Cisco IOS XE 17.16 Update Version Cisco IOS XE 17.16.1a

Views
1

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

Cisco IOS XE 17.16.1a is the first 17.16.x release for Cisco Catalyst 8500 Series Edge Platforms. It adds security hardening, SD-Routing and monitoring enhancements, and includes multiple resolved bugs.

Update Details

Security

  • Disable ssh-rsa by default on port 22 to improve SSH security.
  • Support source interfaces for High-Speed Logging and Syslog security logging in Cisco SD-WAN Manager.
  • Enable HSL for firewall messages with minimal impact to packet processing.
  • Resolved issues related to weak RSA key compliance, PKI trustpoint handling, OCSP revocation checks, and SELinux denials.

Bug Fixes

  • Fixed IOSD chasfs task crashes when retrieving platform information.
  • Resolved crashes, tracebacks, and reloads affecting routing, NHRP, PKI, and data policy processing.
  • Fixed configuration sync issues in stack and vManage crypto profile behavior.
  • Resolved cellular, interface flap, and YANG model issues.
  • Fixed incorrect packet decode values and data corruption-related traceback output.

New Features

  • Configure source interfaces for High-Speed Logging and Syslog security logging.
  • Support UTD container management for SD-Routing devices.
  • Speed test enhancement for site-to-site bandwidth testing over DMVPN tunnels.
  • Monitoring of crypto VPN solutions on SD-Routing devices.
  • Application performance monitoring for TCP and RTP traffic on DMVPN tunnels using ART and Media monitor.
  • Enhanced binary tracing access via show logging process IOS module nhrp.
  • Support for Enrollment over Secure Transport using HTTP-based authentication.
  • Enhanced show cellular 0/x/0 connection output with APN and cellular link uptime.
  • New detail and history keywords for show power.
  • Segment Routing over IPv6 dataplane enhancements for eBGP Inter-AS and PCE-delegated path computation.
  • Onboard Cisco ThousandEyes Enterprise Agent on SD-Routing devices.

Known Issues

  • L2 traffic may blackhole due to a MAC route originated from a blocked node after power-cycle.
  • Device critical alarm LED may remain on.
  • Traffic loss may occur with minimal values in time-based policy-map.
  • BFD sessions via TLOC-Ext may not come up when IPv6 changes dynamically.
  • Fragmented UDP SIP packets may be dropped with IP VFR and MPLS-enabled tunnel interfaces.
  • MACsec interfaces may lock up on TX direction after reload.
  • Post power-cycle login may fail with authentication errors.
  • Speed test may behave abnormally after changing system-ip.

Hints

  • Cisco recommends reviewing Field Notices to determine platform impact.
  • ROMmon requirements vary by model; C8500-20X6C must not be downgraded below 17.15(1r).
  • For C8500L-8S4X, the ROMmon image is bundled with the IOS XE image and upgrades automatically on boot.
  • Use show rom-monitor r0 to check the current ROMmon version before upgrading.
  • Upgrade ROMmon with the Cisco-provided package, then reload and verify with show rom-monitor r0.
Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.16.1a

Release date: Dec 24, 2024

View All Updates