PDF(553.5 KB) View with Adobe Reader on a variety of devices
Updated:April 29, 2020
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
For information about open issues with the software, see Caveats.
Introduction
Cisco Catalyst 9400 Series Switches are Cisco’s leading modular enterprise switching access platform built for security, IoT and Cloud.
Cisco Catalyst 9400 Series Switches deliver complete convergence in terms of ASIC architecture with a Unified Access Data Plane (UADP) 2.0. The series forms the foundational building block for Software Defined-Access (SD-Access), which is Cisco’s lead enterprise architecture.
Cisco Catalyst 9400 Series Switches are enterprise optimized with a dual-serviceable fan tray design, side to side airflow and are closet-friendly with a16-inch depth.
Whats New in Cisco IOS XE Everest 16.6.10
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.9
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.8
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.7
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.6
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.5
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.4a
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.4
There are no new hardware or software features in this release.
Whats New in Cisco IOS XE Everest 16.6.3
Software Features in Cisco IOS XE Everest 16.6.3
Feature Name
Description and License Level Information
Software Maintenance Upgrade (SMU)
SMU is a package that can be installed on a system, to provide a patch fix or security resolution to a released image.
The output for show inventory and show id prom fan-tray commands is enhanced to display the Chassis serial number of the fan-tray along with the existing PCB Serial Number.
Bidirectional Forwarding Detection (BFD) is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. In addition to fast forwarding path failure detection, BFD provides a consistent failure detection method for network administrators.
(Network Essentials)
Cisco Discovery Protocol Bypass
A backward compatible mode, equivalent to not having Cisco Discovery Protocol support. When the feature is enabled, Cisco Discovery Protocol packets are received and transmitted unchanged. Received packets are not processed; no packets are generated. In this mode, 'bump-in-the-wire' behavior is applied to Cisco Discovery Protocol packets.
The EIGRP-BFD Support feature helps configure the Enhanced Interior Gateway Routing Protocol (EIGRP) with Bidirectional Forwarding Detection (BFD) so that EIGRP registers with BFD and receives all forwarding path detection failure messages from BFD.
(Network Essentials)
Encrypted Traffic Analytics (ETA)
Studies the packet flow behavior of an application to determine the flow characteristics such as, malware analysis, and crypto audit.
The switch supports high availability or stateful switchover (SSO) by allowing a redundant supervisor engine to take over if a primary supervisor engine fails. Stateful switchover minimizes the time a network is unavailable to users following a switchover, while continuing to forward IP packets. The user session information is maintained during a switchover, and line cards continue to forward network traffic with no loss of sessions.
Provides the basic infrastructure for building virtual networks on policy-based segmentation constructs. It is based on Locator ID Separator Protocol (LISP) overlay network built on top of an arbitrary underlay network.
Cisco IOS XE Everest 16.6.2 supports Layer 2 and Layer 3 overlay networks. This release introduces support for wireless devices on fabric edge nodes. You can now connect traditional Layer 2 networks, wireless access points, or end hosts to the fabric edge nodes.
The following MPLS features are introduced in this release:
MPLS—Combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing.
MPLS Multipath LSP Tree Trace—Provides the means to discover all possible equal-cost multipath (ECMP) routing paths of a label switched path (LSP) between an egress and ingress router. Once discovered, these paths can be retested on a periodic basis using MPLS LSP ping or traceroute.
MPLS LDP—This protocol supports MPLS hop-by-hop forwarding by distributing bindings between labels and network prefixes.
MPLS LDP Graceful Restart—Assists a neighboring device that has MPLS LDP Stateful Switchover/Nonstop Forwarding (SSO/NSF) Support and Graceful Restart to recover gracefully from an interruption in service.
MPLS LDP Inbound Label Binding Filtering—MPLS LDP Inbound Label Binding Filtering helps to configure access control lists (ACLs) for controlling the label bindings a label switch router (LSR) accepts from its peer LSRs.
MPLS LDP Session Protection—Provides faster label distribution protocol convergence when a link recovers following an outage. MPLS LDP Session Protection protects an LDP session between directly connected neighbors or an LDP session established for a traffic engineering (TE) tunnel.
MPLS Static Labels—MPLS Static Labels provides the means to configure statically:
– The binding between a label and an IPv4 prefix.
– The contents of an LFIB crossconnect entry.
MPLS Traceroute—Helps service providers monitor label switched paths (LSPs) and quickly isolate MPLS forwarding problems.
MPLS VPN ID—Helps identify VPNs by a VPN identification number, as described in RFC 2685. The MPLS VPN ID feature is not used to control the distribution of routing information or to associate IP addresses with MPLS VPN ID numbers in routing updates.
Programmability features introduced or enhanced in this release:
ZTP—Zero-Touch Provisioning automates the process of installing or upgrading software images, and installing configuration files on Cisco devices that are deployed in a network for the first time. It reduces manual tasks required to scale the network capacity. It also supports HTTP file download along with TFTP file download. (Network Essentials)
Guest Shell is a virtualized Linux-based environment, designed to run custom Linux applications, including Python for automated control and management of Cisco devices. It also includes the automated provisioning (Day zero) of systems. (DNA Essentials)
iPXE—An open Preboot eXecution Environment (PXE) client that allows a device to boot from a network boot image. iPXE is supported with IPv4 only. (Network Essentials)
Python CLI Module—Python Programmability provides a Python module that allows users to interact with IOS using CLIs. (DNA Essentials)
EEM Python Module—Embedded Event Manager (EEM) policies support Python scripts. Python scripts can be executed as part of EEM actions in EEM applets. (DNA Essentials)
NETCONF—provides a simpler mechanism to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. (Network Essentials)
Model-Driven Telemetry—Provides a mechanism to stream data from a Model-Driven Telemetry-capable device, to a destination. The data to be streamed is driven through subscription. The feature is enabled automatically, when NETCONF-YANG is started on a device. (Network Essentials)
Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same github location highlights changes that have been made in the release.
In-Service Model Updates—Adds new data models or extend functionality to existing data models. The In Service Model Update provides YANG model enhancements outside of a release cycle. (Network Essentials)
The following are the unsupported hardware and software features for the Cisco Catalyst 9400 Series Switches. For the list of supported features, go to http://www.cisco.com/go/cfn.
Unsupported hardware features
– The SFP or SFP+ port set-enabled LED remain off on the supervisor module. They remain Off even if the SFP or SFP+ ports are enabled.
Unsupported software features
– Audio Video Bridging (including IEEE802.1AS, IEEE 802.1Qat, and IEEE 802.1Qav)
– Bluetooth
– Boot Integrity Visibility
– Cisco Plug-in for OpenFlow 1.3
– Cisco StackWise Virtual
– Cisco TrustSec Network Device Admission Control (NDAC) on Uplinks
– Converged Access for Branch Deployments
– Gateway Load Balancing Protocol (GLBP)
– IPsec VPN
– IPsec with FIPS
– MACSec Encryption—Both host link encryption (downlinks) and inter network device encryption (uplinks), with 128-bit and 256-bit AES MACsec (IEEE 802.1AE)
1.M.2 Serial Advanced Technology Attachment (SATA) Solid State Drive (SSD) Module
Optics Modules
Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest compatibility information:
– Google Chrome—Version 38 and later (On Windows and Mac)
– Microsoft Internet Explorer—Version 11 or later (On Windows 7 and Windows XP), and Microsoft Edge (On Windows 10)
– Mozilla Firefox—Version 33 and later (On Windows and Mac)
– Safari—Version 7 and later (On Mac)
Finding the Software Version
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Table 5 Software Images
Release
Image
File Name
Cisco IOS XE Everest 16.6.10
CAT9K_IOSXE
cat9k_iosxe.16.06.10.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.10.SPA.bin
Cisco IOS XE Everest 16.6.9
CAT9K_IOSXE
cat9k_iosxe.16.06.09.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.09.SPA.bin
Cisco IOS XE Everest 16.6.8
CAT9K_IOSXE
cat9k_iosxe.16.06.08.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.08.SPA.bin
Cisco IOS XE Everest 16.6.7
CAT9K_IOSXE
cat9k_iosxe.16.06.07.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.07.SPA.bin
Cisco IOS XE Everest 16.6.6
CAT9K_IOSXE
cat9k_iosxe.16.06.06.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.06.SPA.bin
Cisco IOS XE Everest 16.6.5
CAT9K_IOSXE
cat9k_iosxe.16.06.05.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.05.SPA.bin
Cisco IOS XE Everest 16.6.4a
CAT9K_IOSXE
cat9k_iosxe.16.06.04a.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.04a.SPA.bin
Cisco IOS XE Everest 16.6.4
CAT9K_IOSXE
cat9k_iosxe.16.06.04.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.04.SPA.bin
Cisco IOS XE Everest 16.6.3
CAT9K_IOSXE
cat9k_iosxe.16.06.03.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.03.SPA.bin
Cisco IOS XE Everest 16.6.2
CAT9K_IOSXE
cat9k_iosxe.16.06.02.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.02.SPA.bin
Cisco IOS XE Everest 16.6.1
CAT9K_IOSXE
cat9k_iosxe.16.06.01.SPA.bin
Licensed Data Payload Encryption (LDPE)
cat9k_iosxeldpe.16.06.01.SPA.bin
Upgrading the Switch Software
Note You cannot use the Web UI to install, upgrade, or downgrade switch software
Table 6 install commands to Upgrade or Downgrade Switch Software
Switch# install add file filename [ activate commit ]—Use this command to install and activate the specified file, and to commit changes to be persistent across reloads.
Switch# install ? —You can also use the install command to separately install, activate, commit, cancel, or remove the installation file.
add file filename
Copies the install file package from a remote location to the device and performs a compatibility check for the platform and image versions.
activate [ auto-abort-timer ]
Activates the file, and reloads the device.
The auto-abort-timer keyword automatically rolls back the image activation.
commit
Makes changes persistent over reloads.
rollback to committed
Rolls back the update to the last committed version.
abort
Cancels the file activation, and rolls back to the version that was running before the current installation procedure started.
remove
Deletes all unused and inactive software installation files.
Automatic Boot Loader Upgrade and CPLD Upgrade
Note If you are upgrading from Cisco IOS XE Everest 16.6.2 to 16.6.3 or 16.6.4, 16.6.4a,16.6.5 there is no ROMMON or CPLD firmware upgrade. In case of upgrade from Cisco IOS XE Everest 16.6.1 to 16.6.3 or 16.6.4, there will be a ROMMON and CPLD upgrade.
Automatic Boot Loader Upgrade
When you upgrade from the existing release on your switch to a later or newer release for the first time, the boot loader may be automatically upgraded, based on the hardware version of the switch. If the boot loader is upgraded, supervisor will automatically reload to enable the new boot loader. If you go back to the older release after this, the boot loader is not downgraded. The updated boot loader supports all previous releases.
For subsequent IOS XE Everest 16.x.x releases, if there is a new bootloader in that release, it may be automatically upgraded based on the hardware version of the switch when you boot up your switch with the new image for the first time.
During an upgrade, reload is not required; the system will auto reload, and the new ROMMON image will be available.
When upgrading from IOS XE Everest 16.6.1 to 16.6.2, the upgrade may take a long time, and the system will reset three times due to ROMMON and complex programmable logic device (CPLD) upgrade. Stateful switchover is supported from IOS XE Everest 16.6.2.
Note If Catalyst 9400 Supervisor1 power is removed and reapplied within a 5-second window, the boot SPI may get corrupted.
When upgrading from IOS XE Everest 16.6.1 to 16.6.2, for the first time, upgrade a single supervisor, and complete the boot loader and CPLD upgrade. After completing the first supervisor upgrade, remove and swap in the second supervisor. Once both supervisors are upgraded to IOS XE16.6.2, they can be inserted in high availability setup.
Note Do not upgrade dual supervisors from IOS XE Everest 16.6.1 to 16.6.2 at the same time to avoid hardware damage.
Caution Do not power cycle your switch during the upgrade.
Table 7 Automatic Boot Loader Response
Scenario
Automatic Boot Loader Response
If you boot Cisco IOS XE Everest 16.6.2, or Cisco IOS XE Everest 16.6.3, or Cisco IOS XE Everest 16.6.4, or Cisco IOS XE Everest 16.6.4a, or Cisco IOS XE Everest 16.6.5, or Cisco IOS XE Everest 16.6.6, or Cisco IOS XE Everest 16.6.7, or Cisco IOS XE Everest 16.6.8,
or Cisco IOS XE Everest 16.6.9,
or Cisco IOS XE Everest 16.6.10
for the first time
The boot loader may be upgraded to version 16.6.2r [FC1]. For example:
ROM: IOS-XE ROMMON
BOOTLDR: System Bootstrap, Version 16.6.2r [FC1], RELEASE SOFTWARE (P)
If the automatic boot loader upgrade occurs while booting, you will see the following on the console:
%IOSXEBOOT-4-BOOTLOADER_UPGRADE: (rp/0): ### Fri Nov 03 18:42:58 Universal 2017 PLEASE DO NOT POWER CYCLE ### BOOT LOADER UPGRADING
During the automatic boot loader upgrade, mcnewfpgaclose.hdr and mcnewfpgaclose.img are copied to the bootflash. The supervisor automatically reloads to enable the new boot loader.
When the new boot loader boots up, the complex programmable logic device (CPLD) upgrade process starts automatically. The CPLD upgrade process will take approximately from 7 to 10 minutes. The supervisor will power cycle itself during the CPLD upgrade.
Caution Do not unplug power or remove the supervisor during the upgrade.
The following is sample output from CPLD upgrade:
Initializing Hardware...
Initializing Hardware...
Initializing Hardware...
System Bootstrap, Version 16.6.2r, RELEASE SOFTWARE (P)
Compiled Thu 10/26/2017 8:30:34.63 by rel
Current image running:
Primary Rommon Image
Last reset cause: SoftwareResetTrig
C9400-SUP-1 platform with 16777216 Kbytes of main memory
Starting System FPGA Upgrade.....
Programming SPI Primary image is completed.
Authenticating SPI Primary image.....
IO FPGA image is authenticated successfully.
Programming Header.....
FPGA HDR file size: 12
Image page count: 1
Verifying programmed header.....
Verifying programmed header.....
Programmed header is verified successfully.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Power Cycle is needed to complete System firmware upgrade.
It takes ~7 mins to upgrade firmware after power cycle starts.
DO NOT DISRUPT AFTER POWER CYCLE UNTIL ROMMON PROMPT APPEARS.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Power Cycling the Supervisor card now !
Initializing Hardware...
Initializing Hardware...
System Bootstrap, Version 16.6.2r, RELEASE SOFTWARE (P)
Compiled Thu 10/26/2017 8:30:34.63 by rel
Current image running:
Primary Rommon Image
Last reset cause: PowerOn
C9400-SUP-1 platform with 16777216 Kbytes of main memory
rommon 1 >version -v
System Bootstrap, Version 16.6.2r, RELEASE SOFTWARE (P)
Compiled Thu 10/26/2017 8:30:34.63 by rel
Current image running:
Primary Rommon Image
Last reset cause: PowerOn
C9400-SUP-1 platform with 16777216 Kbytes of main memory
Fpga Version: 0x17101705
System Integrity Status: C334ABCE 6A40 6A48
Upgrading in Install Mode
Follow these instructions to upgrade from one release to another, in install mode. To perform a software image upgrade, you must be booted into IOS via “ boot flash:packages.conf.”
Note This procedure automatically copies the images to both active and standby supervisors. Both supervisors are simultaneously upgraded. In Cisco IOS XE Everest 16.6.1, the upgrade will not occur for standby supervisor as dual-supervisor is not supported in this release.
The sample output in this section covers upgrade from Cisco IOS XE Everest 16.6.1 to Cisco IOS XE Everest 16.6.2 in Install Mode. The same sample output will be applicable to Cisco IOS XE Everest 16.6.3 and later releases on the Cisco IOS XE Everest 16.6.x release train.
Step 3 Use the install add file activate commit command to install the target image to flash. You can point to the source image on your TFTP server or in flash if you have it copied to flash.
install_add_activate_commit: START Fri Jun 9 22:49:41 UTC 2017
*Jun 9 22:49:42.772: %IOSXE-5-PLATFORM: Switch 1 R0/0: Jun 9 22:49:42 install_engine.sh: %INSTALL-5-INSTALL_START_INFO: Started install one-shot flash:cat9k_iosxe.16.06.02.SPA.bin
install_add_activate_commit: Adding PACKAGE
--- Starting initial file syncing ---
Info: Finished copying flash:cat9k_iosxe.16.06.02.SPA.bin to the selected switch(es)
Finished initial file syncing
--- Starting Add ---
Performing Add on all members
[1] Add package(s) on switch 1
[1] Finished Add on switch 1
Checking status of Add on [1]
Add: Passed on [1]
Finished Add
install_add_activate_commit: Activating PACKAGE
/flash/cat9k-webui.16.06.02.SPA.pkg
/flash/cat9k-srdriver.16.06.02.SPA.pkg
/flash/cat9k-sipspa.16.06.02.SPA.pkg
/flash/cat9k-sipbase.16.06.02.SPA.pkg
/flash/cat9k-rpboot.16.06.02.SPA.pkg
/flash/cat9k-rpbase.16.06.02.SPA.pkg
/flash/cat9k-guestshell.16.06.02.SPA.pkg
/flash/cat9k-espbase.16.06.02.SPA.pkg
/flash/cat9k-cc_srdriver.16.06.02.SPA.pkg
This operation requires a reload of the system. Do you want to proceed? [y/n]y
--- Starting Activate ---
Performing Activate on all members
[1] Activate package(s) on switch 1
[1] Finished Activate on switch 1
Checking status of Activate on [1]
Activate: Passed on [1]
Finished Activate
--- Starting Commit ---
Performing Commit on all members
[1] Commit package(s) on switch 1
[1] Finished Commit on switch 1
Checking status of Commit on [1]
Commit: Passed on [1]
Finished Commit
Install will reload the system now!
Chassis 1 reloading, reason - Reload command
SUCCESS: install_add_activate_commit
/flash/cat9k-webui.16.06.02.SPA.pkg
/flash/cat9k-srdriver.16.06.02.SPA.pkg
/flash/cat9k-sipspa.16.06.02.SPA.pkg
/flash/cat9k-sipbase.16.06.02.SPA.pkg
/flash/cat9k-rpboot.16.06.02.SPA.pkg
/flash/cat9k-rpbase.16.06.02.SPA.pkg
/flash/cat9k-guestshell.16.06.02.SPA.pkg
/flash/cat9k-espbase.16.06.02.SPA.pkg
/flash/cat9k-cc_srdriver.16.06.02.SPA.pkg
Fri Jun 9 22:53:58 UTC 2017
Switch#
Note Old files listed in the logs will not be removed from flash.
Step 4 After the software has been successfully installed, verify that the flash partition has nine new .pkg files and three.conf files. See sample output below.
Switch# dir flash:*.pkg
Directory of flash:/*.pkg
Directory of flash:/
253956 -rw- 2097152 Nov 3 2017 21:37:04 -07:00 nvram_config
253955 -rw- 2097152 Nov 3 2017 21:37:04 -07:00 nvram_config_bkup
253954 -rw- 239 Nov 3 2017 21:28:47 -07:00 boothelper.log
253957 -rw- 78 Oct 27 2017 14:28:43 -07:00 tam_client_app.log
303110 -rw- 5297096 Nov 1 2017 23:27:26 -07:00 cat9k-cc_srdriver.16.06.01.SPA.pkg
253961 -rw- 7523 Nov 1 2017 23:56:25 -07:00 packages.conf
344067 -rw- 5186504 Nov 1 2017 23:54:10 -07:00 cat9k-cc_srdriver.16.06.02.SPA.pkg
303111 -rw- 80946116 Nov 1 2017 23:27:29 -07:00 cat9k-espbase.16.06.01.SPA.pkg
303112 -rw- 1536964 Nov 1 2017 23:27:29 -07:00 cat9k-guestshell.16.06.01.SPA.pkg
303113 -rw- 376865728 Nov 1 2017 23:27:40 -07:00 cat9k-rpbase.16.06.01.SPA.pkg
303118 -rw- 29545049 Nov 1 2017 23:27:53 -07:00 cat9k-rpboot.16.06.01.SPA.pkg
303114 -rw- 27669444 Nov 1 2017 23:27:41 -07:00 cat9k-sipbase.16.06.01.SPA.pkg
294913 drwx 4096 Nov 3 2017 21:28:25 -07:00 installer
253966 -rw- 16280 Nov 3 2017 21:28:42 -07:00 bootloader_evt_handle.log
303105 drwx 4096 Oct 26 2017 20:57:12 -07:00 core
311297 drwx 4096 Nov 2 2017 23:41:45 -07:00 prst_sync
327681 drwx 4096 Nov 1 2017 23:56:42 -07:00 rollback_timer
335873 drwx 4096 Nov 3 2017 21:28:46 -07:00 dc_profile_dir
335875 drwx 4096 Oct 26 2017 20:48:50 -07:00 gs_script
253959 -rw- 556 Nov 2 2017 23:42:12 -07:00 vlan.dat
253968 -rw- 98869 Nov 3 2017 21:28:59 -07:00 memleak.tcl
294914 drwx 4096 Oct 26 2017 21:19:34 -07:00 tech_support
303107 drwx 4096 Oct 26 2017 21:27:19 -07:00 onep
319490 drwx 4096 Oct 26 2017 21:27:19 -07:00 CRDU
303115 -rw- 55440320 Nov 1 2017 23:27:43 -07:00 cat9k-sipspa.16.06.01.SPA.pkg
303116 -rw- 11813828 Nov 1 2017 23:27:43 -07:00 cat9k-srdriver.16.06.01.SPA.pkg
303117 -rw- 12248000 Nov 1 2017 23:27:43 -07:00 cat9k-webui.16.06.01.SPA.pkg
344068 -rw- 76649412 Nov 1 2017 23:54:13 -07:00 cat9k-espbase.16.06.02.SPA.pkg
344069 -rw- 1536964 Nov 1 2017 23:54:13 -07:00 cat9k-guestshell.16.06.02.SPA.pkg
344070 -rw- 380625856 Nov 1 2017 23:54:24 -07:00 cat9k-rpbase.16.06.02.SPA.pkg
344076 -rw- 29580684 Nov 1 2017 23:54:39 -07:00 cat9k-rpboot.16.06.02.SPA.pkg
344071 -rw- 27612100 Nov 1 2017 23:54:24 -07:00 cat9k-sipbase.16.06.02.SPA.pkg
344072 -rw- 54981568 Nov 1 2017 23:54:26 -07:00 cat9k-sipspa.16.06.02.SPA.pkg
344073 -rw- 6521796 Nov 1 2017 23:54:26 -07:00 cat9k-srdriver.16.06.02.SPA.pkg
344074 -rw- 12268480 Nov 1 2017 23:54:26 -07:00 cat9k-webui.16.06.02.SPA.pkg
344075 -rw- 1536960 Nov 1 2017 23:54:26 -07:00 cat9k-wlc.16.06.02.SPA.pkg
344066 -rw- 7523 Nov 1 2017 23:54:39 -07:00 cat9k_iosxe.16.06.02.SPA.conf
253960 -rw- 7406 Nov 1 2017 23:56:25 -07:00 packages.conf.00-
11353194496 bytes total (9544245248 bytes free)
In the following sample output that displays the.conf files in the flash partition, note the three.conf files:
– packages.conf— the file that has been re-written with the newly installed.pkg files.
– packages.conf.00—backup file of the previously installed image.
– cat9k_iosxe.16.06.02.SPA.conf— a copy of packages.conf and not used by the system.
Switch# dir flash:*.conf
Directory of flash:/*.conf
Directory of flash:/
253961 -rw- 7523 Nov 1 2017 23:56:25 -07:00 packages.conf
344066 -rw- 7523 Nov 1 2017 23:54:39 -07:00 cat9k_iosxe.16.06.02.SPA.conf
253960 -rw- 7406 Nov 1 2017 23:56:25 -07:00 packages.conf.00-
11353194496 bytes total (8963174400 bytes free)
Reload
Step 5 Reload the switch
Switch# reload
Step 6 If your switches are configured with auto boot, then the switch will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
Switch: boot flash:packages.conf
Step 7 When the new image boots up, verify the version of the new image, using the show version command:
Note When you boot the new image, it will automatically update the boot loader, but the new boot loader version is not displayed in the output until the next reload.
cisco C9407R (X86) processor (revision V00) with 869104K/6147K bytes of memory.
Processor board ID FXS2119Q2U7
1 Virtual Ethernet interface
96 Gigabit Ethernet interfaces
88 Ten Gigabit Ethernet interfaces
4 Forty Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15958488K bytes of physical memory.
11161600K bytes of Bootflash at bootflash:.
1638400K bytes of Crash Files at crashinfo:.
0K bytes of WebUI ODM Files at webui:.
Configuration register is 0x102
Switch#
Downgrading in Install Mode
Note New hardware introduced in this release cannot be downgraded, so we recommend upgrading all existing switches to Cisco IOS XE Everest 16.6.2. For the list of models introduced in this release, see Hardware Features in Cisco IOS XE Everest 16.6.2
Follow these instructions to downgrade from one release to another, in install mode. To perform a software image downgrade, you must be booted into IOS via “ boot flash:packages.conf.”
The sample output in this section covers downgrade from Cisco IOS XE Everest 16.6.2 to Cisco IOS XE Everest 16.6.1 in Install Mode.
Step 4 Use the install add file activate commit command, to downgrade your switch. You can point to the source image on your tftp server or in flash if you have it copied to flash.
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco C9410R (X86) processor (revision V00) with 868521K/6147K bytes of memory.
Processor board ID FXS2118Q1GM
312 Gigabit Ethernet interfaces
40 Ten Gigabit Ethernet interfaces
4 Forty Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15958516K bytes of physical memory.
11161600K bytes of Bootflash at bootflash:.
1638400K bytes of Crash Files at crashinfo:.
0K bytes of WebUI ODM Files at webui:.
%INIT: waited 0 seconds for NVRAM to be available
Press RETURN to get started!
Step 5 If your switches are configured with auto boot, then the switch will automatically boot up with the new image. If not, you can manually boot flash:packages.conf
Switch: boot flash:packages.conf
Step 6 When the new image boots up, you can verify the version of the new image, by checking show version
Note In the output, note that the boot loader is not automatically downgraded. It will remain updated.
cisco C9410R (X86) processor (revision V00) with 868521K/6147K bytes of memory.
Processor board ID FXS2118Q1GM
1 Virtual Ethernet interface
312 Gigabit Ethernet interfaces
24 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
15958516K bytes of physical memory.
11161600K bytes of Bootflash at bootflash:.
1638400K bytes of Crash Files at crashinfo:.
0K bytes of WebUI ODM Files at webui:.
Configuration register is 0x2
Switch#
Licensing
This section provides information about the licensing packages for features available on Cisco Catalyst 9000 Series Switches.
License Levels
The software features available on Cisco Catalyst 9000 Series Switches fall under the base or add-on license levels.
Base Licenses
Network Essentials
Network Advantage—Includes features available with the Network Essentials license and more.
Add-On Licenses—Require a Network Essentials or Advantage as a pre-requisite. The features available with add-on license levels provide Cisco innovations on the switch, as well as on the Cisco Digital Network Architecture Center (Cisco DNA Center).
DNA Essentials
DNA Advantage— Includes features available with the DNA Essentials license and more.
To find information about platform support and to know which license levels a feature is available with, use Cisco Feature Navigator. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
License Types
The following license types are available:
Permanent—for a license level, and without an expiration date.
Term— for a license level, and for a three, five, or seven year period.
Evaluation—for a license level, preinstalled on the device, and for a 90-day trial period only.
Ordering with Smart Accounts
We recommend that you use Smart Accounts to order devices as well as licenses. Smart Accounts enable you to manage all of your software licenses for switches, routers, firewalls, access-points or tools from one centralized website. To create Smart Accounts, use the Cisco Smart Software Manager (Cisco SSM).
Note This is especially relevant to the term licenses that you order, because information about the expiry of term licenses is available only through the Cisco SSM website.
Right-to-use (RTU) licensing mode—Supported on Cisco Catalyst 9000 Series Switches. See The RTU Licensing Mode.
The RTU Licensing Mode
This is the currently supported licensing mode for Cisco Catalyst 9000 Series Switches.
Right-to-use (RTU) licensing allows you to order and activate a specific license type for a given license level, and then to manage license usage on your switch.
Note The RTU licensing structure has been modified to match the packaging model that will be used with Smart Licensing mode in the future. Unified licensing structures across the RTU and Smart Licensing modes, along with usage reports, will simplify migration and reduce the implementation time required for Smart Licensing.
The license right-to-use command (privilege EXEC mode) provides options to activate or deactivate any license supported on the platform.
Base licenses (Network Essentials and Network-Advantage) may be ordered only with a permanent license type.
Add-on licenses (DNA Essentials and DNA Advantage) may be ordered only with a term license type.
You can set up Cisco SSM to receive daily e-mail alerts, to be notified of expiring add-on licenses that you want to renew.
You must order an add-on license in order to purchase a switch. On term expiry, you can either renew the add-on license to continue using it, or deactivate the add-on license and then reload the switch to continue operating with the base license capabilities.
When ordering an add-on license with a base license, note the combinations that are permitted and those that are not permitted:
4.For this combination, the DNA-Essentials license must be ordered separately using Cisco SSM.
The following features are currently available only at the Network Advantage license level. However, the correct minimum license level for these features is Network Essentials and the CFN reflects this correct license level.
You will be able to configure the feature with a Network Essentials license level after the correction is made in an upcoming release.
– IPv6 Multicast
– IPv6 ACL Support for HTTP Servers
Evaluation licenses cannot be ordered. They can be activated temporarily, without purchase. Warning system messages about the evaluation license expiry are generated 10 and 5 days before the 90-day window. Warning system messages are generated every day after the 90-day period. An expired evaluation license cannot be reactivated after reload.
Cisco TrustSec restrictions—Cisco TrustSec can be configured only on physical interfaces, not on logical interfaces.
Control Plane Policing (CoPP)—Starting with Cisco IOS XE Everest 16.6.4, the show run command does not display information about classes configured under system-cpp policy, when they are left at default values. Use the show policy-map system-cpp-policy or the s how policy-map control-plane commands in privileged EXEC mode instead.
Flexible NetFlow (FNF) limitations
– You cannot configure NetFlow export using the Ethernet Management port (GigabitEthernet0/0)
– You can not configure a flow monitor on logical interfaces, such as switched virtual interfaces (SVIs), port-channel, loopback, tunnels.
– You can not configure multiple flow monitors of the same type (ipv4, ipv6 or datalink) on the same interface, in the same direction.
Memory leak—When a logging discriminator is configured and applied to a device, memory leak is seen under heavy syslog or debug output. The rate of the leak is dependent on the quantity of logs produced. In extreme cases, the device may fail. As a workaround, disable the logging discriminator on the device.
QoS restrictions:
– When configuring QoS queuing policy, the sum of the queuing buffer should not exceed 100%.
– For QoS policies, only SVIs are supported for logical interfaces.
– QoS policies are not supported for port-channel interfaces, tunnel interfaces, and other logical interfaces.
Redundancy—The supervisor module (hardware) supports redundancy. Software redundancy is supported in IOS XE Everest 16.6.2. The associated route processor redundancy (RPR) feature is currently not supported. Use the show redundancy and show platform software iomd redundancy commands to ensure that both SSO formed and IOMD is ready before doing any switchover.
Secure Shell (SSH)
– Use SSH Version 2. SSH Version 1 is not supported.
– When the device is running SCP (Secure Copy Protocol) and SSH cryptographic operations, expect high CPU until the SCP read process is completed. SCP supports file transfers between hosts on a network and uses SSH for the transfer.
Since SCP and SSH operations are currently not supported on the hardware crypto engine, running encryption and decryption process in software causes high CPU. The SCP and SSH processes can show as much as 40 or 50 percent CPU usage, but they do not cause the device to shutdown.
Smart Install— The commands are visible on the CLI in Cisco IOS XE Everest 16.6.1, but the feature is not supported. Enter the no vstack command in global configuration mode and disable the feature. Starting from Cisco IOS XE Everest 16.6.2, the vstack command is not available on the CLI.
Uplink Symmetry—When a redundant supervisor is inserted, it is recommended to have symmetric uplinks, so that packet loss during a switchover is minimal.
– Uplinks are said to be in symmetry when the same interface in both supervisors have the same type of transceiver module. A TenGigabitEthernet interface with no transceiver operates at default 10G mode, and if the matching interface of the other supervisor has a 10G transceiver, then they are in symmetry. Symmetry gives best SWO packet loss and user experience.
– Asymmetric uplinks have at least one or more pairs of interfaces in one supervisor not matching the transceiver speed of the other supervisor.
VLAN Restriction: It is advisable to have well-defined segregation while defining data and voice domain during switch configuration and to maintain a data VLAN different from voice VLAN across the switch stack. If the same VLAN is configured for data and voice domains on an interface, the resulting high CPU utilization might affect the device.
Caveats
Caveats describe unexpected behavior in Cisco IOS releases. Caveats listed as open in a prior release are carried forward to the next release as either open or resolved.
The Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click on the identifier.
Open Caveats in Cisco IOS XE Everest 16.6.x
The following are the open caveats in this release:
Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
Related Documentation
Cisco Catalyst 9400 Series Switches documentation at this URL:
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation, which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
The SFP or SFP+ port set-enabled LED remain off on the supervisor module. They remain Off even if the SFP or SFP+ ports are enabled. 
Feedback