Guest

Cisco Context-Aware Software

Release Notes for Cisco Mobility Services Engine, Release 7.3.101.0

  • Viewing Options

  • PDF (288.1 KB)
  • Feedback

Table of Contents

Release Notes for Cisco 3300 Series Mobility Services Engine, Release 7.3.101.0

Contents

Introduction

Cisco 3300 Series Mobility Services Engine and Services

Software Compatibility Matrix

Upgrading the MSE

Upgrade Scenarios

Upgrading the MSE to 7.3.101.0 from Older Releases Without Data Migration

Upgrading the MSE to 7.3.101.0 from Older Releases with Data Migration

Upgrading the MSE to 7.3.101.0 from 7.0.201.204 or Later Releases

Restoring an Old Database to 7.3.101.0

Compressed Software Image

Updated Software Version Shown in the Prime Infrastructure After Polling

CAS and wIPS License Requirements

Ordering Licenses for the Mobility Services Engine

Important Notes

Operational Notes for a Mobility Services Engine

Automatic Installation Script for Initial Setup

Parameter Changes During Upgrade from 6.0.x to 7.0.x

Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and Prime Infrastructure Server

Mandatory Default Root Password Change

Configuring the Prime Infrastructure Communication Username and Password Using MSE setup.sh

Configuration Changes for Greater Location Accuracy

Operational Notes for CAS

Synchronization Required When Upgrading to Release 7.3.101.0 or Importing CAD Floor Images

Floor Change or Minimum Distance Required for Location Transitions to Post to the History Log

AeroScout MobileView Release 4.1 Required for Northbound Notifications

Separate Partner Engine Software Install Not Required for Tag Contextual Information

Non-Cisco Compatible Extensions Tags Not Supported

Cisco Compatible Extensions Version 1 Tags Required at a Minimum

Monitoring Information Varies for Clients and Tags

Calibration Models and Data

Advanced Location Parameters

Location History Time stamps Match Browser Location

PDAs and Smartphone with Limited Probe Requests Might Affect Location

Operational Notes for wIPS

Prime Infrastructure Screen and Navigation Changes

New Feature Support

MSE 3355 Scaling

Next Generation Maps

MSE Analytics Reports

Auto Switch Port Tracing and Auto Containment

Virtual Domain

MSAP 2.0

New wIPS Signature Support

CAS Notifications for Interferers

AirMagnet Survey and Planner Integration

Ekahau Site survey Integration

OUI Updates

Caveats

Open Caveats

Resolved Caveats

If You Need More Information

Troubleshooting

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco 3300 Series Mobility Services Engine, Release 7.3.101.0

First Published: August, 2012

OL-24938-06

These release notes describe the requirements, features, limitations, restrictions (caveats), and related information for release 7.3.101.0 of the Cisco 3300 and 3355 mobility services engines and its services:

  • Context Aware Service (CAS)
  • Adaptive Wireless Intrusion Protection System (wIPS)

Note Before installing this software, see the “Upgrading the MSE” section for details on compatibility with the Cisco wireless LAN controllers (WLC) and the Cisco Prime Infrastructure.



Note You will require Context-Aware and Adaptive wIPS licenses to run the Context-Aware Service and wIPS Service. For ordering information, see the “Ordering Licenses for the Mobility Services Engine” section.


Introduction

This section introduces the Cisco 3300 series mobility services engine (MSE) and the various services that it supports.

Cisco 3300 Series Mobility Services Engine and Services

The Cisco 3300 series mobility services engine supports various services within the overall Cisco Unified Wireless Network (CUWN).

The Cisco 3300 series mobility services engine currently supports the following services in Release 7.3.101.0:

  • Context Aware Service (CAS)—Allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as presence, location, telemetry data, and historical information.

CAS relies on two engines for processing the contextual information it receives. The Context Aware Engine for clients and tags (“KC” licenses) processes data for Wi-Fi clients and tags using the RSSI information. The Context Aware Engine for tags (“KT” licenses) processes data for Wi-Fi tags using RSSI and TDoA information. Both these engines can be deployed together or separately depending on the business needs.


Note For ordering information, see the “Ordering Licenses for the Mobility Services Engine” section.


  • Wireless Intrusion Protection Service—Provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption within the CUWN infrastructure. wIPS visualizes, analyzes, and identifies wireless threats, and centrally manages mitigation and resolution of security and performance issues using Cisco monitor mode and Enhanced Local Mode (ELM) Access Points. Proactive threat prevention is also supported to create a hardened wireless network core that is impenetrable by most wireless attacks.

Note Evaluation licenses for 100 clients, 100 tags, and 10 wIPS monitor mode access points come standard on each mobility services engine installed with Release 6.0 and later for 60 days.



Note CAS and wIPS can operate simultaneously on the Cisco MSE 3310, 3355, and Virtual Appliance.



Note See the Cisco Context-Aware Software Configuration Guide, Release 7.3.101.0, for details on configuring and monitoring CAS on the mobility services engine at the following URL:
http://www.cisco.com/en/US/products/ps9806/products_installation_and_configuration_guides_list.html



Note See the Cisco Wireless Intrusion Prevention System Configuration Guide, Release 7.3.101.0 for details on configuring and monitoring wIPS on the mobility services engine at the following URL:
http://www.cisco.com/en/US/products/ps9817/products_installation_and_configuration_guides_list.html



Note See the Cisco 3355 and 3310 Mobility Services Engine Getting Started Guides for details on the physical installation and initial configuration of the mobility services engines at the following URL:
http://www.cisco.com/en/US/products/ps9742/prod_installation_guides_list.html



Note The 7.3.101.0 controller software release is not compatible with Cisco Prime Network Control System (NCS) 1.1.1.24. The 7.3.101.0 controller software release is compatible with Cisco Prime Infrastructure 1.2, which is the subsequent version of NCS 1.1.1.24.


Software Compatibility Matrix

Table 1 lists the compatibility matrix for the various releases of the Cisco mobility services engine, Cisco Wireless Control System, Cisco Prime Network Control System, and Cisco Wireless LAN controller.

Table 1 Cisco MSE Compatibility Matrix

MSE 3310 / 3355
MSE Virtual Appliance
AeroScout CLE
WCS
WLC
Prime Infrastructure / NCS

7.3.101.0

7.3.101.0

4.4.2.4

7.3.101.0

7.2.110.0

7.2.103.0

7.0.240.0

7.0.235.0

7.0.230.0

7.1.91.0

7.0.220.0

7.0.116.0

7.0.98.218

7.0.98.0

1.2.0.103

7.2.110.0

7.2.110.0

4.4.2.4

7.2.110.0
7.2.103.0
7.0.240.0
7.0.235.0
7.0.230.0
7.1.91.0
7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.0

1.2.0.103

1.1.1.24

1.1.0.58

7.2.103.0

7.2.103.0

4.4.1.4

7.2.103.0
7.0.235.0
7.0.230.0
7.0.240.0
7.1.91.0
7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.0

1.2.0.103

1.1.124

1.1.0.58

7.0.240.0

4.3.1.19

7.0.240.0

7.0.240.0
7.0.235.0
7.0.230.0
7.1.91.0
7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.07

1.2.0.103
1.1.1.24
1.1.0.58
1.0.2.29

7.0.230.0

4.3.1.19

7.0.230.0

7.0.235.0
7.0.230.0

7.1.91.0
7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.07

1.2.0.103

1.1.1.24

1.1.0.58

1.0.2.29

7.0.220.0

4.3.1.19

7.0.220.0

7.0.220.0

7.1.91.0

7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.0

1.0.1.4

1.0.2.29

1.0.0.96

7.0.201.204

4.2.4.4

7.0.172.0

7.0.116.0
7.0.98.218
7.0.98.0

1.0.0.96

7.0.112.0

7.0.105.0

4.2.4.4

7.0.164.3

7.0.98.218

7.0.112.0

7.0.112.0

4.2.4.4

7.0.164.0

7.0.98.0

Upgrading the MSE

For instructions on automatically downloading the software using the Prime Infrastructure or for manually downloading the software using a local or remote connection, see the “Updating Mobility Services Engine Software” section in Chapter 2 of the Cisco 3355 Mobility Services Engine Getting Started Guide and Cisco 3310 Mobility Services Engine Getting Started Guide.

You can find these documents at the following URL:

http://www.cisco.com/en/US/products/ps9742/prod_installation_guides_list.html

This section contains the following topics:

Upgrade Scenarios


Note You must power cycle the MSE appliance after upgrading it to Release 7.3 or later versions.


There are four scenarios available to upgrade MSE to 7.3.101.0 from 6.0, 7.0.105.0, and 7.0.112.0:

Upgrading the MSE to 7.3.101.0 from Older Releases Without Data Migration

To upgrade from older releases to 7.3.101.0 without data migration, follow these steps:


Step 1 Back up the existing database using the Prime Infrastructure. (We recommended this).

All data existing on the system will be lost and a fresh blank database will be created.

Step 2 Transfer the *.tar file for 7.3.101.0 to the MSE appliance:

CISCO-MSE-L-K9-7-3-101-0-64bit.db.tar

Step 3 Place the file in the /opt/installers folder. You should manually FTP this file to the appliance.


Note Use binary mode for the transfer. Make sure that the downloaded file sizes are the same as those on Cisco.com.


Step 4 Untar the file: tar -xvf CISCO-MSE-K9-7-3-101-0-64.bit-db.tar
This gives you the following:

  • 5 files
  • 4 zips

database_installer_part1of4.zip

database_installer_part20f4.zip

database_installer_part3of4.zip

database_installer_part4of4.zip

  • 1 Cisco-MSE-L-K9-7-3-101-0-64bit.bin.gz

Step 5 To decompress (unzip) the file, execute: gunzip CISCO-MSE-L-K9-7-3-101-0-0-64bit.bin.gz.

Step 6 Enter the following command:

chmod +x CISCO-MSE-L-K9-7-3-101-0-64bit.bin

Step 7 Stop the MSE service using the following command:

service msed stop

Step 8 Uninstall the existing MSE software. Choose deletion of database when prompted.

Step 9 Invoke the MSE installer.

Doing so installs the new database using the four .zip files for the database along with the MSE software.

Initial database installation can take a long time (20 minutes at least -or- approximately). Do not cancel the installer midway through the installation process.

Once installed, follow the regular procedure to start, stop, or add an MSE to the Prime Infrastructure.


 

Upgrading the MSE to 7.3.101.0 from Older Releases with Data Migration

To upgrade the MSE to 7.3.101.0 from older releases with data migration, follow these steps:


Step 1 Back up the existing database using the Prime Infrastructure. (We recommended this).

All data existing on the system will be lost and a fresh blank database will be created.

Step 2 Transfer the *.tar file for 7.3.101.0 to the MSE appliance:

CISCO-MSE-L-K9-7-3-101-0-64bit.db.tar

Step 3 Place all of the files in the /opt/installers folder.


Note Use binary mode when using FTP. Make sure that the downloaded file sizes are same as those on Cisco.com.



Note The *.tar file cannot be downloaded using the Prime Infrastructure download software interface. It should be manually transferred.



Note Do not uninstall the existing MSE software on the appliance. In other words, if you have 5.0, 6.0, or 7.0 installed with data that you want to preserve across the upgrade to 7.3.101.0, do not uninstall it.


Step 4 Untar the file: tar -xvf CISCO-MSE-K9-7-3-101-0-64.bit-db.tar
This gives you the following:

  • 5 files
  • 4 zips

database_installer_part1of4.zip

database_installer_part20f4.zip

database_installer_part3of4.zip

database_installer_part4of4.zip

  • 1 Cisco-MSE-L-K9-7-3-101-0-64bit.bin.gz

Step 5 To decompress (unzip) the file, execute: gunzip CISCO-MSE-L-K9-7-3-101-0-64bit.bin.gz

Step 6 Enter the following command: chmod +x CISCO-MSE-L-K9-7-3-101-0-64bit.bin

Step 7 Stop the MSE service using the following command:

service msed stop

Step 8 Invoke the installer ./CISCO-MSE-L-K9-7-3-101-0-64bit.bin and answer the questions when prompted.

The installer automatically detects if there is an old database present and asks the relevant questions.

Sample Upgrade Questions

Installation Check

---------------------

The system appears to have a Cisco Mobility Services Engine already installed. If you choose Continue", all the currently installed components will be removed permanently (Only database and license files will be preserved

->1 - Exit

2 - Continue

ENTER THE NUMBER OF THE DESIRED CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 2

-------------------------------------------------

-------------------------------------------------

Data Migration Check

-------------------------------------------------

The currently installed version of the MSE database is not directly compatible with the new version. The system will now migrate the database from existing database to the new system. Choose an appropriate option below -

->1 - Proceed to migrate data from previous release

2 - Abort Installation

ENTER THE NUMBER OF THE DESIRED CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 1

--------------------------------------------------

--------------------------------------------------

Do you wish to migrate history data too? It can take a long time if history data is large in size (Y/N): y

Exporting data from currently installed database.

This may take a while .....

Data migration successfully completed. Will now proceed with installation of new image.

Installing...

----------------------

-------------------------------------------------

-------------------------------------------------

-------------------------------------------------

-------------------------------------------------

Database Installation

-----------------------

The installer will now install the database. This may take a long time (- 15 minutes). Do not cancel the installer.

PRESS <ENTER> TO CONTINUE:

---------------------------------------------------

---------------------------------------------------

!!!!!! IMPORTANT NOTE !!!! :

---------------------------------

The system is minimally configured right now. It is strongly recommended that you run the setup script under /opt/mse/setup/setup.sh to configure all appliance related parameters immediately after installation is complete. The hostname must be set correctly on the system. The Cisco MSE platform will NOT start if it is configured incorrectly or not configured at all. Additionally, it is strongly recommended that the Cisco MSE is configured to use the same NTP servers as the controllers with which it will be synchronized. This is essential to the correct operation of the Cisco Mobility Services Engine. Both these parameters may be configured as part of the setup script.

PRESS <ENTER> TO CONTINUE:

-------------------------------------------------

-------------------------------------------------

Importing Data

-------------------------------------------------

Loading data into newly installed database. This may take a while ......

PRESS <ENTER> TO CONTINUE:


 

Upgrading the MSE to 7.3.101.0 from 7.0.201.204 or Later Releases

To upgrade the MSE to 7.3.101.0 from 7.0.201.204 or later releases, follow these steps:


Note Complete database installation is not required for upgrading from 7.0.101.204 or later releases.



Step 1 Download CISCO-MSE-L-K9-7-3-101-0-64bit.bin.gz to the MSE using the standard Prime Infrastructure download software page.

Step 2 Log in to the MSE console as root and execute the following commands:

cd/opt/installers

./CISCO-MSE-L-K9-7-3-101-0-64.bit.bin

Step 3 Answer the questions when prompted.

The installer automatically detects if there is an old database present and asks the relevant questions.


 

Restoring an Old Database to 7.3.101.0

To restore an old database, follow these steps:


Note The regular Restore option on the Prime Infrastructure cannot be used to restore an older database of older releases such as 6.0, 7.0.105.0, or 7.0.110.0 onto 7.3.101.0.



Step 1 Stop the running MSE 7.3.101.0.

Step 2 Uninstall the software. Delete the database.

Step 3 Based on backed up data that you want to restore, follow the matrix in Table 2 to install a relevant version of MSE.

Table 2 Release Matrix

Version of Database to be restored
New Version that Should be Installed

5.2.0

5.2, 6.0, 7.0

6.0

6.0, 7.0

Step 4 Once you have installed the software, restore the desired database backup onto this using the regular procedure from the Prime Infrastructure.

Step 5 To migrate data to 7.3.101.0, follow the steps in the “Upgrading the MSE to 7.3.101.0 from Older Releases with Data Migration” section.


 

Compressed Software Image

If you download the mobility services engine image *.gz file using the Prime Infrastructure, the mobility services engine automatically decompresses (unzips) it, and you can proceed with the installation as before.

If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the LINUX operating system and must be decompressed using the gunzip utility program. The unzip method you use is defined by the filename you are trying to unzip.

To make the bin file executable, use the chmod +x filename.bin command.

The MSE virtual appliance software is distributed as an Open Virtualization Archive (OVA) file. You can install the MSE virtual appliance using any of the methods for deploying an OVF. For more information on deploying the MSE virtual appliance, see Chapter 5: “MSE Delivery Modes” in the Cisco Context-Aware Service Configuration Guide, Release 7.3.101.0, and Cisco Adaptive Wireless Intrusion Prevention System, Release 7.3.101.0 , respectively.

Updated Software Version Shown in the Prime Infrastructure After Polling

After a software update, the new mobility services engine software version does not immediately appear in mobility services engine queries on the Prime Infrastructure. Up to 5 minutes is required for the new version to appear. Prime Infrastructure, by default, queries the mobility services engine for status every 5 minutes.

CAS and wIPS License Requirements

Client and wIPS licenses are installed from the Prime Infrastructure (Administration > License Center). See, Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses” in the Cisco Context-Aware Service Configuration Guide, Release 7.3.101.0, and Cisco Adaptive Wireless Intrusion Prevention System, Release 7.3.101.0 , respectively.

Tag licenses are installed using the AeroScout System Manager . See the “Installing Tag Licenses” section in Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses in the Cisco Context-Aware Service Configuration Guide, Release 7.3.101.0 .

For complete details on ordering and downloading licenses, see the Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide for Context-Aware Mobility Software, and Adaptive wIPS, Release 7.3.101.0, at the following URL:

http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c07-473865.html

Ordering Licenses for the Mobility Services Engine

CAS software licenses are based on the number of Wi-Fi client and Wi-Fi tag devices tracked. The Cisco 3355 mobility services engine allows for the tracking of up to 18,000 devices (combined count of Wi-Fi clients and Wi-Fi tags) and the 3310 mobility services engine allows for the tracking of up to 2000 devices (combined count of Wi-Fi clients and Wi-Fi tags).

Cisco Context-Aware licenses are based on the number of Wi-Fi endpoints tracked (endpoints include Wi-Fi clients, interferers, wired devices, and Wi-Fi tags). The Cisco mobility services engine 3355 allows for the tracking of up to 18,000 endpoints (combined count) and Cisco 3310 mobility services engine allows for tracking of up to 2000 endpoints (combined count). The MSE virtual appliance can track up to 50,000 endpoints depending on server resources. The licenses are additive.

Context-Aware SKUs

Following licenses are for tracking Wi-Fi clients, interferers, wired devices, and Wi-Fi tags using Received Signal Strength Indication (RSSI).

Order Number
Licenses
Physical Delivery SKUs

AIR-CAS-1KC-K9

License for tracking 1000 endpoints.

AIR-CAS-3KC-K9

License for tracking 3000 endpoints.

AIR-CAS-6KC-K9

License for tracking 6000 endpoints.

AIR-CAS-12KC-K9

License for tracking 12,000 endpoints.

Electronic Delivery SKUs

L-CAS-1KC

License for tracking 1000 endpoints.

L-CAS-3KC

License for tracking 3000 endpoints.

L-CAS-6KC

License for tracking 6000 endpoints.

L-CAS-12KC

License for tracking 12,000 endpoints.

The following licenses are for tracking Wi-Fi tags with choke points, using RSSI and time difference of arrival (TDoA).

Order Number
Licenses
Physical Delivery SKUs

AIR-CAS-KT-K9

License for tracking 1000 Wi-Fi tags.

AIR-CAS-3KT-K9

License for tracking 3000 Wi-Fi tags.

AIR-CAS-6KT-K9

License for tracking 6000 Wi-Fi tags.

AIR-CAS-12KT-K9

License for tracking 12,000 Wi-Fi tags.


Note Electronic Delivery is not available for “KT” SKUs CAS Wi-fi TDOA SKUs.


Monitor Mode SKUs

Cisco Adaptive Wireless Intrusion Prevention system (Adaptive wIPS) monitor mode software licenses are based on the number of full-time monitoring access points deployed in the network. The Cisco 3355 mobility services engine allows for the tracking of up to 3000 monitoring access points, and the Cisco 3310 mobility services engine allows for the tracking of up to 2000 monitoring access points. The licenses are additive. The MSE virtual appliance can support up to 10000 monitoring access points, depending on server resources.

Order Number
Licenses
Physical Delivery SKUs

AIR-WIPS-AP-5

Supports 5 monitor mode Cisco access points.

AIR-WIPS-AP-25

Supports 25 monitor mode Cisco access points.

AIR-WIPS-AP-100

Supports 100 monitor mode Cisco access points.

AIR-WIPS-AP-500

Supports 500 monitor mode Cisco access points.

AIR-WIPS-AP-2000

Supports 2000 monitor mode Cisco access points.

Electronic Delivery SKUs

L-MM-WIPS-5

Supports 5 monitor mode Cisco access points.

L-MM-WIPS-25

Supports 25 monitor mode Cisco access points.

L-MM-WIPS-100

Supports 100 monitor mode Cisco access points.

L-MM-WIPS-500

Supports 500 monitor mode Cisco access points.

L-MM-WIPS-2000

Supports 2000 monitor mode Cisco access points.

Enhanced Local mode

Cisco wIPS enhanced local mode software licenses are based on the number of local mode (data serving) access points that are deployed in the network. The Cisco 3355 mobility services engine allows for the tracking of up to 3000 local mode access points and the Cisco 3310 mobility services engine allows for the tracking of up to 2000 local mode access points. The MSE virtual appliance can track up to 10,000 local mode access points, depending on the server resources. The licenses are additive.

The enhanced local mode SKUs are as follows:

Order Number
Licenses
Physical Delivery SKUs

AIR-LM-WIPS-5

Supports 5 enhanced local mode access points.

AIR-LM-WIPS-25

Supports 25 enhanced local mode access points.

AIR-LM-WIPS-100

Supports 100 enhanced local mode access points.

AIR-LM-WIPS-500

Supports 500 enhanced local mode access points.

AIR-LM-WIPS-2000

Supports 2000 enhanced local mode access points.

Electronic Delivery SKUs

L-LM-WIPS-5

Supports five enhanced local mode access points.

L-LM-WIPS-25

Supports 25 enhanced local mode access points.

L-LM-WIPS-100

Supports 100 enhanced local mode access points.

L-LM-WIPS-500

Supports 500 enhanced local mode access points.

L-LM-WIPS-2000

Supports 2000 enhanced local mode access points.

Note that all licenses are additive and the Cisco 3355 mobility services engine supports up to 18,000 end points, 3,000 WIPS monitor mode, or Enhanced local mode AP, and the virtual appliance can support 50,000 endpoints or 10,000 monitor mode or enhanced local mode APs.


NoteFrom Release 7.0.105.0 and later, the evaluation license for wIPS monitor mode supports up to 10 access points.

  • The applied monitor mode license can be used by the wIPS Service for local mode as well as monitor mode APs. However, since the SKU is monitor mode, it shows up as a permanent license in the monitor mode category. You can also get an additional 10 local mode AP evaluation licenses for the initial 60 days. The wIPS uses local mode licenses when available (10 evaluation licenses are available for 60 days) and then switches to counting the same against the monitor mode license.

Important Notes

This section describes the operational notes and navigation changes for CAS, wIPS, and the mobility services engine for Release 6.0.103.0 and later releases.

Features and operational notes are summarized separately for the mobility services engine, CAS, and wIPS.

This section contains the following topics:

Automatic Installation Script for Initial Setup

An automatic setup wizard is available to help you initially set up the mobility services engine.

An example of the complete automatic setup script is provided in the Cisco 3355 Mobility Services Engine Getting Started Guide and Cisco 3310 Mobility Services Engine Getting Started Guide.

You can find these documents at the following URL:

http://www.cisco.com/en/US/products/ps9742/prod_installation_guides_list.html

Parameter Changes During Upgrade from 6.0.x to 7.0.x

You will notice a change in the tracking limits when you do the following:

1. Configure tracking limits in 6.0.x.

2. Upgrade to 7.0.x.

If limits are greater than licensed counts, limits are removed and licensed counts are enforced instead (CSCtd57386).

Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and Prime Infrastructure Server

Communication between the mobility services engine, the Prime Infrastructure, and the controller are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the controller, Prime Infrastructure, and the mobility services engine.

The mobility services engine and its associated controllers must be mapped to the same NTP server and the same Prime Infrastructure server.

Local time zones can be configured on a mobility services engine to assist network operations center personnel in locating events within logs.


Note You can configure NTP server settings while running the automatic installation script. See the Cisco 3355 Mobility Services Engine Getting Started Guide or Cisco 3310 Mobility Services Engine Getting Started Guide for details on the automatic installation script at the following URL:
http://www.cisco.com/en/US/products/ps9742/prod_installation_guides_list.html


Mandatory Default Root Password Change

You must change the default root password of the mobility services engine while running the automatic installation script to ensure optimum network security.

You can also change the password using the Linux passwd command.


Note For the initial login, even if you choose Skip (S), you will be prompted to enter the password. This is because it is mandatory to change the root password at the initial login.


Configuring the Prime Infrastructure Communication Username and Password Using MSE setup.sh

You can configure the Prime Infrastructure Communication username and password using the MSE setup.sh script file.

Scenarios which you might encounter while configuring the Prime Infrastructure username and password are as follows:

  • If you configure a new Prime Infrastructure username and password, the password provided is applicable for the new Prime Infrastructure username created.
  • If you only configure the Prime Infrastructure username without configuring the Prime Infrastructure password, then the default password admin is applied to the configured username.
  • If you only configure the Prime Infrastructure password without configuring the Prime Infrastructure username, then the password for the admin user is changed.
  • If you configure an existing username for the Prime Infrastructure username and also configure the password, then the password for that existing user is changed.

Note These users are API users, and they do not have corresponding OS users on the MSE appliance (CSCtj39741).


Configuration Changes for Greater Location Accuracy

In some RF environments, where location accuracy is around 60 to 70% or where incorrect client or tag floor location map placements occur, you might need to modify the moment RSSI thresholds in the Context Aware Service > Advanced > Location Parameters page on the Prime Infrastructure.

The following RSSI parameters might require modification:

  • locp-individual-rssi-change-threshold
  • locp-aggregated-rssi-change-threshold
  • locp-many-new-rssi-threshold-in-percent
  • locp-many-missing-rssi-threshold-in-percent

Caution Contact Cisco TAC for assistance in modifying these parameters.

Operational Notes for CAS

This section lists the operational notes for a mobility services engine and contains the following topics:

Synchronization Required When Upgrading to Release 7.3.101.0 or Importing CAD Floor Images

When upgrading to Release 7.3.101.0 from Release 6.x (and earlier), you must synchronize after the software upgrade and also when CAD-generated floor images are imported into the Prime Infrastructure.

Floor Change or Minimum Distance Required for Location Transitions to Post to the History Log

When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors or the new location of the element is at least 30 feet (10 meters) from its original location.


Note The other conditions for history logging are as follows:

  • Clients: Association, authentication, re-association, re-authentication, or disassociation.
  • Tags: Tag Emergency button.
  • Interferers: Interferer severity change, cluster center change, or merge.


 

See Services > Mobility Services > Device Name > Context Aware Service > Administration > History Parameters.

Logs can be viewed at Services > Mobility Services > Device Name > Systems > Log.

AeroScout MobileView Release 4.1 Required for Northbound Notifications

If AeroScout MobileView Release 4.1 and earlier is in use, incorrect responses are sent to those northbound notifications received from the mobility services engine. Northbound notifications are then sent again by the mobility services engine, overloading the notification queue and resulting in reports of dropped notifications.

The workaround for this is to upgrade to AeroScout MobileView Version 4.1 (CSCsx56618).

Separate Partner Engine Software Install Not Required for Tag Contextual Information

In Release 5.2 and later, the partner software that supports tag contextual information (temperature, availability, and location calculations) is bundled into the mobility services engine software. No separate download of partner engine software is required as in Release 5.1.

Non-Cisco Compatible Extensions Tags Not Supported

The mobility services engine does not support non-Cisco CX Wi-Fi tags. Additionally, these non-compliant tags are not used in location calculations or shown on the Prime Infrastructure maps.

Cisco Compatible Extensions Version 1 Tags Required at a Minimum

Only Cisco CX Version 1 (or later) tags are used in location calculations and mapped in the Prime Infrastructure.

Monitoring Information Varies for Clients and Tags


Note This information is missing if the AeroScout Tag Engine is used.


In the Monitor > Clients page (when Location Debug is enabled), you can view information on the last heard access point and its corresponding Received Signal Strength Indicator (RSSI) reading.

Calibration Models and Data

If AeroScout engine is used for calculation, then calibration models that are done through the Prime Infrastructure do not apply to tags. If Cisco tag engine is used, everything done on the Prime Infrastructure calibration models and data uses tag calculation.

Calibration models and data do not apply only to tags if AeroScout engine is used for tag calculation. It always applies to Wireless clients, Interferers, Rogue APs, and Rogue Clients.

See Chapter 7, “Context-Aware Planning and Verification” in the Cisco Context-Aware Software Configuration Guide, Release 7.0 for more details on client calibration.

See the AeroScout Context-Aware Engine for Tags for Cisco Mobility Services Engine User’s Guide at the following URL:

http://support.aeroscout.com

Advanced Location Parameters

Advanced location parameters does not apply to tags if AeroScout engine is used and otherwise it works always. Settings for advanced location parameters related to RSSI, chokepoint usage, location smoothing, and assignment of outside walls on floors, are not applicable to tags.

See the “Editing Advanced Location Parameters” section in Chapter 7 of the Cisco Context-Aware Software Configuration Guide, Release 7.0 .

See Services > Mobility Services > Device Name > Context Aware Service > Advanced > Location Parameters.

Location History Time stamps Match Browser Location

The Prime Infrastructure time stamp is based on the browser location and not on the mobility services engine settings. Changing the time zone on the Prime Infrastructure or on the mobility services engine does not change the time stamp for the location history.

PDAs and Smartphone with Limited Probe Requests Might Affect Location

Many PDAs like smartphones and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such PDAs using RSSI readings is not always optimal.

Operational Notes for wIPS

This section lists the operational notes for a mobility services engine.

Prime Infrastructure Screen and Navigation Changes

  • Services replaces Mobility in the Prime Infrastructure navigation bar.
  • A centralized license center to install and view license status is available (see Administration > License Center).
  • A Switches tab is a new synchronize option to support the new wired Catalyst switch and wired client feature (see Services > Synchronize Services).

New Feature Support

This section provides a brief description of what is new in this release. For more information about these features, see the Cisco MSE CAS Configuration guide and MSE wIPS configuration guide.

MSE 3355 Scaling

In 7.3.101.0 Release, MSE is enhanced to support the track of up to 25,000 elements in CAS and 5,000 access points in wIPS on MSE 3355 appliance.

Next Generation Maps

The 7.3.101.0 Release enables you to use the features of the Next Generation Maps. The Next Generation Maps is enabled by default. The Next Generation Maps feature provides you the following benefits:

  • Displays large amount of information on the map.
  • Simplifies and accelerates the process of adding APs to the map.
  • Provides high quality map image with easy navigation and zoom pan controls.

MSE Analytics Reports

The following two new MSE analytics reports are introduced in this release:

  • Device Dwell Time by Zone—this report provides the Dwell time report for a device detected by an MSE.
  • Device Count by Zone —this report provides the count of devices detected by an MSE in the selected zone.

Auto Switch Port Tracing and Auto Containment

Currently the Prime Infrastructure provides manual switch port tracing of rogue APs. An Automatic Switch Port Tracing (SPT) and auto containment is introduced in this release. Auto SPT is more preferable for a large wireless network. Auto SPT starts automatically when a rogue AP is reported to the Prime Infrastructure. Auto SPT is a complement to manual SPT feature and provides a quicker scan based on the wireless and wired location association of the rogue AP. The Prime Infrastructure UI allows you to configure the criteria for auto SPT. Auto SPT and auto containment is triggered automatically when a rogue AP is received by the Prime Infrastructure. Rogue Alarm listens to rogue alarms severity change and new alarms. When a rogue AP alarm meets auto SPT and/or auto containment criteria, the rogue AP is dispatched to auto SPT and auto containment queue respectively.

Virtual Domain

Virtual domain implementation in MSE is aimed at limiting view of network elements based on your virtual domain. MSE filters network elements by floors allocated to a given Prime Infrastructure virtual domain. Wired clients are filtered based on switch ports assigned to floors. The floors are allocated to a given virtual domain and switch ports are assigned to floors to view respective network elements.

MSAP 2.0

MSAP 2.0 feature provides an ability to associate service advertisements to a floor or to a particular coverage area inside a floor. The service advertisements can be associated with a campus or building from the Service > MSAP page of the Prime Infrastructure UI. This functionality is supported at the floor level only. MSAP 2.0 also provides retrieval of service advertisements based on the location of the mobile device.

New wIPS Signature Support

The following two new wIPS signatures are introduced in 7.3.101.0 Release:

  • Brute Force Hidden SSID
  • Device Broadcasting XSS SSID

CAS Notifications for Interferers

CAS notifications for interferers is introduced in 7.3.101.0 Release. You can select the devices for which you want a notification to be generated based on specific interferences device type.

AirMagnet Survey and Planner Integration

AirMagnet survey and planner is integrated with the Cisco Prime Infrastructure. This integration increases the operational efficiencies by eliminating the need to repeat the wireless planning and site survey tasks commonly associated with deployment and management of wireless LAN networks.

Ekahau Site survey Integration

Ekahau Site Survey (ESS) tool is used for designing, deploying, maintaining, and troubleshooting high performance Wi-Fi networks. ESS works over any 802.11 network and is optimized for centrally managed 802.11n Wi-Fi networks.

You can use the ESS tool to import the existing floor maps from the Prime Infrastructure and export the project to the Prime Infrastructure. For more information, see the Cisco Prime Infrastructure Integration section on the ESS online help or access the user guide at: C:\Program Files\Ekahau\Ekahau Site Survey\doc.

OUI Updates

The Prime Infrastructure relies on the IEEE Organizational Unique Identifier (OUI) database to identify the client vendor name mapping. Prime Infrastructure stores vendor OUI mappings in an XML file named vendorMacs.xml. This file is updated for each release of Prime Infrastructure. With the OUI update, you can perform the following:

  • Change the vendor display name for an existing OUI.
  • Add new OUIs to Prime Infrastructure.
  • Refresh the vendorMacs.xml file with new vendor OUI mappings and upload it to Prime Infrastructure.

Caveats

This section lists the open caveats in 7.3.101.0 for Windows and Linux. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:

  • Commands are in boldface type.
  • Product names and acronyms may be standardized.
  • Spelling errors and typos may be corrected.

If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
http://tools.cisco.com/Support/BugToolKit/ .
To become a registered cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do

This section contains of the following topics:

Open Caveats

Table 3 lists the open caveats in Release 7.3.101.0.

Table 3 Open Caveats

ID Number
Caveat Title

CSCub42987

Headline:

Symptom: After synchronization between WLC and MSE, the NMSP connection remains inactive.

Condition: The controller is virtual and is not an appliance

Workaround: In order for the vWLC to establish a NMSP connection and hence communicate with the MSE, the following commands have to be executed on MS ECLI (list of commands). It should be noted that the connection between the MSE and WLCs will not be authenticated post the changes in configuration.

List of commands after SSH to MSE:

cmdshell

config unauthenticated-nmsp true

exit

/etc/init.d/msred restart

CSCub25203

Headline: Maximum Memory value on the Server Monitor shows different values on the MSE 3310.

Symptom: Getserverinfo that corresponds to “/ect/init.d/msed status” displays different values for Max memory (byte) on the MSE 3310.

Condition: Unknown

Workaround: Nothing

CSCub19874

Headline: Need options in Prime Infrastructure to configure an external repository for the MSE backup.

Symptom: The MSE backups are now stored locally in the Prime Infrastructure server under the FTP repository. Need options to configure and run the MSE backup and save it in an external repository.

Condition: When the MSE backups are running using the Prime Infrastructure.

Workaround: Nothing, other than to save them locally.

CSCub16813

Headline: Scheduled accuracy tool does not display maps in the Position Test point page.

Symptom: Sometimes, the scheduled accuracy tool does not display map in the Position Test point page.

Condition: Map is not seen.

Workaround: Nothing

CSCub31067

Headline: The Prime Infrastructure UI takes time to load the “Add Mobility Services Engine” page.

Symptom: This happens while adding mobility services engines from the Services > Mobility Services Engine > Add Mobility Services Engine” page. After two minutes, the page loads and displays fields to enter the MSE information. Also, the Tracking page shows a significant delay in response (20 seconds).

Condition: None

Workaround: None

CSCub70837

Headline: Clear Database issued from the Prime Infrastructure for MSE fails when issued from the Advanced Parameters,

Symptom: Clear Database issued from the Prime Infrastructure for MSE fails with exception on the MSE.

Condition: This issue occurs intermittently.

Workaround: Restart all the MSE services and issue Clear Database again from the Prime Infrastructure and this time it will go through.

CSCub35397

Headline: Virtual appliance MSE failed to reconnect due to act lic validation fail

Symptom: Restarting Virtual Appliance MSE that is running with high availability configuration results in HA setup failed state with reason “Secondary server has not yet been activated with an activation license” when the secondary virtual appliance MSE has the activation license installed.

Condition: This occurs for virtual appliance MSE with high availability configured and lost heart beat between the pair and tried to reconnect.

Workaround: Delete the high availability configuration from the Prime Infrastructure UI and repair the virtual appliance.

CSCub40719

Headline: MSE HA: Tag license mismatch between License Center and Tracking params.

Symptom: MSE Tag License count shows correctly on the Prime Infrastructure License Center but not from the getserverinfo on MSE.

Condition: This happens when the Tag License is installed while MSE is configured with HA and paired with a secondary MSE.

Workaround: Delete the HA pairing configuration, add the tag license again and then reconfigure the HA pairing.

Resolved Caveats

Table 4 lists the open caveats in Release 7.3.101.0.

Table 4 Resolved Caveats

ID Number
Caveat Title

CSCtz17906

NB notifications are delayed during MSE backup.

CSCtz84362

Insufficient memory to run CAS and WIPS on the MSE.

CSCua79239

Cannot use domain name beginning with a number in the MSE initial configuration.

CSCtw92704

Synchronization of the Prime Infrastructure with MSE is corrupting the images.

CSCts07157

Calibration is failing with Intel 11a/g/n client consistently.

CSCty11741

Bug to track the various security related vulnerabilities for MSE.

CSCty81160

MSE HA: Secondary goes down when many files are opened.

CSCtz68671

UnsupportedClassVersionError occurs while upgrading MSE from Release 7.0 and 7.1 to 7.2.

CSCtz44158

MSE HA setup is failing after the MSE restore operation.

CSCtx60100

Oracle shows flash_recovery_area full when there is still space available in it.

CSCua09106

When a MSE converted to secondary, the previous license is not getting cleared.

CSCua40050

wIPS service crashed on Alpha MSE and core files are generated.

CSCua71352

MSE clear db operation is failing due to db lock.

CSCua78951

MSE service is not starting up automatically after adding Tag license.

CSCtx77893

Upgrade MSE Linux kernel to eliminate threats.

CSCts11783

MSE security vulnerabilities Kernel upgrades planned.

If You Need More Information

If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:

http://tools.cisco.com/Support/BugToolKit/

(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at the following URL:

http://www.cisco.com/cisco/web/support/index.html

Click Troubleshooting, choose your product, and then click the Troubleshoot and Alerts heading on the product page to find information on the problem you are experiencing and other service advisories.

Related Documentation

The following documents are related to the mobility services engine:

  • Cisco Context-Aware Software Configuration Guide, Release 7.2

http://www.cisco.com/en/US/products/ps9742/tsd_products_support_series_home.html

  • Cisco Adaptive Wireless Intrusion Prevention System Configuration Guide, Release 7.2

http://www.cisco.com/en/US/products/ps9817/products_installation_and_configuration_guides_list.html

  • The Prime Infrastructure Online Help available with the Prime Infrastructure product.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.