Cisco IOS XE 17.16 Update Version Cisco IOS XE 17.16.1a

Release notes for Cisco 1000 Series Integrated Services Routers on Cisco IOS XE 17.16.x. Cisco IOS XE 17.16.1a is the first release in this series and adds new SD-WAN, ThousandEyes, logging, cellular, and security features.

• Disablement of weak SSH algorithms: ssh-rsa is disabled by default on port 22 to improve security.
• Support for Enrollment over Secure Transport (EST) using HTTP-based authentication.
• UTD Container Management for SD-Routing devices to detect, upgrade, and manage UTD security virtual images.
• Secure Communications Interoperability Protocol (SCIP) support in CUBE for secure voice and video sessions.
• Resolved security-relevant issues include PKI, MACsec, authentication, and RSA weak-key compliance fixes.

• Resolved crashes and stability issues in IOS XE infrastructure, CPP, PKI, routing, and NHRP components.
• Fixed cellular, PPPoE, BFD, GETVPN, and crypto-related issues affecting connectivity and configuration.
• Resolved SD-WAN and telemetry issues including cflowd source interface handling, SpeedTest behavior, and pcap filter refresh problems.
• Fixed interface and policy issues such as autonegotiation-related link state, config sync, and service-policy handling.

• Asymmetric carrier delay for separate link-up and link-down notifications.
• Configure cellular interfaces using Feature Parcels in Cisco SD-WAN Manager.
• Cisco ThousandEyes Enterprise Application Hosting and Enterprise Agent support.
• Configure source interfaces for High-Speed Logging and Syslog in Cisco SD-WAN Manager.
• DHCP support for MAP-T Customer Edge functionality.
• Enhanced binary tracing access for IOS process events.
• Application Response Time and Media monitoring for DMVPN tunnels with IKEv2.
• Monitoring and visualization of crypto VPN solutions in Cisco Catalyst SD-WAN Manager.
• Site-to-site speed tests over DMVPN tunnels.
• Support for network slicing on 5G standalone networks.
• Support to configure the code field value in OAMPDU frames.
• SCIP support in Cisco Unified Border Element.

• Open bugs remain in 17.16.1a, including traffic blackholing, traffic loss, BFD over TLOC-Ext issues, SIP packet drops, login failures after power-cycle, and cellular stream configuration problems.
• The show cellular 0/x/0 connection command output is enhanced, but no limitation is stated for the new fields.

• Cisco notes that guestshell was removed from the IOS XE image starting with 17.9.1a; ZTP Python scripts are no longer supported on Cisco 1000 Series ISR unless guestshell is downloaded separately.
• Before upgrading, Cisco recommends keeping the old image as a backup and enabling password recovery, then disabling it again after upgrade for security.
• Devices running releases earlier than 17.5.x with password recovery disabled may become unrecoverable if an upgrade to 17.11.x or later fails; Cisco recommends an intermediate upgrade to 17.5.x-17.10.x first.
• ROMmon compatibility and minimum/recommended versions are provided for each IOS XE release; Cisco recommends at least 17.5(1r) for 17.5.x and later.
• Reset button behavior depends on ROMmon and IOS XE versions, and may not trigger factory reset in some combinations.

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.16.1a

Release date: Dec 22, 2024