Cisco WLC – HA SSO upgrade

“Is the upgrade procedure for a high-availability pair of Cisco Wireless LAN Controllers the same as the procedure for a single Cisco WLC?” Several customers asked me this questions and the answer is YES.

First you check the current and backup firmware image.

(Cisco Controller) >show boot
Primary Boot Image…………………………. (default) (active)
Backup Boot Image…………………………..

Next you check if your SSO configuration is working as expected.

(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO ENABLED
Local State = ACTIVE
Peer State = STANDBY HOT
Unit = Primary
Unit ID = 00:81:C4:87:3B:C9
Redundancy State = SSO
Mobility MAC = 00:81:C4:87:3B:C9
BulkSync Status = Complete
Average Redundancy Peer Reachability Latency = 177 Micro Seconds
Average Management Gateway Reachability Latency = 935 Micro Seconds

Upload the new firmware to the controller by using an TFTP or FTP server. I am using an TFTP server in this example.

(Cisco Controller) >transfer download datatype code
(Cisco Controller) >transfer download filename AIR-CT5520-K9-8-2-141-0.aes
(Cisco Controller) >transfer download path .
(Cisco Controller) >transfer download serverip
(Cisco Controller) >transfer download mode tftp
(Cisco Controller) >transfer download start

After the TFTP session is finished you’ll notice that the the software is automatically transferred from the active to the standby unit.

TFTP Code transfer starting.

TFTP receive complete… extracting components.

Checking Version Built.

Image version check passed.

Informing the standby to start the transfer download process

Waiting for the Transfer & Validation result from Standby.

Standby – Standby receive complete… extracting components.

Standby – Image version check passed.

Transfer & validation on Standby success, proceed to Flash write on Active.

Writing new AP Image Bundle to flash disk.

Executing fini script.

File transfer is successful.
Reboot the controller for update to complete.
Optionally, pre-download the image to APs before rebooting to reduce network downtime.

Transfer Download complete on Active & Standby

The last step is to reload both controllers to activate the firmware. After you reboot the active controller, you are able to access the standby controller and reboot that controller too. You have the option to reboot both controllers with one command.

(Cisco Controller) >reset system both in 00:05:00 image no-swap reset-aps

The controller also has the option to pre download the firmware from the controller to the access-points. This speeds up the upgrade process for the access-points, because the access-point don’t need to download the firmware after the controllers are online again. The access-point only need to reboot when the loose the connection with the controller. I will describe this process in a separate post.

After the controllers are back online, you should check the primary and backup boot firmware to see if the upgrade was successful.

(Cisco Controller) >show boot
Primary Boot Image…………………………. (default)
Backup Boot Image………………………….. (active)

NetScaler VPX – upgrade firmware

I am fairly new to NetScaler to I tried to upgrade the software via CLI. This is what I if done.

  1. Download the upgrade firmware via
  2. Backup the configuration
  3. Upgrade the software to the NetScaler appliance (I used pscp.exe on a Windows machine to upload the software to the directory /var/nsinstall/11.0/63.16. I created the directories 11.0/63.16 before uploading the firmware)
  4. Untar the software
  5. Install the software (relax and take your time)
  6. Reboot the appliance
  7. Verify the upgrade (show version)

When everything goes according to plan, you would see the following output:

root@netscaler# tar zxvf build-11.0-63.16_nc.tgz
x .ns.version
x ns-11.0-63.16.gz
x ns-11.0-63.16.sha2
x Citrix_Netscaler_InBuilt_GeoIP_DB.csv.gz

root@netscaler# ./installns
installns: [94606]: BEGIN_TIME 1444387063 Fri Oct 9 12:37:43 2015
installns: [94606]: VERSION ns-11.0-63.16.gz
installns: [94606]: VARIANT v
installns: [94606]: No options
installns: [94606]: prompting for reboot
installns: [94606]: END_TIME 1444387469 Fri Oct 9 12:44:29 2015

Installation has completed.

Reboot NOW? [Y/N]

Cisco WLC and pre-download software to AP

A simple post, because I always forget the CLI commands to TFTP the software to the controller. I also added the command to predownload the new firmware to all access-points. This dramatically speeds up the upgrade process of the access-points.

You need to set the TFTP parameters first.

(Cisco Controller) >transfer download datatype code
(Cisco Controller) >transfer download mode tftp
(Cisco Controller) >transfer download serverip
(Cisco Controller) >transfer download path .
(Cisco Controller) >transfer download filename AIR-WLC4400-K9-5-2-178-0.aes

Next you can start the actual download of the firmware image.

(Cisco Controller) >transfer download start

You can now choose to reboot the controller without predownloading the firmware to the access-points. Predownloading the images is done via the command:

(Cisco Controller) >config ap image predownload primary all

You can view the progress of the predownload via:

(Cisco Controller) >show ap image all

Sometimes the predownloaded image is stored as backup image on the access-points. You can swap the image to the primary image via

(Cisco Controller) >config ap image swap all

Issue the following command to see the images on the Cisco WLC

(Cisco Controller) >show boot

Cisco WLC – Upgrade FUS image

Today I upgraded a FUS image on a Cisco WLC 5500 controller, because I also upgrade the WLC software to The FUS upgrade is straightforward and comparable to a regular software update. The only difference is that you need console access to perform the upgrade. The FUS image upgrades the following components:

  • Field Recovery Image is upgraded to runtime image version
  • Bootloader is upgraded to 1.0.16
  • Offline Field Diagnostics is upgraded to 0.9.28
  • FPGA Revision version is upgraded to 1.7
  • Environment Controller (MCU) Image version is upgraded to 1.8
  • USB Console Revision version is upgraded to 2.2

During the upgrade process you have to confirm to proceed the upgrade, like shown below

Checking for Field recovery image upgrade

Field Recovery Image upgrade …

        Upgrade Field Recovery Image from version to

        Are you sure you want to proceed (y/N) ? y
* Please make sure POWER SUPPLY is always ON during this period. *    ******************************************************************

Erasing Flash (estimated 49 seconds) …

Writing to flash (estimated 716 seconds) …

This happens multiple times and the controller reboots several times during the upgrade. It took about 20 minutes for the complete upgrade of the FUS image.

Upgrade Cacti 0.8.x

A lot of people use the CactiEZ virtual appliance to install a running Cacti environment. The latest CactiEZ virtual appliance (CactiEZ v0.6) uses Cacti v0.8.7c with Plugin Architecture 2.2. Of course a lot of people are developing Cacti and the latest stable version is Cacti v0.8.7g with Plugin Architecture 2.8.

I always have trouble with upgrading Cacti, because you have to take multiple steps and you shouldn’t forget one. This blog post helps, because it shows the steps to take for upgrading to the latest version of Cacti.

I always start with changing the default behavior of the cp command. The command default adds the parameter –i, which creates an interactive command. The result of the –i parameter is an overwrite question before copying, like shown below.

cp: overwrite `/var/www/html/docs/html/data_input_methods.html’?

This behavior can be changed by deleting or commenting out the cp-alias within /root/.bashrc. Don’t forget to logout and login again.

Now we are ready to upgrade Cacti. Let’s go.

1. First you need to backup the current Cacti database;

mysqldump -l –add-drop-table cacti > cacti_sql_backup

2. Backup your current Cacti html directory;

mv /var/www/html /var/www/html.bak

3. Copy the new tarball to the target system and extract the tarball;

tar zxvf cacti-0.8.7g.tar.gz

4. Move the new files over the Cacti root directory;

mv /root/cacti-0.8.7g/ /var/www/html/

5. Edit include/config.php to include the correct database credentials and default session name;

$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;
$database_port = “3306”;

#$cacti_session_name = “CactiMadeEZ”;

6. Copy the *.rrd files, scripts and XML files from the old Cacti directory;

cp /var/www/html.bak/rra/* /var/www/html/rra/.
cp -rfv /var/www/html.bak/scripts/* /var/www/html/scripts/
cp -rfv /var/www/html.bak/resource/* /var/www/html/resource/

7. Set the appropriate owner and permissions;

chown –R apache:apache /var/www/html

8. Go the the Cacti website and follow the screen instructions to upgrade the database;

9. Copy and extract the plugin architecture tarball, copy .diff file to the Cacti root directory and apply the patch;

tar zxvf cacti-plugin-0.8.7g-PA-v2.8.tar.gz
cp /root/cacti-plugin-arch/cacti-plugin-0.8.7g-PA-v2.8.diff /var/www/html/.
cd /var/www/html
patch -p1 –N < cacti-plugin-0.8.7g-PA-v2.8.diff

10. Change the file include/global.php to include the correct database credentials, default session name and the plugin list;

/* Default database settings*/
$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;
$database_port = “3306”;

/* Default session name – Session name must contain alpha characters */
$cacti_session_name = “CactiMadeEZ”;

$plugins = array();
$plugins[] = ‘settings’;
$plugins[] = ‘superlinks’;

11. Copy the old plugins directory;

cp -rfv /var/www/html.bak/plugins/* /var/www/html/plugins/.

12. Go to Configuration – Plugin Management to install / enable your plugins. Install / enable the plugin loginmod to get your customized login page back.

Now the upgrade is ready and you are set to experience your freshly upgraded CactiEZ appliance.