Efficient Image Upgrade

Efficient Image Upgrade

Efficient Image upgrade is an optimized method of predownloading images to FlexConnect APs. For each Site Tag with FlexConnect APs joined, one AP per model in that Site Tag is selected as the primary AP, and downloads its image from the controller through the WAN link. Once the primary AP has the downloaded image, the APs in that Site Tag start downloading the image from the primary AP, via TFTP. At most three subordinate APs can download simultaneously from the primary. This reduces load on the WAN link.


Note

Make sure that all APs joined via a Site Tag are at the same location, before enabling this feature.

Enable Pre-Download (GUI)

Procedure

Step 1

Choose Configuration > Wireless > Access Points.

Step 2

In the Access Points page, expand the All Access Points section and click the name of the AP to edit.

Step 3

In the Edit AP page, click the Advanced tab and from the AP Image Management section, click Predownload.

Step 4

Click Update & Apply to Device.

Enable Pre-Download (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters the global configuration mode.

Step 2

wireless profile flex flex-profile

Example:

Device(config)# wireless profile flex rr-xyz-flex-profile

Configures a flex profile and enters the flex profile configuration mode.

Step 3

predownload

Example:

Device(config-wireless-flex-profile)# predownload

Enables predownload of the image.

Step 4

end

Example:

Device(config-wireless-flex-profile)# end

Exits the configuration mode and returns to privileged EXEC mode.

Configuring a Site Tag (CLI)

Follow the procedure given below to configure a site tag:

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless tag site site-name

Example:

Device(config)# wireless tag site rr-xyz-site

Configures a site tag and enters site tag configuration mode.

Step 3

flex-profile flex-profile-name

Example:

Device(config-site-tag)# flex-profile rr-xyz-flex-profile

Configures a flex profile.

Note

 

You cannot remove the flex profile configuration from a site tag if local site is configured on the site tag.

Note

 

The no local-site command needs to be used to configure the Site Tag as Flexconnect, otherwise the Flex profile config does not take effect.

Step 4

description site-tag-name

Example:

Device(config-site-tag)# description "default site tag"

Adds a description for the site tag.

Step 5

end

Example:

Device(config-site-tag)# end

Saves the configuration and exits configuration mode and returns to privileged EXEC mode.

Step 6

show wireless tag site summary

Example:

Device# show wireless tag site summary

(Optional) Displays the number of site tags.

Note

 

To view detailed information about a site, use the show wireless tag site detailed site-tag-name command.

Note

 

The output of the show wireless loadbalance tag affinity wncd wncd-instance-number command displays default tag (site-tag) type, if both site tag and policy tag are not configured.

Attaching Policy Tag and Site Tag to an AP (CLI)

Follow the procedure given below to attach a policy tag and a site tag to an AP:

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

ap mac-address

Example:

Device(config)# ap F866.F267.7DFB

Configures a Cisco AP and enters AP profile configuration mode.

Note

 

The mac-address should be a wired mac address.

Step 3

policy-tag policy-tag-name

Example:

Device(config-ap-tag)# policy-tag rr-xyz-policy-tag

Maps a policy tag to the AP.

Step 4

site-tag site-tag-name

Example:

Device(config-ap-tag)# site-tag rr-xyz-site

Maps a site tag to the AP.

Step 5

rf-tag rf-tag-name

Example:

Device(config-ap-tag)# rf-tag rf-tag1

Associates the RF tag.

Step 6

end

Example:

Device(config-ap-tag)# end

Saves the configuration, exits configuration mode, and returns to privileged EXEC mode.

Step 7

show ap tag summary

Example:

Device# show ap tag summary

(Optional) Displays AP details and the tags associated to it.

Step 8

show ap name <ap-name> tag info

Example:

Device# show ap name ap-name tag info

(Optional) Displays the AP name with tag information.

Step 9

show ap name <ap-name> tag detail

Example:

Device# show ap name ap-name tag detail

(Optional) Displays the AP name with tag details.

Trigger Predownload to a Site Tag

Follow the procedure given below to trigger image download to the APs:

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device> configure terminal

Enters the privileged EXEC mode.

Step 2

ap image predownload site-tag site-tag start

Example:

Device# ap image predownload site-tag rr-xyz-site start

Instructs the primary APs to start image predownload.

Step 3

show ap master list

Example:

Device# show ap master list

Displays the list of primary APs per AP model per site tag.

Step 4

show ap image

Example:

Device# show ap image

Displays the predownloading state of primary and subordinate APs .

Note

 

To check if Flexefficient image upgrade is enabled in the AP, use the show capwap client rcb command on the AP console.

The following sample outputs display the functioning of the Efficient Image Upgrade feature:

The following output displays the primary AP. 

Device# show ap master list
AP Name                        WTP Mac          AP Model          Site Tag       
-----------------------------------------------------------------------------------------
AP0896.AD9D.3124               f80b.cb20.2460   AIR-AP2802I-D-K9 ST1

The following output shows that the primary AP has started predownloading the image. 

Device# show ap image
Total number of APs: 6
 
AP Name             Primary Image   Backup Image  Predownload Status   Predownload Version  Next Retry Time   Retry Count
--------------------------------------------------------------------------------------------------------------------------
APE00E.DA99.687A    16.6.230.37     0.0.0.0       None                 0.0.0.0              N/A               0
AP188B.4500.4208    16.6.230.37     8.4.100.0     None                 0.0.0.0              N/A               0
AP188B.4500.4480    16.6.230.37     0.0.0.0       None                 0.0.0.0              N/A               0
AP188B.4500.5E28    16.6.230.37     16.4.230.35   None                 0.0.0.0              N/A               0
AP0896.AD9D.3124    16.6.230.37     8.4.100.0     Predownloading       16.6.230.36          0                 0
AP2C33.1185.C4D0    16.6.230.37     8.4.100.0     None                 0.0.0.0              N/A               0

The following output shows that the primary AP has completed predownload and the predownload has been initiated in the subordinate AP. 

Device# show ap image

Total number of APs: 6
AP Name             Primary Image   Backup Image  Predownload Status   Predownload Version  Next Retry Time   Retry Count
--------------------------------------------------------------------------------------------------------------------------
APE00E.DA99.687A    16.6.230.37     0.0.0.0       Initiated            16.6.230.36          N/A               0
AP188B.4500.4208    16.6.230.37     8.4.100.0     None                 0.0.0.0              N/A               0
AP188B.4500.4480    16.6.230.37     0.0.0.0       None                 0.0.0.0              N/A               0
AP188B.4500.5E28    16.6.230.37     16.4.230.35   None                 0.0.0.0              N/A               0
AP0896.AD9D.3124    16.6.230.37     8.4.100.0     Complete             16.6.230.36          0                 0
AP2C33.1185.C4D0    16.6.230.37     8.4.100.0     Initiated            16.6.230.36          0                 0

The following output shows image status of a particular AP.

Device# show ap name APe4aa.5dd1.99b0 image 
AP Name : APe4aa.5dd1.99b0
Primary Image : 16.6.230.46
Backup Image : 3.0.51.0
Predownload Status : None
Predownload Version : 000.000.000.000
Next Retry Time : N/A
Retry Count : 0

The following output shows predownload completion on all APs. 

Device# show ap image
Total number of APs: 6
 
Number of APs
        Initiated                  : 0
        Predownloading             : 0
        Completed predownloading   : 3
        Not Supported              : 0
        Failed to Predownload      : 0

AP Name             Primary Image   Backup Image  Predownload Status   Predownload Version  Next Retry Time   Retry Count
--------------------------------------------------------------------------------------------------------------------------
APE00E.DA99.687A    16.6.230.37     16.6.230.36   Complete            16.6.230.36           N/A               0
AP188B.4500.4208    16.6.230.37     8.4.100.0     None                0.0.0.0               N/A               0
AP188B.4500.4480    16.6.230.37     0.0.0.0       None                0.0.0.0               N/A               0
AP188B.4500.5E28    16.6.230.37     16.4.230.35   None                0.0.0.0               N/A               0
AP0896.AD9D.3124    16.6.230.37     16.6.230.36   Complete            16.6.230.36           0                 0
AP2C33.1185.C4D0    16.6.230.37     16.6.230.36   Complete            16.6.230.36           0                 0

Feature History for Out-of-Band AP Image Download

This table provides release and related information for the feature explained in this module.

This feature is available in all the releases subsequent to the one in which it is introduced in, unless noted otherwise.

Table 1. Feature History for Out-of-Band AP Image Download

Release

Feature

Feature Information

Cisco IOS XE Dublin 17.11.1

Out-of-Band AP Image Download

The AP image upgrade method is enhanced to make the upgrades faster and more flexible.

Information About Out-of-Band AP Image Download

In WLAN deployments, the APs gather their software image and configuration from the controller (in-band) during the join, predownload, and upgrade phases over the CAPWAP control path. This mechanism has limitations in the context of CAPWAP window size, processing of CAPWAP packets, and parallel image downloads. With image upgrade being a significant activity in the lifecycle of APs, upgrades become a time-consuming activity when the deployment size increases, especially for remote deployments, because the image always comes from the controller, irrespective of the deployment types.

To make upgrades faster and more flexible, the AP image upgrade method is enhanced in Cisco IOS XE Dublin 17.11.1 release. An enhanced webserver (nginx) running on the controller helps the AP image downloads to be available out of the CAPWAP path (out of band).

Note

  • HTTPS configuration done at the global level applies to all the APs joining the controller.

  • When AP image download over an Out-of-Band method fails, the download falls back to the CAPWAP method, as a result of which the APs will not be stranded.

  • AP image download over HTTPS may fail if the HTTPS server Trustpoint has a chain of CA certificates.

  • Before you downgrade from Cisco IOS XE Dublin 17.11.1 to an earlier version, ensure that the Out-of-Band AP Image Download feature is disabled, as it is not supported in previous releases.

Restrictions for Out-of-Band AP Image Download

This feature is not supported on the following platforms:

  • Cisco Embedded Wireless Controller on Catalyst Access Points

  • Cisco Embedded Wireless Controller on Catalyst Switches

  • Cisco Wave 1 Access Points

Download AP Image from Controller Using HTTPS (CLI)

Before you begin

  • HTTPS configuration must be enabled.

  • The ngnix server must be running on the controller. Use the show platform software yang-management process command to check whether the ngnix server is running.

  • The custom-configured port must be reachable between the controller and the corresponding AP.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters the global configuration mode.

Step 2

ap upgrade method https

Example:

Device(config)# ap upgrade method https

Configures the corresponding AP to download the image over HTTPS from the controller if the AP supports out-of-band AP image download method.

You can check whether the AP supports efficient download method using the show ap config general command.

Use the no form of this command to disable out-of-band AP image download method.

Step 3

ap file-transfer https port port_number

Example:

Device(config)# ap file-transfer https port 8445

Configures a custom port for image download from the nginx server running on the controller.

For HTTPS port, the valid values range from 0 to 65535, with a default of 8443. You cannot use port 443 for AP file transfers because it is the default port used for other HTTPS requests. Also, avoid configuring standard and well-known ports because the configuration may fail.

By default, the Efficient AP image download feature uses port 8443 for HTTPS. If the same port is configured for HTTPS access for controller GUI, then GUI access will not work. In such instances, use a port number other than 8443 for controller GUI Access or configure a different port for AP file transfer over HTTPS instead of 8443.

The port 8443 is customazible. A sample config is given below:

Source= wireless controller
Destination= Access Point
Protocol=HTTPS
Destination Port=8443
Source Port=any
Description= "Out of Band AP Image Download"

Step 4

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Download AP Image from Controller Using HTTPS (GUI)

Procedure

Step 1

Choose Configuration > Wireless > Wireless Global.

Step 2

In the AP Image Upgrade section, enable the HTTPS Method to allow image download on APs from the controller, over HTTPS. This out-of-band file transfer is an efficient method for AP image upgrade.

Note

 

The AP should support out-of-band image download. You can verify this in the Configuration > Wireless > Access Points window. Select the AP, and in the Edit AP > Advanced tab, view the details of the support in the AP Image Management section.

Step 3

Enter the HTTPS Port to designate AP file transfers on that port. Valid values range from 0 to 65535, with the default being 8443. Note that you cannot use port 443 for AP file transfers because that is the default port for other HTTPS requests.

By default, the Efficient AP image download feature uses port 8443 for HTTPS. If the same port is configured for HTTPS access for controller GUI, then GUI access will not work. In such instances, use a port number other than 8443 for controller GUI Access or configure a different port for AP file transfer over HTTPS instead of 8443.

Step 4

Click Apply to Device to save the configuration.

Verifying Image Upgrade

To check whether an AP supports efficient download method, use the following command:

Device# show ap config general

Cisco AP Name : AP002C.C862.E880
=================================================

Cisco AP Identifier : 002c.c88b.0300
Country Code : Multiple Countries : IN,US
Regulatory Domain Allowed by Country : 802.11bg:-A 802.11a:-ABDN
AP Country Code : US - United States
AP Regulatory Domain
802.11bg : -A
AP Upgrade Out-Of-Band Capability : Enabled
AP statistics : Disabled

To view the AP image download statistics, use the following command.

Use the show ap image command to see the detailed output. 

Device# show ap image summary

Total number of APs  : 1
Number of APs 
        Initiated                  : 0
        Downloading                : 0
        Predownloading             : 0
        Completed downloading      : 0
        Completed predownloading   : 0
        Not Supported              : 0
        Failed to Predownload      : 0
        Predownload in progress    : No

To view the method used to download the AP image, use the following command:

Device# show wireless stats ap image-download

AP image download info for last attempt
AP Name  Count ImageSize StartTime         EndTime            Diff(secs) Predownload Aborted  Method 
-----------------------------------------------------------------------------------------------------
mysore1  1     40509440  08/23/21 22:17:59 08/23/21 22:19:06  67         No          No       CAPWAP

To view the method used to download the AP image, use the following command:

Device# show ap upgrade method 

AP upgrade method HTTPS : Disabled

To view the port used for the AP image transfer, use the following command:

Device# show ap file-transfer https summary 
 

       Configured port                 : 8443
       Operational port                : 8443

!If different ports are shown under 'Configured port' and 'Operations port' 
!that means custom port configuration has failed and is continuing with the previous port. 
!The failure reason could be the input port, which is a well-known port and already in use.

To view the whether an AP supports image download over HTTPS, use the following command:

Device# show ap name AP2800 config general | sec Upgrade

AP Upgrade Out-Of-Band Capability               : Enabled

To view the detailed output an AP's pre-image, use the following command:

Device# show ap image

Total number of APs  : 2
Number of APs 
        Initiated                  : 0
        Downloading                : 0
        Predownloading             : 0
        Completed downloading      : 2
        Completed predownloading   : 0
        Not Supported              : 0
        Failed to Predownload      : 0
        Predownload in progress    : No
AP Name    Primary Image Backup Image Predownload Status Predownload Version Next Retry Time Retry Count Method
--------------------------------------------------------------------------------------------------------------------
AP_3800_1  17.11.0.69    17.11.0.71   None               0.0.0.0             N/A             0           HTTPS
AP2800     17.11.0.69    17.11.0.71   None               0.0.0.0             N/A             0           HTTPS

!The 'method' column indicates the download method used by the AP.