Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
About Cisco Catalyst 8500 Series Edge Platforms
 Note |
The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product. |
Note |
Cisco IOS XE Bengaluru 17.6.1a is the first release for Cisco Catalyst 8500 Series Edge Platforms in the Cisco IOS XE Bengaluru 17.6.x release series. |
The Cisco Catalyst 8500 Series Edge Platforms are high-performance cloud edge platforms designed for accelerated services, multi-layer security, cloud-native agility, and edge intelligence to accelerate your journey to cloud.
The Cisco Catalyst 8500 Series Edge Platforms includes the following models:
-
C8500-12X4QC
-
C8500-12X
-
C8500L-8S4X
For more information on the features and specifications of Cisco 8500 Series Catalyst Edge Platform, refer the Cisco 8500 Series Catalyst Edge Platform datasheet.
Sections in this documentation apply to all models of unless a reference to a specific model is made explicitly.
Note |
Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation. The licensing utilities and user interfaces that are affected by this limitation include only the following:
|
New and Changed Software Features
Note |
From Cisco IOS XE Bengaluru 17.6.x, configuring a weak crypto algorithm generates a warning. But this warning can be safely ignored and does not impact the working of the crypto algorithms. For more information on weak crypto algorithms, see Supported Standards. |
|
Feature |
Description |
|---|---|
| L2VPN Traffic SteeringUsing SR-TE Preferred Path: | This feature allows you to configure an SR policy as the preferred path for a VPWS or VPLS pseudowire. VPWS or VPLS pseudowires between same PEs can be routed over different SR policies based on the requirements. |
Feature Navigator
You can use Cisco Feature Navigator (CFN) to find information about the features, platform, and software image support on Cisco Catalyst 8500 Series Edge Platforms. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not required.
Open and Resolved Bugs for Cisco IOS XE Bengaluru 17.6.5
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool , each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential. |
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
Resolved Bugs for Cisco IOS XE Bengaluru 17.6.5
| Bug ID | Headline |
|---|---|
| CSCvz93612 | %HW_FLOWDB-3-HW_FLOWDB_DBLDEL_FEATOBJ: FlowDB featobj cannot be deleted twice |
| CSCvy60839 | CSDL Compliance: Add CLI to disable CSDL compliance |
| CSCwc82140 | QFP Crash When ZBFW Configuration Features log dropped-packets configuration |
| CSCwc99823 | Fman crash seen in SGACL@ fman_sgacl_calloc |
| CSCwc78021 | Standby WLC crash @ fman_acl_remove_default_ace |
| CSCvz92994 | Lack of MAC address in Inform Event message. |
| CSCwc89328 | Device might Reboot when supporting explicit IV joins network |
| CSCwb52324 | Device unexpected reload due to QFP ucode crash |
| CSCwd05356 | Device observing Error %HW_FLOWDB-3-HW_FLOWDB_DBLINSTALL_FEATOBJ |
| CSCwd61255 | Data Plane Crash on device when Making QOS Configuration Changes |
| CSCwb04815 | NHRP process taking more CPU because of FlexVPN event trace |
| CSCwc22314 | Traffic not being rewritten by NAT |
| CSCwd01326 | Device crashes with SIGABRT within cio infra under heavy load |
| CSCwd30578 | Wired guest client stuck at IP_LEARN with dhcp packets not forwarded out of the foreign to anchor |
| CSCwd71584 | DSPware 58.5.2 release |
| CSCwb73395 | Need CLI option to disable ALG |
| CSCwd27876 | Reload occurring on a device acting as hub FlexVPN when establishing IPSEC tunnels |
| CSCwc54463 | Device is down when high CPU noticed |
| CSCwc72923 | ERROR info: Device configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt |
| CSCwc84967 | Intermittent double DTMF due to changing timestamp on a DTMF event |
| CSCwb08057 | Number of lite sessions conversion in progress counter not decrementing on failed account-logon |
| CSCwd47123 | Device uses identifier mac-address 0000.0000.0000 when DHCP LQ does not reply |
| CSCwb32635 | Device file is incomplete when running admin-tech |
| CSCwd72312 | GETVPN : Traffic drops seen on GM after rekey installing policies on latest image |
| CSCwa13926 | IOSXE_SPA-3-UNSUPPORTED_DATA: Data conversion error (media type, 0x172) |
Open Bugs for Cisco IOS XE Bengaluru 17.6.5
| Bug ID | Headline |
|---|---|
| CSCwd79089 | Device crash when sending full line rate of traffic with >5 Intel AX210 stations |
| CSCwd90168 | Unexpected Reload after running show voice dsp command while an ISDN Call Disconnects |
| CSCvq81894 | Check nexthop reachability before installing route for a prefix |
| CSCwb99084 | OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site |
| CSCwb89958 | Unified Policy HSL not sending properly NBAR application information. |
| CSCwd89338 | Clear ISG existing lite-session upon reception of DHCP packet for same client |
| CSCwd71458 | Outgoing number of bytes decrease in device interface |
| CSCwc56033 | Not triggering any alarms when RPM of a fan is 0 |
| CSCwd49177 | ISG: L2-connected subscriber: IPv6 prefix delegation is not reachable when packet are switched |
Open and Resolved Bugs for Cisco IOS XE Bengaluru 17.6.4
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool , each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential. |
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
Resolved Bugs for Cisco IOS XE Bengaluru 17.6.4
| Bug ID | Headline |
|---|---|
| CSCwb95559 | Packet sanity failed for resolution reply on spoke due to missing SMEF capability |
| CSCvz93712 | VFR is enabled by feature NAT but there is no NAT configured on the interface |
| CSCwa84919 | Revocation-check crl none does not failover |
| CSCwb25137 | [XE NAT] Source address translation for multicast traffic fails with route-map |
| CSCwb02142 | Traceback: fman_fp_image core after clearing packet-trace conditions |
| CSCwb32059 | Cellular interface tracker down but NAT route persists in the Service VPN Routing Table |
| CSCvz98547 | Device should not show warning message during reload |
| CSCwc06967 | IOS PKI client uses incorrect search filter for CRL retrieval using LDAPv3 |
| CSCwc37320 | RP Switchover Causes linecard NFS mount failure resulting in memory leak |
| CSCwb05743 | Crash seen with umbrella config during soak run |
| CSCvz83016 | BFD tunnel uptime not showing correct values post upgrade |
| CSCwb43605 | Device crash during RIB-out attribute aspath/community processing |
| CSCwc13013 | IPSec key engine process holding memory continuously and not freeing up |
| CSCwb90470 | Device crashed with last reload reason critical process cxpd fault. |
| CSCwb73511 | Device is not able to bring up SIG tunnels after reboot |
| CSCwa97951 | Basic feature template fails on device with TenGig interface due to negotiation auto |
| CSCwa67886 | UDP based DNS resolution doesn't work with IS-IS EMCP on IOS-XE |
| CSCwb85046 | Device reloads when group-range is configured under an interface Group-Async |
| CSCwc39881 | Certificate signing request generated from device contains "/" in common name |
| CSCvz23982 | IOS sending up event for the sub interface which is in down state |
| CSCvx93283 | Service chain is not created when tracking is disabled |
| CSCvx18302 | Speed test to internet failing on devices |
| CSCvz99832 | Device per class BFD - echo response pkts |
| CSCwb08636 | IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error seen for TLOCExt setup after upgrade |
| CSCvx74917 | DNS Packets are not redirected to configured custom DNS after Umbrella template edit |
| CSCwa72273 | ZBFW dropping return packets from device post upgrade. |
| CSCwa98144 | No negotiation auto command changing to negotiation auto after reload |
| CSCwa64955 | Device loses control connections after installing new enterprise hardware cert |
| CSCwa92137 | Device is changing ICMP ID in ICMP echo replies intermittently |
| CSCwa49721 | Device with firewall configured incorrectly dropping return packets when routing between VRFs |
| CSCwa81471 | AOM pending objects with loopbacks binded to tloc-extended interfaces |
| CSCwb49857 | Memory leaks on keyman process when key is not found |
| CSCwb76866 | CSDL failure: Use of MD5 by IPSEC key engine is denied |
| CSCwb16723 | Traceroute not working on device with NAT |
| CSCwb55683 | Large number of IPSec tunnel flapping occurs when underlay is restored |
| CSCwa80826 | Device running crypto ipsec policy installation fails |
| CSCwb83376 | Device endpoint-tracker cannot be configured on a 100G interface |
| CSCwc13304 | Per-tunnel QoS counters and shapers not working for some bfd tunnel with stale nh_overlay objects |
| CSCwa67398 | NAT translations do not work for FTP traffic |
| CSCwb78173 | CSDL failure: IPSec QM Use of DES by encrypt proc is denied |
| CSCwb71658 | Traceback seen on devices after enabling ipsec_pwk and reboot |
| CSCwb76170 | IPsec SIG auto tunnels are not coming up |
| CSCwb41907 | CPP uCode crash due to ipc congestion from dp to cp |
| CSCwb74917 | Device incorrectly drops ip fragments due to reassembly timeout |
| CSCwb91729 | Fix mishandling of policy sequence programming failures and notify with syslog/notification |
| CSCwc25854 | Device ucode crash due to SIGABRT from bnxt_start_xmit |
| CSCvy54048 | CPP unexpected reboot While Freeing CVLA Chunk |
| CSCwa30857 | Internet speed test with Loopback binding mode doesn't work with implicit ACL drop for return traffic |
| CSCwb14020 | Serial interface stuck in line protocol is down state after it went down and it is recovered |
| CSCwa98545 | Checks of route leaks creates memory corruption. |
| CSCwb46649 | NAT translation dont show (or use) correct timeout value for an established TCP session |
| CSCwa08847 | ZBFW policy stops working after modifying the zone pair |
| CSCwc33311 | Device crash @ imgr_n2_ipsec_sa_ctx_register |
| CSCwb12647 | Device crash for stuck threads in cpp on packet processing |
| CSCwc04688 | Device crash observed after enabling NWPI trace with IPv6 traffic |
| CSCwb78290 | CISCO MIB request gives results intermittently |
| CSCwb76988 | IKEv2 fragmentation causes wrong message ID used for EAP authentication |
| CSCvw50622 | Nhrp network resolution not working with link-local ipv6 address. |
| CSCwb59736 | BFD tunnel are zero with device |
| CSCwa57873 | Incorrect reload reason - Last reload reason: LocalSoft for Netconf Initiated request |
| CSCvz37340 | The [service timestamps log datetime msec localtime] command cannot be pushed via CLI Addon template |
| CSCwb99793 | CRL verification failure result 400 Bad Request with DigiCert |
| CSCwa25256 | Installing new enterprise cert does not remove old cert causing device to use old cert |
| CSCwb51595 | Missing IOS config (voice translation rule) on upgrade |
| CSCwb40575 | After upgrade, umbrella DNS config set to NONE in show umbrella config |
| CSCwb18315 | Umbrella DNS security policy doesn't work device with SIG tunnels |
| CSCwb58468 | Sig Autotunnels:tunnel 409 response received |
| CSCwc04289 | Inconsistency between Path MTU Discovery result and Tunnel MTU |
Open Bugs for Cisco IOS XE Bengaluru 17.6.4
| Bug ID | Headline |
|---|---|
| CSCwc62269 | process may fail to start, control connection may fail as DCONFAIL |
| CSCwb62474 | Device may crash when doing speedtest with WAN flapping |
| CSCwc27208 | BFD sessions not coming UP because of ANTI-REPLAY-FAILURES |
| CSCwb74821 | yang-management process confd is not running |
| CSCvz92994 | Lack of MAC address in Inform Event message. |
| CSCwc55260 | Memory leak due to FTMd process |
| CSCwc20170 | Device reloads unexpectedly due to Critical FTMd Fault when VRF Configuration is Pushed |
| CSCwb99084 | OMP routes carrying prepended AS_PATH incorrectly imported into BGP at remote site |
| CSCwb89958 | Unified Policy HSL not sending properly NBAR application information. |
| CSCwc59598 | Sstatistics collection causing service-side BFD to flap on every collection interval |
| CSCwc52538 | Device flows are not distributed and load-balanced evenly and consistently |
| CSCwc22314 | Traffic not being rewritten by NAT |
| CSCwb83236 | Traceback: QFP core after pushing data policy with IPv6 interface |
| CSCwc67465 | Device can not be upgraded |
| CSCwc26669 | TLB miss for lock address during FNF cache lookup |
| CSCwc25291 | NIM-LTE-EA No Data - Requires Subslot Reload to Recover |
| CSCwc63563 | Unable to set specific speed and duplex values on SFP ports on IOS-XE routing platforms |
| CSCwc43973 | DLC is not completing after upgrading to Smart licensing from CSL |
| CSCwc30050 | UTD: Exception in utd_logger.py due to missing extra-data in AMP alert |
| CSCwc23077 | Firewall drop seen stating FirewallL4 seen on device |
| CSCwd36511 | Ping fails to VRRP virtual IP address. |
Open and Resolved Bugs for Cisco IOS XE Bengaluru 17.6.3a
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool , each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential. |
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
Resolved Bugs for Cisco IOS XE Bengaluru 17.6.3a
| Caveat ID Number | Description |
|---|---|
| CSCvy63924 | Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command. |
| CSCvx40516 | ZBFW + NAT: Traffic flow In2Out scenario failed |
| CSCvy73165 | 10G interfaces supports multirate:Mismatch in autoneg/speed in sh run and sh sdwan run |
| CSCwa26509 | Shut/no shut of endpoint-tracker attached tunnel, doesn't create probe again on 17.6.2 |
| CSCvz98373 | ZBFW : FirewallPolicy drops seen with RTSP traffic in steady state |
| CSCvz99404 | AclDrop seen on non-SDWAN interface after upgrade to 17.6.1 |
| CSCvw67366 | Punt keepalive crashed due to bqs related interrupt |
| CSCvz73202 | C8500-12X TCAM parity error - SDRA : CPP crash on scaling to 5K RA sessions |
| CSCvz71436 | Call Placing issue from SCCP phones |
| CSCvy69846 | Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device |
| CSCvy57681 | Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit |
| CSCvz86591 | VRF-aware static NAT with route-map and reversible not working |
| CSCwa10915 | Elephant flow will trigger performance monitor exporting more than 50% byte loss |
| CSCwa36699 | Prefetch CRL Download Fails |
| CSCvz67279 | SELINUX-5-Mismatch Log |
| CSCvz62032 | Attach gateways failed in cloud express |
| CSCvz59621 | MKA Session not coming up on EVC |
| CSCvz87460 | MD5 signature does not match failure while upgrading to 17.3(1r) rommon |
| CSCwa19074 | Infinite output from command show sdwan tunnel sla |
| CSCwa80474 | IKEv2 Deprecated Ciphers denied by Crypto Engine CDSL - Cicso PSB Security Compliance |
| CSCvv82985 | dhcpv6_relay:dhcp-client on branch not receive ipv6 address |
| CSCwa76260 | IKEv2 Deprecated Ciphers denied by Crypto Engine CDSL - Cicso PSB Security Compliance |
| CSCvt66541 | Crypto PKI-CRL-IO process crash when PKI trustpoint is being deleted |
| CSCwa11150 | E1 configurations (under Serial interface) lost after reload. |
| CSCwa30988 | CoS preservation not working for the services EVPL and EPL tunnel |
| CSCvz65545 | ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535 |
| CSCvz41647 | Partial multicast drops are seen after a failover event in a site with two cedges |
| CSCvz76277 | Hostname not allowed beginning with numbers |
| CSCvz34668 | Static mapping for the hub lost on one of the spokes |
| CSCvz84437 | Unexpected reload due IPV6 UDP fragment header in VxLAN |
| CSCwa15085 | Router Crash due to Stuck Thread with appnav-xe dual controller mode. |
| CSCvx28426 | Router may crash due to Crypto IKMP process |
| CSCwa18177 | Flapping bidirectional/unidirectional packet capture option with ipv4 filter for long time failed |
Open Bugs for Cisco IOS XE Bengaluru 17.6.3a
| Caveat ID Number | Description |
|---|---|
| CSCvz93712 | VFR is enabled by feature NAT but there is no NAT configured on the interface |
| CSCvy72970 | Active ftp not working with UTD+HTX for security and Unified policy. |
| CSCwa39336 | Cannot transfer files |
| CSCvz98547 | Platforms should not show warning message during reload |
| CSCwb20089 | ESP crashes after enable platform debug for Cloud onRamp for SaaS |
| CSCvx74917 | DNS Packets are not redirected to configured Custom DNS after Umbrella Template Edit |
| CSCwb00533 | Traffic is getting dropped/blackholed due to OCE_ADJ_DROP reason. |
| CSCwa98144 | C8500L-8S4X - No negotiation auto command changing to negotiation auto after reload |
| CSCwb25913 | After configuring match input-interface on class-map, router goes into a reboot loop |
| CSCvz94966 | Throughput drop of 10% from 17.3 to 17.6 Release |
| CSCwb03455 | Inter-vrf route leaking not working and packet drop seen due to Ipv4Unclassified |
| CSCwa72273 | ZBFW dropping return packets from Zscalar tunnel post cedge upgrade to 17.3.4. |
| CSCvz91913 | C8500-12X4QC: Bay 2 startup config of 40Gbps not applied on reload |
| CSCwa68471 | Traceback: CPP ucode core generated after HSRP priority change |
| CSCvz31901 | Cisco makefile changes to build the PHY API SW 4.67.05 |
| CSCwa49721 | Hub with firewall configured incorrectly dropping return packets when routing between VRFs |
| CSCwb18223 | SNMP v2 community name encryption problem |
| CSCwb08186 | E1 R2 - dnis-digits cli not working |
| CSCwa81471 | AOM pending objects with loopbacks binded to tloc-extended interfaces |
| CSCvz28950 | DMVPN phase 2 connectivity issue between two spokes |
| CSCvy54048 | CPP Unexpected Reboot While Freeing CVLA Chunk |
| CSCvz62601 | High CPU on LC process mcpcc-lc-ms and link flaps |
| CSCwa98545 | Checks of route leaks creates memory corruption. |
| CSCwa94158 | C8500 media type is not correct after removing an SFP |
| CSCvz08674 | Device rebooted 2 time with CPP 0 failure Stuck Thread |
| CSCwa76875 | After configuring match input-interface on class-map, router goes into a reboot loop |
| CSCwa08847 | ZBFW policy stops working after modifying the zone pair |
| CSCwa26599 | FN980 new signed Telit modem firmware FN980M_38.02.X92 upgrade failed |
| CSCwa29964 | SCEP fails if AAAA DNS repy is received and source interface has no IPv6 address |
| CSCwb02142 | Traceback: fman_fp_image core after clearing packet-trace conditions |
| CSCwb32635 | File is incomplete when running admin-tech |
| CSCvz55275 | Show DMVPN command displays incorrect state |
| CSCwa74499 | ZBFW seeing the SIP ALG incorrectly dropping traffic and resetting connection |
| CSCvz95158 | IPSec Led doesn't lit even though module is correctly installed |
| CSCvz74322 | "Shutdown" command visible in running config after reload |
| CSCwb18315 | Umbrella DNS security policy doesn't work |
Open and Resolved Bugs for Cisco IOS XE Bengaluru 17.6.2
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool , each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential. |
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
Resolved Bugs for Cisco IOS XE Bengaluru 17.6.2
|
Caveat ID Number |
Description |
|---|---|
|
ASR1001-X: Bug to further address CSCvt08179 : QFP crash due to hardware interrupt |
|
|
SSH to Loopback not working |
|
|
control connection to the edege device doesnt come up with v6 and reverse proxy |
|
|
CVLA need to reserve at least 50M memory for low-end DRAM platform |
|
|
Ucode crash observed at tw_bad_timer_bucket () at ../../../infra/tw_timer.c:918 |
|
|
Crash triggered by "crypto gdoi ks rekey replace-now" |
|
|
QOS-3-INVALID_BQS_QUEUE_INFO: Drop policy given an invalid scheduling queue/wred 0/0 -Traceback |
|
|
Crash when getting cdspCardStatusEntry OID |
|
|
OSPFv3 adjacency won't come up after "ospfv3 authentication ipsec" is applied on Tunnel interface |
|
|
C8500 QFP FirewallNonsession drops when starting 80K flows |
|
|
LA LED turns green when just inserted SFP-10G-LR on ISR4k without cable connecting |
|
|
SCCP gateway auto configuration download results in an incomplete configuration. |
|
|
Need Active/Active ZBFW support for Inter-vrf TCP traffic |
|
|
IPV6 route is breaking control connection. |
|
|
AppQoE DP stats for active connections shows huge bogus value |
|
|
OMP continues to redistribute BGP route with down bit set (SoO) |
|
|
Multicast boundary command on tunnel interface DMVPN network is sending ttl=1 packet |
|
|
Router does not boot on recent 16.X releases with large service policy applied on the interface. |
|
|
FireWall Policy Drops are seen when the OG/ACE's are reconfigured multiple times |
|
|
Bootstrap aaa config issues due to default aaa config |
|
|
IP NAT source static does not work for TCP traffic from OUT to IN |
|
|
C8500L: Overruns happening when flow-control enabled |
|
|
17.6.1_auto:SNMP failure on bfdSessionsListSystemIp |
|
|
Static NAT entry is injecting a route to Null0 |
|
|
FNF: Reload due to a memory allocation failure in cEdge |
|
|
flow monitor statistics missing when reloading with configuration |
|
|
no ip nbar resources flow max-session does not restore default platform session limits |
|
|
Data plane crash seen on C8200-UCPE-1N8 with upgrade of c8kv from 17.5.1 to 17.6.1 build |
|
|
Inbound fax T38 switchover on MGCP GW sending an m line of audio instead of image |
|
|
VLAN IP config missing on bootup due to missing startup configs |
|
|
Flow-Control Goes down when configurating manual speed and remove the auto negotiation |
|
|
ZBFW : ARStandby drops seen on New Active during RG switchover |
|
|
Data-policy direction-all with empty action is causing to ignore app-route-policy |
|
|
Zscaler SIG tunnels not coming up after reboot due to HTTP/RESP/CODE 400 |
|
|
Failure to start (on RP2) iox app-hosting application |
|
|
Extranet local switch crash when mdata is enabled. |
|
|
memory leak with fman_cc process when SM-X-G4M2X module installed |
|
|
ASR1001-X: Bug to further address CSCvt08179 : QFP crash due to hardware interrupt |
|
|
vBond connections continuously flapping on edge devices. |
|
|
SSH to Loopback not working |
|
|
control connection to the edege device doesnt come up with v6 and reverse proxy |
|
|
CVLA need to reserve at least 50M memory for low-end DRAM platform |
|
|
Ucode crash observed at tw_bad_timer_bucket () at ../../../infra/tw_timer.c:918 |
|
|
Catalyst 8300 flooded with Tx Unit Hang messages |
|
|
Crash triggered by "crypto gdoi ks rekey replace-now" |
|
|
QOS-3-INVALID_BQS_QUEUE_INFO: Drop policy given an invalid scheduling queue/wred 0/0 -Traceback |
|
|
Crash when getting cdspCardStatusEntry OID |
|
|
OSPFv3 adjacency won't come up after "ospfv3 authentication ipsec" is applied on Tunnel interface |
|
|
SD-WAN policy is not correctly programmed in cEdge |
|
|
C8500 QFP FirewallNonsession drops when starting 80K flows |
|
|
LA LED turns green when just inserted SFP-10G-LR on ISR4k without cable connecting |
|
|
SCCP gateway auto configuration download results in an incomplete configuration. |
|
|
Need Active/Active ZBFW support for Inter-vrf TCP traffic |
|
|
IPV6 route is breaking control connection. |
|
|
AppQoE DP stats for active connections shows huge bogus value |
|
|
cEdge: Multicast UnconfiguredIpv4Fia drop when multicast interworks with service chain/NAT DIA |
|
|
CAT8300 nested IPSec tunnels encryption does not work as expected |
|
|
OMP continues to redistribute BGP route with down bit set (SoO) |
|
|
Multicast boundary command on tunnel interface DMVPN network is sending ttl=1 packet |
|
|
"show sdwan tunnel statistics bfd" and "clear sdwan tunnel statistics" issues |
|
|
vSmart crash on ompd process |
|
|
Router does not boot on recent 16.X releases with large service policy applied on the interface. |
|
|
ISR4K with NIM-ES2 "no igmp snooping vlan x" is not preserved after reload. |
|
|
Cat8kv - Incorrect static route for primary interface during deployment resulting in unreachability |
|
|
FireWall Policy Drops are seen when the OG/ACE's are reconfigured multiple times |
|
|
Bootstrap aaa config issues due to default aaa config |
|
|
IP NAT source static does not work for TCP traffic from OUT to IN |
|
|
C8500L: Overruns happening when flow-control enabled |
|
|
17.6.1_auto:SNMP failure on bfdSessionsListSystemIp |
|
|
Static NAT entry is injecting a route to Null0 |
|
|
FNF: Reload due to a memory allocation failure in cEdge |
|
|
flow monitor statistics missing when reloading with configuration |
|
|
MT: Template push with thousand eye feature failed for ISR4461 after PnP workflow |
|
|
no ip nbar resources flow max-session does not restore default platform session limits |
|
|
cedge ISR4221 cpp_cp_svr crash in ZBF component |
|
|
ISR1100 - cedge: Tx queue hang issue on RJ45 ports |
|
|
SDWAN tunnels are not coming up in Multilink Frame relay sub-interface |
|
|
VG450 Crashes Repeatedly in IOSd due to HTSP |
|
|
Data plane crash seen on C8200-UCPE-1N8 with upgrade of c8kv from 17.5.1 to 17.6.1 build |
|
|
Inbound fax T38 switchover on MGCP GW sending an m line of audio instead of image |
|
|
VLAN IP config missing on bootup due to missing startup configs |
|
|
Flow-Control Goes down when configurating manual speed and remove the auto negotiation |
|
|
ZBFW : ARStandby drops seen on New Active during RG switchover |
|
|
Data-policy direction-all with empty action is causing to ignore app-route-policy |
|
|
Zscaler SIG tunnels not coming up after reboot due to HTTP/RESP/CODE 400 |
|
|
Failure to start (on RP2) iox app-hosting application |
|
|
Extranet local switch crash when mdata is enabled. |
|
|
ISR4k:BFD scaling: Not able to scale more that 2048 BFD sessions |
|
|
cEdge crash with sdwan overlay multicast: "CPU Usage due to Memory Pressure exceeds threshold" |
|
|
memory leak with fman_cc process when SM-X-G4M2X module installed |
Open Bugs for Cisco IOS XE Bengaluru 17.6.2
|
Caveat ID Number |
Description |
|---|---|
|
dhcpv6_relay:dhcp-client on branch not receive ipv6 address |
|
|
ASR1002-X: Punt keepalive crashed due to bqs related interrupt |
|
|
Router may crash due to Crypto IKMP process |
|
|
Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit |
|
|
Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command. |
|
|
Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device |
|
|
Active ftp not working with UTD+HTX for security and Unified policy. |
|
|
ASR 1000 fails to install rekey causing traffic drop |
|
|
DMVPN phase 2 connectivity issue between two spokes |
|
|
ASR 1000: Cisco makefile changes to build the PHY API SW 4.67.05 |
|
|
The [service timestamps log datetime msec localtime] command cannot be pushed via CLI Addon template |
|
|
Ucode crash due to NAT proxy timeout |
|
|
Memory leak at FTMD SDWAN running 17.03.02 |
|
|
ASR 1001X crash at CFT after scaling up to 4M flows when internet link up from 2Gbps to 10Gbps |
|
|
MLP cpp crash cause both FP cpp to lock and stuck in disconnecting |
|
|
IOS-XE unable to export elliptic curve key |
|
|
ASR1000-MIP100 / IOS XE 17.3.2 / high CPU on LC process mcpcc-lc-ms and link flaps |
|
|
ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535 |
|
|
SELINUX-5-Mismatch Log on ASR1002HX and 8500 Platforms |
|
|
"Shutdown" command visible in running config after reload of ASR 1002-HX |
|
|
Hostname not allowed beginning with numbers |
|
|
FTMD message error |
|
|
8500L // 17.6.1a// Unexpected reload due IPV6 UDP fragment header in VxLAN |
|
|
ASR 1000-RP2|VID>V07|16.9.7 MD5 signature does not match failure while upgrading to 17.3(1r) rommon |
|
|
dhcpv6_relay:dhcp-client on branch not receive ipv6 address |
|
|
ASR1002-X: Punt keepalive crashed due to bqs related interrupt |
|
|
Router may crash due to Crypto IKMP process |
|
|
Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit |
|
|
Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command. |
|
|
Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device |
|
|
Active ftp not working with UTD+HTX for security and Unified policy. |
|
|
ASR fails to install rekey causing traffic drop |
|
|
DMVPN phase 2 connectivity issue between two spokes |
|
|
ASR1K: Cisco makefile changes to build the PHY API SW 4.67.05 |
|
|
The [service timestamps log datetime msec localtime] command cannot be pushed via CLI Addon template |
|
|
Ucode crash due to NAT proxy timeout |
|
|
ASR1001X crash at CFT after scaling up to 4M flows when internet link up from 2Gbps to 10Gbps |
|
|
MLP cpp crash cause both FP cpp to lock and stuck in disconnecting |
|
|
IOS-XE unable to export elliptic curve key |
|
|
ASR1000-MIP100 / IOS XE 17.3.2 / high CPU on LC process mcpcc-lc-ms and link flaps |
|
|
ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535 |
|
|
SELINUX-5-Mismatch Log on ASR1002HX and 8500 Platforms |
|
|
"Shutdown" command visible in running config after reload of ASR 1002-HX |
|
|
Hostname not allowed beginning with numbers |
|
|
SDWAN Router Crashed "Critical process qfp_ucode_csx fault on fp_0_0 (rc=139)" |
|
|
FTMD message error |
|
|
8500L // 17.6.1a// Unexpected reload due IPV6 UDP fragment header in VxLAN |
|
|
ASR 1000-RP2|VID>V07|16.9.7 MD5 signature does not match failure while upgrading to 17.3(1r) rommon |
Open and Resolved Bugs for Cisco IOS XE Bengaluru 17.6.1a
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool , each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential. |
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
Resolved Bugs for Cisco IOS XE Bengaluru 17.6.1a
|
Caveat ID Number |
Description |
|---|---|
|
GETVPN: Clearing members on Key Server causing rekey processing failure on GMs |
|
|
Crash when issuing "show crypto isakmp peers config" |
|
|
C8500-12X4QC: Traffic drops on 10G interface with large packet size 9000bytes with High priority. |
|
|
cannot remove NAT configuration from the template in a single operation if NAT translation is active |
|
|
Wrong reload reason reflected after a power outage. |
|
|
cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging |
|
|
fman_fp_image crashed with ZBFW config change |
|
|
ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent |
|
|
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed due to ip rtp header-compression iphc-format |
|
|
Data plane VPLS traffic generating Control Word on all Label Switched Headers |
|
|
PWK - Overlay tunnel goes down with overnight traffic (No Crash) |
|
|
[DMM/SLM test issue] CFM crash when using physical port, DMM/SLM doesn't work on EVC |
|
|
IPv6 DMVPN - NBMA address not getting preserved |
|
|
[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled |
|
|
A router may crash when processing an NHRP packet |
|
|
An IOS XE device might crash at DoubleExceptionVector |
|
|
"insufficient resources" NHRP-ERROR while receiving small rate of NHRP Resolution Requests/second |
|
|
Packets dropped due to firewall + data policy interop issue |
|
|
SCEP: CA server fails to rollover CA certificate with error: "Storage not accessible" |
|
|
NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut |
|
|
c8500L platform: USB Drive not getting detected |
|
|
vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset |
|
|
Router may crash under ZBF configuration (cpp_cp_svr) |
|
|
Software MTP should support encrypted TLS connection |
|
|
BFD tunnels stuck in down state after port-hop |
|
|
Poor IPsec throughput performance with IPsec throughput license on IOS-XE routers |
|
|
CSDL failure when it should be allowing RSA keys with 1024 length. |
|
|
IOS-XE cpp ucode crash with fragmented packets |
|
|
C8500-12X4QC /1hx-Interface doesn't come up when reboot/upgrade device with autoneg enabled on 10G SFP+ Port |
|
|
"Best of Worst" Fallback mode causes reachability issue when routes flap |
|
|
On MTT vManage system IP persists after invalidating and deleting the edge devices. |
|
|
CPP ucode crash with route-map and overload at ipv4_nat_rmap_walk_find. |
|
|
vManage fails to push template - interface config stuck |
|
|
adding multilink frame relay sub-interface to SDWAN fails; "Aborted: application error" |
|
|
Data-policy local-tloc with app-route is dropping packets when SLA is not met |
|
|
[FNF] Need to force DTL read after PLU lookup in fnf_build_do_ipv4_fast |
|
|
BFD tunnel uptime not showing correct values post upgrade to 17.6.01 |
Open Bugs for Cisco IOS XE Bengaluru 17.6.1a
|
Caveat ID Number |
Description |
|---|---|
|
Cellular interface lte Network Selection Mode switches to auto following a reload |
|
|
On MTT vManage system IP persists after invalidating and deleting the edge devices. |
|
|
Active ftp not working with UTD+HTX for security and Unified policy. |
|
|
17.6: AAR not working properly as configured SLA classes are not shown under app-route stats |
|
|
BFD session flap/down while control connection with vManage is going down |
|
|
Router unexpectedly routes traffic with broadcast dst MAC |
|
|
ReassTimeout drops with NAT in Port-Channel. |
|
|
low-bandwidth-link doesn't reduce number of BFD packets |
|
|
FireWall Policy Drops are seen when the OG/ACE's are reconfigured multiple times |
|
|
NetApp: Issues with traffic does not get forwarded via TLOC extended interface |
|
|
SSL VPN fails to establish if 'match url' is configured under crypto ssl profile |
|
|
DMVPN phase 2 connectivity issue between two spokes |
|
|
After uploading the serial file list to the vmanage, the edges lost Control Con. and BFD sessions |
|
|
cEdge reboot due to "Critical process fman_fp_image fault on fp_0_0 (rc=134)" |
|
|
OSPFv3 IPSec encryption failure when IPv4 address-family not configured in VRF |
ROMmon Release Requirements
Use the following table to determine the ROMmon version required for the following Catalyst 8500 models:
-
C8500-12X4QC
-
C8500-12X
|
DRAM |
ROMmon version |
|---|---|
|
16 GB(default) |
17.2(1r) |
|
32 GB |
17.2(1r) |
|
64 GB |
17.3(2r) |
In case of C8500L-8S4X platform, the ROMmon image is bundled with the IOS XE image which ensures that when the device is booted up with Cisco IOS XE 17.10.1a software, the ROMmon image is also automatically upgraded to the latest version. For Cisco IOS XE Polaris 17.10.1a release, the ROMmon version is 17.10(1r).
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback