Showing results for 
Search instead for 
Did you mean: 

Cisco IOS-XE 17.1.1 – Catalyst Switching Updates

Raj Kumar Goli
Cisco Employee

IOS-XE 17.1.1

Cisco has announced the availability of the latest IOS-XE release - IOS-XE Amsterdam 17.1. This release IOS-XE 17.1 is a Standard Maintenance Release which has a sustaining lifetime of 12 months with a Restricted build and a PSIRT build. IOS-XE 17.1.1 delivers new platforms along with multiple key Infra, Security, High Availability, Routing and MPLS features extending Intent Based Networking (IBN).

Catalyst 9000 Family– One Operating System (Open IOS-XE)


Catalyst 9000 Family switches run common UADP (Unified Access Data Plane) ASIC and Open IOS-XE software which makes it possible run same IOS-XE binary file on Catalyst 9300, 9400, 9500 and 9600 Series. This simplifies the life-cycle management of devices across your network. 9200 Series Switches run IOS-XE light binary file. Cisco IOS-XE 17.1.1 is supported across all the Catalyst 9000 Series switches.

Hardware Additions since 16.12.1

For environments/designs that need additional buffers (Media Distribution and IP Storage Networks) or larger forwarding and Feature TCAM (collapsed core), Cisco introduced Increased Scale platform in the 9300 Series Switches(9300-B). This platform has increased scale (double or more) and buffer (double) compared to the existing Catalyst 9300 switches.

9300-B SKU’s are available as 24 port mGig with UPOE and 24/48 port 1G UPOE variants. Minimum supported software version for 9300-B is 16.12.1.


Cisco Catalyst Multigigabit Technology delivers speeds above 1Gbps and up to 10Gbps on existing cable infrastructure. This technology can also support Power over Ethernet (PoE, PoE+, UPOE, UPOE+) without a need to install new electrical circuits to power the Access points or any end point that would require PoE. With 802.11ac Wave 2 and Wi-Fi 6, the need for higher speed has become a reality and the Catalyst 9000 Series switches have been designed to meet these demanding requirements. With IOS-XE 16.12.2, below new mGig/UPOE SKU’s have been added to the 9300L switches.

Below are the 9300L mGig/UPOE models

  • 24 ports UPOE with 8 mGig ports with an option of 4x10G or 2x40G fixed uplinks
  • 48 ports UPOE with 12 mGig ports with an option of 4x10G or 2x40G fixed uplinks


Hardware Additions with IOS-XE 17.1.1

With IOS-XE 17.1.1, a new line card “C9600-LC-48TX” has been introduced on Catalyst 9600 Series switches. This is a 48 port mGig non PoE Copper Line card with all ports supporting any speed ranging from 100Mbps to 10Gbps.


With IOS-XE 17.1.1, already existing Line card “C9600-LC-48YL” is now capable of supporting 1Gbps with supported optics.

Key Summary Features

Catalyst 9000 series switches continues to add key features that help drive the Intent based Networking. In this release, multiple features have been delivered across High Availability, Security, Routing and Segmentation along with New Hardware introductions.


Due to the Programmable and Open IOS-XE, Application Hosting on Catalyst 9000 switches is a reality. With 17.1.1 Application hosting has been extended to Catalyst 9400 Series switches. Native docker support expedites the pace at which Applications are developed without compromising Security and Simplicity. Starting with 17.1.1, Docker Applications can now be installed on the Catalyst 9400 Series switches seamlessly and managed by Cisco DNA Center. This makes the Life Cycle management of the Application easy.

Starting IOS-XE 17.1.1 Catalyst 9300 series switches now support Extended Fast Software upgrade that helps reduces the traffic downtime to less than 30 seconds during an upgrade or a switch reload. This is accomplished by decoupling the control and data plane. In addition to supporting this on standalone switches, the feature has been extended to Stacking environments as well.

Security is the one of the key pillars of any network. With IOS-XE 17.1.1, Umbrella integration has been extended to Catalyst 9300 Series switches. You can now host Cisco Umbrella agent directly on the Catalyst 9200 and 9300 Series switches that enables easy customization of DNS filtering policies to prevent BYOD, guest or corporate users from accessing malicious or inappropriate websites. With IOS-XE 17.1.1, the feature also supports traffic splitting and encrypt the DNA Query. NAT has been extended to Catalyst 9400 Series switches starting IOS-XE 17.1.1 which enables additional security by hiding the internal address space and also helps with conserving the IP pools.

MACsec is currently supported on all Catalyst 9000 Family switches. IOS-XE 17.1.1 is taking this further to extend the support on a MPLS PE (Multi-Protocol Label Switching) that is either originating or terminating a pseudowire. Catalyst 9000 switch acting as a PE can now transparently carry macsec frames from CE (Customer Edge) to CE creating as secure connection over the MPLS backbone. IOS-XE 17.1.1 also introduces the capability to send Encapsulated Remote Switched Port Analyzer (ERSPAN) traffic to an IPv6 Destination natively in IPv6. With this feature, you can now use ERSPAN on a network that is completely migrated to IPv6.

Policy Based Routing (PBR) on Catalyst 9600 series switches is vrf aware with IOS-XE 17.1.1. With PBR being vrf aware, you can now steer traffic between vrf’s or from Global to vrf and vice-versa based on the policies. Catalyst 9000 Series already support extending MPLS across AS’es with Inter-AS Option B. Now, with IOS-XE 17.1.1, this can be accomplished using Inter-AS Option A as well, where multiple sub-interfaces can be used on ASBR to extend the connectivity between different AS’es. IOS-XE 17.1.1 also brings the support of Flow Aware Transport (FAT) to Virtual Private Lan Service (VPLS) providing the flexibility of load-balancing VPLS traffic on multiple core interfaces. Starting with IOS-XE 17.1.1, multiple receivers in multiple VRF’s will now be able to access a single stream from a single Source PE using mVPN Extranet Feature.

BGP-EVPN, an overlay technology, provides next generation segmentation along with extending L2 over L3 on existing infrastructure. With IOS-XE 17.1.1, Tenant Routed Multicast is supported extending L3 Multicast across the Edge switches.

The support for new optics and other specific features can be found at individual Release note pages below.

IOS-XE 17.1.1 brings in some key features to the Catalyst 9000 switching Portfolio making the Catalyst 9000 Switching Family more feature rich and ready to meet future demands.

You can access the Cat9k GitHub Repository to browse through the examples on how you can use the Yang models or Ansible to automate various Network tasks. If you have an idea and a script that can automate the network, please do a git push to the repository!

1 Comment