Showing results for 
Search instead for 
Did you mean: 

Cisco IOS-XE 17.6.1 Switching Release – What’s New?

Cisco Employee

Cisco recently announced availability of the latest release on the IOS-XE train IOS-XE 17.6.1. This release is the newest Extended Maintenance release on the Catalyst 9000 platforms, which will be supported for lifetime of 36 months. The EMR release would provide multiple rebuilds providing fixes for defects and PSIRT. 


Screenshot 2021-08-04 at 10.53.01 PM.png


Availability of IOS-XE 17.6.1 continues to evolve our Catalyst 9000 portfolio and delivers multiple key features across Platform Infrastructure, Security, High Availability, and Network Solutions, extending Intent Based Networking (IBN) for Enterprise Campus.


Extending Intent Based Networking 

In this release, features across Zero-Trust, Flexible Architectures, and Platform infrastructure were delivered. Here’s some of the key features introduced in this release.


                                                             IOS-XE 17.6.1 Key Feature’s Summary

Screenshot 2021-08-05 at 12.32.40 AM.png

Zero Trust

We continue to evolve our Zero-Trust framework by adding enhancements for various features to achieve a stronger overall network Solution. One of the enhancement is with Radsec CoA(Change of Authorization) for Secure Radius Cloud Network Access Control.

RADIUS over TLS is a key solution supported on Catalyst 9000 switches to provide secure communication between Network Access Switch and RADIUS which runs on cloud or require extra level of security for the transport. With this release, RADSEC CoA transmission and reception can now be achieved on the same Authentication channel, allowing client’s to fetch the updated policies over the same the Authentication channel.


Flexible Architecture

MPLS has been enterprise grade solution for secure segmentation in campus from Access to WAN. With IOS-XE 17.6.1 we now introduced MPLS traffic engineering to accomplish number of goals like optimal bandwidth utilization, Capacity planning and congestion avoidance/handling in MPLS domain.

MPLS TE works by learning about the topology and resources available in a network. It then maps the traffic flows to a particular path based on the resources that the traffic flow requires and the available resources. MPLS TE builds unidirectional tunnels from a source to the destination in the form of LSPs, which is then used for forwarding traffic.Below are the steps MPLS TE take into account for Path computation:

Screenshot 2021-08-04 at 10.57.51 PM.png

With IOS-XE 17.6.1, MPLS TE Phase I the catalyst 9000 series switches are capable of supporting Explicit/Dynamic path with RSVP TE Label allocation and specific bandwidth. The tunnel forwarding options are based on Static or Autoroute Announce for PE-PE, P-P or PE-P tunnels with tunnel reoptimization support.


VRRP is a desired solution for customers to accomplish routing path reliability and eliminate single point of failure. With 17.6.1 VRRPv3 Stateful switchover support have been added for Catalyst 9300 Stackwise,9400 and 9600 with redundant Supervisors. VRRPv3 SSO helps to synchronize VRRP state information between redundant Supervisor/Switch so that the redundant Supervisor/Switch can continue the network’s activities or maintain the Active VRRP state within the VRRP group during and after a switchover. SSO mode also maintains VRRP state machine while redundant Supervisor/Switch running different version’s during ISSU ensuring minimal or no packet loss.


With this release we have also added couple of enhancement to elevate NAT infrastructure. All Enhanced NAT sessions can now be monitored using 5 tuple Netflow session data which provide ease of monitoring and troubleshooting. 

Screenshot 2021-08-04 at 10.59.06 PM.png

Along with Enhanced NAT session monitoring, the support for Static NAT precedence over dynamic NAT is also added with this release. In case of overlapping Static and Dynamic NAT configuration/ip subnets Static NAT is designed to take precedence to provide constant mapping between the inside local and global addresses.


Platform & Infra

With IOS-XE 17.6.1, Application Hosting is supported on Catalyst 9300X platform. The Catalyst 9300X switches (12 and 24 Port SFP28) are the latest addition to Catalyst 9300 family which are based on UADP 2.5sec ASIC adding line rate for crypto ideal for secure cloud connectivity. These switches are equipped with Enhanced Application Hosting infrastructure with 2 X 10G Appgigabit ports and increased RAM /vCPU. This enables switches to support Multiple docker Applications which can use separate Appgig interfaces per docker Application. Appgigabit interfaces can also be leveraged to provide application level traffic segmentation (management/data traffic) and increased bandwidth for a single docker Application.

Container application Auto transfer from Flash to SSD is also added with this release which essentially help to seamlessly transfer Application persistent data and volumes from flash to SSD upon media change.  This is helpful for customers upgrading to ThousandEyes 4.0 agent to run page/transaction load test to seamlessly transfer TE Application from Flash to SSD.


The ThousandEyes 4.0 Version agent capable of supporting BrowserBot is now available for Catalyst 9000 Platform. The BrowserBot is a component of the agent code that manages the page load and transaction-based tests. Now with ThousandEyes 4.0 version agent integration the Catalyst 9000 are capable of running all the tests to bring actionable visibility from each and every application over the network.

Screenshot 2021-08-04 at 11.33.03 PM.png


Bonjour continues to gain popularity with more than 1800+ production deployments with our customers. With 17.6.1 mDNS SSO is supported both at the SDG and Service-Peer level for Bonjour Solution which essentially provide a way to manage continuous queries in case of planned/unplanned switchover to prevent any impact on the services. Along with this we now support FHRP for Service peer to provide redundancy and resiliency in event of Primary SDG failure.


In Programmability and Automation, support for the NETCONF API from Guest Shell has been added which ensures that the NETCONF API is accessible from within the Guest Shell container. This enables ZTP at Day 0 to programmatically configure and manage the device using CLI and YANG RPC’s which provides more flexibility and operational efficiency when onboarding. 

Screenshot 2021-08-04 at 11.26.45 PM.png


New optics support has also been added for C9300X,C9500H and 9600 platforms which are listed in the release notes of individual switches. For complete list of features and other specific inclusions please do check out the release notes below:




What’s next?

IOS-XE 17.7.1 will be a Standard Maintenance release and is targeted for release in November of 2021. Stay tuned for our next software release update.