Cisco 4000 Series Integrated Services Routers Overview
The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).
The following table lists the router models that belong to the Cisco 4000 Series ISRs.
Cisco 4400 Series ISR |
Cisco 4300 Series ISR |
Cisco 4200 Series ISR |
---|---|---|
Cisco 4431 ISR |
Cisco 4321 ISR |
Cisco 4221 ISR |
Cisco 4451 ISR |
Cisco 4331 ISR |
|
Cisco 4461 ISR |
Cisco 4351 ISR |
System Requirements
The following are the minimum system requirements:
Note |
There is no change in the system requirements from the earlier releases. |
-
Memory: 4GB DDR3 up to 16GB
-
Hard Drive: 200GB or higher (Optional). (The hard drive is only required for running services such as Cisco ISR-WAAS.)
-
Flash Storage: 4GB to 32GB
Note
There is no change in the flash storage size from the earlier releases. The flash storage size must be equal to the system memory size.
-
NIMs and SM-Xs: Modules (Optional)
-
NIM SSD (Optional)
For more information, see the Cisco 4000 Series ISRs Data Sheet.
Note |
For more information on the Cisco WAAS IOS-XE interoperability, refer to the WAAS release notes: https://www.cisco.com/c/en/us/support/routers/wide-area-application-services-waas-software/products-release-notes-list.html |
Determining the Software Version
You can use the following commands to verify your software version:
-
For a consolidated package, use the show version command
-
For individual sub-packages, use the show version installed command
Upgrading to a New Software Release
To install or upgrade, obtain a Cisco IOS XE Amsterdam 17.1.1 consolidated package (image) from Cisco.com. You can find software images at http://software.cisco.com/download/navigator.html. To run the router using individual sub-packages, you also must first download the consolidated package and extract the individual sub-packages from a consolidated package.
Note |
When you upgrade from one Cisco IOS XE release to another, you may see %Invalid IPV6 address error in the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias commands and save the configuration. The commands will be persistent on subsequent reloads. |
For more information on upgrading the software, see the How to Install and Upgrade the Software section of the Software Configuration Guide for the Cisco 4000 Series ISRs.
Recommended Firmware Versions
Table 1 provides information about the recommended Rommon and CPLD versions for releases prior to Cisco IOS XE Everest 16.4.1.
Cisco 4000 Series ISRs |
Existing RoMmon |
Cisco Field-Programmable Devices |
||
---|---|---|---|---|
Cisco 4451 ISR |
16.7(4r) |
15010638
|
||
Cisco 4431 ISR |
16.7(4r) |
15010638
|
||
Cisco 4351 ISR |
16.7(5r) |
14101324 |
||
Cisco 4331 ISR |
16.7(5r) |
14101324 |
||
Cisco 4321 ISR |
16.7(5r) |
14101324 |
||
Cisco 4221 ISR |
16.7(5r) |
14101324 |
Upgrading the ROMMON Version on the Cisco 4000 Series ISR
For information about ROMMON compatability matrix, and ROMMON upgrading procedure, see the ROMMON Compatability Matrix and "ROMMON Overview and Basic Procedures” sections in the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.
Upgrading Field-Programmable Hardware Devices
The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware package is released to customers.
Generally, an upgrade is necessary only when a system message indicates one of the field-programmable devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests an upgrade.
From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.
Feature Navigator
You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on cisco.com is not required.
Limitations and Restrictions
The following limitations and restrictions apply to all releases:
Cisco Unified Threat Defense
The Cisco Unified Threat Defense (UTD) service requires a minimum of 1 to 4 GB of DRAM.
Cisco ISR-WAAS and AppNav-XE Service
The Cisco ISR-WAAS/AppNav service requires a system to be configured with a minimum of 8GB of DRAM and 16GB flash storage. For large service profiles, 16GB of DRAM and 32GB flash storage is required. Also, Cisco ISR-WAAS requires a minimum of 200GB SSD.
IPsec Traffic
IPsec traffic is restricted on the Cisco 4000 Series ISR. The router has the same IPsec functionality as a Cisco ISR G2. The default behavior of the router will be as follows (unless an HSECK9 license is installed):
-
If the limit of 1000 concurrent IPsec tunnels is exceeded, no more tunnels are allowed and the following error message appears:
%CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 1000 reached for Crypto functionality with securityk9 technology package license.
-
The throughput encrypted traffic supports 250 Mbps.
-
The Cisco 4000 Series ISR does not currently support nested SA transformation such as:
crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac
-
The Cisco 4000 Series ISR does not currently support COMP-LZS configuration.
USB Etoken
USB Etoken is not supported on Cisco IOS XE Denali 16.2.1.
Yang Data Models
Effective with Cisco IOS XE Everest 16.5.1b, the Cisco IOS XE YANG models are available in the form of individual feature modules with new module names, namespaces and prefixes. Revision statements embedded in the YANG files indicate if there has been a model revision.
Navigate to https://github.com/YangModels/yang > vendor > cisco > xe >1651, to see the new, main cisco-IOS-XE-native module and individual feature modules attached to this node.
There are also XPATH changes for the access-list in the Cisco-IOS-XE-acl.yang schema.
The README.md file in the above Github location highlights these and other changes with examples.
CTI Configuration
CME does not support CTI configurations on Cisco 4000 Series ISRs.
New and Changed Information
New Software Features in Cisco 4000 Series ISRs Release Cisco IOS XE Amsterdam 17.1
The following features are supported by the Cisco 4000 Series Integrated Services Routers for Cisco IOS XE Amsterdam 17.1.1:
-
Configuring the SM-X-40G4M2X EtherSwitch Service Module:Cisco SM-X-40G4M2X service module provides a variety of 1 Gigabit, 2.5 mGiG, and 10G SFP/SFP+ ethernet connectivities. Also, provides 10G-capable internal uplink to central forwarding data plane on modular Cisco 4000 Series ISRs.
-
CUCM Auto-registration and Self-Provisioning: This feature enables auto-registration for SCCP (Skinny) phones and allows you to assign directory number from Auto-registration pool and Self-provisioning IVR.
-
Group Domain of Interpretation: Group Domain of Interpretation (GDOI) includes the ability of a Key Server (KS) to provide a set of current Group Member (GM) devices with additional security associations. RFC 8263 has added the ability of a KS to request that the GM devices return an acknowledgement of its rekey message and specifies the acknowledgement method.
-
New Default Credentials for WebUI: The login credentials for connecting to the device by WebUI at day 0 have been updated.
-
SMU Integrity Hash Verification Against Known Good Value: SMU Integrity Hash Verification against Known Good Value feature helps you to authenticate and maintain the integrity of cisco IOS XE software SMU images and to keep track of changes in software for security.
-
Stronger Network Time Protocol (NTP) Authentication: The authentication keys of NTP and Simple Network Time Protocol (SNTP) support enhanced cryptographic options such as CMAC, SHA-1, and SHA-256. These options enhance the security of the message exchange of NTP and SNTP. [NG]: The authentication keys of Network Time Protocol and Simple Network Time Protocol (SNTP) uses cryptographic options, such as CMAC, SHA-1, and SHA-256 to enhance the security of the message exchange of NTP and SNTP.
-
The Web UI lets you configure the Routing Information Protocol on the Cisco 4000 Series Integrated Services Routers. To learn more, refer to the WebUI Online Help.
-
YANG Data Models—For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16121/BIC. Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights changes that have been made in the release.
Configure the Cellular Back-off Operation
For a router with 3G/4G interface, sometimes service provider network might be busy, congested, in maintenance or in fault state. In such circumstances, service provider network rejects session activation request from the router by returning reject cause code 33 as a response of the activation request. After the router receives the reject cause, the router uses the back-off operation with the pre-defined timer value which could be carrier-specific. While back-off operation is in progress, no new session activation request is sent out from the router. After the back-off period is up, new session activation request is sent out from the router.
Note: There is no command to disable the cellular back-off feature on the router.
The following example shows how to configure the cellular back-off feature to stop continuous session activation requests back to the router:
Router#show cell 0/2/0 all
Profile 1, Packet Session Status = INACTIVE
Profile 2, Packet Session Status = INACTIVE
Profile 3, Packet Session Status = INACTIVE
.
.
.
Success rate is 0 percent (0/5)
Router#show cell 0/2/0 c
Profile 1, Packet Session Status = INACTIVE
Profile 2, Packet Session Status = INACTIVE
Profile 3, Packet Session Status = INACTIVE
RouterCall end mode = 3GPP
RouterSession disconnect reason type = 3GPP specification defined(6)
RouterSession disconnect reason = Option unsubscribed(33)
RouterEnforcing cellular interface back-off
Period of back-off = 1 minute(s)
Profile 4, Packet Session Status = INACTIVE
...
Profile 16, Packet Session Status = INACTIVE
.
.
.
Profile 16, Packet Session Status = INACTIVE
Configure the Router for Web User Interface
This section explains how to configure the router to access Web User Interface. Web User Interface require the following basic configuration to connect to the router and manage it.
-
An HTTP or HTTPs server must be enabled with local authentication.
-
A local user account with privilege level 15 and accompanying password must be configured.
-
Vty line with protocol ssh/telnet must be enabled with local authentication. This is needed for interactive commands.
-
For more information on how to configure the router for Web User Interface, see Cisco 4000 Series ISRs Software Configuration Guide, Cisco IOS XE 17.
Entering the Configuration Commands Manually
To enter the Cisco IOS commands manually, complete the following steps:
Before you begin
If you do not want to use the factory default configuration because the router already has a configuration, or for any other reason, you can use the procedure in this section to add each required command to the configuration.
Procedure
Step 1 |
Log on to the router through the Console port or through an Ethernet port. |
Step 2 |
If you use the Console port, and no running configuration is present in the router, the Setup command Facility starts automatically, and displays the following text:
Enter no so that you can enter Cisco IOS CLI commands directly. If the Setup Command Facility does not start automatically, a running configuration is present, and you should go to the next step. |
Step 3 |
When the router displays the user EXEC mode prompt, enter the enable command, and the enable password, if one is configured, as shown in the following example:
|
Step 4 |
Enter config mode by entering the configure terminal command, as shown in the following example.
|
Step 5 |
Using the command syntax shown, create a user account with privilege level 15. |
Step 6 |
If no router interface is configured with an IP address, configure one so that you can access the router over the network. The following example shows the interface GigabitEthernet 0/0/0 configured.
|
Step 7 |
Configure the router as an http server for nonsecure communication, or as an https server for secure communication. To configure the router as an http server, enter the ip http server command shown in the example:
|
Step 8 |
Configure the router for local authentication, by entering the ip http authentication local command, as shown in the example:
|
Step 9 |
Configure the vty lines for privilege level 15. For nonsecure access, enter the transport input telnet command. For secure access, enter the transport input telnet ssh command. An example of these commands follows:
|
Resolved and Open Caveats
This section provides information about the caveats in Cisco 4000 Series Integrated Services Routers and describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.
The open and resolved caveats for this release are accessible through the Cisco Bug Search Tool . This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Note |
If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential. |
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
Using the Cisco Bug Search Tool
For more information about how to use the Cisco Bug Search Tool , including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help & FAQ .
Before You Begin
Note |
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool . If you do not have one, you can register for an account. |
SUMMARY STEPS
- In your browser, navigate to the Cisco Bug Search Tool .
- If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.
- To search for a specific bug, enter the bug ID in the Search For field and press Enter.
- To search for bugs related to a specific software release, do the following:
- To see more content about a specific bug, you can do the following:
- To restrict the results of a search, choose from one or more of the following filters:
DETAILED STEPS
Step 1 |
In your browser, navigate to the Cisco Bug Search Tool . |
||||||||||||
Step 2 |
If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In. |
||||||||||||
Step 3 |
To search for a specific bug, enter the bug ID in the Search For field and press Enter. |
||||||||||||
Step 4 |
To search for bugs related to a specific software release, do the following: |
||||||||||||
Step 5 |
To see more content about a specific bug, you can do the following:
|
||||||||||||
Step 6 |
To restrict the results of a search, choose from one or more of the following filters:
Your search results update when you choose a filter. |
Resolved and Open Caveats in Cisco 4000 Series Integrated Services Routers
This section contains the following topics:
Open Bugs - Cisco IOS XE Amsterdam 17.1.1
All open bugs for this release are available in the Cisco Bug Search Tool.
Caveat ID Number |
Description |
---|---|
Dialer watch not disconnecting the backup link even after the watched route exists in routing table. |
|
Crash after executing "show archive config differences". |
|
Multicast VRF Nat not working properly. |
|
APN password in clear text when configuring profile under cellular controller. |
|
Crash due to NBAR classification. |
|
GetVPN-Cisco 4461 ISR: Getvpn traffic is failing with Transport mode with all the versions. |
|
IPSec background crash after entered command clear cry sa peer <ip address> |
|
NIM interfaces go into shutdown after router bootup. |
|
Cisco 4000 Series ISRs GETVPN Server crash during comparison of the group member ID and group. |
|
MKA session up but unable to pass data across link using AES-256-XPN cipher |
|
Cisco 4000 Series ISRs Mgmt Gi0 up with speed 100Mbps. |
|
Cisco 4000 Series ISRs SNMP if alias not populate on E1 interface. |
|
NIM EEPROM log triggers after boot. |
Resolved Bugs - Cisco IOS XE Amsterdam 17.1.1
All resolved bugs for this release are available in the Cisco Bug Search Tool.
Caveat ID Number |
Description |
---|---|
Passive FTP will fail when going over NAT and either client or server are off a SM-X-ES3. |
|
"sh macsec statistics int <>" and "sh macsec status interface <>" does not show output. |
|
CFT crashed frequently. |
|
NeMo tunnel is down after cellular interface config is overwritten. |
Related Documentation
Platform-Specific Documentation
For information about the Cisco 4000 Series ISRs and associated services and modules, see:
Documentation Roadmap for the Cisco 4000 Series ISRs,Cisco IOS XE 16.x .
Cisco IOS Software Documentation
The Cisco IOS XE Fuji 16.x software documentation set consists of Cisco IOS XE Fuji 16.x configuration guides and Cisco IOS command references. The configuration guides are consolidated platform-independent configuration guides organized and presented by technology. There is one set of configuration guides and command references for the Cisco IOS XE Fuji 16.x release train. These Cisco IOS command references support all Cisco platforms that are running any Cisco IOS XE Fuji 16.x software image.
See http://www.cisco.com/en/US/products/ps11174/tsd_products_support_series_home.html
Information in the configuration guides often includes related content that is shared across software releases and platforms.
Additionally, you can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on cisco.com is not required.
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.