Deploying the Cisco Mobility Services Engine for Advanced Wireless Services

Deploying Advanced Wireless Services using Cisco Mobility Services Engine

BRKEWN--2012

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 2

Session Objective

This session focuses on design and deployment fundamentals, as well as operational best practices to optimize the performance and accuracy of Cisco Context-Aware Services. Troubleshooting techniques for resolving issues related to tracking client and active RFID tags will be covered. You will learn the advantages of deploying wIPS to secure your wireless deployment and how it provides greater visibility over threats and mitigation for your wireless network. Finally the optimum deployment and redundancy mechanisms for the MSE appliance will be discussed.


§  Technology Background

§  System Architecture

§  Deploying Context Aware Services

§  MSE 7.0-MR1 – Enhancements and New Features

§  Best Practices Guidelines

Agenda

Technology Background


NMSP over SSL

Cisco WCS

Cisco Wireless LAN Controller

Cisco Mobility Services Engine (MSE)

Access Point

Location API via SOAP/XML over HTTPS

3rd-party location application

HTTPS

WCS (Client Browser)

Wired Client

Cisco Catalyst Switch

Active RFID Tag

Wireless Client

Cisco Wireless Topology with CAS


Context-Aware Architecture

SiSi

SiSi

Cisco Wireless Control System

Cisco Aironet Access Point

Cisco Wireless LAN Controller

Wireless network devices

Tag and D

evices N

etwork

Application and

Managem

ent

Active RFID Tags Wired network

devices

Mobility Services Engine

Cisco Catalyst Switches

Cisco MSE Context Aware Service §  Provides contextual

information of wired and wireless IP enabled devices

§  Contextual information provided through: SOAP/XML API

Context-Aware Applications

Asset Visibility Network Visibility

Telemetry Business Process

Chokepoint


Context-Aware Services (CAS) Use Cases

Asset Management Telemetry

Worker Safety

CleanAir

ASSET VISIBILITY NETWORK VISIBILITY

Medianet

Telemetry

Network Visibility &

Control

Enhanced WLAN Security

CleanAir

Medianet

Worker Safety/

Workflow

CUP


Network Visibility

client tag:

Rogue AP: Rogue clients:

Context Aware Services provide a single view showing clients, rogues, tags


CleanAir – Detecting Interference Sources

Interferer Details


NMSP status

Exchanged NMSP messages

Services that are utilizing NMSP

NMSP Connection – Status and Details


Mitigate Wireless LAN

Controller

What is CleanAir Technology?

Cisco CleanAir

§  Classification processed on Access Point

§  Interference impact and data sent to WLC for real-time action

§  WCS and MSE store data for location, history, and troubleshooting

GOOD POOR

CH 1 CH 11

Maintain Air Quality

Locate WCS, MSE

Visualize and Troubleshoot

§ Classification processed on Access Point

§  Interference impact and data sent to WLC for real-time action

§ WCS and MSE store data for location, history, and troubleshooting

AIR QUALITY PERFORMANCE


Product Licensing Requirements Functionality AP3500 None § Multi-interferer Detection &

Classification §  AirQuality Monitoring §  Self-Healing Event Driven RRM

Wireless LAN Controller

Standard per AP §  AirQuality Aware RRM §  Self-Learning Persistent Device

Avoidance §  Spectrum Expert Connect §  AirQuality and Interferer Alerts

Mobility Services Engine (MSE)

§  Context Aware “endpoints” required for each interferer tracked

§ MSE adds support for 100 interferers when AP3500 present (5 per AP, license is additive)

§  Interferer Tracking & Zone of impact § Merging or correlating interferers

from multiple WLCs (psuedo MAC) §  Location Calculations §  History Storage

WCS/NCS Standard per AP count WCS: Plus required for MSE NCS: Single license model (CleanAir supported by default)

§  Remote Client Troubleshooting §  AirQuality Visualization and Mapping §  Forensics Tools §  Location Visualization §  Impact Analysis §  History Playback

Cisco CleanAir Components

System Architecture


Cisco Context Aware Mobility Solution Tracking Tags and Clients

§  Tracking tags (indoor and outdoor/outdoor-like)

§  Context-aware engine for tags (Cisco or partner engine)

§  Utilizes: CAPWAP infrastructure for indoor environments

Wi-Fi TDOA receivers for outdoor and outdoor-like environments

Partner HW/SW managed by System Manager (partner) and Cisco WCS

§  Tracking clients (indoor)

§  Context aware engine for clients (Cisco engine)

§  Utilizes CAPWAP infrastructure

§  Managed by Cisco WCS

Netw

ork A

pplication and M

anagement

SiSi

Cisco WCS

Cisco MSE

Wi-Fi TDOA Receiver

Context Aware Software

Context Aware Engine for Tags

Tag and D

evices

AeroScout

Chokepoint 125 kHz

Context Aware Engine for Clients


Receive Signal Strength Indication (RSSI) Overview

§ Cisco RSSI-based location tracking solution based on “network-side” RSSI measurements

§ Requires min. of three AP’s; optimal accuracy requires more than 3 AP’s

§ Best suited for indoor office-like environments (carpeted, low ceiling, i.e. < 20 feet)

§ Main factors affecting accuracy: AP density

AP placement

RF environment


Time Difference of Arrival (TDoA) Overview

§  Based upon relative differences in time measurement

§  Requires clock synchronization at receivers, but not the mobile device

§  Requires min. of three time-synchronized TDoA receivers

§  Time for message to be received at different receivers is proportional to length of transmission path between the mobile device and each receiver


Outdoor Location §  TDOA Receivers challenges

§  costly §  require extra synchronization §  require License §  require third party software platform for configuration

§  Cisco Outdoor Mesh APs can be used §  MSE successfully connects to WLC with mesh APs §  RFID tags detected by mesh APs and are shown on the campus map §  Location Accuracy Tool works with Mesh APs §  nearest AP support §  device will be displayed near the AP (with higher RSSI)

§  Recommendations §  RFID tags should be placed at some height (4 to 5 ft.) above ground

to avoid any blockage §  follow Mesh AP’s deployment guidelines


Important Points

Calculation Method

Cisco Context Aware Tag Tracking

Wi-Fi Devices or Active Tags (Battery Powered)

Price Between $50–$80 Telemetry Capabilities

Received Signal Strength Indication Chokepoint for Zone Level Location

Building Wi-Fi (RSSI, Chokepoint)

Access Points or Chokepoints

§  Only CCX Tags can be tracked §  Tags vendors have implemented CCXv1 §  Tags only operate in 2.4 GHz band §  Need Third Party “Tag Activator” to program Tags §  May need Third Party tools for “Calibration”


MSE Evaluation Mode

§ Evaluation license ships by default on MSE § Without a license, MSE provides “try before you buy”

functionality for 60 days §  20 wIPS APs

§  100 Location clients

§  100 tags

§  100 Permanent Interferers licenses are embedded in MSE. These Interferer Licenses open up as Clean Air APs (AP3500) are detected, in stages of 5 per 3500 AP

§ Once the license is installed it is usage based, depending upon the service is enabled/disabled


MSE-3310 Service Support Matrix wIPS and Context Aware

2000 Y 1000 Y Y

0 Y Y Y 0 1000 2000

wIPS Monitor Mode APs

Clie

nts

/ Tag

s


MSE-3350/3355 Service Support Matrix wIPS and Context Aware

18000 Y 12000 Y Y 6000 Y Y Y

0 Y Y Y Y 0 1000 2000 3000

wIPS Monitor Mode APs

Clie

nts

/ Tag

s


System Scalability §  MSE can be managed by only 1 WCS

§  WCS can manage up to 5 MSE’s

§  1 WLC can have up to 10 NMSP sessions §  WLC with wIPS AP’s cannot establish NMSP session with multiple

MSE’s

§  MSE can have up to 500 NMSP sessions (i.e. 500 WLC’s) §  Max. limit is based on client/tag count supported per WLC

§  Max. number of moving elements §  MSE-3310: 150 elements/sec §  MSE-3350: 900 elements/sec

§  Max. number of coverage areas: 50/floor

§  End-to-end latency: up to 6 seconds under full load

§  APs per Floor: 100 (Limit on WCS side)

§  Floors per Building in a campus: 20


WLC Model Client Capabilities

Tag Capabilities

Rogue AP Capabilities

Rouge Client Capabilities

WLCM 500 256 125 100

2106/12/25 256 500 125 100

Catalyst 3750G with Integrated

WLC

2,500 1,250 625 500

4402 2,500 1,250 625 500

4404 2,500 5,000 625 500

5508 7,000 5,000 2,000 2,500

WiSM/WiSM-2 10,000 5,000 1,300 1,000

WLC – Device Tracking Capacity

MSE 7.0-MR1 – Enhancements and New Features


7.0 Maintenance Release – MSE Enhancements

Enhancements in both SW and HW: § MSE-3355

§ Cisco + 3rd party Tag Engine

§ wIPS Enhance Local Mode

§ CCX – Calibration for Location § MSE CAS Enhancements, Dashboard, Reporting

Cisco MSE-3355 Platform


Cisco MSE 3355 Specification

§  IBM x3550M3 Platform / 1RU Form Factor

§  2 CPUs (Quad Core) – Intel E5504 Nehalem, 4Mb L2 cache

§  16G DDR3 1333 MHz memory §  4 x 146GB hot-swappable SAS drives / 10K RPM / RAID 1+0

§  Dual Gigabit Ethernet NICs

§  Dual Hot-swappable Energy Star certified Power supplies

§  Redundant internal cooling fans

§  MSE-3355 configuration and deployment is the same as 3310/3350

§  7.0-MR release: tracking performance @ 700-900 movements per second


Platform Overview §  Latest Nehalem architecture based processor

§  High Performance SAS disk drives – 6 Gbps transfer rate

§  High Performance RAID card with 512 MB onboard cache

§  Four Disk drives in RAID1+0 configuration; double the throughput of a RAID1 configuration with same reliability

§  Six internal redundant cooling fans in three zones (2 fans per zone)

§  IMM based out-of-band management for trouble free monitoring and management


Feature MSE-3350 MSE-3355 # of disk drives 2 4 Storage Capacity 147 GB ~290 GB RAID level 1 1+0 (also referred to as RAID 10) Disk transfer rate 3 Gbps 6 Gbps Installed memory 8 (PC2-5300) 16 (DDR3) Power supplies 2 (hot swappable) 2 (hot swappable) RAID card cache 256 Mb 512 Mb Management iLo not enabled IMM - supported Monitoring Disk only Disks, Fans, Power supplies,

Event log

Comparing MSE-3350 & MSE-3355


Appliance Monitoring Enhancements § All internal fans (6) are monitored for failure

§  Each fan has TWO internal redundant motors §  If one motor fails, the other motor increases speed and

the system continues to function normally §  If both motors in a fan fail, the system shuts down

§  If a single motor in a fan fails, an alarm is sent to WCS and the box must be replaced

§ Power Supply status is also monitored §  Physical Existence of both power supplies §  Both power supplies being active (connected to power

source) §  Health of power supplies §  Failure in any of the above triggers an alarm to WCS


The Integrated Management Module (IMM) §  Web-based user interface for monitoring and

managing the server, regardless of the state of the server

§ Access to IMM §  Shared access via the standard Ethernet ports §  Dedicated management port

§ IMM Log is actively monitored §  If the IMM log reaches 90% capacity, it is

archived and cleared


Troubleshooting § Critical components (disk, power supply, fans) are actively

monitored §  Scripts are run every 10-20 minutes to check health

§ The Light Path Diagnostics Panel §  A unique accessory that provides critical information

about the state of the hardware §  MSE Installation guide provides details on the various

LEDs and conditions

§  IMM is very reliable and easily accessible for monitoring the entire system

§ System event log contains every event and can be viewed via IMM or using the ipmitool

7.0-MR1 MSE Tag Engine


Cisco Tag Engine

§ Same CAS license provides tracking of RFID tags (plus clients)

§ Migration of AeroScout license to Cisco license is NOT supported

§ Aeroscout SW on Cisco Engine, e.g. MobileView, is NOT supported

Cisco Engine AeroScout Engine

RSSI based client + tag location RSSI + TDOA tag location

Customers who wants to track both clients and tags

Existing AeroScout customers with large number of tags

Extend Rails and Regions Calibration to tag tracking

Requires both RSSI and TDOA for tags.

Flexible tag vendor selection, with less support contract and licenses

Single vendor selection for tags, application and location engine.


Cisco Tag Engine License

•  WCS managed, CAS license shared between client & tags count.

•  AeroScout ‘partner’ engine, SW versions, licensing, tests and support will be provided by AeroScout

MSE and wIPS ELM


Cisco Adaptive Wireless IPS with Enhanced Local Mode (ELM)

•  Adaptive wIPS scanning via data serving access points, including HREAP

•  Provides protection without needing a separate overlay network.

•  Available as a free SW download for existing wIPS Monitor Mode customers.

•  ELM supported APs: 1040, 1140, 1250, 1260 & 3500


Benefits over Controller-Based IDS §  Reduction in false positives

§  Only triggers an alarm when it detects attacks over the air that are causing damage to the wireless infrastructure network.

§  Alarm aggregation §  Unique attacks seen over the air are correlated and

aggregated into a single alarm.

§  Forensics §  Provides the ability to capture attack forensics for further

investigation and troubleshooting purposes.

§  Rogue detection §  Anomaly detection

§  Includes specific alarms pertaining to anomalies in attack patterns or device characteristics captured.

§  Default configuration profiles §  Profiles can be further customized to address the

specific needs of the prospective deployment.

WCS

WLC


Deployment Recommendation: Monitor Mode

•  Monitor-mode wIPS APs do not serve clients, thus have greater range

•  Client-serving AP typically covers 3000-5000 square feet

•  wIPS AP typically covers 15,000–35,000 square feet

•  Ratio of wIPS monitor-mode APs to local-mode traffic APs varies by network design, but 1:5 ratio is reasonable estimate

•  wIPS APs can simultaneously run context-aware location in monitor-mode

Range Placement, Density


WIPS Monitor Mode/CleanAir MMAP + WIPS MM

Local Mode

wIPS Monitor Mode or CleanAir MM + wIPS MM on CleanAir AP:

Recommendation – Ratio of 1:5 MMAP to Local Mode APs

Option A: LM + MM Option B: ELM

Deployment Recommendation (cont’d)

Turn on ELM on all APs (including CleanAir)

Enhanced Local Mode


wIPS ELM Profile §  wIPS profile provide ELM signatures info

§  Magnifying glass icon means Monitor Mode AP signatures support

§  ELM off-channel scanning only

§  Error from pushing profile to WLC §  Check NMSP connection

§  Check clocks (WLC is UTC)

MM signatures MM signatures MM signatures ELM off-channel

MSE> /opt/mse/wips/bin/wips_cli wIPS> show profile assignment


Enhanced Local Mode wIPS

•  ELM Local AP detects attack

•  MSE generates alarm

•  WLC/WCS notifications

1

2

3

1AP CLI> show capwap am alarm <id>

MSE> /opt/mse/wips/bin/wips_cli wIPS> show alarm list

3

2

7.0-MR1 MSE CCX Calibration


CCX Enhancements •  CCXv5 creates a path loss measurement (PLM) request by an AP to be sent to the

client which then causes the clients to send bursts of path loss measurement frames at regular intervals back to the AP

•  Enable MSE to get more periodic data for cleaner client RSSI values.

•  Compensates missing RSSIs and RSSI variations from challenging environment.

•  Wireless adapter with optional CCXv5 features is Cisco AIR-CB21AG-A-K9.

•  CCXv4 is more common, e.g. laptops with Intel wireless NICs w/ CCX V2+ capable.


CCX Calibration •  Does not require MSE

MSE only needed when apply and sync calibration to map.

•  Client needs to be associated

•  WCS may show associated but WLC must show client is in run state.

•  Client must be CCxV2 and above.

• Intel PROSet/WIFI settings enable CCX - radio management • Cisco CB21ABG w/ ADU


CCX Data Collection § Common issue of getting ‘stuck’

§ Timer now sets 2 minutes then cancel if no data is received.

§ One band is performed at a time.

§ Take strongest AP samples, combined with other samples from nearby APs within 100ft

§ Take 10 samples from each AP.

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.


CCX Logs §  Location is \Prog~

\WCS-7.0-MR\webnms\logs

§ Download log file includes calibration data.

§ Validate connected client

§ Check if CCX is enabled, e.g. CCX Radio Measurement


Logs

Samples collected Priming samples

10 samples per AP

Radio (0=b/g, 1=a)

X,Y Location Total time (secs)

Access Points

CCX Samples

Priming samples

Instantiating = Start

Calibration model name

Validating client card

7.0-MR1 Context Aware Enhancements


Context Aware Dashboard

License Capacity

Troubleshoot location history

Element counts Element counts

Top MSEs

Rogue index


Independent Rogue Tracking and Limiting

§ Enable/disable Rogue AP/Rogue Clients tracking/limiting independently


Location History

•  History logging must be enabled

•  MSE tracks transition changes

•  Filter history based on time period or state

•  Movement, client association, network status

Filter history based on time period or state

Enable logging for location history

Client status


Map Enhancement

§ Additional icons: rogue client, guest

§ Troubleshooting Notes section added to map

Rogue AP Rogue Client Guest

Troubleshooting notes


Context Aware Reports

Context Aware Reports

Filter by specific floor

Missing device & Device In/out notification reports

Deploying for Context-Aware Services


Deploying a Context Aware Capable Infrastructure – WLAN Design

Access Point Density (Office) § Use smaller, overlapping cells

§ For wireless data only deployments: 10% AP cell overlap

§ For wireless data + voice deployments: 20% AP cell overlap

§ For good location fidelity, access points should be located 50-70 linear feet apart (15-22m)

§ Typically about one access point every 2500 – 5000 square feet (230 – 460 sqm)

§ APs/antennas height should be from 10 ft to 20 ft

§ Enable antenna diversity § AP’s placed too close to each

other can cause co-channel interference

Location coverage & capacity

~60 ft


AP Positioning

§ Optimal AP positioning can greatly improve accuracy

§ Even distribution of APs provides better stability and repeatability of the data points

Wi-FI device


Location Readiness Tool

A point on floor map is location-ready if: §  min. of 4 AP’s are deployed

§  min. of 3 AP’s are within 70 ft.

§  At least 1 AP placed in each of at least 3 surrounding quadrants.


Coverage Gaps – Voice and Location §  Local mode AP placement

and density may be sufficient for data/voice applications

§  Normal Coverage Deployment places the Local Mode Aps in the Centre of the Bldg

§  Good for periphery of buildings to improve location accuracy without adding extra traffic that may impact voice or client services

§  Use TOMM AP’s to fill in coverage gaps

Local

Local Local TOMM

TOMM TOMM

Wi-Fi device

TOMMs act as dedicated sensors for location tracking

Tracking Optimized Monitor Mode APs

Channels on TOMM AP’s should be same as the local mode AP’s


CleanAir Deployment Recommendations

§ Existing 802.11n deployments 1140, 1250

§ Competitive Installed 802.11n deployments

§ New or Upgrading to 802.11n § New areas for ongoing

802.11n deployments § Networks severely impacted

by non-WiFi interference

Sprinkle In 3500 in monitor mode

(1 monitor AP for 5 data APs)

Self Healing Troubleshooting Location

o  CleanAir Technology required in AP for Self Healing

Customer Needs/Has: Customer Needs/Has:

Deploy: Deploy: Pervasively deploy 3500 in local mode

Self Healing Troubleshooting Location

o  Do not ‘sprinkle in’ local mode 3500s. Local mode 3500s scan data serving channel only.


Rails and Regions §  Allows for certain regions in map to be defined as within

or outside the scope of valid location area – improving location accuracy

§  Corridors or rooms where people or assets are constantly changing positions can be especially challenging

§  Three types of regions can be specified Location inclusion region: tracked device cannot be outside of this polygon (examples: outside of building outer walls)

Location exclusion region: tracked device cannot be inside of this polygon (examples: open atrium)

Rails: tracked device must be within defined area with narrow band. Typically used within exclusion region (examples: conveyor belt).

§  Regions defined in WCS and “pushed” (via synchronization process to MSE)

§  In MSE, it works for only clients. “Cells & Masks” feature in Aero Scout – Systems Manager can be used for tags

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 62 62

Location Accuracy WCS Location Readiness Tool

Yes – 7m, 90%


WCS Location Quality Tool §  Under tools

select Location accuracy tool

§  Define On-Demand or Scheduled scan

§  Select and position device

§  Wait for 60 sec §  Run the test for

2 minutes

§  Report in CSV or PDF file format

7m, 90%


Understanding Cumulative Probability Distribution

X

X

90%/13.6m

50%/7.0m

~60% of devices within 7m

Improving Accuracy


Comparison of Client Drivers Features

Legacy CCXv2 Non – CCX Or CCXv1

CCXv2 or higher

APs do not know Tx Power of the probes

APs do not know Tx Power of the probes

Aps do not know channel frequency of the probes

Aps do not know channel frequency of the probes

Probes can be detected on a wrong channel at a reduced power

Probes can be detected on a wrong channel at a reduced power

Probes transmitted infrequently Frames scheduled periodically Path Loss Model can show very large scale RSSI variations

Path Loss Model can show RSSI variations- but variations are averaged as more frequent info available

Starting Point Better

CCXv4


WCS Planning Tool

§ WCS has the ability for planning and simulating RF propagation for data, voice and location services primarily in indoor office or similar areas §  Supports Cisco AP’s and antenna only §  Provides a 2 dimensional prediction model and report §  Automatic or manual AP deployment §  Does not consider obstacles or wall attenuation when

calculating AP positions §  True RF coverage pattern including obstacles and

wall attenuation


WCS Map Editor 1st Verify map is to scale

Use scaling tab to reset map scale

Use horizontal or vertical drag & drop to select

distance Note! A warnng notification

usually indicates the building

requires resizing


Wall and Partition Properties

§  Use obstacle type to define dB loss

Note: These values are recommendation only

§  Multiple lines can be combined to obtain required loss!

Use obstacle tab to Select

wall properties

�  -1dB Cubicle �  -1.5dB Glass �  -2dB Light Wall �  -4dB Light door �  -13dB Thick Wall �  -15dB Heavy Door


Calibration Models §  After installation, calibration function available within WCS can be used for

higher location accuracy

§  WCS provides a way for user to calibrate signal characteristics for a particular indoor environment or similar areas

§  More accurate the model used, the results in better location accuracy

§  Point calibration: client at fixed location. One location at a time

§  Linear calibration: data collected between two different points (straight line)

§  Calibration with non CCX clients is not supported Monitor > Clients > Client Details to verify CCX version

pre-defined models


Represents completed calibration area

Calibration – Point Mode Data Points

Disable RRM AP Power mode Calibration should be performed for every band


Calibration date collected for entire floor space

Calibration – Point Mode

MSE is not involved during Calibration process After calibration model is created, the following steps are essential: •  Apply this model to the floor map(s) •  Synchronize WCS with MSE

Data Points


Location Quality Inspector Launch from Calibration Detail Page after calibration to check on how good the data points collected are and how much improvement is achieved for the desirable accuracy

Test Point

Participating Aps displayed with RSSI values

Scrolling mouse pointer on the area displays test points and also identifies the APs who participated in calibration as blue with RSSI values

Calculated Location

Event Notifications


Types of Notifications § Notifications from MSE can be classified into 2 broad

categories. §  Northbound Notifications - applicable only for Tags. §  Conditional Notifications or Track Event based

Notification §  applies to tags, wireless clients, rogues APs and

clients and interferers. (Note: not wired clients)


Northbound Notifications §  Applicable to only Tags.

§  Configuration done using the Notification Parameter page on the Context Aware Service -> Advanced Submenu under MSE on WCS.

Note: The advanced Parameter settings on the same page do not apply to Northbound notifications.

§  Can also be configured MSE API

§  Configurable parameters include: Trigger - On what condition should the notification be triggered Contents – The data of interest to the destination in the notification

Destinations – Destination IP or hostname, Port and http/https option. (This can only be a SOAP destination)

Trigger Contents

Destinations


Frequently Seen Problems

§ No notification received § Not getting all notifications § Getting only 1 of 5 notifications § Too many notifications § Not getting notifications for Clients, rogues,

interferers and wired clients § Missing some notification


Troubleshooting: No Notifications Received

§ Check whether TAGS are detected by MSE. § Check whether the destination specified is a

SOAP destination § Check whether the destination IP is pingable

from MSE § Check whether the destination port is pingable

from MSE.


§ Check the Notification Statistics page under Context Aware Service menu.

§ Investigate summary page and details page for errors in communication or stress on MSE.

§ Analyze queue limits, queue usage percentage, average response time and delay.

§ Check if all the trigger conditions that are expected are enabled.

Troubleshooting: Not Receiving all Notifications


Troubleshooting: Getting only 1 of 5 notification

§ This usually happens when the client or destination do not have correct implementation

§ This happens due to the term asynchronous notifications from MSE.

§ The notifications are sent using SOAP which is a request/response based protocol. The destinations need to send an acknowledgement of the received notification. This can be a null or an empty soap response.

§ This behavior can be observed from the notification statistics page from the “Awaiting Response” count statistics.


Troubleshooting: Too Many Notifications

§ Yes, this is a problem for the application and can crash the application.

§ There is nothing the MSE can do. § Suggest removing trigger conditions that are not

important. § Scalability on the application is the best solution.


Troubleshooting: Not Getting Notifications for Clients, Rogues, Interferers and Wired clients

§ Only tags are supported. § Suggest setting up track group events with

a generic condition (explore) for other devices.


Troubleshooting: Missing or dropped notification

§  Analyze the Notification Statistics page for the dropped rate/count and response time.

§  If the drop is slow and can be corrected if the queue size could accommodate little more, then increase the queue size using Notification Parameters page Advanced Settings.

§  If the response time is slow, the generate rate and send rate will differ significantly. Suggest improving application response time to acknowledge notifications faster.

§  The MSE may be running beyond its potential and no config change on MSE will help. Suggest splitting load on MSE or reducing the unnecessary notification triggers.


Track Group Notifications §  These are applicable to all devices

except Wired Clients. §  There are some predefined conditions

to configure for a device. §  Supported destination types are: SOAP,

SNMP, SMTP and Syslog. §  Some parameters can be configured

using “Advanced Settings” on the Notification Parameters page. For details on parameters refer config guide.

§  General tips are to keep things at default. For complaints about notification delays increase set the refresh time, rate limit and retry count to 0. Increase Queue Size with care, this may not solve but just delay the problem.

SOAP, Syslog, SMTP and SNMP (v2 & v3)


Problems with Track Group Notifications

§ No notifications received § Missing notifications § Dropped notifications


No Notifications Received

§ Check whether the track group event definition was enabled

§ Check whether the track group was synchronized with the MSE and any errors during sync.

§ Check whether the destination IP and port is pingable from MSE.

§ Check the correctness of the event definition. § Check whether the device is detected by the MSE.


Missing Notification

§ Check correctness of event definition and whether they are all enabled.

§ Check errors during sync. § Check whether the devices configured in the

events definitions are detected by MSE. § If the WCS is the notification receiver then the

first notification will show up as an Alarm on the Notification Summary page and subsequent notifications will show up as events.


Dropped notification

§ Analyze the Notification Statistics. § Other troubleshooting steps similar to that of

Northbound notification


SNMP v3 Enhanced to support SNMPv3 trap capability in the following areas:

§  Location Event Notifications: §  SNMPv3 transport will be supported

in addition to SNMPv2 §  Track Group SNMP transport

definition will be extended to support SNMPv3 configuration

§  MSE System Event Notifications: §  NMSP Connection status changes §  Licensing threshold crossover

notifications §  Appliance related alarms generated

by hardware monitoring tools §  WIPS Alarm Notifications


Summary of Best Practices for Location Deployment §  Proper AP density and placement §  Create an AP perimeter §  Use CCXv4 or CCXv5 clients §  Calibrate the environment §  Use Rails & Regions §  Minimize interference level where possible §  Use chokepoints to prevent inter-floor location problem

and provide room level accuracy §  When using active RFID tags, configure channels 1, 6 and

11 with 3 repetitions/channel (motion enabled & chirp rate configured

Important Configuration Steps


MSE System Configuration §  Use the following command which starts setup script to guide the user in

setting the system parameters /opt/mse/setup/setup.sh

§  /opt/mse/setup/setup.sh must be used set/change: §  Host name / Domain name changes

§  Changing system IP address/subnet

§  Dual homing

§  Routes configuration

§  Console/ssh access settings

§  Root password changes

§  WCS user password changes

§  For managing Context Aware Engine for Clients §  Start command: /etc/init.d/msed start

§  Status command: /etc/init.d/msed status

§  Stop command: /etc/init.d/msed stop

§  Restart command: /etc/init.d/msed restart


“getserverinfo” Command Total Active Elements(Wireless Clients,

Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 381

Active Wireless Clients: 206

Active Tags: 58

Active Rogue APs: 50

Active Rogue Clients: 50

Active Interferers: 17

Active Wired Clients: 0

Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 2100

Active Sessions: 1

Wireless Clients Not Tracked due to the limiting: 0 Tags Not Tracked due to the limiting: 0 Rogue APs Not Tracked due to the limiting: 390 Rogue Clients Not Tracked due to the limiting: 31 Interferers Not Tracked due to the limiting: 0 Wired Clients Not Tracked due to the limiting: 0 Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 421- ------------ Context Aware Sub Services

------------- Subservice Name: Cisco Tag Engine Admin Status: Enabled

Operation Status: Up


Common Issue (certificate exchange) seen with NMSP §  Time synchronization/configuration

§  Key hash template

§  Key exchange

§  WCS communication password mismatch

§  NMSP status on the WLC

§  NMSP status on the MSE

§  NMSP status on the WCS

Troubleshooting NMSP Issues


Time Synchronization/Configuration

§  possible symptom of clock discrepancy between WLC and MSE: can’t establish NMSP connection after adding MSE to the system

§  suggested course of action: Use NTP server for synchronizing clocks (recommended)

Manual configuration (controller time should be equal to or ahead of time on MSE)


Establishing NMSP Connection

MAC address and key hash for authenticating NMSP session between MSE and WLC

MSE root@mse ~]# cmdshell

cmd> show server-auth-info

invoke command: com.aes.server.cli.CmdGetServerAuthInfo

----------------

Server Auth Info

----------------

MAC Address: 00:1e:0b:61:35:60

Key Hash: 5384ed3cedc68eb9c05d36d98b62b06700c707d9

Certificate Type: SSC

==============================

WLC

(Cisco controller) >config auth-list add lbs-ssc <MSE Ethernet MAC> <MSE key hash>

(Cisco Controller) >show auth-list!

Mac Addr Cert Type Key Hash!

----------------------- ---------- ------------------------------------------!

00:1e:0b:61:35:60 LBS-SSC 5384ed3cedc68eb9c05d36d98b62b06700c707d9!

!

MSE MAC address MSE Key Hash


WCS Communication Password Mismatch

§ WCS-to-MSE communication password is NOT the same as MSE ssh password

§ WCS communication password is set in MSE during initial set up running “setup script”. Default is “admin/admin

§ Use the same password while adding MSE to the WCS

§ To fix the mismatch, run the setup script again using /opt/mse/setup/setup.sh


Verifying NMSP Connection Status (WLC/MSE)

(Cisco Controller) >show nmsp status!

LocServer IP TxEchoResp !RxEchoReq TxData RxData!

-------------- ----------- !--------- -------- ------- !

172.20.224.17 18006 !18006 163023 10 !

!

!

------------- Context Aware Service ------------- Total Active Elements(Clients, Rogues,

Interferers): 129 Active Clients: 34 Active Tags: 29 Active Rogues: 66 Active Interferers: 0 Active Wired Clients: 0 Active Elements(Clients, Rogues, Interferers)

Limit: 100 Active Tag Limit: 100 Active Wired Clients Limit: 0 Active Sessions: 1

# of active NMSP sessions


NMSP Status on WCS for MSE §  Navigate to Services>Mobility Services>MSE>Status

§  WLC could have been added, but NMSP status can be “Inactive”

§  Troubleshooting Tab provided next to “Inactive” button


NMSP Status Troubleshooting Tab

§ Provides status of common NMSP issues


Synchronization History § Synchronization History shows

§  Automatic Synchronization §  Automatic Controller Selection/Assignment §  Smart Synchronization

§ Navigate to Services > Synchronization Services


Enabling Element Tracking

If checked (Enabled), only then: § Devices will be tracked § History will be available


History Parameters

§ Number of days to save history is not limited in WCS UI Limited by disk space and system performance

§ History of an element is recorded only if: Element moves more than 10m (30 ft) Tag: emergency or panic button is pressed Tag: passes by an exciter Floor changes, i.e. element moves between floors

§ Element is declared inactive if it remains inactive for an hour. If it remains inactive for 24 hours, it is removed from “tracking table”, and it is not possible to see element’s historical location on the WCS Monitoring page. “Absent Data Cleanup Interval” helps to control “tracking table”.


Minimizing Latency § Tag notification frame interval for stationary tag 3-5 minutes

§ Tag notification frame interval for moving tags <10sec

§ WLC NMSP aggregation window is 2 sec by default

§ Correct aggregation window should be set to make sure that WLC has received updates from all the APs, before sending data to MSE via NMSP

§ From WLC CLI aggregation window can be set independently for clients, tags, rogue APs, rogue clients and Rfids

(Cisco Controller) >config nmsp notification interval rssi ? clients Measurement interval for clients. rfid Measurement interval for rfid tags. rogues Measurement interval for rogue APs and rogue clients


Immediate Notification from MSE

SiSi

SiSi

Indoor Environment Indoor & Outdoor Environments

Context Aware Engine for Clients

Business Application

MSE

Smart Phone

Voice over 802.11

Mobile User

802.11 Clients 802.11 CCX Tags

RSSI RSSI / TDOA

Context-Aware Software

Context Aware Engine for Tags

SOAP/XML API


Immediate Notification from MSE

§ With 7.0 code MSE can forward the tag info straight to third party

§ Setting the first parameter to true will cause the MSE to immediately send the notification to Mobile View or any other application. This however will have old or no location.

§ After the location calculation another notification will be fired with the latest location value

§  If the location is not needed at all, then the second parameter should be set to true. Note the MSE will just act as a forwarding engine in this case and no location calculations will be computed


C3750-E

MSE - Location Service with wireless/wire map database

Wired Location Detection

CDP/LLDP-MED

§  Switches report to MSE switch port mapping of connected devices

§  MSE actively tracks communicated information and location of both devices and chassis

§  MSE maintains history of device connect, connection location, and device disconnect

§  MSE provides SOAP XML API to external systems that are interested in location of chassis or endpoint devices

§  Applications can query or receive async events when devices or chassis move location

SiSi

Network Management Service Protocol (NMSP)


§ MSE tracks loca-on history of wired clients § Loca-on informa-on configured using switch CLIs

§  Define the loca-on iden-fier §  Enable ip device tracking §  ABach the iden-fier to the switch interface

§ Switch and MSE communicate using NMSP § Switches no-fy MSE of wired client associa-on / disassocia-on

§ Switches supported -‐ Catalyst 2960, 3750, 3750E, 3560, 3560E, 4500, 4900

§ Required soRware versions Catalyst switches –12.2(50)SE WCS – 6.0.x onwards MSE – 6.0.x onwards

Wired Location with MSE


Deployment Checklist §  Follow proper AP placement guidelines (location and density) §  Configure NTP server on both WLC and MSE or manually synchronize both

the devices (and preferably WCS) with the correct time and time zone. §  Check the NMSP connection status on the controller §  Ensure that tracking is enabled for the right devices §  Ensure that the maps and AP positions are synchronized between the WCS

and MSE §  Ensure that location calculations are taking place either on the tracking page or

the MSE console For Clients §  Verify tracking is enabled on MSE §  Verify clients are detected by controller §  Max calculation time taken into account For Tags §  Verify tracking is enabled on MSE §  Verify tags are detected by controller §  Max calculation time taken into account


Key Takeaways

§  Cisco Mobility Services Engine enables the deployment of advanced services (Context Aware, CleanAir, wIPS)

§  Implementing Context Aware Services requires following a set of best practices for optimal results

§  7.0-MR1 software release has a number of feature enhancements specific to the MSE and associated services


Recommended Reading

§  Cisco Mobility Services Engine - Context Aware Mobility Solution Deployment Guide http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a00809d1529.shtml

§  Cisco Context-Aware Service Configuration Guide http://www.cisco.com/en/US/products/ps9742/products_installation_and_configuration_guides_list.html

§  Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c07-473865.html

§  WiKi Page External http://www.cisco.com/en/US/products/ps9806/products_qanda_item09186a0080af9513.shtml

§  AeroScout Support Page http://support.aeroscout.com


Thank you.