Downgrading AP running 5.2 to 5.1

Unanswered Question
Feb 19th, 2009
User Badges:

Dear all,


I'm using to WLC 4402, one running on 5.1.151 and one running on 5.2.157.


I have an AP previously connected on 5.2.157 WLC controller and I try to move this on other site where the controller is running 5.1.151. The problem is this AP is not able to attach the 5.1.151.


I can see in log, the AP started with CAPWAP protocol and after try LWAPP but on the controller I have this kind of message below:


(Cisco Controller) >*Feb 19 12:54:20.646: Received a packet which is a (type = DISCOVERY_REQUEST) with session id 0


*Feb 19 12:54:25.900: Send AP Timesync of 1235044465 source SERVER

*Feb 19 12:54:28.548: Send AP Timesync of 1235044468 source SERVER

*Feb 19 12:54:30.647: Received a packet which is a (type = DISCOVERY_REQUEST) with session id 0


*Feb 19 12:54:32.172: Send AP Timesync of 1235044472 source SERVER

*Feb 19 12:54:40.648: Received a packet which is a (type = DISCOVERY_REQUEST) with session id 0


*Feb 19 12:54:40.964: Send AP Timesync of 1235044480 source SERVER

*Feb 19 12:54:47.987: Send AP Timesync of 1235044487 source SERVER

Don't know if messages are in relation with this problem.


So, my question is how to downgrade from 5.2 AP to 5.1 AP ?


Thanks in advance for you help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dennischolmes Thu, 02/19/2009 - 05:05
User Badges:
  • Gold, 750 points or more

According to Cisco the APs should be able to boot on either controller. Insure the date and time on both controllers is correct for certificate issues. Now, the bad news, I ran into this same issue a while back. I had to go to the 5.2 controller and reset the AP to factory defaults, disconnect before it could reboot, then attach to the LWAPP controller.

dennischolmes Thu, 02/19/2009 - 15:17
User Badges:
  • Gold, 750 points or more

The reason is that the older code is LWAPP and the new code is CAPWAP. The APs are flipping back and forth on the different code versions.

Johannes Luther Wed, 02/25/2009 - 22:16
User Badges:

I had the same isse. The AP on the 4.2 version had a primary, secondary configuration.


To force an old AP to the new controller, the primary-base it set to the 5.2 controller. The bad thing was, that after AP firmware upgrade, the primary, secondary-base config was gone. So there is a slightly chance, that the AP connects to the old controller again and do a downgrade. And so on .......


Just for migration purposes (until both controllers are migrated to 5.2), I used the "Master Controller Mode" on the 5.2 controller. APs without primary and secondary-base config prefer the "Master Controller"


Hope that helps.

Leo Laohoo Thu, 02/19/2009 - 15:11
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

It's none of my business but I'm just curious, but why are you running two different codes? When an AP goes from from one WLC with 5.1 code to another WLC with 5.2 code (or vice versa), the AP will upgrade/downgrade the firmware and reboot.


How is the time synchronized on both WLC?


How are you you trying to get the AP to swing from one controller to another?


How many AP's can the WLC with 5.1 codes support and how many are currently joined?


Regarding your question "how to downgrade from 5.2 AP to 5.1 AP": Let the AP join the WLC with 5.1 and the WLC (5.1) will push the codes to this AP automatically.


Hope this helps?

yabilteryst Fri, 02/20/2009 - 00:02
User Badges:

After some tests, here more informations about.


a AIR-LAP1242AG-E-K9 moving from 5.1 to 5.2 and 5.2 to 5.1, no problem


a AIR-AP1242AG-E-K9 (transformed to LAP) moving from 5.1 to 5.2 OK, moving from 5.2 to 5.1, there is a issue.



My main problem is the AIR-AP1242AG-E-K9 which has this problem is not in my site, so, I'm not able to connect with CONSOLE to "clear lwapp private-config".


My idea now, is to move this AP to Autonomous AP remotely (if possible, never done), clear private-config and rechange to LAP.


I will keep you inform about.



dennischolmes Fri, 02/20/2009 - 04:30
User Badges:
  • Gold, 750 points or more

The problem is the certificate if I was betting. The converted APs have a self signed certificate that the hash is put on the original controller it connects to. This certificate is critical to the forming of the LWAPP tunnel for control packets between the AP and the controller. 5.2 uses CAPWAP as the protocol. CAPWAP uses a different methodolgy of communicating to the AP from the controller called dtls encrytption. I am betting that the certificate is the issue. The reconversion you speak of should take care of your problem as the controller it attaches to will get the hash from the self signed certificate for LWAPP that is installed on the AP at time of conversion. When the AP reverted from CAPWAP 5.2 to LWAPP 5.1 it probably corrupted or didnt reinstall the self signed cert.

Darren Ramsey Fri, 02/20/2009 - 23:01
User Badges:
  • Silver, 250 points or more

AP's shipped after July 18, 2005 had Cisco MIC instead of SSC. Seems like the 1242 were MIC from the start. You can downgrade to IOS and then back to LWAPP recovery image with TFTP. If the AP is connected to the WLC, you can execute "config ap tftp-downgrade" from the WLC CLI and remote downgrade to IOS. The AP should reload to IOS and get a DHCP address. Telnet to the AP IP address and "archive-download" the LWAPP recovery image. Reload and you should be back in business for 5.1.

yabilteryst Tue, 02/24/2009 - 05:30
User Badges:

I did exactly as mentioned without success. each time, AP goes on the 5.2 controller although DHCP 43 and CISCO-LWAPP-CONTROLLER Entry in DNS are set to the 5.1 controller.


Darren Ramsey Tue, 02/24/2009 - 05:53
User Badges:
  • Silver, 250 points or more

Are the controllers in a mobility group or is the 5.2 WLC the Master?

yabilteryst Tue, 02/24/2009 - 06:00
User Badges:

2 controllers are in 2 different Mobility groups because are dedicated to specific LANs in different site.


Darren Ramsey Tue, 02/24/2009 - 12:11
User Badges:
  • Silver, 250 points or more

Something must be steering you to the 5.2 controller. When the AP boots, the console should show your Opt 43 value and DNS controller IP. Do these show the 5.1 WLC or 5.2 WLC? I'd be curious if you are able to resolve this issue as we are looking at 5.2 for 1142AP support.

Leo Laohoo Wed, 02/25/2009 - 19:32
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Are you trying to steer this AP to the 5.1 controller?


Try this command on the 5.2 controller (this is where the AP is):


config ap primary-base wlc_name wlc_management_ip_address ap_name


Give about 10 seconds and the AP should join the 5.1 controller.


Hope this helps you.

yabilteryst Wed, 02/25/2009 - 23:33
User Badges:

Not working, each time the AP joins the 5.2 controller although the primary controller is set to 5.1 controller.

bfowles Thu, 02/26/2009 - 07:05
User Badges:

I think you have possibly hit the bug ref. CSCsr08256


An AP running CAPWAP image does not Join LWAPP primary controller.


Basically this is when you have 5.2.157.0 or earlier (LWAPP) release controller on the network.


The bug has been fix an integrated in 5.2.176.0 which is available for download.


Barry

bfowles Thu, 02/26/2009 - 07:07
User Badges:

Sorry I meant when you have CAPWAP release 5.2.157.0 plus an earlier LWAPP release controller on the same network.


dennischolmes Thu, 02/26/2009 - 07:26
User Badges:
  • Gold, 750 points or more

Exactly the point I was making above.

Actions

This Discussion

 

 

Trending Topics - Security & Network