17 Oct 11 Upgrade Autonomous to LWAP – Cisco Access Points via CLI

Previously I described how to upgrade the Cisco 1142 Autonomous Access Points to Light Weight via the Web GUI. Now this next method is achieving the same via Command Line. It is pretty simple to do it via web however I noticed that it is much easier and faster to upgrade from Autonomous to Light Weight via command line. Below are the steps:

  • First I put the Cisco Access Points (Autonomous) on the wireless VLAN
  • Once they grabbed an IP address, I telnet into the Cisco Autonomous Access Point with the default credentials, usually they are UserName: Cisco, Password: Cisco, [Enable: Cisco]
  • Next I confirmed that I have a TFTP server running on my laptop and the following file c1140-rcvk9w8-tar.124-21a.JA2.tar is present in my TFTP Folder
  • Next I ran the following command, “archive download-sw /overwrite /reload tftp://”
  • I am adding a screen shot of what happened after I ran the command. Once the command is run rest of the process is automatic. After the upload AP will reboot itself and will use the new LWAP image

Tags: , ,

17 Jun 11 Cisco WLC 5508 keeping web auth persistent

How would you keep client’s web authentication persistent even after client gets disconnected or de authenticated?

Device: Cisco WLC 5508


Recently after setting up the Wireless Network and Web Authentication Redirect option on a Cisco Wireless LAN controller – 5508 I had an issue where after approximately an hour mobile clients specially mobile phones would disconnect and they would have to go through the Web Authentication Redirect page again and again. This was very annoying. Basically on Cisco WLC 5508 webauth devices timeout and they would have to re authenticate.

After doing lots of research and trying to change the time out settings under User Idle Timeout, ARP timeout, Session timeout nothing worked. Finally after working with Cisco TAC and doing a debug on the client “debug client mac-id. I noticed that after an hour WLC sends the new EAP key to the client.

Updated broadcast key sent to mobile 00:23:76:D5:68:61

Cisco WLC 5508 tries this 3 times and after the 3rd time it gives up and considers the client not active any more and sends a de authentication packet, next Cisco WLC 5508 removes the client completely. Hence why when the client comes back they have to go through the Web Authentication Redirect Page again because key they have is old and is not valid any more.

Retransmit failure for EAPOL-Key M5 to mobile mac-id, retransmit count 3, mscb deauth count 0
Sent Deauthenticate to mobile on BSSID ap-mac-id slot 0(caller 1x_ptsm.c:534)
*apfReceiveTask: Jun 16 10:47:30.960: client-mac client-ip RUN (20) Deleted mobile LWAPP rule on AP [ap-mac]


Solution is to increase the broadcast key time interval. I used the following command to accomplish this. PS: This option was not available in the GUI with the code I am using so the only way for me to do it was via the Cisco WLC 5508 Command Line Interface, this applies globally to all the WLAN’s as of this code:
config advanced eap bcast-key-interval seconds (120 to 86400)

Tags: , ,

29 Apr 11 Upgrading Cisco 1142 AP’s to LWAP the easy way

Recently I have been working on the wireless project at work and after deploying the Cisco 5508 Wireless LAN Controller I started to deploy the Cisco 1142 Access Points. These access points were autonomous and needed an upgrade to LWAP image, c1140-rcvk9w8-tar.124-21a.JA2.tar.

Once the AP’s came online and grabbed an IP address from the DHCP server I followed some simple steps:

  • Logged into the 1142 AP’s via web (IE)
  • Make sure your pop up blockers are turned off
  • Navigated to “Software Upgrade” menu options
  • Click on “Browse” navigate to the c1140-rcvk9w8-tar.124-21a.JA2.tar image and then click on the “Upgrade” button
  • You will see 3 pop ups come up one with the timer while the new LWAP IOS gets loaded
  • Give it approximately 3 to 4 min and you are good to go, next in a min or so you will see this Access Point joining the Cisco Wireless LAN Controller

Note: I’m simply explaining my experience converting Cisco 1142 Access Points from autonomous to Light Weight Access Points. You might choose your own path or do things different way, if you follow my instructions please do so at your own risk, always make sure to use the lab before doing anything in production

Tags: , ,

WordPress SEO