Monitoring, Troubleshooting, and Lifecycle Management
Learning Objectives
Use Catalyst SD-WAN Manager dashboards and tools to monitor edge health, and extend that visibility with model-driven telemetry and ThousandEyes.
Apply a structured troubleshooting methodology for control-plane and data-plane issues, using real IOS XE SD-WAN show commands and admin-tech bundles.
Plan software upgrades, configure rollback safety nets, and manage the end-of-life roadmap for Catalyst 8000 platforms.
Building, deploying, and securing a Catalyst 8000 edge fabric is only the beginning. The real test of any network is what happens on an ordinary Tuesday afternoon when a branch goes quiet, an application crawls, or a software release reaches the end of its supported life. This chapter brings together the operational disciplines that keep a Catalyst 8000 SD-WAN fabric healthy over its lifetime: watching it (monitoring and telemetry), fixing it (structured troubleshooting), and renewing it (lifecycle management).
1. Monitoring and Telemetry
Pre-Reading Check — Monitoring and Telemetry
1. A network operator wants to detect a five-second burst of packet loss that a 5-minute SNMP poll would smooth over. Which approach best fits this need?
Open the SD-WAN Manager Overview dashboard more frequentlyConfigure model-driven telemetry with a short sample interval streaming to a collectorIncrease the SNMP polling community string priorityGenerate an admin-tech bundle every five minutes
2. Users report Office 365 feels slow, but ping to the router is fine. Why is a ThousandEyes Enterprise Agent on the router more useful here than the SD-WAN Manager dashboard alone?
It replaces the need for the overlay control planeIt measures end-to-end experience along the path to the SaaS target, isolating where the problem livesIt reboots the router automatically when latency risesIt disables SNMP so the dashboard becomes more accurate
3. On the SD-WAN Manager Overview page, what is the intended first action when scanning for problems?
Immediately generate admin-tech for every deviceScan for red or orange indicators under Network/Transport Health or Alarms, then drill downRoll back the most recent software imageClear all control connections to reset the fabric
4. In a model-driven telemetry dial-out session, which device initiates the connection?
The collector initiates the subscription toward the routerSD-WAN Manager initiates on behalf of bothThe router pushes updates to one or more collectorsThe vBond orchestrator brokers each sample
5. Why is telemetry described as a complement to SD-WAN Manager rather than a replacement?
Telemetry can only run on controllers, not edge routersManager provides overlay control context (OMP, SLA decisions) that raw sensor streams lackTelemetry is less frequent than dashboard pollingManager cannot display any per-device health metrics
Key Points
SD-WAN Manager (formerly vManage) is the single pane of glass: fabric-wide dashboards, per-device health panels, and an alarms/events trail tied to precise timestamps.
A monitoring flow starts at the Overview dashboard, drills into Monitor > Network > Devices, uses the time-range selector, then confirms live state in the Real Time view.
Model-driven telemetry (MDT) streams YANG-modeled sensor data over gRPC/gNMI at sub-minute intervals — continuous video versus SNMP's periodic photograph.
Dial-out sessions are router-initiated; dial-in sessions are collector-initiated.
ThousandEyes Enterprise Agents run on the Catalyst 8000 itself to measure real end-to-end SaaS experience, correlated with overlay health and WAN Insights.
You cannot troubleshoot what you cannot see. Effective operations begin with layered visibility: a control plane that tells you the fabric's overall state, streaming telemetry that captures the fine detail, and synthetic tests that measure the experience your users actually receive.
SD-WAN Manager monitoring dashboards
Cisco Catalyst SD-WAN Manager is the central point for monitoring and maintaining a Catalyst SD-WAN fabric, including all of its Catalyst 8000 edge routers. The Overview / Dashboard pages summarize the whole fabric at a glance: healthy versus unhealthy sites and devices, control-plane status (OMP and control connections), transport health (loss, latency, jitter by circuit), and alarm counts by severity. The analogy is an aircraft cockpit: a wall of green tells you to relax, while a single amber light tells you exactly where to look next.
A typical day-to-day monitoring flow: start on the main dashboard and scan for red or orange indicators; if a site looks degraded, drill into Monitor > Network > Devices and filter by model (8300/8500) to see CPU, memory, interface, and tunnel status; use the time-range selector to distinguish a sustained trend from a spike; use the Real Time view to confirm whether a problem is still happening now.
Panel
What it shows
Why it matters
System health
CPU, memory, uptime
Detects resource exhaustion and unexpected reloads
Control connections
OMP / control state to controllers, last change
Confirms the router is fully onboarded
BFD / tunnel health
Loss, latency, jitter per transport and tunnel
Feeds application-aware routing decisions
Interface statistics
Rate, drops, errors, CRCs, queue drops
Pinpoints physical or congestion problems
VPN / route statistics
Per-VPN traffic, learned routes, route changes
Reveals routing instability
Cellular health
Signal strength, operator, SIM status, throughput
Monitors LTE/5G-enabled branches
Alongside dashboards, SD-WAN Manager generates alarms and logs events (OMP Peer Down, BFD Session Down, high CPU, interface flaps). This is what lets you turn a vague user report ("the branch was down around 10:05") into a precise correlation with the exact control-plane, tunnel, or interface event that caused it.
Model-driven telemetry
Dashboards are excellent for human eyes, but their charts are coarse and SNMP polling is periodic. Model-Driven Telemetry (MDT) is a streaming framework that continuously pushes device data to external collectors using YANG data models. Key concepts: subscriptions define which YANG data paths (sensors) to monitor; data is encoded as GPB or JSON over gRPC/gNMI or TCP; in a dial-out session the router pushes updates to collectors, while in dial-in the collector initiates the subscription toward the router. If SNMP is taking a photograph every five minutes, MDT is shooting continuous video.
A practical pattern: identify critical sensors (interface counters, CPU/memory, BFD/tunnel SLA stats); create subscriptions (e.g. 30-second general health, 10-second critical tunnel/BFD); configure a dial-out collector destination (InfluxDB/Prometheus via Telegraf, or a commercial NPM/APM platform); then verify the router is streaming and the collector is parsing. Beware over-sampling, and protect the transport with TLS. Treat telemetry as a complement to SD-WAN Manager, not a replacement — Manager still provides the overlay control context that raw telemetry cannot.
ThousandEyes integration
ThousandEyes closes the gap between "how the fabric is behaving" and "how it feels to a user reaching Microsoft 365 across the public internet" with synthetic, end-to-end testing. SD-WAN Manager can install a ThousandEyes Enterprise Agent on selected Catalyst 8000 routers, letting the device itself initiate synthetic tests toward SaaS apps. WAN Insights uses SD-WAN telemetry to produce proactive path recommendations.
Worked example — slow Office 365 from a Catalyst 8300 branch. Ping looks fine and the branch has both MPLS and DIA. From the embedded agent, HTTP/network tests show high latency and retransmits in the upstream ISP segment near the SaaS provider; SD-WAN Manager's transport dashboard shows internet-tunnel loss spiking at the same time; WAN Insights suggests an alternate path; you adjust the SLA class or preferred path in policy and re-check both. The power is correlation: ThousandEyes tells you where on the path the problem lives, and SD-WAN Manager tells you whether the overlay reacted correctly.
Key Takeaway: SD-WAN Manager is your single pane of glass; model-driven telemetry adds sub-minute streaming resolution to catch microbursts; ThousandEyes Enterprise Agents on the router measure real end-to-end experience — correlating all three pinpoints whether a problem is in the branch, the underlay, or the application provider.
Post-Reading Check — Monitoring and Telemetry
1. A network operator wants to detect a five-second burst of packet loss that a 5-minute SNMP poll would smooth over. Which approach best fits this need?
Open the SD-WAN Manager Overview dashboard more frequentlyConfigure model-driven telemetry with a short sample interval streaming to a collectorIncrease the SNMP polling community string priorityGenerate an admin-tech bundle every five minutes
2. Users report Office 365 feels slow, but ping to the router is fine. Why is a ThousandEyes Enterprise Agent on the router more useful here than the SD-WAN Manager dashboard alone?
It replaces the need for the overlay control planeIt measures end-to-end experience along the path to the SaaS target, isolating where the problem livesIt reboots the router automatically when latency risesIt disables SNMP so the dashboard becomes more accurate
3. On the SD-WAN Manager Overview page, what is the intended first action when scanning for problems?
Immediately generate admin-tech for every deviceScan for red or orange indicators under Network/Transport Health or Alarms, then drill downRoll back the most recent software imageClear all control connections to reset the fabric
4. In a model-driven telemetry dial-out session, which device initiates the connection?
The collector initiates the subscription toward the routerSD-WAN Manager initiates on behalf of bothThe router pushes updates to one or more collectorsThe vBond orchestrator brokers each sample
5. Why is telemetry described as a complement to SD-WAN Manager rather than a replacement?
Telemetry can only run on controllers, not edge routersManager provides overlay control context (OMP, SLA decisions) that raw sensor streams lackTelemetry is less frequent than dashboard pollingManager cannot display any per-device health metrics
2. Troubleshooting
Pre-Reading Check — Troubleshooting
1. Why does the recommended methodology insist on proving the control plane before investigating BFD or SLA policy?
Control connections consume the most CPU, so they fail firstIf a lower layer is broken, every layer above it appears broken too — fix the foundation firstSLA policy cannot be inspected while control is upBFD must always be cleared before checking control
2. A cEdge shows control connections to vBond, vSmart, and vManage all up, but BFD to one remote site/color is down. What does this most directly indicate?
A controller certificate has expiredThe organization-name is mismatchedA data-plane problem: tunnel, crypto, or underlay for that pathThe site-ID is duplicated across the fabric
3. Connections are stuck at certificate-verify and the history shows repeated Certificate Validation Failure. Besides certificates, which factor is a classic root cause to check?
Interface queue dropsNTP / clock skew, which can make a valid certificate appear expiredApp-route SLA class definitionsThe software release train
4. Control is clean and stable, underlay and IPsec are correct, yet BFD stays down across multiple sites and colors. What should you now suspect?
A mismatched organization-name on every routerA software defect on that IOS XE train; check release notes and plan an upgradeA duplicate system-IP shared by all routersAn expired root CA certificate on the agents
5. For an intermittent crash that live show commands cannot explain, what is the primary diagnostic artifact to collect for TAC, and when?
A screenshot of the dashboard, taken any time laterAn admin-tech bundle, generated while the problem is occurring and from each device in the control chainA single show version after the next reloadA telemetry subscription created after the incident
Key Points
Troubleshoot bottom-up: control connections → OMP/TLOCs → tunnels → BFD → app-route/SLA policy. A broken lower layer makes every layer above it look broken.
show sdwan control connections shows current state; control local-properties catches identity/cert mismatches; control connections-history gives the exact failure reason code.
Certificate errors, case-sensitive org-name mismatches, duplicate site-IDs, and clock skew are the dominant control-connection root causes.
BFD down while control is up means a data-plane problem; widespread "stuck" BFD on an otherwise healthy fabric can be a software defect an upgrade resolves.
For hard cases, generate an admin-tech bundle via Tools > Operational Commands — while the problem is live and from every device in the control chain.
When something breaks, ad hoc poking wastes time. The discipline that consistently resolves Catalyst 8000 SD-WAN issues is to follow the dependency chain from the bottom up: prove the control plane first, then OMP and TLOCs, then tunnels, then BFD, and finally app-route/SLA policy. If a lower layer is broken, every layer above it will look broken too — so always start at the foundation.
flowchart TD
A["Layer 1: Control connections (DTLS/TLS to vBond/vSmart/vManage)"] --> B["Layer 2: OMP and TLOCs (overlay routing established)"]
B --> C["Layer 3: Tunnels (IPsec/GRE per color)"]
C --> D["Layer 4: BFD sessions (liveliness + loss/latency/jitter)"]
D --> E["Layer 5: App-route / SLA policy (path selection)"]
A -. "If broken, every layer above looks broken" .-> E
Each layer is verified green in sequence from the bottom up. A BFD failure at Layer 4 halts the chain — everything above it cannot be trusted until the foundation is fixed.
Control connection troubleshooting
A Catalyst 8000 cEdge cannot do anything useful in the overlay until it has stable control connections. Step 1 — verify current state with show sdwan control connections (look for state up). No entries or all down suggests underlay/DNS/controller-IP problems; only vBond up means an onboarding failure; frequent short-uptime flaps point to underlay loss, MTU, firewall/ALG, or unstable WAN.
Router# show sdwan control connections
Router# show sdwan control local-properties
Router# show sdwan control connections-history
Step 2 — show sdwan control local-properties shows identity: verify system-ip, unique site-id, exact case-sensitiveorganization-name, correct vbond, and valid certificates. Step 3 — the connections-history table gives actionable reason codes (Certificate Validation Failure, DTLS negotiation failed, TCP timeout, No route to peer). Step 4 — validate certificates and NTP/clock (skew can make a valid cert appear expired). Step 5 — confirm underlay reachability with ping, traceroute, show ip route. After a fix, force renegotiation with clear sdwan control connections, then confirm OMP with show sdwan omp peers.
Figure 10.2: Control connection troubleshooting decision flow
flowchart TD
Start(["show sdwan control connections"]) --> Q1{"Any connections up?"}
Q1 -- "None / all down" --> R1["Suspect underlay reachability, DNS, or controller-IP problem"]
Q1 -- "Only vBond up" --> R2["Onboarding failure: certificate, org-name, or policy"]
Q1 -- "Frequent flaps, short uptime" --> R3["Underlay loss, MTU, firewall/ALG, unstable WAN"]
R1 --> Local["show sdwan control local-properties"]
R2 --> Local
R3 --> Local
Local --> Q2{"system-IP, site-ID, org-name, vBond, certs all correct?"}
Q2 -- "No" --> Fix1["Correct identity / cert mismatch"]
Q2 -- "Yes" --> Hist["show sdwan control connections-history"]
Hist --> Q3{"Reason code?"}
Q3 -- "Certificate Validation Failure" --> Cert["show sdwan certificate + verify NTP / clock skew"]
Q3 -- "TCP timeout / No route" --> Under["ping / traceroute / show ip route check NAT, firewall, ports"]
Fix1 --> Clear["clear sdwan control connections"]
Cert --> Clear
Under --> Clear
Clear --> Done(["Confirm OMP: show sdwan omp peers / tlocs"])
Data plane (BFD/IPsec) issues
Once control and OMP are stable, BFD sessions for the SD-WAN IPsec tunnels should form automatically. BFD is enabled by default and monitors both liveliness and performance. Baseline with show sdwan bfd sessions (per-TLOC state, color, encap). The crucial shortcut: if BFD is down while control to the same peer is up, the problem is in the data plane — the tunnel, crypto, or underlay. Correlate with show sdwan tunnel, read show sdwan bfd history for transition reasons, and relate to SLA with show sdwan app-route statistics. If control is clean yet BFD stays stuck down across many sites/colors, suspect a software defect and plan an upgrade.
flowchart TD
Start(["show sdwan bfd sessions"]) --> Q1{"BFD up to peer?"}
Q1 -- "Up" --> SLA["show sdwan app-route statistics"]
SLA --> Q4{"Chronic high loss on a path?"}
Q4 -- "Yes" --> Steer["Policy may steer away despite tunnel alive"]
Q4 -- "No" --> OK(["Data plane healthy"])
Q1 -- "Down (control up)" --> DP["Data-plane problem: tunnel, crypto, or underlay"]
DP --> Tun["show sdwan tunnel"]
Tun --> Q2{"Tunnel building?"}
Q2 -- "No" --> Underlay["Troubleshoot underlay for color: routes, NAT, firewall ports, MTU"]
Q2 -- "Yes" --> Hist["show sdwan bfd history"]
Hist --> Q3{"Pattern?"}
Q3 -- "Repeated timeout / loss" --> Path["Underlay instability or firewall dropping keepalives"]
Q3 -- "Stuck down across many sites / colors" --> Bug["Suspect software defect: check release notes, plan upgrade"]
Useful show and admin-tech commands
Some problems outrun what live show commands reveal. For these you collect an admin-tech bundle: a comprehensive snapshot of configuration, routing tables, control state, logs, core files, and system info. Generate it from SD-WAN Manager via Tools > Operational Commands (Generate Admin Tech for Manager, or per-device). Two tips: generate it while the problem is occurring, and for control-plane problems collect it from the affected Catalyst 8000 and from vSmart, vBond, and SD-WAN Manager.
Command
Purpose
show sdwan control connections
Current DTLS/TLS state to vBond/vSmart/vManage
show sdwan control connections-history
Disconnect reasons and timestamps
show sdwan control local-properties
System-IP, site-ID, org-name, vBond, certs
show sdwan certificate
Certificate validity and trust chain
show sdwan omp peers / omp tlocs
OMP peering and learned TLOCs/routes
show sdwan bfd sessions
Per-TLOC tunnel state, color, encap
show sdwan bfd history
BFD up/down transitions and reasons
show sdwan tunnel
IPsec/GRE tunnel status and counters
show sdwan app-route statistics
Loss/latency/jitter per path for SLA decisions
clear sdwan control connections / bfd sessions
Force renegotiation after a fix
Key Takeaway: Always fix the control plane first, then validate the data plane with BFD → tunnel → BFD history. BFD-down-while-control-up means a data-plane problem; for hard cases, generate an admin-tech bundle while the problem is live and attach it to your TAC case.
Post-Reading Check — Troubleshooting
1. Why does the recommended methodology insist on proving the control plane before investigating BFD or SLA policy?
Control connections consume the most CPU, so they fail firstIf a lower layer is broken, every layer above it appears broken too — fix the foundation firstSLA policy cannot be inspected while control is upBFD must always be cleared before checking control
2. A cEdge shows control connections to vBond, vSmart, and vManage all up, but BFD to one remote site/color is down. What does this most directly indicate?
A controller certificate has expiredThe organization-name is mismatchedA data-plane problem: tunnel, crypto, or underlay for that pathThe site-ID is duplicated across the fabric
3. Connections are stuck at certificate-verify and the history shows repeated Certificate Validation Failure. Besides certificates, which factor is a classic root cause to check?
Interface queue dropsNTP / clock skew, which can make a valid certificate appear expiredApp-route SLA class definitionsThe software release train
4. Control is clean and stable, underlay and IPsec are correct, yet BFD stays down across multiple sites and colors. What should you now suspect?
A mismatched organization-name on every routerA software defect on that IOS XE train; check release notes and plan an upgradeA duplicate system-IP shared by all routersAn expired root CA certificate on the agents
5. For an intermittent crash that live show commands cannot explain, what is the primary diagnostic artifact to collect for TAC, and when?
A screenshot of the dashboard, taken any time laterAn admin-tech bundle, generated while the problem is occurring and from each device in the control chainA single show version after the next reloadA telemetry subscription created after the incident
3. Lifecycle Management
Pre-Reading Check — Lifecycle Management
1. In install mode, what is the role of the commit step in install add file ... activate commit?
It loads the image into the install repositoryIt switches the active package set without reloadingIt makes the newly activated package set the permanent boot setIt downloads the image from the SD-WAN Manager repository
2. When upgrading an SD-WAN fabric, what is the correct order recommended by Cisco?
Upgrade all edges first, then the controllersUpgrade controllers (Manager, vSmart, vBond) first, then the edgesUpgrade everything simultaneously to stay in syncUpgrade only the edges; controllers never need upgrading
3. A branch sits on a release that has reached End of Software Maintenance (EoSM). What does this mean operationally?
It still receives limited new featuresNo routine fixes arrive; migrate now because severe issues may go unaddressedTAC support is fully available indefinitelyThe hardware has reached end of sale
4. After an upgrade, an activated image causes a regression but you have not yet committed. Which is the fastest software safety net?
configure replace to restore the prior configinstall rollback to committed, which reverts to the previously committed image and reloads onceRe-flash via ROMMON over TFTPClear the control connections
5. Why is deploying branches as dual C8300s with dual tunnels relevant to upgrade downtime?
It enables true zero-downtime ISSU on single-RP routersIt lets traffic shift to the peer during a reload, minimizing disruption when you drain and upgrade one routerIt removes the need to read release notesIt eliminates the reload step entirely
Key Points
Catalyst 8000 platforms run IOS XE in install mode: install add file ... activate commit performs add (load into repository) → activate (run, one reload) → commit (make permanent).
Prefer SD-WAN Manager's software repository and staged upgrade jobs for fleets; always run prerequisite checks (space, ROMMON, release notes) and upgrade controllers before edges.
Two independent safety nets: software rollback (install rollback to committed / to <id>) and configuration rollback (archives / configure replace). ROMMON+USB/TFTP recovers a router that won't boot.
Minimize downtime through HA design (dual routers, dual tunnels) and draining traffic before upgrading in small verified batches — true zero-downtime ISSU is limited on single-RP branch routers.
Anchor planning to Cisco's IOS XE lifecycle stages: Active → Maintenance-only → EoSM → EoS. Migrate with months of lead time before maintenance ends.
A fabric is never "finished." Software releases mature and retire, hardware reaches end of sale, and the safe-and-supported version of today becomes the unpatched liability of tomorrow. Lifecycle management is the practice of renewing the platform on a deliberate schedule rather than reacting to an outage or a security advisory.
Software upgrade workflows
Catalyst 8000 platforms run IOS XE in install mode, where a .bin image is unpacked into packages and packages.conf becomes the boot file. Before any upgrade, capture current state with show version and show install summary, back up the running config, read the target release notes for caveats and minimum ROMMON, and check free space with dir bootflash:.
Via SD-WAN Manager (recommended for fleets): stage the image into Maintenance > Software Repository; scope the job by site/region/role and upgrade controllers before edges; execute under Maintenance > Software Upgrade with optional pre/post checks and download-only pre-staging. Via CLI:
Here add loads the image into the install repository, activate switches the active package set (one reload), and commit makes it the permanent boot set. For more control, run the three phases separately and install commit only after validation.
Figure 10.4: Install-mode upgrade and rollback state machine
stateDiagram-v2
[*] --> Committed: Current image
Committed --> Added: install add file
Added --> Activated: install activate (reload)
Activated --> NewCommitted: install commit
Activated --> Committed: install rollback to committed (reload)
NewCommitted --> [*]: New image permanent
NewCommitted --> Committed: install rollback to (reload)
note right of Added
Image unpacked into
install repository
end note
note right of Activated
New package set running,
not yet permanent
end note
The image advances Committed → Added → Activated → New Committed (one reload at activate). Orange dashed paths show the rollback escape routes back to the previously committed image.
Minimizing downtime. True zero-downtime ISSU is limited on the single-RP branch routers common in Catalyst 8000 deployments. Instead, minimize disruption through HA design — deploy branches in pairs (dual C8300s) with dual SD-WAN tunnels so traffic shifts to the peer during a reload — and drain traffic from a router via SD-WAN policy before upgrading it in small, verified batches.
Backup and recovery
Every upgrade needs a safety net. IOS XE install mode provides two independent ones. Software rollback reverts to a previously committed image:
Router# show install rollback
Router# install rollback to committed
You can also roll back to a specific stored instance with install rollback to <id>; rollback restores the earlier package set and reloads once. Configuration rollback is separate: save a checkpoint before the change, and if something regresses use configure replace or archive-based rollback. For the worst case — a corrupted image that won't boot — recovery uses ROMMON with USB or TFTP to load a known-good IOS XE image, after which you re-enter install mode.
End-of-life planning and roadmap
Cisco's Software Lifecycle Support Statement for IOS XE defines how long each release receives maintenance and security updates; from IOS XE 26.1.1, Cisco plans roughly two releases per year with defined lifecycle stages.
Stage
What you still get
Operational meaning
Active maintenance
Bug fixes, security patches, limited new features
Preferred state for production
Maintenance-only / extended
Critical bug fixes and security updates only
Plan your successor release
End of Software Maintenance (EoSM)
No routine fixes
Migrate now; severe issues may go unaddressed
End of Support (EoS)
Nothing — TAC support and updates cease
Running here means unpatched vulnerabilities
Figure 10.5: IOS XE release lifecycle stages
timeline
title IOS XE Release Lifecycle Progression
Active maintenance : Bug fixes, security patches, limited new features : Preferred state for production
Maintenance-only / extended : Critical bug fixes and security updates only : Plan your successor release
End of Software Maintenance (EoSM) : No routine fixes : Migrate now; severe issues may go unaddressed
End of Support (EoS) : No TAC support or updates : Running here means unpatched vulnerabilities
The "today" marker advances along the lifecycle as a release ages: Active (blue) → Maintenance-only (blue) → EoSM (amber) → EoS (red). Plan migration with months of lead time before the marker reaches the danger zone.
A practical strategy: maintain an inventory mapping each Catalyst 8000 to its IOS XE release, image type, model, and serial (exportable from SD-WAN Manager); look up release status and EoL/EoS dates; standardize on a recommended "safe/preferred" release; and plan with months of lead time before EoSM/EoS. Running past EoSM/EoS leaves you exposed to unpatched vulnerabilities and risks incompatibility with newer controllers.
Key Takeaway: Anchor upgrade planning to Cisco's published IOS XE lifecycle stages (Active → Maintenance → EoSM → EoS), keep an accurate inventory mapped to EoL/EoS dates, standardize on a supported release, and migrate in tested batches with months of lead time before maintenance ends.
Post-Reading Check — Lifecycle Management
1. In install mode, what is the role of the commit step in install add file ... activate commit?
It loads the image into the install repositoryIt switches the active package set without reloadingIt makes the newly activated package set the permanent boot setIt downloads the image from the SD-WAN Manager repository
2. When upgrading an SD-WAN fabric, what is the correct order recommended by Cisco?
Upgrade all edges first, then the controllersUpgrade controllers (Manager, vSmart, vBond) first, then the edgesUpgrade everything simultaneously to stay in syncUpgrade only the edges; controllers never need upgrading
3. A branch sits on a release that has reached End of Software Maintenance (EoSM). What does this mean operationally?
It still receives limited new featuresNo routine fixes arrive; migrate now because severe issues may go unaddressedTAC support is fully available indefinitelyThe hardware has reached end of sale
4. After an upgrade, an activated image causes a regression but you have not yet committed. Which is the fastest software safety net?
configure replace to restore the prior configinstall rollback to committed, which reverts to the previously committed image and reloads onceRe-flash via ROMMON over TFTPClear the control connections
5. Why is deploying branches as dual C8300s with dual tunnels relevant to upgrade downtime?
It enables true zero-downtime ISSU on single-RP routersIt lets traffic shift to the peer during a reload, minimizing disruption when you drain and upgrade one routerIt removes the need to read release notesIt eliminates the reload step entirely