Symptom
An access point may be stuck in a boot loop, with messages like this seen on the console
verify signature failed for /bootpart/part1/ramfs_data_cisco.cpio.lzma
or
verify signature failed for /bootpart/part2/ramfs_data_cisco.squashfs
Conditions
Affects AP-COS access points, all models (2800/3800/4800/91XX) except for 1800 series.
Seen after downloading an image via CAPWAP from a 9800 series controller (has not been seen
after downloading from AireOS.)
Most widely seen after downloading an image to the AP over a WAN link that is lossy and MTU is < 1485.
Workaround
To avoid APs getting into this condition after upgrading, see the article
Safely Upgrade Access Points, Avoiding Image Corruption That Causes Boot Loop
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/221869-safely-upgrade-access-points-avoiding-i.html .
To recover APs that are already in this condition, see the article
Recover from a Boot Loop Caused by Image Corruption on Wave 2 and 11ax Access Points (CSCvx32806)
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html
Further Problem Description
This commit CSCvx32806 addresses the problem where the access point, after downloading a corrupt image,
nonetheless tries to boot that corrupt image. With this fix, the AP will instead keep retrying the image download, until, ideally, it succeeds.
This issue is now documented as Field Notice FN74109, https://www.cisco.com/c/en/us/support/docs/field-notices/741/fn74109.html .
