使用TFTP和SFTP伺服器升級非同構EWC網路中的接入點
簡介
本檔案將詳細介紹使用TFTP和SFTP伺服器的非同構EWC網路的存取點映像下載程式。
必要條件
需求
思科建議您瞭解以下主題:
- AP加入進程的將軍。
- Catalyst 9100系列AP上的嵌入式無線LAN控制器
- TFTP檔案傳輸。
- SFTP檔案傳輸
- Linux命令列介面使用情況。
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Catalyst 9120AXI AP中的嵌入式Catalyst 9800 WLC,Cisco IOS® XE Cupertino 17.9.3。
- Catalyst 9105AXI AP。
- TFTPD-64版本4.64。
- TFTPD-HPA Linux程式包。
- SSH Linux程式包
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊.
當其它接入點加入網路時,充當EWC的接入點只能向它們提供自己的AP映像型別。如果您的網路包含非同構部署(AP來自與AP不同、充當EWC的映像),則需要部署TFTP或SFTP伺服器,並在其中託管AP映像,以便AP從那裡下載該映像。
注意:這僅適用於從網路內部本地下載映像的AP映像升級過程。AP還可以通過CCO Upgrade(CCO升級)直接從網際網路下載映像。
設定
網路圖表
網路圖表
通過TFTP下載映像
TFTPD-64(Windows)
TFTPD-64是眾所周知的自由開放源(FOSS)實用程式,包括TFTP功能。請參閱其網站以下載和安裝。
確保將AP捆綁映像解壓縮到TFTP伺服器的適當資料夾中。
TFTP資料夾中的解壓縮檔案
AP開始從TFTP伺服器下載其映像後,TFTP中的彈出視窗會顯示,並詳細介紹映像傳輸過程。
TFTPD-64檔案傳輸進度
TFTPD-HPA(Linux)
TFTPD-HPA是一個基本的、眾所周知的軟體包,可以從APT資料庫獲取。有關詳細資訊,請參閱Ubuntu的TFTP文檔。
確保您的TFTP配置已充分指向TFTP資料夾,並且AP捆綁包映像已解壓縮。
Ubuntu中的TFTP配置和解壓縮檔案
您可以跟蹤Ubuntu上預設記錄在/var/lib/syslog中的映像傳輸過程。
Ubuntu上的TFTP檔案傳輸日誌
WLC組態
在WLC的GUI中,前往管理>軟體管理>軟體升級。在Mode下的下拉選單中選擇TFTP,然後提供TFTP伺服器的資訊。
選擇Save以儲存映像下載配置檔案,並為加入EWC網路的新AP啟用映像下載,或按一下Save & Download以立即觸發所有AP(包括EWC的AP)上的下載過程。
用於軟體升級的TFTP配置
CLI配置:
9120-EWC(config)#wireless profile image-download default
9120-EWC(config-wireless-image-download-profile)#image-download-mode tftp
9120-EWC(config-wireless-image-download-profile)#tftp-image-server <TFTP-server>
9120-EWC(config-wireless-image-download-profile-tftp)#tftp-image-path <path>
透過SFTP下載映像
SFTP伺服器(Linux)
由於SFTP通過SSH工作,因此您可以使用Linux的SSH包在Linux中配置一個簡單的SFTP伺服器。
確保在/etc/ssh/ssh_config檔案中為SFTP提供足夠的配置。根據需要將使用者(或組)的許可權新增到SFTP目錄,並在所需路徑中解壓縮AP捆綁包映像檔案。
Ubuntu中的SFTP配置
與Linux中的TFTP伺服器類似,您還可以跟蹤SFTP活動。預設情況下,日誌配置為儲存在/var/log/auth.log中。確保根據需要新增日誌級別配置。
Ubuntu中的SFTP日誌活動和配置。
註:連線到SFTP伺服器的裝置是EWC,而不是請求映像的AP。這是因為憑證是在EWC中布建,而不是在加入EWC之前在AP中布建。然後將映像轉發到請求該映像的實際AP。
WLC組態
在WLC的GUI中,前往管理>軟體管理>軟體升級。在Mode下的下拉選單中選擇SFTP,並提供STFTP伺服器的資訊和憑據。
選擇Save以儲存映像下載配置檔案,並為加入EWC網路的新AP啟用映像下載,或按一下Save & Download以立即觸發所有AP(包括EWC的AP)上的下載過程。
GUI中的SFTP配置
CLI配置:
9120-EWC(config)#wireless profile image-download default
9120-EWC(config-wireless-image-download-profile)#image-download-mode sftp
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-image-server <SFTP-Server>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-image-path <path>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-username <user>
9120-EWC(config-wireless-image-download-profile-sftp)#sftp-password 0 <password>
驗證
CAPWAP狀態機按照您通常希望的任何其他AP映像下載過程的方式登入AP流。
[*01/30/2024 21:41:35.1120] CAPWAP State: Image Data
[*01/30/2024 21:41:35.1130] AP image version 17.3.3.26 backup 8.10.130.0, Controller 17.9.4.27
[*01/30/2024 21:41:35.1130] Version does not match.
[*01/30/2024 21:41:35.1130] Request to close the file..
[*01/30/2024 21:41:35.1130] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:41:35.2040] status 'upgrade.sh: Script called with args:[PRECHECK]'
[*01/30/2024 21:41:35.3020] do PRECHECK, part2 is active part
[*01/30/2024 21:41:35.3350] status 'upgrade.sh: Cleanup tmp files ...'
[*01/30/2024 21:41:35.4620] status 'upgrade.sh: /tmp space: OK available 96064, required 50000 '
[*01/30/2024 21:41:35.4630] wtpOpenImgFile: request ap1g8, local /tmp/part.tar
[*01/30/2024 21:41:35.4630] wtpOpenImgFile: open (/tmp/part.tar) image file success
[*01/30/2024 21:41:35.4630] Using fd(37559296) for image writing to file(/tmp/part.tar)
[*01/30/2024 21:41:35.4650] Image Data Request sent to 172.16.4.26, fileName [ap1g8], replicaStatus 1
[*01/30/2024 21:41:35.4690] Image Data Response from 172.16.4.26
[*01/30/2024 21:41:35.4690] AC accepted previous sent request with result code: 0
[*01/30/2024 21:41:35.4760] <.......................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:41:50.6190] ...........
[*01/30/2024 21:41:54.7060] ..............................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:14.0820] ....
[*01/30/2024 21:42:15.5860] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:15.6430] .............................................
[*01/30/2024 21:42:34.2800] ...............................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*01/30/2024 21:42:46.0420] ...................
[*01/30/2024 21:42:53.0610] ..................................................
[*01/30/2024 21:43:11.6480] ......> 70512640 bytes, 51208 msgs, 601 last
[*01/30/2024 21:43:13.3940] Last block stored, IsPre 0, WriteTaskId 0
[*01/30/2024 21:43:13.3940] Request to close the file..
[*01/30/2024 21:43:13.3940] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:43:13.3940] Image transfer completed from WLC, last 1
[*01/30/2024 21:43:13.3940] Request to close the file..
[*01/30/2024 21:43:13.3940] wtpOpenImgFile: image file closed, dcb->fd set to -1.
[*01/30/2024 21:43:13.3950] in (CAPWAP_MSGELE_IMAGE_DATA_msg_dec_cb) Enabling radCfg.is_oob_image_dnld_supported
[*01/30/2024 21:43:13.4190] wtp_delayed_event_handle_write_image_to_storage(10): fileName ap1g8, pre 0
[*01/30/2024 21:43:13.4190] wtp_delayed_event_handle_write_image_to_storage(10): fileName ap1g8, pre 0
[*01/30/2024 21:43:13.5110] status 'upgrade.sh: Script called with args:[PREDOWNLOAD]'
[*01/30/2024 21:43:13.6100] do PREDOWNLOAD, part2 is active part
[*01/30/2024 21:43:13.6420] status 'upgrade.sh: Creating before-upgrade.log'
[*01/30/2024 21:43:13.6990] status 'upgrade.sh: Start doing upgrade arg1=PREDOWNLOAD arg2= arg3= ...'
[*01/30/2024 21:43:13.8610] status 'upgrade.sh: Using image /tmp/part.tar on ax-bcm32 ...'
[*01/30/2024 21:43:20.9990] status 'Image signing verify success.'
在WLC系統日誌中,映像下載標籤為Successful。
*Feb 1 17:05:37.108: %INSTALL-5-INSTALL_COMPLETED_INFO: Chassis 1 R0/0: install_engine: Completed install add sftp://******@172.16.5.62/Documents/sftp_files/EWC_17_9_4a/ap3g3
*Feb 1 17:07:00.720: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-POD-2-2 Mac: 2c5a.0f40.6920 Session-IP: 172.16.4.33[5248] 172.16.4.26[5246] Disjoined Image Download Success
AP映像下載
開始升級過程後,您可以在EWC上使用「show ap image」命令跟蹤AP映像預下載過程。一旦所有AP完成下載映像,您就可以在AP的備份映像中看到目標映像。
9120-EWC#show ap image
Total number of APs : 3
Number of APs
Initiated : 0
Downloading : 0
Predownloading : 0
Completed downloading : 0
Completed predownloading : 3
Not Supported : 0
Failed to Predownload : 0
Predownload in progress : No
AP Name Primary Image Backup Image Predownload Status Predownload Version Next Retry Time Retry Count Method
------------------------------------------------------------------------------------------------------------------------------------------------------------------
AP-POD-2-2 17.9.4.27 17.12.1.5 Complete 17.12.1.5 0 0 CAPWAP
AP6C41.0E16.E79C 17.9.4.27 17.12.1.5 Complete 17.12.1.5 0 0 CAPWAP
9105-emorenoa 17.9.4.27 17.12.1.5 Complete 17.12.1.5 0 0 CAPWAP
或者,在GUI中,進度條會達到Activate階段,此時僅需要重新載入才能將EWC交換為新代碼。
EWC Web UI升級進度條
下面,EWC顯示AP的預下載狀態。
EWC Web UI AP影象預下載狀態
疑難排解
在AP映像下載過程中,您可以在AP的CAPWAP狀態機日誌中看到下載無法啟動。
[*07/12/2023 07:41:00.7960] CAPWAP State: Image Data
[*07/12/2023 07:41:00.7970] AP image version 17.3.3.26 backup 8.10.130.0, Controller 17.9.4.27
[*07/12/2023 07:41:00.7970] Version does not match.
[*07/12/2023 07:41:00.8580] upgrade.sh: Script called with args:[PRECHECK]
[*07/12/2023 07:41:00.9540] do PRECHECK, part2 is active part
[*07/12/2023 07:41:01.0070] upgrade.sh: /tmp space: OK available 101272, required 40000
[*07/12/2023 07:41:01.0080] wtpImgFileReadRequest: request ap1g8, local /tmp/part.tar
[*07/12/2023 07:41:01.0100] Image Data Request sent to 172.16.4.26, fileName [ap1g8], slaveStatus 0
[*07/12/2023 07:41:01.0140] Image Data Response from 172.16.4.26
[*07/12/2023 07:41:01.0140] AC accepted join request with result code: 0
[*07/12/2023 07:41:09.5930] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*07/12/2023 07:41:28.7700] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*07/12/2023 07:41:29.7500]
[*07/12/2023 07:41:29.7500] Going to restart CAPWAP (reason : image download cannot start)...
[*07/12/2023 07:41:29.7500]
[*07/12/2023 07:41:29.7570] Restarting CAPWAP State Machine.
[*07/12/2023 07:41:29.7600] Image Data Request sent to 172.16.4.26, fileName [ap1g8], slaveStatus 1
[*07/12/2023 07:41:29.7970]
[*07/12/2023 07:41:29.7970] CAPWAP State: DTLS Teardown
[*07/12/2023 07:41:29.8330] Aborting image download(0x0): Dtls cleanup, ap1g8
[*07/12/2023 07:41:29.9560] upgrade.sh: Script called with args:[ABORT]
[*07/12/2023 07:41:30.0570] do ABORT, part2 is active part
[*07/12/2023 07:41:30.1050] upgrade.sh: Cleanup tmp files ...
[*07/12/2023 07:41:30.1590] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
要瞭解AP無法下載映像的原因,您可以檢查EWC中的Syslog。由於到TFTP和SFTP伺服器的指定路徑錯誤(正確反映在日誌中),經常會看到映像下載失敗:
對於SFTP:
*Feb 1 20:29:14.108: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:29:17.325: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6
*Feb 1 20:29:25.730: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6, Error: Failed to download file sftp://******@172.16.5.62/Documents/Wrong-Path/ap1g6: No such file or directory
對於TFTP:
*Feb 1 20:52:08.742: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:52:11.894: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add tftp://172.16.5.27/Wrong-Path/ap1g6
*Feb 1 20:52:13.977: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package tftp://172.16.5.27/Wrong-Path/ap1g6, Error: Failed to download file tftp://172.16.5.27/Wrong-Path/ap1g6: No such file or directory
確保AP和EWC可以訪問TFTP或SFTP伺服器。否則,可在EWC系統日誌中看到Timed Out日誌。
*Feb 1 20:55:03.359: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP-9117 Mac: 0cd0.f897.ade0 Session-IP: 172.16.4.34[5248] 172.16.4.26[5246] Disjoined Image Download Failed
*Feb 1 20:55:06.512: %INSTALL-5-INSTALL_START_INFO: Chassis 1 R0/0: install_engine: Started install add tftp://172.16.5.199/EWC/17_9_4a/ap1g6
*Feb 1 20:55:46.579: %INSTALL-3-OPERATION_ERROR_MESSAGE: Chassis 1 R0/0: install_engine: Failed to install_add package tftp://172.16.5.199/EWC/17_9_4a/ap1g6, Error: Failed to download file tftp://172.16.5.199/EWC/17_9_4a/ap1g6: Timed out
注意:確保AP和EWC與TFTP或SFTP伺服器之間的UDP埠69和TCP埠22未被阻止。
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
16-Feb-2024 |
初始版本 |
意見