About Cisco ASR 1000 Series Aggregation Services Routers
The Cisco ASR 1000 Series Routers carry a modular yet integrated design, so network operators can increase their network capacity and services without a hardware upgrade. The routers are engineered for reliability and performance, with industry-leading advancements in silicon and security to help your business succeed in a digital world that's always on. The Cisco ASR 1000 Series is supported by the Cisco IOS XE Software, a modular operating system with modular packaging, feature velocity, and powerful resiliency. The series is well suited for enterprises experiencing explosive network traffic and network service providers needing to deliver high-performance services.
 Note |
For more information on the features and specifications of Cisco ASR 1000 Series Routers, refer to the Cisco ASR 1000 Series Routers datasheet. For information on the End-of-Life and End-of-Sale Announcements for Cisco ASR 1000 Series routers, refer to the ASR 1000 Series End-of-Life and End-of-Sale Notices. |
Note |
The Cisco IOS XE 17.3 release is the last release in which subpackage upgrade is supported for the following platforms:
The subpackage upgrade for these platforms will not be supported from Cisco IOS XE 17.4 release. These hardware platforms continue to support software redundancy. |
Note |
Some YANG models are not fully compliant with all the IETF guidelines. The errors and warnings shown while executing pyang with -–lint flag is currently deemed to be non-critical as they do not impact the semantic of the models or prevent the models from being used as part of the toolchains. To determine the issues with the models, run the check-models.sh script with --lint flag enabled. It is recommended to ignore LEAFREF_IDENTIFIER_NOT_FOUND and STRICT_XPATH_FUNCTIONS errors types when running pyang for validation as they are non-critical errors and do not impact the YANG model functionality |
Note |
When you upgrade from one IOS XE release to another, you may see |
Note |
Starting with Cisco IOS XE 17.3.x, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation. The licensing utilities and user interfaces that are affected by this limitation include only the following:
|
New and Enhanced Software Features for Cisco IOS XE Amsterdam 17.3
Note |
The Cisco IOS XE Amsterdam 17.3.1a is the first release for Cisco ASR 1000 Series Aggregation Services Routers in the Cisco IOS XE Amsterdam 17.3.1 release series. |
|
Feature |
Description |
|---|---|
|
The unicast and multicast routing protocols forward data on interfaces from which they have received routing control information using a bidirectional link. However, some network links are unidirectional, where the physical send-only interface is on the upstream router and the physical receive-only interface is on the downstream router. To control routing information in these unidirectional environments, use the IP multicast over UDL functionality. |
|
|
Support for openconfig-lldp 0.2.1 |
This release supports version openconfig-lldp 0.2.1 of LLDP protocol. No additional configuration is required. |
|
Improved out for show ip nat pool command |
The output of the show ip nat pool command is improved to display extra details. |
|
Improved output for show diagnostic command |
The output of the show diagnostic command now includes details of the serial number of the card in the slot. |
|
Partial Configuration on CPE |
This feature introduces limited support for following multicast modules in native operational YANG models:
|
This command displays CEF information from the following commands without having to run each command individually :
|
|
| BGP EVPN Route Reflector for Route Types | L2 Tenant Routed Multicast (L2 TRM) relies on new route types in the EVPN overlay to achieve the IGMP/MLD proxy functionality
using the BGP route reflector with the following route types:
|
|
Policy-Based Routing support to categorise Office365 traffic for Direct Internet Access |
To identify and differentiate Office 365 network traffic, Microsoft provides a web service to publish Office 365 endpoints and services. The Cisco Software-Defined AVC (SD-AVC) and Cisco Network-Based Application Recognition (NBAR) use this web service to improve first packet classification of Office 365 traffic to categorize it as as either “optimize or “non-optimize." |
| Show packet tracer command |
The output of the show platform packet-trace command now includes additional trace information for packets either originated from IOSd or destined to IOSd or other BinOS processes. |
| New cipher suites for IP ssh Client and Server Algorithm: |
To configure the HMAC algorithm of HMAC-SHA2-256-ETM@openssh.com or HMAC-SHA2-512-ETM@openssh.com as a cryptographic algorithm for IP SSH client. These cipher suites can be used with the ip ssh client algorithm mac and ip ssh server algorithm mac commands. |
|
Advertisement of Loopback Prefix SIDs of a Border Router in Multiple ISIS Domains |
A border router can advertise loopback interface prefixes and the associated prefix Segment Identifiers (SIDs) in multiple ISIS domains. With such an advertisement, the routers in each associated domain can communicate with the border router using the same prefixes and prefix SIDs. |
| BGP Best External Path with MPLS VPN Inter-AS Options B and C |
In autonomous Systems, you can configure border routers in MPLS VPN Inter-AS Option B and Inter-AS Option C deployments to compute the best external paths to PE nodes. The primary border router advertises best external paths to internal BGP (iBGP) peers as back-up paths so that if a link in a best path fails, traffic flows along the best external path. |
| Enable debug information for Multicast: | The following debug commands are introduced to enable the debugging information for Multicast via ConfD/NetConf:
|
|
Feature |
Description |
|---|---|
| Support for Cisco ASR-1006 |
The Cisco CUBE is supported on Cisco ASR 1006-X with RP3 and ESP 100. |
| Support for 100 VRFs |
The current support limit is 54 VRF instances on a CUBE box. This requires customers to purchase additional hardware to meet requirements. For deployments such as HCS support greater number of tenants per box, the limit of VRF instances is improved to 100 VRFs. This feature is also introduced on CUBE enterprise. |
| Dial Peer Binding with Live Traffic |
The Live Bind feature allows you to either change or add binding on a dial-peer that does not have any active calls, while other dial-peers with the same binding has active calls. |
| Media Proxy Multi-forking using SIPREC |
The SIPREC-based CUBE Media Proxy solution supports forking to multiple recorders. |
| OPUS Codec Negotiation |
Support is introduced for OPUS audio codec with CUBE. |
| TLS Server Name Indication (SNI) - RFC6066 |
Support is introduced for Server Name Indication (SNI). SNI is a TLS extension that allows a TLS client to indicate the name of the server that it is trying to connect during the initial TLS handshake process. |
| Consumption of INVITE with Replaces |
Currently, CUBE has a known limitation in handling re-INVITE with replace headers. With this feature, this limitation is addressed with CUBE consuming the INVITE with Replaces header and bridging the call dialogs appropriately. This feature enhancement is essential for interoperability of CUBE with Microsoft Teams. |
New and Enhanced Software Features for Cisco IOS XE Amsterdam 17.3.2
|
Feature |
Description |
||
|---|---|---|---|
| Smart Licensing Using Policy |
An enhanced version of Smart Licensing, with the overarching objective of providing a licensing solution that does not interrupt the operations of your network, rather, one that enables a compliance relationship to account for the hardware and software licenses you purchase and use. With this licensing model, you do not have to complete any licensing-specific operations, such as registering or generating keys before you start using the software and the licenses that are tied to it. Only export-controlled and enforced licenses require Cisco authorization before use. License usage is recorded on your device with timestamps and the required workflows can be completed at a later date. Multiple options are available for license usage reporting – this depends on the topology you implement. You can use the Cisco Smart Licensing Utility (CSLU) Windows application, or report usage information directly to CSSM. A provision for offline reporting for air-gapped networks, where you download usage information and upload to CSSM, is also available For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide. |
||
| Cisco DNA Support for Smart Licensing Using Policy |
Cisco DNA Center supports Smart Licensing Using Policy functionality starting with Cisco DNA Center Release 2.2.2. The corresponding minimum required Cisco IOS XE Release for this platform is 17.3.2. Implement the “Connected to CSSM Through a Controller” topology to have Cisco DNA Center manage a product instance. When you do, the product instance records license usage, but it is the Cisco DNA Center that initiates communication with the product instance to retrieve and report usage to Cisco Smart Software Manager (CSSM) and returns the acknowledgement (RUM ACK). In order to meet reporting requirements, Cisco DNA Center provides ad hoc or on-demand reporting, as well as scheduled reporting options. Cisco DNA Center also provides workflows for the installation and removal of the Smart Licensing Authorization Code (SLAC) for a product instance, if applicable.
|
New and Enhanced Software Features for Cisco IOS XE Amsterdam 17.3.3
|
Feature |
Description |
|---|---|
|
Smart Software Manager On-Prem (SSM On-Prem) Support for Smart Licensing Using Policy |
SSM On-Prem is an asset manager, which works in conjunction with CSSM. It enables you to administer products and licenses
on your premises instead of having to directly connect to CSSM. Here, a product instance is connected to SSM On-Prem, and
SSM On-Prem becomes the single point of interface with CSSM. The product instance can be configured to push the required information to SSM On-Prem. Alternatively, SSM On-Prem can be set-up to pull the required information from a product instance at a configurable frequency. After usage information is available in SSM
On-Prem, you must synchronize the same with CSSM, to ensure that the product instance count, license count and license usage
information is the same on both, CSSM and SSM On‐Prem. Offline and online options are available for synchronization between
CSSM and SSM On‐Prem.
Minimum Required SSM On-Prem Version: Version 8, Release 202102 Minimum Required Cisco IOS XE Version: Cisco IOS XE Amsterdam 17.3.3 For more information, see Smart Licensing Using Policy for Cisco Enterprise Routing Platforms. |
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3
Resolved Bugs for Cisco IOS XE Amsterdam 17.3
|
Caveat ID Number |
Description |
|---|---|
|
PfRv3: Crash while Printing the Same TCA Message |
|
|
Protocol type for GRE header doesn't work consistently with "cts sgt inline" enable over auto-tunnel |
|
|
ASR 1000: All platforms having overrun drops after 24 hrs while traffic running at NDR |
|
|
Router crash after adding macsec reply-protection command on an interface |
|
|
vManage is not exhibiting the correct hostname of cEdge |
|
|
Performance Monitor crash |
|
|
Update "bandwidth remaining percent" doesn't take effective reliably on datapath |
|
|
Unable to create EOS choice root table at the moment of connect SDHSL circuit |
|
|
Passive FTP will fail when going over NAT and either client or server are off a SM-X-ES3 |
|
|
ping is not working on port-channel after router reload |
|
|
Template push stuck on vManage Cluster when pushing new System IP to Edge router |
|
|
CFT crashed frequently |
|
|
flows not moving to unutilized link even after the hardthreshold |
|
|
%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space |
|
|
Ctrl+Z causes syntax error: unknown argument |
|
|
IOS-XE device has memory leak in linux_iosd-imag |
|
|
x509 SSH authentication incorrect UPN value selected |
|
|
cEdge_Policy_regression: Service IPv6 ping is failing if the interface vrf forwarding is replaced |
|
|
NAT Alias not created for some configuration when using application redundancy |
|
|
[vManage] Firewall inspect/drop stat values are incorrect on device dashboard |
|
|
AnyConnect fails to reconnect when original session expires |
|
|
Some CLI typo "policing" not "policying" |
|
|
Failed to clear allocated ports for PAT after PAT CLI removal |
|
|
Router crashed when attempting to remove a nonexistent trustpoint from dspfarm profile |
|
|
Seeing IpsecOutput drop for cEdge even though ip packet size is less than 1442. |
|
|
cEdge: 'security ipsec replay-window' needs to support 8192 |
|
|
EVPN RMAC stale routes seen |
|
|
XE RII flaps with NAT64 w/o ipv4 route |
|
|
show crypto pki server shows wrong expire certificate date |
|
|
spoke-to-spoke PLR packets should not change the interface PLR status |
|
|
NGIO Lite is crashed when MT SMS with special characters (EMS) is received |
|
|
Random IPSEC drops on ESP200 with esp-gcm transform set |
|
|
ASR 1000 ucode crash after too many locks in ZBF pair setup |
|
|
Punt Policer rates not defined for multiple platforms |
|
|
CFLOW_INSERT ABORT errors continue to increment |
|
|
IOS PKI: P12 not generated on IOS Sub CA at rollover certificate generation |
|
|
XE SD-WAN Router SSH might get disabled followed by software reset and another reload |
|
|
ALG with NAT trigger a crash when a DNS writeback occurs |
|
|
esg:destination overwhelmed messages are seen on sending high rate TCP traffic leading to iosd crash |
|
|
NAT doesn't translate SIP header's orignial source for return traffic on 16.9.3 and 16.9.4 |
|
|
Orthrus : With "sh hw-module subslot <> status" cli interface flapping |
|
|
Fix for kernel driver issue causing wake up for empty block, packet too large to process |
|
|
ISR4K / ASR / CBR8 crash in cpp_cp_svr due to watchdog timeout |
|
|
PnP always fails in both 17.2.1 throttle and 17.3.1. |
|
|
ASR 1000 : OIR after clock set doesn't save the time in RTC(recommit of CSCvr27554) |
|
|
SDWAN device admin-tech has empty "show running config" in /tech/ios file |
|
|
ASR 1000: Unicast DHCPREQUEST dropped when received on a EoGRE tunnel configured with VRF |
|
|
Skip SDWAN tunnel encapsulated packets in UTD DP and set inspected flag when skipping inspection |
|
|
PKI CLI - no warning that rsakeypair name starting from 0 (zero) is not working for cert regenerate |
|
|
Interface does down when "l2vpn xconnect" command is removed |
|
|
SD-WAN router running 16.10.3 crashes with cpp_cp_svr fault |
|
|
Router reloads due to crypto pki crl request <trustpoint-name> during get a fresh copy of CRL |
|
|
cpp_cp_svr fault and fman_fp_image fault on ASR 1002-x routers running 16.12.2r |
|
|
SDWAN device and vmanage is not in sync when manual software reset is done |
|
|
AVL tree still points to a tree node which has been freed |
|
|
hidden policies and classifiers IOS native yang model config from "show sdwan running-config" |
|
|
Time mismatch on sum of lapsed times from FIA Trace output |
|
|
Active RP running Polaris crash when standby running 3.X inserted |
|
|
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability UTD |
|
|
"Exporter Version" is not correct in the FNF cpp client exporter show command |
|
|
16.12.3 ZBFW-Mismatch in firewall stats between the device and vmanage |
|
|
TSN. prd17 image : Crash @ __be_socket_remove_event_buffer |
|
|
Cedge QOS Policy-Map on Parent Interface Maps Traffic to Wrong Queue When Traffic on Sub-Int |
|
|
Crash observed in QFP in ASR1001-X running 16.06.05 when GPM is running low |
|
|
ASR 1000:Router stops forwarding traffic with MPLS TE & FRR when member link of port-channel is shut |
|
|
Crash upon delete of virtual-access when virtual-template has "no tunnel protection ipsec initiate" |
|
|
unexpected reload in CPP ucode forced by nat 514 . |
|
|
VLAN1 is allowed on the trunk port even though it is not allowed in configurations of C111 interface |
|
|
Cloudexpress Symlinks missing for httping, timeout, nslookup utility in ASR1K |
|
|
XE SD-WAN : cflowd not working after re attaching template |
|
|
Probe reported 100% Loss for SaaS while network and configuaration are all good. |
|
|
TBAR is not disabled in GM when it is disabled in KS |
|
|
MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen |
|
|
Part of double encapsulated frames dropped with TunnelDecapTooManyTimes code reason |
|
|
Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI. |
|
|
Duplicate ipv6 address while connecting to remote client |
|
|
GETVPN: KS 16.12.x - COOP switchover causes GMs to immediately use new TEK rekey |
|
|
Route export not working as desired during failover testing |
|
|
Device Crash observed with NAT and once there is traffic from outside |
|
|
IPsec tunnel is getting established for a backup NHS DMVPN hub |
|
|
SSH Process Thrash During Normal Operations |
|
|
Memory leak in SCCP TLS Client on unexpected deregister event |
|
|
Packet Duplication fails to duplicate packets in Cedge Devices |
|
|
Device crashed after Boost license expire |
|
|
IOSd crash due to Segfault in Crypto IKEv2 in ikev2_free_id |
|
|
ASR 1000 crash when modifying crypto keyring configuration |
|
|
FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer |
|
|
RTP-NTE to OOB DTMF Interworking Failure over BDI with Dot1q Tagging |
|
|
Remove duplicate license keyword from show platform software license command |
|
|
ASR1001-X 16GB: Kernel crashes repeatedly after upgrading from 16.12.2 to 17.2.1 |
|
|
Enabling guestshell gives "float division by zero" |
|
|
Template push error due to NAT-MIB process helper traceback/warm restart |
Open Bugs for Cisco IOS XE Amsterdam 17.3
|
Caveat ID Number |
Description |
|---|---|
|
ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5 |
|
|
Console port goes unresponsive, reboot required to restore it. |
|
|
ASR 1000 - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config |
|
|
Non-recurring summer-time IOSd config is incorrectly replicated to BinOS TZ environment |
|
|
It takes long until FlexVPN IKEv2 tunnel re-establishes when tunnel flaps |
|
|
ASR1001-X: 'show environment' is no longer monitoring R0 voltage sensors |
|
|
ESPx : CMAN-FP process crash for get_fpga_version API fails |
|
|
ASR 1000: harddisk usage is always zero in "show platform resource" for consolidated platforms |
|
|
MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console |
|
|
AnyConnect authentication fails when password contains "&" character |
|
|
Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured |
|
|
Regression: vEdge2000 cannot exceed more than 65K NAT sessions over GRE or IKE IPSec tunnel |
|
|
"req plat software trace archive" faills with "STORAGE_TARGET: unbound variable Operation failed" |
|
|
Inbound CoPP policy causes outbound packets to fail to show up in EPC |
|
|
ASR1k crash when doing a FIB lookup |
|
|
cEdge - CLI should ask for confirmation of request software reset |
|
|
Link auto-negotiation fails between C1111-4P ES-4 switch module and Meraki MX100 |
|
|
No traffic passing into the router on Everest or Fuji releases. |
|
|
Packet Drops when EPC is off and MTU is over 1500 |
|
|
ASR1001X:SDWAN Default Throughput is not Scaling to Max supported |
|
|
AAR policy does not work properly after Poweroff/Poweron Cedge ISR4451 |
|
|
ESP20 Rommon upgrade fails from 15.3(3r)S to 16.2(1r) |
|
|
Missing Mandatory Transform Type (ESN) in IKEv2 ESP Protocol |
|
|
sec policy pushing fail when remove L7 app from rule and action to drop |
|
|
SIP2: kernel: write adm1075 register at D3 failed rtn=-16 seen during SOAK run |
|
|
HTX memory hold increases, till a point, in longevity test |
|
|
IOS-XE+ZBFW+CUBE: One-way-audio. TCP 5060 is not recognized as SIP. |
|
|
Memory leak observed for FTM process leading to a device crash eventually. |
|
|
GETVPN group member drops traffic due to replay failure every 497 days |
|
|
Static NAT outside breaks locally generated TCP/UDP traffic |
|
|
Static ip is pingable before interface cell goes up/up |
|
|
Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform |
|
|
IGMP reports are forwarded to mrouter port untagged regardless of which VLAN the group is in |
|
|
ASR 1000 ESP100 crash due to Deadlock |
|
|
Data policy `from-tunnel` is not programmed if `from-service` presented |
|
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
|
ASR1001-HX, CCP crash due to invalid address accessed by DTL |
|
|
IOS-XE-SDWAN ISR4451-X/K9 - Performance Throughput lower than expected |
|
|
Netconf deleting wrong IKEv2 parameters |
|
|
FirewallNotInitiator drops with ZBFW for DIA traffic over Dialer interface with UTD enabled |
|
|
Cellular modem does not come up after router reload from "factory-reset all" command |
|
|
NAT packet drops with IN_US_V4_PKT_FOUND_IPSEC_NOT_ENABLED sub-code |
|
|
Secondary KS does not push new policy after merge if IPD3P is configured |
|
|
vManage is attempting to strip multiple LTE modem configs from ISR1000 and template push fails |
|
|
Packet Consumed Silently on ASR1001-X |
|
|
Forty gigabit ethernet link down after repeated HA SSO (switchovers) on 9800-80 |
|
|
Day 0 Config Bringup after Power OFF/ON | C1121X-8PLTEP |
|
|
Upgrading to 16.9.5 breaks the xconnect functionality of forwarding Superior BPDUs in ASR1002-X |
|
|
Date field in "show crypto pki server <> cert" output is getting misaligned |
|
|
unexpected reload due to Crypto IKEv2 process |
|
|
Memory leak in iomd |
|
|
IP DHCP Snooping not working for the voice vlan |
|
|
Champion One 10 Gig SFP is not recognized by ASR-1001HX running SDWAN code, |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.2
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.2
|
Caveat ID Number |
Description |
|---|---|
|
Memory leak upon ssh/scp connections to a router |
|
|
SPA modules on ASR1002-X/ASR1001-X does not get recognized under show platform |
|
|
PfRv3: Crash while Printing the Same TCA Message |
|
|
Router crashes after adding macsec reply-protection command on an interface |
|
|
Performance Monitor crash |
|
|
Update "bandwidth remaining percent" doesn't take effective reliably on datapath |
|
|
vManage should be able to work with cEdge banners in the same way as with vEdges |
|
|
ping is not working on port-channel after router reload |
|
|
Memory leak in CC-API_VCM and CCSIP_SPI_CONTROL |
|
|
Enabling Telemetry can cause router to crash. |
|
|
SRTP - RTP Crash on ASR with GCM Ciphers |
|
|
crash with shared-line command |
|
|
Random IPSEC drops on ESP200 with esp-gcm transform set |
|
|
Ping fails on hundred gig primary interface with FRR configured though MPLS traffic is not impacted |
|
|
CUBE DNS cache clear should be limited only to the matched connection id |
|
|
Template push fails when enabling ipv4 addr family on BGP ipv4 neighbor |
|
|
Crash when removing interface not running isis but has isis config |
|
|
ASR1000 : OIR after clock set doesn't save the time in RTC(recommit of CSCvr27554) |
|
|
Interface does down when "l2vpn xconnect" command is removed |
|
|
bgp crash @ bgp_db_ipstr2address when get bgp neighbor via bgp-oper yang |
|
|
16.12.3 ZBFW-Mismatch in firewall stats between the device and vmanage |
|
|
Unable to detach device from Integration Management |
|
|
IOS XE SDWAN routers experience slow memory leak over time in 'ncsshd' process |
|
|
Existing configuration on a cEdge could not be modified by a new template |
|
|
Router crash when doing 'show bgp ipv6 unicast summary' |
|
|
ASR 1000 crash at SSS manager sss_info_get_next_elem() |
|
|
Stackwise Virtual FMAN-RP IPC channel stuck (paused) |
|
|
unexpected reload in CPP ucode forced by nat 514 . |
|
|
MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen |
|
|
Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI. |
|
|
SNMP TIMETICKS difference between sysUpTime vs ipslaEtherJAggStatsStartTimeId |
|
|
Omp-tag is not being set via route-map configuration under bgp |
|
|
Traffic is not getting optimized and it goes as PT connections on CSR router reload in 17.2.1 |
|
|
BGP config does not rollback if template push errors out |
|
|
Leaf sends packets to a wrong BVI MAC of ASR GOLF routers |
|
|
L2VPN Crash @ Process = XC Mgr |
|
|
Incorrect CEF programming for local SVI |
|
|
VPLS:MAC learning not happening on SSO |
|
|
1731: ODN Policy for Global prefix still UP even after withdrawing global routes |
|
|
FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer |
|
|
Object (IPv6 ACL ) stuck in forwarding data plane. No ipv6 traffic goes towards the upstream router |
|
|
missing/corrupt IOS-XE PKSC10 format |
|
|
Cert validation failures seen for traffic after template push with SSL |
|
|
Crash due to "Crimson flush transactions Process" |
|
|
Code review: Just fire assert when we reach limit of counter |
|
|
Incorrect Source IP when resolving DNS |
|
|
IOS-XE device crashed with CGD shared memory corruption freed by FMAN-FP |
|
|
CRC increasing on down int Te0/0/20 |
|
|
Incorrect CEF entry for LISP action signal-fwd |
|
|
BGP communities: changes to route-map which sets BGP communities discards existing communities |
|
|
RP3/ESP100/X: Traffic loss of over 1s at FP switchover (plain ipv4) |
|
|
RAR: PADG and PADC are not being consumed properly. PPPoE session statistics are not matching. |
|
|
vManage FW dashboard doesn't show all matched applications |
|
|
Keepalive CLI needs to be unhidden for GRE tunnel |
|
|
RSP3: BGP crash seen on Stand by router when 100 BGP sessions are established. |
|
|
Some qos config lost during upgrade to 17.02 |
|
|
Punt-Keepalive crash with lsmpi_lo_drv and container app traffic. |
|
|
Complete Traffic drop seen on Head Node Post configuring Binding SID on PFP Policy |
|
|
Packets are not dropped as expected in selfzone to zone vpn 0 firewall config |
|
|
Router crashes frequently on NBAR |
|
|
Crash on configuring a highest key identifier for OSPF authentication under an interface |
|
|
Traffic drop from branch overlay ping to service side without zp vpn1 to vpn1 when FW & IPS enabled |
|
|
Evaluation of CVE-2020-10188 - Cisco IOS XE Persistent Telnet |
|
|
SD-WAN router ASR1001-X crashes when object-group service configuration is added |
|
|
LSP Checksum error when default-info originate is configured |
|
|
CUBE Segmentation Fault @ sipSPIFreeOneSCB due to corrupt ccb |
|
|
Template push error due to NAT-MIB process helper traceback/warm restart |
|
|
Snort initiate reset and Failed to load - Real websites in Browser |
|
|
CUBE router crashed due to memory corruption in subscription control block |
|
|
ASR1001-X: Issue a cpld reset instead of reboot in kcrash |
|
|
Memory leak 'Admin group' with some triggers in ISIS |
|
|
RSVP TE is not working for broadcast interfaces due to CSCvu94532 |
|
|
Removing and Adding Bulk ACL leads to Tracebacks and Error-Objects |
Open Bugs for Cisco IOS XE Amsterdam 17.3.2
|
Caveat ID Number |
Description |
|---|---|
|
DHCP Server configuration inn Vmanage Template for a Cedge change order of the DNS servers |
|
|
Unexpected Reload due to Sessmgr |
|
|
ASR1002-X ESP crash in multikey_hash_ager_tw_timer_to() |
|
|
IWAN routers ISR4K unexpected reload multiple times |
|
|
Unexpected Reload in Device Classifier Code due to Segmentation Fault |
|
|
Controller crashes when FNF is configured under physical interface |
|
|
Controller crashes when FNF is configured under physical/port-channel interface |
|
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
|
Remote EID space prefix not installed in CEF when overlapping prefix exists as Local EID |
|
|
Reload: IOS-XE router crashing due to DN mismatch |
|
|
ASR 1002-HX crashes due to stuck threads. |
|
|
Crash after flexible netflow cache cleanup |
|
|
Sup reload with cpp-bqs fatal |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.3
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.3
|
Caveat ID Number |
Description |
|---|---|
|
Mishandling of dsmpSession pointer causes a crash |
|
|
Static routes pointing to interface tunnel not valid after tunnel's source interface flaps. |
|
|
IOSd Crash due to Segmentation fault at SISF Main Thread |
|
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
|
Cloud Express probes fails when two default rules are present |
|
|
Traceback: IP SLA triggers INJECT_HDR_LENGTH_ER and INJECT_FEATURE_ESCAPE log message |
|
|
Crash seen in isis_sr_uloop_lspdb_dump with 'debug isis microloop' enabled |
|
|
BGP: advertised community list is malformed due to GSHUT community |
|
|
Cellular interface down/up frequently occurs with DoCoMo MVNO sim |
|
|
No responder-bytes from cEdge when UTD is enabled |
|
|
Router may crash when using Stateful NAT64 |
|
|
GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage |
|
|
ASR 1000 Series crashes when ACL deleted following object-group modification |
|
|
Data Plane fails over L2TPv3 while disabling VLAN limit restrictions with ASR1002-HX |
|
|
Platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload |
|
|
DMVPN with ipv6 link-local address do not register to HUB |
|
|
Router might crash after apply a class-map in input direction with bandwidth percentage |
|
|
NAT64 ALG: Router crashes on nat64_process_token |
|
|
Passive FTP doesn't work with NAT |
|
|
Device Template failing to attach after changing few device variables |
|
|
Smart license registration through explicit mode proxy server |
|
|
MACSEC MKA stops forwarding data after every 3rd rekey |
|
|
Crash seen on Fugazi due to %CPPHA-3-FAILURE: R0/0: cpp_ha: CPP 0 failure Stuck Thread(s) |
|
|
"Sequence id not available" in ACL code after DNAC upgrade |
|
|
Pktlog functionality is broken |
|
|
EVPN Type-2 IP/MAC route is created for not-connected SVI |
|
|
Unexpected reload in NHRP when access to an invalid memory region |
|
|
APPNAV CFT Crashes |
|
|
Pseudowire interface may be unexpectedly removed from VFI on unrelated configuration change |
|
|
OMP-Agent Routes in EIGRP changes AD to 252 on non-SDWAN devices |
|
|
CPP ucode crash with fw_base_flow_create |
|
|
ASR 1000 Series crashes in ipv6 mgd timer code when removing vrf config |
|
|
SSH with Certificate authentication does not work after upgrade to 17.3.1 |
|
|
ASR 1000 Seriesdoing KS role for GETVPN is sending malformed rekey packets |
|
|
HSL Export over VASI Interface causes Netflow v9 Template Flooding |
|
|
Unable to transfer 1500 byte IP packet when using BRI bundled Multilink |
|
|
[SIT]: BFD sessions not established between Edges, with UTD enabled |
|
|
Dynamic Nat pool "ip aliases" are not created on the device |
|
|
EPA-QSFP-1X100GE / IOS XE 17.3 / incorrect LED and link status |
|
|
LMR Unable to hear first seconds of audio |
|
|
ASR 1000 Series: Critical process plogd fault on rp_0_0 |
|
|
Duplicate entries seen in MAC filter table. |
|
|
FlexVPN reactivate primary peer feature does not work with secondary peer tracking |
|
|
ASR1000 ISG: Crash when processing DHCP Request |
|
|
SDWAN ZBFW CPU punted traffic mishandling -- Out2In packet looped |
|
|
Throughput license grace period starts counting down after upgrade router software |
|
|
Duplicate Bytes & Packet when Q in Q is configured |
|
|
OpenSSL vulnerability (CVE-2020-1971) evaluation for IOS-XE |
|
|
Router may not send PIM Register message if RP is reachabile over TE tunnel |
|
|
BGP AS-path prepend: cEdge won't update correctly better prepended route. |
|
|
Device is crashing after Device Access Policy is attached |
|
|
DDNS feature triggers crash on 16.X/17.X releases due to memory corruption |
|
|
Crash wile configuring l2vpn evpn instance for VXLAN |
|
|
Not able to create VFI instances |
|
|
ACL: Crash triggers after 'clear ip access-list counters' is used with more than 1k ACEs |
|
|
ISIS crash in isis_sr_tilfa_compute_protection |
|
|
Control plane hitting EID prefix entry limit for MAC after upgrade |
Open Bugs for Cisco IOS XE Amsterdam 17.3.3
|
Caveat ID Number |
Description |
|---|---|
|
Link inssue when using macsec |
|
|
BQS crash on PPPoE session churn overnight |
|
|
Crash in DSP causing an mcpcc-lc-ms core file |
|
|
ASR1002-X: Punt keepalive crashed due to bqs related interrupt |
|
|
Severe traffic disruption due to non-stop flapping of MACSEC enabled interfaces post RP3 switchover |
|
|
ASR 1000 Series cpp_cp_svr crash with frequent underlay route removal and tunnel source changed every 1 second |
|
|
Crash at the moment of calculating tcp header |
|
|
Netflow crash at fnf_ipv6_output_feature_final_internal with flow record on IPv6 IPsec tunnel. |
|
|
Bug to further address CSCvt08179 : QFP crash due to hardware interrupt |
|
|
ucode crash with firewall timer lock |
|
|
bgp-neighbor down when push banner configuration failure |
|
|
IOS-XE Memory Leak in SSS Manager |
|
|
Router crash observed when AppNav Cluster delete with service-insertion enabled on LAN interface |
|
|
False positive alarm: IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL Fan Tray Bay 1 Fan Tray Module Missing |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.4a
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.4a
|
Caveat ID Number |
Description |
|---|---|
|
App-aware policy need to be honored when queuing is not set by localized policy |
|
|
Cisco 1001-X ASR may crash when ZBFW HSL(High Speed Logging) is configured |
|
|
BQS crash on PPPoE session churn overnight |
|
|
Pre-mature session deletion leading to churn and lower TPS at scale |
|
|
Crash in DSP causing an mcpcc-lc-ms core file |
|
|
Cisco 1001-X ASR built-in Tengig interfaces' counters increasing continuously and port stay up/up w/o SFP |
|
|
Cisco 1000 Series ASR configured with 'no ip unreachables' sending ICMP Type 3 Code 13 |
|
|
Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4 |
|
|
cEdge crashes while running web traffic testing with security features enabled |
|
|
Crash at #12 0x00007f010f4cb9db in cpp_bqs_rm_yoda_get_flush_obj while subscriber bringup |
|
|
BQS crash seen at cpp_qm_event_proc_defer_cb |
|
|
BQS crash seen in 17.3 while bringing up 30k PPPOE sessions |
|
|
cEdge running 17.3.2 crashed - Critical software exception / IOSXE-WATCHDOG: Process = SNMP ENGINE |
|
|
SDWAN custom policy that does not looked to be programmed correctly on the cedge platform |
|
|
FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed |
|
|
Wrong reload reason reflected after a power outage. |
|
|
DCHP offer frame getting dropped on cEdge ISR4431 due to Policy |
|
|
Removing and Adding Bulk ACL leads to dataplane programming failure |
|
|
Zone Based Firewall on cEdge router dropping web traffic with the reason Zone-pair without policy |
|
|
Cisco 1000 Series ASR- ACE entry added after object-group is missing in hardware causing packets drops |
|
|
cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging |
|
|
Crash when TPOOL is updating and 'wr mem' is issues at same time |
|
|
ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent |
|
|
"show sdwan policy service-path/tunnel-path" command cause device crash |
|
|
Cisco 1000 Series ASR: BQS crash seen at cpp_qm_event_proc_defer_cb |
|
|
rbuf-ooh crash in HSL |
|
|
custom app not getting detected after attached removed and re-attached- app-visibility is disabled |
|
|
fman_rp memory leak in acl_config_bind_v4_acl_message function. |
|
|
[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled |
|
|
An IOS XE device might crash at DoubleExceptionVector |
|
|
SDWAN cedge : traffic simulation tool shows traffic blackhole |
|
|
Packets dropped due to firewall + data policy interop issue |
|
|
SCEP: CA server fails to rollover CA certificate with error: "Storage not accessible" |
|
|
vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset |
|
|
IOS-XE cpp ucode crash with fragmented packets |
|
|
GD/1hx-Interface doesn't come up when reboot/upgrade device with autoneg enabled on 10G SFP+ Port |
Open Bugs for Cisco IOS XE Amsterdam 17.3.4a
|
Caveat ID Number |
Description |
|---|---|
|
DMVPN - after removing IPSec, traffic is dropped on a tunnel interface |
|
|
Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured |
|
|
unexpected reload due to Crypto IKEv2 process |
|
|
Watchdog timeout due to Crypto IKMP |
|
|
can not update local-address in a crypto keyring |
|
|
Cisco 1001-X ASR and Cisco 9000 Series ASR: Link issue when using macsec |
|
|
crypto ikev2 proposals are not processed separately |
|
|
cEdge-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working. |
|
|
Cisco 1002-XASR: Punt keepalive crashed due to bqs related interrupt |
|
|
17.4 ZBFW:Cpp_cp crash seen when a rule is added at beginning in automation on Cisco 1000 Series ASR |
|
|
Crash when issuing "show crypto isakmp peers config" |
|
|
IKE should have a mechanism to alert or mitigate resource exhaustion due to QM flooding |
|
|
Cisco 1001-X ASR: Bug to further address CSCvt08179 : QFP crash due to hardware interrupt |
|
|
False positive alarm: IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL Fan Tray Bay 1 Fan Tray Module Missing |
|
|
Rapid memory exhaustion due to excessive logging |
|
|
IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ |
|
|
Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map |
|
|
Cisco 1000 Series ASR- egress byte counter on MIP100 10GE interface is inaccurate |
|
|
Data-policy local-tloc with app-route is dropping packets when SLA is not met |
|
|
Cedge : Cloudexpress Office 365 probes are hitting 100% loss |
|
|
cEdge: High CPU usage due to Multicast and Data Policy configuration. |
|
|
cEdge dropping packets [combination /16, /17 data prefix with multiple ports in policy] |
|
|
AAR not correctly programmed in Cisco 1001-X ASR |
|
|
Unable to fetch eigrp prefix, nexthop, omptag, and route origin |
|
|
Crash@bgp_perform_general_scan |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.5
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.5
|
Caveat ID Number |
Description |
|---|---|
|
show access-lists template summary not reflecting correct data |
|
|
GETVPN: Clearing members on Key Server causing rekey processing failure on GMs |
|
|
flow monitor statistics missing when reloading with configuration |
|
|
crypto ipsec security-association dummy leads to packet loss |
|
|
Ucode crash observed at tw_bad_timer_bucket () at ../../../infra/tw_timer.c:918 |
|
|
DMVPN over DMVPN with IPSEC - return packets are dropped with BadIpChecksum |
|
|
Crash triggered by "crypto gdoi ks rekey replace-now" |
|
|
CVLA need to reserve at least 50M memory for low-end DRAM platform |
|
|
ASR1k PFRv3: Elephant flow will trigger performance monitor exporting more than 50% byte loss |
|
|
ASR1002-HX crashed after removing then applying the ZBF configuration. |
|
|
IKEv1/IKEv2 "show crypto session brief" output empty |
|
|
Static NAT conflicts/overwrites with Port-forwarding |
|
|
After reload or switchover, redundant ESP goes offline->online (transient issue) |
|
|
Standby router crashes ZBFW on VASI interfaces with FTP or SIP TCP traffic |
|
|
ESP200-X crash PA2_CSR32_TOP_CSR_PA_ERR_LEAF_INT__INT_PPE_INT1 with PPPoE/L2TP sessions |
|
|
VRF-aware static NAT with route-map and reversible not working |
|
|
False positive alarm: IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL Fan Tray Bay 1 Fan Tray Module Missing |
|
|
ESP Unexpected Reboot on Broadband Intelligent Services Gateway During Session Clean-up |
|
|
Prefetch CRL Download Fails |
|
|
ASR1k- egress byte counter on MIP100 10GE interface is inaccurate |
|
|
no ip nbar resources flow max-session does not restore default platform session limits |
|
|
memory leak with fman_cc process when SM-X-G4M2X module installed |
|
|
Segmentation fault(11), Process = CTS CORE - crash in ISR 4k |
|
|
Rapid memory exhaustion due to excessive logging |
|
|
Crypto PKI-CRL-IO process crash when PKI trustpoint is being deleted |
|
|
Watchdog timeout due to Crypto IKMP |
|
|
unexpected reload due to Crypto IKEv2 process |
|
|
IOS-XE unable to export elliptic curve key |
|
|
OSPFv3 adjacency won't come up after "ospfv3 authentication ipsec" is applied on Tunnel interface |
|
|
Multicast boundary command on tunnel interface DMVPN network is sending ttl=1 packet |
|
|
Crash when issuing "show crypto isakmp peers config" |
|
|
Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device |
|
|
crypto ikev2 proposals are not processed separately |
|
|
ASR fails to install rekey causing traffic drop |
Open Bugs for Cisco IOS XE Amsterdam 17.3.5
|
Caveat ID Number |
Description |
|---|---|
|
Qos download failed with FW policy when rebooting device |
|
|
Protocol specific change for base path |
|
|
Opflex generated Route Distinguisher is not globally unique on ASR1k |
|
|
ASR1K: fman_rp crash seen on 16.9.X when "show platform software nat RP active logging" is run |
|
|
NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut |
|
|
MGCP automatic configuration fails after IOS-XE upgrade on ISR4k |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
Removing service-policy from the Zone-pair causes device crash |
|
|
Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map |
|
|
PKI http client fails to handle 1xx and 2xx responses |
|
|
ASR1001X gets rebooted when Tunnel move across two egress interfaces with QoS MPoL policy config |
|
|
Unexpected reload due to cpp-mcplo-ucode failure |
|
|
Router rebooted de to watchdogs after issuing the commands sh crypto mib ipsec commands |
|
|
ASR1002-X: Punt keepalive crashed due to bqs related interrupt |
|
|
"Shutdown" command visible in running config after reload of ASR 1002-HX |
|
|
ZBFW : ARStandby drops seen on New Active during RG switchover |
|
|
Incorrect OMP Labels in On-Demand Tunnel H/S Topology |
|
|
ASR1001X crash at CFT after scaling up to 4M flows when internet link up from 2Gbps to 10Gbps |
|
|
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed due to ip rtp header-compression iphc-format |
|
|
crash observed at NHRP while using summary-map |
|
|
Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit |
|
|
IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ |
|
|
Crash on cpp process when QoS policy configuration is being applied |
|
|
ASR1001-X and ASR9K: Link issue when using macsec |
|
|
IOSd Nhrp core due to a segmentation fault when disabling PfR IWANs |
|
|
ASR 1000-RP2|VID>V07|16.9.7 MD5 signature does not match failure while upgrading to 17.3(1r) rommon |
|
|
DMVPN - after removing IPSec, traffic is dropped on a tunnel interface |
|
|
Incorrect check of the TCP sequence number causing return ICMP error packets to drop (Thousandeyes) |
|
|
DMVPN phase 2 connectivity issue between two spokes |
|
|
CPP Unexpected Reboot While Freeing CVLA Chunk |
|
|
ASR1000-MIP100 / IOS XE 17.3.2 / high CPU on LC process mcpcc-lc-ms and link flaps |
|
|
C1100 Unexpected reboot with Critical process fman_fp_image fault on fp_0_0 |
|
|
Missing Mandatory Transform Type (ESN) in IKEv2 ESP Protocol |
|
|
CoS preservation not working for the services EVPL and EPL tunnel |
|
|
Device: sdn-network-infra-iwan key does not update successfully under network disruption situation |
|
|
ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535 |
|
|
GETVPN-ipv6 & LISP support on C900 platforms |
|
|
SCEP fails if AAAA DNS repy is received and source interface has no IPv6 address |
|
|
ASR1K / 17.3 / "sh int transceiver" reports incorrect Tx/Rx optical power values |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
FlexVPN per-user inline ACL from Radius not installed |
|
|
Router may crash due to Crypto IKMP process |
|
|
%CRIMSON-3-DATABASE_MEMLEAK: Database memory leak detected |
|
|
TenGigabitEthernet0/0/0-1 port keeps up/up status even the peer connecting port had been link down |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.6
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.6
|
Bug ID |
Description |
|---|---|
|
NAT translation don’t show (or use) correct timeout value for an established TCP session. |
|
|
Qos download failed with FW policy when rebooting device. |
|
|
Crash due to IOSXE-WATCHDOG due to management port traffic storm. |
|
|
When object-group used in a ACL is updated, it takes no effect. |
|
|
CPP crash with performance monitor. |
|
|
CRC counter doesn't increase in "show interfaces" on device with EPA/MIP. |
|
|
MD5 signature does not match failure while upgrading to 17.3(1r) rommon. |
|
|
ENH: Address the memory fragmentation in "IPSEC Key" process. |
|
|
RP switchover causes linecard NFS mount failure resulting in memory leak. |
|
|
Crash on ipv4_nat_get_all_mapping_stats due to NULL pointer of mapping_hash_table. |
|
|
CHASSIS_MONITOR_ONLINE_TIME_EXCEEDED: R0/0: cmand: Reloading F0 because it has failed to come online. |
|
|
Device VRF+NAT Outside Source Static - Drop packets during FTP (Active-mode) execution. |
|
|
[XE ETA] IDP record is incomplete when traffic is fragmented. |
|
|
%SCHED-3-SEMLOCKED: SIP0/1: Exec attempted to lock a semaphore, already locked by itself. |
|
|
High CPU on LC process mcpcc-lc-ms and link flaps. |
|
|
Oper database memory leak detected. |
|
|
Device with EPA interface - "giants" counter keeps increasing after initial reception of giant. |
|
|
IPSec LED doesn't lit even though module is correctly installed. |
|
|
MACSEC not working on subinterfaces using dot1q >255. |
|
|
IOS PKI client uses incorrect search filter for CRL retrieval using LDAPv3. |
|
|
Lack of MAC address in inform event message. |
|
|
IPSec Key engine process holding memory continuously and not freeing up. |
|
|
Router rebooted due to watchdogs after issuing the commands SH Crypto MIB IPSec commands. |
|
|
Renewing hardware wan edge cert shows old cert serial/valid date in control local-properties. |
|
|
Device reloads when group-range is configured under an interface Group-Async. |
|
|
Traffic is hitting wrong sequence in the data policy. |
|
|
VG450 - SCCP auto-configuration issues with multiple protocols. |
|
|
(Rework): After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
NHRP process taking more CPU with IP NHRP redirect configured. |
|
|
ZBFW dropping return packets from Zscalar tunnel post cedge upgrade. |
|
|
[XE NAT] Source address translation for multicast traffic fails with route-map. |
|
|
Appnav-XE connections are going as passthrough unsupported. |
|
|
Large number of IPSec tunnel flapping occurs when underlay is restored. |
|
|
Patforms running 17.x - crypto ipsec policy installation fails. |
|
|
NAT translations do not work for FTP traffic. |
|
|
Incorrect check of the TCP sequence number causing return ICMP error packets to drop (Thousandeyes). |
|
|
Registration of spoke fails with dissimilar capabilities w.r.t to HUB. |
|
|
Secure key agent trace levels set to Noise by default. |
|
|
"Revocation-check crl none" does not failover to NONE DNAC-CA. |
|
|
Serial interface stuck in "line protocol is down" state after it went down and it is recovered. |
|
|
Observed crash in device with prd10 image. |
|
|
Keyman memory leak using public keys. |
|
|
Device fails to update sdn-network-infra-iwan key after 1 year. |
|
|
IKEv2 fragmentation causes wrong message ID used for EAP authentication. |
|
|
CRL verification failure result 400 Bad Request with DigiCert. |
|
|
Static mapping for the hub lost on one of the spokes. |
|
|
Packet sanity failed for resolution reply on spoke due to missing SMEF capability. |
|
|
FTP data traffic broken when UTD IPS enabled in both service VPN. |
Open Bugs for Cisco IOS XE Amsterdam 17.3.6
|
Caveat ID Number |
Description |
|---|---|
|
Peer MSS value showing incorrect. |
|
|
PRP trailer frames were trunked in xconnect on Utah platform. |
|
|
Opflex generated Route Distinguisher is not globally unique on device. |
|
|
Device crash seen when "show platform software nat RP active logging" is run. |
|
|
Crash with "IPE_CPE_U14_CSR32_IPE_CPE_ERR_CPE_MISC_LEAF_INT__INT_CPE_MALGN_ADDR_ERR " error. |
|
|
VTCP does not support L2 correctly. |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
BQS Failure - Qos policy is missing in hardware for some Virtual-Access tunnels after session flaps. |
|
|
Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured. |
|
|
Punt keepalive crashed due to bqs related interrupt. |
|
|
Crash seen after enabling "platform qos port-channel-aggregate". |
|
|
"Shutdown" command visible in running config after reload of device. |
|
|
Device statistics collection causing service-side BFD to flap on every collection interval. |
|
|
Crash observed at NHRP while using summary-map. |
|
|
NETFLOW SIP destination/source field contains garbage value. |
|
|
CoS preservation not working for the services EVPL and EPL tunnel. |
|
|
TLB miss for lock address during FNF cache lookup. |
|
|
PRP frames not transparent transmitted over L2TPv3 or EoMPLS tunnel. |
|
|
When MACSEC dot1q-in-clear 1 is enabled on interfaces there is traffic drop. |
|
|
Router reload unexpectedly two times when enter NETTFLOW show command. |
|
|
MKA Session not coming up on EVC. |
|
|
Memory leak in AEM chunks related to firewall. |
|
|
Octeon processor hang followed by ESP100 crash. |
|
|
Need CLI option to disable ALG. |
|
|
DMVPN phase 2 connectivity issue between two spokes. |
|
|
PYON: Adjusting new text segment to address L2i rejections issues with SDWAN profiles. |
|
|
ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535. |
|
|
Incorrect Tx/Rx optical power values reported for QSFP transceivers. |
|
|
Fragmented packets crashes while allocating memory. |
|
|
Device may show input/output rate values even if the interface is in admin down state. |
|
|
ICMP traceroute return packet not classified based on FW override port info. |
|
|
ISG / Crashes due to %IDMGR-3-INVALID_ID: bad id in id_delete during session roaming. |
|
|
NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut. |
|
|
Device link goes err-disabled due to link-flap after reloading Catalyst 8300 peer device. |
|
|
When configration ip nat inside/outside on VASI intereface,ack/seq number abnormal. |
|
|
Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map. |
|
|
Device QFP core due to NAT scaling issue. |
|
|
Device gets rebooted when Tunnel move across two egress interfaces with QoS MPoL policy config. |
|
|
ISG: initiator unclassified ip-address LQIPv4 command has no effect. |
|
|
ZBFW : AR Standby drops seen on New Active during RG switchover. |
|
|
EWC HA pair expereincing IOS tracebacks, followed by KEYMAN crash. |
|
|
RTSP Traffic not being rewritten by NAT. |
|
|
Router crashing when clearing a VPDN session. |
|
|
IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ. |
|
|
ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
[Verizon CAP]NIM-LTE-EA No data - requires subslot reload to recover. |
|
|
Unable to remove "switchport mode access" and "switchport nonegotiate" at the same time. |
|
|
Device crash for stuck threads in cpp on packet processing. |
|
|
Subscriber session getting stuck and needs clearing it manually. |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
DMVPN - after removing IPSec, traffic is dropped on a tunnel interface. |
|
|
CPP uCode crash due to IPC congestion from DP to CP. |
|
|
Device template attachment causes pppoe commands to be removed from ethernet interface. |
|
|
CPP unexpected reboot while freeing CVLA chunk. |
|
|
IKEv2 deprecated ciphers denied by crypto engine CDSL - PSB security compliance - DES, 3DES, DH1/2/5. |
|
|
Missing mandatory transform type (ESN) in IKEv2 ESP Protocol. |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
GETVPN-ipv6 & LISP support on device platforms. |
|
|
UTD: Exception in utd_logger.py due to missing extra-data in AMP alert. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Hightower 5G light is blue when 4G LTE is in use. |
|
|
Router may crash due to Crypto IKMP process. |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.7
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.7
|
Bug ID |
Description |
|---|---|
|
Unconditional excessive logging in EoGRE tunnel error handling case. |
|
|
TLB miss for lock address during FNF cache lookup. |
|
|
Interface VLAN 1 placed in shutdown state when configured with ip address pool. |
|
|
Intermittent double DTMF due to changing timestamp on a DTMF event. |
|
|
Wired guest client stuck at IP_LEARN with DHCP packets not forwarded out of the foreign to anchor. |
|
|
QFP crash when ZBFW configuration features log dropped-packets configuration. |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
ezPM(performance monitor) error logs may cause uCode crash due to congestion of IPC from DP to CP. |
|
|
QoS Classification not working for DSCP or ACL + MPLS EXP. |
|
|
ERROR info: Router configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt. |
|
|
Router reloads unexpectedly during NHRP processing. |
|
|
DSPware 55.1.6 Release targeting v173_throttle. |
Open Bugs for Cisco IOS XE Amsterdam 17.3.7
|
Bug ID |
Description |
|---|---|
|
Router crashes due to CPUHOG when walking Cisco Flash MIB. |
|
|
TCAM parity error - QFP crash with a scale configuration. |
|
|
ISG: initiator unclassified IP-address LQIPv4 command has no effect. |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
IPv6 DMVPN - NBMA address not getting preserved. |
|
|
Auto-update cycle incorrectly deletes certificates. |
|
|
CISCO-CLASS-BASED-QOS-MIB doesn't work with LTE Cellular interface on device after reload. |
|
|
ISG/Crashes due to %IDMGR-3-INVALID_ID: bad id in id_delete during session roaming. |
|
|
Subscriber session getting stuck and needs clearing it manually. |
|
|
Memory Leak in AEM chunks related to Firewall. |
|
|
EWC HA pair experiencing IOS Tracebacks, followed by KEYMAN crash. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Device link goes err-disabled due to link-flap after reloading peer device. |
|
|
BQS Failure - Qos policy is missing in hardware for some Virtual-Access tunnels after session flaps |
|
|
Router traceback and reload when different encapsulation used on xconnect interfaces. |
|
|
Device template attachment causes PPPoE commands to be removed from ethernet interface. |
|
|
Interface stats are not getting updated for port-channel. |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
|
CSDL failure: IPSec QM use of DES by Encrypt Proc is denied. |
|
|
VG450 VMWI race condition causes no ringing for analog phones. |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.8
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.8
|
Bug ID |
Description |
|---|---|
|
Observed QFP-UCode-WLC crash. |
|
|
Ingress and Egress Bytes counters can suddenly increase and are not accurate for Sub-Interfaces. |
Open Bugs for Cisco IOS XE Amsterdam 17.3.8
|
Bug ID |
Description |
|---|---|
|
ISG: initiator unclassified IP-address LQIPv4 command has no effect. |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
FlexVPN: Stale client routes stuck in RIB on FlexServer. |
|
|
Crash when using dial-peer groups with STCAPP. |
|
|
ISG / Crashes due to %IDMGR-3-INVALID_ID: bad ID in id_delete during session roaming. |
|
|
Subscriber Session getting stuck and needs clearing it manually. |
|
|
EWC HA pair experiencing IOS Tracebacks, followed by KEYMAN Crash. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Device crashes due to cpp_cp_svr fault on fp_0_0 (rc=134) when applying umbrella dnscrypt to profile. |
|
|
Inter-vrf route leaking not working and packet drop seen due to Ipv4Unclassified. |
|
|
Device crash with crashinfo files were generated with Segmentation fault, Process IPSEC key engine. |
|
|
Device link goes err-disabled due to link-flap after reloading peer device. |
|
|
IOS XE router may experience unexpected eeset while executing show utd engine standard statistics. |
|
|
Auto-Update Cycle incorrectly deletes certificates. |
|
|
Device template attachment causes PPPoE commands to be removed from ethernet interface. |
|
|
GARP on port up/up status from router is not received by remote peer device. |
|
|
CPP unexpected reboot while freeing CVLA chunk. |
|
|
CSDL failure: IPSec QM Use of DES by encrypt proc is denied. |
|
|
BQS Failure - QoS policy is missing in hardware for some Virtual-Access tunnels after session flaps. |
|
|
Device TCAM parity error - QFP crash with a scale configuration. |
|
|
Unexpected reboot of the ESP seen after enabling platform qos port-channel-aggregate. |
|
|
Router crashed with no UCode due to possible dataplane memory corruption in NAT client. |
|
|
Memory Leak in AEM chunks related to Firewall. |
|
|
Crash due to DTL push/pop on wait loop. |
|
|
Remove auto-negotiation support on 10G dual-rate interfaces. |
|
|
Flowspec on device won't revoke. |
|
|
Interface stats are not getting updated for port-channel. |
|
|
Crash when modifying tunnel after running show crypto commands. |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
ROMmon Release Requirements
Note |
After upgrading the ROMmon to version 17.3(1r), you cannot revert it to a version earlier than 17.3(1r) for the following
platforms:
|
Related Documentation
-
Release Notes for Previous Versions of ASR 1000 Series Aggregation Services Routers
-
Hardware Guides for Cisco ASR 1000 Series Aggregation Services Routers
-
Configuration Guides for ASR 1000 Series Aggregation Services Routers
-
Command Reference Guides for ASR 1000 Series Aggregation Services Routers
-
Product Landing Page for ASR 1000 Series Aggregation Services Routers
-
Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers
-
Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide
Feedback