• Author : Trey Dismukes

 
 

Upgrade Questions for EOS

We are about to upgrade our Arista switches to address the newest vulnerabilities that came out recently, and I have a few questions I’m hoping you can help with. Some of our switches are on older hardware. Is there a table somewhere that lists the highest code level a particular platform can run? Will all newer code releases run on all older hardware? Some of our switches are running very old code. Does SSU work on very old code (say, 4.5)? Assuming not, what is the upgrade path to get these switches up to 4.14…? Do I have to upgrade...
Continue reading →

Do my Arista switches use NTPD? How to mitigate?

In Security Advisory 0016 CVE-2015-7704 and CVE-2015-7705 are shown as affecting Arista switches in EOS release trains 4.15, 4.14, 4.13, and 4.12. Until a patch comes out, the mitigation for this vulnerability is to, “restrict who can query ntpd to learn who its servers are, and what IPs are allowed to ask your system for the time.” I was unaware that my Arista switches even ran ntpd, nor that they had the capacity to listen to time requests. In searching through the documentation I can only find the ability to configure the ntp client; nothing about ntpd server. Does anyone...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: