Cisco IOS XE 17.16 Update Version Cisco IOS XE 17.16.1

Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE 17.16.x adds new telemetry, PAT, Product Analytics, and GUI help features in 17.16.1. It also includes multiple AP and controller fixes, plus important support and upgrade limitations for EWC-AP, Wi-Fi 7 APs, and Cisco Wireless licenses.

• Built-in controller security features are emphasized, including secure boot, run-time defenses, image signing, integrity verification, and hardware authenticity.
• DTLSv1.0 is deprecated for Cisco Aironet 1800-based APs; new deployments may require ap dtls-version dtls_1_0 during onboarding, which affects all CAPWAP connections and should be used only in a maintenance window.

• Fixes multiple AP and controller stability issues, including kernel unresponsiveness, unexpected reloads, memory leaks, and WNCd/cpp-related faults.
• Resolves wireless client and roaming issues such as missing M1 packets, stale client entries, DHCP problems, and FlexConnect/local switching anomalies.
• Addresses GUI and management issues including AP summary delays, login banner behavior, telemetry and YANG/CLI mismatches, and certificate/trustpoint handling.
• Fixes AP feature issues such as RFID detection, rogue/BSSID detection, FTM behavior, AP image upgrade failures, and WGB roaming/multicast forwarding problems.

• CLI support to display the configured NETCONF over SSH trustpoint with show netconf-yang ssh trustpoint.
• Cloud Monitoring now reports system failover/switchover count and RP status to the Meraki dashboard in operational telemetry.
• Support for 10 Mbps speed on Cisco IW9167EH WGB Ethernet 0 ports.
• Port Address Translation (PAT) support on WGB AP and uWGB AP for supported rugged/heavy-duty AP models.
• Product Analytics feature to collect non-personal device system information, with pae and related show commands.
• Interactive Help in the GUI for AAA, FlexConnect authentication, 802.1X, local web authentication, OpenRoaming, and mesh AP configuration.

• Cisco Wireless Embedded Wireless Controller (EWC) on Access Point is not supported from Cisco IOS XE 17.16.1 onward; Cisco IOS XE 17.15.x is the final supported release for EWC-AP.
• Cisco Wireless Wi-Fi 7 Access Points are not supported in Cisco IOS XE 17.16.1.
• Cisco Network Subscription / Cisco Wireless licenses are not supported in Cisco IOS XE 17.16.1.
• During controller upgrade or reboot, route processor ports must not be flapped or a kernel crash may occur.
• Wave 2 APs may boot loop when upgrading over a WAN link.
• Unsupported SFPs can bring down a port; only Cisco-supported SFPs should be used on C9800-80-K9 and C9800-40-K9 RP ports.

• Upgrade paths vary by current release; some versions require an intermediate upgrade to 17.3.5, 17.6.x, or 16.12.5 before moving to 17.16.x.
• Use the CLI install add file filename [activate |commit] for software installation; Cisco recommends using the GUI for installation.
• Smart Licensing Using Policy is automatically enabled after upgrade.
• If the GUI HTTPS access breaks after changing HTTP session modules, restore ip http session-module-list pkilist OPENRESTY_PKI and ip http active-session-modules pkilist.
• If APs fail to detect the backup image after archive download-sw, use /no-reload and restart CAPWAP with capwap ap restart.
• For new Cisco Aironet 1800 AP onboarding, DTLS 1.0 may need to be enabled temporarily with ap dtls-version dtls_1_0.

• Recommended IOS XE builds
  https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html
• EWC-AP end-of-life notice
  https://www.cisco.com/c/en/us/products/collateral/wireless/embedded-wireless-controller-catalyst-access-points/wireless-ewc-access-point-eol.html
• Cisco DevNet programmability support
  https://developer.cisco.com/

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.16.1

Release date: Dec 11, 2024