Not a user yet?
Log in Register for free Suggest a product
Update

Security – Resilient Infrastructure

Catalyst IE3400Catalyst IE3400
Cisco

Release Notes for Cisco Catalyst IE3x00, IE3400 Heavy Duty, and ESS3300 Series Switches, Release 26.1.x

IOS-XE 26.1.1
New software features in release 26.1.1

Feature: Security – Resilient Infrastructure
As part of the ongoing commitment to network security, this release introduces secure alternatives to legacy commands. These updates are designed to reduce potential risks and establish a stronger, more secure operational baseline.

The identified insecure commands are categorized as follows:

  • Line transport: Updates to secure remote access methods
  • Device server configuration: Hardening of server-side settings
  • File transfer protocols: Transition to encrypted transfer methods
  • SNMP: Enhancements to secure management traffic
  • Passwords: Strengthening authentication and credential management
  • Miscellaneous: General security improvements across system functions

The command “show system insecure configuration” (introduced in Cisco IOS XE 17.18.2) lists all insecure commands configured on the device. During boot or upgrade, any detected insecure configurations will generate error messages.

In Cisco IOS XE 26.1.1, all insecure CLI commands are blocked by default to strengthen network security. If a legacy command is required, administrators must enable “system mode insecure” in global configuration mode.

Recommendations:

  • Avoid using insecure mode. It is temporary and will be removed in a future release.
  • Replace all insecure commands with secure alternatives.

Upgrade behavior:
If upgrading to Cisco IOS XE 26.1.1 with insecure commands already in the running configuration, the system automatically adds the “system mode insecure” command to prevent service disruption.

For more information, refer to: Resilient Infrastructure IOS XE Security Warnings Reference

Feature: Upgrade – PROFINET System Redundancy

This feature enables Cisco Industrial Ethernet (IE) switches to interoperate with existing high-availability systems by supporting PROFINET S2 controller redundancy mode. It helps minimize downtime and operational issues in the event of network or controller failures.

Feature: Software Reliability – Read-only PROFINET
This feature enhances device security and network stability by setting Discovery and Configuration Protocol (DCP) operations to read-only mode.

It provides the following benefits:

  • Protects IP address, gateway, and device name from unauthorized changes
  • Prevents unexpected connectivity loss by securing critical network settings
  • Maintains compatibility with LLDP, SNMP, and CDP
  • Enables basic device identification and network discovery

Feature: Ease of Use – Industrial Asset Discovery Completion
The Industrial Asset Auto-Discovery feature automatically identifies and catalogs directly connected industrial devices without impacting network performance.

Key capabilities:

  • Automatically discovers connected industrial assets
  • Exports inventory data to a syslog server in JSON format
  • Improves asset tracking and security enforcement
  • Helps detect unauthorized or unknown hardware on the network

New hardware features

  • This section provides a brief description of the new hardware features introduced in this release.

IOS-XE 26.1.1

  • There are no new hardware features introduced in this release.

IOS-XE 26.1.1
Resolved issues in release 26.1.1

  • CSCwo96008: PTP not processed/forwarded on ESS3300 running 17.12.04
  • CSCwp24973: Support for SFP 10G-SR-S in Profinet Module
  • CSCwq73986: connectivity issue between ccv-sensor-app and default gateway
  • CSCwr62046: ICMPv6 packets are duplicated when device tracking is enabled on the interface
  • CSCwr81607: IE3400 SNMP Multicast Counters not working - ifOutMulticastPkts
  • CSCwr90222: IE3400:Padding is not working correctly with vlan tag when PRP is enabled
  • CSCws17503: Broadcast traffic is leaking over a routed port
  • CSCwt13348: switchport block multicast not working after switch reload or shut/no shut on interface
  • CSCwp05951: IE3400 increments input/CRC/L2nat discards/Ethernet-controller stats unexpectedly with L2nat config.
  • CSCwp38345: DHCP snooping dropping DHCP discover message for non CDP devices
  • CSCwp38501: IE-3300-8T2S-E switch not forwarding STCN packet intermittently
  • CSCwp84508: Device with IPv6 ACL applied on 13 or more interfaces crashes on reload
  • CSCwq21589: IE3400H: FTP fails between port G1/1 and G1/2 with L2NAT
  • CSCwq80434: With "reload" command, switchports stay up for an extended time after the switch stops forwarding traffic.
  • CSCwr05475: IE3400 - 17.12.3 - Memory Leak observed in SNMP ENGINE
  • CSCwr42830: IE3300 - MKA session fails to come up after upgrade or power cycle
  • CSCws18543: Rate limit is failing when there is L2 Loop
  • CSCws31153: Hardening of IP Default Gateway removal

IOS-XE 26.1.1
Open issues in release 26.1.1

  • CSCwt38298: IE3200 Memory Leak in Pool Manager and Possible Crashes
  • CSCwt65703: IOS image corrupted on sdflash
  • CSCwt68784: [ESS-3300]: RADIUS packets routed via Mgmt-vrf when "ip vrf forwarding" and "source-interface" is configured in the server group
More updatesTo the product
The manufacturer Cisco has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Cisco updates

More from the Connectivity Hardware section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad