03 Jan

Manual firmware upgrade of lightweight access point

The Cisco lightweight access point managed by the wireless controller is not a new product. It has been on the market for years, evolved from LWAPP to CAPWAP model, is supporting a wide range of access point models. The idea is that access point upgrades its firmware when it registers to WLC. Sounds easy? Yes. Is it working? Yes, usually, but not always. Sometimes you need to perform a manual lightweight access point firmware upgrade procedure which is not well documented. And you need to know a hidden command. I will show you how.


My lightweight access point image is too old

What are the symptoms that you cannot upgrade your access point automatically? On the web dashboard, you will see the access point reappearing with Operational Status set to Downloading. However, this does not answer the question what exactly the problem is. More answers you will get from the access point console

*Dec 17 16:39:40.227: %CAPWAP-5-SENDJOIN: sending Join Request to archive download capwap:/ap3g2 tar file
*Dec 17 16:39:40.251: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
ERROR: Image is not a valid IOS image archive.
Download image failed, notify controller!!! From: to, FailureCode:3

The access point joined the controller successfully and attempted to download the current archive from the controller, but the whole operation failed. The FailureCode:3 does not point to a reason.

My access point out-of-box had preinstalled firmware 15.3(3)JA1, the latest vWLC version requires the 15.3(3)JG1. As we can see the 15.3(3)JA1 is compatible with controller firmware release – both released in 2014.

In my case, I suspect one of the possible reasons why automatic firmware upgrade did not work is that for Cisco Aironet 3700 with release 15.3(3)JF has changed the platform code from ap3g2 to c3700. I could see this when I listed available images in WLC

(Cisco Controller) >show ap bundle all

Primary AP Image Size Supported AP's
---------------- ---- ------------
ap1g1 13320 AP700
ap1g3 15360 AP1530
ap1g4 28452 AP1850/1810
ap1g5 24992 AP1815,1540
ap3g3 47184 AP2800,3800,1560
c1570 13040 AP1570
c3700 14340 AP1700,2700,3700

Another possible reason was that the download or image verification process changes significantly and access point was not able to verify the new image. That is not an uncommon problem in Cisco; we saw this on ASA already.


Manual firmware update

You can perform manual firmware upgrade in such situation loading either up-to-date version or any close to this. You can download the firmware from cisco.com, but you need valid service contract assigned to your CCO profile. I got 15.3(3)JF release.

First, put the downloaded archive on the server accessible from subnet where access point gets its IP address from. This image needs to be accessible via HTTP, HTTPS, FTP, TFTP or SCP.

To download, extract and install new firmware you need to use the archive command, but it is not available by default

% Unrecognized command

To enable the archive command, you need first enable hidden debug mode

AP84b8.02aa.bbcc#debug capwap console cli
This command is meant only for debugging/troubleshooting
Any configuration change may result in different
behavior from centralized configuration.

CAPWAP console CLI allow/disallow debugging is on

Now while the archive command is active, you can download firmware manually from your server

AP84b8.02aa.bbcc#archive download-sw tftp://

The access point running old firmware will constantly attempt to join the controller and download the firmware. If you try to run manual upgrade at this point, you will see the error message.

Unable to create temp dir "flash:/update"
Download image failed, notify controller!!! From: to, FailureCode:7

You can add /overwrite option to remove old firmware if you want. When the installation is completed, you need to reload the access point manually. Now it should be able to join the controller and download the latest 15.3(3)JG1 firmware from it.


9 thoughts on “Manual firmware upgrade of lightweight access point

  1. I tried putting in the command to download the updated software from my tftp server, and of course I got the error message you said I would get. So how do I get around it? I can't join it to the WLC with the current image, and I can't update the image manually, so it's really looking like the 3702i devices we purchased are just bricks that light up.
  2. Sorry, but I cant see the command Debug capwap console cli in my AP. Do you know another option for to enable the command Archive on the AP ?
    • Maybe you have old firmware, try to replace capwap with lwapp. If that won't help you need to check the documentation of your AP and firmware version. As far as I remember there is no archive feature on AP.
  3. Pingback: DTLS 1.2 and Cisco LWAPP / CAPWAP APs: On shooting yourself in the foot

  4. I am attempting to upgrade my AIR-CAP3602I autonomous access point, specifically to version 15.3.3-JF14 as it the one I have got installed is quite old. Any help would be greatly appreciated. https://software.cisco.com/download/home/284006700/type/284180979/release/15.3.3-JF14
      • That firmware was only released two days before James asked the question so I take that like me, he is trying to get hold of the firmware file. He might be able to find ap3g2-k9w7-tar.153-3.JF12.tar available or wait until someone shares JF14.
        • I both a used Cisco AP 1600 from Ebay and would like to upgrade the firmware to the latest. I am on ap1g2-k9w7-xx.153-3.JF5. Thanks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: