Cisco IOS XE 17.18 Update Version Cisco IOS XE 17.18.x

Cisco Catalyst 9300 Series Switches, Cisco IOS XE 17.18.x covers releases 17.18.1, 17.18.2, and 17.18.3. It adds EVPN multihoming, TACACS+ over TLS, VRF-restricted gNXI access, and security warnings for legacy protocols and weak configurations.

• TACACS+ over TLS support for stronger certificate-based AAA.
• Syslog warnings for high-risk configuration changes to improve security monitoring.
• Warnings for planned default changes and deprecation of insecure features and protocols, including plain-text credentials, SSHv1, SNMPv1/v2, TLS 1.0/1.1, Telnet, FTP/TFTP, and TACACS+ with pre-shared keys and MD5.
• gNXI gRPC server can be restricted to user-configured VRFs when using the secure gnxi secure-vrf command.
• RADIUS message authenticator support; packets without the attribute are dropped.

• Resolved a standby reload issue caused by faulty archive command bulk sync failures.
• Fixed packet loss on Catalyst 9300X-48TX when connected to an HP Ethernet 10Gb 2-port 530T adapter.
• Resolved unexpected reboot caused by a faulty or flapping Gigabit SFP on Catalyst 9k switches.
• Fixed system FCS errors on C9300X-24HX-A ports when no network module is inserted.
• Resolved ARP and DHCP copy issues to the switch control plane on multi-ASIC switches.
• Fixed stack member interfaces defaulting after stack reload.
• Resolved per-port DHCP static IP assignment issues on C9350-48T.
• Fixed high packet drops causing reachability issues after switch reload on 1G ports.
• Resolved link-flap detection on the opposing device of vertically aligned C9300X ports.

• Embedded Packet Capture support on EtherChannel subinterfaces for Cisco Catalyst 9300X Series Switches.
• EVPN multihoming for fabric and non-fabric networks.
• BGP EVPN IPv6 originator ID support and next-hop recursive support with EVPN PBR.
• BGP neighbor monitoring with SNMP, enabled by default.
• Configurable maximum number of MAC address moves in a time interval.
• Product Analytics for summarized device usage and configuration statistics.
• Resource Manager System and Resource Manager Controller show commands.
• YANG data models for this release.
• TACACS+ over TLS.

• Open caveat: Cat9k archive command can cause bulk sync failure and reload the standby.
• Open caveat: Catalyst 9300X-48TX connected to HP Ethernet 10Gb 2-port 530T adapter can experience packet loss at 10G.

• Cisco recommends using install commands for upgrades and downgrades; request platform software commands are deprecated.
• Upgrade in install mode requires booting from flash:packages.conf.
• A minimum of 1 GB free flash space is recommended before installing a new image.
• When downgrading from 16.12.1 or later to certain older releases, microcode may need to be downgraded manually unless using install commands.
• ROMMON in the primary SPI flash upgrades automatically when needed; the golden ROMMON must be upgraded manually with upgrade rom-monitor capsule golden switch.
• A switch stack supports up to eight members.
• Mixed stacking is supported only between C9300 and C9300X, and between C9300L and C9300LM; C9300-24UB, C9300-24UXB, and C9300-48UB can stack only with each other.
• Starting with Cisco IOS XE 17.10, some SSH key exchange and MAC algorithms were removed from the default list; use ip ssh server algorithm kex and ip ssh server algorithm mac to configure them.
• The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.

• Transceiver compatibility information
  https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
• Cisco IOS XE YANG models
  https://github.com/YangModels/yang/tree/main/vendor/cisco/xe/17181

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.18.x

Release date: Aug 7, 2025