Which factors lead to a Cisco IOS upgrade

What are the factors driving a Cisco IOS upgrade?

What factors do you consider in order of preference / priority when upgrading (or downgrading) Cisco IOS? If there weren't any overriding factors, how long would a particular version of iOS run? I've seen some switches with maturities> 5 years.

And how is the respective IOS version identified as the upgrade target during an upgrade?


In the order of your preference / priority, our company tends to upgrade based on these factors:

  • Weak points, weak points, weak points!
  • Bugs
  • Get new features Not currently available - new cards / modules have a First Supported In iOS version that may be higher than the one you were running
  • Churn of retired release trains
  • Matching versions on recently deployed and similar hardware

A device that is very critical to the infrastructure may not be updated as aggressively as a device that is less critical. It takes into account the role of the device, the redundancy involved, and the impact of the upgrade itself on downtime or on the possibility of the behavior of the configuration functions changing or other default settings occurring when switching between major versions. this is the Question of necessity , which also refers to soft costs such as time and resources for performing the upgrades, measured by the weighting of the individual factors such as B. Vulnerabilities.

Make sure you subscribe to multiple vulnerability reporting websites, such as: B. the Cisco PSIRT team (Product Security Incident Response Team) and the American Cert team (Computer Emergency Readiness Team).

A downgrade might be appropriate if:

  • The organization has a policy of only running tested / QA versions, and new devices have shipped with a newer version.
  • Org has a policy against anything but GD.

  • Use the Cisco Output Interpreter from "show version" to check for obvious problems / weaknesses / errors.
  • Look for GD (General Deployment) releases and avoid DF (Deferred).
  • Use ED (Early Deployment) only if it contains features that are not available elsewhere.
  • If possible, avoid LD (Limited Deployment) and use GD instead.

There are certainly arguments for an ED or LD version, but the desire is of course to find the most stable version that meets the requirements. Use Cisco's Feature Navigator to identify potentially different sets of features (provided you are licensed to use them).

You missed it need

A switch in a dusty old broom closet likely doesn't need an IOS upgrade to the latest IOS to do security fixes and new features with just a 10 year old inkjet printer connected.

You should also state when an upgrade should not be performed as this can result in wasted time, manpower and downtime when switching between major releases, which could result in features no longer working or configuration syntax changed.

All very good comments. I've also seen network standardization and IOS test results that can help upgrade IOS.

I would agree that vulnerabilities are high on the list, but it also depends on the type of network and traffic.

For example, a financial institution would be more concerned with security and vulnerabilities than another type of network that might be more concerned with bugs once they are hit by one, which leads to change.

It is also best to disable services that are not needed on the network or on the devices.

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from.

By continuing, you consent to our use of cookies and other tracking technologies and affirm you're at least 16 years old or have consent from a parent or guardian.

You can read details in our Cookie policy and Privacy policy.