Cisco IOS XE 17.18 Update Version Cisco IOS XE 17.18.x

Cisco Catalyst 9500 Series Switches, Cisco IOS XE 17.18.x includes new features in 17.18.1 and 17.18.2, with no new features in 17.18.3. The document also highlights security warnings for legacy protocols, upgrade/downgrade steps, ROMMON guidance, and open caveats.

• TACACS+ over TLS support improves AAA security.
• Syslog warnings are generated for high-risk configuration changes.
• Warnings are introduced for planned default changes and deprecations to reduce insecure configurations.
• Legacy and weak security protocols are flagged for future warnings, including plain-text credentials, SSHv1, SNMPv1/v2, TLS 1.0/1.1, HTTP, Telnet, FTP/TFTP, and TACACS+ with pre-shared keys and MD5.

• Embedded Packet Capture support on EtherChannel subinterfaces.
• EVPN multihoming for fabric and non-fabric networks on Catalyst 9500 High Performance models.
• gNXI gRPC server reachability can be restricted to user-configured VRFs.
• Radio-active tracing for MAC learning.
• Retain last known good policy when ISE is unavailable or unreachable.
• BGP EVPN VXLAN enhancements, including IPv6 originator ID and next-hop recursive support with EVPN PBR.
• BGP neighbor monitoring with SNMP based on the neighbor VRF.
• Maximum number of allowed MAC address moves can be configured.
• Message authenticator attribute support in RADIUS packets.
• Multicast VPN (mVPN) support on C9500X.
• YANG data models are updated for this release.
• Resource Manager System (RMS) and Resource Manager Controller (RMC) commands are added.
• TACACS+ over TLS support.

• CSCvu14870: Cat9k archive command can cause bulk sync failure and reload the standby switch.
• CSCws21917: On C9610 SVL, configuring DAD link without transceiver on a 100G port can create MCL errors and cause ISSU failure.
• CSCwt63942: C9500 has incorrect temperature thresholds in the TDL environment sensor table.

• Cisco recommends using install commands for upgrades and downgrades; request platform software commands are deprecated.
• Upgrade to 17.18.x in install mode using boot system flash:packages.conf and install add file activate commit.
• Downgrades from 17.18.x to 17.17.x or earlier are supported in install mode, but ROMMON does not downgrade.
• For ROMMON updates, the primary SPI flash ROMMON upgrades automatically; the golden ROMMON must be upgraded manually with upgrade rom-monitor capsule golden switch.
• ISSU is supported only within defined release-train boundaries and is not supported between major trains or for NPE/LDPE mismatches.
• Starting with 17.18.2, Cisco IOS XE displays warnings when configuring insecure or deprecated features and protocols.
• The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.
• Starting from Cisco IOS XE 17.10, some SSH key exchange and MAC algorithms are removed from the default list.

• Transceiver Module Group compatibility matrix
  https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
• YANG data models for this release
  https://github.com/YangModels/yang/tree/main/vendor/cisco/xe/17181

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.18.x

Release date: Aug 7, 2025