Table of Contents
These release notes describe the requirements, features, limitations, restrictions (caveats), and related information for release 220.127.116.11 of the Cisco 3300, 3350, and 3355 mobility services engines and its services:
- Context Aware Service (CAS)
- Adaptive Wireless Intrusion Protection System (wIPS)
- Cisco Mobility Services Advertisement Protocol (MSAP)
Note Before installing this software, see the “System Requirements” section for details on compatibility with the Cisco wireless LAN controllers (WLC) and the Cisco Prime Network Control System (NCS).
Note You will require Context-Aware and Adaptive wIPS licenses to run the Context-Aware Service and wIPS Service. For ordering information, see the “Ordering Licenses for the Mobility Services Engine” section.
- Context Aware Service (CAS)—Allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as presence, location, telemetry data, and historical information.
CAS relies on two engines for processing the contextual information it receives. The Context Aware Engine for clients and tags (“KC” licenses) processes data for Wi-Fi clients and tags using the RSSI information. The Context Aware Engine for tags (“KT” licenses) processes data for Wi-Fi tags using RSSI and TDoA information. Both these engines can be deployed together or separately depending on the business needs.
Note For ordering information, see the “Ordering Licenses for the Mobility Services Engine” section.
- Wireless Intrusion Protection Service (wIPS)—Provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption within the CUWN infrastructure. wIPS visualizes, analyzes, and identifies wireless threats, and centrally manages mitigation and resolution of security and performance issues using Cisco monitor mode and Enhanced Local Mode (ELM) Access Points. Proactive threat prevention is also supported to create a hardened wireless network core that is impenetrable by most wireless attacks.
- Cisco Mobility Services Advertisement Protocol (MSAP)—The Cisco Mobility Services Advertisement Protocol (MSAP) provides functionality to deliver advertisements over Wi-Fi infrastructure. MSAP facilitates MSAP capable mobile devices to receive service advertisements. Once the mobile device receives the service advertisements, it displays their icons and data on its user interface, facilitating the process of discovering what is available in their surroundings. In addition, MSAP can be used by the mobile devices that have been configured with a set of policies for establishing network connectivity. The MSAP provides requirements for clients and servers and describes the message exchanges between them.
Note See the Cisco Context-Aware Software Configuration Guide, Release 7.2, for details on configuring and monitoring CAS on the mobility services engine at the following URL:
Note See the Cisco Wireless Intrusion Prevention System Configuration Guide, Release 7.2 for details on configuring and monitoring wIPS on the mobility services engine at the following URL:
Note See the Cisco 3350 and 3310 Mobility Services Engine Getting Started Guides for details on the physical installation and initial configuration of the mobility services engines at the following URL:
Table 1 lists the compatibility matrix for the various releases of the Cisco mobility services engine, Cisco Wireless Control System, Cisco Prime Network Control System, and Cisco Wireless LAN controller.
The following minimum releases are required to configure and monitor CAS on the Cisco 3300 mobility services engine, NCS, and Wireless LAN controller (See Table 2 ).
For instructions on automatically downloading the software using the NCS or for manually downloading the software using a local or remote connection, see the “Updating Mobility Services Engine Software” section in Chapter 2 of the Cisco 3350 Mobility Services Engine Getting Started Guide and Cisco 3310 Mobility Services Engine Getting Started Guide.
- Upgrade Scenarios
- Compressed Software Image
- Updated Software Version Shown in the NCS After Polling
- CAS and wIPS License Requirements
- Ordering Licenses for the Mobility Services Engine
Starting from Release 18.104.22.168, you will not be able to restore databases from Releases 5.0, 6.0, 22.214.171.124, and 126.96.36.199 to 188.8.131.52 using the NCS. Oracle has been introduced as the database vendor for MSE. The solid database will be discontinued starting with Release 184.108.40.206.
Note Do not uninstall the existing MSE software on the appliance. In other words, if you have 5.0, 6.0, or 7.0 installed with data that you want to preserve across the upgrade to 220.127.116.11, do not uninstall it.
The system appears to have a Cisco Mobility Services Engine already installed. If you choose Continue", all the currently installed components will be removed permanently (Only database and license files will be preserved
The currently installed version of the MSE database is not directly compatible with the new version. The system will now migrate the database from existing database to the new system. Choose an appropriate option below -
The system is minimally configured right now. It is strongly recommended that you run the setup script under /opt/mse/setup/setup.sh to configure all appliance related parameters immediately after installation is complete. The hostname must be set correctly on the system. The Cisco MSE platform will NOT start if it is configured incorrectly or not configured at all. Additionally, it is strongly recommended that the Cisco MSE is configured to use the same NTP servers as the controllers with which it will be synchronized. This is essential to the correct operation of the Cisco Mobility Services Engine. Both these parameters may be configured as part of the setup script.
Step 3 Based on backed up data that you want to restore, follow the matrix in Table 3 to install a relevant version of MSE.
Step 5 To migrate data to 7.x.x.x, follow the steps in the “Upgrading the MSE to 18.104.22.168 from Older Releases with Data Migration” section.
If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the LINUX operating system and must be decompressed using the gunzip utility program. The unzip method you use is defined by the filename you are trying to unzip.
The MSE virtual appliance software is distributed as an Open Virtualization Archive (OVA) file. You can install the MSE virtual appliance using any of the methods for deploying an OVF. For more information on deploying the MSE virtual appliance, see Chapter 5: “MSE Delivery Modes” in the Cisco Context-Aware Service Configuration Guide, Release 7.2, and Cisco Adaptive Wireless Intrusion Prevention System, Release 7.2 , respectively.
After a software update, the new mobility services engine software version does not immediately appear in mobility services engine queries on the NCS. Up to 5 minutes is required for the new version to appear. NCS, by default, queries the mobility services engine for status every 5 minutes.
Client and wIPS licenses are installed from the NCS (Administration > License Center). See, Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses” in the Cisco Context-Aware Service Configuration Guide, Release 7.2, and Cisco Adaptive Wireless Intrusion Prevention System, Release 7.2 , respectively.
Tag licenses are installed using the AeroScout System Manager . See the “Installing Tag Licenses” section in Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses in the Cisco Context-Aware Service Configuration Guide, Release 7.2 .
For complete details on ordering and downloading licenses, see the Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide for Context-Aware Mobility Software, and Adaptive wIPS, Release 7.2, at the following URL:
CAS software licenses are based on the number of Wi-Fi client and Wi-Fi tag devices tracked. The Cisco 3350 mobility services engine allows for the tracking of up to 18,000 devices (combined count of Wi-Fi clients and Wi-Fi tags) and the 3310 mobility services engine allows for the tracking of up to 2000 devices (combined count of Wi-Fi clients and Wi-Fi tags).
Cisco Context-Aware licenses are based on the number of Wi-Fi endpoints tracked (endpoints include Wi-Fi clients, interferers, wired devices, and Wi-Fi tags). The Cisco mobility services engine 3355 allows for the tracking of up to 18,000 endpoints (combined count) and Cisco 3310 mobility services engine allows for tracking of up to 2000 endpoints (combined count). The MSE virtual appliance can track up to 50,000 endpoints depending on server resources. The licenses are additive.
Cisco Adaptive Wireless Intrusion Prevention system (Adaptive wIPS) monitor mode software licenses are based on the number of full-time monitoring access points deployed in the network. The Cisco 3355 mobility services engine allows for the tracking of up to 3000 monitoring access points, and the Cisco 3310 mobility services engine allows for the tracking of up to 2000 monitoring access points. The licenses are additive. The MSE virtual appliance can support up to 10000 monitoring access points, depending on server resources.
Cisco wIPS enhanced local mode software licenses are based on the number of local mode (data serving) access points that are deployed in the network. The Cisco 3355 mobility services engine allows for the tracking of up to 3000 local mode access points and the Cisco 3310 mobility services engine allows for the tracking of up to 2000 local mode access points. The MSE virtual appliance can track up to 10,000 local mode access points, depending on the server resources. The licenses are additive.
Note that all licenses are additive and the Cisco 3355 mobility services engine supports up to 18,000 end points, 3,000 WIPS monitor mode, or Enhanced local mode AP, and the virtual appliance can support 50,000 endpoints or 10,000 monitor mode or enhanced local mode APs.
- The applied monitor mode license can be used by the wIPS Service for local mode as well as monitor mode APs. However, since the SKU is monitor mode, it shows up as a permanent license in the monitor mode category. You can also get an additional 10 local mode AP evaluation licenses for the initial 60 days. The wIPS uses local mode licenses when available (10 evaluation licenses are available for 60 days) and then switches to counting the same against the monitor mode license.
- Operational Notes for a Mobility Services Engine
- Operational Notes for CAS
- Operational Notes for wIPS
- NCS Screen and Navigation Changes
- Automatic Installation Script for Initial Setup
- Parameter Changes During Upgrade from 6.0.x to 7.0.x
- Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and NCS Server
- Mandatory Default Root Password Change
- Root Password Configuration
- Configuring the NCS Communication Username and Password Using MSE setup.sh
- Configuration Changes for Greater Location Accuracy
- Configuration Changes for Greater Location Accuracy
Communication between the mobility services engine, the NCS, and the controller are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the controller, NCS, and the mobility services engine.
Note You can configure NTP server settings while running the automatic installation script. See the Cisco 3350 Mobility Services Engine Getting Started Guide or Cisco 3310 Mobility Services Engine Getting Started Guide for details on the automatic installation script at the following URL:
During ISO image load on the MSE and while running the setup script, the skip selection option provided for configuring the root password is not selected. This is because the initial time login and setup script invocation enforces the accepted credential change. So then this prompts you to change the password (CSCsz44105).
- There is no expiry of password for a root user. This is not a configurable option in the MSE setup.
- Root users are allowed to log in through the Console. SSH is no longer used for root user logins. For a root user, you can configure this option using the MSE setup.sh script file. When you configure this option, the SSH daemons are stopped in the MSE.
- If you configure a new NCS username and password, the password provided is applicable for the new NCS username created.
- If you only configure the NCS username without configuring the NCS password, then the default password admin is applied to the configured username.
- If you only configure the NCS password without configuring the NCS username, then the password for the admin user is changed.
- If you configure an existing username for the NCS username and also configure the password, then the password for that existing user is changed.
In some RF environments, where location accuracy is around 60 to 70% or where incorrect client or tag floor location map placements occur, you might need to modify the moment RSSI thresholds in the Context Aware Service > Advanced > Location Parameters page on NCS.
- Synchronization Required When Upgrading to Release 22.214.171.124 or Importing CAD Floor Images
- Floor Change or Minimum Distance Required for Location Transitions to Post to the History Log
- AeroScout MobileView Release 4.1 Required for Northbound Notifications
- Separate Partner Engine Software Install Not Required for Tag Contextual Information
- NCS Online Help Outlines Incorrect Software Download Procedure
- Non-Cisco Compatible Extensions Tags Not Supported
- Cisco Compatible Extensions Version 1 Tags Required at a Minimum
- Calibration Models and Data
- Calibration Models and Data
- Advanced Location Parameters
- Location History Time stamps Match Browser Location
- PDAs and Smartphone with Limited Probe Requests Might Affect Location
- Many PDAs like smartphones and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such PDAs using RSSI readings is not always optimal.
When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors or the new location of the element is at least 30 feet (10 meters) from its original location.
- Clients: Association, authentication, re-association, re-authentication, or disassociation.
- Tags: Tag Emergency button.
- Interferers: Interferer severity change, cluster center change, or merge.
If AeroScout MobileView Release 4.1 and earlier is in use, incorrect responses are sent to those northbound notifications received from the mobility services engine. Northbound notifications are then sent again by the mobility services engine, overloading the notification queue and resulting in reports of dropped notifications.
In Release 5.2 and later, the partner software that supports tag contextual information (temperature, availability, and location calculations) is bundled into the mobility services engine software. No separate download of partner engine software is required as in Release 5.1.
If AeroScout engine is used for calculation, then calibration models that are done through NCS do not apply to tags. If Cisco tag engine is used, everything done on the NCS calibration models and data uses tag calculation.
In NCS online Help (OLH), the steps in the “Downloading Software to a mobility services engine Using NCS” section mistakenly note commands for downloading an aeroscout-engine . The aeroscout-engine is now bundled within the mobility services engine software. See Chapter 9 of the Cisco Context-Aware Service Configuration Guide, Release 7.0 for the correct download steps.
Advanced location parameters does not apply to tags if AeroScout engine is used and otherwise it works always. Settings for advanced location parameters related to RSSI, chokepoint usage, location smoothing, and assignment of outside walls on floors, are not applicable to tags.
The NCS time stamp is based on the browser location and not on the mobility services engine settings. Changing the time zone on the NCS or on the mobility services engine does not change the time stamp for the location history.
Many PDAs like smartphones and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such PDAs using RSSI readings is not always optimal.
- Services replaces Mobility in the NCS navigation bar.
- A centralized license center to install and view license status is available (see Administration > License Center).
- A Switches tab is a new synchronize option to support the new wired Catalyst switch and wired client feature (see Services > Synchronize Services).
This feature allows you to configure a custom multicast address for CCX tags only. Only two addresses are allowed. After configuring a custom address, the tags can use either the default multicast address specified in the CCX format or the custom configured address (using the CLI) for them to get detected properly on the controller.
Table 4 lists the enhancements done in Release 126.96.36.199.
This section lists Open Caveats and If You Need More Information in Release 188.8.131.52 for Windows and Linux. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
- Commands are in boldface type.
- Product names and acronyms may be standardized.
- Spelling errors and typos may be corrected.
If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
To become a registered cisco.com user, go to the following website:
Table 5 lists the open caveats in Release 184.108.40.206
Table 6 lists the Resolved caveats in Release 220.127.116.11.
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
choose your product, and then click the Troubleshoot and Alerts heading on the product page to find information on the problem you are experiencing and other service advisories.
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks . Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.