CG-OS Release CG4 - Release Notes for Cisco 1000 Series Connected Grid Routers
Available Languages
Table of Contents
Release Notes for Cisco 1000 Series Connected Grid Routers for Cisco CG-OS Release CG4
New Features in CiscoCG-OS ReleaseCG4
About the Cisco1000Series ConnectedGrid Routers
Determining the Software Version
Upgrading to a New Software Release
Generating Software Images Using Incremental Image Files
Erasing the Configuration File
Caveats Resolved in Cisco CG-OS Release CG4(5)
Caveats Resolved in CiscoCG-OS ReleaseCG4(4)
Caveats Resolved in CiscoCG-OS ReleaseCG4(3)
Caveats Resolved in Cisco CG-OS Release CG4(2)
Caveats Resolved in CiscoCG-OS ReleaseCG4(1)
Accessing Error Message Decoder
Migrating from CG-OS to Cisco IOx
Obtaining Documentation and Submitting a Service Request
Release Notes for
Cisco 1000 Series Connected Grid Routers for Cisco CG-OS Release CG4
Last Updated: September 22, 2016
First Published: March 10, 2012
These release notes contain the latest information about using CG-OS software with the
Cisco 1000 Series Connected Grid Routers (Cisco CG-OS routers) for CG4, including this new information:
- Overview of new features added in this release. (See New Features in Cisco CG-OS Release CG4.)
- Open and resolved caveats in release CG4(5), CG4(4), CG4(3), CG4(2) and CG4(1). (See Caveats.)
- Limitations and Restrictions of the software and related hardware. (See Limitations and Restrictions.)
- Details on Migrating from CG-OS to Cisco IOx. Cisco IOx allows the router to operate with Cisco IOS and a Guest OS within one platform.
Note
Cisco CG-OS CG4(5) includes the resolved caveats of all previous CG4 releases.
Note You cannot downgrade to a previous version of CG4.
New Features in Cisco CG-OS Release CG4
Table 1 lists the new features added in Release CG4 (5) and earlier CG4 versions.
New configuration command that allows the user to configure the network mask length: netmask length <value>. Note For cellular interfaces, the recommended values are either 31 or a value less than 24. |
|||
Software enhancement provides faster CG-mesh reformation after a power outage. |
Cisco Connected Grid WPAN Module for CGR 1000 Series Installation and CG-Mesh Configuration Guide |
||
Refer to firmware upgrade instructions in the following guide: Cisco Connected Grid Network Management System User Guide, Release 2.1.x or greater |
|||
CGR 1000 reports a new event, reload link-recovery, when a reload occurs due to a link outage. (CSCuj23382, CSCuj59287) |
For feature overview and configuration details, see the “Configuring WAN Backhaul Redundancy” chapter in the |
||
CGR 1000 supports dual backhauls for 3G, WiMAX, and Ethernet interfaces. |
Varied documentation given application. Please contact your Cisco representative or partner. |
||
Support for route redistribution of external RPL routes in CG-mesh network for application modules and MAP-T addresses in DA gateways. |
For feature overview and configuration details, see the |
||
Each interface supports up to 16 routes for DHCP clients. (CSCul11674) |
For feature overview and configuration details, see the “Configuring IP Services” chapter in the |
||
Allows locking and unlocking of the SD card through software to limit access and protect configuration information on the module. You can also enable password-strength check when defining the password and check whether a password is defined for the SD card module. (CSCug62713, CSCuh47814, CSCuh50418, CSCuh53071, CSCui65513) Note If you want to employ password strength on the SD card, you must enable password strength on the router, before you create the password. To enable password strength check on the SD module, enter: router(config)#: password-strength check To create a password for the SD card, enter: word– 64-byte case-sensitive string To check if the SD card has password protection and has a pending reload, enter: |
Cisco 1240 and 1120 Connected Grid Router Hardware Installation Guides |
||
When you remove an SD card from an online CGR 1000, the router automatically reloads. When this occurs, a reset-reason will indicate that the system reload is due to an SD card removal. (CSCui82859) |
|||
A new command allows you to specify the preferred connection rate(s) for the 3G GSM module (CSCtn94963): cellular interface number/port number gsm band { auto-band | all-bands exclude all-900-bands}
To verify the setting, use the |
For details on the 3G module, see the Cisco Connected Grid Cellular 3G Module for CGR 1000 Series Installation and Configuration Guide at: |
||
New call home alarms on the router provide low temperature threshold warnings; and, include the following alarms (CSCuh07528): |
|||
When operating in a router with CG4(2) software, the 3G GSM module supports the following low temperature threshold settings (CSCug55056):
The router automatically detects lower ambient temperatures on the 3G GSM module, and automatically puts the modem in a lower power mode when the module reaches the low critical temperature threshold. The router restores full power mode when the ambient temperature reaches the low critical temperature recovery threshold. |
For details on the 3G module, see the Cisco Connected Grid Cellular 3G Module for CGR 1000 Series Installation and Configuration Guide at: |
||
Enhanced BBU firmware version 5213 raises threshold value for turning off charging functionality. |
BBU charging functionality of new firmware stops when cell voltage drops under 2.0V rather than 1.5V. (CSCuh07282) |
For details on upgrading your BBU firmware, see the |
|
When you remove the SD flash module from a Cisco 1000 Series router, the system sends a callhome alert of severity 7 to CG-NMS. |
See “About the SD Flash Memory Module” chapter in the Cisco 1240 Connected Grid Router Hardware Installation Guide and the Cisco 1240 Connected Grid Router Hardware Installation Guide at: |
||
Fully Qualified Domain Support (FQDN) on the WPAN module (version 5.2.82 and later) |
Allows you to specify a host name and domain name for a mesh outage server in the interface configuration mode: (CSCue96374) outage server [hostname | IPv6 address] where IPv6 address format options is: aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh The CGR 1000 only supports an IPv6 address format for the mesh outage server. The router does not support the IPv4 option in the command. |
For feature overview and configuration details, see the |
|
The WiMAX module supported on the CGR 1000 Series routers now supports 1.4 GHz and 3.65 GHz bands in addition to 1.8 GHz and 2.3 GHz. |
For feature overview and configuration details, see the |
||
The configuration command, lock, allows you to disable the console: |
For more details on the console port, see “Appendix: Starting a Router Terminal Session” in the Cisco 1240 Connected Grid Router Hardware Installation Guide and the Cisco 1120 Connected Grid Router Hardware Installation Guide at: |
||
Encryption of passwords and certificates on the CGR 1000 SD flash module |
In release CG4(1) and later, passwords and certificates will be encrypted on the SD flash module of the CGR 1240 and CGR 1120. (CSCue02872) |
See “About the SD Flash Memory Module” chapter in the Cisco 1240 Connected Grid Router Hardware Installation Guide and the Cisco 1120 Connected Grid Router Hardware Installation Guide at: |
|
You can view details on the BBU IDPROM for up to three BBUs in the following commands: |
See “Installing Battery Backup Units” chapter in the Cisco 1240 Connected Grid Router Hardware Installation Guide and the Cisco 1240 Connected Grid Router Hardware Installation Guide at: |
||
Any change associated with the scheduler timer of the Backhaul Manager causes the router to generate a Syslog message. |
See “Configuring Backhaul Manager” in the Cisco 1000 Series Connected Grid Routers System Management Software Configuration Guide at: www.cisco.com/go/cgr1000-docs |
About the Cisco 1000 Series Connected Grid Routers
Cisco 1000 Series Connected Grid Routers (Cisco CG-OS routers) are multi-service communications platforms designed for use in field area networks. The portfolio consists of two models – both ruggedized to varying degrees for outdoor and indoor deployments. Both models are modular and support a wide-range of communications interfaces such as 2G/3G cellular, Ethernet, WiFi, WiMAX, and IEEE 802.15.4g/e.
- Rugged industrial design and compliance with IEC-61850-3 and IEEE 1613 for utility substation environments
- Feature-rich software capabilities, including dual-stack (IPv4 and IPv6) support and traffic priority using IP QoS
- Comprehensive security capabilities based on open standards
- Highly resilient design that optimizes communications network uptime and availability
- Network and device management tools for easy deployment, upgrades, and remote monitoring
The Cisco CG-OS software supports a command-line interface to configure and monitor the system.
The Cisco Connected Grid Device Manager (Device Manager) is a Windows-based application that field technicians can use to manage the Cisco CG-OS router. The Device Manager connects to the Cisco CG-OS router by using a secure Ethernet or WiFi link.
Table 2 provides an overview of the software features supported on Cisco CG-OS routers.
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers Unicast Routing Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
||
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers Unicast Routing Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
||
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers QoS Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
||
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers System Management Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
||
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers Security Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
||
Remote wireless access to the Cisco CG-OS router from a laptop client for diagnostic and troubleshooting by field personnel. |
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers WiFi Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
|
Supervisory Control and Data Acquisition (SCADA) connectivity |
For feature overview and configuration details, see the Cisco 1000 Series Connected Grid Routers SCADA Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
Table 3 provides an overview of the hardware features and interfaces supported on Cisco CG-OS routers.
For feature overview and configuration details for the hardware features as well as mounting and installation details for the Cisco CG-OS router, see the Cisco 1240 Connected Grid Router Hardware Installation Guide or the Cisco 1120 Connected Grid Router Hardware Installation Guide at www.cisco.com/go/cgr1000-docs. |
||
Integrated Ethernet switch module with Fast Ethernet ports (four on CGR 1240, six on CGR 1120) and two Gigabit Ethernet ports. |
Hardware details are addressed in the Feature-specific software configuration is addressed in the Cisco 1000 Series Connected Grid Software Configuration Guide Set at www.cisco.com/go/cgr1000-docs. |
|
Integrated, short-range IEEE 802.11 b/g WiFi access point to support a wireless console connection to the CG-OS router. |
Hardware details are addressed in the For configuration details, see the Cisco 1000 Series Connected Grid Routers WiFi Software Configuration Guide at www.cisco.com/go/cgr1000-docs. |
|
Wireless modules with a mini-card cellular modem (PCI-e mini-card form factor): |
For feature overview and configuration details, see the Cisco Connected Grid Cellular 3G Module for CGR 1000 Series Installation and Configuration Guide at www.cisco.com/go/cgr1000-docs. |
|
IEEE 802.16e module for providing a WAN uplink over the wireless 1.4 GHz, 1.8 GHz, 2.3 GHz and 3.65 GHz bands in Distribution Automation and AMI concentrator deployments. |
For feature overview and configuration details, see the Cisco Connected Grid WiMAX Module for CGR 1000 Series Installation and Configuration Guide at www.cisco.com/go/cgr1000-docs. |
|
IEEE 802.15.4g/e module to support IETF 6LoWPAN and RPL protocols for Connected Grid Endpoints (CGE). |
For feature overview and configuration details, see the Cisco Connected Grid WPAN Module for CGR1000 Series Installation and RFLAN Configuration Guide at www.cisco.com/go/cgr1000-docs. |
|
The following SFP modules are supported on the Cisco CG-OS routers: Other SFP modules, including those made by third-party manufacturers, are not supported. |
For installation instructions, see the |
System Requirements
Table 4 lists the hardware and software versions associated with this release for Cisco products deployed in a Field Area Network solution.
Installation Notes
This section addresses the following topics:
Determining the Software Version
To identify the software version operating on the Cisco CG-OS router, enter the following command.
Upgrading to a New Software Release
You can upgrade the software on the Cisco CG-OS router by employing the install all command.
Listed below are the possible approaches when downloading images using the install all command. You must select one of the following approaches:
- Download the images (kickstart and system image) from a remote server into the volatile memory of the Cisco CG-OS router by employing the install all command to specify the path to the remote server and the protocol. After the download, the software installation begins automatically.
- Download the images (kickstart and system image) from a local server directly into the bootflash of the Cisco CG-OS router, and then manually enter the install all command to initiate the software upgrade.
Note The kickstart and system images are each available in two formats: as full images, and as incremental software images. An incremental image file contains only the differences between the previous software image and the new software image. You can combine the incremental image from the new release with the full image file from the previous release to get the equivalent of the full image file for the new release.
The combined software image file can then be used to upgrade the software on the Cisco CG-OS router using the install all command. See Generating Software Images Using Incremental Image Files.
The following table provides detailed command syntax for the install all command.
This example shows how to download the software images from a remote FTP server onto the
Cisco CG-OS router bootflash. After download, the software installation starts automatically on the
Cisco CG-OS router.
This example shows how to download the software images from a remote SCP server onto the
Cisco CG-OS router bootflash. After download, the software installation starts automatically on the
Cisco CG-OS router.
system scp://adminuser@10.10.1.1/cg-os_sys.bin
This example shows how to copy the image from a remote SCP server onto the Cisco CG-OS router bootflash and then manually upgrade the software by using the install all command.
This example shows how to copy the image from a remote SCP server onto the Cisco CG-OS router bootflash without requiring any action or entry by the administrator. All actions proceed automatically.
Note An output similar to the one below displays during the install. The same output displays for local and remote installations.
Note The Cisco CG-OS router reboots after a successful installation.
Generating Software Images Using Incremental Image Files
The kickstart and system images are both available as incremental image files. Incremental image files contain only the differences between the previous software image and the new software image. An incremental software image can be combined with the previous software image to get the equivalent of the full version of the new software image, which can then be installed with the install all command, as described in the previous section.
For example, an incremental image file for CG3(1) contains only the differences between CG3(1) and the previous software release, CG2(1). You can combine the CG3(1) incremental image file with the CG2(1) software image to get the equivalent of the full version of the CG3(1) software image. There are separate incremental image files for the kickstart and system images.
To generate software images using incremental patch files, you use the image-patch command in privileged EXEC mode. The following table provides detailed command syntax for the image-patch command.
This example shows how to combine the CG2(1) seed image file cgr1000-uk9.5.2.1.CG2.0.59.SPA.bin with the CG3(1) incremental patch file cgr1000-uk9.5.2.1.CG3.0.16-CG2.0.59.SPA.bin and place the combined file into bootflash:
Note An output similar to the one below displays during the image patching process.
The resulting file in bootflash is equivalent to the full cgr1000-uk9.5.2.1.CG3.0.16.SPA.bin image file. Run the image-patch command for both the kickstart and system images. After you have generated both images, run the install all command to upgrade the router to the new software version. See Upgrading to a New Software Release.
Erasing the Configuration File
When you enter the write erase [boot | debug | secrets] command, it erases all of the persistent memory of the Cisco CG-OS router except for items noted in the table below.
Important Notes
In CG-OS software, SNMP (snmpd) is enabled by default and cannot be disabled. SNMP must be enabled to support CG-NMS and Call Home activities within the software.
Please consider this fact when designing your network.
Downgrading From an Image that Supports the SD-Card Password Feature
In software images that support setting an SD-card password, if an SD-card password is set, downgrading the image to a version that does not support the SD-card password will result in an unresponsive router. A field technician must then manually power cycle the router.
This issue occurs when downgrading from CG4(3) or later to a lesser version, for example, from CG4(3) to CG1, CG3(3) and lower, or CG4(2) and lower.
The workaround is to remove the SD-card password BEFORE downgrading to a lesser version. To remove the password, use the no sd-card password < password_string > command.
To prevent the battery backup unit (BBU) from discharging during transport or servicing of the Cisco CGR 1240 Router, disable the BBU automatic discharge feature using the system software. For details on this procedure, please see the Installing Battery Backup chapter within the Cisco 1240 Connected Grid Router Hardware Installation Guide.
BBUs are not supported on the Cisco CGR 1120 Router.
Refer to the “Guidelines and Limitations” section of each chapter within the Cisco 1000 Series Connected Grid Routers Software Configuration Guides and the highlighted Notes, Warnings, and Cautions throughout all Cisco CG-OS router documentation.
DHCP Client IP Route Setup Changes
In Cisco CG-OS Release CG3(1), the software reports all IP routes set up by the DHCP client directly to the IP routing table. To review the information added by the DHCP client, enter the show ip route detail command. If an IP route entry of ip route 0.0.0.0 0.0.0.0 x.x.x.x 254 or ip route 0.0.0.0 0.0.0.0 x.x.x.x appears when you are operating with CG3(1) software, you must remove the entry by entering the no ip route command. This IP route process differs from that of Cisco CG-OS Release CG2(1) and earlier releases. In those earlier software releases, you entered the show running-config command to review the IP route entry.
- In Cisco CG-OS Release CG2(1), the default route had a route preference of 254 when DHCP was enabled on the router.
- In Cisco CG-OS Release CG1(1), the default route had a route preference of 1 when DHCP was enabled on the router.
To start the Network Time Protocol (NTP) service on the router, you must now enter the feature ntp command. In previous releases, the NTP service was started by default when the router was booted, and it could not be disabled.
After the NTP service is enabled, you can disable it with the no feature ntp command. Note that when the NTP service is disabled, the NTP-related statements in the router configuration are disabled.
Limitations and Restrictions
Cisco recommends that you review this section before you begin working with the router. These are known limitations that will not be fixed, and there is not always a workaround for these issues. Some features might not work as documented, and some features might be affected by recent changes to the CG-OS router hardware or software.
Hardware Limitations
BBU Versions within a CGR 1240 Must Match
When you replace a BBU in the CGR 1240, we highly recommend:
When a CGR 1240 operates with different BBU versions, it may result in misbehavior in the BBU functionality. This condition is seen in CGR 1240s installed with either Cisco IOS or Cisco CG-OS software.
Table 5 lists the limitations in this release for hardware features that are described in detail in the
Cisco Connected Grid Router Hardware Installation Guide for the Cisco CGR 1120 or CGR 1240.
Software Limitations
Symptom: Creating a username (not password) within the local database on the router that already exists on the external AAA server generates an inaccurate error message such as Please first delete that account using "no" option.
Conditions: CG-OS software allows use of the same username in both the local router database and an external server.
Workaround: Create the username on the local authentication store of the router first, and then replicate it on the external AAA server. The AAA server will not complain.
Symptom: In some cases, over the air service provisioning (OTASP) might not be successful or might time out.
Workaround: Re-attempt OTASP activation.
Symptom: The term “switch” is used in the CGR 1000 command-line interface (CLI). The CGR is a router.
Conditions: The term is used in various places in the CLI.
Workaround: There is no workaround for this issue.
Symptom: A learned OSPF route is given preference over the same static route configured in the CGR 1000.
Conditions: This issue occurs when the same route is both a learned OSPF route and a configured route.
Workaround: To resolve this issue, remove the learned OSPF route from the router configuration. To prevent this issue from occurring, do not use OSPF on an interface for which you want to use static routes.
Symptom: The CGR 1000 reports hardware and environmental power data about a single power supply only, even though it has both AC and DC power supplies.
Conditions: This issue occurs because CGR actually has hardware for just the AC power supply. The DC power supply input is to the AC power supply, and the DC power supply is managed by the AC power supply hardware. Consequently, the CGR 1000 reports information about the AC power supply hardware only.
Workaround: There is no workaround for this issue.
Symptom: For configured security changes to take effect on the WiMAX interface, you must remove the EAP-TLS or EAP-TTLs configuration then add it again.
Conditions: When changing existing security settings on the WiMAX interface (for example, changing the server or device trustpoint).
Workaround: Disable and then enable the corresponding auth-method again by using the following commands:
Disable the auth-method: no pkm auth-method
Re-enable the auth-method: pkm auth-method eap-tls or pkm auth-method eap-ttls
Symptom: A tunnel interface is configured with no keepalive by default.
Conditions: This issue occurs on all tunnel interfaces.
Workaround: Use the keepalive interface configuration command to enable keepalive on the tunnel interface.
Symptom: The CGR 1000 does not respond with an echo reply to link-local echo requests.
Conditions: This issue occurs when the router receives a link-local request for the first time. The router does send an echo reply to subsequent link-local echo requests.
Symptom: The CGR 1000 fails certificate authentication.
Conditions: This issue can occur when authenticating the router using Simple Certificate Enrollment Protocol (SCEP). If the enrollment profile refers to a Cisco IOS registration agent (RA), and the RA refers to a sub-certificate authority (SubCA) instead of a certificate authority (CA), the authentication fails.
Workaround: Use one of the following workarounds: Authenticate to the SubCA over a terminal connection, or authenticate to the SubCA but do not use a Cisco IOS RA.
Symptom: The show interface ethernet command displayed the incorrect media type as SFP when SFP was inserted.
Conditions: When RJ-45 connectors were replaced with SFP connectors in the Ethernet ports, the output of the show interface ethernet command still indicated that the media-type installed was RJ-45.
Symptom: A cell power module (cell PM) restart causes the 3G module to reload.
Conditions: When a 3G-related process was killed.
Workaround: There is no workaround for this issue.
Symptom: The vsh process might crash when making repeated configuration changes and issuing copy running-config startup-config commands.
Conditions: When making repeated configuration changes and issuing copy running-config startup-config commands after every configuration change, the vsh process might crash.
Workaround: The vsh process automatically restarts itself after crashing. The CLI interface remains operational.
Symptom: The syslog message for BBUs does not take into account BBUs that are in the inhibit discharge mode.
Conditions: This issue occurs when the router has three BBUs: two of the BBUs are in the uninhibit discharge mode, and one is in the inhibit discharge mode. The syslog message reporting the status of the BBUs shows the capacity of the BBUs in the uninhibit discharge mode, but the system does not take into account the capacity of the BBU in the inhibit discharge mode.
Symptom: The BIOS on routers running Cisco CG-OS Release 5.2(1)CG1(3c) or earlier cannot be upgraded to a new version.
Conditions: Software releases earlier than Cisco CG-OS Release CG2(1) do not support BIOS upgrade. When you run the install all command, the upgrade table shows nothing in the Running-Version or New-Version columns for the BIOS, and the Upg-Required column for the BIOS always shows no.
Workaround: Support for BIOS upgrade was added in Cisco CG-OS Release CG2(1). After you upgrade the router to Cisco CG-OS Release CG2(1), you will be able to upgrade the BIOS.
Symptom: The router BIOS cannot be downgraded to an earlier version.
Conditions: This issue occurs when you attempt to downgrade the router software from Cisco CG-OS Release CG2(1) or later to an earlier version. When you enter the install all command, the upgrade table shows nothing in the New-Version column for the BIOS, and the Upg-Required column for the BIOS shows no.
Workaround: There is no workaround for this issue. Software releases earlier than Cisco CG-OS Release CG2(1) do not support BIOS downgrade.
Symptom: Output from show mesh-security session all does not show all current mesh security sessions.
Conditions: This issue occurs in the output of the show mesh-security session all command.
Workaround: To find out the mesh-key status of a meter, use the show mesh-security session mac < mac-address > command.
Symptom: CGR failed registration with WPAN interface not ready error message.
Conditions: Migration is initiated.
Workaround: Log into the router and issue the command no feature c1222r to remove feature c1222r manually. The fix for the observed problem is provided in the CG-NMS caveat CSCus89569, in which CG-NMS attempts 3 retries (with an interval of 60 seconds per retry) of issuing the command no feature c1222r during the mesh migration process. If all 3 retries fail, CG-NMS stops the registration operation.
Caveats
This section addresses the open caveats in this release and provides information on how to use the
Bug Toolkit to find further details on those caveats, and includes the following topics:
Open Caveats
Symptom: Some 3G CDMA modules operating with 1.3.3 firmware might experience firmware corruption on the following platforms: ISR 819H and CGR 1000s.
Conditions: Firmware was corrupted on CDMA modules on specific router platforms.
Workaround: An upgrade to firmware version 1.56 is recommended for CGR 1000s. There is currently no recommended firmware versions for the ISR 819H.
Symptom: The show ip adjacency statistics command displays inaccurate statistics. All packet and byte counts are displayed as 0. Entering the clear ip adjacency statistics command does not resolve this issue.
Conditions: This issue can occur when the system is passing data.
Workaround: There is no workaround for this issue.
Symptom: The tacacs-server host test command does not display related messages.
Conditions: This issue occurs when using any of the command keywords: { idle-time minutes | password password [ idle-time minutes ] | username name [ password password [ idle-time minutes ]]}
Workaround: Enter the test aaa configuration mode command to display related messages. See the Cisco 1000 Series Connected Grid Router Security Software Configuration Guide for more information about this command: www.cisco.com/go/cgr1000-docs
Symptom: The command aaa authentication login error-enable fails to return any error message when the external AAA server is unreachable, other than Access denied. Using keyboard-interactive authentication. if the user enters valid credentials that exist on the external AAA server.
Conditions: The AAA command aaa authentication login error-enable is configured and the external AAA server is unreachable or the AAA daemons are down.
Workaround: Define authentication locally on the router.
Symptom: When the CGR 1000 router is configured with a Generic Router Encapsulation (GRE) tunnel for IPv6, the tunnel receiving end indicates an invalid link-layer address (LA) when it receives a Route Advertisement.
Conditions: This issue occurs when a GRE tunnel on the router sends IPv6 data.
Workaround: There is no workaround for this issue.
Symptom: The CGR 1000 Router Ethernet interfaces stop detecting Ethernet traffic when both IPv4 and IPv6 packets are sent over the interface.
Conditions: This issue occurs when both IPv6 and IPv4 Ethernet packets are sent to a router Ethernet interface that is configured with both an IPv4 address and an IPv6 address.
Workaround: There is no workaround for this issue.
Symptom: The state of the interface is listed as none in the reason field, state_rsn_desc, of the show interface e2/x command output when it should show Line protocol is up. It also states that Link not connected when it should say Line protocol is down
Conditions: Issue is present when line protocol is up and when line protocol is down.
Symptom: When two or more IMIX data streams that are configured with different priorities are sent in both directions over the 3G interface, the data steam set to default priority is given a higher priority than data streams configured with a higher priority.
Conditions: This issue occurs when no QoS priorities are applied on either the egress or ingress, and there is data congestion on the interface.
Workaround: There is no workaround for this issue.
Symptom: The IP ARP table that displays when you enter the show ip arp command show the state INCOMPLETE in the MAC address column.
Conditions: This issue can occur when the Ethernet cable is removed from an Ethernet port that is actively transferring data.
Workaround: Stop the traffic flow and rediscover ARP.
Symptom: The show interface wimax interface scan command does not display all scanning results. Details for base stations only appear for those stations on which the network entry procedure was performed.
Conditions: When associated to a base station the show interface wimax interface scan command also displays periodic scanning results.
Symptom: A static route to a subnet cannot be removed from the CGR 1000 with the no ip static-route command until after the router is rebooted.
Conditions: This issue occurs when the ip static-route command is used to configure a static route to a subnet.
Workaround: To prevent this issue, avoid configuring static routes to subnets. To resolve this issue remove the static router after rebooting the router.
Symptom: Duplicate Address Detection (DAD) indicates that a duplicate IPv6 address being used on a CGR 1000 Ethernet interface is valid. DAD should indicate the address as invalid because the address is already in use by an interface on another network device.
Conditions: This issue occurs after performing the following steps on the CGR 1000 interface that is using the duplicate address: 1) Use DAD to verify the IP address. 2) Change the MAC address.
Workaround: Configure the affected interface with another, unique IPv6 address.
Symptom: The output of the show module command indicates that a module is fully functional when it might still be going through initialization.
Conditions: The output of the show module command displays Ok in the Status column while the module is still being initialized, and might not yet be fully functional.
Workaround: There is no workaround for this issue. After the show module command displays status Ok for the module, you might need to wait up to 1 minute before the module is fully functional and able to pass traffic.
Symptom: When you disable the feature scada-gw command by entering feature scada-gw, the command options for the scada-gw command remain in the global configuration mode.
Conditions: Disabling the feature scada-gw should disable all options associated with that command and they should not appear as configurable options in the global configuration command mode.
Symptom: The install all command returns a message Invalid bootvar specified in the input.
Conditions: This issue occurs when you enter the install all command and specify one of the following URIs with the bootflash parameter: bootflash://module-1/, bootflash://sup-1/, bootflash://sup-active/, or bootflash://sup-local/.
Workaround: When issuing the install all command, do not use these bootflash URIs: bootflash://module-1/, bootflash://sup-1/, bootflash://sup-active/, bootflash://sup-local/.
Symptom: AAA commands and config-commands accounting misreports a failed certificate enrollment as successful.
Conditions: With the following commands configured for AAA:
Symptom: The serial number is not displayed for the Ethernet module when the router is booting.
Conditions: When the router is booting, hardware authentication messages for the Ethernet module do not display the module serial number, while a serial number displays for the other modules.
Symptom: Parse error messages appear when executing a rollback operation following a checkpoint operation.
Conditions: This issue occurs if you try to roll back a checkpoint configuration on a CGR after a write erase and reload operation. The system might display parse error messages.
Workaround: There is no workaround for this issue.
Symptom: When configuring an interface as a default Ethernet interface by using the default interface Ethernet <slot/port> command, it should remove the previous configuration of the interface. Therefore, when you enter a command to check the running configuration (for example: show running-config int e2/8) it should not show any configuration or logging event details for the interface. The modified Ethernet interface should only show minimal information as shown below:
Conditions: Currently, the software displays logging event information, in error, when you enter the show running-config command for the interface (as shown below):
Symptom: If the 3G module was inserted into a different slot and was configured (for example, with a static route), the configuration details are seen in the running configuration when you issue the show run command. However, if you tried to remove the route, you could not because the module was in a different slot now.
Conditions: 3G Module was moved to a different slot.
Workaround: Move the 3G module back to the original slot and remove the route.
Symptom: The CPU temperature sensor on the router might not report accurate information.
Conditions: This issue occurs when the router reads the CPU temperature.
Workaround: There is no workaround for this issue.
Symptom: In some cases, entering the show scada-gw internal database command on the CGR 1120 to query data on remote terminal units (RTUs) can cause the scada-engine to stop working on the system.
Conditions: Protocol Translation is active on the CGR 1120 and greater than 500 RTU data points are queried by the CGR 1120.
Workaround: Do not query more than 500 RTU data points when employing the show scada-gw internal database command.
Symptom: When pinging a multicast address to get echo responses with the correct latency numbers, only the first response has the correct latency number. Subsequent responses do not show up until the next echo request is sent and their latency values (for the replies of previous request) show incorrectly calculated figures.
Conditions: When ping6 is done to a multicast address through a WPAN interface.
Symptom: When the router executes the install all CLI command, the AAA accounting logs show user accounts “admin” and “root” as the users who executed the command instead of the real user.
Conditions: This happens when AAA commands accounting is enabled (via TACACS+) on the router.
Workaround: There is no workaround for this issue.
Symptom: In certain conditions, the WiMAX supplicant might automatically switch from EAP-TTLS authentication to EAP-TLS authentication after receiving a few rejects from EAP-TTLS authentication. Additionally, the authentication method (Auth method) displays incorrectly in the show interface wimax slot/port association command.
Conditions: The user configured an incorrect mschapv2 password for EAP-TTLS authentication.
Workaround : The RADIUS server needs to be configured to accept only EAP-TTLS in this situation. This prevents the WIMAX supplicant from attempting to fall back to EAP-TLS and pass a successful EAP-TLS authentication, should its configured EAP-TTLS authentication method fail.
Symptom: Removing a RADIUS server with the no radius-server host command returns a message indicating the server could not be removed from the configuration, although the RADIUS server actually is removed from the configuration.
Conditions: This issue occurs when type 6 password encryption is enabled.
Workaround: None necessary, although you should enter the show running-config command to make sure that the RADIUS server was removed from the configuration.
Symptom: WiMAX uplink traffic might stop transmitting after 500 to 600 ICMP packets when you configure the QoS automatic repeat request (ARQ) parameter on the base station.
Conditions: QoS automatic repeat request (ARQ) parameter is configured on the base station.
Workaround: You must deregister the WiMAX module from the base station; and, then re-register the module with the base station to re-establish the data path.
Symptom: The output of the show interface transceiver command indicates that a transceiver is not installed when one actually is installed in the module.
Conditions: This issue occurs when non-supported SFPs are installed in the module.
Workaround: Only use supported SFPs. See Table 3 for a list of supported SFPs.
Symptom: In some cases, when you disconnect a RTU from the SCADA system, the connections to the Control Centers might remain connected. Initiating a General Interrogation of the RTU might also indicate that all RTUs are in good shape.
Conditions: It is expected that the RTU would disconnect from the Control Centers.
Workaround: Reset the SCADA gateway to show the correct states of the RTU.
Symptom: The configured number of SSH login-attempts does not match the actual allowed number of SSH login-attempts.
Conditions: This issue occurs when you set the number of attempts an SSH user can make to enter their username and password to 3 (this is also the default). When a user subsequently tries to log in using SSH, the system only allows two tries to enter the correct username and password.
Workaround: There is no workaround for this issue.
Symptom: The logging message AAA_SERVER_UNAVILABLE appears when device authentication failed due to wrong certificate.
Conditions: The Device presented the wrong certificate for authentication to the AAA server.
Symptom: The snmpset command for ceExtSysBootImageList and ceExtKickstartImageList fails sometimes due to timeout.
Conditions: Image Validation takes more than 5 seconds by bootvar (a process that runs in the background), which is the expected behavior. This can cause the snmpset command to fail due to timeout. Because the image size is very big (more than 100 MB), additional optimization to reduce the image validation time is not possible.
Workaround: There are two ways to work around this issue:
– Use the -t 3 option when using the snmpset command. For example, instead of using this command:
– When executing multiple snmpset commands, allow for a time gap between these commands.
Symptom: IGMP when configured does not work on the CGR. The IGMP process does not work.
Conditions: Clients send IGMP join messages to the CGR.
Workaround: There is no workaround.
Symptom: When a receiver sends the join message, no (S,G) is created in the mroute table on the router.
Conditions: The router adds the no (S,G) entry to the mroute table when the user configures Source Specific Multicast (SSM) on the router, and a receiver sends the join (G) request to the router.
Workaround: There is no workaround for this issue.
Symptom: Rollback to a previous checkpoint configuration failed.
Conditions: This issue occurs when you configure AAA commands, save a checkpoint, modify the AAA configuration, and save another checkpoint. Attempting to roll back to the first checkpoint fails, and the output of the show rollback log verify command indicates that the verification patch contains AAA commands.
Workaround: Remove the AAA commands from the running-config.
Symptom: The rollback function did not roll back the logging logfile configuration statement.
Conditions: This issue occurs when the logging logfile statement exists in the running config. If you save a checkpoint, then configure a new logging logfile statement, when you roll back to the previous checkpoint, the logging logfile statement from the checkpoint is not applied.
Workaround: There is no workaround for this issue.
Symptom: The logging level setting for wimaxpm does not display any information after configuring the logging level wimaxpm <1 to 7> command.
Conditions: Entering the show logging level | grep wimax command displays no results.
Workaround: There is no workaround for this issue.
Symptom: If feature scp-server is enabled, only the admin user can log into the CGR. With
feature sftp-server enabled (which uses the SSHd mechanism), only the admin user account can be used to log into the CGR. When using a valid set of credentials that exist in the AAA server, no other user can be used. This means that the admin user account has to be replicated in the external AAA database which may violate some company's security policy since it is a known username and some AAA servers treat this account differently than others. The normal SSH process allows valid AAA user credentials.
Conditions: The command feature scp-server is enabled.
Workaround: To allow non-admin accounts with network-admin user role to access the CGR, enable feature sftp-server.
Symptom: Inconsistent service LED results in output of show cellular x/x led. Service LED is listed as slow blink although no service is available.
Conditions: When the Sprint Module is plugged into the CGR 1120 slot and no service is available.
Workaround: There is no workaround for this issue.
Symptom: This error message displays in the console: ERROR: Ethernet2/2: Requested speed is not supported by transceiver
Conditions: If you enter these commands, you get the error message.
Workaround: There is no workaround for this issue.
Symptom: When upgrading the RFLAN module 3.7 firmware, the command install all fails.
Conditions: Issue occurs if the CommModuleStatisticsReadPeriod rate is changed to more than 50 seconds.
Workaround: Change the CommModuleStatisticsReadPeriod to default value of 30 seconds.
Symptom: The CGR 1000 console receives an SNMP critical log message: netsnmp_tcp_send: TRACE - send returned error.
Conditions: No crash or unusual behavior was observed during the execution of SNMP reads and writes when malformed packets were sent to the router.
Workaround: It is safe to ignore the messages.
Symptom: When using the Connected Grid Device Manager (CGDM), the command and its options show logging last <1-9999> fails to display properly.
Workaround: There is no workaround for this issue.
Symptom: The following message displays in the syslog:
Conditions: This error message appears when the 3G module reloads.
Workaround: There is no workaround for this issue.
Symptom: When the DHCP configuration is removed from the CGR, it sends a DHCPrelease packet, but the packet is dropped by some DHCP relay agents, and the DHCP server keeps the IP address leased until the lease time expires.
Conditions: This issue occurs when the DHCP client on the CGR is connected to a non-ISC DHCP relay agent.
Workaround: There is no workaround for this issue.
Symptom: Error reading image seed file during downgrading.
Conditions: This issue occurs when downgrading from CG3-b73 to CG2(1) image. Extracting the CDMA firmware might be the cause of the downgrade operation to fail.
Workaround: There is no workaround for this issue.
Symptom: The CGR failed to install CG-OS software version 3.0.67 from the CG-NMS and returned code 0x40B30029 (Operation failed. Fabric is already locked).
Conditions: This issue was seen while upgrading the image on the CGR from the CG-NMS.
Workaround: Reload the router or perform an install all from the CGR console.
Symptom: WiMAX modules with a product identification of CGM-WIMAX-3.6GHZ do not correctly display support for the frequency range of 3.3 to 3.8 GHz within its inventory data.
Instead, the module only shows support for the frequency range of 3.5 to 3.8 GHz.
Conditions: WiMAX modules with a product identification of CGM-WIMAX-3.6GHZ do not correctly display support for the frequency range of 3.3 to 3.8 GHz within its inventory data.
Symptom: The BBU Average Time to Full statistic might display a five-digit value instead of the usual three-digit value.
Conditions: Router has three BBUs installed; and, BBU0 and BBU2 are fully charged. BBU1 is in a charging state of 85% or greater.
Workaround: None. Five-digit value displays only temporarily. The correct value generally displays within five minutes.
Symptom: WPAN 5.0 module may stop responding.
Conditions: On certain CGR 1000 FARs with a WPAN 5.0 module handling 1000-2000 meters, the WPAN 5.0 module may randomly stop responding, causing the mesh to collapse.
Workaround: Enable the watchdog mechanism for the WPAN module. Note that this will disrupt the mesh and it takes time for the mesh to be re-created.
The problem has not been seen with the new WPAN firmware 5.5.80 that is packaged as part of CG4(4).
Caveats Resolved in Cisco CG-OS Release CG4(5)
Symptom: The CGDM service on a CGR running CG-OS CG4(3) stopped responding to requests. Additional registration requests failed because although the CGR CGDM service accepted the request, it did not send a response.
Conditions: A zero touch deployment (ZTD) test was running in the network.
Workaround: This issue is resolved in Cisco CG-OS CG4(5).
Symptom: A RPL Tree Version Reset caused instability in the mesh network after a CGR reload.
Conditions: CGR was running CG4(4).
Workaround: This issue is resolved in Cisco CG-OS CG4(5).
Symptom: Setting the TX power setting using the txpwr high or txpower 2 command on a CG-mesh WPAN might fail.
Conditions: The problem occurred on some CG-mesh WPAN modules during migration from firmware version 3.7 to firmware version 5.0.
Workaround: This issue is resolved in Cisco CG-OS CG4(5).
Symptom: Pings do not work on a 2G/3G interface module cell interface that has a.0 or.255 address.
Conditions: Occurred on a CGR 1240 running CG4(4) software with a 2G/3G interface installed.
Workaround: This issue is resolved in Cisco CG-OS CG4(5) with the addition of a new command,
network mask <value>. Refer to New Features in Cisco CG-OS Release CG4.
Caveats Resolved in Cisco CG-OS Release CG4(4)
Symptom: ppp_engine restart logging should not be generated for process log list.
Conditions: Because wireless connections may occur frequently in the field, and due to the fact that CDMA disconnections always trigger the ppp_engine process to get restarted (while not affecting the HA reset policy), the number of ppp_engine restart entries in process log output can become huge (as many as 9500 such entries on some customer CGRs over a period of several months).
When the process log output is obtained, it may cause the CGR to slow down drastically for a long time due to the high CPU utilization of the Linux kernel while processing such a huge number of ppp_engine restart entries in the file system.
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: PPP crash logs may be seen on CGR.
Conditions: The ppp_engine crash log is generated because the process is internally terminated in order to restart it after a link disconnection. The crash signal/log is a standard Linux mechanism.
Workaround: The ppp crash logs can be safely ignored.
Symptom: When CG-NMS is configured to pull RPL tree updates (for RPL itable data) from CGR 1000 routers instead of obtaining the RPL tree data from the IPRoute and IPRouteRPLMetrics TLVs in periodic CG mesh endpoint metrics reports (configured and pushed from CG-NMS), the periodic RPL tree pulls from CGR1000 routers will eventually render it unable to spawn a new Java child process.
Conditions: This problem occurs after approximately 400 invocations and causes the CGR 1000 HTTP server to stop responding to the CG DM-based RPL tree update requests.
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: The CGR1K 3G modem crashes frequently and intermittently.
Conditions: The 3G modem crashes frequently with the following message from SDK:
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: Tunnel interface status shows down with reason “HARDWARE PROG FAILED”.
Conditions: The ipsec_tun process crashes due to null pointer access.
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: BBU firmware is automatically upgraded to version 1224.
Conditions: BBU firmware 1224 has false voltage lockout fix. False voltage lockout occurs with new BBU Hardware Version2 and Version3, on all BBU Firmware (8712, 5213). Some triggers include toggling inhibit/uninhibit CLI or enable/disable CLI--mostly, (but not limited to) when the battery is at less than 10% charge state. The scenario causing the false lockout has no usefulness, hence impact should not be too great.
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: CGR sends a 6-byte MAC address instead of 8 bytes, which causes an “Unknown device” message.
Conditions: The root cause is related to MAC address conversion on the CGR between 6 bytes and 8 bytes. When a meter fails 5 attempts of a 2 or 4-way handshake, a Call-home message is sent to the NMS. Because the CGR sends a 6-byte MAC address instead of 8 bytes, the NMS does not understand the MAC address and returns the message “Unknown device”.
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: A dot1x process crash was seen on CGR 1240.
Conditions: DOT1X software crashed on a few CGRs during IPV6 activation.
Workaround: This issue is resolved in Cisco CG-OS CG4(4).
Symptom: The cellswicns process may crash in some rare cases.
Conditions: This is a known issue in which the Sierra Wireless firmware/driver may trigger the cellswicns crashes for unknown reasons.
Workaround: Each cellswicns crash is a stateful crash and the system manager will restart it accordingly. When the number of such stateful crashes exceeds the hard-coded HA policy, the system manager will reboot the CGR as part of the recovery mechanism.
Caveats Resolved in Cisco CG-OS Release CG4(3)
Symptom: Under certain conditions, the system would generate one or more syslog messages about "serial8250: too much work for irq19 - kernel".
%KERN-3-SYSTEM_MSG: [ 508.896918] serial8250: too much work for irq19 - kernel
%KERN-3-SYSTEM_MSG: [ 508.900154] serial8250: too much work for irq19 - kernel
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Symptom: Any interface could stop processing traffic due to memory (MBUF) leaks.
Conditions: When a CGR 1000 communicates with the CG-NMS server via callhome, it executes many show commands, compresses their output and sends them to CG-NMS as part of the payload of callhome periodic inventory notifications. These payloads can be very big and might exceed the interface MTU of intermediate routers, which in this case is the tunnel interface of the head-end router (Cisco ASR). This causes the ASR to send ICMPv6 unreachable messages to the CGR.
CGR attempts to allocate memory to these messages but then fails to release such memory after processing them. This will eventually cause CGR to lose all its MBUF and render all interfaces unable to route any traffic.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
For earlier CG4 releases, use the following workaround:
On the CGR1240: Configure the GRE tunnel with an MTU of 1280 bytes, and the IPSec tunnel with an MTU of1304 bytes.
On the ASR side: Configure the tunnel with an MTU of 1304 bytes because IOS will automatically subtract 24 bytes for the GRE tunnel.
Symptom: The Device Manager (CG-DM) failed to connect to a CGR with a valid work order. This failure occurred after a previous attempt to access the same CGR failed because of an invalid work order.
Conditions: Device Manager was operating in NMS mode with the user role of Tech.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Symptom: An FPGA upgrade failure could occur during an install all upgrade and cause the install all upgrade to fail.
Conditions: The current FPGA upgrade procedure in CG1(3d), CG3(3) and CG4(2) relies on an average timeout value plus some additional buffer time. It needs to be updated to take the WIP bit into account during FPGA sector erase operations. This will help eliminate the potential variability of the FPGA sector erase timeout.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Symptom: CG-NMS needed to collect the history of CGR system reset reasons.
Conditions: Format of the show logging onboard reset-reason command was not in XML format and CG-NMS could not interpret the data.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Symptom: CGR might keep reloading due to Platform Manager crashes.
Conditions: The router was showing 0 BBU and could not roll back to the ps-start-config because the Platform Manager crashed during the rollback.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Symptom: An invalid cell ID was shown in the output of show cellular x/y networ k and show cellular x/y all.
Conditions: An invalid cell ID was shown because the first 16 bits returned by the CnS API were not cleared as zero. The last 16 bits are the cell ID number.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Conditions: When data to send was accumulated on TCP socket, the send() would get stuck which caused the process to be killed.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
In previous releases, be sure to make sure there is no data jam, when you configure raw socket back-to-back.
Symptom: Netstack would stop processing interface traffic if static MTU settings were not properly applied for GRE / IPSec tunnels on both CGR1000 and the peer ASR.
Conditions: If the GRE and IPSec tunnel interfaces on the CGR were configured either with or without static MTU configurations, while the peer ASR's GRE and IPSec tunnels' MTU settings were not statically set to match those on the corresponding CGR's GRE and IPSec tunnel interfaces, MBUF leak would occur and cause Netstack to stop processing interface traffic.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
In previous releases, apply the matching static MTU configurations on both GRE and IPSec tunnels on the CGR as well as the peer ASR.
Symptom: Certificates were deleted from the SD card on the CGR.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
In previous releases, there was no workaround.
Symptom: PON message was not sent to CG-NMS.
Conditions: After receiving a PON message, there was a delay in resolving the hostname. This delay caused the PON message not to be sent to CG-NMS. When the static hostname to IPv6 mapping was present, this issue was not seen.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
Symptom: In the Itron meter farm, many CSMP packets with source address 0 are received.
Workaround: This issue is resolved in Cisco CG-OS CG4(3).
In previous releases, use ipv6 access list to drop CSMP packets with source address 0 under the wpan interface, as shown in the following example:
Symptom: Callhome code uses the ISO 8601 standard when reporting year. Sometimes the year reported is not the same as the calendar year.
Conditions: ISO 8601 calculates the year based on the first Monday of January rather than using the calendar year. Thus, Dec 30 2013 is considered in ISO 8601 year 2014 because it is the first Monday of January 2014.
Workaround: This issue is resolved in Cisco CG-OS CG4(3). Callhome now always displays the calendar year.
Caveats Resolved in Cisco CG-OS Release CG4(2)
Symptom: Certain fields in the show cellular command output did not populate with data.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: When attempting to register a CGR with CG-NMS, the following error appeared in the CG-NMS logs:
Conditions: This error occurred due to one of the following:
– There were multiple trustpoints configured on the CGR and the certificates for each trustpoint were multi-layered, meaning that there was a hierarchy in the certificate chain
(sub-ca --> root-ca).
– The two trustpoints were pointing to the same CA; and, the CA was in a hierarchy of CAs.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: The input rate on the serial interface of the CGR 1120 always displayed as zero (0) in the serial interface statistics summary even though the received input packet count showed an increase.
Conditions: Connecting to the serial port on a CGR 1120 via Hyperterminal.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: You were unable to log into the router immediately after a reload.
Conditions: This issue occurred when you tried to log into the router from the command prompt right after you had reloaded the router configuration; the login attempt was unsuccessful.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: A cellpm memory leak could occur over an extended period of time on the 3G Module.
Conditions: The 3G module was connected to a live network.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: When there are two or more NTP server hostnames configured on the CGR, and the hostnames are not resolved by the configured name-server, then the CGR saves the first hostname and drops all others from the running config.
Conditions: The DNS failed to resolve NTP server hostnames due to a connectivity issue or some other reason.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: NTP server minimum and maximum poll timers could not be changed on CGR.
Conditions: When the NTP server minimum and maximum poll timer commands were configured, the timers could not be changed by reentering the command with different timer values without removing the NTP server configuration from the CGR configuration and then reentering the NTP server configuration with the revised values.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: CGR might continue to reboot after an NMS-initiated upgrade if the router loses AC power and runs on BBU power during its first reload after an upgrade.
Conditions: Problem occurs when the Configuration Template for a device group includes the backup-battery un-inhibit discharge command; and, an CG-NMS registered CGR (FAR) loses power any time during the first reload and boot after an upgrade by NMS. The CGR will roll-back to the golden-config and fail to complete a registration to NMS. CGR continues to undergo a cycle of repeated NMS-initiated reloads every 10 minutes until AC power is restored to the router.
Workaround: Remove the backup-battery un-inhibit discharge command from the Configuration Template for the device group in CG-NMS.
Symptom: The tacacs process could exhibit some gradual memory leaks when processing command accounting and authorization; and, login authentication.
Conditions: User privileged EXEC command and global configuration command authorizations were enabled for TACACS+; and, CG-DM was initiating commands for callhome periodic-inventory notifications and callhome periodic-configuration heartbeat notifications.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: Registration of the CGR failed when either CG-NMS was creating the golden-config file or when CG-NMS sent the device config followed by the copy r s command.
Conditions: CGR was trying to register with the CG-NMS.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: When the trustpoint for a CGR contained both a subordinate certificate authority (subCA) and a root CA, the Connected Grid Device Manager (CG-DM) was unable to connect to the CGR when using a work order issued by the CG-NMS.
Conditions: CG-DM was unable to connect to CGR and displayed the following error: AuthorizationManager: The host name did not match any of the valid hosts for this certificate.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: A CGR software upgrade from CG1(3d) to CG4(1) caused duplicate registration requests to be sent to CG-NMS, within the same second.
Conditions: CGR was being upgraded from CG1(3d) to CG4(1).
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
Symptom: When a NMS-registered FAR (CGR) was rolled back to express-config or golden-config, the WIFI wpa | wpa2 | wpa-mixed passphrase could be missing in the running-config.
Conditions: If type-6 encryption and password strength-check were enabled, and the WIFI wpa | wpa2 | wpa-mixed pre-shared key was configured in an NMS-registered FAR, then reloading or upgrading it to CG3(3) or CG4(1) could cause its WIFI pre-shared key to be missing in the running-config. It was the config rollback (to express-config or golden-config) during the reload or upgrade operations that caused this problem.
Workaround: This issue is resolved in Cisco CG-OS CG4(2).
For earlier releases, disable password strength check. You might need to modify the express-config or golden-config file by hand.
Caveats Resolved in Cisco CG-OS Release CG4(1)
Symptom: AAA authorization failed for a CGDM client (CG-NMS and CGDM) if an "admin" user account did not exist in the external TACACS+ user database. This user also had to have the correct privileges equivalent to a network-admin role.
Conditions: An AAA TACACS+ server host configured, with the following AAA policies configured on the CGR:
aaa authentication login default group <TACACS+_server_group>
aaa authorization commands default group <TACACS+_server_group>
aaa authorization config-commands default group <TACACS+_server_group>
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: In some cases, the PPP engine would stop working when a 3G cellular module was trying to establish a connection to a CDMA network.
Conditions: Poor signal strength or deactivated modem.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: Entering the shutdown command on the serial port of the CGR 1120 reset the input packet count to zero.
Conditions: Input packet count had a value greater that zero prior to entering the shutdown command.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: Syslog messages associated with the DHCP server (dhcpd) reported in error for the router. The router does not support the DHCP server function. See related caveat,CSCua74908.
Conditions: Unexpected syslog messages and errors associated with dhcpd reported.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: A bad Address Resolution Protocol (ARP) message appeared at random times.
Conditions: Issue was present after establishing connection on a WiMAX module after a reboot.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: Syslog messages associated with the DHCP server (dhcpd) were reported in error for the router. The router does not support the dhcp server function. See related caveat,CSCtz54240.
Conditions: A non-supported process, dhcpd, was sending syslog messages.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: When you enabled TACACS+ on a CGR, the router sent two authorization requests, rather than one as expected, to the external AAA/TACACS+ server.
Conditions: TACACS+ was enabled on a CGR after entering the following commands:
aaa authorization commands default group <TACACS+ _server_group > local
aaa authorization config-commands default group <TACACS+ _server_group > local
Workaround: This issue is resolved in Cisco CG-OS Release CG3(3) and CG4(1).
Symptom: Holding down the Ctrl-C key, while booting the router, formatted the flash. Afterward, the system displayed the loader prompt and the bootflash was empty. This occurred intermittently.
Conditions: Ctrl-C was held down while booting the router.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: The wifipm process for the WiFi interface crashed when modifying the channel frequency and power values on the interface.
Conditions: A script was used to update the frequency and power for the WiFi interface. A manual update of the values was also performed.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: Restoration table on the CGR 1000 router did not clear entries as expected.
Conditions: Restoration table on the CGR 1000 router did not clear entries as expected.
Workaround: This issue is resolved in Cisco CG-OS CG4(1).
Symptom: Power restoration notices (PRNs) from the CGR 1000 were not forwarded to CG-NMS.
Conditions: Power restoration notices (PRNs) from the CGR 1000 were not forwarded to CG-NMS.
Accessing Bug Search Tool
You can use the Bug Search Tool to find information about caveats for this release, including a description of the problems and available workarounds. The Bug Search Tool lists both open and resolved caveats.
To access Bug Search Tool, you need the following items:
To access the Bug Search Tool, enter the following URL:
https://tools.cisco.com/bugsearch/search
To access the Bug Search Tool to search on a specific caveat, enter the following URL:
Documentation Updates
Changes
Release Notes for Cisco 1000 Series Connected Grid Routers have been restructured to contain information for all maintenance releases for a given software release within one Release Note.
For example, the Release Notes for CG-OS CG4 include details on releases CG4(1), CG4(2) and CG4(3). Previously, we had separate Release Notes for each of these iterative releases.
Migrating from CG-OS to Cisco IOx
Note You cannot perform a downgrade from IOx to CG-OS.
You can migrate from a CGR 1000 running minimum CG-OS releases to a Cisco IOx architecture. This functionality is first supported in Cisco IOx Release 154-CG2.
Cisco IOx allows the router to operate with Cisco IOS and a Guest OS within one platform. Communication between these two OS is managed by Hypervisor, which is also downloaded and installed as part of the migration.
Follow the steps below to migrate your CG-OS system to Cisco IOx software.
Step 1 Verify that your CGR is running the minimum firmware and releases listed below:
- If your system meets the minimum firmware and releases above, proceed to Step 2.
- If you are running a CG-OS software version older than CG3(3), upgrade your CGR 1000 software to the kickstart and system image software to CG(3) or CG4(5) or greater (select the at Download tab) at the following link:
http://www.cisco.secom/c/en/us/support/routers/1240-connected-grid-router/model.html#~rdtab1
Step 2 Untar the Cisco IOS bundle image from the Cisco CCO site, to yield the following two images:
Hypervisor Format: cgr1000-hv.srp.SPA.x.x.x
Cisco IOS format: cgr1000-universal9-mz.SSA.latest
Step 3 Download the migration image from link below. Click Agree at the bottom of the page that appears.
To receive credentials to access the content in the link below, send an email to: iot-migration-faq@cisco.com.
https://cdx.cisco.com/ciscodocs/listFolder;jsessionid=4D14B3E73960AFFB574A72DD9F84AAAF.extlb1?action=listFolder&folderId=0b0dcaeb80612949&folderTitle=CGOS%2bto%2bIOx%2bMigration&parentFolderId =
Migration Image Format: cgr1000_migration_image_cgxxxx
Step 4 To ready your CGR for the Cisco IOx images, create the following directories under bootflash on the router, by entering the following commands:
Step 5 Copy files you downloaded into the respective folders:
Step 6 Make and keep a copy of the migration image:
Step 7 Run the migration program on the CGR.
The upgrade, including BIOS upgrade and configuration update, will require approximately 20 minutes. If running in Battery mode for CGR1240, the upgrade will still go through, and the battery firmware upgrade will be deferred until the AC supply recovers.
Step 8 To turn on licensing, enter the following commands:
Step 9 To generate and configure a SSH key, enter the following commands:
You are now operating in IOx mode.
Operating in IOx Mode
After you have migrated your machine to IOx, you can initiate all future IOx upgrades by entering the following commands:
When the IOS prompt displays, copy the configuration changes and reload the router by entering the following commands:
Confirm the reload and wait until the system boots up again. The process is complete.
Note You cannot perform a downgrade from IOx to CG-OS.
Related Documentation
Find Cisco 1000 Series Connected Grid Routers product documentation at:
www.cisco.com/go/cgr1000-docs.
Find Connected Grid Modules for Cisco 1000 Series Connected Grid Routers documentation at:
For information on supporting systems referenced in this release note, see the following documentation on Cisco.com:
Cisco ASR 1000 Series Aggregation Services Routers Configuration Guide
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service.
Cisco currently supports RSS Version 2.0.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)