Cisco IOS XE 17.18 Update Version Cisco IOS XE 17.18.x

Cisco Catalyst 9200 Series Switches, Cisco IOS XE 17.18.x includes new features in 17.18.1 and 17.18.2, plus caveat fixes in 17.18.3. The release train also introduces security warnings for legacy or insecure protocols and configuration practices.

• TACACS+ over TLS support improves AAA security and certificate-based authentication.
• RADIUS message authenticator support drops packets without the attribute, strengthening RADIUS integrity.
• Warnings for insecure configurations and protocols such as plain-text credentials, SSHv1, SNMPv1/v2, HTTP, Telnet, FTP/TFTP, TLS 1.0/1.1, and TACACS+ with pre-shared keys and MD5.
• Syslog warnings are generated for high-risk configuration changes.
• The retain last known good policy feature helps preserve policy when ISE is unavailable or unreachable.
• The gNXI gRPC server can be restricted to user-configured VRFs when using gnxi secure-vrf.

• Resolved a switch flow-sending issue related to Stealthwatch Cloud in 17.18.3.
• Resolved a FED crash and memory corruption issue causing unexpected reloads in 17.18.2.
• Resolved a flow-sending issue to Stealthwatch Cloud after a clear command in 17.18.2.
• Resolved intermittent session failure caused by dotx pae both in 17.18.1.
• Resolved a PTP VLAN configuration issue on an interface in down state in 17.18.1.
• Resolved a link-down issue on optical fiber links with C9606R in 17.18.1.

• Programmability: gNXI gRPC server reach by user-configured VRFs.
• Radio-active tracing for MAC learning.
• Retain last known good policy.
• Syslog warning for high-risk configuration changes.
• Warnings for planned default and deprecation changes.
• BGP neighbor monitoring with SNMP.
• Maximum number of allowed MAC address moves.
• Message authenticator attribute in RADIUS.
• YANG data models updates.
• Resource Manager System (RMS) and Resource Manager Controller (RMC) commands.
• TLS for TACACS+.
• Cisco Catalyst 9200CX Compact Series Switches model C9200CX-8PT-2G.

• Open caveats include archive command causing bulk sync failure and standby reload, and SNMPv3 polling crash with Type 6 encryption containing special characters.
• The management port does not allow changing speed, duplex, flow control, or disabling auto-negotiation.
• C9200-NM-4X uplinks may remain down until the module is recognized by the switch.
• Some 10G CX1 cables may cause peer error-disabled state after a local restart; shut/no shut is the workaround.
• QoS policies are not supported on port-channel, tunnel, and other logical interfaces.
• SSH version 1 is not supported.
• SCP and SSH crypto operations can drive high CPU because hardware crypto offload is not used.
• A maximum of 20 simultaneous NETCONF sessions is supported.
• IPv6 underlay is not supported.
• New switch models introduced in a release cannot be downgraded below that release.

• Upgrade in install mode requires booting from flash:packages.conf and using install add file activate commit.
• Cisco recommends at least 1 GB of free flash before installing a new image.
• Downgrades are supported only from 17.18.x to 17.17.x or earlier; the bootloader does not downgrade.
• When upgrading for the first time to a newer release, ROMMON may be automatically upgraded and takes effect on the next reload.
• Smart Licensing Using Policy is the default and only supported licensing method from Cisco IOS XE Amsterdam 17.3.2a and later.
• The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.
• Use SSHv2 and HTTPS instead of legacy insecure protocols.
• Stacking supports up to eight members; C9200 and C9200L SKUs cannot be mixed.
• C9200CX models support zero touch provisioning and guest shell, but external network access from guest shell is not supported.

• Transceiver Module Group compatibility matrix
  https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
• Cisco IOS XE YANG models for 17.18.1
  https://github.com/YangModels/yang/tree/main/vendor/cisco/xe/17181
• Catalyst 9200 Series datasheet
  https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9200-series-switches/nb-06-cat9200-ser-data-sheet-cte-en.html

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.18.x

Release date: Aug 7, 2025