AP3602I

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску

Как отлисчить IOS

ap3g2-k9w8-mx.153-3.JF10 vs ap3g2-k9w7-mx.153-3.JD3

Именование platform-featureset-tar.version</code>.tar

Пример

  • ap3g2-k9w7-tar.153-3.JD3.tar

Платформы

  • ap1g1 - 700 series (702w beginning with 15.2(4)JB5)
  • ap1g2 - 1600 series
  • ap1g3 - 1530 series, AP803 embedded in IR829 router
  • ap1g4 - 1850/1830/1810 series (AP-COS)
  • ap1g5 - 1800/1815/1840/1540 series; AP1100AC embedded in C1000 series ISR (AP-COS)
  • ap1g6 - C9117 (AP-COS)
  • ap1g6a - C9124, C9130, C9136, IW9167, CW9164, CW9166 (AP-COS)
  • ap1g6b - CW9162I
  • ap1g7 - C9115/9120 (AP-COS)
  • ap1g8 - C9105 (AP-COS)
  • ap3g1 - 3500/1260 series
  • ap3g2 - 3700/3600/2700/2600/1700 series (aIOS, and lightweight up through 8.4/15.3(3)JE branch)
  • ap3g3 - 2800/3800/4800/1560/IW6300/ESW6300 series (AP-COS)
  • ap801 - AP embedded in 861W, CISCO88xW, CISCO891W, 1911W routers
  • ap802 - AP embedded in 819, 812, 886VA-W/887VA-W, and C88x/C89x routers
  • apw5100 - Rockwell Stratix 5100 WAPAK9, WAPCK9, WAPEK9, WAPZK9
  • c3700 - 1700/2700/3700 series APs (lightweight, 8.5/15.3(3)JF and above)
  • c1570 - 1570 series outdoor APs
  • c1550 - 1550 (128MB model) series outdoor APs
  • c1520 - 1520 and 1550 (64MB model) series mesh APs
  • c1410 - BR1410
  • c1310 - BR1310
  • c1250 - 1250 series APs
  • c1240 - 1240 series APs
  • c1200 - 1200 series (1200/1210/1220/1230)
  • c1140 - 1140 and 1040 series APs
  • c1130 - 1130 series APs
  • c1100 - 1100 series APs (i.e. the AP1121)
  • c520 - 521 AP
  • c350 - 350 series APs

featureset

  • k9w7 - autonomous (если нет контроллера, а у меня его нет, то это единственный доступный вариант)
  • k9w8 - full lightweight IOS/AP-COS (this is what is bundled in the WLC .aes image, and is factory installed on "mesh" APs)
  • rcvk9w8 - lightweight recovery image - this is factory installed on lightweight APs, unless a "mesh" image is specified; it lacks radio firmware (not available with COS)
  • boot - bootloader image (not IOS) - normally installed by manufacturing and not updated in the field

Особенности

As AP IOS is always distributed as a tar file, the AP cannot directly execute such a file (thus, if you were to copy c1240-k9w7-tar.124-25d.JA1.tar directly onto AP flash, and then try to boot it, this could not work.) The tar file contains, in addition to the IOS image proper, the radio firmware files, the HTML GUI files (if present), and various other files.

The AP IOS tar file must be unbundled into AP flash using the archive exec command (this is done in an automated fashion when a lightweight AP is upgraded after joining a WLC.) <> Example: AP1260#archive download-sw /overwrite tftp://10.95.42.136/ap3g1-k9w7-tar.124-25d.JA1

After unbundling, the IOS image itself be in a file called flash:/platform-featureset-mx.version/platform-featureset-mx.version - for example, flash:/c1240-k9w7-mx.124-25d.JA1/c1240-k9w7-mx.124-25d.JA1. The AP is configured to boot this image if the bootloader BOOT environmental variable is set accordingly. To see what IOS image the AP is configured to boot, examine the BOOT variable. Example: 

AP3502i#more flash:/env_vars | include BOOT

BOOT=flash:/ap3g1-k9w8-mx.152-2.JA/ap3g1-k9w8-mx.152-2.JA


To change the BOOT variable, use the IOS config mode boot system command.

Example: 

AP3502i(config)#boot system flash:/ap3g1-k9w8-mx.124-25e.JA2/ap3g1-k9w8-mx.124-25e.JA2

В целом, никто не мешает распаковать руками tar и залить только IOS и он будет грузиться и работать, но при этом не будет работать радиочасть так как не будет нужных firmware, при сильном желании их можно тоже распаковать и подложить руками, выкинув таким образом HTML из прошивки.

Как отконвертить точку для работы в stand-alone режиме без контроллера

Если удалось зайти на точку (известен лоин/пароль)

  • отключить питание
  • зажать mode
  • держать пока точка на консоль не напишет что увидела нажатие:
flashfs[0]: flashfs fsck took 19 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: b0:aa:77:eb:99:ba
Ethernet speed is 1000 Mb - FULL Duplex
Mode button pressed.
Mode button held for at least 1 seconds.
process_config_recovery: set IP address and config to default 10.0.0.1
  • enable (пароль Cisco)
  • debug capwap console cli
  • debug capwap client no-reload
  • capwap ap ip address 10.0.0.2 255.255.255.0
  • capwap ap ip default-gateway 10.0.0.1
  • archive download-sw /force /overwrite tftp://10.0.0.1/filename.tar В моем случае команда была такая: archive download-sw /force /overwrite tftp://10.0.0.3/ap3g2-k9w7-tar.153-3.JD3.tar
  • Ждать - точка сама распакует все что нужно (если не хватило места - удалить что-то ненужное)
  • После распаковки - сама перезагрузеится, адрес останется тот что был (в примере 10.0.0.2)

RomMON

то же самое из rommon (Не могу сказать как мне удалось загнать точку в такой режим, но удалось) 

Requirements:
1.TFTPd64 Server
2.Cisco IOS Software AP3G2-K9W7-M for (C3600 Series AP)
3.The Cisco AP and the Laptop with TFTP server must be in same network.

According to my network setup
Lightweight AP BVI1 IP address is 192.168.1.4
Laptop's IP address where TFTP server is installed 192.168.1.7 [Default Router IP]

First disconnect the ethernet cable from the AP then Press the Mode button and Put back the ethernet cable to the AP and hold the Mode button Untill flash light turns to umber and Once the Lightweight AP goes to online then apply the following commands to convert it to Autonomous version:

set IP_ADDR 192.168.1.4 [According to my network setup]
set NETMASK 255.255.255.0 [According to my network setup]
set DEFAULT_ROUTER 192.168.1.7 [According to my network setup]
tftp_init
ether_init
flash_init
tar -xtract tftp://192.168.1.7/ap3g2-k9w7-tar.153-3.JH.tar flash:
dir flash
set boot flash:/ap3g2-k9w7-mx.153-3.JH/ap3g2-k9w7-mx.153-3.JH
set
boot
Источник — https://noname.com.ua/mediawiki/index.php?title=AP3602I&oldid=12495