Cisco IOS XE 17.18 Update Version Cisco IOS XE 17.18.x

Cisco Catalyst 9600 Series Switches release notes for Cisco IOS XE 17.18.x cover new features in 17.18.1 and 17.18.2, plus platform caveats, limitations, and upgrade guidance. The document includes release references 17.18.1, 17.18.2, and 17.18.3. Reference IDs: CSCvu14870, CSCwq83338.

• TLS for TACACS+ adds stronger certificate-based AAA security.
• Retain last known good policy improves resilience when ISE is unavailable or unreachable.
• Syslog warnings are generated for high-risk configuration changes.
• Warnings are introduced for planned default changes and deprecations to encourage secure configurations.
• Cisco plans warnings for legacy or insecure protocols and settings such as plain-text credentials, SSHv1, SNMPv1/v2, HTTP, Telnet, FTP/TFTP, TLS 1.0/1.1, and TACACS+ with pre-shared keys and MD5.

• Incorrect warning message for AUTO-LC-SHUTDOWN on Supervisor 2 with SVL mode enabled is fixed.

• EVPN multihoming for fabric and non-fabric networks on C9600-SUP-1.
• gNXI gRPC server can be restricted to user-configured VRFs when using gnxi secure-vrf.
• Radio-active tracing for MAC learning activity.
• BGP EVPN VXLAN enhancements including IPv6 originator ID support and next-hop recursive support with EVPN PBR.
• BGP neighbor monitoring with SNMP based on the neighbor VRF.
• Support for ip next-hop recursive and ip next-hop verify availability commands on C9600-SUP-1.
• Configurable maximum number of MAC address moves in a time interval.
• Support for sending the message authenticator attribute in RADIUS packets.
• Multicast VPN (mVPN) support on C9600X-SUP-2.
• YANG data models are updated for this release.
• Resource Manager System (RMS) and Resource Manager Controller (RMC) commands are added.
• 100GBASE QSFP-100G module support is introduced for the C9600-LC-24C line card on C9600-SUP-1.

• CSCvu14870: Cat9k archive command can cause a bulk sync failure and reload the standby supervisor.
• CSCwq83338: On C9600 dual-supervisor systems, a redundancy force-switchover immediately after reaching STANDBY HOT can halt at "in progress to standby cold-config".

• Cisco states that starting with 17.18.2, warnings will appear for insecure features and protocols; future releases may impose additional restrictions.
• Upgrade in install mode requires booting from boot flash:packages.conf and using install add file activate commit.
• At least 1 GB of free flash space is recommended before expanding a new image.
• ROMMON upgrades may occur automatically for the primary SPI flash device; the golden ROMMON must be upgraded manually with upgrade rom-monitor capsule golden switch.
• ROMMON does not downgrade when the software is downgraded.
• ISSU is supported only within defined release-train boundaries; it is not supported between major trains, for engineering special releases, or between LDPE and NPE images.
• For Cisco Catalyst 9600 Series Supervisor 2 Module, TCAM space is shared across features rather than reserved per feature.
• The command service-routing mdns-sd is deprecated; use mdns-sd gateway instead.
• Cisco IOS XE Smart Licensing Using Policy is the default licensing method from Amsterdam 17.3.2a and later.

• Transceiver Module Group compatibility information
  https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
• Cisco IOS XE YANG models for 17.18.1
  https://github.com/YangModels/yang/tree/main/vendor/cisco/xe/17181

Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.18.x

Release date: Aug 7, 2025