Release Notes for Cisco IOS XE SD-WAN Device, Cisco IOS XE Release Amsterdam 17.3.x


Note

The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.


These release notes accompany the Cisco IOS XE Release Amsterdam 17.3.x, which provides Cisco SD-WAN capabilities. They include release-specific information for Cisco vSmart Controllers, Cisco vBond Orchestrators, Cisco vManage, as applicable to Cisco IOS XE SD-WAN devices.

For release information about Cisco vEdge Devices, refer to Release Notes for Cisco vEdge Devices, Cisco SD-WAN Release 20.3.x.

What's New for Cisco IOS XE Release Amsterdam 17.3.x

This section applies to Cisco IOS XE SD-WAN devices.

Cisco is constantly enhancing the SD-WAN solution with every release and we try and keep the content in line with the latest enhancements. The following table lists new and modified features we documented in the Configuration, Command Reference, and Hardware Installation guides. For information on additional features and fixes that were committed to the SD-WAN solution, see the Resolved and Open Bugs section in the Release Notes.

Table 1. Cisco IOS XE Release 17.3.2
Feature Description

Systems and Interfaces

Support for Dialer Interface in DSL

This feature enables tracking of a Point-to-Point Protocol (PPP) session over a dialer interface on Cisco IOS XE SD-WAN devices.

Dialer interface is used in Digital Subscriber Line (DSL) in the deployments of Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA). Dialer interface always stay up irrespective of the PPP session status. This helps to avoid the need for additional configuration such as IP SLA and tracking for routing failover to work while using dialer interfaces.

The command dialer down-with-vInterface is added to bring down the dialer interface when the PPP session goes down.

Routing

OSPFv3 Support on Cisco IOS XE SD-WAN Devices

Open Shortest Path First version 3 (OSPFv3) is an IPv4 and IPv6 link-state routing protocol that supports IPv6 and IPv4 unicast address families.

Multicast over L3 TLOC Extension

This feature enables support for transport location (TLOC) which allows addition of the peers transport to avoid the extra cost of additional IP and allows the use of dynamic load balance across multiple transports.

Cloud OnRamp

Transit Gateway Peering

This feature enables the ability to establish peer connections between transit gateways in different AWS regions. With this feature, you can connect to various Transit Virtual Private Clouds (TVPCs) and on-premise networks using a single gateway. The ability to peer transit gateways between different AWS regions enables you to extend the connectivity and build global networks spanning multiple other regions. To support inter-region connectivity, mapping and audit functions are enhanced.

Policies

NAT Fallback on Cisco IOS XE SD-WAN Devices

Cisco IOS XE SD-WAN devices support the NAT fallback feature for Direct Internet Access (DIA). The NAT fallback feature provides a routing-based mechanism for all traffic that is sent to the DIA route to use an alternative route when required. With this release, fallback is supported on the service and tunnel side.

Table 2. Cisco IOS XE Release 17.3.1a
Feature Description

User Documentation and Interactive Help in Cisco vManage

User Documentation

Starting from this release, we've restructured the listing page of our configuration guides to display category-wise book and chapter contents. This new page lets you switch between releases using the View Documents by Release drop-down list.

Interactive Help in Cisco vManage

This feature helps you navigate Cisco vManage and complete vManage procedures using guided workflows. The Interactive Help points to elements within the Cisco vManage interface and shows you where to click next and what to do to complete a selected workflow.

Cisco SD-WAN Getting Started

Generate a Bootstrap File For Cisco IOS XE SD-WAN Devices Using the CLI

This feature enables you to generate a minimum bootstrap configuration file directly on a device, that enables a device to reconnect to the controller in case the full configuration is ever lost or removed.

Cisco SD-AVC Cloud Connector

When enabling Cloud onRamp for SaaS to manage Office 365 traffic, you can limit best path selection to apply only to some Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft, or to include all Office 365 traffic.

The Cisco SD-AVC Cloud Connector provides support for this functionality.

On Premises ZTP Server for Cisco SD-WAN

This feature extends the on-premise Plug and Play implementation support to Cisco IOS XE SD-WAN routers.

Device Onboarding Enhancement

Starting from Cisco vManage Release 20.3.1 you can onboard a device to Cisco vManage by directly uploading a .csv file containing details of your device, from your system.

Cisco vManage Cluster Upgrade

This feature outlines the upgrade procedure for Cisco vManage servers in a cluster to Cisco vManage Release 20.3.1.

Systems and Interfaces

Configure a Router as an NTP Primary

This feature lets you configure a supported router as an NTP primary router. Other nodes in a Cisco SD-WAN deployment synchronize their clocks to the NTP primary router. This configuration is useful if you do not have an NTP server in your deployment.

Export vManage Audit Log as Syslog

The Cisco vManage NMS exports audit logs in syslog message format to a configured external syslog server. This feature allows you to consolidate and store network activity logs in a central location.

Hardened Passwords

This feature enables password policy rules in Cisco vManage. Once enabled, Cisco vManage enforces the use of strong passwords.

Configure Sessions in Cisco vManage

This feature lets you see all HTTP sessions open within Cisco vManage. It gives you details about the username, source IP address, domain of the user, and other information. A user with User Management Write access, or a netadmin user can trigger a log out of any suspicious user's session.

You can set client session timeouts, session lifetimes, server session timeouts, and enable the maximum number of user sessions in Cisco vManage.

Posture Assessment Support

Identity Services Engine (ISE) Posture functions are intergrated into Cisco 1100 Integrated Services Routers. This feature enables you to utilize Posture Assessment capabilities to validate the compliance of endpoints according to security policies of your enterprise.

For Cisco vManage Release 20.3.1 this feature can only be configured using CLI Add-On feature templates in Cisco vManage.

Remove Certificate SUDI requirement.

This feature allows you to use a subject SUDI serial number instead of a certificate serial number to add a device to a Cisco SD-WAN overlay network.

Integration with Cisco Unified Communications

This release adds support for using a feature template to enable Cisco IP-based media services.

Dynamic On-Demand Tunnels

This feature enables you to configure an Inactive state for tunnels between edge devices, reducing performance demands on devices and reducing network traffic.

Static Route Tracker for Service VPNs

This feature enables you to configure IPv4 static route endpoint tracking for service VPNs.

For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device.

To configure Static Route Tracking on Cisco vManage, configure an endpoint tracker using Cisco System template, and Configure a static route using the Cisco VPN template.

NAT DIA Tracker for Cisco IOS XE SD-WAN Devices

This feature allows you to configure a system tracker to probe the transport interface periodically to determine if the Internet or external network becomes unavailable.

You can configure DIA Tracker using the Tracker tab of the Cisco System template.

You can apply the tracker to a transport interface using either Cisco VPN Interface Ethernet or Cisco VPN Interface Cellular templates.

Service Side NAT on Cisco IOS XE SD-WAN devices

This feature allows you to configure inside and outside NAT on data traffic traveling to and from the service-side hosts of the network overlay.

The service-side NAT configuration allows you to translate the source IP addresses for data traffic from service- side hosts to the overlay and traffic from the overlay to service-side hosts.

To configure service-side NAT using Cisco vManage, configure a centralized data policy using the Configure > Policies, and configure a dynamic NAT Pool and Static NAT address using the Service VPN template.

Qualified Commands for Cisco IOS XE Release Amsterdam 17.3.1a

Starting Cisco IOS XE Release 17.3.1a, you can use additional commands in CLI Add-on feature templates.

Routing

BGP Community Propagation

This feature enables propagation of BGP communities between routing protocols during route redistribution. One one node, the OMP redistributes routes from BGP and on the other node, the OMP redistributes node into BGP. The BGP AS Path is propagated over OMP so that it can be preserved between Cisco SD-WAN nodes. The BGP community propagation helps in propagating BGP communities between Cisco SD-WAN sites, across VPNs using OMP redistribution.

OMP Route Aggregation

This feature is an enhancement where OMP route aggregation is performed only for the routes that are configured for route redistribution to avoid black hole routing. This enhancement is applicable for OSPF, Connected, Static, BGP and other protocols only if the redestribution is requested.

Route Leaking Between Global VRF and Service VPNs

This feature enables you to leak routes bidirectionally between the global VRF and service VPNs. Route leaking allows service sharing and is beneficial in migration use cases because it allows bypassing hubs and provides migrated branches direct access to non-migrated branches.

BFD for Routing Protocols in Cisco SD-WAN

This feature extends BFD support to BGP, OSPF, and EIGRP protocols in the Cisco SD-WAN solution. BFD provides a consistent failure detection method to detect forwarding path failures at a uniform rate, therefore enabling faster reconvergence time.

Forwarding and QoS

Adaptive QoS

This feature enables WAN interface shapers and per-tunnel shapers at the enterprise edge to adapt to the available WAN bandwidth. The capability to adapt to the bandwidth controls differentiated packet drops at the enterprise edge and reduces or prevents packet drops in the network core.

Policies

Application-Aware Routing Policy Support for Multicast

This feature enables support for configuring application-aware routing policy for multicast traffic on Cisco IOS XE SD-WAN devices based on source and destination, protocol matching and SLA requirement.

Support for six SLA Classes per Policy

This feature allows you to configure up to six SLA classes per policy on Cisco IOS XE SD-WAN devices. This allows additional options to be configured in an application-aware routing policy.

Support for Defining Custom Applications

This feature adds support for defining custom applications.

Service insertion tracker support

This feature extends support for service chaining to Cisco IOS XE SD-WAN devices. On Cisco IOS XE SD-WAN devices and Cisco vEdge devices, it adds a tracking feature that logs the availability of a service.

Security

Support for SGT Propagation with Cisco TrustSec Integration

This feature enables Cisco IOS XE SD-WAN edge devices to propagate Security Group Tag (SGT) inline tags that are generated by Cisco TrustSec-enabled switches in the branches to other edge devices in the Cisco SD-WAN network. While Cisco TrustSec-enabled switches does classification, propagation (inline SGT tagging) and enforcement on the branches, Cisco IOS XE SD-WAN devices carry the inline tags across the edge devices.

Cloud OnRamp

Support for Specifying Office 365 Traffic Categories for Cloud onRamp for SaaS on Cisco IOS XE SD-WAN Devices

This feature updates the existing Cloud onRamp for SaaS configuration workflow for Cisco IOS XE SD-WAN devices. The feature allows you to limit the use of best path selection to some or all Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft.

Integration of AWS Branch with Cisco IOS XE SD-WAN Devices

Cisco SD-WAN Cloud OnRamp for Infrastructure as a Service (IaaS) extends enterprise WAN to public clouds. This multi-cloud solution helps to integrate public cloud infrastructure into Cisco SD-WAN fabric. This feature enables Transit Gateway (TGW) when the standard Cloud OnRamp solution is not sufficient. For example, one host VPC is connected to the Cisco SD-WAN edge router using an Internet Gateway (IGW). If the IGW bandwidth limit is less, then TGW is used for SD-WAN integration. TGW provides a way to interconnect VPCs and VPNs.

Support Catalyst 48Y4C (Cloud OnRamp for Colocation)

This release supports the use of Cisco Catalyst 9500-48Y4C switches in the Cloud onRamp for colocation cluster that enables 80G-200G of bidirectional throughput.

Flexible Topologies (Cloud OnRamp for Colocation)

This feature provides the ability to flexibly insert the NIC cards and interconnect the devices (CSP devices and Catalyst 9500 switches) within the Cloud onRamp for colocation cluster. Any CSP ports can be connected to any port on the switches. The Stackwise Virtual Switch Link (SVL) ports can be connected to any port and similarly the uplink ports can be connected to any port on the switches.

TACACS Authentication (Cloud OnRamp for Colocation)

This feature allows you to configure the TACACS authentication for users accessing the Cisco CSP and Cisco Catalyst 9500 devices. Authenticating the users using TACACS validates and secures their access to the Cisco CSP and Cisco Catalyst 9500 devices.

Network Assurance –VNFs: Stop/Start/Restart (Cloud OnRamp for Colocation)

This feature provides the capability to stop, start, or restart VNFs on Cisco CSP devices from the Colocation Clusters tab. You can easily perform the operations on VNFs using Cisco vManage.

TCP Optimization

TCP Optimization

TCP optimization support extended to Cisco ISR4221, Cisco ISRv, and Cisco 1000 Series Integrated Services Routers. See Supported Platforms for more information.

Monitor and Maintain

Embedded Packet Capture

This feature is an onboard packet capture facility that allows network administrators to capture packets flowing to, through, and from the device and to analyze them locally or save and export them for offline analysis through Cisco vManage. This feature facilitates application analysis, security, and troubleshooting by gathering information about the packet format.

TAC Access

TAC Access to Cisco vManage

When working with the Cisco Technical Assistance Center (TAC) to address an issue in Cisco vManage, users may provide TAC with access to Cisco vManage or TAC teams may access Cisco vManage using the consent token mechanism. In the past, this access has relied on a user account called viptelatac. In this release, two separate user accounts have been added, one with read-only access and one with write access. The accounts use a challenge-response authentication method.

Cisco SD-WAN for Government

Cisco SD-WAN for Government

FedRAMP, the Federal Risk and Authorization Management Program, is a United States-government program that provides a specific set of standards to ensure that a cloud provider meets the requirements to be eligible for use by the U.S. federal government. With Cisco SD-WAN for Government, you can quickly and easily deploy a Cisco SD-WAN overlay network using the Cisco Self-Service Portal. This ensures that your Cisco SD-WAN network meets the stringent requirements of FedRAMP with enhanced security and rapid deployments.

New and Enhanced Hardware Features

New Features

Hardware support added in Cisco IOS XE Release 17.3.2:

  • Cisco Catalyst 8300 Series Edge Platforms

  • Modules on Cisco Catalyst 8300 Series Edge Platforms:

    • 10G Modules

    • SM to NIM Slot Adapter

  • Cisco Catalyst 8500 Series Edge Platforms

  • Cisco Cellular Gateway CG418-E

Important Notes, Known Behavior, and Workaround

  • Cisco IOS XE SD-WAN devices with the SFP-10G-SR module do not support online insertion and removal (OIR) of this module.

  • When you complete a Cisco SD-WAN software downgrade procedure on a device, the device goes into the configuration mode that it was in when you last upgraded the Cisco SD-WAN software on the device. If the device is in a different configuration mode when you start the downgrade than it was when you last upgraded, the device and Cisco vManage show different configuration modes after the downgrade completes. To put the configuration modes back in sync, reattach the device to a device template. After you reattach the device, both the device and Cisco vManage show that the device is in the vManage configuration mode.

  • Cisco vManage Release 20.3.1 implements a hardened security posture to comply with FedRamp guidelines. As a result, your vAnalytics login credentials that are stored locally get erased on upgrading the software, and you cannot access the vAnalytics service directly through Cisco vManage. In this case, log in to vAnalytics using this URL: https://analytics.viptela.com. If you can’t find your vAnalytics login credentials, open a case with Cisco TAC support.

Cisco vManage Upgrade Paths

For information about Cisco vManage upgrade procedure, see Upgrade Cisco vManage Cluster.

Starting Cisco vManage Version Destination Version

19.2.x

20.1.x

20.3.x

18.x/19.2.x

Direct Upgrade

Direct Upgrade

Check disk space*
  • If the disk space is more than 2GB: Direct Upgrade

  • If the disk space is less than 2GB: Step upgrade through 20.1

For cluster upgrade procedure**: request nms configuration-db upgrade

20.1.x

Not Supported

Direct Upgrade

Direct Upgrade

For cluster upgrade procedure**: request nms configuration-db upgrade

20.3.x

Not Supported

Not Supported

Direct Upgrade

20.4.x

Not Supported

Not Supported

Not Supported

*To check the free disk space using CLI,

  1. Use the vshell command to switch to vshell.
  2. In vshell, use the df -kh | grep boot command.
**Cluster upgrade must be performed using CLI
  • Use the following command to upgrade the configuration database. This must be done on only one node that runs configuration-db in the cluster:
    request nms configuration-db upgrade
  • Enter login credentials, if prompted. Login credentials are prompted if all Cisco vManage server establish control connection with each other. After a successful upgrade, all configuration-db services are UP across the cluster and the application-server is started.

Note

The autoscale issue is fixed in Cisco SD-WAN Release 20.3.x. If your device is running on Cisco SD-WAN Release 18.4.x and mapped to a transit VPC, you must skip the upgrade to Cisco SD-WAN Release 19.2.x and Cisco SD-WAN Release 20.1.x, and upgrade directly to Cisco SD-WAN Release 20.3.x.


Resolved and Open Bugs

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Bugs for Cisco IOS XE Release 17.3.4a

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Release 17.3.4a

Bug ID

Description

CSCvu93871

SDWAN 17.3/20.3- Cisco IOS XE SD-WAN device1002HX- FTMD crash during traffic test run

CSCvv53387

Cisco IOS XE SD-WAN device is sending incorrect if index values for the sub-interfaces.

CSCvv92064

App-aware policy need to be honored when queuing is not set by localized policy

CSCvv95280

ASR1001-X may crash when ZBFW HSL(High Speed Logging) is configured

CSCvw23197

BFD sessions go down on Service VPN after UTD is enabled on Cisco IOS XE SD-WAN device

CSCvw42048

c1111 vtcp may cause packet drop for sip packets causing phones to reset

CSCvw81572

Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4

CSCvw83359

AWS:c8kv crashed and reboots if shut/no shut an interface a number of times

CSCvw88098

Cisco IOS XE SD-WAN device crashes while running web traffic testing with security features enabled

CSCvw93490

CSR1000v crashing frequently with Critical software exception error.

CSCvx02009

Cisco IOS XE SD-WAN device running 17.3.2 crashed - Critical software exception / IOSXE-WATCHDOG: Process = SNMP ENGINE

CSCvx11702

C8500-12X4QC: Traffic drops on 10G interface with large packet size 9000bytes with High priority.

CSCvx15750

SD-WAN:Cisco IOS XE SD-WAN device ipsec replay-window size decreases to 128 after a peer reloading

CSCvx21270

SDWAN custom policy that does not looked to be programmed correctly on the Cisco IOS XE SD-WAN device.

CSCvx22449

The FIB is not programmed as per the RIB entries

CSCvx23159

FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed

CSCvx32670

Wrong reload reason reflected after a power outage.

CSCvx34623

SIT : IOS exception seen and ASR reboots when a netconf is issued to get interface details

CSCvx36146

DCHP offer frame getting dropped on Cisco IOS XE SD-WAN device ISR4431 due to Policy

CSCvx36763

Zone Based Firewall on Cisco IOS XE SD-WAN device router dropping web traffic with the reason Zone-pair without policy

CSCvx41877

skip statistics update when crypto engine is busy and throttling msgs

CSCvx43331

CSR1000v: Crashes during reg_invoke_iosxe_license_export_controlled_enforcement_bypass

CSCvx45788

cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging

CSCvx49311

Cisco vManage pushing invalid "no shutdown" command to ISR Service-Engine interface

CSCvx51664

For-us Icmp packets are collected by cflowd which against the data-policy

CSCvx53399

fman_fp_image crashed with ZBFW config change

CSCvx54502

sdwan control packets getting dropped when ACL applied

CSCvx57615

ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent

CSCvx57718

Remove "show internal omp rib vroute" cli from admin tech

CSCvx58099

C8500-12X4QC does not send logs to Cisco vManage when harddisk is not installed

CSCvx59899

ISR4431/K9 rebooting due to CPP crashing becaue of UTD feature.

CSCvx60385

LTE (Last resort ) Tunnel10 is flapping from up and down

CSCvx60842

OnDemand Tunnel- Site-ID doesnt update after change it

CSCvx64846

"show sdwan policy service-path/tunnel-path" command cause device crash

CSCvx73741

custom app not getting detected after attached removed and re-attached- app-visibility is disabled

CSCvx74695

SDWAN OnDemand Policy and ZBFW Packet drop due to Firewall Invalid Zone

CSCvx77203

[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled

CSCvx78215

An IOS XE device might crash at DoubleExceptionVector

CSCvx79113

SDWAN Cisco IOS XE SD-WAN device : traffic simulation tool shows traffic blackhole

CSCvx84617

ISR - Appnav service controller ucode crash during packet intercept from network

CSCvx88246

Packets dropped due to firewall + data policy interop issue

CSCvx97718

vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset

CSCvy06736

Config out of sync after upgrading to 17.4.1

CSCvy13735

BFD tunnels stuck in down state after port-hop

CSCvy14126

ISR4331 are crashing frequently 17.4.1b

CSCvy18691

ASR1002HX-IPSECHW octeon ucode crashes when provisioned via SD-WAN

CSCvy25957

Security container is dropping legitimate FIN,ACK Packets

CSCvy35044

Signature update failure - SSL-CERTIFICATE_VERIFY_FAILED

CSCvy44563

cpp-mcplo-ucode crash due to stuck thread with extranet route leaking between vpns

CSCvy58266

vDaemon crashes due to buffer overflow with read/write in TAM

CSCvu78406

vSmart crash because of ompd process

CSCvv52442

vSmart Upgrade From 20.1.12 to 20.3.1 Failing With Error "Failed to install: "

CSCvw14883

Incorrect mapping for device specific variables from interface shaping rate

CSCvw16238

Incorrect tag for omp routes in Real Time view

CSCvw20597

Variables missing in Cisco vManage during template push.

CSCvw28645

OIB: without change any ND global parameters, Cisco vManage automatically push template to all sites again

CSCvw37603

ND template stay in DB when no branch associated to and cause image delete failure

CSCvw53680

Limit of 30 notifications / min restriction for webhook alarm to be removed from UI

CSCvw62325

Not able to copy a feature template if the description or name contains "|"

CSCvw66441

Cisco vManage GUI not accessible due to too many open file descriptors.

CSCvw69181

OSPF alarm down seen on vamange, OSPF process is UP

CSCvw77794

"Invalid IPv4 address" is shown when inputting IPV6 DNS field

CSCvw78837

ND Template attach "Failed to create input variables for template: Failed to create input variables"

CSCvw82581

vBond upgrade from 20.3.1 to 20.3.2 fails

CSCvw83988

sdwan - Cisco vManage - ip helper not more than 1 is possible with Feature and Device Templates

CSCvw91545

We are not able to change Controller Certificate Authorization options in Cisco vManage GUI

CSCvw96264

UI showing console error after clicking on active/completed task as fails to show the details

CSCvw97278

20.4 policy name restrictions may break existing templates on upgrade

CSCvx00144

SSH via Cisco vManage GUI timeout in 180 seconds

CSCvx07049

Cisco vManage not displaying tunnel state correctly

CSCvx07210

Cisco vManage showing old device hostname

CSCvx22960

Not all routes getting pushed to device

CSCvx23886

CLI template does not push snmp-server community config

CSCvx27128

DPD with default values on feature template is not pushed to Cisco IOS XE SD-WAN device

CSCvx33184

Service proxy does not restart after ui certiticate upload

CSCvx35130

vBond software upgrade fails when selecting activate/reboot while upgrading

CSCvx37901

nms_bringup file has ^M in each line after service restart as part of DR

CSCvx44643

UC - unable to make modification to the translation rule once created from Cisco vManage UI

CSCvx52154

Could not load host key: /var/run/ssh/ssh_host_ed25519_key

CSCvx52352

CLI template does not push logging buffered community config

CSCvx52789

Cisco IOS XE SD-WAN device- template failure - An element value is not correct : inspect.

CSCvx55749

Cisco vManage logs are not pruned

CSCvx57151

Update button stops working after adding DHCP option

CSCvx57718

Remove "show internal omp rib vroute" cli from admin tech

CSCvx59998

Cisco IOS XE SD-WAN device Upgrade to 17.3.3 failing due to "Failed to check active partition information" error message

CSCvx64613

Issues detaching template when device is in CSR generated state

CSCvx66954

Cisco vManage manage-user function is not working properly

CSCvx68246

Changing Config-DB ID/Password from default to non-default on a cluster of more than 3 members

CSCvx72390

ZTP software version enforcement does not respect software install timeout

CSCvx81621

Cisco vManage dashboard doesn't show device status even when control is up/up

CSCvx83654

invalid value for: prefix-entry Error when push advertise OMP prefix under vpn

CSCvx85487

Configuration DB upgrade in cluster failed in 20.3.3 code

CSCvx86601

The CSR properties in Cisco vManage config DB does not match with the certificate settings on Cisco vManage UI.

CSCvx86804

c8500 / 17.3.2 / 17.4.1a / Cisco vManage is not pushing auto negotiation for 10Gig Interfaces on Cisco IOS XE SD-WAN device

CSCvx87163

X-Forwarded-For header is passed through to local auth, leading to session creation errors

CSCvx94730

20.3.3 alarms not working for BFD/Control issues

CSCvy01567

Device template policy dissapears from UI after selecting edit device template

CSCvy12257

Cisco vManage becomes unresponsive after a high amount of email notifications getting generated.

CSCvy12485

mismatch self-signed root certs between primary and secondary clusters

CSCvy18932

Cisco vManage is not able to discover VPCs for Multi-cloud when >7 AWS accounts provisioned

CSCvy27218

Socket connect leak when dr is enabled

CSCvy42621

Unable to generate ciscotacro/rw token due to sessions being full

CSCvy42629

API sessions not getting cleared out when "Max Sessions Per User" is set

CSCvy60928

continuous logs of "Could not load host key: /var/run/ssh/ssh_host_ed25519_key"

CSCvy65210

all stat-db settings except DPI is not available after DR registration

CSCvv58263

VPN ethernet interface-Load interval-Vmanage config generate failure

CSCvx79862

20.4 : Secure SDWAN TUC's : Failed to aquire lock, template or policy lock in edit mode

Open Bugs for Cisco IOS XE Release 17.3.4a

Bug ID

Description

CSCvw60359

Cisco IOS XE SD-WAN device-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working.

CSCvx25157

sdwan control packets getting dropped when ACL applied

CSCvx25217

cannot remove NAT configuration from the template in a single operation if NAT translation is active

CSCvx27965

Cisco IOS XE SD-WAN device ipv6 netflow with high scale flows FNF does not working

CSCvx42400

Cisco IOS XE SD-WAN device Experiences Unexpected reboot with: Last reload reason: Critical software exception

CSCvx84786

NAT ALG breaks(Drops) ICMP control messages (ICMP Fragmentation Needed) for PMTUD

CSCvx90032

CSR in Azure can fail to authenticate using AAD

CSCvx94285

CSR crashes after oce_lookup_one_adj_id_handle while reading emu_mem.

CSCvy33007

"Best of Worst" Fallback mode causes reachability issue when routes flap

CSCvy33639

SDWAN: CSR1000v deployed in Microsoft Azure throwing continuous errors on consol.

CSCvy37285

SSH to Loopback not working

CSCvy41947

EIO: Packets getting reassembled and are forwarded as it is to the Gigabit interface

CSCvy52270

csr1kv/c8kv: Console Port Access change CLI does not work in CONTROLLER mode

CSCvy54314

Data-policy local-tloc with app-route is dropping packets when SLA is not met

CSCvy55408

C1121 router multiple crash. - session hash corrupted

CSCvy55507

Cisco IOS XE SD-WAN devices are dropping incoming GRe keepalives due to implicit ACL

CSCvy58115

Cisco IOS XE SD-WAN device : Cloudexpress Office 365 probes are hitting 100% loss

CSCvy64180

Cisco IOS XE SD-WAN device C1121-4P crahed with Localsoft error

CSCvy67301

URL Filtering regex pattern match not working on large pattern

CSCvy73818

Cisco IOS XE SD-WAN device QFP starts dropping traffic - UTD Service Node not healthy ident

CSCvy74482

[FW] All traffic drops when edit security template on Cisco IOS XE SD-WAN device (18.4.6) from 20.3.4 Cisco vManage

CSCvy78123

Cisco IOS XE SD-WAN device: High CPU usage due to Multicast and Data Policy configuration.

CSCvy79354

Cisco IOS XE SD-WAN device traceroute result shows destination IP at first hop instead of actual next hop

CSCvy82696

Cisco IOS XE SD-WAN device dropping packets [combination /16, /17 data prefix with multiple ports in policy]

CSCvy86497

BFD session flap/down while control connection with Cisco vManage is going down

CSCvy90479

On Demand Tunnel not working in 17.3.2

CSCvy91411

AAR not correctly programmed in ASR1001-X

CSCvu73826

ND Failed with device template: Failed to edite device template if add-on CLI empty

CSCvv64821

Cisco vManage Site Health shows wrong number of sites

CSCvw71474

Attempt to create cluster fails when adding 2nd member to standalone Cisco vManage

CSCvw73392

Frequent Cisco vManage UI timeout and stuck in Please continue waiting state.

CSCvx46554

Cisco vManage reverting API changes after 5 minutes

CSCvx93652

Push vEdge list fails to vSmart with application error.

CSCvy01378

Device Specific field is not usable

CSCvy07698

20.4 Getting Wrong Control Site Down Alarm alarms

CSCvy10009

IR1101 template push error: bad-cli - No interface

CSCvy14627

Activating changes in Security Policy that is attached to the vEdge will fail and lock the database

CSCvy15370

Cisco vManage API running too frequently under Rediscover Network resulting in Page Loading too often

CSCvy20641

SCP of WAN edge list to vBonds from Cisco vManage fails when TACACS is enabled on vBond.

CSCvy22394

vAnalytics slowness in response to a query

CSCvy22416

Security policies applied to incorrect interface in cluster mode, iptables

CSCvy29733

Attach to the device fails, when CLI template is created via REST API in Cisco vManage

CSCvy31058

zScalar configuration deletion happens in the wrong order.

CSCvy34596

Cisco vManage upgrade is failing from 20.3.3.1 > 20.3.4

CSCvy35209

vEdge auth-order change not processed correctly

CSCvy35564

Cisco vManage Webhooks doesn't work without Email notifications explicitly enabled

CSCvy38478

Cisco vManage ver 19.2.4 crash, becomes unstable/unusable

CSCvy39849

Cisco vManage pushes invalid service route command

CSCvy53930

Failed to create deviceactionstatusnode table entry in DB for device: Validation

CSCvy56278

vMange crashed due to kernal panic [20.3.3.1.2]

CSCvy59469

OMP control connections of Cisco IOS XE SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge

CSCvy69307

Token fails to get generated when trying to login to Cisco hosted Cisco vManage via GUI

CSCvy75420

Cisco vManage reports 'upgrade request failed in device' error after installing the software via ZTP

CSCvy75632

vBond lost static route on vpn 0 and vpn 512 running 19.4.2

CSCvy79095

configuration db VMANAGE ROOT CA node is not updated

CSCvy82358

On-prem Cisco vManage cluster went into a bad state and template push started failing

CSCvy82623

Cisco vManage giving error on login

CSCvy83020

Cisco vManage UI is taking time to load first time

CSCvy88637

Cisco vManage email notification - supporting special character & (ampersand) in the email address

CSCvy89483

Cannot apply endpoint-tracker to Cisco IOS XE SD-WAN device via Cisco vManage template in service VPN

CSCvy90229

Cisco vManage cluster management page should not show Sys IP in drop down of "Cisco vManage IP Address"

CSCvy90707

IPS signature update not consistent on routers after Cisco vManage upgrade to 20.3.3.1

CSCvy93261

Cisco vManage nodes in a cluster with Stats-db ran into full GC allocation failure

CSCvy93431

After upgraded the Cisco vManage from 20.3 to 20.6, UI is not getting loaded

CSCvs90123

Cisco vManage became unusable after CPU spiked to 100% - no were operations performed during hike

CSCvs08693

VPN label is changing upon Edge reboot

CSCvw79936

17.5 : Overnight OMPd traffic crash on Promethium.

CSCvy59073

Web Server Certificate does not get imported ui certiticate upload

CSCvy88437

AWS VPN based: IPSEC tunnels from CGW C8kvs to TGW down on latest 20.6 build

CSCvy92487

Control connection to the vBond failing because of ERR_SER_NUM_NT_PRESENT on the vBond.

CSCvy57678

ISR4K :ompd memory incrementing for 17.3.2

CSCvw78294

17.3 Loblaw: Pool overlod and Static Inside In2Out/Out2In fragmented packets are getting dropped

CSCvy73412

Templatepush failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context

Bugs for Cisco SD-WAN Controller Release 20.3.3.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Controller Release 20.3.3.1

Bug ID

Description

CSCvx35130

vBond software upgrade fails when selecting activate/reboot while upgrading

CSCvx59998

Cisco IOS XE SD-WAN upgrade to 17.3.3 failing due to "Failed to check active partition information" error message

Bugs for Cisco IOS XE Release 17.3.3

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Release 17.3.3

Bug ID

Description

CSCvs31962

Perf testing: Large policy config push took 60 mins for 75 Cisco IOS XE SD-WAN devices

CSCvu43317

vBond connection Down Alarms or Events not appearing in Cisco vManage

CSCvv08199

[SIT]: vsmart policy edit failed with transport closed error

CSCvv36080

Seeing more hVNETs than maximum allowed

CSCvv40715

Multilink interface can not be configured without ppp authentication

CSCvv41341

Higher memory utilization on Cisco vManage 20.1

CSCvv45021

PPP feature templates cannot modify IP MTU on Dialer interfacce

CSCvv48087

Task update issues, large customer setup with cluster

CSCvv52763

20.3 config-db upgrade script reports success even when it fails

CSCvv56750

Cisco vManage UI does not accept controller group more than 1

CSCvv57951

Cisco IOS XE SD-WAN device: Option field in EIGRP template interface section is not working

CSCvv71357

Cisco vManage GUI dashboard does not show number of Cisco vManage up when single node in cluster is down

CSCvv79430

Cisco SDWAN Cisco vManage 20.3.1 unable to display IP address of user access in audit log

CSCvv86465

Cisco vManage: Template Push fails with Unable to send line feed after string

CSCvv88104

Reassign "oom_score_adj" Values in "sysmgr.conf"

CSCvv88334

Email Notifications: with custom devices list a Number of 'Devices Attached' is blank when edit it

CSCvv98608

config preview failed with Exception in callback: BGP AS Number couldn't be retrieved in service VPN

CSCvw04082

Kernel Panic is seen after upgrade the Cisco vManage to 20.3 (watchdog)

CSCvw20639

SDWAN: IPv6 SDWAN Control connection between vSmart and Cisco IOS XE SD-WAN device lost

CSCvw22190

Cluster activation failed because of a space in resource pool field in cluster config

CSCvw23740

In a cluster, an App server starting dependency should check a cluster, not just local service

CSCvw26979

Config-DB upgrade from 3.5.14 to 3.5.22 through Cisco vManage SW upgrade.

CSCvw28512

Difference in ip address of interface and json causing the stats db and config db in waiting

CSCvw31235

Add IPv6 OMP route support in Cisco vManage real time monitoring

CSCvw32352

SDWAN: clear control connection on vsmart can cause missing DNS resolved entries for IPv4 sessions

CSCvw37918

Confuguration-db upgrade allowed when not needed

CSCvw39302

'dns-server-list' error seen when pushing DNS server IP update from Cisco vManage

CSCvw41702

Cisco vManage dpi classification incorrect

CSCvw41883

Cisco vManage template doesn't allow interface as next hop for static route

CSCvw42971

Cisco vManage: Multiple DNS servers in DHCP template gives "Invalid IPv4 address"

CSCvw44368

Translation profile/rules configured as part of a Voice policy not applied to dial-peers

CSCvw46769

CLI template push to vBond fails with "Device failed to process request. null" error

CSCvw47429

IPS Signature update - username that's more than 32 characters will fail with 'Maximum length: 64'

CSCvw50664

Cisco vManage Optional OSPF Configuration Removed when Device Template Updated

CSCvw52973

Cisco vManage UI is not coming up thread are stuck while updating factory default templates during startup

CSCvw53502

Logfiles flooded with message of tcgetattr: Input/output error

CSCvw56320

on-prem Cisco vManage ungraded to 20.3.2 from 19.2.3 rebooting in an interval of 10-15 min

CSCvw58305

UC SDWAN: Not able to see policy profile in Custom options.

CSCvw62577

Reassign "oom_score_adj" Values for tracker

CSCvw63960

Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood

CSCvw64026

Automatically changing Stats-DB to read-write mode when app server restart

CSCvw68661

Introduce basic stats collection backpressure [v1]

CSCvw68861

Change for configdb query planner to hint more effectively via $param instead of old-style {param}

CSCvw70138

Old vAnalytics setting should not be migrated into CloudServices from GUI

CSCvw73445

Add validation check for Blocklist and Redirect URL

CSCvw76649

Cisco vManage 6 Node CLuster on Azure takes 2 mins to login to Cisco vManage UI.

CSCvw79756

Cisco IOS XE SD-WAN device policy change taking a long time, and timing out.

CSCvw79982

Cisco vManage 20.3.2.1 requires read-replicas to speed up GUI access

CSCvw91717

after upgrading to from 17.3.2 to 17.4.1, the device loses control connections

CSCvw92805

Local configuration not showing preview of config on Cisco vManage 20.3.2

CSCvx03509

Audit log flooded with logouts from DR cluster

CSCvx07685

consul service is not enabled in DR registartion wth arbitrator

CSCvx09069

Increase process wait timeout for configdb upgrade

CSCvx09308

Escalations: coordination service logs GB log file filling up disk

CSCvx12847

root-cert corrupted after upgrading to 20.3.2 code

CSCvv16718

17_3_1 throttle - Crash seen at ftmd process

CSCvv18117

SIT : 'show sdwan bfd' output is empty even though bfd sessions are up

CSCvv24027

Cisco IOS XE SD-WAN device: confd_cli may cause high cpu utilization after executing "show sdwan omp routes"

CSCvv42381

[DyT]: TTM not updating link routes and omp routes are not getting updated

CSCvv58312

17.4 : Dataplane Crash due to driver cpp_drv_i95_read_cb observed on 4461 with traffic

CSCvv58652

Cisco IOS XE SD-WAN device: Cloud-onramp for SaaS may report packet loss for O365/Office365

CSCvv71831

Cisco IOS XE SD-WAN device Speed test in Cisco vManage meet interface Loopback111 critical alarm (need to suppress)

CSCvv78028

No responder-bytes from Cisco IOS XE SD-WAN device when UTD is enabled

CSCvv87062

SDWAN 17.2.1/17.4.1 - Cisco IOS XE SD-WAN device router may restart after pushing multiple traffic data policies together

CSCvv91732

packet-trace platform conditions do not work

CSCvv99096

CoR-SaaS shows 100% loss for dialer interface

CSCvw15509

cisco C1111-8P - Ping to NAT pool ip punts CPU and responds to ping

CSCvw21753

XE-SDWAN device would keep invalid IPv6 address in the tunnel to Cisco vManage and can not recover

CSCvw22905

ISR/CSR: admin-tech-before not generated for IOS and non-viptela BinOS process failure

CSCvw36514

Cisco IOS XE SD-WAN device crashes due to a large packet at vesen_ipsec_v4_input_get_vctrl_data

CSCvw36629

Cisco IOS XE SD-WAN device: NATed tuple flips for HSL deleted flow

CSCvw39530

Cloud-Saas action does not program in Modify case

CSCvw41778

Fragmented packets may be dropped inbound on tunnel of Cisco IOS XE SD-WAN device with service-side NAT configuration

CSCvw43365

SD-WAN appqoe optimization will drop SYN with ECN bit set and delay TCP setup.

CSCvw46753

After reload Cisco IOS XE SD-WAN device cellular interfaces in shutdown state are brought up

CSCvw52661

crash. seen during sh plat sof sdwan fo next-hop overlay id 0xf8000090

CSCvw54076

[SIT]: BFD sessions not established between Edges, with UTD enabled

CSCvw54383

DPI flow telemetry generated by IOS-XE, for some flows tunnel identifiers are missing

CSCvw55030

Dynamic Nat pool "ip aliases" are not created on the device

CSCvw56676

Cisco IOS XE SD-WAN device ISR4351 crashed with Critical process ftmd fault on rp_0_0 (rc=139) running version 17.3.1a

CSCvw58646

Cisco IOS XE SD-WAN device: Inspect rule cannot be modified to accept or drop without deactivating the policy

CSCvw61731

ASR-1K router is not programming correct next-hop for the destination prefix.

CSCvw62805

SDWAN ZBFW CPU punted traffic mishandling -- Out2In packet looped

CSCvw72021

nat pool config using sub-interfaces does not work after reload

CSCvw73701

17.4 ZBFW:Stale ACL entries seen on ASR1K

CSCvw88048

Speed test initiated from ISR1k failed

CSCvw95069

Packet towards LAN are sent towards VPN 0 WAN interface

CSCvx22995

On-demand tunnel is not setup with AAR SLA class and CXP feature enabled

CSCvx32130

Centralized policy does not work when contain local tloc entries in remote tloc(tloc-list)

CSCvu72391

Default route missing for second TLOC during script run, and control connection get stuck

CSCvv35569

AMP data is not populated in Graphs under network level

Open Bugs for Cisco IOS XE Release 17.3.3

Bug ID

Description

CSCvv11604

ISR 4000 Cisco IOS XE SD-WAN device : Only one T1 card is getting enabled via CLI template while two are inserted

CSCvv13313

Select control connection TAB for any vsmarts, it will never show vbond connections

CSCvv41954

Customer couldn't login to 19.2.3 Cisco vManage using SSO unless the browser cache is cleared

CSCvv86418

Cloud OnRamp for Colo Port level view mapped ports on CSP to the wrong switch

CSCvv86662

unable to perform packet capture on Cisco IOS XE SD-WAN device interface Sdwan-system-int-ipv4-172.16.155.15

CSCvw15630

Inconsistency between "show app flowd flows" and API response of DPI stats

CSCvw16238

Incorrect tag for omp routes in Real Time view

CSCvw38077

UI throwing "Failed to list cluster information:Unknown error" on cluster management page

CSCvw45135

Mismatch in System CPU statistic -- "Real Time" and historical 1/3/6/12h

CSCvw50483

Dashboard getting blank intermittently in singlenode 20.3.2.1-no response of agg APIs from stats-db

CSCvw54692

Cisco IOS XE SD-WAN device Unable to configure ospf simple password authentication

CSCvw55764

VNF Install fail - VNF packages are not sync'd/copied in new added Cisco vManage node in Cisco vManage cluster

CSCvw62341

Cisco vManage Dashboard - Alarm time zone is tagging with incorrect time zone

CSCvw66441

Cisco vManage GUI not accessible due to too many open file descriptors.

CSCvw68402

Template push to Cisco IOS XE SD-WAN device fails when changing system-ip due to vsmart centralized policy

CSCvw69181

OSPF alarm down seen on vamange, OSPF process is UP

CSCvw71474

Attempt to create cluster fails when adding 2nd member to standalone Cisco vManage

CSCvw73392

Frequent Cisco vManage UI timeout and stuck in Please continue waiting state.

CSCvw77794

"Invalid IPv4 address" is shown when inputting IPV6 DNS field

CSCvw83988

sdwan - Cisco vManage - ip helper not more than 1 is possible with Feature and Device Templates

CSCvw85706

Cisco vManage: UI is incorrectly showing the current version for Cisco vManage and vSmarts.

CSCvw91545

We are not able to change Controller Certificate Authorization options in Cisco vManage GUI

CSCvw91647

Issues with template created by API call

CSCvw91984

ACI APIC to Cisco vManage integration issue

CSCvw92189

Cisco vManage goes into out of memory resulting in slowness while pushing the template and accessing GUI.

CSCvw93203

serverproxy-access.log not rotating in /var/log/nms

CSCvw96264

UI showing console error after clicking on active/completed task as fails to show the details

CSCvw99518

SSO SAMLResponse Error validating SAML message at re-authentication

CSCvx00144

SSH via Cisco vManage GUI timeout in 180 seconds

CSCvx02002

Cisco vManage did not validate if the template value of an interface name was correct.

CSCvx03552

Configurations allows for multiple primary DNS servers

CSCvx04246

Cisco vManage -- Template rollback when migrating EIGRP interfaces & VRFs -- 17.3

CSCvx05353

"request nms all status" command returning Python exception if containter-mgr svc was stopped

CSCvx08817

DHCP excluded-address command is not being pushed via Cisco vManage template

CSCvx08942

Server slowness during GUI operations, system degrades until login is not possible

CSCvx09284

Escalations: messaging service timeout

CSCvx11296

Cisco IOS XE SD-WAN device reporting normal even though it is over warning threshold

CSCvx14444

netconf connection failures while installing certificate

CSCvx14750

Cisco vManage removes \ character when imported to cli template from running configuration

CSCvx16509

audit-log: invalid session with a user due to inactivity even though app-server not shutdown

CSCvx19853

Cisco vManage CLI template push failing due to controller transaction ID error

CSCvx19889

Creation of Cisco vManage DR Cluster Failed, GUI showing duplicate entry for DR Cisco vManage

CSCvx19948

Shaper Rate and QoS Map device specific variable get reset when changed to "Per-tunnel-QoS" hub

CSCvx23886

CLI template does not push snmp-server community config

CSCvx25217

cannot remove NAT configuration from the template in a single operation if NAT translation is active

CSCvx25441

Cisco vManage cluster does not show Graphs for less than 7 Days

CSCvx26988

Cisco vManage App Route Visualization - Citrix Flows are missed in GUI

CSCvx28675

UTD signatures update stopped working suddenly

CSCvx29421

"Server Error, Details: Unable to get pcap session" is printed in the Cisco vManage GUI

CSCvx29967

Fail to upload images to software repository post Cisco vManage upgrade to 19.2.4

CSCvx34074

/dataservice/device/omp/routes/advertised?deviceId reply is empty

CSCvx34991

Cisco vManage - TACACS requests are sourced from old interface IP after IP changed

CSCvx36896

Cisco vManage is unable to push both interface and ip as a next-hop

CSCvx37025

Cisco vManage: Control connection up with Edge devices however, do not show up on Dashboard

CSCvx37092

Cisco vManage DB can not boot up due to neo4j complains about older version

CSCvx41877

skip statistics update when crypto engine is busy and throttling msgs

CSCvx44202

C1121x-8P - doesn not recognize any of its switch interfaces

CSCvx34623

SIT : IOS exception seen and ASR reboots when a netconf is issued to get interface details

CSCvs61448

SDWAN/cEdge:Add errmsg() infra-structure to OMP Agent

CSCvv02594

cEdge can not apply speed, duplex and negotiation in one vManage transaction

CSCvv05682

GD box crashed @ stile code with 17.3.1 FC1 image

CSCvv48885

can not update local-address in a crypto keyring

CSCvw02548

tunnel interface remains up even when the physical interface not have IP address

CSCvw30618

Not all OMP routes getting installed

CSCvw46210

Bfd session stuck in invalid state

CSCvw73769

17.4 ZBFW:Cpp_cp crash seen when a rule is added at beginning in automation on ASR1K

CSCvw81572

Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4

CSCvw85989

SunRPC ALG resets connection with ZBFW inspection enabled

CSCvw88098

cEdge crashes while running web traffic testing with security features enabled

CSCvw89001

LTE interface is not getting IP address after upgrading teh router.

CSCvw90699

The BFD sessions between cEdge routers are down due to IN_US_V4_PKT_SA_NOT_FOUND_SPI

CSCvw91056

"Show sdwan bfd session" showing application communication failure

CSCvw93490

CSR1000v crashing frequently with Critical software exception error.

CSCvx04133

cEdge: TenGigabitEthernet interface in admin shut after reload

CSCvx09453

It is possible to apply changes through TCL in cEdge device in vManage Mode

CSCvx15750

SD-WAN:cEdge ipsec replay-window size decreases to 128 after a peer reloading

CSCvx17563

ISR4331/K9 running 16.12.04 crashed with Segmentation fault(11), Process = Cellular CNM

CSCvx18991

cedge Plogd BFD events messages are not human readable for bfd-state-change

CSCvx21270

SDWAN custom policy that does not looked to be programmed correctly on the cedge platform

CSCvx22449

The FIB is not programmed as per the RIB entries

CSCvx22522

crash seen on ISR4461

CSCvx25157

sdwan control packets getting dropped when ACL applied

CSCvx27086

cEdge unexpected reboot - Stuck CPP Thread

CSCvx28872

Switchport Feature Template is not working Properly - Missing VLANs on VLAN-DATA BASE

CSCvx28956

cEdge crash on upgrade from 16.12.4 to 17.3.2

CSCvx35533

user locked out while upgrading cEdge 16.09.06 to 17.3.2

CSCvx36146

DCHP offer frame getting dropped on cEdge ISR4431 due to Policy

CSCvx36763

Zone Based Firewall on cEdge router dropping web traffic with the reason Zone-pair without policy

CSCvx36940

Loopback flap error after upgrading the cedge's to 17.3.2

CSCvx39761

cEdge Traceback @cpp_vbuginf_flags_error seen with 16.12.14 while connected to AWS 19.2.3

CSCvx45788

cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging

Bugs for Cisco SD-WAN Controller Release 20.3.2.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Controller Release 20.3.2.1

Bug ID

Description

CSCvv88104

Reassign "oom_score_adj" Values in "sysmgr.conf"

CSCvw04082

Kernel Panic is seen after upgrade the vmanage to 20.3

CSCvw26979

Config-DB upgrade from 3.5.14 to 3.5.22 through vManage SW upgrade.

CSCvw63960

Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood

CSCvw65073

Cloudservices Radio button needs enable disable seperate check box for vAnalytics and Monitoring

CSCvw68661

Introduce basic stats collection backpressure [v1]

CSCvw68861

Change for configdb query planner to hint more effectively via $param instead of old-style {param}

Open Bugs for Cisco SD-WAN Controller Release 20.3.2.1

Bug ID

Description

CSCvw68410

Messaging server and App-server is not getting started upon VM shutdown/start

CSCvw72087

Full GC (Allocation Failure) on Standalone Cisco vManage running 264 devices

CSCvw72269

Cisco vManage GUI is not accessible: upstream connect error

CSCvw62577

Reassign "oom_score_adj" Values for tracker

Bugs for Cisco IOS XE Release 17.3.2

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Release 17.3.2

Bug ID

Description

CSCvr71672

Cisco PKI Root Certificates not installed in recent images - - Polaris Side commit

CSCvt48480

Flow monitor is removed from interface configuration on reload

CSCvt50136

ASR1k - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config

CSCvt75088

ISR4451: 'Protocol not in this image' logs are seen after advertise network <prefix> config commit

CSCvt76844

ASR1002-X ESP crash in multikey_hash_ager_tw_timer_to()

CSCvt79205

ASR1001-X: 'show environment' is no longer monitoring R0 voltage sensors

CSCvt97086

ESPx : CMAN-FP process crash for get_fpga_version API fails

CSCvt97642

MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console

CSCvu02362

fmap_fp crash seen on removing utd ssl config with container uninstallation

CSCvu10006

Performance monitor caused QoS miss classification

CSCvu25212

The "from Tunnel" direction of the Traffic Data Policy does not get apply on the IOS XE SDWAN

CSCvu26585

"req plat software trace archive" faills with "STORAGE_TARGET: unbound variable Operation failed"

CSCvu27953

Crash due to a segmentation fault in the "IPsec background proc" process

CSCvu30539

Inbound CoPP policy causes outbound packets to fail to show up in EPC

CSCvu38580

Getvpn PFS logging enhancement

CSCvu47358

[cEdge-DiaTracker]configuration not getting updated through device template ,

CSCvu49754

Deleting a Voice Port on CUCM Shuts Down Additional Voice Ports on MGCP Gateway

CSCvu53184

cEdge - CLI should ask for confirmation of request software reset

CSCvu63628

17.3: cEdge -show sdwan omp vpn <> 0.0.0.0/0 detail broken on cEdge

CSCvu65369

Link auto-negotiation fails between C1111-4P ES-4 switch module and Meraki MX100

CSCvu73323

AAR policy does not work properly after Poweroff/Poweron Cedge ISR4451

CSCvu75604

17.3: EFT Customer seeing an issue with show sdwan app-route stats command

CSCvu79087

ASR1K:16.12.4 => 17.3.1: sessions classified based on CTS SGT/DGT are not synced to the standby

CSCvu81329

sec policy pushing fail when remove L7 app from rule and action to drop

CSCvu89214

IOS-XE+ZBFW+CUBE: One-way Audio. TCP 5060 is not recognized as SIP.

CSCvu95098

GETVPN group member drops traffic due to replay failure every 497 days

CSCvu95121

Static NAT outside breaks locally generated TCP/UDP traffic

CSCvu99045

NIM-1GE-CU-SFP/NIM-2GE-CU-SFP: Show interface output reports incorrect bandwidth

CSCvv00899

Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform

CSCvv01250

IGMP reports are forwarded to mrouter port untagged regardless of which VLAN the group is in

CSCvv01509

Data policy `from-tunnel` is not programmed if `from-service` presented

CSCvv03800

ASR1002X lost all configuration after upgrade from 16.12 to 17.3

CSCvv04236

IOS-XE: IPv6 OSPF authentication ipsec - adjacency fails

CSCvv04959

GRUB2 Arbitrary Code Execution Vulnerability

CSCvv05895

ASR1001-X: Issue a cpld reset instead of reboot in kcrash

CSCvv08341

Netconf deleting wrong IKEv2 parameters

CSCvv08952

FirewallNotInitiator drops with ZBFW for DIA traffic over Dialer interface with UTD enabled

CSCvv09538

[SIT] Ramanos lost control and crashed after attaching device template

CSCvv09651

NAT packet drops with IN_US_V4_PKT_FOUND_IPSEC_NOT_ENABLED sub-code

CSCvv09707

Secondary KS does not push new policy after merge if IPD3P is configured

CSCvv12401

ZBFW HA redundancy stuck in STANDBY-COLK-BULK. Bulksync Traceback seen in logs

CSCvv14263

Day 0 Config Bringup after Power OFF/ON | C1121X-8PLTEP

CSCvv14438

Azure csr-cedge 17.3.1-throttle (7/16) fresh-deploy crash once@qfp-ucode-csr when shut/no shut Gi1

CSCvv17488

[ISR4K + SM-X-ES3-* module] Memory leak in iomd

CSCvv17730

IP DHCP Snooping not working for the voice vlan

CSCvv18712

QoS classification failing with DSCP bits on IPSEC+QoS+Mcast when applied on service side interfaces

CSCvv19063

ASR1K, C9800 Commit config clean up for cstate and pstate to 17.4, 17.3.2, 17.2.2: backout idle=poll

CSCvv20380

Removing and Adding Bulk ACL leads to Tracebacks and Error-Objects

CSCvv21398

sdwan multicast cEdge rpf failure even with unicast route present in rib and omp

CSCvv25529

16.12.4 ucmk9 cedge not able to join overlay with 19.2.3 and 20.3

CSCvv25601

sipline: VG450 stopped operating due to low mem threshold

CSCvv26538

Crash due to a NULL pointer while bringing down PPPoE sessions.

CSCvv27349

tunnel interface remains up even when the physical interface not have IP address

CSCvv33349

%IOSXE_INFRA-3-PUNT_ADDR_RES_ENCAP_ERR: seen repeatedly in LISP coworking with VASI

CSCvv33576

IGMP snooping table not populated on ISR4k

CSCvv34057

ISR4351:Crash seen with ZBFW. Reboot reason:Critical process qfp_ucode_utah fault on fp_0_0 (rc=139)

CSCvv35386

Unexpected reload seeing after resequencing ACLs

CSCvv38449

cpp_sp_svr on XE router cpp_fm_cace_alloc_dp unable to allocate memory

CSCvv40754

Backward compatibility issue for model between vManage version 20.3 and device version 17.2

CSCvv55435

ASR1001-X ftmd crash: ftm_tunnel_sla_tunnels_get_object

CSCvv58919

Police to PPS is not configurable on ISR4K

CSCvv59662

cEdge may crash when template with big security policy pushed

CSCvv63517

Static ip sdwan route does not work with endpoint tracker after upgrade to 17.3.1a

CSCvv64271

IOS-XE SD_WAN router crashed after upgrade to 17.3.1a

CSCvv67689

cEdge data-policy breaks SRST media stream with default-action accept or accept in sequence

CSCvv71587

Alpha OEAP: AP not able to join eWLC due to the Keyman process is down

CSCvv73691

PMTU Discovery may negotiate an incorrect MTU on XE SDWAN routers

CSCvv73826

BFD sessions flap after multiple control connection flaps to the vSmart. - Polaris side commit

CSCvv75649

Large tcp stream fails DNS translation

CSCvv75771

XE SDWAN router crash due to system memory exhaustion caused by FTM memory growth

CSCvv82330

When large number of policies are applied to a ASR1001-X running 17.3.1, traffic is dropped.

CSCvv83271

endpoint-tracker for a tunnels malfunctioning

CSCvv83345

Summary/default-map routes getting ignored for p2p interface

CSCvu77890

CSR1000v rebooted with reason 'CPU Usage due to Memory Pressure exceeds threshold'

CSCvv85766

Memory leak upon ssh/scp connections to a router

Open Bugs for Cisco IOS XE Release 17.3.2

Bug ID

Description

CSCvs29562

ISRv-cEdge 16.12.1b RFC2544 IPv4 performance on CSP5436: 8VCPU SRIOV throughput degrade significant

CSCvt32383

ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5

CSCvt92164

sslvpn PD : large file download fails over sslvpn

CSCvt97326

ASR1k: harddisk usage is always zero in "show platform resource" for consolidated platforms

CSCvu06483

Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured

CSCvu32446

ISR4451 rebooted with reason_code "CPU Usage due to Memory Pressure exceeds threshold"

CSCvu46417

ASR1k crash when doing a FIB lookup

CSCvu59952

ISR4461: Control Connections over sub-interface are down after upgrade, TX Channel create failure

CSCvu63985

Telit case 00161045: IR1101 - Upon bootup LM960 modem Firstnet SIM no IP when LTE tech AUTO

CSCvu75453

ESP20 Rommon upgrade fails from 15.3(3r)S to 16.2(1r)

CSCvu77711

Missing Mandatory Transform Type (ESN) in IKEv2 ESP Protocol

CSCvu77745

PMAN-3-PROCFAIL: Chassis 1 R0/0: pman: R0/0: The process keyman has failed (rc 139)

CSCvu89597

RM crash at __be_address_cmp __be_avl_get_next while doing shut/no shut or BR

CSCvu89599

BR crash at __be_strlen __be_fman_rtmap_create_route_map_msg

CSCvv17346

unexpected reload due to Crypto IKEv2 process

CSCvv29416

CLI template push for banner login <> configuration fails on cedge

CSCvv40206

Router may crash under ZBF configuration

CSCvv42381

[DyT]: TTM not updating link routes and omp routes are not getting updated

CSCvv45963

QoS odd behaviour with percentage based policing

CSCvv48885

can not update local-address in a crypto keyring

CSCvv49788

Errors on WLC "Chassis 1 R0/0: wncd: Connection DOWN with Map server IP" for LISP map server

CSCvv50783

IPSEC tunnels to AWS TGW failing when VPN tunnel doesn't allow all traffic

CSCvv54152

CDP on interfaces is not enabled when CDP is enabled globally on ASR Routers in controller mode

CSCvv58652

O365 CoR-SaaS shows random losses

CSCvv59591

ENH: Add support for TACACS/RADIUS as sdwan tunnel service

CSCvv61071

memory leakage of cpp_sp_svr

CSCvv66589

cEdge is not able to ping its own loopback

CSCvv71775

Cellular interface down/up frequently occurs with SORACOM sim(DoCoMo MVNO)

CSCvv76523

Recursive configuration with privilege exec level <level> show dmvpn [detail|static]

CSCvv78028

No responder-bytes from cEdge when UTD is enabled

CSCvv79273

Router may crash when using Stateful NAT64

CSCvv81296

Protocol specific change for base path

CSCvv84345

ASR1K Crash on configuring IP NAT inside source list under VRF

CSCvv87062

SDWAN 17.2.1/17.4.1 - cEdge router may restart after pushing template with QoS

CSCvv88621

GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage

CSCvv91575

C1111-8P: NAT translations packet counter MIB OID counts unnecessary additional value

CSCvv92571

C1111 reboot-loop is seen once upgrade to 17.3.1a

CSCvv94743

Data Plane fails over L2TPv3 while disabling VLAN limit restrictions with ASR1002-HX

CSCvv97321

ISR44xx shows RP serial number instead of chassis serial in "sh license UDI" CLI output

CSCvv98708

cEdge sees cpp-mcplo-ucode crash

CSCvv99096

CoR-SaaS shows 100% loss for dialer interface

CSCvw01038

[cEdge/CSR1kv] IPv6 Underlay, IPv6 fragmented but packet size is smaller than MTU

CSCvw02527

ASR1k NAT66 communication failure when change the NAT66 prefix configuration.

CSCvw02548

tunnel interface remains up even when the physical interface not have IP address

CSCvw03736

Netflow exporter traffic is sent with a UDP source port of 0.

CSCvw05211

Pre-mature session deletion leading to churn and lower TPS at scale

CSCvw06719

"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload

CSCvw06780

DMVPN with ipv6 link-locall address do not register to HUB

CSCvw09093

route not getting installed, need to remove and reattach the template

CSCvw10808

After SIM OIR, SIM is not detected after SIM failover on C1109-2PLTEGB

CSCvw10972

NAT64 ALG: Router crashes on nat64_process_token

CSCvw11902

Passive FTP doesn't work with NAT

CSCvw12561

GETVPN : Order of configuration of PFS in GKM group

CSCvw14836

ISR router running 16.9.6 crashes authenticating crypto certificate

CSCvw16091

vEdge/cEdge - rekey timer expires, but tunnels stay up

CSCvw16253

IOS-XE 16.12.1 - platform punt-policer has some wrong default values

CSCvw16304

Async: First line of NIM/SM-async module get unexpected char when VDSL active

CSCvw16816

ISR 4k fails to install new IPSec SAs

CSCvw17996

cEdge: fman-fp core / watch dog failure on 17.2.1r in do_lookup_x

Bugs for Cisco IOS XE Release 17.3.1a

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Release 17.3.1a

Bug ID

Description

CSCuz84374

SPA modules on ASR1002-X/ASR1001-X does not get recognized under show platform

CSCvh24730

PfRv3: Crash while Printing the Same TCA Message

CSCvp24405

Router crash after adding macsec reply-protection command on an interface

CSCvp79052

vManage is not exhibiting the correct hostname of cEdge

CSCvp88044

Performance Monitor crash

CSCvq84015

ISR1100 not booting up after power cycle and gets stuck in boot loop - cdb itself gets corrupted

CSCvr48928

Template push stuck on vManage Cluster when pushing new System IP to Edge router

CSCvr89957

CFT crashed frequently

CSCvs02000

%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space

CSCvs19084

UmbrellaConnector drops packets sent from Linux machine

CSCvs27907

Ctrl+Z causes syntax error: unknown argument

CSCvs28073

IOS-XE device has memory leak in linux_iosd-imag

CSCvs29412

x509 SSH authentication incorrect UPN value selected

CSCvs38028

cEdge_Policy_regression: Service IPv6 ping is failing if the interface vrf forwarding is replaced

CSCvs42498

NAT Alias not created for some configuration when using application redundancy

CSCvs45107

AnyConnect fails to reconnect when original session expires

CSCvs47682

Router crashed when attempting to remove a nonexistent trustpoint from dspfarm profile

CSCvs48162

Seeing IpsecOutput drop for cEdge even though ip packet size is less than 1442.

CSCvs51630

cEdge: 'security ipsec replay-window' needs to support 8192

CSCvs53749

EVPN RMAC stale routes seen

CSCvs56559

show crypto pki server shows wrong expire certificate date

CSCvs56721

spoke-to-spoke PLR packets should not change the interface PLR status

CSCvs57212

NGIO Lite is crashed when MT SMS with special characters (EMS) is received

CSCvs59402

Random IPSEC drops on ESP200 with esp-gcm transform set

CSCvs60195

ASR1K ucode crash after too many locks in ZBF pair setup

CSCvs61402

CFLOW_INSERT ABORT errors continue to increment

CSCvs63606

Ping fails on hundred gig primary interface with FRR configured though MPLS traffic is not impacted

CSCvs63841

SDWAN ISR1100: No SW Image listed when .bin image booted from flash / usb

CSCvs65950

IOS PKI: P12 not generated on IOS Sub CA at rollover certificate generation

CSCvs66091

XE SD-WAN Router SSH might get disabled followed by software reset and another reload

CSCvs75958

ISR4331/K9 Dialer cannot make calls suddenly

CSCvs78594

NAT doesn't translate SIP header's orignial source for return traffic on 16.9.3 and 16.9.4

CSCvs81161

Orthrus: Interface is down after shut/no shut.

CSCvs81791

Fix for kernel driver issue causing wake up for empty block, packet too large to process

CSCvs81967

ISR4K: %BOOT-3-BOOT_SRC: R0/0: No space on boot /dev/bootflash5 for packages, using bootflash!

CSCvs85642

ISR G3 router crashes when rtp-nte DTMF packet arrives at MTP + BDI

CSCvs88686

ISR4K / ASR / CBR8 crash in cpp_cp_svr due to watchdog timeout

CSCvs89840

Cedge reboot with UNIX-EXT-SIGNAL: Segmentation fault(11), Process = iosp_vty_100001_dmi_nesd

CSCvs90207

On cEDGE all the BFD session flap if there is a control connection flap to vmanage

CSCvs96540

SDWAN device admin-tech has empty "show running config" in /tech/ios file

CSCvs96719

ASR1k: Unicast DHCPREQUEST dropped when received on a EoGRE tunnel configured with VRF

CSCvs98389

Packet drops in XE-SDWAN because of "IN_CD_COPROC_ANTI_REPLAY_FAIL" errors

CSCvs98586

Skip SDWAN tunnel encapsulated packets in UTD DP and set inspected flag when skipping inspection

CSCvs99705

PKI CLI - no warning that rsakeypair name starting from 0 (zero) is not working for cert regenerate

CSCvt01186

Interface does down when "l2vpn xconnect" command is removed

CSCvt01532

SD-WAN router running 16.10.3 crashes with cpp_cp_svr fault

CSCvt02534

ISR4K Unexpectedly Reboots with CENT-BR-0

CSCvt03264

UltimaThule: ISR4451 router crashed when template is pushed from vManage

CSCvt03869

Router reloads due to crypto pki crl request <trustpoint-name> during get a fresh copy of CRL

CSCvt04864

cpp_cp_svr fault and fman_fp_image fault on ASR 1002-x routers running 16.12.2r

CSCvt05373

SDWAN device and vmanage is not in sync when manual software reset is done

CSCvt10151

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability UTD

CSCvt10499

"Exporter Version" is not correct in the FNF cpp client exporter show command

CSCvt11538

Cisco SD-WAN Solution Software Buffer Overflow Vulnerability

CSCvt12299

XE SD-WAN : Cannot specify the specific vpn except <1-512> in show sdwan app-fwd cflowd flows vpn x

CSCvt15167

Cedge QOS Policy-Map on Parent Interface Maps Traffic to Wrong Queue When Traffic on Sub-Int

CSCvt15551

Crash observed in QFP in ASR1001-X running 16.06.05 when GPM is running low

CSCvt19873

ASR1k:Router stops forwarding traffic with MPLS TE & FRR when member link of port-channel is shut

CSCvt21263

Crash upon delete of virtual-access when virtual-template has "no tunnel protection ipsec initiate"

CSCvt21373

unexpected reload in CPP ucode forced by nat 514 .

CSCvt21691

VLAN1 is allowed on the trunk port even though it is not allowed in configurations of C111 interface

CSCvt28541

XE SD-WAN : cflowd not working after re attaching template

CSCvt31561

TBAR is not disabled in GM when it is disabled in KS

CSCvt31588

CSR on AWS - PAYG Broken in 17.1, 17.2, and Polaris

CSCvt33018

MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen

CSCvt33028

Part of double encapsulated frames dropped with TunnelDecapTooManyTimes code reason

CSCvt33799

Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI.

CSCvt35947

Duplicate ipv6 address while connecting to remote client

CSCvt37676

cEdge crashes after changing flow-sampling-interval within a cflow policy

CSCvt40523

GETVPN: KS 16.12.x - COOP switchover causes GMs to immediately use new TEK rekey

CSCvt42659

Possible Regression ISR4K Mgmt Port ACL Breakage or simply Day One Implementation As Designed

CSCvt46779

Route export not working as desired during failover testing

CSCvt50461

cEdge crashes after the push of a template for Umbrella

CSCvt52051

IPsec tunnel is getting established for a backup NHS DMVPN hub

CSCvt52168

SSH Process Thrash During Normal Operations

CSCvt52825

Memory leak in SCCP TLS Client on unexpected deregister event

CSCvt53726

Packet Duplication fails to duplicate packets in Cedge Devices

CSCvt54305

Device crashed after Boost license expire

CSCvt59311

ASR1K crash when modifying crypto keyring configuration

CSCvt65588

FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer

CSCvt67752

Object (IPv6 ACL ) stuck in forwarding data plane. No ipv6 traffic goes towards the upstream router

CSCvt80422

RTP-NTE to OOB DTMF Interworking Failure over BDI with Dot1q Tagging

CSCvu34653

CSR stuck in Bootloop while upgrading to 17.2.1r on Azure.

CSCvu57682

ASR1001-X 16GB: Kernel crashes repeatedly after upgrading from 16.12.2 to 17.2.1

CSCvu82189

Enabling guestshell gives "float division by zero"

CSCvu89033

Template push error due to NAT-MIB process helper traceback/warm restart

CSCvu54116

virtio interfaces not discovered by IOS when host MTU config > 1518

CSCvt44918

Incorrect PMTU programmed for XE SDWAN router tunnel control-plane while data-plane is correct

CSCvs84169

IPSec HMAC drops between after stress traffic and link flap

Open Bugs for Cisco IOS XE Release 17.3.1a

Bug ID

Description

CSCvt32383

ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5

CSCvt50136

ASR1k - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config

CSCvt97642

MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console

CSCvu59952

ISR4461: Control Connections over sub-interface are down after upgrade, TX Channel create failure

CSCvu59956

IOS cannot boot with 16.12(1r) or later rommon due to cookie PID field incorrectly programmed

CSCvu73323

AAR policy does not work properly after Poweroff/Poweron Cedge ISR4451

CSCvu81329

sec policy pushing fail when remove L7 app from rule and action to drop

CSCvu85325

CSR1000V not processing padded and unknown option Hop-by-Hop Options Headers

CSCvu92277

Memory leak observed for FTM process leading to a device crash eventually.

CSCvv00899

Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform

CSCvv05364

ASR1001-HX, CCP crash due to invalid address accessed by DTL

CSCvv05776

CXP Probe DNS packets are not exiting via correct source interface

CSCvv06021

20.3 vSmart Failover Induced vManage/Device Connection Failure

CSCvv14438

Azure csr-cedge 17.3.1-throttle (7/16) fresh-deploy crash once@qfp-ucode-csr when shut/no shut Gi1

CSCvv21398

sdwan multicast cEdge rpf failure even with unicast route present in rib and omp

CSCvv22768

[RM]-Observing router reload after saving the QOS+APP_PERF config in RAMONES

CSCvv27215

SDWAN 17.3/20.3 - SNMP MIB Query for Interface Description OID return only up to 64 characters

CSCvu02362

fmap_fp crash seen on removing utd ssl config with container uninstallation

CSCvv43957

Template push on ISR1k not working due to no authentication timer "reauthenticateError"

CSCvv48890

vAnalytics - Launch vAnalytics not working in Cisco vManage UI

Interactive Help in Cisco vManage

To access the list of guided workflows for this release, from Cisco vManage, click Interactive Help.

The Interactive Help interface allows you to search for a specific workflow and filter the search results by workflow names.

Figure 1. Interactive Help in Cisco vManage

This release provides guided workflows for the following procedures:

Table 3. List of Workflows Using Cisco vManage 20.3.1

Workflow

Description

Configure Controllers and Devices

Configure Cisco vBond Orchestrator

Configure the Cisco vBond Orchestrator and add it to the overlay network.

Configure Cisco vSmart Controller

Configure a Cisco vSmart Controller to control data traffic flow throughout the network.

Configure Cisco vManage Instance

Configure a Cisco vManage instance by creating a device configuration template and adding it to the overlay network.

Configure Cisco SD-WAN Devices

Configure Cisco IOS XE SD-WAN devices and Cisco vEdge devices by creating configuration templates.

Manage Devices in Overlay Network

Add Devices to the Overlay Network

Add Cisco SD-WAN devices either by using authorized serial numbers or from Cisco Smart account.

Decommission Virtual Devices

Decommission a Cisco IOS XE SD-WAN device or Cisco vEdge device to remove the device serial number.

Remove Devices from the Overlay Network

Remove Cisco SD-WAN devices to clear an old device configuration from the Cisco vManage server.

Change Device Values

Change Cisco SD-WAN device configuration by populating the variable values for the device.

Troubleshoot Device Issues

Determine and fix common Cisco SD-WAN device connectivity issues.

Upgrade Devices and Controllers

Install and activate an upgraded software for Cisco SD-WAN controllers and Cisco SD-WAN devices.

You cannot use this workflow for:

  • Cisco SD-WAN controller releases earlier than 20.3.1

  • Cisco SD-WAN device releases earlier than 17.3.1a or 20.3.1

Whom to contact for feedback?

We value your opinion and please send us your feedback at, mailto:sdwan-workflow-fb@cisco.com