CISCO Catalyst 2950 Switch IOS Upgrade?

Discussion in 'Cisco' started by kg026@yahoo.com, Apr 22, 2007.

  1. Guest

    I have an office which has a CISCO PIX 501 firewall and 3 CISCO
    Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    but am wondering if there is an benefit in upgrading the IOS on the
    switches. All switches are on the LAN behind the PIX so would their be
    any security vulnerabilities that could be taken advantage of? Is it
    really worth upgrading the IOS if they work fine as is and I don't
    need any of the new features? Thanks for your input/help!
    , Apr 22, 2007
    #1
    1. Advertising

  2. On Apr 22, 4:16 am, wrote:
    > I have an office which has a CISCO PIX 501 firewall and 3 CISCO
    > Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    > but am wondering if there is an benefit in upgrading the IOS on the
    > switches. All switches are on the LAN behind the PIX so would their be
    > any security vulnerabilities that could be taken advantage of? Is it
    > really worth upgrading the IOS if they work fine as is and I don't
    > need any of the new features? Thanks for your input/help!


    If you don't need any of the new features and everything is working
    fine, I don't really see a reason for upgrading the switches. Its
    important to keep the PIX upgraded though.
    Mohammed Alani, Apr 22, 2007
    #2
    1. Advertising

  3. Guest

    On Apr 22, 8:07 am, Mohammed Alani <> wrote:
    > On Apr 22, 4:16 am, wrote:
    >
    > > I have an office which has a CISCO PIX 501 firewall and 3 CISCO
    > > Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    > > but am wondering if there is an benefit in upgrading the IOS on the
    > > switches. All switches are on the LAN behind the PIX so would their be
    > > any security vulnerabilities that could be taken advantage of? Is it
    > > really worth upgrading the IOS if they work fine as is and I don't
    > > need any of the new features? Thanks for your input/help!

    >
    > If you don't need any of the new features and everything is working
    > fine, I don't really see a reason for upgrading the switches. Its
    > important to keep the PIX upgraded though.


    Thanks! This is what I was thinking but wasn't 100% sure. Does anybody
    else have an opinion on the subject?
    , Apr 22, 2007
    #3
  4. Brian V Guest

    <> wrote in message
    news:...
    > On Apr 22, 8:07 am, Mohammed Alani <> wrote:
    >> On Apr 22, 4:16 am, wrote:
    >>
    >> > I have an office which has a CISCO PIX 501 firewall and 3 CISCO
    >> > Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    >> > but am wondering if there is an benefit in upgrading the IOS on the
    >> > switches. All switches are on the LAN behind the PIX so would their be
    >> > any security vulnerabilities that could be taken advantage of? Is it
    >> > really worth upgrading the IOS if they work fine as is and I don't
    >> > need any of the new features? Thanks for your input/help!

    >>
    >> If you don't need any of the new features and everything is working
    >> fine, I don't really see a reason for upgrading the switches. Its
    >> important to keep the PIX upgraded though.

    >
    > Thanks! This is what I was thinking but wasn't 100% sure. Does anybody
    > else have an opinion on the subject?
    >


    If it's not broke, don't fix it. Unless there is a specific vulnerability or
    feature you are trying to add, don't do anything. You know it's working now,
    why screw with it.
    Brian V, Apr 22, 2007
    #4
  5. Guest

    On Apr 22, 4:33 pm, "Brian V" <> wrote:
    > <> wrote in message
    >
    > news:...
    >
    >
    >
    > > On Apr 22, 8:07 am, Mohammed Alani <> wrote:
    > >> On Apr 22, 4:16 am, wrote:

    >
    > >> > I have an office which has aCISCOPIX 501 firewall and 3CISCO
    > >> > Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    > >> > but am wondering if there is an benefit in upgrading the IOS on the
    > >> > switches. All switches are on the LAN behind the PIX so would their be
    > >> > any security vulnerabilities that could be taken advantage of? Is it
    > >> > really worth upgrading the IOS if they work fine as is and I don't
    > >> > need any of the new features? Thanks for your input/help!

    >
    > >> If you don't need any of the new features and everything is working
    > >> fine, I don't really see a reason for upgrading the switches. Its
    > >> important to keep the PIX upgraded though.

    >
    > > Thanks! This is what I was thinking but wasn't 100% sure. Does anybody
    > > else have an opinion on the subject?

    >
    > If it's not broke, don't fix it. Unless there is a specific vulnerability or
    > feature you are trying to add, don't do anything. You know it's working now,
    > why screw with it.


    Thanks for everyones input. Looks like I will leave the switches alone
    until someone convinces me otherwise! Thanks again!
    , Apr 25, 2007
    #5
  6. Arthur Brain Guest

    wrote:
    > On Apr 22, 4:33 pm, "Brian V" <> wrote:
    > > <> wrote in message
    > >
    > > news:...
    > >
    > >
    > >
    > > > On Apr 22, 8:07 am, Mohammed Alani <> wrote:
    > > >> On Apr 22, 4:16 am, wrote:

    > >
    > > >> > I have an office which has aCISCOPIX 501 firewall and 3CISCO
    > > >> > Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    > > >> > but am wondering if there is an benefit in upgrading the IOS on the
    > > >> > switches. All switches are on the LAN behind the PIX so would their be
    > > >> > any security vulnerabilities that could be taken advantage of? Is it
    > > >> > really worth upgrading the IOS if they work fine as is and I don't
    > > >> > need any of the new features? Thanks for your input/help!

    > >
    > > >> If you don't need any of the new features and everything is working
    > > >> fine, I don't really see a reason for upgrading the switches. Its
    > > >> important to keep the PIX upgraded though.

    > >
    > > > Thanks! This is what I was thinking but wasn't 100% sure. Does anybody
    > > > else have an opinion on the subject?

    > >
    > > If it's not broke, don't fix it. Unless there is a specific vulnerability or
    > > feature you are trying to add, don't do anything. You know it's working now,
    > > why screw with it.


    > Thanks for everyones input. Looks like I will leave the switches alone
    > until someone convinces me otherwise! Thanks again!


    My approach is to read the release notes for every firmware upgrade to
    see if it addresses any issues I have, or if it adds any functionality
    I could use.

    If I want anything in the new release, I install it on a test device
    first and test my issue or added functionality to ensure I have
    understood the release notes.

    Then, I will install it on the live network.

    Generally, I try to keep my firmware as up-to-date as possible.
    Arthur Brain, Apr 27, 2007
    #6
  7. Guest

    On Apr 27, 12:24 am, Arthur Brain <> wrote:
    > wrote:
    > > On Apr 22, 4:33 pm, "Brian V" <> wrote:
    > > > <> wrote in message

    >
    > > >news:...

    >
    > > > > On Apr 22, 8:07 am, Mohammed Alani <> wrote:
    > > > >> On Apr 22, 4:16 am, wrote:

    >
    > > > >> > I have an office which has aCISCOPIX 501 firewall and 3CISCO
    > > > >> > Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    > > > >> > but am wondering if there is an benefit in upgrading the IOS on the
    > > > >> > switches. All switches are on the LAN behind the PIX so would their be
    > > > >> > any security vulnerabilities that could be taken advantage of? Is it
    > > > >> > really worth upgrading the IOS if they work fine as is and I don't
    > > > >> > need any of the new features? Thanks for your input/help!

    >
    > > > >> If you don't need any of the new features and everything is working
    > > > >> fine, I don't really see a reason for upgrading the switches. Its
    > > > >> important to keep the PIX upgraded though.

    >
    > > > > Thanks! This is what I was thinking but wasn't 100% sure. Does anybody
    > > > > else have an opinion on the subject?

    >
    > > > If it's not broke, don't fix it. Unless there is a specific vulnerability or
    > > > feature you are trying to add, don't do anything. You know it's working now,
    > > > why screw with it.

    > > Thanks for everyones input. Looks like I will leave the switches alone
    > > until someone convinces me otherwise! Thanks again!

    >
    > My approach is to read the release notes for every firmwareupgradeto
    > see if it addresses any issues I have, or if it adds any functionality
    > I could use.
    >
    > If I want anything in the new release, I install it on a test device
    > first and test my issue or added functionality to ensure I have
    > understood the release notes.
    >
    > Then, I will install it on the live network.
    >
    > Generally, I try to keep my firmware as up-to-date as possible.


    You make a good point however in my case I don't have a test device so
    I can't do it that way. My main question was whether or not an
    internal switch could be vulnerable to any security bugs when it's an
    internal switch behind a firewall.
    , Apr 27, 2007
    #7
  8. Scooby Guest

    <> wrote in message
    news:...
    > On Apr 27, 12:24 am, Arthur Brain <> wrote:
    >> wrote:
    >> > On Apr 22, 4:33 pm, "Brian V" <> wrote:
    >> > > <> wrote in message

    >>
    >> > >news:...

    >>
    >> > > > On Apr 22, 8:07 am, Mohammed Alani <>
    >> > > > wrote:
    >> > > >> On Apr 22, 4:16 am, wrote:

    >>
    >> > > >> > I have an office which has aCISCOPIX 501 firewall and 3CISCO
    >> > > >> > Catalyst 2950T-24 switches? I have the latest IOS version on the
    >> > > >> > PIX
    >> > > >> > but am wondering if there is an benefit in upgrading the IOS on
    >> > > >> > the
    >> > > >> > switches. All switches are on the LAN behind the PIX so would
    >> > > >> > their be
    >> > > >> > any security vulnerabilities that could be taken advantage of?
    >> > > >> > Is it
    >> > > >> > really worth upgrading the IOS if they work fine as is and I
    >> > > >> > don't
    >> > > >> > need any of the new features? Thanks for your input/help!

    >>
    >> > > >> If you don't need any of the new features and everything is
    >> > > >> working
    >> > > >> fine, I don't really see a reason for upgrading the switches. Its
    >> > > >> important to keep the PIX upgraded though.

    >>
    >> > > > Thanks! This is what I was thinking but wasn't 100% sure. Does
    >> > > > anybody
    >> > > > else have an opinion on the subject?

    >>
    >> > > If it's not broke, don't fix it. Unless there is a specific
    >> > > vulnerability or
    >> > > feature you are trying to add, don't do anything. You know it's
    >> > > working now,
    >> > > why screw with it.
    >> > Thanks for everyones input. Looks like I will leave the switches alone
    >> > until someone convinces me otherwise! Thanks again!

    >>
    >> My approach is to read the release notes for every firmwareupgradeto
    >> see if it addresses any issues I have, or if it adds any functionality
    >> I could use.
    >>
    >> If I want anything in the new release, I install it on a test device
    >> first and test my issue or added functionality to ensure I have
    >> understood the release notes.
    >>
    >> Then, I will install it on the live network.
    >>
    >> Generally, I try to keep my firmware as up-to-date as possible.

    >
    > You make a good point however in my case I don't have a test device so
    > I can't do it that way. My main question was whether or not an
    > internal switch could be vulnerable to any security bugs when it's an
    > internal switch behind a firewall.
    >


    Potentially, but not likely. I agree with the thoughts of others that if it
    ain't broke, don't fix it. There are devices that you need to keep up to
    date, but generally speaking, switches do not fall into that category. When
    a release comes out with a reason to update, do it, otherwise, leave it
    alone. Or, consider doing it just before your smartnet runs out. At least
    download the latest at that time.

    One thought... if you do upgrade the switch, make sure you have a copy of
    the old version very close in case you want to go back :)
    Scooby, Apr 27, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 1NetAdminGuy
    Replies:
    3
    Views:
    1,088
    vipergg
    Oct 1, 2004
  2. owais bin zuber

    RTP packets and Cisco Catalyst 2950 switch

    owais bin zuber, Oct 7, 2004, in forum: Cisco
    Replies:
    1
    Views:
    697
  3. mohitbakre
    Replies:
    3
    Views:
    1,143
    www.BradReese.Com
    Dec 10, 2006
  4. Tacobell
    Replies:
    5
    Views:
    4,236
  5. Mike Rahl
    Replies:
    1
    Views:
    1,201
    Trendkill
    May 30, 2007
Loading...

Share This Page