Network Mobility Services Protocol

Information About Network Mobility Services Protocol

Cisco Network Mobility Services Protocol (NMSP) is a secure two-way protocol that can be run over a connection-oriented (TLS) or connection-less (DTLS) transport. The wireless infrastructure runs the NMSP server and Cisco Connected Mobile Experiences (Cisco CMX) acts as an NMSP client. The embedded wireless controller supports multiple services and multiple Cisco CMXs can connect to the NMSP server to get the data for the services (location of wireless devices, probe RSSI, hyperlocation, wIPS, and so on.) over the NMSP session.

NMSP defines the intercommunication between Cisco CMX and the embedded wireless controller. Cisco CMX communicates to the embedded wireless controller over a routed IP network. Both publish-subscribe and request-reply communication models are supported. Typically, Cisco CMX establishes a subscription to receive services data from the embedded wireless controller in the form of periodic updates. The embedded wireless controller acts as a data publisher, broadcasting services data to multiple CMXs. Besides subscription, Cisco CMX can also send requests to the embedded wireless controller, causing the embedded wireless controller to send a response back.

NMSP essentially provides a way to the applications in the embedded wireless controller to talk to the outside world. The NMSP in the embedded wireless controller also provides the flexibility to change the protocol to talk to the outside world.

The following is a list of the Network Mobility Services Protocol features:

  • NMSP is disabled by default.

  • NMSP communicates with Cisco CMX using TCP, and uses TLS for encryption.


Note

HTTPS is not supported for data transport between embedded wireless controller and Cisco CMX.

Enabling NMSP On-Premises Services

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 2

nmsp enable

Example:

Device(config)# nmsp enable

Enables NMSP on premises services.

Note 

By default, the NMSP is disabled on the embedded wireless controller.

Step 3

end

Example:

Device(config)# end

Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues

NMSP manages communication between the Cisco Connected Mobile Experiences (Cisco CMX) and the embedded wireless controller for incoming and outgoing traffic. If your application requires more frequent location updates, you can modify the NMSP notification interval (to a value between 1 and 180 seconds) for clients, active RFID tags, and rogue access points and clients.


Note

The TCP port (16113) that the embedded wireless controller and Cisco CMX communicate over must be open (not blocked) on any firewall that exists between the embedded wireless controller and the Cisco CMX for NMSP to function.

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 2

end

Example:

Device(config)# end

Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

Modifying the NMSP Notification Threshold for Clients, and Tags

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 2

location notify-threshold {clients | tags } threshold

Example:

Device(config)# location notify-threshold clients 5

Configures the NMSP notification threshold for clients, and tags.

threshold- RSSI threshold value in db. Valid range is from 0 to 10.

Step 3

end

Example:

Device(config)# end

Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

Configuring NMSP Strong Cipher

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 2

nmsp strong-cipher

Example:

Device(config)# nmsp strong-cipher

Enable strong ciphers for NMSP server, which contains "ECDHE-RSA-AES128-GCM-SHA256:, ECDHE-ECDSA-AES128-GCM-SHA256:, AES256-SHA256:AES256-SHA:, and AES128-SHA256:AES128-SHA".

Normal cipher suite contains, "ECDHE-RSA-AES128-GCM-SHA256:, ECDHE-ECDSA-AES128-GCM-SHA256:, and AES128-SHA".
Step 3

end

Example:

Device(config)# end

Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

Verifying NMSP Settings

To view the NMSP capabilities of the embedded wireless controller, use the following command: 

Device# show nmsp capability
Service            Subservice
-----------------------------
RSSI               Rogue, Tags, Mobile Station, 
Spectrum           Aggregate Interferer, Air Quality, Interferer, 
Info               Rogue, Mobile Station, 
Statistics         Rogue, Tags, Mobile Station, 
AP Monitor         Subscription
On Demand Services Device Info
AP Info            Subscription

To view the NMSP notification intervals, use the following command:

Device# show nmsp notification interval
NMSP Notification Intervals
---------------------------

RSSI Interval:
  Client              : 2 sec
  RFID                : 50 sec
  Rogue AP            : 2 sec
  Rogue Client        : 2 sec
  Spectrum            : 2 sec

To view the connection-specific statistics counters for all CMX connections, use the following command:

Device# show nmsp statistics connection
NMSP Connection Counters
------------------------
 CMX IP Address: 10.22.244.31, Status: Active
 State:
      Connections : 1
      Disconnections : 0
      Rx Data Frames : 13
      Tx Data Frames : 99244
      Unsupported messages : 0
  Rx Message Counters:
     ID  Name                               Count
    ----------------------------------------------
      1  Echo Request                       6076
      7  Capability Notification               2
     13  Measurement Request                   5
     16  Information Request                   3
     20  Statistics Request                    2
     30  Service Subscribe Request             1
      
  Tx Message Counters:
     ID  Name                               Count
    ----------------------------------------------
      2  Echo Response                        6076
      7  Capability Notification                 1
     14  Measurement Response                   13
     15  Measurement Notification            91120
     17  Information Response                    6
     18  Information Notification             7492
     21  Statistics Response                     2
     22  Statistics Notification               305
     31  Service Subscribe Response              1
     67  AP Info Notification                  304

To view the common statistic counter of the embedded wireless controller's NMSP service, use the following command: 

Device# show nmsp statistics summary
NMSP Global Counters
--------------------
Number of restarts                 :
 
SSL Statistics
--------------------
Total amount of verifications      : 6
Verification failures              : 6
Verification success               : 0
Amount of connections created      : 8
Amount of connections closed       : 7
Total amount of accept attempts    : 8
Failures in accept                 : 0
Amount of successful accepts       : 8
Amount of failed registrations     : 0
 
AAA Statistics
--------------------
Total amount of AAA requests       : 7
Failed to send requests            : 0
Requests sent to AAA               : 7
Responses from AAA                 : 7
Responses from AAA to validate     : 7
Responses validate error           : 6
Responses validate success         : 1

To view the overall NMSP connections, use the following command:

Device# show nmsp status
NMSP Status
-----------
 
CMX IP Address   Active    Tx Echo Resp  Rx Echo Req   Tx Data     Rx Data     Transport
-----------------------------------------------------------------------------------------
127.0.0.1        Active    6             6             1           2           TLS

To view all mobility services subscribed by all CMXs, use the following command:

Device# show nmsp subscription detail
CMX IP address 127.0.0.1:
Service            Subservice
-----------------------------
RSSI               Rogue, Tags, Mobile Station, 
Spectrum 
Info               Rogue, Mobile Station, 
Statistics         Tags, Mobile Station, 
AP Info            Subscription

To view all mobility services subscribed by a specific CMX, use the following command:

Device# show nmsp subscription detail <ip_addr>
CMX IP address 127.0.0.1:
Service            Subservice
-----------------------------
RSSI               Rogue, Tags, Mobile Station, 
Spectrum 
Info               Rogue, Mobile Station, 
Statistics         Tags, Mobile Station, 
AP Info            Subscription

To view the overall mobility services subscribed by all CMXs, use the following command:

Device# show nmsp subscription summary
Service            Subservice
-----------------------------
RSSI               Rogue, Tags, Mobile Station, 
Spectrum 
Info               Rogue, Mobile Station, 
Statistics         Tags, Mobile Station, 
AP Info            Subscription

Examples: NMSP Settings Configuration

This example shows how to configure the NMSP notification interval for RFID tags:

Device# configure terminal
Device(config)# nmsp notification interval rssi rfid 50
Device(config)# end
Device# show nmsp notification interval
This example shows how to configure the NMSP notification interval for clients:

Device# configure terminal
Device(config)# nmsp notification interval rssi clients 180
Device(config)# end
Device# show nmsp notification interval

Probe RSSI Location

The Probe RSSI Location feature allows the wireless embedded wireless controller and Cisco CMX to support the following:

  • Load balancing

  • Coverage Hole detection

  • Location updates to CMX

When a wireless client is enabled, it sends probe requests to identify the wireless networks in the vicinity and also to find the received signal strength indication (RSSI) associated with the identified Service Set Identifiers (SSIDs).

The wireless client periodically performs active scanning in background even after being connected to an access point. This helps them to have an updated list of access points with best signal strength to connect. When the wireless client can no longer connect to an access point, it uses the access point list stored to connect to another access point that gives it the best signal strength. The access points in the WLAN gather these probe requests, RSSI and MAC address of the wireless clients and forwards them to the wireless embedded wireless controllers. The Cisco CMX gathers this data from the wireless embedded wireless controller and uses it to compute the updated location of the wireless client when it roams across the network.

Configuring Probe RSSI

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 2

wireless probe filter

Example:

Device(config)# wireless probe filter

Enables filtering of unacknowledged probe requests from AP to improve the location accuracy.

Use the no form of the command to disable the feature. This will forward both acknowledged and unacknowledged probe requests to the embedded wireless controller.

Step 3

wireless probe limit limit-value interval

Example:

Device(config)# wireless probe limit 10 100

Configures the number of probe request reported to the wireless embedded wireless controller from the AP for the same client on a given interval.

Use the no form of the command to revert to the default limit, which is 2 probes at an interval of 500 ms.

Step 4

wireless probe locally-administered-mac

Example:

Device(config)# wireless probe locally-administered-mac

Enables the reporting of probes from clients having locally administered MAC address.
Step 5

location algorithm rssi-average

Example:

Device(config)# location algorithm rssi-average

Sets the probe RSSI measurement updates to a more accurate algorithm but with more CPU overhead.
Step 6

location algorithm simple

Example:

Device(config)# location algorithm simple

(Optional) Sets the probe RSSI measurement updates to a faster algorithm with smaller CPU overhead, but less accuracy.

Use the no form of the command to revert the algorithm type to the default one, which is rssi-average.

Step 7

location expiry client interval

Example:

Device(config)# location expiry client 300

Configures the timeout for RSSI values.

The no form of the command sets it to a default value of 15.

Step 8

location notify-threshold client threshold-db

Example:

Device(config)# location notify-threshold client 5

Configures the notification threshold for clients.

The no form of the command sets it to a default value of 0.

Step 9

location rssi-half-life client time-in-seconds

Example:

Device(config)# location rssi-half-life client 20

Configures half life when averaging two RSSI readings.

To disable this option, set the value to 0.

What to do next

Use the show wireless client probing command to view each probing client (associated and probing only) by batch of 10 mac addresses.

Verifying Probe RSSI

To view the details of the AP the associated client was detected with, and with which RSSI:

Device# show wireless client mac-address 4.4.4 detail
****snippet of the output****
Nearby AP Statistics:
TEST_AP-1 (slot 0)
antenna 0: 0 s ago ........ -77 dBm
antenna 1: 0 s ago ........ -88 dBm
TEST_AP-5 (slot 0)
antenna 0: 0 s ago ........ -64 dBm
antenna 1: 0 s ago ........ -36 dBm
TEST_AP-6 (slot 0)
antenna 0: 0 s ago ........ -69 dBm
antenna 1: 0 s ago ........ -79 dBm

RFID Tag Support

The embedded wireless controller enables you to configure radio frequency identification (RFID) tag tracking. RFID tags are small wireless battery-powered tags that continuously broadcast their own signal and are affixed to assets for real-time location tracking. They operate by advertising their location using special 802.11 packets, which are processed by access points, the embedded wireless controller, and the Cisco CMX. Only active RFIDs are supported. A combination of active RFID tags and wireless embedded wireless controller allows you to track the current location of equipment. Active tags are typically used in real-time tracking of high-value assets in closed-loop systems (that is,) systems in which the tags are not intended to physically leave the control premises of the tag owner or originator.

For more information on RFID tags, see the Active RFID Tags section of the Wi-Fi Location-Based Services 4.1 Design Guide.

General Guidelines

  • Only Cisco-compliant active RFID tags are supported.

  • You can verify the RFID tags on the embedded wireless controller.

  • High Availability for RFID tags are supported.

Configuring RFID Tag Support

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 2

wireless rfid

Example:

Device(config)# wireless rfid

Enables RFID tag tracking.

The default value is enabled.

Use the no form of this command to disable RFID tag tracking.

Step 3

wireless rfid timeout timeout-value

Example:

Device(config)# wireless rfid timeout 90

Configures the RFID tag data timeout value to cleanup the table.

The timeout value is the amount of time that the embedded wireless controller maintains tags before expiring them. For example, if a tag is configured to beacon every 30 seconds, we recommend that you set the timeout value to 90 seconds (approximately three times the beacon value). The default value is 1200 seconds.

Verifying RFID Tag Support

To view the summary of RFID tags that are clients, use the following command:

Device# show wireless rfid client

To view the detailed information for an RFID tag, use the following command:

Device# show wireless rfid detail <rfid-mac-address>

RFID address  000c.cc96.0001
Vendor Cisco
Last Heard 6 seconds  ago
Packets Received 187
Bytes Received 226

Content Header
==============
  CCX Tag Version 0
  Tx power: 12
  Channel: 11
  Reg Class: 4
CCX Payload
==============
  Last Sequence Control 2735
  Payload length 221
  Payload Data Hex Dump:
  00000000  00 02 00 00 01 09 00 00  00 00 0c b8 ff ff ff 02  |................|
  00000010  07 42 03 20 00 00 0b b8  03 4b 00 00 00 00 00 00  |.B. .....K......|
  00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
  00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
  00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

To view the summary information for all known RFID tags, use the following command:

Device# show wireless rfid summary 

Total RFID entries: : 16
Total Unique RFID entries : 16
RFID ID VENDOR Closet AP RSSI Time Since Last Heard
0012.b80a.c791 Cisco 7069.5a63.0520 -31 3 minutes 30 seconds ago
0012.b80a.c953 Cisco 7069.5a63.0460 -33 4 minutes 5 seconds ago
0012.b80b.806c Cisco 7069.5a63.0520 -46 15 seconds ago
0012.b80d.e9f9 Cisco 7069.5a63.0460 -38 4 minutes 28 seconds ago
0012.b80d.ea03 Cisco 7069.5a63.0520 -43 4 minutes 29 seconds ago
0012.b80d.ea6b Cisco 7069.5a63.0460 -39 4 minutes 26 seconds ago
0012.b80d.ebe8 Cisco 7069.5a63.0520 -43 3 minutes 21 seconds ago
0012.b80d.ebeb Cisco 7069.5a63.0520 -43 4 minutes 28 seconds ago
0012.b80d.ec48 Cisco 7069.5a63.0460 -42 4 minutes 7 seconds ago
0012.b80d.ec55 Cisco 7069.5a63.0520 -41 1 minute 52 seconds ago

To view the location-based system RFID statistics, use the following command:

Device# show wireless rfid stats 

RFID stats : 
==============
RFID error db full : 0
RFID error invalid paylod : 0
RFID error invalid tag : 0
RFID error dot11 hdr : 0
RFID error pkt len : 0
RFID error state drop : 0
RFID total pkt received : 369
RFID populated error value : 0
RFID error insert records : 0
RFID error update records : 0
RFID total insert record : 16
RFID ccx payload error : 0
RFID total delete record : 0
RFID error exceeded ap count : 0
RFID error record remove : 0
RFID old rssi expired count: 0
RFId smallest rssi expireed count : 0
RFID total query insert : 0
RFID error invalid rssi count : 0

To view the NMSP notification interval, use the following command:

Device# show nmsp notification interval

NMSP Notification Intervals
---------------------------

RSSI Interval:
  Client              : 2 sec
  RFID                : 50 sec
  Rogue AP            : 2 sec
  Rogue Client        : 2 sec
  Spectrum            : 2 sec