I am using 3750 and purchased new 3750X L3 switch. I m going to do HSRP between that two switches. Please suggest which firmware do i use?. Which is stable version?
Most folks here agree that 12.2(55)SE8 is a good choice for the 3k line. It was released in June 2013 and right now has the best track record as far as stability and overall maturity.
Unless you have newer hardware that doesn't support that image (i.e. 3650 or 3850) or really need some software feature only available in the 15.x line, 12.2(55)SE8 will serve you well.
Oh no, I have a newer one, is this one not stable? Here's my sw stack:
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 52 WS-C3750G-48TS 12.2(58)SE2 C3750-IPSERVICESK9-M
2 52 WS-C3750V2-48TS 12.2(58)SE2 C3750-IPSERVICESK9-M
3 52 WS-C3750V2-48TS 12.2(58)SE2 C3750-IPSERVICESK9-M
4 52 WS-C3750V2-48TS 12.2(58)SE2 C3750-IPSERVICESK9-M
5 52 WS-C3750V2-48TS 12.2(58)SE2 C3750-IPSERVICESK9-M
* 6 52 WS-C3750V2-48TS 12.2(58)SE2 C3750-IPSERVICESK9-M
7 54 WS-C3750X-48P 12.2(58)SE2 C3750E-UNIVERSALK9-M
8 54 WS-C3750X-48P 12.2(58)SE2 C3750E-UNIVERSALK9-M
9 30 WS-C3750X-24P 12.2(58)SE2 C3750E-UNIVERSALK9-M
12.2(58)SE2 has a few extra features but is old (mid-2011). If you need those extra features but still want something more recent then I believe 15.0(2)SE4 is the way to go... otherwise I'd stick to 12.2(55)SE8.
They are reccomending to upgrade to 15.0.2-SE4
Here's what TAC said:
I noticed that you are hitting the following bug:
CSCtr73464 Crash due to sock in socket_set_event being 0x0
Externally found severe (Sev2) bug: D-Duplicate
Which is a duplicate of:
CSCuc53853 Cisco IOS Switch HTTP Server DoS Vulnerability
Externally found severe (Sev2) bug: R-Resolved
To solve the issue you need to upgrade the IOS to the release:
DRAM 128 MB Flash 32 MB
17.40 MB (18242944 bytes)
Ok well scratch 12.2(58)SE2, it's a steaming pile.
Every quarter we have a third party company do an internal vulnerability assessment. They have a system on our network that scans everything basically. Last quarter one of our endpoint switches, a 3560X was on 12.2(58)SE2. When the scan hit, it took out that switch (it crashed). Opened a ticket with TAC and they replaced the switch. New one came with 12.2(55)SE7. It's uptime is currently 25 weeks.
FF to this afternoon, it's a new quarter, time for a new vulnerability scan! The 9 switch stack I showed above in my previous post all have been updated to 12.2(58)SE2 because we added 3 more switches, and those last 3 new ones were a newer IOS version than the first 6 3750V2's. So we updated all of it to the latest version on Cisco's site which was 12.2(58)SE2. The stack then was able to operate with all 9 switches. Now this afternoon the vulnerability scan hit and this whole 9 switch stack (the core of our network basically) crashed and rebooted! Our uptime went from 21 weeks (when we added the new switches and updated them) to just over 2 hours, 20 minutes (as of this posting).
Needless to say what a disruption! All other branch switches on 12.2(55)SE7 or earlier stayed up and running and survived the brute force network vulnerability scan! Needless to say we are going to schedule time to downgrade our stack to this version before the next quarterly scan!!
Cisco should really be ashamed for putting out 12.2(58)SE2 as a few more searches right here on this community shows a lot of other posters here claim its the buggiest and worst iteration of IOS yet. Makes me wonder why it was even released.
Certainly makes you wonder, there code execution has been less than stellar the last 2 -3 years. Makes you long for Catos , we never had any issues with those switches.
I'd recommend 12.2(55)SE8.
Cisco should really be ashamed for putting out 12.2(58)SE2 as a few more searches right here on this community shows a lot of other posters here claim its the buggiest and worst iteration of IOS yet.
I CAN TOP 12.2(58)SE2 (as a badly coded software)! I CAN TOP THIS VERSION!
See if you can find 15.0(2)SE3. If you can still find some, load this version in one of your TEST switch and run TACACS. LOL!
This version is a BLAAAAAST!