Release Notes for Cisco Catalyst 8500 Series Edge Platforms, Release 26.1.x
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Contents
Catalyst 8500 Edge Platform, Release 26.1.x
What’s New in the ROMmon release
Catalyst 8500 Edge Platform, Release 26.1.x
Cisco 26.1.x is the first release for Cisco Catalyst 8500 Series Edge Platforms in the Cisco IOS XE 26.x release series.
This section provides a brief description of the new software features introduced in this release.
New software features in Cisco IOS XE 26.1
| Product impact |
Feature |
Description |
| Software Reliability |
Post Quantum Crypto for IKEv2, SSH and MACsec |
Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks from quantum computers which can break many classical encryption methods. Post-Quantum Cryptography is implemented by using the algorithms available as part of Module-lattice based Cryptography. Cisco utilizes a hybrid approach to implement PQC. The hybrid approach to Post-Quantum Cryptography (PQC) combines a quantum-resistant algorithm, such as the module-lattice based ML-KEM (e.g., mlkem768), with a classical elliptic curve key exchange algorithm like NIST P-256 or X25519, along with a hash function such as SHA-256. |
| Ease of Use
|
BGP Advertisement Startup Delay |
The BGP Advertisement Startup Delay feature addresses this issue by introducing a configurable delay before BGP begins advertising routes to its neighbors. This delay allows sufficient time for routes to be installed in the hardware, ensuring traffic forwarding is ready before new routes are announced. |
| Security |
Starting with the Cisco IOS XE 26.1 release and in future releases, Cisco software will display warning messages when configuring features or protocols that do not provide sufficient security such as those transmitting sensitive data without encryption or using outdated encryption mechanisms. Warnings will also appear when security best practices are not followed, along with suggestions for secure alternatives.
This list is subject to change, but the following is a list of features and protocols that are planned to generate warnings in releases beyond the version Cisco IOS XE 17.18.1. Release notes for each release will describe exact changes for that release:
● Plain-text and weak credential storage: Type 0 (plain text), 5 (MD5), or 7 (Vigenère cipher) in configuration files. Recommendation: Use Type 6 (AES) for reversible credentials, and Type 8 (PBKDF2-SHA-256) or Type 9 (Scrypt) for non-reversible credentials. ● SSHv1 Recommendation: Use SSHv2. ● SNMPv1 and SNMPv2, or SNMPv3 without authentication and encryption Recommendation: Use SNMPv3 with authentication and encryption (authPriv). ● MD5 (authentication) and 3DES (encryption) in SNMPv3 Recommendation: Use SHA1 or, preferably, SHA2 for authentication, and AES for encryption. ● IP source routing based on IP header options Recommendation: Do not use this legacy feature. ● TLS 1.0 and TLS 1.1 Recommendation: Use TLS 1.2 or later. ● TLS ciphers using SHA1 for digital signatures Recommendation: Use ciphers with SHA256 or stronger digital signatures. ● HTTP Recommendation: Use HTTPS. ● Telnet Recommendation: Use SSH for remote access. ● FTP and TFTP Recommendation: Use SFTP or HTTPS for file transfers. ● On-Demand Routing (ODR) Recommendation: Use a standard routing protocol in place of CDP-based routing information exchange. ● BootP server Recommendation: Use DHCP or secure boot features such as Secure ZTP. ● TCP and UDP small servers (echo, chargen, discard, daytime) Recommendation: Do not use these services on network devices. ● IP finger Recommendation: Do not use this protocol on network devices. ● NTP control messages Recommendation: Do not use this feature. ● TACACS+ using pre-shared keys and MD5 Recommendation: Use TACACS+ over TLS 1.3, introduced in release Cisco IOS XE 17.18.1 |
|
| Ease of use |
One minute granularity interface statistics using Cisco Catalyst SD-WAN Manager |
This feature enables the collection of granular interface statistics from devices every minute, providing real-time insights for effective troubleshooting and ensuring optimal performance. |
| Licensing Process |
Enhancements for NGFW in Policy Groups |
This feature introduces support for NGFW Policy Groups, that includes import and export of firewall policies, display of rule hit counts, drag-and-drop rule reordering to update priority, visibility of policy and object usage references in the NGFW Dashboard, and retention of rule and policy names in the running CLI configuration. |
This table lists the resolved issues in this specific software release.
Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool.
Resolved and open issues in Cisco IOS XE 26.1
Table 1. Resolved issues for Cisco 8500 Edge Platform, Release 26.1
| Bug ID |
Headline |
| uCode Crash due to Stuck Thread during NAT Session DB Walk |
|
| TLOC Extension unable to program due to module boot up timing |
|
| Crash @cft_engine_handle_vrf_associate_if_needed on C8500 platform with IPv6 traffic |
|
| Speed test session Timeout not clear enough for user to get details |
|
| fman crash after fnf config changes |
|
| Add CLI to change per MPLS label CEF statistics query interval on FMAN FP |
|
| Certificate verify fails & id cert not installed (after reload of device), of certs with EC Key 521 |
|
| [C8500L-8S4X] There seems to be an issue where the NAT router is not responding to ARP requests |
|
| IOSd crash with "match authen-status unauthenticated" configured |
|
| SDWAN C-Edge Router Crashes - CPU Usage due to Memory Pressure exceeds threshold |
|
| DWDM-SFP10G-C SFP is not working when connecting C8500L-8S4X through a MUX |
|
| Converting L2 Routed port channel to L3 is broken in Aurora2 |
|
| [XE MCAST] Multicast traffic not forwarded over P2P DMVPN phase 1 tunnel |
Table 2. Open issues for Catalyst 8500 Edge Platform, Release 26.1
| Bug ID |
Headline |
| fpmd crash seen with 17.12.6B respin image with longer soak + clear sdwan omp events |
|
| Web UI bootstrapping failure due to invalid configuration causes persistent config merge errors despite subsequent corrections |
|
| Radius packet silently consumed by utd |
|
| High QFP Caused by "all-host" Limit in - Carrier Grade NAT mode |
|
| Preferred-color-group restrict is not honored in data policy |
|
| Regarding the operation enabling communication from outside the NAT |
|
| 20.18.2 Cisco SPA:The hardcoding of the AS number 64512 needs to be removed and changed to autodetect |
|
| Segmentation Fault in cpp_cp_svr while Printing FIA Trace Data |
|
| PCG config is not getting deleted from FP |
|
| BFD SD-WAN PMTUD: PMTU Converges Unexpectedly to 970 Bytes After dbg2:1 Event |
|
| Update "reason for state change: MAX" in BFD Syslog |
|
| ipv6 ipsec packets dropped in svti AH in transport mode - ping failed with specific size packet |
This section lists the ROMmon version required for your Catalyst 8500 model:
Table 3. Compatibility information for Catalyst 8500 Edge Platform, Release 17.18.1a
|
|
DRAM |
Minimum ROMmon |
Recommended ROMmon |
| C8500-12X4QC and C8500–12X |
16 GB(default) |
17.2(1r) |
17.11(1r) |
|
|
32GB
|
17.2(1r) |
17.11(1r) |
|
|
64GB |
17.3(2r)
|
17.11(1r) |
| C8500-20X6C |
All variants |
17.10(1r) |
17.15(1r)
Note: Downgrading to a ROMmon version lower than 17.15(1r) is not supported.
|
| C8500L-8S4X |
- |
17.10(1r) |
17.14(1r)*
Note: This version of ROMmon is only available with Cisco IOS XE 17.15.1a onwards.
|
Note: In case of C8500L-8S4X platform, the ROMmon image is bundled with the Cisco IOS XE software image which ensures that when the device is booted up, the ROMmon image is also automatically upgraded to the recommended version.
What’s New in the ROMmon release
This section lists changes in the ROMmon package
| ROMmon Release for C8500-12X4QC, C8500-12X |
Fixes |
| 17.3(1r) |
Supports 64GB DRAM for C8500-12X4QC & C8500-12X |
| 17.10 (1r) |
Added support for new platform C8500-20X6C |
| ROMmon Release for C8500L-8S4X |
Fixes |
| 17.14(1r) |
CSCwf98337 - Evaluation of C8500L-8S4X for Intel 2023.3 IPU and SMRAM vulnerabilities. CSCwe21026 - Evaluation of C8500L-8S4X for Intel 2023.1 IPU and SMM vulnerabilities.
|
| ROMmon Release for C8500-20X6C |
Fixes |
| 17.15(1r) |
CSCwf98335 - Evaluation of all_routing_iosxe for Intel 2023.3 IPU and SMRAM vulnerabilities.
CSCwd96405 - ASR1k:BL and ML hashes not seen in the "Show system intergrity" CLI for Aikido based platforms. Additional minor fixes. |
To upgrade the ROMmon version of your device, use these steps:
1. Check the existing version of ROMmon by using show rom-monitor r0 command. If you are installing Cisco IOS XE software on a new device, skip this step.
2. Review Minimum and Recommended ROMmon Releases to identify the recommended version of ROMmon software for the device you plan to upgrade.
3. Go to https://software.cisco.com/# and download the ROMmon package file.
4. Copy the ROMmon file to flash drive:
copy ftp:// username:password@IP addressROMmon package file flash:
5. Upgrade the ROMmon package using the following command:
upgrade rom-monitor filename bootflash: ROMmon package name all
6. Execute reload command to complete the ROMmon upgrade process
7. Execute show rom-monitor r0 command to ensure the ROMmon software is upgraded.
· Hardware Installation Guide for Catalyst 8500 Series Edge Platforms
· Hardware Installation Guide for Catalyst 8500L Series Edge Platforms
· Smart Licensing Using Policy for Cisco Enterprise Routing Platforms
· Software Configuration Guide for Catalyst 8500 Series Edge Platforms
.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.