CISCO Catalyst 2950 Switch IOS Upgrade?

Discussion in 'Cisco' started by kg026, Apr 22, 2007.

  1. kg026

    kg026 Guest

    I have an office which has a CISCO PIX 501 firewall and 3 CISCO
    Catalyst 2950T-24 switches? I have the latest IOS version on the PIX
    but am wondering if there is an benefit in upgrading the IOS on the
    switches. All switches are on the LAN behind the PIX so would their be
    any security vulnerabilities that could be taken advantage of? Is it
    really worth upgrading the IOS if they work fine as is and I don't
    need any of the new features? Thanks for your input/help!
     
    kg026, Apr 22, 2007
    #1
    1. Advertisements

  2. If you don't need any of the new features and everything is working
    fine, I don't really see a reason for upgrading the switches. Its
    important to keep the PIX upgraded though.
     
    Mohammed Alani, Apr 22, 2007
    #2
    1. Advertisements

  3. kg026

    kg026 Guest

    Thanks! This is what I was thinking but wasn't 100% sure. Does anybody
    else have an opinion on the subject?
     
    kg026, Apr 22, 2007
    #3
  4. kg026

    Brian V Guest

    If it's not broke, don't fix it. Unless there is a specific vulnerability or
    feature you are trying to add, don't do anything. You know it's working now,
    why screw with it.
     
    Brian V, Apr 22, 2007
    #4
  5. kg026

    kg026 Guest

    Thanks for everyones input. Looks like I will leave the switches alone
    until someone convinces me otherwise! Thanks again!
     
    kg026, Apr 25, 2007
    #5
  6. kg026

    Arthur Brain Guest

    My approach is to read the release notes for every firmware upgrade to
    see if it addresses any issues I have, or if it adds any functionality
    I could use.

    If I want anything in the new release, I install it on a test device
    first and test my issue or added functionality to ensure I have
    understood the release notes.

    Then, I will install it on the live network.

    Generally, I try to keep my firmware as up-to-date as possible.
     
    Arthur Brain, Apr 27, 2007
    #6
  7. kg026

    kg026 Guest

    You make a good point however in my case I don't have a test device so
    I can't do it that way. My main question was whether or not an
    internal switch could be vulnerable to any security bugs when it's an
    internal switch behind a firewall.
     
    kg026, Apr 27, 2007
    #7
  8. kg026

    Scooby Guest

    Potentially, but not likely. I agree with the thoughts of others that if it
    ain't broke, don't fix it. There are devices that you need to keep up to
    date, but generally speaking, switches do not fall into that category. When
    a release comes out with a reason to update, do it, otherwise, leave it
    alone. Or, consider doing it just before your smartnet runs out. At least
    download the latest at that time.

    One thought... if you do upgrade the switch, make sure you have a copy of
    the old version very close in case you want to go back :)
     
    Scooby, Apr 27, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.