Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
0
Helpful
5
Replies

Large deployment upgrade with CSCwd80290

CiaranB
Level 1
Level 1

‎07-05-2023 02:13 AM

Hi All,

We have a pair of 8540 WLC's (8.10.151.0) in HA with > 2,500 AP's registered. Approx. 2,000 of the APs are 802.11ac wave 1 APs.

To accommodate some new WiFi6 APs we need to upgrade the controller to a min. version of 8.10.183.0.

The upgrade is complicated somewhat by the following issue: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-700-series-access-points/218447-ios-ap-image-download-fails-due-to-expir.html

Unfortunately we currently do not have a test environment in which we can test the upgrade using the workaround of changing disabling NTP and changing the date suggested in the above link.

Has anyone carried out an AireOS software upgrade using this workaround? Particularly in a large scale deployment? I know preloading the software on the .11ac wave1 APs isn't possible, so the upgrade will take longer than normal.

Any advice welcomed.

thanks

 

 

 

0 Helpful
5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

‎07-05-2023 03:06 AM

@CiaranB wrote:
I know preloading the software on the .11ac wave1 APs isn't possible

It is possible but not the Cisco method.  

What I have been doing is telling the WLC to instruct the AP to delete both IOS directories.  I then tell the WLC to instruct the AP to download the RCV file using an archaic IOS command. 

After this is done, I enter the new WLC details into the AP and immediately force the AP to reboot. 

The AP reboots the RCV file, joins the new controller and then downloads the firmware.  

Done.

 

0 Helpful

CiaranB
Level 1
Level 1
In response to Leo Laohoo

‎07-05-2023 03:32 AM

Hi, thanks for getting back to me. Why use this method instead of the recommended workaround from Cisco?

thanks

Ciarán

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to CiaranB

‎07-05-2023 04:42 AM

Because the Cisco method means I have to load the new 8.10.18X.X firmware into the AP before I can move it to the new controller. 

Translation:  Two AP reloads and an outage time of >40 minutes. 

  1. WLC reboots with the new firmware (7 minutes)
  2. AP downloads the new firmware (14 minutes)
  3. AP reboots (5 minutes)
  4. AP joins the new controller and downloads the new firmware (14 minutes)
  5. AP reboots (5 minutes)

My method means the AP will boot into RCV firmware (5 minutes), joins the controller and downloads the firmware (14 minutes) and reboots with the final firmware (5 minutes).  Grand total of 24 minutes.

0 Helpful

CiaranB
Level 1
Level 1
In response to Leo Laohoo

‎07-06-2023 02:21 AM

Thanks for the detailed reply Leo.

I spoke with a rep from Cisco, this issue was actually resolved in 8.10.185.0 code, which is now published on CCO.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn810mr9.html#resolved-caveats

You’ll see the following is resolved:

CSCwd80290

Cisco IOS AP image validation certificate failed/expired, causing AP join issues.

However – he did say that you should still disable NTP pre-upgrade and re-enable after upgrade, for peace of mind.

Lots of customers have used this image, so he is comfortable that the specific issue won’t impact the upgrade now.

Ciarán

0 Helpful

Rich R
VIP
VIP

‎07-09-2023 06:53 AM - edited ‎07-09-2023 06:54 AM

Yes we've been running 8.10.185.0 for a while now.

Just make sure you have config ap cert-expiry-ignore {mic|ssc} enable configured before the upgrade if not already - that addresses FN63942.
8.10.185.0 fully addresses the Dec 4 2022 issue (FN72524) - no need to change NTP config.

Leo's solution is not really to do with the field notices but more the general problem with double downloads for the 2700/3700 APs.  Manually downloading the correct image ensures that it only needs to do a single download and reboot rather than the stupidly designed double download and reboot which they do by default.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card