ā09-19-2022 11:31 AM
Hi All
I am about to upgrade a 3850 switch stack from 03.02.03.SE to 16.12.07. I know from release notes below on earlier version of 16.X you were required to regenerate the key pairs before the upgrade. However in the latest release notes, i noticed this requirement has been removed.
Release noted early 16.x: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/release_notes/ol-16-3-3850.html#pgfId-1430489
Release notes latest: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-12/release_notes/ol-16-12-3850.html#task_k3s_tgq_k3b
As i dont have a spare 3850 sitting around, can someone confirm if it is or isnt required still?
ā09-19-2022 03:40 PM
ā09-20-2022 06:38 AM
thanks for the information however it doesnt address my question.
This is stated in the early 16.X documentatin:
flash.
Note
When you upgrade to Cisco IOS XE Denali 16.3.5 the SSH access is lost, because it cannot use the CISCO_IDEVID_SUDI_LEGACY RSA server key. Before upgrade, generate the server key using the crypto key generate rsa command in global configuration mode.
To verify whether the RSA server key is available on your device, run the show crypto key command.
however it is not listed in the 16.12.07 document.
I am trying to find out if this is an oversight by cisco for the newer software or we dont need to regenerate the keys like in earlier versions of 16.x
ā09-20-2022 02:43 PM
No need.
ā11-23-2022 12:37 PM
Dear All,
We are planning to upgrade Cisco 3850 Switch(WS-C3850-24T) IOS from 03.02.03.SE to 16.3.1. Please confirm whether this is a direct upgrade or do we need an in-line upgrade.
Please share your advice.
ā11-23-2022 09:23 PM
Upgrade to the latest 3.6.X or 3.7.X but never cross over to 16.X.X.
ā11-24-2022 02:45 AM
Why? I have many customers with 3650/3850 on 16.x code without issues. Latest 16.12.8 has just gone 'Gold Star'.
ā11-24-2022 05:29 AM
@andrew.butterworth wrote:
Why? I have many customers with 3650/3850 on 16.x code without issues. Latest 16.12.8 has just gone 'Gold Star'.
Because IOS-XE leaks like a sieve.
ā09-08-2023 08:07 AM
after speaking with cisco.
I upgraded to the lastest version of 3, then to 16.12.7. After each step i regenerated the SSH keys as advised. There is a check you can do to see if you have the required keys, however i just did it each step of the way as safe option.
on one of the older 3850 i had to an emergency recover to the latest version. The process works well, so i would read up about that as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide