About Cisco 1000 Series Integrated Services Routers
The Cisco 1000 Series Integrated Services Routers (also referred to as router in this document) are powerful fixed branch routers based on the Cisco IOS XE operating system. They are multi-core routers with separate core for data plane and control plane. There are two primary models with 8 LAN ports and 4 LAN ports. Features such as Smart Licensing, VDSL2 and ADSL2/2+, 802.11ac with Wave 2, 4G LTE-Advanced and 3G/4G LTE and LTEA Omnidirectional Dipole Antenna (LTE-ANTM-SMA-D) are supported on the router.
 Note |
Cisco IOS XE Bengaluru 17.5.1a is the first release for Cisco 1000 Series Integrated Services Routers in the Cisco IOS XE Bengaluru 17.5.1 release series. |
Note |
Explore Content Hub, the all new portal that offers an enhanced product documentation experience. Content Hub offers the following features to personalize your content experience:
|
New and Enhanced Hardware and Software Features
New and Changed Hardware Features
New Hardware Features
There are no new or changed hardware features in the Cisco IOS XE Amsterdam 17.2.1r release.
New and Changed Software Features
New Software Features
Cisco IOS XE Amsterdam 17.2.1r is the first release for Cisco 1000 Series Integrated Services Routers in the Cisco IOS XE Amsterdam 17.2.1 release series.
-
Install and Deploy Cisco IOS XE and Cisco IOS XE SD-WAN Functionality on Edge Routers: This feature supports the use of a single universalk9 image to deploy Cisco IOS XE SD-WAN and Cisco IOS XE functionality on all the supported devices. The universalk9 image supports two modes - Autonomous mode (IOS XE features) and controlled mode (SD-WAN features).
-
6VPE over DMVPN with IPv6 Transport: With IPv6 support over DMVPN Provider Edge Routers (6VPE), you can create multi-tenant IPv6 LAN prefixes using an IPv6 DMVPN transport over the IPv4 overlay network
-
Block BGP Dynamic Neighbor Sessions: With this feature, you can block a router from establishing BGP dynamic neighbor sessions with certain nodes in a BGP peer group; these nodes are identified with their IP addresses. The ability to shut down or prevent the creation of BGP dynamic neighbor sessions may be useful when a peer needs maintenance.
-
CPLD Field-Programmable Upgrade: The field-programmable upgrade is performed on a need basis to address any specific issues with the hardware-programmable devices. During an upgrade, you can use field-programmable commands to display the package file version, display progress or perform a CPLD upgrade.
-
Control Router Access with Passwords and Privilege Levels: A simple way of providing terminal access control in your network is to use passwords and assign privilege levels. Password protection restricts access to a network or network device. Privilege levels define commands that users can enter after they have logged into a network device.
-
CUBE: Smart License Trunk Side Counting: Support for Smart Licensing is based on dynamic call counting.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
-
Debug Commands for PIM and VRF: This feature introduces debug commands for VRF (debug condition vrf) and PIM (debug ip pim) details, where, the debug condition vrf command limits the debug output to a specific virtual routing and forwarding (VRF) instance. And the debug ip pim command displays the PIM packets received and transmitted, as well as any PIM related events.
-
DHCP Unicast Support on IOS-XE: This feature introduces support for unicast mode on DHCP, which helps in splitting the horizon, and therefore improving security of the network.
-
EBGP Route Propagation without Policies: With this feature, you can configure an EBGP router to not propagate routes to and from an EBGP neighbor when at least one inbound and one outbound policy are not configured for the neighbor.
-
Fail Close Revert Mode: When there is no rekey or the group member is unable to re-register to the key server, group members in GETVPN can remove the downloaded key server policy, and therefore returns to the fail close mode.
-
L2TP - Tunneling and Forwarding Protocols: The Layer2 Tunneling Protocol on the Cisco 1000 Integrated Services Routers platform now allows L2TP tunnelling and forwarding of Layer2 protocols.
-
L2TPv3 on Switch Virtual Interface: Routed interfaces and sub interfaces supports L2TPv3, which is now extended to Service Virtual interface (SVI).
-
LISP Support for TCP Authentication Option: Use TCP Authentication Option (TCP AO) to secure against spoofed TCP segments in the sessions between an ETR and an MS.
-
NetFlow Exported Packet with VPN-ID: With VPN-ID in netflow exported packet, you can now identify a VPN using the MPLS VPN-ID.
-
Partial Configuration on CPE: With this feature, you can now apply the partial configuration of the CPE using the download RPC method in CWMP instead of a manual configuration.
-
Reset Button: This functionality is used to recover the Cisco 1000 series ISRs that go into non-responsive mode. To boot a non-responsive device, press the Reset button to install the preconfigured “golden.bin” image and “golden.cfg” configurations.
-
Support for Spoke Nodes in MPLS over DMVPN: You can now configure a spoke node as either a P node or PE node in an MPLS over DMVPN deployment. To configure the spoke node, MP-BGP is required to redistribute the route or label information between the spoke node and a PE node behind it.
ROMmon Compatibility Matrix
The following table lists the ROMmon releases supported in Cisco IOS XE 16.x.x releases and Cisco IOS XE 17.x.x releases
|
Cisco IOS XE Release |
Minimum ROMmon Release Supported for IOS XE |
Recommended ROMmon Release Supported for IOS XE |
|---|---|---|
|
16.6.x |
16.6(1r) |
16.6(1r) |
|
16.7.x |
16.6(1r) |
16.6(1r) |
|
16.8.x |
16.8(1r) |
16.8(1r) |
|
16.9.x |
16.9(1r) |
16.9(1r) |
|
16.10.x |
16.9(1r) |
16.9(1r) |
|
16.11.x |
16.9(1r) |
16.9(1r) |
|
16.12.x |
16.9(1r) |
16.12(1r) |
|
17.2.x |
16.9(1r) |
16.12(1r) |
Resolved and Open Bugs
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved Bugs in Cisco IOS XE Amsterdam 17.2.2
|
Caveat ID Number |
Description |
|---|---|
|
PfRv3: Crash while Printing the Same TCA Message |
|
|
Router crashes after adding macsec reply-protection command on an interface |
|
|
Performance Monitor crash |
|
|
Update "bandwidth remaining percent" doesn't take effective reliably on datapath |
|
|
Memory leak in CC-API_VCM and CCSIP_SPI_CONTROL |
|
|
Enabling Telemetry can cause router to crash. |
|
|
SRTP - RTP Crash on ASR with GCM Ciphers |
|
|
crash with shared-line command |
|
|
Template push fails when enabling ipv4 addr family on BGP ipv4 neighbor |
|
|
Crash when removing interface not running isis but has isis config |
|
|
bgp crash @ bgp_db_ipstr2address when get bgp neighbor via bgp-oper yang |
|
|
Unable to detach device from Integration Management |
|
|
Existing configuration on a cEdge could not be modified by a new template |
|
|
Router crash when doing show bgp ipv6 unicast summary |
|
|
Stackwise Virtual FMAN-RP IPC channel stuck (paused) |
|
|
unexpected reload in CPP ucode forced by nat 514. |
|
|
MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen |
|
|
SNMP TIMETICKS difference between sysUpTime vs ipslaEtherJAggStatsStartTimeId |
|
|
Omp-tag is not being set via route-map configuration under bgp |
|
|
Traffic is not getting optimized and it goes as PT connections on CSR router reload in 17.2.1 |
|
|
BGP config does not rollback if template push errors out |
|
|
Leaf sends packets to a wrong BVI MAC of ASR GOLF routers |
|
|
L2VPN Crash @ Process = XC Mgr |
|
|
Incorrect CEF programming for local SVI |
|
|
VPLS:MAC learning not happening on SSO |
|
|
1731: ODN Policy for Global prefix still UP even after withdrawing global routes |
|
|
FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer |
|
|
Object (IPv6 ACL ) stuck in forwarding data plane. No ipv6 traffic goes towards the upstream router |
|
|
missing/corrupt IOS-XE PKSC10 format |
|
|
Cert validation failures seen for traffic after template push with SSL |
|
|
Crash due to "Crimson flush transactions Process" |
|
|
Code review: Just fire assert when we reach limit of counter |
|
|
Incorrect Source IP when resolving DNS |
|
|
IOS-XE device crashed with CGD shared memory corruption freed by FMAN-FP |
|
|
Incorrect CEF entry for LISP action signal-fwd |
|
|
BGP communities: changes to route-map which sets BGP communities discards existing communities |
|
|
IR1101 ZBFW blocks good traffic due to Windows Scaling Factor |
|
|
Keepalive CLI needs to be unhidden for GRE tunnel |
|
|
RSP3: BGP crash seen on Stand by router when 100 BGP sessions are established. |
|
|
Some qos config lost during upgrade to 17.02 |
|
|
Punt-Keepalive crash with lsmpi_lo_drv and container app traffic. |
|
|
Complete Traffic drop seen on Head Node Post configuring Binding SID on PFP Policy |
|
|
Packets are not dropped as expected in selfzone to zone vpn 0 firewall config |
|
|
Router crashes frequently on NBAR |
|
|
Crash on configuring a highest key identifier for OSPF authentication under an interface |
|
|
Traffic drop from branch overlay ping to service side without zp vpn1 to vpn1 when FW & IPS enabled |
|
|
Evaluation of CVE-2020-10188 - Cisco IOS XE Persistent Telnet |
|
|
LSP Checksum error when default-info originate is configured |
|
|
Template push error due to NAT-MIB process helper traceback/warm restart |
|
|
Snort initiate reset and Failed to load - Real websites in Browser |
|
|
Memory leak 'Admin group' with some triggers in ISIS |
|
|
RSVP TE is not working for broadcast interfaces due to CSCvu94532 |
Open Caveats in Cisco IOS XE Amsterdam 17.2.2
|
Caveat ID Number |
Description |
|---|---|
|
DHCP Server configuration inn Vmanage Template for a Cedge change order of the DNS servers |
|
|
Unexpected Reload due to Sessmgr |
|
|
Unexpected Reload in Device Classifier Code due to Segmentation Fault |
|
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
|
Remote EID space prefix not installed in CEF when overlapping prefix exists as Local EID |
|
|
Reload: IOS-XE router crashing due to DN mismatch |
|
|
Sup crashed with cpp-bqs fatal |
Resolved Bugs in Cisco IOS XE Amsterdam 17.2.1r
|
Caveat ID Number |
Description |
|---|---|
|
enable platform ipsec control plane conditional debug might cause FP/QFP IPsec outbound SA leak |
|
|
Ucode crash in infra with injected jumbo packet |
|
|
C1111-4P doesn't restart authentication for "clear authen session" if "authen open" the port |
|
|
CLI "config-exchange request" for any ikev2 profile has inconsistent behavior between IOS and confd |
|
|
Crash after executing "show archive config differences" |
|
|
freed rpi_parent is hit when deleting parent route by route update event |
|
|
Router crashes with ZBF HA sync. |
|
|
QoS configuration download failed when device reloading |
|
|
FlexVPN with password encryption -- after MasterKey change password in profile is not working |
|
|
getvpn suiteb:KS sends delete payload to gm's while scheduled rekey after primary KS dead/readded |
|
|
NHRP process crash on using same tunnel address on multiple spokes |
|
|
Passive FTP will fail when going over NAT and either client or server are off a SM-X-ES3 |
|
|
Gi0/0/0 interface stays up/up and LED green after cable removed |
|
|
Crashes when trying to bring-up / bring-down IPsec crypto session for OSPFv3 |
|
|
Unrecoverable Error with PVDM in 0/4 and Thule+dreamliner in 1/0 on ISR4300 |
|
|
incorrect Total number of translations on show ip nat translations |
|
|
Punt fragment crash when receive EoGRE packets which have many fragments |
|
|
IOS PKI | Intermittently SubCA fails to rollover |
|
|
NAT translation table is removed before IKE SA deleted when idle timeout occur |
|
|
qfp ucode crash with media monitor |
|
|
When user cancel Call Forward All from the analog phone, user can't hear the confirmation tone |
|
|
keyman_rp Memory Leak |
|
|
Crash due to NBAR classification |
|
|
GETVPN gikev2 Secondary KS doesn't push new policy after merging split condition |
|
|
Router may crash unexpectedly with Segmentation fault(11), Process = DSMP |
|
|
IPSEC install failed IPSEC_PAL_SA shows "unexpected number of parents" |
|
|
FMAN crashed after firewall reconfiguration |
|
|
Umbrella local domain bypass list is not programmed to DP, FMFP-3-OBJ_DWNLD_TO_DP_FAILED |
|
|
ESP ucode crashed when running NAT with bpa (CGN) |
|
|
Device becomes unresponsive when configuring l2vpn context |
|
|
MGCP Calls with SRTP fail to connect with Cause Value=47 due to T.38 calls |
|
|
GetVPN-ISR4461// Getvpn traffic is failing with Transport mode with all the versions. |
|
|
ISR1K: dot1q-tunneling ports broadcast unknown unicast traffic to all other local switch ports |
|
|
CFT crashed frequently |
|
|
NIM interfaces go into shutdown after router bootup. |
|
|
IOS-XE crash after doing a SCEP enrollment |
|
|
MKA session up but unable to pass data across link using AES-256-XPN cipher |
|
|
%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space |
|
|
Process = Exec crash seen on dmap longevity testbed with clear cry sa peer several times |
|
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" and "no shut" interface |
|
|
Portchannel stats not working on ASR1002-HX |
|
|
Crash triggered with IPv6, IPv4, PPPoE, PortChannel and NAT |
|
|
IWAN High CPU and Memory |
|
|
C1111X-8P Sku tagged to 4P software tag incorrectly |
|
|
IWAN crash related to DCA channel |
|
|
ALG with NAT trigger a crash when a DNS writeback occurs |
|
|
Connect message is never forwarded to the calling side |
Open Caveats in Cisco IOS XE Amsterdam 17.2.1r
|
Caveat ID Number |
Description |
|---|---|
|
PfRv3: Crash while Printing the Same TCA Message |
|
|
Performance Monitor crash |
Feedback