I am about to upgrade a 3850 switch stack from 03.02.03.SE to 16.12.07. I know from release notes below on earlier version of 16.X you were required to regenerate the key pairs before the upgrade. However in the latest release notes, i noticed this requirement has been removed.
As i dont have a spare 3850 sitting around, can someone confirm if it is or isnt required still?
thanks for the information however it doesnt address my question.
This is stated in the early 16.X documentatin:
When you upgrade to Cisco IOS XE Denali 16.3.5 the SSH access is lost, because it cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the server key using the crypto key generate rsa command in global configuration mode.
To verify whether the RSA server key is available on your device, run the show crypto key command.
however it is not listed in the 16.12.07 document.
I am trying to find out if this is an oversight by cisco for the newer software or we dont need to regenerate the keys like in earlier versions of 16.x
We are planning to upgrade Cisco 3850 Switch(WS-C3850-24T) IOS from 03.02.03.SE to 16.3.1. Please confirm whether this is a direct upgrade or do we need an in-line upgrade.
Please share your advice.
after speaking with cisco.
I upgraded to the lastest version of 3, then to 16.12.7. After each step i regenerated the SSH keys as advised. There is a check you can do to see if you have the required keys, however i just did it each step of the way as safe option.
on one of the older 3850 i had to an emergency recover to the latest version. The process works well, so i would read up about that as well.