Image Information and Supported Platforms
Cellular Interface Naming Convention
Support for Flexible Mesh Key Lifetime and PTK/PMK Multiplier
Support Multiple UDP Ports for Multicast Traffic Forwarding
Configurable dot1x Authentication Settingsq
Accelerometer and Gyroscope Support
IOXVM Storage Partition Enhancement
Support for New Modems and Dual Modems
Last Revised: February 5, 2018
First Published: January 3, 2017
The following release notes support the Cisco IOS Releases 15.6(3)M1b release. The 15.6(3)M1b release corrected important issues found in the previous release 15.6(3)M1a.
Note Some of the software functionality in this release will only be available on new SKUs. See the list of new SKUs later in this document.
Note You must have a Cisco.com account to download the software.
Cisco IOS Release 15.6(3)M1b includes the following Cisco IOS images:
This bundle contains the following components:
– Guest Operating System: Cisco-GOS,version-1.2.4.2
– IOS: final version 15.6(3)M1b
– Guest Operating System: Cisco-GOS,version-1.40
– IOS: final version 15.6(3)M1b
The latest image file for the IR809 and IR829 can be found at:
https://software.cisco.com/download/navigator.html?mdfid=286287045&flowid=75322
The latest image file for the CGR 1000 Series Cisco IOS image is:
https://software.cisco.com/download/navigator.html?mdfid=284165761&flowid=75122
Note In order to use Guest Operating System with the IOS version 15.6(3)M1b, users will need to install a separate GOS image version 1.41. Cisco will provide this GOS image per request.
Note The ir800-universalk9-bundle.SPA.156-3.M.bin bundle must be copied via Trivial File Transfer Protocol (TFTP) to the IR800, and then installed using the bundle install flash:
<image name> command. The ir800-universalk9-bundle.SPA.156-3.M1b.bin file can NOT be directly booted using the boot system flash:/image_name.
Detailed instructions are found in the Cisco IR800 Integrated Services Router Software Configuration Guide.
Note The cipher dhe-aes-256-cbc-sha (which is used with the commands ip http client secure-ciphersuite and ip http secure-ciphersuite) is no longer available in IOS 15.6(3)M and later as part of the weak cipher removal process. This cipher was flagged as a security vulnerability.
For details on the CGR1000 installation, please see:
http://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/cgr1000/ios/release/notes/OL-31148-05.html#pgfId-998856
This release has the following limitations or deviations for expected behavior:
Caveat CSCvf76265 crosses over several different IOS software releases, and is a platform driver code issue. It is included here as a known limitation with the IR800 and CGR Industrial Routers.
On both the CGR1000 and IR800, the core dump fails to write into the local flash. The IOS is running as a virtual machine and then hypervisor is running underneath. The local flash is provided by the hypervisor as a virtual disk. When a crash occurs, this virtual disk is no longer available therefore copying to flash will fail. The workaround is to use an ftp server to copy the core dump to.
There was an omission in the previous release notes for IOS 15.6(3)M0a concerning a naming convention change.
The IR829 interface names cellular 0 and cellular 1 were replaced by cellular 0/0 and cellular 0/1. The following table helps to illustrate the relationships between Modem, SIM, Interface, and Controller:
Dual Modem cellular interfaces are Cellular 3/1 and Cellular 4/1.
Dual Modem cellular interfaces are Cellular 3/1 and Cellular 6/1.
This release includes the following enhancements to the IR800 series:
The CGR Compute Module, is a modular, hardened server module for CGR 1000 routers. The compute module runs on Cisco IOx, a hypervisor architecture. Customers can run Internet of Things (IoT) applications on a Virtual Machine (VM) and connect legacy networking technologies through a network interface card. The compute module functions as a fog computing node at the edge of the network.
Minimum software requirements:
For additional information, see the Release Notes for Cisco IOx, Release 1.2.0:
http://www.cisco.com/c/en/us/td/docs/routers/access/800/software/guides/iox/release-notes/iox120rn.html
Support has been added to open up IPv6 configuration for cellular module if it is a 4G module. IPv4 and IPv6 can be enabled concurrently on the cellular interfaces.
The following example shows the steps to create an IPv6 profile, show the IOS configuration module, verify the IPv6 address, and then test using the ping command.
Step 1 Shutdown the cellular module.
Step 2 Create the IPv6 profile for cellular module.
Step 3 Show the running configuration. (Output edited for brevity)
Step 4 Verify the IPv6 address on cellular module.
Step 5 Test with the ping command.
A new command line interface was added to change gtk, pmk and ptk lifetimes.
The following is an example to illustrate the new CLI:
A new command line interface was added for wpan multicast-agent optional ports.
Support has been added to make the dot1x authentication optimization setting configurable. There is a new command setting in the WPAN interface mode to enable (for memory reduction) or disable the preservation of the dot1x authenticated sessions.
Support has been added to enable an existing hardware feature on the IR829 in software in order to track the speed and angular movement of the device.
Two configuration CLIs and one show CLI are introduced:
Once this is enabled, gyroscope reading will start by the frequency currently set.
Default frequency is 1/sec. If this is configured, it would overwrite default frequency and any later reading would be according to the newly set frequency.
This CLI would only show data if "gyroscope-reading" is enabled. All readings since start (unless wrap-around occurs, which means table is full), would be shown in the order from the most recent to the oldest.
Each entry shows G-X, Y, Z(3D gyroscope data) in unit mg and XL-X,Y, Z(3D accelerator data) in mdps.
Note Configurations would be in running-config and would stay over reload if saved.
This enhancement to the IR800 series is to provide more flexibility to provide a customizable disk partitioning. With a smaller partition for system files, the user can put larger applications in the remaining partition.
A new CLI is introduced for this purpose:
The user can input a number between 30 and 90 which would be rounded up to multiples of 5.
For example, typing in 30 means the system partition would take 30% of total space.
IOS communicates with VDS, which will actually perform disk repartition for GOS. After the action is completed by VDS, VDS will send a notification message back to IOS to indicate the status of operation.
After the disk repartitioning, the user will need to reinstall the GOS.
After the repartition is successful, you should see the following syslog message:
After the disk is repartitioned, the GOS needs to be reinstalled by one of two methods:
On the CGR1000, and the IR800 platforms, the Guest OS will now perform a graceful shutdown before a reload of the device. Previously, the GOS would not go through the shutdown command, which sometimes would result in unexpected behavior.
The following documentation is available:
http://www.cisco.com/c/en/us/td/docs/ios/15_6m_and_t/release/notes/15_6m_and_t.html
http://www.cisco.com/c/en/us/support/routers/800-series-industrial-routers/tsd-products-support-series-home.html
http://www.cisco.com/c/en/us/support/routers/1000-series-connected-grid-routers/tsd-products-support-series-home.html
This release has the following limitations or deviations for expected behavior:
All of the Cisco IR800 Industrial Integrated Services Router documentation can be found here:
http://www.cisco.com/c/en/us/support/routers/800-series-industrial-routers/tsd-products-support-series-home.html
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or closed (resolved).
Note You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
CGR1000 IOx - Cannot Reinstall App after Uninstall.
A CGR is running into this issue if the following error message is seen when installing an application which was previously uninstalled from the system:
Router#iox application install app1 app1.zip Router-GOS-1
Error: app name has to be unique across GOSes
If the app name is changed, the installation is successful:
If you look at the nvram:iox-appname-db file, you will find that both app names are present:
Conditions to meet this so far have been caused by upgrading to the 15.6(3)M1b IOS image using GOS 1.4.2.
A workaround has been found in order to reinstall the app using the original name:
1. Log into the GOS and issue the following command: rm -rf /software/apps/work/*
2. Uninstall the application using the "iox application uninstall" command
3. Delete the iox-appname-db file:
5. Once the router is back up, the app can be successfully reinstalled using the original name:
Application Hosting from IOx may not work even if the software is upgraded to the latest working software [15.6(3)M2 and beyond] with the fix. Once the user hits this issue with older versions, following the manual workaround is mandatory.
– Cannot access device from fog director
– unable to manually start applications
– The product ID value in CAF is 'default', when it should update with the product ID sent by IOS.
1. Login to IOx. The simplest method is to reverse telnet to the g0 interface on an IR809, or the g5 interface on an IR829 using port 2070. For Example:
2. Ensure Line1/4 has ' transport input/output all
' on it.
3. Ensure IPv6 is enabled in the IOx interface.
4. Once logged in, check the following:
The most likely status is that CAF will be stopped.
CAF should be in a RUNNING state.
On the 800 series routers, configured with Dialer Watch configurations, if the interface cellular is up and device is reloaded, the dial-out does not happen and IP does not appear on cellular interface.
Perform a shut then noshut on the cellular interface.
LED status report for PoE is inconsistent across different commands.
After completion of a bundle installation, the Guest OS might not function.
Perform a bundle installation with the Guest OS running. After the bundle installation is completed with Guest OS updated, the device needs to be reloaded.
It is recommended to shutdown the Guest OS before performing a bundle install. After the bundle installation is completed, the device needs to be reloaded.
Cisco IOS cannot decode certificate lifetime past the year 2099
The validity end-time for either CA certificate or certificates must be 2099 or earlier. Cisco IOS cannot decode dates past 2099. BER/DER decoding failure will be generated during authentication and enrollment phases.
Registration on the CGR1K, IR800, and C819 will always fails after a flash format or folder deletion.
Once a device has been tunnel-provisioned (including those that have been registered to FND), any attempt to format its flash partition or delete the managed folder on the flash will cause any future registration (e.g. after a router reload, or a fresh ZTD operation) to fail.
java.io.IOException: Failed to retrieve inventory from device. Reason: [invalid cli command] Sent [[show iox host list detail | format flash:/managed/odm/cg-nms.odm, show iox application list | format flash:/managed/odm/cg-nms.odm]]
Access the FND's Oracle database and delete the MD5 checksum of the updated odm file for these eid's from the database.
The alarm contact configuration command syntax changed in 15.6(3)M.
In the 15.6(3)M or later releases, there is a slight change in the command syntax for the alarm contact configuration. If alarm contact is configured in IOS images prior to 15.6(3)M, and the device is upgraded to15.6(3)M, the alarm contact will need to be reconfigured using the new command syntax. Otherwise, the alarm contact setting will be lost.
Pre-15.6(3)M with hyphen between alarm and contact:
Post-15.6(3)M with no hyphen between alarm and contact:
Reconfigure the alarm contact after upgrading to 15.6(3)M.
Media-type rs485 is configurable under IR800 serial port 0 interface (async1), however the serial port 1 (async1) interface does not support media-type rs485.
Conditions : When you configure 'media-type rs485" under the async1 interface, the configuration is acceptable.
On the IR829 with a 4GModem, the modem can enter into an unknown state after several modem resets.
Conditions : After 100+ modem resets and attach to BSS, the modem enters into a state where it no longer displays modem info on IOS ( show cellular 0 all
). It neither attaches to the BSS or sends IP traffic. Modem seems to respond to the AT commands.
Enabling GPS on the CGR1000 3G/4G cellular controller will lock up the console.
Conditions : The regular GPS settings for 3G or 4G cellular controller in the CGR1000 routers must not be used. Cellular modem-based GPS in CGR1000 routers is not supported.
Workaround : Only a CONFIG RESET button recovery may help to restore the CGR1000 back to working condition.
Inconsistent version numbering for the Ref-GOS image name in the IR800 bundle image.
Conditions : In the IR800 bundle image, the REF GOS image name is: ir800-ref-gos.img.2.3.gz
.
Installing the GOS image will produce this version string:
Installation: Cisco-GOS,version-1.0.0.2
I nstallation: Cisco-GOS,version-1.0.0.2
The IR800 GOS image is properly versioned in the form: ir800-ioxvm-1.0.0.x
On the CGR1K, firmware upgrade fails with an error code 105. Seen on both the MC7430 and MC7455 modems.
Workaround : Reload the router.
On the CGR1K, Third-party modules may show power sequence error when powering up.
Conditions : Starting with Cisco IOS version 15.6(3)M1b, whenever a third-party module is powered up, the following power sequence error log message may be generated.
This is due to an enhancement for power sequence error reporting to ensure that Cisco modules are properly powered up. However, for third-party modules, such power sequence error may be safely ignored as long as the module does not have any temperature sensor.
Bundle install failure/timeout, IOx failure
3. iox applications are not accessible anymore
Typically, when the router is left idle for many weeks and months, there is a possibility to observe this when upgrading to the next software image.
Root cause was that dual modem logs in VDS were not rotating and size increased in time. Due to lack of memory, bundle install attempts failed. Reload the router before reattempting bundle install and image upgrade.
Issue is seen in all software images supporting dual modem [15.6(3)M and beyond]
Reload IOS and system will recover.
On IR829 and IR809 platform, there is a Wpan2 interface shown by default in 15.6(3)M2 and beyond software images.
The show run command will by default show an additional interface, regardless of whether LoRa modem is attached or not.
The following caveats are fixed with this release:
On the IR800 or the CGR1K platforms, the MC73XX modem Firmware cannot be upgraded on the 15.6(3)M1 image.
The ' microcode reload
' command will fail to upgrade the modem Firmware. After a modem power-cycle, the platform should be able to work on the previous modem Firmware.
Corrected in version 15.6(3)M1b
Implement chat abort in case of cellular call establishment failure. The message 'no free dialer' was seen when a call was attempted.
Dialer watchgroup doesnt dial out after sim switchover when VRF is configured under cellular interface.
After completion of a bundle installation, the Guest OS might not function.
Perform a bundle installation with the Guest OS running. After the bundle installation is completed with Guest OS updated, the device needs to be reloaded.
CGR1000 GOS image version is not matching the version in the filename.
Conditions : The version in the CGR1000 GOS file name " cgr1000-ref-gos.img.1.30.gz
" is 1.30, but after a bundle install and restarting the IOX VM, the GOS version being retrieved from " sh platform guest-os " is 1.29.
On the IR800, need to reload router once VDS lost connection.
The IR800 watchdog monitors the VDS communication from IOS. This modification to the watchdog tracks the number of missed heartbeats from VDS. When missed heartbeats reaches its limit (i.e. 60), the watchdog will trigger a system reload with a "VDS communication failure" message.
After upgrading the modem on a CGR1240, the modem needed to be power-cycled in order to bring it up.
When executing a series of show and configuration commands quickly on an ISR-G2, via an SSH session, an SSH Process Thrash message is generated.
When executing multiple commands, wait a few seconds between each command.