12-12-2023 11:00 AM
Hi, I was requested to upgrade a 2504 wireless controller due to security vulnerabilities. Current version is 7.6.130.0
Is an active support-contract required to perform an upgrade in this controllers? We just want to do the upgrade to mitigate the vulnerabilities.
Thanks!
12-12-2023 02:12 PM
1. Go to the Cisco Software Download portal and find the version you want to upgrade to.
2. Note down the exact filename and the HTTP address.
3. Carefully read this: Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability
4. Scroll down to the "Customers Without Service Contracts" section. Read it. Understand it.
5. Send an email to TAC with the following information:
12-12-2023 02:34 PM
Yes you would normally need a service contract for most software downloads.
The version you should ideally be asking for (as per Leo's instructions) is 8.5.182.11 (link below) which is the latest available with all security fixes and the 2504 filename is AIR-CT2500-K9-8-5-182-11.aes but note "Cisco 2500 Series Wireless Controllers Release 8.5 Software.In order to use 8.4 or higher code, you must upgrade the 2504 Wireless Lan Controllers to FUS version 1.9 or higher, this must be done before installing the new AireOS version"
You should also check the compatibility matrix (link below) to make sure all your APs are supported on 8.5 code. If not, then you may need to consider an older version of code but because those all went end of support years ago they will all still have security vulnerabilities.
If you're upgrading to 8.5 then you should ideally upgrade to 8.0.152.0 first so you might need to request that too:
https://software.cisco.com/download/home/283848165/type/280926587/release/8.0.152.0
And read the release notes to make sure you know about any changes you need to be aware of.
12-12-2023 07:59 PM
That is a big jump, even if you were able to download the software. I can tell you that your ap's probably do not support the latest version. Here is my take. You are being requested to upgrade due to vulnerabilities, knowing that the controller and the ap's are end of support and security patching, doesn't make sense. You need to look at replacing what you have so that you are covered from these new security vulnerabilities. Also think, what happens when the controller dies or access points start to die, what will you do?
12-13-2023 01:43 AM
Take a look at this!
https://www.cisco.com/c/en/us/support/docs/field-notices/740/fn74035.html
12-13-2023 10:44 PM
@Denniz how does that help?
In any case the link to that field notice and the 8.5.182.11 software, which I suggested, is already provided in my reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide