First Published: February 1, 2022

Last Updated: February 24, 2022

Introduction

The following release notes support the Cisco IOS 15.9(3)M5 release. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.

PSIRT ADVISORY

IMPORTANT INFORMATION - PLEASE READ!

FPGA and BIOS have been signed and updated to new versions.

For the 15.9 Release Train, this image (15.9-3.M) is considered as the baseline. Downgrade is STRICTLY UNSUPPORTED and bundle install to previous releases (158-3.M2a/157-3.M4b/156-3.M6b) will cause an error and fail if attempted. Any manual downgrade [non bundle operations] will impair router functionality thereafter.


Note
After upgrading to this release, make sure to delete any old image files that may still be in the flash: filesystem. This will prevent an unintended IOS downgrade.

For additional information on the PSIRT see the following:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Image Information and Supported Platforms


Note
You must have a Cisco.com account to download the software.

Cisco IOS Release 15.9(3)M5 includes the following Cisco IOS images:

IR8x9

System Bundled Image: ir800-universalk9-bundle.SPA.159-3.M5

This bundle contains the following components:

  • IOS: ir800-universalk9-mz.SPA.159-3.M5

  • Guest Operating System: ir800-ref-gos.img.1.15.0.4.gz

  • Hypervisor: ir800-hv.srp.SPA.3.1.22

  • FPGA: 2.B.0

  • BIOS: 27

  • MCU Application: 34

IR807

IOS Image: ir800l-universalk9-mz.SPA.159-3-M5

CGR1K

System Bundled image: cgr1000-universalk9-bundle.SPA.159-3-M5

This bundle contains the following components:

  • IOS Version: cgr1000-universalk9-mz.SPA.159-3-M5

  • Guest Operating System: cgr1000-ref-gos.img.1.8.2.21.gz

  • Hypervisor: cgr1000-hv.srp.SPA.3.0.65

  • FPGA: 2.E.0

  • BIOS: 18

Important Note Regarding 159-3.M5

CG-OS to IOS Migration:


Note
When migrating from CG-OS to IOS on the CGR1K, Cisco recommends to upgrading from the Golden image to the required IOS image. Refer to the following example:

CG-OS -> 15.8(3)M3b -> <latest version>

Software Downloads

This section contains the following:

IR800 Series

The latest image files for the IR800 product family can be found here:

https://software.cisco.com/download/navigator.html?mdfid=286287045&flowid=75322

Click on the 807, 809 or 829 link to take you to the specific software you are looking for.


Important
MANUAL [non-bundle] DOWNGRADE IS STRICTLY PROHIBITED. For newer releases with the PSIRT fix - while bundle downgrade to 158-3.M2a/157-3.M4b/156-3.M6b is supported, manual downgrade is unsupported.

Note
On the IR8x9 devices, the IR800 bundle image can be copied via Trivial File Transfer Protocol (TFTP) or SCP to the IR800, and then installed using the bundle install flash:<image name> command. The IR800 <image>.bin file can NOT be directly booted using the boot system flash:/image_name. Detailed instructions are found in the Cisco IR800 Integrated Services Router Software Configuration Guide .

Note
On the IR8x9 devices, the cipher dhe-aes-256-cbc-sha (which is used with the commands ip http client secure-ciphersuite and ip http secure-ciphersuite ) is no longer available in IOS 15.6(3)M and later as part of the weak cipher removal process. This cipher was flagged as a security vulnerability.

IR807

The IR807 link shows the following entries:

  • ir800l-universalk9-mz.SPA.<version> .bin

  • ir800l-universalk9_npe-mz.SPA.<version> .bin

IR809

The IR809 link shows the following entries:

  • IOS Software

    • ir800-universalk9-bundle.<version> .bin

    • ir800-universalk9_npe-bundle.<version> .bin

  • IOx Cartridges

    • Yocto 1.7.2 Base Rootfs (ir800_yocto-1.7.2.tar)

    • Python 2.7.3 Language Runtime (ir800_yocto-1.7.2_python-2.7.3.tar)

    • Azul Java 1.7 EJRE (ir800_yocto-1.7.2_zre1.7.0_65.7.6.0.7.tar)

    • Azul Java 1.8 Compact Profile 3 (ir800_yocto-1.7.2_zre1.8.0_65.8.10.0.1.tar)

IR829

The IR829 link shows the following entries:

Software on Chassis

  • IOS Software

    • ir800-universalk9-bundle.<version> .bin

    • ir800-universalk9_npe-bundle.<version> .bin

  • IOx Cartridges

    • Yocto 1.7.2 Base Rootfs (ir800_yocto-1.7.2.tar)

    • Python 2.7.3 Language Runtime (ir800_yocto-1.7.2_python-2.7.3.tar)

    • Azul Java 1.7 EJRE (ir800_yocto-1.7.2_zre1.7.0_65.7.6.0.7.tar)

    • Azul Java 1.8 Compact Profile 3 (ir800_yocto-1.7.2_zre1.8.0_65.8.10.0.1.tar)

AP803 Access Point Module

  • Autonomous AP IOS Software

    • WIRELESS LAN (ap1g3-k9w7-tar.153-3.JH1.tar)

  • Lightweight AP IOS Software

    • WIRELESS LAN (ap1g3-k9w8-tar.153-3.JH1.tar)

    • WIRELESS LAN LWAPP RECOVERY (ap1g3-rcvk9w8-tar.153-3.JH1.tar)

Warning about Installing the Image


Note
The bundle can be copied via Trivial File Transfer Protocol (TFTP), or Secure Copy Protocol (SCP) to the device, and then installed using the bundle install flash:<image name> command. The bin file can NOT be directly booted using the boot system flash:/image_name.

Caution
MANUAL [non-bundle] DOWNGRADE IS STRICTLY PROHIBITED.

Known Limitations

This release has the following limitations or deviations from expected behavior:

Space Limitation

The device requires a minimum 30MB additional space in the flash: file system before attempting an upgrade, or a downgrade between releases. Otherwise, the FPGA/BIOS will not have enough space to store files and perform the upgrade. In these current releases, the bundle installation will not display a warning, but future releases from September 2019 going forward will have a warning.

CSCvq88011 - IR809, IR829

Bundle install should internally handle “firmware downgrade enable” check

Symptoms : If you manually downgrade hypervisor and IOS only from releases (159-3.M+, 158-3.M3+, 156-3.M7+, 157-3.M5+) to the releases (158-3.M2a, 157-3.M4b, 156-3.M6b), the router will be stuck in a boot loop.

Workaround : If you use the recommended 'bundle install' to downgrade, the process will run correctly.

Major Enhancements

This section provides details on new features and functionality available in this release. Each new feature is proceeded by the platform which it applies to.

IR8x9 Cellular and GPS Serviceability Phase 2

Additional infrastructure has been added for troubleshooting Cellular and GPS issues in IR8x9 platforms. The serviceability infrastructure will automatically capture the following:

  • DM logs

  • RAM dumps if the modem crashed

  • Gyroscope/Accelerometer sensor data for detecting the road conditions

The router stores the logs in bootstrap and flash appropriately.

CLI implementation to turn on/off this feature will be under controller cellular. This feature should be enabled and disabled only by Cisco engineers for collecting the logs. It is recommended to turn on this feature only if capturing logs with human intervention is difficult and is strongly recommended to turn OFF the feature before a router reload to prevent any possible flash corruption.


Note
This feature should be enabled and disabled only on recommendation by Cisco engineers for collecting logs. Failure to turn OFF the feature before a router reload could result in possible flash corruption.

Caveats

Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.


Note
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account .

For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ .

Open Caveats

The following table lists open caveats for Cisco IOS Release 15.9(3)M5:

Item

Platform

Description

CSCwa78755

IR800

4G: Some of the Serviceability logs on flash are not getting deleted automatically or manually.

Symptoms: Rare flash corruption observed. Some of the DM-logs found on flash could not be deleted after running about two weeks of longevity test. Error observed is “File in use in an incompatible mode”. Because of this corruption, it is possible that the router may not be able to boot up from image on flash if reloaded. If this occurs, the router may need to be booted using an image from TFTP server from ROMMON mode.

Workaround: Reboot the router to delete the older files.

Resolved Caveats

The following table lists resolved caveats for Cisco IOS Release 15.9(3)M5:

Item

Platform

Description

CSCwa29494

IR800

CGR1000

Boot parameter is not set to flash:/managed/images/<image_name> in 8x9 with firmware upgrade on Cisco IoT Operations Center.

Symptoms: After performing a write erase, the boot variable will be erased so that image in flash:/managed/images/ cannot be booted up.

Workaround: Save the boot variable to retain on write erase so that on reboot previous loaded paths image booted up and device comes up.

CSCvz29966

IR800

CGR1000

FSCK must not be used as a condition to determine if a storage-related operation should fail or pass

Symptoms: In old 159-3.M2 release random flash corruption causing FSCK loop.

Workaround: Reboot the router.

CSCvz98007

CGR1000

From Release 15.9(3)M5, WPAN serviceability - Phase 2 feature is added. This serviceability feature will collect a series of stats, which will be helpful in debugging the WPAN related issues. This new serviceability will address the file handling issues & bundle install issue faced with WPAN installed unit in the previous release(15.9(3)M4a).

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.