Re: IOS Update Rights Without Contract

gnerstil · ‎11-01-2017

Hello,

I have been looking into updating the firmware on some of our Cisco Catalyst switches (specifically, 2960s's, 3560x's, and 3750x's), and found the following document: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/bulletin-c25-739392.html

Despite the link title, the link actually leads to the "2017 Cisco Catalyst IOS Software Update Program for Catalyst 2000, 3000, and 4000 Series Switches Product Bulletin" document. According to this document, it looks like there are some conditions in which you can update the IOS software, even without a support/SMARTnet contract.

One of the bullet points I am curious about is the following:

"Free Major Releases on Cisco Catalyst 2000, 3000, and 4000 Series Switches if the customer is moving from one release to another within the same license level (e.g., moving from the 12.x release to the 15.x release within the IP Base license) and:"

- "If the customer purchased an IP Lite or IP Base license, whether or not they have purchased an SNTC or SF service contract."

So does this mean I am able to, for instance, update my Catalyst 3750x from 12.2(55)SE1 up to 15.0.2-SE11, even though this device is not on contract?

This also however leads me to some confusion, as the statement above that states the following:

Free Updates on Cisco Catalyst 2000, 3000, and 4000 Series Switches:

◦ For critical bugs to maintain the compliance of the Software with published specifications, release notes, and industrywide compliance as long as the original customer continues to own or use the product, or up to 1 year from the end-of-sale date for this product, whichever occurs earlier.

◦ For vulnerability and security bugs as long as the original customer continues to own or use the product, or up to 3 years from the end-of-sale date for this product, whichever occurs earlier.

This sounds to me that I am allowed to update to any 15.x version from 12.x version forever (which sounds odd to me), but I am only allowed up to 1 year after EOS for updates that include bugs, and up to 3 years after EOS for security fixes? Also, what determines if a release is a bug fix or security fix? Don't most updates normally include both?

Sorry for the long post, but I just want to clarify some of this info, as we like to stay compliant with our device licenses and software update rights.

Thanks,

Sterling

chase.cameron · ‎02-12-2018

I'm really surprised that no one from Cisco has answered this given its importance.

We are trying to figure out the exact same thing. Did you ever learn the approved process? We also want to remain compliant.

gnerstil · ‎02-12-2018

I eventually emailed tac@cisco.com and asked about it. I informed them that there were multiple vulnerabilities affecting my devices, and gave them some examples from the security advisory page. I am not sure if it made a difference, but I informed them we needed these for PCI compliance as well. They confirmed which IOS versions I would be allowed to download for each product, which were all from within the last 6 months. I was even surprised they allowed me to update our 3560G's, as from the looks of it, they are not even in the lifetime warranty period any longer.

Hopefully they will be willing to help you out as well!

chase.cameron · ‎02-13-2018

Thank you very much for the assistance. It's very odd to me that Cisco doesn't make their upgrade policy more clear & accessible given its importance. It seems that as long as you have a Cisco account, switch software is always available for download for just about any series/model. ASA software seems to be locked a bit tighter. Thanks again!