Cisco IOS XE 17.16 Update Version Cisco IOS XE 17.16.1a

Cisco IOS XE 17.16.1a is the first 17.16.x release for Cisco 4000 Series ISRs. It adds new routing, logging, SD-WAN, ThousandEyes, UTD, and CUBE features, and includes multiple bug fixes plus SSH hardening by disabling `ssh-rsa` on port 22.

• Disablement of weak SSH algorithms: ssh-rsa is disabled by default on port 22 to improve security.
• Configure source interface for High Speed Logging and SysLog for security logging in Cisco SD-WAN Manager.
• UTD container management for SD-Routing devices to detect, upgrade, and manage UTD Security Virtual Images.
• CUBE SCIP support for secure voice and video sessions, available in preview mode.

• Fixes for device crashes, including IOSXE_INFRA fatal keepalive crashes, CPP crashes, and other traceback-related failures.
• Fixes for crypto and PKI issues, including IKEv2 authorization policy handling, MD5 configuration under IKEv2 proposals, trustpoint password encryption handling, and OCSP revocation-check crashes.
• Fixes for configuration and synchronization issues, including stack config sync, crypto profile matching, and cflowd policy commit failures.
• Fixes for cellular, NHRP, and routing-related issues such as incorrect cellular last-resort state, unexpected NHRP reloads, and routing table change crashes.

• Asymmetric Carrier Delay for separate link-up and link-down notification delays on physical interfaces.
• Source interface configuration for High-Speed Logging and SysLog in Cisco SD-WAN Manager.
• Enhanced binary tracing access for IOS process events without enabling DMVPN event tracing.
• Expanded show cellular 0/x/0 connection output with APN and cellular link uptime.
• Application Response Time and Media monitoring for TCP and RTP traffic on DMVPN tunnels with IKEv2.
• Cisco ThousandEyes Enterprise Agent onboarding on SD-Routing devices.
• Site-to-site speed tests over DMVPN tunnels in Cisco Catalyst SD-WAN Manager.
• UTD container migration and management for SD-Routing devices.
• CUBE support for Secure Communication Interoperability Protocol (SCIP) voice and video codec.

• When upgrading between Cisco IOS XE releases, %Invalid IPV6 address may appear in the console log; re-enter the missing IPv6 alias commands and save the configuration.
• Cisco 4461 ISR may require two upgrade packages to reach ROMMON version 21102941.

• Web UI access requires HTTP or HTTPS server enabled with local authentication, a local privilege level 15 user, and SSH/Telnet VTY access with local authentication.
• To verify the software version, use show version for consolidated packages or show version installed for individual sub-packages.
• To install or upgrade, download a Cisco IOS XE 17.16.x consolidated package from Cisco.com; individual sub-packages must be extracted from the consolidated image.
• Recommended ROMMON and CPLD versions are listed for Cisco 4000 Series ISR platforms; firmware upgrades are only needed when prompted by system messages or TAC guidance.
• Smart Licensing Using Policy displays only the UDI instead of hostname in CSSM, CSLU, and SSM On-Prem; this is a display limitation and does not affect licensing.

• Cisco Feature Navigator
  https://cfnng.cisco.com/
• Cisco software download navigator
  http://software.cisco.com/download/navigator.html
• Cisco Field Notice overview
  https://www.cisco.com/c/en/us/support/web/field-notice-overview.html
• Cisco field notices summary
  https://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html#%7Etab-product-categories

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.16.1a

Release date: Dec 24, 2024