Cisco 1200 series upgrade failure

Unanswered Question
Nov 18th, 2008

I have a Cisco 1200 Series (AIR-AP1231G-A-K9) access point, I have been upgrading these models to lightweight mode but are having issues with one in particular, this access point keeps "rebooting" itself, I am assuming that the upgrade faild, how can I get the access point upgraded?

Here is a capture.

Cisco IOS Software, C1200 Software (C1200-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 17-Jul-06 11:41 by alnguyen

Image text-base: 0x00003000, data-base: 0x00359FC0

Initializing flashfs...

flashfs[1]: 4 files, 2 directories

flashfs[1]: 0 orphaned files, 0 orphaned directories

flashfs[1]: Total bytes: 7741440

flashfs[1]: Bytes used: 1862656

flashfs[1]: Bytes available: 5878784

flashfs[1]: flashfs fsck took 2 seconds.

flashfs[1]: Initialization complete....done Initializing flashfs.

cisco AIR-AP1231G-A-K9 (PowerPC405GP) processor (revision B0) with 15038K/1336K bytes of memory.

Processor board ID FTX0914J0Z1

PowerPC405GP CPU at 196Mhz, revision number 0x0145

Last reset from reload

LWAPP image version 3.0.51.0

1 FastEthernet interface

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:13:7F:E2:34:DB

Part Number : 73-8704-08

PCA Assembly Number : 800-23211-09

PCA Revision Number : A0

PCB Serial Number : FOC09100NH1

Top Assembly Part Number : 800-23304-08

Top Assembly Serial Number : FTX0914J0Z1

Top Revision Number : A0

Product/Model Number : AIR-AP1231G-A-K9

Press RETURN to get started!

*Mar 1 00:00:04.505: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 17-Jul-06 11:41 by alnguyen

*Mar 1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 1 00:00:06.442: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down

ap>

ap>

*Mar 1 00:00:14.441: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar 1 00:00:23.516: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY

*Mar 1 00:00:23.544: LWAPP_CLIENT_ERROR_DEBUG: lwapp_crypto_init_ssc_keys_and_certs no certs in the SSC Private File

*Mar 1 00:00:23.544: LWAPP_CLIENT_ERROR_DEBUG:

*Mar 1 00:00:23.544: lwapp_crypto_init: PKI_StartSession failed

*Mar 1 00:00:23.698: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: FAILED CRYPTO INIT.

*Mar 1 00:00:23.698: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.

flashfs[0]: 4 files, 2 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 7741440

flashfs[0]: Bytes used: 1862656

flashfs[0]: Bytes available: 5878784

flashfs[0]: flashfs fsck took 9 seconds.

Reading cookie from flash parameter block...done.

Base ethernet MAC Address: 00:13:7f:e2:34:db

Initializing ethernet port 0...

Reset ethernet port 0...

Reset done!

ethernet link up, 100 mbps, full-duplex

Ethernet port 0 initialized: link is up

Loading "flash:/c1200-rcvk9w8-mx/c1200-rcvk9w8-mx"...#########################################################################################################################################################################

File "flash:/c1200-rcvk9w8-mx/c1200-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000

executing...

Restricted Rights Legend

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wesleyterry Wed, 11/19/2008 - 10:55

I might have an answer for you... or I might be COMPLETELY WRONG

If it isn't just a "failed" upgrade, as in you've tried the upgrade again and it still is happening.... I was reading something about older APs not have a Manufacturing-installed certificate (MIC) and these AP's generating a Self-signed Certificate (SSC).

The error you have is referring to SSC so I'm writing this as if you have not had to previously do this step for your other conversions.

I believe a couple of things needs to happen for SSC AP's.

1) Must enable controller to accept self-signed certificated.

Security > AAA > AP Polices > Accept Self Signed Certificate > Apply

2) Add AP to Authorization List in Security > AAA > AP Polices > Add AP To Authrorization List

Enter MAC Address of the AP

Certificate type = SSC

SHA1 Key Hash can be obtained from the controller by issueing this command:

"debug pm pki enable"

Look for the line: sshpmGetIssuerHandles: SSC Key Hash is XXXXXXXXXXXXXXXXXXXXXXXXXX

I believe you use the XXXXXXXXXXXXXXXXXXXXX as the SHA1 Key Hash.

3) If required, you may also need to add the AP MAC Address in the Mac-Filter: Security > AAA > MAC Filtering > New >

Hopefully its either a reload of the software or this SSC thing that fixes the problem....

wesleyterry Wed, 11/19/2008 - 11:10

I did a little more researching and it looks like the LWAPP conversion tool is supposed to provide a CSV file with the SHA1 Key HASH for each Access Point... so maybe I am wrong about the key hash I mentioned in the previous statement. However, maybe that key hash is a return of the debug for when the AP tries to join the controller (and therefor is the right one....)

If you've already done the SSC steps, then I think resetting the AP to default and trying to reload the image is the best step...

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode