Release Notes for Cisco Catalyst 8500 Series Edge Platforms, Release 17.18.1a
Release Overview
Cisco 17.18.1a is the first release for Cisco Catalyst 8500 Series Edge Platforms in the Cisco IOS XE 17.18.x release series.
Key Highlights
- Monitoring & Observability
- Cellular, IPv6, Voice, Virtualization
- SRv6 Enhancements
- Security and SASE enhancements
New Software Features
This section provides a brief description of the new software features introduced in this release.
| Product Impact | Feature | Description |
|---|---|---|
| Ease of Use | Hosted Edge Services for SD-Routing Devices | Cisco IOS XE 17.18.1a release supports deployment of IOx applications like Cyber Vision, Thousand Eyes, UTD on Cisco Catalyst SD-WAN Manager. A monitoring dashboard simplifies overseeing IOx container applications across devices. |
| Ease of Setup | Cisco Secure Routers Swim and Onboarding Tool | Introduces a tool to help customers upgrade and onboard autonomous hardware devices to cloud-hosted or on-premises Catalyst Cisco SD-WAN Manager. |
| Licensing Process | Licensing compliance, reporting, and notification enhancements | Provides enhanced licensing report details (out of compliance reasons, assigned licenses, per-device details). Allows connection to the Enterprise Agreement (EA) portal for license generation and deposit. |
| Licensing Process | Product Analytics for routers | Enables collection of product telemetry (performance, resource usage) from IOS-XE-based platforms. Product Analytics is enabled by default, providing insights into performance, feature consumption, and licensing. |
| Ease of Use | Managing NGFW Policies from Security Cloud Control | Security Cloud Control (SCC) is a cloud-based manager for consistent security policy implementation. Allows integration with Cisco SD-WAN Manager to import NGFW policies, security objects, and profiles, enabling sharing and template promotion. |
| Security | Custom IPS signature sets | Allows creation and deployment of personalized Snort3 IPS signature sets in Cisco SD-WAN Manager. Enables direct modification of actions for existing IPS rules and building custom rules for tailored threat detection. |
| Ease of Use | Certificate Management on SD-Routing Devices | Introduces Enterprise Certificate Settings for unified certificate configurations. Automates certificate management using EST and SCEP protocols for enrollment and renewal. |
| Upgrade | MVPN Ingress Replication (IR) over SRv6 | Enables transport of IPv4 Multicast traffic over an SRv6 network by using SRv6 unicast infrastructure. Simplifies multicast deployment by creating separate SRv6-encapsulated copies for each egress PE router. |
| Upgrade | SRv6 Path MTU Discovery | Introduces a mechanism to determine MTU for packets traversing an SRv6 underlay. Prevents fragmentation and packet drops by allowing dynamic adjustment of packet sizes. Relays ICMP Packet Too Big (PTB) messages. |
| Upgrade | SRv6 Flex-Algo with TI-LFA and uLoop Avoidance | Enhances SRv6 with Topology Independent Loop-Free Alternate (TI-LFA) and microloop (uLoop) avoidance, improving network resilience and efficiency. |
| Licensing Process | Product Analytics for routers | Product Analytics collects product telemetry such as performance and resource usage from IOS-XE-based platforms. It is enabled by default and provides insights into performance, feature consumption, and licensing types. |
| Ease of Use | MAP-T Border Router (BR) Enhancements | Supports enhancements for MAP-T Border Router, facilitating IPv4 packet transmission over IPv6 networks. Includes improved support for fragmented ICMP, robust hairpin traffic handling, and reliable fragmented UDP packet handling. |
Resolved Issues
This table lists the resolved issues in this specific software release. Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com.
| Bug ID | Description |
|---|---|
| CSCwn12594 | 17.16 SIG zscaler ipsec - vpn credentials for primary tunnel not created |
| CSCwn42496 | SDWAN-SIT: Encore crashed @bfd_send_and_detect_sleep_time during soak run |
| CSCwn69868 | Unable to come up control connections with Controllers after Controllers added and down/up |
| CSCwo72675 | All BFD sessions for dialer interfaces are down. SA ID is 0 for all of them. |
| CSCwo84428 | cEdge: Memory leak under vdaemon process with DTLS on SNMP polling |
| CSCwp07901 | C8500: CPP crash while processing fragments of a jumbo frame |
| CSCwp24639 | Device reload after vpn config changes on SDWAN |
| CSCwm27749 | Speed test download / Throughput issue on C8200 platform seen with IPSEC ESP-NULL transform using Zscaler |
| CSCwm72336 | CXP with Data Policy redirect-DNS via Overlay causes Blackhole |
| CSCwn26353 | BFD sessions via TLOC-Ext do not come up when IPv6 is dynamically changed |
| CSCwo05703 | SD-WAN: VFR is not Dynamically Disables After ZBFW Removal |
| CSCwo75657 | Maximum control connection not equal to maximum omp sessions - cEdge |
| CSCwp91064 | FTMD cero pointer dereference leading to crash |
| CSCwo18836 | Transition Fugazi/C8500L from FBD to NSFBD |
Open Issues
This table lists the open issues in this specific software release. Note: This software release may contain open bugs first identified in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool.
| Bug ID | Description |
|---|---|
| CSCwp12196 | cEdge router unexpectedly reloads due to memory corruption on a notification queue in FTMd |
| CSCwq27426 | cEdge: BFD session down due to unencrypted outbound BFD packets despite active IPsec SA |
| CSCwe19394 | cEdge: device may boot up into prev_packages.conf due to power outage |
| CSCwo42664 | 17.12 - keyman core files on cEdge |
| CSCwo66099 | SDWAN cEdge Service Side BFD flaps |
| CSCwp01089 | EPFR-High latency times are observed on the hub device (Cisco Catalyst 8500-12X Edge Platform). |
| CSCwp81539 | cEdge: Memory leak under cfgmgr process on SNMP polling |
| CSCwq20326 | Behavior change for OMP and CEF may require network redesign if internal site prefixes overlap |
| CSCwq40026 | Unexpected Reboot due to Process FTMD |
| CSCwq68385 | TLOC Disabled After Link Down--No Automatic Tunnel Recovery After Link Restores and TLOC State Is Up |
Compatibility
ROMmon Release Requirements
This section lists the ROMmon version required for your Catalyst 8500 model:
| Platforms | DRAM | Minimum ROMMON Release supported for IOS XE | Recommended ROMMON Release supported for IOS XE |
|---|---|---|---|
| C8500-12X4QC and C8500-12X | 16 GB(default) | 17.2(1r) | 17.11(1r) |
| 16 GB(default) | 17.2(1r) | 17.11(1r) | |
| 32GB | 17.2(1r) | 17.11(1r) | |
| C8500-20X6C | 64GB | 17.3(2r) | 17.11(1r) |
| C8500L-8S4X | All variants | 17.10(1r) | 17.10(1r) |
| 17.10(1r) | 17.14(1r) |
Note: In case of C8500L-8S4X platform, the ROMmon image is bundled with the Cisco IOS XE software image which ensures that when the device is booted up, the ROMmon image is also automatically upgraded to the recommended version.
What's New in the ROMmon Release
This section lists changes in the ROMmon package.
| ROMmon Release for C8500-12X4QC, C8500-12X | Fixes |
|---|---|
| 17.3(1r) | Supports 64GB DRAM for C8500-12X4QC & C8500-12X |
| 17.10 (1r) | Added support for new platform C8500-20X6C |
| 17.11(1r) | Fixed a data issue in data wipe feature. |
| TLOC Disabled After Link Down--No Automatic Tunnel Recovery After Link Restores and TLOC State Is Up |
| ROMmon Release for C8500-12X4QC, C8500L-8S4X | Fixes |
|---|---|
| 17.14(1r) | CSCwf98337 - Evaluation of C8500L-8S4X for Intel 2023.3 IPU and SMRAM vulnerabilities |
| CSCwe21026 - Evaluation of C8500L-8S4X for Intel 2023.1 IPU and SMM vulnerabilities |
Upgrade ROMmon
To upgrade the ROMmon version of your device, use these steps:
- Check the existing version of ROMmon by using show rom-monitor r0 command. If you are installing Cisco IOS XE software on a new device, skip this step.
- Review Minimum and Recommended ROMmon Releases to identify the recommended version of ROMmon software for the device you plan to upgrade.
- Go to https://software.cisco.com/ and download the ROMmon package file.
- Copy the ROMmon file to flash drive:
- copy ftp:// username:password@IP addressROMmon package file flash:
- Upgrade the ROMmon package using the following command:
- upgrade rom-monitor filename bootflash: ROMmon package name all
- Execute reload command to complete the ROMmon upgrade process
- Execute show rom-monitor r0 command to ensure the ROMmon software is upgraded.
Related Resources
Legal Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.
