Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1263
Views
0
Helpful
6
Replies

Upgraded autonomous AIR-AP1142N-E-K9 from 12.4 to 15.3(3)JD16 and lost management...

andrew.butterworth
Level 7
Level 7

‎01-19-2019 11:04 AM - edited ‎07-05-2021 09:43 AM

In troubleshooting an issue with a AIR-AP1142N-E-K9 autonomous AP I upgraded the IOS from 12.4 to the latest 15.3(3)JD16 image and now I have lost management connectivity to it, although WiFi clients are working OK.  It is a simple setup with a single SSID with a WPA2 PSK.  The management is on one VLAN and the client traffic another.

It has (had?) the IPv4 address configured on the GigabitEthernet0.30 subinterface (dot1q VLAN 30) and not the BVI and I am assuming it still has this configuration when it has rebooted with 15.3.  I can no longer connect to it as it isn't responding to ARP.  I think there was a behavior change from 12.4 -> 15.x whereby the IPv4 address should only be configured on the BVI interface.

The switchport trunk interface allows VLAN 30 and the Guest VLAN (90).  VLAN 30 is also the Native VLAN (I have played around with changing this to see if makes any difference but it doesn't).  Clients are associating OK as its just a local PSK.

I know what I need to change - i.e. 'no ip address' on the GigabitEthernet0.30 subinterface and put this on the BVI interface, however this is remote and I don't have console access.

Other than defaulting the AP with the mode button or getting a console connected are there any other options that don't require physical access?

 

Cheers

Andy

Labels:
0 Helpful
6 Replies 6

johnd2310
Level 8
Level 8

‎01-19-2019 09:29 PM

Hi,

I think the best/quickest option is to console in and reconfigure. Usually when you loose access like that, it is difficult to recover.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

pieterh
VIP
VIP
In response to johnd2310

‎01-21-2019 01:53 AM

you can check with "show CDP neighbors detailed" if the AP boots to a mode where CDP is running.

if so it will also show the management IP address and the vlan that is active.

This may help in configuring the port to match this.

 

if this does not show , and it is PoE, you can first try a hard reset by disabling PoE (and enabling of course)

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to pieterh

‎01-21-2019 02:05 AM - edited ‎01-21-2019 02:12 AM

It is connected to a Catalyst 2960 with PoE (WS-C2960-24PC-S).  I can see via CDP its Management IPv4 address, however I cannot ping it from the switch which has its management SVI in the same VLAN (30).  It doesn't respond to ARP.  The switchport is configured as a dot1q trunk and allows the management VLAN and the VLAN the SSID is bound to.  I have tried configuring the Native VLAN to match the management VLAN of the AP as well as leaving it at default (1).  Neither work.

I found an old 1142AP and have upgraded it to the same IOS version.  If the IPv4 address is configured on the GigabitEthernet0.30 subinterface (enacapsulation dot1q 30) then it doesn't work, if the IPv4 address is configured on the BVI1 interface then it does work.  There are 'encapsulation failed' messages on the AP when you try and ping from it and debugging IP packet in enabled.

I think my only options are to default it with the mode button or get a console connected.  I was hoping there might be another option that doesn't require physical access...

 

Andy

0 Helpful

pieterh
VIP
VIP
In response to andrew.butterworth

‎01-21-2019 03:09 AM

It should be possible to keep VLAN 30 the management vlan.

but you need to move the bvi to the subinterface.

Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points - Release 15.3(3)JBB

section Configuring a Non-native VLAN as a Management VLAN.

 

 

by the way did you check if the GUI is accessible? It could be local access rules prevent access from the switch SVI?

 

It could be the configuration conversion during the upgrade did not give the desired result,

console output is at this time the only place to find the information.

 

 

 

 

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to pieterh

‎01-21-2019 03:21 AM - edited ‎01-21-2019 03:22 AM

There is no ARP entry on the switch in the same VLAN or the router in the same VLAN - GUI won't work...

The problem is the IPv4 address is configured on the GigabitEthernet0.30 dot1q subinterface rather than the BVI.  I have verified this behavior with a spare 1142 I found in my garage.  With 12.4 it works OK, however with 15.3 the AP reports 'encapsulation error' when trying to send IP packets.

I know how to fix it but it requires physical access and this is remote.  I was hoping there might be a 'trick' to defaulting it without physical access...  Looks like there isn't.

Andy

0 Helpful

pieterh
VIP
VIP
In response to andrew.butterworth

‎01-22-2019 01:11 AM

Does the AP allow management access from the wireless network ( vlan)?

you may be able to RDP into a client and reconfigure from there.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card