Introduction
Recently I spent some time setting up a Cisco wireless network using their Cisco Mobility Express technology and in this article, I'd like to highlight some "gotchas" I ran into regarding access point software images while putting the network together.
This article does not cover the process of converting a regular Cisco Access Point to Mobility Express Controller mode, there are already plenty of guides out there about that.
For those that don't know, Cisco Mobility Express is a wireless deployment method where instead of using a separate wireless controller (also called WLC, which includes the 3504, 5520, 8540, and the newer 9800 models) to control and configure all of your access points (APs), a single access point is converted to a so-called Mobility Express Controller and after that acts as the single point of management for all the other access points in the network. Using the Mobility Express technology, you can configure most of the common settings found in a typical office wireless network, but since a simple access point is the one in charge, there are of course some features that are not available to their full extent. One of those things is access point software image management.
In a normal WLC deployment, the WLC itself is in charge of storing and distributing appropriate software images to all access points in the deployment. In Mobility Express, however, the storing part has to be moved to a separate TFTP server because an access point acting as a Mobility Express Controller does not have enough resources to store and manage all of the different kinds of images needed in networks that are running lots of different types of access points. This is why the storing part is instead handled by a separate TFTP server that needs to be installed on your network.
Without a TFTP server up and running on your network, other access points (even if they are the same model as the access point acting as the Mobility Express Controller) will not be able to join your deployment.
There is also a mode where you connect your Mobility Express Controller to Cisco.com to automatically download access point images on the go as needed, but that requires having an active SmartNet contract tied to the serial number of your access points, which is a whole other story and not covered in this article.
To illustrate the process of making other access points join your Mobility Express deployment with access point images being stored on a separate TFTP server, take a look at the topology image below.
In my case, I needed both an AP-2802 and an AP-2702 to join an AP-2802 acting as Mobility Express Controller, but you can of course have a deployment consisting of only a single access point model.
AP-01 (currently serving as the Mobility Express Controller) is running version 8.5.160.0 while the other access points are initially running version 8.3.
Set up the TFTP-server
Start by installing a TFTP server on your network. I used the free TFTP-server from Solarwinds, which you can easily find using your search engine of choice. In my case, I installed the TFTP-server on a Windows server. The default installation settings created the directory C:\TFTP-Root\ on my server and any file placed in this folder will be available for download using TFTP.
If you have a network firewall between your Mobility Express Controller and your TFTP-server, make sure that UDP port 69 is allowed from the Mobility Express Controller’s IP address to the server’s IP address.
Make sure the local firewall on your server is permitting TFTP traffic from the Mobility Express controller's IP address.
If your server is very somewhat locked-down, also take a look at the Permissions settings for the TFTP-Root folder and make sure it can be accessed by outside sources (giving the “Everyone” entity read-permissions is usually enough).
Download the AP Bundle of images
Head over to Cisco.com and in the Software Download section, search for your model of access point that is acting as the Mobility Controller. Navigate to the version currently being run on your Mobility Express controller and download the "Access Point image bundle" for that version. In my case, I had version 8.5.161.0 running on my Mobility Express Controller.
As you can see, the download size of the access point image bundle is way bigger than just downloading the image that runs on the Mobility Express Controller, which makes sense.
Put the AP Bundle of images on your TFTP-server
Unzip the file you downloaded from Cisco and open the folder it contained. Move all the files from the folder to your TFTP-Root. For simplicity, I am not using any particular structure inside my TFTP-Root folder, so I will just put all the images straight into C:\TFTP-Root\
If you did everything right, you should have something like this:
Configure the WLC to access the TFTP-server
Log in to the management web-GUI of the Mobility Express Controller (for me it’s IP-address 192.168.1.210) and head over to Management > Software Update.
Set the Transfer Mode to TFTP and put in the IP address of your TFTP-server (which is 192.168.1.55 in my case). For File Path, I am simply putting in a "/" which tells the Mobility Express Controller that the access point software images are in the root folder of the TFTP-server, and not inside any other folders in the TFTP-Root-folder itself.
Click Save when you are done.
Configure Transfer Mode, IP-address, File Path and then hit Save.
Join a new Access Point to the network
Time to put your configuration to the test. Connect an access point to your network that has a different software image version running on it than the one currently running on your Mobility Express Controller.
I plugged in my AP-2802 first to power it up, have it get an IP address from my DHCP-server, and then find the Mobility Express Controller via local broadcast on the subnet.
If you are watching the console output on the access point itself it will look similar to a non-Mobility Express deployment: once the access point finds the Mobility Express Controller, it will be told it needs to download a new image version to join the network. It will seem as the access point is downloading the new image from the Mobility Express Controller, and if you are also watching the log of your TFTP-server you will see that the Mobility Express Controller actually goes to fetch the image from the TFTP-server first and then send it to the access point.
In the TFTP-server’s log, I could see the Mobility Express Controller access the file “ap3g3” from the TFTP-server, which you can see in the image below.
After downloading the image, the access point restarted itself and joined the Mobility Express Controller.
With the AP-2802 done I then plugged in the AP-2702 into my switch to get it to join as well, and the process was very similar except that it was given the image named “ap3g2” instead.
At a glance, the AP image filenames don't tell you much, but if you dig into Cisco's website you can find the filename structure and which image is used for which access point model.
Final Notes
I rarely run into Mobility Express deployment so I thought it’d best to write down this process of access point image management as it is a bit different from what I am used to. I also thought it would make a good practical guide as the official Cisco documentation isn’t crystal clear about the traffic flow of getting the access point images from the TFTP-server to the ME-WLC and THEN sending it to the access point itself. The documentation I ran into made it sound like the access point had to access the TFTP-server, which is not the case.
Remember that this TFTP-server always has to be available with the correct access points images on it if you want to be able to continuously add access points to your deployment. The Mobility Express Controller will not locally store any of the images that have been grabbed using the TFTP-server in the past.