Release Notes for Cisco 1000 Series Integrated

Services Routers, Cisco IOS XE Dublin 17.12.x

First Published: 2023-08-22

Full Cisco Trademarks with Software License

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL
ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND
RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED
WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL
RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT
ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND
ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE
FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the
University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating
system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE
OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE
ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST
PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE
THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual
addresses and phone numbers. Any examples, command display output, network topology diagrams, and
other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses
or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current
online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at
www.cisco.com/go/offices.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
1
 About Cisco 1000 Series Integrated Services Routers

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and
other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/
legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use
of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

About Cisco 1000 Series Integrated Services Routers

The Cisco 1000 Series Integrated Services Routers (also referred to as router in this document) are powerful
fixed branch routers based on the Cisco IOS XE operating system. They are multi-core routers with separate
core for data plane and control plane. There are two primary models with 8 LAN ports and 4 LAN ports.
Features such as Smart Licensing, VDSL2 and ADSL2/2+, 802.11ac with Wave 2, 4G LTE-Advanced and
3G/4G LTE and LTEA Omnidirectional Dipole Antenna (LTE-ANTM-SMA-D) are supported on the router.

Note Cisco IOS XE Dublin 17.12.1a is the first release for Cisco 1000 Series Integrated Services Routers in the
Cisco IOS XE Dublin 17.12.x release series.

Note Starting with Cisco IOS XE Amsterdam 17.3.2 release, with the introduction of Smart Licensing Using Policy,
even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI)
is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the
hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround
for this limitation.
The licensing utilities and user interfaces that are affected by this limitation include only the following:
• Cisco Smart Software Manager (CSSM),
• Cisco Smart License Utility (CSLU), and
• Smart Software Manager On-Prem (SSM On-Prem).

New and Changed Hardware and Software Features

New and Changed Software Features

Table 1: New Software Features

Feature Description

Managing the SD-Routing This feature allows you to perform management operations for SD-Routing
Devices Using Cisco devices using Cisco Catalyst SD-WAN Manager. You can use a single network
SD-WAN Manager manage system ( Cisco Catalyst SD-WAN Manager) to monitor all the
SD-Routing devices and therefore help in simplifying solution deployments.

Profile Clean-up on LTE To clean the cellular modem completely, users can press the physical factory-reset
Modems Using Factory button on the device, which enables the inbuilt lte cellular-profile-cleanup
Reset Button command to erase the configuration setup and profiles. This command is disabled
by default, but can be enabled only when the factory-reset button is pressed.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
2
 Cisco ISR1000 ROMmon Compatibility Matrix

Feature Description

Quantum-Safe Encryption This enhancement introduces support for Quantum-Safe Encryption using
Using Post-Quantum Post-Quantum Preshared Keys for the following platforms:
Preshared Keys
• Cisco 1000 Series Integrated Services Routers
• Cisco Catalyst 8500 Series Edge Platforms

Support for Automatic This feature allows you to delete the entries from the logging buffer. You can
Log Deletion configure the local syslog retention period after which the entries are purged from
the device automatically. To enable this feature, use the logging purge-log buffer
days command.

TrustSec and With this feature, the scale numbers for TrustSec and Software-Defined Access
Software-Defined Access (SDA) are measured for the following:
Scale Measurement
• Security Group Tag (SGT) or Destination Group Tag (DGT) Policies
• Unidirectional IPv4 SGT Exchange Protocol (SXP) connections
• Bidirectional IPv4 SXP connections
• IPv4 SGT Bindings
• IPv6 SGT Bindings
• Security Group Access Control Entries (SG ACEs)

Cube Features

CUBE/LGW: Cover From Cisco IOS XE Dublin 17.12.1a onwards, VoIP Trace for SIP messages
Buffer Enhancements for displays cause code in the cover buffer.
VoIP Trace

Note From Cisco IOS XE Release 17.9.1a, guestshell is removed from the IOS XE software image. As a result,
Zero Touch Provisioning (ZTP) python script is no longer supported on Cisco 1000 Series Integrated Services
Routers. If you need to use guestshell, then download it from
https://developer.cisco.com/docs/iox/#!iox-resource-downloads/downloads. For more information, see
Guestshell installation procedure.

Cisco ISR1000 ROMmon Compatibility Matrix

The following table lists the ROMmon releases supported in Cisco IOS XE 16.x.x releases and Cisco IOS
XE 17.x.x releases.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
3
Cisco ISR1000 ROMmon Compatibility Matrix

Note To identify the manufacturing date, use the show license udi command. For example:
Router#show license udi
UDI: PID:C1131-8PLTEPWB,SN:FGLxxxxLCQ6

The xxxx in the command output represents the manufacturing date.

• If the manufacturing date is greater than or equal to 0x2535, the manufactured ROMmon version is
17.6(1r) or higher.
• If the manufacturing date is less than 0x2535, the ROMmon will be automatically upgraded to 17.5(1r)
or above when the Cisco IOS XE 17.9.x release is installed.
• The minimal or recommended ROMmon version for devices using Cisco IOS XE 17.5 or later is 17.5(1r)
or later.

Note To upgrade to Cisco IOS XE Dublin 17.12.x, follow these steps:

1. If you are on a device that is running software version between Cisco IOS XE 16.x to Cisco IOS XE
17.4.x, upgrade to any IOS XE image between Cisco IOS XE 17.5.x to Cisco IOS XE 17.10.x.
2. After performing step a, upgrade to Cisco IOS XE 17.12.x.
3. For devices that are running on software version Cisco IOS XE 17.5.x or later, you can upgrade to Cisco
IOS XE 17.12.x directly.

Table 2: Minimum and Recommended ROMmon Releases Supported on Cisco 1000 Series Integrated Services Routers

Cisco IOS XE Release Minimum ROMmon Release for Recommended ROMmon

IOS XE Release for IOS XE

16.6.x 16.6(1r) 16.6(1r)

16.7.x 16.6(1r) 16.6(1r)

16.8.x 16.8(1r) 16.8(1r)

16.9.x 16.9(1r) 16.9(1r)

16.10.x 16.9(1r) 16.9(1r)

16.11.x 16.9(1r) 16.9(1r)

16.12.x 16.9(1r) 16.12(1r)

17.2.x 16.9(1r) 16.12(1r)

17.3.x 16.12(2r) 16.12(2r)

17.4.x 16.12(2r) 16.12(2r)

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
4
 Resolved and Open Bugs in Cisco IOS XE 17.12.x

Cisco IOS XE Release Minimum ROMmon Release for Recommended ROMmon

IOS XE Release for IOS XE

17.5.x 17.5(1r) 17.5(1r)

17.6.x 17.5(1r) 17.5(1r)

17.7.x 17.5(1r) 17.5(1r)

17.8.x 17.5(1r) 17.5(1r)

17.9.x 17.5(1r) 17.5(1r)

17.10.x 17.5(1r) 17.5(1r)

17.11.x 17.5(1r) 17.5(1r)

17.12.x 17.5(1r) 17.5(1r)

Resolved and Open Bugs in Cisco IOS XE 17.12.x

Resolved Bugs in Cisco IOS XE 17.12.1a
Table 3: Resolved Bugs in Cisco IOS XE 17.12.1a

Bug ID Description

CSCwe82666 Not all HSL entries get pushed to device if more than 1 HSL entries are configured
via vManage.

CSCwe31226 Issues/discrepancies around CPU alarms generated and sent to vManage from cEdge.

CSCwe43341 TLS control-connections down, traffic from controller dropped with SDWAN implicit
ACL drop.

CSCwe18124 MACSEC remains marked as SECURED, but randomly the traffic stops working.

CSCwe18276 Route-map not getting effect when its applied in OMP for BGP routes.

CSCwf83850 With Pure IPv6, minimal bootstrap unable to onboard Non-Fabric - ipv6 config missing
in wan int G1.

CSCwb74821 Unexpected behavior due to unstable power source.

CSCwe81182 (EPC, packet-trace) for IPsec running COFF (Crypto OFFLOAD).

CSCwe93905 NAT ALG is changing the Call-ID within SIP message header causing calls to fail.

CSCwe90501 Upgrade fails due to advertise aggregate with vrf.

CSCwe85195 AAR: BoW feature ignoring color preference from tiered transport preference
configuration

CSCwe14885 VPN is established although the peer is using a revoked certificate for authentication.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
5
Resolved Bugs in Cisco IOS XE 17.12.1a

Bug ID Description

CSCwd53710 Crash seen when umbrella/zscaler template pushed to device when name_lookup takes
30 sec.

CSCwe66318 NAT entries expire on standby router.

CSCwf83985 With pure IPv6 overlay, vbond vpn 0 ge0/0 interface if-oper-status down after power
off/on.

CSCwd84599 Dataplane memory utilization issue - 97% QFP DRAM memory utilization

CSCwd59722 Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP.

CSCwe70374 Device punt-policer is not configurable.

CSCwe73408 For some error condition platform_properties may double free.

CSCwd42523 Same label is assigned to different VRFs

CSCwe12194 Auto-update cycle incorrectly deletes certificates.

CSCwe57239 All usb internal communication is closed when using platform usb disable command.

CSCvz82148 %CRYPTO_SL_TP_LEVELS-6-VAR_NEW_VALUE message is observed in each

write config with same crypto value.

CSCwe85421 cEdge BFD session down with interface flap.

CSCwe83169 Pseudowire control word not working on device.

CSCwe95606 Double GR_Additional log enablement defect.

CSCwe31471 Segmentation fault in SDWAN PB rx when per-tunnel qos config withdraw.

CSCwe89404 No way audio when using secure Hardware conference with secure endpoints.

CSCwd39257 IOS-XE cpp crash when entering no ip nat create flow-entries.

CSCwe63222 Certificate output is not getting changed on renew when cloud certificate authorization
is automated.

CSCwe70642 AAR overlay actions are applied to DIA traffic.

CSCwa96399 Configuring entity-information xpath filter causes syslogs to print, does not return
data.

CSCwe79007 cEdge unexpected reload when doing ips test with UTD ips engine.

CSCwe31281 Autotunnel IPsec tracker: Tracker does not come up at all on vEdge.

CSCwd93401 AppNav-XE: Policy-map edit on cluster with multiple service context fails to program
TCAM.

CSCwd76648 Port-channel DPI Load-balancing not utilizing all the member-links.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
6
 Open Bugs in Cisco IOS XE 17.12.1a

Bug ID Description

CSCwe39011 GARP on port up/up status from router is not received by remote peer device.

CSCwb39206 Enable VFR CLI in sdwan mode.

CSCwe85022 Telstra Cert: FN980 modem is showing 4 additional NR bands support - 1, 3, 7, and
28.

Open Bugs in Cisco IOS XE 17.12.1a

Table 4: Open Bugs in Cisco IOS XE 17.12.1a

Bug ID Description

CSCwf70854 Changes to speed on the interface via CLI/GUI does not go through unless first done
via shell access.

CSCwf72079 Device unexpectedly reloads due to LocalSoft.

CSCwh06834 Using special characters in the password while generating TP generates an invalid TP.

CSCwh06870 APN password in plain text when cellular controller profile is configured.

CSCwf87292 Punt keep alive failure crash on device controller managed apparently due to for us
data packets.

CSCwf83850 With pure IPv6, minimal bootstrap unable to onboard non-fabric - IPv6 config missing
in wan int G1.

CSCwf94294 Misprograming during vpn-list change under data policy.

CSCwf55145 SFP transceiver DOM not working after some time, however interface forwards the
traffic as expected.

CSCwf94052 BFD going down for newly onboarded device.

CSCwf61720 No licenses in use after upgrading from traditional to Smart Licensing IOS-XE versions.

CSCwf80927 Speed tests to internet from device triggered.

CSCwf84522 Unexpected rebooted while classifying packet with CTF (Common Flow Table).

CSCwf44703 NAT64 prefix is not originated into OMP.

CSCwf99947 Crash when modifying tunnel after running show crypto commands

CSCwf77252 SIP calls not working on device with ZBFW enabled.

CSCwf96416 Can not access any show sdwan commands at all.

CSCwf67564 Device observes Memory Leak at process SSS Manager.

CSCwf34171 Configure replace command fails due to the license udi PID XXX SN:XXXX line on
IOS-XE devices.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
7
 Related Information

Bug ID Description

CSCwh00963 Unable to migrate from ADSL to VDSL without reboot.

CSCwf69062 SDRA-SSLVPN : The SSL VPN session closes with re-authentication error after some
interval of time.

CSCwf79264 Traffic forwarded to wrong VPN hence traffic gets wrong zonepair matched and gets
dropped.

CSCwf71557 IPv4 connectivity over PPP not restored after reload.

CSCwf45486 OMP to BGP redistribution leads to incorrect AS_Path installation on chosen Next-Hop.

CSCwh01313 Unexpected reboot due qfp uCode due to IPSec functions.

CSCwf95527 BFD entries removed.

CSCwe26895 Router has Local Soft ADR crash, writes flat core, and reloads.

CSCwh01318 Multiple crashes observed on platform due to memory exhaustion.

CSCwf71116 Static route keep advertising via OMP even though there is no route.

CSCwf60120 Static NAT entry gets deleted from running config; but remains in startup config

CSCwh00332 B2B NAT: when configuration ip nat inside/outside on VASI intereface, ack/seq
number abnormal.

CSCwf49390 Crashes@crypto_map_unlock_map_head.

Related Information
• Hardware Installation Guide
• Software Configuration Guide
• Smart Licensing using Policy

Communications, Services, and Additional Information

• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
• To submit a service request, visit Cisco Support.
• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit
Cisco Marketplace.
• To obtain general networking, training, and certification titles, visit Cisco Press.
• To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
8
 Documentation Feedback

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system
that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides
you with detailed defect information about your products and software.

Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane
of every online document.

Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at
https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look
under Troubleshoot and Alerts to find information for the issue that you are experiencing.

Release Notes for Cisco 1000 Series Integrated Services Routers, Cisco IOS XE Dublin 17.12.x
9
© 2023 Cisco Systems, Inc. All rights reserved.