I got Wireless Access point (Cisco Aironet 1200) with Software version 12.2(13)JA4 . I’m currently using WEP encryption with static key. Now I’m planning to implement Enterprise Wireless Security using WPA 2.
First of all , I manage to learn the following :
- In order to support AES /WPA 2 , I need hardware upgrade ( Firmware upgrade is not enough) .For example ,the Cisco Aironet (AIR-AP1231G-X-K9) support WPA 2 .
- So ,to live without hardware upgrade , i can perform firmware upgrade to my access point so i can implement at least WPA 1 (TKIP).
Second : What version should i upgrade to ????
- I first upgraded the AP to firmware version 12.3 (11) .After that i discovered that the AP is now utilizing something named (LWAAP Mode) and it keep restarting each 10 seconds . At the end of the blog is how I fix this.
- I then realized that I have to upgrade to firmware version below 12.3(7) ,or else the AP will be using the (LWAAP Mode) and will keep rebooting.
- I fond that the firmware version 12.3(4)JA .This version support WPA (TKIP) and works beautifully.
Third : To upgrade to 12.3(4)JA :
- Connect to the AP Console .
- Install TFTP Server at your machine .Give your AP and your machine IPs from the same subnet.
- Download the firmware from Cisco Site to the TFTP Server folder.
- Do the following:
- from the AP console , go to Enable Mode .
- Type archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name
Fourth :Troubleshooting the issue when upgrading AP to firmware 12.3(7) or later and having the AP reboot itself many times :
After you upgrade your wireless access point to firmware 12.3 (7) or later , you will have your AP to restart every 10 seconds with the following errors :
Mar 1 00:00:23.563: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:23.579: LWAPP_CLIENT_ERROR_DEBUG: lwapp_crypto_init_ssc_keys_and_c
erts no certs in the SSC Private File
*Mar 1 00:00:23.579: LWAPP_CLIENT_ERROR_DEBUG:
*Mar 1 00:00:23.579: lwapp_crypto_init: PKI_StartSession failed
*Mar 1 00:00:23.640: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Re
ason: FAILED CRYPTO INIT.
*Mar 1 00:00:23.640: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
*Mar 1 00:00:23.640: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file s
The reason is that firmware 12.3(7) or later is operating in LWAPP mode instead of the earlier Autonomous mode and your AP is trying to located a controller and keep restarting.
To solve this issue , you need to revert back to earlier version of IOS (firmware) with version less than 12.3(7).For example ,to revert back to version 12.3(4) , do the following :
Step 1 The PC on which your TFTP server software runs must be configured with a static IP address in the range of 10.0.0.2 to 10.0.0.30.
Step 2 Make sure that the firmware file (.tar) file is located in the TFTP server folder .Usually this file is named (c1200-k9w7-tar.123-4.JA2.tar) .You have to rename it to (c1200-k9w7-tar.default) .This is because the AP is configured to locate a file with this name on all TFTP servers that have IPs between ( 10.0.0.2 – 10.0.0.30).
Step 3 Disconnect power from the access point.
Step 4 Press and hold the MODE button while you reconnect power to the access point.
Step 5 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds), and release the MODE button.
Step 6 Wait until the access point reboots as indicated by all LEDs turning green followed by the Status LED blinking green.