取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

【原创】Cisco Catalyst 9120AXI Embedded Wireless Controller(EWC) 升级测试

2154
查看次数
10
有帮助
22
评论

一、环境准备

  1. 下载EWC所需的文件,本文使用的是:C9800-AP-universalk9.16.12.04a.zip

    Software Download - Cisco Systems

  2. 解压文件到tftp目录或者sftp的目录

    PS D:\Share\C9800-AP-universalk9.16.12.04a> ls


      Directory: D:\Share\C9800-AP-universalk9.16.12.04a

    Mode                 LastWriteTime         Length Name
    ----                 -------------         ------ ----
    -----           2020/8/1     2:37       37488640 ap1g4
    -----           2020/8/1     2:37       35676160 ap1g5
    -----           2020/8/1     2:37       57487360 ap1g6
    -----           2020/8/1     2:37       60057600 ap1g6a
    -----           2020/8/1     2:37       64675840 ap1g7
    -----           2020/8/1     2:37       52613120 ap3g3
    -----           2020/8/1   13:11     224913440 C9800-AP-iosxe-wlc.bin
    -----           2020/8/1   13:11             13 controller_version.info
    -----           2020/8/1   13:11           354 readme.txt
    -----           2020/8/1     2:37             11 version.info

    PS D:\Share\C9800-AP-universalk9.16.12.04a>
  3. 检查镜像文件,连接准备升级的AP。本次使用的是Catalyst9120 AXI的AP,查看解压后目录中"readme.txt"可以发现9120使用的是ap1g7的镜像文件

  4. 要求及注意事项:

    The prerequisites for deploying an EWC network are as follows:

    ● You must not have other Cisco wireless controllers, neither appliance nor virtual, in the same network, during the setup or daily operation of a Cisco EWC network.(升级EWC过程中,网络内不要有其他的控制器)//保证ewc不能发现controller即可

    ● An EWC network is supported in the same Layer 2 domain. (在同一个二层网络中配置EWC)

    ● Configure a Dynamic Host Configuration Protocol (DHCP) server on the switch or externally so that Cisco Catalyst 9100 Access Points can obtain an IP address at bootup. The DHCP server also assigns IP addresses to other APs and wireless clients.(配置一个dhcp)//可选配置,有dhcp可以省点事儿

    ● The DHCP server should provide default gateway and DNS server IP addresses. (如果配置dhcp,需要提供默认网关和dns的配置)

    ● If the network is made up of different AP models, you need to set a Trivial FTP (TFTP) server that can be accessed from the management interface of the EWC. Save the C9800-AP-univesalk9<version>.zip file (unzipped) on the TFTP server.(如果网络中有不同的网络型号,需要将zip包中的镜像放到tftp的目录中)

    ● Decide on the first AP to set up. This AP must support Cisco EWC functionality. You can also connect multiple Cisco Catalyst 9100 Access Points running the EWC to the switch.(决定使用哪一个ap作为第一个EWC AP,可以连接多个运行EWC的ap到交换机上)//想不太懂后面有啥含义,配置ewc的时候还是先搞定这一台

    ● You will need a Wi-Fi-enabled laptop to connect to the predefined CiscoAirProvision-<last 4 digits of AP-MAC> SSID for provisioning and configuring the EWC. Alternatively, you can use a mobile device or tablet with the Cisco Catalyst Wireless application installed to configure and provision the EWC.(你需要一台支持wifi的笔记本,或者使用手机,连接到CiscoAirProvision-xxxx的ssid上 xxxx是 AP的后4位MAC)//设置过程中可以不用,没啥用,有可能出坑

    ● If you intend to use 802.1X authentication, you need to have a RADIUS/Authentication, Authorization, and Accounting (AAA) server.(如果要使用802.1x认证,需要有一个radius)

    ● All APs joining to EWC network should have minimum of 8.10.X or 16.12.X code.(加入到EWC的ap需要满足镜像的最低版本要求)

二、升级步骤

升级使用的9120是一个注册在控制器上的瘦AP,使用ap-type ewc-ap tftp://TFTP_PATH/ap1g7 tftp://TFTP_PATH/C9800-AP-iosxe-wlc.bin 也可使用sftp替代tftp加快传输的速度

ap-type ewc-ap sftp://10.0.2.96/home/ilay/ap1g7 sftp://10.0.2.96/home/ilay/C9800-AP-iosxe-wlc.bin

SD_AP_TEST-01#
SD_AP_TEST-01#ap-type ewc-ap sftp://10.0.2.96/home/ilay/ap1g7 sftp://10.0.2.96/home/ilay/C9800-AP-iosxe-wlc.bin
Starting download eWLC image sftp://10.0.2.96/home/ilay/C9800-AP-iosxe-wlc.bin ... <--- 开始下载eWLC的镜像
It may take a few minutes. If longer, please abort command, check network and try again.
Please enter SFTP credentials ...
Username: ilay                                                           <--- 按照提示输入sftp的用户名密码
######################################################################## 100.0%        
Checking ...OK
Checking image size...OK
Verifying ...OK
Versioning ...ws_management_version: 16.12.04a.0.9
Successfully downloaded and setup eWLC image.
Starting download AP image sftp://10.0.2.96/home/ilay/ap1g7 ...   <--- 下载ap的镜像
It may take a few minutes. If longer, please abort command, check network and try again.
Please enter SFTP credentials ...
Username: ilay
######################################################################## 100.0%        
Upgrading ...
upgrade.sh: Script called with args:[NO_UPGRADE]
do NO_UPGRADE, part1 is active part
upgrade.sh: Script called with args:[-c PREDOWNLOAD]
do PREDOWNLOAD, part1 is active part
upgrade.sh: Start doing upgrade arg1=PREDOWNLOAD arg2=,from_cli arg3= ...
upgrade.sh: Using image /tmp/cli_part.tar on axel-bcm ...
Image signing verify success.

[5/20/2021 2:13:26] : Shadow is now in-synced with master

[5/20/2021 2:13:26] : Verifying against bundle image btldr.img...
upgrade.sh: part to upgrade is part2
upgrade.sh: AP version1: part2 8.10.121.0, img 16.12.4.31
upgrade.sh: Untar /tmp/cli_part.tar to /bootpart/part2...
upgrade.sh: Sync image to disk...
upgrade.sh: AP version2: part2 16.12.4.31, img 16.12.4.31
upgrade.sh: AP backup version: 16.12.4.31
upgrade.sh: Finished upgrade task.
upgrade.sh: Cleanup for do_upgrade...
upgrade.sh: /tmp/upgrade_in_progress cleaned
upgrade.sh: Cleanup tmp files ...
upgrade.sh: Script called with args:[ACTIVATE]
do ACTIVATE, part1 is active part
upgrade.sh: activate part2, set BOOT to part2
upgrade.sh: AP primary version after reload: 16.12.4.31
upgrade.sh: AP backup version after reload: 8.10.130.0
Successfully setup AP image.
Archive done.                                                     <--- 镜像升级完成
SD_AP_TEST-01#[*05/20/2021 02:12:52.1340] Config Factory Reset triggered: clear saved config files.. <--- AP和eWLC的镜像升级完成,自动重启系统
[*05/20/2021 02:12:52.2130]
[*05/20/2021 02:12:52.2130] CAPWAP State: DTLS TeardownDropping dtls packet since session is not established. Peer 10.1.1x.xx-5246, Local 10.1.30.251-5260, conn (nil)
[*05/20/2021 02:12:52.2130]
[*05/20/2021 02:12:52.2430] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP st         Stopping Serial Getty on ttyS0...
        Stopping Fast CGI daemon...
        Stopping Cisco led service...
---- 省略部分重启过程的输出内容-------------

三、EWC初始化踩坑阶段

交换机侧配置:

TEST-PoE#sh run int g1/0/1  //vlan30没有dhcp,需要手动配置ip地址
Building configuration...

Current configuration : 94 bytes
!
interface GigabitEthernet1/0/1
switchport trunk native vlan 30
switchport mode trunk
end

TEST-PoE#

 

第一坑:

Installation mode is BUNDLE 



        --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Num of cpu cores     4
Maximum number of AP's supported   100


Would you like to terminate autoinstall? [yes]:


        --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no


        --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Failed to generate persistent self-signed certificate.
  Secure server will use temporary self-signed certificate.




Press RETURN to get started!


*May 20 02:16:30.834: %PNP-6-PNP_SAVING_TECH_SUMMARY: Saving PnP tech summary (pnp-tech-discovery-summary)... Please wait. Do not interrupt.
*May 20 02:16:31.045: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*May 20 02:16:32.194: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI_LEGACY created succesfully
*May 20 02:16:32.226: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI_LEGACY has been generated or imported by pki-sudi
*May 20 02:16:32.299: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI_LEGACY0 created succesfully
*May 20 02:16:32.763: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI created succesfully
*May 20 02:16:32.791: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI has been generated or imported by pki-sudi
*May 20 02:16:32.915: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI0 created succesfully
*May 20 02:16:33.782: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 02:16:35.367: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 02:16:36.367: %PNP-6-PNP_TECH_SUMMARY_SAVED_OK: PnP tech summary (pnp-tech-discovery-summary) saved successfully.
*May 20 02:16:36.368: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
*May 20 02:16:38.077: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-2458377709 has been generated or imported by crypto-engine
*May 20 02:16:38.083: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 20 02:16:38.225: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
*May 20 02:16:38.767: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-2458377709.server has been generated or imported by crypto-engine
*May 20 02:16:52.766: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: SLA-TrustPoint created succesfully
*May 20 02:16:52.774: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
*May 20 02:16:52.776: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is not allowed
*May 20 02:16:52.795: %CALL_HOME-6-CALL_HOME_ENABLED: Call-home is enabled by Smart Agent for Licensing.
WLC>en
WLC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
WLC(config)#user-name admin               <--- 设置用户名密码用于登录webui,需要给15级权限
WLC(config-user-name)#privilege 15
WLC(config-user-name)#sec
WLC(config-user-name)#secret Abc@1234
WLC(config-user-name)#exit
WLC(config)#int g0
WLC(config-if)#ip add 10.1.30.251 255.255.255.0     <--- 设置g0口ip地址作为管理地址使用
WLC(config-if)#exit
WLC(config)#ip default-ga 10.1.30.2
WLC(config)#end
WLC#ping 10.1.30.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.30.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

WLC#wireless ewc-ap ap shell     <--- 进入ap的 cli,配置ip地址,ap和ewc公用一个物理接口,需要ap的接口先能通信后,ewc配置的ip地址才能通
The authenticity of host '192.168.129.1 (192.168.129.1)' can't be established.
RSA key fingerprint is 7b:66:27:44:0c:63:52:4e:51:60:03:1c:f3:17:58:26.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.129.1' (RSA) to the list of known hosts.
Cisco@192.168.129.1's password:   <--- 初始的密码时Cisco ,enable也是Cisco
APA488.EEEE.788C>en
Password:
APA488.EEEE.788C#capwap ap ip 10.1.30.252 255.255.255.0 10.1.30.2   <--- AP手动设置ip地址
APA488.EEEE.788C#ping 10.1.30.2                                     <--- ping 网关测试,到网关正常
Sending 5, 100-byte ICMP Echos to 10.1.30.2, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2.120/5.121/15.248 ms
APA488.EEEE.788C#
APA488.EEEE.788C#exit                                               <--- 退出ap模式,返回ewlc的cli
Connection to 192.168.129.1 closed.
WLC#ping 10.1.30.2                               <--- 坑来了,wlc ping网关是不通的,shut/no shut接口也是不管用的,wr, reload也不好用
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.30.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
WLC#sh run int g0
Building configuration...

Current configuration : 201 bytes
!
interface GigabitEthernet0
mac-address 0000.5e00.0101
ip dhcp client client-id GigabitEthernet0
ip dhcp client broadcast-flag clear
ip address 10.1.30.251 255.255.255.0
no negotiation auto
end

第二坑:

将交换机接口的native VLAN更改到一个有dhcp server的网段,switchport trunk native vlan 10,同时EWC erase startup-config后reload


        --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:
Num of cpu cores     4
Maximum number of AP's supported   100
nono
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]: yes



Press RETURN to get started!


*May 20 02:45:19.873: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-2458377709 has been generated or imported by crypto-engine
*May 20 02:45:19.879: %SSH-5-ENABLED: SSH 1.99 has been enabled
*May 20 02:45:20.028: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
*May 20 02:45:20.044: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*May 20 02:45:20.731: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named TP-self-signed-2458377709.server has been generated or imported by crypto-engine
*May 20 02:45:21.578: %PNP-6-PNP_SAVING_TECH_SUMMARY: Saving PnP tech summary (pnp-tech-discovery-summary)... Please wait. Do not interrupt.
*May 20 02:45:22.991: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 02:45:24.005: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 02:45:25.025: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
WLC>
*May 20 02:45:26.520: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 02:45:27.524: %PNP-6-PNP_TECH_SUMMARY_SAVED_OK: PnP tech summary (pnp-tech-discovery-summary) saved successfully.
*May 20 02:45:27.524: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
WLC>
WLC>en
WLC#sh ip int b
Interface             IP-Address     OK? Method Status               Protocol
GigabitEthernet0       unassigned     YES DHCP   up                   up      
WLC#s
*May 20 02:45:40.796: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: SLA-TrustPoint created succesfully
*May 20 02:45:40.805: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS PKI configuration
*May 20 02:45:40.806: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is not allowedh ip
*May 20 02:45:40.864: %CALL_HOME-6-CALL_HOME_ENABLED: Call-home is enabled by Smart Agent for Lice      
WLC#sh run
Building configuration...

Current configuration : 8137 bytes
!
! Last configuration change at 02:45:26 UTC Thu May 20 2021
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
no platform punt-keepalive settings
platform console serial
!
hostname WLC
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no fips authorization-key
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
!
!
!
login on-success log
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2458377709
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2458377709
revocation-check none
rsakeypair TP-self-signed-2458377709
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-2458377709
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343538 33373737 3039301E 170D3231 30353230 30323435
31395A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34353833
37373730 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A62D E0180A44 8B9FB6F9 D830EA69 44993FDD CAAD3E2A 41E7A969
2DDC7AF0 7E4209CF 5B05EEA0 D4423C15 4F52A0D8 EDDB0727 DAA55500 63F42634
43FF2847 824A7FB7 569BB96F C3504A40 FCF91A73 092BA72B EB1EC0E5 687E0390
6393D8AD 9455E3C8 AC7E2974 C9AFDC7C 1C1D70EB F20B9105 B2D5434F 74474AD4
F8A81D2A DF6C5850 19BF08CF 8930F0D3 93E3A6DB FE372C17 DBD45BB2 92C18825
8CEC4EA5 19C7D8A1 2822B0DF 2475F53C 11B146AA EF9E73DA 5AB79015 E16F6C37
66F5E0BB 95B3F6A5 33AAFB6F 6F36A360 BE95A282 752C2751 3A1F1CEA C47B86E0
E1EA6F31 6E9BC31E B11C9068 9F419CF4 BFCB74B3 C0AA3C6E 9FC27BE9 D6D640BC
95A2A09C AB730203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14C4BC95 938D1300 892D3325 7CF85B13 049C61D0
F1301D06 03551D0E 04160414 C4BC9593 8D130089 2D33257C F85B1304 9C61D0F1
300D0609 2A864886 F70D0101 05050003 82010100 69B0CE7E 3E597871 F1791ECD
ECC7E3C0 B7050926 A38B5721 8A3BA42D 8C462EE7 BE1FE48D 47E29CAE 6177D84E
9A377C56 0CAE6201 70BDB47C CA5AF2F0 1858524B 1CB06EBE 842F4C6A C1098B9E
AC99960C 01277937 05F12775 836C40E9 4A0D7C69 03CCF988 4C71D4F4 7C74D695
BB5BA3A4 EC36D71D 1E0BB7C7 56F199CA 0BBE4D9D 70F4E3CE D8E55E2C EDA9AD35
D26370A8 112150C4 4894555C 603B6913 CEC1F8F3 618CDBA4 E0F76E10 C40F905D
E11F696F 07E46177 7E92F48F DCACF71F EF121CEF EACA6B32 D046C364 58AECCCA
377CFA9F E421D98C 9B36AA76 6A51C968 976889BD 3988CFA3 C5CCB42E 2E798873
2C0AECC4 4FB0DDE0 EB021B81 55CBEEAD AB8EDBB7
      quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
      quit
!
memory free low-watermark processor 33020
!
license udi pid C9800-AP sn FGLXX36XXXX
!
redundancy
mode sso
!
!
!
!
!
!
interface GigabitEthernet0
mac-address 0000.5e00.0101
ip dhcp client client-id GigabitEthernet0
ip dhcp client broadcast-flag clear
no ip address
no negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip tftp source-interface GigabitEthernet0
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
!
!
!
!
!
wireless aaa policy default-aaa-policy
wireless cts-sxp profile default-sxp-profile
no wireless ipv6 ra wired
         
WLC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
WLC(config)#int g0
WLC(config-if)#ip address dhcp     <--- 手动又敲了一遍 ip add dhcp 然后接口获取到地址
WLC(config-if)#end
WLC#sh ip int b
Interface             IP-Address     OK? Method Status               Protocol
GigabitEthernet0       unassigned     YES DHCP   up                   up      
WLC#
*May 20 02:46:37.452: %SYS-5-CONFIG_I: Configured from console by console
*May 20 02:46:46.189: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.1.10.200, mask 255.255.255.0, hostname

WLC#ping 10.1.10.2  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
WLC#sh ip int b     <--- ping网关不通,检查接口状况
Interface             IP-Address     OK? Method Status               Protocol
GigabitEthernet0       10.1.10.200   YES DHCP   up                   up      

WLC#wireless ewc-ap ap shell   <--- 切换进ap的cli测试,ping网关是正常的
Cisco@192.168.129.1's password:
APA488.EEEE.788C>en
Password:
APA488.EEEE.788C#sh ip int b
Interface           IP-Address     Method   Status                 Protocol   Speed     Duplex  
wired0               10.1.10.201   DHCP     up                     up         1000       full    
apphostintf1         unassigned     unset   up                     up         n/a       n/a    
apr0v0               n/a             n/a     administatively down   down       n/a       n/a    
apr1v0               n/a             n/a     administatively down   down       n/a       n/a    
APA488.EEEE.788C#
APA488.EEEE.788C#ping 10.1.10.2
Sending 5, 100-byte ICMP Echos to 10.1.10.2, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2.542/9.465/31.377 ms
APA488.EEEE.788C#ping 10.1.10.200
Sending 5, 100-byte ICMP Echos to 10.1.10.200, timeout is 2 seconds
.....
Success rate is 0 percent (0/5),
APA488.EEEE.788C#exit
Connection to 192.168.129.1 closed.
WLC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
WLC(config)#int g0
WLC(config-if)#shut
WLC(config-if)#no shut
WLC(config-if)#Converting VRRP MAC from string to hex
WLC(config-if)#
*May 20 02:48:38.132: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.1.10.200, mask 255.255.255.0, hostname
ping 10.1.10.2
              ^
% Invalid input detected at '^' marker.

WLC(config-if)#end
WLC#ping 10.1.10.2
*May 20 02:48:46.980: %SYS-5-CONFIG_I: Configured from console by console
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
WLC#
WLC#
WLC#sh arp    
Protocol Address         Age (min) Hardware Addr   Type   Interface
Internet 10.1.10.2             0   Incomplete     ARPA  
Internet 10.1.10.200           -   0000.5e00.0101 ARPA   GigabitEthernet0
WLC#
WLC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
WLC(config)#int g0
WLC(config-if)#ip add 10.1.10.20 255.255.255.0
WLC(config-if)#shut
WLC(config-if)#no
*May 20 02:50:04.236: %LINK-5-CHANGED: Interface GigabitEthernet0, changed state to administratively down shut
*May 20 02:50:05.236: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
WLC(config-if)#Converting VRRP MAC from string to hex
*May 20 02:50:06.597: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
WLC(config-if)#
WLC(config-if)#end
WLC#sh ip int b
*May 20 02:50:18.323: %SYS-5-CONFIG_I: Configured from console by console
Interface             IP-Address     OK? Method Status               Protocol
GigabitEthernet0       10.1.10.20     YES manual up                   up      
WLC#ping 10.1.10.2                         <--- 手动配置了地址之后,再测试还是不行,在核心交换机上有arp条目,ewlc没有arp
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
WLC#
WLC# wireless ewc-ap factory-reset <--- 终极解决办法:执行day0重置,敲完之后自动重启

四、CLI初始化

执行wireless ewc-ap factory-reset后,ap重启,交换机改回之前的native vlan 30,没有dhcp server自动分配地址

 

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Num of cpu cores     4
Maximum number of AP's supported   100
%Default route without gateway, if not a point-to-point interface, may impact performance

Would you like to terminate autoinstall? [yes]: yes



Press RETURN to get started!


*May 20 03:14:49.452: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
########################################################################################################
#                                                                                                     #
#     Welcome to the Cisco Catalyst 9800-AP Embedded Wireless Controller command line interface       #
#                                                                                                     #
#                     !!! Please complete the DAY0 Device Provisioning !!!                           #
#                   !!! NOTE: COMPLETE ALL THE STEPS IN PROVISIONING GUIDE !!!                         #
#                                                                                                     #
#                     To access the provisioning guide type the below command:                         #
#                         more bootflash:ewc_day0_device_provisioning_guide                           #
#                                                                                                     #
########################################################################################################

WLCA488.EEEE.788C>       <---执行 factory-reset之后多了个banner的提示,默认的hostname也变成了WLC+MAC地址的格式,之前hostname只是WLC
WLCA488.EEEE.788C>
WLCA488.EEEE.788C>
*May 20 03:14:56.991: %PNP-6-PNP_SAVING_TECH_SUMMARY: Saving PnP tech summary (pnp-tech-discovery-summary)... Please wait. Do not interrupt.
*May 20 03:14:58.413: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 03:14:59.426: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 03:15:00.434: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
WLCA488.EEEE.788C>
*May 20 03:15:01.852: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*May 20 03:15:02.853: %PNP-6-PNP_TECH_SUMMARY_SAVED_OK: PnP tech summary (pnp-tech-discovery-summary) saved successfully.
*May 20 03:15:02.853: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
WLCA488.EEEE.788C>
WLCA488.EEEE.788C>en
WLCA488.EEEE.788C#sh run int g0
Building configuration...

Current configuration : 201 bytes
!
interface GigabitEthernet0
mac-address 0000.5e00.0101
ip dhcp client client-id GigabitEthernet0
ip dhcp client broadcast-flag clear
ip address 192.168.1.1 255.255.255.0
no negotiation auto
end

WLCA488.EEEE.788C#conf t
Enter configuration commands, one per line. End with CNTL/Z.
WLCA488.EEEE.788C(config)#int g0
WLCA488.EEEE.788C(config-if)#ip add 10.1.30.251 255.255.255.0
WLCA488.EEEE.788C(config-if)#exit                       <--- 手动设置 g0ip地址后,EWC的ap的那一部分自动disjoin了
*May 20 03:15:30.691: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: APA488.EEEE.788C, MAC: a488.EEEE.788c Disjoined
*May 20 03:15:30.706: %CAPWAP_IMGDWNLD_TRACE_MESSAGE-5-CAPWAPIMGDWNLD_EWC_AP_AP_LIST_EVENTS: Chassis 1 R0/0: wncd: List Event: AP with wtp_mac a488.738d.c460 for Image Type ap1g7 is removed from Master AP list
WLCA488.EEEE.788C(config)#ip route 0.0.0.0 0.0.0.0 10.1.30.2
WLCA488.EEEE.788C(config)#
WLCA488.EEEE.788C(config)#
WLCA488.EEEE.788C(config)#
WLCA488.EEEE.788C(config)#host
WLCA488.EEEE.788C(config)#hostname TEST-EWC
TEST-EWC(config)#
TEST-EWC(config)#
TEST-EWC(config)#user-name admin         <--- 创建privilege 15的账户,'username admin privilege 15 sec Abc@1234' 的命令也可以用
TEST-EWC(config-user-name)#pri
TEST-EWC(config-user-name)#privilege 15
TEST-EWC(config-user-name)#sec Abc@1234
TEST-EWC(config-user-name)#exit
TEST-EWC(config)#end
TEST-EWC#ping 10.1.30.2                               <--- AP的地址还有没设置,EWC到网关暂时不通
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.30.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
TEST-EWC#
TEST-EWC#wireless ewc-ap ap shell
The authenticity of host '192.168.129.1 (192.168.129.1)' can't be established.
RSA key fingerprint is cf:8f:87:7d:7b:d2:b7:42:4a:cb:e8:82:d4:a5:2c:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.129.1' (RSA) to the list of known hosts.
Cisco@192.168.129.1's password:
APA488.EEEE.788C>en
Password:
APA488.EEEE.788C#
APA488.EEEE.788C#capwap ap ip 10.1.30.252 255.255.255.0 10.1.30.2   <--- ap手动配置静态ip地址
APA488.EEEE.788C#
APA488.EEEE.788C#ping 10.1.30.2                                     <--- 验证到网关的通信
Sending 5, 100-byte ICMP Echos to 10.1.30.2, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1.260/4.170/14.275 ms
APA488.EEEE.788C#exit
Connection to 192.168.129.1 closed.
TEST-EWC#ping 10.1.30.2                                           <--- 再次验证EWC到网关的通信,结果正常
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.30.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/16/46 ms
TEST-EWC#
*May 20 03:21:20.325: %CAPWAP_IMGDWNLD_TRACE_MESSAGE-5-CAPWAPIMGDWNLD_EWC_AP_AP_LIST_EVENTS: Chassis 1 R0/0: wncd: List Event: AP with wtp_mac a488.738d.c460 for Image Type ap1g7 is added to Master AP list
*May 20 03:21:20.375: %APMGR_TRACE_MESSAGE-4-EWLC_APMGR_WARNING_MSG: Chassis 1 R0/0: wncd: Warning, AP APA488.EEEE.788C is associated with the policy tag default-policy-tag, which has no wlan or rlan configured. Please configure wlan or rlan under the policy tag, or associate the AP with valid policy tag
*May 20 03:21:20.441: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: APA488.EEEE.788C, MAC: a488.EEEE.788c Joined                   <--- AP重新join到EWC上
*May 20 03:21:32.097: %WEBSERVER-5-LOGIN_PASSED: Chassis 1 R0/0: nginx: Login Successful from host 10.1.10.158 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256' <--- WEBUI 登录也正常,浏览器访问https://mgmt-ip-address 输入前面创建的用户名密码即可
TEST-EWC#
TEST-EWC(config)#
TEST-EWC(config)#ap profile default-ap-profile <--- 设置ap的管理用户名密码
TEST-EWC(config-ap-profile)#mgmtuser username admin pass
TEST-EWC(config-ap-profile)#mgmtuser username admin password 0 Abc@1234 sec 0 Abc@1234
TEST-EWC(config-ap-profile)#exit

TEST-EWC(config)#
TEST-EWC(config)#wireless profile image-download default <--- 设置无线ap的镜像下载路径,EWC的闪存空间有限,如果EWC需要注册多个型号的ap需要设置一下
TEST-EWC(config-wireless-image-download-profile)#image-download-mode ?  
cco     Configure image download using CCO
http   Configure image download using HTTP
http-s Configure image download using HTTPS
sftp   Configure image download using SFTP
tftp   Configure image download using TFTP

TEST-EWC(config-wireless-image-download-profile)#image-download-mode tftp
TEST-EWC(config-wireless-image-download-profile-tftp)#tftp-image-server 10.0.2.90
TEST-EWC(config-wireless-image-download-profile-tftp)#tftp-image-path /c9800-ap-img/  
TEST-EWC(config-wireless-image-download-profile-tftp)#end
TEST-EWC#wr

五 其他问题

  • 进入WEBUI后,可以选择"Configuration"-"Wireless Setup" 选择使用Basic或Advanced的向导设置无线配置

  • AAA的配置可以通过CLI也可通过WEBUI配置,最初如果提示Would you like to enter the initial configuration dialog? [yes/no]:选择yes时,使用向导创建的 AAA的配置文件比较长,有强迫症的可能选择手动配置来解决此问题

  • 关于使用CiscoAirProvision-xxxx这个无线SSID来初始化EWC的方式,在这里并没有提到,向导模式的操作,问题应该不大。有一个小坑在这里提及一下,我在测试的时候将AP连接到办公网中,办公网连接互联网需要进行web认证,获取到的dns也是公司内部的。这时候连接CiscoAirProvision-xxxx这个信号进行初始化时,访问https://mgmt-ip-address 时,会重定向到"mywifi.cisco.com" ,web浏览器提示需要进行网络认证,认证的页面又被劫持成'mywifi.cisco.com',反复跳转。

    解决办法: 在CLI里面先执行以下wr,保存配置,然后敲"no ip name-server " 将默认的dns服务器(ip name-server 208.67.222.222 208.67.220.220)删掉,这样再通过ip地址访问的时候应该不会有什么问题了。

  • 将EWC的ap恢复成瘦AP的方法

    TEST-EWC#wireless ewc-ap ap shell username admin  <--- ap profile default-ap-profile中设置mgmtuser之后,在切换到ap的时候需要指定username,否则默认使用Cisco
    admin@192.168.129.1's password:
    EWC-TEST-AP-01>en
    Password:
    EWC-TEST-AP-01#ap-type capwap <--- 此命令执行后将ap重置为capwap的模式,作为瘦ap使用。命令执行后自动重启

     

因个人能力有限,如有错误之处还请大家帮指正,谢谢。

 

附:

参考链接1:Cisco Embedded Wireless Controller on Catalyst Access Points - Cisco Embedded Wireless Controller on Catalyst Access Points (EWC) White Paper - Cisco

参考链接2:Embedded Wireless Controller Conversion on Catalyst 9100 Access Points - Cisco

 

附件为此篇文档的markdown文件,将txt后缀删掉即可改回markdown文件

评论
Yanli Sun
Community Manager

感谢大佬分享

HakinXu
Beginner

感谢大佬分享

yanfboy
Beginner

同样9120AX,升级后出现了类似这个帖子提到的问题,一直处在如下的EWC-AP的恢复模式。

 

 

 

 

EWC-AP in Recovery Mode......
Please use 'archive download-sw' to upgrade AP and Controller image.

 

 

 

 

通过类似下面的方式,不管是TFTP,SFTP还是HTTP,始终无法恢复,如图所示。

 

 

 

 

archive download-sw ewc-ap http://192.168.2.101/D%3A/TFTP-Root/C9800-AP-iosxe-wlc.bin

 

 

 

 

2021-06-06_0-21-18.png2021-06-06_0-21-27.png

根据上面帖子的链接中提到的一个BUG以及如截图日志的提示,似乎还是因为/dev/ubivol/part2 目录剩余空间不足,致无法将ewlc的image全下载到AP上。(官网的ewlc image都是200多兆,版本越新,体积越大,官网发布的几个都试过了,随着image大小的不同,都会分别卡在87%,92%,97%)。

 

请问大佬这种情况该怎么解决,谢谢。

 

ilay
Rising star

@yanfboy 

目前没有手段去释放part2的存储空间,虽然ap的模式下面有delete命令,但完全不知道怎么操作,不清楚参数的格式该是什么样子的。

我将测试的9120AXI在ewc-ap和capwap之前来回切换,切换回capwap之后,C9800-AP的镜像是不会删掉的,一直存在于闪存中,重新从capwap ap的模式切换回ewc-ap 不会重新下载文件。(reset button并不能清空文件,在capwap ap和ewc-ap的模式下都尝试过使用按钮重置,不解决该问题。)

cisco C9120AXI-H ARMv8 Processor rev 0 (v8l) with 1875404/1099244K bytes of memory.
Processor board ID FGL2436L5JE
AP Running Image     : 17.3.3.26
Primary Boot Image   : 17.3.3.26
Backup Boot Image    : 8.10.130.0
--------------------
/*
关于ap image的问题,最初ap注册到WLC5520上,用的是8.10.130.0版本,之后改为ewc-ap使用的是16.12.04a这个版本,ap的primary image并没有变化
将ap改回capwap注册到C9800CL 17.3的版本,primary image升级,但是切换回ewc-ap的时候,ap 模式下查看镜像版本并没有变化,仍旧停在17.3,而此时controller还使用的是16.12.04a这个版本
*/
--------------------
Primary Boot Image Hash: 21d8d1094b330de58f8f1a8d93a42085b6f5341139759fbc071a94235a4b683503710ff25da89e14e676451269335d6b387cdcc4b8646c9ef32028dff0acce17
Backup  Boot Image Hash: 26d8d15401ccb624f867ec5bb86bc3b737e479a621fc4f3f3ad6e1d772ccfdc5ed6700aa59ee2358143f9050151ae7ca1204fd58ff0c28b14b0c3c7ba7b04ef5
AP Image type    : EWC-AP IMAGE
AP Configuration : NOT ME OR EWC-AP CAPABLE
1 Multigigabit Ethernet interfaces
2 802.11 Radios
Radio Driver version : Broadcom BCA: 17.18 RC2.0
Radio FW version : 24203.108.r42216 42216
NSS FW version : NA

Base ethernet MAC Address            : A4:88:bb:c8:78:8C
Part Number                          : 0-000000-00
PCA Assembly Number                  : 800-105698-02
PCA Revision Number                  : B0
PCB Serial Number                    : FOCDXXXX2E
Top Assembly Part Number             : 800-105698-02
Top Assembly Serial Number           : FGLXXXXX5JE
Top Revision Number                  : A0
Product/Model Number                 : C9120AXI-H          


SD_AP_TEST-01#ap-type ewc-ap sftp://10.0.2.96/home/ilay/ap1g7 sftp://10.0.2.96/home/ilay/C9800-AP-iosxe-wlc.bin
Image upgrade not needed, changing AP Type to EWC-AP   <------尽管使用了新版本的文件,仍旧提示不需升级
SD_AP_TEST-01#[*06/08/2021 08:26:18.5910] Config Factory Reset triggered: clear saved config files..
[*06/08/2021 08:26:18.6940] Dropping dtls packet since session is not established. Peer 10.166.110.200-5246, Local 10.1.30.251-5257, conn (nil)
[*06/08/2021 08:26:18.6940] 
[*06/08/2021 08:26:18.6940] CAPWAP State: DTLS Teardown
[*06/08/2021 08:26:18.7400] DOT11_DRV[1]: DFS CAC timer enabled time 60
[*06/08/2021 08:26:18.7         Stopping Serial Getty on ttyS0...

ewc的镜像几个版本我都下载下来看了下,没有一个是小于214M的,针对你这个情况算是无解了。

有渠道的可以开个case问问,看看有没有别的手段清理一下文件。

截止到现在(2021-06-08),没想到任何办法。=_=#

yanfboy
Beginner

@ilay 谢谢您的回复。会是硬件问题吗?虽然看起来不像,在CISCO的英文社区和其他网站上也都看到类似的问题。

没渠道开Case,这个AP是买的二手打算放家里用,没想到升级的时候翻车了┭┮﹏┭┮,如果没有办法,只能先当纯AP使用了,再等后续官方或者其他渠道是否后续能给出解决的方法。

 

另外,您了解u-boot模式下有办法吗?在u-boot模式下能看到目录下的文件,但是也不知道能不能删除,如何删除,哪些能删除。

Hit ESC key to stop autoboot:  0 
u-boot> mtdparts

device nand0 <nand>, # parts = 3
 #: name                size            offset          mask_flags
 0: nvram               0x00100000      0x00000000      0
 1: bootfs              0x005c0000      0x00100000      0
 2: fs                  0x3f940000      0x006c0000      0

active partition: nand0,2 - (fs) 0x3f940000 @ 0x006c0000

defaults:
mtdids  : 
mtdparts: 
u-boot> ubi part fs
ubi0: attaching mtd3
ubi0: scanning is finished
ubi0: attached mtd3 (name "mtd=2", size 1017 MiB)
ubi0: PEB size: 262144 bytes (256 KiB), LEB size: 253952 bytes
ubi0: min./max. I/O unit sizes: 4096/4096, sub-page size 4096
ubi0: VID header offset: 4096 (aligned 4096), data offset: 8192
ubi0: good PEBs: 4069, bad PEBs: 0, corrupted PEBs: 0
ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
ubi0: max/mean erase counter: 16/7, WL threshold: 4096, image sequence number: 1077576984
ubi0: available PEBs: 33, total reserved PEBs: 4036, PEBs reserved for bad PEB handling: 80

挂载 ubi0(或者ubi0:part1)后,发现/wlc/images下的C9800-AP-iosxe-wlc.bin大小为0,这个是文件上传不成功,升级失败的一个现象?其他目录的文件和大小看起来还算正常。

u-boot> ubifsmount ubi0
u-boot> ubifsls
<DIR>         352  Fri Jun 04 16:20:35 2021  wlc
<DIR>         600  Sat Jun 05 15:55:15 2021  part1
<LNK>           5  Tue Jun 04 04:44:56 2019  part2
               33  Sat Jun 05 16:14:01 2021  mewlc_info.ver
u-boot> ubifsls /wlc
<DIR>         160  Fri Jun 04 16:20:35 2021  cfg
<DIR>         240  Fri Jun 04 16:20:22 2021  images
<DIR>         160  Fri Jun 04 16:20:45 2021  shared
u-boot> ubifsls /wlc/cfg
u-boot> ubifsls /wlc/images
                0  Fri Jun 04 16:20:35 2021  C9800-AP-iosxe-wlc.bin
u-boot> ubifsls /wlc/shared
u-boot> ubifsls part1      
               63  Tue May 26 06:54:55 2020  info
               63  Tue May 26 06:54:55 2020  info.ver
         14188342  Tue May 26 06:55:01 2020  part.bin
           247920  Tue May 26 06:54:55 2020  btldr.img
          3780429  Tue May 26 06:51:12 2020  iox.tar.gz
         52386046  Tue May 26 06:54:50 2020  ramfs_data_cisco.cpio.lzma
u-boot> ubifsls part2 
               63  Tue May 26 06:54:55 2020  info
               63  Tue May 26 06:54:55 2020  info.ver
         14188342  Tue May 26 06:55:01 2020  part.bin
           247920  Tue May 26 06:54:55 2020  btldr.img
          3780429  Tue May 26 06:51:12 2020  iox.tar.gz
         52386046  Tue May 26 06:54:50 2020  ramfs_data_cisco.cpio.lzma

再挂载有问题的part2,wlc/harddisk目录下的recovery_mode能看到WLC还是恢复模式,但/wlc/images下没有C9800-AP-iosxe-wlc.bin,而有一个mewlc.bin(在升级image的时候这个文件出问题,所以EWC一直在recovery mode?),看文件大小有270M左右,其他目录的文件和大小看起来还算正常,包括(相比挂载part1时)多的storage目录下的文件(和在EWC recovery mode下通过show flash看到的内容一样)。

u-boot> ubifsmount ubi0:part2
u-boot> ubifsls              
<DIR>         296  Fri Jun 04 16:20:35 2021  wlc
<DIR>         600  Fri Jun 04 16:19:39 2021  part1
<LNK>           5  Tue Jun 04 04:44:56 2019  part2
<DIR>        2192  Sat Jun 05 16:19:22 2021  storage
u-boot> ubifsls wlc
<DIR>         232  Sat Jun 05 16:19:21 2021  images
<DIR>         472  Sat Jun 05 16:14:03 2021  harddisk
u-boot> ubifsls wlc/images
        267715612  Fri Jun 04 16:17:59 2021  mewlc.bin
u-boot> ubifsls wlc/harddisk
                2  Sat Jun 05 16:14:03 2021  recovery_mode
              231  Sat Jun 05 16:14:01 2021  mewlc_startup_last_run.log
                2  Sat Jun 05 16:14:01 2021  crash_count
              569  Sat Jun 05 16:14:03 2021  mewlc_startup.log
u-boot> ubifsls part1       
               63  Wed Mar 31 03:05:16 2021  info
               63  Wed Mar 31 03:05:16 2021  info.ver
         14348858  Tue Mar 30 15:44:11 2021  part.bin
           252224  Tue Mar 30 15:44:08 2021  btldr.img
          3824705  Tue Mar 30 15:40:17 2021  iox.tar.gz
         54532567  Tue Mar 30 15:44:03 2021  ramfs_data_cisco.cpio.lzma
u-boot> ubifsls part2
               63  Wed Mar 31 03:05:16 2021  info
               63  Wed Mar 31 03:05:16 2021  info.ver
         14348858  Tue Mar 30 15:44:11 2021  part.bin
           252224  Tue Mar 30 15:44:08 2021  btldr.img
          3824705  Tue Mar 30 15:40:17 2021  iox.tar.gz
         54532567  Tue Mar 30 15:44:03 2021  ramfs_data_cisco.cpio.lzma
u-boot> ubifsls storage
              180  Sat Jun 05 16:13:37 2021  config.tls_client
<DIR>         648  Tue Mar 30 15:25:34 2021  ssh
              219  Fri Jun 04 16:20:08 2021  part2_info.ver
              219  Sat Jun 05 15:55:43 2021  part1_info.ver
<DIR>         224  Sat Jun 05 16:13:50 2021  application
<DIR>        3136  Sat Jun 05 16:25:02 2021  syslogs
                5  Sat Jun 05 11:43:31 2021  bootloader_verify.shadow
               28  Sat Jun 05 16:13:42 2021  RELOADED_AT_UTC
<DIR>         160  Thu Jan 01 00:00:53 1970  dropbear
                0  Sat Jun 05 16:14:41 2021  config.mobexp
                0  Tue Mar 30 15:30:03 2021  sensord_CSPRNG
             4096  Sat Jun 05 16:19:22 2021  random_seed
              219  Tue Mar 30 15:25:52 2021  last_good_uplink_config
              220  Sat Jun 05 16:13:37 2021  base_capwap_cfg_info
                0  Sat Jun 05 16:13:43 2021  config.local
<DIR>         160  Thu Sep 19 00:00:07 2019  cores
            30287  Sat Jun 05 16:14:00 2021  bootloader.log
<DIR>         160  Thu Sep 19 00:00:12 2019  lists
                3  Sat Jun 05 16:13:43 2021  BOOT_COUNT
                3  Sat Jun 05 16:13:43 2021  BOOT_COUNT.reserve
                3  Tue Mar 30 15:25:28 2021  rxtx_mode
               45  Tue Mar 30 15:25:55 2021  iot_status_ttyH0.txt
                2  Tue Mar 30 15:25:28 2021  boot_debug
<DIR>         160  Fri Jun 04 16:20:18 2021  firmware
               18  Sat Jun 05 16:13:50 2021  config
                1  Sat Jun 05 14:15:14 2021  wips_adminstate_capwap
<DIR>         224  Thu Sep 19 00:00:12 2019  support
            18545  Sat Jun 05 16:13:50 2021  nvram_setting
u-boot> 
ilay
Rising star

@yanfboy

没看到uboot下有删除命令,ubi remove 还有erase命令没敢试。看英文社区里面说uboot模式下一些“损坏”文件的命令需要tac输入code授权。。。

你的mewlc.bin应该是个正常的9800-AP的镜像,你随意找一个版本的镜像文件,然后将其重命名成mewlc.bin,重新改一下试试

ap-type ewc-ap tftp://IP+PATH/ap1g7 tftp://IP+PATH/mewlc.bin

看看能否直接跳过下载,进入ewc的模式

yanfboy
Beginner

@ilay 

您这个方法我试了一下,还是不行,同样的失败现象,看来目前只能这样了,谢谢您。

matthewsun
Beginner

看到有人在英文论坛上面讨论这个问题,解决的办法是找另外一台EWC的设备,让这台文件损坏的ap加入后,可以重新下载image.

 

 

digitalfox
Beginner

17.3.2 我用这个版本升级成功了,但是17.5.1生不上去了,这几天准备死磕,也是空间不足的报错,9120只有1G的flash,一个控制器的固件就200多兆,好像里面还有两个,一主一备不知道备用的咋删除,如果删除了也就搞定了

ilay
Rising star

@digitalfox 已经是EWC之后直接在WEBUI升级即可,backup_image中的镜像会直接替换掉,如果要手动删除需要登录CLI,先dir backup_image: 然后再delete backup_image:/C9800-AP-iosxe-wlc.bin 

webui升级步骤:

1.先将zip包解压到tftp服务器上,进入software management,然后输入新的镜像的目录,这里用的是17.3.4,然后点击 save&download即可,第一步先下载controller的镜像

1.png

2. controller镜像下载完成之后下载AP所用的镜像ap1g7

2.png

3. 按照向导一直走,直到进度到100%,点击页面上的activate,然后点击Yes,自动重启之后即可完成升级。

3.png

digitalfox
Beginner

好了,感谢感谢,delete backup_image:/C9800-AP-iosxe-wlc.bin 这个是关键,删除backup的系统后,web/tftp/sftp升级都成功了,以前都是报错空间不足。

yanfboy
Beginner

@matthewsun请问有链接能分享一下吗?

"看到有人在英文论坛上面讨论这个问题,解决的办法是找另外一台EWC的设备,让这台文件损坏的ap加入后,可以重新下载image."

z313414
Beginner

谢谢分享,太详细了!!!

dawnccier
Beginner

@yanfboy 你好楼主,请问问题解决了? 我也遇到相同的问题了。

AP变成EWC后,配置好interface Gi0的IP地址和网关,死活ping不通网关。

而且在write保存后,出现“Failed to save vrrp-ip.txt”。

然后从EWC变成AP后,上传OS 镜像,提示“image upgrade not needed, changing ap type to ewc-ap”。

用最新的镜像也不行

ilay
Rising star

@dawnccier 尝试用 wireless ewc-ap factory-reset 命令重置一下ewc,然后重新配置一下,可以先手动在外边起一个dhcp 测试一下,确保ewc-ap 在ap的shell中是可以和外部通信的,然后再查ewc的设置。

另外ap和ewc-ap模式之间切换时不会删除最早的C9800-AP-iosxe-wlc.bin镜像文件,如果想要重新上传镜像,需要先在EWC模式的CLI删除 backup_image中的 C9800-AP-iosxe-wlc.bin文件。

建议先尝试factory-reset