Important notes

• After upgrading to IOS XE, downgrading to any CS version via the dashboard is restricted - a factory reset may be required and support assistance will be necessary. Please consider this before upgrading your network to Cloud Management with IOS XE. Learn more - http://cs.co/9002xhAan
• Please review the list of supported models with minimum firmware support versions (http://cs.co/90017Wj55) before proceeding with the upgrade. Attempting to convert unsupported models such as C9500X may result in an unusable switch.
• Stacking Limit for C9200L series models: C9200L series models support stacking configurations of up to 5 members. Please ensure your stacks for these models adhere to this limit. Exceeding 5 members may lead to unexpected behavior. This will be resolved in a future release.
• Switch Templates with bound networks won’t be able to directly upgrade from CS firmware to IOS XE firmware. The recommendation is to unbind and migrate networks independently rebinding into IOS XE switch template.
• After upgrading from CS to IOS XE please allow at least 30 minutes for configuration to be marked safe. Rebooting/reloading within 30 minutes of upgrading may cause the switchports to revert to default configuration

Cloud management with ios xe overview

• Since the introduction of Cloud Management with IOS XE 17.15, users enjoy faster boot and initialization, a Cloud CLI Terminal for running troubleshooting commands directly from the dashboard, and a new generation of features powered by advanced IOS-XE capabilities!
• The new 17.18 release brings cloud management to more switch platforms, including the C9200, C9300, and C9500 high performance families. It also unlocks more powerful IOS XE features like advanced routing, high availability, and expanded cloud-powered value, so you can manage a seamless, secure, and scalable network from access to core, all within one intuitive dashboard.
• Improved firmware upgrade flow, featuring enhanced pre-flight and in-flight checks and real-time visibility, allows users to easily monitor and manage the upgrade status of cloud-managed IOS XE switches for a more seamless and reliable update experience.
• CS17 is a prerequisite before initiating an upgrade to cloud management with IOS XE 17.15+.

Release highlights

• In this release, we are excited to bring in additional powerful features and troubleshooting capabilities. Below are the key highlights:
• Enhanced Resiliency: In addition to UAC Auto Fallback introduced in IOS XE 17.15.4.1, this release adds the UAC Allow List feature, allowing you to specify which interfaces are used for uplink selection - opt in via Early Access.
• Enhanced Resiliency: Warm Spare (VRRP) is now supported on cloud-managed Catalyst switches, enabling two Layer 3 switches to serve as redundant gateways for seamless failover and improved network reliability.
• Advanced management capabilities: Configuring the VLAN database on the Local Status Page (LSP) allows quick, on-site VLAN management for faster troubleshooting and increased operational flexibility.
• Advanced management capabilities: SmartPort automation (early access - coming soon) simplifies and accelerates port configuration by dynamically applying the appropriate profiles to switch ports based on device detection, ensuring consistency and reducing the risk of errors.
• Advanced management capabilities: Virtual Routing and Forwarding (VRF) enhancements: VRF traceroute and the Multicast Live Tool enable fast, accurate troubleshooting and real-time monitoring of network paths and multicast activity for enhanced network visibility and performance.
• Cloud EVPN Fabric: provides the simplicity of a unified layer 2 network combined with the stability, speed, and scalability of layer 3 routing, all easily managed from the cloud with minimal manual configuration.

Before you upgrade or migrate: key considerations

• Please refer to the documentation to review key considerations: https://documentation.meraki.com/Switching/Cloud_Management_with_IOS_XE/Product_Information/Overview...
• Please refer to the documentation to familiarize yourself with management interface architecture changes. https://documentation.meraki.com/MS/Cloud-Native_IOS_XE/Cloud-Native_IOS_XE_Overview#Changes_in_Beha...
• After migrating CLI/DNA managed switches to cloud configuration source, please note that console and SSH access are no longer available. All management access is only available via the cloud Dashboard or the local status page through the rear management port.
• Downgrades from Cloud Management with IOS XE to any prior CS firmware via the dashboard is restricted.
• Catalyst devices need ICMP ping connectivity to several destinations to test uplink connectivity to the dashboard. For successful upgrades and continued connectivity post-upgrade, ensure that outbound ICMP pings from Catalyst devices are permitted to the following destinations: config-2037.meraki.com, catalyst.meraki.com, google.com, 8.8.8.8 (Google DNS) and 2001:4860:4860::8888 (Google DNS)
• For successful upgrades and continued connectivity post-upgrade, resolve all alerts on the Organization > Alerts page that are associated with the switches being upgraded.
• Resolve “Bad IP assignment” and “VLAN mismatch” alerts on the uplink interfaces, and stacking related alerts such as “Misconfigured Switch”, “Unconfigured Switch” and “Switch Not Connected to Stack” to ensure a successful upgrade.
• Layer 3 switches cannot run DHCP servers on uplink interfaces with IOS XE 17.15+. Post-upgrade, Interfaces with both Preferred Uplink and DHCP server configurations will have the DHCP server configuration disabled on that interface.
• Switches using the Alternative Management Interface (AMI) will require an L3 SVI to be configured for the same VLAN assigned to AMI. For AMI to work, your network must have AMI configured and your switch must have an SVI configured matching that AMI VLAN.
• After upgrading from CS to Cloud Management with IOS XE firmware, port mirroring configurations on module ports will not be retained. Users will need to reconfigure port mirroring on module ports following the upgrade.
• UDLD now uses Cisco UDLD Aggressive mode on fiber ports and will not be enabled on copper interfaces. Please see documentation for more details
• A safe timer has been added to prevent unexpected device failures caused by configuration changes during upgrades. This may increase the total upgrade time by approximately 30 minutes.
• Monitoring, Radius Caching, Intelligent Capture Scheduling , SmartPort- Profiles, Encrypted Traffic Analytics (ETA), Detailed Traffic Analytics (on trunk ports, port channels, and uplink modules), UAC fall back, UAC allow list, and VLAN to SGT mapping. Certain fields in NetFlow exporters are not supported.

Share your post-upgrade feedback!

• We value your feedback on our latest release! Please take a moment to complete this brief 5-minute survey http://cs.co/9001fpIhR and share your experience with us.

Known issues

• Moving switches between organizations with Adaptive Policy configured will cause configuration fetch failures.
• Switches may experience a loss of dashboard connectivity if IPv4 connectivity is lost despite having IPv6 configured as a candidate uplink. Configure IPv4 or IPv6 exclusively as a workaround.
• Initial attempt to upload the switch’s running configuration may fail. A second attempt will be made in 5 minutes and should succeed.
• SmartPort Automation ARP rate limit is not part of run-config and showing under derived-config
• If a SmartPort RADIUS profile template length exceeds 40 characters, it will cause configuration fetch failure. Keep template length to 40 characters or less.
• SmartPort Automations may fail to apply if the class-map, policy-map, device classifier do not meet IOS XE length requirements.
• SmartPorts Automation LLDP matching criteria containing spaces causes configuration fetch failures. Avoid spaces in LLDP matching criteria or use a single word with wildcard (*) instead.
• CFLOW data may be missing when capturing packets from the uplink port
• Client devices that don’t support link auto-negotiation may cause their connected Port to show as disconnected on Dashboard

C9350 known issues

• C9350s running IOS XE 17.18 will use MST instance 0 if RPVST+ is configured. Rapid PVST+ support for C9350s will be added in IOS XE 26.1.1
• Adding a new member running 17.18.1 to a C9350 stack running 17.18.2 will cause the switch to fail requiring a replacement. When adding a new member to a C9350 stack running 17.18.2, please ensure the new member is upgraded to 17.18.2 before adding it to the stack. Alternatively, follow Cisco stacking best practices and power down the stack before adding the new member. http://cs.co/9006CuCs6

Fixed issues

• Resolved an SNMP Denial of Service and Remote Code Execution vulnerability affecting Cisco IOS and IOS XE Software.
• Configuring a fixed IP assignment via DHCP that overlaps with an existing lease causes a reboot of the standby stack member
• Modifying the default DSCP-to-COS Mappings in the Quality of Service section of Switch settings results in errors. Networks that use non-default DSCP-to-COS Mappings may fail to correctly upgrade from CS 17 and earlier firmware versions.
• SNMPv3 only supports AES 256 and will be reconfigured as part of your transition to IOS XE 17.1X
• Client tracking is not available on ports at 10G or faster
• Attempting to create a DHCP server using DHCP option 135 (DNS Suffix) with hex value greater than 180 characters results in an error
• Device uptime for stack members incorrectly displays the stack active device’s uptime instead of the member device’s uptime
• Switch configuration is cleared after an immediate reboot following an upgrade from CS firmware to IOS XE firmware, causing the upstream Port-channel to enter a suspended state.
• Modifying the default DSCP-to-COS Mappings in the Quality of Service section of Switch settings results in errors. Networks that use non-default DSCP-to-COS Mappings may fail to correctly upgrade from CS 17 and earlier firmware versions.
• Adding an additional Fixed IP address or DHCP reserve range that is contiguous with an existing Fixed IP address or DHCP reserve range will result in configuration update errors
• The ARP table in Live Tools is incorrectly limited to a single page, showing only a partial list of ARP entries for both Default and custom VRFs.
• C9200L supports 1 VRF. To update an existing VRF please remove the existing VRF before creating a new one.
• Overlapping DHCP pools cause configuration generation errors if VRFs are not configured first. Configure VRF prior to DHCP pool configuration.

Transitioning from cs to ios xe 17.18: unsupported features

• The following CS features are not supported in this release:
• Sticky MAC
• Gov(Federal), Canada, China, or India Cloud
• Port mirroring (SPAN) configuration will need to be reconfigured post upgrade
• Certain features will be added to the IOS XE versions in future releases. Refer to the cloud management with IOS XE documentation for further details: http://cs.co/9001Q4ALF