LAP Update not connected to Controller
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 03:14 AM
Hi,
I have some LAPs which do not connect to the controllers as the firmware is not identical.
(APs 2602i, Controller 5508)
But the APs can be reached using ssh.
Is it possible to scp a newer firmare DIRECTLY to the AP so that they update themself, boot with the new firmware and connect to the controller?
Thanks in advance for the help
All the best
Max
- Labels:
-
Aironet Access Points
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 03:50 AM
How did you determine that the firmware is causing the AP join issues?
confirm the below;
option 43 is correctly advertised
ntp is updated and working as expected
ap management to AP manager interface reachability
Verify that your deployment is not hitting any certificate expiry issues.
if all the above is not working then you can try to match the codes manually
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 04:09 AM
Hi,
I've seen logs before mentioning the certificate expiry date.
To overcome this issue I already have a plan but this involves returning the not connecting APs to the datacenter.
I wanted to know if there is an easier solution for my problem.
I can reach the AP via ssh and could push some firmware but I don't know which firmware file...
fyi: option 43 is correct, ntp is set and working, management is reachable
But there are certificate expiry issues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 04:35 AM
@maximilian.gessner wrote:
I have some LAPs which do not connect to the controllers as the firmware is not identical.
What firmware is the controller running on?
The WLC manages what firmware the AP runs on. Even if the AP is running a different version, once the AP joins the controller the AP will be forced to upgrade/downgrade the firmware to be at the same level as the controller.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 05:50 AM
Below is the bug,
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb93909/
Follow the mitigation steps as found in the above link.
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 06:01 AM
Hi Arshadsaf,
This is the solution I found earlier.
For productive system this seems not to be applicable.
I thought there might be an easier (remote) solution...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 06:03 AM
May be you can try with TAC for a RMA citing your policies. This is the only way I can see.
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2021 08:00 AM
You're all making this too complicated. CSCvb93909 is for COS APs not IOS APs.
Updating the firmware alone will NOT solve the problem.
Only combination of new firmware *and* the required config change on WLC (which will be pushed to the AP after it has successfully joined) provide a complete fix.
Refer to the field notice at https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html which has all the instructions you need. And you did not mention what version of code you're running on the controller but anyway ...
Basically:
- Update WLC to the latest software version with all the fixes mentioned in the field notice
- Turn off NTP on the WLC and manually change the date to a year before the AP and/or WLC certs expired.
- Apply the WLC config: config ap cert-expiry-ignore {mic|ssc} enable
- Join the APs, let them update their firmware and also pick up the config from the WLC (which tells them to ignore cert expiry after that)
- Once everything has been updated (firmware and config) you can re-enable NTP on the WLC.
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
