There are several Cisco Aironet APs in community. These have the Mobility Express firmware which basically means the AP has it's own controller built in, and if there are multiple APs at the same location, one will operate as a master (controller) and the others will operate as APs and will get configuration from the controller. The nice thing is if the controller AP fails, one of the other APs will elect to become the controller.
As part of the RFFR policies, firmware on all network devices need to be updated on at least a 6 monthly basis.
Downloading firmware
To update Cisco firmware, you need to sign into the Cisco support page (with itsupport@cye.org.au) and browse to:
Downloads Home > Wireless > Access Points > Aironet 1850 Series Access Points > Aironet 1850i Access Points > Cisco Mobility Express
(Direct URL at this time is https://software.cisco.com/download/home/286285803/type/286289839)
In theory it will take you to the suggested release which has a yellow star symbol. While there could be newer releases, the suggested release is deemed the most stable at the time so download the recommended release unless there's a specific reason to upgrade to latest.
In the list of files, there are two choices:
* Cisco 1850 Series Mobility Express Release 8.10 Software,to be used for conversion from Lightweight Access Points only
(The 1850 can be used as a Mobility express (ie it's own controller), or with a separate hardware controller and therefore only needs the lightweight firmware. This choice is used to convert back to Mobility Express. You won't need this unless you've purchased an 1850i from ebay and it has the lightweight firmware.)
* Cisco 1850 Series Mobility Express Release 8.10 Software. Access Point image bundle, to be used for software update and/or supported access points images.
(This is the one we want to download)
Check the checksums!!!!!!!!!!
You're downloading a firmware file over the internet/VPN. It is imperative you check the file hash so you know you are loading a good firmware to a device. Loading a bad firmware can render the device unbootable. Get into the habit of checking after each network transfer including transferring from one server to another.
Click on the software choice on the Cisco download site to display the SHA512 hash. Copy this hash to a text file.
Once you have downloaded the .zip file, use powerwhell to check the hash.
"paste the hash from website here between quotes" -eq (Get-FileHash "file downloaded from website" -Algorithm SHA512).hash
eg
"bed00bdc143f97c608412bc11f3f7b673147adc7271846be53c9fc6480c23c443db8e8ba89f3dbd4b7e5dbfc5a76b9f536828b607a48025a243a075184467085" -eq (get-filehash .\AIR-AP1850-K9-ME-8-10-185-0.zip -Algorithm SHA512).hash
If the result is True, the hashes match, if false something happened during the download and you need to redownload.
Copy firmware to remote sites
I have been using the WDS servers to load the firmware. At the time of writing this the following servers:
* SVRCYPMMGWDS
* SVRCYPLOKWDS
* SVRCYPHPEWDS
* SVRCYPAUUWDS
* SVRCYPAUUCYEWDS
* SVRCYPCUQWDS
eg copy the .zip file up to \\svrcypmmgwds\c$\Users\cypnetadmin\Downloads
Check the checksum again!!!!!!!!!!
Always check the checksums after copying over the internet/VPN using the above powershell.
TFTPD
Cisco APs support TFTP protocol. I use TFTPD which should also be in Downloads folder on each of the servers above.
Be aware that any servers running WDS (for PXE boot) already has a lock on the TFTP port so you need to temporarily stop the WDS service.
Stopping the WDS service
service name: WDSServer.
Use Task manager> services; or use the services.msc; or powershell > stop-service WDSServer.
Preparing the files.
Extract the firmware .zip to a folder of same name. Inside should be files such as 'ap1g1', 'ap1g4' etc
Open TFTPD and point the current directory to the folder above.
AP Pre-Download
Pre-downloading the firmware is not updating the APs right there and then- it is preparing to do so, but the upgrade happens after a reboot of the APs. You can prepare now which won't cause interruptions to staff, and do a reboot later to actually do the update.
Use Firefox web browser to log into the site's AP eg https://192.168.18.39 for Mossman Gorge. Note do this from your workstation/laptop not from the WDS server.
Management > Software Update
Transfer mode: TFTP
IP Address: use the IP address of the local WDS server. eg 192.168.18.12 (for svrcypmmgwds )
File Path: /
Schedule Update: Off (We want to pre-download the files right now)
Auto Restart: Off (Off if during business hours and don't want to interrupt users, On if want to update on the fly but this will interrupt users)
Click Save (saves to memory)
Click the Configuration Save icon up top of page (saves config to flash).
Click Update
The APs will pre-download the image from the TFTPD application. You can see this happening if you watch the TFTPD program.
Refer to "Pre-download Image Status" to see the percentage download.
ME Controllers at the time of writing this:
https://192.168.13.39 (OHub AUU)
https://192.168.12.39 (CYE Training Centre AUU)
https://192.168.26.39 (CYE Op Shop Shed AUU)
https://10.13.202.38/ (Men's Shed AUU)
https://192.168.19.39 (Ohub Hope Vale)
https://192.168.21.39 (CYE Lockhart River)
https://192.168.18.39 (OHub Mossman Gorge)
https://192.168.14.39 (OHub Coen)
Update
Reboot APs to actually update the APs. I typically do this from the Meraki dashboard and turning off the power to the ports the APs are connected to.
If, after logging back on, you notice the controller firmware still running on older version, go to Monitoring > Access Points > select an access points > Tools. Confirm new image version is in the backup image, and click on "Interchange Image".