Table of Contents
These release notes describe the requirements, features, limitations, restrictions (caveats), and related information for release 18.104.22.168 of the Cisco 3300 and 3355 mobility services engines and its services:
Note Before installing this software, see the “Upgrading the MSE” section for details on compatibility with the Cisco wireless LAN controllers (WLC) and the Cisco Prime Infrastructure.
Note You will require Context-Aware and Adaptive wIPS licenses to run the Context-Aware Service and wIPS Service. For ordering information, see the “Ordering Licenses for the Mobility Services Engine” section.
- Context Aware Service (CAS)—Allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as presence, location, telemetry data, and historical information.
CAS relies on two engines for processing the contextual information it receives. The Context Aware Engine for clients and tags (“KC” licenses) processes data for Wi-Fi clients and tags using the RSSI information. The Context Aware Engine for tags (“KT” licenses) processes data for Wi-Fi tags using RSSI and TDoA information. Both these engines can be deployed together or separately depending on the business needs.
Note For ordering information, see the “Ordering Licenses for the Mobility Services Engine” section.
- Wireless Intrusion Protection Service—Provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption within the CUWN infrastructure. wIPS visualizes, analyzes, and identifies wireless threats, and centrally manages mitigation and resolution of security and performance issues using Cisco monitor mode and Enhanced Local Mode (ELM) Access Points. Proactive threat prevention is also supported to create a hardened wireless network core that is impenetrable by most wireless attacks.
Note See the Cisco Context-Aware Software Configuration Guide, Release 22.214.171.124, for details on configuring and monitoring CAS on the mobility services engine at the following URL:
Note See the Cisco Wireless Intrusion Prevention System Configuration Guide, Release 126.96.36.199 for details on configuring and monitoring wIPS on the mobility services engine at the following URL:
Note See the Cisco 3355 and 3310 Mobility Services Engine Getting Started Guides for details on the physical installation and initial configuration of the mobility services engines at the following URL:
Note The 188.8.131.52 controller software release is not compatible with Cisco Prime Network Control System (NCS) 184.108.40.206. The 220.127.116.11 controller software release is compatible with Cisco Prime Infrastructure 1.2, which is the subsequent version of NCS 18.104.22.168.
Table 1 lists the compatibility matrix for the various releases of the Cisco mobility services engine, Cisco Wireless Control System, Cisco Prime Network Control System, and Cisco Wireless LAN controller.
For instructions on automatically downloading the software using the Prime Infrastructure or for manually downloading the software using a local or remote connection, see the “Updating Mobility Services Engine Software” section in Chapter 2 of the Cisco 3355 Mobility Services Engine Getting Started Guide and Cisco 3310 Mobility Services Engine Getting Started Guide.
- Upgrade Scenarios
- Compressed Software Image
- Updated Software Version Shown in the Prime Infrastructure After Polling
- CAS and wIPS License Requirements
- Ordering Licenses for the Mobility Services Engine
Note Do not uninstall the existing MSE software on the appliance. In other words, if you have 5.0, 6.0, or 7.0 installed with data that you want to preserve across the upgrade to 22.214.171.124, do not uninstall it.
The system appears to have a Cisco Mobility Services Engine already installed. If you choose Continue", all the currently installed components will be removed permanently (Only database and license files will be preserved
The currently installed version of the MSE database is not directly compatible with the new version. The system will now migrate the database from existing database to the new system. Choose an appropriate option below -
The system is minimally configured right now. It is strongly recommended that you run the setup script under /opt/mse/setup/setup.sh to configure all appliance related parameters immediately after installation is complete. The hostname must be set correctly on the system. The Cisco MSE platform will NOT start if it is configured incorrectly or not configured at all. Additionally, it is strongly recommended that the Cisco MSE is configured to use the same NTP servers as the controllers with which it will be synchronized. This is essential to the correct operation of the Cisco Mobility Services Engine. Both these parameters may be configured as part of the setup script.
Step 3 Based on backed up data that you want to restore, follow the matrix in Table 2 to install a relevant version of MSE.
Step 5 To migrate data to 126.96.36.199, follow the steps in the “Upgrading the MSE to 188.8.131.52 from Older Releases with Data Migration” section.
If you download the mobility services engine image *.gz file using the Prime Infrastructure, the mobility services engine automatically decompresses (unzips) it, and you can proceed with the installation as before.
If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the LINUX operating system and must be decompressed using the gunzip utility program. The unzip method you use is defined by the filename you are trying to unzip.
The MSE virtual appliance software is distributed as an Open Virtualization Archive (OVA) file. You can install the MSE virtual appliance using any of the methods for deploying an OVF. For more information on deploying the MSE virtual appliance, see Chapter 5: “MSE Delivery Modes” in the Cisco Context-Aware Service Configuration Guide, Release 184.108.40.206, and Cisco Adaptive Wireless Intrusion Prevention System, Release 220.127.116.11 , respectively.
After a software update, the new mobility services engine software version does not immediately appear in mobility services engine queries on the Prime Infrastructure. Up to 5 minutes is required for the new version to appear. Prime Infrastructure, by default, queries the mobility services engine for status every 5 minutes.
Client and wIPS licenses are installed from the Prime Infrastructure (Administration > License Center). See, Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses” in the Cisco Context-Aware Service Configuration Guide, Release 18.104.22.168, and Cisco Adaptive Wireless Intrusion Prevention System, Release 22.214.171.124 , respectively.
Tag licenses are installed using the AeroScout System Manager . See the “Installing Tag Licenses” section in Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses in the Cisco Context-Aware Service Configuration Guide, Release 126.96.36.199 .
For complete details on ordering and downloading licenses, see the Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide for Context-Aware Mobility Software, and Adaptive wIPS, Release 188.8.131.52, at the following URL:
CAS software licenses are based on the number of Wi-Fi client and Wi-Fi tag devices tracked. The Cisco 3355 mobility services engine allows for the tracking of up to 18,000 devices (combined count of Wi-Fi clients and Wi-Fi tags) and the 3310 mobility services engine allows for the tracking of up to 2000 devices (combined count of Wi-Fi clients and Wi-Fi tags).
Cisco Context-Aware licenses are based on the number of Wi-Fi endpoints tracked (endpoints include Wi-Fi clients, interferers, wired devices, and Wi-Fi tags). The Cisco mobility services engine 3355 allows for the tracking of up to 18,000 endpoints (combined count) and Cisco 3310 mobility services engine allows for tracking of up to 2000 endpoints (combined count). The MSE virtual appliance can track up to 50,000 endpoints depending on server resources. The licenses are additive.
Cisco Adaptive Wireless Intrusion Prevention system (Adaptive wIPS) monitor mode software licenses are based on the number of full-time monitoring access points deployed in the network. The Cisco 3355 mobility services engine allows for the tracking of up to 3000 monitoring access points, and the Cisco 3310 mobility services engine allows for the tracking of up to 2000 monitoring access points. The licenses are additive. The MSE virtual appliance can support up to 10000 monitoring access points, depending on server resources.
Cisco wIPS enhanced local mode software licenses are based on the number of local mode (data serving) access points that are deployed in the network. The Cisco 3355 mobility services engine allows for the tracking of up to 3000 local mode access points and the Cisco 3310 mobility services engine allows for the tracking of up to 2000 local mode access points. The MSE virtual appliance can track up to 10,000 local mode access points, depending on the server resources. The licenses are additive.
Note that all licenses are additive and the Cisco 3355 mobility services engine supports up to 18,000 end points, 3,000 WIPS monitor mode, or Enhanced local mode AP, and the virtual appliance can support 50,000 endpoints or 10,000 monitor mode or enhanced local mode APs.
- The applied monitor mode license can be used by the wIPS Service for local mode as well as monitor mode APs. However, since the SKU is monitor mode, it shows up as a permanent license in the monitor mode category. You can also get an additional 10 local mode AP evaluation licenses for the initial 60 days. The wIPS uses local mode licenses when available (10 evaluation licenses are available for 60 days) and then switches to counting the same against the monitor mode license.
- Operational Notes for a Mobility Services Engine
- Operational Notes for CAS
- Operational Notes for wIPS
- Prime Infrastructure Screen and Navigation Changes
- Automatic Installation Script for Initial Setup
- Parameter Changes During Upgrade from 6.0.x to 7.0.x
- Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and Prime Infrastructure Server
- Mandatory Default Root Password Change
- For the initial login, even if you choose Skip (S), you will be prompted to enter the password. This is because it is mandatory to change the root password at the initial login.
- Configuring the Prime Infrastructure Communication Username and Password Using MSE setup.sh
- Configuration Changes for Greater Location Accuracy
- Configuration Changes for Greater Location Accuracy
Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and Prime Infrastructure Server
Communication between the mobility services engine, the Prime Infrastructure, and the controller are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the controller, Prime Infrastructure, and the mobility services engine.
Note You can configure NTP server settings while running the automatic installation script. See the Cisco 3355 Mobility Services Engine Getting Started Guide or Cisco 3310 Mobility Services Engine Getting Started Guide for details on the automatic installation script at the following URL:
- If you configure a new Prime Infrastructure username and password, the password provided is applicable for the new Prime Infrastructure username created.
- If you only configure the Prime Infrastructure username without configuring the Prime Infrastructure password, then the default password admin is applied to the configured username.
- If you only configure the Prime Infrastructure password without configuring the Prime Infrastructure username, then the password for the admin user is changed.
- If you configure an existing username for the Prime Infrastructure username and also configure the password, then the password for that existing user is changed.
In some RF environments, where location accuracy is around 60 to 70% or where incorrect client or tag floor location map placements occur, you might need to modify the moment RSSI thresholds in the Context Aware Service > Advanced > Location Parameters page on the Prime Infrastructure.
- Synchronization Required When Upgrading to Release 184.108.40.206 or Importing CAD Floor Images
- Floor Change or Minimum Distance Required for Location Transitions to Post to the History Log
- AeroScout MobileView Release 4.1 Required for Northbound Notifications
- Separate Partner Engine Software Install Not Required for Tag Contextual Information
- Non-Cisco Compatible Extensions Tags Not Supported
- Cisco Compatible Extensions Version 1 Tags Required at a Minimum
- Calibration Models and Data
- Calibration Models and Data
- Advanced Location Parameters
- Location History Time stamps Match Browser Location
- PDAs and Smartphone with Limited Probe Requests Might Affect Location
- Many PDAs like smartphones and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such PDAs using RSSI readings is not always optimal.
When upgrading to Release 220.127.116.11 from Release 6.x (and earlier), you must synchronize after the software upgrade and also when CAD-generated floor images are imported into the Prime Infrastructure.
When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors or the new location of the element is at least 30 feet (10 meters) from its original location.
- Clients: Association, authentication, re-association, re-authentication, or disassociation.
- Tags: Tag Emergency button.
- Interferers: Interferer severity change, cluster center change, or merge.
If AeroScout MobileView Release 4.1 and earlier is in use, incorrect responses are sent to those northbound notifications received from the mobility services engine. Northbound notifications are then sent again by the mobility services engine, overloading the notification queue and resulting in reports of dropped notifications.
In Release 5.2 and later, the partner software that supports tag contextual information (temperature, availability, and location calculations) is bundled into the mobility services engine software. No separate download of partner engine software is required as in Release 5.1.
If AeroScout engine is used for calculation, then calibration models that are done through the Prime Infrastructure do not apply to tags. If Cisco tag engine is used, everything done on the Prime Infrastructure calibration models and data uses tag calculation.
Advanced location parameters does not apply to tags if AeroScout engine is used and otherwise it works always. Settings for advanced location parameters related to RSSI, chokepoint usage, location smoothing, and assignment of outside walls on floors, are not applicable to tags.
The Prime Infrastructure time stamp is based on the browser location and not on the mobility services engine settings. Changing the time zone on the Prime Infrastructure or on the mobility services engine does not change the time stamp for the location history.
Many PDAs like smartphones and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such PDAs using RSSI readings is not always optimal.
- Services replaces Mobility in the Prime Infrastructure navigation bar.
- A centralized license center to install and view license status is available (see Administration > License Center).
- A Switches tab is a new synchronize option to support the new wired Catalyst switch and wired client feature (see Services > Synchronize Services).
The 18.104.22.168 Release enables you to use the features of the Next Generation Maps. The Next Generation Maps is enabled by default. The Next Generation Maps feature provides you the following benefits:
Currently the Prime Infrastructure provides manual switch port tracing of rogue APs. An Automatic Switch Port Tracing (SPT) and auto containment is introduced in this release. Auto SPT is more preferable for a large wireless network. Auto SPT starts automatically when a rogue AP is reported to the Prime Infrastructure. Auto SPT is a complement to manual SPT feature and provides a quicker scan based on the wireless and wired location association of the rogue AP. The Prime Infrastructure UI allows you to configure the criteria for auto SPT. Auto SPT and auto containment is triggered automatically when a rogue AP is received by the Prime Infrastructure. Rogue Alarm listens to rogue alarms severity change and new alarms. When a rogue AP alarm meets auto SPT and/or auto containment criteria, the rogue AP is dispatched to auto SPT and auto containment queue respectively.
Virtual domain implementation in MSE is aimed at limiting view of network elements based on your virtual domain. MSE filters network elements by floors allocated to a given Prime Infrastructure virtual domain. Wired clients are filtered based on switch ports assigned to floors. The floors are allocated to a given virtual domain and switch ports are assigned to floors to view respective network elements.
MSAP 2.0 feature provides an ability to associate service advertisements to a floor or to a particular coverage area inside a floor. The service advertisements can be associated with a campus or building from the Service > MSAP page of the Prime Infrastructure UI. This functionality is supported at the floor level only. MSAP 2.0 also provides retrieval of service advertisements based on the location of the mobile device.
AirMagnet survey and planner is integrated with the Cisco Prime Infrastructure. This integration increases the operational efficiencies by eliminating the need to repeat the wireless planning and site survey tasks commonly associated with deployment and management of wireless LAN networks.
Ekahau Site Survey (ESS) tool is used for designing, deploying, maintaining, and troubleshooting high performance Wi-Fi networks. ESS works over any 802.11 network and is optimized for centrally managed 802.11n Wi-Fi networks.
You can use the ESS tool to import the existing floor maps from the Prime Infrastructure and export the project to the Prime Infrastructure. For more information, see the Cisco Prime Infrastructure Integration section on the ESS online help or access the user guide at: C:\Program Files\Ekahau\Ekahau Site Survey\doc.
The Prime Infrastructure relies on the IEEE Organizational Unique Identifier (OUI) database to identify the client vendor name mapping. Prime Infrastructure stores vendor OUI mappings in an XML file named vendorMacs.xml. This file is updated for each release of Prime Infrastructure. With the OUI update, you can perform the following:
This section lists the open caveats in 22.214.171.124 for Windows and Linux. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
- Commands are in boldface type.
- Product names and acronyms may be standardized.
- Spelling errors and typos may be corrected.
If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
To become a registered cisco.com user, go to the following website:
Table 3 lists the open caveats in Release 126.96.36.199.
Table 4 lists the open caveats in Release 188.8.131.52.
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
choose your product, and then click the Troubleshoot and Alerts heading on the product page to find information on the problem you are experiencing and other service advisories.
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks . Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.