cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31391
Views
11
Helpful
22
Replies

Lets figure out the U-BOOT flash procedure together. (TAC UNLOCKED)

FIX A PC
Level 1
Level 1

Ok guys so i noticed on all the wave 2+ APs cisco are now using the U-boot bootloader and documentation for it is little to none. 

I have a good amount of experience recovering and restoring APs. When i deploy APs for clients i prefer to format the flash and reinstall the newest IOS from scratch via TFTP or Xmodem send file command.

Ive been searching through some of the U-Boot commands and see it is possible to set environment variables just like the old SET command and i also see tftp boot options etc....

 

So it seems to be it is very possible to reflash the new APs using UBOOT and it looks like this bootloader is even more capable than the old one.  This is a pretty important procedure for me to learn and i will be on this issue till i get it solved hopefully. Ive seen a few post and others complaining about the new bootloader commands. Some of them getting further than others. 

I have found a very helpful Youtube video on the bootloader from the Linux foundation but other than that i cant seem to find much. 

 

Going to be going through this video and playing with commands for a bit.

 

Currently looking for how to format the internal flash via U-BOOT if anyone knows the process please let me know it will save me alot of time. 

 

Anyway i know some of you have gotten further than others on this. 

 

I will be actively updating this topic with advances i found in restoring bricked APs with UBOOT

 

I figured out some of the TFTP commands but iam looking still looking for how to format the flash.  

 

I will also be making a tutorial on this process as soon as i have it figured out. 

https://www.youtube.com/watch?v=INWghYZH3hI&t=6s

 

Available commands in air-cap3802i-b-k9 that i have obtained (believed to be TAC unlocked) 9/11/2021

SatR - Sample At Reset sub-system
active_units- print active units on board
askenv - get environment variables from stdin
base - print or set address offset
bdinfo - print Board Info structure
boardinit- Downlod and execute board initialization script
boot - boot default, i.e., run 'bootcmd'
bootd - boot default, i.e., run 'bootcmd'
bootelf - Boot from an ELF image in memory
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootvx - Boot vxWorks from an ELF image
bootz - boot Linux zImage image from memory
bubt - bubt - Burn an image on the Boot flash device.

chpart - change active partition
clear_board_env- Clears board env
cmp - memory compare
coninfo - print console devices and information
cp - memory copy
crc32 - checksum calculation
date - get/set/reset date & time
ddrPhyRead- ddrPhyRead - Read DDR PHY register

ddrPhyWrite- ddrPhyWrite - Write DDR PHY register

dhcp - boot image via network using DHCP/TFTP protocol
dma - dma - Perform DMA using the XOR engine

dump_board_env- Dump board env
dump_emserial- Dump EM unique serial number
echo - echo args to console
editenv - edit environment variable
efuse - eFuse manipulation subsystem for secure boot mode
env - environment handling commands
exit - exit script
ext2load- load binary file from a Ext2 filesystem
ext2ls - list files in a directory (default /)
ext4load- load binary file from a Ext4 filesystem
ext4ls - list files in a directory (default /)
ext4write- create a file in the root directory
false - do nothing, unsuccessfully
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatls - list files in a directory (default /)
fdt - flattened device tree utility commands
fipsalgval- run algorithm validation on test vector bibnar in memory, default:20 00000 (0x02000000)
fsinfo - print information about filesystems
fsload - load binary file from a filesystem image
go - start application at address 'addr'
help - print command description/usage
i2c - I2C sub-system
iminfo - print header information for application image
imxtract- extract a part of a multi-image
init_aquantia_phy-

init_aquantia_phy -- DEFAULT AQ_FW_LOADADDR=0x4000000


ir - ir - reading and changing MV internal register values.

itest - return true/false on integer compare
ledstate- Set Led State
loadb - load binary file over serial line (kermit mode)
loads - load S-Record file over serial line
loadx - load binary file over serial line (xmodem mode)
loady - load binary file over serial line (ymodem mode)
loop - infinite loop on address range
ls - list files in a directory (default /)
map - map - Display address decode windows

md - memory display
me - me - PCIe master enable

mm - memory modify (auto-incrementing address)
mp - mp - map PCIe BAR

mtdparts- define flash/nand partitions
mtest - simple RAM read/write test
mvEthPortCounters- Port counter

mvEthPortMcastShow- Port multicast counter

mvEthPortRegs- Neta register values

mvEthPortRmonCounters- Port RMON counter

mvEthPortUcastShow- Port unicast counter

mvEthRegs- Neta register values

mvNetComplexNssSelect- Neta register values

mvNetaGmacRegs- Neta register values

mvNetaPortRegs- Neta register values

mvNetaPortStatus- Neta register values

mvsource- mvsource - Burn a script image on flash device.

mw - memory write (fill)
nand - NAND sub-system
nandboot- boot Linux from NAND partition
nboot - boot from NAND device
neta_dump- Neta register values

netboot - boot Linux from network using TFTP/bootp
nfs - boot image via network using NFS protocol
nm - memory modify (constant address)
pci - list and access PCI Configuration Space
pciePhyRead- phyRead - Read PCI-E Phy register

pciePhyWrite- pciePhyWrite - Write PCI-E Phy register

phyRead - phyRead - Read Phy register

phyWrite- phyWrite - Write Phy register

phy_fw_down_to_ram- phy_fw_down - Downloads x3220/3310 Ethernet transceiver PHY firmware to ram. Use .hdr file.

phy_fw_down_to_spi- phy_fw_down - Downloads x3220/3310 Ethernet transceiver PHY firmware to spi. Use .hdr as app and .bin file as slave

phy_type- phy_type - Return PHY type at port index

ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
prog_emblacklist- Program EM blacklist
prog_emcookie- Download and program EM cookie
prog_emeeprom- Program EM EEPROM with raw binary data
prog_emignore- Program EM ignore
prog_emserial- Program EM unique serial number
prog_emwhitelist- Program EM whitelist
prog_flags- Program board env flags
prog_phyfw- Download and program PHY firmware
progpid - Program PID cookie
pxe - commands to get and boot from pxe files
rcvr - rcvr - Start recovery process (with TFTP server)

reset - Perform RESET of the CPU
resetenv- resetenv - Erase environment sector to reset all variables to default.

run - run commands in an environment variable
saveenv - save environment variables to persistent storage
se - se - PCIe Slave enable

setenv - set environment variables
sf - SPI flash sub-system
sg - sg - scanning the PHYs status

showvar - print local hushshell variables
sleep - delay execution for some time
source - run script from memory
sp - scan and detect all devices on PCI-e interface
sspi - SPI utility command
switchCountersRead- switchCntPrint - Read switch port counters.

switchPhyRegRead- - Read switch register

switchPhyRegWrite- - Write switch register

switchRegRead- switchRegRead - Read switch register

switchRegWrite- switchRegWrite - Write switch register

sysboot - command to get and boot from syslinux files
temp - temp - Display the device temperature.

tempCmd0- tempCmd - This command allocated for monitor extinction

tempCmd1- tempCmd - This command allocated for monitor extinction

tempCmd2- tempCmd - This command allocated for monitor extinction

tempCmd3- tempCmd - This command allocated for monitor extinction

test - minimal test like /bin/sh
tftpboot- boot image via network using TFTP protocol
training- training - prints the results of the DDR3 Training.

trainingStability- training - prints the results of the DDR3 Training.

true - do nothing, successfully
ts_report- ts_report - report touch screen coordinate

ts_test - ts_test - test touch screen

ubi - ubi commands
ubifsload- load file from an UBIFS filesystem
ubifsls - list files in a directory
ubifsmount- mount UBIFS volume
ubifsumount- unmount UBIFS volume
verify_bl- Cisco Bootloader signature verify
verify_lx- Cisco Image signature verify
version - print monitor, compiler and linker version
whoAmI - - reading CPU ID

xsmiPhyRead- xsmiPhyRead - Read Phy register through XSMI interface

xsmiPhyWrite- xsmiPhyWrite - Write Phy register through XSMI interface

 

 

Updated 9/11/2021

Setting environment variables to configure IP address prior to TFTP flash

setenv ipaddr 77.77.77.30   (Sets IP of AP)

setenv serverip 77.77.77.3  (Sets IP and netmask of server for file transfers)

setenv bootfile AIR-AP1850-K9-8-10-162-0.tar (sets the filename for the tftp boot command)

tftpboot (starts loading specified file from a running tftp server)

rcvr (Starts recovery process with tftp server, requires variables to be set)
setenv rcvr_image (Needed for rcvr to work properly)

set loadaddr (I believe 0x2000000 is the value that is supposed to be used when using rcvr, need confirmation)

 

 

 

Experience with Rcvr command

       Variables set

             setenv loadaddr  0x2000000

             setenv rcvr_image AIR-AP3800-K9-ME-8-10-162-0.tar

             setenv serverip 77.77.77.3

             setenv ipaddr 77.77.77.209

 

So after setting the 4 variables, rcvr seems to properly executing the command.  But it ends in signature verification..... any ideas?

 

 

High Performance Networking
Tutorial: Introduction to the Embedded Boot Loader U-boot - Behan Webster, Converse in Code
22 Replies 22

hello,

i'm having the same issue; my ap is giving me:

u-boot>> date 010100002024.00
Date: 2010-01-11 (Monday) Time: 16:01:15

how did you set the correct time?

Many Thanks

BR

f

TL2K
Level 1
Level 1

Those those who were still having this issue.  I was able to resolve this.  Press ESC to get into uboot. 

printenv BOOT <<< Check the current configuration
setenv BOOT part2 <part1 part2=""> <<< Change to another partition
saveenv <<< Save configuration
boot <<< Reload the AP</part1>
 
Once it booted back up I installed ME AIR-AP3800-K9-ME-8-5-161-0.tar and then upgraded to the lastest version using the GUI with no issues.  Hope this helps. 

matthewgeier
Level 1
Level 1

If you corrupt the flash in these things by messing with uboot, is there NO way to recover ?.

I unpacked the tar file into our tftpserver.

netboot most files results in

Image signing verification failure(-2), not allowed to run...

 

I can get more signs of life with

netboot part.bin

which does start the Linux kernel, but then it promptly crashes when it can't find the inintrd.

[*01/01/1970 00:00:03.9214] UBIFS error (pid 1): ubifs_mount: cannot open "/dev/ubivol/storage", error -22
[*01/01/1970 00:00:03.9214] mount_ubifs: mounting ubifs storage: Invalid argument
[*01/01/1970 00:00:03.9216] bootsh mini ramfs not found, file =(null)
[01/01/1970 00:00:04.2000] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100

 

If this was a standard EFI loader with a standard Linux kernel, I could pass it a tftp command to fetch the initrd (Which I assume is the ramfs_data_cisco.cpio.lzma file in this case).

Call TAC and organize for an RMA.  

hello,

do you found any soloution for your problem? I'm stuck in the same place.


I don't have a Cisco contract, so unfortunately an RMA is not a possible option for me.

Are there still options or do I have a few new paperweights?


@ConsoleJOE5783 wrote:
I don't have a Cisco contract, so unfortunately an RMA is not a possible option for me.

Sez who? 

All 2800/3800/4800/1560 and Catalyst 9k APs come with Limited Lifetime Hardware Warranty.  RMA of AP do not require an active Service Contract.

I thought...

I bought a 9120 and 9105 from a wholesaler and use them to operate as EWC (I know it is EOL, but I only have a small office). Unfortunately the coverage is not sufficient for all rooms and to safe some money I bought the 2802 used.

So even if I have buyed them used I can RMA it??? I thought they will be listet to the Contract of another Company and I have no chance.

Warranty information

The Cisco Catalyst 9120AX Series Access Points come with a limited lifetime warranty that provides full warranty coverage of the hardware for as long as the original end user continues to own or use the product. The warranty includes 10-day advance hardware replacement and ensures that software media are defect-free for 90 days. For more details, visit https://www.cisco.com/go/warranty.


Call Cisco TAC and try to get them RMAed.  

The worse thing TAC can do is say "no".

Review Cisco Networking for a $25 gift card