PDF(520.4 KB) View with Adobe Reader on a variety of devices
Updated:April 29, 2020
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
For information about open issues with the software, see Caveats.
Introduction
Cisco Catalyst 9500 Series Switches are Cisco's lead purpose-built fixed core and aggregation enterprise switching platform built for security, IoT and Cloud.
These switches deliver complete convergence in terms of ASIC architecture with a Unified Access Data Plane (UADP) 2.0. The platform runs an Open Cisco IOS XE that supports model driven programmability, has the capacity to host containers, and run 3rd party applications and scripts natively within the switch (by virtue of x86 CPU architecture, local storage, and a higher memory footprint). The series forms the foundational building block for Software Defined-Access (SD-Access), which is Cisco’s lead enterprise architecture.
Cisco Catalyst 9500 Series Switches are purpose-built 40 Gigabit switches, targeted for enterprise campus, delivering unmatched table scales (MAC/route/ACL) and buffering for enterprise applications. It offers non-blocking 40G (QSFP) switches with granular port densities that fit diverse campus needs. The series also supports all the foundational high availability capabilities, and redundant platinum rated power supplies and fans.
Whats New in Cisco IOS XE Everest 16.6.10
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.9
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.8
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.7
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.6
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.5
There are no new hardware or software features in this release
Whats New in Cisco IOS XE Everest 16.6.4a
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.4
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.3
There are no new hardware and software features in this release.
Whats New in Cisco IOS XE Everest 16.6.2
Software Features in Cisco IOS XE Everest 16.6.2
Feature Name
Description
Software Install
The Software Install feature facilitates moving from one version of the software to another version in install mode.
Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same github location highlights changes that have been made in the release.
(Network Essentials)
Whats New in Cisco IOS XE Everest 16.6.1
Hardware Features in Cisco IOS XE Everest 16.6.1
Feature Name
Description
40-Gigabit Ethernet QSFP and 10-Gigabit Ethernet SFP Switch Models
C9500-12Q
C9500-40X-2Q
C9500-40X
C9500-48X
These Cisco Catalyst 9500 Series Switches are supported:
C9500-12Q—12 40-Gigabit Ethernet QSFP ports and two power supply slots
C9500-40X-2Q—40 10-Gigabit Ethernet SFP ports and a 2-Port 40-Gigabit Ethernet (QSFP) network module on uplink ports; and two power supply slots
C9500-40X—40 10-Gigabit Ethernet SFP ports and two power supply slots; support for optional network modules on uplink ports — 8-Port 10 Gigabit Ethernet (SFP) and 2-Port 40 Gigabit Ethernet (QSFP)
C9500-48X—40 10-Gigabit Ethernet SFP ports and an 8-Port 10-Gigabit Ethernet (SFP) network module on uplink ports; and two power supply slots
Cisco QSFP to SFP or SFP+ Adapter (Cisco QSA Module) —CVR-QSFP-SFP10G
The Cisco Catalyst 9500 Series Switches support the Cisco QSA Module, which is a pluggable adapter that converts a QSFP port in to an SFP+ port. You can connect only an SFP+ module.
A backward compatible mode, equivalent to not having Cisco Discovery Protocol support. When the feature is enabled, Cisco Discovery Protocol packets are received and transmitted unchanged. Received packets are not processed. No packets are generated. In this mode, 'bump-in-the-wire' behavior is applied to Cisco Discovery Protocol packets.
Cisco NSF works with the Stateful switchover (SSO) feature to minimize the amount of time a network is unavailable to its users following a switchover.
Dual-active-detection using Enhanced Port Aggregation Protocol (ePAGP)
A network system virtualization technology that pairs two switches into one virtual switch to simplify operational efficiency with a single control and management plane. The feature supports:
Minimum Latency Load Balancing—Here, in a Cisco StackWise Virtual setup, Multichassis EtherChannel forwards traffic over the local link, irrespective of the hash result.
Dual-active-detection using ePAgP—Involves detection of a dual-active scenario using on Multichassis EtherChannel, between the switches in a Cisco StackWise Virtual setup.
Note On the Cisco Catalyst 9500 Series Switches, this feature is supported only on the C9500-24Q switch model
High Availability— Graceful Insertion and Removal (GIR)
Uses a maintenance mode to isolate the switch from the network in order to perform debugging, or an upgrade.
GIR is supported for Layer 2 interface shutdown and the Intermediate System to Intermediate System (IS-IS) routing protocol.
When you place the switch in maintenance mode, supported protocols are isolated, and Layer 2 interfaces are shut down. When normal mode is restored, the supported protocols and ports are brought back up.
Internet Group Management Protocol (IGMP) Explicit Tracking
Enables a multicast device to explicitly track the membership of all multicast hosts in a particular multiaccess network. The explicit tracking of hosts, groups, and channels enables the device to keep track of each individual host that is joined to a particular group or channel.
Allows a service provider to support two or more VPNs with overlapping IP addresses using one interface. VRF-Lite uses input interfaces to distinguish routes for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF.
Locator ID Separator Protocol (LISP) Extranet Support and Source Group Access Control List (SGACL) Cell Statistics
LISP Extranet Support—Refers to subscriber to provider communication across instance IDs in a LISP network. With LISP Extranet support, hosts in VRF “A”, for example, can access shared resources in VRF “B”.
SGACL Cell Statistics—An enhancement in the show cts role-based counters ipv4 command, to display all SGACL enforcement statistics for IPv4, providing visibility at the cell level.
external BGP (eBGP) and internal BGP (iBGP) OR eiBGP
IPv6 Provider Edge over MPLS (6PE)
IPv6 VPN Provider Edge over MPLS (6VPE)
The following MPLS features are introduced in this release:
EoMPLS—One of the Any Transport over MPLS (AToM) transport types. EoMPLS provides a tunneling mechanism for Ethernet traffic through an MPLS-enabled Layer 3 core. It encapsulates Ethernet protocol data units (PDUs) inside MPLS packets and uses label stacking to forward them across the MPLS network.
VPLS—A class of VPN that supports the connection of multiple sites in a single bridged domain over a managed IP/MPLS network. VPLS uses the provider core to join multiple attachment circuits together, to simulate a virtual bridge that connects the multiple attachment circuits together.
EIGRP MPLS VPN PE-CE SoO—Introduces the capability to filter MPLS Virtual Private Network (VPN) traffic on a per-site basis for Enhanced Interior Gateway Routing Protocol (EIGRP) networks. SoO filtering is configured at the interface level and is used to manage MPLS VPN traffic, and to prevent transient routing loops from occurring in complex and mixed network topologies.
Route Target Rewrite—Allows the replacement of route targets on incoming and outgoing Border Gateway Protocol (BGP) updates. Route targets are carried as extended community attributes in BGP Virtual Private Network IP Version 4 (VPNv4) updates. Route target extended community attributes are used to identify a set of sites and VPN routing and forwarding (VRF) instances that can receive routes with a configured route target.
eiBGP— Enables you to configure multipath load balancing with both eBGP and iBGP paths in Border Gateway Protocol (BGP) networks that are configured to use MPLS VPNs. The feature provides improved load balancing deployment and service offering capabilities and is useful for multi-homed autonomous systems and Provider Edge (PE) routers that import both eBGP and iBGP paths from multihomed and stub networks.
6PE—A technique that provides global IPv6 reachability over IPv4 MPLS. It allows one shared routing table for all other devices. 6PE allows IPv6 domains to communicate with one another over the IPv4 without an explicit tunnel setup, requiring only one IPv4 address per IPv6 domain.
6VPE—A mechanism to use the IPv4 backbone to provide VPN IPv6 services. 6VPE is like a regular IPv4 MPLS-VPN provider edge, with an addition of IPv6 support within VRF. It provides logically separate routing table entries for VPN member devices.
Programmability features introduced or enhanced in this release:
ZTP—Now supports HTTP file download along with TFTP file download.
Model-Driven Telemetry—Provides a mechanism to stream data from a Model-Driven Telemetry-capable device, to a destination. The data to be streamed is driven through subscription. The feature is enabled automatically, when NETCONF-YANG is started on a device.
iPXE—An open Preboot eXecution Environment (PXE) client that allows a device to boot from a network boot image. iPXE is supported with IPv4 only.
Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same github location highlights changes that have been made in the release.
With this feature, when an active switch fails, the standby switch starts up in a fully-initialized state and synchronizes with the persistent configuration and the running configuration of the active switch. The new active switch uses existing Layer 2 switching information to continue forwarding traffic.
Features introduced and updated on the Web UI in this release:
DNS Proxy Support
Troubleshooting- Audit Device Configuration
Troubleshooting- Debug Bundle
Important Notes
The following are the unsupported hardware and software features for the Cisco Catalyst 9500 Series Switches. For the list of supported features, go to http://www.cisco.com/go/cfn.
Unsupported Hardware Features
– The rear USB 3.0 Port
– Breakout cables and breakout LED
Unsupported Software Features:
– IPsec with FIPS
The following features are supported on the Cisco Catalyst 3850 Series Switches, but not on the Cisco Catalyst 9500 Series Switches:
– 128-bit and 256-bit AES MACsec (IEEE 802.1AE) host link encryption (downlinks) with MACsec Key Agreement (MKA)
– Audio Video Bridging (including IEEE802.1AS, IEEE 802.1Qat, and IEEE 802.1Qav)
– Bluetooth
– Cisco Plug-in for OpenFlow 1.3
– Gateway Load Balancing Protocol (GLBP)
– IPsec VPN
– Multicast—Bidirectional PIM
Supported Hardware
Cisco Catalyst 9500 Series Switches—Model Numbers
Table 1 lists the supported hardware models and the default license levels they are delivered with.
The Base PIDs are the model numbers of the switch.
The Bundled PIDs indicate the orderable part numbers for base PIDs that are bundled with a particular network module; entering the show version, show module, or show inventory on such a (bundled PID) switch displays its base PID.
More information about licensing is in section License Levels
Table 1 Cisco Catalyst 9500 Series Switches—Model Numbers
12 40-Gigabit Ethernet QSFP ports and two power supply slots
C9500-12Q-A
Network Advantage
C9500-24Q-E
Network Essentials
Cisco Catalyst 9500 Series 24-Port 40 Gigabit Ethernet.
C9500-24Q-A
Network Advantage
C9500-40X-E
Network Essentials
40 10-Gigabit Ethernet SFP ports and two power supply slots; support for optional network modules on uplink ports — 8-Port 10 Gigabit Ethernet(SFP) and 2-Port 40 Gigabit Ethernet(QSFP)
C9500-40X-A
Network Advantage
Bundled PIDs
C9500-40X-2Q-E
Network Essentials
40 10-Gigabit Ethernet SFP ports and a 2-Port 40-Gigabit Ethernet (QSFP) network module on uplink ports; and two power supply slots
C9500-40X-2Q-A
Network Advantage
C9500-48X-E
Network Essentials
40 10-Gigabit Ethernet SFP ports and an 8-Port 10-Gigabit Ethernet (SFP) network module on uplink ports; and two power supply slots
Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest (SFP) compatibility information:
– Google Chrome—Version 38 and later (On Windows and Mac)
– Microsoft Internet Explorer—Version 11 or later (On Windows 7 and Windows XP), and Microsoft Edge (On Windows 10)
– Mozilla Firefox—Version 33 and later (On Windows and Mac)
– Safari—Version 7 and later (On Mac)
Finding the Software Version
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Table 4 Software Images
Release
Image
File Name
Cisco IOS XE Everest 16.6.10
CAT9K_IOSXE
cat9k_iosxe.16.06.10.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.10.SPA.bin
Cisco IOS XE Everest 16.6.9
CAT9K_IOSXE
cat9k_iosxe.16.06.09.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.09.SPA.bin
Cisco IOS XE Everest 16.6.8
CAT9K_IOSXE
cat9k_iosxe.16.06.08.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.08.SPA.bin
Cisco IOS XE Everest 16.6.7
CAT9K_IOSXE
cat9k_iosxe.16.06.07.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.07.SPA.bin
Cisco IOS XE Everest 16.6.6
CAT9K_IOSXE
cat9k_iosxe.16.06.06.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.06.SPA.bin
Cisco IOS XE Everest 16.6.5
CAT9K_IOSXE
cat9k_iosxe.16.06.05.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.05.SPA.bin
Cisco IOS XE Everest 16.6.4a
CAT9K_IOSXE
cat9k_iosxe.16.06.04a.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.04a.SPA.bin
Cisco IOS XE Everest 16.6.4
CAT9K_IOSXE
cat9k_iosxe.16.06.04.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.04.SPA.bin
Cisco IOS XE Everest 16.6.3
CAT9K_IOSXE
cat9k_iosxe.16.06.03.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.03.SPA.bin
Cisco IOS XE Everest 16.6.2
CAT9K_IOSXE
cat9k_iosxe.16.06.02.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.02.SPA.bin
Cisco IOS XE Everest 16.6.1
CAT9K_IOSXE
cat9k_iosxe.16.06.01.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.01.SPA.bin
Upgrading the Switch Software
Note You cannot use the Web UI to install, upgrade, or downgrade switch software
Note From Cisco IOS XE Everest 16.6.2 onwards, we support new install commands. These install commands are supported along with the previously supported request platform software commands. Both set of commands are supported at present.
Table 5 request platform software Commands to Upgrade or Downgrade Switch Software
Switch#
request platform software package?
clean
Cleans unnecessary package files from media.
copy
Copies package to media.
describe
Describes package contents.
expand
Expands all-in-one package to media.
install
Installs package.
uninstall
Uninstalls package.
verify
Verifies ISSU software package compatibility.
Table 6 install Commands to Upgrade or Downgrade Switch Software
Switch# install add file filename [ activate commit ]—Use this command to install and activate the specified file, and to commit changes to be persistent across reloads.
Switch# install ? —You can also use the install command to separately install, activate, commit, abort, or remove the installation file.
add file tftp: filename
Copies the install file package from a remote location to the device and performs a compatibility check for the platform and image versions.
activate [ auto-abort-timer ]
Activates the file, and reloads the device.
The auto-abort-timer keyword automatically rolls back the image activation.
commit
Makes changes persistent over reloads.
rollback to committed
Rolls back the update to the last committed version.
abort
Aborts the file activation, and rolls back to the version that was running before the current installation procedure started.
remove
Deletes all unused and inactive software installation files.
Automatic Boot Loader Upgrade
When you upgrade from the existing release on your switch to a later or newer release for the first time, the boot loader may be automatically upgraded, based on the hardware version of the switch. If the boot loader is automatically upgraded, it will take effect on the next reload. If you go back to the older release after this, the boot loader is not downgraded. The updated boot loader supports all previous releases.
For subsequent IOS XE 16.x.x releases, if there is a new boot loader in that release, it may be automatically upgraded based on the hardware version of the switch when you boot up your switch with the new image for the first time.
Caution
Do not power cycle your switch during the upgrade.
Table 7 Automatic Boot Loader Response
Scenario
Automatic Boot Loader Response
If you boot Cisco IOS XE Everest 16.6.2, or Cisco IOS XE Everest 16.6.3, or Cisco IOS XE Everest 16.6.4, or Cisco IOS XE Everest 16.6.4a, or Cisco IOS XE Everest 16.6.5, or Cisco IOS XE Everest 16.6.6, or Cisco IOS XE Everest 16.6.7, or Cisco IOS XE Everest 16.6.8,
or Cisco IOS XE Everest 16.6.9,
or Cisco IOS XE Everest 16.6.10
for the first time
The boot loader may be upgraded to version 16.6.1r [FC1]. For example:
ROM: IOS-XE ROMMON
BOOTLDR: System Bootstrap, Version 16.6.1r [FC1], RELEASE SOFTWARE (P)
If the automatic boot loader upgrade occurs while booting, you will see the following on the console:
%IOSXEBOOT-Wed-###: (rp/0): Nov 03 18:57:44 Universal 2017 PLEASE DO NOT POWER CYCLE ###BOOT LOADER UPGRADING 4
Follow these instructions to upgrade from one release to another, in install mode.
In Cisco IOS XE Everest 16.6.2, a new set of install commands have been introduced for the install and upgrade of images in install mode. You can either use the install commands or the request platform software commands for install, upgrade, and downgrade of software images. For more information, see the Software Install chapter of the System Management Configuration Guide.
Note The install commands are available only from Cisco IOS XE Everest 16.6.2.
The sample output in this section covers upgrade from Cisco IOS XE Everest 16.5.1a to Cisco IOS XE Everest 16.6.1 and from Cisco IOS XE Everest 16.6.1 to Cisco IOS XE Everest 16.6.2 in Install Mode.
This section provides examples of both request platform software and install commands.
Step 1 Ensure that you have at least 1GB of space in flash to expand a new image. Clean up old installation files in case of insufficient space. The following sample output displays the cleaning up of Cisco IOS XE Everest 16.5.1a files
Switch# request platform software package clean
Running command on switch 1
Cleaning up unnecessary package files
No path specified, will use booted path flash:packages.conf
You can also use the install remove inactive command to clean up old installation files in case of insufficient space. The following sample output displays the cleaning up of Cisco IOS XE Everest 16.6.1 files:
Switch# install remove inactive
install_remove: START Mon Oct 30 19:51:48 UTC 2017
Step 4 Use the boot system flash:packages.conf command to set the boot variable.
Switch(config)# boot system flash:packages.conf
Switch(config)# exit
Use the write memory command to save boot settings.
Switch# write memory
Use this command to verify BOOT variable = flash:packages.conf
Switch# show boot system
Software Install Image to Flash
Use the request platform software package install switch all file flash: command to install the target image to flash. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
Note On a device where the Cisco StackWise Virtual feature is configured, we recommend copying the image to a TFTP server or the flash drive of the active switch. If you point to an image on the flash or USB drive of the standby (instead of the active), you must specify the exact flash or USB drive - otherwise installation fails. For example, if the image is on the flash drive of standby switch 2(flash-2):
Switch# request platform software package install switch all file flash-2:cat9k_iosxe.16.06.01.SPA.bin
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
Checking status of install on [1]
[1]: Finished install in switch 1
SUCCESS: Finished install: Success on [1]
Note Old files listed in the logs will not be removed from flash.
You can also use the install add file activate commit command to install the target image to flash. This example displays the upgrade to Cisco IOS XE Everest 16.6.2.
install_add_activate_commit: START Mon Oct 30 19:54:51 UTC 2017
System configuration has been modified.
Press Yes(y) to save the configuration and proceed.
Press No(n) for proceeding without saving the configuration.
Press Quit(q) to exit, you may save configuration and re-enter the command. [y/n/q]yBuilding configuration...
[OK]Modified configuration has been saved
*Oct 30 19:54:55.633: %IOSXE-5-PLATFORM: Switch 1 R0/0: Oct 30 19:54:55 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install one-shot flash:cat9k_iosxe.16.06.02.SPA.bininstall_add_activate_commit: Adding PACKAGE
This operation requires a reload of the system. Do you want to proceed?
Please confirm you have changed boot config to flash:packages.conf [y/n]y
--- Starting initial file syncing ---
Info: Finished copying flash:cat9k_iosxe.16.06.02.SPA.bin to the selected switch(es)
Finished initial file syncing
--- Starting Add ---
Performing Add on all members
[1] Add package(s) on switch 1
[1] Finished Add on switch 1
Checking status of Add on [1]
Add: Passed on [1]
Finished Add
install_add_activate_commit: Activating PACKAGE
Following packages shall be activated:
/flash/cat9k-wlc.16.06.02.SPA.pkg
/flash/cat9k-webui.16.06.02.SPA.pkg
/flash/cat9k-srdriver.16.06.02.SPA.pkg
/flash/cat9k-sipspa.16.06.02.SPA.pkg
/flash/cat9k-sipbase.16.06.02.SPA.pkg
/flash/cat9k-rpboot.16.06.02.SPA.pkg
/flash/cat9k-rpbase.16.06.02.SPA.pkg
/flash/cat9k-guestshell.16.06.02.SPA.pkg
/flash/cat9k-espbase.16.06.02.SPA.pkg
/flash/cat9k-cc_srdriver.16.06.02.SPA.pkg
This operation requires a reload of the system. Do you want to proceed? [y/n]y
--- Starting Activate ---
Performing Activate on all members
[1] Activate package(s) on switch 1
[1] Finished Activate on switch 1
Checking status of Activate on [1]
Activate: Passed on [1]
Finished Activate
--- Starting Commit ---
Performing Commit on all members
*Oct 30 19:57:41.145: %IOSXE-5-PLATFORM: Switch 1 R0/0: Oct 30 19:57:41 rollback_timer.sh: %INSTALL-5-INSTALL_AUTO_ABORT_TIMER_PROGRESS: Install auto abort timer will expire in 7200 seconds [1] Commit package(s) on switch 1
[1] Finished Commit on switch 1
Checking status of Commit on [1]
Commit: Passed on [1]
Finished Commit
Install will reload the system now!
SUCCESS: install_add_activate_commit Mon Oct 30 19:57:48 UTC 2017
Switch#
Note The system reloads automatically after executing the install add file activate commit command. There is no need to manually reload the system.
Step 5 After the software has been successfully installed, verify that the flash partition has nine new .pkg files and three.conf files. See sample output below. The following is sample output from the dir flash: command in Cisco IOS XE Everest 16.6.1:
Step 7 If your switches are configured with auto boot, then the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
Switch: boot flash:packages.conf
When the new image boots up, verify the version of the new image, using the show version command:
Note When you boot the new image, it will automatically update the boot loader, but the new bootloader version is not displayed in the output until the next reload.
The following show version command displays the Cisco IOS XE Everest 16.6.1 image on the device:
Note New switch models that are introduced in a release cannot be downgraded, so if you add a new switch to an existing stack, we recommend upgrading all existing switches. For the list of models introduced in a release, see the list of hardware features in that release.
Follow these instructions to downgrade from one release to another, in install mode. To perform a software image upgrade, you must be booted into IOS via “ boot flash:packages.conf.”
The sample output in this section covers downgrade from Cisco IOS XE Everest 16.6.1 to Cisco IOS XE Everest 16.5.1a and from Cisco IOS XE Everest 16.6.2 to Cisco IOS XE Everest 16.6.1 in Install Mode.
This section provides examples of both request platform software and install commands.
Step 1 Ensure that you have at least 1GB of space in flash to expand a new image. Clean up old installation files in case of insufficient space. The following sample output displays the cleaning up of Cisco IOS XE Everest 16.6.1 files:
Switch# request platform software package clean
This operation may take several minutes...
Running command on switch 1
Cleaning up unnecessary package files
No path specified, will use booted path flash:packages.conf
You can also use the install remove inactive command to clean up old installation files in case of insufficient space. The following sample output displays the cleaning up of Cisco IOS XE Everest 16.6.2 files:
Switch# install remove inactive
install_remove: START Mon Oct 30 19:51:48 UTC 2017
Step 4 Use the request platform software package install command, to downgrade your stack. You can point to the source image on your tftp server or in flash if you have it copied to flash. The following example displays the installation of Cisco IOS XE Everest 16.5.1a software image:
Switch# request platform software package install switch all file flash:cat9k_iosxe.16.05.01a.SPA.bin
--- Starting install local lock acquisition on switch 1 ---
Finished install local lock acquisition on switch 1
SUCCESS: Software provisioned. New software will load on reboot.
[1]: Finished install successful on switch 1
Checking status of install on [1]
[1]: Finished install in switch 1
SUCCESS: Finished install: Success on [1]
You can also use the install add file activate commit command to install the target image to flash. This example displays the installation of Cisco IOS XE Everest 16.6.1:
install_add_activate_commit: START Mon Oct 30 19:54:51 UTC 2017
System configuration has been modified.
Press Yes(y) to save the configuration and proceed.
Press No(n) for proceeding without saving the configuration.
Press Quit(q) to exit, you may save configuration and re-enter the command. [y/n/q]yBuilding configuration...
[OK]Modified configuration has been saved
*Oct 30 19:54:55.633: %IOSXE-5-PLATFORM: Switch 1 R0/0: Oct 30 19:54:55 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install one-shot flash:cat9k_iosxe.16.06.01.SPA.bininstall_add_activate_commit: Adding PACKAGE
This operation requires a reload of the system. Do you want to proceed?
Please confirm you have changed boot config to flash:packages.conf [y/n]y
--- Starting initial file syncing ---
Info: Finished copying flash:cat9k_iosxe.16.06.01.SPA.bin to the selected switch(es)
Finished initial file syncing
--- Starting Add ---
Performing Add on all members
[1] Add package(s) on switch 1
[1] Finished Add on switch 1
Checking status of Add on [1]
Add: Passed on [1]
Finished Add
install_add_activate_commit: Activating PACKAGE
Following packages shall be activated:
/flash/cat9k-wlc.16.06.01.SPA.pkg
/flash/cat9k-webui.16.06.01.SPA.pkg
/flash/cat9k-srdriver.16.06.01.SPA.pkg
/flash/cat9k-sipspa.16.06.01.SPA.pkg
/flash/cat9k-sipbase.16.06.01.SPA.pkg
/flash/cat9k-rpboot.16.06.01.SPA.pkg
/flash/cat9k-rpbase.16.06.01.SPA.pkg
/flash/cat9k-guestshell.16.06.01.SPA.pkg
/flash/cat9k-espbase.16.06.01.SPA.pkg
/flash/cat9k-cc_srdriver.16.06.01.SPA.pkg
This operation requires a reload of the system. Do you want to proceed? [y/n]y
--- Starting Activate ---
Performing Activate on all members
[1] Activate package(s) on switch 1
[1] Finished Activate on switch 1
Checking status of Activate on [1]
Activate: Passed on [1]
Finished Activate
--- Starting Commit ---
Performing Commit on all members
*Oct 30 19:57:41.145: %IOSXE-5-PLATFORM: Switch 1 R0/0: Oct 30 19:57:41 rollback_timer.sh: %INSTALL-5-INSTALL_AUTO_ABORT_TIMER_PROGRESS: Install auto abort timer will expire in 7200 seconds [1] Commit package(s) on switch 1
[1] Finished Commit on switch 1
Checking status of Commit on [1]
Commit: Passed on [1]
Finished Commit
Install will reload the system now!
SUCCESS: install_add_activate_commit Mon Oct 30 19:57:48 UTC 2017
Switch#
Note The system reloads automatically after executing the install add file activate commit command. There is no need to manually reload the system.
Reload
Step 5 Reload the switch
Switch# reload
Step 6 If your switches are configured with auto boot, then the stack will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
Switch: boot flash:packages.conf
Step 7 When the new image boots up, you can verify the version of the new image, by checking show version
Note In the output, note that the boot loader is not automatically downgraded.
The following show version command displays the Cisco IOS XE Everest 16.5.1a image on the device:
This section provides information about the licensing packages for features available on Cisco Catalyst 9000 Series Switches.
License Levels
The software features available on Cisco Catalyst 9500 Series Switches fall under the base or add-on license levels.
Base Licenses
Network Essentials
Network Advantage—Includes features available with the Network Essentials license and more.
Add-On Licenses—Require a Network Essentials or Advantage as a pre-requisite. The features available with add-on license levels provide Cisco innovations on the switch, as well as on the Cisco Digital Network Architecture Center (Cisco DNA Center).
DNA Essentials
DNA Advantage— Includes features available with the DNA Essentials license and more.
To find information about platform support and to know which license levels a feature is available with, use Cisco Feature Navigator. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
License Types
The following license types are available:
Permanent—for a license level, and without an expiration date.
Term— for a license level, and for a three, five, or seven year period.
Evaluation—for a license level, preinstalled on the device, and for a 90-day trial period only.
Ordering with Smart Accounts
We recommend that you use Smart Accounts to order devices as well as licenses. Smart Accounts enable you to manage all of your software licenses for switches, routers, firewalls, access-points or tools from one centralized website. To create Smart Accounts, use the Cisco Smart Software Manager (Cisco SSM).
Note This is especially relevant to the term licenses that you order, because information about the expiry of term licenses is available only through the Cisco SSM website.
Right-to-use (RTU) licensing mode—Supported on Cisco Catalyst 9000 Series Switches, in Cisco IOS XE Everest 16.5.1a. See The RTU Licensing Mode.
Smart Licensing mode—Currently not supported on Cisco Catalyst 9000 Series Switches. It is on the roadmap for future releases.
The RTU Licensing Mode
This is the currently supported licensing mode for Cisco Catalyst 9000 Series Switches.
Right-to-use (RTU) licensing allows you to order and activate a specific license type for a given license level, and then to manage license usage on your switch.
Note The RTU licensing structure has been modified to match the packaging model that will be used with Smart Licensing mode in the future. Unified licensing structures across the RTU and Smart Licensing modes, along with usage reports, will simplify migration and reduce the implementation time required for Smart Licensing.
The license right-to-use command (privilege EXEC mode) provides options to activate or deactivate any license supported on the platform.
Base licenses (Network Essentials and Network-Advantage) may be ordered only with a permanent license type.
Add-on licenses (DNA Essentials and DNA Advantage) may be ordered only with a term license type.
You can set up Cisco SSM to receive daily e-mail alerts, to be notified of expiring add-on licenses that you want to renew.
You must order an add-on license in order to purchase a switch. On term expiry, you can either renew the add-on license to continue using it, or deactivate the add-on license and then reload the switch to continue operating with the base license capabilities.
When ordering an add-on license with a base license, note the combinations that are permitted and those that are not permitted:
4.For this combination, the DNA-Essentials license must be ordered separately using Cisco SSM.
The following features are currently available only at the Network Advantage license level. However, the correct minimum license level for these features is Network Essentials and the CFN reflects this correct license level.
You will be able to configure the feature with a Network Essentials license level after the correction is made in an upcoming release.
– IPv6 Multicast
– IPv6 ACL Support for HTTP Servers
Evaluation licenses cannot be ordered. They can be activated temporarily, without purchase. Warning system messages about the evaluation license expiry are generated 10 and 5 days before the 90-day window. Warning system messages are generated every day after the 90-day period. An expired evaluation license cannot be reactivated after reload.
For more information about using the RTU Licensing Mode, see the System Management > Configuring Right-To-Use Licenses chapter in the software configuration guide.
Scaling Guidelines
For information about feature scaling guidelines, see the Cisco Catalyst 9500 Series Switches datasheet at:
– Use the MODE button to switch-off the beacon LED.
– All port LED behavior is undefined until interfaces are fully initialized.
Cisco TrustSec restrictions—Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
Control Plane Policing (CoPP)—Starting with Cisco IOS XE Everest 16.6.4, the show run command does not display information about classes configured under system-cpp policy, when they are left at default values. Use the show policy-map system-cpp-policy or the s how policy-map control-plane commands in privileged EXEC mode instead.
Flexible NetFlow (FNF) limitations
– You cannot configure NetFlow export using the Ethernet Management port (GigabitEthernet0/0)
– You can not configure a flow monitor on logical interfaces, such as switched virtual interfaces (SVIs), port-channel, loopback, and tunnels.
You can not configure multiple flow monitors of the same type (ipv4, ipv6 or datalink) on the same interface, and in the same direction.
Hardware limitations:
– For all the devices running Cisco IOS XE Everest 16.6.1 or Cisco IOS XE Everest 16.6.2 or Cisco IOS XE Everest 16.6.3, autonegotiation is disabled by default when you use Cisco 40GBASE-CR4 QSFP Direct-Attach Copper Cables, If the other end of the link has autonegotation enabled, the link does not come up.
Note There is no option to turn on autonegotiation on the ports which connect to Cisco 40GBASE-CR4 QSFP cable.
– For all the Catalyst 9500 Series Switches running Cisco IOS XE Everest 16.6.4 and later, autonegotiation is enabled by default when you use Cisco 40GBASE-CR4 QSFP Direct-Attach Copper Cables. If the other end of the link does not support autonegotiation, the link does not come up. You can turn autonegotiation off on the ports which connect to Cisco 40GBASE-CR4 QSFP cable. Use the speed nonegotiate command at the interface. This command disables autonegotiation and brings the link up. To restore autonegotiation, use the no speed nonegotiation command.
Interoperability limitations:
– If one end of the link has a device running Cisco IOS XE Everest 16.6.1 or Cisco IOS XE Everest 16.6.2 or Cisco IOS XE Everest 16.6.3 and the other end is running Cisco IOS XE Fuji 16.8.1, the link does not come up. To avoid this interoperability issue between releases, it is recommended to use the same image across all the Catalyst 9300 Series Switches and Catalyst 9500 Series Switches in the network.
Memory leak—When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may fail. As a workaround, disable the logging discriminator on the device.
QoS restrictions:
– When configuring a QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
– For QoS policies, only SVIs are supported for logical interfaces.
– QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
Secure Shell (SSH)
– Use SSH Version 2. SSH Version 1 is not supported.
– When the device is running SCP (Secure Copy Protocol) and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.
Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can show as much as 40 or 50 percent CPU usage, but they do not cause the device to shutdown.
Smart Install—The feature is deprecated starting with Cisco IOS XE Everest 16.5.1a. The commands are visible on the CLI until Cisco IOS XE Everest 16.6.1, but the feature is not supported. Enter the no vstack command in global configuration mode and disable the feature. Starting from Cisco IOS XE Everest 16.6.2, the vstack command is not available on the CLI.
Wired AVC limitations:
– NBAR2 (QoS and Protocol-discovery) configuration is allowed only on wired physical ports. It is not supported on virtual interfaces, for example, VLAN, port channel nor other logical interfaces.
– NBAR2 based match criteria ‘match protocol’ is allowed only with marking or policing actions. NBAR2 match criteria will not be allowed in a policy that has queuing features configured.
– ‘Match Protocol’: up to 256 concurrent different protocols in all policies.
– NBAR2 attributes based QoS is not supported (‘match protocol attribute’).
– NBAR2 and Legacy NetFlow cannot be configured together at the same time on the same interface. However, NBAR2 and wired AVC Flexible NetFlow can be configured together on the same interface.
– Only IPv4 unicast (TCP/UDP) is supported.
– AVC is not supported on management port (Gig 0/0)
– NBAR2 attachment should be done only on physical access ports. Uplink can be attached as long as it is a single uplink and is not part of a port channel.
– Performance—Each switch member is able to handle 500 connections per second (CPS) at less than 50% CPU utilization. Above this rate, AVC service is not guaranteed.
– Scale— Able to handle up to 5000 bi-directional flows per 24 access ports and 10000 bi-directional flows per 48 access ports
VLAN Restriction: It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
YANG data modeling limitations—A maximum of 20 simultaneous NETCONF sessions are supported.
Caveats
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
The Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats in Cisco IOS XE Everest 16.6.x
The following are the open caveats in this release:
Choose Product Support > WirelessSwitches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
Related Documentation
Cisco Catalyst 9500 Series Switches documentation at this URL:
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation, which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.