There is a lot here, read carefully if you use these switches! Important notes After upgrading to Cloud Management with IOS XE 17.15 it is not possible to downgrade to any CS firmware via Dashboard. In order to downgrade to CS a factory reset may be required, and support assistance will be necessary. Please consider this before upgrading your network to Cloud Management with IOS XE. Learn more - http://cs.co/9002xhAan Please refer to the documentation to review upgrade/migration checklist and key considerations: https://documentation.meraki.com/Switching/Cloud_Management_with_IOS_XE/Product_Information/Overviews_and_Datasheets/Cloud_Management_with_IOS_XE_Overview#Before_You_Upgrade_or_Migrate:_Key_Considerations Stacking Limit for C9200L: C9200L series models support stacking configurations of up to 5 members. Please ensure your stacks for these models adhere to this limit. Exceeding 5 members may lead to unexpected behavior. This will be resolved in a future release. Switch Templates with bound networks cannot directly upgrade from CS firmware to IOS XE firmware. We recommend unbinding and migrating networks to IOS XE independently, and then rebinding into an IOS XE switch template. After upgrading from CS to IOS XE, ensure the upgrade process has fully completed before making any configuration changes or rebooting the switch. To confirm that it is safe to proceed, review the event log for successful completion messages or view the firmware upgrade completion status on the switch details page. Making changes or rebooting before the upgrade is complete may result in switchports reverting to their default configuration Client tracking is automatically enabled on switchports rated for 10Gbps and below Cloud management with ios xe overview Cloud management with IOS XE introduces a significant architectural shift from the previous container-based design to a cloud-native framework, unlocking benefits for your cloud-managed Cisco Catalyst switches, including the C9300-M, C9300L-M, C9300X-M, C9200L and MS390 families. These include faster boot and initialization performance, especially for stacks, and the start of a new generation of capabilities as we enable more underlying IOS XE capabilities, and a Cloud CLI Terminal that introduces the ability to run Show CLI commands directly from Dashboard! CS17 are prerequisites before initiating this upgrade. We do not recommend attempting to upgrade to IOS XE from other firmware versions. Release highlights In this release, we are excited to introduce several new enhancements and optimizations focused on improving performance, reliability, and user experience. The key highlights include: Stability and Reliability Improvements This release addresses a wide range of issues impacting dashboard connectivity, device configuration synchronization, stack stability, and cloud CLI functionality. These fixes contribute to a more robust platform and smoother operations. Uplink Auto-Configuration (UAC) Enhancements: Multiple improvements have been made to UAC for more reliable uplink interface selection and accurate management IP assignment. UAC now consistently selects the correct next hop IP and prioritizes the highest scoring interface for management connectivity. Instead of relying on PING probes, UAC now uses gateway ARP probes for uplink interface selection, aligning its behavior with MS and CS firmware versions. Additionally, UAC will automatically revert to the preferred uplink when gateway ARP probes are successful—previously, this required manual intervention. After a reboot, UAC will now always prioritize the preferred uplink interface, rather than defaulting to the last known uplink interface as in earlier versions. Key Improvements: More reliable uplink selection and IP management. Uses gateway ARP probes instead of PING for connectivity checks. Automatically reverts to the preferred uplink after successful ARP probe. Always prioritizes the preferred uplink after a reboot. Upgrade Time Optimizations: Numerous enhancements have been made to the CS to IOS XE upgrade process, significantly reducing upgrade times and optimizing firmware upgrade experience. These improvements ensure faster, more reliable upgrades with minimized downtime. Expanded Meraki regional cloud support for switches on IOS XE firmware: Cloud Management with IOS XE now available in Meraki India, China, and Canada regions. Please refer to the documentation to review key considerations: https://documentation.meraki.com/Switching/Cloud_Management_with_IOS_XE/Product_Information/Overviews_and_Datasheets/Cloud_Management_with_IOS_XE_Overview#Before_You_Upgrade_or_Migrate:_Key_Considerations Please refer to the documentation to familiarize yourself with management interface architecture changes. https://documentation.meraki.com/MS/Cloud-Native_IOS_XE/Cloud-Native_IOS_XE_Overview#Changes_in_Behavior For guidance with migrating L3 switches from CS to IOS XE firmware please refer to the detailed guidance here: https://documentation.meraki.com/Switching/Cloud_Management_with_IOS_XE/Install_and_Get_Started/Migrating_Switches_From_CS_Firmware_to_IOS_XE_Firmware?mt-draft=true After migrating CLI/DNA managed switches to cloud configuration source, please note that console and SSH access are no longer available. All management access is only available via the Dashboard or the local status page through the rear management port/front panel port. Downgrades from Cloud Management with IOS XE to any prior CS firmware via the Dashboard is restricted. Starting IOS XE 17.15.5, Catalyst devices no longer rely on ICMP ping connectivity upstream to test uplink connectivity to Dashboard. To ensure a successful upgrade and continued connectivity post-upgrade, resolve before the upgrade all alerts on the Organization > Alerts page that are associated with the switches being upgraded. Resolve “Bad IP assignment” and “VLAN mismatch” alerts on the uplink interfaces, and stacking related alerts such as “Misconfigured Switch”, “Unconfigured Switch” and “Switch Not Connected to Stack” to ensure a successful upgrade. Layer 3 switches cannot run DHCP servers on uplink interfaces with IOS XE 17.15+. Post-upgrade, Interfaces with both Preferred Uplink and DHCP server configurations will have the DHCP server configuration disabled on that interface. Switches using the Alternative Management Interface (AMI) will require an L3 SVI to be configured for the same VLAN assigned to AMI. For AMI to work, your network must have AMI configured and your switch must have an SVI configured matching that AMI VLAN. After upgrading from CS to Cloud Management with IOS XE firmware, port mirroring configurations on module ports will not be retained. Reconfigure port mirroring on module ports following the upgrade. Cloud-born Catalyst switches (-M) require Meraki licenses, with a 30-day grace period for onboarding to the Meraki Dashboard. Eligible migrated switches can use existing DNA licenses for cloud management until February 1, 2029 - no additional license migration or transfer required. Learn more: http://cs.co/9004hmri2 UDLD now uses Cisco UDLD Aggressive mode on fiber ports and will not be enabled on copper interfaces. Please see https://documentation.meraki.com/Switching/MS_-_Switches/Operate_and_Maintain/How-Tos/Unidirectional_Link_Detection_(UDLD) for more details. Before you upgrade or migrate: key considerations Known issues in 17.15.5 Changing the subnet mask is not allowed on DHCP server configuration when fixed IP assignments are also present. It is recommended to remove and reconfigure the DHCP server. The LAN IP configuration under the switch summary page may show DHCP instead of showing as a Static IP. This is a cosmetic issue, and is not functionally impacting. When RADIUS caching is enabled on an Access Policy and the switch is rebooted, connected MAB clients will fail authentication and remain stuck in an unauthorized state until a port bounce. The output of show uac uplink db does not show the complete IPv6 address. Some special characters such as backslashes in an SNMPv3 passphrase may lead to scenarios where any subsequent configuration changes cannot be pushed to the device. Please remove the invalid characters in the passphrase to resolve the issue. Switches may inaccurately send switch and IOS events via the syslog port configured for another role. A NM-2Y 25Gbps interface on C9300-48UXM connecting to Nexus 93180YC-EX fails to establish the link with default Meraki management config (FEC auto/25Gbps). Attempting to create a DHCP server using DHCP option 135 (DNS Suffix) with hex value greater than 180 characters results in an error Traceroute and MTR commands run from the dashboard tools page may intermittently return no results on Catalyst devices running IOS XE. Catalyst switches display the configuration status as 'Out of date' after a reboot was initiated from the dashboard MS390 dropping packets UDP fragmentation and path MTU In a very rare case scenario during switch boot-up, when the preferred link is down and a specific race condition is met between preferred link coming back up and connecitivity to cloud being established, C9200L switches in a stack may temporarily experience a configuration application failure. The system will automatically recover and apply the configuration within 2 hours. There may be some unexpected behaviors in mixed networks when configuring CS firmware devices in networks set to IOS XE 17.15, such as: Cloning of device configuration is not supported, and packet capture may fail on CS firmware devices Fixed issues in 17.15.5 Includes dashboard connectivity, device configuration push enhancements, stack configuration sync enhancements and various stability improvements Numerous enhancement and improvements in the CS to IOS XE upgrade process Firmware Upgrade improvements and optimizations Fixed an issue where UAC was using a different next hop IP than the one configured on the dashboard Fixed an issue where C9300 stack did not sync startup configuration after a dashboard reboot Fixed an issue where cloud CLI gets stuck upon issuing show ip http server all command Fixed an issue where cloud CLI terminal sessions get stuck when executing show ip http server all command Fixed an issue where config fetches on C9300 fail because the switch is using an invalid IP not present in UAC database Fixed an issue where “Cisco Meraki Cloud” hyperlink on the local status page page under switch details was failing to load Fixed an issue where accessing cloud CLI led to "Unable to establish a terminal connection" error Fixed an issue where rescheduling staged upgrades may cause the last group of switches to be canceled repeatedly Fixed an issue where the RADIUS server name exceeding the IOS Character limit led to an upgrade failure Resolved an issue where SNMP polling of the uplink MGMT SVI remained possible after enabling SNMP on the AMI interface. Resolved an issue where a Catalyst switch stack could become unresponsive or crash when acting as a DHCP relay and receiving DHCP server responses on port 68. Resolved an issue that prevented the Client Tracking Method from automatically updating to 'Locale' after upgrading from CS firmware to IOS XE firmware. Resolved an issue that prevented clients connected to Catalyst switches from being renamed, due to a "MAC can't be blank" error. Resolved an issue where the dashboard incorrectly displayed an alert stating "A power supply is offline" for slot B on the standby switch, even when no PSU was installed in that slot. Resolved an issue where the legacy UI did not support configuring a RADIUS server using an FQDN. Previously, if an FQDN was entered, the access policy would be saved without any RADIUS servers, leading to configuration retrieval issues. Resolved an issue where uplink auto-configuration (UAC) did not correctly prioritize the interface with the highest score as shown in the 'show uac uplink db' output for the management IP. Fixed an issue where enabling Adaptive Policy on a network may lead to a crash on C9300X switches. Fixed an issue requiring users to use the legacy Routing and DHCP page to configure new SVI interfaces on switches running CS firmware within networks operating on IOS XE 17.15 or newer. Resolved an issue in which the Critical Authentication Voice VLAN setting failed to apply when configuring and applying an access policy to a switchport, despite other configurations being applied successfully. Resolved an issue during migration from CS firmware to IOS XE that caused the DHCP option 61 (client identifier) configurations to fail. Resolved an issue where users were prevented from starting a new capture due to an 'existing pcap in progress' error. Resolved an issue that caused a 500 error when applying template access policies to interfaces. Fixed an issue where SAML administrators encountered a "Command failed to run. User doesn't have permission" error upon running any command from the 'Show CLI' tool dropdown menu. Resolved an issue preventing AAA accounting configuration from being applied to template-bound switches. Fixed an issue where CFLOW data may be missing when capturing packets from the uplink port Fixed an issue where download config failed on port-security with uplink ports Fixed an issue where uplink configuration details failed to show up on the left panel of switch details page. Fixed an issue where upgrading from CS to IOS XE firmware, inaccurately sets wrong preference for the default static route resulting in OSPF route being installed. Client devices that don’t support link auto-negotiation may cause their connected Port to show as disconnected on Dashboard Share your post-upgrade feedback! We value your feedback on our latest release! Please take a moment to complete this brief 5-minute survey (https://forms.office.com/r/eyh1BZWMZq) and share your experience with us. Supported models C9200L-24T-4X , C9200L-24P-4X, C9200L-48T-4X , C9200L-48P-4X , C9200L-48PL-4X , C9200L-24PXG-4X , C9200L-48PXG-4X , C9200L-24PXG-2Y , C9200L-48PXG-2Y , C9200L-24T-4G , C9200L-24P-4G , C9200L-48T-4G , C9200L-48P-4G , C9200L-48 PL-4G C9300-24T-M, C9300-24P-M, C9300-24U-M , C9300-24UX-M , C9300-48T-M , C9300-48P-M , C9300-48U-M , C9300-48UXM-M , C9300-48UN-M , C9300-24S-M, C9300-48S-M , C9300X-12Y-M, C9300X-24Y-M, C9300X-48HXN-M, C9300X-24HX-M, C9300X-48HX-M, C9300X-48TX-M, C9300L-24P-4X-M, C9300L-24T-4X-M, C9300L-24UXG-4X-M, C9300L-48P-4X-M, C9300L-48PF-4X-M, C9300L-48T-4X-M, C9300L-48UXG-4X-M, and the corresponding Catalyst switch SKUs for migration MS390-24-HW, MS390-24P-HW, MS390-24U-HW, MS390-24UX-HW, MS390-48-HW, MS390-48P-HW, MS390-48U-HW, MS390-48UX-HW, MS390-48UX2-HW Breakout Cables aren’t supported at this time. Transitioning from cs to ios xe 17.15: unsupported features The following CS features are not supported in this release: Sticky MAC Gov (Federal) Cloud Meraki Dashboard HTTP proxy Certain features will be added to the IOS XE versions in future releases. Refer to the Cloud Management with IOS XE documentation for further details: http://cs.co/9001Q4ALF
... View more
