Cisco firmware/IOS upgrade recommendations

Posted on 2011-05-09
Last Modified: 2012-06-21
A customer approached us today, willing to spend annual funds on "keeping their equipment up-to-date" - this equipment includes several Cisco switches and a couple ASA firewalls.

Broad topic, but I've never been concerned about "firmware" upgrades on Cisco gear - it's always been about the IOS revisions. Given that, I've run into several occasions where upgrading the main OS (especially for ASA firewalls) has produced more pain than expected.

How would you react to this request?  I'm not sure I believe that a customer request to "keep everything current" (the latest of everything) is a good idea in the Cisco realm.  Plus, is there really any reason to upgrade the firmware of the devices (as opposed to just the OS versions)?

Open discussion here, and thanks!

Question by:cfan73
    LVL 50

    Expert Comment

    by:Don Johnston
    >How would you react to this request?

    I recommend to only upgrade the IOS when there is a bug that affects the current operations or a feature is required that is only available on a later release.

    There is nothing to be gained by blindly upgrading the IOS to the latest version.
    LVL 10

    Assisted Solution

    I agree with donj with the caveate that you should inquire with your customer as to the reason driving the decision.  I have worked in environments in the past were it was a customer (my employer's customer that is) requirement that IOS, etc. be no more than two revisions out of date and not be any revision with a known security vulnerability within a utilized feature set.

    Author Comment

    Thanks for the feedback, guys - a couple follow up questions and I'll award points:

    1) I understand about the "blind upgrade" thing - makes sense.  (If you're not having problems, why upgrade?)  Having said that, if I wanted to examine the IOS currently running on my system to see if there are any known vulnerabilities with it (thus warranting an upgrade), is there a Cisco link that would point this out and provide a recommended "safe" upgrade to replace it with?

    2) Plus, have either of you ever seen something concerned with upgrading the FIRMWARE of a Cisco device for any reason, as opposed to just the IOS?

    Thanks again
    LVL 50

    Accepted Solution

    1) On the Cisco, click on "support". Then down the page under "Support Tools" you'll find a link to the "Bug Toolkit". Once there, you can search for bugs by IOS version. This does require an CCO login though.

    2) No.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
    The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now