---

@TW80CJ5 wrote:
I need to be able to downgrade to 16.12.05. 

---

OMfG.  Why???

Hahaha!!!!!!!!!!…what’s so bad about 16.12.5??????????

Well, currently we are using our switches to serve time. We are also required to have them in FIPS mode.

17.3.4 in FIPS mode eliminates md5 as an NTP Authentication algo as well as SHA1.  Our other devices can support up to SHA1. So unless we want to change our entire NTP architecture, we need to revert back to 16.12.05 which supports MD5 in FIPS mode.

---

@TW80CJ5 wrote:

Hahaha!!!!!!!!!!…what’s so bad about 16.12.5??????????

---

1.  16.12.5 was so bad the developers had to "re-build" this version to 16.12.5b two months after the release.  And I am not talking about 16.12.5 for switches.  I am talking about all platforms that use IOS-XE, this means routers, switches, etc.  

2.  In my experience (based on the amount of TAC Cases I have for 16.12.X), anything above 16.12.4 is a "no go zone" for us.  

NOTE:  We have just started testing 16.12.6.

In my personal opinion, 16.12.X is a train that keeps me awake all night.  

Leo...

I certainly value your opinion and will adjust accordingly.

Do you know if 16.12.6 supports MD5 in FIPS mode?  I will start testing that on Monday...

We have been fortunate to not have had problems with 16.12.05 in our other switch stacks...

---

@TW80CJ5 wrote:

Do you know if 16.12.6 supports MD5 in FIPS mode?

---

I cannot answer that because I do not use FIPS. 

---

@TW80CJ5 wrote:

We have been fortunate to not have had problems with 16.12.05 in our other switch stacks...

---

Please let me share this very useful command with everyone: 

sh platform software status control-processor brief

Use this command as often as possible.  Get used to this command.  Get acquainted with this command.  
The output does not require anyone to have a PhD or a Nobel Peace Prize winner.   

Anyone running 16.12.X with 3650/3850 needs to regularly check the CPU and memory levels after 3 weeks of every reboot/power up & crash.  

Anyone running 16.12.X with Catalyst 9300/9300L, 9500 or ISR 1000 (vanilla and High Performance) needs to regularly check the CPU and memory levels after 2 months of every reboot/power up & crash.

NOTE:  I cannot say anything about the 9200/9200L because I do not have any, however, because the 9200/9200L has the same "performance" as the 3650/3850.

When the "Used" CPU &/or "Used" Memory level hits 70% (and over), get ready.

Outstanding information to know!!!

Thank you for your tutalage. I will post back on Monday to see what 16.12.6 supports in FIPS and perhaps an output of my new favorite command during the morning coffee routine...sh platform software status control-processor brief

Thanks again Leo!

Happy to help. 

Y'know what will make me happier?  Prove me wrong.  

Prove me wrong that 16.12.X is stable after prolong use.  

Good Morning Leo...

Please see the attached for a couple of screenshots of my 9300s that have 16.12.05 installed. There appears to be an issue..."critical software exception"

We will be working toward testing 16.12.06 on our lab switches as well.

---

@TW80CJ5 wrote:

Please see the attached for a couple of screenshots of my 9300s that have 16.12.05 installed. There appears to be an issue..."critical software exception"

---

Post the complete output to the following commands: 

• dir flash-1:
• dir flash-1:core
• dir flash-3:
• dir flash-3:core
• dir crashinfo-1:
• dir crashinfo-3:
• sh log on switch 1 uptime detail
• sh log on switch 3 uptime detail
• sh switch details

NOTE:  Please do not post screenshots.

Hey Leo!!!

Sorry for the delayed reply. I have been unavailable...and my bad about the screenshot.

See the attached log file. Any information would be greatly appreciated.

And FYI, 16.12.6 in fips mode supports MD5 for NTP authentication...

Also, in order for me to downgrade the IOS on another switch to 16.12.6, I performed the follwing:

1. I placed the 16.12.6 bin file on each switch flash

2. I broke the stack by removing the stacking cables.

3. Powered off Member switch.

4. I removed the package.conf from sh boot system flash bootflash:packages.conf and updated it to the 16.12.6 filename.bin file

5. Wr me and reload

6.  After reload, I ran the install activate commit filename.bin to change to isntall mode.

7. Verified packages.conf was listed on sh boot

8. Ran file cleanup

9. Wr me and power off Master Switch.

10. Power on Member Switch and do steps 4-9.

11. Connect the stacking cables while both switches are powered off.

12. Power on Master Switch. I waited 15 seconds and powered on Member.

13. Verified stack and boot file. Done!

---

@TW80CJ5 wrote:

21  -rw-         38790978  Oct 11 2021 06:11:28 +00:00  system-report_1_20211011-061126-UTC.tar.gz

---

Can you share this file so I can have a look if the reason for the instability is in it?

Leo....See the attached. I was following up and noticed my last post with the information is missing. 

Sorry for the delay, I thought it was here. The site is not allowing me to upload the other file.