Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
5
Helpful
1
Replies

Recommended IOS for 2960X

schwarzenbachcyb
Level 1
Level 1

‎04-13-2017 04:36 AM - edited ‎03-08-2019 10:11 AM

I have some 2960X switches (lanbase) running with a 15.0.2-EX IOS version and like to upgrade to a 15.2E version.

In the cisco download tool, the 15.2.2E6 is currently the suggested version. But there are also MD releases with a higher version, like 15.2.4E3 for example.

I don't need any feature that is only available in a higher version then 15.2.2E6, but maybe the 15.2.4 is longer supported then 15.2.2?

My two quests are:

  • Is it known, how long 15.2.2, 15.2.3, 15.2.4 etc. will be supported by cisco? If 15.2.4 is significant longer supported then 15.2.2, then I will prefer 15.2.4
  • When stability is the most important point, is then 15.2.2 better then 15.2.4? If not, why is 15.2.2 currently the suggested version?
Labels:
0 Helpful
1 Reply 1

Mark Malone
VIP Alumni
VIP Alumni

‎04-13-2017 04:46 AM

The best thing to do here is scan the ios versions yourself , you can use Prime to check the current vulnerabilities from the Cisco side and also use McAfee to check against open bugs and anything it can see during the scan

the images only stay as the star or safe harbour version for as long as there are no mass amount of identified bugs or severely critical bugs

example , running 153-3.M5.bin on 800 series last year tested completely clean and was advisable to use this , we scanned it again globally the other day and now Cisco and McAfee are saying don't use it so we tested 154-3.M7.bin and now that's completely clean for now :)

1 You wont get a timeframe as it depends on so many factors, I have seen images online there for a month and then removed as something serious was found and Cisco remove it so no one else gets hit by it

2 you should check each release yourself online and the open caveats for it against the release notes for that version what's being triggered an see if your configuration itself is vulnerable to the same issues they provide  , these are only guidelines by Cisco to say currently they have been tested and we don't see any major problems , there far from full proof , everything that's released has bugs and always will , it depends what bugs is in the open caveat section to compare to what might effect you , the more they find as the image moves on the less viable it becomes until either its removed from star status or put into deferred state

saying that you are usually better off using a MD release as its a main deployment version , so personally i would go for that if your not going to go through all the release notes or scan it

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card