In a previous article I was telling about restoring the LWAPP to autonomous, but it’s also possible if you got access to the WLC.
(Cisco Controller) >config ap tftp-downgrade 10.10.10.15 c1250-k9w7-tar.124-21a.JA1.tar L1252-1
And you won’t see anything at the WLC, but you can see at the AP :
Loading c1250-k9w7-tar.124-21a.JA1.tar from 10.10.10.15 (via GigabitEthernet0): !
extracting info (287 bytes)
Version Suffix: k9w7-.124-21a.JA1
Image Name: c1250-k9w7-mx.124-21a.JA1
Version Directory: c1250-k9w7-mx.124-21a.JA1
Ios Image Size: 5693952
Total Image Size: 6431232
Image Feature: WIRELESS LAN
Image Family: C1250
Wireless Switch Management Version: 188.8.131.52
When you do an AP Authentication with the ACS, there are different was to show the MAC of the AP to the ACS.
If you’re creating a user, make sure that the format is exactly the same.
Password is the same as the username…
Ofcourse you want all logging goto a syslog server. (It’s also a Cisco recommendation. See WLC Configu Guide)
You can configure a IOS DHCP Scope like :
ip dhcp exclude 192.168.1.1
ip dhcp pool VLAN1
network 192.168.1.0 /24
option 7 ip
option 43 hex f1040a0a0a0a
In my own lab the option 7 wasn’t working !
I had tested the WLC with versions 4.2.130 and 4.2.176.
Then I saw :
%LWAPP-3-CLIENTEVENTLOG: Did not get any DNS options from DHCP.
That’s not good..
After changing it to 4.2.209 the option 7 is working and you’ll see at the LWAPP :
%LWAPP-3-CLIENTEVENTLOG: Got log server settings(192.168.1.10) from DHCP.
There is default a TFTP server at the WCS server which I’m using a lot….
When you do a restore of the WCS server with no controller configured, the TFTP server isn’t working.
You need to add atleast one Controller before the TFTP service is active (It’s a WCS service and not a windows service, so you can’t start it manually.).
Then you can upload/download files from the WCS TFTP Service.
To dectect Rogue access points, make sure the AP’s are at monitor or local mode.
The Protection Type should be AP Authentication.
(See WLC Config Guide Page 453)