使用TFTP和SFTP服务器升级非同构EWC网络中的AP

简介

本文档详细介绍使用TFTP和SFTP服务器的非同构EWC网络的接入点映像下载过程。

先决条件

要求

Cisco 建议您了解以下主题：

• AP加入过程的将军。
• Catalyst 9100系列AP上的嵌入式无线局域网控制器。
• TFTP文件传输。
• SFTP文件传输
• Linux命令行界面用法。

使用的组件

本文档中的信息基于以下软件和硬件版本：

• Catalyst 9120AXI AP中的嵌入式Catalyst 9800 WLC，Cisco IOS® XE Cupertino 17.9.3。
• Catalyst 9105AXI接入点。
• TFTPD-64版本4.64。
• TFTPD-HPA Linux程序包。
• SSH Linux程序包

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

背景信息.

当其他接入点加入网络时，充当EWC的接入点只能向其他接入点提供自己的AP映像类型。如果您的网络包含非同构部署（AP来自与充当EWC的AP不同的映像），则需要部署TFTP或SFTP服务器，并在其中托管AP映像，以便AP从那里下载该映像。

配置

网络图

网络图

通过TFTP下载映像

TFTPD-64 (Windows)

TFTPD-64是众所周知的免费开源(FOSS)实用程序，包含TFTP功能。要下载和安装，请参阅其网站。

确保将AP捆绑包映像解压缩到TFTP服务器的适当文件夹中。

TFTP文件夹中的解压文件

一旦AP开始从TFTP服务器下载其映像，就会显示一个TFTP弹出窗口并详细显示映像传输进度。

TFTPD-64文件传输进度

TFTPD-HPA (Linux)

TFTPD-HPA是一个基本的、众所周知的软件包，可以从APT存储库获得。有关详细信息，请参阅Ubuntu的TFTP文档。

确保您的TFTP配置已充分指向您的TFTP文件夹，并且AP捆绑包映像已解压。

Ubuntu中的TFTP配置和解压缩文件

默认情况下您可以在Ubuntu上跟踪/var/lib/syslog中记录的映像传输过程。

Ubuntu上的TFTP文件传输日志

WLC 配置

在WLC的GUI中，转到Administration > Software Management > Software Upgrade。在Mode下的下拉列表中选择TFTP并提供您的TFTP服务器信息。

选择Save 保存映像下载配置文件，并为加入EWC网络的新AP启用映像下载，或单击Save & Download立即在所有AP（包括EWC的AP）上触发下载过程。

用于软件升级的TFTP配置

CLI 配置：

9120-EWC(config)#wireless profile image-download default
9120-EWC(config-wireless-image-download-profile)#image-download-mode tftp
9120-EWC(config-wireless-image-download-profile)#tftp-image-server <TFTP-server>
9120-EWC(config-wireless-image-download-profile-tftp)#tftp-image-path <path>

通过SFTP下载映像

SFTP服务器(Linux)

由于SFTP通过SSH工作，因此您可以使用Linux的SSH软件包在Linux中配置简单的SFTP服务器。

确保在/etc/ssh/ssh_config文件中提供足够的SFTP配置。根据需要将用户（或组）的权限添加到SFTP目录，并在所需路径中解压缩AP捆绑包映像文件。

Ubuntu中的SFTP配置

与Linux中的TFTP服务器类似，您还可以跟踪SFTP活动。默认情况下，日志配置为存储在/var/log/auth.log中。确保根据需要添加日志级别配置。

Ubuntu中的SFTP日志活动和配置。

WLC 配置

在WLC的GUI中，转到Administration > Software Management > Software Upgrade。在Mode下的下拉列表中选择SFTP并提供您的STFTP服务器的信息和凭证。

选择Save 保存映像下载配置文件，并为加入EWC网络的新AP启用映像下载，或单击Save & Download立即在所有AP（包括EWC的AP）上触发下载过程。

GUI中的SFTP配置

CLI 配置：

9120-EWC(config)#wireless profile image-download default
9120-EWC(config-wireless-image-download-profile)#image-download-mode sftp
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-image-server <SFTP-Server>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-image-path <path>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-username <user>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-password 0 <password>

验证

CAPWAP状态机按照您通常期望的方式登录其他AP映像下载过程的AP流。

[*01/30/2024 21:41:35.1120] CAPWAP State: Image Data
[*01/30/2024 21:41:35.1130] AP image version 17.3.3.26 backup 8.10.130.0, Controller 17.9.4.27
[*01/30/2024 21:41:35.1130] Version does not match.
[*01/30/2024 21:41:35.1130] Request to close the file..
[*01/30/2024 21:41:35.1130] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:41:35.2040] status 'upgrade.sh: Script called with args:[PRECHECK]'
[*01/30/2024 21:41:35.3020] do PRECHECK, part2 is active part
[*01/30/2024 21:41:35.3350] status 'upgrade.sh: Cleanup tmp files ...'
[*01/30/2024 21:41:35.4620] status 'upgrade.sh: /tmp space: OK available 96064, required 50000 '
[*01/30/2024 21:41:35.4630] wtpOpenImgFile: request ap1g8, local /tmp/part.tar
[*01/30/2024 21:41:35.4630] wtpOpenImgFile: open (/tmp/part.tar) image file success
[*01/30/2024 21:41:35.4630] Using fd(37559296) for image writing to file(/tmp/part.tar)
[*01/30/2024 21:41:35.4650] Image Data Request sent to 172.16.4.26, fileName [ap1g8], replicaStatus 1
[*01/30/2024 21:41:35.4690] Image Data Response from 172.16.4.26
[*01/30/2024 21:41:35.4690] AC accepted previous sent request with result code: 0
[*01/30/2024 21:41:35.4760] <.......................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:41:50.6190] ...........
[*01/30/2024 21:41:54.7060] ..............................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:14.0820] ....
[*01/30/2024 21:42:15.5860] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:15.6430] .............................................
[*01/30/2024 21:42:34.2800] ...............................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:46.0420] ...................
[*01/30/2024 21:42:53.0610] ..................................................
[*01/30/2024 21:43:11.6480] ......> 70512640 bytes, 51208 msgs, 601 last
[*01/30/2024 21:43:13.3940] Last block stored, IsPre 0, WriteTaskId 0
[*01/30/2024 21:43:13.3940] Request to close the file..
[*01/30/2024 21:43:13.3940] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:43:13.3940] Image transfer completed from WLC, last 1
[*01/30/2024 21:43:13.3940] Request to close the file..
[*01/30/2024 21:43:13.3940] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:43:13.3950] in (CAPWAP_MSGELE_IMAGE_DATA_msg_dec_cb) Enabling radCfg.is_oob_image_dnld_supported 
[*01/30/2024 21:43:13.4190] wtp_delayed_event_handle_write_image_to_storage(10): fileName ap1g8, pre 0
[*01/30/2024 21:43:13.4190] wtp_delayed_event_handle_write_image_to_storage(10): fileName ap1g8, pre 0
[*01/30/2024 21:43:13.5110] status 'upgrade.sh: Script called with args:[PREDOWNLOAD]'
[*01/30/2024 21:43:13.6100] do PREDOWNLOAD, part2 is active part
[*01/30/2024 21:43:13.6420] status 'upgrade.sh: Creating before-upgrade.log'
[*01/30/2024 21:43:13.6990] status 'upgrade.sh: Start doing upgrade arg1=PREDOWNLOAD arg2= arg3= ...'
[*01/30/2024 21:43:13.8610] status 'upgrade.sh: Using image /tmp/part.tar on ax-bcm32 ...'
[*01/30/2024 21:43:20.9990] status 'Image signing verify success.'

在WLC Syslog中，镜像下载标记为成功。

*Feb 1 17:05:37.108: %INSTALL-5-INSTALL_COMPLETED_INFO: Chassis 1 R0/0: install_engine: Completed install add sftp://******@172.16.5.62/Documents/sftp_files/EWC_17_9_4a/ap3g3
*Feb 1 17:07:00.720: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-POD-2-2 Mac: 2c5a.0f40.6920 Session-IP: 172.16.4.33[5248] 172.16.4.26[5246] Disjoined Image Download Success

AP映像下载

启动升级流程后，您可以在EWC上使用“show ap image”命令跟踪AP映像预下载流程。一旦所有AP完成下载映像，您就可以在AP的备份映像中看到目标映像。

9120-EWC#show ap image
Total number of APs  : 3

Number of APs
        Initiated                  : 0
        Downloading                : 0
        Predownloading             : 0
        Completed downloading      : 0
        Completed predownloading   : 3
        Not Supported              : 0
        Failed to Predownload      : 0
        Predownload in progress    : No

AP Name                           Primary Image          Backup Image            Predownload Status   Predownload Version  Next Retry Time   Retry Count   Method
------------------------------------------------------------------------------------------------------------------------------------------------------------------
AP-POD-2-2                        17.9.4.27              17.12.1.5                  Complete              17.12.1.5             0                 0                 CAPWAP
AP6C41.0E16.E79C                  17.9.4.27              17.12.1.5                  Complete              17.12.1.5             0                 0                 CAPWAP
9105-emorenoa                     17.9.4.27              17.12.1.5                  Complete              17.12.1.5             0                 0                 CAPWAP

或者，在GUI中，进度条到达Activate阶段，此时仅需要重新加载才能将EWC交换为新代码。

EWC Web UI升级进度条

下面EWC显示AP的预下载状态。

EWC Web UI AP映像预下载状态

故障排除

在AP映像下载过程中，您会在AP的CAPWAP状态机日志中看到下载无法启动。

[*07/12/2023 07:41:00.7960] CAPWAP State: Image Data
[*07/12/2023 07:41:00.7970] AP image version 17.3.3.26 backup 8.10.130.0, Controller 17.9.4.27
[*07/12/2023 07:41:00.7970] Version does not match.
[*07/12/2023 07:41:00.8580] upgrade.sh: Script called with args:[PRECHECK]
[*07/12/2023 07:41:00.9540] do PRECHECK, part2 is active part
[*07/12/2023 07:41:01.0070] upgrade.sh: /tmp space: OK available 101272, required 40000 
[*07/12/2023 07:41:01.0080] wtpImgFileReadRequest: request ap1g8, local /tmp/part.tar
[*07/12/2023 07:41:01.0100] Image Data Request sent to 172.16.4.26, fileName [ap1g8], slaveStatus 0
[*07/12/2023 07:41:01.0140] Image Data Response from 172.16.4.26
[*07/12/2023 07:41:01.0140] AC accepted join request with result code: 0
[*07/12/2023 07:41:09.5930] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*07/12/2023 07:41:28.7700] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*07/12/2023 07:41:29.7500] 
[*07/12/2023 07:41:29.7500] Going to restart CAPWAP (reason : image download cannot start)...
[*07/12/2023 07:41:29.7500] 
[*07/12/2023 07:41:29.7570] Restarting CAPWAP State Machine.
[*07/12/2023 07:41:29.7600] Image Data Request sent to 172.16.4.26, fileName [ap1g8], slaveStatus 1
[*07/12/2023 07:41:29.7970] 
[*07/12/2023 07:41:29.7970] CAPWAP State: DTLS Teardown
[*07/12/2023 07:41:29.8330] Aborting image download(0x0): Dtls cleanup, ap1g8
[*07/12/2023 07:41:29.9560] upgrade.sh: Script called with args:[ABORT]
[*07/12/2023 07:41:30.0570] do ABORT, part2 is active part
[*07/12/2023 07:41:30.1050] upgrade.sh: Cleanup tmp files ...
[*07/12/2023 07:41:30.1590] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).

要了解AP无法下载映像的原因，可以检查EWC中的系统日志。由于到TFTP和SFTP服务器的指定路径错误（正确反映在日志中），经常会看到失败的映像下载：

对于SFTP：

*Feb 1 20:29:14.108: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:29:17.325: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6
*Feb 1 20:29:25.730: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6, Error: Failed to download file sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6: No such file or directory

对于TFTP：

*Feb 1 20:52:08.742: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:52:11.894: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add tftp://172.16.5.27/Wrong-Path/ap1g6
*Feb 1 20:52:13.977: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package tftp://172.16.5.27/Wrong-Path/ap1g6, Error: Failed to download file tftp://172.16.5.27/Wrong-Path/ap1g6: No such file or directory

确保AP和EWC可以访问您的TFTP或SFTP服务器。否则，在EWC系统日志中会看到超时日志。

*Feb 1 20:55:03.359: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:55:06.512: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add tftp://172.16.5.199/EWC/17_9_4a/ap1g6
*Feb 1 20:55:46.579: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package tftp://172.16.5.199/EWC/17_9_4a/ap1g6, Error: Failed to download file tftp://172.16.5.199/EWC/17_9_4a/ap1g6: Timed out

相关信息

• Catalyst接入点上的思科嵌入式无线控制器(EWC)白皮书
• Catalyst接入点产品手册中的思科嵌入式无线控制器
• Catalyst接入点上的思科嵌入式无线控制器常见问题
• 了解Catalyst 9800 WLC的AP加入过程
• Cisco Catalyst 9800系列无线局域网控制器、Cisco IOS XE的发行版本注释