Release Notes for Cisco vEdge Device, Cisco SD-WAN Release 20.3.x
 Note |
To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, and Cisco vSmart to Cisco Catalyst SD-WAN Controller. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product. |
These release notes accompany the Cisco SD-WAN Release 20.3.x, which provides Cisco Catalyst SD-WAN capabilities. They include release-specific information for Cisco Catalyst SD-WAN Controllers, Cisco Catalyst SD-WAN Validators, and Cisco SD-WAN Manager as applicable to Cisco vEdge devices.
For release information about Cisco IOS XE Catalyst SD-WAN devices, refer to Release Notes for Cisco IOS XE Catalyst SD-WAN Devices, Cisco IOS XE Release Amsterdam 17.3.x.
What's New for Cisco SD-WAN Release 20.3.x
This section applies to Cisco vEdge devices.
Cisco is constantly enhancing the SD-WAN solution with every release and we try and keep the content in line with the latest enhancements. The following table lists new and modified features we documented in the Configuration, Command Reference, and Hardware Installation guides. For information on additional features and fixes that were committed to the SD-WAN solution, see the Resolved and Open Bugs section in the Release Notes.
| Feature | Description |
|---|---|
|
User Documentation and Interactive Help in Cisco vManage |
|
| User Documentation |
Starting from this release, we've restructured the listing page of our configuration guides to display category-wise book and chapter contents. This new page lets you switch between releases using the View Documents by Release drop-down list. |
|
This feature helps you navigate Cisco vManage and complete vManage procedures using guided workflows. The Interactive Help points to elements within the Cisco SD-WAN Manager interface and shows you where to click next and what to do to complete a selected workflow. |
|
|
Cisco SD-WAN Getting Started |
|
|
This feature outlines the upgrade procedure for Cisco vManage servers in a cluster to Cisco vManage Release 20.3.1. |
|
|
On-Site Bootstrap Process for Cisco vEdge 5000 using SHA2 Enterprise Certificates |
By default, a Cisco vEdge 5000 device uses an SHA1 certificate for authentication with controllers in the overlay network. With this feature, you can authenticate the device using an OTP and a Public Key, and install an SHA2 enterprise certificate on the device. By authenticating the device using an OTP and a Public Key and installing an SHA2 enterprise certificate, you can bypass SHA1 certificate authentication and secure the device against SHA1 vulnerabilities. |
|
Systems and Interfaces |
|
|
The Cisco vManage NMS exports audit logs in syslog message format to a configured external syslog server. This feature allows you to consolidate and store network activity logs in a central location. |
|
|
This feature lets you see all HTTP sessions open within Cisco vManage. It gives you details about the username, source IP address, domain of the user, and other information. A user with User Management Write access, or a netadmin user can trigger a log out of any suspicious user's session. You can set client session timeouts, session lifetimes, server session timeouts, and enable the maximum number of user sessions in Cisco vManage. |
|
|
Support for Multiple VRRP Groups on the Same LAN Interface or Sub-interface |
This feature increases support from one VRRP group per interface to five VRRP groups per interface. Multiple VRRP groups are useful for providing redundancy and for load balancing. |
|
This feature enables you to configure an Inactive state for tunnels between edge devices, reducing performance demands on devices and reducing network traffic. |
|
|
Routing |
|
|
This feature enables you to leak routes bidirectionally between the transport VPN and service VPNs. Route leaking allows service sharing and is beneficial in migration use cases because it allows bypassing hubs and provides migrated branches direct access to non-migrated branches. |
|
|
Policies |
|
|
This feature extends support for service chaining to Cisco IOS XE SD-WAN devices. On Cisco IOS XE SD-WAN devices and Cisco vEdge devices, it adds a tracking feature that logs the availability of a service. |
|
|
Security |
|
| This feature allows you to define firewall policies for incoming and outgoing traffic between a self zone of an edge router and another zone. When a self zone is configured with another zone, the traffic in this zone pair is filtered as per the applied firewall policy. | |
|
Extended DNS (EDNS) and Local Domain Bypass Support with Cisco Umbrella Integration |
This feature enables cloud-based security service on Cisco vEdge devices by inspecting the DNS query. Once the DNS query is inspected, action is taken on it based on whether the query is for a local domain or an external domain. |
|
Cloud OnRamp |
|
|
New Configuration Workflow for Cloud onRamp for SaaS for Cisco vEdge devices |
This feature updates the existing configuration workflow for Cloud onRamp for SaaS for Cisco vEdge devices. |
|
Support Catalyst 48Y4C (Cloud OnRamp for Colocation) |
This release supports the use of Cisco Catalyst 9500-48Y4C switches in the Cloud onRamp for Colocation cluster that enables 80G-200G of bidirectional throughput. |
|
Flexible Topologies (Cloud OnRamp for Colocation) |
This feature provides the ability to flexibly insert the NIC cards and interconnect the devices (CSP devices and Catalyst 9500 switches) within the Cloud onRamp for Colocation cluster. Any CSP ports can be connected to any port on the switches. The Stackwise Virtual Switch Link (SVL) ports can be connected to any port and similarly the uplink ports can be connected to any port on the switches. |
|
TACACS Authentication (Cloud OnRamp for Colocation) |
This feature allows you to configure the TACACS authentication for users accessing the Cisco CSP and Cisco Catalyst 9500 devices. Authenticating the users using TACACS validates and secures their access to the Cisco CSP and Cisco Catalyst 9500 devices. |
|
Network Assurance –VNFs: Stop/Start/Restart (Cloud OnRamp for Colocation) |
This feature provides the capability to stop, start, or restart VNFs on Cisco CSP devices from the Colocation Clusters tab. You can easily perform the operations on VNFs using Cisco vManage. |
|
TAC Access |
|
|
TAC Access to Cisco SD-WAN Manager |
When working with the Cisco Technical Assistance Center (TAC) to address an issue in Cisco SD-WAN Manager, users may provide TAC with access to Cisco SD-WAN Manager or TAC teams may access Cisco SD-WAN Manager using the consent token mechanism. In the past, this access has relied on a user account called viptelatac. In this release, two separate user accounts have been added, one with read-only access and one with write access. The accounts use a challenge-response authentication method. |
|
TCP Optimization |
|
|
Added TCP Optimization support for the Cisco ISR1100 6G platform. |
|
Important Notes, Known Behavior, and Workaround
-
Cisco vManage Release 20.3.1 implements a hardened security posture to comply with FedRamp guidelines. As a result, your Cisco SD-WAN Analytics login credentials that are stored locally get erased on upgrading the software, and you cannot access the Cisco SD-WAN Analytics service directly through Cisco SD-WAN Manager. In this case, log in to Cisco SD-WAN Analytics using this URL: https://analytics.viptela.com. If you can’t find your Cisco SD-WAN Analytics login credentials, open a case with Cisco TAC support.
-
For Cisco Catalyst SD-WAN Control Components Releases 20.3.1, 20.3.2, and 20.3.2.1, you must run the messaging server on all the active instances of the Cisco SD-WAN Manager cluster when deploying the Cisco SD-WAN Manager cluster. See the High Availability Configuration Guide for vEdge Routers for more information.
-
Starting from Cisco SD-WAN Release 20.3.1 and later releases, the Cisco Cloud Infrastructure monitoring service is changed to a push based model, for cloud-hosted controllers provisioned by Cisco, for cloud subscription customers. As part of this model, Cisco SD-WAN Manager authenticates with the monitoring system to send the health status data. This model no longer requires the 'viptelatac' user to log in to Cisco SD-WAN Manager and collect the health status data. For this new model to work in Cisco SD-WAN Release 20.3.1 and later releases, you must provide consent in Cisco SD-WAN Manager settings and configure a One Time Password (OTP).
For more information about Cisco CloudOps monitoring service, see Monitor the Cisco Catalyst SD-WAN Cloud-Hosted Controllers.
-
MD5 authentication protocol is deprecated for Cisco Catalyst SD-WAN Control Components Release 20.3.2 and later releases.
-
In Cisco vManage Release 20.3.1, when you create a CLI template through REST API, add this input parameter:
"cliType":"device"to the REST API. If this input parameter is not added, the CLI template fails to attach to the device. -
If your Cisco SD-WAN Manager is running Cisco vManage Release 20.6.1 and your Cisco vEdge devices are running Cisco SD-WAN Release 20.3.x, a defect CSCwc64459 prevents Cisco vManage from pushing the device templates as expected.
Cisco SD-WAN Manager Upgrade Paths
For information about Cisco SD-WAN Manager upgrade procedure, see Upgrade Cisco SD-WAN Manager Cluster.
| Starting Cisco SD-WAN Manager Version | Destination Version | ||||
|---|---|---|---|---|---|
|
19.2.x |
20.1.x |
20.3.x |
|||
|
18.x/19.2.x |
Direct Upgrade |
Direct Upgrade |
Check disk space*
For cluster upgrade procedure**: request nms configuration-db upgrade
|
||
|
20.1.x |
Not Supported |
Direct Upgrade |
Direct Upgrade For cluster upgrade procedure**: request nms configuration-db upgrade
|
||
|
20.3.x |
Not Supported |
Not Supported |
Direct Upgrade |
||
|
20.4.x |
Not Supported |
Not Supported |
Not Supported |
||
*To check the free disk space using CLI,
-
Use the vshell command to switch to vshell.
-
In vshell, use the df -kh | grep boot command.
**Cluster upgrade must be performed using CLI
-
Use the following command to upgrade the configuration database. This must be done on only one node that runs configuration-db in the cluster:
request nms configuration-db upgradeNote
We recommend the data base size in the disk is less than or equal to 5GB. Use the
request nms configuration-db diagnosticcommand to check the data base size. This is applicable only for upgrades of devices running Cisco SD-WAN Manager Release 20.1.1 and later.
-
Enter login credentials, if prompted. Login credentials are prompted if all Cisco SD-WAN Manager server establish control connection with each other. After a successful upgrade, all configuration-db services are UP across the cluster and the application-server is started.
Note |
The autoscale issue is fixed in Cisco SD-WAN Release 20.3.x. If your device is running on Cisco SD-WAN Release 18.4.x and mapped to a transit VPC, you must skip the upgrade to Cisco SD-WAN Release 19.2.x and Cisco SD-WAN Release 20.1.x, and upgrade directly to Cisco SD-WAN Release 20.3.x. |
Resolved and Open Bugs
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.8
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.8
|
Identifier |
Headline |
|---|---|
|
IPV4 Subnet Mask drop-down options are floating and Cisco SD-WAN Manager is getting frozen in Firefox browser |
Bugs for Cisco SD-WAN Release 20.3.8
Open Bugs for Cisco SD-WAN Release 20.3.8
|
Identifier |
Headline |
|---|---|
|
Cisco vEdge device cannot resolve Cisco SD-WAN Validator on the loopback interface |
|
|
Cisco Webex Audio Not working via TLOC-EXT |
|
|
Cisco vEdge device is crashing due to FP Core dying |
|
|
The tracker is not working after upgrade to 20.3.5 |
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7.2
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7.2
|
Identifier |
Headline |
|---|---|
|
Cisco vEdge 5000 device inbuilt certificate expiring on 12th November 2023 |
Bugs for Cisco SD-WAN Release 20.3.7.2
Resolved Bugs for Cisco SD-WAN Release 20.3.7.2
|
Identifier |
Headline |
|---|---|
|
Cisco vEdge 5000 device inbuilt certificate expiring on 12th November 2023 |
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7.1
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7.1
|
Identifier |
Headline |
|---|---|
|
vEdge: Certificate issue on Cisco vEdge devices |
Bugs for Cisco SD-WAN Release 20.3.7.1
Resolved Bugs for Cisco SD-WAN Release 20.3.7.1
|
Identifier |
Headline |
|---|---|
|
vEdge: Certificate issue on Cisco vEdge devices |
Bugs for Cisco SD-WAN Release 20.3.7
Open Bugs for Cisco SD-WAN Release 20.3.7
|
Identifier |
Headline |
|---|---|
|
Cisco vEdge Devices 1000 - Silent Reboot - with ZBFW configured. |
|
|
The OU field is deprecated from CA/B Forum Certificate Authorities. |
|
|
Cisco SD-WAN vDaemon should not remove unvalidated certificates from /usr/share/viptela/vedge_certs |
|
|
Cisco vEdge devices cannot resolve vBond on the loopback interface |
|
|
On root-ca bundle install control connection should flap if existing certificate is not verified |
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7
|
Identifier |
Headline |
|---|---|
|
Admin-tech on Cisco SD-WAN Manager cluster nodes takes one hour due to elastic search |
|
|
Control connections down due to controller certificate missing on all the controllers. |
|
|
Cisco SD-WAN Software Denial of Service Vulnerability |
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7
|
Identifier |
Headline |
|---|---|
|
Cisco SD-WAN Manager 20.10 "vedge-ESR-6300-NCP" is an invalid value for template push. |
|
|
The DTLS session with the Cisco SD-WAN Validator does not come up due to OOO packets received at the Cisco vEdge devices. |
|
|
MT overlay not coming up with 20.3.7 image |
Bugs for Cisco SD-WAN Release 20.3.6
Resolved Bugs for Cisco SD-WAN Release 20.3.6
|
Identifier |
Headline |
|---|---|
|
The cflowd flows are being shown in “show app logs flows” |
|
|
Cisco vEdge Device: ECMP for DP based DIA is not maintained if AAR policy applied |
|
|
Cisco vEdge Device not initiating arp request after upgrading |
Open Bugs for Cisco SD-WAN Release 20.3.6
|
Identifier |
Headline |
|---|---|
|
Cisco vEdge Device/ACL is accepting traffic when default action is set to drop. |
|
|
20.3.x Cisco vEdge Device SNMP template push failing from 20.6 vManage after 1st successful push |
|
|
20.3.4.0.11 devices showing Sy CPU which is not showing in Top processes or on Cisco vManage GUI |
|
|
Cisco vEdge Device 5k-LLQ policer rate on interface 10ge0/0 change after reboot on version 20.1.932 |
|
|
Cisco vEdge Device - ISR1100 4G-LTE - Cellular interface last-resort-circuit |
|
|
Cisco vEdge Device 1K silent reboot Warm Reset(CHIP RESET) |
|
|
Cisco vEdge Device: OSPF route isn't removed from routing table. |
Bugs For Cisco Catalyst SD-WAN Control Components Release 20.3.6
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.6
|
Identifier |
Headline |
|---|---|
|
Custom application list not replicated in Disaster Recovery for a Single Node Cisco SD-WAN Manager Cluster |
|
|
Memory leak in Cisco SD-WAN Controller-OMP |
|
|
Templatepush failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context |
|
|
OMP crashing due to OOM during initial boot up or churn |
|
|
Huge Data replication observed during DR process of 3 node cluster running 20.3.4 |
|
|
Null Pointer Exception is seen on visiting software image repo page on Cisco SD-WAN Manager |
|
|
Password getting written in clear text in NSO audit log and Cisco SD-WAN Manager log |
|
|
Root cert sync not working for large scale deployments |
|
|
Cisco SD-WAN: Cisco SD-WAN Manager Software Information Disclosure Vulnerability |
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.6
|
Identifier |
Headline |
|---|---|
|
Control connections down due to controller certificate missing on all the controllers. |
|
|
Admin-tech generation takes ~1 hour |
|
|
Traffic engineering needs to be reconfigured every time new site is added to ondemand tunnels policy |
|
|
Cisco SD-WAN Manager Site Health shows wrong number of sites |
|
|
Cisco SD-WAN Manager takes 10 mins to resume template push following control connection flap |
|
|
TLOC down/up events do not match in Cisco SD-WAN Manager cluster |
|
|
Certificate is displayed on the Cisco SD-WAN Manager UI even though controller CLI no longer hold the certificate |
|
|
Replication will start from time 0 if replication leader entry not present replicationstatus table |
|
|
Configdb restore results in erroneous view on Software repository and Enable ZTP |
|
|
Getting Maximum session limit reached when trying to ssh to Cisco edge devices from Cisco SD-WAN Manager |
|
|
Cisco SD-WAN Manager does not display realtime information if the user is logged in through TACACS. |
|
|
DPI stats processing is limited to 1 to 1.3 TB per day |
Bugs for Cisco SD-WAN Release 20.3.5
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco SD-WAN Release 20.3.5
|
Bug ID |
Description |
|---|---|
|
Low-Bandwidth-Link does not work as expected on ISR-1100 -4G/6G |
|
|
Cisco SD-WAN Software Information Disclosure Vulnerability |
|
|
Additional counter to capture the mismatch between control and data plane hash table ZBF records. |
|
|
Viptela device crashed after run admin-tech - Software initiated - Daemon 'fpmd' failed |
|
|
vedge interface tracker reporting down status in vdebug constantly while on the CLI its up. |
|
|
vEdge: Out of Order IKE Negotiation causes IKE to get stuck |
|
|
vedges redistributing static nat routes into OMP which are not set to be advertised |
|
|
Endpoint Tracker stays down when ip address changed from dhcp to static |
|
|
DNS resolution fails from VPN 511 - request download vpn 511 <URL> |
|
|
On 20.3.2 code, vEdge when turned on, interface stays down/ down with Cisco GLC-T SFP |
|
|
vedge 1k running 20.3.3 crashes intermittenetly when configured for nat |
|
|
Route-leak and ZBFW not picking correct VPN |
|
|
Umbrella re-direction does not work for DNS packets arriving from LAN via an IPSEC interface |
|
|
vEdge: IPSec IKE: DPD timeout causes IKE to get stuck |
|
|
FP core files are not automatically decoded |
|
|
BGP Route Aggregation causing delay in bringing up OMP after failover |
|
|
vEdge marking the routes as invalid in OMP when the control policy is changed. |
|
|
Implicit ACL ( Deny ) + Explicit ACL ( Default Allow ) --> Allow |
|
|
vEdge DST Root CA X3 Expiration causing umbrella integration to fail |
|
|
CSV file upload does not import values for variables used in cli add on template |
|
|
Response message (with IDP "success" status) does not match request via Cisco vManage SAML logout |
|
|
Cisco vManage Multicoud on ramp, cant attach 8kv - GUI form cant see the UUIDs entered |
|
|
20.4 Getting Wrong Control Site Down Alarm alarms |
|
|
Cisco vManage GUI down 20.3.3 due to Full GC (Allocation Failure) |
|
|
vMange crashed due to kernal panic [20.3.3.1.2] |
|
|
OMP control connections of Cisco IOS XE SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge |
|
|
AWS VPN based: IPSEC tunnels from CGW C8kvs to TGW down on latest 20.6 build |
|
|
Control connection to the vBond failing because of ERR_SER_NUM_NT_PRESENT on the vBond. |
|
|
omp route propagation delays due to constant marker resets on TLOC flap |
|
|
Cisco vManage disaster recovery not replicating the statistics database |
|
|
Cisco vManage CSR generation failed |
|
|
"request nms update-internal-ip new-ip" does not work on Cisco vManage 20.3.4 |
|
|
Cisco vManage is not able to discover VPCs for Multi-cloud when >14 AWS accounts provisioned |
|
|
Cisco vManage - After upgrade to 20.4.2 or 20.6.1 feature template field is not optional anymore |
|
|
Change user groups from operator to netadmin fails |
|
|
Tenant creation is failing on 20.3.3 MT cluster Cisco vManage |
|
|
Cisco vManage GUI Authentication with RADIUS working only if user with random password configured in CLI |
|
|
continuous logs of "Could not load host key: /var/run/ssh/ssh_host_dsa_key" |
|
|
BFD sessions goes down after interface flaps, and after configuring nat map-type |
Open Bugs for Cisco SD-WAN Release 20.3.5
|
Bug ID |
Description |
|---|---|
|
Vedge 5k-LLQ policer rate on interface 10ge0/0 change after reboot on version 20.1.932 |
|
|
Not possible to ping VRRP Virtual IP |
|
|
OMPD crash seen on vEdge2k doing an assert while doing best path calculation operation. |
|
|
vEdge-2000 version 20.3.2 crashed due to (reason: Daemon 'bgpd' down in vpn 7) |
|
|
Multiple Vedge's lost certificates and lost control connections. |
|
|
ZBFW zone-pair (service to service) not working as expected. |
|
|
Cisco vManage became unusable after CPU spiked to 100% - no were operations performed during hike |
|
|
Cisco vManage Site Health shows wrong number of sites |
|
|
Cisco vManage user sessions not getting cleaned up, approx 19700 active sessions |
|
|
Huge Data replication observed during DR process of 3 node cluster running 20.3.4 |
|
|
custom application list not replicated in Disaster Recovery for a Single Node Cisco vManage Cluster |
|
|
replication will start from time 0 if replication leader entry not present replicationstatus table |
|
|
Security policies applied to incorrect interface in cluster mode, iptables |
|
|
Cisco vManage: Noticed RouteMap attribute modification failure , while attempting through CLI Template |
|
|
vEdge Does Not Respond Properly to vSmart Policy Prefix-list Changes (CLI Policy) |
|
|
New sequence in RPL with set as-path has both prepend and exclude as required fields |
|
|
Cisco vManage 20.3.5: Cisco IOS XE SD-WAN device upgrade fails with java.lang.Exception |
|
|
Filtering the data based on local tloc is returning no data in Cisco vManage GUI for DPI stats |
|
|
DB backup fail after upgrade 20.3 -> 20.6 -> 20.7 |
|
|
Token fails to get generated when trying to login to Cisco hosted Cisco vManage via GUI |
|
|
cflowd flows are being shown in “show app logs flows” |
Bugs for Cisco vManage Release 20.3.4.2
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco vManage Release 20.3.4.2
|
Bug ID |
Description |
|---|---|
|
Evaluation of Cisco SD-WAN for Log4j 2.x DoS vulnerability fixed in 2.17 |
Bugs for Cisco vManage Release 20.3.4.1
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco vManage Release 20.3.4.1
|
Bug ID |
Description |
|---|---|
|
Evaluation of Cisco vManage for Log4j RCE (Log4Shell) vulnerability |
Bugs for Cisco SD-WAN Release 20.3.4
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco SD-WAN Release 20.3.4
|
Bug ID |
Description |
|---|---|
|
Vedge-5000:Auto IP feature not working on vedge5k |
|
|
Performance degradation(6%-10%) observed on vEDGE-1k and 2k with 20.3.1 CCO on all the profiles. |
|
|
Vedge_cloud_19.2.921 - FP misprogramming |
|
|
High CPU because of process vconfd_script_vmanage_list_stats.sh |
|
|
vedge vrrp stuck in init state with the sub-interface's second address |
|
|
unexpected behavior for nat-tracker on vedge100M |
|
|
vrrp virtual IP becomes unreachable to all external devices. |
|
|
vEdge-100m Cellular interface losing its ip // Different ISPs |
|
|
In vEdge5K the default route in RIB table is not getting programmed in FIB table properly |
|
|
VEDGE-1000-AC-K9 change data prefix list name crash after 4-5 min |
|
|
vEdge 5k crashed with reason "Software initiated - FP core watchdog fail" |
|
|
vEdge suddenly stops to send packets via PPP interface |
|
|
Vedges are crashing once the admin-tech is executed from GUI or CLI. |
|
|
vedge crash after route leak config |
|
|
FTMD crash being observed on a vEdge 5000 with FEC ADAPTIVE configuration enabled. |
|
|
'Flow addition failures' observed with ZBFW on vEdge after heavy churn |
|
|
Layer 7 tracker goes down with ZBFW inspect rule for self-zone |
|
|
policyAccessListAssociationsAccessPolicyInterfaceListTable Not ordered correctly |
|
|
ISR1100-6G keep crashing because FP core watchdog fail |
|
|
ISR1100-4GLTE devices shows half duplex in 19.2.3 and 20.3.x releases |
|
|
vedge 5k keep crashing because FP core watchdog fail and ysmgr got signal 9. |
|
|
Not able to see the correct autoneg, speed and duplex settings from the Viptela CLI |
|
|
Self generated return packet getting drop due to firewall |
|
|
vEdge Cloud / 20.3.3 / Crash on bfdmgr_sla_class_next |
|
|
vEdge: Show command to view PoE status is broken after upgrading to 20.3.3 |
Open Bugs for Cisco SD-WAN Release 20.3.4
|
Bug ID |
Description |
|---|---|
|
vEdge/vBond: default route is not installed in RIB even ARP is learnt and default GW is reachable |
|
|
vEdge(x86) IPSec+QoS Performance Optimization |
|
|
show ip route with filter isn't working with new confd version |
|
|
Vedge 5k-LLQ policer rate on interface 10ge0/0 change after reboot on version 20.1.932 |
|
|
Routes redistributed to the OSPF/BGP that shouldn't be filtered by the routing-policy are filtered |
|
|
vEdge IPSec/Ikev2 tunnel not getting re-initiated after being torn down due to a DELETE event |
|
|
FTMD crash seen after customer tried to add a second tracker to an interface |
|
|
Shaping-rate command on ISR1100-6G not taking an effect |
|
|
Flows moving between circuits midflow |
|
|
vEdge Template push failure: "Unable to send line feed after string <nc:unlock>" |
|
|
vEdge VPN labels mis-allocated after upgrading from 18.x to 19.x |
|
|
Viptela device crashed after run admin-tech - Software initiated - Daemon 'fpmd' failed |
|
|
vedge interface tracker reporting down status in vdebug constantly while on the CLI its up. |
|
|
vEdge1000 Silent Reload |
|
|
Cisco vManage template does not push correct dead-peer-detection interval value to vEdge |
|
|
Retrieving config from vEdge2K via Cisco vManage takes minutes to return complete configuration |
|
|
DPI not working properly |
|
|
vEdge: IKE IPSec sessions: discrepancy between StrongSwan and FTM Module Session Status |
|
|
Cisco vManage upgrade causes certificates to become invalid on vEdge devices |
|
|
In ISR1100-4G QOS traffic goes into default queue at higher speed. |
|
|
vedges redistributing static nat routes into OMP which are not set to be advertised |
|
|
IPsec flapping - "iptables-dropped" |
|
|
FEC sending more packets than expected |
|
|
Endpoint Tracker does not see the proper latency values |
|
|
vEdge 1000 rebooted because of Daemon zebra |
|
|
Multicast application stops working after vedge upgrade from 19.2.3 to 20.3.936 |
|
|
vEdge not initiating arp request after upgrading |
|
|
"show ntp" command returns error "Line count error: expected 3 or more, got 1" |
|
|
vEdge still advertises color if link is down but interface is up |
|
|
NatPool + local-tloc doesn't ' work together in data-policy |
|
|
vEdge sends getResponse including undefined values. |
|
|
DNS resolution fails from VPN 511 - request download vpn 511 <URL> |
|
|
On 20.3.2 code, vEdge when turned on, interface stays down/ down with Cisco GLC-T SFP |
|
|
VPN label is changing upon Edge reboot |
|
|
ND Failed with device template: Failed to edite device template if add-on CLI empty |
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.4
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.4
|
Bug ID |
Description |
|---|---|
|
Cisco vSmart Upgrade From 20.1.12 to 20.3.1 Failing With Error "Failed to install: " |
|
|
Incorrect mapping for device specific variables from interface shaping rate |
|
|
Incorrect tag for omp routes in Real Time view |
|
|
Variables missing in Cisco vManage during template push. |
|
|
OIB: without change any ND global parameters, Cisco vManage automatically push template to all sites again |
|
|
ND template stay in DB when no branch associated to and cause image delete failure |
|
|
Limit of 30 notifications / min restriction for webhook alarm to be removed from UI |
|
|
Not able to copy a feature template if the description or name contains "|" |
|
|
Cisco vManage GUI not accessible due to too many open file descriptors. |
|
|
OSPF alarm down seen on Cisco vManage, OSPF process is UP |
|
|
"Invalid IPv4 address" is shown when inputting IPV6 DNS field |
|
|
ND Template attach "Failed to create input variables for template: Failed to create input variables" |
|
|
Cisco vBond upgrade from 20.3.1 to 20.3.2 fails |
|
|
Cisco SD-WAN - Cisco vManage - ip helper not more than 1 is possible with Feature and Device Templates |
|
|
We are not able to change Controller Certificate Authorization options in Cisco vManage GUI |
|
|
UI showing console error after clicking on active/completed task as fails to show the details |
|
|
20.4 policy name restrictions may break existing templates on upgrade |
|
|
SSH via Cisco vManage GUI timeout in 180 seconds |
|
|
Cisco vManage not displaying tunnel state correctly |
|
|
Cisco vManage showing old device hostname |
|
|
Not all routes getting pushed to device |
|
|
CLI template does not push snmp-server community config |
|
|
DPD with default values on feature template is not pushed to Cisco IOS XE SD-WAN device |
|
|
Service proxy does not restart after ui certiticate upload |
|
|
Cisco vBond software upgrade fails when selecting activate/reboot while upgrading |
|
|
nms_bringup file has ^M in each line after service restart as part of DR |
|
|
UC - unable to make modification to the translation rule once created from Cisco vManage UI |
|
|
Could not load host key: /var/run/ssh/ssh_host_ed25519_key |
|
|
CLI template does not push logging buffered community config |
|
|
Cisco IOS XE SD-WAN device- template failure - An element value is not correct : inspect. |
|
|
Cisco vManage logs are not pruned |
|
|
Update button stops working after adding DHCP option |
|
|
Remove "show internal omp rib vroute" cli from admin tech |
|
|
Cisco IOS XE SD-WAN device Upgrade to 17.3.3 failing due to "Failed to check active partition information" error message |
|
|
Issues detaching template when device is in CSR generated state |
|
|
Cisco vManage manage-user function is not working properly |
|
|
Changing Config-DB ID/Password from default to non-default on a cluster of more than 3 members |
|
|
ZTP software version enforcement does not respect software install timeout |
|
|
Cisco vManage dashboard doesn't show device status even when control is up/up |
|
|
invalid value for: prefix-entry Error when push advertise OMP prefix under vpn |
|
|
Configuration DB upgrade in cluster failed in 20.3.3 code |
|
|
The CSR properties in Cisco vManage config DB does not match with the certificate settings on Cisco vManage UI. |
|
|
c8500 / 17.3.2 / 17.4.1a / Cisco vManage is not pushing auto negotiation for 10Gig Interfaces on Cisco IOS XE SD-WAN device |
|
|
X-Forwarded-For header is passed through to local auth, leading to session creation errors |
|
|
20.3.3 alarms not working for BFD/Control issues |
|
|
Device template policy dissapears from UI after selecting edit device template |
|
|
Cisco vManage becomes unresponsive after a high amount of email notifications getting generated. |
|
|
Mismatch self-signed root certs between primary and secondary clusters |
|
|
Cisco vManage is not able to discover VPCs for Multi-cloud when >7 AWS accounts provisioned |
|
|
Socket connect leak when dr is enabled |
|
|
Unable to generate ciscotacro/rw token due to sessions being full |
|
|
API sessions not getting cleared out when "Max Sessions Per User" is set |
|
|
Continuous logs of "Could not load host key: /var/run/ssh/ssh_host_ed25519_key" |
|
|
All stat-db settings except DPI is not available after DR registration |
|
|
Cisco vSmart crash because of ompd process |
|
|
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability |
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.4
|
Cisco vManage Site Health shows wrong number of sites |
|
|
Attempt to create cluster fails when adding 2nd member to standalone Cisco vManage |
|
|
Frequent Cisco vManage UI timeout and stuck in Please continue waiting state. |
|
|
Cisco vManage reverting API changes after 5 minutes |
|
|
Push Cisco vEdge list fails to Cisco vSmart with application error. |
|
|
Device Specific field is not usable |
|
|
20.4 Getting Wrong Control Site Down Alarm alarms |
|
|
IR1101 template push error: bad-cli - No interface |
|
|
Activating changes in Security Policy that is attached to the Cisco vEdge will fail and lock the database |
|
|
Cisco vManage API running too frequently under Rediscover Network resulting in Page Loading too often |
|
|
SCP of WAN edge list to Cisco vBonds from Cisco vManage fails when TACACS is enabled on vBond. |
|
|
Cisco vAnalytics slowness in response to a query |
|
|
Security policies applied to incorrect interface in cluster mode, iptables |
|
|
Attach to the device fails, when CLI template is created via REST API in Cisco vManage |
|
|
zScalar configuration deletion happens in the wrong order. |
|
|
Cisco vManage upgrade is failing from 20.3.3.1 > 20.3.4 |
|
|
Cisco vEdge auth-order change not processed correctly |
|
|
Cisco vManage Webhooks doesn't work without Email notifications explicitly enabled |
|
|
Cisco vManage ver 19.2.4 crash, becomes unstable/unusable |
|
|
Cisco vManage pushes invalid service route command |
|
|
Failed to create deviceactionstatusnode table entry in DB for device: Validation |
|
|
Cisco vMange crashed due to kernal panic [20.3.3.1.2] |
|
|
OMP control connections of Cisco IOS XE SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge |
|
|
Token fails to get generated when trying to login to Cisco hosted Cisco vManage via GUI |
|
|
Cisco vManage reports 'upgrade request failed in device' error after installing the software via ZTP |
|
|
Cisco vBond lost static route on vpn 0 and vpn 512 running 19.4.2 |
|
|
Configuration db VMANAGE ROOT CA node is not updated |
|
|
On-prem Cisco vManage cluster went into a bad state and template push started failing |
|
|
Cisco vManage giving error on login |
|
|
Cisco vManage UI is taking time to load first time |
|
|
Cisco vManage email notification - supporting special character & (ampersand) in the email address |
|
|
Cannot apply endpoint-tracker to Cisco IOS XE SD-WAN device via Cisco vManage template in service VPN |
|
|
Cisco vManage cluster management page should not show Sys IP in drop down of "Cisco vManage IP Address" |
|
|
IPS signature update not consistent on routers after Cisco vManage upgrade to 20.3.3.1 |
|
|
Cisco vManage nodes in a cluster with Stats-db ran into full GC allocation failure |
|
|
After upgraded the Cisco vManage from 20.3 to 20.6, UI is not getting loaded |
|
|
Cisco vManage became unusable after CPU spiked to 100% - no were operations performed during hike |
|
|
The edge router maintains persistent connections to Cisco vBond |
|
|
1 vManage GUI login lead 4 PAM login failures so two GUI login failure lead to account lock |
|
|
Template push failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context |
Bugs for Cisco SD-WAN Controller Release 20.3.3.1
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Controller Release 20.3.3.1
|
Bug ID |
Description |
|---|---|
|
vBond software upgrade fails when selecting activate/reboot while upgrading |
|
|
Cisco IOS XE Catalyst SD-WAN upgrade to 17.3.3 failing due to "Failed to check active partition information" error message |
Bugs for Cisco SD-WAN Release 20.3.3
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Release 20.3.3
|
Bug ID |
Description |
|---|---|
|
Cisco vBond Orchestrator connection Down Alarms or Events not appearing in Cisco vManage |
|
|
[SIT]: vsmart policy edit failed with transport closed error |
|
|
Seeing more hVNETs than maximum allowed |
|
|
Multilink interface can not be configured without ppp authentication |
|
|
Higher memory utilization on Cisco vManage 20.1 |
|
|
PPP feature templates cannot modify IP MTU on Dialer interfacce |
|
|
Task update issues, large customer setup with cluster |
|
|
20.3 config-db upgrade script reports success even when it fails |
|
|
Cisco vManage UI does not accept controller group more than 1 |
|
|
Cisco vManage GUI dashboard does not show number of Cisco vManage up when single node in cluster is down |
|
|
Cisco SDWAN vManage 20.3.1 unable to display IP address of user access in audit log |
|
|
Cisco vManage: Template Push fails with Unable to send line feed after string |
|
|
Reassign "oom_score_adj" Values in "sysmgr.conf" |
|
|
Email Notifications: with custom devices list a Number of 'Devices Attached' is blank when edit it |
|
|
Failed to update configuration null error when pushing templates on 18.4.5 |
|
|
config preview failed with Exception in callback: BGP AS Number couldn't be retrieved in service VPN |
|
|
Kernel Panic is seen after upgrade the Cisco vManage to 20.3 (watchdog) |
|
|
Cluster activation failed because of a space in resource pool field in cluster config |
|
|
In a cluster, an App server starting dependency should check a cluster, not just local service |
|
|
Config-DB upgrade from 3.5.14 to 3.5.22 through Cisco vManage SW upgrade. |
|
|
Difference in ip address of interface and json causing the stats db and config db in waiting |
|
|
Add IPv6 OMP route support in Cisco vManage real time monitoring |
|
|
Not able to successfully deploy vEdge routers with the cloudOnRamp wizard in Cisco vManage |
|
|
SDWAN: clear control connection on vsmart can cause missing DNS resolved entries for IPv4 sessions |
|
|
Confuguration-db upgrade allowed when not needed |
|
|
'dns-server-list' error seen when pushing DNS server IP update from Cisco vManage |
|
|
Cisco vManage dpi classification incorrect |
|
|
Cisco vManage template doesn't allow interface as next hop for static route |
|
|
Cisco vManage: Multiple DNS servers in DHCP template gives "Invalid IPv4 address" |
|
|
Translation profile/rules configured as part of a Voice policy not applied to dial-peers |
|
|
CLI template push to vBond fails with "Device failed to process request. null" error |
|
|
Cisco vManage Optional OSPF Configuration Removed when Device Template Updated |
|
|
Cisco vManage UI is not coming up thread are stuck while updating factory default templates during startup |
|
|
Logfiles flooded with message of tcgetattr: Input/output error |
|
|
on-prem Cisco vManage ungraded to 20.3.2 from 19.2.3 rebooting in an interval of 10-15 min |
|
|
UC SDWAN: Not able to see policy profile in Custom options. |
|
|
Reassign "oom_score_adj" Values for tracker |
|
|
Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood |
|
|
Automatically changing Stats-DB to read-write mode when app server restart |
|
|
Introduce basic stats collection backpressure [v1] |
|
|
Change for configdb query planner to hint more effectively via $param instead of old-style {param} |
|
|
Old vAnalytics setting should not be migrated into CloudServices from GUI |
|
|
Add validation check for Blocklist and Redirect URL |
|
|
Cisco vManage 6 Node CLuster on Azure takes 2 mins to login to Cisco vManage UI. |
|
|
Cisco vManage 20.3.2.1 requires read-replicas to speed up GUI access |
|
|
Local configuration not showing preview of config on Cisco vManage 20.3.2 |
|
|
Audit log flooded with logouts from DR cluster |
|
|
consul service is not enabled in DR registartion wth arbitrator |
|
|
Increase process wait timeout for configdb upgrade |
|
|
Escalations: coordination service logs GB log file filling up disk |
|
|
root-cert corrupted after upgrading to 20.3.2 code |
|
|
Cisco vManage 19.2.x - Cannot edit AAA feature template for vEdges |
|
|
AMP data is not populated in Graphs under network level |
Open Bugs for Cisco SD-WAN Release 20.3.3
|
Bug ID |
Description |
|---|---|
|
Select control connection TAB for any vsmarts, it will never show vbond connections |
|
|
Customer couldn't login to 19.2.3 Cisco vManage using SSO unless the browser cache is cleared |
|
|
Cloud OnRamp for Colo Port level view mapped ports on CSP to the wrong switch |
|
|
Inconsistency between "show app flowd flows" and API response of DPI stats |
|
|
Incorrect tag for omp routes in Real Time view |
|
|
UI throwing "Failed to list cluster information:Unknown error" on cluster management page |
|
|
Mismatch in System CPU statistic -- "Real Time" and historical 1/3/6/12h |
|
|
Dashboard getting blank intermittently in singlenode 20.3.2.1-no response of agg APIs from stats-db |
|
|
VNF Install fail - VNF packages are not sync'd/copied in new added Cisco vManage node in Cisco vManage cluster |
|
|
Cisco vManage Dashboard - Alarm time zone is tagging with incorrect time zone |
|
|
Cisco vManage GUI not accessible due to too many open file descriptors. |
|
|
OSPF alarm down seen on vamange, OSPF process is UP |
|
|
Attempt to create cluster fails when adding 2nd member to standalone Cisco vManage |
|
|
Frequent Cisco vManage UI timeout and stuck in Please continue waiting state. |
|
|
"Invalid IPv4 address" is shown when inputting IPV6 DNS field |
|
|
Cisco SD-WAN - Cisco vManage - ip helper not more than 1 is possible with Feature and Device Templates |
|
|
Cisco vManage: UI is incorrectly showing the current version for Cisco vManage and vSmarts. |
|
|
We are not able to change Controller Certificate Authorization options in Cisco vManage GUI |
|
|
Issues with template created by API call |
|
|
ACI APIC to Cisco vManage integration issue |
|
|
Cisco vManage goes into out of memory resulting in slowness while pushing the template and accessing GUI. |
|
|
serverproxy-access.log not rotating in /var/log/nms |
|
|
UI showing console error after clicking on active/completed task as fails to show the details |
|
|
SSO SAMLResponse Error validating SAML message at re-authentication |
|
|
SSH via Cisco vManage GUI timeout in 180 seconds |
|
|
Cisco vManage did not validate if the template value of an interface name was correct. |
|
|
Configurations allows for multiple primary DNS servers |
|
|
"request nms all status" command returning Python exception if containter-mgr svc was stopped |
|
|
DHCP excluded-address command is not being pushed via Cisco vManage template |
|
|
Server slowness during GUI operations, system degrades until login is not possible |
|
|
Escalations: messaging service timeout |
|
|
netconf connection failures while installing certificate |
|
|
Cisco vManage removes \ character when imported to cli template from running configuration |
|
|
audit-log: invalid session with a user due to inactivity even though app-server not shutdown |
|
|
Cisco vManage CLI template push failing due to controller transaction ID error |
|
|
Creation of Cisco vManage DR Cluster Failed, GUI showing duplicate entry for DR Cisco vManage |
|
|
Shaper Rate and QoS Map device specific variable get reset when changed to "Per-tunnel-QoS" hub |
|
|
CLI template does not push snmp-server community config |
|
|
cannot remove NAT configuration from the template in a single operation if NAT translation is active |
|
|
Cisco vManage cluster does not show Graphs for less than 7 Days |
|
|
Cisco vManage App Route Visualization - Citrix Flows are missed in GUI |
|
|
"Server Error, Details: Unable to get pcap session" is printed in the Cisco vManage GUI |
|
|
Fail to upload images to software repository post Cisco vManage upgrade to 19.2.4 |
|
|
/dataservice/device/omp/routes/advertised?deviceId reply is empty |
|
|
Cisco vManage - TACACS requests are sourced from old interface IP after IP changed |
|
|
Cisco vManage is unable to push both interface and ip as a next-hop |
|
|
Cisco vManage: Control connection up with Edge devices however, do not show up on Dashboard |
|
|
Cisco vManage DB can not boot up due to neo4j complains about older version |
|
|
Cisco vManage utd/virtual image state stuck in DEPLOYED state after cEdge device app-host list is RUNNING |
|
|
Template Push to device is Failed in Cisco vManage UI. |
|
|
Sharepoint flows not forwarded properly |
|
|
Downloading the events CSV file results only 2 days of data irrespective of set time range. |
|
|
Cisco vManage does not wait and confirm new partition when activating controllers |
|
|
nms_bringup file has ^M in each line after service restart as part of DR |
Bugs for Cisco SD-WAN Controller Release 20.3.2.1
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Controller Release 20.3.2.1
|
Bug ID |
Description |
|---|---|
|
Reassign "oom_score_adj" Values in "sysmgr.conf" |
|
|
Kernel Panic is seen after upgrade the vmanage to 20.3 |
|
|
Config-DB upgrade from 3.5.14 to 3.5.22 through vManage SW upgrade. |
|
|
Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood |
|
|
Cloudservices Radio button needs enable disable seperate check box for vAnalytics and Monitoring |
|
|
Introduce basic stats collection backpressure [v1] |
|
|
Change for configdb query planner to hint more effectively via $param instead of old-style {param} |
Open Bugs for Cisco SD-WAN Controller Release 20.3.2.1
|
Bug ID |
Description |
|---|---|
|
Messaging server and App-server is not getting started upon VM shutdown/start |
|
|
Full GC (Allocation Failure) on Standalone Cisco SD-WAN Manager running 264 devices |
|
|
Cisco SD-WAN Manager GUI is not accessible: upstream connect error |
|
|
Reassign "oom_score_adj" Values for tracker |
Bugs for Cisco SD-WAN Release 20.3.2
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Release 20.3.2
|
Bug ID |
Description |
|---|---|
|
Template push fails with Failed to update configuration - com.tailf.maapi.MaapiException |
|
|
Cisco Banner Feature Template config Absent in Config preview |
|
|
vManage Feature hostname / location template should support special characters |
|
|
Vedge receives a packet to remove SPIs for duplicate IKEv2 SAs but it removes all the SPIs instead. |
|
|
vEdge 100m lose IP for a Cellular interface |
|
|
IPsec tunnel configured on cEdge drops LAN traffic when Loopback interface is used as tunnel source. |
|
|
"show ipv6 interface" command returns incomplete IPV6 ADDRESS field |
|
|
Console Logging on Global Settings Template does not get applied on cEdge |
|
|
20.3 : Modifying Active policies by deleting existing sequence number fails |
|
|
IKE IPSec: Generate an error message, if strongSwan can't execute rekey CLI |
|
|
19.2.2 template push failing for 16.10.2 cedge devices |
|
|
QOS-vEdge2K : not getting desired throughput when sending traffic more than shaping-rate |
|
|
Multitenant vManage may send CSR to wrong VA |
|
|
vEdge crashed with error "Software initiated - Daemon 'ompd' failed. Core files found" |
|
|
In vManage 20.1.1 UI bootstrap 3.2.0 is vulnerable to multiple medium CVE |
|
|
LLQ policer disappears when changed policy configuration |
|
|
VNF Stats and SCHM reports shows empty after vManage upgrade from 20.1 to 20.3 R 908 |
|
|
vEdge cannot resolve vBond. No packets going out of loopback interface. |
|
|
Vmanage UI: Enforce ZTP Version Add Software Version should show when no versions are aviable |
|
|
BGP Type 8 hash changes even if "Avoid recompute of type 8 encrypted passwords" is enabled |
|
|
vEdge 1000 crashed in version 20.3.1 |
|
|
Vmanage's change in AAA Feature is generating an error "Server error: Unknown error" |
|
|
No date and time info in the syslog payload |
|
|
The request nms configuration-db configure command needs protection and documentation |
|
|
20.3.1 messaging server reports not-running status after stop-all action, but is still running |
|
|
vAnalytics - Launch vanalytics not working in vmanage UI |
|
|
SSO auth errors, exception: Error determining metadata contracts |
|
|
vManage 20.3.1 - Filter section never minimizes on the page Monitor > Geography |
|
|
Unable to update feature template |
|
|
vSmart OMPD crash on policy application |
|
|
20.3 code vmanage is not accepting serial file from PnP portal or sync from smart account fails |
|
|
vManage: PnP software version verification failure |
|
|
XE SDWAN router crash due to system memory exhaustion caused by FTM memory growth |
|
|
IP subnet as device specific variable not working for IPSec tunnel |
|
|
cEdge: [no] allow-service https doesn't take effect on vManage template to the device |
|
|
Cisco SD-WAN vManage Software XML External Entity Vulnerability |
|
|
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability |
|
|
Cisco SD-WAN vManage Software Directory Traversal Vulnerability |
|
|
Cisco SD-WAN Software Privilege Escalation Vulnerability |
|
|
Cisco SD-WAN Software Privilege Escalation Vulnerability |
|
|
Cisco SD-WAN Software Privilege Escalation Vulnerability |
|
|
Cisco SD-WAN vManage Cross-Site Scripting Vulnerability |
|
|
Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
|
|
Cisco SD-WAN vManage Software XML External Entity Vulnerability |
|
|
Cisco SD-WAN vManage Software Authorization Bypass Vulnerability |
|
|
Cisco SD-WAN vManage Software Path Traversal Vulnerability |
|
|
Cisco SD-WAN vManage Software Command Injection Vulnerability |
|
|
Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability |
|
|
Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability |
Open Bugs for Cisco SD-WAN Release 20.3.2
|
Bug ID |
Description |
|---|---|
|
vEdge forming duplicate control-connections after increasing number of cores on vSmart |
|
|
fp-core watchdog failure on vEdge 5k running 18.4.1 (fp-um) |
|
|
vEdge cloud - Token getting lost after rebooting vEdge Cloud for two times. |
|
|
Template attaching failure, system-ip referanses to old chassis-number |
|
|
Multicast autorp issue with vEdge/cEdge mixed deployment |
|
|
vManage GUI shows "-" in RX Drop column, under Monitor > Network > Real Time > Interface Statistics |
|
|
vManage: Client timed out waiting for request taking longer than 60s after save ND template |
|
|
When generating new certificate for SSO login to vManage started to fail |
|
|
ISR 4000 Cedge : Only one T1 card is getting enabled via CLI template while two are inserted |
|
|
Nutella - vManage not showing the correct hostname for Nutella device |
|
|
CLI template push for banner login <> configuration fails on cedge |
|
|
Unable to edit vbond config via CLI , when control connection breaks from vmanage. |
|
|
Seeing more hVNETs than maximum allowed |
|
|
Multilink interface can not be configured without ppp authentication |
|
|
Web traffic is not properly recognized by DPI |
|
|
Task update issues, large customer setup with cluster |
|
|
[vedge][iperf] vedge iperf doesnt work in vpn 0 on 18.4.4 as well as 19.2 |
|
|
20.3 config-db upgrade script reports success even when it fails |
|
|
vmanage is not generating the TLS Proxy Certificate after Device comes online |
|
|
cEdge: Option field in EIGRP template interface section is not working |
|
|
Template attach validation error misreported |
|
|
Able to ssh into a vEdge even after ciscotac{ro|rw} account is disabled. |
|
|
vManage Site Health shows wrong number of sites |
|
|
vManage GUI dashboard does not show number of vManage up when single node in cluster is down |
|
|
17.2/20.1 MR bfd session down after enable pairwise-keying |
|
|
ADFS SP initiated SSO is in continuous login loop - vManage |
|
|
Cisco SDWAN vManage 20.3.1 unable to display IP address of user access in audit log |
|
|
ISR1100-6G vEdge reboot after Centralized policy push |
|
|
Workaround is needed for Operator user to be able to view device configurations post VManage 19.2.3 |
|
|
Cloud OnRamp for Colo Port level view mapped ports on CSP to the wrong switch |
|
|
Performance degradation observed on Nutella with 20.3.1 CCO with all the profiles |
|
|
Email Notifications: with custom devices list a Number of 'Devices Attached' is blank when edit it |
|
|
Smart Sync Account sends CEC password in clear text which is a security hole. |
|
|
vmanage control does not fail over if there are too many vbond addresses |
|
|
Performance degradation observed on vEDGE-1k and 2k with 20.3.1 CCO |
|
|
Control connections are stuck in challenge state |
|
|
Data prefix list in centralise policy takes long time to process in backend to view/edit operations |
|
|
Not able to configure ADSL interface. |
|
|
After vManage config-db restore, the webhook checkbox is no longer selected |
|
|
OMP stuck in init/down even though control is up |
|
|
vEdge 1000: BGP may advertise a default route that doesn't exist in RIB or OMP |
|
|
OMP routes learnt via MPLS color is showing as connected route for Biz-internet color in vManage UI |
|
|
vManage Error : Failed to configure. Database [vmanagedb] instance is interrupted |
|
|
API /dataservice/device/dhcp/client?deviceId= reports incorrect string |
|
|
Buffer pool leak seen on ISR1100-6G |
|
|
Vedge_cloud_19.2.921 - FP misprogramming |
|
|
Packet forwarding incorrectly over BGP |
|
|
admin tech on vEdge takes more than 2 hours to generate |
|
|
Upgrade from 18.4.5 to 19.2.31 failed |
|
|
Incorrect tag for omp routes in Real Time view |
|
|
Device Template failing to attach after changing few device variables |
|
|
OMP advertised routes is returning both advertised and what it learned from OMP in 19.2.3 |
|
|
vEdge running 19.2.2 has buffer pool getting depleted, core utilization going to 99.9% |
|
|
Home user files changing ownership after reload |
|
|
vEdge DPI for MS Teams does not work well |
|
|
bfd session between vedge not come up via nat router |
|
|
Template to Inject Default Route to OMP when Local DIA Used is not working |
|
|
GRE interface went down after swapping configuration in 2 interfaces |
|
|
Cisco SD-WAN Manager: Template push to Cisco ISR 4000 may fail after upgrading the code of Cisco SD-WAN Manager from 20.3.1 to 20.3.2 |
|
|
ConfigDB not updating username/password |
Bugs for Cisco SD-WAN Release 20.3.1
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Release 20.3.1
|
Bug ID |
Description |
|---|---|
|
Cisco SD-WAN Manager ElasticSearch is exposed to changes from any user using the Vshell (Posix), and has no authe |
|
|
"show ospf database" does not show Type 5 external LSAs |
|
|
Cisco SD-WAN passwords with an exclamation character does not work on vEdges and controllers |
|
|
Cisco SD-WAN Manager stores stale session and renders to j_security_check or last cached url |
|
|
Cisco SD-WAN Manager: for ipsec IKE Diffie-Hellman Group 2 should be removed |
|
|
[Azure] Cisco SD-WAN Manager rebooted on 19.3 with Software initiated - Kernel Panic |
|
|
Cisco SD-WAN Manager showing alarm " vEdge serial file uploaded" |
|
|
Cisco SD-WAN Manager Security Policy ZBF can't use Protocol Names |
|
|
Template page returning Server error: Unknown error |
|
|
Template locked in edit mode permanently |
|
|
Cisco SD-WAN Manager fail to create bootstrap config |
|
|
Support for moving packet from service VPN to VPN 0 without changing source ip |
|
|
Slash symbol cannot be used in a variable value of any device specific parameter scope in templates |
|
|
Cisco SD-WAN Manager periodic cfgmgr crash |
|
|
Doing "simulate flows" from Cisco SD-WAN Manager running 20.1 causes FTMD crash on ASR1002-HX running 16.12.01e |
|
|
Cisco SD-WAN Manager API does not accept URL encoded string as path argument (the real problem is device has / ) |
|
|
SSH version 2 not available via Cisco SD-WAN Manager Template |
|
|
[Enhancement] "ip http client source-interface" cannot be configured via template |
|
|
route leaking between VPN with natpool in one VPN is not working. |
|
|
Missing callin option in "ppp authentication pap ..." after upgrading to 20.1.1 |
|
|
EIGRP - Removing authentication template does not remove it entirely |
|
|
Cisco SD-WAN Manager does not generate and push BGP "neighbor update-source" command in cedge cli template |
|
|
cfgmgr changes needed from platform to support IPv6 on VPN 512 |
|
|
20.1 cEdge TACACS/RADIUS password are in clear text on Cisco AAA feature template |
|
|
Cisco SD-WAN Managerdoes not generate and push DHCP "ip dhcp excluded-address" command in cedge cli template |
|
|
Optional field is not considered as optional. |
|
|
"Chassis Number not found" fails to indicate the problematic entry - Need more details in logging |
|
|
20.3:Template Migration failing if device template is created for CLI Template in 19.2.x |
|
|
Disable support for weak encryption ciphers on Cisco SD-WAN Manager and vSmart. |
|
|
Cisco SD-WAN Manager image validation may fail for ZTP upgrade process on cEdge |
|
|
WWAN : update cellular ZTP Polish carrier list |
|
|
Cisco SD-WAN Manager API call showed error message "Exceeded possible number of hits to the API". |
|
|
Cisco SD-WAN Software Arbitrary File Creation Vulnerability |
|
|
Cisco SD-WAN Software Privilege Escalation Vulnerability |
|
|
Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability |
|
|
Cisco SD-WAN vManage Software Path Traversal Vulnerability |
|
|
Cisco SD-WAN vManage SQL Injection Vulnerabilities |
|
|
Cisco SD-WAN Information Disclosure Vulnerability |
|
|
Cisco SD-WAN vManage Software Path Traversal Vulnerability |
|
|
Cisco SD-WAN vManage SQL Injection Vulnerabilities |
|
|
Cisco SD-WAN vManage SQL Injection Vulnerabilities |
|
|
Cisco SD-WAN vManage SQL Injection Vulnerabilities |
|
|
Cisco SD-WAN vManage Information Disclosure Vulnerability |
|
|
Cisco SD-WAN vManage SQL Injection Vulnerabilities |
Open Bugs for Cisco SD-WAN Release 20.3.1
|
Bug ID |
Description |
|---|---|
|
MTCVM: AAA login to Multi-tenant Cisco SD-WAN Manager GUI is not working via TACACS |
|
|
Confg-db error during the application-server startup |
|
|
show ip route vpn <id> <ip address> isn't working with new confd version |
|
|
DC1 Cisco SD-WAN Manager template attachment disappear after a switchover |
|
|
20.3 : Modifying Active policies by deleting existing sequence number fails |
|
|
Config O356 Endpoints with prefixes less specific than 24 with Custom App from web servcies API |
|
|
OMPD crash with control-policy export vpn |
|
|
Multicast stops working on vEdge |
|
|
19.2.2 template push failing for 16.10.2 cedge devices |
|
|
vEdge HUB is missing config after Cisco SD-WAN Manager successfully attached template to vedge and is in sync |
|
|
Cisco SD-WAN Manager HELP redirects to cisco Intranet pages ( Unreachable ) |
|
|
Multitenant Cisco SD-WAN Manager may send CSR to wrong VA |
|
|
Cisco SD-WAN Manager: Cisco SD-WAN Manager dashboard is reporting error while cluster management is all fine |
|
|
Vedge end of line for the banner in 20.1 is not working as it did in 19.2 |
|
|
vEdge crashed with error "Software initiated - Daemon 'ompd' failed. Core files found" |
|
|
OMP Crash || Software initiated - Daemon 'ompd' failed |
|
|
vEdge control connections goes down after CSR generation |
|
|
When generating new certificate for SSO login to Cisco SD-WAN Manager started to fail |
|
|
20.3.907-16 : vBond upgrade fails after image download with control not established |
|
|
port 830 open for Service/Management VPN. |
|
|
Cisco SD-WAN Manager running 19.2.2 may stop responding to API calls for approutestatsstatistics |
|
|
CoR probes working for O365 but failing for every other SaaS application |
|
|
Cisco SD-WAN Manager is attempting to strip multiple LTE modem configs from ISR1000 and template push fails |
|
|
vEdge Cloud | System Initialization Stuck on KVM Platform running Ubuntu 14 |
|
|
fpmd crashes on vEdge1k, 2k with 19.2.1, 18.4.302 |
|
|
vEdge crashes with dbgd failed message when running speed test |
|
|
Cisco SD-WAN Cisco SD-WAN Manager Full GC (Allocation Failure) |
|
|
Cisco SD-WAN Manager GUI down due to GC Allocation Failure on 19.2.3 |
|
|
vE5k after upgrade to 19.2.3 isn't form control connections; doesn't able to resolve vBond URL |
|
|
Nutella - Cisco SD-WAN Manager not showing the correct hostname for Nutella device |
|
|
ip community-list expanded test permit 64700:[0-9]+ not able to configure on vMnanage template. |
|
|
vSmart crashes during vExpress run |
|
|
Email List does not accept co.in email addresses |
|
|
Control connection of vEdge Cloud going down after DR. |
|
|
Unable to edit vbond config via CLI , when control connection breaks from Cisco SD-WAN Manager. |
|
|
Cisco SD-WAN Manager: Configuration database restore in cluster fails due to password mismatch. |
|
|
Need to Remove the unsupported device - C1117-4PLTEEAWA* from Cisco SD-WAN Manager 17.3/20.3 throttle |
|
|
Remove all unsupported devices from 20.3 throttle |
|
|
vAnalytics - Launch vAnalytics not working in Cisco SD-WAN Manager UI |
|
|
No date and time info in the syslog payload |
|
|
This serial number in upload file is already associated with another vEdge Error in Cisco SD-WAN Manager 20.3.1 |
|
|
vEdge system buffer pool depletion and data plane stops forwarding with device-access-policy config |
|
|
Changing Config-DB ID/Password from default to non-default on a cluster of more than 3 members |
Interactive Help in Cisco SD-WAN Manager
To access the list of guided workflows for this release, from Cisco SD-WAN Manager, click Interactive Help.
The Interactive Help interface allows you to search for a specific workflow and filter the search results by workflow names.
This release provides guided workflows for the following procedures:
|
Workflow |
Description |
|---|---|
|
Configure Controllers and Devices |
|
|
Configure Cisco Catalyst SD-WAN Validator |
Configure the Cisco Catalyst SD-WAN Validator and add it to the overlay network. |
|
Configure Cisco Catalyst SD-WAN Controller |
Configure a Cisco Catalyst SD-WAN Controller to control data traffic flow throughout the network. |
|
Configure Cisco SD-WAN Manager Instance |
Configure a Cisco SD-WAN Manager instance by creating a device configuration template and adding it to the overlay network. |
|
Configure Cisco Catalyst SD-WAN Devices |
Configure Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices by creating configuration templates. |
|
Manage Devices in Overlay Network |
|
|
Add Devices to the Overlay Network |
Add Cisco Catalyst SD-WAN devices either by using authorized serial numbers or from Cisco Smart account. |
|
Decommission Virtual Devices |
Decommission a Cisco IOS XE Catalyst SD-WAN device or Cisco vEdge device to remove the device serial number. |
|
Remove Devices from the Overlay Network |
Remove Cisco Catalyst SD-WAN devices to clear an old device configuration from the Cisco SD-WAN Manager server. |
|
Change Device Values |
Change Cisco Catalyst SD-WAN device configuration by populating the variable values for the device. |
|
Troubleshoot Device Issues |
Determine and fix common Cisco Catalyst SD-WAN device connectivity issues. |
|
Upgrade Devices and Controllers |
Install and activate an upgraded software for Cisco Catalyst SD-WAN control components and Cisco Catalyst SD-WAN devices. You cannot use this workflow for:
|
Whom to contact for feedback?
We value your opinion and please send us your feedback at, mailto:sdwan-workflow-fb@cisco.com
Cisco Catalyst SD-WAN Control Components Compatibility Matrix and Server Recommendations
For compatibility information and server recommendations, see Cisco Catalyst SD-WAN Control Components Compatibility Matrix and Server Recommendations.
Supported Devices
For device compatibility information, see Cisco SD-WAN Device Compatibility.
Related Documentation
Full Cisco Trademarks with Software License
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Feedback