/mcpData sheet Cisco public © 2025 Cisco and/or its affiliates. All rights reserved. Platform benefits Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various automation mechanisms are outlined below. • Automated device provisioning is the ability to automate the process of upgrading software images and installing configuration files on Cisco Catalyst switches when they are being deployed in the network for the first time. Cisco provides both turnkey solutions such as PnP and off-the-shelf tools such as zero-touch provisioning (ZTP) and Preboot Execution Environment (PXE) that enable an effortless and automated deployment. • API-driven configuration is available with modern network switches such as the Cisco Catalyst 9300 Series. It supports a wide range of automation features and provides robust open APIs over NETCONF, RESTCONF, and GNMI using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources. • Granular visibility enables model-driven telemetry to stream data from a switch to a destination. The data to be streamed is identified through subscription to a data set in a YANG model. The subscribed data set is streamed to the destination at specified intervals. Additionally, Cisco IOS XE enables the push model. It provides near- real-time monitoring of the network, leading to quick detection and rectification of failures. • Seamless software upgrades and patching supports OS resilience. Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support lets you add patches without having to wait for the next maintenance release. Security • Encrypted Traffic Analytics (ETA) is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is becoming encrypted, the visibility this feature affords for threat detection is critical for keeping your network secure at different layers. • AES-256 MACsec encryption is the IEEE 802.1AE standard for authenticating and encrypting packets between switches. The Cisco Catalyst 9300 Series Switches support 256-bit and 128-bit AES, providing the most secure link encryption. • IPsec encryption delivers secure end-to-end encrypted traffic between sites and connectivity to the Cloud. Catalyst 9300X models support line-rate IPsec up to 100 Gbps, delivering uncompromised secure connectivity. • Trustworthy solutions built with Cisco Trust Anchor technology provide a highly secure foundation for Cisco products. With the Catalyst 9300 Series, this technology enables hardware and software authenticity assurance for supply chain trust and strong mitigation against man-in-the-middle attacks that compromise software and firmware. Trust Anchor capabilities include: - Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software are authentic and unmodified. As the system boots, the system’s software signatures are checked for integrity.