- Introduction
- System Requirements
- Limitations and Restrictions
-
- Release 3.17S Features and Important Notes
- Release 3.16S Features and Important Notes
- Release 3.15S Features and Important Notes
- Release 3.14S Features and Important Notes
- Release 3.13S Features and Important Notes
- Release 3.12S Features and Important Notes
- Release 3.11S Features and Important Notes
- Release 3.10S Features and Important Notes
- Release 3.9S Features and Important Notes
- Release 3.8S Features and Important Notes
- Release 3.7S Features and Important Notes
- Release 3.6S Features and Important Notes
- MIBs
- Related Documentation
- New and Changed Information
- New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S
- New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
- New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
- 1-port OC-192c/STM-64 POS/RPR Shared Port Adapter, XFP Optics
- Add support for more than 32 FNF fields
- Aliases
- ASR1000 - 16k policy map scaling
- ASR-1000 Minimal Disruptive Restart (MDR) Phase 2 - POS SPA MDR
- ASR1000: 40G Native Ethernet Line card
- ASR1000-ESP200
- ATM support on SPA-24CHT1-CE-ATM on ASR1000
- Auto-IP
- BGP - L3VPN iBGP pe-ce (RFC 6368)
- BGP NSR Support for MPLS VPNv4 and VPNv6 Inter AS Option B
- Bidirectional MPLS-TP LSP
- Bowflex - NHRP snmp restructuring
- Bulk-logging and port block allocation
- Cisco 8-Port Channelized T1/E1 Shared Port Adapter (SPA-8XCHT1/E1-V2)
- Configurable RTP port range per IP Address for RTP session connectivity
- CUBE Inter-Cluster Look up Service (ILS)
- CUBE Serviceability for event logging and debug classification
- CUCM Lineside support
- Debuggability enhancement in IOS-XE Zone Based Firewall (Phase-II)
- DHCP-SIP and Walkby Integration
- Disabling Flow Cache Entreis in NAT and NAT64
- Easy Performance monitor
- Ethernet over GRE Tunnels
- EVC On Port-channel
- eiBGP multipath for non VRF interfaces (IPv4/IPv6)
- EIGRP Over the Top
- FlexVPN Mixed Mode support
- GETVPN CRL Checking
- GETVPN Resiliency - GM Error Detection
- GETVPN support with SuiteB
- GTPv2 support in iWAG - Intelligent Wireless Access Gateway on ASR1K
- IKE Profile based tunnel selection
- IKEv1 SHA-2 support
- IOS BGP - BGP C-Route Full SM Support
- IOS-XE GTP TEID based ECMP
- IP SLAs - Asymmetric probe support for UDP jitter
- IPSec debugability enhancement
- IPv6 SNMP MIB support for voice features
- IPv6 Static Route support for Object Tracking
- iWAG - Intelligent Wireless Access Gateway SSO support for GTP on ASR1K
- iWAG Scale Enhancements
- L2VPN Static to Dynamic PW Interconnection & PW Preferred Path for MPLS-TP Tunnels
- L3VPN per CE label
- LI support for IPoE sessions
- Loose Checking Option for TCP Window Scaling in ZBFW
- MPLS Traffic Engineering Non-Stop Routing Support
- MPLS VPN over mGRE
- MPLS VPN Per CE Label Allocation
- MPLS-TP OAM: Continuity Check via BFD
- MPLS-TP OAM: Fault Management
- MPLS-TP OAM: GACH
- MPLS-TP OAM: Ping/Trace
- MPLS-TP Path Protection
- MVPN BGP C-Route Full SM Support
- MVPN mLDP Partitioned MDT including wildcard
- NAT increase VRF scale to 4k
- Network-based recording of video calls using Cisco UBE
- NHRP SNMP Restructuring
- No Service Password-Recovery
- OSPFv2 Cryptographic Authentication
- OSPFv2 Multi Area Adjacency
- OTV Enhancements
- Per ACE QoS Statistics
- Per COS Storm Control for Broadcast/Unknown Unicast/Multicast for EVC ports in ASR1k
- PKI - New cert attributes
- PMIP: Multipath support on MAG
- Pseudowire Group Switchover
- RFC4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC)
- Secure CDP
- Secure Shell-Configuring User Authentication Methods
- SPA-4XOC3-POS-V2 support on ASR-1000
- Support for dynamic payload type interworking for DTMF and codec packets for SIP to SIP calls
- TDOS Attack prevention on CUBE
- TrustSec SGT Handling: L2 SGT imposition and forwarding
- UC GW Services - media forking service
- VASI (VRF Aware Software Infrastructure) 2000 pairs scale
- VP/VC Shaping for PPPoEoA/PPPoA
- VRF-Aware IPv6 Rapid Deployment Tunnel
- VRRP aware PIM
- VRRPv3: Object Tracking Integration
- WCCPv2 - IPv6 Support
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S. In addition, important notes about this release are also included.
New and Changed Information
The following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.10S:
- New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S
- New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
- New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
Note MLPPP Broadband functionality is not supported in release 3.10.1. It is recommended to use the feature with release 3.10.0.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S
WCCP with generic GRE Support
WCCP is extended to support generic GRE return method on Cisco IOS devices. Since GRE negotiated return is not supported on Cisco WAAS AppNav I/O module, customers need to use generic GRE tunnels (multipoint GRE) on the devices. That is, a mGRE tunnel needs to be configured manually on the device if the Cisco WAAS AppNav is configured with GRE return method.
Note Generic GRE tunnel does not work with loopback source address. Since the highest numbered loopback is reserved for WCCP, customers need to use the second highest loopback address.
Dropping TCP Packets During Router Reboot Process in AppNav Controller Group Scenario
For AppNav Controller Group (ACG) scenarios, a new CLI (service-insertion acg-reload-delay) provides a time delay before enabling WAN traffic for a router that has just rebooted. During the delay, the router drops all TCP packets passing through the WAN interface. This enables the router to synchronize flows before traffic is enabled, preventing unintended resetting of connections.
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/partner/docs/routers/access/4400/appnav/csr-asr/apnavcsr.html
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
The following are the new hardware introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S.
Cisco ASR 1000 Series Fixed Ethernet Line Card
The Cisco ASR 1000 Series Fixed Ethernet Line Card (ASR1000-2T+20X1GE) is a fixed-port Ethernet line card for the Cisco ASR 1000 Series Aggregation Services Routers. The line card is capable of 40-Gbps full-duplex traffic forwarding using a fixed-port interface design. This line card has 20 1GigE ports and two 10GigE ports.The small form-factor pluggables (SFP and XFP modules) allow the line card to be configured for different media types (copper or fiber) and different optical requirements (single-mode fiber or multimode fiber), as available.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S.
1-port OC-192c/STM-64 POS/RPR Shared Port Adapter, XFP Optics
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html
Add support for more than 32 FNF fields
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/xe-3s/asr1000/fnf-fnetflow.html
Aliases
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/AVC/configuration/xe-3s/asr1000/AVC-fld-alias.html
ASR1000 - 16k policy map scaling
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_mqc/configuration/xe-3s/asr1000/qos-apply.html
ASR-1000 Minimal Disruptive Restart (MDR) Phase 2 - POS SPA MDR
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/issu.html
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html
ASR1000: 40G Native Ethernet Line card
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/fixed_ethernet_linecard/ASRfelcconf_guide.html
ASR1000-ESP200
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1ESP3.html
ATM support on SPA-24CHT1-CE-ATM on ASR1000
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html
Auto-IP
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_ipv4/configuration/xe-3s/ipv4-xe-3s-book_chapter_011.html
BGP - L3VPN iBGP pe-ce (RFC 6368)
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/L3VPN_iBGP_PE-CE.html
BGP NSR Support for MPLS VPNv4 and VPNv6 Inter AS Option B
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-bgp-nsr-inter-as-option-b.html
Bidirectional MPLS-TP LSP
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-basic-xe-3s-book.html
Bowflex - NHRP snmp restructuring
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-nhrp-mib.html
Bulk-logging and port block allocation
For detailed information, see the following Cisco document:
http://cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-bpa.html
Cisco 8-Port Channelized T1/E1 Shared Port Adapter (SPA-8XCHT1/E1-V2)
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html
Configurable RTP port range per IP Address for RTP session connectivity
For ASR boxes, the RTP port range has been increased to a range of 8000 to 48200 to scale high call volumes. This port range allows up 10000 calls on a single interface.
CUBE Inter-Cluster Look up Service (ILS)
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_interop/configuration/xe-3s/voi-cube-ils-service.html
CUBE Serviceability for event logging and debug classification
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_mgmt/configuration/xe-3s/asr1000/voi-cube-service-evntlog-debugclass.html
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_mgmt/configuration/xe-3s/voi-cube-service-evntlog-debugclass.html
CUCM Lineside support
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_interop/configuration/xe-3s/voi-cucm-lineside.html
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_interop/configuration/xe-3s/asr1000/voi-cucm-lineside.html
Debuggability enhancement in IOS-XE Zone Based Firewall (Phase-II)
The Debuggability Enhancement Zone-Based Firewall provides the following functionalities:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-zone-pol-fw.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-zone-pol-fw.html
- Conditional Debugging: Prior to the introduction of this feature, when firewall debug is enabled, debug messages are logged for all traffic passing through the firewall. To enable conditional debugging of a single flow of traffic, the following debug command was added: debug platform condition
- The following commands are also introduced in Cisco IOS XE Release 3.10S:
– show policy-firewall config platform
DHCP-SIP and Walkby Integration
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/isg/configuration/xe-3s/isg-wlkby-supp.html
Disabling Flow Cache Entreis in NAT and NAT64
For detailed information, see the following Cisco document:
http://cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/iadnat-disable-flow-ent.html
http://cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-disable-flow-ent.html
Easy Performance monitor
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/AVC/configuration/xe-3s/asr1000/AVC-ezpm.html
Ethernet over GRE Tunnels
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-eogre.html
EVC On Port-channel
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/EVCs_on_portchannel.html
eiBGP multipath for non VRF interfaces (IPv4/IPv6)
For detailed information, see the following Cisco document:
www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-eibgp-multipath-for-nonvrf-interfaces.html
EIGRP Over the Top
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/15-s/ire-eigrp-over-the-top.html
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-eigrp-over-the-top.html
FlexVPN Mixed Mode support
The FlexVPN Mixed Mode feature provides support for carrying IPv4 traffic over IPsec IPv6 transport. This is the first phase towards providing dual stack support on the IPsec stack. This implementation does not support using a single IPsec security association (SA) pair for both IPv4 and IPv6 traffic.
This feature is only supported for Remote Access VPN with IKEv2 and Dynamic VTI.
GETVPN CRL Checking
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-crl-checking.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/asr1000/sec-get-vpn-crl-checking.html
GETVPN Resiliency - GM Error Detection
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/asr1000/sec-get-vpn-resiliency-gm-error-detection.html
GETVPN support with SuiteB
GETVPN support with SuiteB is supported only on ESP100, ESP200, ASR1002-x platform. When show crypto godi ks member command is executed, it will show 1.0.7 on non-suiteB supported platform and 1.0.8 in suiteB supported platform.
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-suiteb.html
GTPv2 support in iWAG - Intelligent Wireless Access Gateway on ASR1K
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/iwag_asr1k.html#wp1092054
IKE Profile based tunnel selection
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-ipsec-virt-tunnl.html
IKEv1 SHA-2 support
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn.html
IOS BGP - BGP C-Route Full SM Support
The IOS BGP - BGP C-Route Full SM Support feature introduces a new CLI command, mvpn single-forwarder-selection highest-ip-address, which configures the BGP MVPN UMH chosen via the highest ip address.
For detailed information, see the following Cisco documents:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/command/irg-cr-book.html
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_mvpn/configuration/xe-3s/imc_bgp_croute.html
IOS-XE GTP TEID based ECMP
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipswitch_cef/configuration/xe-3s/asr1000/isw-cef-load-balancing.html#GUID-8BDF5B19-7AA9-461D-9863-B56784C126D0
IP SLAs - Asymmetric probe support for UDP jitter
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/xe-3s/sla_udp_jitter.html
IPSec debugability enhancement
The IPSec debugability enhancement feature implements the following:
- An unique session ID for IPsec and IKE debugs. This session is allocated for each active peer and groups the IPsec and IKE debugs.
- The session ID is displayed in the show crypto session command.
- Support for crypto IPsec event tracing.
- Conditional debugging and filtering mechanism for peer sessions.
For more information on these two commands, see the following:
IPv6 SNMP MIB support for voice features
The MIB objects relevant to Cisco UBE that have transport-related information such as IPV6 address and type of IP (IPV4 or IPV6) have been verified.
IPv6 Static Route support for Object Tracking
iWAG - Intelligent Wireless Access Gateway SSO support for GTP on ASR1K
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/iwag_asr1k.html#wp1099408
iWAG Scale Enhancements
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/iwag_asr1k.html#wp1099408
L2VPN Static to Dynamic PW Interconnection & PW Preferred Path for MPLS-TP Tunnels
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-mpls-tp.html#GUID-1A1B84C1-51B6-4A61-9E17-8B14109EDCA7
L3VPN per CE label
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-3s/asr1000/mp-vpn-ce-label.html
LI support for IPoE sessions
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-3s/asr1000/sec-lawful-intercept-IPoE.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-3s/sec-lawful-intercept-IPoE.html
Loose Checking Option for TCP Window Scaling in ZBFW
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-loose-check-option-TCP.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-loose-check-option-TCP.html
MPLS Traffic Engineering Non-Stop Routing Support
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_ha/configuration/xe-3s/mp-nsr-supp.html
MPLS VPN over mGRE
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_mplsvpnomgre.html
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ir-mpls-vpnomgre-xe.html
MPLS VPN Per CE Label Allocation
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-3s/asr1000/mp-vpn-ce-label.html
MPLS-TP OAM: Continuity Check via BFD
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-mpls-tp.html#GUID-5FAE56DC-1B64-474D-923E-AF54B9D8129D
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
MPLS-TP OAM: Fault Management
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-mpls-tp.html#GUID-5FAE56DC-1B64-474D-923E-AF54B9D8129D
MPLS-TP OAM: GACH
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-mpls-tp.html#GUID-5FAE56DC-1B64-474D-923E-AF54B9D8129D
MPLS-TP OAM: Ping/Trace
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-mpls-tp.html#GUID-5FAE56DC-1B64-474D-923E-AF54B9D8129D
MPLS-TP Path Protection
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_basic/configuration/xe-3s/mp-mpls-tp.html#GUID-4E3C4BA8-0777-4CC3-9CC4-84D5956756E4
MVPN BGP C-Route Full SM Support
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_mvpn/configuration/15-s/ imc_vpn_bgp_croute.html
MVPN mLDP Partitioned MDT including wildcard
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_mvpn/configuration/xe-3s/imc_mldp_mdt.html
NAT increase VRF scale to 4k
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/iadnat-addr-consv.html
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-addr-consv.html
Network-based recording of video calls using Cisco UBE
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_proto/configuration/xe-3s/voi-ntwk-based-rec-video-calls.html
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_proto/configuration/15-mt/voi-ntwk-based-rec-video-calls.html
NHRP SNMP Restructuring
The NHRP SNMP Restructuring feature provides hardening support to NHRP MIBs. The snmp mib nhrp command is disabled by default. To enable you must explicitly configure it using the snmp mib nhrp command.
The snmp mib nhrp status command displays information about the following:
- The state of the tree.
- The enable or disable status of the NHRP MIB.
- The number of allocation tree nodes.
The debug snmp mib nhrp command enables debugging for NHRP MIBs.
No Service Password-Recovery
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-3s/asr1000/sec-usr-cfg-xe-3s-asr-1000-book.html
OSPFv2 Cryptographic Authentication
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-ospfv2-crypto-authen-xe.html
OSPFv2 Multi Area Adjacency
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/asr1000/iro-multi-area-adj-xe.html
OTV Enhancements
OTV join interfaces can be part of a VRF. This allows for OTV forwarding of L2 packets via a VRF L3 domain.
Sub-interfaces can be configured as OTV join interfaces. This allows more flexibility with the L3 side OTV configuration.
Port-channel interfaces can be configured as OTV join interfaces. This allows interface redundancy for L3 side OTV connections.
Port-channel interfaces can be configured as OTV internal interfaces. This allows interface redundancy for L2 side OTV connections.
For detailed information, see the following Cisco document
http://www.cisco.com/en/US/docs/ios-xml/ios/wan_otv/configuration/xe-3s/wan-otv-confg.html
Per ACE QoS Statistics
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_mqc/configuration/xe-3s/qos-per-ace.html
Per COS Storm Control for Broadcast/Unknown Unicast/Multicast for EVC ports in ASR1k
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/Storm_Control_ASR1K.html
PKI - New cert attributes
The PKI New Cert Attributes feature provides the following enhancements to Public Key Infrastructure (PKI):
Certificates and certificate revocation lists (CRLs) are used by devices when a certificate authority (CA) is used. Certificates and CRLs can be stored in NVRAM or an external database. If an external database is used to store certificates, there is no need to delete the expired certificates. Each certificate and CRL uses a moderate amount of memory. The following are stored in NVRAM:
When a client renews its certificate, the new certificate, along with old certificates, is stored in NVRAM. This decreases the NVRAM space. As more certificates are stored, the NVRAM space is exhausted and this brings down the CA server, which then is unable to retrieve certificates. Manual intervention is required to restore space in NVRAM and bring the CA server up again.
To avoid NVRAM space exhaustion and manual intervention to bring up the CA server, a new timer triggers the database cleanup event. The timer starts when the first certificate is issued, and the timer interval is based on the client certificate life time configuration in the CA server. The timer scans the database and removes expired certificates that are not required, thereby preventing the CA server from going down because of NVRAM exhaustion. The timer information is displayed in the output from the show crypto pki timer command. Note that the timer applies only when certificates are stored in NVRAM and the database level is set to “complete.” However, when NVRAM is used to store certificates and the database level is configured with minimum or names, there is no need to delete the expired certificates because the certificates do not consume much space.
The certificates in the CA server can also be deleted by using the no crypto pki server name command. the following warning appears, when you configure this command:
If “yes” is entered, all files are removed from the database.
For more information on commands, see the following documents:
Cisco IOS Security Command Reference: Commands A to C
Cisco IOS Security Command Reference: Commands S to Z
The auto-enroll feature helps the device to renew the router certificate when it expires. Sometimes, the router certificate may not be enrolled if the CA server is not reachable or if the client is shut down. The back off mechanism prevents the device from having an expired certificate by renewing the certificates. The certificates are renewed by continuous contact with the CA server at specific intervals by using the retry count and retry period keywords in the enrollment command.
When a device certificate expires, the back off mechanism does the following:
- Issues a fresh enrollment request and starts the default back off mechanism or follow the configured retry counts. This step is repeated to obtain a fresh certificate.
- The enrollment request does not contain expired certificate keys, if the trustpoint is configured with the regenerate command. The regenerate command assigns new keys. To issue an enrollment request with the expired certificate keys, do not specify the regenerate command.
The following example shows how to configure the retry count and period keywords:
The default retry count is 10. The following table provides information when the enrollment does not happen:
|
|
---|---|
After the default retry count, the enrollment request is deleted. If the certificate expires, the 5-second interval is employed to reach the CA.
For more information on the commands, see the following documents:
PMIP: Multipath support on MAG
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/xe-3s/asr1000/imo-pmipv6-multipath-support.html
http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/xe-3s/imo-pmipv6-multipath-support.html
Pseudowire Group Switchover
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/asr903/l2vpn-pw-group-switchover.html
RFC4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC)
The RFC 4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC) feature provides RFC 4303 support in Cisco software. RFC 4303 describes two methods to hide the characteristics of traffic that is passing through an IPsec flow. The first method involves adding extra padding beyond the allowed maximum of 255 bytes after the payload data when using the Encapsulating Security Payload (ESP) protocol for traffic confidentiality. The second method involves adding extra "dummy" packets to the traffic flow. The generation and transmission of dummy packets is implemented in Cisco software through the RFC4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC) feature. A dummy packet is designated by setting the next header field in the ESP packet to a value of 59. The dummy packets are discarded when the packets are received by the device. The standard ESP header and trailer fields are present in a dummy packet. The payload (plain text) in the dummy packet contains zero which becomes random data after encryption. You can specify the time interval at which to generate the dummy packets. You can enable generating dummy packets globally using the crypto ipsec security-association dummy command or you can enable dummy packets for a crypto map using the set security-association dummy command. When enabled for a crypto map, dummy packets are enabled for all flows that are created using the crypto map.
For more information on commands, see the following documents:
Secure CDP
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/cdp/configuration/xe-3s/asr1000/nm-cdp-secure.html
Secure Shell-Configuring User Authentication Methods
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-3s/asr1000/sec-ssh-config-auth.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-3s/sec-ssh-config-auth.html
SPA-4XOC3-POS-V2 support on ASR-1000
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html
Support for dynamic payload type interworking for DTMF and codec packets for SIP to SIP calls
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_proto/configuration/xe-3s/voi-negt-aud-code.html
TDOS Attack prevention on CUBE
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_proto/configuration/xe-3s/voi-cube-tdos-attack-mitigation.html
TrustSec SGT Handling: L2 SGT imposition and forwarding
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/cts-sgt-handling-imp-fwd.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/cts-sgt-handling-imp-fwd.html
UC GW Services - media forking service
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/voice/cube_proto/configuration/xe-3s/voi-cube-uc-gateway-services.html
VASI (VRF Aware Software Infrastructure) 2000 pairs scale
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/conf-vasi.html
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/conf-vasi.html
VP/VC Shaping for PPPoEoA/PPPoA
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/asr1000/qos-plcshp-xe-3s-asr-1000-book.html
VRF-Aware IPv6 Rapid Deployment Tunnel
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/xe-3s/ip6-6rd-vrf-tunnels-xe.html
VRRP aware PIM
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/xe-3s/imc_vrrp_aware.html
VRRPv3: Object Tracking Integration
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/asr1000/fhrp-vrrpv3-obj-trk.html
WCCPv2 - IPv6 Support
For detailed information, see the following Cisco document:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/xe-3s/asr1000/iap-xe-3s-asr1000-book.html
Important Notes
The following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
Field Notices and Bulletins
- Field Notices—We recommend that you view the field notices for Release 3.9S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
There are no important notes specific to Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S.