Solved: Re: C3850 software upgrade from 03.06.06E to latest version

burak-isiksoy · ‎04-07-2018

Hi fellow network ninjas,

We have c3850 (WS-C3850-24-T) running with ip services license and version 03.06.06E (Version 03.06.06E RELEASE SOFTWARE (fc1)) when we checked the software we noticed that software version effected with vstack vulnerability and we want to upgrade to latest stable version afterI have checked the Cisco IOS software checker for version 3.6.8E it doesnt seems to be effected with this vulnerability.

Is there anyone gone through the same issue. I want to learn your experiences and any heads up before upgrading.

Also saw the notice for upgrades from prior to 3.6.3. Am I clear to go with 3.6.6E

Note: Software defect CSCuw82216may result in switch inoperability due to flash memory corruption when upgrading from a pre-3.6.3 or pre-3.7.2 software release to 3.6.3/3.7.2 in install mode. This issue is resolved in 3.6.4 or 3.7.3 or later software therefore the issue is not seen when upgrading to these software versions. As a result of this software defect, bundle mode is recommended for upgrades involving the effected software versions

thanks in advance

Leo Laohoo · ‎04-07-2018

The Cisco Security Advisory Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability & Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability are more updated as compared to the Bug ID.

The Smart Install function is enabled by default but can be disabled by using the command "no vstack". Since Smart Install is found in all versions of IOS-XE there's no "escaping" a version which doesn't have this feature.

Next, in regards to software version selection. I agree with Reza, unless you have urgent operational requirement(s) to go 16.X, for stability purposes, staying with 3.6.X or 3.7.X is better.

With that said, read the Release Notes because it will spell whether your stack or network is stable or not.

View solution in original post

Reza Sharifi · ‎04-07-2018

Hi,

The suggested version of Cisco's site is:

cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin

Unless you want to go with Denali and the recommended version is:

cat3k_caa-universalk9.16.03.05b.SPA.bin

That said, before you upgrade to any version, read the release notes carefully.

HTH

Leo Laohoo · ‎04-07-2018

The Cisco Security Advisory Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability & Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability are more updated as compared to the Bug ID.

The Smart Install function is enabled by default but can be disabled by using the command "no vstack". Since Smart Install is found in all versions of IOS-XE there's no "escaping" a version which doesn't have this feature.

Next, in regards to software version selection. I agree with Reza, unless you have urgent operational requirement(s) to go 16.X, for stability purposes, staying with 3.6.X or 3.7.X is better.

With that said, read the Release Notes because it will spell whether your stack or network is stable or not.

burak-isiksoy · ‎04-08-2018

hi,

thanks for the recommendations, is it possible to upgrade directly from version 3.6.6 to 16.X.
I am also not familiar with the licensing modeling of 16.X.

Leo Laohoo · ‎04-08-2018

You can go direct from 3.X to 16.X.