Wireless Access

Hello,

I know that AP 61 is an old one, if fact we have some of them stored with version 5.0.3.0.

Due to a need, we have had to take out one AP 61 and provision it, but our controllers are in version 6.3.1.3. The problem was that AP61 was unable to upgrade from 5.0.3.0 to 6.3.1.3 and we didn't provision it.

I solved it making a manual upgrade from AP 61 console, how I did it?.

1.- Stopping the booting process

2.- configuring some environnment variables:

     setenv ipaddr "AP IP"

     setenv netmask "network mask"

     setenv gatewayip "ip of default router for network"

3.- Upgrade flash from tftp controller.

     flash write bfc80000 "dir ip of controller":mips.ari

 

The master controller sends the ELF image mips.ari via TFTP to the AP61, then the AP61 can save the image to flash at base address bfc80000 and boot from this new image.

After flashing, then the controller can provision the new AP61.

 

Hope this can help someone.

 

hi ,

thank you for the sharing ,

tell me please is that a general procedure to manually  provision AP , or is it unique to AP 61.

Regards

Nope, that is not the general procedure.  The aps needed to be upgraded to the latest 5.0.4.x first.

 

This is outlined in the release notes.

 

Hi,

No, that's not a general procedure. First all, you always should consider update your firmware for AP via controller (the AP contacts the master controller, then upgrades itself, then you can provision the AP), but in the case the AP can't upgrade, then you can try the manual upgrade as I described above.

Be carefull, the ELF file mips.ari is only to AP-6x, to AP-10x the file to use is mips32.ari, and mips64.ari is to AP-12x.

Also take care because address bfc80000 is specific to AP61, you should research what other addresses are reserverd for flash in other APs.

 

Thank you 

 

All three posters are correct in this thread, and here is why:

 

- the specific upgrade and parameters mentioned by jgarciav specifically applies to the ap61 and should only be done specifically like he mentioned in an emergency.  It could damage or "brick" any other ap.

- Michael_Clarke mentions you should do a staged upgrade and that is the way 99.9% of users should do it.  A standard upgrade will not allow the sizes of the firmware directly and a staged upgrade is the most customer friendly way to do this.

- rchabourne is right to question whether or not it is the standard procedure, because it is not.

 

Jgarciav's method sidesteps the image size check that necessitates the two-stage upgrade, and is helpful when you are in a tough situation, not a normal one.

Hi,
Only for clarification, I did this manual upgrade because ap was in 5.0.3 firmware and controllers were in 6.3. When I tried to upgrade trough controllers, I found it was not possible, possibly due to step from 5.0.3 to 6.3, so I didn't have chance to made a staged upgrade and tried the manual procedure.
This should be considered only in case of you get some problem with the normal way.

Thank you

Interesting... what about IAP-225 that seems like same pattern that you mention (The AP goes down, i did troubleshoot then i try to upgrade and doesnt work still down):

 

Finally (resume) this is the last log:

 

apboot> purge
Un-Protected 1 sectors
. done
Erased 1 sectors
Writing 9....8....7....6....5....4....3....2....1....
apboot> saveenv
Saving Environment to Flash...
Un-Protected 1 sectors
. done
Erased 1 sectors
Writing 9....8....7....6....5....4....3....2....1....
apboot> reset

APBoot 1.4.0.6 (build 38177)
Built: 2013-04-25 at 22:52:20

Model: AP-22x
CPU0: P1020E, Version: 1.1, (0x80ec0011)
Core: E500, Version: 5.1, (0x80212051)
Clock:
CPU0: 800 MHz
CPU1: 800 MHz
CCB: 400 MHz
DDR: 333.333 MHz (666.667 MT/s data rate) (Asynchronous)
LBC: 25 MHz
L1: D-cache 32KB enabled
I-cache 32KB enabled
I2C: ready
DRAM: Configuring DDR for 666.667 MT/s data rate
DDR: 512 MB (DDR3, 32-bit, CL=5, ECC off)
POST1: memory passed
Flash: 32 MB
L2: 256 KB enabled
Power: 802.3af POE+
PCIe1: RC, link up, x1
dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
00 00 14e4 43a2 00002 03 80000004 00000000 80200004 00000000
PCIe2: RC, link up, x1
dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
00 00 14e4 43a1 00002 03 a0000004 00000000 a0200004 00000000
Net: eth0, eth1
Radio: bcm43460#0, bcm43460#1

Hit <Enter> to stop autoboot: 0
apboot>
apboot>

apboot> version

APBoot 1.4.0.6 (build 38177)
Built: 2013-04-25 at 22:52:20
apboot> dir
(Re)start USB...
USB: Register 10011 NbrPorts 1
USB EHCI 1.00
scanning bus for devices... 1 USB Device(s) found
scanning bus for storage devices... 0 Storage Device(s) found

** Invalid boot device **
apboot> osinfo
Partition 0:
image type: 0
machine type: 25
size: 7231396
version: 6.4.4.11
build string: ArubaOS version 6.4.4.11 for 22x (p4build@chios) (gcc version 4.5.1) #57673 SMP Thu Dec 8 10:44:50 PST 2016
flags:

Image is signed; verifying checksum... passed
Signer Cert OK
Policy Cert OK
RSA signature verified.

Partition 1:
image type: 0
machine type: 25
size: 6418672
version: 6.3.1.0
build string: ArubaOS version 6.3.1.0 for 22x (p4build@tortuga) (gcc version 4.5.1) #39345 SMP Thu Aug 8 16:30:24 PDT 2013
flags: preserve factory

Image is signed; verifying checksum... passed
Signer Cert OK
Policy Cert OK
RSA signature verified.
apboot>

 

Controller:

Jan 5 13:31:56 sapd[2146]: <311002> <WARN> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 5 13:31:57 nanny[2093]: <303086> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jan 5 13:33:28 nanny[2098]: <303022> <WARN> |AP 18:64:72:xx:xx:30@10.10.4.249 nanny| Reboot Reason: AP rebooted Thu Jan 5 13:31:57 MST 2017; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jan 5 13:33:36 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:09>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:33:36 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:09>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:33:42 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:15>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:33:42 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:15>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:33:48 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:21>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:33:48 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:21>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:33:54 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:27>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:33:54 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:27>>ERROR>>TPM Setup at System Initialization failed
Jan 5 13:33:54 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:27>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:34:01 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:34>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:34:01 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:34>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:34:07 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:40>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:34:07 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:40>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:34:13 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:46>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:34:13 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:46>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:34:19 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:52>>ERROR>>Failed to evict key (0xffdfdffe) at index 0
Jan 5 13:34:19 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:52>>ERROR>>TPM Setup at System Initialization failed
Jan 5 13:34:19 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:52>>ERROR>>TPM or Device Cert Initialization failed.
Jan 5 13:34:19 sapd[2151]: <129002> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| 12311969:16:01:52>>ERROR>>TPM_EvictKey failed with return code (0x00000044)
Jan 5 13:34:19 sapd[2151]: <311020> <ERRS> |AP 18:64:72:xx:xx:30@10.10.4.249 sapd| An internal system error has occurred at file sapd_main.c function main line 2986 error Unable to initialize Factory Certificates or Field Certificates.
Jan 5 13:36:38 stm[3931]: <305049> <WARN> |stm| Unsecure AP "18:64:72:xx:xx:30" (MAC 18:64:72:xx:xx:30, IP 10.10.4.249) has been denied access because Control Plane Security is enabled and the AP is not approved.

 

 

Best regards.

The thread is only specific to the AP-61.  What are you trying to do?

 

No. Is an AP-225 (IAP converted to CAP). Trying to recover....

Seems like in other post found that is a RMA:

http://community.arubanetworks.com/t5/Wireless-Access/After-turning-on-Control-Plane-Security-around-6-APs-out-from/m-p/284222#M66574

Best regards.