Managing Software

Upgrading the Controller Software

When you upgrade the controller software, the software on the access points associated with the controller is also automatically upgraded. When an access point is loading software, each of its LEDs blinks in succession.


Caution


Do not power down the controller or any access point during this process; otherwise, the software image could be corrupted. Upgrading a controller with a large number of access points can take as long as 30 minutes, depending on the size of your network. However, with the increased number of concurrent access point upgrades supported in the controller software release, the upgrade time should be significantly reduced. The access points must remain powered, and the controller must not be reset during this time.

Guidelines and Restrictions for Upgrading Controller Software

The following are some of the general guidelines and restrictions that are applicable when upgrading the controller software. For any release-specific restrictions, see the relevant release notes.

For correct interoperability among Cisco Wireless infrastructure, including but not limited to mobility among controllers, AP compatibility, see the Cisco Wireless Solutions Software Compatibility Matrix at:

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

  • For every software upgrade, see the corresponding release notes for any caveats, considerations, or possible interim upgrades required to upgrade your controller to the desired release of software.

  • For customers with Cisco Catalyst 9117 Series APs in their network: Due to an increase in the Cisco controller image size, the Cisco controller software images are split into two images:

    • Base Install image, which includes the Cisco controller image and a subset of AP images

    • Supplementary AP Bundle image, which includes AP9117 images that are excluded from the Base Install image


    Note


    Download and install the Supplementary AP Bundle image only if you are using the Cisco Catalyst 9117 AP.
  • We recommend that you have a backup of your configuration in an external repository before any software upgrade activity.

  • Ensure that the configuration file that you back up does not contain < or > special character. If either of the special characters is present, then the download of the backed up configuration file fails.

  • The upgrade of the controller software, with a fast connection to your TFTP, SFTP, or FTP file server, can take approximately 15 to 25 minutes or less from the start of the software transfer to reboot of controller (might take longer if the upgrade also includes a Field Upgrade Software installation during the same maintenance window). The time required for the upgrade of the associated APs might vary from one network to another, due to a variety of deployment-specific factors, such as number of APs associated with controller, speed of network connectivity between a given AP and the controller, and so on.

  • We recommend that, during the upgrade process, you do not power off controller or any AP associated with the controller.

  • Controllers support standard SNMP Management Information Base (MIB) files. MIBs can be downloaded from the Download Software area in Cisco.com.

  • The objects under the SNMP table bsnAPIfDot11CountersEntry like bsnAPIfDot11RetryCount, bsnAPIfDot11TransmittedFrameCount, and so on, per SNMP MIB description, are defined to use the index as 802.3 (Ethernet) MAC address of the AP. However, the controller sends the AP radio MAC address in snmpget, getnext, and getbulk. This is because the snmpwalk returns index using base radio MAC address instead of the AP Ethernet MAC address.

  • You can reduce the network downtime using the following options:

    • You can predownload the AP image.

      For more information about predownloading the AP image, see the "Predownloading an Image to an Access Point" section.

    • For FlexConnect access points, use the FlexConnect Efficient AP upgrade feature to reduce traffic between the controller and the AP (main site and the branch).

      For more information about configuring FlexConnect AP upgrades, see the Configuring FlexConnect AP Upgrades for FlexConnect APs section.

  • Cisco AireOS 3504 Controller: If the controller has been running for more than 450 days, ensure that you free up the flash memory before downloading the software image to the controller. For more information, see CSCwh98302.

Upgrading Controller Software (GUI)

Before you begin

Before upgrading the controller software, we recommend that you consult relevant release notes for any release-specific restrictions.

Procedure


Step 1

Upload your controller configuration files to a server to back them up.

Note

 
We highly recommend that you back up your configuration files of the controller prior to upgrading the controller software. Otherwise, you must manually reconfigure the controller.

Step 2

Get the controller software image by following these steps:

  1. Browse to http://www.cisco.com/cisco/software/navigator.html.

  2. Choose Wireless > Wireless LAN Controller.

    The following options are available: Integrated Controllers and Controller Modules, Mobility Express, and Standalone Controllers.

  3. Depending on your controller platform, click one of the above options.

  4. Click the controller model number or name. The Download Software page is displayed.

  5. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:

    Early Deployment (ED)—These software releases provide new features, new hardware platform support, and bug fixes.

    Maintenance Deployment (MD)—These software releases provide bug fixes and ongoing software maintenance.

    Deferred (DF)—These software releases have been deferred. We recommend that you migrate to an upgraded release.

  6. Choose a software release number.

  7. Click the filename (filename.aes).

  8. Click Download.

  9. Read Cisco’s End User Software License Agreement and then click Agree.

  10. Save the file to your hard drive.

  11. Repeat steps a through k to download the remaining file.

Step 3

Copy the controller software image (filename.aes) to the default directory on your TFTP or FTP server.

Note

 

In Release 8.1 and later releases, transfer over HTTP is also supported.

Step 4

(Optional) Disable the 802.11 networks.

Note

 
For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11 networks as a precautionary measure.

Step 5

Choose Commands > Download File to open the Download File to Controller page.

Step 6

From the File Type drop-down list, choose Code.

Step 7

From the Transfer Mode drop-down list, choose from the following options:

  • TFTP
  • FTP
  • SFTP (available in 7.4 and later releases)
  • HTTP (available in 8.1 and later releases)

Step 8

In the IP Address field, enter the IP address of the server.

Step 9

(Optional) If you are using a TFTP server, the default values of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries field and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout field.

Step 10

In the File Path field, enter the directory path of the software.

Step 11

In the File Name field, enter the name of the controller software file (filename.aes).

Step 12

If you are using an FTP server, follow these steps:

  1. In the Server Login Username field, enter the username to log into the FTP server.

  2. In the Server Login Password field, enter the password to log into the FTP server.

  3. In the Server Port Number field, enter the port number on the FTP server through which the download occurs. The default value is 21.

Step 13

Click Download to download the software to the controller. A message is displayed indicating the status of the download.

Step 14

(Optional) After the download is complete, you can choose to predownload the image to your access points. For more information, see the "Predownloading an Image to an Access Point" section.

Step 15

Click Reboot to reboot the controller.

Step 16

If prompted to save your changes, click Save and Reboot.

Step 17

Click OK to confirm.

Step 18

After the controller reboots, repeat step 6 to step 16 to install the remaining file.

Step 19

If you have disabled the 802.11 networks, reenable them.

Step 20

To verify the controller software version, choose Monitor on the controller GUI and see Software Version in the Controller Summary area.


Upgrading Controller Software (CLI)

Before you begin

Before upgrading the controller software, we recommend that you consult relevant release notes for any release-specific restrictions.

Procedure


Step 1

Upload your controller configuration files to a server to back them up.

Note

 
We highly recommend that you back up your controller's configuration files prior to upgrading the controller software. Otherwise, you must manually reconfigure the controller.

Step 2

Get the controller software image by following these steps:

  1. Browse to http://www.cisco.com/cisco/software/navigator.html.

  2. Choose Wireless > Wireless LAN Controller.

    The following options are available: Integrated Controllers and Controller Modules, Mobility Express, and Standalone Controllers.

  3. Depending on your controller platform, click one of the above options.

  4. Click the controller model number or name. The Download Software page is displayed.

  5. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:

    Early Deployment (ED)—These software releases provide new features, new hardware platform support, and bug fixes.

    Maintenance Deployment (MD)—These software releases provide bug fixes and ongoing software maintenance.

    Deferred (DF)—These software releases have been deferred. We recommend that you migrate to an upgraded release.

  6. Choose a software release number.

  7. Click the filename (filename.aes).

  8. Click Download.

  9. Read Cisco’s End User Software License Agreement and then click Agree.

  10. Save the file to your hard drive.

  11. Repeat steps a through k to download the remaining file.

Step 3

Copy the controller software image (filename.aes) to the default directory on your TFTP or FTP server.

Step 4

Log onto the controller CLI.

Step 5

On the controller CLI over Telnet or SSH, enter the ping server-ip-address command to verify that the controller can contact the TFTP or FTP server.

Step 6

(Optional) Disable the 802.11 networks by entering this command:

config 802.11{a | b} disable network

Note

 
For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11 networks as a precautionary measure.

Step 7

View current download settings by entering the transfer download start command. Press n at the prompt to view the current download settings.

Step 8

Change the download settings, if necessary by entering these commands:

  • transfer download mode {tftp | ftp | sftp}

  • transfer download datatype code

  • transfer download serverip server-ip-address

  • transfer download filename filename

  • transfer download path server-path-to-file

    Note

     
    Pathnames on a TFTP or FTP server are relative to the server’s default or root directory. For example, in the case of the Solaris TFTP server, the path is “/”.

(Optional) If you are using a TFTP server, also enter these commands:

  • transfer download tftpMaxRetries retries

  • transfer download tftpPktTimeout timeout

    Note

     
    The default values of 10 retries and a 6-second timeout should work correctly without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software for the retries parameter and the amount of time (in seconds) that the TFTP server attempts to download the software for the timeout parameter.

If you are using an FTP server, also enter these commands:

  • transfer download username username

  • transfer download password password

  • (Optional) transfer download port port

    Note

     
    The default value for the port parameter is 21.

Step 9

View the current updated settings by entering the transfer download start command. Press y at the prompt to confirm the current download settings and start the software download.

Step 10

(Optional) After the download is complete, you can choose to predownload the image to your access points. For more information, see the "Predownloading an Image to an Access Point" section.

Step 11

Save the code update to nonvolatile NVRAM and reboot the controller by entering this command:

reset system

The controller completes the bootup process.

Step 12

After the controller reboots, repeat Steps 7 through 11 to install the remaining file.

Step 13

If you have disabled the 802.11 networks in Step 6, reenable them by entering this command:

config 802.11{a | b} enable network

Step 14

To verify the controller software that is installed, enter the show sysinfo command and see Product Version.

Step 15

(Optional) To verify the Cisco Unified Wireless Network Controller Boot Software file that is installed on the controller, enter the show sysinfo command on the controller CLI and see Recovery Image Version or Emergency Image Version.

Note

 
If a Cisco Unified Wireless Network Controller Boot Software ER.aes file is not installed, Recovery Image Version or Emergency Image Version show 'N/A.'

Predownloading an Image to an Access Point

To minimize network outages, you can download an upgrade image to the access point from the controller without resetting the access point or losing network connectivity. Previously, you would download an upgrade image to the controller and reset it, which causes the access point to go into discovery mode. After the access point discovers the controller with the new image, the access point downloads the new image, resets, goes into discovery mode, and rejoins the controller.

You can now download the upgrade image to the controller and then download the image to the access point while the network is still operational. You can also schedule a reboot of the controller and access points, either after a specified amount of time or at a specific date and time. When both devices are up, the access point discovers and rejoins the controller.

Concurrent Controller to AP Image Upgrade

This table lists the controllers and their maximum concurrent AP image download support.

Controller

Maximum Number of Concurrent AP Image Download Supported

Cisco 5520 Wireless Controller

1000

Cisco 8540 Wireless Controller

1000

Cisco vWLC

1000

Flash Memory Requirements on Access Points

This table lists the Cisco AP models and the minimum amount of free flash memory required for the predownload process to work:

Cisco AP

Minimum Free Flash Memory Required

3700(I/E)

16 MB

2700(I/E)

16 MB

1700(I/E)

16 MB


Note


  • The required flash memory can vary based on the radio type and the number of antennas used.

  • During the predownloading of image to APs, some APs do not have enough memory to keep the current radio firmware available. After the image has been predownloaded, these APs have the image only on flash memory and no other memory is available to host the current image or version radio firmware. The APs that have this limitation are as follows: Cisco Aironet 700, 1520, 1530, 1550, 1600, 3500, and 3600 Series APs.

    For more information about this limitation, see CSCvg41698.

  • As part of the fix for CSCvb75682, if the flash memory of Cisco Aironet 1700, 2700, and 3700 Series APs is less than 10 Mb and a recovery image is present, the backup images in these APs are deleted.


Access Point Predownload Process

The access point predownload feature works as follows:

  • The controller image is downloaded.

    • (Optional) The primary image becomes the backup image of the controller and the downloaded image becomes the new primary image. Change the current boot image as the backup image by using the config boot backup command to ensure that if a system failure occurs, the controller boots with the last working image of the controller.

    • Start the AP image predownload procedure for all joined APs or a specific AP, by entering the config ap image predownload primary {all | ap-name} command.

    • The upgrade image is downloaded as the backup image on the APs. You can verify this by using the show ap image all command.

    • Change the boot image to primary image manually using the config boot primary command and reboot the controller for the upgrade image to be activated.

      or

    • You issue a scheduled reboot with the swap keyword. The swap keyword has the following importance: The swapping occurs to the primary and backup images on the access point and the currently active image on controller with the backup image.

    • When the controller reboots, the access points are disassociated and eventually come up with an upgraded image. Once the controller responds to the discovery request sent by an access point with its discovery response packet, the access point sends a join request.

  • The actual upgrade of the images occur. The following sequence of actions occur:

    • During boot time, the access point sends a join request.

    • The controller responds with the join response with the image version that the controller is running.

    • The access point compares its running image with the running image on the controller. If the versions match, the access point joins the controller.

    • If the versions do not match, the access point compares the version of the backup image and if they match, the access point swaps the primary and backup images and reloads and subsequently joins the controller.

    • If the primary image of the access point is the same as the controller image, the access point reloads and joins the controller.

    • If none of the above conditions are true, the access point sends an image data request to the controller, downloads the latest image, reloads, and joins the controller.


Note


Normally, when upgrading the image of an AP, you can use the preimage download feature to reduce the amount of time the AP is unavailable to serve clients. However, it also increases the downtime because the AP cannot serve clients during an upgrade. The preimage download feature can be used to reduce this downtime. However, in the case of a branch office set up, the upgrade images are still downloaded to each AP over the WAN link, which has a higher latency.

A more efficient way is to use the FlexConnect AP Image Upgrade feature. When this feature is enabled, one AP of each model in the local network first downloads the upgrade image over the WAN link. For more information about FlexConnect AP upgrades, see the "FlexConnect AP Image Upgrades" chapter.


Guidelines and Restrictions for Predownloading an Image to an Access Point

  • The maximum number of concurrent predownloads is limited to half the number of concurrent normal image downloads. This limitation allows new access points to join the controller during image downloading.

  • Cisco Wave 2 APs wait for eight hours for the process of predownloading of the image to be complete before attempting a retry if the download has failed. The number of retries is limited to 64. For more information, see CSCvk62055.

  • If you reach the predownload limit, then the access points that cannot get an image sleep for a time between 180 to 600 seconds and then reattempt the predownload.

  • Before you predownload, you should change the active controller boot image to the backup image to ensure that if the controller reboots for some reason, it comes back up with the earlier running image, not the partially downloaded upgrade image.

  • When the system time is changed by using the config time command, the time set for a scheduled reset is not valid and the scheduled system reset is canceled. You are given an option either to cancel the scheduled reset before configuring the time or retain the scheduled reset and not configure the time.

  • All the primary, secondary, and tertiary controllers should run the same images as the primary and backup images. That is, the primary image of all three controllers should be X and the secondary image of all three controllers should be Y or the feature is not effective.

    Having different versions of the controller software running on primary, secondary, and tertiary controllers adds unnecessary and protracted delays to APs failing over and joining the other available controllers in an N+1 setup. This is due to the APs being forced to download different image versions when failing over to a secondary or tertiary controller, and joining back to their primary controller when it is available.

  • At the time of the reset, if any AP is downloading the controller image, the scheduled reset is canceled. The following message appears with the reason why the scheduled reset was canceled:
    
    %OSAPI-3-RESETSYSTEM_FAILED: osapi_task.c:4458 System will not reset 
    as software is being upgraded.
    
  • If you upgrade from 8.2 to 8.4 release, the predownload process on Cisco AP1700, AP2700, or AP3700 fails with the following error message:

    Not enough free space to download.

    After the controller is reloaded with 8.4, the backup image version still shows up as 3.0.

  • If an AP is in the process of downloading a software image, the status of the download is not shown on the controller CLI. During the image download process, any configuration performed on the AP via the controller CLI is not applied. Therefore, we recommend that you do not perform any configuration on the AP via the controller CLI if an image download on the AP is in progress.

Predownloading an Image to Access Points—Global Configuration (GUI)

To predownload an image to the APs, you must perform the following steps after upgrading your controller software image and before you reboot the controller for the new image to take effect.

Procedure


Step 1

To configure the predownloading of access point images globally, choose Wireless > Access Points > Global Configuration to open the Global Configuration page.

Step 2

In the AP Image Pre-download section, perform one of the following:

  • To instruct all the access points to predownload a primary image from the controller, click Download Primary under the AP Image Pre-download.

  • To instruct all the access points to swap their primary and backup images, click Interchange Image.

  • To download an image from the controller and store it as a backup image, click Download Backup.

  • To terminate the predownload operation, click Abort Predownload.

Step 3

Click OK.

Step 4

Click Apply.


Predownloading an Image to Access Points (CLI)

To predownload an image to the APs, you must perform the following steps after upgrading your controller software image and before you reboot the controller for the new image to take effect.

Procedure


Step 1

Specify APs that will receive the predownload image by entering one of these commands:

  • Specify APs for predownload by entering this command:

    config ap image predownload {primary | backup} {ap_name | all}

    The primary image is the new image; the backup image is the existing image. APs always boot with the primary image.

  • Swap an AP’s primary and backup images by entering this command:

    config ap image swap {ap_name | all}

  • Display detailed information on APs specified for predownload by entering this command:

    show ap image {all | ap-name}

The output lists APs that are specified for predownloading and provides for each AP, primary and secondary image versions, the version of the predownload image, the predownload retry time (if necessary), and the number of predownload attempts. The output also includes the predownload status for each device. The status of the APs is as follows:

  • None—The AP is not scheduled for predownload.

  • Predownloading—The AP is predownloading the image.

  • Initiated—The AP is waiting to get the predownload image because the concurrent download limit has been reached.

  • Failed—The AP has failed 64 predownload attempts.

  • Complete—The AP has completed predownloading.

Step 2

Set a reboot time for the controller and the APs.

Use one of these commands to schedule a reboot of the controller and APs:

  • Specify the amount of time delay before the devices reboot by entering this command:

    reset system in HH:MM:SS image {swap | no-swap} reset-aps [save-config]

    Note

     

    The swap operand in the reset command will result in the swapping of the primary and backup images on both the controller and the AP and sets the default flag on the next controller reboot.

    The controller sends a reset message to all joined APs, and then the controller resets.

  • Specify a date and time for the devices to reboot by entering this command:

    reset system at YYYY-MM-DD HH:MM:SS image {swap | no-swap} reset-aps [save-config]

    The controller sends a reset message to all joined APs, and then the controller resets.

    Note

     
    The swap operand in the reset command will result in the swapping of the primary and backup images on both the controller and the AP.
  • (Optional) Set up an SNMP trap message that announces the upcoming reset by entering this command:

    reset system notify-time minutes

    The controller sends the announcement trap the configured number of minutes before the reset.

  • Cancel the scheduled reboot by entering this command:

    reset system cancel

    Note

     
    If you configure reset times and then use the config time command to change the system time on the controller, the controller notifies you that any scheduled reset times will be canceled and must be reconfigured after you set the system time.

Use the show reset command to display scheduled resets.

Information similar to the following appears:


System reset is scheduled for Apr 08 01:01:01 2010.
Current local time and date is Apr 07 02:57:44 2010.
A trap will be generated 10 minutes before each scheduled system reset.
Use 'reset system cancel' to cancel the reset.
Configuration will be saved before the system reset.


Bootloader and Recovery Image

The controller, by default, maintains two software images: a primary image and a backup image. The primary image is the active image used by the controller and the backup image is used as a backup for the primary (active) image.

The controller bootloader (ppcboot) stores a copy of the primary (active) image and the backup image. If the primary image is corrupted, you must use the bootloader to boot with the backup image.

You can change the active image using either of the following two methods:

  • Assuming that the controller has a valid backup image, reboot the controller. During the boot process on the controller, press Esc key to see additional options. You are prompted to choose an option from the following:

    1. Run primary image

    2. Run backup image

    3. Manually upgrade primary image

    4. Change active boot image

    5. Clear configuration

    Choose Option 4: Change active boot image from the boot menu to set the backup image as the active boot image. The controller, when rebooted, boots with the new active image.

  • You can also manually change the active booti image of the controller using the config boot {primary | backup} command.

    Each controller can boot off the primary, previously loaded OS image or boot off the backup image, an OS image that was loaded earlier. To change the controller boot option, use the config boot command. By default, the primary image on the controller is chosen as the active image.


Note


To properly use the bootloader menu, you must have a console connection.


Configuring Boot Order (GUI)

Procedure


Step 1

Choose Commands > Config Boot to navigate to the Config Boot Image page, which displays the primary and backup images presently available on the controller and also indicates the current image in use.

Step 2

From the Image drop-down list, choose the image to be used as the active image.

Step 3

Save the configuration and reboot the controller.


  • The controller, when rebooted, boots with the image that you chose.

  • When you upgrade the controller with the new image, the controller automatically writes the new image as the primary image and the previously existing primary image is written over the backup image.


    Note


    The previously existing backup image will be lost.


  • On the controller GUI, to see the active image that the controller is currently using, choose Monitor > Summary to navigate to the Summary page and see the Software Version field.

    On the controller CLI, use the show boot command to view the primary and backup image present on the controller.

Recovering an Access Point Using TFTP

The recovery image provides a backup image that can be used if an AP power-cycles during an image upgrade. The best way to avoid the need for AP recovery is to prevent an AP from power-cycling during a system upgrade. If a power-cycle occurs during an upgrade to an oversized AP image, you can recover the AP using the following TFTP recovery procedure.

Note


IPv6 is not supported in AP recovery images.

Procedure


Step 1

Download the required recovery image from Cisco.com and install it in the root directory of your TFTP server.

Step 2

Connect the TFTP server to the same subnet as the target access point and power-cycle the access point. The access point boots from the TFTP image and then joins the controller to download the oversized access point image and complete the upgrade procedure.

Step 3

After the access point has been recovered, you can remove the TFTP server.