Cisco IOS XE 17.17 Update Version Cisco IOS XE 17.17.x

Cisco IOS XE 17.17.x for Catalyst 9200 Series Switches adds CTS Role-Based Enforcement, Strict-KEX, and YANG on-change support. It also changes `ecomode` to `auto-off` and includes open caveat CSCvu14870.

• CTS Role-Based Enforcement adds SGACL enforcement at the port-channel level for Cisco TrustSec.
• Strict-KEX strengthens SSH by terminating unexpected or out-of-sequence packets and resetting sequence numbers after key exchange.
• Sensitive CLI support with CRUD on Meraki introduces secure SNMPv3 user configuration via NETCONF, supporting AES, DES, and DES3 encryption without exposing plaintext in running-config or get-config.

• CTS Role-Based Enforcement
• On-change support for location-aware YANG models
• Sensitive CLI support with CRUD on Meraki
• Strict-KEX

• Open caveat: CSCvu14870 — Cat9k archive command can cause bulk sync failure and reload the standby switch.

• The ecomode command is renamed to hw-module switch auto-off, and ecomode under stack power is replaced with auto-off.
• Upgrade and downgrade are performed in install mode using boot system flash:packages.conf and install add file activate commit.
• When upgrading from Cisco IOS XE Gibraltar 16.12.x or earlier, review persistent database files before upgrading to avoid persistent database operation failure.
• Starting with Cisco IOS XE 17.10, diffie-hellman-group14-sha1, hmac-sha1, hmac-sha2-256, and hmac-sha2-512 are removed from the default SSH algorithm list.
• ROMMON may be automatically upgraded on first upgrade to a newer release and will not downgrade when reverting to an older release.

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.17.x

Release date: Mar 31, 2025