Dear Cisco Customer,
Cisco engineering has identified at least one serious software issue with the release which you have selected that may affect your use of these software. Please review the Software Advisory notice below to determine if the issue(s) apply to your network. You may proceed to download this software if you have no concerns with the issue(s) described.

For more comprehensive information about what is included in this software, please refer to the Cisco software Release Notes, available from the Product Selector tool. From this page, select the product you are interested in. Release Notes are under General Information on the product page.

Table Of Affected Software And Replacement Solution

OS Type	Software Affected		Software Solution
OS Type	Version(s)	Software(s)	Version	Software(s)	Availability (mm/dd/yyyy)
IOSXE	16.12.1 16.12.1a	cat9k_iosxe.16.12.01.SPA.bin cat9k_iosxe_npe.16.12.01.SPA.bin cat9k_lite_iosxe.16.12.01.SPA.bin cat9k_lite_iosxe_npe.16.12.01.SPA.bin	16.12.2	cat9k_iosxe.16.12.02.SPA.bin cat9k_iosxe_npe.16.12.02.SPA.bin cat9k_lite_iosxe.16.12.02.SPA.bin cat9k_lite_iosxe_npe.16.12.02.SPA.bin	11-22-2019

List of Affected Platform(s) for above software:

Reason for Software Advisory:
DDTS No(s):
CSCvq17759
Headline: DACL not properly enforced when pre auth acl present for some phone
CSCvq40137
Headline: Mac address not being learnt when "auth port-control auto" command is present
CSCvq43450
Headline: C9400 Sup uplinks with netflow configuration stopped forwarding traffic after switchover
CSCvq56135
Headline: C9200 stack member switches reset with reset reason as stack merge
CSCvq72492
Headline: Cat9k VLAN configuration results in config lock held too long
CSCvq76473
Headline: Cat9500 running 16.11.1 crashed when running "show interface flowcontrol"
CSCvq77496
Headline: C9200 interface comes up in half-duplex mode even if interface is forced to "duplex full"
CSCvq94294
Headline: Multicast memory leak seen when we have a scale setup
CSCvr43959
Headline: C9400 ISSU to 16.9.4 or 16.12.1c With Port Security Enabled Causes Traffic Loss
CSCvr59231
Headline: Cat9400- PNP fails with Dual Supervisor with non default startup vlan

Maintenance DDTS[These are defects that did not cause this advisory, however fixes are included in the solution]:
CSCvp61639
Headline: CAT9K:%CTS-2-AUTHZ_POLICY_SGACL_ACE_FAILED: Failed to download ACEs for SGACL TCPSGACL101 for SGT164
CSCvp85601
Headline: STP TCN is generated on etherchannel port during a switchover in a 3850 stack
CSCvq19871
Headline: RX traffic get stuck on of interface phy ASIC
CSCvq35631
Headline: 9300 crashed due to HTTP Core
CSCvq55973
Headline: C9600 - All Line cards shut down due to insufficient power and recover back in few mins
CSCvq56114
Headline: Cat3k crash in IGMP code due to invalid source count in DNS lookup
CSCvq82952
Headline: input error of uplink ports are increasing slowly even if disconnecting cable and SFP.
CSCvq86372
Headline: Standby switch crashed on collecting temperature sensor information in obfl
CSCvq93745
Headline: C9400 - Unable to edit FNF commands after pull out a LC
CSCvq93773
Headline: C9600/9400/9500H/9300 etc crashes due to CMCC heartbeat failures
CSCvr07162
Headline: system crash on execute "fed TCAM utilization"
CSCvr30559
Headline: Switch may experience a kernel panic due to invalid skb
CSCvr48249
Headline: High memory utilization under fman_fp_image

Disclaimer:

This Software Advisory announces the introduction of replacement image that increases network performance. Cisco will discontinue manufacturing shipments of the affected images. Cisco recommends that you upgrade to the replacement image, should there be any need to replace the affected images. Any pending or future orders will be automatically substituted by the replacement software images.

The terms and conditions that governed your rights and obligations and those of Cisco, with respect to the original image will apply to the replacement image.