Alternate Wireless LAN Autonomous

AP Upgrade Method

Table of Contents

Table of Contents 1
Executive Summary 2
Access Point Firmware Images and Static Configurations 2
Redeploy AP 3
Configuration Preparation 3
 Certificate Status 4
 Firmware Version Check 4
 Radio Status 4
 Interface Status Check 5
 Domain Name Verification and Configuration (Optional) 5
 DNS Verification and Configuraiton (Optional) 5
 Machine Clock Verification and Configuraiton 6
Upgrade autonomous AP to LWAPP 6
Verify AP in Lightweight Mode 7
Recommendations 9
APPENDIX: Sample AP console capture of upgrade process to lightweight mode 10

Page 1 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method

Executive Summary

This document provides an alternate method to upgrade 1120, 1130, 1230, 1240, 1250, 1140 AP’s which
have a manufacturing installed certificate (MIC) to LWAPP or CAPWAP mode. This method has been
tested in the lab using 1120, 1130, 1230, 1240 and proved to work with AP’s with MIC installed.
However, this is not officially supported by Cisco TAC. After upgrading to LWAPP or CAPWAP, AP
should join a wireless LAN controller via normal LWAPP and CAPWAP Discovery process.
If the upgrade fails using this procedure, refer to the upgrade document Upgrading Autonomous Cisco
Aironet Access Points to Lightweight Mode1 to recover AP to autonomous mode, and then use the
LWAPP / CAPWAP conversion tool to convert the autonomous AP to LWAPP / CAPWAP mode.
Access Point Firmware Images and Static Configurations

To upgrade an AP in autonomous mode to LWAPP or CAPWAP mode, the AP should run on IOS
version 12.3(7)JA or later. The converted AP will run a lightweight version of IOS release 12.3(x)JX,
which enables the AP to join a wireless LAN controller (WLC) using LWAPP or CAPWAP protocol.
An IOS Lightweight AP running 12.3(x)JX only supports minimal configurations to be enter via its
console interface. Only the following configurations are allowed to be manually entered:
 Static IP address
 Controller IP address
 AP Host name
 Default Gateway
The following commands configure the corresponding parameters:
 lwapp | capwap ap ip address <ip_address> <mask>
 lwapp | capwap ap controller ip address <ip_address>
 lwapp | capwap ap hostname <ap_hostname>
 lwapp | capwap ap ip default-gateway <ip_address>
When AP is configured with a static IP address, AP will bypass DHCP option 43 and the LWAPP
Discovery process. AP will attempt to resolve a default WLC DNS name of CISCO-LWAPP-
CONTROLLER + <domain.name> or CISCO-CAPWAP-CONTROLLER + <domain.name>to discover
and join a WLC. Boeing currently deploys Lightweight AP with DHCP Option 43 as main LWAPP and
CAPWAP Discovery mechanism.
After the AP joins a controller, it receives configurations from the controller, and the AP hostname and
static IP address of the controller are deleted from the AP configuration file. However, the static IP
address and default gateway are not deleted.

1
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.pdf

Page 2 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method

For AP that runs in autonomous mode, 12.3(x)JA and 12.3(x)JEA trains are recommended for AP to
receive full IOS support for wireless LAN services.
Redeploy AP

When an AP is redeployed after moving it from one location to another, it is recommended that the
LWAPP or CAPWAP configuration file to be deleted and to restore the AP to factory default settings.
Deleting AP LWAPP or CAPWAP configuration will allow AP to rediscover Wireless LAN controllers
on the network; however, the AP will be reset immediately following the deletion of AP configuration.
The figure demonstrates how to clear Lightweight AP configuration.

To reset an AP in IOS mode to factory setting, physical access to the AP is required. The detailed reset
procedure can be found in the following URL under Using a TFTP Server to Return to a Previous
Release section:
http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/b37jx9rn.pdf
Configuration Preparation
Before upgrading an autonomous AP to LWAPP, verify the following:
 Certificate status
 Firmware version check
 Radio model and status
 Interface status check

Page 3 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method

 Domain name verification and configuration (Optional)

 DNS verification and configuration (Optional)
 Machine time verificaiton
 Certificate Status
The AP to be upgraded should already have a MIC installed. To verify the status of MIC, issue the following command
from AP CLI interface.
test_test-ap#test pb display
------------------------------
Display of the Parameter Block
------------------------------
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1

Another way to verify AP with MIC is that all APs with the serial number of FTX0931XXXX code and above will have
the MIC preinstalled at the manufacturing. A CCO tool will also provide the ship date from Cisco with serial number:
http://www.cisco.com/cgi-bin/front.x/scccibdispatch
Look for the Quick Search and pull the drop down. Select Serial Number.
The ship date should be very close to the manufacturing date. If the AP was shipped close to the date noted below (July
18th, 2005), it may not have the MIC installed at manufacturing.
 Firmware Version Check
To upgrade an autonomous AP to LWAPP mode, the autonomous AP requires IOS 12.3(7)JA or later. To verify the IOS
version on an AP, issue the following command from AP CLI interface.

test_test-ap#show ver | in Cisco IOS

Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.3(7)JA4, RELEASE
SOFTWARE (fc1)
 Radio Status
Cisco recommends that the radio interfaces to be disabled before upgrade. By default, Radio interfaces are disabled.
This is a simple test to verify the radio interfaces status. To verify the status of radios, issue the following command
from AP CLI interface.
test_test-ap#show controller | include Radio AIR
Radio AIR-AP1242GA, Base Address 0015.c781.90c0, BBlock version 0.00, Software
version 6.00.1
Radio AIR-AP1242A, Base Address 0015.c785.90c0, BBlock version 0.00, Software
version 6.00.1
test_test-ap#show controllers d0 | include Current
Current Frequency: 0 MHz Channel 0
Current CCK Power: 20 dBm
Current OFDM Power: 17 dBm
Current Rates: basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0
24.0 36.0 48.0 54.0
Current Voice Rates: 5.5 6.0 11.0 12.0 24.0 [disabled until voice packet-
discard enabled]
test_test-ap#show controllers d1 | include Current

Page 4 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
Current Frequency: 0 MHz Channel 0
Current Power: 17 dBm
Current Rates: basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
Current Voice Rates: 6.0 12.0 24.0 [disabled until voice packet-discard
enabled]

To disable radio interfaces for AP, use the following CLI command.

test-test-ap(config)#int Dot11Radio0
test-test-ap(config-if)#shut
test-test-ap(config)#int Dot11Radio1
test-test-ap(config-if)#shut

 Interface Status Check

This is a simple test to verify interfaces status. To verify the status of interfaces, issue the following command from AP
CLI interface.
test-test-ap#show int F0 | include address
Hardware is PowerPCElvis Ethernet, address is 0016.47b2.0d2e (bia
0016.47b2.0d2e)
test-test-ap#show int | include Dot11Radio
Dot11Radio0 is administratively down, line protocol is down
Dot11Radio1 is administratively down, line protocol is down
 Domain Name Verification and Configuration (Optional)
If an AP has a configured static IP address, the only way for the AP to discover a WLC is via DNS look up. The AP in
Lightweight mode will be requerying controller using default Controller hostname, CISCO-LWAPP-CONTROLLER +
<Domain_Name> or CISCO-CAPWAP-CONTROLLER + <domain.name>. It has been tested that the AP will upgrade
successfully and join a controller without domain name configuration.
This is a simple test to verify domain name configuration. By default, AP does not have a domain name configured. To
verify the status of interfaces, issue the following command from AP CLI interface.
test-test-ap#show run | include ip domain name
ip domain name <domain.name>
To configure a domain name for AP, use the following CLI command.
test-test-ap(config)#ip domain name <domain.name>
 DNS Verification and Configuraiton (Optional)
If an AP has a configured static IP address, the only way for the AP to discover a WLC is via DNS look up. The AP in
LWAPP mode will be requerying controller using default Controller hostname, CISCO-LWAPP-CONTROLLER +
<Domain_Name> or -CAPWAP-CONTROLLER + <domain.name>. It has been tested that the AP will upgrade
successfully and join a controller without DNS configuration.
This is a simple test to verify DNS configuration. To verify the DNS configuration, issue the following command from
AP CLI interface.
test-test-ap#sh ip name-server
<DNS IP address>

Page 5 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method

To configure a DNS server for AP, use the following CLI command.
test-test-ap(config)#ip name-server <DNS IP Address>
 Machine Clock Verification and Configuraiton
This is a simple test to verify that AP has the correct machine clock configuration. To verify the clock configuration,
issue the following command from AP CLI interface.
test-test-ap#show clock
*02:51:26.682 UTC Fri Mar 1 2002
To configure machine clock for AP, use the following CLI command.
test-test-ap#clock set 17:39:28 6 Nov 2010

Upgrade autonomous AP to LWAPP

The following steps will load the LWAPP conversion image to AP via tftp.
test-test-ap(config)#no sntp broadcast client
test-test-ap(config)#no timezone

test-test-ap#arch down /over /create-space tftp://<tftp>/c1240-rcvk9w8-

tar.123-11JX1.tar

test-ap #show archive status

SUCCESS: Upgrade complete.

test-ap #write erase

Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete

test-test-ap#dir flash:
Directory of flash:/

10 drwx 128 Nov 6 2010 17:41:05 +00:00 c1240-rcvk9w8-mx

3 -rwx 4 Mar 6 2002 20:50:36 +00:00 ALP10011N48
7 -rwx 299 Nov 6 2010 17:41:11 +00:00 env_vars
2 -rwx 7192 Nov 6 2010 17:51:45 +00:00 private-multiple-fs
15998976 bytes total (9018368 bytes free)

test-ap#more flash:/env_vars
BOOT=flash:/c1240-rcvk9w8-mx/c1240-rcvk9w8-mx
DEFAULT_ROUTER=10.0.0.1
ENABLE_BREAK=no
IOS_DEFAULT_DOMAIN_NAME=cisco.com
IOS_NAME_SERVER_ADDR=171.70.168.183
IOS_STATIC_DEFAULT_GATEWAY=10.10.100.1
IP_ADDR=10.0.0.1
MANUAL_BOOT=no
NETMASK=255.255.255.224
RELOAD_REASON=9
TERMLINES=0

test-test-ap#reload

Page 6 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
System configuration has been modified. Save? [yes/no]: yes
Building configuration...
[OK]
Proceed with reload? [confirm]y

Verify AP in Lightweight Mode

You should verify that autonomous AP has been converted to LWAPP mode by monitoring the AP console output. AP’s
hostname will be changed to:
AP + <MAC Address of fastEthernet interface>.
From AP console, the following CLI can be used to verify AP LWAPP configuration.
AP0016.47b2.0d2e>show lwapp client config
configMagicMark 0xF1E2D3C4
chkSumV2 14935
chkSumV1 8590
swVer 4.2.207.0
adminState ADMIN_ENABLED(1)
name AP0016.47b2.0d2e
location default location
group name
mwarName
mwarName
mwarName
numOfSlots 2
spamRebootOnAssert 1
spamStatTimer 180
randSeed 0x769B
transport SPAM_TRANSPORT_L3(2)
transportCfg SPAM_TRANSPORT_DEFAULT(0)
initialisation SPAM_PRODUCTION_DISCOVERY(1)
ApMode Local
Discovery Timer 10 secs
Heart Beat Timer 30 secs
Led State Enabled 1
AP ILP Pre-Standard Switch Support Disabled
AP Power Injector Disabled
Configured Switch 1 Addr 10.10.100.103
Configured Switch 2 Addr 10.10.100.101
Configured Switch 3 Addr 10.10.100.131
Configured Switch 4 Addr 10.10.100.133
Configured Switch 5 Addr 10.10.100.141
Configured Switch 6 Addr 10.10.100.143
non-occupancy channels:
Slot 0
adminstate ADMIN_ENABLED(1)
radioType RADIO_TYPE_80211bg
chanAutoCfg CONFIG_AUTO
channel 11
txPowerAutoCfg CONFIG_AUTO
txPowerLevel 8
diversitySelection DIVERSITY_ENABLED
Antenna Mode ANTENNA_OMNI
antennaSelection_0 EXTERNAL_ANTENNA
antennaSelection_1 EXTERNAL_ANTENNA

Page 7 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
twiceExtAntennaGain 0
Profile Mode CONFIG_AUTO
Load Profile
rfBusyThreshold 0
numClientsThreshold 0
bytesPerSecThreshold 0
Interference Profile
InterferenceThreshold 0
Noise Profile
NoiseThreshold 0
Coverage Profile
SNRThreshold 0
ExceptionThreshold 0
minClientsThreshold 0
11gSupport Enabled
override mode Disabled
CCX RM Mode CONFIG_AUTO
CCX RM Config
rm state 0
rm meas interval 0
Slot 1
adminstate ADMIN_ENABLED(1)
radioType RADIO_TYPE_80211a
chanAutoCfg CONFIG_AUTO
channel 64
txPowerAutoCfg CONFIG_AUTO
txPowerLevel 8
diversitySelection DIVERSITY_ENABLED
Antenna Mode ANTENNA_OMNI
antennaSelection_0 EXTERNAL_ANTENNA
antennaSelection_1 EXTERNAL_ANTENNA
twiceExtAntennaGain 0
Profile Mode CONFIG_AUTO
Load Profile
rfBusyThreshold 0
numClientsThreshold 0
bytesPerSecThreshold 0
Interference Profile
InterferenceThreshold 0
Noise Profile
NoiseThreshold 0
Coverage Profile
SNRThreshold 0
ExceptionThreshold 0
minClientsThreshold 0
11gSupport Disabled
override mode Disabled
CCX RM Mode CONFIG_AUTO
CCX RM Config
rm state 0
rm meas interval 0

AP0016.47b2.0d2e>

Page 8 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method

Recommendations

This document provides an alternate way to upgrade AP from autonomous mode to LWAPP mode. This
procedure does not replace the need for IOS to LWAPP conversion tool and is not officially supported
by Cisco TAC. Nevertheless, through lab testing, Cisco Advanced Services has verified that this
method upgrades AP successfully more than 90% of time and may make sense in a controlled
environment.

Page 9 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method

APPENDIX: Sample AP console capture of upgrade process to lightweight mode

User Access Verification

Username: Cisco
Password:
ap>show privilege
Current privilege level is 1
ap>enable
Password:
test-ap#term length 0
test-ap#show version | include Cisco IOS
Cisco IOS Software, C1240 Software (C1240-K9W7-M)
test-ap#show controller | include Radio AIR
Radio AIR-AP1242GA, Base Address 0015.c781.90c0, BBlock version 0.00,
Software version 6.00.1
Radio AIR-AP1242A, Base Address 0015.c785.90c0, BBlock version 0.00, Software
version 6.00.1
test-ap#show controllers d0 | include Current
Current Frequency: 0 MHz Channel 0
Current CCK Power: 20 dBm
Current OFDM Power: 17 dBm
Current Rates: basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0
24.0 36.0 48.0 54.0
Current Voice Rates: 5.5 6.0 11.0 12.0 24.0 [disabled until voice packet-
discard enabled]
test-ap#show controllers d1 | include Current
Current Frequency: 0 MHz Channel 0
Current Power: 17 dBm
Current Rates: basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
Current Voice Rates: 6.0 12.0 24.0 [disabled until voice packet-discard
enabled]
test-ap#test pb display
------------------------------
Display of the Parameter Block
------------------------------
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1

test-ap#show run | include station-role

station-role root
station-role root
test-ap#test pb disp
------------------------------
Display of the Parameter Block
------------------------------
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1

test-ap#show int F0 | include address

Page 10 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
Hardware is PowerPCElvis Ethernet, address is 0016.47b2.0d2e (bia
0016.47b2.0d2e)
test-ap#show int | include Dot11Radio
Dot11Radio0 is administratively down, line protocol is down
Dot11Radio1 is administratively down, line protocol is down
test-ap#show sntp | exclude SNTP
test-ap#config t
Enter configuration commands, one per line. End with CNTL/Z.
test-ap(config)#int Dot11Radio1
test-ap(config-if)#shut
test-ap(config-if)#exit
test-ap(config)#
test-ap(config)#no sntp broadcast client
test-ap(config)#
test-ap(config)#no timezone
test-ap(config)#int Dot11Radio0
test-ap(config-if)#shut
test-ap(config-if)#end
test-ap#clock set 17:39:28 6 Nov 2010
test-ap#config t
Enter configuration commands, one per line. End with CNTL/Z.
test-ap(config)#line vty 0 15
test-ap(config-line)#exec-timeout 0
test-ap(config-line)#exit
test-ap(config)#ip name-server 171.70.168.183
test-ap(config)#ip domain name cisco.com
test-ap(config)#exit
test-ap#
test-ap#show run
Building configuration...

Current configuration : 1742 bytes

!
! Last configuration change at 17:39:28 UTC Mon Nov 6 2010 by Cisco
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname test-ap
!
enable secret 5 $1$1NcL$0MybXQbD.4/82zeg2rSCz0
!
ip subnet-zero
ip domain name cisco.com
ip name-server 146.129.56.6
!
!
no aaa new-model
power inline negotiation prestandard source
!
!
username Cisco password 7 00271A150754
!
bridge irb

Page 11 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
!
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0

Page 12 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
line vty 0 4
exec-timeout 0 0
login local
line vty 5 15
exec-timeout 0 0
login
!
end

test-ap#show run | incl hostname

hostname test-ap
test-ap#arch down /over /create-space tftp://10.10.100.12/c1240-rcvk9w8-
tar.123-11JX1.tar
examining image...
Loading c1240-rcvk9w8-tar.123-11JX1.tar from 10.10.100.12 (via BVI1): !
extracting info (273 bytes)
Image info:
Version Suffix: rcvk9w8-
Image Name: c1240-rcvk9w8-mx
Version Directory: c1240-rcvk9w8-mx
Ios Image Size: 1874432
Total Image Size: 1874432
Image Feature: WIRELESS LAN|LWAPP|RECOVERY
Image Family: C1240
Wireless Switch Management Version: 3.0.51.0
Extracting files...
c1240-rcvk9w8-mx/ (directory) 0 (bytes)
extracting c1240-rcvk9w8-mx/c1240-rcvk9w8-mx (1865438
bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1240-rcvk9w8-mx/info (273 bytes)!
extracting info.ver (273 bytes)!
[OK - 1873920 bytes]

Deleting current version...

Deleting flash:/c1240-k9w7-mx.v123_11_ja.20100621...done.
New software image installed in flash:/c1240-rcvk9w8-mx
Configuring system to use new image...done.archive download: takes 54 seconds

test-ap#show archive status

SUCCESS: Upgrade complete.

test-ap#write erase
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete
test-ap#
test-ap#
test-ap#dir flash:
Directory of flash:/

2 -rwx 2072 Nov 06 2010 17:40:26 +00:00 private-multiple-fs

3 -rwx 4 Mar 06 2002 20:50:36 +00:00 ALP10011N48

Page 13 of 14
 Alternate Wireless LAN autonomous AP Upgrade Method
7 drwx 128 Nov 06 2010 17:40:18 +00:00 c1240-rcvk9w8-mx
8 -rwx 284 Nov 06 2010 17:40:23 +00:00 env_vars

15998976 bytes total (9018368 bytes free)

test-ap#
test-ap#more flash:/env_vars
BOOT=flash:/c1240-rcvk9w8-mx/c1240-rcvk9w8-mx
DEFAULT_ROUTER=10.0.0.1
ENABLE_BREAK=no
IOS_DEFAULT_DOMAIN_NAME=cisco.com
IOS_NAME_SERVER_ADDR=171.70.168.183
IOS_STATIC_DEFAULT_GATEWAY=10.10.100.1
IP_ADDR=10.0.0.1
MANUAL_BOOT=no
NETMASK=255.255.255.224
RELOAD_REASON=9
TERMLINES=0

test-ap#reload

System configuration has been modified. Save? [yes/no]: yes

Building configuration...
[OK]
Proceed with reload? [confirm]y

Page 14 of 14