Maintenance Summary

Critical security and stability firmware patches will be applied to the three Cisco Catalyst core distribution switches serving Admin Tower on Saturday, April 5, 2026 from 10:00 PM to 11:30 PM.

Patching follows a rolling restart approach: one switch is patched and verified before proceeding to the next, minimising the outage window.

Patch Details

SwitchModelCurrent FirmwareTarget FirmwareCVE Addressed
SW-ADMIN-CORE-01Catalyst 930017.9.317.12.2CVE-2025-20388, CVE-2025-21541
SW-ADMIN-CORE-02Catalyst 930017.9.317.12.2CVE-2025-20388, CVE-2025-21541
SW-ADMIN-DIST-01Catalyst 920017.9.217.12.1CVE-2025-21541

Expected Impact

PhaseTimeImpact
SW-ADMIN-CORE-01 patch & restart10:00–10:25 PMWired connectivity on floors 1–3 interrupted ~3 min
SW-ADMIN-CORE-02 patch & restart10:30–10:55 PMWired connectivity on floors 4–6 interrupted ~3 min
SW-ADMIN-DIST-01 patch & restart11:00–11:20 PMDistribution-layer failover; minimal interruption expected
Final validation11:20–11:30 PMNo interruption
  • Wireless (Wi-Fi) access in Admin Tower will be briefly impacted during each switch restart as APs re-associate.
  • V oIP phones will need to reboot automatically after each phase — calls should not be attempted during the switch restart windows.
  • Off-campus VPN traffic for Admin Tower users is not affected.

Pre-Maintenance Checklist

  • Firmware images downloaded and checksums verified
  • Configuration backups taken for all three switches
  • Change ticket approved by Change Advisory Board
  • Network Operations on-site; Network Manager on call
  • Out-of-band OOBM access verified (Console server oob-admin.example.edu)

Rollback Plan

If a switch fails to boot on the new firmware, the previous firmware version is retained in the inactive partition. Rollback requires setting the boot variable and restarting the switch (approximately 8 minutes per device).

Contacts

For issues during this maintenance window: Network Operations on-call — ext. 5556 or net-ops@example.edu.