About Cisco 1000 Series Integrated Services Routers
The Cisco 1000 Series Integrated Services Routers (also referred to as router in this document) are powerful fixed branch routers based on the Cisco IOS XE operating system. They are multi-core routers with separate core for data plane and control plane. There are two primary models with 8 LAN ports and 4 LAN ports. Features such as Smart Licensing, VDSL2 and ADSL2/2+, 802.11ac with Wave 2, 4G LTE-Advanced and 3G/4G LTE and LTEA Omnidirectional Dipole Antenna (LTE-ANTM-SMA-D) are supported on the router.
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
Feature Navigator
You can use Cisco Feature Navigator to find information about feature, platform, and software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not required.
New Hardware Features
P-LTE-IN LTE and P-LTE-JN LTE pluggable module support on C1109 and C1121 platforms for Cisco IOS XE Gibraltar 16.12.1a release.
New and Changed Software Features
The following are the new software features introduced in Cisco IOS XE Gibraltar 16.12.x release:
-
Configuring the Cisco IOS XE DHCP Client using Class level: Added a list of importable DHCP Options.
-
Dual Link Support for LTE: With the support for IP NAT service multi-wan-link, traffic is now routed to the primary interface using the IP address associated with the primary interface. Similarly, if the primary interface is down, the traffic is re-routed to secondary interface using the IP address associated with the secondary interface.
-
Policy Based and Application Based Routing: Policy-based Routing (ePBR) has been enhanced to enable application-based routing, which provides a flexible, device-agnostic policy routing solution, therefore ensuring imporved application performance.
-
IP DHCP Snooping: From Cisco IOS XE Gibraltar 16.11.1, these commands are supported on the Cisco 1000 Series ISRs.
-
Mapping of Address and Port using Encapsulation: The MAP-E feature in this release complements the existing MAP-T capability by providing connectivity to IPv4 hosts across IPv6 domains on CE devices while encapsulating the original IPv4 packet. MAP-E also enables mapping of address between IPv6 and IPv4 addresses, and across transport layer ports. Additionally, the CE device performs NAPT44 translation between a customer private IPv4 address and the MAP-E NAT64 translation to ensure that different CE devices share a common public IPv4 address.
-
Specific License Reservation: With Specific License Reservation, you can deploy a Smart License on a device without directly connecting it to the Cisco Cloud.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
-
Show interface gigabitethernet accounting : The show command output was modified to display the number of packets of each protocol type that have been sent through all configured interfaces.
-
Web User Interface: Supports an embedded GUI-based device-management tool that provides the ability to provision the device, simplifies device deployment and manageability, and enhances user experience. The web user interface also supports these features:
-
NAT Statistics
-
IPv6 Support for AAA
-
-
ZBFW HSL using Source Interface Capability: Zone-based Firewall supports export of logged data record to an external collector using NetFlow Version 9, where the collector parses and interprets the data record based on the template. Zone-based firewall uses the High Speed Logging (HSL) capability to generate NetFlow data through the log flow-export v9 udp destination command under the parameter-map type inspect-global configuration.
-
Kill Telemetry Subscription: The ability to delete a dynamic model driven telemetry dynamic subscription using either:
-
clear telemetry ietf subscription Cisco IOS command
or -
kill-subscription RPC
-
-
NETCONF and RESTCONF Service Level Access Control Lists: Configures an IPv4 or IPv6 access control list (ACL) for NETCONF and RESTCONF sessions.
Clients that do not conform to the configured ACL are not allowed to access the NETCONF or RESTCONF subsystems. When service-level ACLs are configured, NETCONF and RESTCONF connection requests are filtered based on the source IP address.
-
YANG Data Models: For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16111.
Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release.
Resolved and Open Caveats
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Resolved Bugs
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
|
Caveat ID Number |
Description |
|---|---|
|
BFD flaps everytime with dynamic tunnel creation in DMVPN |
|
|
Watchdog crash within mgcpapp_free_sys_event_Q event dequeue loop after running 'ccm-manager config' |
|
|
High CPU due to Alignment Corrections - SMEF & IWAN |
|
|
Router fails to reserve necessary ports for VPN traffic (UDP 500 & 4500) for ISAKMP |
|
|
Signaling interface inactive on "show snmp mib ifmib ifindex de" on IOS 16.6.3 |
|
|
ASR1k node in HA pair might crash due to punt-keepalive failures |
|
|
MPLSoVPN: Change behavior of default route in NHRP. Must insert 0.0.0.0/0 instead of /32 |
|
|
DSM-3-INTERNAL: Internal Error : No DSM handle provided traceback on TDM voice gateway |
|
|
ASR1001-X throwing: ETH_SPA_MAC-3-SPI4_ERROR: SIP0/1: Marvel MAC |
|
|
SR: CFLOW input intf index is 0xffffffff for Service-engine DSP module interface |
|
|
ASR1002-HX crashed after huge traffic is transmitted over it |
|
|
ISR4k: hang up when executing "sh ip nat tran" with static NAT entries |
|
|
Async line not visible in show run and show int brief output but visible in show line output |
|
|
Crashed while checking condition debug |
|
|
ASR1006X linecard down after Active RP3 OIR |
|
|
Static Nat fails to translate SIP Trying L7 header |
|
|
With 3 KS in COOP, overlapping KSSID range is not detected |
|
|
ISR4k - 'control-plane host' feature was moved to APPX feature set. |
|
|
ASR1000-2T+20X1GE interface speed change from 100 to 1000 after switchover |
|
|
Reorder ip nat configuration - to be placed after ip http configuration |
|
|
RP3 Punt Interface May Drop Traffic Due to VLAN Filter Hardware |
|
|
DMVPN Phase 2 shortcut triggered from a spoke behind PAT may end up in stuck DNX state |
|
|
Router crashed when printing logs while constructing rekey packets (GETVPN) |
|
|
FlexVPN with password encryption - keyring aaa LIST password 6 xxxxx encrypted again upon reload |
|
|
%CTS-3-SAP_MANUAL_PMKID_MISMATCH: PMKID Mismatch when master switch failover in a 6 switch stack |
|
|
Input CRC counter increasing on Tengi interface. |
|
|
EIGRP session is not coming up if the dynamic PBR is applied on interface |
|
|
Int index is 0 for the Cellular inteface in the exported flow |
|
|
SUP reload after running the command " show plat hard qfp act infr bqs debug qmrt_dump " |
|
|
Curie:Device is crashing while swapping between PoE and Non-PoE NIM-ES2-8 Module in slot 0/1 |
|
|
Correction to Quick RP3 recovery after the Punt Path XAUI link goes down |
|
|
[GreenDay]-Packet loss observed in IXIA while packet sending from te0/0/6. |
|
|
%QFPOOR-4-TOP_EXMEM_USER reports negative memory allocation |
|
|
PKI "revocation check crl none" does not fallback if CRL not reachable |
|
|
BUILT-IN-2T+20X1GE - VLAN bytes and packets counters are frozen. |
|
|
Crash when inserting second NIM-2MFT-T1/E1 in 4331 |
|
|
"no autostate" will auto add after re-configure svi interface |
|
|
ISR4351 communication down few minute after shutdown/no shutdown interface |
|
|
Priority queueing on port-channel interfaces causes frame re-ordering. |
|
|
SCCP Application does not clear failed sockets leading to leak and socket pool exhaustion |
|
|
Packet drop occurs after acl permit configurations |
|
|
Cellular interface lte Network Selection Mode switches to manual |
|
|
Router crashes when removing a crypto map |
|
|
FMAN crash due to Flexible Netflow (fnf) |
|
|
ISR4k with NIM-ES2 do not forward STP Uplink Fast dummy packet |
|
|
PKI incorrect fingerprint calulation during CA authentication |
|
|
CSR1000v IC2M Self Integrity Test Bypassed |
|
|
Router crashing after upgrade due to Crypto commands "Block overrun at 284B2160 (red zone 000110DF)" |
|
|
Traceback: Error seen after tunnel flap: DATACORRUPTION-1-DATAINCONSISTENCY |
|
|
Crash at NAT clear |
|
|
ISR 4331, wrongly adding to Port to subscriber field after translation. |
|
|
mem leak in ios_portal_vty_run_cmd |
|
|
MaxSusRate is not working with service class |
|
|
IOSXE - firewall corrupts half open list |
|
|
isr4461 may fail to recognize SFP+ 10GBASE-LR on the latest polaris_dev images |
|
|
Crash at Process = SCCP Auto Config |
|
|
CPUHOG while unconfiguring vrf with 1M vxlan static routes |
|
|
FXS - no busy tone is generated on remote-onhook condition with call pickup scenario |
|
|
"ip nat translation port-timeout" limited to overflows after reaching 16bit |
|
|
GC NAT unable to detect dns packet |
|
|
IPSec-Session count in "show crypto eli" reaches max causing VPN failure |
|
|
MACSEC license is not being consumed for sub-interfaces |
|
|
ASR1001-HX: Excessive pause frames (IEEE802.3x compliant) affect traffic on other interfaces |
|
|
IOS-XE ACL port information preserved after encapsulation |
|
|
tdl_fw_stats in FMAN logs errors |
|
|
AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa |
|
|
Streaming CRCs seen with GLC-GE-100FX VID: V02 on ISR4k |
|
|
Ping failure on Port-channel sub interface when is using EVC in main port channel |
|
|
ISR4K TCP SEQ/ACK number wrongly inserted after OUT to IN NAT translation. |
|
|
GetCACaps is using wrong CA-IDENT when using enrollment profiles |
|
|
Traffic stops flowing on Xconnect tunnel when upgraded to 16.9.2 |
|
|
Read and Write lock fix for ACL cache |
|
|
Overlay BGP down when configured "ip nhrp server-only" |
|
|
Incoming ESP packets with SPI value starting with 0xFF are dropped due to Invalid SPI error |
|
|
ISR4K: Router crash due to twice memory release |
|
|
CSR1kv router crash due to file descriptor leak |
|
|
ASR1000: VLAN counter mismatch on sub-interfaces |
|
|
CHUNKBADROOTCHUNKPTR: Bad root chunk pointer in chunk header post SSO - ASR1K |
|
|
CSR1000v - i40evf interface shows Up but does not pass traffic |
|
|
MGCP GW doesn't reset SSRC/ROC on receiving MDCX with new IP/port/SDP parameter for SRTP call. |
|
|
On-Prem DMVPN fails to establish a dynamic tunnel between Spoke nodes. |
|
|
GETVPN suite-B does not work on ASR1006x router |
|
|
static nat which has been deleted is shown when show ip nat translation |
|
|
VG3x0 - groundstart voice-port configuration removed after reload |
|
|
Incomplete arp in management interface |
|
|
Counters of interfaces are reporting inexistent peaks |
|
|
PW MIB does not list all VCs when template is fwd ref, "show pwmib peer" returns nothing |
|
|
Engine keyword missing after "show utd engine standard statistics url-filtering" |
|
|
Crash due to too many DSPs |
|
|
Crash when running show crypto map |
|
|
Ucode crash when PfRv3 and IPv6 monitor are configured on the same tunnel with IPv6 VRF configured |
|
|
ASR1k: Crypto Engine remains in stuck state post dataplane crash |
|
|
C1100 Static PAT translations fail due to %FMFP-3-OBJ_DWNLD_TO_DP_FAILED: |
|
|
IPsec SA installation fails with simultaneous negotiations despite fix for CSCve08418 |
|
|
ASR 920 || SW 16.9.3 || Issue with "platform usb disable" CLI |
|
|
IR1101 platform tunnel interface fails to come up after multiple flaps of source interface |
|
|
Crash after Media monitor look up. |
|
|
"encr aes 256" config removed from CDB & invisible to netconf/yang and restconf |
|
|
NIM-2FXS/4FXOP crashing due to DSP failed to reply properly |
Open Bugs
All open bugs for this release are available in the Cisco Bug Search Tool through the open bug search.
|
Caveat ID Number |
Description |
|---|---|
|
Polaris 16.3.1 : Machine and bus error failures in ESP20 |
|
|
Excluding cisco802TapMIB or ciscoTap2MIB should not require Lawful Intercept licence |
|
|
ASR1000: RP3 crash due to punt-keepalive failures |
|
|
ASR1K routers crashed when TCM received an illegal command from the ucode |
|
|
Add ERROR message over IOS console when HSPRDA TCAM region gets full |
|
|
ASR1001-HX: bay1 1G link stays up when Rx cable of remote end is removed |
|
|
Router crashes after snmpget to OID related to NHRP |
|
|
DMVPN - Packet is encapsulated but not encrypted going out DMVPN tunnel |
|
|
Error messages seen when configuring "logging persistent protected" on ASR1K routers |
|
|
Cellular Backoff counters is not correct after modem reset : |
|
|
Stale Nat Entries On Secondary Router |
|
|
ASR1K ACTIVE ROUTER NAT ENTRIES SPIKE ISSUE |
|
|
ESP40 crash in CGN mode after apply "ip nat setting mode cgn" |
|
|
ASR 1k sub-interface counters wrong. |
|
|
BRI leased line can't come up automatically after remove/insert one side's cable |
|
|
Get-Config using NETCONF interrupted if authenticated with TACACS+ |
|
|
shaper of the internal crypto interface is incorrectly programmed |
|
|
ASR1001HX || 16.6.5 || Back to back ping not working |
|
|
ISR4451-X with E1/T1 NIM shows SPA-1-DB_AUTHENTICATION_FAIL:iomd: Module daughter board auth |
|
|
AppNav: Optimization failed with Asymmetrical traffic, VRF, FNF and NBAR |
|
|
Router crashes with ZBF HA sync. |
|
|
Router is on Bootloop after QoS configuration. |
|
|
Interfaces with 'shutdown' configuration in UP state |
|
|
ASR1001-X: fman_fp crash while unconfiguring Tunnel interface |
|
|
ISR4k crash during packet inspection due to stuck thread |
|
|
ASR1k : mib counters for ipsec sa session much less than the real number of ipsec sa sessions |
|
|
F0: fman_fp unexpectedly crashed with exmem chunk alloc |
|
|
C1111-4P doesn't restart authentication for "clear authen session" if "authen open" the port |
|
|
asr1k BDI not working properly for packet fragmentation - very small fragments are getting dropped |
|
|
DMVPN | Spoke to Spoke traffic fails when Tunnel initiated by Tunnel IP to tunnel IP pings. |
|
|
ASR1k: ucode crash @ uidb_subblock_lookup__output_nat_sb |
|
|
Supervisor reloaded due to cpp_cp_svr process crashing |
Feedback