Release Notes for Cisco Catalyst 9600 Series Switches, Cisco IOS XE Cupertino 17.7.x
Introduction
Cisco Catalyst 9600 Series Switches are the next generation purpose-built 40 GigabitEthernet, 50 GigabitEthernet, 100 GigabitEthernet, and 400 GigabitEthernet modular core and aggregation platform providing resiliency at scale with the industry’s most comprehensive security while allowing your business to grow at the lowest total operational cost. They have been purpose-built to address emerging trends of Security, IoT, Mobility, and Cloud.
They deliver hardware and software convergence in terms of ASIC architecture with Unified Access Data Plane (UADP) 3.0 and Cisco Silicon One Q200. The platform runs an Open Cisco IOS XE that supports model driven programmability, Serial Advanced Technology Attachment (SATA) Solid State Drive (SSD) local storage, and a higher memory footprint). The series forms the foundational building block for SD-Access, which is Cisco’s lead enterprise architecture.
It also supports features that provide high availability, advanced routing and infrastructure services, security capabilities, and application visibility and control.
Whats New in Cisco IOS XE Cupertino 17.7.1
Hardware Features in Cisco IOS XE Cupertino 17.7.1
Feature Name |
Description and Documentation Link |
---|---|
Cisco Catalyst 9600 Series Supervisor Engine 2 (C9600X-SUP-2) |
This supervisor engine is supported on Cisco Catalyst 9600 Series 6 Slot Chassis (C9606R). It has two 10G SFP+ management ports. One port is used for management and the other port can be used to connect to any port on the line cards. These two ports only support 10G SFP+ transceivers. Compatible line cards:
For more information about the hardware, see the Cisco Catalyst 9600 Series Supervisor Engine Installation Note and Cisco Catalyst 9600 Series Switches Hardware Installation Guide. For more information about supported software features, see Software Configuration Guide, Cisco IOS XE Cupertino 17.7.x (Catalyst 9600 Switches) and Command Reference, Cisco IOS XE Cupertino 17.7.x (Catalyst 9600 Switches). |
C9600-LC-40YL4CD |
Cisco Catalyst 9600 Series 40-Port 50G, 2-Port 200G, 2-Port 400G Line Card. It supports:
For more information about the hardware, see Cisco Catalyst 9600 Series Line Card Installation Note. |
Software Features in Cisco IOS XE Cupertino 17.7.1
Feature Name |
Description and License Level Information |
---|---|
AAA Authentication Cache for 802.1x |
Introduces support for AAA authentication caching for 802.1x.
|
AES67 Compliance |
Introduces support for AES67 timing profile for high-performance streaming and audio-over-IP interoperability in audio devices.
|
Cisco TrustSec support with IEEE 802.1X |
Introduces support for interoperability of Cisco TrustSec with IEEE 802.1x.
|
Low priority control packet mapping to Non-Low Latency Queueing (LLQ) |
The system generated low-priority CPU traffic is now mapped to threshold 2 of a non-priority queue with highest bandwidth. |
MACsec Access Control Option |
Introduces support for MACsec access control option to allow unencrypted packets to be transmitted or received from the same physical interface.
|
Mandatory enable secret password in the initial configuration |
For a device that loads with no start-up configuration, the enable secret password is now a mandatory configuration in the initial configuration wizard.
|
MPLS Traffic Engineering
|
|
PBR support on GRE Tunnel |
Allows Policy Based Routing (PBR) to forward traffic on a GRE tunnel. With this, the next-hop IP address for PBR can be a GRE tunnel.
|
Programmability
|
The following programmability features are introduced in this release:
|
PTPv2 and gPTP without Stateful Switchover (SSO) |
Introduces support for Precision Time Protocol (PTP) and Generalized PTP (gPTP) without SSO. PTP is defined in IEEE 1588v2 as Precision Clock Synchronization for Networked Measurements and Control Systems, and was developed to synchronize the clocks in packet-based networks that include distributed device clocks of varying precision and stability. gPTP is an IEEE 802.1 AS standard, that provides a mechanism to synchronize the clocks of the bridges and end-point devices in a network.
(Network Advantage) |
Smart Licensing Using Policy
|
The following Smart Licensing Using Policy enhancements were introduced in this release:
|
Switch Integrated Security Features (SISF): ARP Protection |
Support for the prevention of IPv4 spoofing was introduced (Detection and reporting of IPv4 spoofing is supported since the introductory release of SISF). |
New on the WebUI |
|
There are no WebUI features in this release. | |
Serviceability |
|
access-session host-mode multi-host peer |
The command was modified. peer keyword was introduced. Use this command to enable authentication and authorization of a device before any other devices on the fabric edge port. Ensure that the extended node is the peer device that is connected to the fabric edge port. |
show ip pim vrf |
The command was introduced. It displays Protocol Independent Multicast (PIM) related information for all VRFs. |
show ip mroute vrf |
The command was introduced. It displays all the multicast VPN routing and forwarding (VRF) instances related to multicast routing tables. |
show consistency-checker mcast l3m |
The command was modified. mcast l3m keyword was introduced. It displays inconsistent states of software entries on the Layer 3 multicast forwarding tables. |
Important Notes
Unsupported Features: Cisco Catalyst 9600 Series Supervisor 2 Module
-
Cisco Trustsec
-
Cisco TrustSec Manual Configuration
-
Cisco TrustSec Security Association Protocol (SAP)
-
Cisco TrustSec Metadata Header Encapsulation
-
IPv6 Support for SGT and SGACL
-
Cisco TrustSec SGT Caching
-
TrustSec SGT Handling: L2 SGT Imposition and Forwarding
-
Cisco TrustSec SGT Inline Tagging
-
-
High Availability
-
Quad-Supervisor with Route Processor Redundancy
-
Cisco StackWise Virtual
-
Secure StackWise Virtual
-
-
Interface and Hardware
-
Per-port MTU
-
Link Debounce Timer
-
EnergyWise
-
-
IP Addressing Services
-
Next Hop Resolution Protocol (NHRP)
-
Network Address Translation (NAT)
-
Gateway Load Balancing Protocol (GLBP)
-
Web Cache Communication Protocol (WCCP)
-
Switchport Block Unknown Unicast and Switchport Block Unknown Multicast
-
Message Session Relay Protocol (MSRP)
-
TCP MSS Adjustment
-
GRE IPv6 Tunnels
-
IP Fast Reroute (IP FRR)
-
-
IP Multicast Routing
-
Multicast Routing over GRE Tunnel
-
Multicast VLAN Registration (MVR) for IGMP Snooping
-
IPv6 Multicast over Point-to-Point GRE
-
IGMP Proxy
-
Bidirectional PIM
-
Multicast VPN
-
MVPNv6
-
mVPN Extranet Support
-
MLDP-Based VPN
-
PIM Snooping
-
PIM Dense Mode
-
-
IP Routing
-
OSPFv2 Loop-Free Alternate IP Fast Reroute
-
EIGRP Loop-Free Alternate IP Fast Reroute
-
Policy-Based Routing (PBR)
-
VRF-Aware PBR
-
Local PBR
-
PBR for Object-Group Access Control List (OGACL) Based Matching
-
Multipoint GRE
-
Web Cache Communication Protocol (WCCP)
-
Unicast and Multicast over Point-to-Multipoint GRE
-
-
Layer 2
-
Multi-VLAN Registration Protocol (MVRP)
-
Loop Detection Guard
-
-
Multiprotocol Label Switching
-
BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS VPN
-
MPLS over GRE
-
MPLS Layer 2 VPN over GRE
-
MPLS Layer 3 VPN over GRE
-
Virtual Private LAN Service (VPLS)
-
VPLS Autodiscovery, BGP-based
-
VPLS Layer 2 Snooping: Internet Group Management Protocol or Multicast Listener Discovery
-
Hierarchical VPLS with MPLS Access
-
VPLS Routed Pseudowire IRB(v4) Unicast
-
MPLS VPN Inter-AS Options (options A, B, and AB)
-
MPLS VPN Inter-AS IPv4 BGP Label Distribution
-
Seamless Multiprotocol Label Switching
-
-
Network Management
-
ERSPAN and RSPAN
-
Flow-Based Switch Port Analyser
-
FRSPAN
-
Egress Netflow
-
IP Aware MPLS Netflow
-
NetFlow Version 5
-
-
Quality of Service
-
QoS Ingress Shaping
-
VPLS QoS
-
Microflow Policers
-
Per VLAN Policy and Per Port Policer
-
Mixed COS/DSCP Threshold in a QoS LAN-queueing Policy
-
Easy QoS: match-all Attributes
-
Classify: Packet Length
-
Class-Based Shaping for DSCP/Prec/COS/MPLS Labels
-
CoPP Microflow Policing
-
Egress Policing
-
Egress Microflow Destination-Only Policing
-
Ethertype Classification
-
Packet Classification Based on Layer3 Packet-Length
-
PACLs
-
Per IP Session QoS
-
Per Queue Policer
-
QoS Data Export
-
QoS L2 Missed Packets Policing
-
-
Security
-
Lawful Intercept
-
MACsec:
-
MACsec EAP-TLS
-
Switch-to-host MACsec
-
Certificate-based MACsec
-
Cisco TrustSec SAP MACsec
-
-
MAC ACLs
-
Port ACLs
-
VLAN ACLs
-
IP Source Guard
-
IPv6 Source Guard
-
Web-based Authentication
-
Port Security
-
Weighted Random Early Detection mechanism (WRED) Based on DSCP, PREC, or COS
-
IEEE 802.1x Port-Based Authentication
-
-
System Management
-
Unicast MAC Address Filtering
-
-
VLAN
-
Wired Dynamic PVLAN
-
Private VLANs
-
Complete List of Supported Features
For the complete list of features supported on a platform, see the Cisco Feature Navigator.
Default Behaviour
Beginning from Cisco IOS XE Gibraltar 16.12.5 and later, do not fragment bit (DF bit) in the IP packet is always set to 0 for all outgoing RADIUS packets (packets that originate from the device towards the RADIUS server).
Supported Hardware
Cisco Catalyst 9600 Series Switches—Model Numbers
The following table lists the supported switch models. For information about the available license levels, see section License Levels.
Switch Model (append with “=” for spares) |
Description |
---|---|
C9606R |
Cisco Catalyst 9606R Switch
|
Supported Hardware on Cisco Catalyst 9600 Series Switches
Product ID (append with “=” for spares) |
Description |
---|---|
Supervisor Modules |
|
C9600-SUP-1 |
Cisco Catalyst 9600 Series Supervisor 1 Module This supervisor module is supported on the C9606R chassis. |
C9600X-SUP-2 |
Cisco Catalyst 9600 Series Supervisor Engine 2 This supervisor module is supported on the C9606R chassis. |
C9K-F2-SSD-240GB |
Cisco Catalyst 9600 Series 240GB SSD Storage |
C9K-F2-SSD-480GB |
Cisco Catalyst 9600 Series 480GB SSD Storage |
C9K-F2-SSD-960GB |
Cisco Catalyst 9600 Series 960GB SSD Storage |
Line Cards |
|
C9600-LC-40YL4CD |
Cisco Catalyst 9600 Series 40-Port SFP56, 2-Port QSFP56, 2-Port QSFP-DD line card.
|
C9600-LC-48YL |
Cisco Catalyst 9600 Series 48-Port SFP56 line card.
|
C9600-LC-24C |
Cisco Catalyst 9600 Series 24-Port 40G/12-Port 100G line card.
|
C9600-LC-48TX |
Cisco Catalyst 9600 Series 48-Port MultiGigabit RJ45 line card.
|
C9600-LC-48S |
Cisco Catalyst 9600 Series 48-Port SFP line card.
|
AC Power Supply Modules |
|
C9600-PWR-2KWAC |
Cisco Catalyst 9600 Series 2000W AC Power Supply Module3 |
DC Power Supply Modules |
|
C9600-PWR-2KWDC |
Cisco Catalyst 9600 Series 2000W DC Power Supply Module |
Optics Modules
Cisco Catalyst Series Switches support a wide range of optics and the list of supported optics is updated on a regular basis. Use the Transceiver Module Group (TMG) Compatibility Matrix tool, or consult the tables at this URL for the latest transceiver module compatibility information: https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Compatibility Matrix
The following table provides software compatibility information between Cisco Catalyst 9600 Series Switches, Cisco Identity Services Engine, Cisco Access Control Server, and Cisco Prime Infrastructure.
Catalyst 9600 |
Cisco Identity Services Engine |
Cisco Access Control Server |
Cisco Prime Infrastructure |
---|---|---|---|
Cupertino 17.7.1 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.7 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.6a |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.6 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.5 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.4 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.3 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.2 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Bengaluru 17.6.1 |
3.1 3.0 latest patch 2.7 latest patch 2.6 latest patch 2.4 latest patch |
- |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Bengaluru 17.5.1 |
3.0 Patch 1 2.7 Patch 2 2.6 Patch 7 2.4 Patch 13 |
- |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Bengaluru 17.4.1 |
3.0 2.7 Patch 2 |
- |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.8a |
2.7 |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.8 |
2.7 |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.7 |
2.7 |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.6 |
2.7 |
- |
PI 3.10 + PI 3.10 latest maintenance release + PI 3.10 latest device pack See Cisco Prime Infrastructure 3.10 → Downloads. |
Amsterdam 17.3.5 |
2.7 |
- |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.4 |
2.7 |
- |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.3 |
2.7 |
- |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Amsterdam 17.3.2a |
2.7 |
- |
PI 3.8 + PI 3.8 latest maintenance release + PI 3.8 latest device pack See Cisco Prime Infrastructure 3.8 → Downloads. |
Amsterdam 17.3.1 |
2.7 |
- |
PI 3.8 + PI 3.8 latest maintenance release + PI 3.8 latest device pack See Cisco Prime Infrastructure 3.8 → Downloads. |
Amsterdam 17.2.1 |
2.7 |
- |
PI 3.7 + PI 3.7 latest maintenance release + PI 3.7 latest device pack See Cisco Prime Infrastructure 3.7 → Downloads. |
Amsterdam 17.1.1 |
2.7 |
- |
- |
Gibraltar 16.12.8 |
2.6 |
- |
- |
Gibraltar 16.12.7 |
2.6 |
- |
- |
Gibraltar 16.12.6 |
2.6 |
- |
- |
Gibraltar 16.12.5b |
2.6 |
- |
- |
Gibraltar 16.12.5 |
2.6 |
- |
- |
Gibraltar 16.12.4 |
2.6 |
- |
- |
Gibraltar 16.12.3a |
2.6 |
- |
- |
Gibraltar 16.12.3 |
2.6 |
- |
- |
Gibraltar 16.12.2 |
2.6 |
- |
- |
Gibraltar 16.12.1 |
2.6 |
- |
- |
Gibraltar 16.11.1 |
2.6 2.4 Patch 5 |
5.4 5.5 |
- |
Gibraltar 16.10.1 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.8 |
2.5 2.1 |
5.4 5.5 |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Fuji 16.9.7 |
2.5 2.1 |
5.4 5.5 |
PI 3.9 + PI 3.9 latest maintenance release + PI 3.9 latest device pack See Cisco Prime Infrastructure 3.9 → Downloads. |
Fuji 16.9.6 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.5 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.9.4 |
2.3 Patch 1 2.4 Patch 1 |
5.4 5.5 |
PI 3.4 + PI 3.4 latest maintenance release + PI 3.4 latest device pack See Cisco Prime Infrastructure 3.4→ Downloads. |
Fuji 16.8.1a |
2.3 Patch 1 2.4 |
5.4 5.5 |
PI 3.3 + PI 3.3 latest maintenance release + PI 3.3 latest device pack See Cisco Prime Infrastructure 3.3→ Downloads. |
Everest 16.6.4a |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads. |
Everest 16.6.4 |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads. |
Everest 16.6.3 |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads |
Everest 16.6.2 |
2.2 2.3 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads |
Everest 16.6.1 |
2.2 |
5.4 5.5 |
PI 3.1.6 + Device Pack 13 See Cisco Prime Infrastructure 3.1 → Downloads |
Everest 16.5.1a |
2.1 Patch 3 |
5.4 5.5 |
- |
Web UI System Requirements
The following subsections list the hardware and software required to access the Web UI:
Minimum Hardware Requirements
Processor Speed |
DRAM |
Number of Colors |
Resolution |
Font Size |
---|---|---|---|---|
233 MHz minimum4 |
512 MB5 |
256 |
1280 x 800 or higher |
Small |
Software Requirements
Operating Systems
-
Windows 10 or later
-
Mac OS X 10.9.5 or later
Browsers
-
Google Chrome—Version 59 or later (On Windows and Mac)
-
Microsoft Edge
-
Mozilla Firefox—Version 54 or later (On Windows and Mac)
-
Safari—Version 10 or later (On Mac)
ROMMON Versions
ROMMON, also known as the boot loader, is firmware that runs when the device is powered up or reset. It initializes the processor hardware and boots the operating system software (Cisco IOS XE software image). The ROMMON is stored on the following Serial Peripheral Interface (SPI) flash devices on your switch:
-
Primary: The ROMMON stored here is the one the system boots every time the device is powered-on or reset.
-
Golden: The ROMMON stored here is a backup copy. If the one in the primary is corrupted, the system automatically boots the ROMMON in the golden SPI flash device.
ROMMON upgrades may be required to resolve firmware defects, or to support new features, but there may not be new versions with every release.
The following table provides ROMMON version information for the Cisco Catalyst 9600 Series Supervisor Modules. For ROMMON version information of Cisco IOS XE 16.x.x releases, refer to the corresponding Cisco IOS XE 16.x.x release notes of the respective platform.
Release |
ROMMON Version (C9600-SUP-1) |
ROMMON Version (C9600X-SUP-2) |
---|---|---|
Cupertino 17.7.1 |
17.6.1r |
17.7.1r[FC3] |
Bengaluru 17.6.7 |
17.6.1r |
- |
Bengaluru 17.6.6a |
17.6.1r |
- |
Bengaluru 17.6.6 |
17.6.1r |
- |
Bengaluru 17.6.5 |
17.6.1r |
- |
Bengaluru 17.6.4 |
17.6.1r |
- |
Bengaluru 17.6.3 |
17.6.1r |
- |
Bengaluru 17.6.2 |
17.6.1r |
- |
Bengaluru 17.6.1 |
17.6.1r |
- |
Bengaluru 17.5.1 |
17.3.1r[FC2] |
- |
Bengaluru 17.4.1 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.8a |
17.3.1r[FC2] |
- |
Amsterdam 17.3.8 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.7 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.6 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.5 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.4 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.3 |
17.3.1r[FC2] |
- |
Amsterdam 17.3.2a |
17.3.1r[FC2] |
- |
Amsterdam 17.3.1 |
17.3.1r[FC2] |
- |
Amsterdam 17.2.1 |
17.1.1[FC2] |
- |
Amsterdam 17.1.1 |
17.1.1[FC1] |
- |
Upgrading the Switch Software
This section covers the various aspects of upgrading or downgrading the device software.
Note |
You cannot use the Web UI to install, upgrade, or downgrade device software. |
Finding the Software Version
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note |
Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license. |
You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Software Images
Release |
Image Type |
File Name |
---|---|---|
Cisco IOS XE Cupertino 17.7.1 |
CAT9K_IOSXE |
cat9k_iosxe.17.07.01.SPA.bin |
No Payload Encryption (NPE) |
cat9k_iosxe_npe.17.07.01.SPA.bin |
Upgrading the ROMMON
To know the ROMMON or bootloader version that applies to every major and maintenance release, see ROMMON Versions.
You can upgrade the ROMMON before, or, after upgrading the software version. If a new ROMMON version is available for the software version you are upgrading to, proceed as follows:
-
Upgrading the ROMMON in the primary SPI flash device
This ROMMON is upgraded automatically. When you upgrade from an existing release on your switch to a later or newer release for the first time, and there is a new ROMMON version in the new release, the system automatically upgrades the ROMMON in the primary SPI flash device, based on the hardware version of the switch.
-
Upgrading the ROMMON in the golden SPI flash device
You must manually upgrade this ROMMON. Enter the upgrade rom-monitor capsule golden switch command in privileged EXEC mode.
Note
-
In case of a Cisco StackWise Virtual setup, upgrade the active and standby supervisor modules.
-
In case of a High Availability set up, upgrade the active and standby supervisor modules.
-
After the ROMMON is upgraded, it will take effect on the next reload. If you go back to an older release after this, the ROMMON is not downgraded. The updated ROMMON supports all previous releases.
Software Installation Commands
Summary of Software Installation Commands |
|
---|---|
To install and activate the specified file, and to commit changes to be persistent across reloads:
To separately install, activate, commit, cancel, or remove the installation file: |
|
add file tftp: filename |
Copies the install file package from a remote location to the device and performs a compatibility check for the platform and image versions. |
activate [ auto-abort-timer] |
Activates the file, and reloads the device. The auto-abort-timer keyword automatically rolls back image activation. |
commit |
Makes changes persistent over reloads. |
rollback to committed |
Rolls back the update to the last committed version. |
abort |
Cancels file activation, and rolls back to the version that was running before the current installation procedure started. |
remove |
Deletes all unused and inactive software installation files. |
Upgrading in Install Mode
Follow these instructions to upgrade from one release to another, using install commands, in install mode. To perform a software image upgrade, you must be booted into IOS through boot flash:packages.conf .
Before you begin
Caution |
You must comply with these cautionary guidelines during an upgrade:
|
Note that you can use this procedure for the following upgrade scenarios:
When upgrading from ... |
To... |
---|---|
Cisco IOS XE Bengaluru 17.6.x or earlier releases |
Cisco IOS XE Cupertino 17.7.x |
The sample output in this section displays upgrade from Cisco IOS XE Bengaluru 17.6.1 to Cisco IOS XE Cupertino 17.7.1 using install commands.
Procedure
Step 1 |
Clean-up install remove inactive
Use this command to clean-up old installation files in case of insufficient space and to ensure that you have at least 1GB of space in flash, to expand a new image. The following sample output displays the cleaning up of unused files, by using the install remove inactive command:
|
||
Step 2 |
Copy new image to flash |
||
Step 3 |
Set boot variable |
||
Step 4 |
Install image to flash install add file activate commit
Use this command to install the image. We recommend that you point to the source image on a TFTP server or the flash , if you have copied the image to flash memory. The following sample output displays installation of the Cisco IOS XE Cupertino 17.7.1 software image to flash:
|
||
Step 5 |
Verify installation After the software has been successfully installed, use the dir flash: command to verify that the flash partition has ten new |
||
Step 6 |
Verify version show version After the image boots up, use this command to verify the version of the new image. The following sample output of the show version command displays the Cisco IOS XE Cupertino 17.7.1 image on the device:
|
Downgrading in Install Mode
Follow these instructions to downgrade from one release to another, in install mode. To perform a software image downgrade, you must be booted into IOS through boot flash:packages.conf .
Before you begin
Note that you can use this procedure for the following downgrade scenarios:
When downgrading from ... |
To ... |
---|---|
Cisco IOS XE Cupertino 17.7.x |
Cisco IOS XE Bengaluru 17.6.x or earlier releases. |
Note |
New switch models that are introduced in a release cannot be downgraded. The release in which a module is introduced is the minimum software version for that model. We recommend upgrading all existing hardware to the same release as the latest hardware. |
The sample output in this section shows downgrade from Cisco IOS XE Cupertino 17.7.1 to Cisco IOS XE Bengaluru 17.6.1, using install commands.
Procedure
Step 1 |
Clean-up install remove inactive
Use this command to clean-up old installation files in case of insufficient space and to ensure that you have at least 1GB of space in flash, to expand a new image. The following sample output displays the cleaning up of unused files, by using the install remove inactive command:
|
||
Step 2 |
Copy new image to flash |
||
Step 3 |
Set boot variable |
||
Step 4 |
Downgrade software image install add file activate commit
Use this command to install the image. We recommend that you point to the source image on a TFTP server or the flash , if you have copied the image to flash memory. The following example displays the installation of the Cisco IOS XE Bengaluru 17.6.1 software image to flash, by using the install add file activate commit command.
|
||
Step 5 |
Verify version show version After the image boots up, use this command to verify the version of the new image.
The following sample output of the show version command displays the Cisco IOS XE Bengaluru 17.6.1 image on the device:
|
Field-Programmable Gate Array Version Upgrade
A field-programmable gate array (FPGA) is a type of programmable memory device that exists on Cisco switches. They are re-configurable logic circuits that enable the creation of specific and dedicated functions.
To check the current FPGA version, enter the show firmware version all command in IOS mode or the version -v command in ROMMON mode.
Note |
|
Licensing
This section provides information about the licensing packages for features available on Cisco Catalyst 9000 Series Switches.
License Levels
The software features available on Cisco Catalyst 9600 Series Switches fall under these base or add-on license levels.
Base Licenses
-
Network Advantage
Add-On Licenses
Add-On Licenses require a Network Essentials or Network Advantage as a pre-requisite. The features available with add-on license levels provide Cisco innovations on the switch, as well as on the Cisco Digital Network Architecture Center (Cisco DNA Center).
-
DNA Advantage
To find information about platform support and to know which license levels a feature is available with, use Cisco Feature Navigator. To access Cisco Feature Navigator, go to https://cfnng.cisco.com. An account on cisco.com is not required.
Available Licensing Models and Configuration Information
-
Cisco IOS XE Gibraltar 16.11.1 to Cisco IOS XE Amsterdam 17.3.1: Smart Licensing is the default and the only supported method to manage licenses.
In the software configuration guide of the required release, see System Management → Configuring Smart Licensing.
-
Cisco IOS XE Amsterdam 17.3.2a and later: Smart Licensing Using Policy, which is an enhanced version of Smart Licensing, is the default and the only supported method to manage licenses.
In the software configuration guide of the required release (17.3.x onwards), see System Management → Smart Licensing Using Policy.
For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.
License Levels - Usage Guidelines
-
The duration or term for which a purchased license is valid:
Smart Licensing Using Policy
Smart Licensing
-
Perpetual: There is no expiration date for such a license.
-
Subscription: The license is valid only until a certain date (for a three, five, or seven year period).
-
Permanent: for a license level, and without an expiration date.
-
Term: for a license level, and for a three, five, or seven year period.
-
Evaluation: a license that is not registered.
-
-
Base licenses (Network-Advantage) are ordered and fulfilled only with a perpetual or permanent license type.
-
Add-on licenses (DNA Advantage) are ordered and fulfilled only with a subscription or term license type.
-
An add-on license level is included when you choose a network license level. If you use DNA features, renew the license before term expiry, to continue using it, or deactivate the add-on license and then reload the switch to continue operating with the base license capabilities.
-
Evaluation licenses cannot be ordered. They are not tracked via Cisco Smart Software Manager and expire after a 90-day period. Evaluation licenses can be used only once on the switch and cannot be regenerated. Warning system messages about an evaluation license expiry are generated only 275 days after expiration and every week thereafter. An expired evaluation license cannot be reactivated after reload. This applies only to Smart Licensing. The notion of evaluation licenses does not apply to Smart Licensing Using Policy.
Scaling Guidelines
For information about feature scaling guidelines, see the Cisco Catalyst 9600 Series Switches datasheets at:
Limitations and Restrictions
-
Auto negotiation: The SFP+ interface (TenGigabitEthernet0/1) on the Ethernet management port with a 1G transceiver does not support auto negotiation.
-
Control Plane Policing (CoPP)—The show run command does not display information about classes configured under
system-cpp policy
, when they are left at default values. Use the show policy-map system-cpp-policy or the show policy-map control-plane commands in privileged EXEC mode instead. -
Convergence: During SSO, a higher convergence time is observed while removing the active supervisor module installed in slot 3 of a C9606R chassis.
-
Hardware Limitations — Optics:
-
Installation restriction for C9600-LC-24C linecard with CVR-QSFP-SFP10G adapter —This adapter must not be installed on an even numbered port where the corresponding odd numbered port is configured as 40GE port. For example, if port 1 is configured as 40GE, CVR-QSFP-SFP10G must not be installed in port 2.
Installation restriction for C9600-LC-24C linecard with CVR-QSFP-SFP10G adapter — If you insert a 40-Gigabit Ethernet Transceiver Module to odd numbered port, the corresponding even numbered port does not work with CVR-QSFP-SFP10G adapter.
-
GLC-T and GLC-TE operating at 10/100Mbps speed are not supported with Cisco QSA Module (CVR-QSFP-SFP10G).
-
SFP-10G-T-X supports 100Mbps/1G/10G speeds based on auto negotiation with the peer device. You cannot force speed settings from the transceiver.
-
-
Hardware Limitations — Power Supply Modules:
-
Input voltage for AC power supply modules—All AC-input power supply modules in the chassis must have the same AC-input voltage level.
-
Using power supply modules of different types—When mixing AC-input and DC-input power supplies, the AC-input voltage level must be 220 VAC.
-
-
In-Service Software Upgrade (ISSU)
-
While ISSU allows you to perform upgrades with zero downtime, we recommend you to do so during a maintenance window only.
-
If a new feature introduced in a software release requires a change in configuration, the feature should not be enabled during ISSU.
-
If a feature is not available in the downgraded version of a software image, the feature should be disabled before initiating ISSU.
-
-
QoS restrictions
-
When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
-
Policing and marking policy on sub interfaces is supported.
-
Marking policy on switched virtual interfaces (SVI) is supported.
-
QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
-
-
Secure Shell (SSH)
-
Use SSH Version 2. SSH Version 1 is not supported.
-
When the device is running SCP and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.
Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can show as much as 40 or 50 percent CPU usage, but they do not cause the device to shutdown.
-
-
Smart Licensing Using Policy: Starting with Cisco IOS XE Amsterdam 17.3.2a, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.
The licensing utilities and user interfaces that are affected by this limitation include only the following: Cisco Smart Software Manager (CSSM), Cisco Smart License Utility (CSLU), and Smart Software Manager On-Prem (SSM On-Prem).
-
TACACS legacy command: Do not configure the legacy tacacs-server host command; this command is deprecated. If the software version running on your device is Cisco IOS XE Gibraltar 16.12.2 or a later release, using the legacy command can cause authentication failures. Use the tacacs server command in global configuration mode.
-
USB Authentication—When you connect a Cisco USB drive to the switch, the switch tries to authenticate the drive against an existing encrypted preshared key. Since the USB drive does not send a key for authentication, the following message is displayed on the console when you enter password encryption aes command:
Device(config)# password encryption aes Master key change notification called without new or old key
-
MACsec is not supported on Software-Defined Access deployments.
-
VLAN Restriction—It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
-
YANG data modeling limitation—A maximum of 20 simultaneous NETCONF sessions are supported.
-
Embedded Event Manager—Identity event detector is not supported on Embedded Event Manager.
-
On the Cisco Catalyst 9600 Series Supervisor 2 Module, TCAM space will not be reserved for different features. The available TCAM space will be shared across the features.
-
The File System Check (fsck) utility is not supported in install mode.
Caveats
Caveats describe unexpected behavior in Cisco IOS-XE releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats in Cisco IOS XE Cupertino 17.7.x
There are no open caveats in this release.
Resolved Caveats in Cisco IOS XE Cupertino 17.7.1
Identifier |
Description |
---|---|
SVL Hung - CPU HOG by Process - "Crimson Flush Transaction" |
|
Wrong values for transceivers (DOM) in Cat9k Core switches |
|
1 Gigabit Fiber SFPs may not link up in C9600-LC-48YL module |
|
Cat9k may experience an unexpected reboot with Critical process fed fault on fp_0_0 |
|
%CRIMSON-3-DATABASE_MEMLEAK: Database memory leak detected in /tmp/rp/tdldb/0/IOS_PRIV_OPER_DB |
|
Multicast packets replicates twice after redundant switch take power off |
|
Cat9600 silent reload due to CpuCatastrophicError |
|
IOSd crashes with system buffer pool corruption |
|
SNMP: ifHCInOctets - snmpwalk on sub-interface octet counter does not increase |
|
SNMP: sub-interface octet counter reports wrong value |
|
Cat9k Switch may see Multicast traffic loss triggered by IGMP Join received on Mcast source port. |
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
https://www.cisco.com/en/US/support/index.html
Go to Product Support and select your product from the list or enter the name of your product. Look under Troubleshoot and Alerts, to find information for the problem that you are experiencing.
Related Documentation
Information about Cisco IOS XE at this URL: https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html
All support documentation for Cisco Catalyst 9600 Series Switches is at this URL: https://www.cisco.com/c/en/us/support/switches/catalyst-9600-series-switches/tsd-products-support-series-home.html
Cisco Validated Designs documents at this URL: https://www.cisco.com/go/designzone
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: https://cfnng.cisco.com/mibs
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.