Table Of Contents
Release Notes for Cisco Mobility Services Engine, Release 220.127.116.11
First Published: July, 2013OL-28564-02
These release notes describe the requirements, features, limitations, restrictions (caveats), and related information for release 18.104.22.168 of the Cisco mobility services engines and its services:
•Conected Mobile Experiences
•Wireless Intrusion Protection System (wIPS)
Note Cisco 3350 and 3310 mobility services engines are not supported from Release 7.4 onwards.
Note Before installing this software, see the "Upgrading the MSE" section for details on compatibility with the Cisco wireless LAN controllers (WLC) and the Cisco Prime Infrastructure.
Note You need licenses to run all the MSE services. For ordering information, see the "Licensing Information for MSE" section.
These release notes contain the following sections:
This section introduces the Cisco mobility services engine (MSE) and the various services that it supports.
Cisco Mobility Services Engine and Services
The Cisco mobility services engine supports various services within the overall Cisco Unified Wireless Network (CUWN).
The Cisco mobility services engine currently supports the following services in Release 22.214.171.124:
•Connected Mobile Experiences—Allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as presence, location, telemetry data, and historical information.
CAS relies on two engines for processing the contextual information it receives. The Context Aware Engine for clients and tags ("KC" licenses) processes data for Wi-Fi clients and tags using the RSSI information. The Context Aware Engine for tags ("KT" licenses) processes data for Wi-Fi tags using RSSI and TDoA information. Both these engines can be deployed together or separately depending on the business needs.
Note For ordering information, see the "Licensing Information for MSE" section.
•Wireless Intrusion Protection Service—Provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption within the CUWN infrastructure. wIPS visualizes, analyzes, and identifies wireless threats, and centrally manages mitigation and resolution of security and performance issues using Cisco monitor mode and Enhanced Local Mode (ELM) Access Points. Proactive threat prevention is also supported to create a hardened wireless network core that is impenetrable by most wireless attacks.
•Location Analytics Service—The Location Analytics service analyzes wireless device location information in a particular network. The Location Analytics service uses the data provided by the Cisco Mobility Services Engine (MSE) to calculate the location of Wi-Fi devices in the Wireless Local Area Network (WLAN). When a wireless device is enabled in a network, it transmits probe request packets to identify the wireless network in its neighborhood. Even after connecting to the access point in the WLAN, the client devices continue to transmit probe request packets to identify other access points for better quality of service. The access points gather these request and the associated RSSI from the various wireless devices and forwards them to the Wireless LAN Controller (WLC). The controller then forwards this information to the MSE.
The basic data that is collected from various APs, when analyzed, produces information and knowledge about the movement and behavior patterns of people who are using Wi-Fi devices in the building. For example, the building can be an airport, shopping mall, city center, and so on. The CMX Analytics service helps the airport authorities or the building owners to understand the movement of passengers or customer within their building. This helps them improve the signage, make changes to the under utilized areas, and so on.
Note From Release 7.4 onwards, licensing is going to be AP based and supports 100 AP evaluation license for CAS which is limited to 100 elements (clients, tags, interferers, etc combined).
Software Compatibility Matrix
Table 1 lists the compatibility matrix for the various releases of the Cisco mobility services engine, Cisco Wireless Control System, Cisco Prime Infrastructure, and Cisco Wireless LAN controlle
Note Cisco MSE 3310 and 3350 are supported only till Release 7.3.
Note This compatibility matrix lists only the compatibility information of Cisco MSE with other Cisco wireless products. This matrix does not reflect compatibility information between Cisco WLC and Cisco Prime Infrastructure or Cisco NCS. For compatibility information about Cisco Prime Infrastructure with Cisco WLC and other wireless products, see the Cisco Prime Infrastructure Release Notes.
Upgrading the MSE
For instructions on automatically downloading the software using the Prime Infrastructure or for manually downloading the software using a local or remote connection, see the "Updating Mobility Services Engine Software" section in Chapter 2 of the Cisco Mobility Services Engine Getting Started Guide.
You can find these documents at the following URL:
This section contains the following topics:
The following scenarios are available to upgrade MSE to 126.96.36.199 from 7.x releases:
Note Do not run uninstall on the 7.4 Release, instead stop the MSE and directly run the installer.
Upgrading the MSE to 188.8.131.52 from 7.x Release Without Data Migration
To upgrade from 7.x release to 184.108.40.206 without data migration, follow these steps:
Step 1 Back up the existing database using the Prime Infrastructure. (We recommended this).
All data existing on the system will be lost and a fresh blank database will be created.
Step 2 Transfer the *.tar file for 220.127.116.11 to the MSE appliance:
Step 3 Place the file in the /opt/installers folder. You should manually FTP this file to the appliance.
Note Use binary mode for the transfer. Make sure that the downloaded file sizes are the same as those on Cisco.com.
Step 4 Untar the file: tar -xvf CISCO-MSE-K9-7-4-110-0-64.bit-db.tar
This gives you the following:
Step 5 To decompress (unzip) the file, execute: gunzip CISCO-MSE-L-K9-7-4-110-0-0-64bit.bin.gz.
Step 6 Enter the following command:
chmod +x CISCO-MSE-L-K9-7-4-110-0-64bit.bin
Step 7 Stop the MSE service using the following command:
service msed stop
Step 8 Uninstall the existing MSE software. Choose deletion of database when prompted.
Step 9 Invoke the MSE installer.
Doing so installs the new database using the four .zip files for the database along with the MSE software.
Initial database installation can take a long time (20 minutes at least -or- approximately). Do not cancel the installer midway through the installation process.
Once installed, follow the regular procedure to start, stop, or add an MSE to the Prime Infrastructure.
Note The MSE appliance needs to be rebooted using the "reboot" command before starting the MSE services.
Upgrading the MSE to 18.104.22.168 from 7.x Release
To upgrade the MSE to 22.214.171.124 from 7.x release, follow these steps:
Note Complete database installation is not required if you are upgrading from 126.96.36.199
Step 1 Download CISCO-MSE-L-K9-7-4-110-0-64bit.bin.gz to the MSE using the standard Prime Infrastructure download software page.
Step 2 Transfer the software to the /opt/installers directory on the MSE server via FTP or another transport method.
Step 3 Unzip the file: gunzip CISCO-MSE-L-K9-7-4-110-0-64bit.bin.gz
Step 4 Enter the following command:
chmod +x CISCO-MSE-L-K9-7-4-110-0-64bit.bin
Step 5 Run this command: service msed stop and restart the MSE.
Step 6 Execute the file with ./CISCO-MSE-L-K9-7-4-110-0-64bit.bin
The installer automatically detects if there is an old database present and asks the relevant questions.
Restoring an Old Database to 188.8.131.52
To restore an old database, follow these steps:
Note The regular Restore option on the Prime Infrastructure cannot be used to restore an older database of older releases such as 6.0, 184.108.40.206, or 220.127.116.11 onto 18.104.22.168.
Step 1 Stop the running MSE 22.214.171.124.
Step 2 Uninstall the software. Delete the database.
Step 3 Based on backed up data that you want to restore, follow the matrix in Table 2 to install a relevant version of MSE.
Table 2 Release Matrix
Version of Database to be restored New Version that Should be Installed
5.2, 6.0, 7.0
Step 4 Once you have installed the software, restore the desired database backup onto this using the regular procedure from the Prime Infrastructure.
Step 5 To migrate data to 7.x.x.x, follow the steps in the "Upgrading the MSE to 7.6 from Older Releases with Data Migration" section on page 13.
Compressed Software Image
If you download the mobility services engine image *.gz file using the Prime Infrastructure, the mobility services engine automatically decompresses (unzips) it, and you can proceed with the installation as before.
If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the LINUX operating system and must be decompressed using the gunzip utility program. The unzip method you use is defined by the filename you are trying to unzip.
To make the bin file executable, use the chmod +x filename.bin command.
The MSE virtual appliance software is distributed as an Open Virtualization Archive (OVA) file. You can install the MSE virtual appliance using any of the methods for deploying an OVF. For more information on deploying the MSE virtual appliance, see Chapter 5: "MSE Delivery Modes" in the Cisco Connected Mobile Experiences Configuration Guide, Release 7.4, and Cisco Wireless Intrusion Prevention System, Release 7.4, respectively.
Updated Software Version Shown in the Prime Infrastructure After Polling
After a software update, the new mobility services engine software version does not immediately appear in mobility services engine queries on the Prime Infrastructure. Up to 5 minutes is required for the new version to appear. Prime Infrastructure, by default, queries the mobility services engine for status every 5 minutes.
CAS, wIPS, and Advanced Location Services License Requirements
Client and wIPS licenses are installed from the Prime Infrastructure (Administration > License Center). See, Chapter 2: "Adding and Deleting Mobility Services Engines and Licenses" in the Cisco Connected Mobile Experiences Configuration Guide, Release 7.4, Cisco Wireless Intrusion Prevention System, Release 7.4, and Cisco Location Analytics Configuration Guide, Release 7.4 respectively.
Tag licenses are installed using the AeroScout System Manager. See the "Installing Tag Licenses" section in Chapter 2: "Adding and Deleting Mobility Services Engines and Licenses in the Cisco Connected Mobile Experiences Guide, Release 7.4.
For complete details on ordering and downloading licenses, see the Cisco Mobility Services Engine Licensing and Ordering Guide at the following URL: http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c07-473865.html
Licensing Information for MSE
Cisco MSE Location Services and Advanced Location Services Software
•Advanced Location service is introduced in Release 7.4 and it includes Mobile Concierge service and Location Analytics service.
•From Release 7.4 onwards, licensing is going to be AP based and not end point based. To accommodate this, new L-LS-licenses are introduced in this release.
Note CAS licenses will be End of Life with standard 6 months of End of Sales and until then both CAS and LS licenses will co-exist.
•Cisco MSE 3355 supports up to 500 access points for Cisco MSE Location Services or Advanced Location Services. The Cisco MSE virtual appliance supports up to 1,000 access points, depending on the server resources.
•There is no change to endpoint support and MSE 3355 supports 25,000 and high end virtual alliance supports 50000. All licenses are additive.
SKUs for Cisco MSE Location Services
The following are the Cisco MSE location services software licenses.
Note You must select L-MSE-PAK to order these licenses.
SKU to upgrade from a Location Services to Advanced Location Services:
Order Number Licenses
License to upgrade to Advanced Location Services for 1 access point.
Cisco Wireless IPS Software
Licenses are available for monitor mode and enhanced local mode for Cisco wIPS software.
SKUs for Cisco wIPS in Monitor Mode
The Cisco wIPS monitor mode licenses are based on the number of number of full-time monitoring access points deployed in the network. The Cisco 3355 mobility services engine supports up to 5,000 monitor mode access points. The Cisco mobility services engine virtual appliance supports up to 10,000 monitor mode access points, depending on server resources. All licenses are additive.
Note You need to select L-MSE-PAK to order these licenses.
Order Number Licenses
Supports 1 Monitor Mode access point.
Supports 100 Monitor Mode access points.
Supports 1000 Monitor Mode access points.
SKUs for Cisco wIPS in Enhanced Local Mode
The Cisco wIPS Enhanced Local Mode software licenses are based on the number of local mode (data serving) access points. The Cisco mobility services engine supports up to 5,000 local mode access points. The Cisco mobility services engine virtual appliance can track up to 10,000 local mode access points, depending on the server resources. All licenses are additive.
Note You must select L-MSE-PAK to order these licenses.
Order Number Licenses
Supports 1 Enhanced Local Mode access point.
Supports 100 Enhanced Local Mode access points.
Supports 1000 Enhanced Local Mode access points.
Cisco Mobility Services Licenses for High Availability
No separate license is required for high availability. To enable high availability, you need to deploy a primary Cisco MSE appliance with Cisco CAS and wIPS licenses, and a secondary Cisco MSE appliance without any Cisco CAS or wIPS license.
This section describes the operational notes and navigation changes for CAS, wIPS, and the mobility services engine for Release 126.96.36.199 and later releases.
Features and operational notes are summarized separately for the mobility services engine, CAS, and wIPS.
This section contains the following topics:
Operational Notes for a Mobility Services Engine
This section lists the operational notes for the mobility services engine and contains the following topics:
Automatic Installation Script for Initial Setup
An automatic setup wizard is available to help you initially set up the mobility services engine.
An example of the complete automatic setup script is provided in the Cisco Mobility Services Engine Getting Started Guide.
You can find these documents at the following URL:
Parameter Changes During Upgrade from 6.0.x to 7.0.x
You will notice a change in the tracking limits when you do the following:
1. Configure tracking limits in 6.0.x.
2. Upgrade to 7.0.x.
If limits are greater than licensed counts, limits are removed and licensed counts are enforced instead.
Controller and Associated Mobility Services Engine Must be Mapped to the Same NTP and Prime Infrastructure Server
Communication between the mobility services engine, the Prime Infrastructure, and the controller are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the controller, Prime Infrastructure, and the mobility services engine.
The mobility services engine and its associated controllers must be mapped to the same NTP server and the same Prime Infrastructure server.
Local time zones can be configured on a mobility services engine to assist network operations center personnel in locating events within logs.
Note You can configure NTP server settings while running the automatic installation script. See the Cisco Mobility Services Engine Getting Started Guide for details on the automatic installation script at the following URL:
Mandatory Default Root Password Change
You must change the default root password of the mobility services engine while running the automatic installation script to ensure optimum network security.
You can also change the password using the Linux passwd command.
Note For the initial login, even if you choose Skip (S), you will be prompted to enter the password. This is because it is mandatory to change the root password at the initial login.
Configuring the Prime Infrastructure Communication Username and Password Using MSE setup.sh
You can configure the Prime Infrastructure Communication username and password using the MSE setup.sh script file.
Scenarios which you might encounter while configuring the Prime Infrastructure username and password are as follows:
•If you configure a new Prime Infrastructure username and password, the password provided is applicable for the new Prime Infrastructure username created.
•If you only configure the Prime Infrastructure username without configuring the Prime Infrastructure password, then the default password admin is applied to the configured username.
•If you only configure the Prime Infrastructure password without configuring the Prime Infrastructure username, then the password for the admin user is changed.
•If you configure an existing username for the Prime Infrastructure username and also configure the password, then the password for that existing user is changed.
Note These users are API users, and they do not have corresponding OS users on the MSE appliance.
Configuration Changes for Greater Location Accuracy
In some RF environments, where location accuracy is around 60 to 70% or where incorrect client or tag floor location map placements occur, you might need to modify the moment RSSI thresholds in the Context Aware Service > Advanced > Location Parameters page on the Prime Infrastructure.
The following RSSI parameters might require modification:
Caution Contact Cisco TAC for assistance in modifying these parameters.
Operational Notes for CAS
This section lists the operational notes for a mobility services engine and contains the following topics:
Synchronization Required When Upgrading to Release 7.2 or Importing CAD Floor Images
When upgrading to Release 7.2 from Release 6.x (and earlier), you must synchronize after the software upgrade and also when CAD-generated floor images are imported into the Prime Infrastructure.
Floor Change or Minimum Distance Required for Location Transitions to Post to the History Log
When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors or the new location of the element is at least 30 feet (10 meters) from its original location.
Note The other conditions for history logging are as follows:
•Clients: Association, authentication, re-association, re-authentication, or disassociation.
•Tags: Tag Emergency button.
•Interferers: Interferer severity change, cluster center change, or merge.
See Services > Mobility Services > Device Name > Context Aware Service > Administration > History Parameters.
Logs can be viewed at Services > Mobility Services > Device Name > Systems > Log.
AeroScout MobileView Release 4.1 Required for Northbound Notifications
If AeroScout MobileView Release 4.1 and earlier is in use, incorrect responses are sent to those northbound notifications received from the mobility services engine. Northbound notifications are then sent again by the mobility services engine, overloading the notification queue and resulting in reports of dropped notifications.
The workaround for this is to upgrade to AeroScout MobileView Version 4.1 (CSCsx56618).
Separate Partner Engine Software Install Not Required for Tag Contextual Information
In Release 5.2 and later, the partner software that supports tag contextual information (temperature, availability, and location calculations) is bundled into the mobility services engine software. No separate download of partner engine software is required as in Release 5.1.
Non-Cisco Compatible Extensions Tags Not Supported
The mobility services engine does not support non-Cisco CX Wi-Fi tags. Additionally, these non-compliant tags are not used in location calculations or shown on the Prime Infrastructure maps.
Cisco Compatible Extensions Version 1 Tags Required at a Minimum
Only Cisco CX Version 1 (or later) tags are used in location calculations and mapped in the Prime Infrastructure.
Monitoring Information Varies for Clients and Tags
Note This information is missing if the AeroScout Tag Engine is used.
In the Monitor > Clients page (when Location Debug is enabled), you can view information on the last heard access point and its corresponding Received Signal Strength Indicator (RSSI) reading.
Calibration Models and Data
Calibration models that are applied through the Prime Infrastructure do not apply to tags if AeroScout engine is used for calculation. If the Cisco tag engine is used, then everything applied on the Prime Infrastructure calibration models and data uses tag calculation.
Calibration models and data do not apply only to tags if AeroScout engine is used for tag calculation. It always applies to wireless clients, interferers, rogue APs, and rogue clients.
See Chapter 7, "Context-Aware Planning and Verification" in the Cisco Connected Mobile Experiences Configuration Guide, Release 7.4 for more details on client calibration.
Advanced Location Parameters
Advanced location parameters does not apply to tags if AeroScout engine is used and otherwise it works always. Settings for advanced location parameters related to RSSI, chokepoint usage, location smoothing, and assignment of outside walls on floors, are not applicable to tags.
See the "Editing Advanced Location Parameters" section in Chapter 7 of the Cisco Connected Mobile Experiences Configuration Guide, Release 7.4.
See Services > Mobility Services > Device Name > Context Aware Service > Advanced > Location Parameters in the Prime Infrastructure UI.
Location History Time stamps Match Browser Location
The Prime Infrastructure time stamp is based on the browser location and not on the mobility services engine settings. Changing the time zone on the Prime Infrastructure or on the mobility services engine does not change the time stamp for the location history.
PDAs and Smartphone with Limited Probe Requests Might Affect Location
Many PDAs like smartphones and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such PDAs using RSSI readings is not always optimal.
Prime Infrastructure Screen and Navigation Changes
•Services replaces Mobility in the Prime Infrastructure navigation bar.
•A centralized license center to install and view license status is available (see Administration > License Center).
•A Switches tab is a new synchronize option to support the new wired Catalyst switch and wired client feature (see Services > Synchronize Services).
Operational Notes for Location Analytics Service
This section lists the operational notes for Location Analytics service.
The Location Analytics in Release 7.4 provides ability to view the analytic results in both 2D (Open Street Maps) and 3D (WebGL) environments. This provides improved understanding of results, on multiple floor paths or when dwell times are calculated throughout a multi-storey building. The 3D environment presents the same information as the 2D environment.
WebGL is an advanced feature that provides graphic capabilities. All borowsers do not support WebGL on a particular hardware. Verify your browser compatibility in the Get WebGL website. If your browser supports WebGL, then you must see a spinning cube.
If your browser does not support WebGL, you must do the following:
•Update your latest drivers for video card.
•For Google Chrome, follow the instructions given for WebGL and 3D Graphics in the Google Chrome support website.
•For Firefox, follow these steps to enable WebGL:
–Download the latest build of Firefox browser and launch Firefox on your computer.
–In the browser address line, enter about:config
–In the Search text box, enter webgl to filter the settings
–Double click webgl.enabled_for_all_sites
–Set the webgl.enabled_for_all_sites=true
•For Safari, follow these steps to enable WebGL:
–Choose Safari > Preferences.
–Click the Advanced tab.
–Select the Show Develop menu in menu bar check box.
–Choose Enable WebGL from the Develop menu.
•Internet Explorer 10 does not have the built-in support for WebGL and Microsoft has not announced any plans for implementing it in the future. WebGL support can be manually added to Internet Explorer using third-party plugins. For more information, see the WebGL for Internet Explorer website.
Sometimes Location Analytics service does not start up because of a stray Jboss process that runs as a root user. If Analytics engine does not start and if you notice a stray Jboss process with root permissions running, then you must to do the following:
•Stop Location Analytics service from the Prime Infrastructure.
•Kill the Jboss process.
•chown - R nobody:nobody/opt/mse/analytics.
•Start Location Analytics service from the Prime Infrastructure.
New Feature Support
There are no new features or enhancements in this release. This release addresses bug fixes. For more information, see the Caveats section.
This section lists the open caveats in 188.8.131.52 for Windows and Linux. For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
•Commands are in boldface type.
•Product names and acronyms may be standardized.
•Spelling errors and typos may be corrected.
If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
To become a registered cisco.com user, go to the following website:
This section contains of the following topics:
Table 3 lists the open caveats in Release 184.108.40.206.
Table 4 lists the open caveats in Release 220.127.116.11.
If You Need More Information
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at the following URL:
Click Troubleshooting, choose your product, and then click the Troubleshoot and Alerts heading on the product page to find information on the problem you are experiencing and other service advisories.
The following documents are related to the mobility services engine:
•Cisco Connected Mobile Experiences Software Configuration Guide, Release 7.4
•Cisco Wireless Intrusion Prevention System Configuration Guide, Release 7.4
•Cisco Location Analytics Configuration Guide, Release 7.4
•Cisco Mobility Services Engine Getting Started Guide
•The Prime Infrastructure Online Help available with the Prime Infrastructure product.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013 Cisco Systems, Inc. All rights reserved.