May 21

Convert a WLC LDPE Image to Non-LDPE

If you ever purchase a used Cisco Wireless LAN Controller or receive one on RMA, you may run into an issue when you attempt to upgrade the image and receive the following error:

ERROR: Incompatible SW image.ERROR: Please install the Data Payload Encryption licensed image

This issue occurs because the Controller has an LDPE image installed, which is only needed in Russia where Data DTLS Payload Encryption is regulated by the Government.  Cisco only recommends using this image if you reside in Russia.  To resolve this issue and put the standard image on, follow these steps:

Step 1 – Confirm you have an LDPE image installed

From the console, enter the show sysinfo command and confirm the build type is DATA + WPS + LDPE

Build Type Data + WPS + LDPE

Step 2 – Upgrade to LDPE Image version

LDPE Image version (ex: AIR-CT5500-LDPE-K9-7-0-230-0.aes for a 5508) introduced the ability to move to a normal image once a DTLS license is installed (Resolved Caveat CSCtw78061).  If the product version is not already on that image, download it, and install it.

Step 3a – Confirm a DTLS License is Installed

From the console, enter the show license summary and ensure under the Feature: data encryption section it shows License State: Active, In Use.  If you see this, then continue to step 4, otherwise you must download a free DTLS license and install it.

Data Encryption License State

Step 3b – Download a DTLS License

  1. Go to
  2. Click Get New->IPS, Crypto, Other Licenses
    Get New->IPS,Crypto,Other Licenses
  3. Click Wireless, then click Cisco Wireless Controllers (2500/5500/7500/WISM2) DTLS License
    Cisco Wireless Controllers (2500/5500/7500/WISM2) DTLS License
  4. Choose the Controller Platform, enter the Product ID, enter the Serial Number, and click Next
    1. You can retrieve the PID and SN by running show license UDI at the console

    Specify Target and Options

  5. Select I agree with the Terms of the License, confirm your email address, and click Get License

Step 3c – Install the DTLS License

  1. Copy the DTLS license to the root of your TFTP server
  2. At the console, run the following command to install your license
    1. license install tftp://<TFTP_IP>/XXXX.lic
    2. Replace <TFTP_IP> with the IP address of your TFTP servver
    3. Replace XXXX.lic with the name of your license
  3. Save your configuration and reboot the WLC
    1. save config
    2. reset system

Step 4 – Install the Non-LDPE Image

You can now install any Non-LDPE Image as needed!

Dec 29

#!/usr/bin/env perl
# VERSION: 1.0
# AUTHOR: Brian Steinmeyer
# WEB:
# DATE: 12/29/2012
# COMMENTS: Uses the Telnet::Cisco module to copy a Cisco Router's running
# configuration to the local machine. This module uses telnet so passwords
# will be in clear text. Pass the Cisco Router's DNS name or IP, logfile name,
# username, and password to the Sub. The script will back up the running
# config to the scripts location.
use Net::Telnet::Cisco;
use File::Basename;
use DateTime;

#Backup Routers
BackupRouterRunningConfig('', 'router-config', 'USERNAME', 'PASSWORD');

sub BackupRouterRunningConfig {

    #Set Variables
    $router = $_[0];
    $logfile = $_[1] . DateTime->now()->strftime('%m-%d-%y_%H%M%S') . '.txt';
    $username = $_[2];
    $password = $_[3];

    #Login to Router
    print "\n\n" . $router . "\n*************************\n";
    my $session = Net::Telnet::Cisco->new(Host => $router, Errmode => "return");
    if(! $session->login($username, $password)) {
        print "ERROR Logging Into $router\n";
    } else {
        print "SUCCESS Logging Into $router\n";

        #Ensure Router is in Enabled Mode
        if($session->is_enabled == 1) {
            print "SUCCESS Router in Enabled Mode\n";

            #Avoid Autopaging
            $session->cmd('terminal length 0'); # Avoid Autopaging         

            #Grab Router Running-Config
            my @arrOutput = $session->cmd("show running-config");
            my $arrSize = @arrOutput;
            if($arrSize > 0) {
                print "SUCCESS backing up configuration\n";
                open FILE, ">", $logfile or die $!;
                print FILE @arrOutput;
                close FILE;
            } else {
                print "ERROR backing up configuration\n";
        } else {
            print "ERROR Router Not in Enabled Mode\n";