Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1484
Views
4
Helpful
9
Replies

upgrading a WLC 2500 which has no support contract

mauricio2099
Level 1
Level 1

‎12-12-2023 11:00 AM

Hi, I was requested to upgrade a 2504 wireless controller due to security vulnerabilities. Current version is 7.6.130.0

Is an active support-contract required to perform an upgrade in this controllers? We just want to do the upgrade to mitigate the vulnerabilities.

 

Thanks!

0 Helpful
9 Replies 9

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-12-2023 02:12 PM

1.  Go to the Cisco Software Download portal and find the version you want to upgrade to. 
2.  Note down the exact filename and the HTTP address.  
3.  Carefully read this:  Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability
4.  Scroll down to the "Customers Without Service Contracts" section.  Read it.  Understand it. 
5.  Send an email to TAC with the following information: 

  • Serial Number of the WLC
  • Filename (See step 2)
  • Web address where the file is location (See step 2)
  • Security Bulletin (Step 3)

Rich R
VIP
VIP

‎12-12-2023 02:34 PM

Yes you would normally need a service contract for most software downloads.

The version you should ideally be asking for (as per Leo's instructions) is 8.5.182.11 (link below) which is the latest available with all security fixes and the 2504 filename is AIR-CT2500-K9-8-5-182-11.aes but note "Cisco 2500 Series Wireless Controllers Release 8.5 Software.In order to use 8.4 or higher code, you must upgrade the 2504 Wireless Lan Controllers to FUS version 1.9 or higher, this must be done before installing the new AireOS version"

You should also check the compatibility matrix (link below) to make sure all your APs are supported on 8.5 code.  If not, then you may need to consider an older version of code but because those all went end of support years ago they will all still have security vulnerabilities.

If you're upgrading to 8.5 then you should ideally upgrade to 8.0.152.0 first so you might need to request that too:
https://software.cisco.com/download/home/283848165/type/280926587/release/8.0.152.0

And read the release notes to make sure you know about any changes you need to be aware of.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Scott Fella
Hall of Fame
Hall of Fame

‎12-12-2023 07:59 PM

That is a big jump, even if you were able to download the software.  I can tell you that your ap's probably do not support the latest version.  Here is my take.  You are being requested to upgrade due to vulnerabilities, knowing that the controller and the ap's are end of support and security patching, doesn't make sense.  You need to look at replacing what you have so that you are covered from these new security vulnerabilities. Also think, what happens when the controller dies or access points start to die, what will you do?  

-Scott
*** Please rate helpful posts ***

Denniz
Level 1
Level 1

‎12-13-2023 01:43 AM

Take a look at this!

https://www.cisco.com/c/en/us/support/docs/field-notices/740/fn74035.html

0 Helpful

Rich R
VIP
VIP
In response to Denniz

‎12-13-2023 10:44 PM

@Denniz how does that help?
In any case the link to that field notice and the 8.5.182.11 software, which I suggested, is already provided in my reply.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

maksim.churyukin@yandex.ua
Level 1
Level 1

‎10-31-2024 03:49 AM

Maybe it quite late to make this comment, but with my Cisco account I was able to download 8.5.182.11 from the Cisco software download portal at the link https://software.cisco.com/download/specialrelease/2702eede2b47a5c3bb40795bbe836af6.
As far as I found it's the only version for 2504 that is available for download.
Maybe it will help someone.

Rich R
VIP
VIP
In response to maksim.churyukin@yandex.ua

‎10-31-2024 05:42 AM

Are you able to download the latest version 8.5.182.12 maksim.churyukin@yandex.ua ? (download link in my signature below)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

maksim.churyukin@yandex.ua
Level 1
Level 1
In response to Rich R

‎10-31-2024 06:03 AM

No. It displays the message "Your service contract information indicates that you are not authorized to download software for this product".

0 Helpful

Rich R
VIP
VIP
In response to maksim.churyukin@yandex.ua

‎10-31-2024 06:18 AM

Ok - then Leo's advice above applies 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card