Friday, July 30, 2010

13 reasons to reboot your access points or your controller

Do they hire people fr Microsoft at Cisco? I don't know, but I know for sure that there are more and more features that require you to reboot your controller or your access points. It is quite difficult to keep track of them in the lab, as you do not want to waste time rebooting too often. On the other hand, if you do not reboot, some changes will not take effect, and you will not always be able to test those changes. So here is a list of the changes I found that require a reboot. If you find more, add them to the list!

Access Points: well, those are obvious.
  • AP mode: every time you change the AP mode (local to monitor for example), the AP reboots to reload the firmware matching its new mode. Good thing is the AP will popup to tell you it has to reboot.
  • Static IP: whenever you switch your AP IP address from static to DHCP or back, from the controller interface, a popup asks you to reboot the AP. Funny thing is that if you change the IP address from the AP CLI (using clear lwapp ap ip address, to remove a static IP address, or lwapp ap ip address a.b.c.d , you just need a shut/no shut.
  • Primary, etc.: if you change the AP primary/secondary/tertiary controller and want the AP to use this information, you need to wait for the AP to unicast a discovery message to that controller. Supposedly, this happens every 30 seconds, so whithin half a minute your AP should send an LWAPP keepalive message to that controller, then join it... if AP Fallback is set to Enable (Controller > General) on the current controller to which the AP is associated... well, you may want to reboot the AP to speed up the process and make the discovery more reliable, at least on code 4.2 (on 5.2 and up, seems to work a lot better).
  • Webauth WLAN: when you create your first WebAuth WLAN, you need to reboot your APs for the certificate to feature to be enabled on them. This does not seem to be consistent between code versions, on 4.2.130, failure to reboot the APs seems to cause clients to fail to get the certificate warning page, unless you refresh many times. Good practices say "reboot your APs".
  • Mesh AP and MAC filter list: no mesh in the lab yet... but for the sake of listing them all... if you have Mesh APs, and check or uncheck the MAC Filter List box in the Wireless > Mesh page (this parameter forces the AP to be authenticated through a MAC address list before being allowed to join the controller), all your mesh APs have to reboot to get applied this parameter. Supposedly they are supposed to reboot automatically... well, more than often, you may want to reboot those APs that forgot that they had to reboot automatically...

Controllers:
  • SNMP user/communities: on the 2106 and code 4.2.130 and 4.2.207 at least, the SNMP communities and v3 users seem to be loaded at boot time. You may discover this painfully when trying to add your WLC to you WCS and get "No response from device, check SNMP communities, version or network for issues". Reboot the controller, things should be better. An interesting detail is that this "feature" (that's how we also call the Blue Screen of Death, right?) seems to be platform and code dependant. So you may have or not have this issue... but keep it in mind if you have an SNMP issue with a newly added SNMPv1/2c community or v3 user...
  • Virtual Gateway interface: whenever you make any change to the Virtual Gateway Interface (changing its address or associated DNS name), you need to reboot the controller. The Virtual Gateway parameters are loaded at boot time and not refreshed (cannot change dynamically) during the active life of you controller.
  • Certificates: whenever you change a certificate on the controller, you need to reboot the controller for this certificate to be loaded in RAM and used. This is true for any certificate (https access to your controller, WebAuth WLAN certificate, local certificate for EAP/802.1X authentication, etc.).
  • LAG: if you set LAG to enable or disable, the change only happens next time you reboot.
  • NTP server: controllers query NTP servers at boot time, and at intervals defined by the CLI command config time ntp (or on the Controller > NTP page, Polling Interval). The default interval is 24 hours (86400 seconds), a bit too long a wait most of the time. A quick reboot forces the controller to check the NTP server (I am of course assuming a lab environment, not a production environment).
  • Max user database: when you change the maximum number of users in the database (from Security > General), this parameter will only be applied upon next reboot.
  • Symmetric Mobility Tunnelling: when you enable or disable this feature (from Controller > Mobility Management > Mobility Anchor Config), you need to reboot the controller for this feature to take effect.
  • Code and Config download: this is obvious, but whenever you download a new code to the controller or a previously saved config, you need to reboot the controller for those to be applied.
Don't reboot:
  • Short/long preambles? Cisco documentation states that you need to reboot the controller if you enable or disable short preambles (in Wireless > 802.11b/g/n > Network). This is a myth (or a leftover from ooooold times). When you change this parameter, you clearly see in the AP beacons capability field the Short Preamble Allowed parameter switching from 1 to 0, and the "long -preamble only" stations failing or succeeding to associate accordingly (tried on an old handheld scanner).
So, in the lab, should you reboot every time you change one of those, or reboot once sometime during the day (for example at lunch break)? I am not sure there is an absolute rule. I find many people saying "reboot once, this will save you time". I like to multi-task. So I would rather reboot when I change one of these parameters, do another task then come back to finish this one. This will ensure that I can test the feature if needed, and that I do not leave too many things to verify when coming back from lunch...

27 comments:

  1. If you use Motorola equipment , you don't have to reboot your AP/Switch so much, start using Motorola :-)

    ReplyDelete
  2. lol! I am not too sure that using Motorola will help too much for the CCIE W... but yep, I do remember the good old Airespace days when we were saying "reboot? What for?"
    :-D

    ReplyDelete
  3. I've found a few more items requiring controller reboots:
    - Changes to the RF Group name
    - Install or change licensing on a 5500 series controller

    Also, in my testing, changing the AP IP address does not require a full reboot. The AP only disconnects from the controller and then re-joins using the new IP address. I happen to perform this one all the time in my environment!

    Andrew (@revolutionwifi)

    ReplyDelete
  4. Also add webauth proxy on the Controller page of the WLC. It prompts you for a reboot.

    ReplyDelete
  5. Licensing doesn't seem to require a reboot any more on higher code levels

    ReplyDelete
  6. Hello Mr. Jerome.


    I'm starting in the certification of Cisco Wireless.

    I buy from EBAY one AP 3600 "Aironet 3600 model air-cap3602i-a-k9".

    This equipment was removed from an operating environment.

    After trying to set I note the following:

    1. I can login, but as a user with basic privileges, the commands I can run are reduced.
    2. The MODE button "RESET" it is blocked by command, I could see a "SHOW BOOT" command. I can not unlock because I do not have the privileges to execute commands.
    3. I have tried to connect for the GUI mode but it's not possible.

    What I want?
    I want to leave my equipment "Acces Point 3600" with the factory settings or make a recovery password.

    I do not know what is most recommended, but I need to practice with this equipment and I'm with hands tied.

    Please could you help me solve this problem.

    Thanks for your help.

    Regards,

    Juan.

    ReplyDelete
  7. I agree. You have made the nice blogs with the great info in the contents.
    Zero Up 2.0 Fred Lam

    ReplyDelete