AIR-LAP1142N-E-K9 to autonomous Mode Adventure

Contents

1
2 Some initial needful information
3 Hunt goes on:
4 secret sauze
5 Configuring it
6 Some extremely useful links

Some initial needful information

Reset is done by holding MODE and then powering off and on the device
Default enable password is Cisco
Serial ttyUSB0 worked with one usb to rs232 and then a serial to RJ45 adapter, my cheapo ebay USB to rj45 did not work. The colors of the wires are different..
- working: LL977744 CSA AWM and a “pl2303 converter” Prolific Technology Inc on ttyUSB0
Firmware c1140-k9w7-tar.153-3.JD17.tar found on twitter with checksum d96702caf75442f01359aa9a6cb70d19

While the AP is in non autonomous mode you need to run a debug command to get the conf t: debug capwap console cli

To change it from using a controller to autonomous mode you need to load a firmware that is like that. The one I got had a firmware loaded that wanted to talk to a controller.

While looking in serial log indeed the firmware on the AP was “w8” at the end == needs a WLC
tried to first setup a TFTP server and open firewalls and reboot the access point while holding the mode button (you need to hold it for a long time, like 27s) – it tried to fetch the image from tftp://255.255.255.255/ but didn’t work / timed out..

Hunt goes on:

These release notes got me a bit worried: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/ios/release/notes/aap-rn-83mr5.html

Conversions from an 8.0 Wireless LAN Controller unified release AP image to autonomous 15.3(3) k9w7 image will get aborted with a message “AP image integrity check failed.” To overcome this, load any previous autonomous k9w7 image and then upgrade to the 15.3(3) JAB k9w7 images. If this is the same as LWAPP version I had was 7.3.x so the above did not apply.

https://greenwhitehat.blogspot.com/2017/08/how-to-configure-cisco-access-point-air.html

https://www.fragmentationneeded.net/2010/08/tftp-oddities.html is talking about changing listening address to 255.255.255.255 instead of 0.0.0.0 ..

secret sauze

setup static IP on your linux computer, make sure to not just “ip addr add ip/24 dev eth0” because you might still have NetworkManager with DHCP that might revert those changes
setup a dhcpd that has 10.0.0.5 10.0.0.7 range or some such
setup a linux tftp.service – if you want “–verbose –address 255.255.255.255:69” to the tftp.service CentOS7 edit that file in systemctl cat tftp
- Not sure if needed but maybe it was useful
systemctl start tftp dhcpd
sysetmctl disable dhcpd tftp
make sure to let UDP(& TCP?) 69 through the firewall
next is to connect the console and login to the AP and run some commands:

$ ena
# conf t
# debug capwap console cli
# archive download-sw /force-reload /overwrite tftp://10.0.0.2/c1140-k9w7-tar.153-3.JD17.tar

Before you disconnect the ethernet cable to the AP, do stop and disable dhcpd and tftp to prevent running some extra dhcp server in some office network.

Configuring it

Easiest is probably to use the http on http://IP:80 to configure it

Username/Password: Cisco/Cisco

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1140/autonomous/getting_starte d/guide/ap1140aut_getstart.html

There’s the express setup and I used these settings:

Only configured the 5GHz
Set a short SSID and enabled broadcast beacon
WPA2-PSK key
Disabled universal admin
Set VLAN 5 and native VLAN

Other changes:

Enable the radio (no shutdown on the interface or in the web ui)
Create a new user/change default passwords of Cisco user to make it a little bit harder for things to pwn it
Set clock
Change hostname and set a banner login banner
copy run start

One could enable https, but that used a too weak key by default so I just left it at http. In any case make sure to set the clock before enabling https.

Some extremely useful links

Previous post in this blog about my home network: https://www.guldmyr.com/blog/home-network-convergence/

https://community.cisco.com/t5/wireless-mobility-documents/lwapp-to-autonomous-conversion-and-vice-versa-on-access-points/ta-p/3121542

http://wiki.r1soft.com/display/ServerBackup/Configure+a+TFTP+server+on+Linux

http://exchange2013pikasuoh.blogspot.com/2015/08/convert-cisco-air-lap1142n-k9-to.html

10 thoughts on “AIR-LAP1142N-E-K9 to autonomous Mode Adventure”

bobby 2020/06/27 at 9:45 am

hi, looking for c1140-k9w7-tar.153-3.JD17.tar any clues where i can get it?
thanks

Reply ↓
1. Dai Uy 2020/09/16 at 8:23 pm
  
  Hi Bobby; If you have the download link for c1140-k9w7.tar, please share it to me.
  
  Reply ↓
bobby 2020/06/27 at 9:46 am

oops latest is c1140-k9w8-tar.153-3.JD17.tar

Reply ↓
1. guldmyr Post author2020/06/27 at 11:28 am
  
  I don’t, sorry! Maybe some other readers here can help out!
  
  w8 is also btw not the autonomous mode fw
  
  Reply ↓
bobby 2020/06/27 at 12:07 pm

ahh yes first one,

c1140-k9w7-tar.153-3.JD17.tar

Reply ↓
1. guldmyr Post author2020/06/27 at 6:05 pm
  
  https://mobile.twitter.com/MajesticFudgie/status/1274820406126546944
  
  Reply ↓
Pingback: New Home Network Plan! | Storefi
Kelly Clubb 2020/08/20 at 4:59 am

Please @kmclubb (me) on twitter for the file. I will give you a temporary link to download it.

Reply ↓
roox 2020/08/21 at 9:59 am

I’ve beek lucky today. Simply pressed MODE button for more than 20 seconds and the AP reset to factory and rebooted. Looking at boot CLI output I’ve seen AP sets itsef to 10.0.0.1 and broadcasts for a TFTP server (tries to contact tftp://255.255.255.255) looking for “c1140-k9w7-tar.default” file.
I prepared my TFTP server with the IOS “c1140-k9w7-tar.152-2.JB.tar” renamed to “c1140-k9w7-tar.default” and booted again the AP with MODE button pressed to force it looking for TFTP server. It worked: the AP did download the image and rebooted in autonomous mode.

Reply ↓
1. guldmyr Post author2020/08/21 at 11:09 am
  
  Excellent! That looks like the easiest! Did the tftp transfer timeout and retry a few times before it succeeded for you?
  
  Reply ↓

Storefi

There is IT in Helsinki