cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
23431
Views
45
Helpful
8
Comments
kangupta
Cisco Employee
Cisco Employee

 

Introduction

Many times we see instances where the RMA controller is shipped with an LDPE image.

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE

 

ERROR: Incompatible SW image

An upgrade to an non LDPE code fails with this error-

"ERROR: Incompatible SW image.ERROR: Please install the Data Payload Encryption licensed image"

The LDPE image is used for Customers who are not legally allowed to use DTLS Data encryption within their regulatory domain (Russia-specific).

Conversion from LDPE to a non LDPE image

1)      Upgrade WLC to 7.0.230.0 LDPE image- e.g.  AIR-CT5500-LDPE-K9-7-0-230-0.aes for a 5508 OR 7.2.110.0 LDPE image AIR-CT5500-LDPE-K9-7-2-110-0.aes

2)      Download and install a free DTLS license from Cisco.com (if one is not already installed):

To Obtain a Data DTLS License:

  • Step 1 Browse to http://cisco.com/go/license
  • Step 2 Under Get New, choose IPS, Crypto, Other Licenses
  • Step 3 Choose the controller platform, enter the product ID and serial number.
  • Step 4 Complete the remaining steps to generate the license file.  The license will be provided online or via email.
  • Step 5 Copy the license file to your TFTP server.
  • Step 6 Install the license by browsing to the WLC Web Administration Page:
  • Management --> Software Activation --> Commands -->Action: Install License

 

3)      Once the DTLS license is installed, you will be able to upgrade/downgrade to any WLC code (including Non-LDPE).

(Cisco Controller) >show license summary

License Store: Primary License Storage
StoreIndex:  0  Feature: base                              Version: 1.0
        License Type: Permanent
        License State: Active, Not in Use
        License Count: Non-Counted
        License Priority: Medium
License Store: Primary License Storage

StoreIndex:  1  Feature: base-ap-count                     Version: 1.0
        License Type: Permanent
        License State: Active, In Use
        License Count: 500 /1 (Active/In-use)
        License Priority: Medium
License Store: Primary License Storage

StoreIndex:  2  Feature: data_encryption                   Version: 1.0
        License Type: Permanent
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Medium

        If the controller is on 7.0.116.0 LDPE code; you installed the DTLS license and then tried to migrate to non LDPE code version of 7.0.116.0, it would fail with the following error-

 

*Transfer: Mar 28 11:32:56.609: RESULT_STRING: Transfer failure :
Upgrade from LDPE to non LDPE software is not allowed.

 

So, you will need to get on to 7.0.230.0 LDPE image (e.g.  AIR-CT5500-LDPE-K9-7-0-230-0.aes for a 5508) or 7.2.110.0 LDPE code first before you can move to a non LDPE code.

 

This capability was introduced via CSCtw78061; meaning after installing the DTLS license you can download normal image from LDPE code just fine.

Option to upgrade image from LDPE to non-LDPE image - CSCtw78061

Description

If WLC is running LDPE image (License Data Plane Encryption) image, they are not allowed to download normal image and vice-versa. (This is specific to 7.2(0.18))

Shipping non LDPE image to certain countries is not allowed by regulatory and may be illegal. As part of this CDET, we allow the download of normal image from LDPE image.

Symptom: No upgrade/downgrade is allowed from LDPE image to NON_LDPE image.

Conditions: transfer download of non-ldpe image from ldpe image

Workaround: if there is a dtls license installed and active, then upgrade/downgrade of non-ldpe image from a ldpe image is allowed.

Known Affected Releases

  • 7.2(0.18)

Known Fixed Releases:

  • 7.0(220.10)
  • 7.0(230.0)
  • 7.2(104.24)
  • 7.3(1.40)
  • 7.2(110.0)
  • 7.2(106.3)
  • 7.3(101.0)
  • 7.0.230.0

Source

https://tools.cisco.com/bugsearch/bug/CSCtw78061/?referring_site=bugquickviewclick

Comments
Surendra BG
Cisco Employee
Cisco Employee

Very Nice Info Kanu

Keyur Desai
Cisco Employee
Cisco Employee

Nice Job Kanu ..

Clinton Abrams
Cisco Employee
Cisco Employee

Simple steps thanks for this

Xin Lei
Spotlight
Spotlight

This method is effective.thx

jeremy.samson
Community Member

Works fine thx !

Js

davmcnei
Cisco Employee
Cisco Employee

Note - for an HA-SKU, you can break the HA pair, follow the above procedure, then rebuild the HA pair once both WLCs are on on the same non-LDPE code version.

This procedure works for 7.4 version ?  II just got a 7.4.130 release with LDPE.

 

Thanks.

strumaxom87
Level 1
Level 1

Hi,

this procedure works fine for software version 7.4 with LDPE

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: