Cisco appliances patch management automation

Sevim · ‎11-24-2022

Hi everyone!

I was wondering if anyone can help us with the below.

We have several Cisco switches, APs and a Wireless Controller and we would like to kow if there is a way to automate the patching process. I have found this link here https://community.cisco.com/t5/switching/patch-management-software/td-p/2946038 but I am unable to see if this covers my needs (we also have Prime).

Basically, we have a company security policy that requires all software to be patched whithin 14 days of patch release.

Currently, we need to manually search or rely on threat intel advisory notifications to be aware of any missing patch and apply it.

We would appreciate it some one could point us in the right direction.

Thanks!

Sevim

Leo Laohoo · ‎11-24-2022

How many WLC do you have?

Sevim · ‎11-25-2022

We have two WLC.

Leo Laohoo · ‎11-25-2022

I have eight WLC and I have never, ever, used any "automation" to patching.

I also perform firmware upgrades to >800 stacks of switches and router. And I never use DNAC or PI to do them either.

Marvin Rhoads · ‎11-28-2022

You can subscribe to Cisco security advisories and software release updates on the respective pages for them. That will give you timely notification (you can choose as often as daily updates).

For patching, I have had some customers with good experience using DNA-C but it is a very expensive and complicated product that represents so much more than patching.

Most customers tend to take the path mentioned by @Leo Laohoo - that is, to do upgrades after careful testing and then roll out manually. Unless of course you are a hyperscaler or very big organization with the resources to run a network as code sort of CI-CD pipeline with an orchestration overlay.

Sevim · ‎11-30-2022

Thanks both for you answers.