Cisco recently announced availability of the latest release on the IOS-XE train – IOS-XE Gibraltar 17.4.1. This is a standard maintenance release supporting Switching, Wireless, SP-Access, Routing as well as IOT platforms with a sustaining support lifetime of 12 months and two scheduled rebuilds. A unified software release for Enterprise Networking, it adds support for new software features on the existing platforms and also introduces support for new platforms across the various EN technology areas.
While 17.4 spans the breadth of the EN products, here we are going to focus specifically on all that the software release brings in for Catalyst Switching.
Extending Intent Based Networking
Availability of IOS-XE 17.4.1 for Catalyst Switches continues our journey to building Intent-based Networking through introduction of key software features and exciting innovations on Catalyst 9200, 9300, 9400, 9500 and 9600 Series Switches. With these key innovations delivered on our platform, we are able to deliver value and experience that our customers desire.
In this release, features across Zero-Trust, Flexible Architectures, and Platform infrastructure are delivered. Here’s some of the key features introduced on this release.
We can use RADIUS over TLS to provide secure communication between Network Access Switch and RADIUS which runs on cloud or require extra level of security for the transport. RADIUS over TLS wraps the entire RADIUS packet payload into a TLS stream and thus mitigates during in transport and prevents man in the middle of attacks. The most important use of this specification lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks.
With this release, We are also expanding the Self Inspection Capabilities to check the health of hardware components and verify proper operation of the system data plane and control plane at run-time and boot-time.
A custom SDM template will allow the user to customize the feature resources based on user requirements and not the location of the device in the network. With Cisco IOS XE 17.3.1 release, users were able to configure a custom SDM template for Forwarding Information Base (FIB) resources like mac-addresses, routes and Netflow etc. Starting with Cisco IOS XE 17.4.1 release, users can now configure a custom SDM template for Access Control List (ACL) resources based on the network requirements.
A Customizable SDM template supports the following ACL features:
• Ingress Access Control List (ACL)
• Egress ACL
• Ingress Quality of Service (QoS)
• Egress QoS
• Netflow ACL
• Policy Based Routing (PBR)/ Network Address Translation (NAT)
• Locator/ID Separation Protocol (LISP)
There is a new enhancement in BGP-EVPN fabric as well, Private VLAN interworking is now supported with primary and secondary VLANs within the EVPN Fabric. Ports within community VLAN can communicate with each other across the fabric over Layer 3 Network but cannot communicate with ports in other community VLANs. This enhancement will allow users to seamlessly migrate from traditional networks based off Private VLAN to EVPN fabric without any major network uplift.
The release also introduces new capabilities in Smart Licensing using Policy (SLP) to address customer pain points by streamlining the licensing process. Starting IOS-XE 17.4.1 and 17.3.2, Catalyst 9000 family will be using “Smart Licensing using Policy” as the new licensing model. This replaces the existing Smart Licensing model. All devices will now boot with the license “In-use” regardless of reporting.
Additionally, changes have been made to the ordering process to ensure that prior to a new device reaching the customer, reporting to the CSSM is performed by Cisco thus eliminating any day 0 operational overheads on the customer side. Finally, an easy reporting option has been provided with the introduction of a new tool, CSLU regardless if the PI is in a network which can communicate with the CSSM or if it’s in an air-gapped network.
With this feature enhancement, Customers will get benefits as follow:
Network operations is never impacted by any license operation
Connectivity of the device to the internet is not required
License compliance is managed on-change versus acquire before use
Factory shipped perpetual licenses are reported at factory.
Backwards compatible with SL
For Device Programmability, We are also providing new data structures in YANG models as below :
Telemetry support for TCAM utilization on standalone switch,
Cisco-IOS-XE-hsrp-events YANG Module,
Cisco-IOS-XE-isis-oper.YANG module and
In additional, total number of EtherChannel in the Catalyst 9600 switches has been expanded to 192 from 128.
Finally, Support for new optics has also been added for C9500H/C9600 platforms including 10G copper optic and all other features can be found in the platform specific IOS-XE 17.4 release notes, links to which are provided below:
IOS-XE 17.5.1, the next standard maintenance release, is targeted for release in March/April 2021. Features that have been planned for this release including key feature development on Wired Assurance, SDA, BGP-EVPN and OpenFlow as well as HA, Security, App Hosting and Platform infra support to help customers reduce cost and complexity. Stay tuned for our next software release updates!
I am a bit confused the CCNP ENCORE 350 book seems to include bot the CCNP and CCIE descriptions on both the cover and inside flap. The book cover clearly says CCNP and CCIE Enterprise Core. The inside page under intro mentions: "CCNP candidates need to t...
Can you SSH to a broadcast address? For example, is it possible to SSH to 10.0.1.15 that's falling inside 10.0.1.0/28 subnet as a broadcast address? or it makes sense to SSH to a router with an IP adds that's considered to be a "Host" IP adds?
Hello!Its been hours since I'm on this so I came to see if anyone knew better. I'm trying to ping an host on another network but every time I do i get a request time out. I tried with different routing but the problem doesn't seem to lie there. I put the ...
Has anyone got Cisco Nexus 9000v to run on Vsphere 7.x? I can't seem to get Nexus 9000v 9.3 to run on ESXi 7.02. The image appears to boot but stops with 'Boot Time <date time> as the last line displayed on the console. I have gotte...