Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Cisco Catalyst 8000V Edge Software Overview
About Cisco Catalyst 8000V
Cisco Catalyst 8000V Edge Software or Cisco Catalyst 8000V is a software-based, virtual router that combines the functionalities of Cisco Cloud Services Router (Cisco CSR1000V) and Cisco Integrated Services Virtual Router (Cisco ISRv) into a single image that is intended for deployment in on-prem branches, data centers, colocation data centers, and public clouds.
Cisco Catalyst 8000V supports NIM modules on Cisco ENCS platforms, runs on any x86 platform, and is supported on ESXi, KVM, NFVIS hypervisors. Further, you can deploy this router on public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba Cloud.
When you deploy Cisco Catalyst 8000V as a VM, the Cisco IOS XE software behaves similar to a traditional Cisco router (hardware platform). You can configure different features depending on the Cisco IOS XE software version.
Features
-
Hardware independence: The Cisco Catalyst 8000V router uses the benefits of virtualization in the cloud to provide hardware independence. Since the Cisco Catalyst 8000V runs as a virtual machine, you can use this router on any x86 hardware that the virtualization platform supports.
-
Sharing of host hardware resources: The host server hardware resources such as CPU cores, memory, and disk are managed by the hypervisor, and these resources are shared among the guest VMs. You can regulate the amount of hardware resources assigned to a specific Cisco Catalyst 8000V VM instance.
-
Flexibility in deployment: You can easily move a VM from one server to another. Thus, you can move a Cisco Catalyst 8000V instance from a server in one physical location to a server in another physical location without moving any hardware resources.
-
Enhanced software security - Secure Object Store: In Cisco Catalyst 8000V, storage partitions for NVRAM, licensing, and other data are created as object stores. The individual object stores are encrypted to ensure data security, and this product is Cisco Secure Development life cycle (CSDL) compliant. Further, Cisco Catalyst 8000V supports a 16G disk profile.
Hardware Requirements
For hardware requirements and installation instructions, see the Cisco Catalyst 8000V Edge Software Installation And Configuration Guide.
Software Images and Licenses
The following sections describe the licensing and software images for Cisco Catalyst 8000V.
Cisco Catalyst 8000V Software Licenses
The Cisco Catalyst 8000V is licensed based on throughput, feature-set, and the licensing term. This product supports Cisco Smart Licensing Usage Policy as well as Cisco DNA Licensing. Based on whether you want to opt for purchased licenses that go with the Cisco Catalyst 8000V instance, or a subscription-based license, choose one of the following options:
Subscription-Based Licensing via Cisco DNA
You can purchase a subscription license for Cisco Catalyst 8000V through the following three licenses that are available via Cisco DNA:
-
Cisco Catalyst 8000V - Network-Advantage
-
Cisco Catalyst 8000V - Network-Essentials
For more information on Cisco Catalyst 8000V DNA licensing, see Cisco DNA Software for SD-Wan and Routing Ordering Guide.
Bring-Your-Own-Licensing
You also have an option to purchase and use licenses with Cisco Catalyst 8000V as a Bring-Your-Own-License (BYOL) instance or as a Pay-As-You-Go (PAYG) instance.
To use a Cisco Catalyst 8000V - BYOL license, see Licenses and Licensing Models to know to how install and configure your license.
If you have upgraded to Cisco Catalyst 8000V from a Cisco CSR 1000V or a Cisco ISRV, you must use Smart Licensing Using Policy (SLP). Traditional licenses do not work after the upgrade.
Pay-As-You-Go Licensing
Cisco Catalyst 8000V supports the PAYG Licensing model with Amazon Web Services (AWS) and Microsoft Azure Marketplace. Cisco Catalyst 8000V hourly-billed AMI or Pay As You Go licensing model allows you to consume an instance for a defined period of time. In this licensing model, you can directly launch the instance from the AWS or Azure Marketplace and start using the instances. The licenses are embedded in the image.
 Note |
For demo or evaluation licenses, contact your Cisco Account Team if you have a direct purchase agreement with Cisco, or your Cisco Partner or Reseller. |
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
Software Image Nomenclature for Installation Files
The Cisco Catalyst 8000V installation file nomenclature indicates properties supported by the router in a given release.
For example, these are filename examples for the Cisco IOS XE Dublin 17.12.1a release:
-
c8000v-universalk9.17.12.01a.ova
-
c8000v-universalk9.17.12.01a.iso
-
c8000v-universalk9.17.12.01a.qcow2
The following table lists the filename attributes along with its properties:
|
Filename Attribute |
Properties |
|---|---|
|
universalk9 |
Specifies the package that you are installing. Images with the universalk9 designation in the image name refers to a universal image that offers all the Cisco IOS features including strong payload cryptography features such as IPSec VPN, SSL VPN, and Secure Unified Communications. This image also supports security features like Zone-Based Firewall, and intrusion prevention. |
|
17.12.01a |
Indicates that the software image is mapped to the Cisco IOS XE Dublin 17.12.1a release. |
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
New and Enhanced Features for Cisco IOS XE Dublin 17.12.x
New and Changed Software Features in Cisco IOS XE 17.12.4
|
Feature |
Description |
|---|---|
|
From Cisco IOS XE 17.12.4, you can deploy Cisco Catalyst 8000V on RedHat RHEL 9.2 operating system with KVM hypervisor. |
|
|
From Cisco IOS XE 17.12.4, you can deploy Cisco Catalyst 8000V on VMware ESXi 8.0 Update 2 hypervisor operating system. |
New and Changed Software Features in Cisco IOS XE 17.12.3
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.2
This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
|
Feature |
Description |
||||
|---|---|---|---|---|---|
|
Support for SUSE SLES 15 SP5 |
From Cisco IOS XE 17.12.2, you can deploy Cisco Catalyst 8000V on SUSE SLES 15 SP5 operating system with KVM hypervisor. |
||||
|
The Managed Cellular Activation solution provides a programmable subscriber identity module (SIM), called an eSIM, a physical SIM card that you can configure with a cellular service plan of your choice. When ordering a pluggable interface module (PIM) to provide cellular connectivity for your router, choose a PIM model with a preinstalled eSIM. The Managed Cellular Activation solution comes with a “bootstrap” cellular plan to provide internet connectivity with a limited amount of data intended only for Day 0 onboarding of the device to your cellular plan. For information about configuring Cisco SD-WAN Manager with the details of your cellular plan in preparation for onboarding the device, see the Cisco Managed Cellular Activation Configuration Guide. Prepare the configuration in Cisco SD-WAN Manager before powering on and onboarding the device, to avoid running out of the limited data in the bootstrap cellular plan. Added Cisco Managed Cellular Activation (eSIM) support for the following Pluggable Interface Module (PIM) model:
|
|||||
New and Enhanced Features for Cisco IOS XE 17.12.1a
Note |
Cisco IOS XE Dublin 17.12.1a is the first release for Cisco Catalyst 8000V in the Cisco IOS XE Dublin 17.12.x release series. |
|
Feature |
Description |
|---|---|
|
Support for Intel Atom® C3000 Processor Series (Denverton) |
From Cisco IOS XE 17.12.1a onwards, Cisco Catalyst 8000V is supported on Intel Atom® C3000 processor (Denverton) CPU-based servers with Intel x550 NIC on the following hypervisors:
You can run Cisco Catalyst 8000V on other x86 CPUs with different NICs and different versions of operating systems. However, support is support is available only for the versions that have been listed in the versions mentioned above. |
|
Support for Intel i350 NICs |
Cisco Catalyst 8000V includes drivers to support SR-IOV connectivity to Intel i350 NICs on Intel Xeon CPU based x86 servers with SUSE SLES 15 SP3 KVM hypervisor. You can run Cisco Catalyst 8000V on other x86 CPUs with different versions of operating systems. However, support is available only for the versions that have been listed in the Cisco Catalyst 8000V Installation and Configuration Guide. |
|
Support for D16_v5 instance in Microsoft Azure environment |
Cisco Catalyst 8000V supports the D16_v5 instance type with 8 NICs (maximum) in the Microsoft Azure Marketplace for increased throughput. |
|
Cisco Catalyst 8000V Performance Enhancements |
Cisco Catalyst 8000V supports improved, 16-core performance for on-prem deployments in the KVM and ESXi environments. |
|
The IPv6 Unicast Support feature introduces support for IPv6 dataplane to RAR Dynamic Link Exchange Protocol. |
|
|
This feature allows you to perform management operations for SD-Routing devices using Cisco Catalyst SD-WAN Manager. You can use a single network manage system ( Cisco Catalyst SD-WAN Manager) to monitor all the SD-Routing devices and therefore help in simplifying solution deployments. |
|
|
Segment Routing (SR) can currently be applied on Multiprotocol Label Switching (MPLS) dataplane. From Cisco IOS XE 17.12.1a, SR is supported over the IPv6 dataplane for the following protocols:
In addition, the following functionalities are available for Segment Routing over IPv6 dataplane:
|
|
|
This feature allows you to delete the entries from the logging buffer. You can configure the local syslog retention period after which the entries are purged from the device automatically. To enable this feature, use the logging purge-log buffer days command. |
|
|
TrustSec and Software-Defined Access Scale Measurement |
With this feature, the scale numbers for TrustSec and Software-Defined Access (SDA) are measured for the following:
|
|
Feature |
Description |
|---|---|
|
From Cisco IOS XE Dublin 17.12.1a onwards, GCM cipher negotiation supports secure connectivity of WebSocket server. |
|
|
From Cisco IOS XE Dublin 17.12.1a onwards, High Availability in CUBE supports IPv6 flows. |
|
|
From Cisco IOS XE Dublin 17.12.1a onwards, VoIP Trace for SIP messages displays cause code in the cover buffer. |
Resolved and Open Bugs - Cisco IOS XE 17.12.x
Resolved Bugs - Cisco IOS XE 17.12.4
|
Identifier |
Headline |
|---|---|
|
C8000V hosted in Azure reloaded unexpectedly, generating a system report |
|
|
Crypto IKEv2 - Fragmented Authentication packets detected as malformed on 3rd party vendor device |
|
|
GETVPN COOP KS | Wrong severity for rekey acknowledgement configuration mismatch log message |
|
|
FMFP-3-OBJ_DWNLD_TO_DP_FAILED observed when you delete and reconfigure zone-pair back |
|
|
NETVSC VLAN sub interfaces not passing traffic after upgrade |
|
|
Kernel crashes over continuous reloads |
|
|
Memory leak in crypto IKEv2 due to C_NewObject |
|
|
Unexpected reboot in WLC due to SSL |
|
|
Memory leak in the crypto IKMP process |
|
|
Device crashes when port-channel interface flaps with scale of per-tunnel qos policies |
|
|
NAT46 translations are dropped when NAT64 router is also Carrier Supporting Carrier CE |
|
|
crypto pki certificate pool in running configuration |
|
|
Failure to communicate a period of time after the stp status changes |
|
|
DPDK RX buffer can get corrupted on DPDK based network drivers causing crash |
|
|
Segmentation Fault - Process = IPSec dummy packet process |
|
|
IPsec tunnel fails to establish due to error IPSec policy invalidated proposal |
|
|
MGCP GW doesn't respond with 250 OK for a DLCX leading to DLCX loop from CUCM side |
|
|
The show sdwan policy service-path command gives inconsistent results with app name specified |
|
|
Only one split-exclude subnet is pushed to client PC with IOS-XE headend for an RA VPN connection |
|
|
NAT Pool doesn't work under prefix 16. Available address is zero |
|
|
Unexpected reboot due to cpp ucode on a router |
|
|
ENH: Config parser issue for NAT is seen with extendable and redundancy |
|
|
Disabling PMTU-Discovery with MTU change and BFD flap breaks packet duplication |
|
|
Trim installed certificate on upgrade |
|
|
Reload in tcp_sanity due to l4 pointer not set |
|
|
AnyConnect connection through IPSec fails when connecting from an RDP user to an IOS/IOS-XE headend |
|
|
Segmentation fault and core files are seen on IOS-XE due to speed test |
|
|
IPv6 TCP adjust-mss not working after delete and reconfigure |
|
|
AAA authorization failure during IKEv2 phase negotiation caused unexpected reboot |
Open Bugs - Cisco IOS XE 17.12.4
|
Identifier |
Headline |
|---|---|
|
Accelerated Networking stops working due to driver issue |
|
|
C8000V license boot level configuration done through customdata is getting lost after reload |
|
|
C8000V faces high system CPU load reported due to unsupported number of vCPUs allocated |
|
|
High CPU utilisation for confd_cli |
|
|
Crash due to a segmentation fault because of a negative value |
|
|
IMS is hardcoded for Profile 1 preventing second PDN connection when configuring Multi-PDN |
|
|
Device crashes due to %PLATFORM-3-ELEMENT_CRITICAL memory level / iomd process |
|
|
NAT command is not readable after reload |
|
|
RRI static does not populate route after reload if stateful IPSec is configured |
|
|
No error message is seen while using multicast address as system-IP in SD-routing devices |
|
|
Key manager crashes after hostname change with usage keys |
|
|
GETVPN: Migrating to new KEK RSA key doesn't trigger GM re-registration |
|
|
Device reloads due to ezManage mobile app service |
|
|
WAN IP is allowed to be configured as SYSTEM IP |
|
|
Startup configuration fails post PKI server enablement |
|
|
ZBFW TCAM misprogramming after the rules are reordered on device |
|
|
IKEv2 session is down after reload if identity local address is assigned to an interface on device |
|
|
Watchdog crashes during IPv6 cef adjacency routines |
|
|
Unencrypted traffic due to non-functional IPsec tunnel in FLEXVPN hub and spoke setup |
|
|
After deleting a NAT configuration, the IP address still shows up in the routing table |
|
|
IOS XE:Traffic is not encrypted and is droped over IPSEC SVTI tunnel |
|
|
Unable to build two IPSec SAs with the same source/destination where one peer is PAT'd through the other |
|
|
NHRP-related tracebacks are being generated due to negative global cache count |
Resolved Bugs - Cisco IOS XE 17.12.3a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Template attach fail with unknown element: ssh-version in /ios:native/ios:ip/ios:ssh |
|
|
PPPoE with NAT DIA feature validation failed post upgrade. |
Resolved Bugs - Cisco IOS XE 17.12.3
|
Identifier |
Headline |
|---|---|
|
Upgrade fails for SD-Routing devices via vManage due to error: System config has been modified |
|
|
Appx license boot level configuration is lost in running configuration after upgrade |
|
|
Device crashes after changing NAT HSL configuration |
|
|
ZBF drops transit WAAS PSH/ACK packet due to 'Invalid ACK Number' |
|
|
HSEC install time out, device license status displays device-request-successful |
|
|
Device keeps crashing when processing a firewall feature |
|
|
The IKEv2 Diagnose feature is taking 11% CPU during session bring up |
|
|
Unexpected reboot occurs after establishing control plane of EVPN MPLS and receiving packets |
|
|
NAT HSL logging VRF-filter does not work |
|
|
Warning and critical CPU utilization thresholds are not recomputed when using data-plane-heavy mode |
|
|
PoE module does not provide enough power to bring the ports after an unexpected reload |
|
|
SNMP is unable to poll SDWAN tunnel data after a minute |
|
|
SKA_PUBKEY_DB leak in TDL |
|
|
Security policy w/IPS external syslog configuration generation fails for specific devices |
|
|
Endpoint tracker triggers a CPU hog |
|
|
ZBFW is not able to detect packets on TenGig interface |
|
|
Add a detailed log to indicate grant ra-auto un configures grant auto in PKI server |
|
|
Device can't boot up in full configuration |
|
|
Device creates crooked NAT entry if two or more IP phones from NAT outside registers to the same server |
|
|
Mobile-app causes excessive authorization attempts with a null username |
|
|
Device may crash due to crypto IKMP process |
|
|
PKI crashes after failing a CRL fetch |
|
|
Device crashes with segmentation fault(11), Process = NHRP when processing NHRP traffic |
|
|
Device unexpectedly reloads while fetching certificate trustpool for SIP TLS |
|
|
ePBR generates error when the policy is added and deleted multiple times |
|
|
One-way RTP issue including DSP timeout messages (63.2.0 / 62.3.1) |
|
|
Unexpected reboot occurs while dispalying information from cleared SSS session |
|
|
PMTUD incorrectly converges without attempting to learn a higher MTU |
|
|
Cannot disable DMVPN logging in |
|
|
Device should discard IKE notification messages with incorrect DOI |
|
|
Race condition crash on IOS-XE device |
|
|
Frame relay DTE router crashes due to EXMEM exhaustion |
|
|
cpp_mcplo_ucode crashes with port-channel and NAT |
|
|
FTMD crash observed in ENCS platforms while running PWK suite |
|
|
ATO : Session fails to come up with tunnel its shut no shut in loop (cable unplug-plug in customer) |
|
|
IPsec traffic is dropped on Strongswan when PPK is implemented |
|
|
Packet drops observed between LISP EID over GRE tunnel |
|
|
AAA:Template push fails when AAA authorization is set to local |
Open Bugs - Cisco IOS XE 17.12.3
|
Identifier |
Headline |
|---|---|
|
NAT command is not readable after reloaded |
|
|
Critical process cpp_ha_top_level_server fault on fp_0_0 (rc=69) |
|
|
IPv6 tcp adjust-mss does not work after delete and reconfigure |
|
|
Unexpected reload occurs when using the show running-config full | format command |
|
|
Bootstrap fails to load |
|
|
Syslog flow over TCP port 514 gets dropped under code L7 inspection returns drop |
Resolved Bugs - Cisco IOS XE 17.12.2
|
Identifier |
Headline |
|---|---|
|
Using special characters in the password while generating TP generates an invalid TP |
|
|
Crypto PKI-CRL-IO_0 process crashes when PKI trustpoint is requested and deleted |
|
|
DDNS update retransmission timer fails to work with a traceback error |
|
|
Non-fabric- loads the minimal bootstrap configs again if device is rebooted without saving the configs |
|
|
Device crashes@crypto_map_unlock_map_head |
|
|
Device data plane crashes in Umbrella/OpenDNS processing due to incorrect UDP length |
|
|
HSEC licenses incrementing |
|
|
Crashed by TRACK client thread at access invalid memory location |
|
|
CPU usage mismatch seen in show sdwan system status vs show proc cpu platform |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface |
|
|
Flowspec on device won't revoke |
|
|
Device crashes when modifying tunnel after running show crypto commands |
|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
|
|
Device observes memory leak at process SSS Manager. |
|
|
Memory leak with pubd. |
|
|
ip name-server command not pushed |
|
|
IOS process crashes during VRRP hash table lookup |
|
|
Device running IOS-XE crashes when removing FQDN ACL |
|
|
NTP authentication removed after reload using more than 16 bytes. |
|
|
Segmentation fault at IPv6 BGP backup route notification |
|
|
Cisco IOx application hosting environment privilege escalation vulnerability |
|
|
WLC unexpected ueload due to segmentation fault in WNCD process |
|
|
Unable to migrate from ADSL to VDSL without reboot |
|
|
Extranet multicast code improvements for better handling of data structure |
|
|
VC down due to control-word negotiation |
|
|
BDI + NTP configuration puts DMI process in degraded mode |
|
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper |
Open Bugs - Cisco IOS XE 17.12.2
|
Identifier |
Headline |
|---|---|
|
C8000V crashes after changing NAT HSL configuration. |
|
|
C8000V IPv6 PMTUD packet is fragmented at 1494 bytes |
|
|
Appx license boot level config is lost in running-config after CSR1000V release17.3.4a is upgraded to 17.9.3a |
|
|
Device segmentation fault crashes with Network Mobility Services Protocol (NMSP) |
|
|
Router keeps crashing when processing a firewall feature |
|
|
Unexpected reboot occurs after establishing control plane of EVPN MPLS and receiving packets |
|
|
PoE module is not providing enough power to bring the ports after an unexpected reload |
|
|
HSEC license installation from the workflow does not complete |
|
|
SNMP unable to poll SDWAN Tunnel Data after a minute |
|
|
Add verbose log to indicate grant ra-auto un configures grant auto in PKI server |
|
|
Silent reload due to LocalSoftADR causes crash without core file |
|
|
Router crashes with Segmentation fault(11), Process = NHRP when processing NHRP traffic |
|
|
CUBE router unexpectedly reloads while fetching certificate Trustpool for SIP TLS |
|
|
NAT pool does not work under prefix 16. Available address = zero |
|
|
Carrier grade NAT reaching max host entries and failing to translate due to gatekeeper |
|
|
Unexpected reboot occurs while dispalying information from cleared SSS session |
|
|
PMTUD incorrectly converging without attempting to learn a higher MTU |
|
|
Device crashes unexpectedly after a successful WGB/AP config deployment from OD |
|
|
Packets with L2TP headers cause router to crash |
|
|
NHRP phase 3 spoke-spoke cache got purged after 5-6 hours with always on traffic running |
|
|
IOS XE:Traffic not encrypted and droped over IPSEC SVTI tunnel |
|
|
Can not disable DMVPN logging in IOS-XE |
|
|
Enable SoS/ROC feature for DSL |
|
|
Frame Relay DTE router crashes due to EXMEM exhaustion |
|
|
Device match ICMP trafdfic to VRF 65528 causing ping to not be completed |
|
|
IPv6 SPD min/max defaults to values 1 and 2 |
|
|
High CPU due to MPLS MIB poll |
|
|
WNCD process crashes |
|
|
VPLS IRB does not work when traffic comes from VPNv4 and next-hop is learned over VPLS |
|
|
Pubd process shows high CPU utilization |
|
|
1Gig int on device using GLC-SX-MMD are down/down after changing connection |
|
|
Memory leak with pubd |
|
|
Convergence improvement after device reboot with mVPN profile 14 |
|
|
NETCONF: DMI enters degraded mode caused by BGP neighbor configured under the SCOPE command |
|
|
FIB/LFIB inconsistency after BGP flap |
|
|
IOS XE router may experience %FMANRP_QOS-4-MPOLCHECKDETAIL: errors |
|
|
EEM is running daily instead of weekly or monthly if special strings @weekly or @monthly are used |
|
|
Mismatch between resource allocation and app-resource profile custom configuration |
|
|
Incorrect local MPLS label in CEF after BGP flap |
|
|
Cisco IOS-XE IPv6 based subscription telemetry does not work |
|
|
Guestshell connectivity does not work with NAT overload |
|
|
SDA - using spt-threshold infinity and having LHR+FHR can cause the S,G to be pruned on the RP |
|
|
Unexpected reload when using rsh/rcmd |
|
|
Locally generated traffic received on incorrect interface inbound and dropped by ACL |
|
|
WLC unable to get telemetry data due to pubd unexpected reload and fail |
|
|
Device crashes due to dhcpd_binding_check |
|
|
Site tag change wncd working/failing EAP-TLS |
|
|
ARP incomplete in VRF Mgmt-intf - G0/0/0 - Switch -G0 |
|
|
LLDP location information is not sent when configured |
|
|
The clear bgp command does not consider AFIs when used with update-group option |
|
|
Device sending incomplete SGT to ISE |
|
|
Only portion of HSRP config being pushed via CLI ADDON template |
|
|
match pktlen-range does not work with GRE/IPSEC GRE |
|
|
In the show tech file, enable secret does not get hidden |
|
|
Unexpected reload on device ucode core @l2_dst_output_goto_output_feature_ext_path |
|
|
ISIS crashes in local uloop |
|
|
Wrong /32 self, complete map-cache entry for fabric hosts on iBN when overlapping summary exists |
|
|
Member interface config not applied with mis-match in pcakages.conf files |
|
|
WLC does not send accounting start for user auth after machine auth on 9105AXW RLAN dot1x port |
|
|
Router unexpectedly reloads while using DHCP for ISG |
|
|
IOS-XE router not installing classless-static-routes from DHCP option 121 |
|
|
SVL, 10G link on the active chassis will go down after reload |
|
|
Device sync fails when device prompt comes along with device banner and TACACS is used |
|
|
Unexpected reboot in device due to SISF and STP initialization |
|
|
Crash on device polling SPA sensor data |
|
|
VLAN name mismatch when authorizing VLAN name from radius server and enable VLAN fallback |
|
|
Password getting visible for the mask-secret in show logging |
|
|
Upgrade failing with config check track-id-name |
|
|
CTS CORE process crash after configuring role based ACL |
|
|
IPv6 traffic is passing through when the client is in Webauth Pending state (CWA) |
|
|
Option 121 never requested by IOS-XE client |
|
|
[IPv6 BGP] multiple sourced paths present for the same prefix |
|
|
IP SPD queue thresholds are out of range |
|
|
CBQoS polling for the object cbQosCMPostPolicyBitRate returns incorrect value |
|
|
Device unexpectedly reloads |
|
|
After migration MAC/IP only MAC is advertised |
|
|
BGP Router process crash |
|
|
Memory leak under MallocLite/AAA proxy with NETCONF/RESTCONF |
|
|
Memory leak in linux_iosd-imag due to SNMP |
|
|
After a reboot, EAP-FAST/PEAP does not authenticate unless credentials are changed |
Resolved Bugs - Cisco IOS XE 17.12.1a
|
Identifier |
Headline |
|---|---|
|
Not all HSL entries get pushed to the device if more than 1 HSL entries are configured |
|
|
Issues/discrepancies around CPU alarms generated and sent to device |
|
|
TLS control-connections down, traffic from controller dropped with SdwanImplicitAclDrop |
|
|
Macsec remains marked as SECURED, but traffic stops working randomly |
|
|
Route-map not getting effect when its applied in OMP for BGP routes |
|
|
Unexpected behavior due to unstable power source |
|
|
Certificate output does not change on renew when Cloud Certificate Authorization is automated |
|
|
NAT ALG is changing the Call-ID within SIP message header causing calls to fail |
|
|
CSR1000V upgrade fails from 17.3.4a to C8000v 17.6.5 due to advertise aggregate with VRF |
|
|
AAR: BoW feature ignoring color preference from Tiered Transport preference configuration |
|
|
VPN is established although the peer is using a revoked certificate for authentication |
|
|
Crash seen when umbrella/zscaler template pushed to device when name_lookup takes > 30 sec |
|
|
NAT entries expire on the standby router |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP |
|
|
Platform punt-policer is not configurable |
|
|
For some error condition platform_properties may double free |
|
|
Same label is assigned to different VRFs |
|
|
Auto-Update cycle incorrectly deletes certificates |
|
|
All USB internal communcation is closed when using the platform usb disable command |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value |
|
|
BFD Session Down with interface flap |
|
|
Double GR_Additional log enablement defect |
|
|
Segmentation fault in PB rx when per-tunnel qos config withdraw |
|
|
No way audio when using secure hardware conference with secure endpoints |
|
|
IOS-XE cpp crash when entering no ip nat create flow-entries |
|
|
AAR overlay actions are applied to DIA traffic |
|
|
Configuring entity-information xpath filter causes syslogs to print, does not return data |
|
|
Unexpected reload when doing ips test with UTD ips engine |
|
|
Autotunnel IPsec tracker:Tracker does not come up at all on device |
|
|
AppNav-XE: Policy-map edit on cluster with multiple service context fails to program TCAM |
|
|
Port-channel DPI load-balancing not utilizing all the member-links |
|
|
GARP on port up/up status from router is not received by remote peer device |
Open Bugs - Cisco IOS XE 17.12.1a
|
Identifier |
Headline |
|---|---|
|
C8000V in Azure with HA script has memory leak in guestshell |
|
|
Unable to configure crypto map on a physical interface due to which crypto map-based VPN's cannot be formed. |
|
|
Using special characters in the password while generating TP generates an invalid TP |
|
|
APN password in plain text when Cellular controller profile is configured |
|
|
Punt keep alive failure crash on device controller managed apparently due to for us data packets |
|
|
With pure IPV6, minimal bootstrap unable to onboard Non-Fabric - ipv6 config missing in WAN INT G1 |
|
|
Misprograming during vpn-list change under data policy |
|
|
BFD going down for newly onboarded device |
|
|
Unable to add devices to Cloud on Ramp for SaaS due to timeout while loading device list |
|
|
Rapid memory leak on ngiolite process |
|
|
No licenses in use after upgrading from traditional to Smart Licensing IOS-XE versions |
|
|
Non-Fabric:With Multiple interfaces in instance using minimal bootstrap unable to onboard C8000V |
|
|
Unexpected reboot while classifying packet with CTF (Common Flow Table) |
|
|
ENTROPY-0-ENTROPY_ERROR causes constant reboots |
|
|
Show run and Show sdwan run not in sync after removing GigabitEthernet3 C8000V |
|
|
NAT64 prefix is not originated into OMP |
|
|
Crash when modifying tunnel after running show crypto commands |
|
|
SIP calls not working on device with ZBFW enabled |
|
|
C8000V / HSECK9 throughput license fails after deploying a router's snapshot AWS/KVM |
|
|
Device couldn't access any show sdwan commands at all |
|
|
Device observes memory leak at process SSS Manager |
|
|
Configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices |
|
|
HSEC licenses incrementing |
|
|
Unable to migrate from ADSL to VDSL without reboot |
|
|
SDRA-SSLVPN : The sslvpn session closes with re-authentication error after some interval of time |
|
|
Traffic forwarded to wrong VPN hence traffic gets wrong zonepair matched and gets dropped |
|
|
IPv4 connectivity over PPP is not restored after reload |
|
|
OMP to BGP redistribution leads to incorrect AS_Path installation on chosen next-hop |
|
|
Unexpected reboot due qfp ucode due to ipsec functions |
|
|
BFD entries removed |
|
|
Router has LocalSoftADR crash, writes flat core, and reloads |
|
|
Multiple crashes observed on platform due to memory exhaustion |
|
|
Static route keeps advertising via OMP even though there is no route |
|
|
Static NAT entry is deleted from running config but remains in startup config |
|
|
B2B NAT: when configration ip nat inside/outside on VASI intereface,ack/seq number abnormal |
Related Documentation
Cisco Catalyst 8000V Edge Software Product Page
Cisco Catalyst 8000V Edge Software Data Sheet
Cisco Catalyst 8000V Edge Software Installation And Configuration Guide
Cisco Catalyst 8000V Edge Software High Availability Configuration Guide
Troubleshooting Guide for Cisco Catalyst 8000V Edge Software
Smart Licensing Using Policy for Cisco Enterprise Routing Platforms
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback