Cisco IOS XE 17.17 Update Version Cisco IOS XE 17.17.1

Cisco Catalyst 9600 Series Switches, Cisco IOS XE 17.17.x documents 17.17.1. It adds CTS Role-Based Enforcement, on-change support for location-aware YANG models, Strict-KEX, and secure SNMPv3 CRUD via NETCONF; open caveats CSCvu14870 and CSCwq83338 remain.

• Strict-KEX strengthens SSH by terminating unexpected or out-of-sequence packets immediately and resetting sequence numbers after key exchange.
• CTS Role-Based Enforcement extends Cisco TrustSec SGACL enforcement to the port-channel level.
• Support for sensitive CLIs with CRUD on Meraki introduces secure SNMPv3 user configuration via NETCONF with AES, DES, and DES3 encryption and avoids plaintext exposure in running-config and get-config.

• CTS Role-Based Enforcement: SGACL enforcement at the port-channel level with fewer remote configuration transactions.
• On-change subscriptions for location-aware models on the yang-push stream.
• Strict-KEX security enhancement for SSH connections.
• Support sensitive CLIs with CRUD on Meraki, including secure SNMPv3 user configuration via NETCONF.

• CSCvu14870: Cat9k archive command can cause bulk sync failure and reload the standby supervisor.
• CSCwq83338: On C9600 dual-supervisor systems, a redundancy force-switchover immediately after reaching STANDBY HOT can halt at in progress to standby cold-config.

• Upgrade to 17.17.1 using install mode from boot flash:packages.conf; the switch reloads automatically after install add file activate commit.
• Downgrades from 17.17.x to 17.16.x or earlier are supported in install mode, but ROMMON does not downgrade.
• For ROMMON upgrades, the primary SPI flash ROMMON upgrades automatically; the golden ROMMON must be upgraded manually with upgrade rom-monitor capsule golden switch.
• ISSU is supported only within defined maintenance/extended maintenance boundaries; it is not supported across major trains, engineering special releases, or between LDPE and NPE images.
• Use SSH version 2; SSH version 1 is not supported.
• The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.

• Cisco IOS XE YANG models for 17.17.1
  https://github.com/YangModels/yang/tree/main/vendor/cisco/xe/17171
• Transceiver compatibility matrix
  https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
• Catalyst 9600 series data sheet
  https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9600-series-switches/nb-06-cat9600-series-data-sheet-cte-en.html
• Catalyst 9600 line card data sheet
  https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9600-series-switches/nb-06-cat9600-series-line-data-sheet-cte-en.html
• Catalyst 9600 supervisor engine data sheet
  https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9600-series-switches/nb-06-cat9600-ser-sup-eng-data-sheet-cte-en.html

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.17.1

Release date: Mar 31, 2025