Release Notes for Cisco Embedded Service 6300 Series Router - Release 17.3.1
Image Information and Supported Platforms
The following features are not supported on the ESR6300 with software release 17.3.1:
This release has the following limitations or deviations for expected behavior:
Support for Security-enhanced Linux (SELinux)
Communications, Services, and Additional Information
The following release notes support the Cisco ESR6300 router. These release notes are updated to describe new features, limitations, troubleshooting, recommended configurations, caveats, and provide information on how to obtain support and documentation.
Cisco ESR 6300 SKUs provides the hardware product IDs and brief descriptions for the boards.
Embedded Router Board without a cooling plate. (NCP = No Cooling Plate) |
||
Embedded Router Board with cooling plate. (CON = Conduction cooled). |
This publication consists of the following sections:
■ Image Information and Supported Platforms
■ Caveats
The ESR6300 is a compact form factor embedded router module with a board size of 3.0" x 3.775"(76.2mm x 95.885mm). This module may fit in an enclosure that was originally designed for PC/104 modules with some additional adaptation. The more compact design simplifies integration and offers system integrators the ability to use the Cisco ESR 6300 in a wide variety of embedded applications. The ESR card is available with a Cisco-designed cooling plate customized to the ESR, as well as without the cooling plate for system integrators who want to design their own custom thermal solution.
Note : You must have a Cisco.com account to download the software.
Cisco IOS-XE Release 17.3.1 includes the following Cisco image:
■c6300-universalk9.17.03.01.SPA.bin
The latest software downloads for the ESR6300 can be found at:
https://software.cisco.com/download/home/286323493/type
Click on the ESR6300 link to take you to the specific software you are looking for.
■No support for MacSec or DLEP in this release. (MQC: modular quality of service command line).
■Layer 2 COS to DSCP mapping does not work due to no ASIC chipset support for the feature.
■Copper FE SFPs are not supported on the ESR6300.
■Copper GE SFPs are only supported in config terminal > service internal > service unsupported-transceiver mode.
■Cisco does not claim IP Mobility for Ethernet support on the ESR6300.
■Auto-negotiation for 10Mbps, 100Mbps, 1000Mbps in full-duplex mode is supported. For half duplex, support is only on 10Mbps and 100Mbps.
■Refer to the Cisco Approved Vendor List (AVL]) for Cisco USBs. Kingston USB 3.0 works as well. Ensure the USB has a single partition and ext2, Fat16, or Fat32 format only.
■Cellular functionality is not supported.
■Radio Aware Routing is not supported.
■There is no WebUI support for Day 0 or Day 1 configuration
■For Security: No support for TLS, TrustSec, MacSec, CWS [Cloud Web Security], IDS/IPS.
■The WebUI Licensing Page is unsupported for release 17.3.1. For all licensing configuration, please use CLI mode or CSSM.
■In the Web User Interface (WebUI), there are two known issues where erroneous information is displayed. In both of these cases, the information is present in the WebUI even though the functionality is NOT supported on the ESR6300.
–Under Configuration > Security > Threat Defense > snort there is a RAM and DISK size prerequisite check that fails.
–Under Configuration > Security > there is a category for Trustsec.
These are both cosmetic issues due to the features being unavailable in the 17.3.1 release.
■The IOS boot system setting allows users to specify any flash-based storage URL for IOS image booting.
The rommon on the ESR6300 does not expose the non-IOX msata partition, therefore auto-booting from mSATA will not work even if it is configured in IOS.
Example : Users must not configure a boot system setting as follows:
■Receive a message 'unable to open bootflash:golden.bin (14)' during bootup.
Example: Pushing the reset button displays the unable to open message.
This message is intended by design to inform the user they have not setup a golden.bin config file.
The following features are included in the Cisco IOS-XE release 17.3.1:
Security-Enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. SELinux provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.
SELinux enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. This reduces or eliminates the ability of these programs and daemons to cause harm when compromised (for example, via buffer overflows or mis-configurations). This confinement mechanism operates independently of the traditional Linux access control mechanisms.
The are no additional requirements or configuration steps required to enable or operate the SELinux feature. The solution is enabled/operational by default as part of the base IOS-XE software on supported platforms.
The following are enhanced show commands that have been defined for viewing SELinux related audit logs.
show platform software audit all
show platform software audit summary
show platform software audit switch <<1-8> | active | standby> <FRU identifier from a drop-down list>
The following is a sample output of the show software platform software audit summary command:
The following is a sample output of the show software platform software audit all command:
The following is a sample output of the show software platform software audit switch command:
■A resource access was made by the process for which a resource access policy is not defined. The operation was flagged but not denied.
■The operation continued successfully and was not disrupted. A system log has been generated about the missing policy for resource access by the process as denied operation.
■Please contact CISCO TAC with the following relevant information as attachments:
–The message exactly as it appears on the console or in the system log.
–Output of "show tech-support" (text file)
–Archive of Btrace files from the box using the following command ("request platform software trace archive target <URL>") For Example: Device# request platform software trace archive target flash:selinux_btrace_logs
The ESR6300 supports SDWAN with release 17.3.1 or later. This release brings the ESR6300 into feature parity with the IR1101. The ESR6300 will require controller version 20.2 or later.
All of the available SDWAN documentation can be found here:
https://www.cisco.com/c/en/us/support/routers/sd-wan/series.html
The following documentation is available:
■All of the Cisco ESR6300 documentation can be found here:
https://www.cisco.com/c/en/us/support/routers/6300-series-embedded-service-routers/tsd-products-support-series-home.html
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Note : You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
■To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
■To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
■To submit a service request, visit Cisco Support.
■To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
■To obtain general networking, training, and certification titles, visit Cisco Press.
■To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.