Release Notes for Cisco Catalyst 9300 Series Switches, Cisco IOS XE Bengaluru 17.6.x
Introduction
Cisco Catalyst 9300 Series Switches are Cisco’s lead stackable access platforms for the next-generation enterprise and have been purpose-built to address emerging trends of Security, IoT, Mobility, and Cloud.
They deliver complete convergence with the rest of the Cisco Catalyst 9000 Series Switches in terms of ASIC architecture with a Unified Access Data Plane (UADP) 2.0. The platform runs an Open Cisco IOS XE that supports model driven programmability, has the capacity to host containers, and run 3rd party applications and scripts natively within the switch (by virtue of x86 CPU architecture, local storage, and a higher memory footprint). This series forms the foundational building block for SD-Access, which is Cisco’s lead enterprise architecture.
Whats New In Cisco IOS XE Bengaluru 17.6.8
Hardware Features in Cisco IOS XE Bengaluru 17.6.8
There are no new hardware features in this release.
Software Features in Cisco IOS XE Bengaluru 17.6.8
There are no new software features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.7
Hardware Features in Cisco IOS XE Bengaluru 17.6.7
There are no new hardware features in this release.
Software Features in Cisco IOS XE Bengaluru 17.6.7
There are no new software features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.6a
There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
Whats New in Cisco IOS XE Bengaluru 17.6.6
Hardware Features in Cisco IOS XE Bengaluru 17.6.6
There are no new hardware features in this release.
Software Features in Cisco IOS XE Bengaluru 17.6.6
There are no new software features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.5
Hardware Features in Cisco IOS XE Bengaluru 17.6.5
There are no new hardware features in this release.
Software Features in Cisco IOS XE Bengaluru 17.6.5
There are no new software features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.4
Hardware Features in Cisco IOS XE Bengaluru 17.6.4
There are no hardware features in this release.
Software Features in Cisco IOS XE Bengaluru 17.6.4
There are no new software features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.3
Hardware Features in Cisco IOS XE Bengaluru 17.6.3
There are no new hardware features in this release.
Software Features in Cisco IOS XE Bengaluru 17.6.3
There are no new software features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.2
Hardware Features in Cisco IOS XE Bengaluru 17.6.2
Feature Name |
Description and Documentation Link |
||
---|---|---|---|
Cisco Catalyst 9300 SeriesSwitches (C9300X) |
The following new models have been introduced in the series:
For information about the hardware including installation and technical specifications, see the Cisco Catalyst 9300 Series Switches Hardware Installation Guide. For information about the software, see the Software Configuration Guide, Cisco IOS XE Bengaluru 17.6.x (Catalyst 9300 Switches). |
||
Cisco Catalyst 9300 SeriesSwitches (C9300X)—Uplink Network Modules |
The following new models have been introduced in the series:
For information about the hardware including installation and technical specifications, see the Cisco Catalyst 9300 Series Switches Hardware Installation Guide. For information about the software, see the Software Configuration Guide, Cisco IOS XE Bengaluru 17.6.x (Catalyst 9300 Switches). |
Software Features in Cisco IOS XE Bengaluru 17.6.2
Feature Name |
Description and License Level Information |
---|---|
Data MDT Support for L3 TRM |
Introduces support for data multicast distribution tree (MDT) for Layer 3 Tenant Routed Multicast (TRM). Data MDTs are purpose built underlay MDTs to provide optimized forwarding in the MVPN and EVPN core. See BGP EVPN VXLAN → Configuring Tenant Routed Multicast.
(Network Advantage) |
Export Control Key for High Security (HSECK9) |
Introduces support for the HSECK9 key on Cisco Catalyst 9300X Series Switches. The HSECK9 key is an export-controlled license, which authorizes the use of cryptographic features that are restricted by U.S. export control laws. If you want to use a restricted cryptographic feature, an HSECK9 key is required. The list of cryptographic features that require an HSECK9 key currently includes only the IPsec feature. An HSECK9 key is required for each UDI where you want to configure and use the cryptographic feature. A Smart Licensing Authorization Code (SLAC) must be installed for each HSECK9 key that you want to use.
See System Management → Available Licenses and Smart Licensing Using Policy.
(DNA Advantage) |
IPsec
|
IPsec is a framework of open standards developed by the Internet Engineering Task Force. It provides security for the transmission of sensitive information over unprotected networks such as the Internet.
(DNA Advantage with HSECK9 key enabled) |
High Speed Stacking |
The High Speed Stacking feature allows you to configure a homogenous stack of switches to run at the speed of 1Tbps. This feature is supported on the C9300X-48HX and the C9300X-48TX models of the Cisco Catalyst9300 Series Switches. |
Whats New in Cisco IOS XE Bengaluru 17.6.1
Hardware Features in Cisco IOS XE Bengaluru 17.6.1
Feature Name |
Description and Documentation Link |
---|---|
Cisco 10GBASE SFP+ modules |
See Limitations and Restrictions → Hardware Limitations — Optics, before using this module. For information about the module, see Cisco 10GBASE SFP+ Modules Data Sheet. For information about device compatibility, see the Transceiver Module Group (TMG) Compatibility Matrix. |
Cisco QSFP to SFP or SFP+ Adapter (QSA) Module |
For information about the module, see Cisco 40GBASE QSFP Modules Data Sheet. For information about device compatibility, see the Transceiver Module Group (TMG) Compatibility Matrix. |
Direct-Attach Cables for Cisco QSA Module CVR-QSFP-SFP10G |
Supported cable product numbers: SFP-H10GB-CU4M For information about these cables, see Cisco 10GBASE SFP+ Modules Data Sheet. For information about device compatibility, see the Transceiver Module Group (TMG) Compatibility Matrix. |
Software Features in Cisco IOS XE Bengaluru 17.6.1
Feature Name |
Description and License Level Information |
---|---|
IEEE 1588v2 Precision Time Protocol (PTP) on SDA Fabric |
Allows users to send PTP messages in Layer 2 and Layer 3 format in Software-Defined Access (SDA) fabric through overlay, using multicast protocols.
(DNA Advantage) |
IEEE 1588v2 PTP interoperability with MACsec and EtherChannel |
Introduces support for PTP with MACsec and EtherChannel interface.
(DNA Advantage) |
IPv6 Explicit Null Label |
Allows you to use IPv6 Explicit Null Label as a VPN label to exchange IPv6 reachability information over the MPLS core. The label has a value of 2.
(Network Advantage) |
LACP and PAGP over EoMPLS |
Allows forwarding of Link Aggregation Control Protocol (LACP) and Port Aggregation Protocol (PAgP) packets over Ethernet-over-MPLS (EoMPLS) pseudowire in the port mode.
(Network Advantage) |
MLD Snooping over VPLS |
Introduces support for Multicast Listener Discovery (MLD) Snooping over Virtual Private LAN Services (VPLS). This feature allows traffic to be forwarded over pseudowires that receive Internet Group Management Protocol (IGMP) or MLD reports from remote provider edge (PE) devices.
(Network Advantage) |
MPLS Traffic Engineering
|
Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) provides an integrated approach to traffic engineering by incorporating capabilities of Layer 2 into Layer 3.
(Network Advantage) |
Programmability
|
The following programmability features are introduced in this release:
|
RadSec CoA over same tunnel |
Introduces support for RadSec Change of Authorization (CoA) request reception and CoA response transmission over the same authentication channel.
(Network Essentials and Network Advantage) |
SCP improvement in large RTT scenario |
Introduces support for secure copy (SCP) in large round trip time (RTT) settings by using the window-size variable option of the ip ssh bulk-mode command.
(Network Essentials and Network Advantage) |
WCCP - VRF support |
Introduces support for virtual routing and forwarding (VRF) with Web Cache Communication Protocol (WCCP).
(Network Advantage) |
SSO Support for VRRPv3 |
Introduces support for Stateful Switchover (SSO) with Virtual Router Redundancy Protocol version 3 (VRRPv3). Use the fhrp sso command to enable this feature.
(Network Essentials and Network Advantage) |
New on the WebUI |
|
BFD Echo Mode for OSPFv3 |
Provides a mechanism to detect failures in the network between two adjacent switches, including the interfaces, data links, and forwarding planes. This feature can be configured globally, or per interface. |
SDM Templates |
Introduces device specific custom SDM templates that help to optimise the use of physical resources on the device. |
Serviceability |
|
show consistency-checker |
The command was modified. The following keywords were introduced:
|
show platform software fed switch punt packet-capture cpu-top-talker |
The command was modified. cpu-top-talker keyword was introduced. It displays the occurrences of an attribute of a packet capture. |
match device-type regex regular-expression |
The command was modified. regex keyword was introduced. It allows you to define a regular expression for the device type. |
protocol tlv-type number value {string | integer | {regex regular-expression}} |
The command was modified. regex keyword was introduced. It allows you to define a regular expression for the Type-Length-Value (TLV). |
Important Notes
Unsupported Features
-
Cisco TrustSec Network Device Admission Control (NDAC) on Uplinks
-
Converged Access for Branch Deployments
-
IPsec VPN
-
Performance Monitoring (PerfMon)
-
Virtual Routing and Forwarding (VRF)-Aware web authentication
Complete List of Supported Features
For the complete list of features supported on a platform, see the Cisco Feature Navigator at https://cfnng.cisco.com.
Default Behaviour
Beginning from Cisco IOS XE Gibraltar 16.12.5 and later, do not fragment bit (DF bit) in the IP packet is always set to 0 for all outgoing RADIUS packets (packets that originate from the device towards the RADIUS server).
Supported Hardware
Cisco Catalyst 9300 Series Switches—Model Numbers
The following table lists the supported hardware models and the default license levels they are delivered with. For information about the available license levels, see section License Levels .
Switch Model |
Default License Level1 |
Description |
---|---|---|
C9300-24H-A |
Network Advantage |
Stackable 24 10/100/1000 Mbps UPOE+ ports; PoE budget of 830 W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-24H-E |
Network Essentials |
|
C9300-24P-A |
Network Advantage |
Stackable 24 10/100/1000 PoE+ ports; PoE budget of 437W; 715 WAC power supply; supports StackWise-480 and StackPower |
C9300-24P-E |
Network Essentials |
|
C9300-24S-A |
Network Advantage |
Stackable 24 1G SFP ports; two power supply slots with 715 WAC power supply installed by default; supports StackWise-480 and StackPower. |
C9300-24S-E |
Network Essentials |
|
C9300-24T-A |
Network Advantage |
Stackable 24 10/100/1000 Ethernet ports; 350 WAC power supply; supports StackWise-480 and StackPower |
C9300-24T-E |
Network Essentials |
|
C9300-24U-A |
Network Advantage |
Stackable 24 10/100/1000 UPoE ports; PoE budget of 830W; 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-24U-E |
Network Essentials |
|
C9300-24UB-A |
Network Advantage |
Stackable 24 10/100/1000 Mbps UPOE ports that provide deep buffers and higher scale; PoE budget of 830W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-24UB-E |
Network Essentials |
|
C9300-24UX-A |
Network Advantage |
Stackable 24 Multigigabit Ethernet 100/1000/2500/5000/10000 UPoE ports; PoE budget of 490 W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-24UX-E |
Network Essentials |
|
C9300-24UXB-A |
Network Advantage |
Stackable 24 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE ports that provide deep buffers and higher scale; PoE budget of 560 W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-24UXB-E |
Network Essentials |
|
C9300-48H-A |
Network Advantage |
Stackable 48 10/100/1000 Mbps UPOE+ ports; PoE budget of 822 W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-48H-E |
Network Essentials |
|
C9300-48T-A |
Network Advantage |
Stackable 48 10/100/1000 Ethernet ports; 350 WAC power supply; supports StackWise-480 and StackPower |
C9300-48T-E |
Network Essentials |
|
C9300-48P-A |
Network Advantage |
Stackable 48 10/100/1000 PoE+ ports; PoE budget of 437W; 715 WAC power supply; supports StackWise-480 and StackPower |
C9300-48P-E |
Network Essentials |
|
C9300-48S-A |
Network Advantage |
Stackable 48 1G SFP ports; two power supply slots with 715 WAC power supply installed by default; supports StackWise-480 and StackPower. |
C9300-48S-E |
Network Essentials |
|
C9300-48T-A |
Network Advantage |
Stackable 48 10/100/1000 Ethernet ports; 350 WAC power supply; supports StackWise-480 and StackPower |
C9300-48T-E |
Network Essentials |
|
C9300-48U-A |
Network Advantage |
Stackable 48 10/100/1000 UPoE ports; PoE budget of 822 W; 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-48U-E |
Network Essentials |
|
C9300-48UB-A |
Network Advantage |
Stackable 48 10/100/1000 Mbps UPOE ports that provide deep buffers and higher scale; PoE budget of 822 W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-48UB-E |
Network Essentials |
|
C9300-48UN-A |
Network Advantage |
Stackable 48 Multigigabit Ethernet (100 Mbps or 1/2.5/5 Gbps) UPoE ports; PoE budget of 610 W with 1100 WAC power supply; supports StackWise-480 and StackPower |
C9300-48UN-E |
Network Essentials |
|
C9300-48UXM-A |
Network Advantage |
Stackable 48 (36 2.5G Multigigabit Ethernet and 12 10G Multigigabit Ethernet Universal Power Over Ethernet (UPOE) ports) |
C9300-48UXM-E |
Network Essentials |
Switch Model |
Default License Level2 |
Description |
---|---|---|
C9300L-24T-4G-A |
Network Advantage |
Stackable 24x10/100/1000M Ethernet ports; 4x1G SFP fixed uplink ports; 350 WAC power supply; supports StackWise-320. |
C9300L-24T-4G-E |
Network Essentials |
|
C9300L-24P-4G-A |
Network Advantage |
Stackable 24x10/100/1000M PoE+ ports; 4x1G SFP fixed uplink ports; PoE budget of 505W with 715 WAC power supply; supports StackWise-320. |
C9300L-24P-4G-E |
Network Essentials |
|
C9300L-24T-4X-A |
Network Advantage |
Stackable 24x10/100/1000M Ethernet ports; 4x10G SFP+ fixed uplink ports; 350 WAC power supply; supports StackWise-320. |
C9300L-24T-4X-E |
Network Essentials |
|
C9300L-24P-4X-A |
Network Advantage |
Stackable 24x10/100/1000M PoE+ ports; 4x10G SFP+ fixed uplink ports; PoE budget of 505W with 715 WAC power supply; supports StackWise-320. |
C9300L-24P-4X-E |
Network Essentials |
|
C9300L-48T-4G-A |
Network Advantage |
Stackable 48x10/100/1000M Ethernet ports; 4x1G SFP fixed uplink ports; 350 WAC power supply; supports StackWise-320. |
C9300L-48T-4G-E |
Network Essentials |
|
C9300L-48P-4G-A |
Network Advantage |
Stackable 48x10/100/1000M PoE+ ports; 4x1G SFP fixed uplink ports; PoE budget of 505W with 715 WAC power supply; supports StackWise-320. |
C9300L-48P-4G-E |
Network Essentials |
|
C9300L-48T-4X-A |
Network Advantage |
Stackable 48x10/100/1000M Ethernet ports; 4x10G SFP+ fixed uplink ports; 350 WAC power supply; supports StackWise-320. |
C9300L-48T-4X-E |
Network Essentials |
|
C9300L-48P-4X-A |
Network Advantage |
Stackable 48x10/100/1000M PoE+ ports; 4x10G SFP+ fixed uplink ports; PoE budget of 505W with 715 WAC power supply; supports StackWise-320. |
C9300L-48P-4X-E |
Network Essentials |
|
C9300L-48PF-4G-A |
Network Advantage |
Stackable 48 10/100/1000 Mbps PoE+ ports; 4x1G SFP+ fixed uplink ports; PoE budget of 890 W with 1100 WAC power supply; supports StackWise-320. |
C9300L-48PF-4G-E |
Network Essentials |
|
C9300L-48PF-4X-A |
Network Advantage |
Stackable 48 10/100/1000 Mbps PoE+ ports; 4x10G SFP+ fixed uplink ports; PoE budget of 890 W with 1100 WAC power supply; supports StackWise-320. |
C9300L-48PF-4X-E |
Network Essentials |
|
C9300L-24UXG-4X-A |
Network Advantage |
Stackable 16 10/100/1000 Mbps and 8 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE ports; 4x10G SFP+ fixed uplink ports; PoE budget of 880 W with 1100 WAC power supply; supports StackWise-320. |
C9300L-24UXG-4X-E |
Network Essentials |
|
C9300L-24UXG-2Q-A |
Network Advantage |
Stackable 16 10/100/1000 Mbps and 8 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE ports; 2x40G QSFP+ fixed uplink ports; PoE budget of 722 W with 1100 WAC power supply; supports StackWise-320. |
C9300L-24UXG-2Q-E |
Network Essentials |
|
C9300L-48UXG-4X-A |
Network Advantage |
Stackable 36 10/100/1000 Mbps and 12 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE ports; 4x10G SFP+ fixed uplink ports; PoE budget of 675 W with 1100 WAC power supply; supports StackWise-320. |
C9300L-48UXG-4X-E |
Network Essentials |
|
C9300L-48UXG-2Q-A |
Network Advantage |
Stackable 36 10/100/1000 Mbps and 12 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE ports; 2x40G QSFP+ fixed uplink ports; PoE budget of 675 W with 1100 WAC power supply; supports StackWise-320. |
C9300L-48UXG-2Q-E |
Network Essentials |
Switch Model |
Default License Level3 |
Description |
---|---|---|
C9300X-12Y-A |
Network Advantage |
Stackable 12 1/10/25 GE SFP28 downlink ports; 715 WAC power supply; supports StackPower+, StackWise-1T and C9300X-NM network modules. |
C9300X-12Y-E |
Network Essentials |
|
C9300X-24Y-A |
Network Advantage |
Stackable 24 1/10/25 GE SFP28 downlink ports; 715 WAC power supply; supports StackPower+, StackWise-1 and C9300X-NM network modules. |
C9300X-24Y-E |
Network Essentials |
|
C9300X-48HX-A |
Network Advantage |
Stackable 48 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) UPOE+ports; PoE budget of 590W with 1100 WAC power supply; supports StackPower+, StackWise-1T and C9300X-NM network modules. |
C9300X-48HX-E |
Network Essentials |
|
C9300X-48TX-A |
Network Advantage |
Stackable 48 Multigigabit Ethernet (100 Mbps or 1/2.5/5/10 Gbps) ports; 715WAC powersupply; supports StackPower+, StackWise-1T and C9300X-NM network modules. |
C9300X-48TX-E |
Network Essentials |
|
C9300X-48HXN-E |
Network Essentials |
Network Modules
The following table lists the optional uplink network modules with 1-Gigabit, 10-Gigabit, 25-Gigabit, and 40-Gigabit slots. You should only operate the switch with either a network module or a blank module installed.
Network Module |
Description |
---|---|
C3850-NM-4-1G 1 |
Four 1 Gigabit Ethernet SFP module slots |
C3850-NM-2-10G 1 |
Two 10 Gigabit Ethernet SFP module slots |
C3850-NM-4-10G 1 |
Four 10 Gigabit Ethernet SFP module slots |
C3850-NM-8-10G 1 |
Eight 10 Gigabit Ethernet SFP module slots |
C3850-NM-2-40G 1 |
Two 40 Gigabit Ethernet SFP module slots |
C9300-NM-4G 2 |
Four 1 Gigabit Ethernet SFP module slots |
C9300-NM-4M 2 |
Four MultiGigabit Ethernet slots |
C9300-NM-8X 2 |
Eight 10 Gigabit Ethernet SFP+ module slots |
C9300-NM-2Q 2 |
Two 40 Gigabit Ethernet QSFP+ module slots |
C9300-NM-2Y 2 |
Two 25 Gigabit Ethernet SFP28 module slots |
C9300X-NM-2C3 |
Two 40 Gigabit Ethernet/100 Gigabit Ethernet QSFP+ module slots |
C9300X-NM-4C 3 |
Four 40 Gigabit Ethernet/100 Gigabit Ethernet slots with a QSFP+ connector ineach slot. |
C9300X-NM-8M3 |
Eight Multigigabit Ethernet slots |
C9300X-NM-8Y3 |
Eight 25 Gigabit Ethernet/10 Gigabit Ethernet/1 Gigabit Ethernet SFP+ module slots |
Note |
|
The following table lists the network modules that are supported on the Cisco Catalyst 9300X-HXN Series Switches and the ports that are usable on each of these network module:
Network Module |
Cisco IOS XE Cupertino 17.7.1 and Previous Releases |
Cisco IOS XE Cupertino 17.8.1 and Later Releases |
---|---|---|
C9300X-NM-8Y (8x25G) |
Ports 1 to 4 usable. |
Ports 1 to 6 usable. Ports 7 and 8 are permanently disabled. |
C9300X-NM-8M (8xmGig) |
Ports 1 to 4 usable. |
Ports 1 to 6 usable. Ports 7 and 8 are permanently disabled. |
C9300X-NM-2C (2x100G/2x40G) |
Ports 1 to 2 usable. No breakout cable support. |
Ports 1 and 2 usable. Breakout cable supported only on port 1. No support for breakout cable on port 2. |
Optics Modules
Cisco Catalyst Series Switches support a wide range of optics and the list of supported optics is updated on a regular basis. Use the Transceiver Module Group (TMG) Compatibility Matrix tool, or consult the tables at this URL for the latest transceiver module compatibility information: https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Compatibility Matrix
The following table provides software compatibility information between Cisco Catalyst 9300 Series Switches, Cisco Identity Services Engine, Cisco Access Control Server, and Cisco Prime Infrastructure.
Catalyst 9300 |
Cisco Identity Services Engine |
Cisco Access Control Server |
Cisco Prime Infrastructure |
---|---|---|---|
Bengaluru 17.6.8 |
3.2 Patch 4 |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.7 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.6a |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.6 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.5 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.4 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.3 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.2 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.1 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
C9300, C9300L, and C9300X: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Bengaluru 17.5.1 |
3.0 Patch 1 2.7 Patch 2 2.6 Patch 7 2.4 Patch 13 |
- |
C9300, C9300L, and C9300X: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Bengaluru 17.4.1 |
3.0 2.7 Patch 2 |
- |
C9300 and C9300L: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.8a |
2.7 |
- |
C9300 and C9300L: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.8 |
2.7 |
- |
C9300 and C9300L: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.7 |
2.7 |
- |
C9300 and C9300L: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.6 |
2.7 |
- |
C9300 and C9300L: PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.5 |
2.7 |
- |
C9300 and C9300L: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.4 |
2.7 |
- |
C9300 and C9300L: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.3 |
2.7 |
- |
C9300 and C9300L: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.2a |
2.7 |
- |
C9300 and C9300L: PI 3.8 + PI 3.8 latest maintenance release + PI 3.8 latest device pack See Cisco Prime Infrastructure 3.8 → Downloads. |
Amsterdam 17.3.1 |
2.7 |
- |
C9300 and C9300L: PI 3.8 + PI 3.8 latest maintenance release + PI 3.8 latest device pack See Cisco Prime Infrastructure 3.8 → Downloads. |
Amsterdam 17.2.1 |
2.7 |
- |
C9300 and C9300L: PI 3.7 + PI 3.7 latest maintenance release + PI 3.7 latest device pack See Cisco Prime Infrastructure 3.7 → Downloads. |
Amsterdam 17.1.1 |
2.7 |
- |
C9300: PI 3.6 + PI 3.6 latest maintenance release + PI 3.6 latest device pack C9300L: - See Cisco Prime Infrastructure 3.6 → Downloads. |
Gibraltar 16.12.8 |
2.6 |
- |
C9300: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack C9300L: - See Cisco Prime Infrastructure 3.9 → Downloads. |
Gibraltar 16.12.7 |
2.6 |
- |
C9300: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack C9300L: - See Cisco Prime Infrastructure 3.9 → Downloads. |
Gibraltar 16.12.6 |
2.6 |
- |
C9300: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack C9300L: - See Cisco Prime Infrastructure 3.9 → Downloads. |
Gibraltar 16.12.5b |
2.6 |
- |
C9300: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack C9300L: - See Cisco Prime Infrastructure 3.9 → Downloads. |
Gibraltar 16.12.5 |
2.6 |
- |
C9300: PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack C9300L: - See Cisco Prime Infrastructure 3.9 → Downloads. |
Gibraltar 16.12.4 |
2.6 |
- |
C9300: PI 3.8 + PI 3.8 latest maintenance release + PI 3.8 latest device pack C9300L: - See Cisco Prime Infrastructure 3.8 → Downloads. |
Gibraltar 16.12.3a |
2.6 |
- |
C9300: PI 3.5 + PI 3.5 latest maintenance release + PI 3.5 latest device pack C9300L: - See Cisco Prime Infrastructure 3.5 → Downloads. |
Gibraltar 16.12.3 |
2.6 |
- |
C9300: PI 3.5 + PI 3.5 latest maintenance release + PI 3.5 latest device pack C9300L: - See Cisco Prime Infrastructure 3.5 → Downloads. |
Gibraltar 16.12.2 |
2.6 |
- |
C9300: PI 3.5 + PI 3.5 latest maintenance release + PI 3.5 latest device pack C9300L: - See Cisco Prime Infrastructure 3.5 → Downloads. |
Gibraltar 16.12.1 |
2.6 |
- |
C9300: PI 3.5 + PI 3.5 latest maintenance release + PI 3.5 latest device pack C9300L: - See Cisco Prime Infrastructure 3.5 → Downloads. |
Gibraltar 16.11.1 |
2.6 2.4 Patch 5 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4 → Downloads. |
Gibraltar 16.10.1 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.8 |
2.5 2.1 |
5.4 5.5 |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Fuji 16.9.7 |
2.5 2.1 |
5.4 5.5 |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Fuji 16.9.6 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.5 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.4 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.3 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.2 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.1 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.8.1a |
2.3 Patch 1 2.4 |
5.4 5.5 |
PI 3.3 + PI 3.3 latest maintenance release + PI 3.3 latest device pack See Cisco Prime Infrastructure 3.3→ Downloads. |
Everest 16.6.4a |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads. |
Everest 16.6.4 |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads. |
Everest 16.6.3 |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads |
Everest 16.6.2 |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads |
Everest 16.6.1 |
2.2 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads |
Everest 16.5.1a |
2.1 Patch 3 |
5.4 5.5 |
- |
Web UI System Requirements
The following subsections list the hardware and software required to access the Web UI:
Minimum Hardware Requirements
Processor Speed |
DRAM |
Number of Colors |
Resolution |
Font Size |
---|---|---|---|---|
233 MHz minimum4 |
512 MB5 |
256 |
1280 x 800 or higher |
Small |
Software Requirements
Operating Systems
-
Windows 10 or later
-
Mac OS X 10.9.5 or later
Browsers
-
Google Chrome—Version 59 or later (On Windows and Mac)
-
Microsoft Edge
-
Mozilla Firefox—Version 54 or later (On Windows and Mac)
-
Safari—Version 10 or later (On Mac)
ROMMON Versions
ROMMON, also known as the boot loader, is firmware that runs when the device is powered up or reset. It initializes the processor hardware and boots the operating system software (Cisco IOS XE software image). The ROMMON is stored on the following Serial Peripheral Interface (SPI) flash devices on your switch:
-
Primary: The ROMMON stored here is the one the system boots every time the device is powered-on or reset.
-
Golden: The ROMMON stored here is a backup copy. If the one in the primary is corrupted, the system automatically boots the ROMMON in the golden SPI flash device.
ROMMON upgrades may be required to resolve firmware defects, or to support new features, but there may not be new versions with every release.
Release |
ROMMON Version (C9300 Models) |
ROMMON Version (C9300L Models) |
ROMMON Version (C9300X Models) |
ROMMON Version (C9300LM Models) |
---|---|---|---|---|
Bengaluru 17.6.8 |
17.6.6r |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.7 |
17.6.6r |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.6a |
17.6.6r |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.6 |
17.6.6r |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.5 |
17.6.6r |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.4 |
17.6.1r[FC2] |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.3 |
17.6.1r[FC2] |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.2 |
17.6.1r[FC2] |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.6.1 |
17.6.1r[FC2] |
17.6.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.5.1 |
17.5.2r |
17.4.1r[FC2] |
17.5.1r |
- |
Bengaluru 17.4.1 |
17.4.1r |
17.4.1r[FC2] |
- |
- |
Amsterdam 17.3.8a |
17.3.8r |
17.8.1r[FC2] |
- |
- |
Amsterdam 17.3.8 |
17.3.8r |
17.8.1r[FC2] |
- |
- |
Amsterdam 17.3.7 |
17.3.2r |
17.8.1r[FC2] |
- |
- |
Amsterdam 17.3.6 |
17.3.2r |
17.8.1r[FC2] |
- |
- |
Amsterdam 17.3.5 |
17.3.2r |
17.8.1r[FC2] |
- |
- |
Amsterdam 17.3.4 |
17.3.2r |
17.3.2r |
- |
- |
Amsterdam 17.3.3 |
17.3.2r |
17.3.2r |
- |
- |
Amsterdam 17.3.2a |
17.3.2r |
17.3.2r |
- |
- |
Amsterdam 17.3.1 |
17.3.1r[FC2] |
17.1.1r [FC1] |
- |
- |
Amsterdam 17.2.1 |
17.2.1r[FC1] |
17.1.1r[FC1] |
- |
- |
Amsterdam 17.1.1 |
17.1.1r [FC1] |
17.1.1r [FC1] |
- |
- |
Upgrading the Switch Software
This section covers the various aspects of upgrading or downgrading the device software.
Note |
You cannot use the Web UI to install, upgrade, or downgrade device software. |
Finding the Software Version
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note |
Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license. |
You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Software Images
Release |
Image Type |
File Name |
---|---|---|
Cisco IOS XE Bengaluru 17.6.8 |
CAT9K_IOSXE |
cat9k_lite_iosxe.17.06.08.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.08.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.7 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.07.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.07.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.6a |
CAT9K_IOSXE |
cat9k_iosxe.17.06.06a.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.06a.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.6 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.06.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.06.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.5 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.05.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.05.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.4 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.04.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.04.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.3 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.03.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.03.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.2 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.02.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.02.SPA.bin |
|
Cisco IOS XE Bengaluru 17.6.1 |
CAT9K_IOSXE |
cat9k_iosxe.17.06.01.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.06.01.SPA.bin |
Upgrading the ROMMON
To know the ROMMON or bootloader version that applies to every major and maintenance release, see ROMMON Versions.
You can upgrade the ROMMON before, or, after upgrading the software version. If a new ROMMON version is available for the software version you are upgrading to, proceed as follows:
-
Upgrading the ROMMON in the primary SPI flash device
This ROMMON is upgraded automatically. When you upgrade from an existing release on your switch to a later or newer release for the first time, and there is a new ROMMON version in the new release, the system automatically upgrades the ROMMON in the primary SPI flash device, based on the hardware version of the switch.
-
Upgrading the ROMMON in the golden SPI flash device
You must manually upgrade this ROMMON. Enter the upgrade rom-monitor capsule golden switch command in privileged EXEC mode.
Note
-
In case of a switch stack, perform the upgrade on the active switch and all members of the stack.
-
After the ROMMON is upgraded, it will take effect on the next reload. If you go back to an older release after this, the ROMMON is not downgraded. The updated ROMMON supports all previous releases.
Software Installation Commands
Summary of Software Installation Commands Supported starting from Cisco IOS XE Everest 16.6.2 and later releases |
|
---|---|
To install and activate the specified file, and to commit changes to be persistent across reloads:
To separately install, activate, commit, cancel, or remove the installation file: |
|
add file tftp: filename |
Copies the install file package from a remote location to the device and performs a compatibility check for the platform and image versions. |
activate [ auto-abort-timer] |
Activates the file, and reloads the device. The auto-abort-timer keyword automatically rolls back image activation. |
commit |
Makes changes persistent over reloads. |
rollback to committed |
Rolls back the update to the last committed version. |
abort |
Cancels file activation, and rolls back to the version that was running before the current installation procedure started. |
remove |
Deletes all unused and inactive software installation files. |
Note |
The request platform software commands are deprecated starting from Cisco IOS XE Gibraltar 16.10.1. The commands are visible on the CLI in this release and you can configure them, but we recommend that you use the install commands to upgrade or downgrade. |
Summary of request platform software Commands |
|
---|---|
|
|
clean |
Cleans unnecessary package files from media |
copy |
Copies package to media |
describe |
Describes package content |
expand |
Expands all-in-one package to media |
install |
Installs the package |
uninstall |
Uninstalls the package |
verify |
Verifies In Service Software Upgrade (ISSU) software package compatibility |
Upgrading in Install Mode
Follow these instructions to upgrade from one release to another, in install mode. To perform a software image upgrade, you must be booted into IOS through boot flash:packages.conf .
Before you begin
Note that you can use this procedure for the following upgrade scenarios:
When upgrading from ... |
Use these commands... |
To upgrade to... |
---|---|---|
Cisco IOS XE Everest 16.5.1a or Cisco IOS XE Everest 16.6.1 |
Only request platform software commands |
Cisco IOS XE Bengaluru 17.6.x |
Cisco IOS XE Everest 16.6.2 and all later releases |
Either install commands or request platform software commands6. |
The sample output in this section displays upgrade from Cisco IOS XE Bengaluru 17.5.1 to Cisco IOS XE Bengaluru 17.6.1 using install commands only.
Procedure
Step 1 |
Clean-up install remove inactive
Use this command to clean-up old installation files in case of insufficient space and to ensure that you have at least 1GB of space in flash, to expand a new image. The following sample output displays the cleaning up of unused files, by using the
install remove inactive
command:
|
||
Step 2 |
Copy new image to flash |
||
Step 3 |
Set boot variable |
||
Step 4 |
Install image to flash install add file activate commit
Use this command to install the image. We recommend that you point to the source image on your TFTP server or the
flash drive of the active switch, if you have copied the image to flash memory.
If you point to an image on the flash or USB drive of a member switch (instead of the
active), you must specify the exact flash or USB drive - otherwise installation fails.
For example, if the image is on the flash drive of member switch 3 (flash-3):
The following sample output displays
installation of the Cisco IOS XE Bengaluru 17.6.1 software
image in the flash memory:
|
||
Step 5 |
Verify installation After the software has been successfully installed, use the dir flash: command to verify that the flash partition has ten new |
||
Step 6 |
show version After the image boots up, use this command to verify the version of the new image. The following sample output of the show version command
displays the Cisco IOS XE Bengaluru 17.6.1 image on the
device:
|
Downgrading in Install Mode
Follow these instructions to downgrade from one release to another, in install mode. To perform a software image downgrade, you must be booted into IOS through boot flash:packages.conf .
Before you begin
Note that you can use this procedure for the following downgrade scenarios:
When downgrading from ... |
Use these commands... |
To downgrade to... |
---|---|---|
Cisco IOS XE Bengaluru 17.6.x |
Either install commands or request platform software command7. |
Cisco IOS XE Bengaluru 17.5.x or earlier releases. |
Note |
New switch models that are introduced in a release cannot be downgraded. The release in which a switch model is introduced is the minimum software version for that model. |
The sample output in this section shows downgrade from Cisco IOS XE Bengaluru 17.6.1 to Cisco IOS XE Bengaluru 17.5.1, using install commands.
Microcode Downgrade Prerequisite:
Starting from Cisco IOS XE Gibraltar 16.12.1, a new microcode is introduced to support IEEE 802.3bt Type 3 standard for UPOE switches in the series (C9300-24U, C9300-48U, C9300-24UX, C9300-48UXM, C9300-48UN). The new microcode is not backward-compatible with some releases, because of which you must also downgrade the microcode when you downgrade to one of these releases. If the microcode is not downgraded, PoE features will be impacted after the downgrade.
Depending on the release you are downgrading to and the commands you use to downgrade, review the table below for the action you may have to take:
When downgrading from ... |
To one of These Releases |
by Using... |
Action For Microcode Downgrade |
Cisco IOS XE Gibraltar 16.12.1 or a later release |
Cisco IOS XE Everest 16.6.1 through Cisco IOS XE Everest 16.6.6 Cisco IOS XE Fuji 16.9.1 through Cisco IOS XE Fuji 16.9.2 |
install commands |
Microcode will roll back automatically as part of the software installation. No further action is required. |
request platform software commands or or bundle boot |
Manually downgrade the microcode before downgrading the software image. Enter the hw-module mcu rollback command in global configuration mode, to downgrade microcode. |
Procedure
Step 1 |
Clean-up install remove inactive
Use this command to clean-up old installation files in case of insufficient space and to ensure that you have at least 1GB of space in flash, to expand a new image. The following sample output displays the cleaning up of unused files, by using the
install remove inactive
command:
|
||
Step 2 |
Copy new image to flash |
||
Step 3 |
Set boot variable |
||
Step 4 |
Downgrade software image install add file activate commit
Use this command to install the image. We recommend that you point to the source image on your TFTP server or the
flash drive of the active switch, if you have copied the image to flash memory.
If you point to an image on the flash or USB drive of a member switch (instead of the
active), you must specify the exact flash or USB drive - otherwise installation fails.
For example, if the image is on the flash drive of member switch 3 (flash-3):
The following example displays the
installation of the Cisco IOS XE Bengaluru 17.5.1 software
image to flash, by using the install add file activate commit
command.
|
||
Step 5 |
Verify version show version
After the image boots up, use this command to verify the version of the new image.
The
following sample output of the show version command displays
the Cisco IOS XE Bengaluru 17.5.1 image
on the device:
|
Field-Programmable Gate Array Version Upgrade
A field-programmable gate array (FPGA) is a type of programmable memory device that exists on Cisco switches. They are re-configurable logic circuits that enable the creation of specific and dedicated functions.
To check the current FPGA version, enter the version -v command in ROMMON mode.
Note |
|
Licensing
This section provides information about the licensing packages for features available on Cisco Catalyst 9000 Series Switches.
License Levels
The software features available on Cisco Catalyst 9300 Series Switches fall under these base or add-on license levels.
Base Licenses
-
Network Essentials
-
Network Advantage—Includes features available with the Network Essentials license and more.
Add-On Licenses
Add-On Licenses require a Network Essentials or Network Advantage as a pre-requisite. The features available with add-on license levels provide Cisco innovations on the switch, as well as on the Cisco Digital Network Architecture Center (Cisco DNA Center).
-
DNA Essentials
-
DNA Advantage— Includes features available with the DNA Essentials license and more.
To find information about platform support and to know which license levels a feature is available with, use Cisco Feature Navigator. To access Cisco Feature Navigator, go to https://cfnng.cisco.com. An account on cisco.com is not required.
Available Licensing Models and Configuration Information
-
Cisco IOS XE Fuji 16.8.x and earlier: RTU Licensing is the default and the only supported method to manage licenses.
-
Cisco IOS XE Fuji 16.9.1 to Cisco IOS XE Amsterdam 17.3.1: Smart Licensing is the default and the only supported method to manage licenses.
In the software configuration guide of the required release, see System Management → Configuring Smart Licensing.
-
Cisco IOS XE Amsterdam 17.3.2a and later: Smart Licensing Using Policy, which is an enhanced version of Smart Licensing, is the default and the only supported method to manage licenses.
For more information, see Configuring Licenses on Cisco Catalyst 9000 Series Switches.
For a more detailed overview on Cisco Licensing, go to Cisco Software Licensing Guide.
License Levels - Usage Guidelines
-
The duration or term for which a purchased license is valid:
Smart Licensing Using Policy
Smart Licensing
-
Perpetual: There is no expiration date for such a license.
-
Subscription: The license is valid only until a certain date (for a three, five, or seven year period).
-
Permanent: for a license level, and without an expiration date.
-
Term: for a license level, and for a three, five, or seven year period.
-
Evaluation: a license that is not registered.
-
-
Base licenses (Network Essentials and Network-Advantage) are ordered and fulfilled only with a perpetual or permanent license type.
-
Add-on licenses (DNA Essentials and DNA Advantage) are ordered and fulfilled only with a subscription or term license type.
-
An add-on license level is included when you choose a network license level. If you use DNA features, renew the license before term expiry, to continue using it, or deactivate the add-on license and then reload the switch to continue operating with the base license capabilities.
-
When ordering an add-on license with a base license, note the combinations that are permitted and those that are not permitted:
Table 5. Permitted Combinations DNA Essentials
DNA Advantage
Network Essentials
Yes
No
Network Advantage
Yes8
Yes
8 You will be able to purchase this combination only at the time of the DNA license renewal and not when you purchase DNA-Essentials the first time. -
Evaluation licenses cannot be ordered. They are not tracked via Cisco Smart Software Manager and expire after a 90-day period. Evaluation licenses can be used only once on the switch and cannot be regenerated. Warning system messages about an evaluation license expiry are generated only 275 days after expiration and every week thereafter. An expired evaluation license cannot be reactivated after reload. This applies only to Smart Licensing. The notion of evaluation licenses does not apply to Smart Licensing Using Policy.
Scaling Guidelines
For information about feature scaling guidelines, see the Cisco Catalyst 9300 Series Switches datasheet at:
Limitations and Restrictions
-
Control Plane Policing (CoPP)—The show run command does not display information about classes configured under
system-cpp policy
, when they are left at default values. Use the show policy-map system-cpp-policy or the show policy-map control-plane commands in privileged EXEC mode instead. -
Cisco TrustSec restrictions—Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
-
Flexible NetFlow limitations
-
You cannot configure NetFlow export using the Ethernet Management port (GigabitEthernet0/0).
-
You can not configure a flow monitor on logical interfaces, such as layer 2 port-channels, loopback, tunnels.
-
You can not configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction.
-
-
Hardware Limitations — Optics:
-
SFP-10G-T-X supports 100Mbps/1G/10G speeds based on auto negotiation with the peer device. 10Mbps speed is not supported and you cannot force speed settings from the transceiver.
-
PHY Loopback test is not supported on SFP-10G-T-X.
-
-
QoS restrictions
-
When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
-
For QoS policies, only switched virtual interfaces (SVI) are supported for logical interfaces.
-
QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
-
Stack Queuing and Scheduling (SQS) drops CPU bound packets exceeding 1.4 Gbps.
-
-
Secure Shell (SSH)
-
Use SSH Version 2. SSH Version 1 is not supported.
-
When the device is running SCP and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.
Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can show as much as 40 or 50 percent CPU usage, but they do not cause the device to shutdown.
-
-
Smart Licensing Using Policy: Starting with Cisco IOS XE Amsterdam 17.3.2a, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.
The licensing utilities and user interfaces that are affected by this limitation include only the following: Cisco Smart Software Manager (CSSM), Cisco Smart License Utility (CSLU), and Smart Software Manager On-Prem (SSM On-Prem).
-
Stacking:
-
A switch stack supports up to eight stack members.
-
Only homogenous stacking is supported, mixed stacking is not.
C9300 SKUs can be stacked only with other C9300 SKUs. Similarly C9300L SKUs can be stacked only with other C9300L SKUs.
The following additional restriction applies to the C9300-24UB, C9300-24UXB, and C9300-48UB models of the series: These models can be stacked only with each other. They cannot be stacked with other C9300 SKUs.
-
Auto upgrade for a new member switch is supported only in the install mode.
-
-
TACACS legacy command: Do not configure the legacy tacacs-server host command; this command is deprecated. If the software version running on your device is Cisco IOS XE Gibraltar 16.12.2 or a later release, using the legacy command can cause authentication failures. Use the tacacs server command in global configuration mode.
-
USB Authentication—When you connect a Cisco USB drive to the switch, the switch tries to authenticate the drive against an existing encrypted preshared key. Since the USB drive does not send a key for authentication, the following message is displayed on the console when you enter password encryption aes command:
Device(config)# password encryption aes Master key change notification called without new or old key
-
MACsec is not supported on Software-Defined Access deployments.
-
VLAN Restriction—It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
-
Wired Application Visibility and Control limitations:
-
NBAR2 (QoS and Protocol-discovery) configuration is allowed only on wired physical ports. It is not supported on virtual interfaces, for example, VLAN, port channel nor other logical interfaces.
-
NBAR2 based match criteria ‘match protocol’ is allowed only with marking or policing actions. NBAR2 match criteria will not be allowed in a policy that has queuing features configured.
-
‘Match Protocol’: up to 256 concurrent different protocols in all policies.
-
NBAR2 and Legacy NetFlow cannot be configured together at the same time on the same interface. However, NBAR2 and wired AVC Flexible NetFlow can be configured together on the same interface.
-
Only IPv4 unicast (TCP/UDP) is supported.
-
AVC is not supported on management port (Gig 0/0)
-
NBAR2 attachment should be done only on physical access ports. Uplink can be attached as long as it is a single uplink and is not part of a port channel.
-
Performance—Each switch member is able to handle 2000 connections per second (CPS) at less than 50% CPU utilization. Above this rate, AVC service is not guaranteed.
-
Scale—Able to handle up to 20000 bi-directional flows per 24 access ports and per 48 access ports.
-
-
YANG data modeling limitation—A maximum of 20 simultaneous NETCONF sessions are supported.
-
Embedded Event Manager—Identity event detector is not supported on Embedded Event Manager.
-
In the following conditions power is not shared to any switch on the stack even if there is enough power available:
-
30W systems with PoE availability equal to or lesser than 32W.
-
60W systems with PoE availability equal to or lesser than 62W.
-
90W systems with PoE availability equal to or lesser than 92W.
-
-
The File System Check (fsck) utility is not supported in install mode.
-
Power supply index value (ciscoEnvMonSupplyStatusIndex) changes after the re-seating of power supply unit.
Caveats
Caveats describe unexpected behavior in Cisco IOS-XE releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats in Cisco IOS XE Bengaluru 17.6.x
Identifier |
Description |
---|---|
Dynamic power budget negotiation take too long in Ring stack-power on C9300 |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.8
Identifier |
Description |
---|---|
Unexpected reload on C9K switch while running dot1X and device tracking |
|
xFSU failure on stacked switches with SMU installed |
|
C9300-48UXM (V03) may loop packets internally on tenGig downlinks on boot up in certain conditions. |
|
C9300 - QSFP Accelink displaying 0.0 dBM in TX lane transceiver output |
|
C9300L stack standby interface config removed when the standby added to stack |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.7
Identifier |
Description |
---|---|
CSCwi35710 |
Interface on C9300X-12Y/24Y remains down when configured with speed nonegotiate |
CSCwf47727 |
9300: SNMP traps are not being generated when the device temperature crosses the threshold |
CSCwh24851 |
Catalyst 9300L switch reports Stack Adapter Authentication Failure |
CSCwe83840 |
C9300 power supply index value remain old value onetime |
CSCwi37669 |
macro is getting pushed on closed and open auth ports when macro is global enabled |
CSCwh94840 |
Interfaces stop forwarding traffic and not releasing QoS buffers |
CSCwf10970 |
fed process crashing after AVB policy-map manipulation |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.6a
Identifier |
Description |
---|---|
CSCwh87343 |
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.6
Identifier |
Description |
---|---|
CSCwd56049 |
Some C9300 mGig switches do not link up fully with certain 100Mbit end devices |
CSCwd28734 |
Cat9k memory leak in pubd causes switch reload |
CSCwd78924 |
Cat9300 | PoE Imax error detected for PD requesting 30W (non class 4 PDs) |
CSCwe09745 |
Memory leak in Pubd when continuously trying to connect to remote peer |
CSCwe18993 |
PoE devices connected to C9300-24P/48P series of switches losing power and staying in "down" state |
CSCwe54047 |
C9300X booted as Standalone will Observe packet loss between Inter-ASIC Traffic Flows |
CSCwe95691 |
PnP | Cat9k sends DHCP Discover with IP Source address 192.168.1.1 instead of 0.0.0.0 |
CSCwe36743 |
Segmentation Fault - Crash - SSH - When Changing AAA Group Configs |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.5
Identifier |
Description |
---|---|
C9300L uplink using GLC-SX-MMD not coming up |
|
hw-module breakout command not working on C9300-48UN IOS version 17.6.3 |
|
Cat9300 Stack port remains down after standby power cord OIR |
|
BGP timers not supported after upgrade |
|
'no ip dhcp excluded-address' doesn't work post 17.2.1 release |
|
C9300X with SFP-10G-T-X Copper transceiver has random packet loss with 1G speed after OIR |
|
C9300L-48UXG-4X: TMPFS leak due to excessive logging to debug_logging_file |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.4
Identifier |
Description |
---|---|
High CPU Utilization and memory utilization by Smart Licensing Agent |
|
Few ip phones connected to c9300-mGig switches unable to link up if "no mdix auto" is configured |
|
Cat9300 : snmp get/set does not change the integer value. |
|
some notification-type is missing for "snmp-server host xxx" command |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.3
Identifier |
Description |
---|---|
xFSU-C9300L, xFSU from 17.3.x to 17.6.1 fails and switch does normal upgrade traffic dwn for 200 sec |
|
Multicast packets replicates twice after redundant switch take power off |
|
Unexpected reload in HTTP CORE process |
|
Randomly CTS enforcement not happening if multiple Tabs are used from the ISE to push COA |
|
Unable to delete ip helper-address from the VLAN interface |
|
Link may not come up between C9300 and C9500 at 25G with SFP-10/25G-CSR-S |
|
BinOS: linux_iosd-imag_rp_0 memory leak with chasfs_ctx_int_t upon insert/remove events in PM |
|
Linecard stops forwarding traffic |
|
Cat9300-48UX ports may not link up when connected to peer Intel NIC I219 |
|
Cat9k | standby unexpected reload when no ip helper-address global is executed |
|
C9300 Rcv-Err counter keeps increasing on connected to 2960 port |
|
Error seen when deleting ip igmp snooping querier |
|
Excessive btrace loggign of chasync.sh causes TMPFS exhaustion on stack of Switches. |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.2
Identifier |
Description |
---|---|
Cat9300L: 1G SFP uplink does not come up after reload |
|
Flexlink+ preempt not work normally and cause traffic down |
Resolved Caveats in Cisco IOS XE Bengaluru 17.6.1
There are no resolved caveats in this release.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
https://www.cisco.com/en/US/support/index.html
Go to Product Support and select your product from the list or enter the name of your product. Look under Troubleshoot and Alerts, to find information for the problem that you are experiencing.
Related Documentation
Information about Cisco IOS XE at this URL: https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html
All support documentation for Cisco Catalyst 9300 Series Switches is at this URL: https://www.cisco.com/c/en/us/support/switches/catalyst-9300-series-switches/tsd-products-support-series-home.html
Cisco Validated Designs documents at this URL: https://www.cisco.com/go/designzone
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: https://cfnng.cisco.com/mibs
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business results you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.