Cisco IOS XE 17.18 Update Version Cisco IOS XE 17.18.x

Cisco Catalyst 9400 Series Switches release notes for Cisco IOS XE 17.18.x cover 17.18.1, 17.18.2, and 17.18.3. Highlights include new EVPN, programmability, AAA, and security features, plus resolved caveats in 17.18.3 and upgrade guidance.

• TACACS+ over TLS support for stronger certificate-based AAA.
• Syslog warnings for high-risk configuration changes and upcoming insecure default/deprecation changes.
• RADIUS message authenticator support; packets without it are dropped.
• Warnings for legacy or weak security protocols, including plain-text credentials, SSHv1, SNMPv1/v2, TLS 1.0/1.1, HTTP, Telnet, FTP/TFTP, and TACACS+ with pre-shared keys and MD5.

• 17.18.3 resolves packet loss with Intel I219-LM hosts at 1G.
• 17.18.3 resolves datapath stuck at the PHY layer inside Bell line cards after software upgrade.
• 17.18.3 resolves links with SFP-H25G-CU3M not coming up on the C9400-SUP-1XL-Y supervisor.
• 17.18.x includes caveats for archive command standby reload issues, traffic drops with specific GLC optics, and a C9410 shutdown/power-down issue.

• 17.18.2 adds EVPN multihoming for fabric and non-fabric networks.
• 17.18.2 adds VRF-reachable secure gNXI gRPC server support.
• 17.18.2 adds radio-active tracing for MAC learning.
• 17.18.2 adds retain-last-known-good policy behavior when ISE is unavailable.
• 17.18.1 adds BGP EVPN IPv6 originator ID and next-hop recursive support with EVPN PBR.
• 17.18.1 adds BGP neighbor monitoring with SNMP.
• 17.18.1 adds configurable maximum MAC address moves.
• 17.18.1 adds YANG data models and Product Analytics support.
• 17.18.1 adds RMS/RMC commands.
• 17.18.1 adds TLS for TACACS+.

• Open caveats remain for archive command standby reloads, traffic drops with specific GLC optics, and a C9410 not powering down after a thermal shutdown event.
• ISSU is not supported between major release trains, engineering special releases, or LDPE and NPE images.
• Golden ROMMON upgrade is only applicable to Cisco IOS XE Amsterdam 17.3.5 and later releases.
• CPLD upgrades are manual and may temporarily interrupt uplink connectivity.
• Some features are not supported on all supervisor variants, including IPsec VPN, PerfMon, Fast PoE, and certain MACsec and TrustSec capabilities.

• Upgrade in install mode requires booting from boot flash:packages.conf and keeping at least 1 GB free in flash.
• Cisco recommends using install add file activate commit for upgrades; request platform software commands are deprecated.
• For downgrade, new switch models cannot be downgraded below their introduction release.
• When downgrading from newer releases, microcode rollback may be required for some older targets if not using install commands.
• ISSU is supported only in specific same-train scenarios; Cisco recommends performing upgrades during a maintenance window.
• ROMMON primary upgrades happen automatically on first upgrade to a newer release; golden ROMMON upgrades must be done manually.
• CPLD upgrades must be performed manually and one supervisor at a time in HA or StackWise Virtual setups.
• Use SSHv2 only; SSHv1 is not supported.
• The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.

• Transceiver module compatibility tables
  https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
• Cisco IOS XE YANG models for 17.18.1
  https://github.com/YangModels/yang/tree/main/vendor/cisco/xe/17181

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.18.x

Release date: Aug 7, 2025