03-23-2024 06:21 AM
Could someone please help me out with this? Cisco wrote this so confusing I need some validation. I am planning on upgrading my Catalyst 9800-L to the recommended code version 17.9.4a. When I look at the APSP release notes it states that I need to install the SMU as well as the APSP. I see the install files for the APSP for the code version 17.9.4a installation but when I check for the SMU package. I only see a SMU package for 17.9.4. Do I need to install the SMU for 17.9.4 also or only the APSP for the WLC software version 17.9.4a?
Solved! Go to Solution.
03-23-2024 09:15 AM
- I would advise to go direct to 17.9.5 , as far as I am 'aware off internally...' it is planned to become an advisory (and then you have the SMU stuff already) ; no further worries about SMU.
Appendix : also after upgrades for instance , it remains useful to check the controller again using
the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
M.
03-23-2024 06:25 AM
Apply the SMU on 17.9.4 to fix the security vulnerability. 17.9.4 with the SMU is exactly the same as 17.9.4a.
03-23-2024 08:54 AM
I should apply that same SMU to code version 17.9.4a?
03-23-2024 09:00 AM
The following is stated on the software page:
Dear Cisco Customer, If you are not using APSP in 17.9.4, please use 17.9.4a, to obtain fix for CSCwh87343, Cisco IOS XE Software Web UI Privilege Escalation Vulnerability, CVE-2023-20273. In case of SMU/APSP installed, please wait until SMU for CSCwh87343 is available for 17.9.4
Which makes me think the fix for the SMU is included in the code version 17.9.4a.
03-23-2024 06:43 PM - edited 03-23-2024 06:57 PM
@Maurice Ball wrote:
I should apply that same SMU to code version 17.9.4a?
Might as well go straight to 17.9.5 and start testing.
17.9.5 APSP 1 is already out and APSP 1 Release Notes can be found HERE.
03-23-2024 09:15 AM
- I would advise to go direct to 17.9.5 , as far as I am 'aware off internally...' it is planned to become an advisory (and then you have the SMU stuff already) ; no further worries about SMU.
Appendix : also after upgrades for instance , it remains useful to check the controller again using
the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
M.
03-25-2024 01:42 AM
ok thanks for the help.
03-25-2024 02:27 AM
- No problem , in between Leo mentioned an SMU/APSP for 17.9.5 ; my take on that is : For the time being stick to native 17.9.5 only , review the content of the SMU/APSP and only use it when you see a specific item mentioned in the problem list (that you might experience) . It makes things simpler for upgrading and avoids conflicts and problems when going to the next version ,
M,
03-25-2024 05:05 AM
Today, I upgraded a pair of 9800-80 (VSS) to 17.12.3 manually. No DNAC. No PI.
What is so unique about it? I unpacked the packages and set the controller to reboot 15 minutes later.
03-27-2024 03:56 AM
03-27-2024 04:21 AM
@Maurice Ball wrote:
The controller was back operational within 15 minutes?
That is not what I meant.
I initiated the software install so the packages can be extracted, however, I did something to delay the automatic script from rebooting the controller for another 15 minutes.
And then the pair of 9800 rebooted.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide