|
NHRP cache entries flood matching a /32 default route. |
|
|
Watchdog crashes while importing a large CRL file into switch. |
|
|
DTMF is failing through IOS MTP during call on-hold. |
|
|
Device uses excessive memory when configuring ACLs with Large Object Groups. |
|
|
Auto-update cycle incorrectly deletes certificates. |
|
|
Ucode crash is seen on device with traffic pointing to segfault in coff handler. |
|
|
Memory allocation failure with extended antireplay enabled. |
|
|
NAT entries expire on standby router. |
|
|
Segmentation fault in SD-WAN PB rx when per-tunnel QoS config withdraw. |
|
|
Unexpected reboot due to Cisco IOS XE WATCHDOG: Process = Crypto IKMP. |
|
|
Device platform punt-policer is not configurable. |
|
|
Device is crashing after importing the trustpoint with RSA key pair. |
|
|
Unexpected reload with IPS configured. |
|
|
Observed qfp-ucode-wlc crash. |
|
|
GARP on port up/up status from the router is not received by remote peer device. |
|
|
MCID (Malicious Call Identification) gets broken due to custom prefix setting under STCAPP FAC. |
|
|
NAT: Traffic is not translated to the same global address though PAP is configured. |
|
|
No way audio when using secure hardware conference with secure endpoints. |
|
|
Configuring entity-information xpath filter causes syslogs to print, does not return data. |
|
|
Device: ~23% degradation in IPSEC IPv6 profile in CCO for 1400B. |
|
|
Router crashes due to CPUHOG when walking Cisco FlashMIB @snmp_platform_get_flash_file_info. |
|
|
Cisco IOS XE crashes while executing AES crypto functions. |
|
|
Packet Duplication: Duplicate packets are counted on primary tunnel interface statistics. |
|
|
ISAKMP profile does not match as per configured certificate maps. |
|
|
Failed to ping gateway while configuring SharedLOM with console telnet interface until router reload. |
|
|
ISG Layer 2 Connected Subscriber: IPv6 prefix delegation is not reachable when packet are switched. |
|
|
C8200: ROMMON 17.6(6r) release for auto-upgrade. |
|
| CSCvy60823 |
PCIe Bus and Kernel Errors, Interfaces go down when these errors are seen. |
Open Bugs in Cisco IOS XE 17.9.4
|
Identifier |
Headline |
|---|---|
|
Unexpected reload due to memory corruption when modifying and access list. |
|
|
CLI template fails to attach to CG418-E with error access-denied. |
|
|
Netflow stops working when flow monitor reaches cache limit in the Device. |
|
|
Output packet Bytes calculation biase when we enable QoS on port channel. |
|
|
NHRP BFD flaps randomly with dynamic tunnel (NHRP phase 3) in DMVPN. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Static NAT DIA inside static routes being advertised over OMP to remote sites. |
|
|
UTD Packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Device is crashing while adding a trustpoint to the router. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is being deleted. |
|
|
The Configure replace command fails due to the "license udi PID XXX SN:XXXX" line on Cisco IOS XE devices. |
|
|
Device reloads changing the resource profile. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value. |
|
|
QoS more than four remark with set-cos not work. |
|
|
Packets with L2TP headers cause device to crash |
|
|
Cisco IOS XE cpp crash is seen when entering no ip nat create flow-entries command |
|
|
Device crashes with crashinfo files were generated with segmentation fault, process IPSEC key engine. |
|
|
HSRP received unexpected active hello packet when interface recovered. |
|
|
Static NAT entry gets deleted from running config; but remains in startup configiration. |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
|
Cisco IOS XE - debug log should mention port-hop and reason prior to DISTLOC |
|
|
SNMP ifindex persist does not work. |
|
|
CUBE - SIP Message Queuing Fails to Resume Transmission |
Resolved Bugs in Cisco IOS XE 17.9.3a
|
Identifier |
Headline |
|---|---|
|
MSR unicast to multicast not working if destination and source are the same in service reflect configuration. |
|
|
Memory leak under linux_iosd-imag related to SNMP. |
|
|
Unexpected reload after running show voice dsp command while an ISDN Call disconnects. |
|
|
ISG FFR: ARP request to reroute nexthop IP is not triggered if ARP entry not in ARP table. |
|
|
IPSEC throughput level / ambiguous outputs. |
|
|
Service engine YANG support for Zone-based Firewall. |
|
|
GetVPN Long SA - GM re-registration after encrypting 2^32-1 of packets in one IPSEC SA. |
|
|
QoS Classification not working for DSCP or ACL + MPLS EXP. |
|
|
Clear ISG existing lite-session upon reception of DHCP packet for same client. |
|
|
Fman crash seen in SGACL@ fman_sgacl_calloc. |
|
|
Interface VLAN1 placed in shutdown state when configured with ip address pool command. |
|
|
Data plane crash is seen on the device when making per-tunnel QoS configuration changes with scale. |
|
|
IKEv2/IPSec - phase 2 rekey failing when peer is behind NAT. |
|
|
CEF DPI load-balancing causes out of order packets. |
|
|
vCube crashing and restarting during call flow. |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
|
Enable license feature hseck9 command on the device. |
|
|
CWMP : MAC address of ATM interface is not included in inform message. |
|
|
GETVPN: KS reject registration from a public IP. |
|
|
Unconditional excessive logging in eogre tunnel error handling case. |
|
|
MPLS VPN traffic dropped due FDB OOM with cause FIAError under scale flow number. |
|
|
Device reloads unexpectedly after set ospfv3 authentication null command. |
|
|
DHCP behavior issue when BDI interface is enabled on WAN and SVI interface. |
|
|
Stale ip alias left after NAT statement got removed. |
|
|
ISG uses identifier mac-address 0000.0000.0000 when DHCP LQ does not reply. |
|
|
GETVPN : Traffic drops is seen on GM after rekey installing policies. |
|
|
Single WAN interface subslot 0/0 timing. |
Open Bugs in Cisco IOS XE 17.9.3a
|
Identifier |
Headline |
|---|---|
|
IOS-XE cpp crash when entering no ip nat create flow-entries command. |
|
|
Memory leak on vdaemon process caused router reload. |
|
|
Device leaking memory in MallocLite because of telemetry subscription to collect FNF cache. |
|
|
OID for SNMP monitoring of DSP resources are not working as expected. |
|
|
ALG breaks NBAR recognition impacting application firewall performance. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Static NAT with HSRP stops working after removing and adding standby. |
|
|
UTD Packet drop due to fragmentation for ER-SPAN traffic. |
|
|
Device crashes while executing AES crypto functions. |
|
|
NAT: Traffic is not translated to the same global address though PAP is configured. |
|
|
Incorrect return MIB for ciscoWanCellExtMIB and ciscoWan3gMIB. |
|
|
Unable to match on customer profile based on certificate-map. |
|
|
PFP policy in SRTE, RIB resolution in FC bring down ipsec tunnel interface- stuck at linestate down. |
|
|
IP CEF load sharing command is being changed by the device. |
|
|
GARP on port up/up status from the device is not received by remote peer device. |
|
|
NAT configuration with no-alias option is not preserved after reload. |
|
|
CUBE - SIP Message Queuing Fails to Resume Transmission |
Resolved Bugs in Cisco IOS XE 17.9.2a
|
Identifier |
Headline |
|---|---|
|
NAT not requesting further for low ports after initial allocation when cli knob "reserved-ports" set. |
|
|
Crash saving tracelogs after "Too many open files" error. |
|
|
VTCP does not support Layer2 correctly. |
|
|
QFP crashes when ZBFW configuration geatures "log dropped-packets" configuration. |
|
|
Device ucode crash is seen during FW classification and the session is becomes free. |
|
|
Device added by IKEV2 is getting deleted at responder. |
|
|
Firewall drop is seen stating “FirewallL4” seen on the device. |
|
|
DSPware 60.1.1 release targeting v179_throttle. |
|
|
Bootstrap is failing on the device. |
|
|
Device is not programming correct next-hop for unicast prefix with multicast config present. |
|
|
Carsh is seen @ UNIX-EXT-SIGNAL: Aborted(6), Process = Check heaps, having PPPoe with cwmp configs. |
|
|
Device unexpected reload due to QFP ucode crash. |
|
|
Packet duplication is causing drops in payment transactions with SdwanGenericDrop code. |
|
|
Device reloads unexpectedly due to critical FTMd fault when VRF configuration is pushed |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
Multiple devices experience crashes every 4 to 5 miniutes. |
|
|
CefcFRUPowerOperStatus false report on the device. |
|
|
ZBFW self zone policy drops SSH session on Mgmt-intf 512 ports. |
|
|
Device VRF+NAT Outside Source Static - Drop packets during FTP (Active-mode) execution. |
|
|
Crashed without generating any core (Critical process plogd fault on rp_0_0 (rc=75). |
|
|
BFD sessions remains down if interface flap form up/down/up. |
|
|
Automatically freeing up filesystems stale image or recovered folder (lost+found). |
|
|
Device crashes due to CPUHOG when walking ciscoFlashMIB. |
|
|
Subscriber session getting stuck and needs clearing it manually. |
|
|
Device speed test failing with "Device Error: Speed test in progress". |
|
|
ERROR information: Device r configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt. |
|
|
Intermittent double DTMF due to changing timestamp on a DTMF event. |
|
|
ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
Needs cert update - Azure CGW creation fails due to NVA provisioning failure. |
|
|
Throughput degrades when Local TLOC specified in Data Policy goes down. |
|
|
Crashes when Virtual-Access tries to bring-up/bring-down OSPFv3 ipsec crypto session authentication. |
|
|
SSH from device tgetting closed after the device is updated. |
|
|
BFD and control packets are dropped when ACL is applied on gigi to which loopback is bind. |
|
|
SIG tunnel tracker packets are dropped by firewall with self zone policy. |
|
|
BFD sessions are not coming up after flapping the interface due to low ftm rate. |
|
|
UTD skipped when interface UTD config is used to enable/disable UTD. |
Open Bugs in Cisco IOS XE 17.9.2a
|
Identifier |
Headline |
|---|---|
|
Device does not form BFD across Serial link when upgrading. |
|
|
IOS-XE: A high CPU utilization caused by NHRP. |
|
|
MSR Unicast-To-Multicast not working if the destinatio and source are the same in service reflect configuration. |
|
|
IPSEC throughput level ambiguous outputs. |
|
|
After upgrade, device moved into out of sync status. |
|
|
NAT translation is not correctly sent to hub router from branch when SSNAT and UTD are configured. |
|
|
Template is not pushed to the device if device is running in FIPS mode. |
|
|
Fman crash is seen in SGACL@ fman_sgacl_calloc. |
|
|
NAT configuration with no-alias option is not preserved after reload. |
|
|
With 2 sequences, should not skip if the match is different and action is same. |
|
|
Unable to configure the local BGP. |
|
|
0365 and MS Teams applications access issues when using DIA with app-list match in data-policy. |
|
|
Serviceability enhancements for config migration failures between releases. |
|
|
CERM may kick in due to IPSec sessions initiated for on-demand tunnels. |
|
|
Control Connection on the device does not come-up with reverse proxy using enterprise certificate. |
|
|
Upgrade failures due to inability to establish netconf connection. |
|
|
Device kernel crash - kernel NULL pointer dereference - error_code(0x0010) - not-present page. |
|
|
Device stopped forwarding traffic. Suspect OMPd is busy. |
|
|
Repeating SYS-2-PAK_SUBBLOCK_BADSIZE: 4 -Process= "<interrupt level>". |
|
|
DHCP behavior issue is seen when BDI interface is enabled on WAN and SVI interface. |
|
|
NAT and DIA traffic is skipping UTD in forward direction after SSNAT path from service-side. |
|
|
Device see the increase of "Input errors" without any other specifc errors increasing under show interface command. |
|
|
Invalid TCP checksum in SYN flag packets passing through device. |
|
|
After delete CSP, new CCM bring up on existing CSP is stuck in "Initializing CCM" on MT cluster. |
Resolved Bugs in Cisco IOS XE 17.9.1a
|
Identifier |
Headline |
|---|---|
|
Peer MSS value showing incorrect. |
|
|
When Object-group used in a ACL is updated, it takes no effect. |
|
|
Device failed to display active flows when flow count is high on the device. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Memory leaks on keyman process when key is not found. |
|
|
Large number of DH failures. |
|
|
NAT translation stops suddenly(ip nat inside does not work). |
|
|
Revocation-check crl none" does not failover to NONE DNAC-CA |
|
|
Router crashed after new IPv6 address assigned when router use specific configuration. |
|
|
ISG: initiator unclassified ip-address LQipv4 command has no effect. |
|
|
UDP based DNS resolution does not work with IS-IS EMCP on IOX-XE. |
|
|
Destination prefix packets getting dropped because forwarding plane is not programming the next hop. |
|
|
New Key for NBAR app and NBAR category without OGREF optimized. |
|
|
ZBFW dropping return packets from Zscalar tunnel post cedge upgrade to 17.3.4. |
|
|
Device does not use QAT when malloc failure. |
|
|
OMP origin protocol comparison clean-up. |
|
|
Router crashing when clearing a VPDN session. |
|
|
Deviee hub with firewall configured incorrectly dropping return packets when routing between VRFs. |
|
|
NAT traffic gets dropped when default route changes from OMP to NAT DIA route |
|
|
Memory Leak in AEM chunks related to Firewall. |
|
|
SNMP v2 community name encryption problem. |
|
|
Traceroute not working on cEdge with NAT. |
|
|
Subject-alt-name attribute in certificate trustpoint causes Windows NDES/CA to reject SCEP requests. |
|
|
Router reload unexpectedly two times when enter netflow show command. |
|
|
Device crashes for stuck threads in cpp on packet processing. |
|
|
CoR intercepted DNS reply packets dropped with drop code 52 (FirewallL4Insp) if UTD enabled. |
|
|
ThousandEyes container may fail to get installed on the device. |
|
|
DMVPN phase 2 connectivity issue between two spokes. |
|
|
Traceback: IOS-XE reload after Segmentation fault on Process = SSS Manager |
|
|
Enabling or Disabling OMP Overlay AS Prevents Connected Routes from Being Advertised in OMP. |
|
|
IOS XE image installation fails. |
|
|
ZBFW policy stops working after modifying the zone pair. |
|
|
Keyman memory leak using public keys. |
|
|
NHRP network resolution not working with link-local ipv6 address. |
|
|
BFD tunnel are zero with SDWAN version 17.03.03.0.7. |
|
|
Incorrect reload reason - Last reload reason: LocalSoft for Netconf Initiated request. |
|
|
Missing IOS config (voice translation rule) on upgrade from 17.3 to 17.6. |
|
|
Umbrella DNS security policy doesn't work with Cloud onRamp with SIG tunnels. |
Open Bugs in Cisco IOS XE 17.9.1a
|
Identifier |
Headline |
|---|---|
|
Crash saving tracelogs after "Too many open files" error. |
|
|
Unable to switch the technology from 4g to 3g. |
|
|
Unified Policy HSL not sending properly NBAR application information. |
|
|
Firewall drop seen stating “FirewallL4” seen on the device. |
|
|
Yang-management process confd is not running, controller mode 17.6.2a. |
|
|
Bootstrap failing on c8300 on 17.9. |
|
|
SIG GRE: Layer 7 Health check doesn't work on Loopback interfaces. |
|
|
Crash is seen in ipv6_tunnel_macaddr while adding/removing gre multi-point tunnel mode. |
|
|
SDWAN flows are not distributed and load-balanced evenly and consistently. |
|
|
Memory leak due to FTMd process. |
|
|
Device lost configuration due to multiple power cycles on site. |
|
|
Device reloads unexpectedly due to critical FTMd fault when VRF configuration is pushed. |
|
|
Device unable to establish control connection with vBond due to out of order DTLS packets. |
|
|
Static NAT configuration in CLI with the no-alias keyword cannot be retrieved via NETCONF/YANG. |
|
|
Device statistics collection causing service-side BFD to flap on every collection interval. |
|
|
Device crashed in ipv4_nat_create_out2in_session_entry |
|
|
Device cannot be upgraded to 17.8. |
|
|
The show sdwan app-fwd cflowd flows vpn X format table does not show all flows for vpn X |
|
|
BFD sessions remains down if interface flap form up/down/up |
|
|
Traffic seems not inspected by UTD when umbrella is set. |
|
|
Unable to set specific speed and duplex values on SFP ports on IOS-XE routing platforms. |
|
|
Subscriber Session getting stuck and needs clearing it manually. |
|
|
DLC is not completing after upgrading to Smart licensing from CSL |
|
|
BFD Tunnel on the router is not staying up, 1 out of 40 tunnels. |
|
|
Device looses all BFD sessions with Invalid SPI. |
|
|
Tracebacks at cgm_avlmgr_class_init and cpuhog_key_init |
|
|
ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
Destination not reachable if configured as a next for a static route resolvable via non /32 OMP. |
|
|
Crashes when Virtual-Access tries to bring-up/bring-down OSPFv3 ipsec crypto session authentication. |
|
|
BFD sessions not coming UP because of ANTI-REPLAY-FAILURES. |
|
|
SIG tunnel tracker packets are dropped by firewall with self zone policy. |
|
|
CPA fail to send SIP Update for AsmT before "maxTermToneAnalysis" expiration. |
|
|
URGENT ISR4331/K9 | Version 17.06.02 | Router Reloaded Unexpectedly. |
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback