Showing results for 
Search instead for 
Did you mean: 

Cisco 3850 Upgrade

Old Roo 2

Hi All

I am about to upgrade a 3850 switch stack from 03.02.03.SE to 16.12.07. I know from release notes below on earlier version of 16.X you were required to regenerate the key pairs before the upgrade. However in the latest release notes, i noticed this requirement has been removed.

Release noted early 16.x:

Release notes latest:

As i dont have a spare 3850 sitting around, can someone confirm if it is  or isnt required still?


8 Replies 8

Leo Laohoo
Hall of Fame
Hall of Fame

thanks for the information however it doesnt address my question.

This is stated in the early 16.X documentatin:







 When you upgrade to Cisco IOS XE Denali 16.3.5 the SSH access is lost, because it cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the server key using the crypto key generate rsa command in global configuration mode.
To verify whether the RSA server key is available on your device, run the show crypto key command.

however it is not listed in the 16.12.07 document.

I am trying to find out if this is an oversight by cisco for the newer software or  we dont need to regenerate the keys like in earlier versions of 16.x



No need.

Ramamoorthy Shanmugam
Rising star
Rising star

Dear All,

We are planning to upgrade Cisco 3850 Switch(WS-C3850-24T) IOS from 03.02.03.SE to 16.3.1. Please confirm whether this is a direct upgrade or do we need an in-line upgrade.

Please share your advice.


Upgrade to the latest 3.6.X or 3.7.X but never cross over to 16.X.X.

Why?  I have many customers with 3650/3850 on 16.x code without issues.  Latest 16.12.8 has just gone 'Gold Star'.


@andrew.butterworth wrote:
Why?  I have many customers with 3650/3850 on 16.x code without issues.  Latest 16.12.8 has just gone 'Gold Star'.

Because IOS-XE leaks like a sieve. 

3850 (4 x switches), Firmware version:  16.12.4, Uptime:  1y43w4d3850 (4 x switches), Firmware version: 16.12.4, Uptime: 1y43w4d

Old Roo 2

after speaking with cisco.

I upgraded to the lastest version of 3, then to 16.12.7. After each step i regenerated the SSH keys as advised. There is a check you can do to see if you have the required keys, however i just did it each step of the way as safe option.

on one of the older 3850 i had to an emergency recover to the latest version. The process works well, so i would read up about that as well.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: