Revised: September 4, 2014
The appendix lists common deployment issues and their solutions.
MSE and WLC Communication Problems
Sometimes with a Virtual install of Mobility Services Engine, there can be a misconfiguration of certificate between WLC and MSE. If the NMSP status between the MSE and WLC is not in an “UP” state, verify that the following steps have been followed:
1. MSE and WLC are time synced to the same NTP server.
2. WLC time should not be behind MSE time. Also any time difference between the two should not be greater than 1-2 minutes.
If after verifying these steps the MSE and WLC NMSP connection is still not up, then it is important to:
- Configure MSE manually on the WLC.
- Use un-authenticated NMSP tunnel between MSE and WLC.
Perform the following.
Step 1 Login into MSE via ssh connection or via a console connection.
Step 2 Issue the commands:
[root@cmxmse ~]# cmdshell -- Issue this command to get into cmdshell
cmd> show server-auth-info - Issue this command to get auth info for the MSE
invoke command: com.aes.server.cli.CmdGetServerAuthInfo
AesLog queue high mark: 50000
AesLog queue low mark: 500
MAC Address: 00:0c:29:b1:f5:a8 - Note the MAC address
SHA1 Key Hash: ee68b5062b4181f68d5dd489db2bfcf5637b5eff
SHA2 Key Hash: ec7ebc55bbef366332da70e995f2c073bc7cfaf4cb6d845336adfc67ce961644 -- Make a note of this key to be used later
cmd> config unauthenticated-nmsp true - Enable Un-authenticated NSMP connection.
invoke command: com.aes.server.cli.CmdSetServerConfigParameter
Parameter unauthenticated-nmsp was successfully modified
Step 3 Login into the WLC via SSH or Console shell and invoke the commands:
(Cisco Controller) >config auth-list add sha256-lbs-ssc <MAC ADDRESS> <KEY HASH>
MAC ADDRESS and KEY HASH are derived from Step 2.
Step 4 Verify that MSE has been manually added on the WLC and the NSMP connections are up between the two. Invoke the following commands on WLC:
(Cisco Controller) >show auth-list - Shows the manually added MSE to WLC
Authorize MIC APs against Auth-list or AAA...... disabled
Authorize LSC APs against Auth-List............. disabled
AP with Manufacturing Installed Certificate.... yes
AP with Self-Signed Certificate................ yes
AP with Locally Significant Certificate........ yes
Mac Addr Cert Type Key Hash
----------------------- ---------- ------------------------------------------
00:0c:29:b1:f5:a8 LBS-SSC-SHA256 ec7ebc55bbef366332da70e995f2c073bc7cfaf4cb6d845336adfc67ce961644
(Cisco Controller) >show nmsp status - Shows NSMP status
MSE IP Address Tx Echo Resp Rx Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------
<MSE IP > 75779 75779 210547 12
Aspect Ratio Issues while Creating Maps
When uploading maps into Cisco Prime Infrastructure, ensure that the scale of the map is correct. If the scale is not correct, there will be aspect ratio issues on the map. If you see that the aspect ratio of the map you upload is not correct, delete the map and re-upload it with the correct scale. There is no way to modify scale after the map has been uploaded.
Coverage Zones Cannot Be Renamed
Ensure that Coverage Zones have the right names before deploying the solutions. The names of Coverage Zones cannot be renamed in this release.