Not a user yet?
Log in Register for free Suggest a product
The manufacturer Cisco has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Field Notice: FN74109 - Access Point Image Corruption

Catalyst 9117Catalyst 9117
Cisco
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

Field Notice: FN74109 - Access Point Image Corruption During CAPWAP Upgrade May Result in Boot Failure - Software Upgrade Recommended

Defect ID :CSCvx32806
Headline :Access Points stuck in bootloop due to image checksum verification failed

Problem Description
When some access points (APs) download software in CAPWAP (Control and Provisioning of Wireless Access Points) from a Cisco Catalyst 9800 Series Wireless Controller, the image may be corrupted. The AP may attempt to boot the corrupt image, resulting in the AP entering a boot loop. This field notice explains which deployments are and are not susceptible to this problem and how to recover APs that are in a boot loop.

Identify Affected Deployments
This issue is more likely to occur in a network path between a Cisco Catalyst 9800 Series Wireless Controller and an AP that has both high packet loss and a maximum transmission unit (MTU) that is lower than 1485. For more details on how to identify an at-risk network path, see https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/221869-safely-upgrade-access-points-avoiding-i.html.

Downloads from all Cisco Catalyst 9800 Series Wireless Controllers are susceptible to this vulnerability. Downloads from Cisco AireOS Controller are not susceptible.

The following Cisco AP models that are registered to Cisco Catalyst 9800 Series Wireless LAN Controllers (WLC) are affected:

  • Wave2 11ac APs (2800/3800/4800/1560/IW6330/ESW6300)
  • Catalyst 9100 Series WiFi6 APs (9105/9115/9117/9120/9124/9130/WP-WIFI6)
  • Catalyst 9100 Series WiFI6E APs (9136/9162/9164/9166)
  • Cisco 6300 Series Embedded Services APs
  • Catalyst IW6300 Series Heavy Duty APs

The following Cisco AP models are not affected:

  • 1800/1540 series Wave 2 11ac APs
  • Wave1 11ac APs (1700/2700/3700/1570/IW3700)

To prevent the APs from entering boot loops, upgrade APs to the following fixed versions of Cisco AireOS or Wireless IOS XE:

  • 8.10.185.0 and later
  • 17.3.7 and later
  • 17.6.6 and later
  • 17.9.3 and later
  • 17.11.1 and later

Workaround/Solution
Solution for APs That Are Already in a Boot Loop

To recover APs that are already in a boot loop condition as a result of image corruption following CAPWAP download, see Recover from a Boot Loop Caused by Image Corruption on Wave 2 and 11 ax Access Points (CSCvx32806).

APs that have Alt-boot enhancements can be recovered without physical access to the console. APs that are in a boot loop with an older u-boot must be recovered through the console.

Preparing for an Upgrade
If you are planning to upgrade your access points, and if all of the following apply:

  • Some or all of the APs are susceptible models.
  • Your network path from Cisco Catalyst 9800 Series Wireless Controller to the APs is at risk.
  • Your APs are now running software that lacks the fixes for booting bad images.

Additional Information

  • Safely Upgrade Access Points, Avoiding Image Corruption That Causes Boot Loop
  • Recover from a boot loop caused by image corruption on Wave 2 and 11ax Access Points (CSCvx32806)
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Cisco Catalyst 9117 updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad