Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
5
Helpful
2
Replies

IOS Upgrade, General Consensus

wilson_1234_2
Level 3
Level 3

‎04-09-2008 04:41 PM - edited ‎03-03-2019 09:29 PM

I was just wondering about IOS upgrades in general.

What are most peoples thoughts on this.

Security people are saying routers should be upgraded the the latest image available.

I have two core 6509 switches that have a new IOS to upgrade to but Cisco has told me more than once that if there is no specific reason to upgrade, you should not.

What do most people do?

Labels:
0 Helpful
2 Replies 2

sundar.palaniappan
Level 10
Level 10

‎04-09-2008 05:09 PM

I agree with Cisco on this. If you aren't using any features that is not supported in the IOS you are using and if you haven't had any major issues with the current code why bother to upgrade. The reason being you don't know what kind of caveats you might run into with the new image. The simple rule 'if it's not broken, don't fix it' makes lot of sense here.

Just my 2 cents.

HTH

Sundar

Danilo Dy
VIP Alumni
VIP Alumni

‎04-09-2008 08:54 PM

Hi,

From the security side, the most important is to subscribe to Cisco PSIRT and also to CERT. So that you will be informed of any latest security vulnerabilities and exploitation and how Cisco can help you. If the affected services or feature is not turn-ON in your system or you are not using it, there is no need to update. If workaround exist, there is no rush for update, you can perform the update later during your maintenance window.

In the operational side, If you are encountering strange problems with your current IOS and you can't find any Bugs or Vulnerabilities and you are certain that its not your configuration, I have to say that you should update your IOS. You can also check the Bug Toolkit, but sometimes they are too much to read if they are in the thousands. I do believe that vendors don't post all the Bugs and Vulnerabilities in their website - I know one security vendor but we keep encountering strange problems with their product :). Some updates may improve your system performance or fix some strange problem that you are encountering, although there is no documentation from vendor that it will do so. I believe that they cannot test their new code to all possible scenarios/setup. This is why there is one security vendor that keep insisting to always apply their current patch no matter what.

You need to secure your system also, there are a lot of way to improve performance and block rogue access. Check this links

http://www.cisco.com/warp/public/707/21.html

http://www.nsa.gov/snac/

http://www.cymru.com/Documents/secure-ios-template.html

A good monitoring, logging, remedy system, change management database, event tracking, and performance tracking system will save you a lot of headache.

You also need to plan for maintenance window for the current year. You can choose for monthly, quarterly, half-yearly to perform your updates and other changes that requires downtime. This does not include emergency downtime.

This Handbook is very useful http://www.amazon.com/Visible-Ops-Handbook-Implementing-Practical/dp/0975568612/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1207803597&sr=1-1

Regards,

Dandy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card