Table Of Contents
Converting Access Points to IOS
Understanding the Conversion Process
Performing the Conversions
Task 1. Satisfy the Prerequisites
Prerequisites
Adjusting the Timing Parameters
Task 2. Configure Access Points To Be Converted
Task 3. Configure the WLSE for IOS Conversions
Task 4. Create a Conversion Template on the WLSE
Task 5. Create and Run the Conversion Job
Creating and Running a Conversion Job
Checking the Progress of a Running Conversion Job
Managing Converted Devices
Task 6. Check the Results
Converting Access Points to IOS
You can use the firmware upgrade options provided by WLSE to convert multiple non-IOS access points to IOS at the same time.
This chapter contains the following topics:
•
Understanding the Conversion Process
•Performing the Conversions
Understanding the Conversion Process
There are two methods for converting non-IOS access points to IOS:
•You can use the WLSE Web interface (the Firmware tab) and create conversion jobs that you can schedule at a desired time. This method is recommended if you have a WLSE. This document describes this method of conversion.
•If you do not have a WLSE, you can download and install the Cisco Aironet Conversion Tool (CAC Tool) from Cisco.com and manually convert access points. For information on this tool, see the CAC documentation on Cisco.com.
Caution Do not use regular upgrade images. Conversion from non-IOS (VxWorks) to IOS firmware requires a special upgrade image and only certain versions of VxWorks can be converted to IOS. The available upgrade images are listed in
Table 1-1.
The WLSE automatically converts most of the non-IOS configuration data to IOS-style configuration. However, certain key data are not automatically converted and must be specified as part of the upgrade job. Therefore, when you use the WLSE to convert to IOS, you first define a non-IOS configuration template that includes certain parameters. This template is assigned to the devices during the upgrade process.
Performing the Conversions
Caution After you convert a non-IOS access point to IOS, you
cannot reverse the process. The access point cannot be converted back to non-IOS firmware.
Caution Run a conversion job with one access point
before running a job on multiple devices. If you are converting more than one type of access point, run a test job on each type of device. If possible, do not run the tests on your production network.
Figure 1-1 illustrates the major tasks in the conversion process.
Figure 1-1 Conversion Process Overview
The following sections describe these tasks in greater detail:
•Task 1. Satisfy the Prerequisites
•Task 2. Configure Access Points To Be Converted
•Task 3. Configure the WLSE for IOS Conversions
•Task 4. Create a Conversion Template on the WLSE
•Task 5. Create and Run the Conversion Job
•Task 6. Check the Results
Task 1. Satisfy the Prerequisites
This section contains the following information:
•Prerequisites
•Adjusting the Timing Parameters
Prerequisites
Before creating a conversion job, you must satisfy the following prerequisites:
•Be sure the access points to be converted are running one of the supported versions of non-IOS (VxWorks firmware)—see Table 1-1. If the access points are not running a supported version, you must upgrade the VxWorks firmware before you can convert them.
For versions earlier than 12.01T1, you must upgrade to a supported version before you can run the conversion.
Table 1-1 Supported Images and Versions
|
|
|
Image Name
|
|
Version Field Alternate Entry
|
AP1200
AP1220
|
12.01T1 12.02T1 12.03T 12.04
|
AP1200-Cisco-IOS-Upgrade-Image-v3.img
|
12.2(11)JA3
|
12.2
|
AP350
|
12.01T1 12.02T1 12.03T 12.04
|
AP350-Cisco-IOS-Upgrade-Image-v2.img
|
12.2(13)JA1
|
12.2
|
•Repeater conversion is not supported. To convert a repeater, try one of these options:
–Use the CAC tool (see Understanding the Conversion Process).
–Physically move the repeater to a site where Ethernet is available, put it into root mode, convert it, then set it into repeater mode and reinstall it in its original location.
•You must have access to the WLSE Firmware and Configure tabs and all of their subtabs. Only WLSE users with full permissions can convert access points. These permissions are determined by your user role.
For information about user roles, see the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.11 or the online help for the Admin > User Admin subtab.
•If you are converting non-IOS APs that are located across slow WAN links from WLSE (for example, WAN link at 128Kbps or 64Kbps), try resetting the timeout and retry parameters to larger values (see Adjusting the Timing Parameters) before converting these APs. Because the default settings that are applicable to conversion process are tuned to work well with APs on a LAN network, these settings might need to be modified to work for converting APs located across WAN links.
•If you plan to install new hardware (such as an 11g radio), convert the firmware before installing the hardware. The conversion tool does not support 802.11g radios.
•If an AP is configured for BOOTP, change it to DHCP before the conversion.
•If you use DHCP to assign IP addresses to access points, set the DHCP lease period or use the DHCP reservation feature as follows:
–After an image is uploaded to an access point, the access point is rebooted. If you are using DHCP to assign IP addresses to the access points to be converted, make sure that the IP addresses will not expire during the time required to run the firmware job and reboot the access points.
–You can set the DHCP lease period accordingly or use the DHCP reservation feature. The WLSE firmware module provides IP and MAC addresses for the reservation feature.
•To avoid power cycling, make sure the switch and AP's power and duplex settings are the same.
•Review the limitations of the conversion process (see Limitations of the Conversion Process).
VLAN Conversions
•When a non-IOS AP that is being converted has defined VLANs but the native VLAN is not defined on this AP, the WLSE will not proceed with the conversion process. The conversion job for such AP will fail with the appropriate error message in the run log for that job.
•WLSE will convert all the VLANs defined on a non-IOS AP, but only if they are mapped to an SSID. However, if the VLAN is a native VLAN, it is always converted.
•Before the conversion, make sure the SSID mapped to the native VLAN is defined as an infrastructure SSID.
Note If a non-native VLAN SSID is defined as the infrastructure SSID, the infrastructure SSID command will not be created.
•WLSE always converts VLANs that are mapped to the SSID in a non-IOS AP—regardless of whether the VLANs are enabled or disabled. If the VLANs are disabled, the corresponding VLAN's interface will be closed except for the native VLAN.
Note Be sure that the configuration of the switch port and the AP VLAN configuration—including the native VLAN—match. Proceeding with conversion when the AP and Switch port VLAN configurations do not match may lead to loss of connectivity to the AP after conversion.
Note VLAN tagging is effective only when VLANs created in the non-IOS AP are enabled at the global level. WLSE creates VLANs in the IOS after a conversion—even if local VLAN tagging is disabled in the non-IOS AP before the conversion. Even when global VLAN Tagging is disabled, an AP might contain inactive VLANs. Because WLSE creates VLANs for these inactive VLANs in the conversion process, the loss of connectivity can occur.
Adjusting the Timing Parameters
On the WLSE, you can set timing parameters that apply to all firmware jobs or you can set the timing parameters for conversion jobs only. These conversion-only parameters set the following:
•Per device job operation timeout—Sets the timeout for uploading a conversion image.
•Conversion SNMP Retries—Sets the timeout for installing the conversion image.
Procedure
Step 1 Select Firmware > Advanced Parameters.
Step 2 Set the Per device job operation timeout parameter as follows:
This value multiplied by 2 is the timeout for uploading a conversion image. The default value is 1200 seconds or 20 minutes (600 seconds multiplied by 2).
For example, if the upload of the upgrade image takes 50 minutes, increasing the value to 1500 seconds would set the timeout to 50 minutes (1500 seconds multiplied by 2 = 3000 seconds = 50 minutes).
Step 3 Set the Conversion SNMP Retries parameter. This parameter is used in the conversion tool for the IOS installation timeout. It is not the regular SNMP retries parameter.
Note Although installation of the image is not normally affected by a slow link, you can reset the value of this parameter to extend the timeout if the AP is slow in installing the IOS image.
This value multiplied by 2 is the timeout for installing the conversion image after it is uploaded. The default value is 50 minutes (25 minutes multiplied by 2).
For example, if the IOS installation takes 60 minutes, increase the timeout value to 30.
Task 2. Configure Access Points To Be Converted
Before You Begin
•Make sure each access point to be converted is running a supported version of non-IOS (VxWorks) firmware (see Table 1-1). If the APs are not running a supported version, you will have to upgrade VxWorks before you can use the WLSE to convert them.
•Be sure that the access points to be converted are under WLSE management (have been discovered, inventoried, and managed).
For information about managing devices, see the WLSE online help or the "Managing Devices" chapter in the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.11. You can view this guide on Cisco.com at cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_9/index.htm.
Procedure
Step 1 Log into each access point. The Summary Status screen appears.
Step 2 Select Setup > Security > User Information. The User Information screen appears.
Step 3 If the current user does not have all permissions enabled, create a user on the AP with the same name as the community string value and set the permissions for that user:
a. Select Add New User. The User Management dialog appears.
b. Enter the user name and password, then confirm the password.
c. Enable these capability settings:
–Write
–SNMP
–Ident
–Firmware
–Admin
Note These permissions will be assigned to the access point community strings. The AP community strings are used by the WLSE to manage the APs after conversion.
Note If the SNMP, Ident, and Firmware boxes are checked, the value entered for the user name will be used as the SNMP read/write community string.
d. Click Apply.
Step 4 Enable SNMP on the access point:
a. From the Summary Status screen, select Setup > SNMP. The SNMP Setup screen appears.
b. Select Enabled.
c. Click Apply.
Step 5 Go to Task 3. Configure the WLSE for IOS Conversions.
Task 3. Configure the WLSE for IOS Conversions
Configuring the WLSE for performing AP conversion involves importing the upgrade/conversion image and configuring the WLSE device credentials section with the SNMP community strings that were configured on the AP in Task 2.
Procedure
Step 1 Log into the WLSE's web interface.
Step 2 Select Devices > Discover > Device Credentials > SNMP Communities.
•Make sure all community strings for all access points to be converted (created in Task 2) are entered into the SNMP Communities table.
•Make sure you specify at least 2 SNMP retries.
Step 3 Locate the special conversion/upgrade image on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/sw-wireless.shtml
For information about the images to use for conversion, see Table 1-1.
Step 4 Download the upgrade or conversion image on to the local hard drive of your workstation.
Step 5 To import the image to the WLSE, select Firmware > Images > Import > From Desktop.
Step 6 If you are importing the upgrade image to convert a 1200 AP, import the image with device type as AP1200. If the upgrade image is for converting AP350 type, import this image with device type as AP350. Do not select AP350-IOS.
Step 7 Make sure the Version field contains the correct IOS version identifier. See Table 1-1.
Caution The Version field must be set correctly. If it is not, the image will be incompatible with the access points that you are converting.
Step 8 Go to Task 4. Create a Conversion Template on the WLSE.
Task 4. Create a Conversion Template on the WLSE
Whenever a conversion job is created, a non-IOS template that includes the security parameters must be provided. This section describes how to create this template and provides details about the required parameters.
Caution Failure to provide a non-IOS template that includes the minimum security parameters will result in loss of access to the AP via console, Telnet, or browser after the conversion. Failure to provide the optional parameters may result in incomplete IOS configurations.
All other parameters on the access points will retain their values after conversion. If you set parameters in the conversion template in addition to those described in the following procedure, the extra parameters will be ignored.
Before You Begin
Follow these guidelines when you create the conversion template:
•You must set the required and optional security parameters in a non-IOS template in case the parameters on the access points are write-only. During the firmware conversion job, write-only parameters cannot be extracted from the access points. Therefore, such parameters must be entered a second time by applying a template so the access point is configured correctly after the conversion. Failure to set security parameters has other effects (see Conversion Troubleshooting).
•When you run a conversion job, WLSE retrieves the non-IOS configuration file from the non-IOS AP and converts this file to equivalent IOS commands. However, because of the non-IOS AP behavior, the converted configuration file will not include any security-related parameters. For example, WLSE does not convert the username and password information to the equivalent IOS command. For this IOS command to be generated, you must define these security parameters in a non-IOS template, then use this template in the conversion job. For a complete list of the required security parameters, see Table 1-2.
•If User Manager is enabled on the AP, be sure to enter the following security information in the conversion template: User Identifier, User Name, User Password, Confirm User Password and Capabilities. If these parameters are not defined, you might not be able to log in to the upgraded AP through Telnet, the console port, or the browser.
Procedure
Step 1 Select Configure > Templates.
Step 2 Select non-IOS.
Step 3 Enter a unique name.
For details about acceptable job names, see the "Naming Guidelines" topic in the online help or the "Naming Guidelines" appendix in the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.11 on Cisco.com at www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_11.index.htm.
Step 4 Click Create New.
Step 5 From the left pane, select Security > Local Admin Access > Add User.
Step 6 Set the security parameters listed in Table 1-2:
Note You must set these parameters in the template. Otherwise, the conversion will fail and you will have to log in to each access point and configure it manually.
Table 1-2 Required Security Parameters
Parameter
|
Description
|
User Identifier
|
Enter any integer except 0.
|
User Name
|
This username will become the Telnet user name and the read/write SNMP community string on the converted access points. These credentials are necessary for the WLSE to communicate with access points.
Note This user name and password must match the user name and password that was entered when you created the new user on the access point (see Task 2. Configure Access Points To Be Converted).
|
User Password
|
This password will be the Telnet user password on the converted access points
|
Confirm User Password
|
Enter the password a second time.
|
Capabilities
|
All capabilities should be selected.
Note You must add at least one username and password combination with Admin+Firmware+SNMP+Identity+Write capabilities.
|
Step 7 Click the double-arrow button (>>) to add each user to the Users to Add list.
Step 8 From the left pane, select Template Categories.
Step 9 Set the optional security parameters from the list in Table 1-3. The parameters you set depend on the level of security that you require on your access points.
Note Any parameters in Table 1-3 that are not set in the template will produce informational messages during Task 4. Create a Conversion Template on the WLSE. These messages will not prevent the firmware job from running successfully.
Table 1-3 Optional Security Parameters
Template Category and Subcategory
|
Setting
|
Choose one:
|
| |
Association > VLANs
|
Select this option when VLANs already exist on the APs and you want to preserve the encryption key values.
•Enter a value for VLAN ID.
•Enter values for WEP Key 1 through WEP Key 4.
•Select the size of each WEP key.
|
11a Radio > Data Encryption
|
Select this option when the access point is using 11a radios and has no predefined VLANs.
•Enter values for Encryption Key 1 through Encryption Key 4.
•For each key, select Transmit Key.
•Select the Key Size for each encryption key.
|
Security > Local AP/Client Security
|
Select this option when the access point is using 11b radios and has no predefined VLANs.
•Enter values for Encryption Key 1 through Encryption Key 4.
•For each key, select Transmit Key.
•Select a Key Size for each encryption key.
|
Security > Authentication Server
|
•Enter the IP address (do not enter the server name).
•Select the Server Type.
•Enter values for Port, Shared Secret, Retran Int (sec), Max Retran.
•Specify EAP Auth, MAC Auth, User Auth, and MIP Auth.
Note You must enter all of these parameters in the template for each server you want to retain after the conversion. Failure to provide the complete set will result in missing AAA-related commands in the IOS configuration.
|
Services > Accounting
|
•Select enable from the Enable Accounting dropdown list.
•Enter the IP address (do not enter the server name).
•Select Server Type.
•Enter values for Port, Shared Secret, Retran (sec), Max Retran, Enable Update.
•Select EAP Authentication, Non-EAP Authentication, or both.
Note You must enter all of these parameters in the template for each server you want to retain after the conversion. Failure to provide the complete set will result in missing AAA-related commands in the IOS configuration.
|
Step 10 From the left pane, select Preview to see your changes before you apply them.
Step 11 From the left pane, select Save to save the template.
A confirmation dialog appears asking if you want to apply this configuration template to one or more devices. Do not apply the template now. This template will be used in the next step.
Step 12 Select No to save the template without proceeding to the job definition screen.
Step 13 Go to Task 5. Create and Run the Conversion Job.
Task 5. Create and Run the Conversion Job
This section explains how to:
•Create, save, and run a conversion job—See Creating and Running a Conversion Job
•Monitor a running conversion job—See Checking the Progress of a Running Conversion Job
•Manage the converted devices—See Managing Converted Devices
Creating and Running a Conversion Job
Before You Begin
Caution Run a conversion job with one access point
before running a job on multiple devices. If you are converting more than one type of access point, run a test job on each type of device. If possible, do not run the tests on your production network.
Caution Limit each job to 10 access points, and run only one job at a time. Problems encountered while converting large numbers of access points can cause disruptions in the network.
Procedure
Step 1 Log on to the WLSE and select Firmware > Jobs.
For information about using the firmware upgrade options, see the WLSE online help or the "Upgrading Firmware" chapter in the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.11. You can view this guide on Cisco.com at cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_11/index.htm.
Step 2 Click Create Job.
Step 3 Enter the following:
•A name for the job and an optional description.
Job names must be unique. Do not use the same job name for firmware jobs and other jobs (such as configuration and radio management jobs).
•Select SNMP.
Note Although the job conversion screens in the WLSE Firmware tab list both SNMP and HTTP as protocols to use for conversion, only SNMP is allowed for conversions. The job will fail if you select HTTP.
Step 4 From the left pane, click Select Image. Expand the device folder and select the special conversion image.
Step 5 From the left pane, click Select Devices.
a. Expand the folder that contains the access points to be converted.
b. From the Available Devices list, select a group or individual devices and click Add.
Note Normally, you should include no more than 10 access points in a job.
Step 6 From the left pane, click Schedule Job.
•To run the job immediately after you finish creating the job, select Run Now.
•To schedule the job for later, select the date and time.
Step 7 From the left pane, click Options. To specify job options:
a. (Optional) In the Email settings section, you can specify email notification upon completion of the job.
Note Do not use the Remote Server option. It is not applicable for non-IOS to IOS conversions.
b. The IOS Security Parameters section appears only if you selected a valid conversion image in Step 3. If it does not appear, return to Select Image and select the correct image.
c. In the IOS Security Parameters section:
–Enter the enable password. This password will become the AP enable password after the APs are converted to IOS. All converted access points will have the same enable password.
Note Please remember this password. If this password is forgotten, there is no way to recover it after the conversion job has completed and it has been assigned to the AP. To recover this password, you must use the password recovery procedure on the IOS AP.
–Select the non-IOS conversion template from the Select Config Template list. This is the same template that was created in Task 4. Create a Conversion Template on the WLSE.
Step 8 From the left pane, click Save to validate the job settings, view a job summary, and run the job immediately or add it to the list of scheduled jobs.
The Save window shows information about the job. For details about the messages in this window, see the Firmware online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.11.
Note If there are warning or error messages in the Save window, the job will either fail or it will only succeed on the devices that have no warnings or errors. You can edit your job choices to eliminate the problems, then click Save in the left pane.
Step 9 When the job is ready to run, click Save in the Save window. The Job Summary page displays basic information about the job, and the job will run immediately or will be added to the job list if it is scheduled for a later time.
Step 10 Monitor the progress of the job (see Checking the Progress of a Running Conversion Job).
Checking the Progress of a Running Conversion Job
Procedure
Step 1 Use the device console to monitor the progress of the job.
Step 2 When the job is done, select Firmware > Jobs.
Step 3 Select the job name and click Job Run Detail.
•If the job status is "not verified:"
–First, check the access points to find out if they have been converted. For detailed information about the conversion status of each device, click Job Run Log.
–If they have not been converted, rerun the job.
–If they have been converted, do not run the job again on the converted access points.
Note A job status of "not verified" does not always mean the job failed. The WLSE has internal timeout parameters for firmware upgrades. If the WLSE is unable to communicate successfully with the access point within the period specified by the timeout, it will declare the upgrade job unverified. The WLSE may have timed out before confirming that the job succeeded. To change the timing parameters, see Adjusting the Timing Parameters.
•If the job status is "failed," you can increase the value of the Conversion SNMP retries timeout parameter and rerun the job. To change this parameter, see Adjusting the Timing Parameters.
For additional troubleshooting help, see FAQs and Troubleshooting.
Step 4 After the conversion job has completed successfully, you must set the devices in the managed state (see Managing Converted Devices).
Managing Converted Devices
The converted access points must be in the managed state (that is, discovered, inventoried, and managed) before you can use the WLSE to monitor or configure them or use any of the other WLSE network management or radio management features.
Procedure
Step 1 After the conversion job has completed successfully, all access points in the job will come up as IOS. WLSE automatically detects these converted APs as IOS AP types and moves them into the appropriate System groups.
Step 2 Select Devices > Discover > Inventory > Run Inventory.
Step 3 Select the newly converted devices and click Run Inventory.
After the inventory process completes, the access points will be in the managed state on the WLSE. All supported WLSE IOS AP functionality can be used against these APs.
Step 4 Go to Task 6. Check the Results.
Task 6. Check the Results
After the conversion:
•You must run an inventory before you can use any of the WLSE IOS AP features.
•The access points will be running a version of IOS. The available upgrade images and the IOS versions after conversion are listed in Table 1-1.
•The sysOID changes.
•The device type and group membership changes. Table 1-4 summarizes the group membership and device type changes:
Table 1-4 Device Type and Group Membership Change Summary
Before Conversion
|
After Conversion
|
Device Type
|
Group
|
|
Group
|
Cisco Aironet AP350
|
AP350
|
Cisco Aironet AP350
|
AP350-IOS
|
Cisco Aironet AP1200
|
AP1200
|
Cisco Aironet AP1210
|
AP12102
|
Cisco Aironet AP1220
|
AP1200
|
Cisco Aironet AP1230
|
AP1210
|
