Cisco IOS XE 17.17 Update Version Cisco IOS XE 17.17.1

Views
1

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

Cisco Catalyst 9500 Series Switches, Cisco IOS XE 17.17.x adds Interface-Level VLAN-SGT Mapping and split ARP/ForUS queues in 17.17.1. It also includes open caveat CSCvu14870 and new install-mode upgrade guidance for 17.17.1.

Update Details

Security

  • Interface-Level VLAN-SGT Mapping lets administrators assign SGTs to VLANs per interface for voice and data VLAN mapping, improving access-control flexibility.
  • Hidden commands access was tightened starting with Cisco IOS XE Fuji 16.8.1a as an improved security measure; service internal is required for some privileged EXEC hidden commands.
  • Cisco TrustSec restrictions remain: TrustSec can be configured only on physical interfaces, not logical interfaces.

New Features

  • Interface-Level VLAN-SGT Mapping for per-interface SGT assignment on VLANs.
  • Split ARP and ForUS packets into two separate queues with separate policers.
  • Support for show firmware version all on Cisco Catalyst 9500 Series Switches - High Performance.

Known Issues

  • CSCvu14870: Cat9k archive command can cause bulk sync failure and reload the standby switch.
  • No resolved caveats are listed for Cisco IOS XE 17.17.1.

Hints

  • For Cisco Catalyst 9500 Series Switches, install-mode upgrades to 17.17.x can use install add file ... activate commit; request platform software commands are deprecated.
  • For Cisco Catalyst 9500 Series Switches - High Performance, only install commands are supported for upgrade and downgrade.
  • ROMMON may upgrade automatically in the primary SPI flash during first upgrade to a newer release; the golden SPI flash ROMMON must be upgraded manually with upgrade rom-monitor capsule golden switch.
  • Downgrading does not downgrade ROMMON; the updated ROMMON remains installed.
  • Cisco recommends at least 1 GB free flash space before installing a new image.
  • ISSU is supported only within defined release-train limits; it is not supported between major trains, for engineering special releases, or between LDPE and NPE images.
  • The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.
  • Starting with Cisco IOS XE 17.10, diffie-hellman-group14-sha1, hmac-sha1, hmac-sha2-256, and hmac-sha2-512 are removed from the default SSH algorithm list.

Links

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.17.1

Release date: Mar 31, 2025

View All Updates