Release Notes for Cisco 4000 Series ISRs, Cisco

IOS XE Dublin 17.12.x

First Published: 2023-08-22

Full Cisco Trademarks with Software License

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL
ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND
RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED
WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL
RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT
ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND
ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE
FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the
University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating
system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE
OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE
ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST
PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE
THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual
addresses and phone numbers. Any examples, command display output, network topology diagrams, and
other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses
or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current
online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at
www.cisco.com/go/offices.

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
1
 Cisco 4000 Series Integrated Services Routers Overview

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and
other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/
legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use
of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

Cisco 4000 Series Integrated Services Routers Overview

Note Cisco IOS XE Dublin 17.12.1a is the first release for Cisco 4000 Series Integrated Services Routers in the
Cisco IOS XE 17.12.x release series.

The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by
means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface
Modules (NIMs).

Note Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy,
even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI)
is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the
hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround
for this limitation.
The licensing utilities and user interfaces that are affected by this limitation include only the following:
• Cisco Smart Software Manager (CSSM),
• Cisco Smart License Utility (CSLU), and
• Smart Software Manager On-Prem (SSM On-Prem).

System Requirements
The following are the minimum system requirements:

Note There is no change in the system requirements from the earlier releases.

• Memory: 4 GB DDR3 up to 16 GB
• Hard Drive: 200 GB or higher (Optional). The hard drive is only required for running services such as
Cisco ISR-WAAS.
• Flash Storage: 4 GB to 32 GB
• NIMs and SM-Xs: Modules (Optional)
• NIM SSD (Optional)

For more information, see the Cisco 4000 Series ISRs Data Sheet.

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
2
 Determining the Software Version

Note For more information on the Cisco WAAS IOS-XE interoperability, refer to the WAAS release notes:
https://www.cisco.com/c/en/us/support/routers/wide-area-application-services-waas-software/
products-release-notes-list.html.

Determining the Software Version

You can use the following commands to verify your software version:
• For a consolidated package, use the show version command
• For individual sub-packages, use the show version installed command

Upgrading to a New Software Release

To install or upgrade, obtain a Cisco IOS XE 17.12.x consolidated package (image) from Cisco.com. You
can find software images at http://software.cisco.com/download/navigator.html. To run the router using
individual sub-packages, you also must first download the consolidated package and extract the individual
sub-packages from a consolidated package.

Note When you upgrade from one Cisco IOS XE release to another, you may see %Invalid IPV6 address error in
the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias
commands and save the configuration. The commands will be persistent on subsequent reloads.

For more information on upgrading the software, see the Installing the Software section of the Software
Configuration Guide for the Cisco 4000 Series ISRs.

Recommended Firmware Versions

The following table lists the recommended ROMMON and CPLD versions for Cisco IOS XE 17.2.x onwards
releases.

Table 1: Recommended Firmware Versions

Cisco 4000 Series ISRs Existing ROMMON Cisco CCO URL for the CPLD
Field-Programmable Image
Devices

Cisco 4461 ISR 16.12(2r) 21102941 isr_4400v2_cpld_update_v2.0.SPA.bin

isr4400v2-hw-programmable.04.01.00.SPA.pkg

Cisco 4451-X ISR 16.12(2r) 19042950 isr4400_cpld_update_v2.0.SPA.bin

Cisco 4431 ISR 16.12(2r) 19042950 isr4400_cpld_update_v2.0.SPA.bin

Cisco 4351 ISR 16.12(2r) 19040541 isr4300_cpld_update_v2.0.SPA.bin

Cisco 4331 ISR 16.12(2r) 19040541 isr4300_cpld_update_v2.0.SPA.bin

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
3
 Upgrading Field-Programmable Hardware Devices

Cisco 4000 Series ISRs Existing ROMMON Cisco CCO URL for the CPLD
Field-Programmable Image
Devices

Cisco 4321 ISR 16.12(2r) 19040541 isr4300_cpld_update_v2.0.SPA.bin

Cisco 4221 ISR 16.12(2r) 19042420 isr4200_cpld_update_v2.0.SPA.bin

Note Cisco 4461 ISR may require two upgrade packages to upgrade to 21102941. See CPLD-4-1 Release Notes.

Upgrading Field-Programmable Hardware Devices

The hardware-programmable firmware is upgraded when Cisco 4000 Series ISR contains an incompatible
version of the hardware-programmable firmware. To do this upgrade, a hardware-programmable firmware
package is released to customers.
Generally, an upgrade is necessary only when a system message indicates one of the field-programmable
devices on the Cisco 4000 Series ISR needs an upgrade, or a Cisco technical support representative suggests
an upgrade.
From Cisco IOS XE Release 3.10S onwards, you must upgrade the CPLD firmware to support the incompatible
versions of the firmware on the Cisco 4000 Series ISR. For upgrade procedures, see the Upgrading
Field-Programmable Hardware Devices for Cisco 4000 Series ISRs.

Feature Navigator
You can use Cisco Feature Navigator to find information about feature, platform, and software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not
required.

New and Changed Information

New and Changed Hardware Features
There are no new hardware features for this release.

New and Changed Software Features

Table 2: New Software Features in Cisco IOS XE 17.12.1a

Feature Description

End-of-Sale and End-of-Life See the End-of-Sale and End-of-Life Announcement for the Cisco ISR4200,
Announcement for the Cisco ISR4300 and select ISR4400 Series Platform page for information about the
4000 Series Integrated end-of-life milestones for the Cisco 4000 Series Integrated Service Routers.
Service Routers

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
4
 Configure the Router for Web User Interface

Feature Description

Managing the SD-Routing This feature allows you to perform management operations for SD-Routing
Devices Using Cisco devices using Cisco Catalyst SD-WAN Manager. You can use a single network
SD-WAN Manager manage system (Cisco Catalyst SD-WAN Manager) to monitor all the
SD-Routing devices and therefore help in simplifying solution deployments.

Support for Automatic Log This feature allows you to delete the entries from the logging buffer. You can
Deletion configure the local syslog retention period after which the entries are purged
from the device automatically. To enable this feature, use the logging purge-log
buffer days command.

Support for Secure Factory This feature introduces the factory-reset all secure command for Cisco 4000
Reset Series ISRs.
From Cisco IOS XE 17.12.1a, you can use the factory-reset all secure
command to securely clear all the data in bootflash, hard disk, and ROMMONs.

Cisco Unified Border Element (CUBE) Features

GCM Ciphers for From Cisco IOS XE Dublin 17.12.1a onwards, GCM cipher negotiation
WebSocket-based Media supports secure connectivity of WebSocket server.
Forking

IPv6 Flows in High From Cisco IOS XE Dublin 17.12.1a onwards, High Availability in CUBE
Availability supports IPv6 flows.

Cover Buffer Enhancements From Cisco IOS XE Dublin 17.12.1a onwards, VoIP Trace for SIP messages
for VoIP Trace displays cause code in the cover buffer.

Configure the Router for Web User Interface

This section explains how to configure the router to access Web User Interface. Web User Interface requires
the following basic configuration to connect to the router and manage it.
• An HTTP or HTTPs server must be enabled with local authentication.
• A local user account with privilege level 15 and accompanying password must be configured.
• Vty line with protocol SSH/Telnet must be enabled with local authentication. This is needed for interactive
commands.
• For more information on how to configure the router for Web User Interface, see Cisco 4000 Series ISRs
Software Configuration Guide, Cisco IOS XE 17.

Resolved and Open Bugs

This section provides information about the bugs in Cisco 4000 Series Integrated Services Routers and describe
unexpected behavior. Severity 1 bugs are the most serious bugs. Severity 2 bugs are less serious. Severity 3
bugs are moderate bugs. This section includes severity 1, severity 2, and selected severity 3 bugs.
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based
tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and
vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
5
 Resolved and Open Bugs in Cisco 4000 Series Integrated Services Routers

Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z)
and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security
Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers
or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables
you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter
the open and/or resolved bugs by one or more of the following criteria:
• Last modified date
• Status, such as fixed (resolved) or open
• Severity
• Support cases

You can save searches that you perform frequently. You can also bookmark the URL for a search and email
the URL for those search results.

Note If the bug that you have requested cannot be displayed, this may be due to one or more of the following
reasons: the bug ID does not exist, the bug does not have a customer-visible description yet, or the bug has
been marked Cisco Confidential.

We recommend that you view the field notices for the current release to determine whether your software or
hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html

Resolved and Open Bugs in Cisco 4000 Series Integrated Services Routers

Resolved Bugs - Cisco IOS XE 17.12.1a

All resolved bugs for this release are available in the Cisco Bug Search Tool.

Bug ID Description

CSCwe57163 Device having kernel NULL pointer dereference, address: 0000000000000138

kernel panic crash.

CSCwe31226 Issues/discrepancies around CPU alarms generated and sent.

CSCwe82666 Not all HSL entries get pushed if more than 1 HSL entries are configured.

CSCwe43341 TLS control-connections down, traffic from controller dropped with

SdwanImplicitAclDrop.

CSCwe18124 MACsec remains marked as Secured, but randomly the traffic stops working.

CSCwe18276 Route-map not getting effect when its applied in OMP for BGP routes.

CSCwb74821 Unexpected behavior due to unstable power source.

CSCwe81182 (EPC, packet-trace) for IPsec running COFF (Crypto Offload).

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
6
 Resolved Bugs - Cisco IOS XE 17.12.1a

Bug ID Description

CSCwe63222 Certificate output is not getting changed on renew when Cloud Certificate Authorization
is automated.

CSCwe93905 NAT ALG is changing the Call-ID within SIP message header causing calls to fail.

CSCwe90501 Device upgrade fails due to advertise aggregate with VRF.

CSCwe85195 AAR: BoW feature ignoring color preference from Tiered Transport preference
configuration.

CSCwe14885 VPN is established although the peer is using a revoked certificate for authentication.

CSCwe06507 Device drops packets with reason 55 (Forus) when port forwarding is enabled from
outside to inside.

CSCwd53710 Crash seen when umbrella/zscaler template pushed to device when name_lookup
takes > 30 sec.

CSCwe66318 NAT entries expire on standby router.

CSCwd84599 Dataplane memory utilization issue - 97% QFP DRAM memory utilization.

CSCwd59722 Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP.

CSCwe70374 Platform punt-policer is not configurable.

CSCwe73408 For some error condition platform_properties may double free.

CSCwd42523 Same label is assigned to different VRFs.

CSCwe12194 Auto-update cycle incorrectly deletes certificates.

CSCwe57239 All USB internal communcation is closed when using platform usb disable command.

CSCvz82148 %CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each

write configuration with same crypto value.

CSCwe85421 BFD session down with interface flap.

CSCwe95606 Double GR_Additional log enablement defect.

CSCwe31471 Segmentation fault when per-tunnel QoS configuration withdraw.

CSCwe89404 No way audio when using secure hardware conference with secure endpoints.

CSCwd39257 IOS-XE CPP crash when entering no ip nat create flow-entries.

CSCwe70642 AAR overlay actions are applied to DIA traffic.

CSCwa96399 Configuring entity-information xpath filter causes syslogs to print, does not return
data.

CSCwe79007 Device unexpected reload when doing IPS test with UTD IPS engine.

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
7
 Open Bugs - Cisco IOS XE 17.12.1a

Bug ID Description

CSCwe31281 Autotunnel IPsec tracker: Tracker does not come up at all.

CSCwd93401 AppNav-XE: Policy-map edit on cluster with multiple service context fails to program
TCAM.

CSCwf65696 Non-fabric- load the minimal bootstrap configs again if device rebooted without saving
the configurations.

CSCwd76648 Port-channel DPI load-balancing not utilizing all the member-links.

CSCwe39011 GARP on port up/up status from router is not received by remote peer device.

CSCwb39206 Enable VFR CLI.

CSCwe85022 Device is showing 4 additional NR bands support - 1, 3, 7, and 28.

Open Bugs - Cisco IOS XE 17.12.1a

All open bugs for this release are available in the Cisco Bug Search Tool.

Bug ID Description

CSCwf70854 Changes to speed on the interface via CLI/GUI do not go through unless first done via
shell access.

CSCwf72079 Device unexpectedly reloads due to LocalSoft.

CSCwh06834 Using special characters in the password while generating TP generates an invalid TP.

CSCwh06870 APN password in plain text when device profile is configured.

CSCwf87292 Punt keep alive failure crash on controller-managed device apparently due to data
packets.

CSCwf83850 With Pure IPv6, minimal bootstrap unable to onboard Non-Fabric - IPv6 config missing
in WAN int G1.

CSCwf94294 Misprograming during vpn-list change under data policy.

CSCwf55145 SFP transceiver DOM not working after some time. However, interface forwards the
traffic as expected.

CSCwf94052 BFD going down for newly onboarded device.

CSCwf61720 Device No licenses in use after upgrading from traditional to Smart licensing IOS-XE
versions.

CSCwf80927 Speed tests to internet from device will fail sometimes.

CSCwf84522 Device unexpected rebooted while classifying packet with CTF (Common Flow Table).

CSCwh00320 show run and other show commands not in sync after removing GigabitEthernet3.

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
8
 Related Documentation

Bug ID Description

CSCwf44703 NAT64 prefix is not originated into OMP.

CSCwf99947 Crash when modifying tunnel after running show crypto commands.

CSCwf77252 SIP calls not working on device with ZBFW enabled.

CSCwf96416 Could not access any device show commands at all.

CSCwf67564 Device observes Memory Leak at process SSS Manager.

CSCwf34171 configure replace command fails due to the license udi PID XXX SN:XXXX line
on IOS-XE devices.

CSCwh00963 Unable to migrate from ADSL to VDSL without reboot.

CSCwf69062 SDRA-SSLVPN : The SSLVPN session closes with re-authentication error after some
interval of time.

CSCwf79264 Traffic forwarded to wrong VPN. Hence, traffic gets wrong zonepair matched and gets
dropped.

CSCwf71557 IPv4 connectivity over PPP not restored after reload.

CSCwf45486 OMP to BGP redistribution leads to incorrect AS_Path Installation on chosen next-hop.

CSCwh01313 Unexpected reboot due QFP UCode due to IPSec functions.

CSCwf95527 BFD entries removed.

CSCwe26895 Router has LocalSoftADR crash, writes flat core, and reloads.

CSCwh01318 Multiple crashes observed on platform due to memory exhaustion.

CSCwf71116 Static route keep advertising via OMP even though there is no route.

CSCwf60120 Static NAT entry gets deleted from running configuration, but remains in startup
configuration.

CSCwh00332 B2B NAT: when configration ip nat inside/outside on VASI intereface, ack/seq number
abnormal.

CSCwf78735 Device uses the NIM-1T/4T card for interconnection, and NAT+ GRE over IPsec
cannot be applied.

CSCwf84960 C-NIM-2T: LED L remains green after port shutdown.

CSCwf49390 Device crashes@crypto_map_unlock_map_head.

Related Documentation
• Release Notes for Previous Versions of Cisco 4000 Series ISRs
• Hardware Installation Guide for Cisco 4000 Series Integrated Services Routers

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
9
 Communications, Services, and Additional Information

• Configuration Guides for Cisco 4000 Series ISRs

• Command Reference Guides for Cisco 4000 Series ISRs
• Product Landing Page for Cisco 4000 Series ISRs
• Datasheet for Cisco 4000 Series ISRs
• End-of-Sale and End-of-Life Announcement
• Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs
• Field Notices
• Cisco Bulletins

Communications, Services, and Additional Information

• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
• To submit a service request, visit Cisco Support.
• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit
Cisco Marketplace.
• To obtain general networking, training, and certification titles, visit Cisco Press.
• To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system
that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides
you with detailed defect information about your products and software.

Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane
of every online document.

Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at
https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look
under Troubleshoot and Alerts to find information for the issue that you are experiencing.

Release Notes for Cisco 4000 Series ISRs, Cisco IOS XE Dublin 17.12.x
10
© 2023 Cisco Systems, Inc. All rights reserved.