 Feedback
|
Table Of Contents
Release Notes for the Cisco 4451-X Integrated Services Router
Cisco 4451-X Integrated Services Router Overview
Cisco IOS XE 3S Releases and Cisco IOS Release Number Mapping
Determining the Software Version
Upgrading to a New Software Release
Limitations and Restrictions - Cisco ISR 4451-X Release 3.10S
Limitations and Restrictions - Cisco ISR 4451-X Release 3.9S
New Features and Important Notes About Cisco ISR 4451-X Release 3.11S
New Software Features in Cisco ISR 4451-X Release 3.11.0S
New Features and Important Notes About Cisco ISR 4451-X Release 3.10S
Cisco AppNav Drops TCP Packets during Reboot of Router (Release 3.10.2)
8-Port Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module (Release 3.10.2)
Software Features in Cisco ISR 4451-X (Release 3.10.0S)
Open Caveats - Cisco IOS XE Release 3.11.0S
Resolved Caveats - Cisco IOS XE Release 3.11.0S
Open Caveats - Cisco IOS XE Release 3.10.2S
Resolved Caveats - Cisco IOS XE Release 3.10.2S
Open Caveats - Cisco IOS XE Release 3.10.1S
Resolved Caveats - Cisco IOS XE Release 3.10.1S
Open Caveats - Cisco IOS XE Release 3.10.0S
Resolved Caveats - Cisco IOS XE Release 3.10.0S
Open Caveats - Cisco IOS XE Release 3.9.1S
Platform-Specific Documentation
Cisco IOS Software Documentation
Obtaining Documentation and Submitting a Service Request
Release Notes for the Cisco 4451-X Integrated Services Router
Published: February 6, 2014OL-29478-01This document provides information about the Cisco IOS XE 3S software release for the
Cisco 4451-X Integrated Services Router and consists of the following sections:•
Cisco 4451-X Integrated Services Router Overview
•
•
•
•
Cisco 4451-X Integrated Services Router Overview
The Cisco ISR 4451-X is a modular router with LAN and WAN connections that can be configured by means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface Modules (NIMs).
Cisco IOS XE 3S Releases and Cisco IOS Release Number Mapping
The Cisco ISR 4451-X releases correspond to the Cisco IOS XE releases.
Table 1 lists the mappings between the Cisco IOS XE 3S software releases and their associated Cisco IOS software releases.
Table 1 Cisco IOS XE 3S-to-Cisco IOS Release Number Mapping
3.11S
15.4(1)S
3.10S
15.3(3)S
3.9S
15.3(2)S
System Requirements
The following are the minimum requirements for the Cisco IOS XE 3.9.1S release.
•
–
–
–
–
–
Determining the Software Version
You can use the following commands to verify your software version:
•
•
Upgrading to a New Software Release
To install or upgrade, obtain a Cisco IOS XE 3S consolidated package (image) from Cisco.com. You can find images at http://software.cisco.com/download/navigator.html. To run the router using individual subpackages, you also need to first download the consolidated package and extract the individual subpackages from a consolidated package.
For information about upgrading software, see the "How to Install and Upgrade Software" section in the Software Configuration Guide for the Cisco 4451-X Integrated Services Router.
Feature Navigator
You can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not required.
Limitations and Restrictions
•
•
Limitations and Restrictions - Cisco ISR 4451-X Release 3.10S
There is a new "Performance" feature license. This license enables the performance feature, which give an increased throughput of 2Gbps compared to a default throughput of 1Gbps. The performance feature is part of the ipbasek9 technology package.
Enable the feature by ordering the performance license (part number FL-44-PERF-K9). Once the license is installed, it will be displayed as the "throughput" license in Cisco IOS command output.
To configure the feature, use the platform hardware throughput command, as shown in the following example:
Example
Router(config)# platform hardware throughput level ?1000000 throughput in kbps2000000 throughput in kbpsRouter(config)# platform hardware throughput level 2000000Limitations and Restrictions - Cisco ISR 4451-X Release 3.9S
(The following limitations and restrictions apply to all releases.)
•
Cisco ISR-WAAS and AppNav-XE Service
The Cisco ISR-WAAS/AppNav service requires a system to be configured with a minimum of
8GB of DRAM and 16GB flash memory. For large service profiles, 16GB of DRAM and 32GB flash memory is required.IPsec Traffic
IPsec traffic is restricted on the Cisco ISR 4451-X. The router has the same IPsec functionality as a Cisco ISR G2. The default behavior of the router will be as follows (unless an HSECK9 license is installed):
If the limit of 225 concurrent IPsec tunnels is exceeded, no more tunnels are allowed and the following error message appears:
%CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.When the throughput value for the inbound (decrypted) traffic exceeds 85Mbps, subsequent IPsec traffic in that direction will be dropped and the following message will be displayed:
%IOSXE-4-PLATFORM:cpp_cp: QFP:0.0 Thread:001 TS:00000001786413378010 %CERM_DP-4-DP_RX_BW_LIMIT: Maximum Rx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.To avoid this restriction and enable full IPsec functionality on the router, install an HSECK9 feature license.
New Features and Important Notes About Cisco ISR 4451-X Release 3.11S
This section describes new features in Cisco IOS XE 3.11S that are supported on the Cisco ISR 4451-X and on other platforms.
New and Changed Information
•
•
New Software Features in Cisco ISR 4451-X Release 3.11.0S
The following features are supported by the Cisco 4451-X Integrated Services Router for Cisco IOS XE Release 3.11S.
•
The enforced lawful intercept license allows the Lawful Intercept (LI) feature to be used.
Lawful Intercept (LI) is the process by which law enforcement agencies conduct electronic surveillance as authorized by judicial or administrative order. For further information on LI, see Introduction to Lawful Intercept.
For further information on using the LI feature, see Lawful Intercept Architecture, in the Cisco User Security Configuration Guide.
For further information on the LI feature license for the Cisco ISR 4451-X, see Feature Licenses, in the Software Configuration Guide for the Cisco 4451-X Integrated Services Router.
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-prevent-export-storms.html
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_isis/configuration/15-2s/irs -rmte-lfa-frr.html
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-mpl s-vpnomgre-xe.html
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/lsmmldp.html
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s//iro-ipfrr-lfa.html
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_tcp_x e.html
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-s/iro-ipfrr-lfa.html
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-mpls-vpnomgre-xe.html
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book.html
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
•
For further information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/access/4400/software/configuration/guide/isr4400swcfg.html
Cisco 6-port GE SFP Service Module
A Cisco 6-port GE SFP service module is a gigabit ethernet module that can be inserted into the SM slot of the Cisco ISR 4451-X to provide gigabit ethernet features on routable external interfaces. For further information on configuring this service module, see:
Software Configuration Guide for the Cisco 6-port GE SFP Service Module
New Features and Important Notes About Cisco ISR 4451-X Release 3.10S
New and Changed Information
•
•
•
Cisco AppNav Drops TCP Packets during Reboot of Router (Release 3.10.2)
Dropping TCP Packets During Router Reboot Process in AppNav Controller Group Scenario
For AppNav Controller Group (ACG) scenarios, a new CLI (service-insertion acg-reload-delay) provides a time delay before enabling WAN traffic for a router that has just rebooted. During the delay, the router drops all TCP packets passing through the WAN interface. This enables the router to synchronize flows before traffic is enabled, preventing unintended resetting of connections.
8-Port Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module (Release 3.10.2)
The 8-port Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module is supported for Cisco IOS XE Release 3.10.2 (SKU: NIM-8CE1T1-PRI).
Software Features in Cisco ISR 4451-X (Release 3.10.0S)
This section describes features supported on the Cisco 4451-X Integrated Services Router in Cisco IOS XE 3.10S that are specific to this platform.
Multilink Point-to-point Protocol
For further information, see the following Cisco document:
Multilink PPP Support for the Cisco 4451-X Integrated Services Router.
No Service Password-Recovery
For further information, see the following Cisco document:
Configuring No Service Password-Recovery on the Cisco ISR 4451-X
Caveats
This section provides information about the caveats in Cisco 4451-X Integrated Services Routers , Release 3S. Caveats describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
In this section, the following information is provided for each caveat:
The following information is provided for each caveat:
· Symptom—A description of what is observed when the caveat occurs.
· Conditions—The conditions under which the caveat has been known to occur.
· Workaround—Solutions, if available, to counteract the caveat.
Note
https://tools.cisco.com/bugsearch?referring_site=btk
(If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
•
•
•
•
•
•
•
•
•
Open Caveats - Cisco IOS XE Release 3.11.0S
•
Symptom:
EVC works unexpectedly on port channel.
Conditions:
1) Create port-channel, enable EVC.
2) Bind interface to port-channel.
The interface is configured with EVC, mac filtering is disabled.
3) Unbind interface from port-channel.
After step 3, mac is configured to original mac of interface, but the mac filtering function is not enabled.
Workaround:
Remove the evc configuration explicitly from the port-channel and then remove the physical interface from the port-channel.
•
Symptom:
The "Lost carrier" counter displays 0 (zero) in the show interface output for the ethernet interface even though the ethernet cable is disconnected or the peer connection is shutdown.
Conditions:
The cable is disconnected or the peer connection is shutdown
Workaround:
None.
•
Symptom:
A decrease in NDR (dropoff rate) occurs when using the FPGE interface.
Condition:
For IPv6 traffic flow, where the prefix length is greater than 64 bits, the NDR decreases in steps of 10-20 Kpps.
Workaround:
Reload the router.
•
Symptom:
On the router, certain special characters sent to the module console session can result in a locked session which will no longer accept input.
Conditions:
The problem occurs when special non-keyboard characters such as a raw linefeed "\r" character is sent to the module console from a tool or script. It is not seen when using a normal interactive session with manual input.
Workaround:
The console session can be recovered by reloading the module in question via the hw-module subslot x/y reload command.
•
Symptom:
The show version running command is not populating the software version for NIM/RP/FP slot with a Cisco IOS XE 3.11 image.
Conditions:
Testing the ENTITY-MIB, running ENTITY-MIB script.
Workaround:
None.
•
Symptom:
Error messages with signatures "FP100: %QFPOOR-4-LOWRSRC_PERCENT" are repeatedly shown on the console whenever configurations are applied on the router or a clean-up operation is performed.
Conditions:
When configurations are made or clean-up operations are performed, incorrect error messages such as""FP100: %QFPOOR-4-LOWRSRC_PERCENT" are shown on the console.
Workaround:
None. These error messages are singular in nature and do not overfill the console.
•
Symptom:
Performing SNMP Get on entPhysicalFirmwareRev and entPhysicalSoftwareRev for NGWIC-8CE1T1-PRI returns a null value.
Conditions:
While querying ENTITY-MIB on NGWIC-8CE1T1-PRI module.
Workaround:
None.
•
Symptom:
After enabling an appxk9 license on the host Cisco ISR 4451-X router and reloading the router, a ping from the host router through to a Cisco SM-X Layer 2/3 EtherSwitch Service Module (24-port) to a peer fails. A ping in reverse—from Cisco SM-X Layer 2/3 EtherSwitch Service Module (24-port) to ISR 4451-X—also fails.
Condition:
When an appxk9 license is enabled and the router is reloaded (to activate the license).
Workaround:
Reset the peer interface (shut / no shut).
•
Symptom:
Module takes three attempts to come up online when router is reloaded and module is inserted (OIR) with no extended attribute file in router NVRAM.
Conditions:
1. Delete the extended attributes file from router NVRAM and reload the router.
2. Insert module in router again.
Workaround:
None
•
Symptom:
The command show version running is not populating software version for NIM/RP/FP slot with the Cisco IOS XE 3.11 image.
Condition:
Testing the ENTITY-MIB, by running ENTITY-MIB script.
Workaround:
None.
•
Symptom:
Router crashes with a Cisco IOS error message such as:
*Nov 5 17:48:19.128: %CMRP-3-CHASSIS_MONITOR_READY_TIME_EXCEEDED:cmand: Reloading F0 because it has failed to become ready for packet processing
Condition:
During booting, the router does not run certain crypto NIST/KAT self-tests and a generic message is output which does not indicate the crypto self-test has failed.
Workaround:
There is no workaround.
Resolved Caveats - Cisco IOS XE Release 3.11.0S
•
Symptom:
Automated scripts fail after you copy/paste characters to the Cisco SM-X-1 T3/E3 module console; the characters are dropped or not displayed properly.
Conditions:
When copy/paste is used to enter characters to the module console, some characters may be dropped or are not displayed properly.
Workaround:
Manually enter any input needed on the module console rather than using cut/paste to enter large amounts of text to the module console.
•
Symptom:
The error message "%IOMD-3-TIMER_FAIL:iomd: Failed to clear timer." appears while issuing module commands such as show platform hardware subslot module or
show platform software subslot module.Conditions:
If the Cisco ISR 4451-X and the Cisco SM-X-1 T3/E3 module and interfaces are running near line rate traffic and the command show platform hardware subslot module host-if statistics is used to obtain the statistics from the module.
Workaround:
There is no workaround.
•
Symptom:
When IPsec is configured, OneFW drops packets (about 5%) when inspecting traffic coming out of an IPSEC tunnel. The reason for the drop is "Asacx CRC checksum error".
Conditions:
When the packet size is greater than 1450 bytes.
Workaround:
There is no workaround.
•
Symptom:
The router may unexpectedly reload at the Watchdog process "Timer Library", after a physical WAN-GigE admin-shutdown, with all the GM's registered and waiting for the rekey.
Conditions:
When the Cisco ISR 4451-X is acting as a VRF-Lite GM.
Workaround:
There is no workaround.
•
Symptom:
When an 8-port Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module of E1 card type and 248 channel groups is configured, followed by OIR with a 1-port module configured with full 31 channel groups (E1), then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
Conditions:
When the 8-port T1/E1 module is configured, followed by OIR with a 1-port module configured with full 31 channel groups, then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
Workaround:
Remove the failed channel groups, and re-configure them.
•
Symptom:
Potential starving of features that are able to use recycle queue resources because Cisco AppNav queue is made high priority.
Conditions:
A large amount of traffic exhausts the Cisco AppNav recycle queues, which are used by mpass infrastructure.
Workaround:
There is no workaround.
•
Symptom:
Potential starving of features that are able to use recycle queue resources because Cisco AppNav queue is made high priority.
Conditions:
A large amount of traffic exhausts the Cisco AppNav recycle queues, which are used by mpass infrastructure.
Workaround:
There is no workaround.
•
Symptom:
When a Cisco T1/E1 NIM's E1 interface has channel-groups and ds0-group, some ds0-groups may not come up on the remote side (suppose it's argot), and voice call cannot be made.
Conditions:
This happens when both channel groups and ds0-groups are configured on the same Cisco T1/E1 NIM.
Workaround:
Current work around is to always configure ds0-group first, then configure channel-group or tdm-group.
•
Symptom:
The front panel gigabit ethernet interface is a dual media interface. When the RJ45 port is operational and an SFP transceiver is inserted, the RJ45 link bounces (up -> down -> up).
Conditions:
Using a GLC-T or GLC-GE-100FX SFP transceiver.
Workaround:
None.
•
Symptom:
Very large numbers are seen sometimes in the output of "backplane switch" counters - show platform hardware backplane R0 ... statistics after clearing the counters via clear platform hardware backplane R0 statistics.
Conditions:
After clearing the backplane switch counters. This does not impact the interface counters and other statistics.
Workaround:
Issue the clear command again to clear the counters properly.
•
Symptom:
The "Internal_service" license state shows as "Active, Not In Use" even after it has expired. The system Linux Shell cannot be accessed after the "Internal_service" 1 Day license has expired, which is expected. However, if a new 1 Day license is installed again, even though the license state comes up as "Active, In Use" the Linux Shell still cannot be accessed.
Conditions:
Install a 1 Day "Internal_service" license. Let the license expire and then install another 1 Day "Internal_service" license.
Workaround:
Configure and unconfigure the "platform shell" command to recover the license so that it is in a proper working state.
Router#config terminal
Router(config)#platform shell
Router(config)#no platform shell
Router(config)#platform shellThe System Linux Shell is now accessible.
•
Symptom:
The following examples of tracebacks are seen on the router console:
*Oct 22 17:21:02.089 IST: %IDBINDEX_SYNC-3-IDBINDEX_LINK: Driver for IDB type '27' changed the Identity of interface "Ethernet-Internal1/0/0" without deleting the old Identity first (rc=8) -Process= "CWAN OIR Handler", ipl= 0, pid= 151
-Traceback= 1#a09998a000c6775399bb03536911aed5 :400000+B54D71 :400000+391F380 :400000+391EA76 :400000+3D33CE7 :400000+3D33953 :400000+3D72B1E :400000+437F8EC :400000+363274A :400000+3631F28 :400000+3613515 :400000+3613BF5 :400000+4358A3F :400000+4358F7E :400000+267EEBE :400000+435A381 :400000+435A243
*Oct 31 14:36:45.526: %IDBINDEX_SYNC_KEY-3-UNKNOWN_TYPE: Interface type is unknown and cannot be synced: "", 0 -Process= "CWAN OIR Handler", ipl= 0, pid= 158
-Traceback= 1#42d0348895d7f998d3747a45d48d89b8 :400000+B54E31 :400000+393430A :400000+393C0DA :400000+393C7D8 :400000+3938CF4 :400000+362F0D0 :400000+362EF0A :400000+4377CCA :400000+26993EC :400000+4375801 :400000+43756C3 :400000+4397DBF :400000+3806CDB :400000+3806B6C
*Oct 31 14:36:45.529: -Traceback= 1#42d0348895d7f998d3747a45d48d89b8 :400000+B54177 :400000+393430F :400000+393C0DA :400000+393C7D8 :400000+3938CF4 :400000+362F0D0 :400000+362EF0A :400000+4377CCA :400000+26993EC :400000+4375801 :400000+43756C3 :400000+4397DBF :400000+3806CDB :400000+3806B6CConditions:
Several possible conditions cause these symptoms:
1) When one etherswitch module is inserted and remove in about 35 seconds and replaced with another etherswitch module, some tracebacks or error messages will be observed on the router console.
2) When the NIM-2CE1T1-PRI module is stopped via the hw-module command.
3) Booting the router with NIM-2CE1T1-PRI module.
Workaround:
Do not perform rapid online insertion/removal—let the module come up properly before removing it.
Do not perform a hw-module stop of the NIM-2CE1T1-PRI module.
Some tracebacks may not have a workaround.
•
Symptom:
Traffic is dropped for Trustsec over DMVPN on the Cisco ISR 4451-X.
Conditions:
Transport mode is used.
Workaround:
Use Tunnel mode.
Open Caveats - Cisco IOS XE Release 3.10.2S
•
Symptom:
When router has an empty ACL, it fails to deny all traffic.
Conditions:
An empty ACL in the policy.
Workaround:
Ensure the ACL is not empty in the class-map.
•
Symptom:
Out-Of-Resource error may happen with MLPPP traffic when oversubscribed.
Conditions:
MLPPP traffic with member link oversubscription.
Workaround:
Avoid oversubscribing the member link. This can be done by keeping the MLP bundle throughput rate at less than 95% of the line rate.
•
Symptom:
Router does not give the necessary failure information if the crypto NIST/KAT tests on boot fails. In the event of some test failures, the user will not be notified. The logs will also contain no information on the failure(s) so TAC will not be able to help the user.
Conditions:
Router crashes on boot with the following Cisco IOS error message in the event of a Crypto NIST/KAT self test. The message below is a generic message and not specific to a crypto self test failure.
*Nov 5 17:48:19.128: %CMRP-3-CHASSIS_MONITOR_READY_TIME_EXCEEDED:cmand: Reloading F0 because it has failed to become ready for packet processing. This message doesn't give enough information for the user to take the proper course of action.
Workaround:
None.
Resolved Caveats - Cisco IOS XE Release 3.10.2S
•
Symptom:
Loss of keepalive packets caused by a low priority flow being raised to high priority.
Conditions:
When FRF.12 is enabled, the priority is raised to high priority and keepalive packets may be lost due to congestion.
Workaround:
None.
•
Symptom:
HP2 traffic is throttled even when under-subscribed. Modules need to absorb bursts without impact to priority handling, latency and throughput.
Conditions:
LLQ burst borrowing is enabled.
Workaround:
None.
•
Symptom:
Tracebacks with the following signature "%QFPOOR-4-LOWRSRC_PERCENT" are seen on the console with negative percentage complaining of resource depletion.
Conditions:
These tracebacks are usually seen on a clean-up operation performed on a router i.e manual removal of all configs. But it's not limited to only this operation and could be seen with router configuration as well.
Workaround:
None.
•
Symptom:
Internal_service license state shows as "Active, Not In Use" even after its expiry. The system Linux Shell cannot be accessed upon expiry of the "Internal_service' 1 Day license which is expected. However if an new 1 Day license is installed again, the license state comes up as "Active, In Use", but Linux Shell cannot be accessed.
Conditions:
Install 1 Day "Internal_service" license. Let the license expire then install another 1 Day "Internal_service" license.
Workaround:
Configure and unconfigure the platform shell configuration command to recover the license to proper working state.
•
Symptom:
The user will see the system shaping to too low a rate when a tunnel moves to a faster interface, and shaping to too high a rate when a tunnel moves to a slower interface.
Conditions:
Upon a dynamic move of a tunnel to a link with a different speed and the QoS configuration option "shape average percent" has been applied, then rates are not automatically re-calculated.
Workaround:
The workaround to this issue is to avoid "shape average percent" whenever possible. If it is not possible, then after a tunnel moves occurs, modify the shaping percent by plus or minus 1 percent, and then restore to original value—because this forces a recalculation of the shaping rate.
•
Symptom:
Serial interface protocol status shows down.
Conditions:
Perform OIR and configure few channel-groups. Then swap original board back.
Workaround:
Reload the router.
•
Symptom:
Router is not able to detect a PoE device that is attached to the FPGE PoE port.
Conditions:
PoE device is attached to FPGE PoE port and the PoE port is configured with power inline auto and no shutdown.
Workaround:
Perform shutdown, no shutdown, or power inline never, power inline auto in the GigE port where the PoE device is plugged in.
•
Symptom:
Re-registration time is recalculated on GM nodes upon receiving a TBAR rekey, based on the remaining TEK lifetime at the time of the TBAR rekey. This effectively causes a much-shorter re-registration window compared to the one obtained at the GM registration, even if the original TEK lifetime was configured with a long value.
Conditions:
This symptom is observed when TBAR is configured and long TEK lifetime used (more than 7200 seconds).
Workaround:
None.
•
Symptom:
Classification by ACL in QoS is broken when using it with IPSec tunnel.
Conditions:
Use ACL for classification in policy-map and apply a QoS to physical interface. QoS pre-classify is configured under IPSec tunnel
Workaround:
Apply a QoS to IPSec tunnel.
Open Caveats - Cisco IOS XE Release 3.10.1S
•
Symptom:
8-port CT1E1 controller's channel groups fail to come up after doing OIR with a 1-port controller.
Conditions:
1. Using an 8-port CT1E1 controller, with the E1 card type and 248 channel groups configured, followed by 2. OIR with a 1-port model (configured with 31 channel groups), then 3. OIR back to the original 8-port CT1E1—results in the first controller's channel groups failing to come up.
Workaround:
Remove the failed channel groups, and re-configure them for the controller.
•
Symptom:
The "Internal_service" license state shows as "Active, Not In Use" even after it has expired. The system Linux Shell cannot be accessed after the "Internal_service" 1 Day license has expired, which is expected. However, if a new 1 Day license is installed again, even though the license state comes up as "Active, In Use" the Linux Shell still cannot be accessed.
Conditions:
Install a 1 Day "Internal_service" license. Let the license expire and then install another 1 Day "Internal_service" license.
Workaround:
Configure and unconfigure the "platform shell" command to recover the license so that it is in a proper working state.
Router#config terminal
Router(config)#platform shell
Router(config)#no platform shell
Router(config)#platform shellThe System Linux Shell is now accessible.
•
Symptom:
Failure message Embedded hash verification failed is returned during copy operations on non-image files.
Conditions:
When "file verify auto" is enabled in the running configuration and a local copy operation is done for a file that does not contain a signature; for example, a log file or configuration backup, the copy fails.
Workaround:
Use copy/noverify or disable "file verify auto".
•
Symptom:
When a Cisco T1/E1 NIM's E1 interface has channel-groups and ds0-group, some ds0-groups may not come up on the remote side (suppose it's argot), and voice call cannot be made.
Conditions:
This happens when both channel groups and ds0-groups are configured on the same Cisco T1/E1 NIM.
Workaround:
Current work around is to always configure ds0-group first, then configure channel-group or tdm-group.
Resolved Caveats - Cisco IOS XE Release 3.10.1S
•
Symptom:
Any traffic going through the Cisco ISR4451's data plane is dropped.
Conditions:
Issue is seen only after power cycling the box multiple times.
Workaround:
Power cycle the box again to recover from the issue.
•
Symptom:
IPsec drops packets with an HMAC error: "%IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error"
Conditions:
When packets are large-sized (over 9150 bytes) and the Cisco ISR 4451-X is terminating an IPSEC session.
Workaround:
Use a packet size of less than 9150 bytes.
•
Symptom:
A Cisco SM-X-1 T3/E3 module is not reloaded for recovery on the Cisco ISR 4451-X if there is any loss of control packet or configuration messages from the host.
Conditions:
When the module is unresponsive to host control packets.
Workaround:
Use the hw-module subslot slot / subslot reload command to bring the module up.
•
Symptom:
When IPsec is configured, OneFW drops packets (about 5%) when inspecting traffic coming out of an IPSEC tunnel. The reason for the drop is "Asacx CRC checksum error".
Conditions:
When the packet size is greater than 1450 bytes.
Workaround:
There is no workaround.
•
Symptom:
Some kernel failure messages (for example, "COMRESET failed") appear in the console logs.
Conditions:
During online insertion and removal (OIR) of a NIM-SSD module or after the chassis comes up after a power cycle.
Workaround:
There is no workaround.
•
Symptom:
The error message "%IOMD-3-TIMER_FAIL:iomd: Failed to clear timer." appears while issuing module commands such as show platform hardware subslot module or
show platform software subslot module.Conditions:
If the Cisco ISR 4451-X and the Cisco SM-X-1 T3/E3 module and interfaces are running near line rate traffic and the command show platform hardware subslot module host-if statistics is used to obtain the statistics from the module.
Workaround:
There is no workaround.
•
Symptom:
Automated scripts fail after you copy/paste characters to the Cisco SM-X-1 T3/E3 module console; the characters are dropped or not displayed properly.
Conditions:
When copy/paste is used to enter characters to the module console, some characters may be dropped or are not displayed properly.
Workaround:
Manually enter any input needed on the module console rather than using cut/paste to enter large amounts of text to the module console.
•
Symptom:
The following Kernel message appears:
*Jul 2 06:11:28.823: %IOSXE-3-PLATFORM:kernel: dash_c2w_reset_sequence: c2w reset sequence FAILED.*Jul 2 06:11:28.823: %IOSXE-3-PLATFORM:kernel: dash_reset_i2c_bus: Unable to reset adapter: 11Conditions:
On every reboot of the Cisco ISR 4451-X with a UCSE double-wide module.
Workaround:
There is no workaround.
•
Symptom:
The show memory debug leak chunk command displays a chunk memory leak in function mcp_spa_tdl_alloc.
Conditions:
During bootup of the router's DMVPN hub loaded with a Cisco IOS XE 3.10.0S image.
Workaround:
There is no workaround.
Open Caveats - Cisco IOS XE Release 3.10.0S
This section documents the unexpected behavior that might be seen in the Cisco ISR 4451-X in
Cisco IOS XE Release 3.10.0S.•
Symptom:
A few fragmented IPsec packets are dropped and appear as IpFormatErr in the error counts.
Conditions:
If a configuration results in fragmented packets being received, decrypted and then re-encrypted for transmission on an interface different than the receiving interface, a packet may *rarely* be dropped. The packet drops will be shown as IpFormatEr in the error counts.
Workaround:
There is no workaround.
•
Symptom:
The error message "%IOMD-3-TIMER_FAIL:iomd: Failed to clear timer." appears while issuing module commands such as show platform hardware subslot module or
show platform software subslot module.Conditions:
If the Cisco ISR 4451-X and the Cisco SM-X-1 T3/E3 module and interfaces are running near line rate traffic and the command show platform hardware subslot module host-if statistics is used to obtain the statistics from the module.
Workaround:
There is no workaround.
•
Symptom:
Some kernel failure messages (for example, "COMRESET failed") appear in the console logs.
Conditions:
During online insertion and removal (OIR) of a NIM-SSD module or after the chassis comes up after a power cycle.
Workaround:
There is no workaround.
•
Symptom:
Automated scripts fail after you copy/paste characters to the Cisco SM-X-1 T3/E3 module console; the characters are dropped or not displayed properly.
Conditions:
When copy/paste is used to enter characters to the module console, some characters may be dropped or are not displayed properly.
Workaround:
Manually enter any input needed on the module console rather than using cut/paste to enter large amounts of text to the module console.
•
Symptom:
IPsec drops packets with an HMAC error: "%IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error"
Conditions:
When packets are large-sized (over 9150 bytes) and the Cisco ISR 4451-X is terminating an IPSEC session.
Workaround:
Use a packet size of less than 9150 bytes.
•
Symptom:
Failure message Embedded hash verification failed is returned during copy operations on non-image files.
Conditions:
When "file verify auto" is enabled in the running configuration and a local copy operation is done for a file that does not contain a signature; for example, a log file or configuration backup, the copy fails.
Workaround:
Use copy/noverify or disable "file verify auto".
•
Symptom:
When IPsec is configured, OneFW drops packets (about 5%) when inspecting traffic coming out of an IPSEC tunnel. The reason for the drop is "Asacx CRC checksum error".
Conditions:
When the packet size is greater than 1450 bytes.
Workaround:
There is no workaround.
•
Symptom:
When an 8-port Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module of E1 card type and 248 channel groups is configured, followed by OIR with a 1-port module configured with full 31 channel groups (E1), then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
Conditions:
When the 8-port T1/E1 module is configured, followed by OIR with a 1-port module configured with full 31 channel groups, then OIR back to an 8-port T1/E1 module, the first controller's channel groups fail to come up.
Workaround:
Remove the failed channel groups, and re-configure them.
•
Symptom:
CISCO-ENTITY-PERFORMANCE-MIB is unsupported. The MIB tables do not populate.
Conditions:
When querying CISCO-ENTITY-PERFORMANCE-MIB(ciscoEntityPerformanceMIB) using SNMP.
Workaround:
There is no workaround.
•
Symptom:
The show platform software ipsec FP active inventory command does not display correct entries for "ipsec flow count" and "sa cont count".
Conditions:
While verifying EzVPN into MPLS/VPN across an MPLS backbone, and IVRF=FVRF in client mode.
Workaround:
There is no workaround.
•
Symptom:
The router may unexpectedly reload at the Watchdog process "Timer Library", after a physical WAN-GigE admin-shutdown, with all the GM's registered and waiting for the rekey.
Conditions:
When the Cisco ISR 4451-X is acting as a VRF-Lite GM.
Workaround:
There is no workaround.
•
Symptom:
A Cisco SM-X-1 T3/E3 module is not reloaded for recovery on the Cisco ISR 4451-X if there is any loss of control packet or configuration messages from the host.
Conditions:
When the module is unresponsive to host control packets.
Workaround:
Use the hw-module subslot slot / subslot reload command to bring the module up.
•
Symptom:
SNMP tracebacks are seen since MIBS are not removed on unplugging the module during any-to-any OIR.
Conditions:
During any-to-any OIR, when configurations are made under a channel-group, MIBS are not removed after unplugging the module.
Workaround:
There is no workaround.
•
Symptom:
The show memory debug leak chunk command displays a chunk memory leak in function mcp_spa_tdl_alloc.
Conditions:
During bootup of the router's DMVPN hub loaded with a Cisco IOS XE 3.10.0S image.
Workaround:
There is no workaround.
•
Symptom:
Control plane ping with packet size > 600 bytes fails on a Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module.
Conditions:
Execute command:
test platform software tdl ping subslot module endpoint 0 repeat 100 size 1800
Workaround:
There is no workaround.
•
Symptom:
The control plane communication to the service module fails silently. Any command (CLI) that requires a response from the module may fail.
Examples of commands that may fail include:
show plat hardware subslot x/y module firmware
show plat software
show platform hardware
The error "module unresponsive" is printed on the console.
Other symptoms include:
–
–
Conditions:
One example condition is found while using the Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module, after execution of the command:
test plat soft tdl ping subslot x/y module endp 0 size (where size > 600)
The error may also occur when using other service modules under different conditions.
Workaround:
Reload the service module using the command hw-module subs <x/y> reload.
•
Symptom:
The following Kernel message appears:
*Jul 2 06:11:28.823: %IOSXE-3-PLATFORM:kernel: dash_c2w_reset_sequence: c2w reset sequence FAILED.*Jul 2 06:11:28.823: %IOSXE-3-PLATFORM:kernel: dash_reset_i2c_bus: Unable to reset adapter: 11Conditions:
On every reboot of the Cisco ISR 4451-X with a UCSE double-wide module.
Workaround:
There is no workaround.
•
Symptom:
Potential starving of features that are able to use recycle queue resources because Cisco AppNav queue is made high priority.
Conditions:
A large amount of traffic exhausts the Cisco AppNav recycle queues, which are used by mpass infrastructure.
Workaround:
There is no workaround.
•
Symptom:
A serial interface of the Cisco Fourth-generation T1/E1 Voice and WAN Network Interface Module (Cisco T1/E1 NIM) with High-Level Data Link Control (HDLC) encapsulation, stays down.
Conditions:
Using a Cisco T1/E1 NIM, and with FR encapsulation configured on the default serial interface— serial interfaces stay down.
One back-to-back setup:
1. Configure FR encapsulation.
2. Ping test success.
3. Default serial interface on both uut and peer.
4. Serial interfaces are down.
5. Shut and no shut of interface, causes that particular serial interface to toggle, but all interfaces don't come up.
Workaround:
shutdown and no shutdown of the controller brings up the interfaces.
•
Symptom:
When a Cisco T1/E1 NIM's E1 interface has channel-groups and ds0-group, some ds0-groups may not come up on the remote side (suppose it's argot), and voice call cannot be made.
Conditions:
This happens when both channel groups and ds0-groups are configured on the same Cisco T1/E1 NIM.
Workaround:
Current work around is to always configure ds0-group first, then configure channel-group or tdm-group.
•
Symptom:
On Cisco T1/E1 NIM after an FPGA upgrade, the winmon upgrade fails from a bundled image if both have upgraded versions.
Conditions:
If there is a new winmon coupled with new FPGA, only FPGA upgrade happens and no winmon upgrade kicks in.
Workaround:
There is no workaround.
•
Symptom:
Memory leaks occur after running "SM-X-ES3-24-P" regression scripts.
Conditions:
The Cisco ISR 4451-X with one or two "SM-X-ES3-24-P" modules inserted where the modules have at least one IP phone (9971 or 9951) connected to its front-panel ports.
Workaround:
There is no workaround.
•
Symptom:
Any traffic going through the Cisco ISR4451's data plane is dropped.
Conditions:
Issue is seen only after power cycling the box multiple times.
Workaround:
Power cycle the box again to recover from the issue.
Resolved Caveats - Cisco IOS XE Release 3.10.0S
•
Symptom:
The show ipv6 cef exact-route command does not show the correct egress interface for traffic.
Conditions:
In a network with multiple parallel paths, the show ipv6 cef exact-route command does not show the correct egress interface for traffic streams. This happens when using any of the following cef load sharing algorithms:
ipv6 cef load-sharing algorithm include-ports sourceipv6 cef load-sharing algorithm include-ports destinationipv6 cef load-sharing algorithm include-ports source destinationWorkaround:
There is no workaround.
•
Symptom: The system is reset after the port-channel load-balancing vlan-manual command is entered, while traffic is running.
Conditions: When the port-channel load-balancing vlan-manual command is entered to create a port-channel, while traffic is running, the CPP crashes and the system is reset.
Workaround:
Ensure there is no traffic running when you configure a port channel using the
port-channel load-balancing vlan-manual command.•
Symptom: The number of octets shown in the drop statistics, is 0 (zero), as shown in the following example:
Router# show platform hardware qfp active statistics drop clear
Global Drop Stats Packets Octets
Firewall Nonsession 24384124 0Conditions: Although the number of dropped packets is shown correctly, the number of octets is shown as 0 (zero).
Workaround: There is no workaround.
Open Caveats - Cisco IOS XE Release 3.9.1S
This section documents the unexpected behavior that might be seen in the Cisco ISR 4451-X in
Cisco IOS XE Release 3.9.1S.•
Symptom:
The show ipv6 cef exact-route command does not show the correct egress interface for traffic.
Conditions:
In a network with multiple parallel paths, the show ipv6 cef exact-route command does not show the correct egress interface for traffic streams. This happens when using any of the following cef load sharing algorithms:
ipv6 cef load-sharing algorithm include-ports sourceipv6 cef load-sharing algorithm include-ports destinationipv6 cef load-sharing algorithm include-ports source destinationWorkaround:
There is no workaround.
•
Symptom: Cisco IOS software command output shows a negative file size for core files which are larger than 2GB (kernel core dump).
OVLD_2#dir bootflash:/core Directory of bootflash:/core/ 277443 -rw- -1932872006 Jun 6 2012 15:31:26 +00:00 kernel.rp_20120606153126.core.gz 277448 -rw- 602923008 Jun 7 2012 07:28:55 +00:00 kernel.rp_20120607072855.core.gzConditions: Whenever a core file with a size greater than 2GB is generated, Cisco IOS will show it as negative file size.
Workaround: The output which appears showing the file size as negative is not the main issue. The main issue is that a file greater than 2GB in size, cannot be copied via the management port or using tftp. If you need to copy a large file such as this, please contact Cisco TAC to help you copy the file using the platform shell.
•
Symptom: The system is reset after the port-channel load-balancing vlan-manual command is entered, while traffic is running.
Conditions: When the port-channel load-balancing vlan-manual command is entered to create a port-channel, while traffic is running, the CPP crashes and the system is reset.
Workaround:
Ensure there is no traffic running when you configure a port channel using the
port-channel load-balancing vlan-manual command.•
Symptom: The number of octets shown in the drop statistics, is 0 (zero), as shown in the following example:
Router# show platform hardware qfp active statistics drop clear
Global Drop Stats Packets Octets
Firewall Nonsession 24384124 0Conditions: Although the number of dropped packets is shown correctly, the number of octets is shown as 0 (zero).
Workaround: There is no workaround.
Related Documentation
•
•
•
Platform-Specific Documentation
For information about the Cisco ISR 4451-X and associated services and modules, see:
Documentation Roadmap for the Cisco 4451-X Integrated Services Router
Cisco IOS Software Documentation
The Cisco IOS XE 3S software documentation set consists of Cisco IOS XE 3S configuration guides and Cisco IOS command references. The configuration guides are consolidated platform-independent configuration guides organized and presented by technology. There is one set of configuration guides for the Cisco IOS release train and another for the Cisco IOS XE 3S release train. However, there is only one set of command references because they are platform independent—Cisco IOS command references support all Cisco platforms that are running any Cisco IOS or Cisco IOS XE software image.
See http://www.cisco.com/en/US/products/ps11174/tsd_products_support_series_home.html
Note
Information in the configuration guides often includes related content that is shared across software releases and platforms. Some features referenced in these configuration guides may not be supported by Cisco IOS XE 3S or by the Cisco ISR 4451-X.
Additionally, you can use Cisco Feature Navigator to find information about feature, platform, and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on cisco.com is not required.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013 Cisco Systems, Inc. All rights reserved.
