"downgrade" an LWAP into a full standalone wap
|You may come across Cisco wireless access points whilst dumpster diving biulding refurb sites or at the flea market.|
These days most larger corporates run these waps in LWAP or "capwap" mode where the access point is completely dumb, all the wireless smarts are in a central wireless lan controller. In capwap mode, the access point is completely at sea and useless, unless it can connect to its wlan controller to which it has be licensced. This means your flee market bargain is basically junk. Here is how to return it to autonomous mode. You will require the autonomous firmware, which unfortuneatley I am not permitted to provide on this web site due to legal peril. You may search for the binary filenames and you will discover them available on dodgy Russian websites, or you might know a friendly CCIE. This article is how to use that firmware once you have got it ! Do not browse dodgy Russian websites with a windows pc ! use a standalone cd linux boot cd so that you are not pnnwed/0wned . Sadly , Cisco will not permit you to download firmware without a relevant maintenance contract and a valid CCO login. (for perfectly understandable commercial reasons, thats the way of the world)
you will require a linux box to follow this recipe.
You require a working TFTP server that can have any address
between 10.0.0.[2 - 30].
You require a CISCO 1200/1130 running LWAP code, that
(b) wish to convert to full standalone operation.
(c) working serial console connection for you to monitor the success or otherwise
(d) your tftp server must be able to respond to requests from address 255.255.255.255 some special config may be required
please note that the LWAP IOS lets you look at a few things, but, will not permit you
to modify any setting whatsoever. Its absolutely read only. Early LWAP codes would not let you reflash firmware from the
serial console interface, however I have discovered that you may download the ios bin file (which you must manually extract from the tar archive)
which you boot and then use to download the full ios tar archive archive.
first get the full wap firmware image which will look something like
c1200-k9w7-tar.122-15.JA.tar for 1231 wap
c1130-k9w7-tar.default for 1130 wap
then rename/copy it to c1200-k9w7-tar.default for 1200 model wap
then rename/copy it to c1130-k9w7-tar.default for 1130 model
follow this table
the firmware to the tftp server directory and mark its
permissions to be world readable at the interface panel of the WAP
there is a tiny push button labelled "mode" whilst holding the push
button down power up the WAP. The LWAP firmware checks this
button for only an instant and thats immediately on power up and
otherwise completely ignores this button.|
Hold the button until one of the front panel LEDS blinks red. As soon as it turns red, release the button . Observe the serial console output. It should note something like "BUTTON DETECTED" as one of the first things the IOS says, if not you have to power cycle it again and again until you catch it.
At this point the LWAP firmware will actively hunt for a tftp server at 10.0.0.[2 - 30] and once found will request the file c1200-k9w7-tar.default. or c1130-k9w7-tar.default as required, see table above
Keep watch on the console, once the download begins no further action is required. Let it complete in about ten minutes and when it reboots it will be a full WAP again. It may have no password set but the default will be cisco or Cisco or c1sco. assign a static ip address for the ethernet interface and then config it from the web interface.
If it does not work the first time, just keep doing it untill it does. The MODE button is only scanned for about 2 seconds. If you can, watch the download with wireshark, it is tftp, to ensure something is actually happening. The process takes about 10 minutes once the download starts.
When the wappage eventually reboots , its default config is to dhcp. Use the serial console to set an known ip address on the interface BVI1 . and use the web page or cli to configure to suite your requirements.
Not all cisco waps will have an autonomous firmware image available. Most recent models are now produced to be used with a wireless lan controller engine of some kind and no autonomous images were produced. There are , however, capwap/lwap server programs available for linux.
Plug in to the the serial console. You will get a prompt. Boot the wap and as it begins booting send a terminal break sequence to the console. Refer to the documentation on your terminal emulator about how to do this. If you get it right , the wap will drop to rommon. Set up the network config with ip address and tftp in the binary image firmware file extracted from another autonomous wap. If that loads in, boot the binary. The binary image will boot and present many distressing messages about this, that and the other module missing, never mind. At this point there is enough functionality to do a complete software download of the complete tar package file. Download and install this and reboot. The wap will now be running the autonomous image package with all features, liabilities and bugs that you know and love. This is a very frustrating process because there is a very tiny window where the firmware will respect the BREAK and drop to rommon. You will have to fluke it. Persistance is what is required here. The more modern waps have fast processors and take very little time to boot and transfer execution to the the capwap code.
If by some lucky chance the former network admin lets you have the password, login to the capwap and start the upgrade commands to point to your image server and the autonomous firmware. You only have a few seconds to get the parameters in and the download underway before watchdog timers in the capwap trigger and the thing reboots. ( the capwap code is trying to find its controller, when it cannot, it reboots)
Remember that this process is annoying and frustrating for a reason. Cisco really do want you to buy a new wap and discard the old one. Probably not a bad idea as old firmware code will contain security vulnerabilities which you will have to live with.
tftp server settingsthe standard tftp server settings will work on most linux distros, however some special requirements of late, need special settings. The default directory for tftp downloads used to be /tftpboot. It now often appears as /var/run/tftp . files should be chmod 666 world read writable and chown nobody chgrp nobody for security.
Your server will require the ability to listen and respond to hosts on 10.0.0.[2 to 30]. easiest way on linux ( you must first terminate the useless annoying P.O.S that is NetworkManagerd somehow. It will interfere with your custom settings )
/sbin/ifconfig eth0:13 10.0.0.113 netmask 255.255.255.0 up # this line creates a secondary inferface on interface eth0
(nothing speical about "13", its just my lucky number it could be allmost anything. You may create an unlimited number of secondary interfaces each must have a unique non overlapping network address/mask )
the tftp server requires xinetd to run, so install the tftpserver and xinetd packages
in the /etc/xinetd.d directory, there is a set of files that configures various small servers
edit the file tftp to look somehing like this
[ralphk@NEW-CORPORATE-PENGUIN xinetd.d]$ cat tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd <<<points to where server binary lives
server_args = -s /tftpboot -a 255.255.255.255:69 <<< permits response to broadcast IP
# server_args = -s /tftpboot
disable = no <<< by default it is disabled on all standard distros, you must enable
per_source = 11
cps = 100 2
flags = IPv4
[ralphk@NEW-CORPORATE-PENGUIN xinetd.d]$ pwd
|getting firmware. I regret that for legal reasons I cannot and will not provide you with firmware. You will require a valid Cisco maintenance contract or a friendly CCIE . I have heard that if you search for the filenames they might be found on various Russian sites. Beware, you may be getting more than you anticipated if you use these dodgy .ru/.cn sites. Do use a standalone CD boot linux cd distro before surfing dodgy websites so you do not get 0wned.|