-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This section contains the following topics:
When you upgrade the controller’s software, the software on the controller’s associated access points is also automatically upgraded. When an access point is loading software, each of its LEDs blinks in succession. Up to 10 access points can be concurrently upgraded from the controller.
Note The Cisco 5500 Series Controllers can download the 6.0 software to 100 access points simultaneously.
Note In controller software release 5.2 or later releases, the WLAN override feature is not available from both the controller GUI and CLI. If your controller is configured for WLAN override and you upgrade to controller software release 5.2 or later releases, the controller deletes the WLAN configuration and broadcasts all WLANs. You can specify that only certain WLANs be transmitted by configuring access point groups. Each access point advertises only the enabled WLANs that belong to its access point group.
– Controller software release 6.0 is greater than 32 MB; you must make sure that your TFTP server supports files that are larger than 32 MB. Some TFTP servers that support files of this size are tftpd32 and the TFTP server is within WCS. If you attempt to download the 6.0 controller software and your TFTP server does not support files of this size, the following error message appears: “TFTP failure while storing in flash.”
– If you are upgrading through the service port, the TFTP or FTP server must be on the same subnet as the service port because the service port is not routable, or you must create static routes on the controller.
– If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
– A third-party TFTP or FTP server cannot run on the same computer as WCS because the WCS built-in TFTP or FTP server and the third-party TFTP or FTP server require the same communication port.
– You can upgrade from all mesh releases to controller software release 6.0 without any configuration file loss. See Table 11-1 for the available upgrade paths.
Note If you downgrade to a mesh release, you must then reconfigure the controller. We recommend that you save the configuration from the mesh release before upgrading to release 6.0 for the first time. You can reapply the configuration if you need to downgrade.
– You cannot downgrade from controller software release 6.0 to a mesh release (4.1.190.5, 4.1.191.22M, or 4.1.192.xxM) without experiencing a configuration loss.
– Predownloading a 7.2 or later version of an image on a Cisco Aironet 1240 access point is not supported when upgrading from a previous controller release. If predownloading is attempted to the Cisco Aironet 1240 access point, the AP gets disconnected.
– Configuration files are in the binary state immediately after upgrade from a mesh release to controller software release 6.0. After reset, the XML configuration file is selected.
Note Do not install the 6.0 controller software file and the 5.2.157.0 ER.aes boot software file at the same time. Install one file and reboot the controller and then install the other file and reboot the controller.
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up the configuration files of the controller before you upgrade the controller software. See the “Uploading and Downloading Configuration Files” section for instructions.
Step 2 Obtain the 6.0 controller software and the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file from the Software Center on Cisco.com as follows:
a. Click this URL to go to the Software Center:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875243
c. Choose Wireless LAN Controllers .
d. Choose Standalone Controllers or Integrated Controllers and Controller Modules .
e. Choose a controller series.
f. If necessary, choose a controller model.
g. If you chose Standalone Controllers in Step Choose Standalone Controllers or Integrated Controllers and Controller Modules ., choose Wireless LAN Controller Software .
h. If you chose the Cisco Catalyst 6500 series / switch 7600 Series Wireless Services Module (WiSM) in Step Choose a controller series., choose Wireless Services Modules (WiSM) Software .
i. Choose a controller software release. The software releases are labeled as follows to help you determine which release to download:
j. Choose a software release number.
k. Click the filename ( filename .aes).
m. Read Cisco’s End User Software License Agreement and then click Agree .
n. Save the file to your hard drive.
o. Repeat steps Click this URL to go to the Software Center: through Save the file to your hard drive. to download the remaining file (either the 6.0 controller software or the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file).
Step 3 Copy the controller software file ( filename .aes) and the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file to the default directory on your TFTP or FTP server.
Step 4 Disable the controller 802.11a and 802.11b/g networks.
Step 5 Disable any WLANs on the controller.
Step 6 Choose Commands > Download File to open the Download File to Controller page.
Figure 11-1 Download File to Controller Page
Step 7 From the File Type drop-down list, choose Code .
Step 8 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 9 In the IP Address text box, enter the IP address of the TFTP or FTP server.
If you are using a TFTP server, the default values of 10 retries and 6 seconds for the Maximum Retries and Timeout text boxes should work correctly without any adjustment. However, you can change these values.
Step 10 Enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout text box.
Step 11 In the File Path text box, enter the directory path of the software.
Step 12 In the File Name text box, enter the name of the controller software file ( filename .aes).
Step 13 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 14 Click Download to download the software to the controller. A message appears indicating the status of the download.
Note You can schedule a reboot at a specified time. See “Setting a Reboot Time” section.
Step 15 To install the remaining file (either the 6.0 controller software or the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file).
Step 17 For Cisco WiSMs, reenable the controller port channel on the Catalyst switch.
Step 18 Reenable your 802.11a and 802.11b/g networks.
Step 19 (Optional) Reload your latest configuration file to the controller.
Step 20 Verify that the 6.0 controller software is installed on your controller by choosing Monitor on the controller GUI and looking at the Software Version text box under Controller Summary.
Step 21 Verify that the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file is installed on your controller by choosing Monitor to open the Summary page and looking at the text box Recovery Image Version or Emergency Image Version text box.
Note If a Cisco Unified Wireless Network Controller Boot Software ER.aes file is not installed, the text box Recovery Image Version or Emergency Image Version text box shows “N/A.”
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up the configuration files of the controller before you upgrade the controller software. See the “Uploading and Downloading Configuration Files” section for instructions.
Step 2 Obtain the 6.0 controller software and the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file from the Software Center on Cisco.com as follows:
a. Click this URL to go to the Software Center:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875243
c. Choose Wireless LAN Controllers .
d. Choose Standalone Controllers , Wireless Integrated Routers , or Wireless Integrated Switches .
e. Choose the name of a controller.
f. Choose Wireless LAN Controller Software .
g. Choose a controller software release.
h. Click the filename ( filename .aes).
j. Read Cisco’s End User Software License Agreement and then click Agree .
k. Save the file to your hard drive.
l. Repeat steps Click this URL to go to the Software Center: to Save the file to your hard drive. to download the remaining file (either the 6.0 controller software or the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file).
Step 3 Copy the controller software file ( filename .aes) and the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file to the default directory on your TFTP or FTP server.
Step 4 Disable the controller 802.11a and 802.11b/g networks.
Step 5 For Cisco WiSMs, shut down the controller port channel on the Catalyst switch to allow the controller to reboot before the access points start downloading the software.
Step 6 Disable any WLANs on the controller (using the config wlan disable wlan_id command).
Step 7 Log into the controller CLI.
Step 8 Enter the ping server-ip-address command to verify that the controller can contact the TFTP or FTP server.
Step 9 View current download settings by entering the transfer download start command. Answer n to the prompt to view the current download settings.
Information similar to the following appears:
Step 10 Change the download settings, if necessary by entering these commands:
Note Pathnames on a TFTP or FTP server are relative to the server’s default or root directory. For example, in the case of the Solaris TFTP server, the path is “/”.
If you are using a TFTP server, also enter these commands:
Note The default values of 10 retries and a 6-second timeout should work correctly without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software for the retries parameter and the amount of time (in seconds) that the TFTP server attempts to download the software for the timeout parameter.
If you are using an FTP server, also enter these commands:
Note The default value for the port parameter is 21.
Step 11 View the current updated settings by entering the transfer download start command. Answer y to the prompt to confirm the current download settings and start the software download.
Information similar to the following appears:
Step 12 Save the code update to nonvolatile NVRAM and reboot the controller by entering this command:
The controller completes the bootup process.
Note You can also schedule a reboot at a specified time. See the “Setting a Reboot Time” section.
Step 13 To install the remaining file (either the 6.0 controller software or the Cisco Un ified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file).
Step 14 Reenable the WLANs by entering this command:
Step 15 For Cisco WiSMs, re-enable the controller port channel on the Catalyst switch.
Step 16 Reenable your 802.11a and 802.11b/g networks.
Step 17 (Optional) Reload your latest configuration file to the controller.
Step 18 Verify that the 7.0 controller software is installed on your controller by entering the show sysinfo command and look at the Product Version text box.
Step 19 Verify that the Cisco Unified Wireless Network Controller Boot Software 5.2.157.0 ER.aes file is installed on your controller by entering the show sysinfo command on the controller CLI and looking at the text box Recovery Image Version or Emergency Image Version text box.
Note If a Cisco Unified Wireless Network Controller Boot Software ER.aes file is not installed, the text box Recovery Image Version or Emergency Image Version text box shows “N/A.”
This section contains the following topics:
To minimize a network outages, you can now download an upgrade image to the access point from the controller without resetting the access point or losing network connectivity. Previously, you would download an upgrade image to the controller and reset it, which causes the access point to go into discovery mode. After the access point discovers the controller with the new image, the access point downloads the new image, resets, goes into discovery mode, and rejoins the controller.
You can now download the upgrade image to the controller and then download the image to the access point while the network is still up. You can also schedule a reboot of the controller and access points, either after a specified amount of time or at a specific date and time. When both devices are up, the access point discovers and rejoins the controller.
Note These access point models do not support predownloading of images: 1120, 1230, and 1310.
The access point predownload feature works as below:
– The downloaded image becomes the backup image on the controller. Change the current boot image as the backup image using the config boot backup command. This ensures that if a system failure occurs, the controller boots with the last working image of the controller.
– User predownloads the upgraded image using the config ap image predownload primary all command. The upgrade image gets downloaded as the backup up image on the access points. This can be verified using the show ap image all command.
– User manually changes the boot image to primary using config boot primary command and reboot the controller for the upgrade image to get activated.
– User issues scheduled reboot with swap keyword. For more information see “Setting a Reboot Time”. Here the swap keyword has the following importance: The swapping happens to the primary and backup images on access point, and the currently active image on controller with the backup image.
– When the controller reboots, the access points get disassociated and eventually they come up with upgrade image. Once the controller responds to the discovery request sent by access points with its discovery response packet, the access point sends a join request.
– During boot time, the access point sends a join request.
– Controller responds with the join response along with the image version the controller is running.
– The access point compares its running image with the running image on the controller. If the versions match, the access point joins the controller.
– If the versions do not match, the access point compares the version of the backup image and if they match, the access point swaps the primary and backup images and reloads and subsequently joins the controller.
– If the primary image of the access point is the same as the controllers’, the access point reloads and joins the controller.
– If none of the above conditions are true, the access point sends an image data request to the controller, downloads the latest image, reloads and joins the controller.
If you reach the predownload limit, then the access points that cannot get an image sleep for a time between 180 to 600 seconds and then reattempt the predownload.
Step 1 Obtain the upgrade image and copy the image to the controller by performing Upload your controller configuration files to a server to back them up. through Click Download to download the software to the controller. A message appears indicating the status of the download. in the “Upgrading Controller Software (GUI)” section.
Step 2 To configure the predownloading of access point images globally, choose Wireless > Access Points > Global Configuration to open the Global Configuration page.
Step 3 In the AP Image Pre-download section, perform one of the following:
Step 4 Click OK to confirm the action.
Step 5 Click Apply to commit your changes.
Step 1 Obtain the upgrade image and copy the image to the controller by performing Upload your controller configuration files to a server to back them up. through Click Download to download the software to the controller. A message appears indicating the status of the download. in the “Upgrading Controller Software (GUI)” section.
Step 2 To configure the predownloading of access point images globally, choose Wireless > All APs > AP_Name to open the All AP Details page.
Step 3 Click the Advanced tab.
Step 4 Under the AP Image download section, perform one of the following:
Step 5 Click OK to confirm the action.
Step 6 Click Apply to commit your changes.
Using the CLI, you can predownload an image to a specific access point or to all access points. The process includes three steps:
1. Obtaining the upgrade image.
2. Specify access points that will receive the predownload image.
3. Set a reboot time for the controller and the access points.
To obtain the upgrade image and copy the image to the controller, follow Obtain the upgrade image and copy the image to the controller by performing Step 1 through Step 14 in the “Upgrading Controller Software (GUI)” section on page 11-5 . through View the current updated settings by entering the transfer download start command. Answer y to the prompt to confirm the current download settings and start the software download. in the “Upgrading Controller Software (CLI)1” section.
Use one of these commands to specify access points for predownload:
config ap image predownload { primary | backup } { ap_name | all }
The primary image is the new image; the backup image is the existing image. Access points always boot with the primary image.
config ap image swap { ap_name | all }
show ap image { all | ap-name }
Information similar to the following appears:
The output lists access points that are specified for predownloading and provides for each access point, primary and secondary image versions, the version of the predownload image, the predownload retry time (if necessary), and the number of predownload attempts. The output also includes the predownload status for each device. The status of the access points is as follows:
Use one of these commands to schedule a reboot of the controller and access points:
reset system in HH : MM : SS image { swap | no-swap } reset-aps [ save-config ]
Note The swap operand in the reset command will result in the swapping of the primary and backup images on both the controller and the access point.
The controller sends a reset message to all joined access points, and then the controller resets.
reset system at YYYY - MM - DD HH : MM : SS image { swap | no-swap } reset-aps [ save-config ]
The controller sends a reset message to all joined access points, and then the controller resets.
Note The swap operand in the reset command will result in the swapping of the primary and backup images on both the controller and the access point.
reset system notify-time minutes
The controller sends the announcement trap the configured number of minutes before the reset.
Note If you configure reset times and then use the config time command to change the system time on the controller, the controller notifies you that any scheduled reset times will be canceled and must be reconfigured after you set the system time.
Controllers have built-in utilities for uploading and downloading various files. Follow the instructions in these sections to import files using either the controller GUI or CLI:
In controller software release 6.0 or later releases, you can download a login banner file using either the GUI or the CLI. The login banner is the text that appears on the page before user authentication when you access the controller GUI or CLI using Telnet, SSH, or a console port connection.
You save the login banner information as a text (*.txt) file. The text file cannot be larger than 1296 characters and cannot have more than 16 lines of text.
Note The ASCII character set consists of printable and nonprintable characters. The login banner supports only printable characters.
Here is an example of a login banner:
Follow the instructions in this section to download a login banner to the controller through the GUI or CLI. However, before you begin, make sure that you have a TFTP or FTP server available for the file download. Follow these guidelines when setting up a TFTP or FTP server:
Note Clearing the controller configuration does not remove the login banner. See the “Clearing the Login Banner (GUI)” section for information about clearing the login banner using the controller GUI or CLI.
Note The controller can have only one login banner file. If you download another login banner file to the controller, the first login banner file is overwritten.
Step 1 Copy the login banner file to the default directory on your TFTP or FTP server.
Step 2 Choose Commands > Download File to open the Download File to Controller page.
Figure 11-2 Download File to Controller Page
Step 3 From the File Type drop-down list, choose Login Banner .
Step 4 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 5 In the IP Address text box, enter the IP address of the TFTP or FTP server.
If you are using a TFTP server, the default values of 10 retries and 6 seconds for the Maximum Retries and Timeout text boxes should work correctly without any adjustment. However, you can change these values.
Step 6 Enter the maximum number of times that the TFTP server attempts to download the certificate in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the certificate in the Timeout text box.
Step 7 In the File Path text box, enter the directory path of the login banner file.
Step 8 In the File Name text box, enter the name of the login banner text (*.txt) file.
Step 9 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 10 Click Download to download the login banner file to the controller. A message appears indicating the status of the download.
Step 1 Log into the controller CLI.
Step 2 Specify the transfer mode used to download the config file by entering this command:
transfer download mode {tftp | ftp}
Step 3 Download the controller login banner by entering this command:
transfer download datatype login-banner
Step 4 Specify the IP address of the TFTP or FTP server by entering this command:
transfer download serverip server-ip-address
Step 5 Specify the name of the config file to be downloaded by entering this command:
transfer download path server-path-to-file
Step 6 Specify the directory path of the config file by entering this command:
transfer download filename filename .txt
Step 7 If you are using a TFTP server, enter these commands:
Note The default values of 10 retries and a 6-second timeout should work correctly without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software for the retries parameter and the amount of time (in seconds) that the TFTP server attempts to download the software for the timeout parameter.
Step 8 If you are using an FTP server, enter these commands:
Note The default value for the port parameter is 21.
Step 9 View the download settings by entering the transfer download start command. Answer y when prompted to confirm the current settings and start the download process.
Information similar to the following appears:
Step 1 Choose Commands > Login Banner to open the Login Banner page.
Step 3 When prompted, click OK to clear the banner.
To clear the login banner from the controller using the controller CLI, enter the clear login-banner command.
Each wireless device (controller, access point, and client) has its own device certificate. For example, the controller is shipped with a Cisco-installed device certificate. This certificate is used by EAP-FAST (when not using PACs), EAP-TLS, PEAP-GTC, and PEAP-MSCHAPv2 to authenticate wireless clients during local EAP authentication. However, if you want to use your own vendor-specific device certificate, it must be downloaded to the controller.
Note See the “Configuring Local EAP” section for information on configuring local EAP.
Follow the instructions in this section to download a vendor-specific device certificate to the controller through the GUI or CLI. However, before you begin, make sure you have a TFTP or FTP server available for the certificate download.
Step 1 Copy the device certificate to the default directory on your TFTP or FTP server.
Step 2 Choose Commands > Download File to open the Download File to Controller page.
Figure 11-4 Download File to Controller Page
Step 3 From the File Type drop-down list, choose Vendor Device Certificate .
Step 4 In the Certificate Password text box, enter the password that was used to protect the certificate.
Step 5 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 6 In the IP Address text box, enter the IP address of the TFTP or FTP server.
If you are using a TFTP server, the default values of 10 retries and 6 seconds for the Maximum Retries and Timeout text boxes should work correctly without any adjustment. However, you can change these values.
Step 7 Enter the maximum number of times that the TFTP server attempts to download the certificate in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the certificate in the Timeout text box.
Step 8 In the File Path text box, enter the directory path of the certificate.
Step 9 In the File Name text box, enter the name of the certificate.
Step 10 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 11 Click Download to download the device certificate to the controller. A message appears indicating the status of the download.
Step 12 After the download is complete, choose Commands > Reboot > Reboot .
Step 13 If prompted to save your changes, click Save and Reboot .
Step 14 Click OK to confirm your decision to reboot the controller.
Step 1 Log on to the controller CLI.
Step 2 Specify the transfer mode used to download the config file by entering this command:
transfer download mode {tftp | ftp}
Step 3 Specify the type of the file to be downloaded by entering this command:
transfer download datatype eapdevcert
Step 4 Specify the certificate’s private key by entering this command:
transfer download certpassword password
Step 5 Specify the IP address of the TFTP or FTP server by entering this command:
transfer download serverip server-ip-address
Step 6 Specify the name of the config file to be downloaded by entering this command:
transfer download path server-path-to-file
Step 7 Specify the directory path of the config file by entering this command:
transfer download filename filename .pem
Step 8 If you are using a TFTP server, enter these commands:
Note The default values of 10 retries and a 6-second timeout should work correctly without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software for the retries parameter and the amount of time (in seconds) that the TFTP server attempts to download the software for the timeout parameter.
Step 9 If you are using an FTP server, enter these commands:
Note The default value for the port parameter is 21.
Step 10 View the updated settings by entering the transfer download start command. Answer y when prompted to confirm the current settings and start the download process.
Information similar to the following appears:
Step 11 Reboot the controller by entering this command:
Controllers and access points have a Certificate Authority (CA) certificate that is used to sign and validate device certificates. The controller is shipped with a Cisco-installed CA certificate. This certificate may be used by EAP-FAST (when not using PACs), EAP-TLS, PEAP-GTC, and PEAP-MSCHAPv2 to authenticate wireless clients during local EAP authentication. However, if you want to use your own vendor-specific CA certificate, it must be downloaded to the controller.
Note See the “Configuring Local EAP” section for information about configuring local EAP.
– If you are downloading through the service port, the TFTP or FTP server must be on the same subnet as the service port because the service port is not routable, or you must create static routes on the controller.
– If you are downloading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
– A third-party TFTP or FTP server cannot run on the same computer as WCS because the WCS built-in TFTP or FTP server and the third-party TFTP or FTP server require the same communication port.
Step 1 Copy the CA certificate to the default directory on your TFTP or FTP server.
Step 2 Choose Commands > Download File to open the Download File to Controller page.
Figure 11-5 Download File to Controller Page
Step 3 From the File Type drop-down list, choose Vendor CA Certificate .
Step 4 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 5 In the IP Address text box, enter the IP address of the TFTP or FTP server.
If you are using a TFTP server, the default values of 10 retries and 6 seconds for the Maximum Retries and Timeout text boxes should work correctly without any adjustment. However, you can change these values.
Step 6 Enter the maximum number of times that the TFTP server attempts to download the certificate in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the certificate in the Timeout text box.
Step 7 In the File Path text box, enter the directory path of the certificate.
Step 8 In the File Name text box, enter the name of the certificate.
Step 9 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 10 Click Download to download the CA certificate to the controller. A message appears indicating the status of the download.
Step 11 After the download is complete, choose Commands > Reboot > Reboot .
Step 12 If prompted to save your changes, click Save and Reboot .
Step 13 Click OK to confirm your decision to reboot the controller.
Step 1 Log on to the controller CLI.
Step 2 Specify the transfer mode used to download the config file by entering this command:
transfer download mode {tftp | ftp}
Step 3 Specify the type of the file to be downloaded by entering this command:
transfer download datatype eapdevcert
Step 4 Specify the IP address of the TFTP or FTP server by entering this command:
transfer download serverip server-ip-address
Step 5 Specify the directory path of the config file by entering this command:
transfer download path server-path-to-file
Step 6 Specify the name of the config file to be downloaded by entering this command:
transfer download filename filename .pem
Step 7 If you are using a TFTP server, enter these commands:
Note The default values of 10 retries and a 6-second timeout should work correctly without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software for the retries parameter and the amount of time (in seconds) that the TFTP server attempts to download the software for the timeout parameter.
Step 8 If you are using an FTP server, enter these commands:
Note The default value for the port parameter is 21.
Step 9 View the updated settings by entering the transfer download start command. Answer y when prompted to confirm the current settings and start the download process.
Information similar to the following appears:
Step 10 Reboot the controller by entering the reset system command.
Protected access credentials (PACs) are credentials that are either automatically or manually provisioned and used to perform mutual authentication with a local EAP authentication server during EAP-FAST authentication. When manual PAC provisioning is enabled, the PAC file is manually generated on the controller.
Note See the “Configuring Local EAP” section for information on configuring local EAP.
– If you are uploading through the service port, the TFTP or FTP server must be on the same subnet as the service port because the service port is not routable, or you must create static routes on the controller.
– If you are uploading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
– A third-party TFTP or FTP server cannot run on the same computer as WCS because the WCS built-in TFTP or FTP server and the third-party TFTP or FTP server require the same communication port.
Step 1 Choose Commands > Upload File to open the Upload File from Controller page.
Figure 11-6 Upload File from Controller Page
Step 2 From the File Type drop-down list, choose PAC (Protected Access Credential) .
Step 3 In the User text box, enter the name of the user who will use the PAC.
Step 4 In the Validity text box, enter the number of days for the PAC to remain valid. The default setting is zero (0).
Step 5 In the Password and Confirm Password text boxes, enter a password to protect the PAC.
Step 6 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 7 In the IP Address text box, enter the IP address of the TFTP or FTP server.
Step 8 In the File Path text box, enter the directory path of the PAC.
Step 9 In the File Name text box, enter the name of the PAC file. PAC files have a .pac extension.
Step 10 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the upload occurs. The default value is 21.
Step 11 Click Upload to upload the PAC from the controller. A message appears indicating the status of the upload.
Step 12 Follow the instructions for your wireless client to load the PAC on your client devices. Make sure to use the password that you entered above.
Step 1 Log on to the controller CLI.
Step 2 Specify the transfer mode used to upload the config file by entering this command:
transfer upload mode {tftp | ftp}
Step 3 Upload a Protected Access Credential (PAC) by entering this command:
Step 4 Specify the identification of the user by entering this command:
transfer upload pac username validity password
Step 5 Specify the IP address of the TFTP or FTP server by entering this command:
transfer upload serverip server-ip-address
Step 6 Specify the directory path of the config file by entering this command:
transfer upload path server-path-to-file
Step 7 Specify the name of the config file to be uploaded by entering this command:
transfer upload filename manual. pac.
Step 8 If you are using an FTP server, enter these commands:
Note The default value for the port parameter is 21.
Step 9 View the updated settings by entering the transfer upload start command. Answer y when prompted to confirm the current settings and start the upload process.
Information similar to the following appears:
Step 10 Follow the instructions for your wireless client to load the PAC on your client devices. Make sure to use the password that you entered above.
We recommend that you upload your controller’s configuration file to a server to back it up. If you lose your configuration, you can then download the saved configuration to the controller.
In controller software release 4.2 or later releases, the controller’s bootup configuration file is stored in an Extensible Markup Language (XML) format rather than in a binary format. Therefore, you cannot download a binary configuration file onto a controller running software release 4.2 or later releases. However, when you upgrade a controller from a previous software release to 4.2 or later releases, the configuration file is migrated and converted to XML.
Step 1 Choose Commands > Upload File to open the Upload File from Controller page.
Figure 11-7 Upload File from Controller Page
Step 2 From the File Type drop-down list, choose Configuration .
Step 3 Encrypt the configuration file by selecting the Configuration File Encryption check box and entering the encryption key in the Encryption Key text box.
Step 4 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 5 In the IP Address text box, enter the IP address of the TFTP or FTP server.
Step 6 In the File Path text box, enter the directory path of the configuration file.
Step 7 In the File Name text box, enter the name of the configuration file.
Step 8 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the upload occurs. The default value is 21.
Step 9 Click Upload to upload the configuration file to the TFTP or FTP server. A message appears indicating the status of the upload. If the upload fails, repeat this procedure and try again.
Step 1 Specify the transfer mode used to upload the configuration file by entering this command:
transfer upload mode {tftp | ftp}
Step 2 Specify the type of file to be uploaded by entering this command:
transfer upload datatype config
Step 3 Encrypt the configuration file by entering these commands:
Step 4 Specify the IP address of the TFTP or FTP server by entering this command:
transfer upload serverip server-ip-address
Step 5 Specify the directory path of the configuration file by entering this command:
transfer upload path server-path-to-file
Step 6 Specify the name of the configuration file to be uploaded by entering this command:
transfer upload filename filename
Step 7 If you are using an FTP server, enter these commands to specify the username and password used to log into the FTP server and the port number through which the upload occurs:
Note The default value for the port parameter is 21.
Step 8 Initiate the upload process by entering this command:
Step 9 When prompted to confirm the current settings, answer y .
Information similar to the following appears:
If the upload fails, repeat this procedure and try again.
Step 1 Choose Commands > Download File to open the Download File to Controller page.
Figure 11-8 Download File to Controller Page
Step 2 From the File Type drop-down list, choose Configuration .
Step 3 If the configuration file is encrypted, select the Configuration File Encryption check box and enter the encryption key used to decrypt the file in the Encryption Key text box.
Note The key that you enter here should match the one entered during the upload process.
Step 4 From the Transfer Mode drop-down list, choose TFTP or FTP .
Step 5 In the IP Address text box, enter the IP address of the TFTP or FTP server.
If you are using a TFTP server, the default values of 10 retries and 6 seconds for the Maximum Retries and Timeout text boxes should work correctly without any adjustment. However, you can change these values.
Step 6 Enter the maximum number of times that the TFTP server attempts to download the configuration file in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the configuration file in the Timeout text box.
Step 7 In the File Path text box, enter the directory path of the configuration file.
Step 8 In the File Name text box, enter the name of the configuration file.
Step 9 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log into the FTP server.
b. In the Server Login Password text box, enter the password to log into the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 10 Click Download to download the file to the controller. A message appears indicating the status of the download, and the controller reboots automatically. If the download fails, repeat this procedure and try again.
Note The controller does not support incremental configuration downloads. The configuration file contains all mandatory commands (all interface address commands, mgmtuser with read-write permission commands, and interface port or LAG enable or disable commands) required to successfully complete the download. For example, if you download only the config time ntp server index server_address command as part of the configuration file, the download fails. Only the commands present in the configuration file are applied to the controller, and any configuration in the controller prior to the download is removed.
Step 1 Specify the transfer mode used to download the configuration file by entering this command:
transfer download mode {tftp | ftp}
Step 2 Specify the type of file to be downloaded by entering this command:
transfer download datatype config
Step 3 If the configuration file is encrypted, enter these commands:
Note The key that you enter here should match the one entered during the upload process.
Step 4 Specify the IP address of the TFTP or FTP server by entering this command:
transfer download serverip server-ip-address
Step 5 Specify the directory path of the configuration file by entering this command:
transfer download path server-path-to-file
Step 6 Specify the name of the configuration file to be downloaded by entering this command:
transfer download filename filename
Step 7 If you are using a TFTP server, enter these commands:
Note The default values of 10 retries and a 6-second timeout should work correctly without any adjustment. However, you can change these values. To do so, enter the maximum number of times that the TFTP server attempts to download the software for the retries parameter and the amount of time (in seconds) that the TFTP server attempts to download the software for the timeout parameter.
Step 8 If you are using an FTP server, enter these commands to specify the username and password used to log into the FTP server and the port number through which the download occurs:
Note The default value for the port parameter is 21.
Step 9 View the updated settings by entering this command:
Step 10 When prompted to confirm the current settings and start the download process, answer y .
Information similar to the following appears:
If the download fails, repeat this procedure and try again.
Controllers contain two kinds of memory: volatile RAM and NVRAM. At any time, you can save the configuration changes from active volatile RAM to nonvolatile RAM (NVRAM) using one of these commands:
When you save the controller’s configuration, the controller stores it in XML format in flash memory. Controller software release 5.2 or later releases enable you to easily read and modify the configuration file by converting it to CLI format. When you upload the configuration file to a TFTP or FTP server, the controller initiates the conversion from XML to CLI. You can then read or edit the configuration file in a CLI format on the server. When you are finished, you download the file back to the controller, where it is reconverted to an XML format and saved.
Step 1 Upload the configuration file to a TFTP or FTP server by performing one of the following:
Step 2 Read or edit the configuration file on the server. You can modify or delete existing CLI commands and add new CLI commands to the file.
Note To edit the configuration file, you can use either Notepad or WordPad on Windows or the VI editor on Linux.
Step 3 Save your changes to the configuration file on the server.
Step 4 Download the configuration file to the controller by performing one of the following:
The controller converts the configuration file to an XML format, saves it to flash memory, and then reboots using the new configuration. CLI commands with known keywords and proper syntax are converted to XML while improper CLI commands are ignored and saved to flash memory. Any CLI commands that have invalid values are replaced with default values. To see any ignored commands or invalid configuration values, enter this command:
Note You cannot execute this command after the clear config or save config command.
Step 5 If the downloaded configuration contains a large number of invalid CLI commands, you might want to upload the invalid configuration to the TFTP or FTP server for analysis. To do so, perform one of the following:
Step 6 The controller does not support the uploading and downloading of port configuration CLI commands. If you want to configure the controller ports, enter these commands:
Step 7 Enter the save config command to save your changes.
Step 1 Clear the configuration by entering this command:
Enter y at the confirmation prompt to confirm the action.
Step 2 Reboot the system by entering this command:
Enter n to reboot without saving configuration changes. When the controller reboots, the configuration wizard starts automatically.
Step 3 Follow the instructions in the “Configuring the Controller Using the GUI Configuration Wizard” to complete the initial configuration.
Step 1 Reset the configuration by entering this command:
At the confirmation prompt, enter y to save configuration changes to NVRAM. The controller reboots.
Step 2 When you are prompted for a username, restore the factory-default settings by entering this command:
The controller reboots and the configuration wizard starts automatically.
Step 3 Follow the instructions in the “Configuring the Controller Using the GUI Configuration Wizard” to complete the initial configuration.
You can reset the controller and view the reboot process on the CLI console using one of the following two methods:
When the controller reboots, the CLI console displays the following reboot information: