Release Notes for Cisco Mobility Services Engine, Release 18.104.22.168
First Published: July, 2015
These release notes describe what is new in the release 22.214.171.124 of Cisco Mobility Services Engine (MSE) and its services, instructions to upgrade to this release, open and resolved caveats and related information. Cisco MSE services include:
Context Aware Service (Location Service)
Wireless Intrusion Protection System (wIPS)
Connected Mobile Experiences (CMX) Analytics Service
Cisco CMX Connect & Engage
Note Before installing the Cisco MSE software, see the “Upgrading Cisco MSE” section for details on compatibility with the Cisco Wireless Controllers (WLC) and Cisco Prime Infrastructure (PI).
This section introduces Cisco MSE and the various services that it supports.
Cisco Mobility Services Engine and Services
Cisco MSE supports various services within the overall Cisco Unified Wireless Network (CUWN):
Context Aware Service (also known as Location Service)—This is the core service of Cisco MSE that turns on Wi-Fi client tracking and location API functionality. It allows Cisco MSE to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as presence, location, telemetry data, and historical information.
Wireless Intrusion Protection Service (wIPS)—Provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption within the CUWN infrastructure. wIPS visualizes, analyzes, and identifies wireless threats, and centrally manages mitigation and resolution of security and performance issues using Cisco monitor mode and Enhanced Local Mode (ELM) access points (APs). Proactive threat prevention is also supported to create a hardened wireless network core that is impenetrable by most wireless attacks.
Cisco CMX Analytics Service—Collects and analyses the basic data from various APs. The CMX analytics service produces information and knowledge about the movement and behavior patterns of people who are using Wi-Fi devices in the building. For example, the building can be an airport, shopping mall, city center, and so on. The Cisco CMX Analytics service helps the airport authorities or the building owners to understand the movement of passengers or customers within their building. This helps them improve the signage, make changes to the underutilized areas, and so on.
Cisco CMX Connect and Engage Service—The Cisco CMX Connect and Engage service provides Connect, a guest Wi-Fi onboarding solution, as well as zone and message configuration for the Cisco CMX Software Development Kit (SDK).
Note From Cisco MSE Release 7.5 onwards, Cisco location engine is used to track clients and tags. If AeroScout engine is detected when you are upgrading from release 7.2 and later releases to release 7.5, then a warning message is displayed about removing the AeroScout license and engine. If you accept, the installer will remove all partner engine sub services. If you do not accept the removal of partner engine, then the installer will exit.
Note Starting from Cisco MSE release 7.4, the evaluation licenses for 100 clients, 100 tags, and 10 wIPS monitor mode access points are a standard on each Cisco MSE. The licenses are valid for a period of 120 days; from Release 6.0 till Release 7.3 the licenses were valid for a period of 60 days.
Note From Cisco MSE release 7.4 onwards, licensing is based on AP count and not on tracked device count.
Software Compatibility Matrix
Table 1 lists the Cisco MSE compatibility matrix for Cisco MSE 3355 on release 126.96.36.199.
Table 2 lists the Cisco MSE compatibility matrix for Cisco MSE 3365 on release 188.8.131.52.
Note This compatibility matrix lists only the compatibility information of Cisco MSE with other Cisco wireless products. This matrix does not reflect compatibility information between Cisco WLC and Cisco Prime Infrastructure or Cisco NCS. For compatibility information about Cisco Prime Infrastructure with Cisco WLC and other wireless products, see the Cisco Prime Infrastructure Release Notes.
Cisco MSE Compatibility Matrix for Release 184.108.40.206
Table 1 Cisco MSE Compatibility Matrix for Cisco MSE 3355 on release 220.127.116.11
* For FIPS compliance, Cisco MSE 8.0 works with Cisco PI 2.2, Cisco WLC 18.104.22.168, and Converged Access 3.6.0.
****The wIPS profile cannot be applied to Cisco WLC release 7.5 or prior using Cisco PI 2.2
***** If you are you are running Analytics and Context Aware Service (Location Service) on different machines and using Cisco PI 1.4 release, then additional setup is required. You can download the Setup script from this location: https://software.cisco.com/download/release.html?mdfid=283765380&flowid=24866&softwareid=282487503&release=22.214.171.124&relind=AVAILABLE&rellifecycle=ED&reltype=latest
Table 2 Cisco MSE Compatibility Matrix for Cisco MSE 3365 on release 126.96.36.199
* For FIPS compliance, Cisco MSE 8.0 works with Cisco PI 2.2, Wireless LAN Controller (WLC) 188.8.131.52, and Converged access 3.6.0.
***While using Cisco PI 2.1.1 and 2.1.2, the wIPS will have Cisco MSE 7.4 feature parity.
****wIPS profile cannot be applied to Cisco WLC release 7.5 or prior using Cisco PI 2.2
***** If you are you are running Analytics and Context Aware Service (Location Service) on different machines and using Cisco PI 1.4 Version, then additional setup is required. You can download the Setup script from this location: https://software.cisco.com/download/release.html?mdfid=283765380&flowid=24866&softwareid=282487503&release=184.108.40.206&relind=AVAILABLE&rellifecycle=ED&reltype=latest
Note AeroScout CLE is not bundled with Cisco MSE release 7.5 and later. However, AeroScout CLE is compatible with Cisco MSE Release 7.5 and later, which uses the API interface.
For instructions on automatically downloading the Cisco MSE software using Cisco PI or for manually downloading the software using a local or remote connection, see the “Updating Mobility Services Engine Software” section in Chapter 2 of the Cisco Mobility Services Engine Getting Started Guide at.
Upgrading the Cisco MSE to 220.127.116.11 from 7.x or 8.x
To upgrade from release 7.x or 8.x to 18.104.22.168, follow these steps:
Note Untar the Cisco MSE software image before placing it in the /opt/installers directory.
Step 1 Download the 22.214.171.124 software image from Cisco.com. The file to be downloaded is: CISCO-MSE-L-K9-8-0-120-0-64bit.bin.tar.gz.
Note If you are downloading the above file on a Windows system, remember that some browsers modify the downloaded filename. If the downloaded filename is not correct, you must update it to the correct filename before using Cisco PI to transfer the file, or directly copying the file to Cisco MSE. The correct filename is CISCO-MSE-L-K9-8-0-120-0-64bit.bin.tar.gz.
Step 2 We recommend that you back up the Cisco MSE using Cisco PI.
Step 3 To download software to a Cisco MSE, choose Services > Mobility Services Engine from the Cisco PI UI.
Step 4 Click the name of the Cisco MSE to which you want to download software.
Step 5 Choose System > Maintenance > Download Software from the left menu.
Step 6 To download the software, perform one of the following tasks:
To download a software listed in the Cisco PI directory, click the Select from uploaded images to transfer into the Server radio button and choose a binary image from the drop-down list.
Cisco PI downloads the binary image to the FTP server directory you specified during the Cisco PI installation.
To download a software that is available locally or over the network, select the Browse a new software image to transfer into the Server radio button and then click Choose File. After locating the file, click Open.
Step 7 Click Download to send the software to the /opt/installers folder on the Cisco MSE.
Step 8 When using Cisco PI to transfer the image to Cisco MSE, the file will be decompressed, and the.gz will be removed from the filename. Verify that the Cisco MSE image file (CISCO-MSE-L-K9-8-0-120-0-64bit.bin.tar) is in the Cisco MSE /opt/installers directory.
Note When copying the image file directly to the Cisco MSE, without using Cisco PI, the filename on Cisco MSE will remain unchanged as CISCO-MSE-L-K9-8-0-120-0-64bit.bin.tar.gz.
Step 9 Go to the to the /opt/installers directory using the cd /opt/installers command.
Step 10 To unpack the installation files, run the following command:
This unpack action yields the following files. These files must be in the same directory when running the installer. The installation process uses the MSE_PUB.pem and signhash.bin to validate the integrity of the Cisco MSE image.
Note If the Cisco MSE image file was transfered directly to the Cisco MSE and not downloaded using Cisco PI, then the following command should be used to decompress and unpack the installer files: tar zxvf../CISCO-MSE-L-K9-8-0-120-0.bin.tar.gz
Note Do not untar or gunzip the database package.
Step 11 Change permissions of the files using the following commands:
Note The installation process takes a minimum of 30 minutes. The actual installation time depends on the amount of data present in your system. After the installation, reboot the system before starting Cisco MSE.
If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the Linux operating system and must be decompressed using the tar zxvf command. For more information, see the Manually Downloading Software section in the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0.
To make the.bin file executable, use the chmod +x <filename.bin> command.
The Cisco MSE virtual appliance is distributed as follows:
Open Virtualization Format (OVF) for VMware
For more information on deploying the Cisco MSE virtual appliance, see the Cisco MSE Virtual Appliance Configuration Guide, Release 8.0.
Updated Software Version Shown in the Cisco PI After Polling
After a software update, the new Cisco MSE software version does not immediately appear in Cisco MSE queries on the Cisco PI. Up to 5 minutes are required for the new version to appear. By default, Cisco PI queries the Cisco MSE for status every 5 minutes.
Upgrading Cisco MSE High Availability
To upgrade for Cisco MSE high availability, follow these steps:
Step 1 Ensure that the HA pair that needs to be upgraded is in normal mode and not in Failover mode. In normal mode, the Primary MSE is active and the Secondary is in standby mode. The output of the gethainfo command on primary MSE will show PRIMARY_ACTIVE and the secondary MSE will show SECONDARY_ACTIVE.
Step 2 Log in to Cisco Prime Infrastructure and delete the MSE HA pair.
Step 3 Perform a full backup of the primary MSE.
Step 4 Stop the primary MSE and the secondary MSE using the service msed stop command.
Step 6 Start both the primary and secondary MSE instances using the service msed start command.
Step 7 Recreate the MSE HA pair using Cisco Prime Infrastructure.
Licensing Information for Cisco MSE
Cisco MSE provides a wide variety of location-based services. To enable these services, the following are required:
Cisco MSE hardware or software appliance
– Physical Appliance—An activation license is not required.
– Virtual Appliance—Requires a Cisco MSE Virtual Appliance Activation license (L-MSE-7.0-K9). It is not sufficient to simply have a service or feature license on an Cisco MSE Virtual Appliance.
Three types of Cisco MSE licenses are available:
Table 4 Cisco MSE License Types
Cisco MSE Service License
Base Location License
Provides advanced spectrum capability, with the ability to detect, track, and trace rogue devices, Cisco CleanAir interferers, Wi-Fi clients, and RFID tags. The Base Location license also enables customers and partners to use standard Cisco MSE APIs.
Provides Base Location license capabilities and the Cisco CMX features:
Cisco CMX Analytics, a user-friendly location analytics platform to view and analyze how, where, and when visitors move through a venue.
Cisco CMX Connect and Engage for a customizable and location-aware captive portal to on-board guest users to Wi-Fi including:
Cisco CMX for Facebook Wi-Fi, helping guests connect to Wi-Fi and use the Internet. Enterprises or merchants gain social demographic data via Facebook Insights.
Cisco CMX SDK for enabling organizations to integrate Wi-Fi-based indoor navigation with push notification and auto-launch capabilities into mobile applications.
Provides complete wireless threat detection and mitigation in the wireless network infrastructure:
Rogue Detection, Classification, and Mitigation
Over-the-Air Attack Detection
Security Vulnerability Monitoring
Performance Monitoring, and Auto-Optimization
Management, Monitoring, and Reporting
Requires a separate Cisco MSE running the wIPS service.
There are 3 deployment options:
Enhanced Local mode–Number of wIPS licenses required equals the number of access points in local mode (data serving) deployed in the network.
Monitor mode–Number of wIPS licenses required equals the number of access points configured in the full-time monitor mode.
Wireless Security Module (WSM) or Monitor module–Number of wIPS licenses required equals the number of wireless security and spectrum intelligence modules deployed in the network.
Client and wIPS licenses are installed from the Cisco PI UI (Administration > License Center). See, Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses” in the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0, Cisco Wireless Intrusion Prevention System, Release 8.0, and Cisco Location Analytics Configuration Guide, Release 8.0.
The Cisco CMX license, called Advanced Location license in release 7.4, supports new features, such as:
Cisco CMX Analytics
Cisco CMX Connect
Cisco CMX for Facebook Wi-Fi
The CMX license includes the Base Location license features used for device tracking and the new additional features of Cisco CMX.
The part number format of this license is L-AD-LS-100AP. Here 'AD-LS' refers to Advanced Location services license and '100AP' gives the AP count supported.
Cisco wIPS License
Table 6 Cisco wIPS License
Cisco MSE Release
Number of APs.
All Cisco wIPS licenses come with the license name wIPS license
There are three deployment options:
Enhanced Local mode–Number of wIPS licenses required equals the number of access points in local mode (data serving) deployed in the network.
Monitor mode–Number of wIPS licenses required equals the number of access points configured in the full-time monitor mode.
Monitor module–Number of wIPS licenses required equals the number of wireless security and spectrum intelligence modules deployed in the network.
Licensing is based on the number of access points in the environment. The licenses are additive.
Cisco MSE License Product Numbers and SKUs
Ordering Support for Physical and Virtual Appliance
The Cisco MSE Virtual Appliance activation license is required for every instance of a Cisco MSE Virtual Appliance. No separate license is required for high availability. To enable high availability, you need to deploy a primary Cisco MSE appliance with Cisco Connected Mobile Experiences and wIPS licenses, and a secondary Cisco MSE appliance without any Cisco CMX or wIPS license
Table 7 lists the ordering support for physical and virtual appliances.
Table 7 Ordering Support for Physical and Virtual Appliance
Cisco MSE Model
Cisco MSE 3365
Hardware and software support
Cisco MSE 3355
Hardware and licenses support
Cisco MSE Virtual Appliance
Software and licenses support
Cisco MSE 8.0 Base License
Software support (only if ordering Cisco 3365 MSE appliance).
MSE 8.0 CMX License
Software support (only if ordering Cisco 3365 MSE appliance).
Maximum number of tracked devices: 50,000 (regardless of the number of AP licenses). Note that the end-device scaling guidelines differ if your are using FastLocate or Presence as a method for determining device location. See the Cisco MSE ordering and licensing guide for more details.
Minimum RAM: 24 GB
Minimum hard disk space allocation: 500 GB with SAS drivers and 1600 I/O operations per second (IOPS)
Processors: 16 vCPUs at 2.0 GHz or faster and a passmark (cpubenchmark.net) no less than 4000
Cisco UCS ® ref: Cisco UCS C240 M3 Rack Server or C460 M2 High-Performance Rack Server
Cisco MSE Standard Virtual Appliance
Base Location license–2500 access points
Cisco CMX license–2500 access points
wIPS license–6000 access points
Maximum number of tracked devices–25,000 (regardless of number of access point licenses). Note that the end device scaling guidelines differ if using FastLocate or presence as a method for determining device location. See the Cisco MSE ordering and licensing guide for more details.
Minimum RAM: 16 GB
Minimum hard disk space allocation: 500 GB with SAS drivers and 1000 IOPS
Processors: 8 vCPUs at 2.0 GHz or faster, and a passmark (cpubenchmark.net) no less than 4000
Cisco UCS ref: Cisco UCS C240 M3 Rack Server
Cisco MSE Low-End Virtual Appliance
Base Location license: 200 access points
Cisco CMX license: Does not support Cisco CMX license
wIPS license: 2000 access points
Maximum number of tracked devices: 2000 (regardless of number of access point licenses). Note that the end device scaling guidelines differ if using FastLocate as a method for determining device location. See the Cisco MSE ordering and licensing guide for more details.
Minimum RAM: 8 GB
Minimum hard disk space allocation: 250 GB with SAS drives and 900 IOPS
Processors: 4 vCPUs at 2.0 GHz or faster and a passmark (cpubenchmark.net) no less than 4000
What’s New in This Release
This section provides a brief description of what is new in Release 126.96.36.199. For more information about instructions on how to configure these features, see the Cisco Connected Mobile Experiences Configuration Guide, Cisco Wireless Intrusion Prevention System Configuration Guide, Cisco CMX Analytics Service Configuration Guide, Cisco CMX Connect and Engage Configuration Guide, and Cisco MSE Virtual Appliance Configuration Guide at:
Cisco MSE High Availability Issue When Using Cisco WLC 188.8.131.52
When Cisco MSE is synchronized with a Cisco WLC using the Cisco Prime Infrastructure interface, the appropriate security authentication keys are sent to the Cisco WLC from Cisco PI. Cisco PI fetches the security authentication keys from Cisco MSE and then sends them to Cisco WLC. Subsequently, when the Cisco MSE tries to establish an NMSP (Network Mobility Services Protocol) connection with the Cisco WLC, the Cisco WLC validates the connection request against the security authentication keys it has already received from Cisco PI and accepts the connection. This scenario applies to all versions of Cisco MSE and Cisco WLC.
The security authentication key length was updated in Cisco WLC 184.108.40.206 to increase security and Cisco MSE and Cisco PI implementation was also done to handle the longer (SHA2 – Secure Hash Algorithm) keys. In a non-HA (High Availability) setup of Cisco MSE, the communication works correctly regardless of the version of the Cisco MSE and Cisco WLC.
However, in a Cisco MSE High Availability setup, the handling of the SHA2 keys between Cisco MSE and Cisco PI may not work correctly and this impacts NMSP connection between Cisco MSE and Cisco WLC 220.127.116.11 and later versions. When a Cisco MSE HA pair is setup, Cisco PI fetches security keys from both primary and secondary Cisco MSE servers and tries to send them to the Cisco WLC. However, the security keys fetched by Cisco PI from the secondary Cisco MSE are not SHA2 keys and therefore the Cisco WLC does not have the proper security keys for the secondary Cisco MSE. Consequently, after a failover, the secondary Cisco MSE (which is now active) is unable to establish an NMSP connection with the Cisco WLC. Therefore, after a failover, the secondary Cisco MSE is unable to track any clients.
This NMSP issue only impacts the Cisco MSE pair after a failover has occurred.
To ensure that the proper security authentication keys are sent to the Cisco WLC, the network administrator must manually collect the authentication keys from the Cisco MSE using the Cisco MSE command and then add those keys to the Cisco WLC using the controller’s command.
Run the following command on Cisco MSE:
mse > show server-auth-info
Run the following command on Cisco WLC:
Controller> config auth-list add
In general, adding the Cisco MSE authentication keys to the Cisco WLC always ensures that Cisco MSE and Cisco WLC are able to establish NMSP connection.
Operational Notes for Cisco 18.104.22.168 Installation
When installing Cisco MSE 22.214.171.124 release, some installations may encounter an error condition resulting in installation failure. When the installer is invoked, the following output is seen on the screen:
Cisco Mobility Services Engine (created with InstallAnywhere by Macrovision)
By default, Cisco MSE 8.0 supports SHA-2 keyhash algorithm for peer authentication with Cisco WLC 8.0 during the SSL handshake. Cisco PI 1.4.2 and 2.1 supports only SHA-1 AP (or Cisco MSE) Authorization template when synchronizing Cisco WLC with the Cisco MSE. This causes keyhash mismatch issue because the Cisco PI and Cisco MSE uses different keyhash algorithm on Cisco WLC 8.0. An option is added to the Advanced Parameters page in the Cisco MSE user interface (UI) to allow the user to force Cisco MSE 8.0 to use SHA-1 keyhash algorithm.
Follow these instructions to configure SHA-1 Cipher:
1. Launch the Cisco MSE admin UI by typing https://mseip/mseui/app in a web browser.
2. Click Configuration.
3. Choose System > Advanced Parameters from the left menu.
4. Check the Enable Use of SHA-1 Ciphers check box (see Figure 1).
5. Click Save.
Figure 1 Advanced Parameters
6. Unsynchronize Cisco WLC from Cisco MSE, and then resynchronize WLC with Cisco MSE from Cisco PI.
7. The NMSP status should change to active state.
Note If the FIPS mode (also known as Root Access Control) is enabled on the Cisco MSE, then this option will not be available to the users as FIPS mode requires all operations in SHS-2.
Use a valid DNS sever as CAS and Analytics service to use nslookups.
Rebooting Cisco MSE After Fresh Installation or Upgrade
After a new installation or upgrade of the Cisco MSE software, you must reboot the Cisco MSE using the reboot command.
Automatic Installation Script for Initial Setup
An automatic setup wizard is available to help you initially set up the Cisco MSE.
An example of the complete automatic setup script is provided in the Cisco Mobility Services Engine Getting Started Guide.
Mapping Controller and Associated Cisco MSE Must be Mapped to the NTP and Cisco PI Server
Communication between the Cisco MSE, the Cisco PI, and the Cisco WLC are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the Cisco WLC, Cisco PI, and the Cisco MSE.
The Cisco MSE and its associated controllers must be mapped to the same NTP server and the same Cisco PI server.
Local time zones can be configured on a Cisco MSE to assist the network operations center personnel in locate events within logs.
You must change the default root password of the Cisco MSE while running the automatic installation script to ensure optimum network security.
You can also change the password using the Linux passwd command.
Note During the initial login, even if you choose Skip (S), you will be prompted to enter the password. This is because it is mandatory to change the root password at the initial login.
Configuring the Cisco PI Communication Username and Password Using Cisco MSE setup.sh
You can configure the Cisco Prime Infrastructure communication password using the Cisco MSE setup.sh script file.
The scenarios which you might encounter while configuring the Cisco Prime Infrastructure password are as follows:
By default, the username used by Cisco Prime Infrastructure to communicate with Cisco MSE is “admin”.
The username/password used by Cisco Prime Infrastructure to communicate with Cisco MSE can be updated from the Prime user interface only. The setup.sh script only allows changes to the Cisco Prime Infrastructure communication password associated with the username “admin”. If you change the username that is used by Cisco Prime Infrastructure to a username other than “admin” then the password changes made via setup.sh are not effective.
If you configure a new Cisco Prime Infrastructure password, the password provided is applicable for the Cisco Prime Infrastructure username: admin.
Note The Cisco Prime Infrastructure communication users are API users, and they do not have corresponding operating system users on the Cisco MSE appliance.
Configuration Changes for Greater Location Accuracy
In some RF environments, where location accuracy is around 60 to 70 percentage or where incorrect client or tag floor location map placements occur, you might have to modify the moment RSSI thresholds in the Context Aware Service > Advanced > Location Parameters page on the Cisco PI.
The following RSSI parameters might require modification:
Contact Cisco TAC for assistance in modifying these parameters.
Wireless Security Module with 3600 APs
If you are attempting to deploy Wireless Security Module (WSM) with 3600 APs, then APs should be placed in monitor mode with both submode wIPS and advanced wIPS engine enabled on the Cisco PI.
AeroScout Engine Module Changes
Starting Release 7.5, the AeroScout engine module is removed from both the Cisco CMX setup and location code. During installation, if you are upgrading from Release 7.2 and later to Release 7.5, then you will be prompted to remove the AeroScout engine. If you agree to remove, the AeroScout engine is removed and by default, the Cisco Tag Engine is started as part of Cisco CMX. If you do not agree to remove the AeroScout engine, the installation will exit.
Ports to be Opened for High Availability Between Cisco MSEs
The following is the list of ports to be opened for High Availability between Cisco MSEs:
Synchronizing Floor Maps in Location Service
While synchronizing floor maps in location service, we recommend that you synchronize floor maps in batches of 1000 APs at a time.
Operational Notes for Context-Aware Service
This section lists the operational notes for a Cisco MSE and contains the following topics:
Synchronization Required When Upgrading to Release 126.96.36.199 or Importing CAD Floor Images
When upgrading to Release 188.8.131.52 from Release 7.x, you must synchronize after the software upgrade and when CAD-generated floor images are imported into the Cisco PI.
Floor Change or Minimum Distance for Location Transitions to Post to History Log
When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors, or the new location of the element is at least 30 feet (10 meters) from its original location.
Note The other conditions for history logging are as follows:
Clients–Association, authentication, re-association, re-authentication, or disassociation.
Tags–Tag Emergency button.
Interferers–Interferer severity change, cluster center change, or merge.
See Services > Mobility Services > Device Name > Context Aware Service > Administration > History Parameters.
Logs can be viewed at Services > Mobility Services > Device Name > Systems > Log.
Non-Cisco Compatible Extensions Tags
The Cisco MSE does not support non-Cisco CX Wi-Fi tags. Additionally, these non-compliant tags are not used in location calculations or shown on the Cisco PI maps.
Cisco Compatible Extensions Version
Only Cisco CX Version 1 or later tags can be used in location calculations and mapped in the Cisco PI.
In the Monitor > Clients page (when Location Debug field is enabled), you can view information on the last heard access point and its corresponding RSSI reading.
Calibration Models and Data
Calibration models always apply to wireless clients, interferers, rogue APs, and rogue clients.
See Chapter 7, “Context-Aware Planning and Verification” in the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0 for more information about client calibration.
Advanced Location Parameters
Settings for advanced location parameters related to RSSI, chokepoint usage, location smoothing, and assignment of outside walls on floors, are not applicable to tags.
See the “Editing Advanced Location Parameters” section in Chapter 7 of the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0.
See Services > Mobility Services > Device Name > Context Aware Service > Advanced > Location Parameters.
Location History Time Stamps
The Cisco PI time stamp is based on the browser location and not on the Cisco MSE settings. Changing the time zone on the Cisco PI or on the Cisco MSE does not change the time stamp for the location history.
Tablets and Smartphones with Limited Probe Requests
Many tablets, smartphones, and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such devices using RSSI readings is not always optimal.
Repeat Use of FloorIDs
In the relevant CAS API, the use of the parameter FLOORID is not guaranteed to return the same value on consecutive calls. It may get changed by such activities as resynchronizing the Cisco MSE. Instead, the parameter FLOORAESUID should be used. The API call getStationHistoryListByArgs can use both parameters in Cisco MSE Release 8.0.
Operational Notes for wIPS
wIPS profile cannot be pushed to Cisco Wireless Controller (WLC) 7.5 or earlier using the Cisco PI 1.4.x or 2.x with Cisco MSE 7.6.
While using the newer version of Firefox browser to connect to the Cisco MSE user interface or Cisco CMX Analytics user interface, an error message appears saying “Peer’s certificate has an invalid signature”. For more information on how to fix this, see the https://support.mozilla.org/en-US/questions/776144.
To fix this, follow these steps:
1. Open Firefox browser.
2. Enter about:config in the address bar.
3. Enter browser.xul in Filter field.
4. Verify if browser.xul.error_pages.expert_bad_cert property exists with a value of false.
5. Right-click browser.xul.error_pages.expert_bad_cert and select Toggle. The value will change to true.
6. Exit from Firefox.
7. Launch Firefox again and try the Cisco CMX Analytics user interface. You will be asked to add the exception.
The Cisco CMX Analytics in Release 8.0 the provides ability to view the analytic results in both 2D (Open Street Maps) and 3D Web Graphics Library (WebGL) environments. This provides improved understanding of results on multiple floor paths or when dwell times are calculated throughout a multistorey building. The 3D environment presents the same information as the 2D environment.
WebGL is an advanced feature that provides graphic capabilities. All browsers do not support WebGL on a particular hardware. Verify your browser compatibility in the Get WebGL website. If your browser supports WebGL, then you must see a spinning cube.
If your browser does not support WebGL, perform the following actions:
Update your latest drivers for video card.
For Google Chrome, follow the instructions given for WebGL and 3D Graphics in the Google Chrome support website.
For Firefox, follow these steps to enable WebGL:
1. Download the latest build of Firefox browser and launch Firefox on your computer.
2. In the browser address bar, enter about:config.
3. In the Search text field, enter webgl to filter the settings.
4. Double-click webgl.enabled_for_all_sites.
5. Set webgl.enabled_for_all_sites=true.
For Safari, follow these steps to enable WebGL:
1. Choose Safari > Preferences.
2. Click the Advanced tab.
3. Check the Show Develop menu in menu bar check box.
Sometimes, the Cisco CMX Analytics service does not start up because of a stray JBoss process that runs as a root user. If Analytics engine does not start, and if you notice a stray JBoss process with root permissions running, perform the following actions:
1. Stop Cisco CMX Analytics service from the Cisco PI.
2. Kill the Jboss process.
3. Run the chown -R nobody:nobody /opt/mse/analytics command.
4. Start Cisco CMX Analytics service from the Cisco PI.
Operational Notes for Cisco CMX Connect and Engage
While upgrading the Cisco PI server, the map IDs and the information also get updated. This results in new identifiers for maps. The new identifiers are not automatically synchronized with the Cisco CMX Connect and Engage. This causes the location updates to use the new identifiers, but the Cisco CMX Connect and Engage will not be aware of the new identifiers and cause the location updates to get ignored. To resolve this issue, you must update maps in the Cisco CMX Connect and Engage user interface. To update maps, log in to the Cisco CMX Connect and Engage user interface and choose Maps from the left sidebar menu and click Update Maps from Cisco PI.
Operational Notes for Mobile SDK
Two different venues with the same Cisco MSEs receiving location updates result in the device location bouncing from one venue to another venue. The Mobile Application Server (MAS) receives updates and changes the location to the most recent update received. The client location then changes from the most recent location update, which can be from either venue.
Enabling Root Access Control in HA Mode
To enable Root Access Control (RAC) in HA mode, you need to enable RAC on both the primary and secondary Cisco MSEs. The RAC configuration is not synchronized across the primary and secondary servers. Therefore, you should enable it on both servers. This will enable the RAC configuration to work on the active server in case of a failover or failback.
Resynchronizing WLC to MSE After an Upgrade
After upgrading Cisco Prime Infrastructure or Cisco MSE, in some cases, the NMSP sync between the controllers and MSE may not work properly. Without performing the unsync and resync of the controllers to MSE, you may not able to push the wIPS profiles to WLC. We recommend that after you upgrade Cisco Prime Infrastructure or Cisco MSE, perform an unsync operation and then resync all the controllers with MSE.
The Bug Search Tool (BST), which is the online successor to the Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:
Cisco MSE 184.108.40.206: Analytics reports gives error session expired for 3 out of 6 options.
If You Need More Information
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
The Prime Infrastructure Online Help is available with the Prime Infrastructure product.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.