This release includes deployment of a new image version of Cisco CMX 11.0.1-129. This release is packed with an Alma Linux operating system upgrade.

You can upgrade from the previous releases of Cisco CMX 11.0.0-154.

Cisco CMX Release 11.0.1 supports migration of your data from Cisco CMX Release 10.6.3-146 to the latest Cisco CMX Release 11.0.1-129. Use the cmxos upgrade command to migrate data from CMX 11.0.0-154.

Note	Cisco CMX Release 11.0.1 is not supported on Cisco 3375 Appliance for Cisco Connected Mobile Experiences and Cisco Mobility Services Engine (MSE) 3365 Appliance.

To install Cisco CMX OVA, follow these steps:

1. Download the CISCO_CMX-11.0.1-129.ova file available on the Software Download page.

2. Install the Cisco CMX Release 11.0.1-129 OVA build on the primary and secondary servers.

3. Migrate data from Cisco CMX Release 10.6.3-146 to Cisco CMX Release 11.0.1-129. For detailed instructions, see Data Migration.

Table 1. What's New in Cisco CMX Release 11.0.1

Feature	Description
AlmaLinux Upgrade	This release supports the upgrade from AlmaLinux 8.4 to AlmaLinux 8.7 Stable.
FIPS Support	This release includes FIPS recertification and supports CSM Toolkit/FIPS toolkit with FOM v7.2a.
Data migration	Data migration from Cisco CMX Release 10.6.3-146 to Cisco CMX Release 11.0.1 is supported. For more information, see Data Migration.
TLS 1.3 Support	In this release, all TLS connections (haproxy, influxdb, postgres, nodejs) support TLS Version 1.3 protocol.
Customer Success Management Software (CSM) Toolkit support	The CSM toolkit supports erstwhile CiscoSSL, CiscoSSH, and other tools repackaged under csm-toolkit (using FOM 7.2a).
Critical issue fixes	Includes critical issue fixes.

Table 4. Cisco CMX License

Cisco CMX License	Features
Cisco CMX Base Cisco DNA	Cisco CMX RSSI-based location calculation of clients, interferers, and rogues for Cisco products such as Cisco Catalyst Center, Cisco Prime Infrastructure, and Cisco Identity Services Engine Use of Cisco CMX location data in Catalyst Center Use of Cisco CMX location data in Cisco Prime Infrastructure Tethering of Cisco CMX to Cisco Spaces Use of Business Insights and other capabilities of Cisco Spaces as and when available Use of Basic Detect and Locate capabilities of Cisco Spaces as and when available Use of Basic Location Analytics capabilities of Cisco Spaces as and when available Access to the DETECT, MANAGE, and SYSTEMS tabs in the Cisco CMX or Cisco Spaces user interface
Cisco CMX Advanced Cisco Spaces ACT/EXT	Cisco CMX advanced location calculation capabilities, including Cisco FastPath and Cisco Hyperlocation Use of Captive Portal capability of Cisco Spaces as and when available Use of Profile and Engagement capability of Cisco Spaces as and when available Use of Advanced Location Analytics capability of Cisco Spaces as and when available Use of Operational Insights capability of Cisco Spaces as and when available Use of Advanced Detect and Locate capability of Cisco Spaces as and when available

• The Cisco CMX Evaluation License provides full functionality for a period of 120 days. The countdown starts when you start Cisco CMX and enable a service.

  Two weeks before the evaluation license expires, you will receive a daily alert for obtaining a permanent license. If the evaluation license expires, you will not be able to access the Cisco CMX GUI or APIs. Cisco CMX will continue to run in the background and collect data until you add a permanent license and regain access to it.

• A Cisco Spaces license (SEE or ACT/EXT) is required to connect Cisco CMX to a cloud. The cloud license includes the Cisco CMX license required to enable Cisco CMX.

• Cisco CMX now includes license changes that warn that the use of Cisco Hyperlocation capabilities requires the Cisco CMX Advanced License. If you have any questions about licensing, contact your Cisco account team.

• The High-Availability feature on Cisco CMX is part of the Cisco CMX Base license, which you should install on the primary HA server. The secondary HA server automatically receives a copy of the Cisco CMX license during synchronization. There is no HA-specific license to install.

• When a third-party certificate is installed in an HA setup, the certificate must be installed separately on both the primary and secondary Cisco CMX servers. For additional information and procedures, see the “Installing a CA-Signed Certificate for High Availability in Cisco CMX” section in the Cisco CMX Configuration Guide at:

  https://www.cisco.com/c/en/us/td/docs/wireless/mse/10-6/cmx_config/b_cg_cmx106/getting_started_with_cisco_cmx.html#id_122557.

For information about procuring Cisco CMX licenses, see the Cisco Connected Mobile Experiences (CMX) Version 10 Ordering and Licensing Guide for this release at:

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/connected-mobile-experiences/guide-c07-734430.html.

For information about adding and deleting licenses, see the “Managing Licenses” section in the Cisco CMX Configuration Guide for this release at:

https://www.cisco.com/c/en/us/support/wireless/connected-mobile-experiences/products-installation-and-configuration-guides-list.html.

• Cisco CMX Release 11.0.1 is a new OVA installation for Cisco CMX.

• Inline upgrade from Cisco CMX Release 11.0.0 to Cisco CMX Release 11.0.1 is supported.

• Inline upgrade from Cisco CMX Release 10.x.x to Cisco CMX Release 11.0.1 is not supported.

• Data migration is supported only from Cisco CMX Release 10.6.3-146 to Cisco CMX Release 11.0.1-129.

• You must install the cmx-11-migration-readiness-patch Patch Release on the primary server running Cisco CMX Release 10.6.3-146 to migrate data.

• Downgrading from any Cisco CMX release is not supported.

• (CSCve28851) The following error message is displayed because MATLAB only counts heavy walls for location calculation, while Java counts all the obstacles on the floor map. Ignore this message because the heat maps are now correctly generated and stored:

  ERROR com.cisco.mse.matlabengine.heatmap.BaseMatlabHeatmapBuilder - 
  MatlabHeatmapBuilder#createApInterfaceHeatmap Number of heavy walls used by Matlab: 
  <nn> not equal to count reported by Java: <nn> during heatmap calculation for AP Interface: 88:f0:31:08:06:70-5.0-2.

• (CSCve37513) Cisco CMX detects the same sources of interferences as the Cisco CleanAir system. For more information, see the “Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (GUI)” section in the Chapter “Wireless Quality of Service” of the Cisco Wireless Controller Configuration Guide, Release 8.4 at:

  https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-4/config-guide/b_cg84/wireless_quality_of_service.html#ID51.

  The sources of interference are:

  • Bluetooth Paging Inquiry: A Bluetooth discovery (802.11b/g/n only)

  • Bluetooth Sco Acl: A Bluetooth link (802.11b/g/n only)

  • Generic DECT: A digital, enhanced cordless communication-compatible phone

  • Generic TDD: A time division duplex (TDD) transmitter

  • Generic Waveform: A continuous transmitter

  • Jammer: A jamming device

  • Microwave: A microwave oven (802.11b/g/n only)

  • Canopy: A canopy bridge device

  • Spectrum 802.11 FH: An 802.11 frequency-hopping device (802.11b/g/n only)

  • Spectrum 802.11 inverted: A device using spectrally inverted Wi-Fi signals

  • Spectrum 802.11 non std channel: A device using nonstandard Wi-Fi channels

  • Spectrum 802.11 SuperG: An 802.11 SuperAG device

  • Spectrum 802.15.4vAn 802.15.4 device (802.11b/g/n only)

  • Video Camera: An analog video camera

  • WiMAX Fixed: A WiMAX fixed device (802.11a/n/ac only)

  • WiMAX Mobile: A WiMAX mobile device (802.11a/n/ac only)

  • XBox: A Microsoft Xbox (802.11b/g/n only)

• (CSCvg10317) Cisco MSE virtual machine (VM) appliance running Cisco CMX might not function properly after being powered on after a power outage. If this occurs:

  1. Use the cmxos date command to make sure that the Cisco CMX system date matches the current date. If the dates do not match, use the NTP server to synchronize the dates.

  2. Enter the cmxctl stop –a command to shut down Cisco CMX services.

  3. Enter the cmxctl start command to restart the services.

• (CSCvg28274) If NMSP tunnel flapping occurs, ping an external address to check if the DNS resolution is slow. If it is slow, delete all the external DNS server entries in the /etc/resolv.conf file, except for the entry that maps to the localhost.

• (CSCvg79749) In Cisco CMX Release 10.4.0, the v3 client API was introduced, and the v2 client API was deprecated. We recommend that you use the v3 API instead of the v2 API. High CPU usage by the Cisco CMX Location service occurs when the v2 API is used for a long duration. Restart the Cisco CMX Location service to correct the condition.

• (CSCvi07385) With VMware vSphere ESXi 6.5 Update 2, you can successfully deploy the Cisco CMX OVA file. Update 2 displays the deployment options (Low-end, Standard, and High-end). Minor erroneous text such as [object Object] is also displayed.

  With VMware vSphere ESXi 6.5 and VMware vSphere ESXi 6.5 Update 1, the deployment options are not displayed.

• (CSCvi84935) High CPU usage of the Cisco CMX Analytics and Location services might occur during initial HA synchronization, causing incomplete synchronization. If this occurs, remove the Cisco controller from the system to decrease the CPU usage of the Cisco CMX Analytics service. This provides enough memory for the initial HA synchronization to get completed.

• (CSCvj52515) There is significant overhead in maintaining the compact history, which allows you to query the unique clients seen on a floor or zone per day. This does not affect the regular clients history that is stored in the Cassandra database.

  Note	From Cisco CMX Release 10.4.1-15, the Feature Flags setting for compact location history is disabled by default. If your system is running an earlier release of Cisco CMX, we recommend that you disable the Feature Flags setting.

  To disable the Feature Flags setting, enter these commands:

  1. cmxctl config featureflags location.compactlocationhistory false

  2. cmxctl agent restart

  3. cmxctl location stop

  4. cmxctl location start

• (CSCvn98927) We recommend that you assign an IP address to a single interface (ens32). Assigning IP addresses to two interfaces allows data to go to both the interfaces, which causes Cisco CMX to drop packets, which in turn, leads to issues related to client tracking.

• (CSCvo14248) Generating scheduled reports in PDF format is not supported on Cisco CMX Release 10.5.0 and later. Use the PrtSc option instead. This feature set will be removed from the product.

• (CSCvo60319) On Cisco CMX, using OAuth with Instagram might not always display the Log In portal. If the portal is not displayed, refresh your browser.

• (CSCvp00432) As of Cisco CMX Release 10.6.0, Cisco CMX no longer supports the Historylite (/api/location/v1/historylite) API. The API requires he collection of the compact location history, which causes performance issues.

• (CSCvp11685) If FIPS mode is enabled on Cisco CMX, the Maps online sync (Import from Cisco Prime Infrastructure) fails for Cisco Prime Infrastructure Release 3.5.

  To import maps from Cisco Prime Infrastructure Release 3.5 to Cisco CMX with FIPS mode enabled, you must download the tar file of Cisco Prime Infrastructure, and then upload the tar file to Cisco CMX, as described in the “Importing Maps” section in the Cisco CMX Configuration Guide at:

  https://www.cisco.com/c/en/us/support/wireless/connected-mobile-experiences/products-installation-and-configuration-guides-list.htm.

• (CSCvp19413) If you need to use round brackets (such as parentheses) in a Cisco CMX API regex expression, use a backslash (\) to escape the next character. For example, instead of this string:

  Global->System Campus>1212 Deming Way (TTD)>Floor 1

  use this string:

  Global->System Campus>1212 Deming Way \(TTD\)>Floor 1

• (CSCvp31400) Cisco CMX in FIPS mode does not support the aes128-ctr and aes256-ctr ciphers (while Cisco CMX in non-FIPS mode supports them). If a Cisco Catalyst 9800 wireless controller is using either of these ciphers, it will not be able to communicate with Cisco CMX in FIPS mode.

  Cisco CMX in FIPS mode supports only the aes128-cbc, aes256-cbc, aes128-gcm@openssh.com, and aes256-gcm@openssh.com ciphers.

• (CSCvp25049) The Repeat Devices API does not provide all the required information because it requires information from history location data, which is managed by the compacthistory feature flag. The feature flag causes performance issues and is disabled by default.

• (CSCvp92688) Cisco CMX might not be able to process a large amount of history data from the Cassandra database if the duration between locatedAfterTime and locatedBeforeTime for the All Client History API is either 1 hour or 20 minutes. We recommend that you use the Cassandra export tool to extract history data.

• (CSCvq81962) When the Cisco CMX session idle timeout period is reached, users are logged out of their Cisco CMX UI session whether the session is idle or is actively being used. Users must then log in to Cisco CMX again.

  Use the cmxctl config auth settings command to configure the Session idle timeout in minutes setting. The time range is 1 to 720 minutes. The default value is 30 minutes.

  This timeout period does not apply to Cisco CMX CLI sessions.

• (CSCvq82147) Cisco CMX supports VMware Snapshot.

• (CSCvq82305) Location data is poor when too few Angle of Arrival (AoA) measurements are reported in a network, with both hyperlocation and nonhyperlocation access points.

• (CSCvr16016) The issue of the Cisco CMX Analytics Service not processing data is now fixed in Cisco CMX Release 10.6.2-72 but for the fix to come into effect, you must reboot Cisco CMX.

• (CSCvr26395 and CSCvr26398) The Cisco CMX Troubleshooting Tool supports only Cisco Hyperlocation-capable access points.

• (CSCvs57713) With Cisco CMX Release 10.5 and later and Cisco WLC Release 8.7 and later, the Cisco CMX Group Subscription feature allows one Cisco Hyperlocation-enabled wireless controller to connect to multiple Cisco CMX servers.

• (CSCvs68618) When collecting client data from the Cisco CMX v3 Location API, the last seen time stamp is different from the time stamp displayed on the Cisco CMX GUI.

• In Cisco CMX Release 10.6.2-89, the floorRefId component is replaced with floorId.

• (CSCvs89951) If your network has a Cisco Catalyst 9800 wireless controller, do not check the Exclude Probing Only Clients check box located in the Settings > Filtering section on the System > Dashboard window on Cisco CMX. Checking the Exclude Probing Only Clients check box causes all the clients (probing and associated clients) to be excluded from the controller, and hence will not be displayed on Cisco CMX.

• (CSCvt83715) We recommend that you disable the Cisco CMX Analytics service if you are not using the service.

  • If you are running Cisco CMX Release 10.6.2-72 or earlier, install the cmx-disableanalytics-patch-10.6.2-1.cmxp patch file. Contact Cisco Customer Support (https://www.cisco.com/c/en/us/support/index.html) for the patch file.

  • If you are running Cisco CMX Release 10.6.2-89 or later, use the cmxctl disable analytics command.

  Note	The cmxctl disable analytics command is supported only on Cisco CMX Release 10.6.2-89 and later.

• (CSCvt83902) Cisco CMX displays an authentication error during SSO login if the SAML response from the IDP does not include the User.email, User.FirstName, and User.LastName attributes.

• (CSCvu18413) Due to FIPS/CC/UCAPL compliance, root access is no longer available as of Cisco CMX Release 10.6.0. Only Cisco Customer Support has access to a root patch for troubleshooting. Contact Cisco Customer Support (https://www.cisco.com/c/en/us/support/index.html) for assistance.

Issues describe unexpected behavior in the Cisco CMX application. The Open Issues and Resolved Issues sections list the issues in this release.