7-21
Cisco Wireless LAN Controller Configuration Guide
OL-9141-03
Chapter 7 Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Using the MODE Button and a TFTP Server to Return to a Previous Release
Follow these steps to revert from lightweight mode to autonomous mode by using the access point
MODE (reset) button to load a Cisco IOS release from a TFTP server:
Step 1
The PC on which your TFTP server software runs must be configured with a static IP address in the range
of 10.0.0.2
to 10.0.0.30.
Step 2
Make sure that the PC contains the access point image file (such as
c1200-k9w7-tar.123-7.JA.tar
for a
1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3
Rename the access point image file in the TFTP server folder to
c1200-k9w7-tar.default
for a 1200
series access point.
Step 4
Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5
Disconnect power from the access point.
Step 6
Press and hold the
MODE
button while you reconnect power to the access point.
Note
The MODE button on the access point must be enabled. Follow the steps in the
“Disabling the
Reset Button on Access Points Converted to Lightweight Mode” section on page 7-24
to check
the status of the access point MODE button.
Step 7
Hold the
MODE
button until the status LED turns red (approximately 20 to 30 seconds), and release the
MODE button.
Step 8
Wait until the access point reboots as indicated by all LEDs turning green followed by the Status LED
blinking green.
Step 9
After the access point reboots, reconfigure the access point using the GUI or the CLI.
Access Point Authorization
Depending on whether access points have manufacturing-installed certificates (MICs), the controller
may either use self-signed certificates (SSCs) to authenticate access points or send the authorization
information to a RADIUS server.
Controllers Accept SSCs from Access Points Converted to Lightweight Mode
The lightweight access point protocol (LWAPP) secures the control communication between the access
point and controller by means of a secure key distribution requiring X.509 certificates on both the access
point and controller. LWAPP relies on a priori provisioning of the X.509 certificates. Cisco Aironet
access points shipped before July 18, 2005 do not have a MIC, so these access points create an SSC when
upgraded to operate in lightweight mode. Controllers are programmed to accept local SSCs for
authentication of specific access points and do not forward those authentication requests to a RADIUS
server. This behavior is acceptable and secure.