Skip to main content

 

Cisco Meraki Documentation

Cloud-Native IOS XE Overview

This article provides an overview of the new cloud-native IOS XE and what are the impacts and highlights of the transition to the new architecture for cloud-managed switches. Learn more about the supported models and behavioral changes for the Meraki management interface.

Introduction

The release of IOS XE 17.15.1 to the Meraki Dashboard marks the transition from a container-based architecture to one that is based on native IOS XE, with support for Meraki cloud management.

Impact

  • The native IOS XE based architecture unlocks many benefits for your cloud-managed Cisco Catalyst switches, including the 9300-M, 9300X-M, and MS390 families. This includes faster boot and initialization performance, especially for stacks, and the start of a new generation of capabilities we will deliver with faster speed.
  • It introduces the ability to perform CLI show commands directly from Meraki dashboard.
  • With this first beta release, your switch(es) will upgrade and transition from CS firmware to cloud-native IOS XE 17.15.1, managed by Meraki Cloud.
  • The existing cloud-managed Catalyst switches should be running CS16 or CS17 firmware before initiating this upgrade.
  • With customer approval, support access via SSH can be permitted over the secured crypto TLS tunnel used by devices to connect to the Meraki Dashboard.

New Feature Highlights

  • Introducing cloud-native IOS XE.
  • Faster boot time for your Cisco Catalyst cloud-managed switches, especially for stacks.
  • CLI access in Meraki dashboard to run show commands for troubleshooting.
  • Support for Intelligent Capture.
  • Support for C9200L hardware platform. (See Supported Models section)
  • Enhanced logging capabilities with native Catalyst logging support.

Supported Models

NOTE: ATTEMPTING TO MIGRATE UNSUPPORTED MODELS SUCH AS C9200CX MAY RESULT IN A UNUSABLE SWITCH, AND MAY VOID THE DEVICE WARRANTY. PLEASE REVIEW THE LIST OF SUPPORTED MODELS BEFORE PROCEEDING WITH THE UPGRADE.

Family  Models

Catalyst 9200L
(Migration only)

C9200L-24T-4X , C9200L-24P-4X, C9200L-48T-4X , C9200L-48P-4X , C9200L-48PL-4X , C9200L-24PXG-4X , C9200L-48PXG-4X , C9200L-24PXG-2Y , C9200L-48PXG-2Y , C9200L-24T-4G , C9200L-24P-4G , C9200L-48T-4G , C9200L-48P-4G , C9200L-48 PL-4G

Catalyst 9300-M

C9300-24T-M, C9300-24P-M, C9300-24U-M , C9300-24UX-M , C9300-48T-M , C9300-48P-M , C9300-48U-M , C9300-48UXM-M , C9300-48UN-M , C9300-24S-M, C9300-48S-M , C9300X-12Y-M, C9300X-24Y-M, C9300X-48HXN-M, C9300X-24HX-M, C9300X-48HX-M, C9300X-48TX-M, and its corresponding Catalyst switch SKUs for migration.

MS390

MS390-24-HW, MS390-24P-HW, MS390-24U-HW, MS390-24UX-HW, MS390-48-HW, MS390-48P-HW, MS390-48U-HW, MS390-48UX-HW, MS390-48UX2-HW

Behavioral Changes

Layer 3 SVI Behavior

Prior to cloud-native IOS XE, Layer3 Meraki switches required at least two IP addresses, one for the management IP and a second for the Layer3 Switch Virtual Interface (SVI). You cannot route traffic through the management-IP, it essentially worked as an out-of-band management interface. In cloud-native IOS XE, the Meraki management interface is now combined with a Layer 3 uplink SVI, using one single IP address, rather than two.

To use Layer3 SVI's with cloud-native IOS XE, the following requirements/conditions apply:

  • The management/uplink SVI must be configured for a static IP address. It's highly recommended to configure your management interface to use a static IP address prior to upgrading.
  • If you upgrade from Container-based (CS) firmware to Cloud-Native IOS-XE be aware of the following:
    • If you have the management interface on the same VLAN as a configured L3 SVI, the SVI IP address will override the management interface address, and the management interface IP address will be erased. This is done to attempt to preserve L3 routability in the network, but may result in the loss of management traffic such as SNMP or RADIUS when the management IP address changes. For example:
      • Management interface has a static IP of 10.10.10.100 on vlan 10
      • There is also an SVI on VLAN 10 configured for 10.10.10.200.
      • After the upgrade, the switch will use 10.10.10.200.
    • If you have the management interface on a unique VLAN with no overlapping SVI, then the management interface will become a new uplink SVI.
    • If your management IP is configured for DHCP, you be required to assign a static IP address to the uplink SVI before other L3 SVIs can be created. Static addressing is considered a Cisco best practice for Layer 3 switch deployments.


 

Spanning Tree Changes

Spanning-Tree Protocol (STP) behaves differently in cloud-native IOS XE 17.15.1.

  • CS17 and cloud-native IOS XE 17.15.1 exhibit different behaviors in their handling of Spanning Tree Protocol (STP).
  • Cloud-native IOS XE runs Multiple Spanning Tree Protocol (MSTP) with PVST simulation enabled and changes the MSTP region identifier to the switch's MAC ID. 

spanning tree mode

  • For spanning-tree root bridges, MSTP is preferred and remains compatible with Rapid-PVST+ as long as VLAN 1 is allowed on the trunk. If VLAN 1 is not configured on the uplink, the downstream Cloud-Native IOS XE/MSTP switch will become the root for all VLANs.

LED Behavior

The system LED on the switch indicates the system status, including the progress of booting and connecting to the Meraki dashboard without logging in into the system or Dashboard. The MS390 switch has a rainbow system LED to indicate the system state. This rainbow LED is not available on Catalyst 9000 hardware. Blue Beacon LED button and the System LED are instead used on Catalyst 9000 hardware to indicate the system status.

  • Cloud Native IOS XE firmware continues to use the rainbow LED in the MS390 and Blue Beacon and system LEDs in Catalyst 9000 to provide system status.
    • For the LED behaviour of cloud-managed Catalyst 9000 switches please refer to the table in our documentation on MS390 Series Installation Guide. It stays same in the cloud-native IOS XE firmware.

    • For the LED behaviour of MS390 please refer to our documentation on MS390 Series Installation Guide.However, cloud-native IOS XE with MS390 adds two additional stages (taken from Catalyst 9000), described below:

MS390 Stage

Rainbow LED

Comments

System error: Switch failed to complete local provisioning

Solid Amber

New LED Scheme

There is a fault with the power supply, fan, or network module (not traffic-related)

Alternatively blinking Amber and White

New LED Scheme

Upgrade Paths to Cloud-Native IOS XE

Product How to move to cloud-native IOS XE Process Documentation

C9300-M/MS390 (Cloud-Managed Catalyst)

Firmware Upgrade for Cloud-Managed Catalyst Switching (CS16/17 to Cloud Native IOS XE) via Meraki Dashboard

Upgrade Steps for Cloud-managed Catalyst Switches

C9300 and C9200L (DNA-managed Catalyst)

Switch Migration from DNA Management Mode to Meraki Management Mode via CLI

Migration from CLI-managed Catalyst Switches to Meraki-managed Mode

Temporary Feature Gaps

We are actively working to bridge the feature gap between CS/MS17 and IOS XE 17.15.1. Till then, the following features are not available in cloud-native IOS XE but will be addressed in subsequent releases.

  • SmartPorts 
  • MAC Blocklist / Allowlist
  • Digital Optical Monitoring
  • RSPAN / VLAN SPAN
  • IPv6 RA Guard / DHCP Guard
  • WarmSpare / VRRP
  • FIPS / Gov Cloud
  • HTTP Proxy for NextTunnel
  • Storm control
  • SNMP v3 
  • Sticky MAC 
  • Encrypted Traffic Analytics (ETA)
  • Dynamic ARP Inspection (DAI) Auto-Uplink

We value your feedback on our latest release! Please take a moment to complete this brief 5-minute survey and share your experience with us.

 

  • Was this article helpful?