Skip to main content

How to get your APs to leave your Cisco WLAN Controller in a pinch!

 

You’re probably wondering why on Earth I am writing a post on how to make your access points flee your WLAN Controller.

 

Here are a few reasons why you might want to do this: (I have seen all of these situations)

 

·         You have two WLAN controllers, each backing the other up and you want to upgrade them.

·         You just put a new image on your WLAN controller and it is corrupt, and your access points are hung up on downloading for hours.

·         You want to move your APs to the other controller quickly, but they are on the same subnet and you cannot use a VACL or other ACL.

·         You need to move the APs and don’t feel like scripting, and don’t have WCS/NCS/Prime Infrastructure Access Point Templates setup.

 

The one in the middle recently happened to me.   Here’s my scenario:   Two WiSM1 blades were half loaded with APs, each backing up the other.  I staged two new 5508s to replace the aging WiSMs.  Little did I know, there was a problem with the image on 5508 #1.  I moved a dozen APs manually from one of the WiSMs to the 5508, and they started downloading as expected.  I was migrating the APs from the WiSMs (on 7.0 code) to the 5508s running FUS 1.7.0.0 and 7.5.121.0 operating system, so as soon as they landed, they started to do the upgrade.  Problem was, the image was somehow corrupt and the access points would start downloading, then reboot, and then start downloading again.  If you’ve ever been in this situation before, you probably know that you cannot configure an AP while in the downloading state.  Obviously I didn’t know the image was correct, but knew I needed to back out of my change, and do it quickly.

 

Unfortunately it was 1 am in the morning, and there was about 75 miles of Interstate between me and the box.  I had three options at that moment:

 

·         Reboot the WLAN Controller.  When it comes back up, the APs will go back to the same situation

·         Shutdown the Port Channel at the switch level, leaving the controllers stranded.  (and leaving me locked out of them as well)

·         Somehow configure the WLAN controller so the APs leave and go find their configured Secondary Controller, but leave me access to the WLC.

 

I chose option three.

 

But how?  The WLC is on the same subnet as the others.  There’s no configuration check box that reads, “Do not respond to AP join requests”.  Hint hint. (feature request)

 

Here’s what I did.  I changed the hostname of the controller, because I had configured it on the APs that I moved to the WLC.

 

 

Then, I had to shut off the 5GHz and 2.4 GHz at the global level on the WLC:

 

 

 

And as soon as that is done, I changed my Country Code.  I removed the checkmark for US, a country that I have visited many times – France!

 

 

 

Viola!!  The access points fled quickly to their configured Secondary Controller, downgraded, and the network was back up and running.

 

This allowed me to go to bed, and leisurely wake up at 5am in the morning with several thoughts and ideas of what went wrong last evening.  I called Cisco TAC at 6am and got a response relatively quickly.  (note to self – call Cisco at 5am for faster response time)   During our troubleshooting I decided to see if another access point in a building that just happened to be closed all weekend would join the redundant controller I had configured.  It immediately joined and we came to the conclusion that the image on the WLC had somehow become corrupt.  I don’t know how, since I personally staged both WLCs with the same TFTP server and image while in the lab, and my test AP running that same image worked associated just fine.  It was definitely the “downloading” portion of the operating system that was faulty.

 

I downloaded the same exact image again from CCO, and then immediately transferred it via TFTP to the WLC and rebooted it.  I reversed the country code and other configurations and put it back to “normal”.  I then send an access point to the WLC and it joined, downloaded normally, and all is well now.

 

One thing I want to mention is during the heat of the moment, I did a web search of “APs stuck in downloading”, “Access Points stuck in downloading”, and “Cisco AP downloading” and did not get any hits.

 

I hope that this post can help other WLAN Engineers out that may encounter the same scenario and frantically Google those search words, only to come up with nothing. 

 

Cheers!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

Build your own Ekahau ePerf & Speedtest.mini server!

One a recent forklift project, we decided to replace our aging 802.11a/g hardware and deploy new 802.11ac WLAN gear.   We designed the building with Ekahau’s ESS - our default WLAN survey and design tool.  After designing the WLAN to meet our healthcare requirement (in this case, Aeroscout tags, Vocera badges, 5GHz Voice and data) we installed the gear and then validated the WLAN.   For this initial 802.11ac deployment, we decided to do both passive and throughput validations.  With throughput surveys, we measure actual data, such as packet loss and jitter.   On a side note - for some time now, we have said to ourselves, “I wish we had a portable Ookla Speedtest server”.   Spoiler alert!   We needed a throughput server that would be both simple to use and portable.  After talking with our Ekahau team, we decided to use the Odroid C2, and configure it for two purposes.  (It turns out that Ekahau has done the homework for us, and a quick web search will unearth most of what we need to kn
1 comment
Read more

How to add AP licenses to a Cisco 5508 WLAN controller

How to add AP licenses to a Cisco WLAN controller. I recently had to do this and I must say if I had the link (below) when I first started out, life would have been much easier. You should have a PAK from Cisco when you purchased your adder license.   Go to  https://tools.cisco.com/SWIFT/LicensingUI/Home  and register it with the controller.         In this case, the PAK is 3681J1B047A.   You are going to need the serial number of your controller in order to generate the license for it.  I SSH into the controller and issue either "show udi" or "show license udi".  Just make sure you are communicating with the controller you intend to upgrade licenses on!  I am sure there are other ways to get this information, but this is how I do it.     After you enter in the information, you can view and download your licenses, or wait for them to arrive via email.  I downloaded the two license files in this example since I am adding licenses to two controllers.     After downloa
Post a Comment
Read more

5GHz WLAN Site Survey AP power settings - What you want, don't want, and don't care about.

  I often see the requirement that a WLAN site survey and design must be done by the AP-on-a-stick method.  That said, you’ll want to use the same AP for your survey that you will use in production – or one that is similar.  In this case, we are going to convert a lightweight access point to Autonomous, so that we can use it without a WLAN Controller.  The new survey rig is a Cisco 3602i, configured with 5GHz channel 157, set to 40 MHz. How did we turn the lightweight AP into an Autonomous and do the quick and drity configuration?  The short answer is, we followed Richard McIntosh’s directions.  His blog, and a great “HowTo” is here: https://ciscotophat.wordpress.com/2013/01/05/configuring-a-3602-for-wireless-surveying/   Thanks again, Richard, for putting that out there for everyone to read. We altered the power output of the new survey rig as sort of an experiment to see how the signal propagated, and where our -67dBm and -85dBm boundaries lie.  Why did I choose those numbers, you as
Post a Comment
Read more