Thursday, August 25, 2016

Configuring Cisco 3650/3850 Wireless Controller Module (WCM)

Converged Wireless Network Architecture

An alternative to the centralized wireless architecture, where WLCs are located near the core layer, the WLC function can be moved further down in the network hierarchy. Relocating the WLC does two things:

* The WLC function is moved closer to the LAPs (and the wireless users).

* The WLC function becomes distributed, rather than centralized.

The access layer turns out to be a convenient location for the WLCs. After all, wireless users ultimately connect to a WLC, which serves as a virtual access layer. Why not move the wireless access layer to coincide with the wired access layer? With all types of user access merged into one layer, it becomes much easier to do things link apply common access and security policies that affect all users. This is known as a converged wireless network architecture. To distinguish the two approaches, centralized controllers are known as WLCs, while converged controllers are known as Wireless Control Modules (WCMs).

There's a distinction between the centralized and converged architecture, with regards to the WLC and WCM functions. One difference is that WLCs run the Cisco AireOS software, while WCMs are based on the Cisco IOX-XE software that runs on the Catalyst switches that host the WCMs.

As you might imagine, distributing the controller function into the access layer increases the number of controllers that are needed. One controller is needed per access switch stack or chassis. The idea is to push more controllers down closer to the users, which also reduces the number of APs and clients that connect to each one. How can this be accomplished? The Cisco Catalyst 3650, 3850, and 4500 (Supervisor 8-E only) product families are commonly used as access layer switches, plus they can offer converged-access WCM functions without needing any additional hardware.

Converged Access Switch Wireless Capacities

     Platform                                 Lightweight APs Supported     Wireless Clients Supported

Catalyst 3650 (per stack)            25                                               1000

Catalyst 3850 (per stack)            50                                               2000

Catalyst 4500 (per chassis)         50                                               2000


It might seem odd that the number of supported APs is rather low, when the physical port density of a switch is rather large. For instance, a Catalyst 3850 switch stack can consist of up to 432 wired ports (nine 48-port switches), but only 50 APs can be conected to the entire stack of switches. If you think of this from a wireless perspective, it makes more sense. Each AP is connected to the switch stack by a twisted-pair cable that is limited to a length of 100 meters. Therefore, all of the APs must be located within a 100 meter radius of the access switch. There are not too many AP cells that can physically fit into that area.

One other advantage of the converged network architecture relates to wireless scalability. APs offering 802.11ac Wave 1 can use common 1-Gbps switch ports withoout limiting the throughput. Wave 2, however, has the potential to go well beyond 1 Gbps, which requires something more than a single 10/100/1000-Mbps switch port. Cisco offes proprietary Multigigabit Ethernet ports on several models in the Catalyst 3850 and 4500 families, where APs an connect over a single cables. Multigigabit Ethernet can operate at speeds of 100 Mbps, 1 Gbps, 2.5 Gbps, and 5 Gbps over Cat5e cabling and up to 10 Gbps over Cat6a cabling speeds.

The converged model also solves some connectivity problems at branch sites by bringing a fully functional WLC onsite, within the access layer switch. With a local WLC, the APs can continue to operate without a dependency upon a WLC at the main site through a WAN connection.

If the CAPWAP tunnel is relatively short in a converged network, which means the wireless devices can reach each other more efficiently. In contrast, traffic from a wireless user to a central resource such as a data center or the Internet travels through the CAPWAP tunnel, is unencapsulated at the access layer switch (and WLC), then travels up through the rest of the network layers.


I was able to get a Cisco 3650 switch for my wireless lab and configured its wireless controller module (WCM). The setup is identical with a Cisco 3850 switch. You initially configure the web GUI access on the switch and click on Wireless Web GUI.


Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname 3650-WCM1
3650-WCM1(config)#interface vlan1
3650-WCM1(config-if)#ip address 202.7.3.5 255.255.255.224
3650-WCM1(config-if)#no shutdown
3650-WCM1(config-if)#
*Jul 28 05:10:20.363: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
*Jul 28 05:10:21.364: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
3650-WCM1(config-if)#ip default-gateway 202.7.3.1
3650-WCM1(config)#username admin cisco privilege 15 password cisco
3650-WCM1(config)#end
3650-WCM1#
*Jul 28 05:14:21.885: %SYS-5-CONFIG_I: Configured from console by console




You can run the configuration wizard by going to Configuration > Wizard to configure the WCM basic settings.




You configure the out-of-management port (Service Port in WLC).


You configure the Wireless Management which is used between the WCM and AP.




You need to select Mobility Controller (MC) for the Mobility Role in order for the Cisco 3650 to act as the wireless controller for the APs. The default role is Mobility Agent and the WCM will not register any AP.




You create the wireless SSID and choose which 802.11 radios to enable.



You set the correct time in order for the proper exchange of  DTLS certificates between WLC and AP.



A summary of the preferred settings is presented before you click Apply.



By default, the status on the WLAN SSID is disabled (uncheck) and you need to tick Enabled in order to be used by wireless clients. For quick wifi testing, I chose open authentication which means there's no Layer 2 and Layer 3 security policy were selected.





After configuring the WCM, the AP still can't upgrade it's image and found out I hit a bug with the 3.3.5 IOS-XE. So I've upgraded to 3.6.5, expanded the IOS and changed the boot file.


ERROR: Problem extracting files from archive.
Download image failed, notify controller!!! From:8.0.110.0 to 10.1.150.0, FailureCode:3
archive download: takes 48 seconds

*Jul 28 05:59:24.331: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 202.7.3.5:5246
*Jul 28 05:59:24.331: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Jul 28 05:59:24.347: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Jul 28 05:59:24.551: capwap_image_proc: problem extracting tar file
examining image...!

extracting info (289 bytes)
Image info:
    Version Suffix: k9w8-.152-4.JB7
    Image Name: ap1g2-k9w8-mx.152-4.JB7
    Version Directory: ap1g2-k9w8-mx.152-4.JB7
    Ios Image Size: 11213312
    Total Image Size: 11602432
    Image Feature: WIRELESS LAN|LWAPP
    Image Family: AP1G2
    Wireless Switch Management Version: 10.1.150.0
MwarVersion:0A019600.First AP Supported Version:0703010B.

Image version check passed 

Extracting files...
ap1g2-k9w8-mx.152-4.JB7/ (directory) 0 (bytes)
extracting ap1g2-k9w8-mx.152-4.
*Jul 28 05:59:34.415: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.
*Jul 28 05:59:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 05:59:34.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 05:59:34.315: %CAPWAP-5-SENDJOINJB7/file_hashes (3733 bytes)
extracting ap1g2-k9w8-mx.152-4.JB7/K5.bin (81620 bytes)!!!: sending Join Request to 202.7.3.5perform archive download capwap:/ap1g2 tar file
*Jul 28 05:59:34.323: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 28 05:59:34.327: Loading file /ap1g2...
!!!
extracting ap1g2-k9w8-mx.152-4.JB7/S2.bin (13992 bytes)!
extracting ap1g2-k9w8-mx.152-4.JB7/img_sign_rel_sha2.cert (1371 bytes)!
extracting ap1g2-k9w8-mx.152-4.JB7/S5.bin (111936 bytes)!!!!!


Old IOS (with bug)

Switch  Ports Model                    SW Version         SW Image                      Mode
------     -----   -----                        ----------               ----------                         ----
*    1     28    WS-C3650-24PS      03.03.05SE        cat3k_caa-universalk9   INSTALL


New IOS 

Switch  Ports  Model                         SW Version        SW Image                 Mode  
------     -----    -----                            ----------            ----------                       ----  
*    1     28       WS-C3650-24PS      03.06.05.E        cat3k_caa-universalk9 BUNDLE

3650-WCM1#dir
Directory of flash:/

 7746  -rw-     2097152  Jul 28 2016 07:20:02 +00:00  nvram_config
 7747  -rw-    79122052   Jun 3 2015 12:12:02 +00:00  cat3k_caa-base.SPA.03.03.05SE.pkg
 7748  -rw-     6521532   Jun 3 2015 12:12:02 +00:00  cat3k_caa-drivers.SPA.03.03.05SE.pkg
 7749  -rw-    34530288   Jun 3 2015 12:12:02 +00:00  cat3k_caa-infra.SPA.03.03.05SE.pkg
 7750  -rw-    34846028   Jun 3 2015 12:12:02 +00:00  cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
 7751  -rw-    25170832   Jun 3 2015 12:12:02 +00:00  cat3k_caa-platform.SPA.03.03.05SE.pkg
 7752  -rw-    77456192   Jun 3 2015 12:12:02 +00:00  cat3k_caa-wcm.SPA.10.1.150.0.pkg
 7753  -rw-        1247   Jun 3 2015 12:12:14 +00:00  packages.conf
 7754  -rw-         556  Jul 28 2016 07:19:58 +00:00  vlan.dat
 7755  -rw-   303753780  Jul 28 2016 07:10:50 +00:00  cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
 7756  drwx        4096  Jul 28 2016 07:19:21 +00:00  dc_profile_dir
 7759  -rw-        7483  Jul 28 2016 07:31:45 +00:00  wnweb.tgz

3650-WCM1#software expand file flash:/cat3k_caa-universalk9.SPA.03.06.05.E.15  
flash:/cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
Preparing expand operation ...
[1]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
[1]: Copying package files
[1]: A different version of provisioning file packages.conf already exists in flash:.
    The provisioning file from the expanded bundle will be saved as
    flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.conf
[1]: Package files copied
[1]: Finished expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin

3650-WCM1(config)#no boot system switch all flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
3650-WCM1(config)#boot system switch all flash:packages.conf
3650-WCM1(config)#end
3650-WCM1#write memory
Warning: Attempting to overwrite an NVRAM configuration previously written
by a different version of the system image.
Overwrite the previous NVRAM configuration?[confirm]
*Jul 28 07:55:03.051: %SYS-5-CONFIG_I: Configured from console by console3650-WCM1#reload
Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]


<OUTPUT TRUNCATED>


3650-WCM1#show version
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIV
ERSALK9-M), Version 03.06.05.E RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 02-Jun-16 09:03 by prod_rel_team


Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE
 (P)

3650-WCM1 uptime is 27 minutes
Uptime for this control processor is 30 minutes
System returned to ROM by reload at 07:13:18 UTC Thu Jul 28 2016
System image file is "flash:cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin"
Last reload reason: Reload command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: Ipbase
License Type: Permanent
Next reload license Level: Ipbase

cisco WS-C3650-24PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1922EABC
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of  at webui:.

Base Ethernet MAC Address          : d8:b1:90:3a:21:23
Motherboard Assembly Number        : 73-15128-05
Motherboard Serial Number          : FDO19211DEF
Model Revision Number              : G0
Motherboard Revision Number        : A0
Model Number                       : WS-C3650-24PS
System Serial Number               : FDO1922EGHI


Switch Ports Model                    SW Version        SW Image                    Mode
------ ----- -----                            ----------              ----------                        ----
*    1 28    WS-C3650-24PS      03.06.05.E          cat3k_caa-universalk9  INSTALL

 
3650-WCM1#show boot
---------------------------
Switch 1
---------------------------
Current Boot Variables:
BOOT variable = flash:packages.conf;

Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Allow Dev Key = yes
Manual Boot = no
Enable Break = no




You can safely delete unwanted files using the software clean command.

3650-WCM1#software ?
  auto-upgrade  Initiate auto upgrade for switches running incompatible
                software
  clean         Clean unused package files from local media
  commit        Commit the provisioned software and cancel the automatic
                rollback timer
  expand        Expand a software bundle to local storage, default location is
                where the bundle currently resides
  install       Install software
  rollback      Rollback the committed software


3650-WCM1#software clean
Preparing clean operation ...
[1]: Cleaning up unnecessary package files
[1]: No path specified, will use booted path flash:packages.conf
[1]: Cleaning flash:
[1]: Preparing packages list to delete ...
     In use files, will not delete:
       cat3k_caa-base.SPA.03.03.05SE.pkg
       cat3k_caa-drivers.SPA.03.03.05SE.pkg
       cat3k_caa-infra.SPA.03.03.05SE.pkg
       cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
       cat3k_caa-platform.SPA.03.03.05SE.pkg
       cat3k_caa-wcm.SPA.10.1.150.0.pkg
       packages.conf
[1]: Files that will be deleted:
    cat3k_caa-base.SPA.03.06.05E.pkg
    cat3k_caa-drivers.SPA.03.06.05E.pkg
    cat3k_caa-infra.SPA.03.06.05E.pkg
    cat3k_caa-iosd-universalk9.SPA.152-2.E5.pkg
    cat3k_caa-platform.SPA.03.06.05E.pkg
    cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin
    cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.conf
    cat3k_caa-wcm.SPA.10.2.150.0.pkg

[1]: Do you want to proceed with the deletion? [yes/no]: yes
[1]: Clean up completed

 
3650-WCM1#dir
Directory of flash:/

 7746  -rw-     2097152  Jul 28 2016 08:01:08 +00:00  nvram_config
 7747  -rw-    79122052   Jun 3 2015 12:12:02 +00:00  cat3k_caa-base.SPA.03.03.05SE.pkg
 7748  -rw-     6521532   Jun 3 2015 12:12:02 +00:00  cat3k_caa-drivers.SPA.03.03.05SE.pkg
 7749  -rw-    34530288   Jun 3 2015 12:12:02 +00:00  cat3k_caa-infra.SPA.03.03.05SE.pkg
 7750  -rw-    34846028   Jun 3 2015 12:12:02 +00:00  cat3k_caa-iosd-universalk9.SPA.150-1.EZ5.pkg
 7751  -rw-    25170832   Jun 3 2015 12:12:02 +00:00  cat3k_caa-platform.SPA.03.03.05SE.pkg
 7752  -rw-    77456192   Jun 3 2015 12:12:02 +00:00  cat3k_caa-wcm.SPA.10.1.150.0.pkg
 7753  -rw-        1247   Jun 3 2015 12:12:14 +00:00  packages.conf
 7754  -rw-         556  Jul 28 2016 08:00:46 +00:00  vlan.dat
 7756  drwx        4096  Jul 28 2016 07:19:21 +00:00  dc_profile_dir
 7759  -rw-        7483  Jul 28 2016 07:31:45 +00:00  wnweb.tgz
1621966848 bytes total (1359265792 bytes free)


The AP still won't register unless you activate the AP license and accept the End User License Agreement (EULA).


 *Jul 28 08:04:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 08:04:45.323: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 202.78.30.5 peer_port: 5246
*Jul 28 08:04:45.323: %CAPWAP-5-SENDJOIN: sending Join Request to 202.7.3.5
*Jul 28 08:04:50.323: %CAPWAP-5-SENDJOIN: sending Join Request to 202.7.3.5
*Jul 28 08:04:50.703: %CDP_PD-4-POWER_OK: All radios disabled - NEGOTIATED inline power source
*Jul 28 08:05:44.711: %DTLS-5-ALERT: Received WARNING : Close notify alert from 202.7.3.5
*Jul 28 08:05:44.711: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 202.7.3.5:5246
*Jul 28 08:05:54.783: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.
*Jul 28 08:05:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 08:05:55.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 202.7.3.5 peer_port: 5246
*Jul 28 08:05:55.315: %CAPWAP-5-SENDJOIN: sending Join Request to 202.7.3.5
*Jul 28 08:06:00.442: *%CAPWAP-3-AP_DB_ALLOC: 1 wcm:  Unable to alloc AP entry in database for 202.7.3.29:12956  

3650-WCM1#show license ?
  right-to-use  Displays all the RTU licenses.

3650-WCM1#show license right-to-use ?
  default   Displays the default license information.
  detail    Displays details of all the licenses in the stack.
  eula      Displays the EULA text.
  mismatch  Displays mismatch license information.
  slot      Specify switch number
  summary   Displays consolidated stack wide license information.
  usage     Displays the usage details of all licenses.
  |         Output modifiers
  <cr>

3650-WCM1#show license right-to-use summary
  License Name    Type     Count   Period left
-----------------------------------------------
  ipbase       permanent   N/A      Lifetime
  apcount      base            0          Lifetime
  apcount      adder          0          Lifetime

--------------------------------------------

License Level In Use: ipbase
License Level on Reboot: ipbase
Evaluation AP-Count: Disabled
Total AP Count Licenses: 0
AP Count Licenses In-use: 0
AP Count Licenses Remaining: 0


3650-WCM1#license ?
  right-to-use  Configure RTU license.

3650-WCM1#license right-to-use ?
  activate    activate particular license level
  deactivate  deactivate particular license level

3650-WCM1#license right-to-use activeate ?
  apcount     configure the AP-count licenses on the switch
  ipbase      activate ipbase license on the switch
  ipservices  activate Ipservices license on the switch
  lanbase     activate lanbase license on the switch

3650-WCM1#license right-to-use activate apcount ?
  <1-50>      configure the number of adder licenses
  evaluation  activate evaluation license

3650-WCM1#license right-to-use activate apcount 50 ?
  slot  Specify switch number

3650-WCM1#license right-to-use activate apcount 50 slot ?
  <1-9>  Specify switch number

3650-WCM1#license right-to-use activate apcount 50 slot 1 ?
  acceptEULA  automatically accept the  EULA for the given license
  <cr>


3650-WCM1#license right-to-use activate apcount 50 slot 1 acceptEULA
% switch-1:stack-mgr:ACTIVATION FAIL : Total AP Count Licenses exceed maximum limit
3650-WCM1#license right-to-use activate apcount 5 slot 1 acceptEULA
3650-WCM1#
*Jul 28 08:09:29.765: %SMN_HBL_LICENSE-6-AP_ADD: 1 stack-mgr:  5 adder AP-count
licenses are added



You can do this via WCM GUI by going to Administration > Licenses.


I was still unable to register the AP to WCM and it's useful to observe the console logs on the AP. I was able to successfully register an AIR-SAP 1602E AP after configuring switch port G1/0/1 to access port.


*Jul 28 08:37:36.025: %CAPWAP-3-AP_PORT_CFG: AP connected port Gi1/0/1 is not an access port.
*Jul 28 08:37:36.027: *%CAPWAP-3-DATA_TUNNEL_CREATE_ERR2: 1 wcm:  Failed to create CAPWAP data tunnel with interface id: 0xde95c00000000c for AP: a055.4fc2.c2a0 Error Reason: Capwap Data Tunnel create retry exceeded max retry count. 
*Jul 28 08:37:54.145: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination 
*Jul 28 08:38:04.148: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times/sec!.]  
*Jul 28 08:38:14.147: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination 
*Jul 28 08:38:24.148: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times/sec!.] 

3650-WCM1#sh run int g1/0/1
Building configuration...

Current configuration : 38 bytes
!
interface GigabitEthernet1/0/1
end

3650-WCM1(config)#interface g1/0/1
3650-WCM1(config-if)#switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled
3650-WCM1#
*Jul 28 08:42:48.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
*Jul 28 08:42:49.344: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
*Jul 28 08:42:49.513: %SYS-5-CONFIG_I: Configured from console by console
*Jul 28 08:42:50.188: %ILPOWER-7-DETECT: Interface Gi1/0/1: Power Device detected: IEEE PD
*Jul 28 08:42:55.543: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
*Jul 28 08:42:56.542: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
*Jul 28 08:43:00.188: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/1: Power granted

3650-WCM1#show wireless ?
  authentication     Show information and stats  about wireless authentication
  band-select        Displays Band Select Configuration
  client             Show wireless active clients
  country            Show the configured countries and channel information
  detail             Displays Wireless Configuration
  dot11-padding      Display over-the-air frame padding setting
  dot11h             Show 802.11h configuration
  dtls               Show the DTLS server status
  exclusionlist      Show exclusion list
  flow-control       Display WCM CMI flow-control details
  interface          Show wireless interface status and configuration
  ipv6               Show IPv6 parameters
  linktest           Shows linktest
  load-balancing     Shows Aggressive Load Balancing configuration
  media-stream       Display Multicast-direct Configuration State
  mgmt-via-wireless  Show management access from wireless client setting
  mobility           Show Mobility Management Configuration
  multicast          Displays Multicast information
  performance        Shows Aggressive Load Balancing configuration
  pmk-cache          Show information about the PMK cache
  probe              Show the advanced probe request configuration
  sip                SIP parameters
  summary            Show summary of wireless network
  vlan               VLAN information
  wgb                Show active work-group bridges (WGB)
  wps                Show WPS Configuration

3650-WCM1#show wireless client ?
  ap                    Cisco access point information
  calls                 Wireless client calls
  dot11                 Show 802.11 parameters
  location-calibration  wireless client location calibration
  mac-address           Wireless client MAC address
  probing               Show probing clients
  summary               Show active clients
  tclas                 Show TCLAS associated with a client and User Priority
  timers                Display 802.11 system timers
  username              Shows wireless client information
  voice                 Wireless client voice parameters
  wifidirect            Show wifidirect related attributes


The AIR-SAP1602E was able to register to the WCM and my iPhone was able to associate to SSID WCM-LAB.



3650-WCM1#show ap summary
Number of APs: 1

Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured

AP Name                           AP Model  Ethernet MAC    Radio MAC       State
--------------------------------------------------------------------------------
--------
APa89d.2103.29b8                  1602E     a89d.2103.29b8  a055.4fc2.c2a0  Registered

3650-WCM1#show wlan summary

Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status

--------------------------------------------------------------------------------

1    WCM-LAB                          WCM-LAB                        1    UP

3650-WCM1#show wireless client summary
Number of Local Clients : 1


MAC Address    AP Name                          WLAN State              Protocol
--------------------------------------------------------------------------------
d025.9890.1cd9 APa89d.2103.29b8                 1    UP                 11n(2.4)

3650-WCM1#show wireless client mac-address d025.9890.1cd9 detail

Client MAC Address : d025.9890.1cd9
Client Username: N/A
AP MAC Address : a055.4fc2.c2a0
AP Name: APa89d.2103.29b8
AP slot : 0
Client State : Associated
Wireless LAN Id : 1
Wireless LAN Name: WCM-LAB
BSSID : a055.4fc2.c2a0
Connected For : 402 secs
Protocol : 802.11n - 2.4 GHz
Channel : 11
Client IIF-ID : 0xe9780000000013
ASIC : 0
IPv4 Address : 202.7.3.13
IPv6 Address : Unknown
Association Id : 1
Authentication Algorithm : Open System
Status Code : 0
Session Timeout : 0
Client CCX version : No CCX support
Input Policy Name  : unknown
Input Policy State : None
Output Policy Name  : unknown
Output Policy State : None
802.1P Priority Tag : Not supported
WMM Support : Enabled
U-APSD Support : Disabled
Power Save : ON
Current Rate : m7
Supported Rates : 1.0,2.0,5.5,11.0,6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0,1.0,2.0
,5.5,11.0,6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0
Mobility State : Local
Mobility Move Count : 0
Security Policy Completed : Yes
Policy Manager State : RUN
Policy Manager Rule Created : Yes
NPU Fast Fast Notified : Yes
Last Policy Manager State : DHCP_REQD
Client Entry Create Time : 3022 seconds
Policy Type : N/A
Encryption Cipher : None
Management Frame Protection : No
Protected Management Frame - 802.11w : No
EAP Type : Not Applicable
Interface : default
VLAN : 1
Quarantine VLAN : 0
Access VLAN : 1
WFD capable : No
Manged WFD capable : No
Cross Connection capable : No
Support Concurrent Operation : No
Client Capabilities
  CF Pollable : Not implemented
  CF Poll Request : Not implemented
  Short Preamble : Implemented
  PBCC : Not implemented
  Channel Agility : Not implemented
  Listen Interval : 20
  Fast BSS Transition : Not implemented
Fast BSS Transition Details :
Client Statistics:
  Number of Bytes Received : 340571
  Number of Bytes Sent : 1851951
  Number of Packets Received : 2086
  Number of Packets Sent : 2133
  Number of EAP Id Request Msg Timeouts : 0
  Number of EAP Request Msg Timeouts : 0
  Number of EAP Key Msg Timeouts : 0
  Number of Data Retries : 372
  Number of RTS Retries : 0
  Number of Duplicate Received Packets : 3
  Number of Decrypt Failed Packets : 0
  Number of Mic Failured Packets : 0
  Number of Mic Missing Packets : 0
  Number of Policy Errors : 0
  Radio Signal Strength Indicator : -50 dBm
  Signal to Noise Ratio : 49 dB
Assisted-Roaming  Prediction List:
Nearby AP Statistics:
  APa89d.2103.29b8(slot0)
    antenna0: 293 seconds ago -78 dBm







Below is the complete show run output.

3650-WCM1#sh run
Building configuration...

Current configuration : 4761 bytes
!
! Last configuration change at 08:51:04 UTC Thu Jul 28 2016 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname 3650-WCM1
!
boot-start-marker
boot system switch all flash:packages.conf
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !       
 address-family ipv6
 exit-address-family
!
!
username cisco privilege 15 password 0 cisco
user-name admin
 creation-time 1469684619
 privilege 15
 password 0 cisco
 type mgmt-user
no aaa new-model
switch 1 provision ws-c3650-24ps
!
ip device tracking
!
!
vtp mode transparent
!
crypto pki trustpoint TP-self-signed-3953284901
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3953284901
 revocation-check none
 rsakeypair TP-self-signed-3953284901
!
!
crypto pki certificate chain TP-self-signed-3953284901
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393533 32383439 3031301E 170D3136 30373238 30383031
  30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39353332
  38343930 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009B73 AB18BF83 1F81AD63 B3D205A6 DAFD3B85 0DA217D9 E7E194AB FC7263E6
  7D08F79C E27D4344 1FABC8D2 5A0CE2E8 25793D61 CDD8470A 5C7BF1C0 3D03BAE6
  59413AD7 9C69A4ED 678A4763 F89B1880 17552BA3 5405777D ED107017 6D8F7EFC
  86DB704A 39374E05 79AECB5E B2D2018D BC6B8230 32ACDCDD 7EF721C2 A2955409
  871F0203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
  551D1104 0D300B82 09333635 302D5743 4D31301F 0603551D 23041830 1680149C
  2C1404EB 132EA53A A1A2573F 8C4E0445 5FE51030 1D060355 1D0E0416 04149C2C
  1404EB13 2EA53AA1 A2573F8C 4E04455F E510300D 06092A86 4886F70D 01010405
  00038181 00306B05 C7FBB70E A190E144 D99462D7 77A443DA 31511829 CE1FDA7F
  206889E7 275A278B EABEBC87 43D6A1F3 833495F5 B67CE347 1A3E2B9F 4549FB0F
  90E47E42 5B17176A 8DB24C37 B6731CE2 C8B0A95C A530C4E1 9EE2B784 FB48A6DD
  A6F97AB3 EA8C7BF9 8DDF0712 F36F30CB 9CE3634B 7110BBBF 7AFC17AD 5BFC1A9F
  9CBDD137 90
        quit
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
!
!
class-map match-any non-client-nrt-class
  match non-client-nrt
!
policy-map port_child_policy
 class non-client-nrt-class
    bandwidth remaining ratio 10
!
!        
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 ip address 192.168.1.10 255.255.255.0
 ip helper-address 192.168.1.1
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!        
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 ip address 202.7.3.5 255.255.255.224
 ip helper-address 202.7.3.1
!
ip default-gateway 202.7.3.1
ip http server
ip http authentication local
ip http secure-server
!
!
!
snmp-server location WCM Lab
snmp-server contact John Lagura
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
line vty 5 15
 login
!        
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
wireless mobility controller
wireless management interface Vlan1
wireless rf-network WCM
wlan WCM-LAB 1 WCM-LAB
 ip dhcp server 202.7.3.1
 no security wpa
 no security wpa akm dot1x
 no security wpa wpa2
 no security wpa wpa2 ciphers aes
 no shutdown
ap country SG
ap group default-group
end

Friday, August 19, 2016

Configuring Common Wireless Clients

Windows Wi-Fi

Microsoft Windows 7, 8.1, and 10 all include a stock wireless client that offers basic connectivity options. The configuration is very similar in each operating system, with only slight differences in the GUI. To access the wireless client, look for the wireless icon that indicates the current network status. If the machine is currently connected, the icon shows a sequence of bars or arcs to indicate the received signal strength indicator (RSSI) from the AP. If it is not connected, the icon will show gray bars and a star or asterisk instead.

You can click the wireless network icon to see a list of service set identifiers (SSIDs) that have been broadcast and discovered. SSIDs that use open authentication and no other security method are marked by a wireless icon with a gold shield with an exclamation mark. SSIDs that use a wireless security method with encryption are marked by a regular wireless icon.

By default, a Windows PC does not have a pre-populated list of SSIDs to use. Over time, it maintains a list of "preferred" network names from SSIDs that you manually connect to or manually define. Windows 7, 8.1, and 10 machines use a process called WLAN AutoConfig Service to scan for a network, using the following sequence of steps:

1. Scan for available networks by transmitting probe requests with a null or empty SSID name. If a preferred network is found, connect to it.

2. Scan for each preferred network with specific probe requests; if one is found, connect to it.

3. Scan for any preferred network that is an ad hoc network; if one is found, connect to it.

4. No known networks are found; present a list of available networks for manual connection.

To connect to one of the listed networks, click its name and then click the Connection button that appears. If the wireless LAN uses a security mechanism, enter the security key or credential when you are prompted to do so. You can configure the machine to automatically connect to the SSID in the future by checking the Connect Automatically check box.

You can manually populate a list of preferred wireless networks or edit their properties. You will need to open the Network and Sharing Center, then add or make changes to a network profile. Theprocedure in each version of Windows is slightly different, so you should perform the appropriate actions:
    
Windows 7
  • Click the Open Network and Sharing Center link.
  • Click the Manage Wireless Networks link.
  • Click Add.
  • Click Manually create a network profile.

 Windows 8.1
  • Move the cursor to the upper-right corner of the screen.
  • Select Settings.
  • Select the Set up a new connection or network link.
  • Select Manually connect to a wireless network, then click Next.

Windows 10   
  • Click the wireless icon in the taskbar.
  • Select Network Settings.
  • Select Network and Sharing Center.
  • Select Set up a new connection or network    
  • Select Manually connect to a wireless, then click Next.

You can enter the network name (SSID) and security and encryption types. You can also specify whether the PC should automatically connect to the network each time the SSID is detected, even if the SSID is not broadcast in any beacon frames. The built-in Windows wireless client does not offer many specific configuration options; however, you might find more options by configuring the wireless adapter. From the Network and Sharing Center, select Change Adapter Settings to display a list of installed adapters. Right-click a wireless adapter and select Properties to display the adapter properties and a list of installed protocols, as shown. Click the Configure button to bring up a window of adapter driver properties. Finally, display the Advanced tab to display a list of parameters and values. The list of parameters varies fro mone adapter to another, depending on what settings the manufacturers offers.

You can verify the status of a wireless connection by right-clicking the wireless icon, then selecting Open Network and Sharing Center. If the machine is connected to a wireless network, you can click the Internet connection. A new window will display the current network state, including IPv4 and IPv6 connectivity, the SSID, the wireless data rat offered, the signal quality, and a count of bytes sent and received. You can click the Details button to see more detailed information.

From the Wireless Network Connection Status window, you can click the Wireless Properties button to access configuration information about the wireless network profile that is in use. The Disable button can be used to disable the wireless network adapter, while the Diagnose button runs a series of tests that can be helpful in troubleshooting connection issues.

Usually it is a good practice to keep the wireless network adapter updated with a current driver version. You can verify the driver version in use by clicking the Properties button, then selecting the Driver tab.







MacOS X Wi-Fi

Apple devices use a built-in wireless adapter and a configuration utility to manage networks that are discovered and manually defined. You can view a list of discovered networks by clicking the wireless icon at the top of the screen. To connect to one of the networks, click its name. You can also turn the Wi-Fi adapter off and on from the links at the top of the list.

To access the wireless configuration utility, select System Preferences, and then select Network. All available network adapters listed down the left side. From this window, you can enable or disable the wireless adapter.

You can also select Wi-Fi and then click the Advanced button to display and edit the network connection configuration. The advanced settings window has seven tabs across the top. The Wi-Fi tab contains a list of preferred networks - SSIDs that have already been configured. The networks will be tried in sequential order; you can change the order by dragging networks up or down in the list.You can create a new wireless network by clicking the + (plus sign) button.


Sometimes you might need to verify the network adapter software version or wireless capabilities. You can do that by clicking the Apple logo in the upper-left corner of the screen. Next, select the About this Mac and the Overview tab. Detailed wireless information can be displayed by clicking the System Report button. In the report output, select Network > Wi-Fi.



Apple iOS Wi-Fi

Apple iPhones running iOS can connect to Wi-Fi networks usinga  built-in network adapter and driver. You can view and control the Wi-Fi connectivity by pressing the home button and selecting Settings. Select Wi-Fi to manage the connections. If the device is connected to a network, a check mark will be shown to the left of the network name. You can select a network name and then select the Join or Forget link to connect or disconnect from the SSID. You can also manually define a network by selecting Other at the bottom of the network list. Enter the network name and security parameters, then select Join to connect.

When the iOS device is connected to a network, you can display basic information about it by selecting the network name in the Wi-Fi settings screen. The device will not display detailed information about the wireless adapter and the current RF parameters natively; you have to install a third-party application to do that iOS devices support WPA and WPA2 Personal and Enterprise security and EAP-TLS. Wi-Fi Direct is also supported for impromptu peer-to-peer communication with other devices, without the need for an AP.




Android Wi-Fi

Devices based on the Android operating system use a built-in driver and utility to manage connections to wireless networks. Android devices can discover a list of available networks and can manage manually configured networks too,

First, you should enable the wireless adapter by selecting Settings > Wi-Fi and then sliding the Wi-Fi switch to the on position. You can manage individual wireless connections from the same screen. The list shows the SSIDs of networks that have been discovered, in addition to those that are locally configured. After a network has been learned and connected to at least once, the device will automatically try to use it again in the future.

You can manually add a new network by selecting the Add Wi-Fi Network link at the bottom of the network list. Enter the SSID and security parameters and then select the Save button. After a network has been learned, you can edit its properties by selecting the network from the list with a long-press and then selecting Modify Network Config. You can also delete a network profile by selecting it with a long-press and then selecting Forget Network.

Android natively supports both WPA and WPA2 Personal and Enterprise security. Enterprise security commonly includes Transport Layer Security (TTLS), Protected Extensible Authentication (PEAP), and Tunneled TLS (TTLS). Also, Android devices support Wi-Fi Direct, allowing direct communication with a small number of other devices in a peer-to-peer fashion, without requiring an AP. Although Wi-Fi Direct is derived from 802.11 ad hoc networks, it is incompatible with ad hoc networking because it supports additional negotiation and security features.

You can verify the status of a wireless connection by going to Settings > Wi-Fi. One of the Wi-Fi network names should be listed as "Connected." You can display more information about it by selecting it



Wednesday, August 10, 2016

Converting Cisco Lightweight to Autonomous AP (and vice-versa) via Mode Button

Occasionally you may need to upgrade the IOS software running on an autonomous AP. You can perform software upgrades from a web browser that is opened to the AP's IP address. Download the new autonomous mode image file from Cisco.com onto the machine, then click the Software tab and the Software Upgrade link. Click the Browse button to locate the new software image, then click the Upgrade button to begin the upgrade process. Once the upgrade is complete, the AP must be rebooted so that it can begin running the new image.



Autonomous APs can be useful in remote sites, small offices, or homes where centralized management is not necessary or practical. In larger environments, a centralized or unified approach is more common. Sometimes you might face a hybrid scenario, where some legacy autonomous APs still exist in a centrally managed network. In that case, you might need to either replace the AP hardware or convert its software image so that it can join the wireless controllers that manage the network.

To convert an AP, you can use one of the following methods, which are described in the subsequent sections:

* Use the Cisco Prime Infrastructure application; all wireless controllers and lightweight APs can be monitored and managed from this one application. The autonomous AP must first be managed, then it can be converted.

* Use the archive command from the autonomous AP's CLI.

You can use the CLI to upgrade the IOS image on an autonomous AP and convert it to lightweight mode. You will also need a TFTP or FTP server along with the appropriate lightweight code image. The process is simple - save the AP's configuration, then use the following commands:

archive download-sw /overwrite /force-reload {tftp:|ftp:}//location/image-name

The lightweight image will be downloaded such that it overwrites the current autonomous IOS image, then the AP will reload and run the new image. If you are using an FTP server, you should specify the FTP username and password that the AP will use with the following commands:

ap(config)# ip ftp username username
ap(config)# ip ftp password password


Tip: If the Cisco AP image filename contains k9w8, it is a lightweight image. If it contains k9w7, it is an autonomous image.


The AP will set its default IP address to 10.0.0.1/8 when you press and hold the MODE button while booting up for at least 20 seconds (or release once LED light turns red). You'll need to assign a PC with an IP address of 10.0.0.2/8, run a TFTP software and rename the IOS files as below:

ap3g2-rcvk9w8-tar.153-3.JD.tar > ap3g2-k9w7-tar.default    // FOR 2602 AUTONOMOUS TO LIGHTWEIGHT CONVERSION


ap1g2-k9w7-tar.153-3.JAB.tar > ap1g2-k9w7-tar.default    // FOR 1602 LIGHTWEIGHT TO AUTONOMOUS CONVERSION

I'll start off with my Cisco 2602I AP which currently has an autonomous IOS (k9w7) and will convert into lightweight (k9w8). I needed this AP to be lightweight in order to talk to the WLC and do some labs for Cisco CleanAir.



For some reason, an error keep showing the TFTP connection timed even after downloading a different k9w8 recovery image, disabling PC firewall and restarting my PC. I had to "force" the TFTP downloading process by issuing some AP CLI commands. Once the AP upgrade is done, you'll see the AP model has changed to AIR-CAP and the CLI prompt would display APmac_address>.



IOS Bootloader - Starting system.
flash is writable
FLASH CHIP:  Numonyx Mirrorbit (0089)
Xmodem file system is available.
flashfs[0]: 258 files, 15 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 16122880
flashfs[0]: Bytes available: 15875072
flashfs[0]: flashfs fsck took 18 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: f8:72:ea:a6:e2:03
Ethernet speed is 100 Mb - FULL Duplex
button is pressed, wait for button to be released...
button pressed for 25 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
process_config_recovery: image recovery
image_recovery: Download default IOS tar image tftp://255.255.255.255/ap3g2-k9w7-tar.default

examining image...
DPAA Set for Independent Mode
DPAA_INIT = 0x0

%Error opening tftp://255.255.255.255/ap3g2-k9w7-tar.default (connection timed out)
ap: set IP_ADDR 10.0.0.1
ap: set NETMASK 255.0.0.0
ap: set DEFAULT_ROUTER 10.0.0.2
ap: tftp_init
ap: ether_init

Initializing ethernet port 0...
Ethernet speed is 100 Mb - FULL Duplex
ap: flash_init
Initializing Flash...
...The flash is already initialized.
ap: tar -xtract tftp://10.0.0.2/ap3g2-k9w7-tar.default flash:

extracting info (274 bytes)
ap3g2-rcvk9w8-mx/ (directory) 0 (bytes)
extracting ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-mx (215867 bytes)..............................................
extracting ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-tx (73 bytes)
extracting ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx (7087116 bytes)..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
extracting ap3g2-rcvk9w8-mx/info (274 bytes)
extracting ap3g2-rcvk9w8-mx/file_hashes (438 bytes)
extracting ap3g2-rcvk9w8-mx/final_hash (141 bytes)
extracting ap3g2-rcvk9w8-mx/final_hash.sig (513 bytes)
extracting ap3g2-rcvk9w8-mx/img_sign_rel.cert (1375 bytes)
extracting ap3g2-rcvk9w8-mx/img_sign_rel_sha2.cert (1371 bytes)
extracting info.ver (274 bytes)
ap: set BOOT flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar
ap: boot

Rebooting system to reset DPAA...

IOS Bootloader - Starting system.
flash is writable
FLASH CHIP:  Numonyx Mirrorbit (0089)
Xmodem file system is available.
flashfs[0]: 267 files, 15 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 23433216
flashfs[0]: Bytes available: 8564736
flashfs[0]: flashfs fsck took 22 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: f8:72:ea:a6:e2:03
Ethernet speed is 100 Mb - FULL Duplex
Loading "flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar"...flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar: no such file or directory

Error loading "flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar"

Interrupt within 5 seconds to abort boot process.
Loading "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-mx"...#########################

File "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-mx" uncompressed and installed, entry point: 0x2003000
executing...

Secondary Bootloader - Starting system.
Tide MB - 32MB of flash
Xmodem file system is available.
flashfs[0]: 267 files, 15 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31997952
flashfs[0]: Bytes used: 23433216
flashfs[0]: Bytes available: 8564736
flashfs[0]: flashfs fsck took 9 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 1 seconds.
Base Ethernet MAC address: f8:72:ea:a6:e2:03

2600/3600 AP, PID: 'AIR-CAP2602I-S-K9 '. Checking for BL upgrade...
BL: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Compiled Wed 30-May-12 03:34 by binugopa

BL Build year: 12
De-compress 'flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar;flash:/ap3g2-bl-2600' to 'ram:/ap3g2-bl'...
File not found: flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar;flash:/ap3g2-bl-2600
Unable to locate IOS image with name **xx**.
Boot CMD: 'boot  flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar;flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx'
Loading "flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar"...flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar: no such file or directory

Error loading "flash:/ap3g2-rcvk9w8-tar.153-3.JD.tar"

Interrupt within 5 seconds to abort boot process.
Unable to locate IOS image with name **xx**.
Boot CMD: 'flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx'
Loading "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"...############################
File "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx" uncompressed and installed, entry point: 0x1003000
executing...

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706


Cisco IOS Software, C2600 Software (AP3G2-RCVK9W8-M), Version 15.3(3)JD, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 29-Jul-16 04:10 by prod_rel_team

Tide MB - 32MB of flash
Initializing flashfs...

flashfs[2]: 267 files, 15 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 31739904
flashfs[2]: Bytes used: 23433216
flashfs[2]: Bytes available: 8306688
flashfs[2]: flashfs fsck took 9 seconds.
flashfs[2]: Initialization complete.
flashfs[3]: 0 files, 1 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 11999232
flashfs[3]: Bytes used: 1024
flashfs[3]: Bytes available: 11998208
flashfs[3]: flashfs fsck took 1 seconds.
flashfs[3]: Initialization complete....done Initializing flashfs.

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP2602I-S-K9 (PowerPC) processor (revision A0) with 188398K/60928K bytes of memory.
Processor board ID FGL1724W234
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.3.102.0
1 Gigabit Ethernet interface

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: F8:72:EA:A6:E1:23
Part Number                          : 73-14588-02
PCB Serial Number                    : FOC17230345
Top Assembly Part Number             : 800-38356-01
Top Assembly Serial Number           : FGL1724W234
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP2602I-S-K9
% Please define a domain-name first.


Press RETURN to get started!


*Mar  1 00:00:11.811: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar  1 00:00:11.811: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Mar  1 00:00:13.147: %LWAPP-4-CLIENTEVENTLOG: PnP waiting for capwap init
*Mar  1 00:00:13.619: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:13.887: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2600 Software (AP3G2-RCVK9W8-M), Version 15.3(3)JD, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 29-Jul-16 04:10 by prod_rel_team
*Mar  1 00:00:13.887: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*Mar  1 00:00:13.947: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar  1 00:00:13.947: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Mar  1 00:00:13.947: spamInitRadCfg: recovery image default mode 0
lwapp_crypto_init: MIC Present and Parsed Successfully
*Mar  1 00:00:14.119: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:00:14.931: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:18.759: DPAA Initialization Complete
*Mar  1 00:00:18.759: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar  1 00:00:19.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:21.759: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar  1 00:00:22.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar  1 00:00:25.931: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar  1 00:00:26.931: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar  1 00:00:32.827: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar  1 00:00:32.831: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Mar  1 00:00:32.831: %CAPWAP-3-EVENTLOG: No Config Present. PNP required
*Mar  1 00:00:32.831:  validate_sha2_block:No SHA2 Block present on this AP.

%Error opening flash:/capwap-saved-config (No such file or directory)
%Error opening flash:/capwap-saved-config-bak (No such file or directory)
Not in Bound state.creating PnP template view

APf872.eaa6.e123>
*Mar  1 00:01:19.859: %LWAPP-4-CLIENTEVENTLOG: Invoking capwap discovery
*Mar  1 00:02:07.063: %CDP_PD-4-POWER_OK: All radios disabled - NEGOTIATED inline power source
Not in Bound state.


I not a fan of this method and would still prefer using the archive download-sw command which I did on this post. Next, I'll be converting my Cisco 1602E AP from lightweight to autonomous which went seamlessly using the MODE button method. Once the upgrade is done the AP model will be changed to AIR-SAP and the CLI prompt will display ap>.



Boot from flash

IOS Bootloader - Starting system.
 FLASH CHIP: Micronix MX25L256_35F
Xmodem file system is available.
flashfs[0]: 38 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31936000
flashfs[0]: Bytes used: 18574848
flashfs[0]: Bytes available: 13361152
flashfs[0]: flashfs fsck took 12 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: c0:8c:60:1f:24:7d
 ************* loopback_mode = 0
button is pressed, wait for button to be released...
button pressed for 20 seconds
process_config_recovery: set IP address and config to default 10.0.0.1

process_config_recovery: image recovery
image_recovery: Download default IOS tar image tftp://255.255.255.255/ap1g2-k9w7-tar.default

examining image...
extracting info (288 bytes)
Image info:
    Version Suffix: k9w7-.153-3.JAB
    Image Name: ap1g2-k9w7-mx.153-3.JAB
    Version Directory: ap1g2-k9w7-mx.153-3.JAB
    Ios Image Size: 1290752
    Total Image Size: 11387392
    Image Feature: WIRELESS LAN|LWAPP
    Image Family: AP1G2
    Wireless Switch Management Version: 8.0.72.236
Extracting files...
ap1g2-k9w7-mx.153-3.JAB/ (directory) 0 (bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-mx.153-3.JAB (123464 bytes)..........................
ap1g2-k9w7-mx.153-3.JAB/html/ (directory) 0 (bytes)
ap1g2-k9w7-mx.153-3.JAB/html/level/ (directory) 0 (bytes)
ap1g2-k9w7-mx.153-3.JAB/html/level/1/ (directory) 0 (bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/appsui.js (563 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/back.shtml (512 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/cookies.js (5032 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/forms.js (20125 bytes)....
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/sitewide.js (17250 bytes)...
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/stylesheet.css (3220 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/config.js (27254 bytes)......
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/popup_capabilitycodes.shtml.gz (1020 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/filter.js.gz (2009 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/filter_vlan.js.gz (1459 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/filter_mac_ether.js.gz (1793 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/security.js.gz (962 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/vlan.js.gz (1121 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ssid.js.gz (4286 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/network-if.js.gz (2084 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/dot1x.js.gz (988 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/stp.js.gz (957 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_assoc.shtml.gz (5869 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_event-log.shtml.gz (4148 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_home.shtml.gz (7289 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_network-if.shtml.gz (3565 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_network-map.shtml.gz (4114 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_services.shtml.gz (3926 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_system-sw.shtml.gz (3123 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/ap_contextmgr.shtml.gz (4062 bytes)
ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/ (directory) 0 (bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/ap_title_appname.gif (2246 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/1600_title_appname.gif (2826 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/1600_w_title_appname.gif (2351 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/700_w_title_appname.gif (2277 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/700_title_appname.gif (3044 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button.gif (1211 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_1st.gif (1171 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_cbottom.gif (318 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_current.gif (1206 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_endcap.gif (878 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_encap_last.gif (333 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_last.gif (386 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_button_nth.gif (1177 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_leftnav_dkgreen.gif (869 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_leftnav_green.gif (879 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_leftnav_upright.gif (64 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/apps_leftnav_yellow.gif (881 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/arrowdown_red.gif (108 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/arrowup_green.gif (108 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/corner_ur_7.gif (53 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/dkgreenmask11_up.gif (113 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/dkgreenmask28_upright.gif (110 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/grn_vertlines_bottom.gif (149 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/grn_vertlines_top.gif (141 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/hinav_plus.gif (56 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/left_bkg.gif (146 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/list_data.gif (122 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/logo.gif (29454 bytes)......
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/pixel.gif (49 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/sitewide_downleft.gif (53 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/sitewide_help_off.gif (934 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/sitewide_help_on.gif (934 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/sitewide_print_off.gif (111 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/sitewide_print_on.gif (111 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/spacer.gif (49 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/whitemask11_botleft.gif (62 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/whitemask11_upright.gif (61 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_alert.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_critical.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_debugging.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_emergency.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_error.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_information.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_notification.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/event_warning.gif (73 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/check_mark.gif (71 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/background_web41.jpg (732 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/cisco-logo-2012.gif (579 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/logout_image.gif (40294 bytes)........
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/itp-logo.png (2822 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/logout_image_itp.gif (48262 bytes)..........
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/cna_icon1.gif (1212 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/cna_icon2.gif (1185 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/cna_icon3.gif (1196 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/cna_icon4.gif (1072 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/1/images/cna_download_splash.gif (44862 bytes).........
ap1g2-k9w7-mx.153-3.JAB/html/level/15/ (directory) 0 (bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_assoc_adv.shtml.gz (4133 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_event-log_config-options.shtml.gz (5718 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_event-log_notif-options.shtml.gz (2683 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_express-setup.shtml.gz (11835 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_express-security.shtml.gz (13539 bytes)...
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/def_broadcast-ssid.shtml.gz (1263 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/def_eap-security.shtml.gz (1791 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/def_no-security.shtml.gz (1582 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/def_wep-security.shtml.gz (1597 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/def_wpa-security.shtml.gz (1854 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_ipaddress.shtml.gz (6310 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_802-11.shtml.gz (6426 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_802-11_b.shtml.gz (6272 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_802-11_c.shtml.gz (28051 bytes)......
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/dBm_mW_translation_table.shtml.gz (1511 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_802-11_d.shtml.gz (4059 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_ethernet.shtml.gz (4356 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-if_ethernet_b.shtml.gz (6398 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_network-map_ap-adjacent-list.shtml.gz (3795 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec.shtml.gz (7587 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ap-client-security.shtml.gz (28301 bytes)......
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ap-key-security.shtml.gz (11911 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_local-admin-access.shtml.gz (6978 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_network-security_a.shtml.gz (11734 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_network-security_b.shtml.gz (5600 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_lrs.shtml.gz (5077 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_lrs_b.shtml.gz (8514 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_lrs_c.shtml.gz (6194 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_dot1x-security.shtml.gz (6432 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_dot1x-certificates.shtml.gz (11162 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_dot1x-cert_fingerprint.shtml.gz (577 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ap-client-security-adv_a.shtml.gz (4973 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ap-client-security-adv_b.shtml.gz (5051 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ap-client-security-adv_c.shtml.gz (4658 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ap-client-security-adv_d.shtml.gz (3596 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_band_select.shtml.gz (5699 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_auto-config.shtml.gz (3592 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ids_mfp.shtml.gz (3912 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_sec_ids_mfp_stats.shtml.gz (3642 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_arp.shtml.gz (3005 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_cdp.shtml.gz (5112 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_console-telnet.shtml.gz (6813 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_dns.shtml.gz (3593 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_filters.shtml.gz (5304 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_filters-ip.shtml.gz (9233 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_filters-mac.shtml.gz (3998 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_filters-ether.shtml.gz (3842 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_hot-standby.shtml.gz (5495 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_http.shtml.gz (5977 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_mobile-ip-b.shtml.gz (6656 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_mobile-ip-c.shtml.gz (4153 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_mobile-ip-d.shtml.gz (5159 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_mobile-ip.shtml.gz (6007 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_qos-traffic.shtml.gz (8125 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_qos.shtml.gz (12205 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_qos_adv.shtml.gz (4433 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_snmp.shtml.gz (8015 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_sntp.shtml.gz (5948 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_vlan.shtml.gz (13189 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_voice-traffic.shtml.gz (6347 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_services_stp.shtml.gz (7107 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_stationview-client_ltest.shtml.gz (5514 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_upgrade-b.htm (231 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_upgrade-b.shtml.gz (6196 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_upgrade.htm (229 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_upgrade.shtml.gz (6238 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/banner.html (14131 bytes)...
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameAssociation.html (628 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameEventlog.html (627 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameHome.html (611 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameNetWork.html (619 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameSecurity.html (637 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameServices.html (651 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameSoftware.html (650 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameWireless.html (626 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameset.html (4736 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navAssociation.html (1269 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navBar41.css (3605 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navHome.html (2251 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navNetwork.html (5891 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navSecurity.html (2746 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navServices.html (5018 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navSoftware.html (1958 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navWireless.html (1580 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/arrow_down.gif (177 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/arrow_down2.gif (838 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/arrow_right.gif (137 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/arrow_right2.gif (838 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/servicescript41.js.gz (12181 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/sideMenu.js.gz (813 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_easy-setup.shtml.gz (28827 bytes)......
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navEventLog.html (1283 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/content41.css (10497 bytes)..
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/logout.html (2782 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_guest_list.shtml.gz (2539 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_guest_login.shtml.gz (1523 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_guest_new.shtml.gz (4274 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/frameguest.html (617 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/navguest.html (1605 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_webauth.shtml.gz (3645 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/def_wpa_psk-security.shtml.gz (1859 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/cna_upgrade.htm (5895 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_upgrade_poll.htm (234 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_upgrade_poll.shtml (3596 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_system-sw_sysconfig.shtml.gz (7145 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_stationview-client.shtml.gz (5554 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_contextmgr_ap.shtml.gz (4774 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_contextmgr_scm.shtml.gz (5294 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_contextmgr_scm-groups.shtml.gz (7586 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/html/level/15/ap_contextmgr_scm_summary.shtml.gz (5194 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-xx.153-3.JAB (8810727 bytes)........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
extracting ap1g2-k9w7-mx.153-3.JAB/8005.img (1158600 bytes)...........................................................................................................................................................................................................................................................
extracting ap1g2-k9w7-mx.153-3.JAB/S2.bin (13992 bytes)...
extracting ap1g2-k9w7-mx.153-3.JAB/S5.bin (111936 bytes)........................
extracting ap1g2-k9w7-mx.153-3.JAB/K2.bin (6996 bytes).
extracting ap1g2-k9w7-mx.153-3.JAB/K5.bin (81620 bytes).................
extracting ap1g2-k9w7-mx.153-3.JAB/info (288 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/file_hashes (33166 bytes).......
extracting ap1g2-k9w7-mx.153-3.JAB/final_hash (141 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/img_sign_rel.cert (1375 bytes)
extracting ap1g2-k9w7-mx.153-3.JAB/img_sign_rel_sha2.cert (1371 bytes)
extracting info.ver (288 bytes)
Deleting current version: flash:/ap1g2-rcvk9w8-mx...done.
New software image installed in flash:/ap1g2-k9w7-mx.153-3.JAB
Configuring system to use new image...done.
Requested system reload in progress...download took about 404 seconds
Loading "flash:/ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-mx.153-3.JAB"...##############

File "flash:/ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-mx.153-3.JAB" uncompressed and installed, entry point: 0x2004000
executing...

Secondary Bootloader - Starting system.
 FLASH CHIP: Micronix MX25L256_35F
Xmodem file system is available.
flashfs[0]: 238 files, 14 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31936000
flashfs[0]: Bytes used: 23339520
flashfs[0]: Bytes available: 8596480
flashfs[0]: flashfs fsck took 13 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: c0:8c:60:1f:24:7d
Secondary bootloader Ethernet not enabled, skip ether_init

Boot CMD: 'boot  flash:/ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-xx.153-3.JAB;flash:/ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-xx.153-3.JAB'
Loading "flash:/ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-xx.153-3.JAB"...####################################
File "flash:/ap1g2-k9w7-mx.153-3.JAB/ap1g2-k9w7-xx.153-3.JAB" uncompressed and installed, entry point: 0x100000
executing...

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.3(3)JAB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 02-Sep-14 20:36 by prod_rel_team

Initializing flashfs...
 FLASH CHIP: Micronix MX25L256_35F

flashfs[2]: erasing block[0]...
flashfs[2]: erasing block[1]...
flashfs[2]: 238 files, 14 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 31808000
flashfs[2]: Bytes used: 23339520
flashfs[2]: Bytes available: 8468480
flashfs[2]: flashfs fsck took 14 seconds.
flashfs[2]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 0 seconds.
flashfs[4]: Initialization complete....done Initializing flashfs.

Radio0  present 8764B 8000 0 A8000000 A8010000 0
Rate table has 586 entries (20 legacy/160 11n/406 11ac)

POWER TABLE FILENAME = flash:/ap1g2-k9w7-mx.153-3.JAB/S2.bin

Radio1  present 8764B 8000 0 88000000 88010000 4
POWER TABLE FILENAME = flash:/ap1g2-k9w7-mx.153-3.JAB/S5.bin

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-SAP1602E-A-K9 (PowerPC) processor (revision B0) with 187382K/74672K bytes of memory.
Processor board ID FGL1736WABC
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: C0:8C:60:1F:21:23
Part Number                          : 73-14508-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC17292EFG
Top Assembly Part Number             : 800-38553-01
Top Assembly Serial Number           : FGL1736WABC
Top Revision Number                  : A0
Product/Model Number                 : AIR-SAP1602E-A-K9


Press RETURN to get started!


*Mar  1 00:00:16.291: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar  1 00:00:17.119: APAVC:  WlanPAKs 9355 RadioPaks  8747
*Mar  1 00:00:23.227: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar  1 00:00:29.607: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar  1 00:00:32.327: %LINK-6-UPDOWN: Interface GigabitEthernet0 changed state to up
*Mar  1 00:00:33.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:33.659: Starting Ethernet promiscuous mode
*Jan  1 00:15:08.039: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jan  1 00:15:08.039: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jan  1 00:15:08.055: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.3(3)JAB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 02-Sep-14 20:36 by prod_rel_team
*Jan  1 00:15:08.055: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*Jan  1 00:15:09.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Jan  1 00:15:09.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan  1 00:15:09.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan  1 00:15:18.491: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
ap>