Cisco Aironet 1200 Series

I got Wireless Access point (Cisco Aironet 1200) with Software version 12.2(13)JA4 . I’m currently using WEP encryption with static key. Now I’m planning to implement Enterprise Wireless Security using WPA 2.

First of all ,  I manage to learn the following :

  • In order to support AES /WPA 2 , I need hardware upgrade ( Firmware upgrade is not enough) .For example ,the Cisco Aironet (AIR-AP1231G-X-K9) support WPA 2 .
  • So ,to live without hardware upgrade , i can perform firmware upgrade to my access point so i can implement at least WPA 1 (TKIP).

Second : What version should i upgrade to ????

  • I first upgraded the AP to firmware version 12.3 (11) .After that i discovered that the AP is now utilizing something named (LWAAP Mode) and it keep restarting each 10 seconds . At the end of the blog is how I fix this.
  • I then realized that I have to upgrade to firmware version below 12.3(7) ,or else the AP will be using the (LWAAP Mode) and will keep rebooting.
  • I fond that the firmware version 12.3(4)JA .This version support WPA (TKIP) and works beautifully.

Third : To upgrade to 12.3(4)JA :

  • Connect to the AP Console .
  • Install TFTP Server at your machine .Give your AP and your machine IPs from the same subnet.
  • Download the firmware from Cisco Site to the TFTP Server folder.
  • Do the following:
    • from the AP console , go to Enable Mode .
    • Type archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name


Fourth :Troubleshooting the issue when upgrading AP to firmware 12.3(7) or later and having the AP reboot itself many times :

After you upgrade your wireless access point to firmware 12.3 (7) or later , you will have your AP to restart every 10 seconds with the following errors :

Mar 1 00:00:23.563: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:23.579: LWAPP_CLIENT_ERROR_DEBUG: lwapp_crypto_init_ssc_keys_and_c
erts no certs in the SSC Private File
*Mar 1 00:00:23.579: LWAPP_CLIENT_ERROR_DEBUG:
*Mar 1 00:00:23.579: lwapp_crypto_init: PKI_StartSession failed
*Mar 1 00:00:23.640: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Re
*Mar 1 00:00:23.640: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
*Mar 1 00:00:23.640: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file s

The reason is that firmware 12.3(7) or later is operating in LWAPP mode instead of the earlier Autonomous mode and your AP is trying to located a controller and keep restarting.

To solve this issue , you need to revert back to earlier version of IOS (firmware) with version less than 12.3(7).For example ,to revert back to version 12.3(4) , do the following :

Step 1 The PC on which your TFTP server software runs must be configured with a static IP address in the range of to

Step 2 Make sure that the firmware file (.tar) file is located in the TFTP server folder .Usually this file is named (c1200-k9w7-tar.123-4.JA2.tar) .You have to rename it to (c1200-k9w7-tar.default) .This is because the AP is configured to locate a file with this name on all TFTP servers that have IPs between ( –

Step 3 Disconnect power from the access point.

Step 4 Press and hold the MODE button while you reconnect power to the access point.

Step 5 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds), and release the MODE button.

Step 6 Wait until the access point reboots as indicated by all LEDs turning green followed by the Status LED blinking green.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s