Re: Cisco 3850 Upgrade

Old Roo 2 · ‎09-19-2022

Hi All

I am about to upgrade a 3850 switch stack from 03.02.03.SE to 16.12.07. I know from release notes below on earlier version of 16.X you were required to regenerate the key pairs before the upgrade. However in the latest release notes, i noticed this requirement has been removed.

Release noted early 16.x: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/release_notes/ol-16-3-3850.html#pgfId-1430489

Release notes latest: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-12/release_notes/ol-16-12-3850.html#task_k3s_tgq_k3b

As i dont have a spare 3850 sitting around, can someone confirm if it is or isnt required still?

Leo Laohoo · ‎09-19-2022

Cisco 3850: IOS-XE/Firmware Upgrade

Old Roo 2 · ‎09-20-2022

thanks for the information however it doesnt address my question.

This is stated in the early 16.X documentatin:

flash.

Note

When you upgrade to Cisco IOS XE Denali 16.3.5 the SSH access is lost, because it cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the server key using the crypto key generate rsa command in global configuration mode.
To verify whether the RSA server key is available on your device, run the show crypto key command.

however it is not listed in the 16.12.07 document.

I am trying to find out if this is an oversight by cisco for the newer software or we dont need to regenerate the keys like in earlier versions of 16.x

Leo Laohoo · ‎09-20-2022

No need.

Ramamoorthy Shanmugam · ‎11-23-2022

Dear All,

We are planning to upgrade Cisco 3850 Switch(WS-C3850-24T) IOS from 03.02.03.SE to 16.3.1. Please confirm whether this is a direct upgrade or do we need an in-line upgrade.

Please share your advice.

Regards,
Ram.S

Leo Laohoo · ‎11-23-2022

Upgrade to the latest 3.6.X or 3.7.X but never cross over to 16.X.X.

andrew.butterworth · ‎11-24-2022

Why? I have many customers with 3650/3850 on 16.x code without issues. Latest 16.12.8 has just gone 'Gold Star'.

Leo Laohoo · ‎11-24-2022

@andrew.butterworth wrote:
Why? I have many customers with 3650/3850 on 16.x code without issues. Latest 16.12.8 has just gone 'Gold Star'.

Because IOS-XE leaks like a sieve.

3850 (4 x switches), Firmware version: 16.12.4, Uptime: 1y43w4d

Old Roo 2 · ‎09-08-2023

after speaking with cisco.

I upgraded to the lastest version of 3, then to 16.12.7. After each step i regenerated the SSH keys as advised. There is a check you can do to see if you have the required keys, however i just did it each step of the way as safe option.

on one of the older 3850 i had to an emergency recover to the latest version. The process works well, so i would read up about that as well.