The process to upgrade a Cisco Wireless Lan Controller is quite straightforward but there are a few things you need to be aware of which can minimise the downtime for your wireless network.
This guide will go through the process to upgrade a pair of 5508 WLC’s configured in HA setup and connected back to back with RP port.
Upgrade Software on Cisco 5508 – Step 1
The first step is to upload the new image to the controller.
This process does nothing to your live network and only uploads the image to the controller.
Download the image from cisco.com and store in a known location on your laptop.
For the purpose of this guide I am using 8.0.121.0 which is the latest stable release.
You will need a TFTP server running, I am using TFTPD32 running locally on my laptop.
Copy the new image into your tftp directory and go to the GUI on your controller.
Navigate to Commands / Download File
The words a little confusing here as you are technically uploading a file to the controller but in the WLC world you download a file to the controller!?
Change the details to match the below changing the IP address to that of your tftp server.
Click the download button on the far right of the screen.
Once the image has downloaded to the primay and been extracted the controller will upload the file to the standby controller.
The image is then written to Flash
The AP Image bundle is then written to flash
Then again for the standby controller
After a few minutes you should see a successful message
You can now verify this image by using the CLI
SSH to your controller and issue the command show boot
This is before
(Cisco-Wireless-5508) >show boot Primary Boot Image............................... 7.6.130.0 (default) (active) Backup Boot Image................................ 7.6.100.0
This is after the upload
(Cisco-Wireless-5508) >show boot Primary Boot Image............................... 8.0.121.0 (default) Backup Boot Image................................ 7.6.100.0 (active)
The default image is the one that will be loaded on the next reload.
You now need to Prime the AP’s with the new image.
You don’t have to perform this step, but it will minimise network downtime as the AP’s will not have to download a new image when the controller reboots as they will already have it.
SSH into the controller and issue the command config ap image predownload primary all
This will push the primary image (8.0.121.0) to all APs – This process may take some time depending on how many AP’s you have
You can monitor the progress with the command show ap image all
Currently all APs are on the current version
(Cisco-Wireless-5508) >show ap image all Total number of APs.............................. 21 Number of APs Initiated....................................... 0 Predownloading.................................. 0 Completed predownloading........................ 0 Not Supported................................... 0 Failed to Predownload........................... 0 Predownload Predownload AP Name Primary Image Backup Image Status Version download ------------------ -------------- -------------- --------------- ----------- WAP-06 7.6.130.0 0.0.0.0 None None WAP-07 7.6.130.0 0.0.0.0 None None WAP-09 7.6.130.0 0.0.0.0 None None WAP-08 7.6.130.0 0.0.0.0 None None WAP-04 7.6.130.0 0.0.0.0 None None WAP-10 7.6.130.0 0.0.0.0 None None Some AP's now have the new image WAP-1 7.6.130.0 8.0.121.0 Complete 8.0.121.0 NA NA WAP-2 7.6.130.0 0.0.0.0 Predownloading 8.0.121.0 NA NA WAP-3 7.6.130.0 8.0.121.0 Complete 8.0.121.0 NA NA
All the AP’s have now had the new image pushed to them and it is ready to become the active image.
So far during this process the wireless network has been operating normally.
To verify the controller will boot from the primary image issue the command config boot primary
Then verify with the command show boot
(Cisco-Wireless-5508) >show boot Primary Boot Image............................... 8.0.121.0 (default) Backup Boot Image................................ 7.6.100.0 (active)
This should not have changed since earlier but I like to double check.
All you have to do now is to reload both controllers.
Before doing that just verify that the Redundancy is operational with the command show redundancy summary
(Cisco-Wireless-5508) >show redundancy summary
Redundancy Mode = SSO ENABLED
Local State = ACTIVE
Peer State = STANDBY HOT
Unit = Secondary – HA SKU (Inherited AP License Count = 50)
You just need to confirm that the Peer is Standby Hot
Now you can reload.
To ensure both controllers reload together use the command reset system in <then enter a time more than 61 seconds>
(Cisco-Wireless-5508) >reset system in ? <HH:MM:SS> Enter the delay duration. Valid range: <00:01:01> to <119:59:59> For whatever reason the controller will not accept 1:01 so I had to add 2:01
Using this command will reboot both devices.
To minimise downtime even more you can add the reset-aps keyword at the end of the command
reset system in 00:02:01 image primary swap reset-aps
This will start the AP’s reloading instead of waiting for the controller to come back before realising their image is wrong and then reloading.
You now have to wait for the controllers to restart.
At this point I would start to ping the management address of the controller to see when it comes back online.
For critical environments where you are local to the controllers you can monitor the process on the console.
For a lot of upgrades this process can be performed remotely.
Once the controller has come back and you log into it you should see the new code running.
Go to Wireless / Access Points and make sure all your AP’s are coming back online and are running the correct image.
Roger Perkin - CCIE #50038 is a Network Automation Engineer & CCIE Consultant based in the UK, currently working for Softcat Plc as a Senior Network & Security Consultant.
Rogers' CCIE Journey | About Roger | Contact | Twitter | Linkedin
Hi, Just want to say thanks for your step through of the process. Helped confirm the release notes / tech articles on the CISCO site, but you provided more details for each step.
So thanks again!
No problem Chris, glad it helped
Good clear process, Thanks for the how too. It is most helpful. Sometimes it is easy to get lost in the documentation, and it takes a little longer to locate what is needed. This info is a great help.
Great how-To document! very clear and to the point with examples that shows what i should be seeing after each step.
Thanks Richard, glad it helped
Do you have the procedure to Upgrade Software on Cisco 5508 in a primary and secondary redundancy configuration?
If you are running in a Primary / Secondary topology, depending on where the access points are currently associated just update each controller separately.
I would update the secondary, and if all goes well migrate the primary.
I have One other question –
If after replacing the standby WLC(5508) with new hardware (after doing the basic config) and enabling SSO,
Will the active WLC (5508) in a HA pair automatically push the configuration onto the standby WLC?
or
Does the config (backup config of the Active WLC) have to be pushed onto the standby WLC using TFTP prior to enabling SSO?
For a pair of 5508’s running HA SSO (using RP cable) they will sync their config. This is to be used if the controllers are in the same room or connected via a L2 link between DC’s if you are running N+1 failover i.e two separate controllers with high availablity configured on the AP’s then config needs to be updated on both controllers
The Standby WLC is a HA-SKU box and connected to the Active WLC back-to-back via RP port.
Thanks.
Hello I have two question of reset system
If I execute to reset system for no-swap commend like ” reset system in 00:02:10 image no-swap reset-aps ”
what’s happening on WLC and AP??
and One more thing about reset system commend
which one is correct “reset system in 00:02:10 image primary swap reset-aps” or “RESET STSTEM IN 00:02:10 IMAGE SWAP RESET-APS”
Thank you
When you issue that command the WLC will reboot in 2 minutes and 10 seconds. it will not swap the image on the AP’s and it also instructs them to reboot as well. This process is basically the quickest way to reboot everything as if you just reboot the WLC the AP’s will sit there waiting and when they realise the WLC code has upgraded will then reload.
If you are not in a critical environment I would just reload the controller from the GUI and let the AP’s catch up.
I would use the lower case command,
Roger
Roger,
Great step by step instructions.
When I went to preload the AP they failed. What can I look at to solve the issue? or should i just reboot the 5508?
Thanks,
Garrett
Garrett,
Can you expand on “they failed”
What model of APs?
Jumping from 7.4 to 8.2 is a big jump and chances are your AP’s are old and will not be supported with 8.2 on the controller?
thank you for writing such a clear and concise DOCUMENT.
Very helpful indeed.
Excellent Document……………….Very useful…
Thanks for the information!
Quick question, I just wanted to make sure that I can prep everything before my maintenance window (Download the image to the controller, pre-download the image to all the APs) without any outages. Then reload during the maintenance window. This this correct?
Hi Bobby,
Yes you need to get the image on the controller and you can download it ahead of time, nothing will happen until you reboot. You can also push the image to the AP’s, but depending on the amount of AP’s you have and your maintenance window size I rarely do this now, once the controller has rebooted, the AP’s should be back online in less than 5 minutes, by pre-downloading the image you will be only saving yourself 1-2 minutes at the most.
hi roger,
i have a question. did you connect your laptop directly to wlc?
if yes in wich port?
No I was just connected to the network, the WLC ports are configured as trunks you can connect to any port as long as you are addressed in the right vlan
THIS STEP BY STEP PROCEDURE IS FANTASTIC. Thank you very much for posting it up.
Great stuff Chris, glad it helped
hI, GREAT GUIDE… qUICK QUESTION. If we preload the FW to BOth wlc and APs what happens if the APs reload before the wlc? e.g. powercut before the upgrade
Nothing happens until the controller is backup, the AP’s cannot decide if they should upgrade, downgrade or do nothing until they peer with the controller