Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ERROR!!! Command is disabled.

I have a lwapp 1130 here and it's no longer associated with the controller.  I issued the clear lwapp private-config, it went through and cleared the config.  Now when I try to issue the lwapp commands to set the ip and such i get ERROR!!! Command is disabled. I read that this means the static configuration is locked, but it did not say how to "unlock" it.  Any ideas or suggestions on how to get this re-enabled.

This information has been added in the following Document - https://supportforums.cisco.com/docs/DOC-21897

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: ERROR!!! Command is disabled.

Hi,

In case anybody else gets stuck like I did, here's the procedure we eventually knocked together for recovering our locked out 1240AG AP's:

Recovery of Cisco 1240AG AP

This procedure tested working 14/02/08 with an AP with the default WLAN controller password left in.

Requirements:

• Cisco IOS WAP image (c1240-k9-w7-mx.124-10.b.JA)

• Cisco LWAPP recovery image (c1240-rcvk9w8-tar.123-7JX.tar)

• Cisco LWAPP upgrade tool

• TFTP Server

• Local PSU (not POE)

Local PSU is required - process doesn't appear to work with Ethernet connected as boot doesn't stop.

Power up WAP holding MODE button until LED turns Purple (approx 20 secs)

Console should go through boot banners, notice no Ethernet and dump to ap: prompt.

ap: IP_ADDR=a.a.a.a

ap: NETMASK=m.m.m.m

ap: DEFAULT_GATEWAY=g.g.g.g

ap: tftp_init

(message confirming tftp available should come back)

Plug in Ethernet on correct vlan to see WLAN controller (i.e. a.a.a.x).

ap: ether_init

Via your friendly local tftp server boot off a full IP image, in this case I extracted from the full .tar file and placed it on tftp server…

ap: boot tftp://x.x.x.x/c1240-k9-w7-mx.124-10.b.JA

AP should boot to ap> prompt and initialise. It may well generate r0.core and r1.core dump files as radio firmware not available.

Once settled:

ap> en (password in our case was the default) ap# conf t

ap(config)# int bvi1

ap(config-if)# ip address a.a.a.a m.m.m.m

ap(config-if)# line vty 0 4

ap(config-line)# login local

ap(config-line)# exit

ap(config)# username test password aptest

ap(config)# exit

Once this is done the AP should be alive on the network and you should be able to ping and telnet to it and logon. Enable secret will still be the default password.

Now you need to put the logon details in an ip.txt file for the Cisco WLAN recovery tool, we used the recovery tool's own tftp server and didn't enter WLC details.

Click Start and Cisco tool should contact the AP, telnet in, modify the config and download the recovery image and a basic config. Once done it will reboot the AP and it will go into lwapp discovery mode.

Steve.

31 REPLIES
Community Member

Re: ERROR!!! Command is disabled.

I just ran across a similar situation.

You'll need to hold down the "Mode" button during startup for a few seconds. That'll get you out of the controller mode, and should allow you to set the controller IP and so forth.

That said, if the AP is on the same subnet as the controller, you wouldn't need to set the IP address on the AP. That's supposed to be one of the benefits of using LWAPP APs.

Hall of Fame Super Red

Re: ERROR!!! Command is disabled.

Hi Brock,

Just to add a note to the good info from Mike (5 points for this Mike!)

Here is why the command may be locked;

***The LAP was previously registered to a WLC, but the username/password was not changed from the default

So try this;

Once your LAP successfully registers with the WLC, the static LWAPP configuration commands (discussed in the previous section) are locked out and are no longer accessible. In order to re-enable the commands, you must have set the username and password while the LAP was joined to the previous controller.

When the LAP is registered to a controller, use this controller CLI command to set the AP's username and password:

config ap username password

From this doc;

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml

Hope this helps!

Rob

Community Member

Re: ERROR!!! Command is disabled.

Hi,

I am having exactly the same issue. Is there no way of forcing a LWAP to it's default 'out of the box' state without requiring the WLC, do you know?

Regards,

Steve.

Hall of Fame Super Red

Re: ERROR!!! Command is disabled.

Hi Steve,

If the LWAPP AP did have the username and password changed while the LAP was joined to the controller then this is available via the AP's console connection.

Here is one method;

Manually Resetting the Access Point to Defaults

You can manually reset your access point to default settings using this EXEC mode CLI command:

--------------------------------------------------------------------------------

Note This command requires the controller configured Enable password to enter the CLI EXEC mode.

--------------------------------------------------------------------------------

clear lwapp private-config

From this Troubleshooting doc;

http://www.cisco.com/en/US/docs/wireless/access_point/1130/installation/guide/113h_c4.html#wp1091061

Hope this helps!

Rob

Community Member

Re: ERROR!!! Command is disabled.

Rob's right. That command should clear out the configs.

If that doesn't work for you, hold the "mode" button while the AP is starting up. That'll get the AP out of the controller mode (I forget exactly how many seconds...3 or 4? Until the light turns amber). Once there, you should be able to issue the commands that'll clear the configs.

It's a bit of a pain, so just keep playing around with it.

Community Member

Re: ERROR!!! Command is disabled.

Hi,

Thanks for your replies, guys.

I've tried resetting the device (1242AG) by holding diown the mode button. It shows:

button pressed for 20 seconds

process_config_recovery: set IP address and config to default 10.0.0.1

process_config_recovery: image recovery

Upon restarting though I still get the ERROR!!! when attepting to set the lwapp private-config. I also note that a 'show lwapp private-config' indicates that there is still a default gateway set. Again, I cannot 'clear' that due to the ERROR!!!

Steve.

Community Member

Re: ERROR!!! Command is disabled.

Hey Steve,

Can you put that AP on the same subnet as the controller, and try to join it? You'll be able to reset it to factory configs then.

Also, are you getting any error messages during the operation of the controller when you're not typing in commands? If it doesn't spit errors are you, and doesn't keep restarting itself, it's out of the joined mode. At that point, you may not be able to issue the clear private config command, but you should be able to set the lwapp ap controller ip address command (I think that's what it is).

Community Member

Re: ERROR!!! Command is disabled.

Hi,

Eventually ended up going the looooong way round. Returned the unit to autonymous mode and then used the upgrade tool etc. to take it back to LAP. Associated with the WLC no problem and is now back under control.

Problem arose due to the WLC and LAP having been setup a while ago in a test lab by external contractors. They did not give it a new username / password. They then re-installed the WLC on the live environment - leaving me with an orphan LAP.

At least I now know that if all else fails it is possible to rescue stubborn LAPs!

Thanks again for your input guys.

Steve.

Community Member

Re: ERROR!!! Command is disabled.

Damn contractors.

;)

Community Member

Re: ERROR!!! Command is disabled.

Hi,

In case anybody else gets stuck like I did, here's the procedure we eventually knocked together for recovering our locked out 1240AG AP's:

Recovery of Cisco 1240AG AP

This procedure tested working 14/02/08 with an AP with the default WLAN controller password left in.

Requirements:

• Cisco IOS WAP image (c1240-k9-w7-mx.124-10.b.JA)

• Cisco LWAPP recovery image (c1240-rcvk9w8-tar.123-7JX.tar)

• Cisco LWAPP upgrade tool

• TFTP Server

• Local PSU (not POE)

Local PSU is required - process doesn't appear to work with Ethernet connected as boot doesn't stop.

Power up WAP holding MODE button until LED turns Purple (approx 20 secs)

Console should go through boot banners, notice no Ethernet and dump to ap: prompt.

ap: IP_ADDR=a.a.a.a

ap: NETMASK=m.m.m.m

ap: DEFAULT_GATEWAY=g.g.g.g

ap: tftp_init

(message confirming tftp available should come back)

Plug in Ethernet on correct vlan to see WLAN controller (i.e. a.a.a.x).

ap: ether_init

Via your friendly local tftp server boot off a full IP image, in this case I extracted from the full .tar file and placed it on tftp server…

ap: boot tftp://x.x.x.x/c1240-k9-w7-mx.124-10.b.JA

AP should boot to ap> prompt and initialise. It may well generate r0.core and r1.core dump files as radio firmware not available.

Once settled:

ap> en (password in our case was the default) ap# conf t

ap(config)# int bvi1

ap(config-if)# ip address a.a.a.a m.m.m.m

ap(config-if)# line vty 0 4

ap(config-line)# login local

ap(config-line)# exit

ap(config)# username test password aptest

ap(config)# exit

Once this is done the AP should be alive on the network and you should be able to ping and telnet to it and logon. Enable secret will still be the default password.

Now you need to put the logon details in an ip.txt file for the Cisco WLAN recovery tool, we used the recovery tool's own tftp server and didn't enter WLC details.

Click Start and Cisco tool should contact the AP, telnet in, modify the config and download the recovery image and a basic config. Once done it will reboot the AP and it will go into lwapp discovery mode.

Steve.

Community Member

Re: ERROR!!! Command is disabled.

Right on.

Thanks for the info.

Community Member

Re: ERROR!!! Command is disabled.

Thanks this worked fine converting it back to autonomous mode. although it somehow lost it's radio's and can't be converted back to lwapp. i believe this wap had issues anyways. So it would of worked fine if it wasn't for that.

Community Member

Re: ERROR!!! Command is disabled.

Hi,

To get the radio up you'll actually have to untar the full package (c1240-k9w7-tar.124-10b.JA.tar) as this has the firmware for the wireless:

AP: tar -xtract tftp://x.x.x.x/c1240-k9w7-tar.124-10b.JA.tar flash:/

The workaround we had was specifically to get it back to a 'configurable' state so that we could use the upgrade tool to convert it to a clean LAP. There is no need or capacity to use wireless for this process - it's all done over ethernet - so we did not load the radio firmware (hence the r0.core and r1.core dumps).

Hope that helps ...

Steve.

Hall of Fame Super Red

Re: ERROR!!! Command is disabled.

Hey Steve,

Thanks for posting up this very good resolution! 5 points from this end for this great info.

Thanks again,

Rob

Community Member

Re: ERROR!!! Command is disabled.

Thanks Steve, this helped. It works now, I appreciate your help.

Re: ERROR!!! Command is disabled.

I had the same problem, the solution is easy if the recovery image is still on the AP.

First, check the flash:

lap_1242_1#dir

Directory of flash:/

2 -rwx 279 May 09 2008 11:52:20 +00:00 env_vars

4 -rwx 6168 May 09 2008 11:52:20 +00:00 private-multiple-fs

6 drwx 256 May 09 2008 11:49:05 +00:00 c1240-k9w8-mx.124-3g.JA2

5 drwx 128 Mar 01 2002 00:03:43 +00:00 c1240-rcvk9w8-mx

15998976 bytes total (10716672 bytes free)

Then delete the LWAPP image:

lap_1242_1#delete /r /f flash:/c1240-k9w8-mx.124-3g.JA2

Thirdly reload the AP:

lap_1242_1#reload

You'll end up with a clear AP.

Regards,

Andras

Community Member

Re: ERROR!!! Command is disabled.

Hi everyone, I was stuck with an AP that were on a Lab and associated to a WLC we don’t have anymore.

None of the procedures were working and we never change the enable password of the ap while it was associated, so I decide to perform the last procedure (erase de .JA2 file). Now the AP its not booting. It gets stock right here:

ap:
IOS Bootloader - Starting system.

Xmodem file system is available.

flashfs[0]: 3 files, 1 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 31868928

flashfs[0]: Bytes used: 14848

flashfs[0]: Bytes available: 31854080

flashfs[0]: flashfs fsck took 13 seconds.

Reading cookie from flash parameter block...done.

Base Ethernet MAC address: 00:27:0d:e4:03:6c


The system is unable to boot automatically because there

are no bootable files.


C1250 Boot Loader (C1250-BOOT-M) Version 12.4(18a)JA1, RELEASE SOFTWARE (fc1)

Technical Support:
http://www.cisco.com/techsupport
Compiled Fri 23-Jan-09 20:46 by prod_rel_team

I check an the recovery image still on the AP:

4  drwx         320  Jan 26 2010 01:58:26 +00:00  c1250-k9w8-mx.124-21a.JA2
    5  drwx         128   Mar 1 2002 00:02:02 +00:00 c1250-rcvk9w8-mxp

It is a LWAPP 1250.

Any help? please.

Hall of Fame Super Gold

Re: ERROR!!! Command is disabled.

What's in the subdirectory "c1250-k9w8-mx.124-21a.JA2"?  What available flash do you have left?  What command did you use to delete the file(s)?

Community Member

Re: ERROR!!! Command is disabled.

Well, I went into the complete porches of recovering the autonomous IOS and then upgrade it to LWAPP. The AP its working fine, It’s painful to perform all the process, but looks the only way to enable the “lwapp ap” commands without the previous registered controller.

Hall of Fame Super Gold

Re: ERROR!!! Command is disabled.

That will depend entirely on the firmware of the WLC. 

Community Member

Re: ERROR!!! Command is disabled.


AP0007.0e2a.725e#clear lwapp private-config
ERROR!!! Command is disabled.

I have the problem that the clear command cannot be issued.........

Any more ideas ?

software is......

System image file is "flash:/c1130-k9w8-mx.124-3g.JA2/c1130-k9w8-mx.124-3g.JA2"

Cisco Employee

Re: ERROR!!! Command is disabled.

Hi Fraser,

try this..

1. Disconnect the AP from the LAN (e.g. shutdown the switchport)

2. ap#debug lwapp console cli  (use "debug capwap console cli" if running 5.2
or above)

3. ap#write erase

4. ap#reload

5. After reloading, try using the same command.. or check the flash to see if still we are able t osee the private config.

lemme know if this helps you!!

Regards

Surendra

Community Member

Re: ERROR!!! Command is disabled.

This didn't help as the copmmands are not available in my IOS......sorry

Fraser

--

Fraser Reid

GRATIS! Movie-FLAT mit über 300 Videos.

Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome

Cisco Employee

Re: ERROR!!! Command is disabled.

"This didn't help as the copmmands are not available in my IOS......sorry"

Which command?? DEBUG LWAPP CONSOLE CLI??

Regards

Surendra

Cisco Employee

Re: ERROR!!! Command is disabled.

"This didn't help as the copmmands are not available in my IOS......sorry"

Which command?? DEBUG LWAPP CONSOLE CLI??

DEBUG LWAPP CONSOLE CLI or DEBUG CAPWAP CONSOLE CLI is the hidden command.. we need to enter the complete command..

lemme know if we still not able to do it..

Regards

Surendra

Community Member

Re: ERROR!!! Command is disabled.

hidden commands in an AP !

Nice

Just typed it in.........and,,,,,,still not playing.........

The command is still not allowed

should I reload the IOS ?

Cisco Employee

Re: ERROR!!! Command is disabled.

yes please.. try upgrading the IOS and lemme know..

Regards

Surendra

Cisco Employee

Re: ERROR!!! Command is disabled.

it will be great if you could paste the output that yo uget when u try giving the command "debug lwapp console cli"

Regards

Surendra

Hall of Fame Super Gold

Re: ERROR!!! Command is disabled.

System image file is "flash:/c1130-k9w8-mx.124-3g.JA2/c1130-k9w8-mx.124-3g.JA2"

"Command is disabled" is due to the following reason:

1.  You are running an old LWAP (full) image:

2.  You are running an LWAP (full) image;

Here's how you fix it:

1.  Do a "dir" on your AP and you should see two sub-directories.  One is the subdirectory of the full LWAP image and the other has the "rcv" or lite LWAP image.

2.  Delete the  subdirectory of the full LWAP image (command:  delete /f /r flash:/c1130-k9w8-mx.124-3g.JA2);

3.  Reboot your AP.

15543
Views
35
Helpful
31
Replies
CreatePlease to create content