Cisco 4402 Image upgrade issues.
Last Post: May 11, 2010:
-
Umm... what version takes an hour to upgrade for a WLC?
If the 32/33mb window size is being hit... get a newer version of TFTP server. No one mentioned the version but the problem is very well known.
I did not time my APs getting re-associated to the WLC after the code upgrades but I just upgraded inside the 4.2.xxx family so far and it was quick - despite loading the whole image.
-
If you get a 4404 with 100 access points installed and upgrade from 4 to 6 you have to do an interim upgrade to version 4.1 or 4.2.
At the same time all of te access points would have to register back to the controller and download the code at a maximum of 10 concurrent access points.
This has changed slightly with code 6.0.188 where you can push the upgrade to the access points without reloading them ready for a speadier reload.
This predownload is a little complex on numbers and I havent used it as I havent done an upgrade from 6.0.188 to 6.0.196.
I think that 100 aps can now upgrade simultaneously with the new 5500 platform I cant recall off the top of my head.
So with the 10 ap push max and the time it takes to apdate them the whole process can take more than an hour not just the wlc firmware upgrade you have to view the process.
-
Hi all,
thanks for all your kind information, and i would like to tell all that this issue is solved.
it was 4.0.179. i upgraded this to the next version and did as per interim upgrade. so it worked, now it is working with 6.0.thanks,
Anvar -
Cool many thanks for getting back and letting us know
-
Nicely done! Is it just me being overly cautious but I like to confirm my APs have migrated - so even 10 at a time is a little fast for me. Caution being the operative word.
It looks like I may have a project that I need to run that I'll need to decide manual versus bulk.
-
Its pretty reliable once they have connected to the parent controller.
Ensure that you have a primary WLC set for all the aps and there are no master wlcs and you should be OK.
You can always use pre provisioning of aps that takes out alot of the down time and simplifies migration(only in code 6)
What code are you going from too.
Ive never had an issue with aps being stranded, but I know people who have, I think it depends on your state of mind and if its raining?
In all seriousness. How many controllers are being upgraded and how many aps aps per controller.
Better yet test the migration strategy, you could use your lab.
-
Actually I found a way to beat it and I have to try it out.
Forwarding the broadcast traffic to 12223 works great.
-
Um isnt that what it does natively, or willl that upgrade more than 10aps at a tiime?
-
Actually not quite.
The first controller we installed used the DNS. Great until you realize we are an Enterprise and not a Campus Network - meaning we have two major data centers (soon to be three).
So the next logical step is Option 43 with Option 241, and optionally Option 60. That's kewl too...
Until it doesn't quite work so well...
So I used the Master Controller option. And that seemed like it was working but it seemed to me to be the "wrong solution" due to its functional constraints.
And I tried to prime the APs after they landed on a controller... and...
Then it failed me too...
So I was stumped.
My AP's kept homing to Jax and not even Orlando...
And they took a long time to register with the WLC too... and that bothered me a little - aren't they dumb?
Then one little mother of an AP snuck by me and registered with the Anchor... and that infuriated me - so I had to fix the firewall for that one...
Then the little bastard kept homing to Jax...
So I read the design guide and I came across the idea of using the ip forward protocol option!!!
Genius
See the AP broadcasts first to the first available controller on the subnet. Routers block broadcasts...
I actually then saw why my little darlings kept finding the Jax Controller as the parent controller despite everything else.
So...
I applied the commands and voila!!!
Magical - now the APs registered wherever I pointed them and they did it with a quickness.
Now...
Now I have little fear about flipping as many as possible during upgrades. It will work.
-
The LWAPP or from code version 5.2 CAPWAP discovery processes vary slightly
The general process is as follows
1 Layer 2 broadcast which isnt much use as it was only supported on the 1000 series access points.
2 Layer 3 broadcast
As this is blocked by the router and the IP helper-address only forwards directed broadcasts, unicasts and 8 UDP ports by default. These are TFTP port 69, DNS port 53, time protocol port 37, netbios name server port 137, netbios datagram server port 138, BOOTP client and server ports 67 and 68, TACACS service port 49.
Therefore you need to explicitly allow prt 12223 LWAPP data protocol and or port 5247 CAPWAP data protocol
Router(config)#interface fa y
Router(config-if)#ip helper-address x.x.x.x
Router(config-if)#exit
Router(config)ip forward-protocol udp 122233 OTAP which should only be used in commissioning as it is/was a security risk now deprecated it was part of the RRM. It is now deprecated since code 6.0 and RRM is encrypted.
4 Locally stored controller IP address
5 DHCP option 43 is used to return the WLC IP address and is vendor specific. This is the IOS command for option 43
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>option 43 hex <hexadecimal string>
DHCP can be set on the switch,router or via a DHCP server.
Along with option 43 you can have option 60 which is the vendor class identifier and says only return option 43 if you are sending an ip address to a client that needs it like an access point and loooks like this in IOS.
option 60 ascii "VCI string of the AP"
This shouldn't matter in an enteroriseas your aps should be on their own subnet however its handy as thats not always the case and it prevents clients getting uneccessary information.
Options 241 and 120 define how are not exactly options but sub options and define how the IP address is sent. for everything but the Cisco 1000 series this is 241 which is hex. For the 1000 series its 120 which is ASCII.
6 DNS , configure DNS to returm the controller IP address to a query for CISCO-LWAPP-CONTROLLER@localdomain, also if you are running code 5.2 or above it helps to use CISC-CAPWAP-CONTROLLER@localdomain.
Generally after priming access points I always implement DHCP option 43 and DNS in enterprise deployments as you pretty much know that th access points will home to a controlller when and if they upscale add or replace access points.
The reason for priming is that you can asign ap names, ip addresses and WLC addresses and designate where the access point is to be deployed rather than ending up with hundreds of access points pulling down ip addresses and not knowing where they are.