×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ERROR!!! Command is disabled.

Answered Question
Feb 12th, 2008
User Badges:

I have a lwapp 1130 here and it's no longer associated with the controller.  I issued the clear lwapp private-config, it went through and cleared the config.  Now when I try to issue the lwapp commands to set the ip and such i get ERROR!!! Command is disabled. I read that this means the static configuration is locked, but it did not say how to "unlock" it.  Any ideas or suggestions on how to get this re-enabled.


This information has been added in the following Document - https://supportforums.cisco.com/docs/DOC-21897

Correct Answer by smgreenshaw about 9 years 6 months ago

Hi,


In case anybody else gets stuck like I did, here's the procedure we eventually knocked together for recovering our locked out 1240AG AP's:


Recovery of Cisco 1240AG AP


This procedure tested working 14/02/08 with an AP with the default WLAN controller password left in.



Requirements:

• Cisco IOS WAP image (c1240-k9-w7-mx.124-10.b.JA)

• Cisco LWAPP recovery image (c1240-rcvk9w8-tar.123-7JX.tar)

• Cisco LWAPP upgrade tool

• TFTP Server

• Local PSU (not POE)



Local PSU is required - process doesn't appear to work with Ethernet connected as boot doesn't stop.


Power up WAP holding MODE button until LED turns Purple (approx 20 secs)


Console should go through boot banners, notice no Ethernet and dump to ap: prompt.


ap: IP_ADDR=a.a.a.a

ap: NETMASK=m.m.m.m

ap: DEFAULT_GATEWAY=g.g.g.g

ap: tftp_init


(message confirming tftp available should come back)


Plug in Ethernet on correct vlan to see WLAN controller (i.e. a.a.a.x).


ap: ether_init


Via your friendly local tftp server boot off a full IP image, in this case I extracted from the full .tar file and placed it on tftp server…


ap: boot tftp://x.x.x.x/c1240-k9-w7-mx.124-10.b.JA


AP should boot to ap> prompt and initialise. It may well generate r0.core and r1.core dump files as radio firmware not available.


Once settled:


ap> en (password in our case was the default) ap# conf t

ap(config)# int bvi1

ap(config-if)# ip address a.a.a.a m.m.m.m

ap(config-if)# line vty 0 4

ap(config-line)# login local

ap(config-line)# exit

ap(config)# username test password aptest

ap(config)# exit


Once this is done the AP should be alive on the network and you should be able to ping and telnet to it and logon. Enable secret will still be the default password.


Now you need to put the logon details in an ip.txt file for the Cisco WLAN recovery tool, we used the recovery tool's own tftp server and didn't enter WLC details.


Click Start and Cisco tool should contact the AP, telnet in, modify the config and download the recovery image and a basic config. Once done it will reboot the AP and it will go into lwapp discovery mode.


Steve.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (8 ratings)
Loading.

I just ran across a similar situation.


You'll need to hold down the "Mode" button during startup for a few seconds. That'll get you out of the controller mode, and should allow you to set the controller IP and so forth.


That said, if the AP is on the same subnet as the controller, you wouldn't need to set the IP address on the AP. That's supposed to be one of the benefits of using LWAPP APs.

Rob Huffman Tue, 02/12/2008 - 09:15
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Brock,


Just to add a note to the good info from Mike (5 points for this Mike!)


Here is why the command may be locked;


***The LAP was previously registered to a WLC, but the username/password was not changed from the default



So try this;


Once your LAP successfully registers with the WLC, the static LWAPP configuration commands (discussed in the previous section) are locked out and are no longer accessible. In order to re-enable the commands, you must have set the username and password while the LAP was joined to the previous controller.


When the LAP is registered to a controller, use this controller CLI command to set the AP's username and password:


config ap username password



From this doc;


http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml


Hope this helps!

Rob



smgreenshaw Wed, 02/13/2008 - 02:00
User Badges:

Hi,


I am having exactly the same issue. Is there no way of forcing a LWAP to it's default 'out of the box' state without requiring the WLC, do you know?


Regards,


Steve.

Rob Huffman Wed, 02/13/2008 - 06:07
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Steve,


If the LWAPP AP did have the username and password changed while the LAP was joined to the controller then this is available via the AP's console connection.



Here is one method;


Manually Resetting the Access Point to Defaults


You can manually reset your access point to default settings using this EXEC mode CLI command:




--------------------------------------------------------------------------------


Note This command requires the controller configured Enable password to enter the CLI EXEC mode.



--------------------------------------------------------------------------------


clear lwapp private-config


From this Troubleshooting doc;


http://www.cisco.com/en/US/docs/wireless/access_point/1130/installation/guide/113h_c4.html#wp1091061


Hope this helps!

Rob



Rob's right. That command should clear out the configs.


If that doesn't work for you, hold the "mode" button while the AP is starting up. That'll get the AP out of the controller mode (I forget exactly how many seconds...3 or 4? Until the light turns amber). Once there, you should be able to issue the commands that'll clear the configs.


It's a bit of a pain, so just keep playing around with it.

smgreenshaw Thu, 02/14/2008 - 02:07
User Badges:

Hi,


Thanks for your replies, guys.


I've tried resetting the device (1242AG) by holding diown the mode button. It shows:


button pressed for 20 seconds

process_config_recovery: set IP address and config to default 10.0.0.1

process_config_recovery: image recovery


Upon restarting though I still get the ERROR!!! when attepting to set the lwapp private-config. I also note that a 'show lwapp private-config' indicates that there is still a default gateway set. Again, I cannot 'clear' that due to the ERROR!!!


Steve.

Hey Steve,


Can you put that AP on the same subnet as the controller, and try to join it? You'll be able to reset it to factory configs then.


Also, are you getting any error messages during the operation of the controller when you're not typing in commands? If it doesn't spit errors are you, and doesn't keep restarting itself, it's out of the joined mode. At that point, you may not be able to issue the clear private config command, but you should be able to set the lwapp ap controller ip address command (I think that's what it is).

smgreenshaw Thu, 02/14/2008 - 08:12
User Badges:

Hi,


Eventually ended up going the looooong way round. Returned the unit to autonymous mode and then used the upgrade tool etc. to take it back to LAP. Associated with the WLC no problem and is now back under control.


Problem arose due to the WLC and LAP having been setup a while ago in a test lab by external contractors. They did not give it a new username / password. They then re-installed the WLC on the live environment - leaving me with an orphan LAP.


At least I now know that if all else fails it is possible to rescue stubborn LAPs!


Thanks again for your input guys.


Steve.

Correct Answer
smgreenshaw Fri, 02/15/2008 - 00:37
User Badges:

Hi,


In case anybody else gets stuck like I did, here's the procedure we eventually knocked together for recovering our locked out 1240AG AP's:


Recovery of Cisco 1240AG AP


This procedure tested working 14/02/08 with an AP with the default WLAN controller password left in.



Requirements:

• Cisco IOS WAP image (c1240-k9-w7-mx.124-10.b.JA)

• Cisco LWAPP recovery image (c1240-rcvk9w8-tar.123-7JX.tar)

• Cisco LWAPP upgrade tool

• TFTP Server

• Local PSU (not POE)



Local PSU is required - process doesn't appear to work with Ethernet connected as boot doesn't stop.


Power up WAP holding MODE button until LED turns Purple (approx 20 secs)


Console should go through boot banners, notice no Ethernet and dump to ap: prompt.


ap: IP_ADDR=a.a.a.a

ap: NETMASK=m.m.m.m

ap: DEFAULT_GATEWAY=g.g.g.g

ap: tftp_init


(message confirming tftp available should come back)


Plug in Ethernet on correct vlan to see WLAN controller (i.e. a.a.a.x).


ap: ether_init


Via your friendly local tftp server boot off a full IP image, in this case I extracted from the full .tar file and placed it on tftp server…


ap: boot tftp://x.x.x.x/c1240-k9-w7-mx.124-10.b.JA


AP should boot to ap> prompt and initialise. It may well generate r0.core and r1.core dump files as radio firmware not available.


Once settled:


ap> en (password in our case was the default) ap# conf t

ap(config)# int bvi1

ap(config-if)# ip address a.a.a.a m.m.m.m

ap(config-if)# line vty 0 4

ap(config-line)# login local

ap(config-line)# exit

ap(config)# username test password aptest

ap(config)# exit


Once this is done the AP should be alive on the network and you should be able to ping and telnet to it and logon. Enable secret will still be the default password.


Now you need to put the logon details in an ip.txt file for the Cisco WLAN recovery tool, we used the recovery tool's own tftp server and didn't enter WLC details.


Click Start and Cisco tool should contact the AP, telnet in, modify the config and download the recovery image and a basic config. Once done it will reboot the AP and it will go into lwapp discovery mode.


Steve.

brock0150 Fri, 02/15/2008 - 08:16
User Badges:

Thanks this worked fine converting it back to autonomous mode. although it somehow lost it's radio's and can't be converted back to lwapp. i believe this wap had issues anyways. So it would of worked fine if it wasn't for that.

smgreenshaw Fri, 02/15/2008 - 08:26
User Badges:

Hi,


To get the radio up you'll actually have to untar the full package (c1240-k9w7-tar.124-10b.JA.tar) as this has the firmware for the wireless:


AP: tar -xtract tftp://x.x.x.x/c1240-k9w7-tar.124-10b.JA.tar flash:/


The workaround we had was specifically to get it back to a 'configurable' state so that we could use the upgrade tool to convert it to a clean LAP. There is no need or capacity to use wireless for this process - it's all done over ethernet - so we did not load the radio firmware (hence the r0.core and r1.core dumps).


Hope that helps ...


Steve.

Rob Huffman Fri, 02/15/2008 - 19:05
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hey Steve,


Thanks for posting up this very good resolution! 5 points from this end for this great info.


Thanks again,

Rob

brock0150 Sat, 02/16/2008 - 09:29
User Badges:

Thanks Steve, this helped. It works now, I appreciate your help.

Andras Dosztal Fri, 05/09/2008 - 04:00
User Badges:
  • Silver, 250 points or more

I had the same problem, the solution is easy if the recovery image is still on the AP.



First, check the flash:

lap_1242_1#dir

Directory of flash:/


2 -rwx 279 May 09 2008 11:52:20 +00:00 env_vars

4 -rwx 6168 May 09 2008 11:52:20 +00:00 private-multiple-fs

6 drwx 256 May 09 2008 11:49:05 +00:00 c1240-k9w8-mx.124-3g.JA2

5 drwx 128 Mar 01 2002 00:03:43 +00:00 c1240-rcvk9w8-mx


15998976 bytes total (10716672 bytes free)



Then delete the LWAPP image:

lap_1242_1#delete /r /f flash:/c1240-k9w8-mx.124-3g.JA2



Thirdly reload the AP:

lap_1242_1#reload



You'll end up with a clear AP.


Regards,

Andras

rparrat666 Mon, 02/22/2010 - 15:37
User Badges:

Hi everyone, I was stuck with an AP that were on a Lab and associated to a WLC we don’t have anymore.

None of the procedures were working and we never change the enable password of the ap while it was associated, so I decide to perform the last procedure (erase de .JA2 file). Now the AP its not booting. It gets stock right here:

ap:
IOS Bootloader - Starting system.

Xmodem file system is available.

flashfs[0]: 3 files, 1 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 31868928

flashfs[0]: Bytes used: 14848

flashfs[0]: Bytes available: 31854080

flashfs[0]: flashfs fsck took 13 seconds.

Reading cookie from flash parameter block...done.

Base Ethernet MAC address: 00:27:0d:e4:03:6c


The system is unable to boot automatically because there

are no bootable files.


C1250 Boot Loader (C1250-BOOT-M) Version 12.4(18a)JA1, RELEASE SOFTWARE (fc1)

Technical Support:
http://www.cisco.com/techsupport
Compiled Fri 23-Jan-09 20:46 by prod_rel_team

I check an the recovery image still on the AP:

4  drwx         320  Jan 26 2010 01:58:26 +00:00  c1250-k9w8-mx.124-21a.JA2
    5  drwx         128   Mar 1 2002 00:02:02 +00:00 c1250-rcvk9w8-mxp

It is a LWAPP 1250.

Any help? please.

Leo Laohoo Mon, 02/22/2010 - 17:30
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

What's in the subdirectory "c1250-k9w8-mx.124-21a.JA2"?  What available flash do you have left?  What command did you use to delete the file(s)?

rparrat666 Tue, 02/23/2010 - 13:59
User Badges:

Well, I went into the complete porches of recovering the autonomous IOS and then upgrade it to LWAPP. The AP its working fine, It’s painful to perform all the process, but looks the only way to enable the “lwapp ap” commands without the previous registered controller.

Leo Laohoo Tue, 02/23/2010 - 14:07
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

That will depend entirely on the firmware of the WLC. 

Fraser Reid Mon, 12/06/2010 - 04:53
User Badges:


AP0007.0e2a.725e#clear lwapp private-config
ERROR!!! Command is disabled.


I have the problem that the clear command cannot be issued.........



Any more ideas ?


software is......


System image file is "flash:/c1130-k9w8-mx.124-3g.JA2/c1130-k9w8-mx.124-3g.JA2"

Surendra BG Mon, 12/06/2010 - 05:01
User Badges:
  • Cisco Employee,

Hi Fraser,


try this..


1. Disconnect the AP from the LAN (e.g. shutdown the switchport)

2. ap#debug lwapp console cli  (use "debug capwap console cli" if running 5.2
or above)

3. ap#write erase

4. ap#reload

5. After reloading, try using the same command.. or check the flash to see if still we are able t osee the private config.


lemme know if this helps you!!


Regards

Surendra

Surendra BG Mon, 12/06/2010 - 05:15
User Badges:
  • Cisco Employee,

"This didn't help as the copmmands are not available in my IOS......sorry"


Which command?? DEBUG LWAPP CONSOLE CLI??


Regards

Surendra

Surendra BG Mon, 12/06/2010 - 05:17
User Badges:
  • Cisco Employee,

"This didn't help as the copmmands are not available in my IOS......sorry"


Which command?? DEBUG LWAPP CONSOLE CLI??


DEBUG LWAPP CONSOLE CLI or DEBUG CAPWAP CONSOLE CLI is the hidden command.. we need to enter the complete command..


lemme know if we still not able to do it..


Regards

Surendra

Fraser Reid Mon, 12/06/2010 - 05:34
User Badges:

hidden commands in an AP !

Nice


Just typed it in.........and,,,,,,still not playing.........


The command is still not allowed


should I reload the IOS ?

Surendra BG Mon, 12/06/2010 - 07:47
User Badges:
  • Cisco Employee,

yes please.. try upgrading the IOS and lemme know..


Regards

Surendra

Surendra BG Mon, 12/06/2010 - 07:48
User Badges:
  • Cisco Employee,

it will be great if you could paste the output that yo uget when u try giving the command "debug lwapp console cli"


Regards

Surendra

Leo Laohoo Mon, 12/06/2010 - 16:57
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless


System image file is "flash:/c1130-k9w8-mx.124-3g.JA2/c1130-k9w8-mx.124-3g.JA2"

"Command is disabled" is due to the following reason:


1.  You are running an old LWAP (full) image:

2.  You are running an LWAP (full) image;


Here's how you fix it:


1.  Do a "dir" on your AP and you should see two sub-directories.  One is the subdirectory of the full LWAP image and the other has the "rcv" or lite LWAP image.


2.  Delete the  subdirectory of the full LWAP image (command:  delete /f /r flash:/c1130-k9w8-mx.124-3g.JA2);

3.  Reboot your AP.

Fraser Reid Tue, 12/07/2010 - 01:03
User Badges:

Thank you all for your help in this - I will try everything I can until this works - but to note - there is only 1 LAP IOS and 1 Aut IOS on the device.


Fraser Reid

--

Fraser Reid


GMX DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit

gratis Notebook-Flat! http://portal.gmx.net/de/go/dsl

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode