Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1702
Views
1
Helpful
12
Replies

Upgrade Catalyst 9800

Go to solution
Maurice Ball
Level 3
Level 3

‎03-23-2024 06:21 AM

Could someone please help me out with this? Cisco wrote this so confusing I need some validation. I am planning on upgrading my Catalyst 9800-L to the recommended code version 17.9.4a. When I look at the APSP release notes it states that I need to install the SMU as well as the APSP. I see the install files for the APSP for the code version 17.9.4a installation but when I check for the SMU package. I only see a SMU package for 17.9.4. Do I need to install the SMU for 17.9.4 also or only the APSP for the WLC software version 17.9.4a?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎03-23-2024 09:15 AM

 

  - I would advise to go direct to 17.9.5  , as far as I am 'aware off internally...'  it is planned to become an advisory (and then you have the SMU stuff already) ; no further worries about SMU.

  Appendix : also after upgrades for instance , it remains useful to check the controller again using 
              the CLI command show tech wireless and feed the output to : Wireless Config Analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

12 Replies 12

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎03-23-2024 06:25 AM

Apply the SMU on 17.9.4 to fix the security vulnerability.  17.9.4 with the SMU is exactly the same as 17.9.4a.

0 Helpful

Go to solution
Maurice Ball
Level 3
Level 3
In response to Leo Laohoo

‎03-23-2024 08:54 AM

I should apply that same SMU to code version 17.9.4a?

0 Helpful

Go to solution
Maurice Ball
Level 3
Level 3
In response to Maurice Ball

‎03-23-2024 09:00 AM

The following is stated on the software page: 

Dear Cisco Customer, If you are not using APSP in 17.9.4, please use 17.9.4a, to obtain fix for CSCwh87343, Cisco IOS XE Software Web UI Privilege Escalation Vulnerability, CVE-2023-20273. In case of SMU/APSP installed, please wait until SMU for CSCwh87343 is available for 17.9.4

Which makes me think the fix for the SMU is included in the code version 17.9.4a.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Maurice Ball

‎03-23-2024 06:43 PM - edited ‎03-23-2024 06:57 PM

@Maurice Ball wrote:
I should apply that same SMU to code version 17.9.4a?

Might as well go straight to 17.9.5 and start testing.

17.9.5 APSP 1 is already out and APSP 1 Release Notes can be found HERE.

0 Helpful

Go to solution
marce1000
VIP
VIP

‎03-23-2024 09:15 AM

 

  - I would advise to go direct to 17.9.5  , as far as I am 'aware off internally...'  it is planned to become an advisory (and then you have the SMU stuff already) ; no further worries about SMU.

  Appendix : also after upgrades for instance , it remains useful to check the controller again using 
              the CLI command show tech wireless and feed the output to : Wireless Config Analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Maurice Ball
Level 3
Level 3
In response to marce1000

‎03-25-2024 01:42 AM

ok thanks for the help.

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to Maurice Ball

‎03-25-2024 02:27 AM

 

  - No problem , in between Leo mentioned an SMU/APSP for 17.9.5 ; my take on that is : For the time being stick to native 17.9.5 only  , review the content of the SMU/APSP  and only use it when you  see a specific item mentioned in the problem list (that you might experience) . It makes things simpler for upgrading and avoids conflicts and problems when going to the next version , 

 M,



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎03-25-2024 05:05 AM

Today, I upgraded a pair of 9800-80 (VSS) to 17.12.3 manually.  No DNAC.  No PI.  

What is so unique about it?  I unpacked the packages and set the controller to reboot 15 minutes later.  

0 Helpful

Go to solution
Maurice Ball
Level 3
Level 3
In response to Leo Laohoo

‎03-27-2024 03:56 AM

The controller was back operational within 15 minutes?
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Maurice Ball

‎03-27-2024 04:21 AM

@Maurice Ball wrote:
The controller was back operational within 15 minutes?

That is not what I meant. 

I initiated the software install so the packages can be extracted, however, I did something to delay the automatic script from rebooting the controller for another 15 minutes. 

And then the pair of 9800 rebooted.  

0 Helpful

Go to solution
Gehrig_W
Level 1
Level 1

‎07-10-2024 01:28 PM

Hello Leo, can You put some more light on this please?

What would You liek to achieve with this 15 minutes delay ?

Thank You

Wini

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Gehrig_W

‎07-10-2024 03:33 PM

@Gehrig_W wrote:
What would You liek to achieve with this 15 minutes delay ?

Hi Wini, 

Without using DNAC or PI, I have demonstrated that I can unpack all the packages at a particular time but reboot the WLC, router or switches at a time-and-date of my choosing.  

Hope this makes sense. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card