cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2284
Views
0
Helpful
13
Replies

AIR-AP1231 firmware update - complete and utter failure

v8625
Level 1
Level 1

I spend hours trying to upgrade firmware on AIR-AP1231G-A-K9 to c1200-k9w7-tar.123-8.JA.tar . Http connection prompts me for login/passowrd, but never takes that password. Both telnet and direct console connections take that password, but would not update the archive anyway, returing the following message:

examining image...

%Error opening tftp://192.168.0.204/Hardware/Cisco/c1200-k9w7-tar.123-8.JA.tar (

Timed out)

ERROR: Failed to open archive file tftp://192.168.0.204/Hardware/Cisco/c1200-k9w

7-tar.123-8.JA.tar

The command I send is

archive download-sw /overwrite /reload tftp://192.168.0.204/Hardware/Cisco/c1200-k9w7-tar.123-8.JA.tar

TFTP server on Windows XP workstation is from SolarWinds.

13 Replies 13

v8625
Level 1
Level 1

OK, I disabled the nVidia firewall on the Windows workstation and was able to upload the image and everything is working fine. It did give me the following message after the update:

*************

New software image installed in flash:/c1200-k9w7-mx.123-8.JA

Configuring system to use new image...done.

Requested system reload skipped due to unsaved config changes.

*************

which I dealt with by the following:

*************

copy system:running-config nvram:startup-config

*************

Anyway, I am still scratching my head as to why I cannot log in into http server. The configuration file has a line:

*************

ip http server

*************

H-m-m..

Hi,

What is the error that yuou get when you logon using the web interface. Which browser are you using & how is the system connected to the AP from where you are using the web interface.

Thanks & Regards,

Karthik narasimahn

The browser I use is Explorer 6.0.2900.xpsp_sp2_gdr.050301-1519. I also tried it from a Linux machine with the Opera browser - with the same effect. Here is what I do (in Windows): I type in the IP address of the AIR-AP1231G-A-K9 in the browser address, the logon prompt comes up saying "Connect to 192.168.0.231" "level_15_access", I type in login and password (both clearly work via telnet), hit Enter, but the prompt comes right back. After three attempts I get "401 Unauthorized" message. I tried hundreds of times.

AP is connected to the Linksys RV802 router (192.168.0.201), with Windows workstation I use being 192.168.0.204. The connection to AP carries Power-over-Ethernet if that matters. Browser interface on the router starts fine. In fact, browser interface on another device connected to the same router - Cisco ATA188-I1-1P-CH1-A (VOIP adapter at 192.168.0.241) starts fine as well.

I can E-mail the settings file if someone would be willing to take a look. Or should I just open a support case with Cisco?

Have you set the IP address of interface bvi1 to a valid network IP address or is it still the default address?

The IP address is a valid IP address, subnet matches too - I set this up myself about two years ago. It was (and still is) working fine - 54Mbps at all times. Except that I can't access the web interface.

The firmware upgrade I did the other day was done using CLI. So that could have been the end of it - I mean it works, what else would I need? - but I am planning to install a 5GHz radio module on it, so I would like to be able to see the whole configuration using web interface instead of sending cryptic commands one line at a time hoping that I got it right.

Also, I just did some additional poking around the threads and documentation and found that it is probably insufficient memory that is to blame - when the unit has insufficient memory, http server simply would not start. The cause for memory leak in turn is probably fragmentation after a long period of activity as well as some files that it can probably live without. I am now looking for clear instructions on how to clean up memory without completely deleting configuration.

And one other thing I found was that disabling (temporarily) the radios would free up resources necessary to start http interface. I am looking for clear instructions on how to disable/enable radios without making permanent changes in configuration.

Hi,

Sorry for the delay in getting back. Can you please mail me the log files / look it up forany errors when you access the web interface.

And also try using a cross over cable to connect to the ethernet port locally using a laptop. to narrow down the scope of the issue to that of the AP.

That's all for the moment,

Karthik Narasimhan

Hi Karthik,

Here is the log - the data/timestamps are incorrect -the latest entries are as of last night. It is showing that I did try disabling the dot11radio0 - still could not get to http server though..

*********************

#show logging

Syslog logging: enabled (0 messages dropped, 2 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 24 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 25 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Trap logging: level informational, 28 message lines logged

Log Buffer (4096 bytes):

*Mar 1 00:00:04.256: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar 1 00:00:04.596: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar 1 00:00:05.400: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0

*Mar 1 00:00:07.489: %SYS-6-LOGGERSTART: Logger process started

*Mar 1 00:00:07.491: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 1 00:00:07.573 UTC: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:00:07 UTC Fri Mar 1 2002 to 19:00:07 GMT Thu Feb 28 2002

, configured from console by console.

*Mar 1 00:00:07.575 UTC: %SYS-6-CLOCKUPDATE: System clock has been updated from 19:00:07 GMT Thu Feb 28 2002 to 19:00:07 GMT Thu Feb 28 200

2, configured from console by console.

*Mar 1 00:00:08.494 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down

*Mar 1 00:00:08.878 UTC: %SYS-5-CONFIG_I: Configured from memory by console

*Mar 1 00:00:08.879 UTC: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version 12.3(8)JA, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 27-Feb-06 09:09 by ssearch

*Mar 1 00:00:08.879 UTC: %SNMP-5-COLDSTART: SNMP agent on host pp44CA75 is undergoing a cold start

*Mar 1 00:00:08.893 UTC: %SSH-5-ENABLED: SSH 1.99 has been enabled

*Mar 1 00:00:09.696 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up

*Mar 1 00:00:10.095 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Mar 1 00:00:10.937 UTC: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar 1 00:00:11.937 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Mar 1 00:00:12.937 UTC: %LINK-3-UPDOWN: Interface BVI1, changed state to down

*Mar 1 00:00:13.937 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down

*Mar 1 00:00:16.408 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar 1 00:00:18.408 UTC: %LINK-3-UPDOWN: Interface BVI1, changed state to up

*Mar 1 00:00:19.408 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up

*Mar 1 00:25:57.412 UTC: %DOT11-7-AUTH_FAILED: Station 0011.090d.eb81 Authentication failed

*Mar 1 00:26:00.097 UTC: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0011.090d.eb81 Associated KEY_MGMT[WPAv2 PSK]

*Mar 1 00:39:01.037 UTC: %DOT11-4-MAXRETRIES: Packet to client 0011.090d.eb81 reached max retries, removing the client

*Mar 1 00:39:01.037 UTC: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0011.090d.eb81 Reason: Previous authentication

no longer valid

#

*************************

Regards,

Serge

Hi Serge,

Thanks for the logs.

1]

I presume that you tried connecting a wireless client and the following entries correspond to authetcating & deauthenticating the wireless client.

%DOT11-7-AUTH_FAILED: Station 0011.090d.eb81 Authentication failed

%DOT11-6-ASSOC: Interface Dot11Radio0, Station 0011.090d.eb81 Associated KEY_MGMT[WPAv2 PSK]

*Mar 1 00:39:01.037 UTC: %DOT11-4-MAXRETRIES: Packet to client 0011.090d.eb81 reached max retries, removing the client

*Mar 1 00:39:01.037 UTC: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0011.090d.eb81 Reason: Previous authentication

no longer valid

2] I notice that you have enabled SSH through the log entry:

%SSH-5-ENABLED: SSH 1.99 has been enabled

So, I believe that you are using an ssh client software on the system from which you are trying to logon to the web interface of the AP.

If not then either disable ssh or install a ssh client on the pc.

reference url:-http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805f029f.shtml#gui

If SSH is disabled then proceed further for the rest of the options.

3] Please let me know if you tried connecting to the AP directly using a laptop/pc with a crossover cable and does if it gave the same error.

3] There used to be a bug in some of the IOS based devices earlier,I am not sure if you are hitting that bug. Just in case the bug ID is:

Cisco Bug ID CSCdt93862 You'll have to check up with the tac if you are hitting this one.

4] You might wanna try 2 more options before approaching tac if it's feasible:-

a) Reset to factory defaults & rebuild the configuration.

b) If it still does not work then go back to the previous version of IOS and if the http acess works fine then, maybe it is definitely a bug.

Lemme know if you face any more issues.

Thanks & Regards,

Karthik Narasimhan

Thanks Karthik,

Regarding the first item on the list the answer is yes - it was a connection from a wireless client. And ssh was probably enable on that cleint - not on the wired machine from which I access this AP2100.

I will try and use crossover Ethernet cable to hook up AP1200 directly to this machine tomorrow - just wanted to make sure you mean exactly that - an Ethernet (twisted pair) crossover cable and not Cisco CONCAB serial to ethernet cable.

Also, I tried to get around the user privilege access by creating a new user with privilege level 10 - instead o 15 - with no effect.

I'll try and read some more tomorrow - I really would like to avoid rebuilding it from scratch..

Thanks again.

Hi Serge,

Thanks for the reply.

Your presumption is correct i.e. using an Ethernet (twisted pair) crossover cable.

And not a rollover cable i.e. Cisco CONCAB serial to ethernet cable which can be used just to hyperterm or console into the AP and execute cli commands.

1100 series APs support both straight through as well as crossover cables, but am not sure of 1200. Since I've tried with a crossover cable on a 1200 series & it works fine hence I recommended it.

And you need to change the system's ip address to be in the same subnet as that of the the AP's IP address.

Thanks & Regards,

Karthik Narasimhan

Hi there Karthik,

Yes, cross Ethernet cable works fine. Meaning I can easily connect to the AP. Just as easily as using serial/ethernet CONCAB cable, or the original network connection setup. And in all these cases - no web server.

Actually, I beginning not to like Cisco, or, rather, their support/configuration "ideology" - they have tons of voluminous and useless documentation and threads - you can spend weeks reading all that verbage, and yet - no clearcut instructions on how to ahieve something.

Average guy like me, for whom supporting these access point is not his primary job, simply does not have time to get PhD or Cisco certification just to configure the darn piece of plastic/metal. I am going to seriously consider dumping Cisco products and check out the competition.

I mean, clearly, it's not the connection - I used CONCAB and now crossover, so I am all right there. I also disabled the dot11radio 0 to free up some resources hoping this would allow web server to start. I tried creating new user with lower privileges. Actually, I was not sure if I did this correct - there are no clear instructions on how to do this anywhere - which level to give and what exact commands to use.

The thing is that I am not so enamored with the web interface - I don't need it because I like it or something. Without clear and comprehensive instructions on how to accomplish something useful using CLI, web interface is the only way to get things done. I mean, if I had clear instructions - with step-by-step commands, etc. - on how to configure 5GHz radio taht I am planning to add to this piece of ..., I would not need this web interface, the heck with it. I ended up upgrading firmware using CLI only anyway.. But there are just no instructions - just tons and tons of pages describing some of the commands out of any context.. Just frustrating..

Anyway, thank you for your time, I'll see maybe I'll have time (and inclination - which is less likely) to over the wekend to spend on this..

Thanks again..

Hi Serge,

Thanks for the update. I would suggest you, to log a case with Cisco Tac to get this issue resolved.

Thanks & Regards,

Karthik N

Review Cisco Networking for a $25 gift card