BugZero | Cisco BugID CSCwo61969 - Unable to configure zone under dialer interface in...

Cisco - Defect ID: CSCwo61969

Unable to configure zone under dialer interface in controller-managed mode

Cisco - Defect ID: CSCwo61969

Unable to configure zone under dialer interface in controller-managed mode

Last updated on November 10th, 2025

BugZero Risk Score
5.7 Medium

Overall: 5.7

Severity: 6.4

Lifecycle: 4.6

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

Symptom

- When the router is operating in controller-managed mode, the zone-member command is not available under the Dialer interface. Attempting to configure it results in a syntax error: Router(config)# interface Dialer1 Router(config-if)# zone-member security WAN-INT -------------------^ syntax error: unknown command - To confirm if the device is running in controller-managed mode, refer to the output of the "show version" command. You will see the following: Technology Package License Information: Controller-managed

Conditions

- The device is running in controller-managed mode. - Attempting to configure zone-member security under a Dialer interface fails with a syntax error. - The same configuration works as expected when the device is in autonomous (non-controller) mode. - This issue was observed and reported while running the following software version and platform: Cisco IOS XE Software, Version 17.09.05a Cisco IOS Software [Cupertino], c8000be Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.9.5a It may also affect other platforms and versions. Further testing is needed to determine the full scope of impact.

Workaround

There is currently no known workaround.

Further Problem Description

This behavior affects users transitioning to controller-managed mode who rely on zone-based firewall (ZBFW) configurations with PPPoE or Dialer-based WAN setups. In ZBFW, traffic is only permitted to flow between interfaces that are assigned to zones and where an explicit zone-pair policy is configured. If an interface is not part of a zone, traffic to or from that interface is dropped by design. Since the zone-member command is not available under the Dialer interface in controller-managed mode, users are unable to assign the Dialer interface to a security zone. As a result, any traffic between the Dialer interface and other zone-member interfaces is blocked, breaking connectivity and disrupting critical services that rely on inter-zone communication (e.g., internet access through the WAN zone).

Change history

2025-11-10 Added: 17.9.4

Relevant Products

Click on a version to see all relevant bugs

Affected versions:17.9.4

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:17.9.4

Fixed versions: No known fixed versions

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCwo61969

Unable to configure zone under dialer interface in controller-managed mode

Cisco - Defect ID: CSCwo61969

Unable to configure zone under dialer interface in controller-managed mode

Last updated on November 10th, 2025

BugZero Risk Score5.7 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
5.7 Medium