FortiWLC Upgrading Patches

Upgrading Patches

In addition to providing options to install and un-install patches, you can now easily view more details about the contents of a patch and also get history of patches installed in the controller.

These new options are available via the controller WebUI and the CLI.

Using the WebUI

Patch management options are available in the Maintenance > File Management > Patches tab. If there patch build file copied in the controller, they will be listed on this page. For specific option, select a patch file and click the option at the bottom of the page.

  1. List of Patches
  2. Patch History
  3. Patch Install
Using CLI
  1. show patches

Displays the list of patch builds copied to the controller.

#show patches

8.0‐0dev‐51‐patch‐bug1234 [installed]

8.0‐0dev‐50‐patch‐bug1234_bug1236

8.0‐0dev‐50‐patch‐bug1234

8.0‐0dev‐50‐patch‐2015.07.22‐17h.12m.09s

8.0‐0dev‐50‐patch‐bug1234_bug1235

8.0‐0dev‐51‐patch‐bug1234_bug1235

8.0‐0dev‐51‐patch‐bug1234

  1. show patch installed

Displays the patch currently installed in the controller.

controller(15)# show patch installed

8.0-0dev-51-patch-bug1234

  1. show patch history

Displays the history of all the patches installed and uninstalled in the controller controller(15)# show patch history

2015:07:24 01:51:13: uninstalled 8.0‐0dev‐50‐patch‐bug1234 on build 8.0‐0dev‐51

2015:07:24 01:54:13: installed 8.0‐0dev‐51‐patch‐bug1234_bug1235 on build 8.00dev‐51

2015:07:24 01:56:39: uninstalled 8.0‐0dev‐51‐patch‐bug1234_bug1235 on build

8.0‐0dev‐51

….<snipped>….

2015:07:24 14:54:50: uninstalled 8.0‐0dev‐51‐patch‐bug1234 on build 8.0‐0dev‐51

  1. show patch details <patch-name>

Displays the list of bug fixes available in this patch.

controller(15)# show patch details 8.0‐0dev‐50‐patch‐bug1234

8.0‐0dev‐50‐patch‐bug1234 patch is revertable bugs:   37405: summary of bug 37405

controller(15)#

  1. show patch contents <patch-name>

Displays the md5 sum of the patch build.

controller(15)# show patch contents 8.0‐0dev‐50‐patch‐bug1234

8.0‐0dev‐50‐patch‐bug1234

files:

  /opt/meru/etc/coord.config: 3d4c720265e21a53dfafe2a484e8bf11

  1. patch uninstall <patch-name>

Use this command to un-install the patch build from the controller. controller(15)# patch uninstall 7. Reverting from backup.

cp ‐f /data/.patch‐backup//meru‐8.0‐0dev‐51‐patch‐bug1234/coord.config /opt/ meru/etc/coord.config

Reverting from backup done.

 

FortiWLC Summary of File System Commands

Summary of File System Commands

The following lists the available file system commands in privileged EXEC mode.

Upgrading System Images

Command Purpose
controller> cd [filesystem] Sets the default directory on the Flash memory device. If no directory name is specified, this sets the default directory to images. Permitted directories are:

images: The directory containing upgrade images ATS/scripts: The directory containing AP boot scripts backup: The directory containing database backup images.

controller> pwd Displays the current working directory.
controller> dir [filesystem:][filename] Displays a list of files on a file system. This can be one of the permitted directories given in the cd command or a remote directory referenced by an FTP URL.
controller# delete filename controller# delete directory:filename controller# delete flash: image Deletes a file from the file system or deletes an upgrade image file from flash memory. The directory parameter can be used to delete a file from a different folder.
controller# show flash Display the versions of the image files contained in the controller’s flash memory.
controller# rename old new Renames a file from old to new.
controller# show running-config Display the contents of the running configuration file.
controller# more running-config Display the contents of the running configuration file. Alias for show running-config, but in contrast to that command, this one prompts the user to press a key to scroll the screen once it is filled. This allows the configuration to be shown a screen at a time, instead of scrolling all the way through instantly.
controller# copy running-config ftp|sftp|scp:[[[//username:password]@location/directory]/filename] Copies the running configuration file to an FTP, SFTP, or SCP server, for example:

controller# copy running-config ftp://user1:userpass@server1/jan01config controller# copy running-config scp://user1:userpass@server1/ jan01-config

controller# copy running-config startupconfig Saves the running-configuration to the startup configuration to make it persistent. You should always do this after a set of configuration commands if you want your changes to persist across reboots.

Summary of File System Commands

 

Command Purpose
controller# reload ap [id] | all | controller | default Reboots the controller and/or the specified AP:

If the ap keyword is specified, all APs are rebooted, or if id is included, the AP with the identifier id is rebooted.

If the keyword all is specified, the Fortinet controller and all the APs are rebooted, using the current startup configuration.

If the keyword controller is specified, the controller is rebooted, using the current startup configuration.

If the keyword default is specified, the controller and all the APs are rebooted at the factory default startup configuration.

controller# upgrade feature version Upgrades the system with the specified feature.
controller# upgrade system version Upgrades the system image on the controller and all APs to the specified version.
controller# upgrade ap version | same

[id | range | all]

Upgrades the access point image to the same version of system software that the controller is running.

id—Upgrades the access point with the specified ID to the same version of system software that the controller is running.

range—Upgrades a range of APs, specified as a list using commas and dashes, without spaces or wildcards. AP IDs must be listed in ascending order.

all—Upgrades all access point image to the same version of system software that the controller is running.

controller# downgrade system version Downgrades the system image on the controller and all APs to the specified version. Note that when this command is executed, the user will be prompted to remove all local users and groups from the system.
controller# run script Executes the named script. If the script is in the current directory, the relative path name is specified. Otherwise, the full path name must be specified. The script must be either in images, ATS/scripts, or backup.

FortiWLC Upgrading System Images

Upgrading System Images

The controller is shipped with a pre-installed system image, containing the complete FortiWLC (SD) software. This image is loaded when the controller boots. As new software releases become available, you may decide to upgrade the system image.

Each release is accompanied by a Release Notes file on the documentation CD, which include procedures for upgrading different types of system configurations to the current release. Be sure to use the procedure included in the Release Notes when you choose to upgrade your system, as they provide the most up-to-date procedures.

All Time High Achieved!

We hit a total of 2942 visits yesterday! That is a record all time high for Fortinet GURU. The site is growing steadily and I am very excited about the new comments and interactions we have had as a result. Keep up the great community! I would love to help everyone that has questions!

FortiWLC Manipulating System Files

Manipulating System Files

To manage the system files, you might want to transfer a configuration file to a remote system to back up the file, or obtain from a remote system an update or backup file. To access the remote system, you probably need a username and password. This section provides some example commands for performing these tasks.

Manipulating Files on a Network Server

To specify a file on a network server, use one of the following forms:

  • ftp://<username>:<password>@server/filename
  • scp://<username>:<password>@server/filename
  • sftp://<username>:<password>@server/filename
  • tftp://server/filename

The server can either be an IP address or host name. The username, if specified, overrides a username specified by the global configuration command ip ftp username. A password also overrides a password specified by the global configuration command ip ftp password.

The specified directory and filename are relative to the directory used for file transfers, or in absolute format.

Manipulating System Files

The following example uses secure FTP to access the file named meru-3.7-config on a server named ftp.fortinet.com. This example uses the username admin and the password secret to access this server: controller# copy sftp://admin:secret@ftp.fortinet.com/meru-3.7-config<space>.

For SCP (secure copy), replace the prefix sftp with scp.

Remote File Transfer Tasks

On a remote file system located on an FTP, SFTP, TFTP or SSH server, you can perform the following tasks:

  • Copy files to or from the controller using the copy command.
  • List the files in a given directory using the dir command.
Copying Files to a Remote Server

For example, to copy a backup image jun01.backup.mbu from the local directory images to a remote directory /home/backup on server server1, with user user1 using FTP, with the same remote filename, type:

controller# cd images controller# dir total 48

‐rw‐r‐‐r‐‐ 1 root root        15317 Jan  9 15:46 jun01.backup.mbu

controller# copy jun01.backup.mbu ftp://user1@server1/home/backup/. FTP Password: controller#

Type the password for user user1 at the FTP Password prompt. To use SCP instead of FTP:

controller# copy jun01.backup.mbu scp://user1@server1/home/backup/.

SCP Password:

Displaying a Remote Server’s Directory Contents

To display the contents of the remote directory /home/backup on the server server1, for the username user1 and password userpass, you can type: controller# dir ftp://user1:userpass@server1/home/backup

If you only specify the user name but not the password, the CLI prompts you to enter the password:

controller# dir ftp://user1@server1/home/backup FTP Password:

Manipulating System Files

Setting a Remote Username and Password

The secure remote file transfer commands require a remote username and password on each request to a server. The CLI uses the user name and password specified in the dir or copy command to authenticate with the remote file servers.

If you do not want to type the user name and password for each secure remote file transfer command, you can set these values for the duration of your session using the ip ftp, ip sftp, or ip scp commands.

For example, to set the FTP user name to user1 and the FTP password to userpass, type:

controller# configure terminal controller(config)# ip ftp username user1 controller(config)# ip ftp password userpass controller(config)# ^Z controller#

Likewise, to set the SCP user name to user1 and the SCP password to userpass, type:

controller# configure terminal controller(config)# ip scp username user1 controller(config)# ip scp password userpass controller(config)# ^Z controller#

If you have set the FTP username and password as in the previous example, you can now type the following: controller# dir ftp://server1/home/backup

FortiWLC Working with Configuration Files

Working with Configuration Files

Configuration files direct the functions of the controller. Commands in the configuration file are parsed by the CLI and executed when the system is booted from the database, or when you enter commands at the CLI in a configuration mode. There are two types of configuration files used by the CLI:

  • The startup database file (startup-config) is executed at system startup.
  • The running configuration file (running-config) contains the current (running) configuration of the software.

The startup configuration file may be different from the running configuration file. For example, you might want to change the configuration, and then for a time period evaluate your changes before saving them to the startup configuration.

In this case, you would make the configuration changes using the configure terminal commands, but not save the configuration. When you were sure you wanted to permanently incorporate the changes, you would use the copy running-config startup-config EXEC command.

Changing the Running Configuration

The configure terminal EXEC command allows you to make changes to the running configuration. Commands are executed immediately, but are not saved. To save the changes, see “Changing the Startup Configuration.”

TABLE 7: Steps to Modify the Running Configuration

Command Purpose
controller# configure terminal Enters global configuration mode.
controller(config)# ….. Enter the commands you want to put in your running configuration. The CLI executes these commands immediately and also inserts them to the running configuration file.

Working with Configuration Files

 

TABLE 7: Steps to Modify the Running Configuration

Command Purpose
controller# copy running-config startup-config Saves the running configuration file as the startup configuration file. You must save the running configuration to the startup configuration file for your configuration changes to persist during a reboot.
controller(config)# end or controller(config)# Ctrl-Z Ends the configuration session and exits EXEC mode. NOTE: You need to press the Ctrl and Z keys simultaneously.
controller(config)# Ctrl-C Cancels any changes and reverts to the previous mode.
Changing the Startup Configuration

To make your configuration changes persistent across reboots, use the copy running-config startup-config EXEC command to copy the running configuration to a startup configuration.

FortiWLC Managing Files Via the WebUI

Managing Files Via the WebUI

While local files can be managed via the CLI as well, the FortiWLC (SD) WebUI provides a convenient management interface from the Maintenance > File Management button. The File Management page contains separate tabs for the following types of files:

  • AP Init Script—Manages AP bootup scripts
  • Diagnostics—Contains diagnostic files
  • SD Versions—All software image files stored on the controller Syslog—Stored Syslog data for the various components of the system

Refer to the sections below for additional details relating to each tab.

AP Init Script

The default tab selected when the user first navigates to the File Management system shows any scripts installed on the system designed to make small tweaks to APs upon bootup. See Figure 4 below.

Figure 4: AP Init Script Table

Users can perform various tasks for a given boot script by clicking the radio button alongside the desired script and clicking the necessary button from the bottom of the screen, as described in

Managing Files Via the WebUI

TABLE 3:

Button Action
Refresh Refreshes the list of scripts shown.
New Opens the Add/Edit window, which allows a user to create a new bootscript.
View Opens a new window that shows the content of the boot script.
Edit Allows the user to modify the selected script, including its commands as well as the name of the script itself.
Delete Deletes the selected script.
Import Opens up a window from which the user can browse for a local boot script file and upload it to the controller.

Note: Only files with a “.txt” extension are permitted to be uploaded.

Export Exports the selected script to the local machine.
Diagnostics

The Diagnostics tab displays any diagnostic files that have been generated by the controller. These files are in compressed format, so once they are downloaded to the local machine, the user can decompress them and view the logs contained within.

Figure 5: Diagnostics Tab

Once decompressed, the diagnostic logs can be viewed using a standard text editor. To download a log file, simply click the radio button next to the desired file and click Export. The table below describes the functions performed by the buttons on the screen.

 

TABLE 4:

Button Action
Refresh Refreshes the list of files shown.
Export Exports the selected file to the local machine.
Delete Deletes the selected file.
Image

The Image tab allows the user to manage the FortiWLC (SD) image files stored on the controller. Since these files can be quite large, users may occasionally need to delete older images in order to perform system upgrades. Figure 6: Image Tab

The following table details the buttons provided for managing system files.

Managing Files Via the WebUI

TABLE 5:

Button Action
Refresh Refreshes the list of files shown.
Import Allows the user to upload an image file from the local machine onto the controller.

Note: Controller image files must be in “.tar” format.

Delete Deletes the selected file.
Syslog

The Syslog tab provides an interface to easily view and manage Syslog files that have been generated and stored on the controller.

Figure 7: Syslog Tab

Syslog files are stored in “.log” format and can be viewed using a standard text editor. To download and view one, simply click the radio button alongside the desired file and click Export.

TABLE 6:

Button Action
Refresh Refreshes the list of files shown.
Export Allows the user to download and view the selected file.

FortiWLC About the CFS

About the CFS

The CFS allows you to manage the controller operating system (FortiWLC (SD)) and its configuration files.

Files used to operate the controller are located in directories on the controller flash card. Initially, the flash contains the shipped operating system, referred to as the image, which of course is set with default settings. During the course of normal operation, you probably will want to perform some or all of the following tasks:

  • Configure custom settings and save the settings to a configuration file.
  • Save the configuration file to a backup directory on the controller.
  • Save the configuration file to a remote location to provide a more secure backup or as input for configuring other controllers.
  • Restore the settings from a known, reliable backup file.
  • Restore the system to its default settings.
  • Upgrade the system to a new version of the operating system.
  • Downgrade the system to a previous operating system version.
  • Execute scripts to automate configuration.

To accomplish these tasks you need to use the CFS to manipulate files. The CFS allows you to perform the following tasks:

  • Display information about files within a directory
  • The display information includes the file name, size, and date of modification.
  • Navigate to different directories
  • You can navigate to different directories and list the files in a directory.
  • Copy files

The CFS allows you to copy files on the controller via a pathname or to manipulate remote files. Use Uniform Resource Locators (URLs) to specify the location of a remote file. URLs are commonly used to specify files or locations on the World Wide Web. You can use the URL format to copy file to or retrieve files from a location on a remote file server.

  • Delete files
Working with Local Directories

The controller flash card uses the following directories to organize its system files. You can access the following local directories:

Directory Name Directory Contents
images Directory where the current image resides and where you can place upgrade images that you have obtained remotely.
backup Directory containing backup configuration files and databases.
ATS/scripts Directory containing AP bootup scripts.
capture Directory containing the packet capture files.
Viewing Directory and File Information

Use the pwd command to view the current directory. By default, the current working directory is images, as shown with the pwd command:

controller# pwd images

To view a detailed listing about the contents of a directory, use the dir command, which accepts an optional directory or filename argument: dir [[directory/]filename]

For example, to display the contents of the images directory:

About the CFS

 

controller# dir total 10 total 70

drwxr‐xr‐x    8 root     root         1024 Jan 30 11:00 meru‐3.6‐45 drwxrwxr‐x    8 522      522          1024 Feb 21  2008 meru‐3.6‐46 ‐rw‐r‐‐r‐‐    1 root     root         2233 Feb 19 02:07 meru.user‐diagnostics.Dickens.2008‐02‐19.02‐07‐17.tar.gz

‐rw‐r‐‐r‐‐    1 root     root         3195 Feb 19 02:17 meru.user‐diagnostics.Dickens.2008‐02‐19.02‐17‐17.tar.gz

‐rw‐r‐‐r‐‐    1 root     root         3064 Feb 21 00:50 meru.user‐diagnostics.Dickens.2008‐02‐21.00‐50‐50.tar.gz

lrwxrwxrwx    1 root     root           28 Feb 21 00:50 mibs.tar.gz ‐> meru‐

3.6‐46/mibs/mibs.tar.gz

‐rw‐r‐‐r‐‐    1 root     root        16778 Feb 21 00:50 pre‐upgrade‐config

‐rw‐r‐‐r‐‐    1 root     root        18549 Feb 21 00:53 script.log

‐rw‐r‐‐r‐‐    1 root     root        16427 Feb 21 00:53 startup‐config

‐rw‐‐‐‐‐‐‐    1 root     root         1915 Feb 21 00:50 upgrade.log To view information about a file in different directory, use the directory arguments:

controller# dir ATS/scripts

total 4

‐rwxr‐xr‐x    1 root     root           67 Feb 21  2008 dense‐.scr

‐rwxr‐xr‐x    1 root     root           25 Feb 21  2008 guard.scr

‐rwxr‐xr‐x    1 root     root           82 Feb 21  2008 non‐guard.scr ‐rwxr‐xr‐x    1 root     root          126 Feb 21  2008 svp.scr

Changing to Another Directory

Use the cd command to navigate to another directory on the controller: controller# cd backup

Use the pwd command to view the name of the current directory:

controller# pwd backup