Release Notes for Cisco Configuration Professional Express 3.5.1
Available Languages
Table of Contents
Release Notes for Cisco Configuration Professional Express 3.5.1
Determining the Cisco IOS Release
What is Not Supported in Release 3.5.1
Release Notes for Cisco Configuration Professional Express 3.5.1
First Published: April 5, 2018
This Release Notes document supports Cisco Configuration Professional Express Release 3.5.1. This document should be used with the documents listed in the “Related Documentation” section.
This Release Notes is updated as required. To ensure that you have the latest version of the Release Notes, go to http://www.cisco.com/en/US/products/ps9422/tsd_products_support_series_home.html. In the Support area, choose Software Downloads, Release and General Information > Release Notes, and locate the release notes pertaining to your release.
Introduction
Cisco Configuration Professional Express is an embedded, device-management tool that enables bootstrap configuration and provisioning of an Cisco Integrated Services Router (ISR).
CCP Express provides you two options to bring up a brand new router. You can use the Quick Setup Wizard to perform the basic configuration tasks and Advanced Setup option for detailed configuration options. For a brand new router Quick setup wizard is the preferred option.
Supported HWICs
Table 2 lists the HWICs that Cisco Configuration Professional Express supports.
Cisco IOS Releases
Cisco Configuration Professional Express requires Cisco IOS Release 15.2.4M2 or later, or Release 15.3.1T or later for all SKUs. To get all security features support use the release 15.5(1)T. For CCP Express 3.5.1, it is recommended to use IOS release 15.7(3)M2.
Determining the Cisco IOS Release
To determine the Cisco IOS software release currently running on your Cisco router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the Cisco IOS release in the second line.
Installation Files
The Cisco Configuration Professional Express 3.5.1 installation files are left untarred on the router flash.
What is New in Release 3.5.1
Release 3.5.1 introduces the following new features and bug fixes:
- Resolved CFD CSCvh68843 – In Test Wan Connection page, User Interface displays a message as “ cannot get IP from ISP even the WAN connection is OK ”.
- Resolved CFD CSCvh57474 - User cannot enter same range for TCP and UDP ports in policy creation
- General Performance improvements in Loading.
- The latest version will load the new User Interface by default.
- Minor enhancements in the User Interface high-level menu.
- Added Http/Https configuration section.
- Build and User info added to System Information pop-up window.
- Dropped Device Details dashlet as System Info serves the same purpose.
- Interfaces tab added under dashboard section and Interface dashlet moved to the same.
- Day 1 Support for Hoover devices (IR829 M & B series).
- Support for Monitor User having only read-access to the application.
- Added Monitor View section. This is for Admin user to manage Monitor Users.
- Minor enhancements in user screen that provides support for Monitor User. Application now marks a user as Admin, Monitor or No Access if the minimum recommended IOS is present.
- Minimum recommended IOS version for CCP Express 3.5.1 onwards will be 15.7(3)M2 or later.
Known Issues and Workarounds
This following is the list of known issues in Cisco Configuration Professional Express Release 3.5.1:
Symptom: In the Interface screen (in both the Admin view and the EndUser view), the Edit VLAN and Edit Interface dialog boxes do not reflect the correct values for the attributes displayed on the Summary screen.
Condition: This issue occurs when the Interfaces feature is in use, and an interface or a VLAN is being edited.
Workaround: Upgrade your Cisco IOS Software Release to 15.2(4)M or later.
Symptom: The Cisco Configuration Professional Express interfaces screen displays a blank page.
Condition: This issue occurs when the Cisco IOS Release that is being used is earlier than Release 15.2, and router has cellular interfaces.
Workaround: Upgrade to Cisco IOS Release 15.2.4M2 or later, or Release 15.3.1T or later for all SKUs.
Symptom: While creating a user very first time in a new router the password is not encrypted..
Condition: The user will be prompted to create a new user while logging in to the router for the first time with default username and password. The newly created user is not encrypted. The password will be visible when anyone tries to check the running configuration.
Workaround: Login to router and execute a CLI “service password-encryption” in config mode. Otherwise navigate to “Configure CLI” menu and execute the same CLI in config mode.
Symptom: NAT translations do not happen if stale NAT translation CLIs present in the configuration.
Condition: This problem is seen when interface enabled for NAT feature is deleted using CCP Express 3.0 [on supported Cisco Routers]
This problem occurs with the following conditions:
1. Enabling NAT during Interface configuration and deleting it
2. Configuring an interface as Primary WAN interface and deleting it
3. Configuring an interface as Secondary WAN interface and deleting it
In above conditions following CLIs are sent to router from CCPExpress software and stays in configuration as stale entries when deleted
1. If the interface part of NAT overload configuration is deleted then create that interface (see example below)
2. Delete the stale NAT overload CLI
3. Delete the created interface
4. Execute "clear nat translations forced"
Below entry may exist on the device causing NAT translations to not work properly.
Symptom: Unable to access the Internet. Traffic is not going through the configured WAN interface.
Condition: When the WAN interface gets its IP and default gateway from DHCP server, CCP Express should not push "ip route 0.0.0.0 0.0.0.0 'primary WAN interface'" configuration to the router. With this configuration the traffic is not flowing through the device, when already the default route (GW IP received from DHCP server) is installed on the router.
Workaround: Remove the CLI manually in the router like “no ip route 0.0.0.0 0.0.0.0 'primary WAN interface'” or using CCP Express “anyCli” feature to execute the CLI
Symptom: The protocol 914c/g protocol is not listed under net-admin application list in the Policy screen.
Condition: This particular protocol not be configured using CCP Express.
There is no workaround. If we configure "match protocol 914c/g" under any of the class-maps using CLI on the router, then UI will throw "parsing error" while accessing some features eg. CWS
Symptom: Uploads in CCP Express are getting aborted automatically under certain conditions in Microsoft Internet Explorer due to browser timeout issues.
Condition: When Microsoft Internet Explorer is used, we have noticed that certain devices shoot up in the CPU utilization to 100%. This causes subsequent processing to halt. The options are to try again or use Google Chrome, Mozilla Firefox, or Microsoft Edge browsers.
There is no workaround for this in Microsoft Internet Explorer.
Symptom: Integration with Cisco Active Advisor works at authentication level, but you cannot upload data from device in Microsoft Internet Explorer.
Condition: When Microsoft Internet Explorer is used, the authentication to CAA works, but the data upload does not work. We need to use Google Chrome, Mozilla Firefox, or Microsoft Edge.
Workaround: There is no workaround for this in Microsoft Internet Explorer.
Symptom: IOS upload not listing the IOS image on the IR boxes.
Condition: The command show file info should yield “type is image” for any IOS image file. In IR routers, this is shown as “ebcdic text”. Hence the files are not listed.
Workaround: A code workaround to check for ebcdic text if the box type is IR is put in to list the IOS images. This is entirely not correct as vlan.dat (and also other files which are not known at this point) can also be listed as ebcdic text. So code has excluded vlan.dat from the checks and only checks for type as ebcdic text to list the IOS images. In addition, since IR devices use IOS installation bundles, the file is checked for presence of “bundle” in its name. The user will have to manually identify and select the correct IOS image bundle.
Symptom: Dashboard router option is not showing Hardware Health in IR routers..
Condition: Hardware Health option in Dashboard is not listed. The output of the command “show environment all” given by IOS in IR routers is very much different when compared to the standard output given in ISR routers for IOS (based on which the initial design was done).
Workaround: There is no workaround here. By design, if the values cannot be fetched, the dashlet will not be displayed.
Symptom: Login to UI is not possible for user with privilege level other than 15.
Condition: HTTP server in IOS permits only privilege level 15 user credentials to be used for application login.
Workaround: There is no workaround. User should be created with privilege level.
Symptom: Integration with Cisco Active Advisor works at authentication level, but you cannot upload data from device in Microsoft Internet Explorer.
Condition: When Microsoft Internet Explorer is used, the authentication to CAA works, but the data upload does not work. We need to use Google Chrome, Mozilla Firefox, or Microsoft Edge.
Workaround: There is no workaround for this in Microsoft Internet Explorer.
Symptom: Upgrade from an older version causes top menu items to launch different pages.
Condition: When user upgrades to version 3.4 from older versions, the page reloads after the upgrade and clicking the top menu items may launch different pages.
Workaround: Clear the browser cache and launch CCP Express again. This is because top menu was rearranged and after the installation, the old file is present on the browser and does not fetch the new file.
Symptom: Safari browser does not do copy to clipboard, download of config and also allow user to enter data in certain fields.
Condition: Safari browser does not support every element currently used. Blob and Datalist are not supported.
Workaround: Datalist is used in few pages where the drop down has values and also allows user to enter any value. This option of entering values will not be available when using Safari. Also Copy to Clipboard and Download of config is not displayed in Safari. In case this support is required, user should use any other supported browser.
Symptom: On the IR829 Dual-LTE, controller profile configuration results in unnecessary warning for modem-reset.
Condition: When pushing the controller configuration from Quick Setup Wizard, the device issues warnings even when the pushed configuration is the existing default.
Workaround: The fix for this is addressed in CCP Express defect CSCve52052 (Ambiguous instruction to reset modem leads to incomplete workflow). For every profile push, a modem reset is issued from CCP Express in the case of dual LTE. With this fix in the code, the issue of ambiguous instructions displayed to the user leading to configuration breakage is addressed
Symptom: IOX Device Manager does not launch on theIR809.
Condition: This is caused by a platform bug in IOS 15.6.3M1 release. When IOS is upgraded from 15.6.3M1 to latest 15.6.3M2 the Guest OS product_id is not getting updated with a valid ID and the 'caf' process stops running.
Workaround: To overcome this issue, follow these steps from the Guest OS console.
IR800-GOS-1:~# cp /etc/platform/product_id /software/caf/work/product_id
IR800-GOS-1:~# monit restart caf
Check CAF status by executing 'monit summary'. You should be see caf in a Running state.
After following the above steps, the device will be able to launch the IOX manager UI manually as well as from CCP_Express.
Symptom: Default configuration can cause a device lockout.
Condition: The default configuration contains a one-time user, which is removed if logged in via telnet.
Workaround: The default configuration leaves the console without any login credentials. In case of a lockout, the user can always use the console to gain access back to the device. To counter the connectivity issue, the new user is written to the device before the existing one-time user is cleared.
Symptom: Quick Setup Wizards provides an option for WiFi AP Config on the IR829 device, but doesn't actually configure the AP.
Condition: This happens when the BVI Interface is not configured.
Workaround: The user has to ensure that BVI IP address is configured before using Wizard WiFi configuration.
Symptom: WiFi configuration not getting pushed on LAN network change.
Condition: When a user changes the LAN network while using the Quick Setup Wizard, the WiFi configuration gets pushed to the AP. This is followed by a write memory which will save the configuration on the AP. Following this the BVI interface address is updated. But since the network change happened, the AP would not be reachable from 10.10.10.0 network. This means that the change to the BVI Interface IP address is pushed, but is not written to memory. And in case of a reboot or power failure after the day 0 configuration using Quick Setup Wizard, this IP Address change can be lost.
Workaround: In case of a LAN network change, user should login to the router using the new IP address, session in to AP and then issue a write memory. This will ensure that the changes to BVI interface is saved to memory in the AP
Symptom: IR809 cellular interface configuration not working as expected.
Condition: Cellular interface profile changes are returning an error on an IR809 running on 15.6(3)M2 IOS.
Additionally, the modem related information is returned as blank values.
Workaround: This platform issue for IR809 is addressed in IOS release15.7. The user should upgrade to this latest version, subject to its availability.
Symptom: Performance issue on the IR800 series.
Condition: The IR800 could display slow performance if the Guest OS is consuming too many CPU resources.
Workaround: Refer to the software configuration guide in the IR800 documentation for examples of performance tuning. This should only be done under the recommendation of Cisco or an authorized partner. 4G performance may be impacted if changed without proper guidelines.
Symptom: Application shows issues when using the Edge Browser. Many elements are not rendered correctly and the user is unable to proceed with actions.
Condition: Some features of the application are not working when using the Edge Browser as compared to other browsers.
Workaround: Use any of the following browsers: Chrome, Firefox, Safari (Mac only) and Internet Explorer 11 (Windows only).
Symptom: On the IR809, when security is configured, IOX access via LAN may not work if the right configuration is not present.
Condition: When security is configured, zones come into effect. So if IOX configuration is done, both the IOX interface as well as the interface acting as the LAN interface should be present in the LAN zone for IOX LAN access to work.
Workaround: The application cannot check if the interface acting as the LAN interface is present in the LAN zone. The user should navigate to the Zones screen under the Security tab, and add the respective interface under Zone LAN. Once this is done, IOX access via LAN should help the user access the Device Manager.
Symptom: CPU Graph has a rendering delay when configuration radio options are clicked.
Condition: User launches Dashboard and clicks on CPU Dashlet link. The dashlet loads and displays the data in graph format. If you change the interval options, the graph takes a couple of seconds to fetch and display the data. This is due to the time taken to query the device and the time for the plug-in to render the graph.
Workaround: There is no workaround for this.
Symptom: Modem details are not listed in CCP Express running on IR807 platform.
Condition: In IR807, Modem details do not get listed. This is because the IOS does not provide the Modem details for the standard command.
Workaround: There is no workaround for this. User will have to check and upgrade to the version of IOS where the Modem details are listed for IR807.
Symptom: Upgrade of CCP Express fails in Edge browser.
Condition: When using Edge for CCP Express upgrade, it is noticed that the upgrade process fails. Sometimes this happens frequently. The options are to try again or use Chrome, or Firefox browsers.
Workaround: There is no workaround for this in Edge.
Symptom: Cisco 800 Series ISR does not support some Transform Set combinations in VPN advanced configuration.
Condition: Some Transform Set combinations give error while doing VPN advanced configurations. The application lists only those transform sets which are available on the platform.
Workaround: User to use discretion while choosing the transform sets. There is no other workaround for this.
Symptom: Password entered in SNMP configuration is not fetched back by application.
Condition: IOS does not display the password used in SNMP configuration via any supported command. Since the value cannot be fetched back from the device, this field cannot be populated.
Workaround: There is no workaround for this as this is purely from the IOS platform.
Symptom: CCP Express does not defend against CSRF attack.
Condition: CCP Express application can defend against CSRF attack only if the IOS HTTP server employs a usable solution to fix the same.
Workaround: There is no workaround for the same.
Symptom: Safari browser does not list the default ports shown as drop-down for TCP & UDP in extended ACL configuration.
Condition: Safari browser does not support data-list in HTML.
Workaround: There is no workaround in Safari for this.
Symptom: WAN interface shows status as down in IR800 after configuration using Quick Setup Wizard.
Condition: WAN interface status is retrieved from show ip interface brief and other supported commands. The application lists the status as read from the device configuration. This issue is not consistently reproducible.
Workaround: There is no workaround for this as application depends on IOS platform to provide the status.
Symptom: Enabling AVC is taking more than 45 seconds.
Condition: The implementation is native to IOS. The following cli takes time to fetch data and it depends on the device response rate
show ip nbar protocol-discovery [interface type number] [stats {byte-count | bit-rate | packet-count| max-bit-rate}] [protocol protocol-name | top-n number].
Workaround: Launch AVC once and then the subsequent loadings should take less time.
Symptom: When no Sim is present in USB LTE, it does not show correct SIM status.
Condition: USB LTE does not support the SIM status commands available for normal Cellular interfaces. The only way to fetch the sim status is via RSSI values. But the RSSI value does not change when SIM is removed. For details check the platform defect: CSCvf67829.
Workaround: Do a modem-reset and wait for 3 to 5 minutes. Once modem is reset successfully, the modem details and the RSSI values are reflected correctly.
Symptom: Access to monitor screens for build extracted in folder under root requires additional login.
Condition: IOS platform requires that the home htmls are placed directly under flash:. When this is not the case, the IOS design is such that it authenticates twice. This is platform design.
Workaround: Install CCP Express application under flash: or provide the authentication and save the credentials in browser.
Symptom: Occasionally getting error ?%NAT: Error deactivating CNBAR on the interface Cellular0/0? from the device while trying to remove ip nat from under the cellular interface.
Condition: Issue happens randomly. Device gives error while trying to remove ip nat configuration. Applicable only on devices C841M-4X-JAIS/K9 and C841M-8X-JAIS/K9 when USB LTE modem is attached.
Workaround: User will need to clear the unwanted configurations manually using CLI.
Symptom: Enabling AVC on IR device is not working.
Condition: Enabling AVC throws error on configuring ip nbar http-services.The error thrown is "% NBAR Error: corrupted binary". This is because nbar 1 is not supported on IR devices.
Workaround: There is no workaround for this as nbar1 is not supported on IR devices. The AVC feature will not be accessible on IR devices to prevent users from attempting configuration.
Symptom: Enabling IP Sec VPN is not working on IR Devices. Same is the case for Combination VPN for IPSecVPN+RemoteAccessVPN..
Condition:On Hoover (IR829 M or B series) running IOS 15.7(3) or above, after enabling and configuring IP Sec VPN or the combination VPN of IPsec+RemoteAccess, no records are listed even though the configuration goes fine. This is because "show crypto session" is giving a blank output. This is a platform issue and is applicable for all IR 8x9 and 8x7 series devices.
Workaround: There is no workaround for this as the platform issue (CSCvi70052) needs to be fixed for the same.
Related Documentation
Additional documentation available for the Cisco Configuration Professional Express are:
- Cisco Configuration Professional Express Feature Guide
- Cisco Configuration Professional Express Quickstart Guide
- Cisco Configuration Professional Express Administration Guide
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)