使用TFTP和SFTP伺服器升級非同構EWC網路中的AP
簡介
本文檔詳細介紹使用TFTP和SFTP伺服器的非同類EWC網路的存取點映像下載過程。
必要條件
需求
思科建議您瞭解以下主題:
- AP的將軍們加入進程。
- Catalyst 9100系列AP上的嵌入式無線區域網控制器。
- TFTP檔案傳輸。
- SFTP檔案傳輸
- Linux命令列介面用法。
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Catalyst 9120AXI AP中的嵌入式Catalyst 9800 WLC,Cisco IOS® XE Cupertino 17.9.3。
- Catalyst 9105AXI AP。
- TFTPD-64版本4.64。
- TFTPD-HPA Linux程式包。
- SSH Linux軟體套件
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊.
充當EWC的存取點只能在加入網路時向其他存取點提供自己的AP映像型別。如果您的網路包含非同質部署(AP的映像與充當EWC的AP不同),則需要部署TFTP或SFTP伺服器,並且在該處承載AP映像,以便AP從該處下載該映像。
注意:這僅適用於從網路內部本地下載映像的AP映像升級進程。AP還可以透過CCO升級直接從網際網路下載映像。
設定
網路圖表
網路圖表
透過TFTP下載映像
TFTPD-64 (Windows)
TFTPD-64是公認的免費開源(FOSS)實用程式,包括TFTP功能。要下載和安裝,請參閱其網站。
確保將AP捆綁包映像解壓縮到TFTP伺服器的適當資料夾中。
TFTP資料夾中的解壓縮檔案
一旦AP開始從TFTP伺服器下載其映像,就會顯示來自TFTP的彈出窗口,並詳細顯示映像傳輸進度。
TFTPD-64檔案傳輸進度
TFTPD-HPA (Linux)
TFTPD-HPA是一個基本的、眾所周知的軟體套件,可以從APT資料庫獲取。有關詳細資訊,請參閱Ubuntu的TFTP文檔。
確保您的TFTP配置已充分指向TFTP資料夾,並且AP捆綁包映像已解壓縮。
Ubuntu中的TFTP配置和解壓縮檔案
您可以跟蹤預設情況下在Ubuntu上的/var/lib/syslog中記錄的映像傳輸過程。
Ubuntu上的TFTP檔案傳輸日誌
WLC配置
在WLC的GUI中,轉到Administration > Software Management > Software Upgrade。在Mode下的下拉選單中選擇TFTP並提供TFTP伺服器的資訊。
選擇儲存以儲存映象下載配置檔案,並為加入EWC網路的新AP啟用映象下載,或按一下儲存並下載以立即觸發所有AP(包括EWC的AP)上的下載過程。
用於軟體升級的TFTP配置
CLI配置:
9120-EWC(config)#wireless profile image-download default
9120-EWC(config-wireless-image-download-profile)#image-download-mode tftp
9120-EWC(config-wireless-image-download-profile)#tftp-image-server <TFTP-server>
9120-EWC(config-wireless-image-download-profile-tftp)#tftp-image-path <path>
透過SFTP下載映像
SFTP伺服器(Linux)
由於SFTP透過SSH工作,因此您可以使用Linux的SSH軟體套件在Linux中配置一個簡單的SFTP伺服器。
確保在/etc/ssh/ssh_config檔案中為SFTP提供充足的配置。根據需要將使用者(或組)的許可權增加到SFTP目錄,並將AP捆綁包映像檔案解壓縮到所需的路徑中。
Ubuntu中的SFTP配置
與Linux中的TFTP伺服器類似,您還可以跟蹤SFTP活動。預設情況下,日誌配置為儲存在/var/log/auth.log中。確保根據需要增加日誌級別配置。
Ubuntu中的SFTP日誌活動和配置。
注意:連線到SFTP伺服器的裝置是EWC,而不是請求映像的AP。這是因為身份證明是在加入EWC之前在EWC中調配,而不是在AP中調配。然後,該映像被轉發到請求該映像的實際AP。
WLC配置
在WLC的GUI中,轉到Administration > Software Management > Software Upgrade。在Mode下的下拉選單中選擇SFTP,然後提供您的STFTP伺服器的資訊和憑證。
選擇儲存以儲存映象下載配置檔案,並為加入EWC網路的新AP啟用映象下載,或按一下儲存並下載以立即觸發所有AP(包括EWC的AP)上的下載過程。
GUI中的SFTP配置
CLI配置:
9120-EWC(config)#wireless profile image-download default
9120-EWC(config-wireless-image-download-profile)#image-download-mode sftp
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-image-server <SFTP-Server>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-image-path <path>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-username <user>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-password 0 <password>
驗證
CAPWAP狀態機按照您通常期望的任何其他AP映像下載過程登入AP流。
[*01/30/2024 21:41:35.1120] CAPWAP State: Image Data
[*01/30/2024 21:41:35.1130] AP image version 17.3.3.26 backup 8.10.130.0, Controller 17.9.4.27
[*01/30/2024 21:41:35.1130] Version does not match.
[*01/30/2024 21:41:35.1130] Request to close the file..
[*01/30/2024 21:41:35.1130] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:41:35.2040] status 'upgrade.sh: Script called with args:[PRECHECK]'
[*01/30/2024 21:41:35.3020] do PRECHECK, part2 is active part
[*01/30/2024 21:41:35.3350] status 'upgrade.sh: Cleanup tmp files ...'
[*01/30/2024 21:41:35.4620] status 'upgrade.sh: /tmp space: OK available 96064, required 50000 '
[*01/30/2024 21:41:35.4630] wtpOpenImgFile: request ap1g8, local /tmp/part.tar
[*01/30/2024 21:41:35.4630] wtpOpenImgFile: open (/tmp/part.tar) image file success
[*01/30/2024 21:41:35.4630] Using fd(37559296) for image writing to file(/tmp/part.tar)
[*01/30/2024 21:41:35.4650] Image Data Request sent to 172.16.4.26, fileName [ap1g8], replicaStatus 1
[*01/30/2024 21:41:35.4690] Image Data Response from 172.16.4.26
[*01/30/2024 21:41:35.4690] AC accepted previous sent request with result code: 0
[*01/30/2024 21:41:35.4760] <.......................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:41:50.6190] ...........
[*01/30/2024 21:41:54.7060] ..............................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:14.0820] ....
[*01/30/2024 21:42:15.5860] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:15.6430] .............................................
[*01/30/2024 21:42:34.2800] ...............................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:46.0420] ...................
[*01/30/2024 21:42:53.0610] ..................................................
[*01/30/2024 21:43:11.6480] ......> 70512640 bytes, 51208 msgs, 601 last
[*01/30/2024 21:43:13.3940] Last block stored, IsPre 0, WriteTaskId 0
[*01/30/2024 21:43:13.3940] Request to close the file..
[*01/30/2024 21:43:13.3940] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:43:13.3940] Image transfer completed from WLC, last 1
[*01/30/2024 21:43:13.3940] Request to close the file..
[*01/30/2024 21:43:13.3940] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:43:13.3950] in (CAPWAP_MSGELE_IMAGE_DATA_msg_dec_cb) Enabling radCfg.is_oob_image_dnld_supported
[*01/30/2024 21:43:13.4190] wtp_delayed_event_handle_write_image_to_storage(10): fileName ap1g8, pre 0
[*01/30/2024 21:43:13.4190] wtp_delayed_event_handle_write_image_to_storage(10): fileName ap1g8, pre 0
[*01/30/2024 21:43:13.5110] status 'upgrade.sh: Script called with args:[PREDOWNLOAD]'
[*01/30/2024 21:43:13.6100] do PREDOWNLOAD, part2 is active part
[*01/30/2024 21:43:13.6420] status 'upgrade.sh: Creating before-upgrade.log'
[*01/30/2024 21:43:13.6990] status 'upgrade.sh: Start doing upgrade arg1=PREDOWNLOAD arg2= arg3= ...'
[*01/30/2024 21:43:13.8610] status 'upgrade.sh: Using image /tmp/part.tar on ax-bcm32 ...'
[*01/30/2024 21:43:20.9990] status 'Image signing verify success.'
在WLC系統日誌中,映象下載標籤為成功。
*Feb 1 17:05:37.108: %INSTALL-5-INSTALL_COMPLETED_INFO: Chassis 1 R0/0: install_engine: Completed install add sftp://******@172.16.5.62/Documents/sftp_files/EWC_17_9_4a/ap3g3
*Feb 1 17:07:00.720: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-POD-2-2 Mac: 2c5a.0f40.6920 Session-IP: 172.16.4.33[5248] 172.16.4.26[5246] Disjoined Image Download Success
AP映像下載
開始升級過程後,您可以在EWC上使用show ap image命令跟蹤AP映像預下載過程。一旦所有AP都完成下載映象,您就可以在AP的備份映象中看到目標映象。
9120-EWC#show ap image
Total number of APs : 3
Number of APs
Initiated : 0
Downloading : 0
Predownloading : 0
Completed downloading : 0
Completed predownloading : 3
Not Supported : 0
Failed to Predownload : 0
Predownload in progress : No
AP Name Primary Image Backup Image Predownload Status Predownload Version Next Retry Time Retry Count Method
------------------------------------------------------------------------------------------------------------------------------------------------------------------
AP-POD-2-2 17.9.4.27 17.12.1.5 Complete 17.12.1.5 0 0 CAPWAP
AP6C41.0E16.E79C 17.9.4.27 17.12.1.5 Complete 17.12.1.5 0 0 CAPWAP
9105-emorenoa 17.9.4.27 17.12.1.5 Complete 17.12.1.5 0 0 CAPWAP
或者,在GUI中,進度列會進入Activate階段,此時僅需要重新載入才能將EWC交換為新代碼。
EWC Web UI升級進度列
EWC將在下面顯示AP的Predownload狀態。
EWC Web UI AP映像預下載狀態
疑難排解
在AP映像下載過程中,您可以在AP的CAPWAP狀態機日誌中看到下載無法啟動。
[*07/12/2023 07:41:00.7960] CAPWAP State: Image Data
[*07/12/2023 07:41:00.7970] AP image version 17.3.3.26 backup 8.10.130.0, Controller 17.9.4.27
[*07/12/2023 07:41:00.7970] Version does not match.
[*07/12/2023 07:41:00.8580] upgrade.sh: Script called with args:[PRECHECK]
[*07/12/2023 07:41:00.9540] do PRECHECK, part2 is active part
[*07/12/2023 07:41:01.0070] upgrade.sh: /tmp space: OK available 101272, required 40000
[*07/12/2023 07:41:01.0080] wtpImgFileReadRequest: request ap1g8, local /tmp/part.tar
[*07/12/2023 07:41:01.0100] Image Data Request sent to 172.16.4.26, fileName [ap1g8], slaveStatus 0
[*07/12/2023 07:41:01.0140] Image Data Response from 172.16.4.26
[*07/12/2023 07:41:01.0140] AC accepted join request with result code: 0
[*07/12/2023 07:41:09.5930] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*07/12/2023 07:41:28.7700] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*07/12/2023 07:41:29.7500]
[*07/12/2023 07:41:29.7500] Going to restart CAPWAP (reason : image download cannot start)...
[*07/12/2023 07:41:29.7500]
[*07/12/2023 07:41:29.7570] Restarting CAPWAP State Machine.
[*07/12/2023 07:41:29.7600] Image Data Request sent to 172.16.4.26, fileName [ap1g8], slaveStatus 1
[*07/12/2023 07:41:29.7970]
[*07/12/2023 07:41:29.7970] CAPWAP State: DTLS Teardown
[*07/12/2023 07:41:29.8330] Aborting image download(0x0): Dtls cleanup, ap1g8
[*07/12/2023 07:41:29.9560] upgrade.sh: Script called with args:[ABORT]
[*07/12/2023 07:41:30.0570] do ABORT, part2 is active part
[*07/12/2023 07:41:30.1050] upgrade.sh: Cleanup tmp files ...
[*07/12/2023 07:41:30.1590] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
要瞭解AP無法下載映像的原因,可以檢查EWC中的Syslog。由於到TFTP和SFTP伺服器的指定路徑錯誤(這些路徑已正確反映在日誌中),經常會看到映像下載失敗:
對於SFTP:
*Feb 1 20:29:14.108: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:29:17.325: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6
*Feb 1 20:29:25.730: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6, Error: Failed to download file sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6: No such file or directory
對於TFTP:
*Feb 1 20:52:08.742: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:52:11.894: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add tftp://172.16.5.27/Wrong-Path/ap1g6
*Feb 1 20:52:13.977: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package tftp://172.16.5.27/Wrong-Path/ap1g6, Error: Failed to download file tftp://172.16.5.27/Wrong-Path/ap1g6: No such file or directory
確保AP和EWC可訪問TFTP或SFTP伺服器。否則,在EWC Syslog中會看到Timed Out日誌。
*Feb 1 20:55:03.359: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:55:06.512: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add tftp://172.16.5.199/EWC/17_9_4a/ap1g6
*Feb 1 20:55:46.579: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package tftp://172.16.5.199/EWC/17_9_4a/ap1g6, Error: Failed to download file tftp://172.16.5.199/EWC/17_9_4a/ap1g6: Timed out
注意:請確保在AP與EWC與TFTP或SFTP伺服器之間未阻止UDP埠69(用於TFTP)和TCP埠22(用於SFTP)。
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
16-Feb-2024 |
初始版本 |
意見