Legally obtain Cisco IOS updates for free

Lets say you have a Cisco router that’s running an out of date IOS version and want to get a more recent image. It’s safe to say you’ll want to avoid resorting to piracy, Perhaps you don’t want to spend the money on a SMARTnet subscription. There’s a way to legally obtain an updated version that many people over look, security updates.

As it stands, CISCO’s security vulnerability policy states that (emphasis mine):

As a special customer service, and to improve the overall security of the Internet, Cisco may offer customers free of charge software updates to address security problems. If Cisco has offered a free software update to address a specific issue, noncontract customers who are eligible for the update may obtain it by contacting the Cisco TAC using any of the means described in the Contact Summary section of this document. To verify their entitlement, individuals who contact the TAC should have available the URL of the Cisco document that is offering the update.

Great! So we can probably get free updates if they fix a security issue, so what next? Head over to a handy on-line Cisco tool to identify what vulnerabilities are present in the version of IOS you’re running. Paste in the output of the “show ver” command and you’ll be presented with a list of vulnerabilities affecting your device.

Providing sh ver output to software checker

With that information, send TAC Support an e-mail including the output of the “show ver” command and the list of vulnerabilities and you will be sent a one-off link to obtain the latest IOS image for your device, free of charge.

Published by

Dave Hope

Dave is a Principal Software Analyst for a UK based retirement developer, in his spare time he enjoys digital photography and rock climbing.

9 thoughts on “Legally obtain Cisco IOS updates for free”

  1. After 2 years of this post, i can say it still works.
    After sending few emails with the TAC i just got from them the lastest firmware for my cisco router.
    Just a mention for anybody that is trying to obtain free firmware from TAC. After 2-3 emails, they said i cannot ever obtain a free firmware from them, but i just copy-pasted the following lines from any cisco security advisory, from the Obtaining Fixed Software section:
    “Customers Without Service Contracts

    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Customers without service contracts should request free upgrades through the TAC.”

  2. I needed ap3g2-k9w7-tar.153-3.JC.tar and followed the above instructions on February 3, 2016. It worked for me as TAC has responded with an account login…

    Thank you!

  3. Tried this on 02/03/17 and can confirm this DOES work. I too sent an email to with my AP model, serial number, a screenshot of my current firmware version, the snippet from the security advisory mentioned above, and a link to the vulnerability page provided from the Cisco Software Checker.

    I was connected to a rep and had my firmware within a few hours. Maybe I was lucky, but I appreciated how fast they contacted me.

  4. Thank you so much for that posting. Just used it to get updates for a 17oo series AP…

    Had to register and write three email’s, the last one I had to remind them about their “security vulnerability policy” but after that I got a call only half an our after the call. The Agent asked once more for the vulnerability’s and the serial’s and forwarded it to an engineer to send me the link…

    I’m surprised and happy

  5. Many thanks for this; I can also say that as of 17th May 2017, this still works. I sent an email to TAC with the information as above; was contacted by an engineer and advised of which software build I should get.
    I responded to the engineer, pointing out Cisco’s policy and requesting a free update…

    ….and I have now just loaded IOS 15.4(3)M7 to my 887VAGW following downloading it from the link supplied.

Leave a Reply

Your email address will not be published. Required fields are marked *