Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
About Cisco ASR 1000 Series Aggregation Services Routers
The Cisco ASR 1000 Series Routers carry a modular yet integrated design, so network operators can increase their network capacity and services without a hardware upgrade. The routers are engineered for reliability and performance, with industry-leading advancements in silicon and security to help your business succeed in a digital world that's always on. The Cisco ASR 1000 Series is supported by the Cisco IOS XE Software, a modular operating system with modular packaging, feature velocity, and powerful resiliency. The series is well suited for enterprises experiencing explosive network traffic and network service providers needing to deliver high-performance services.
 Note |
For more information on the features and specifications of Cisco ASR 1000 Series Routers, refer to the Cisco ASR 1000 Series Routers datasheet. For information on the End-of-Life and End-of-Sale Announcements for Cisco ASR 1000 Series routers, refer to the ASR 1000 Series End-of-Life and End-of-Sale Notices. |
Note |
Cisco IOS XE Dublin 17.12.1a is the first release for Cisco ASR 1000 Series Aggregation Services Routers in the Cisco IOS XE Dublin 17.12.x release series. |
Product Field Notice
Cisco publishes Field Notices to notify customers and partners about significant issues in Cisco products that typically require an upgrade, workaround or other user action. For more information, see https://www.cisco.com/c/en/us/support/web/field-notice-overview.html.
We recommend that you review the field notices to determine whether your software or hardware platforms are affected. You can access the field notices from https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories.
New and Changed Hardware Features
There are no new hardware features for this release.
New and Changed Software Features in Cisco IOS XE 17.12.3
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.12.2
This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
|
Feature |
Description |
||||
|---|---|---|---|---|---|
|
The Managed Cellular Activation solution provides a programmable subscriber identity module (SIM), called an eSIM, a physical SIM card that you can configure with a cellular service plan of your choice. When ordering a pluggable interface module (PIM) to provide cellular connectivity for your router, choose a PIM model with a preinstalled eSIM. The Managed Cellular Activation solution comes with a “bootstrap” cellular plan to provide internet connectivity with a limited amount of data intended only for Day 0 onboarding of the device to your cellular plan. For information about configuring Cisco SD-WAN Manager with the details of your cellular plan in preparation for onboarding the device, see the Cisco Managed Cellular Activation Configuration Guide. Prepare the configuration in Cisco SD-WAN Manager before powering on and onboarding the device, to avoid running out of the limited data in the bootstrap cellular plan. Added Cisco Managed Cellular Activation (eSIM) support for the following Pluggable Interface Module (PIM) model:
|
|||||
New and Changed Software Features in Cisco IOS XE 17.12.1a
|
Feature |
Description |
||
|---|---|---|---|
|
This feature allows you to perform management operations for SD-Routing devices using Cisco Catalyst SD-WAN Manager. You can use a single network manage system (Cisco Catalyst SD-WAN Manager) to monitor all the SD-Routing devices and therefore help in simplifying solution deployments. |
|||
|
Segment Routing (SR) can currently be applied on Multiprotocol Label Switching (MPLS) dataplane. From Cisco IOS XE 17.12.1a, SR is supported over the IPv6 dataplane for the following protocols:
In addition, the following functionalities are available for Segment Routing over IPv6 dataplane:
|
|||
|
This feature allows you to delete the entries from the logging buffer. You can configure the local syslog retention period after which the entries are purged from the device automatically. To enable this feature, use the logging purge-log buffer days command. |
|||
|
This feature helps users to set a minimum frame size of 72 bytes on an EPA interface using the plim min-frame-length 72byte command. |
|||
| Cisco Unified Border Element (CUBE) Features | |||
|
From Cisco IOS XE Dublin 17.12.1a onwards, High Availability in CUBE supports IPv6 flows. |
|||
|
From Cisco IOS XE Dublin 17.12.1a onwards, VoIP Trace for SIP messages displays cause code in the cover buffer. |
|||
Resolved and Open Bugs for Cisco IOS XE 17.12.x
Resolved Bugs for Cisco IOS XE 17.12.4
|
Bug ID |
Description |
|---|---|
|
Crypto IKEv2 - Fragmented Authentication packets detected as malformed on 3rd party vendor device. |
|
|
Router crashed during SNMPwalk when removing SFP. |
|
|
Ping with smaller packet size is failing on macsec enabled port. |
|
|
Router reports incorrect DOM values over SNMP. |
|
|
GETVPN COOP KS | Wrong Severity for Rekey Acknowledgement configuration mismatch log message. |
|
|
FMFP-3-OBJ_DWNLD_TO_DP_FAILED observed when delete and configure zone-pair back. |
|
|
Kernel crash over continuous reloads. |
|
|
Memory leak in Crypto IKEv2 due to C_NewObject. |
|
|
Unexpected reboot in WLC due to SSL. |
|
|
Memory leak in the Crypto IKMP process. |
|
|
Tunnel QoS - WRED incorrect IP precedence classification with MPLS EXP. |
|
|
mGRE Tunnels with shared ipsec profile cause ucode crash. |
|
|
NAT46 translations are dropped when NAT64 router is also Carrier Supporting Carrier CE. |
|
|
"crypto pki certificate pool" in Running Configuration. |
|
|
Failure to communicate a period of time after the stp status changes. |
|
|
PnP gets stuck when Verizon cellular backhaul is used. |
|
|
Segmentation Fault - Process = IPSec dummy packet process. |
|
|
IPsec tunnel fails to establish due to error IPSec policy invalidated proposal. |
|
|
MGCP GW doesn't respond with 250 OK for a DLCX leading to DLCX loop from CUCM side. |
|
|
'show sdwan policy service-path' command gives inconsistent results with app name specified. |
|
|
Only one split-exclude subnet is pushed to client PC with IOS-XE headend for a RA VPN connection |
|
|
NAT Pool doesn't working under prefix 16. Available address = zero |
|
|
Secure datawipe should reset the configuration register. |
|
|
Unexpected reboot due cpp ucode on a router. |
|
|
ENH: Config Parser Issue for NAT with Extendable and Redundancy. |
|
|
Disabling PMTU-Discovery with MTU Change and BFD Flap Breaks Packet Duplication. |
|
|
Device: macsec not working under LACP port-channel member port. |
|
|
Trim installed certificate on upgrade. |
|
|
Reload in tcp_sanity due to l4 pointer not set. |
|
|
FW upgrade does not work properly on P-LTE-MNA with 17.12.1a and 17.12.2 IOS. |
|
|
AnyConnect connection trough IPSec fails when connecting from an RDP user to an IOS/IOS-XE headend. |
|
|
Segmentation fault and core files are seen on IOS-XE in controller-manged SD-WAN due to speedtest. |
|
|
IPv6 tcp adjust-mss not working after delete and reconfigure. |
|
|
AAA authorization failure during IKEv2 phase negotiation caused unexpected reboot. |
|
|
Router rebooted when attempting merge on used CVLA block. |
|
|
%IOSXE_MGMTVRF-3-INTF_ATTACH_FAIL error after configuring loopback managment vrf then removing it. |
|
|
Router crashed when port-channel interface flap with scale of per-tunnel qos policies. |
|
|
Default setting of Global Punt Policer burst needs to be increased. |
Open Bugs for Cisco IOS XE 17.12.4
|
Bug ID |
Description |
|---|---|
|
Create CLI to push at#enadis=0 followed with at#reboot to FN980 required when configuring Multi-PDN. |
|
|
NAT Command is not readable after reload. |
|
|
GETVPN / Migrating to new KEK RSA key doesn't trigger GM re-registration. |
|
|
Watchdog crash during IPv6 cef adjacency routines. |
|
|
Startup Configuration Failure Post PKI Server Enablement. |
|
|
Device DSL module gets stuck in a booting state. |
|
|
Device Kernel crash over continuous reloads. |
|
|
EzPM application-performance profile may cause memory leak with certain long-lived idle TCP flows. |
|
|
SNMP reports incorrect Transmit Power / Receive Power values for 100G AOC cables. |
|
|
IOS XE Controller Mode - WAN IP is allowed to be configured as SYSTEM IP. |
|
|
emd fault on cc_0_0 (rc=134) due to ensor has exceeded it's maximum number of read errors. |
|
|
SD-WAN ZBFW TCAM misprogramming after rules are reordered on device. |
|
|
Repeated and endless messages "Network change event - activated 4G Carrier Aggregation." |
|
|
In NAT64 scenario, IPv4 packets that needs translation might be dropped by device. |
|
|
High CPU utilisation for confd_cli. |
|
|
Crash due a segmentation fault due a negative value. |
|
|
STCAPP command removed from device after reload. |
|
|
After deleting a NAT configuration, the IP address still shows up in routing table. |
|
|
Key manager crash after hostname change with usage keys. |
|
|
Device reloaded due to ezManage mobile app Service. |
|
|
Inbound calls through device results in phantom calls .(64.3.0, 60.1.4, 62.3.3) |
|
|
Unexpected reboot due to IOSXE-WATCHDOG DBAL EVENTS after Cellular interface flap. |
|
|
Device crashed unexpectedly after a successful WGB/AP config deployment from OD. |
|
|
P-5GS6-GL FN980 modem fW upgrade failing when two modems on device. |
|
|
IOS XE:Traffic not encrypted and droped over IPSEC SVTI tunnel. |
|
|
Device / DSL router crashing due to %PLATFORM-3-ELEMENT_CRITICAL memory level / iomd process. |
|
|
Unencrypted Traffic Due to Non-Functional IPsec Tunnel in FLEXVPN Hub & Spoke Setup. |
|
|
Device crashes while processing an NWPI trace. |
|
|
IKEv2 session is down after reload if identity local address is assigned to interface on Switch. |
|
|
Device EVC Q-in-Q configuration may filter out certain vlans |
|
|
Traceback seen @_nhrp_cache_delete due to negative global cache count . |
|
|
Unable to build two IPSec SAs w/same source/destination where one peer is PAT'd through the other. |
|
|
Device running 17.9.5 ES crashed with multiple core files. |
Resolved Bugs - Cisco IOS XE 17.12.3a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Template attach fail with unknown element: ssh-version in /ios:native/ios:ip/ios:ssh |
|
|
PPPoE with NAT DIA feature validation failed post upgrade. |
Resolved Bugs for Cisco IOS XE 17.12.3
|
Bug ID |
Description |
|---|---|
|
Device keeps crashing when processing a firewall feature. |
|
|
The diagnose feature for IKEv2 is consuming 11% CPU during the session initiation phase. |
|
|
Unexpected reboot after establishing the control plane of EVPN MPLS and receiving packets. |
|
|
NAT HSL logging with VRF filtering is not functioning correctly. |
|
|
Warning and critical CPU utilization thresholds are not recalculated when using data-plane-heavy mode. |
|
|
PoE module does not provide sufficient power to activate the ports after an unexpected reload. |
|
|
SNMP unable to poll tunnel data after a minute. |
|
|
SKA_PUBKEY_DB leak in TDL. |
|
|
Security policy with IPS external syslog configuration fails to generate for specific device models. |
|
|
Endpoint tracker triggers a CPU Hog. |
|
|
ZBFW is unable to detect packets on TenGig interface for device. |
|
|
Add verbose log to indicate grant when grant ra-auto configuration unconfigures grant auto in the PKI server. |
|
|
Device can't boot up in full configuration. |
|
|
Device creates incorrect NAT entry if two or more IP phones from NAT outside register to the same server. |
|
|
Mobile application causing excessive authorization attempts with a null username on a specific device model. |
|
|
Device may crash due to Crypto IKMP process. |
|
|
Audio loss experienced for four seconds on a Voice Gateway device. |
|
|
PKI service crash following an unsuccessful CRL fetch. |
|
|
Device crash with segmentation fault (11), Process = NHRP when processing NHRP traffic. |
|
|
Device unexpectedly reloads during Trustpool retrieval for SIP TLS certificate. |
|
|
EPBR generates an error when the policy is added and deleted multiple times. |
|
|
One-way RTP issue including DSP timeout messages (63.2.0 / 62.3.1). |
|
|
Unexpected reboot while displaying information from a cleared SSS session. |
|
|
PMTUD is not properly converging as it does not attempt to learn a higher MTU value. |
|
|
Inability to disable DMVPN logging on recent software versions. |
|
|
Device should discard IKE Notification messages with incorrect DOI. |
|
|
Race condition crash on device. |
|
|
Frame Relay DTE router crashes due to EXMEM exhaustion. |
|
|
cpp_mcplo_ucode crash with Port-channel and NAT configurations. |
|
|
FTMD crash observed in ENCS platform while running PWK suite. |
|
|
ATO: Session fails to come up when the tunnel is repeatedly shut and no shut (similar to a customer unplugging and replugging a cable). |
|
|
IPSec traffic is being dropped strongSwan when PPK is implemented. |
|
|
Packet drops observed between LISP EID over GRE Tunnel. |
|
|
Upgrade failure on a device via management system due to a system configuration error. |
|
|
AAA template push fails when AAA authorization is configured for local use. |
|
|
Unable to properly activate the Foundation Suite license on a device running software version. |
|
|
Device packets appeared out of order when using Embedded Packet Capture. |
|
|
EZMAN posted statistics to APIs show sudden jumps in Ingress and Egress Bytes counters for Sub-Interfaces. |
|
|
MACsec session is in a secured state but is not sending any traffic. |
|
|
Device crashed with no microcode due to possible dataplane memory corruption in the NAT client. |
|
|
Process mcpcc-lc-ms crash seen due to due to MKA session SAK rekey. |
|
|
Fifty-gigabit port returns a link-flap error-disabled status when peer device reloads or bounces. |
|
|
EntSensorStatus is displayed as Nonoperational. |
Open Bugs for Cisco IOS XE 17.12.3
|
Bug ID |
Description |
|---|---|
|
Create CLI push at#enadis=0 followed with at#reboot to FN980 required when configuring Multi-PDN on a device. |
|
|
Unexpected reload when using show running-config full | format command. |
|
|
IPv6 TCP adjust-MSS not working after deletion and reconfiguration. |
|
|
NAT command not readable after reload. |
|
|
Critical process cpp_ha_top_level_server fault on fp_0_0 (rc=69). |
Resolved Bugs for Cisco IOS XE 17.12.2
|
Bug ID |
Description |
|---|---|
|
Using special characters in the password while generating TP generates an invalid TP. |
|
|
LED L remains green after port shutdown. |
|
|
Ten0/0/2 from Port-channel going to suspended status applying platform QoS port-channel-aggregate. |
|
|
CPU usage mismatch in show sdwan system status vs show proc cpu platform. |
|
|
Device crashes@crypto_map_unlock_map_head. |
|
|
Environmental syslog is not appearing when power cord is disconnected from the redundant PS. |
|
|
Crash when modifying tunnel after running show crypto commands. |
|
|
Device data plane crash in Umbrella/OpenDNS processing due to incorrect UDP length. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
ITU channel configuration seems not working on device. |
|
|
Crashed by TRACK Client thread at access invalid memory location. |
|
|
Unable to migrate from ADSL to VDSL without reboot on device. |
|
|
Crash in IP Input process during tunnel encapsulation. |
|
|
DDNS update retransmission timer fails to work with a traceback error. |
|
|
Crypto PKI-CRL-IO_0 process crash when PKI trustpoint is requested & deleted. |
|
|
IPv4 connectivity over PPP not restored after reload. |
|
|
Custom-app based policy triggering protocol deactivation and CPP traceback with traffic failure. |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
|
Flowspec on device does not revoke. |
|
|
No dial tone on analog phones due to DSP going into power denial state. |
|
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
|
B2B NAT: when configration ip nat inside/outside on VASI intereface, ack/seq number abnormal. |
|
|
Device observes memory leak at process SSS manager. |
|
|
CPLD upgrade failed error message logged during ROMmon upgrade. |
|
|
Depletion in process memory pool/IOSd after enabling virtualization on Cisco IOS-XE platform. |
|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z. |
|
|
Device observes memory leak at process SSS Manager. |
|
|
Memory leak with pubd. |
|
|
ip name-server command not pushed. |
|
|
IOS process crash during VRRP hash table lookup. |
|
|
Device running IOS-XE crashes when removing FQDN ACL. |
|
|
NTP authentication removed after reload using more than 16 bytes. |
|
|
Segmentation fault at IPv6 BGP backup route notification. |
|
|
Cisco IOx application hosting environment privilege escalation vulnerability. |
|
|
WLC unexpected ueload due to segmentation fault in WNCD process. |
|
|
Unable to migrate from ADSL to VDSL without reboot. |
|
|
Extranet multicast code improvements for better handling of data structure. |
|
|
VC down due to control-word negotiation. |
|
|
BDI + NTP configuration puts DMI process in degraded mode. |
|
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper |
Open Bugs for Cisco IOS XE 17.12.2
|
Bug ID |
Description |
|---|---|
|
Router keeps crashing when processing a firewall feature. |
|
|
WLC segmentation fault crash with Network Mobility Services Protocol (NMSP). |
|
|
Unexpected reboot after establishing control plane of EVPN MPLS and receiving packets. |
|
|
PoE module is not providing enough power to bring the ports after an unexpected reload. |
|
|
HSEC license installation from the workflow does not complete. |
|
|
SNMP Unable to poll Tunnel Data after a minute. |
|
|
Renewal of certificates on PKI client fails after a few rollovers. |
|
|
WP7607 Requires Shut/No Shut to populate IP address from modem to host. |
|
|
Silent Reload due to LocalSoftADR causes crash without core file. |
|
|
Router crash with segmentation fault (11), process = NHRP when processing NHRP traffic. |
|
|
Router unexpectedly reloads while fetching certificate Trustpool for SIP TLS. |
|
|
NAT Pool does not work under prefix 16. Available address = zero. |
|
|
Carrier Grade NAT reaching max host entries and failing to translate due to gatekeeper. |
|
|
Unexpected reboot while dispalying information from cleared SSS session. |
|
|
PMTUD incorrectly converging without attempting to learn a higher MTU. |
|
|
IR1835 crashed unexpectedly after a successful WGB/AP config deployment from OD. |
|
|
Packets with L2TP headers cause device to crash. |
|
|
NHRP phase 3 spoke-spoke cache got purged after 5-6 hours with always on traffic running. |
|
|
Traffic not encrypted and droped over IPSEC SVTI tunnel. |
|
|
Cannot disable DMVPN logging. |
|
|
Enable SoS/ROC feature for DSL. |
|
|
Frame Relay DTE router crashes due to EXMEM exhaustion. |
|
|
Device packets appeared out of order when using Embedded Packet Capture. |
|
|
cpp_mcplo_ucode crash with Port-channel and NAT. |
|
|
Router crashed with no UCode due to possible dataplane memory corruption in NAT client. |
|
|
Malformed packet when there is QinQ and L2TPV3 configured. |
|
|
Unexpected reload on device UCode core @l2_dst_output_goto_output_feature_ext_path. |
|
|
Device creates crooked NAT entry if 2 or more IP phone from NAT outside register to same server. |
|
|
Device reload due to memory corruption [GKM KS PROCESS]. |
|
|
Unexpected reboot due to invalid rte_eth_tx_burst. |
|
|
Failure to upgrade FPGA version to standby RP module. |
|
|
Device fiftygig port returns link-flap err-disabled status when peer device reloads or bounces. |
|
|
ZBFW is not able to detect packets on TenGig interface for device. |
|
|
Device port-channel stuck IHQ after remote LC flap. |
|
|
Unexpected reload on device due to Critical process fman_fp_image. |
|
|
IPv6 SPD min/max defaulting to values 1 and 2. |
|
|
High CPU due to MPLS MIB poll. |
|
|
WNCD process crashes. |
|
|
VPLS IRB not working when traffic came from VPNv4 and next-hop is learned over VPLS. |
|
|
pubd process showing high CPU utilization. |
|
|
1Gig int on device using GLC-SX-MMD are down/down after changing connection. |
|
|
Memory leak with pubd. |
|
|
Convergence improvement after device reboot with MVPN profile 14. |
|
|
NETCONF: DMI enters degraded mode caused by BGP neighbor configured under the SCOPE command. |
|
|
FIB/LFIB inconsistency after BGP flap. |
|
|
IOS XE router may experience %FMANRP_QOS-4-MPOLCHECKDETAIL: errors. |
|
|
EEM is running daily instead of weekly or monthly if special strings @weekly or @monthly are used. |
|
|
Mismatch between the resource allocation and app-resource profile custom configuration. |
|
|
Incorrect local MPLS label in CEF after BGP flap. |
|
|
Cisco IOS-XE IPv6 based subscription telemetry does not work. |
|
|
Guestshell connectivity not working with NAT overload. |
|
|
SDA - using spt-threshold infinity and having LHR+FHR can cause the S,G to be pruned on the RP. |
|
|
Unexpected reload when using rsh/rcmd. |
|
|
Locally generated traffic received on incorrect interface inbound and dropped by ACL. |
|
|
WLC unable to get telemetry data due to pubd unexpected reload and fail. |
|
|
Device crash due to dhcpd_binding_check. |
|
|
Site tag change wncd working/failing EAP-TLS. |
|
|
ARP incomplete in VRF Mgmt-intf - G0/0/0 - Switch -G0. |
|
|
LLDP location information not sent when configured. |
|
|
clear bgp command does not consider AFIs when used with update-group option. |
|
|
Device sending incomplete SGT to ISE. |
|
|
Only portion of HSRP config being pushed via CLI ADDON template. |
|
|
match pktlen-range does not work with GRE/IPSEC GRE. |
|
|
In the show tech file, enable secret does not get hidden. |
|
|
Unexpected reload on device ucode core @l2_dst_output_goto_output_feature_ext_path. |
|
|
ISIS crash in local Uloop. |
|
|
Wrong /32 self, complete map-cache entry for fabric hosts on IBN when overlapping summary exists. |
|
|
Member interface config not applied with mis-match in pcakages.conf files. |
|
|
WLC not sending accounting start for user auth after machine auth on 9105AXW RLAN dot1x port. |
|
|
Router unexpectedly reloads while using DHCP for ISG. |
|
|
IOS-XE router not installing classless-static-routes from DHCP option 121. |
|
|
SVL, 10G link on the active chassis will go down after reload. |
|
|
Device sync fails when device prompt comes along with device banner and TACACS is used. |
|
|
Unexpected reboot in device due to SISF and STP initialization. |
|
|
Crash on device polling SPA sensor data. |
|
|
VLAN name mismatch when authorizing vlan name from radius server and enable vlan fallback. |
|
|
Password getting visible for the mask-secret in show logging. |
|
|
Upgrade failing with config check track-id-name. |
|
|
CTS CORE process crash after configuring role based ACL. |
|
|
IPv6 traffic is passing through when the client is in Webauth Pending state (CWA). |
|
|
Option 121 never requested by IOS-XE client. |
|
|
[IPv6 BGP] multiple sourced paths present for the same prefix. |
|
|
IP SPD queue thresholds are out of range. |
|
|
CBQoS polling for the object cbQosCMPostPolicyBitRate returns incorrect value. |
|
|
Device unexpected reload. |
|
|
After migration MAC/IP only MAC is advertised. |
|
|
BGP Router process crash. |
|
|
Memory leak under MallocLite/AAA proxy with NETCONF/RESTCONF. |
|
|
Memory leak in linux_iosd-imag due to SNMP. |
|
|
After a reboot, EAP-FAST/PEAP does not authenticate unless credentials are changed. |
Resolved Bugs for Cisco IOS XE 17.12.1a
|
Bug ID |
Description |
|---|---|
|
Not all HSL entries get pushed to device if more than 1 HSL entries are configured. |
|
|
Issues/discrepancies around CPU alarms generated and sent to device. |
|
|
TLS control-connections down, traffic from controller dropped with SDWANImplicitACLDrop. |
|
|
MACsec remains marked as Secured, but randomly the traffic stops working. |
|
|
Route-map not getting effect when its applied in OMP for BGP routes. |
|
|
With Pure IPv6, minimal bootstrap unable to onboard Non-Fabric - IPv6 config missing in wan int G1. |
|
|
Unexpected behavior due to unstable power source. |
|
|
(EPC, packet-trace) for IPsec running COFF (Crypto Offload). |
|
|
Certificate output is not getting changed on renew when cloud certificate authorization is automated. |
|
|
Output packet bytes calculation biase when we enable QoS on port channel. |
|
|
NAT ALG is changing the Call-ID within SIP message header causing calls to fail. |
|
|
Device upgrade fails due to advertise aggregate with VRF. |
|
|
AAR: BoW feature ignoring color preference from Tiered Transport preference configuration. |
|
|
VPN is established although the peer is using a revoked certificate for authentication. |
|
|
Device crashed and reboot history shows IntelResetRequest on upgrade. |
|
|
Crash seen when umbrella/zscaler template pushed to device when name_lookup takes > 30 sec. |
|
|
NAT entries expire on standby router. |
|
|
With Pure IPV6 overlay, vbond vpn 0 ge0/0 interface if-oper-status down after power off/on. |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
|
Device punt-policer is not configurable. |
|
|
For some error condition platform_properties may double free. |
|
|
Same label is assigned to different VRFs. |
|
|
Auto-Update Cycle incorrectly deletes certificates. |
|
|
No error log generated when EVC/bridge-domain reaches Maximum MAC Learning Limit on device. |
|
|
All USB internal communcation is closed when using platform usb disable command. |
|
|
%CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each write config with same crypto value. |
|
|
Device BFD Session Down with interface flap. |
|
|
Double GR_Additional log enablement defect. |
|
|
Segmentation fault in PB rx when per-tunnel QoS config withdraw. |
|
|
No way audio when using secure hardware conference with secure endpoints. |
|
|
IOS-XE cpp crash when entering no ip nat create flow-entries. |
|
|
AAR overlay actions are applied to DIA traffic. |
|
|
Configuring entity-information xpath filter causes syslogs to print, does not return data. |
|
|
Device unexpected reload when doing ips test with UTD IPS engine. |
|
|
Autotunnel IPSec tracker: Tracker does not come up at all on device. |
|
|
QFP UCode crash when clearing MACs under BD in EVPN scenario. |
|
|
AppNav-XE: Policy-map edit on cluster with multiple service context fails to program TCAM. |
|
|
Non-fabric- Load the minimal bootstrap configs again if device rebooted without saving the configs. |
|
|
Port-channel DPI Load-Balancing not utilizing all the member-links. |
|
|
GARP on port up/up status from C8300 router is not received by remote peer device. |
|
|
Enable VFR CLI. |
|
|
Telstra Cert: FN980 modem (P-5GS6-GL) is showing 4 additional NR bands support - 1, 3, 7, and 28. |
|
|
Unable to configure CIR rate higher then 67G. |
Open Bugs for Cisco IOS XE 17.12.1a
|
Bug ID |
Description |
|---|---|
|
Changes to speed on the interface via CLI/GUI don't go through unless first done via shell access. |
|
|
Failure to upgrade FPGA version to standby RP module. |
|
|
Device unexpectedly reloads due to 'LocalSoft'. |
|
|
Punt keep alive failure crash on controller managed device apparently due to data packets. |
|
|
CISCO-ENTITY-PERFORMANCE-MIB for SNMP crypto load monitoring on device. |
|
|
With Pure IPV6, minimal bootstrap unable to onboard Non-Fabric - ipv6 config missing in WAN int G1. |
|
|
Misprograming during VPN-list change under data policy. |
|
|
SFP transceiver DOM not working after some time. However, interface forwards the traffic as expected. |
|
|
BFD going down for newly onboarded device. |
|
|
Hierarchical QoS shaping policy causes data plane and control plane disruption. |
|
|
Rapid memory leak on ngiolite process. |
|
|
No licenses in use after upgrading from Traditional to Smart licensing IOS-XE versions. |
|
|
Speed tests to internet from device triggered will fail sometimes. |
|
|
Unexpected reboot due QFP UCode due to IPSec functions. |
|
|
Device unexpected reboot while classifying packet with CTF (Common Flow Table). |
|
|
show run and other show commands not in sync after removing GigabitEthernet3. |
|
|
NAT64 prefix is not originated into OMP. |
|
|
Crash when modifying tunnel after running show crypto commands. |
|
|
SIP calls not working on device with ZBFW enabled. |
|
|
Could not access any device show commands at all. |
|
|
Device observes Memory Leak at process SSS Manager. |
|
|
configure replace command fails due to the license udi PID XXX SN:XXXX line on IOS-XE devices. |
|
|
Device has LocalSoftADR crash, writes flat core, and reloads. |
|
|
FlowSpec on device won't revoke. |
|
|
Unable to migrate from ADSL to VDSL without reboot on device. |
|
|
SDRA-SSLVPN: The SSL VPN session closes with re-authentication error after some interval of time. |
|
|
Packets with L2TP headers cause device to crash. |
|
|
Device traffic forwarded to wrong VPN hence traffic gets wrong zonepair matched and gets dropped. |
|
|
IPv4 connectivity over PPP not restored after reload. |
|
|
OMP to BGP redistribution leads to incorrect AS_Path installation on chosen next-hop. |
|
|
EVPN: BUM traffic is not flooded to bridge domain interface. |
|
|
Crash in fman_fp due to error binding an IPSec SA. |
|
|
BFD entries removed. |
|
|
Tail Drops are incrementing continuously on Ten Gig Interfaces. |
|
|
Multiple crashes observed on device platform due to memory exhaustion. |
|
|
Static route keep advertising via OMP even though there is no route. |
|
|
Static NAT entry gets deleted from running config; but remains in startup config. |
|
|
B2B NAT: when configration ip nat inside/outside on VASI intereface, ack/seq number abnormal. |
|
|
Device crashes@crypto_map_unlock_map_head. |
|
|
Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over IPSec cannot be applied. |
|
|
C-NIM-2T: LED L remains green after port shutdown. |
|
|
Unable to configure crypto map on a physical interface due to which crypto map-based VPN's cannot be formed. |
ROMmon Release Requirements
For more information on ROMmon support for Route Processors (RPs), Embedded Services Processors (ESPs), Modular Interface Processors (MIPs), and Shared Port Adapter Interface Processors (SIPs) on Cisco ASR 1000 Series Aggregation Services Routers, see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/rommon/asr1000-rommon-upg-guide.html.
Note |
After upgrading the ROMmon to version 17.3(1r), you cannot revert it to a version earlier than 17.3(1r) for the following platforms:
This restriction is only applicable for these platforms. If you have upgraded to ROMmon version 17.3(1r) on any other platform, reverting to an earlier version of ROMmon is permitted and does not cause any technical issues. |
Related Documentation
-
Release Notes for Previous Versions of ASR 1000 Series Aggregation Services Routers
-
Hardware Guides for Cisco ASR 1000 Series Aggregation Services Routers
-
Configuration Guides for ASR 1000 Series Aggregation Services Routers
-
Product Landing Page for ASR 1000 Series Aggregation Services Routers
-
Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers
-
Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback