Table of Contents
Note You must purchase licenses from Cisco to retrieve information on tags and clients from access points. See the “Ordering CAS Client and Tag Licenses for the Mobility Services Engine” section for more information. You must purchase licenses from Cisco to support wIPS monitor mode access points. See the “Ordering Adaptive wIPS Licenses for the Mobility Services Engine” section.
- Context Aware Service (CAS)—Allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as location, temperature, and availability.
CAS relies on two engines for processing the contextual information it receives. The Context Aware Engine for clients processes data received from Wi-Fi clients and the Context Aware Engine for Tags processes data received from Wi-Fi tags. Both of these engines can be deployed together or separately depending on the business need. This service was introduced in Release 5.1.
Note You must purchase licenses from Cisco to retrieve contextual information on tags and clients. See the “Ordering CAS Client and Tag Licenses for the Mobility Services Engine” section.
- Wireless Intrusion Protection Service (wIPS)—Provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption within the CUWN infrastructure. wIPS visualizes, analyzes, and identifies wireless threats, and centrally manages mitigation and resolution of security and performance issues using Cisco monitor mode access points. Proactive threat prevention is also supported to create a hardened wireless network core that is impenetrable by most wireless attacks.
Note You must purchase licenses from Cisco to support wIPS. See the “Ordering Adaptive wIPS Licenses for the Mobility Services Engine” section.
Note Evaluation licenses for 100 clients, 100 tags, and 20 access points (wIPS) come standard on each mobility services engine installed with Release 6.0 and later. Evaluation licenses are good for 60 days.
Note See Cisco Context-Aware Software Configuration Guide, Release 7.0, for details on configuring and monitoring CAS on the mobility services engine at the following URL:
Note See Cisco Wireless Intrusion Prevention System Configuration Guide, Release 7.0 for details on configuring and monitoring wIPS on the mobility services engine at the following URL:
Note See Cisco 3350 and 3310 Mobility Services Engine Getting Started Guides for details on the physical installation and initial configuration of the mobility services engines at the following URL:
For instructions on automatically downloading the software using the WCS or for manually downloading the software using a local or remote connection, see the “Updating Mobility Services Engine Software” section in Chapter 2 of the Cisco 3350 Mobility Services Engine Getting Started Guide and Cisco 3310 Mobility Services Engine Getting Started Guide.
- Upgrade Scenarios
- Compressed Software Image
- Updated Software Version Shown in the WCS After Polling
- CAS and wIPS License Requirements
- Ordering CAS Client and Tag Licenses for the Mobility Services Engine
- Ordering Adaptive wIPS Licenses for the Mobility Services Engine
Starting from Release 22.214.171.124, you will not be able to restore databases from older Releases 5.0, 6.0, 126.96.36.199, 188.8.131.52, 184.108.40.206 to 220.127.116.11 using the WCS. Oracle has been introduced as the database vendor for MSE. The solid database will be discontinued starting with release 18.104.22.168.
Doing so installs the new database using the four .zip files for the database along with the MSE software. Initial database installation can take a long time (20 minutes at least -or- approximately). Do not cancel the installer midway through the installation process.
Note Do not uninstall the existing MSE software on the appliance. In other words, if you have 5.x, 6.x, or 7.0.x installed with data you want to preserve across the upgrade to 22.214.171.124, do not uninstall it.
The system appears to have a Cisco Mobility Services Engine already installed. If you choose Continue", all the currently installed components will be removed permanently (Only database and license files will be preserved
The currently installed version of the MSE database is not directly compatible with the new version. The system will now migrate the database from existing database to the new system. Choose an appropriate option below -
The system is minimally configured right now. It is strongly recommended that you run the setup script under /opt/mse/setup/setup.sh to configure all appliance related parameters immediately after installation is complete. The hostname must be set correctly on the system. The Cisco MSE platform will NOT start if it is configured incorrectly or not configured at all. Additionally, it is strongly recommended that the Cisco MSE is configured to use the same NTP servers as the controllers with which it will be synchronized. This is essential to the correct operation of the Cisco Mobility Services Engine. Both these parameters may be configured as part of the setup script.
Step 3 Based on backed up data that you want to restore, follow the matrix in Table 1 to install a relevant version of the MSE.
Step 5 To migrate data to 7.x.x.x, follow the steps in the “Upgrading the MSE to 126.96.36.199 from Older Releases with Data Migration” section.
If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the LINUX operating system and must be decompressed using the gunzip utility program. The unzip method you use is defined by the filename you are trying to unzip.
After a software update, the new mobility services engine software version does not immediately appear in mobility services engine queries on the WCS. Up to 5 minutes is required for the new version to appear. WCS, by default, queries the mobility services engine for status every 5 minutes.
Client and wIPS licenses are installed from the WCS (Administration > License Center). See, Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses” in the Cisco Context-Aware Service Configuration Guide, Release 7.0, and Cisco Adaptive Wireless Intrusion Prevention System, Release 7.0 , respectively.
Tag licenses are installed using the AeroScout System Manager . See the “Installing Tag Licenses” section in Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses in the Cisco Context-Aware Service Configuration Guide, Release 7.0 .
For complete details on ordering and downloading licenses, see the Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide for Context-Aware Mobility Software, and Adaptive wIPS, Release 7.0, at the following URL:
CAS software licenses are based on the number of Wi-Fi client and Wi-Fi tag devices tracked. The Cisco 3350 Mobility Services Engine allows for the tracking of up to 18,000 devices (combined count of Wi-Fi clients and Wi-Fi tags) and the 3310 Mobility Services Engine allows for the tracking of up to 2000 devices (combined count of Wi-Fi clients and Wi-Fi tags).
Licenses for tags and clients are offered in quantities ranging from 1000 to 12,000 units and can be combined to meet the location tracking requirements of a CAS deployment. For example, combining the AIR-CAS-3KC-K9, AIR-CAS-12KC-K9, and AIR-CAS-1KT-K9 licenses provides tracking of 15,000 Wi-Fi clients and 1000 Wi-Fi tags on a Cisco 3350 mobility services engine (see Table 2 ).
The KT SKUs mentioned in this table are used for Tag tracking using Aeroscout Tag engine. The KC SKUs are CAS licenses that include Clients, Tags (Cisco Tag Engine), rogues, interferers, and so on. Order numbers for client and tag licenses are summarized in Table 2 .
Adaptive wIPS software licenses are based on the number of full-time monitoring access points (often referred to as monitor mode access points ) that are deployed in the network. The licenses may be combined to arrive at the number of monitor mode access points required to run the Adaptive wIPS deployment. For example, combining AIR-WIPS-AP-5, AIR-WIPS-AP-25, and AIR-WIPS-AP-500 licenses provides support for 530 monitor mode access points.
Order numbers for Adaptive wIPS licenses are summarized in Table 3 .
Note Cannot be combined with other wIPS licenses. Note The Cisco 3350 mobility services engine supports a maximum of 3000 monitor mode access point licenses.
Note From Release 7.0.200.x and later, the wIPS monitor mode license also includes local mode access points. In other words, the monitor mode SKUs can be used by monitor mode as well as Local Mode access points, whereas local mode SKUs can only be used by licensed local mode APs.
- Operational Notes for a Mobility Services Engine
- Operational Notes for CAS
- Operational Notes for wIPS
- WCS Screen and Navigation Changes
- Automatic Installation Script for Initial Setup
- Parameter Changes During Upgrade from 5.0.x to 6.0.x or 7.0.x
- Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and WCS Server
- Mandatory Default Root Password Change
- Root Password Configuration
- Configuring the WCS Communication Username and Password Using MSE setup.sh
- Revoking the MSE License Using the MSE CLI
- Networks with Large Access Point Deployments Might Experience Slower Location Updates
- Configuration Changes for Greater Location Accuracy
Communication between the mobility services engine, the WCS, and the controller are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the controller, the WCS, and the mobility services engine.
Note You can configure NTP server settings while running the automatic installation script. See the Cisco 3350 Mobility Services Engine Getting Started Guide or Cisco 3310 Mobility Services Engine Getting Started Guide for details on the automatic installation script at the following URL:
During ISO image load on the MSE and while running the setup script, the skip selection option provided for configuring the root password is not selected. This is because the initial time login and setup script invocation enforces the accepted credential change. So then this prompts you to change the password (CSCsz44105).
- There is no expiry of password for a root user. This is not a configurable option in the MSE setup.
- Root users are allowed to log in through the Console. SSH is no longer used for root user logins. For a root user, you can configure this option using the MSE setup.sh script file. When you configure this option, the SSH daemons are stopped in the MSE.
- If you configure a new WCS username and password, the password provided is applicable for the new WCS username created.
- If you only configure the WCS username without configuring the WCS password, then the default password admin is applied to the configured username.
- If you only configure the WCS password without configuring the WCS username, then the password for the admin user is changed.
- If you configure an existing username for the WCS username and also configure the password, then the password for that existing user is changed.
In networks with a large number of access points (approximately 2000 or more), mobility services engines might experience a slowdown in location calculation and heatmap updates for clients, tags, and access points (CSCsk18810).
In some RF environments, where location accuracy is around 60 to 70% or where incorrect client or tag floor location map placements occur, you might need to modify the moment RSSI thresholds in the aes-config.xml file in the opt/locserver/conf/ directory of the mobility services engine (CSCsw17583).
- Synchronization Required When Upgrading to Release 188.8.131.52 or Importing CAD Floor Images
- Floor Change or Minimum Distance Required for Location Transitions to Post to the History Log
- Release 4.1 of AeroScout MobileView Required for Northbound Notifications
- Separate Partner Engine Software Install Not Required for Tag Contextual Information
- WCS Online Help Outlines Incorrect Software Download Procedure
- Non-Cisco Compatible Extensions Tags Not Supported
- Cisco Compatible Extensions, Version 1 Tags Required at a Minimum
- Monitoring Information Varies for Clients and Tags
- Calibration Models and Data Apply Only to Clients
- Advanced Location Parameters Apply Only to Clients
- Location History Time stamps Match Browser Location
- PDAs with Limited Probe Requests Might Affect Location
- Mandatory Setting Required on Intel 802.11n and 802.11 b/g/n Client Cards for Accurate Calibration
When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors or the new location of the element is at least 30 feet (10 meters) from its original location.
If a release of AeroScout MobileView earlier than 4.1 is in use, incorrect responses are sent to those northbound notifications received from the mobility services engine. Northbound notifications are then sent again by the mobility services engine, overloading the notification queue and resulting in reports of dropped notifications.
In Release 5.2 and later, the partner software that supports tag contextual information (temperature, availability, and location calculations) is bundled into the mobility services engine software. No separate download of partner engine software is required as in Release 5.1.
In WCS online help (OLH), the steps in the “Downloading Software to a mobility services engine Using WCS” section mistakenly note commands for downloading an aeroscout-engine . The aeroscout-engine is now bundled within the mobility services engine software. See Chapter 9 of the Cisco Context-Aware Service Configuration Guide, Release 7.0, for the correct download steps.
In the Monitor > Clients page (when Location Debug is enabled), you can view information on the last heard access point and its corresponding Received Signal Strength Indicator (RSSI) reading. This information is not available in the Monitor > Tags page.
Calibration models and data apply only to clients when using Partner Tag Engine, Cisco Tag Engine Calibration Models, and Data Apply to both Tags and Clients. Calibration for tags is done using the AeroScout System Manager.
The WCS time stamp is based on the browser location and not on the mobility services engine settings. Changing the time zone on the WCS or on the mobility services engine does not change the time stamp for the location history.
The Cisco CX RM option within the Intels Enterprise Security Profile must be enabled to ensure adequate calibration data points are collected for Intel 802.11n and 802.11 b/g/n client cards. You can use the Intel Client Software PROSET package to enable the Cisco CX RM option in the Enterprise Security Profile (CSCsl40623).
Mobility Services Engine with wIPS Service Enabled Mistakenly Allows a Controller to be Assigned to Multiple MSEs
When wIPS is configured on the mobility services engine, a controller can be assigned to more than one mobility services engine in error. By design, a controller can only be assigned to one mobility services engine and an error appears in the WCS home page when you synchronize a mobility services engine and a controller (CSCsx38955).
- Services replaces Mobility in the WCS navigation bar.
- A centralized license center to install and view license status is available (see Administration > License Center).
- A Switches tab is a new synchronize option to support the new wired Catalyst switch and wired client feature (see Services > Synchronize Services).
This section lists Open Caveats and Resolved Caveats in Release 184.108.40.206 for Windows and Linux. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
- Commands are in boldface type.
- Product names and acronyms may be standardized.
- Spelling errors and typos may be corrected.
If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
To become a registered cisco.com user, go to the following website:
Table 4 lists the open caveats in Release 220.127.116.11.
Table 5 lists the caveats resolved in Release 18.104.22.168.
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
choose your product, and then click the Troubleshoot and Alerts heading on the product page to find information on the problem you are experiencing and other service advisories.
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks . Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.