A ten-year-old server is almost always past its useful life. A ten-year-old switch is often just fine. The reason is physics, not preference.
This is a confusing fact for IT teams trained to refresh hardware on a single timeline. It leads to two opposite mistakes: refreshing network gear too aggressively (wasting money) and refusing to refresh it ever (accumulating real liability).
The honest framework is: lifecycle expectations should match the failure modes of the actual gear class. Network gear has fewer moving parts, simpler firmware, smaller attack surfaces, and longer useful lives than compute. But the exceptions matter, and they matter more every year.
Why switches last
Three structural reasons.
Fewer moving parts. A typical L2/L3 access switch has fans and ports. That's it. No spinning disks. No removable RAM. No backplane that wears. Compare to a server: PSUs, fans, drives, DIMMs, NICs, backplane, RAID controller, battery, BMC. Every moving part is a future fault.
Simpler firmware. A switch runs a relatively small, stable codebase. Cisco IOS, JunOS, Arista EOS — these have evolved slowly. A new feature in IOS 17 in 2025 is not a new feature in a sense your access switch needs. Servers run general-purpose OSes with massive surface areas that demand constant patching and care.
Slower environmental change. Ethernet hasn't fundamentally changed at the access layer in 20 years. 1G access ports from 2012 are still 1G access ports in 2026; the protocol is the same. A server from 2012 is running a CPU architecture that has lost three generations of efficiency.
Lower thermal stress. Most access switches run cool. A core or distribution switch under load runs warm. But compared to a server CPU at 200W TDP cycling for a decade, switch silicon is nearly idle.
These factors compound. A well-treated Cisco Catalyst 2960S from 2012 in a temperate IDF closet, with consistent PoE load and clean power, is operating in 2026 essentially the same conditions as 2012. The hardware has no reason to fail.
Where this breaks down
Five places where the lifecycle physics inverts.
PoE budget. This is the single biggest exception. The 2012 switch was designed for 802.3af (15.4W per port) or 802.3at (30W per port). The 2025 endpoints — cameras, access points with Wi-Fi 6E and Wi-Fi 7 radios, PTZ cameras, modern thin clients — want 802.3bt PoE++ (60W or 90W per port). You cannot upgrade the switch's PoE budget; it is a physical power supply and circuit board limit. A working switch that cannot power the modern endpoints below it is broken from the user's perspective, even though it's healthy hardware.
Edge speed. A 2014 switch with 1G access ports is no longer fine for 2025 endpoints. Wi-Fi 6E APs need 2.5GbE multi-gig. 4K video conferencing wants 2.5GbE at the edge. A 1G uplink from a switch into a distribution closet handles 8 desks well; it does not handle 30 desks with modern workloads. The hardware works; the throughput is wrong.
End of software maintenance. A switch can be physically perfect and structurally a security liability. When Cisco ends software maintenance on an IOS train, you stop getting security patches. A 2014 Catalyst running an IOS version with known CVEs and no patches is a network breach waiting to happen. End-of-software is different from end-of-hardware, and it kills switch lifecycles faster than mechanical failure does.
Wireless standard transitions. Wireless gear shifts faster than wired. A 2017 Wi-Fi 5 (802.11ac) AP is genuinely showing its age in 2026 — not because of failure but because clients have moved to Wi-Fi 6 and Wi-Fi 6E and the AP cannot deliver what those clients expect. Wireless controllers tend to shift on the same cadence.
Firewall and security platform churn. Firewalls are not switches. They run modern, fast-evolving security stacks (IPS, sandboxing, TLS decryption, threat intel feeds, identity integration). A 2018 firewall in 2025 is missing five years of detection improvements even if the underlying hardware works.
The framework — by device class
A useful expected-life table for budget planning:
- Access switches (no PoE, gigabit): 10-15 years if the codebase still gets patches
- PoE access switches: 7-10 years, shortened by PoE budget growth
- Distribution switches: 10-12 years for hardware, often shorter due to feature requirements
- Core switches: 8-12 years; refreshes track speed jumps (10G → 25G → 100G)
- Wireless controllers: 5-7 years; standard transitions force refresh
- Wireless access points: 5-7 years; same reason
- Firewalls: 5-7 years; security-platform churn dominates
- WAN routers: 7-10 years; depends heavily on circuit speed evolution
Numbers move with deployment density. A switch handling 8 PoE cameras is on a different curve than the same switch handling 47 Wi-Fi 6E APs.
Where the mistakes happen
"It still works so it's fine." A 2014 access switch with an IOS version that hasn't received a security patch in 4 years is not fine. It is functionally broken. The fact that frames are flowing means nothing about security exposure. End-of-software-support is the lifecycle event that matters most for switches, not end-of-hardware.
"It's old so refresh it." A working 2014 switch with current software, adequate PoE budget for the current endpoints, and acceptable edge speeds, doing nothing wrong, does not need to be replaced. The five-year refresh cycle that applies to servers and laptops is not the right cycle for switches. Refreshing every cable closet every five years burns budget that should go elsewhere.
The honest counsel
Network gear is not compute. The 5-year refresh cycle that makes sense for laptops makes much less sense for switches. The right question is not "how old is the gear" — it's a combination of "is it still receiving security patches," "does it deliver the speeds and PoE budgets the current endpoints need," and "is anything in the wireless or security ecosystem forcing the refresh anyway."
The teams that get this right have a written network refresh policy keyed to those three questions, reviewed annually. The teams that get it wrong either refresh on a uniform 5-year clock (paying for healthy gear) or skip refreshes entirely until something visibly breaks (accumulating security debt). The right answer is in the middle, and it has to be deliberate.