Release Notes for Cisco Catalyst IE9300 Rugged Series Switches, Release 26.1.x
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Cisco Catalyst IE9300 Rugged Series Switches, Release 26.1.x
Cisco Catalyst IE9300 Rugged Series Switches, Release 26.1.x
This document provides release information for the following Cisco Catalyst IE switches.
● Cisco Catalyst IE9310 GE Fiber switch
● Cisco Catalyst IE9320 GE Fiber switch
● Cisco Catalyst IE9320 Fiber switch with 10 GE uplinks
● Cisco Catalyst IE9320 10 GE Copper Data switch
● Cisco Catalyst IE9320 10 GE PoE switch
● Cisco Catalyst IE9320 10 G mGig 4PPoE switch
● Cisco Catalyst IE9320 GE PoE switch
● Cisco Catalyst IE9310 GE mixed port switch
Cisco Catalyst IE9300 Rugged Series Switch
Cisco Catalyst IE9300 Rugged Series Switches provide rugged and secure switching infrastructure for harsh environments. It is suitable for Industrial Ethernet applications, including manufacturing, utility substations, Intelligent Transportation Systems (ITSs), rail transportation, and other similar deployments.
The switch fulfils the need for a high-density SFP, RJ-45, and Power over Ethernet (PoE) rack-, or wall-mount switch that can function as a Software-Defined-Access (SDA) fabric edge. It provides end-to-end architectural uniformity in the Cisco Catalyst Center for Internet of Things (IoT) connected communities and extended enterprises.
In industrial environments, the switch can be connected to any Ethernet-enabled industrial communication devices. These devices include programmable logic controllers (PLCs), human-machine interfaces (HMIs), drives, sensors, and input and output (I/O) devices.
All Cisco Catalyst IE9300 Rugged Series Switches have 4 GB of DRAM, four alarm inputs, and one alarm output. Other I/O include the following:
● SD-cards socket
● Power input
● RJ-45 (RS-232) console
● Micro-USB console
● USB-A host port
This section provides a brief description of the new software features introduced in Cisco IOS-XE 26.1.x release.
IOS-XE 26.1.1
Table 1. New software features in Cisco IOS-XE 26.1.1 release
| Product Impact |
Feature |
Description |
| Security |
Resilient Infrastructure |
As part of the ongoing commitment to network security, this Cisco IOS-XE release introduces secure alternatives to legacy commands. These updates are designed to mitigate potential risks and assist in establishing a more robust and secure operational baseline. The identified insecure commands are categorized as: • Line transport: Updates to secure remote access methods. • Device server configuration: Hardening of server-side settings. • File transfer protocols: Transitioning to encrypted transfer methods. • SNMP: Enhancements to secure management traffic. • Passwords: Strengthening authentication and credential management. • Miscellaneous: General security improvements for various system functions. The show system insecure configuration command introduced in Cisco IOS-XE release 17.18.2, lists all insecure commands configured on the device. For all detected insecure configurations during device boot or upgrade, error messages are displayed. In Cisco IOS-XE release 26.1.x, all insecure CLI commands are blocked by default to strengthen your network infrastructure. If your environment requires the use of a legacy command, you must enable the system mode insecure command in global configuration mode. • Recommendation: Do not use insecure mode. This mode is temporary and will be removed in a future Cisco IOS-XE release. Identify and replace all insecure commands with their secure alternatives. • Upgrade behavior: If you upgrade to Cisco IOS-XE release 26.1.x with insecure commands already present in the running configuration, the system mode insecure command is automatically added to your configuration to prevent service disruption. For more information, refer to Resilient Infrastructure IOS XE Security Warnings Reference |
| Upgrade |
This feature enables PTP for your stacked Cisco IE9300 Rugged Series switches so they function as a unified network entity. You receive consistent, synchronized timing across the stack, making network management simpler and ensuring precise timekeeping for your critical applications. |
|
| This feature enables configuring Cisco switches as Media Redundancy Clients (MRC) within an MRP ring, acting as regular ring participants that forwards traffic and continuously monitor link status, reporting any failures to the ring manager (MRM). This approach enhances network resiliency and simplifies deployment, supporting rapid failover and compliance with industrial certification requirements. |
||
| Ease of use and Ease of setup |
REP Segment ID Auto-Discovery automates the configuration of Resilient Ethernet Protocol (REP) Segment IDs using CDP. This feature reduces manual effort and prevents mismatches for both standard REP and REP Fast protocols, making it easier to add switches to existing segments or create new daisy-chain segments. |
|
| Upgrade |
This feature enables Cisco Industrial Ethernet (IE) switches to interoperate with existing high available systems by providing robust controller failover using PROFINET S2 controller redundancy mode. It aims to minimize potential issues and downtime in the event of network or controller failures. |
|
| Software Reliability |
This feature enhances device security and network flexibility by setting Discovery and Configuration Protocol (DCP) operations to read-only mode. It safeguards the IP address, gateway, and device name from modifications, protects essential network settings to prevent unexpected connectivity loss, and remains compatible with LLDP, SNMP, and CDP. Additionally, it enables devices to carry out identification and basic network discovery. |
This section provides a brief description of the new hardware features introduced in Cisco IOS-XE 26.1.x release.
IOS-XE 26.1.1
There are no new hardware features introduced in Cisco IOS-XE 26.1.1 release.
Syslog warning on reload for SSH Hostkeys: After a device reload, a syslog warning may appear indicating insufficient key length, even when a strong RSA or EC key is already configured.
Note:
· In the syslog warning message displays crypto key generate rsa modulus <modulus-size> label <label-name>, then the <modulus-size> and <label-name> represent the actual modulus size and label configured on the device.
· The SSH keypair association configuration is done using the command: ip ssh ec|rsa <keypair-name>, where <keypair-name> corresponds to the keypair name configured on the device.
Example warnings:
· RSA
o Warning Observed: INSECURE DYNAMIC WARNING - Module: SSH
o Command: crypto key generate rsa modulus <modulus-size> label <label-name>
o Reason: An SSH hostkey has been provisioned on the device with insufficient key length
o Remediation: Provision an SSH RSA hostkey with minimum modulus size of 3072 bits for enhanced security
o Sub mode: exec
o Parent CLI: Not Applicable
· EC
o Warning Observed: INSECURE DYNAMIC WARNING - Module: SSH
o Command: crypto key generate ec keysize <modulus-size> label <label-name>
o Reason: An SSH hostkey has been provisioned on the device with insufficient key length
o Remediation: Provision an SSH hostkey with minimum modulus size of 256 bits for enhanced security
o Sub mode: exec
o Parent CLI: Not Applicable
If you have already configured a strong key and associated it using ip ssh ec|rsa <keypair-name>, you can ignore this warning during boot. The configured SSH keypair association is applied after the boot process, and SSH then uses the correct key for secure connections.
Once this configuration is active, SSH uses the correct key for secure connections.
Notice of changes introduced in the Cisco IOS-XE 17.18.2 release and beyond
Cisco is committed to safeguarding our products and customer networks against increasingly sophisticated threat actors. Cisco is improving product security by gradually phasing out legacy and insecure features and protocols. Starting with Cisco IOS-XE 17.18.2, the software displays warnings when insecure features, outdated encryption methods, or nonsecure best practices are configured, and recommends more secure alternatives. This change is part of Cisco’s ongoing effort to make products more secure by default while minimizing operational impact.
This list may change over time. The following features and protocols generate warnings in Cisco IOS-XE releases after 17.18.1. Refer to the release notes for each release for exact details.
● Plain-text and weak credential storage: Type 0 (plain text), 5 (MD5), or 7 (Vigenère cipher) in configuration files.
Recommendation: Use Type 6 (AES) for reversible credentials, and Type 8 (PBKDF2-SHA-256) or Type 9 (Scrypt) for non-reversible credentials.
● SSHv1
Recommendation: Use SSHv2.
● SNMPv1 and SNMPv2, or SNMPv3 without authentication and encryption
Recommendation: Use SNMPv3 with authentication and encryption (authPriv).
● MD5 (authentication) and 3DES (encryption) in SNMPv3
Recommendation: Use SHA1 or, preferably, SHA2 for authentication, and AES for encryption.
● IP source routing based on IP header options
Recommendation: Do not use this legacy feature.
● TLS 1.0 and TLS 1.1
Recommendation: Use TLS 1.2 or later.
● TLS ciphers using SHA1 for digital signatures
Recommendation: Use ciphers with SHA256 or stronger digital signatures.
● HTTP
Recommendation: Use HTTPS.
● Telnet
Recommendation: Use SSH.
● FTP and TFTP
Recommendation: Use SFTP or HTTPS.
● On-Demand Routing (ODR)
Recommendation: Use a standard routing protocol in place of CDP-based routing information exchange.
● BootP server
Recommendation: Use DHCP or secure boot features such as Secure ZTP.
● TCP and UDP small servers (echo, chargen, discard, daytime)
Recommendation: Do not use these services on network devices.
● IP finger
Recommendation: Do not use this protocol on network devices.
● NTP control messages
Recommendation: Do not use this feature.
● TACACS+ using pre-shared keys and MD5
Recommendation: Use TACACS+ over TLS 1.3, introduced in release Cisco IOS-XE 17.18.1.
Cisco is committed to supporting customers through this transition. Subsequent releases in the Cisco IOS-XE 17.18 train continue to support these features but displays warnings if they are used. Future Cisco IOS-XE release trains may impose additional restrictions on these features which will be communicated through release notes.
The changes introduced in Cisco IOS-XE 17.18 continue to apply in release 26.1.x and later.
This section lists resolved issues in Cisco IOS-XE 26.1.x release.
Note: This software release may contain bug fixes first introduced in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool.
IOS-XE 26.1.1
Table 2. Resolved issues in Cisco IOS-XE 26.1.1 release
| Bug ID |
Description |
| IE-9320-22S2C4X: show ptp lan clock is not updating with gnss time clock |
|
| IE9320 PTP BC invalid currentOffset |
|
| Incomplete SNMPWALK of entSensorValue data retrieval for SFP modules on IE-9320-26S2C-A switches |
|
| REP Interface broadcast unicast traffic to all the interface in the same vlan |
|
| Port VlanID is missing from show ptp lan port on changing native vlan configuration |
|
| Follow-up meessage stops transmitting from IE93xx |
|
| On IE9k switches, the Dying-Gasp SNMP trap is not sent over loopback interface after a reboot. |
|
| SFP status behaviour change from SNMP_ADMIN_NOT_PRESENT to SNMP_ADMIN_DOWN when Profinet disabl |
|
| IE-9310-26S2C: Express setup LED glows amber |
|
| Cisco IOS-XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability |
This section lists open issues in Cisco IOS-XE 26.1.x release.
Note: This software release may contain open bugs first identified in other releases. To see additional information, click the bug ID to access the Cisco Bug Search Tool.
IOS-XE 26.1.1
There are no open issues in Cisco IOS-XE 26.1.1 release.
This section lists known issues in Cisco IOS-XE 26.1.x release.
IOS-XE 26.1.1
There are no known issues in Cisco IOS-XE 26.1.1 release.
Refer to Cisco IOS-XE Migration Guide for IIoT Switches for the latest information about upgrading and downgrading switch software for Cisco Catalyst IE9300 Series Switches, release 26.1.x
SSH Algorithms for Common Criteria Certification Limitation
Starting from Cisco IOS-XE release 17.10, the following Key Exchange and MAC algorithms are removed from the default list:
● Key Exchange algorithm:
◦ diffie-hellman-group14-sha1
● MAC algorithms:
◦ hmac-sha1
◦ hmac-sha2-256
◦ hmac-sha2-512
Note: Use the ip ssh server algorithm kex command to configure the Key Exchange algorithm and the ip ssh server algorithm mac command to configure the MAC algorithms.
This section lists supported hardware information.
This table lists the supported Cisco Catalyst IE9300 Rugged Series Switches hardware models and the default license levels that they are delivered with.
| Model Number |
Default License Level |
Stacking Support |
Description |
| IE-9310-26S2C-A |
Network Advantage |
No |
· Total ports: 28 · SFP uplinks: 4x 1 Gb SFP · SFP downlinks: 22x 100M/1000M SFP, 2x 100M/1000M dual-media · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9310-26S2C-E |
Network Essentials |
No |
· Total ports: 28 · SFP uplinks: 4x 1 Gb SFP · SFP downlinks: 22x 100M/1000M SFP, 2x 100M/1000M dual-media · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9310-16P8S4X-E |
Network Essentials |
No |
· Total ports: 28 · PoE+ ports: 16 ports 10/100/1000M · SFP downlinks: 8 ports 100/1000M · SFP uplinks: 4 ports 1/10G · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9310-16P8S4X-A |
Network Advantage |
No |
· Total ports: 28 · PoE+ ports: 16 ports 10/100/1000M · SFP downlinks: 8 ports 100/1000M · SFP uplinks: 4 ports 1/10G · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-26S2C-A |
Network Advantage |
Yes |
· Total ports: 28 · SFP uplinks: 4x 1 Gb SFP · SFP downlinks: 22x 100M/1000M SFP, 2x 100M/1000M dual-media · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-26S2C-E |
Network Essentials |
Yes |
· Total ports: 28 · SFP uplinks: 4x 1 Gb SFP · SFP downlinks: 22x 100M/1000M SFP, 2x 100M/1000M dual-media · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-22S2C4X-A |
Network Advantage |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP+ · SFP downlinks: · 22x 1 Gb SFP, 2x 1-Gb Dual-media ports · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-22S2C4X-E |
Network Essentials |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP+ · SFP downlinks: · 22x 1 Gb SFP, 2x 1-Gb Dual-media ports · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-24T4X-A |
Network Advantage |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP+ · Copper downlinks: 24x 1 Gb RJ45 · Power supplies: Support for field-replaceable, redundant AC or DC power supplies. |
| IE-9320-24T4X-E |
Network Essentials |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP+ · Copper downlinks: 24x 1 Gb RJ45 · Power supplies: Support for field-replaceable, redundant AC or DC power supplies. |
| IE-9320-24P4X-A |
Network Advantage |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP+ · Copper downlinks: 24x 1 Gb RJ45 PoE+ · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-24P4X-E |
Network Essentials |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP+ · Copper downlinks: 24x 1 Gb RJ45 PoE+ · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-16P8U4X-A |
Network Advantage |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP · Copper downlinks: 16 ports 1 Gb RJ45 PoE+, 8 ports 2.5 Gb RJ45 4PPoE (90W/port) · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-16P8U4X-E |
Network Essentials |
Yes |
· Total ports: 28 · SFP uplinks: 4x 10 Gb SFP · Copper downlinks: 16 ports 1 Gb RJ45 PoE+, 8 ports 2.5 Gb RJ45 4PPoE (90W/port) · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-24P4S-A |
Network Advantage |
Yes |
· Total ports: 28 · SFP uplinks: 4x 1Gb SFP · Copper downlinks: 24 ports 1 Gb RJ45 PoE+ · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
| IE-9320-24P4S-E |
Network Essentials |
Yes |
· Total ports: 28 · SFP uplinks: 4x 1Gb SFP · Copper downlinks: 24 ports 1 Gb RJ45 PoE+ · Power supplies: Support for field-replaceable, redundant AC or DC power supplies |
Note: Documentation sometimes uses these terms:
● IE9310 GE Fiber switch when referring to both IE-9310-26S2C-A and IE-9310-26S2C-E switches
● IE9320 GE Fiber switch when referring to both IE-9320-26S2C-A and IE-9320-26S2C-E switches
● IE9320 Fiber switch with 10 GE uplinks when referring to both IE-9320-22S2C4X-A and IE-9320-22S2C4X-E switches
● IE9320 10 GE Copper Data switch when referring to both IE-9320-24T4X-A and IE-9320-24T4X-E switches
● IE9320 10 GE PoE switch when referring to both IE-9320-24P4X-A and IE-9320-24P4X-E
● IE9320 10 G mGig 4PPoE switch when referring to both IE-9320-16P8U4X-A and IE-9320-16P8U4X-E
● IE9320 GE PoE switch when referring to both IE-9320-24P4S-A and IE-9320-24P4S-E
● IE9310 GE mixed port when referring to 9310-16P8S4x
Network Essentials and Network Advantage licenses are available for Cisco Catalyst IE9300 Rugged Series Switch starting with release 17.10.1. The features available in the two licenses follow the IE9300 series, except for MACsec-256.
| Network advantage license |
Description |
| Security |
MACsec-256 |
| Routing |
Layer 3 routing support. |
Finding the software version
● The package files for Cisco IOS-XE software can be found on the system board's internal flash memory device (flash:) or an external USB, depending on the platform configuration.
● Use the show version privileged EXEC command to display the software version running on the switch and the model’s name that is displayed at the end reflects the factory configuration and does not change with software license upgrades.
● Use the dir filesystem: privileged EXEC command to view the names and versions of software image stored in flash memory.
Software images for Cisco IOS-XE 26.1.x
This table provides the filename for the Cisco IOS-XE 26.1.x release software image for Cisco Catalyst IE9300 Rugged Series Switches.
Table 3. Software packages for Cisco IOS-XE 26.1.x release
| Release |
Image type |
Filename |
Switch Models |
| Universal |
ie9k_iosxe.26.01.01.SPA.bin |
Cisco Catalyst IE9300 Rugged Series Switches |
To install and activate the specified file, and to commit changes to be persistent across reloads, enter the command: install add file filename [ activate commit]
This table lists the options for the install command for the Cisco Catalyst IE9300 Rugged Series Switches.
Table 4. Summary of software installation commands for install mode
| Option |
Description |
| abort |
Abort the current install operation. |
| activate |
Activate an installed package. |
| add |
Install a package file to the system. |
| auto-abort-timer |
Install auto-abort-timer. |
| autoupgrade |
Initiate software auto-upgrade on all incompatible switches. |
| commit |
Commit the changes to the load path. |
| deactivate |
Deactivate an install package. |
| label |
Add a label name to any installation point. |
| remove |
Remove installed packages. |
| rollback |
Rollback to a previous installation point. |
Table 5. Additional references for Cisco IOS-XE IE9300 Rugged Series Switches
| Document |
Description |
| Provides information about Cisco IOS-XE. |
|
| Provides information about Cisco Validated Designs. |
|
| Provides locating and downloading MIBs. |
|
| Provides timely and relevant information from Cisco. |
|
| Provides the business outcomes and technical support services needed to maximize the value of your Cisco technologies. |
|
| You can submit a service request here. |
|
| To discover and browse secure, validated enterprise-class apps, products, solutions, and services. |
|
| Provides general networking, training, and certification titles. |
|
| Provides warranty information for a specific product or product family. |
|
| You can ask and answer questions, share suggestions, and collaborate with your peers. |
|
| Provides most up-to-date, detailed troubleshooting information. Go to Product Support and select your product from the list or enter the name of your product. Look under Troubleshoot and Alerts, to find information for the problem that you are experiencing. |
|
| Provides platform support details and license level information for features. |
|
| Documentation Feedback |
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document. |
| Provides information about the licensing packages for features. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2026 Cisco Systems, Inc. All rights reserved.