Configure and Troubleshoot DNA Spaces and Mobility Express Direct Connect

Introduction

This document describes 

Background Information

Like a regular AireOS based Wireless LAN Controller, Cisco Mobility Express (ME) running on 802.11ac Wave 2 Access Points (2800, 3800, 4800, 1542, 1562, 1850, 1815) can be connected to DNA Spaces cloud in 3 ways:

• Direct Connection
• Via DNA Spaces Connector
• Via Cisco CMX on-prem appliance or VM

Integration with DNA Spaces is supported starting Mobility Express version 8.3. This article will be covering setup and troubleshooting of Direct Connect only.

Important: Direct connection is only recommended for deployments of up to 50 clients. For any larger ones, use DNA Spaces Connector.

Requirements

Prerequisites

Components Used

• Mobility Express image 8.10.
• 1542 AP
• DNA Spaces cloud

Steps outlined in this article assume that ME has already been deployed and has a working web interface and SSH.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Configure

Mobility Express

DNA Spaces cloud nodes and ME are communicating over HTTPS protocol (port 443). In this test setup the ME running on 1542 AP has been placed behind a NAT with full internet access.

Configuration via Web Interface

Before Mobility Express controller can be connected to DNA Spaces, it is required to set up a NTP and DNS server and have at least one AP joined. Unlike other AireOS based controllers, Mobility Express does not require a DigiSign root certificate to be installed (at the time of writing of this article).

Access the Mobility Express web interface and in the top right corner click on 2 green arrows to enable Expert mode. Expert mode will unlock some of the hidden options:

Navigate to Management > Time and make sure WLC is synced up with NTP. By default, EWC is preconfigured to use ciscome.pool.ntp.org NTP servers:

Navigate to Advanced > Controller Tools > Troubleshooting Tools and verify that the DNS server has been added. By default, ME is preconfigured to use Open DNS servers. HTTP proxy address and port can be entered on the same page:

Under Wireless Settings > Access Points, verify that at least one AP has been joined. This AP can be the same one on which the ME is running:

On DNA Spaces cloud, login and navigate to Setup > Wireless Networks > Connect WLC/Catalyst 9800 Directly and click on View Token:

Copy the Token and URL:

In ME web interface, under Advanced > CMX, paste URL and Authentication Token:

To verify that the connection has been established, click on the Test Link button. If connection has been established, the button will change to Link Up:

Skip the next chapter and go to the “Import Controllers into Location Hierarchy”.

Configuration via CLI

Verify NTP is configured and synced:

(ME) >show time

Time............................................. Mon Feb 24 23:38:13 2020

Timezone delta................................... 0:0
Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna

NTP Servers
	NTP Version.................................. 	3
	NTP Polling Interval......................... 	86400

Index NTP Key Index     NTP Server                    Status        NTP Msg Auth Status
-------------------------------------------------------------------------------------
 1 	0           	 0.ciscome.pool.ntp.org        In Sync       AUTH DISABLED
 2 	0           	 1.ciscome.pool.ntp.org        Not Tried     AUTH DISABLED
 3 	0           	 2.ciscome.pool.ntp.org        Not Tried     AUTH DISABLED

New NTP servers can be added using config time ntp server <index> <ip_address> command.

Verify DNS servers have been configured:

(ME) >show network summary

RF-Network Name............................. ME
DNS Server IP1.............................. 192.168.1.1
DNS Server IP2.............................. 208.67.222.222
DNS Server IP3.............................. 208.67.220.220

New DNS servers can be added using config network dns serverip <ip_addr> command.

To confirm AP has been joined:

(ME) >show ap summary

Number of APs.................................... 1

Global AP User Name.............................. admin
Global AP Dot1x User Name........................ Not Configured
Global AP Dot1x EAP Method....................... EAP-FAST

* prefix indicates Cisco Internal AP

AP Name                Slots  AP Model           Ethernet MAC       Location          	Country     IP Address       Clients  DSE Location
---------------------  -----  -----------------  -----------------  ------------------  ----------  ---------------  -------  --------------
*APD478.9BF8.7070      2      AIR-AP1542I-E-K9   d4:78:9b:f8:70:70  default location  	BE          192.168.1.185    0    	[0 ,0 ,0 ]

Like previously mentioned, access DNA Spaces cloud, navigate to Setup > Wireless Networks > Connect WLC/Catalyst 9800 Directly and click on View Token:

Copy the token and URL:

Run the following commands:

(ME) >config cloud-services cmx disable
(ME) >config cloud-services server url [URL]
(ME) >config cloud-services server id-token [TOKEN]
(ME) >config cloud-services cmx enable

To verify that connection with DNA Spaces cloud has been successfully established, run:

CMX Service

   Server ....................................... https://vasilijeperovic.dnaspaces.eu
   IP Address.................................... 63.33.127.190
   Connectivity.................................. https: UP
   Service Status ............................... Active
   Last Request Status........................... HTTP/1.1 200 OK

   Heartbeat Status ............................. OK
   Payload Compression type ..................... gzip

Import Controllers into Location Hierarchy

Rest of the configuration will be done in DNA Spaces. Under Setup>Wireless Networks>Connect WLC/Catalyst 9800 Directly, click onImport Controllers.

Check the radio button next to your account name and click Next. If you already have some Locations added, they will show up in the list below:

Find your controller IP address, check the box next to it and press Next:

Since no other Locations have been added, just click Finish:

Prompt saying ME has been successfully imported into Location Hierarchy will pop up:

Now that the EWC has been successfully connected to the cloud, you can start using all other DNA Spaces features.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides the information you can use in order to troubleshoot your configuration.

Debugging on Mobility Express is very limited, and at the time of writing this article, does not provide much insight as to why the connection with the cloud failed. Missing NTP server, DNS not resolving DNA Spaces domain name and Firewall blocking HTTPS traffic will all result with the same debug and show outputs:

(ME) >show cloud-services cmx summary

CMX Service

   Server ....................................... https://vasilijeperovic.dnaspaces.eu
   IP Address.................................... 0.0.0.0
   Service Status ............................... Down
   Connectivity.................................. https: Failed to establish connection
   Time remaining for next Retry................. 5 Seconds

If the connection to the cloud has failed, Mobility Express will retry to establish it every 30 seconds. To enable debugs, simply run:

(ME) >debug nmsp all enable 
*emWeb: Jul 01 00:20:52.836: Started http trace logging to file /var/log/debug/wlc-debug-captures.txt

Debug outputs will again be identical for missing NTP server, DNS not resolving DNA Spaces domain name and Firewall blocking HTTPS traffic. Due to this, it is always recommended to perform packet captures on the AP switch port.

Example of a failed connection due to unconfigured NTP can be seen below:

(ME) >debug nmsp all enable
Debugging session started on Jul 01 00:20:52.839  for WLC AIR-AP1542I-E-K9   Version :8.10.112.0  SN :FGL2324B02P  Hostname ME
*nmspTxServerTask: Jul 01 00:21:05.408: Received Message LOCP_HTTPS_SERVICE_UPDATE
*nmspTxServerTask: Jul 01 00:21:05.408: Received CMX service command CMX_SERVICE_LINK_CHECK, Buffer Length 1292

*nmspTxServerTask: Jul 01 00:21:05.408: connection failed. Attempt 1

*nmspTxServerTask: Jul 01 00:21:05.409: Configured Domain:vasilijeperovic.dnaspaces.eu
*nmspTxServerTask: Jul 01 00:21:05.409: Connect to data.dnaspaces.eu/networkdata, Tenent Id vasilijeperovic
*nmspTxServerTask: Jul 01 00:21:05.409: Keep Alive Url:https://data.dnaspaces.eu/api/config/v1/nmspconfig/192.168.1.13
*nmspTxServerTask: Jul 01 00:21:05.409: Initating cmx-cloud connetion. port 443, token eyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g
*nmspTxServerTask: Jul 01 00:21:05.409: [CTX:0] Tx handles in use 0, free 1
*nmspTxServerTask: Jul 01 00:21:05.411: [CTX:1] Tx handles in use 0, free 32
*nmspTxServerTask: Jul 01 00:21:05.411: Http connection URL https://data.dnaspaces.eu/networkdata?jwttoken=eyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g
*nmspTxServerTask: Jul 01 00:21:05.411: Sending Echo Req in start. Refresh Handle =Yes
*nmspTxServerTask: Jul 01 00:21:05.411: Https Control path handle may be refreshed.
*nmspMxServerTask: Jul 01 00:21:05.413: Async Perform done on 1 messages

Example of successful connection:

(ME) >debug nmsp all enable
Debugging session started on Feb 25 01:13:04.913  for WLC AIR-AP1542I-E-K9   Version :8.10.112.0  SN :FGL2324B02P  Hostname ME

*emWeb: Feb 25 01:13:10.138: Init cmx-cloud config: Already initialized
*emWeb: Feb 25 01:13:10.138: Starting connection retry timer
*emWeb: Feb 25 01:13:10.138: Posting Service Request 50 to Tx service

*nmspTxServerTask: Feb 25 01:13:10.212: Received Message LOCP_HTTPS_SERVICE_UPDATE
*nmspTxServerTask: Feb 25 01:13:10.213: Received CMX service command CMX_SERVICE_START, Buffer Length 1292

*nmspTxServerTask: Feb 25 01:13:10.213: Configured Domain:vasilijeperovic.dnaspaces.eu
*nmspTxServerTask: Feb 25 01:13:10.213: Connect to data.dnaspaces.eu/networkdata, Tenent Id vasilijeperovic
*nmspTxServerTask: Feb 25 01:13:10.213: Keep Alive Url:https://data.dnaspaces.eu/api/config/v1/nmspconfig/192.168.1.13
*nmspTxServerTask: Feb 25 01:13:10.213: Initating cmx-cloud connetion. port 443, token eyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g
*nmspTxServerTask: Feb 25 01:13:10.216: [CTX:1] Tx handles in use 0, free 32
*nmspTxServerTask: Feb 25 01:13:10.216: Http connection URL https://data.dnaspaces.eu/networkdata?jwttoken=eeyJ0eXAiOiJKV1Q[information-omitted]I8krcrpmRq0g
*nmspTxServerTask: Feb 25 01:13:10.216: Sending Echo Req in start. Refresh Handle =No
*nmspMxServerTask: Feb 25 01:13:10.217: Async Perform done on 1 messages
*nmspMxServerTask: Feb 25 01:13:10.446: Received: 17 bytes header

*nmspMxServerTask: Feb 25 01:13:10.446: Rx Header HTTP/1.1 200 OK


*nmspMxServerTask: Feb 25 01:13:10.446: 00000000: 48 54 54 50 2f 31 2e 31  20 32 30 30 20 4f 4b 0d  HTTP/1.1.200.OK.
*nmspMxServerTask: Feb 25 01:13:10.446: 00000010: 0a                                            	.
*nmspMxServerTask: Feb 25 01:13:10.446: Received Heartbeat response on connection [0]

*nmspMxServerTask: Feb 25 01:13:10.446: Stopping connection retry timer
*nmspMxServerTask: Feb 25 01:13:10.446: connection succeeded. server IP 63.33.127.190