Efficient Image Upgrade

Efficient image upgrades for FlexConnect APs

Efficient image upgrade is an optimized upgrade method for FlexConnect APs that

  • reduces WAN link load by limiting simultaneous image downloads to three secondary APs per primary AP.

  • allows simultaneous secondary AP downloads from a designated primary AP, and

  • enables faster image pre-downloads for FlexConnect APs.

Feature History

Release

Feature

Feature Information

Cisco IOS XE 17.11.1

Out-of-Band AP Image Download

This feature enhances the AP image upgrade method to make upgrades faster and more flexible.

Commands Introduced:

  • ap upgrade method https

  • ap file-transfer https port

  • show ap upgrade method

Analogy: relay race

Efficient image upgrades work like a relay race for file sharing. Imagine a group of runners (APs) at a remote location needing a baton (the software image) from the main building (the controller). Instead of each runner making the trip directly and crowding the hallway (the WAN link), one designated runner (the primary AP) gets the baton first and brings it back. The others then take the baton from this runner in controlled small groups (three at a time), so the hallway never gets overcrowded, saving time and reducing congestion.

Restrictions

  • Efficient image upgrades work only in FlexConnect (flex mode).

  • Ensure all FlexConnect APs are grouped under the same site tag, and are physically co-located.

  • Efficient image upgrades do not operate when the default-site-tag is applied.

  • You cannot remove flex profile configurations from a site tag that is configured as a site.

  • Use the no local-site command to prepare a site tag for Flexconnect. Otherwise, the Flex profile configuration is not applied.

  • Efficient AP image download uses port 8443 for HTTPS connections. The listener also uses this port to upload client debug bundles and transfer Clean Air spectral recordings from the AP to the controller. This port remains open even if you disable efficient AP image download because multiple services use it.

Efficient image upgrade download

Efficient AP image download minimizes WAN load, accelerates image distribution for co-located FlexConnect APs, and ensures reliable and consistent image deployment within site tags.

Summary

The key components involved in the process are:

  • Controller: Hosts and distributes AP images through WAN.

  • Primary AP: Selected for each model per site tag to fetch the image from the controller.

  • Secondary APs: Retrieve the image from the primary AP through TFTP. Up to three secondary APs can download simultaneously.

Workflow

These stages describe the efficient AP image download:

  1. The controller selects one AP per model and site tag as the primary AP.
  2. The primary AP downloads the required image directly from the controller over WAN.
  3. Up to three secondary APs download the image simultaneously through TFTP from the primary AP. This approach minimizes WAN usage.
  4. The process uses port 8443 for HTTPS connections. This port is also used for uploading debug bundles and spectral recordings.
  5. The port remains open, as multiple services use this listener even if efficient AP image download is disabled.

Result

Efficient AP image download minimizes WAN load, accelerates image distribution for co-located FlexConnect APs, and ensures consistent, reliable image deployment within site tags.

Enable pre-download in a FlexConnect AP (GUI)

Allow access points to download software images in advance to minimize downtime during upgrades.

Use this task when you want APs to pre-download image updates through the GUI.

Follow these steps to enable pre-download for an AP:

Procedure


Step 1

Choose Configuration > Wireless > Access Points.

Step 2

In the Access Points window, expand the All Access Points section and click the name of the AP to edit.

Step 3

In the Edit AP window, click the Advanced tab and from the AP Image Management section, click Predownload.

Step 4

Click Update & Apply to Device.


The selected AP downloads the software image in advance, reducing downtime during the upgrade process.

Configure an efficient image upgrade for FlexConnect APs

To configure pre-download, you must complete the described series of tasks:
  1. Create a flex profile using the CLI and enable pre-download. You can also use an existing flex profile. See Enable pre-download in a flex profile (CLI).

  2. Configure a site tag. Site tags group APs and apply common settings, such as the flex profile you created in the previous task. See Configure a site tag for FlexConnect APs (CLI).

  3. Attach the policy tag and site tag to the AP. This task configures APs with the correct policy and site tag. See Attach policy tag and site tag to an AP (CLI).

  4. Trigger pre-download for a site tag to start the image pre-download to the APs associated with the site tag. You can then verify the pre-download status. See Trigger and verify pre-download to a site tag.

Configure a flex profile for pre-download (CLI)

Enable image pre-downloading for remote APs in a FlexConnect flex profile from the CLI.

Use this task to pre-download software images on APs associated with a flex profile. This accelerates upgrade rollouts and reduces network downtime.

Before you begin

  • Identify the target flex profile to be updated.

Procedure


Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a flex profile and enter the flex profile configuration mode.

Example:

Device(config)# wireless profile flex rr-xyz-flex-profile

Step 3

Enable pre-download of the image.

Example:

Device(config-wireless-flex-profile)# predownload

Step 4

Exit the configuration mode and return to privileged EXEC mode.

Example:

Device(config-wireless-flex-profile)# end

Pre-download is enabled for the selected flex profile. APs in this profile download the image before upgrades.

What to do next

Monitor AP status to verify successful pre-download before scheduling the upgrade.

Configure a site tag for FlexConnect APs (CLI)

Set up a site tag for wireless deployments to enable site-specific configurations using the CLI.

Before you begin

  • Gather required information, such as the desired site tag name and flex profile name.

Procedure


Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a site tag and enter site tag configuration mode.

Example:

Device(config)# wireless tag site rr-xyz-site 

Step 3

Configure a flex profile.

Example:

Device(config-site-tag)# flex-profile rr-xyz-flex-profile
  • You cannot remove flex profile configurations from a site tag that is configured as a local site.

    Use the no local-site command to remove local site configurations before applying flex profile configurations.

Step 4

Add a description for the site tag.

Example:

Device(config-site-tag)# description "default site tag"

Step 5

Save the configuration, exit configuration mode and return to privileged EXEC mode.

Example:

Device(config-site-tag)# end

Step 6

(Optional) Display the number of site tags.

Example:

Device# show wireless tag site summary  

The site tag is configured on the device, and site-specific settings are applied.

What to do next

Verify the site tag configuration.

Verify site tag configuration

Verify the site tag configuration:

  • To view detailed information about a site, use the show wireless tag site detailed site-tag-name command.

  • To view default tag (site-tag) type when both site tag and policy tag are not configured, use the output of the show wireless loadbalance tag affinity wncd wncd-instance-number command.

Attach policy tag and site tag to an AP (CLI)

Assign a policy tag and site tag to an AP using CLI.

Use this procedure to associate specific network policies and locations with an AP in your Cisco wireless deployment.

Before you begin

Make sure you have the wired MAC address of the AP.

Procedure


Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a Cisco AP and enters AP profile configuration mode.

Example:

Device(config)# ap F866.F267.7DFB 

Note

 

The mac-address should be a wired mac address.

Step 3

Map a policy tag to the AP.

Example:

Device(config-ap-tag)# policy-tag rr-xyz-policy-tag

Step 4

Map a site tag to the AP.

Example:

Device(config-ap-tag)# site-tag rr-xyz-site

Step 5

Associate the RF tag.

Example:

Device(config-ap-tag)# rf-tag rf-tag1

Step 6

Save the configuration, exit configuration mode, and return to privileged EXEC mode.

Example:

Device(config-ap-tag)# end

Step 7

(Optional) Display AP details and the tags associated to it.

Example:

Device# show ap tag summary  

Step 8

Display the AP name with tag information.

Example:

Device# show ap name "ap-name" tag info  

Step 9

(Optional) Display the AP name with tag details.

Example:

Device# show ap name ap-name tag detail  

The AP is now associated with the specified policy, site, and optionally, RF tags. You can confirm these assignments using the verification commands.

Trigger and verify pre-download to a site tag

Start and confirm an image pre-download for a specific site tag by using CLI

Use this task to distribute a new software image to primary and secondary APs in advance of a full deployment.

Before you begin

Identify the site tag to which you want to pre-download the image.

Procedure


Step 1

Enter the privileged EXEC mode.

Example:

Device> configure terminal

Step 2

Instruct the primary APs to start image predownload.

Example:

Device# ap image predownload site-tag rr-xyz-site start 

Step 3

Display the list of primary APs per AP model per site tag.

Example:

Device# show ap master list

Step 4

Display the pre-downloading state of primary and secondary APs.

Example:

Device# show ap image

Note

 

To check if efficient image upgrade is enabled in the AP, use the show capwap client rcb command on the AP console.


Example

The output displays the primary AP.

Device# show ap primary list
AP Name                        WTP Mac          AP Model          Site Tag       
-----------------------------------------------------------------------------------------
AP0896.AD9D.3124               f80b.cb20.2460   AIR-AP2802I-D-K9 ST1          

 

The output shows that the primary AP has started pre-downloading the image.

Device# show ap image
Total number of APs: 6
 
AP Name             Primary Image   Backup Image  Predownload Status   Predownload Version  Next Retry Time   Retry Count
--------------------------------------------------------------------------------------------------------------------------
APE00E.DA99.687A    16.6.230.37     0.0.0.0       None                 0.0.0.0              N/A               0
AP188B.4500.4208    16.6.230.37     8.4.100.0     None                 0.0.0.0              N/A               0
AP188B.4500.4480    16.6.230.37     0.0.0.0       None                 0.0.0.0              N/A               0
AP188B.4500.5E28    16.6.230.37     16.4.230.35   None                 0.0.0.0              N/A               0
AP0896.AD9D.3124    16.6.230.37     8.4.100.0     Predownloading       16.6.230.36          0                 0
AP2C33.1185.C4D0    16.6.230.37     8.4.100.0     None                 0.0.0.0              N/A               0
 
 

The output shows that the primary AP has completed pre-download and the pre-download has been initiated in the secondary APs.

Device# show ap image

Total number of APs: 6
AP Name             Primary Image   Backup Image  Predownload Status   Predownload Version  Next Retry Time   Retry Count
--------------------------------------------------------------------------------------------------------------------------
APE00E.DA99.687A    16.6.230.37     0.0.0.0       Initiated            16.6.230.36          N/A               0
AP188B.4500.4208    16.6.230.37     8.4.100.0     None                 0.0.0.0              N/A               0
AP188B.4500.4480    16.6.230.37     0.0.0.0       None                 0.0.0.0              N/A               0
AP188B.4500.5E28    16.6.230.37     16.4.230.35   None                 0.0.0.0              N/A               0
AP0896.AD9D.3124    16.6.230.37     8.4.100.0     Complete             16.6.230.36          0                 0
AP2C33.1185.C4D0    16.6.230.37     8.4.100.0     Initiated            16.6.230.36          0                 0
         

The output shows image status of a particular AP.

Device# show ap name APe4aa.5dd1.99b0 image 
AP Name : APe4aa.5dd1.99b0
Primary Image : 16.6.230.46
Backup Image : 3.0.51.0
Predownload Status : None
Predownload Version : 000.000.000.000
Next Retry Time : N/A
Retry Count : 0

The output shows pre-download completion on all APs.

Device# show ap image
Total number of APs: 6
 
Number of APs
        Initiated                  : 0
        Predownloading             : 0
        Completed predownloading   : 3
        Not Supported              : 0
        Failed to Predownload      : 0

AP Name             Primary Image   Backup Image  Predownload Status   Predownload Version  Next Retry Time   Retry Count
--------------------------------------------------------------------------------------------------------------------------
APE00E.DA99.687A    16.6.230.37     16.6.230.36   Complete            16.6.230.36           N/A               0
AP188B.4500.4208    16.6.230.37     8.4.100.0     None                0.0.0.0               N/A               0
AP188B.4500.4480    16.6.230.37     0.0.0.0       None                0.0.0.0               N/A               0
AP188B.4500.5E28    16.6.230.37     16.4.230.35   None                0.0.0.0               N/A               0
AP0896.AD9D.3124    16.6.230.37     16.6.230.36   Complete            16.6.230.36           0                 0
AP2C33.1185.C4D0    16.6.230.37     16.6.230.36   Complete            16.6.230.36           0                 0