03-23-2024 06:21 AM
Could someone please help me out with this? Cisco wrote this so confusing I need some validation. I am planning on upgrading my Catalyst 9800-L to the recommended code version 17.9.4a. When I look at the APSP release notes it states that I need to install the SMU as well as the APSP. I see the install files for the APSP for the code version 17.9.4a installation but when I check for the SMU package. I only see a SMU package for 17.9.4. Do I need to install the SMU for 17.9.4 also or only the APSP for the WLC software version 17.9.4a?
Solved! Go to Solution.
03-23-2024 09:15 AM
- I would advise to go direct to 17.9.5 , as far as I am 'aware off internally...' it is planned to become an advisory (and then you have the SMU stuff already) ; no further worries about SMU.
Appendix : also after upgrades for instance , it remains useful to check the controller again using
the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
M.
03-23-2024 06:25 AM
Apply the SMU on 17.9.4 to fix the security vulnerability. 17.9.4 with the SMU is exactly the same as 17.9.4a.
03-23-2024 08:54 AM
I should apply that same SMU to code version 17.9.4a?
03-23-2024 09:00 AM
The following is stated on the software page:
Dear Cisco Customer, If you are not using APSP in 17.9.4, please use 17.9.4a, to obtain fix for CSCwh87343, Cisco IOS XE Software Web UI Privilege Escalation Vulnerability, CVE-2023-20273. In case of SMU/APSP installed, please wait until SMU for CSCwh87343 is available for 17.9.4
Which makes me think the fix for the SMU is included in the code version 17.9.4a.
03-23-2024 06:43 PM - edited 03-23-2024 06:57 PM
@Maurice Ball wrote:
I should apply that same SMU to code version 17.9.4a?
Might as well go straight to 17.9.5 and start testing.
17.9.5 APSP 1 is already out and APSP 1 Release Notes can be found HERE.
03-23-2024 09:15 AM
- I would advise to go direct to 17.9.5 , as far as I am 'aware off internally...' it is planned to become an advisory (and then you have the SMU stuff already) ; no further worries about SMU.
Appendix : also after upgrades for instance , it remains useful to check the controller again using
the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
M.
03-25-2024 01:42 AM
ok thanks for the help.
03-25-2024 02:27 AM
- No problem , in between Leo mentioned an SMU/APSP for 17.9.5 ; my take on that is : For the time being stick to native 17.9.5 only , review the content of the SMU/APSP and only use it when you see a specific item mentioned in the problem list (that you might experience) . It makes things simpler for upgrading and avoids conflicts and problems when going to the next version ,
M,
03-25-2024 05:05 AM
Today, I upgraded a pair of 9800-80 (VSS) to 17.12.3 manually. No DNAC. No PI.
What is so unique about it? I unpacked the packages and set the controller to reboot 15 minutes later.
03-27-2024 03:56 AM
03-27-2024 04:21 AM
@Maurice Ball wrote:
The controller was back operational within 15 minutes?
That is not what I meant.
I initiated the software install so the packages can be extracted, however, I did something to delay the automatic script from rebooting the controller for another 15 minutes.
And then the pair of 9800 rebooted.
07-10-2024 01:28 PM
Hello Leo, can You put some more light on this please?
What would You liek to achieve with this 15 minutes delay ?
Thank You
Wini
07-10-2024 03:33 PM
@Gehrig_W wrote:
What would You liek to achieve with this 15 minutes delay ?
Hi Wini,
Without using DNAC or PI, I have demonstrated that I can unpack all the packages at a particular time but reboot the WLC, router or switches at a time-and-date of my choosing.
Hope this makes sense.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide