cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Check Specific Device Against Latest IOS version

I am using NCM to try to identify which of our devices are not on the latest version. Currently we have some older devices that are going to be replaced shortly, but they are generating way too many vulnerability warnings to sift through. Our main device is the newer 3650, and some ot the 2960X's among a few other things. How do I check on basis of device name which devices do not have the latest vulnerabilities without trying to sift through the entire CVE list trying to figure out which vulnerabilities apply to which device?

For example is there a way to query a list of only 3650 WS-C3650 that aren't the latest firmware version?

0 Kudos
2 Replies
Level 9

You can build a custom query for this quite easily. I use something like this:

SELECT n.Caption, n.MachineType as Machine_Type, n.IOSVersion as Software_Version

FROM Orion.Nodes n

WHERE

(MachineType LIKE 'Cisco Catalyst 29%x%' AND IOSVersion NOT LIKE '15.2(4)E7%')

OR (MachineType LIKE 'Cisco 2960' AND IOSVersion NOT LIKE '12.2(55)SE12%')

OR (MachineType LIKE 'Cisco Catalyst 2960-24TC' AND IOSVersion NOT LIKE '12.2(55)SE12%')

OR (MachineType LIKE 'WS-C3560V2-24PS' AND IOSVersion NOT LIKE '12.2(55)SE12%')

OR (MachineType LIKE 'Cisco Catalyst 38%' AND IOSVersion NOT LIKE '16.3.7%')

OR (MachineType LIKE 'Cisco Catalyst 93%' AND IOSVersion NOT LIKE '16.9.3%')

OR (MachineType LIKE 'Cisco 29%' AND IOSVersion NOT LIKE '15.6(3)M6%')

OR (MachineType LIKE 'Cisco 39%' AND IOSVersion NOT LIKE '15.6(3)M6%' )

OR (MachineType LIKE 'Cisco 4%' AND IOSVersion NOT LIKE '16.3.7%' )

OR (MachineType LIKE 'Cisco ISR4%' AND IOSVersion NOT LIKE '16.3.7%' )

ORDER BY n.Caption ASC

How are you currently checking all the devices? There should be a way to filter on a device name.

0 Kudos