Cisco IOS XE 17.18 Update Version Cisco IOS XE 17.18.x

Views
3

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

Cisco IOS XE 17.18.x release notes for C8400 Secure Series Routers cover 17.18.1a and 17.18.2. Highlights include Hosted Edge Services, SRv6 and GRE-TP enhancements, security policy management, and multiple resolved and open issues.

Update Details

Security

  • Infrastructure resiliency warnings for insecure configurations and legacy protocols, including weak credential storage, SSHv1, SNMPv1/v2, TLS 1.0/1.1, Telnet, FTP/TFTP, and TACACS+ with pre-shared keys and MD5.
  • Security Cloud Control integration for managing NGFW policies, security objects, and security profiles.
  • Custom IPS signature sets for deploying personalized Snort3 IPS rules.
  • Certificate management automation using EST and SCEP for SD-Routing devices.

Bug Fixes

  • Fixed SD-WAN On-Demand Tunnels not expiring when UMTS is enabled.
  • Fixed NAT64 static entry removal when deleting a non-existent entry.
  • Fixed devices booting into prev_packages.conf after a power outage.
  • Fixed NWPI not capturing self-generated syslog traffic.
  • Fixed crashes and stability issues including vDaemon DNS channel initialization, FTMD-related crashes, BFD session issues, and control-plane/session count mismatches.

New Features

  • Hosted Edge Services for direct monitoring and management of Cisco IOx applications from Cisco Catalyst SD-WAN Manager.
  • Platform-based licensing with Essentials and Advantage licenses, including portability within the same platform class.
  • Enhanced licensing compliance reporting and direct Enterprise Agreement portal access from Cisco SD-WAN Manager.
  • Product Analytics enabled by default for telemetry and resource usage insights.
  • Cisco Secure Routers Swim and Onboarding tool for upgrading and onboarding devices to Cisco SD-WAN Manager.
  • IPv6 data prefix lists, rule sets, and object groups in security policy via Cisco SD-WAN Manager.
  • IPv6 GRE-TP protected link support for SRv6 TI-LFA with IS-IS.
  • IPv4 GRE-TP protected link support for SR-MPLS TI-LFA with OSPF and IS-IS.
  • MVPN Ingress Replication over SRv6.
  • SRv6 Path MTU Discovery.
  • MAP-T Border Router enhancements for fragmented ICMP, hairpin traffic, and fragmented UDP handling.

Known Issues

  • SIG tunnel keepalive command may be ignored when pushed by vManage.
  • Incorrect NAT translation from service-vrf to global for self-generated ICMP Time Exceeded packets.
  • C11xx devices may fail to onboard using a generic bootstrap file stored on USB.
  • Router crashes can occur with SSL VPN, Policy-Based Routing, and NAT.
  • Open issues include TLS 1.2 cipher suite control connections, TLOC extension timing problems, and NAT-related ARP and reboot issues.

Hints

  • Cisco states that from IOS XE 17.18.2 onward, warning messages will appear for insecure features and protocols; administrators should migrate to the recommended secure alternatives.
  • Hosted Edge Services monitoring dashboard is introduced in Cisco Catalyst SD-WAN Manager 20.18.x.
  • TACACS+ over TLS 1.3 is recommended as the secure alternative to TACACS+ using pre-shared keys and MD5.
  • Release notes reference Cisco Bug Search Tool for detailed issue information.
Product Information

Vendor: Cisco

Product: IOS XE

Version: Cisco IOS XE 17.18.x

Release date: Dec 4, 2025

View All Updates