Cisco IOS XE 17.16 Update Version Cisco IOS XE 17.16.1a

Views
2

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

Cisco Catalyst 8000V Edge Software release notes for Cisco IOS XE 17.16.x, first release 17.16.1a. Highlights include new SD-Routing, CUBE, logging, EST, and security improvements such as disabling `ssh-rsa` by default.

Update Details

Security

  • Disablement of weak SSH algorithms: ssh-rsa is disabled by default on port 22 to improve security.
  • Enhanced software security with Secure Object Store encryption for NVRAM, licensing, and other data.
  • CUBE adds Secure Communications Interoperability Protocol (SCIP) support for secure voice and video sessions.
  • Resolved security-related issues involving PKI, compliance, SELinux denials, and weak RSA keypair logging.

Bug Fixes

  • Fixed multiple crash and traceback issues, including IOSXE_INFRA fatal no-punt keepalive, vip_confd_startup_sh faults, NHRP reloads, and DATACORRUPTION logs.
  • Resolved configuration and policy issues in SD-Routing, including IKEv2 authorization policy handling, crypto profile matching, and data policy commit failures.
  • Fixed cellular, PKI, and crypto-related defects such as incorrect cellular last-resort state, OCSP revocation-check crashes, and PKI password handling.
  • Addressed stack synchronization, LNS tracebacks, and FIA trace packet decode inaccuracies.

New Features

  • Configure source interfaces for High-Speed Logging and Syslog in Cisco SD-WAN Manager.
  • Enhanced binary tracing access with show logging process IOS module nhrp without enabling DMVPN event tracing.
  • Segment Routing over IPv6 dataplane enhancements for eBGP Inter-AS and PCE-delegated path computation.
  • Simplified guided workflow for branch connect site-to-cloud configuration.
  • Application Response Time and Media monitoring for TCP and RTP traffic on DMVPN tunnels with IKEv2.
  • Speed test support for measuring bandwidth between devices over DMVPN tunnels.
  • Support for Enrollment over Secure Transport (EST) using HTTP-based authentication.
  • UTD container migration, detection, upgrade, and management through Cisco Catalyst SD-WAN Manager.
  • CUBE support for SCIP voice and video codec in preview mode.

Known Issues

  • Traffic loss may occur with minimal values in time-based policy-maps.
  • BFD sessions via TLOC-Ext may not come up when IPv6 changes dynamically.
  • Router crash may occur when optimizing encrypted traffic with DRE.
  • Some show interfaces counters may be incorrect and unreasonably large.
  • Post power cycle, login may fail with authentication errors.
  • Stopping C8000V in Azure may trigger a reload before the device stops.

Hints

  • Cisco IOS XE 17.16.1a is the first release in the 17.16.x series for Cisco Catalyst 8000V.
  • The c8000v-universalk9.17.16.01a image is provided in OVA, ISO, and QCOW2 formats.
  • If upgrading from Cisco CSR 1000V or Cisco ISRv, Smart Licensing Using Policy (SLP) is required; traditional licenses do not work after upgrade.
  • Cisco Catalyst 8000V supports Smart Licensing Usage Policy, Cisco DNA licensing, BYOL, and PAYG on AWS and Azure.
  • The SCIP feature is available in preview mode with limited functionality and no SLO for support response times.
Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.16.1a

Release date: Dec 22, 2024

View All Updates