Predownloading an Image to an Access Point

Information About Predownloading an Image to an Access Point

To minimize network outages, download an upgrade image to an access point from the device without resetting the access point or losing network connectivity. Previously, you could download an upgrade image to the device and reset it, causing the access point to go into discovery mode. After the access point discovered the controller with the new image, the access point would download the new image, reset it, go into discovery mode, and rejoin the device.

You can now download the upgrade image to the controller. When the controller is up with the upgrade image, the AP joins the controller and moves to Registered state, because the AP image has been predownloaded to the AP.

Restrictions for Predownloading an Image to an Access Point

The following are the restrictions for predownloading an image to an access point:

  • The maximum number of concurrent predownloads are limited to 100 per wncd instance (25 for 9800-L) in the controller. However, the predownloads are triggered in sets of 16 per wncd instance at the start, and is repeated every 60 seconds.

  • Access points with 16-MB total available memory may not have enough free memory to download an upgrade image and may automatically delete crash information files, radio files, and backup images, if any, to free up space. However, this limitation does not affect the predownload process because the predownload image replaces backup image, if any, on the access point.

  • All of the primary, secondary, and tertiary controllers should run the same images. Otherwise, the feature will not be effective.

  • At the time of reset, you must make sure that all of the access points have downloaded the image.

  • An access point can store only 2 software images.

  • The Cisco Wave 1 APs may download the image twice while moving from Cisco AireOS Release 8.3 to Cisco IOS XE Gibraltar 16.10.1. This increases the AP downtime during migration.

  • The show ap image command displays cumulative statistics regarding the AP images in the controller. We recommend that you clear the statistics using the clear ap predownload statistics command, before using the show ap image command, to ensure that correct data is displayed.

  • AP image predownload will not work if you upgrade the controller from the web UI

  • Cisco Catalyst 9800-CL Wireless Controller supports only self-signed certificates and does not support Cisco certificates. When you move the access points between Cisco Catalyst 9800-CL Wireless Controllers, and if the AP join failure occurs on the Cisco Catalyst 9800-CL controller, execute the capwap ap erase all command to remove the hash string stored on the APs.

  • During AP image pre-download, the WNCD CPU may rise to 99 percent, which is normal and doesn't cause a crash or client or AP disconnect problems.

Predownloading an Image to Access Points (CLI)

Before you begin

There are some prerequisites that you must keep in mind while predownloading an image to an access point:

  • Predownloading can be done only when the device is booted in the install mode.

  • You can copy the new image either from the TFTP server, flash image, or USB.

  • If the latest upgrade image is already present in the AP, predownload will not be triggered. Check whether the primary and backup image versions are the same as the upgrade image, using the show ap image command.

  • The show ap image command displays cumulative statistics regarding the AP images in the controller. We recommend that you clear the statistics using the clear ap predownload statistics command, before using the show ap image command, to ensure that correct data is displayed.

  • AP continues to be in predownloading state, if AP flaps post SSO during AP predownload. We recommended that you issue the ap image predownload abort command and then the clear ap predownload stats command only then the predownload can be intiated again.

Procedure

  Command or Action Purpose

Step 1

install add file bootflash:file-name

Example:

Device# install add file bootflash:image.bin

The controller software image is added to the flash and expanded.

Step 2

ap image predownload or ap name ap-name image predownload

Example:

Device# ap image predownload
Device# ap name ap1 image predownload

Downloads the new image to all the access points or a specific access point connected to the device.

Step 3

show ap image

Example:

Device# show ap image

Verifies the access point's predownload status.

This command initially displays the status as Predownloading and then moves to Completed, when download is complete.

Step 4

show ap name ap-name image

Example:

Device# show ap name ap1 image

Provides image details of a particular AP.

Step 5

ap image swap or ap name ap-name image swap or ap image swap completed

Example:

Device# ap image swap

Swaps the images of the APs that have completed predownload.

Note

 

You can swap the AP images using ap image swap command even without pre-downloading a new image to the AP and there are no restrictions or prerequisites to swap the image.

Step 6

install activate

Example:

Device# install activate

Runs compatibility checks, installs the package, and updates the package status details.

For a restartable package, the command triggers the appropriate post-install scripts to restart the necessary processes, and for non-restartable packages it triggers a reload.

Note

 

This step reloads the complete controller stack (both primary and secondary controllers, if HA is used).

Step 7

install commit

Example:

Device# install commit

Commits the activation changes to be persistent across reloads.

The commit can be done after activation while the system is up, or after the first reload. If the package is activated but not committed, it remains active after the first reload, but not after the second reload.

Monitoring the Access Point Predownload Process

This section describes the commands that you can use to monitor the access point predownload process.

While downloading an access point predownload image, enter the show ap image command to verify the predownload progress on the corresponding access point:

Device# show ap image
Total number of APs  : 1

Number of APs 
       Initiated                  : 1
       Predownloading             : 1
       Completed predownloading   : 0
       Not Supported              : 0
       Failed to Predownload      : 0

AP Name                           Primary Image   Backup Image    Predownload Status    Predownload Ver...  Next Retry Time    Retry Count 
------------------------------------------------------------------------------------------------------------------------------------------
AP1                               10.0.1.66       10.0.1.66       Predownloading        10.0.1.67           NA                           0 


Device# show ap image

Total number of APs  : 1

Number of APs 
       Initiated                  : 1
       Predownloading             : 0
       Completed predownloading   : 1
       Not Supported              : 0
       Failed to Predownload      : 0

AP Name                           Primary Image   Backup Image    Predownload Status    Predownload Ver...  Next Retry Time    Retry Count 
------------------------------------------------------------------------------------------------------------------------------------------
AP1                               10.0.1.66       10.0.1.67       Complete              10.0.1.67           NA   
                        0 

Use the following command to view the image details of a particular AP:

Device# show ap name APe4aa.5dd1.99b0 image
 
AP Name : APe4aa.5dd1.99b0
Primary Image : 16.6.230.46
Backup Image : 3.0.51.0
Predownload Status : None
Predownload Version : 000.000.000.000
Next Retry Time : N/A
Retry Count : 0

Information About AP Image Download Time Enhancement (OEAP or Teleworker Only)

The wireless controller and the access point (AP) communicate with each other using CAPWAP. The CAPWAP has two channels, namely control and data. The control channel is used to send configuration messages, download images and client keys, or the context to the AP. The control channel has a single window in the current implementation. A single window means that every message that is sent from the controller has to be acknowledged by the AP. The next control packet is not transmitted till the earlier one is acknowledged by the AP.

The AP Image Download Time Enhancement feature adds support to multiple sliding windows for control packets going from controller to AP. The sliding window can be set to N (static) instead of a single window. The request queue size is decided based on the maximum window size the AP supports.

Table 1. Recommended Window Size

Link Bandwidth1

Less than 200 ms RTT

Greater than 200 ms RTT

More than 20 Mbps

10

15

Between 5 and 20 Mbps

10

15

Between 1 and 5 Mbps

5

10

Less than 1 Mbps

3

5

1 The window size recommendation provided in the table is for packet loss of less than one percent (< 1%). If the network supporting the CAPWAP link has packet loss of more than one percent (> 1%), use a smaller value for window size. For good links with round-trip time (RTT) of about 100ms and packet drops of less than half a percent (< 0.5%), use a window size of up to 20 for better performance.

Note


  • The window size can be changed only during the AP join process.

  • All image upgrades should be in the install mode for faster upgrade. Image upgrade should be done from the one-shot command to include OEAP predownload.

  • Configure the window size only for AP profiles that are exclusively used for Teleworker or Office Extend Access Points (OEAP).

  • An AP reload is not required after disabling this feature.

  • This feature is supported only on the OEAP profiles.

  • GUI does not support AP predownload. Therefore, the AP downloads after disjoining the controller during CAPWAP join phase. This causes a long disruption in the network as the Image download for AP can take upto one hour.



Important


If you downgrade the software to Cisco IOS XE Gibraltar 16.12.4 or earlier from Cisco IOS XE Amsterdam 17.3.1, you should reset the CAPWAP multi window to a single window prior to the downgrade. Failure to do so necessitates a manual AP recovery.


High-Level Workflow of AP Image Download Time Enhancement

  1. Select an existing AP join profile or create a new one.

  2. Set the CAPWAP window size.

  3. Associate the AP join profile to an existing site tag or new one.

  4. Apply the site tag to the AP using: Static, Filter, Location, AP, or Default mapping method.

Configuring AP Image Download Time Enhancement (GUI)

Procedure


Step 1

Choose Configuration > Tags & Profiles > AP Join > CAPWAP > Advanced.

Step 2

In the CAPWAP Window Size field, enter the unit of measurement of the window.

Step 3

Click Save & Apply to Device.


Configuring AP Image Download Time Enhancement (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters the global configuration mode.

Step 2

ap-profile ap-profile

Example:

Device(config)# ap profile capwap_multiwindow

Configures an AP profile.

Step 3

capwap window size window-size

Example:

Device(config-ap-profile)# capwap window size 20

Configures the AP CAPWAP control packet transmit queue size.

Note

 

Configure the window size only for AP profiles that are exclusively used for teleworker or OEAP.

Be aware that any change in window size may impact other APs.

Step 4

end

Example:

Device(config-ap-profile)# end

Returns to privileged EXEC mode.

Verifying AP Image Download Time Enhancement Configuration

To view the CAPWAP window size present in an AP profile, use the following command:

Device# show ap profile name default-ap-profile detailed | in wind

Capwap window size : 10

To view the CAPWAP status and modes, use the following command:

Device# show capwap client rcb 

OperationState                     : UP
Name                               : AP4001.7A39.2D5A
MwarHwVer                          : 0.0.0.0
Location                           : default location
ApMode                             : Remote Bridge
ApSubMode                          : Not Configured
CAPWAP Path MTU                    : 1485
Software Initiated Reload Reason   : Reload command
CAPWAP Sliding Window
Active Window Size                 : 10
Last Request Send To Application   : 184
Expected Seq Num                   : 185
Received Seq Num                   : 184
Request Packet Count               : 42424
Out Of Range Packets Count         : 0
Window Moved  Packets Count        : 0
In Range Packets Count             : 960
Expected Packets Count             : 41464

To view the AP configuration details, including the CAPWAP window size, use the following command:

Device# show ap config general | in Wind

Capwap Active Window Size                       : 5
Capwap Active Window Size                       : 10
Capwap Active Window Size                       : 1