- Preface
- Chapter 1: Cisco NCS Overview
- Chapter 2: Getting Started
- Chapter 3: Configuring Security Solutions
- Chapter 4: Performing Maintenance Operations
- Chapter 5: Monitoring Devices
- Chapter 6: Monitoring Maps
- Chapter 7: Managing NCS User Accounts
- Chapter 8: Configuring Mobility Groups
- Chapter 9: Configuring Devices
- Chapter 10: Managing Clients
- Chapter 11: Using Templates
- Chapter 12: Configuring Hybrid REAP
- Chapter 13: Alarm and Event Dictionary
- Chapter 14: Reports
- Chapter 15: Performing Administrative Tasks
- Chapter 16: NCS Services
- Chapter 17: Tools
- Chapter 18: Configuring Virtual Domains
- Chapter 19: wIPS Policy Alarm Encyclopedia
- Appendix A: Troubleshooting and Best Practices
- Appendix B: NCS and End-User Licenses
- Appendix C: Cisco NCS Server Hardening
- Index
- Mobility Services
- Accessing Services Installation Guides
- MSE Services Co-Existence
- Viewing Current Mobility Services
- Adding a Mobility Services Engine
- Deleting a Mobility Services Engine from Cisco NCS
- Registering Product Authorization Keys
- Adding a Location Server
- Synchronizing Services
- Keeping Mobility Services Engines Synchronized
- Synchronizing NCS and a Mobility Services Engine
- Synchronizing Controllers with Mobility Services Engines
- Working with Third-Party Elements
- Setting and Verifying the Timezone on a Controller
- Configuring Smart Mobility Services Engine Database Synchronization
- Out-of-Sync Alarms
- Viewing Mobility Services Engine Synchronization Status
- Viewing Synchronization History
- Viewing Notification Statistics
- Managing System Properties for a Mobility Services Engine
- Editing General Properties for a Mobility Services Engine
- Editing NMSP Parameters for a Mobility Services Engine
- Viewing Active Session Details for a Mobility Services Engine
- Viewing and Adding Trap Destinations for a Mobility Services Engine
- Editing Advanced Parameters for a Mobility Services Engine
- Rebooting the Mobility Services Engine Hardware
- Shutting Down the Mobility Services Engine Hardware
- Clearing the Mobility Services Engine Database
- Working with Logs
- Managing User and Group Accounts for a Mobility Services Engine
- Monitoring Status Information for a Mobility Services Engine
- Managing Maintenance for Mobility Services
- Managing Cisco Adaptive wIPS Service Parameters
- Managing Context-Aware Software Parameters
- Context-Aware General Parameters
- Context-Aware Administration Parameters
- Modifying Tracking Parameters for Mobility Services
- Modifying Filtering Parameters for Mobility Services
- Modifying History Parameters for Mobility Services
- Enabling Location Presence for Mobility Services
- Importing Asset Information for Mobility Services
- Exporting Asset Information for Mobility Services
- Importing Civic Information for Mobility Services
- Context Aware Wired Parameters
- Monitoring Interferers
- Context Aware Advanced Parameters
- Viewing Notification Information for Mobility Services
- About Event Groups
- Upgrading from 5.x to 6.0 or 7.0
- Viewing the MSE Alarm Details
- MSE License Overview
- Location Assisted Client Troublshooting from the ContextAware Dashboard
- MSE Reports
- Planning for and Configuring Context-Aware Software
- wIPS Planning and Configuring
- Identity Services
NCS Services
This chapter contains the following sections:
Mobility Services
This section briefly describes the CAS or wIPS services that Cisco NCS supports and provides steps for mobility procedures that are common across all services. See the Cisco Context-Aware Services documentation with the provided links for additional CAS and wIPS configuration and management details.
CAS
Context Aware Services (CAS) allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as location, temperature, and availability from Cisco access points.
Note 
You must purchase licenses from Cisco to retrieve contextual information on tags and clients from access points. Licenses for tags and clients are offered independently. For details on tag and client licenses, refer to the Cisco 3350 Mobility Services Engine Release Note at the following URL:
http://www.cisco.com/en/US/products/ps9742/tsd_products_support_series_home.html.
wIPS
Cisco Adaptive Wireless IPS (wIPS) is an advanced approach to wireless threat detection and performance management. Cisco Adaptive wIPS combines network traffic analysis, network device and topology information, signature-based techniques and anomaly detection to deliver highly accurate and complete wireless threat prevention.
Note wIPS functionality is not supported for non-root partition users.
This section contains the following topics:
•Accessing Services Installation Guides
•Viewing Current Mobility Services
•Adding a Mobility Services Engine
•Deleting a Mobility Services Engine from Cisco NCS
•Registering Product Authorization Keys
•Viewing Synchronization History
•Viewing Notification Statistics
•Managing System Properties for a Mobility Services Engine
•Managing Cisco Adaptive wIPS Service Parameters
•Managing Context-Aware Software Parameters
•Managing Maintenance for Mobility Services
•Monitoring Status Information for a Mobility Services Engine
•Viewing Notification Information for Mobility Services
•Upgrading from 5.x to 6.0 or 7.0
•Viewing the MSE Alarm Details
•Location Assisted Client Troublshooting from the ContextAware Dashboard
•Planning for and Configuring Context-Aware Software
•wIPS Planning and Configuring
Accessing Services Installation Guides
See the following URLs to view MSE installation guide:
MSE 3350 Installation guide:
http://www.cisco.com/en/US/docs/wireless/mse/3350/quick/guide/mse_qsg.html
MSE 3310 Installation guide:
http://www.cisco.com/en/US/docs/wireless/mse/3310/quick/guide/MSE3310_GSG.html
MSE Services Co-Existence
With MSE 6.0 and later, you can enable multiple services (Context Aware and wIPS) to run concurrently. Prior to version 6.0, mobility services engines could only support one active service at a time.
The following must be considered with co-existence of multiple services:
•Co-existence of services may be impacted by license enforcement. As long as the license is not expired, you can enable multiple services.
Note Limits for individual services differ. For example, a low-end mobility services engine (MSE-3310) tracks a total of 2,000 CAS elements; a high-end mobility services engine (MSE-3350) tracks a total of 18,000 CAS elements.
A low-end mobility services engine has a maximum limit of 2000 wIPS elements; a high-end mobility services engine has a maximum limit of 3000 wIPS elements.
Refer to the license order guide for the valid combination matrix.
•Expired evaluation licenses prevent the service from coming up.
•If a CAS license is added or removed, this process restarts all services on the mobility services engine including wIPS. If a wIPS license is added or removed, the process does not impact CAS; only wIPS restarts.
•Other services can be enabled in evaluation mode even if a permanent license for the maximum number of elements has been applied.
Whenever one of the services has been enabled to run with its maximum license, another service can not be enabled to run concurrently because the capacity of the MSE would not be sufficient to support both services concurrently. For example, on MSE-3310, if you install a wIPS license of 2000, then you can not enable CAS to run concurrently. However, evaluation licenses are not subject to this limitation.
Note See the "Mobility Services Engine (MSE) License Information" section for more information on mobility services engine licensing.
Viewing Current Mobility Services
To view a list of current Mobility Services, choose Services > Mobility Services.
The Mobility Services page provides the following information and features for each device:
•Device Name—User-assigned name for the mobility services engine. Click the device name to view and manage mobility services engine details. See the "Managing System Properties for a Mobility Services Engine" section" for more information.
•Device Type—Indicates the type of mobility services engine (for example, Cisco 3310 Mobility Services Engine).
•IP Address—Indicates the IP address for the mobility services engine.
•Version—Indicates the version number of the mobility services engine.
•Reachability Status—Indicates whether or not the mobility services engine is reachable.
•Mobility Service information:
–Name—Indicates the name of the mobility service.
–Admin Status—Indicates whether the mobility service is enabled or disabled.
–Version—Indicates the version number of the mobility service.
–Service Status—Indicates whether the mobility service is currently up or down.
•Select a command drop-down list:
–Add Location Server
–Add Mobility Services Engine—Includes Context Aware service and Cisco Adaptive Wireless IPS (wIPS) service.
–Delete Service(s)
–Synchronize Servers
–Synchronization History
Note Location and mobility services engine features of NCS do not support partitioning.
Adding a Mobility Services Engine
Tip To learn more about Cisco Adaptive wIPS features and functionality, go to Cisco.com to watch a multimedia presentation. Here you will also find the learning modules for a variety of NCS topics. Over future releases, we will add more overview and technical presentations to enhance your learning.
Note The 1.0 release of NCS will recognize and support MSE 3355 appropriately.
To add a Cisco 3300 Series Mobility Services Engine to NCS, follow these steps:
Step 1 Verify that you can ping the mobility service engine that you want to add from NCS.
Step 2 Choose Services > Mobility Services to display the Mobility Services page.
Step 3 From the Select a command drop-down list, choose Add Mobility Services Engine, and click Go.
Step 4 Enter the following information:
•Device Name—User-assigned name for the mobility services engine.
•IP Address—The IP address of the mobility service engine.
Note A mobility services engine is added only if a valid IP address is entered. The Device Name helps you distinguish between devices if you have multiple NCSs with multiple mobility services engines, but it is not considered when validating a mobility services engine.
•Contact Name (optional)—The mobility service engine administrator.
•User Name—The default username is admin.
•Password—The default password is admin.
Note If you changed the username and password during the automatic installation script, enter those values here. If you did not change the default passwords, We recommend that you rerun the automatic installation script and change the username and password.
•HTTP—When enabled, HTTP is used for communication between the NCS and mobility services engine.
Note For HTTP communication with a mobility services engine, HTTP must be enabled explicitly on the mobility services engine.
•Select the Delete synchronized service assignments check box if you want to permanently remove all service assignments from the mobility services engine.
This option is applicable for network designs, wired switches, controllers and event definitions. The existing location history data is retained, however you must use manual service assignments to do any future location calculations.
Step 5 Click Next. The Select Mobility Service page opens.
Note If you click Cancel, the mobility services engine is added.
Step 6 To enable a service on the mobility services engine, select the check box next to the service. Services include Context Aware and wIPS.
If you select Context Aware Service then you would have to select a Location engine to perform location calculation.
You can choose CAS to track clients, rogues, interferers, wired clients, and tags.
Choose either of the following engines to track tags:
•Cisco Tag Engine
or
•Partner Tag Engine
Note Cisco Tag Engine is the default option.
Note With MSE 6.0 and later, you can enable multiple services (CAS and wIPS) simultaneously. Prior to version 6.0, mobility services engines could only support one active service at a time. See the "MSE Services Co-Existence" section for more information.
Step 7 Click Save. The Mobility Services Engine Added page appears. See the "Mobility Services Engine Added Page" section for more information.
The mobility service engine is now added to NCS.
Note After adding a mobility services engine, it must be synchronized with NCS. You can synchronize network designs (campus, building, floor, and outdoor maps), event groups, or wired switches on the local mobility services engine. You can also choose to synchronize the mobility services engine with a specific controller. You can do this synchronization immediately after adding a new mobility services engine or at a later time. See the "Synchronizing Services" section for more information.
Mobility Services Engine Added Page
The Mobility Services Engine Added page displays all controllers, network designs, and event groups that must be synchronized.
Click Go to Synchronize to synchronize these devices. See the "Synchronizing Services" section for more information.
Deleting a Mobility Services Engine from Cisco NCS
To delete a mobility services engine from the NCS database, follow these steps:
Step 1 Choose Services > Mobility Services to display the Mobility Services page.
Step 2 Select the mobility services engine(s) to be deleted by selecting the corresponding check box(es).
Step 3 From the Select a command drop-down list, choose Delete Service(s).
Step 4 Click Go.
Step 5 Click OK to confirm that you want to delete the selected mobility services engine from the NCS database.
Step 6 Click Cancel to stop the deletion.
Registering Product Authorization Keys
You receive a product authorization key (PAK) when you order a CAS element, wIPS, or tag license from Cisco. You must register the PAK to receive the license file for install on the mobility services engine. License files are emailed to you after successfully registering a PAK.
CAS element and wIPS PAKs are registered with Cisco.
Tag PAKs are registered with AeroScout.
Note If you do not have PAK, you can use the sales order number to retrieve the PAK. See the "Retrieving a PAK" section for more information.
To register a Product Authorization Key (PAK) to obtain a license file for install, follow these steps:
Step 1 Open a browser page and enter https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet.
Step 2 Enter the PAK, and click SUBMIT.
Step 3 Verify the license purchase. Click Continue if correct. The licensee entry page appears.
Note If the license is incorrect, click TAC Service Request Tool link to report the problem.
Step 4 At the Designate Licensee page, enter the UDI of the mobility service engine in the host ID text box. This is the mobility services engine on which the license will be installed.
Note UDI information for a mobility services engine is found in the General Properties dashlet at Services > Mobility Services Engine > Device Name > System.
Step 5 Select the Agreement check box. Registrant information appears beneath the Agreement check box.
Modify information as necessary.
Note Ensure that the phone number does not include any characters in the string for the registrant and end user. For example, enter 408 555 1212 rather than 408.555.1212 or 408-555-1212.
Step 6 If registrant and end user are not the same person, select the Licensee (End-User) check box beneath registrant information and enter the end user information.
Step 7 Click Continue. A summary of entered data appears.
Step 8 In the Finish and Submit page, review registrant and end-user data. Click Edit Details to correct any information, if necessary.
Step 9 Click Submit. A confirmation page appears.
Retrieving a PAK
If you do not have a PAK, you can use the sales order number to retrieve the PAK:
Step 1 Go to the Sales Order Status Tool at the following URL:
http://tools.cisco.com/qtc/status/tool/action/LoadOrderQueryScreen.
Step 2 After logging in, choose Sales Order (SO) from the Type of Query drop-down list.
Step 3 Enter the sales order number in the Value text box.
Note The Date Submitted fields are not required for this inquiry.
Step 4 Select the Show Serial Number check box.
Step 5 Select the Orders radio button, if not already selected.
Step 6 Choose Screen from the Deliver Via drop-down list.
Step 7 Click Search. Detailed information on the mobility services engine order appears.
Step 8 Click Line 1. 1 in the table.
Step 9 Under Product column (second line), copy the PAK number (starts with 3201J) that you want to register to obtain the license.
Installing Device and wIPS License Files
You can install device and wIPS licenses from NCS.
Note Tag licenses are installed using the AeroScout System Manager. To register your tag PAK, go to this URL:
http://www.aeroscout.com/support
To add a client or wIPS license to NCS after registering the PAK, follow these steps:
Step 1 Choose Administration > Licensing.
Step 2 Choose Files > MSE Files (left pane).
Step 3 Click Add. A pop-up dialog box appears.
Step 4 Select MSE Name.
Note Verify that the UDI of the selected mobility services engine matches the one you entered when registering the PAK.
Step 5 Click Choose File to browse and to select the license file.
Step 6 Click Upload. The newly added license appears in the mobility services engine license file list.
Adding a Location Server
To add a location server, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 From the Select a command drop-down list, choose Add Location Server.
Step 3 Click Go.
Step 4 Enter the required information including the following:
•Server Name
•IP Address
•Contact Name
•User Name
•Password
•Port
•HTTPS—When enabled, HTTPS is used for communication between the NCS and location server.
Step 5 Select the Delete synchronized service assignments check box if you want to permanently remove all service assignments from the mobility services engine.
This option is applicable for network designs, wired switches, controllers, and event definitions. The existing location history data is retained, however, you must use manual service assignments to perform any future location calculations.
Step 6 Click Save.
Note After adding a location server, it must be synchronized with NCS. See the "Synchronizing Services" section for more information.
Note Location and mobility services engine features of NCS do not support partitioning.
Synchronizing Services
This section describes how to synchronize Cisco wireless LAN controllers and NCS with mobility services engines and contains the following topics:
•Keeping Mobility Services Engines Synchronized
•Synchronizing NCS and a Mobility Services Engine
•Synchronizing Controllers with Mobility Services Engines
•Working with Third-Party Elements
•Setting and Verifying the Timezone on a Controller
•Configuring Smart Mobility Services Engine Database Synchronization
•Viewing Mobility Services Engine Synchronization Status
Keeping Mobility Services Engines Synchronized
This section describes how to synchronize NCS and mobility services engines manually and automatically.
After adding a mobility service engine to NCS, you can push (synchronize) network designs (campus, building, floor, and outdoor maps), event groups, controller information (name and IP address), or wired switches to the mobility services engine.
Note Be sure to verify software compatibility between the controller, NCS, and the mobility services engine before performing synchronization. Refer to the latest mobility services engine release notes at the following URL: http://www.cisco.com/en/US/products/ps9742/tsd_products_support_series_home.html.
Note Communication between the mobility services engine, NCS, and the controller is in Coordinated Universal Time (UTC). Configuring NTP on each system provides devices with the UTC time. The mobility services engine and its associated controllers must be mapped to the same NTP server and the same Cisco NCS server. An NTP server is required to automatically synchronize time between the controller, Cisco NCS, and the mobility services engine.
Synchronizing NCS and a Mobility Services Engine
This section describes how to synchronize Cisco NCS and mobility services engines manually and smartly.
After adding a mobility services engine to Cisco NCS, you can synchronize network designs (campus, building, floor, and outdoor maps), controllers (name and IP address), specific Catalyst Series 3000 and 4000 switches, and event groups with the mobility services engine.
•Network Design—Is a logical mapping of the physical placement of access points throughout facilities. A hierarchy of a single campus, the buildings that comprise that campus, and the floors of each building constitute a single network design.
•Controller—A selected controller that is associated and regularly exchanges location information with a mobility services engine. Regular synchronization ensures location accuracy.
•Switches (wired)—Wired Catalyst switches that provide an interface to wired clients on the network. Regular synchronization ensures that location tracking of wired clients in the network is accurate.
–The mobility services engine can be synchronized with Catalyst stackable switches (3750, 3750-E, 3560, 2960, IE-3000 switches), switch blades (3110, 3120, 3130, 3040, 3030, 3020), and switch ports.
–The mobility services engine can also be synchronized with the following Catalyst 4000 series: WS-C4948, WS-C4948-10GE, ME-4924-10GE, WS-4928-10GE, WS-C4900M, WS-X4515, WS-X4516, WS-X4013+, WS-X4013+TS, WS-X4516-10GE, WS-X4013+10GE, WS-X45-SUP6-E, and WS-X45-SUP6-LE
•Event Groups—A group of predefined events that define triggers that generate an event. Regular synchronization ensures that the latest defined events are tracked.
Note Be sure to verify software compatibility between the controller, Cisco NCS, and the mobility services engine before synchronizing. See the latest mobility services engine release notes at the following URL: http://www.cisco.com/en/US/products/ps9742/tsd_products_support_series_home.html.
Note Communication between the mobility services engine and NCS and the controller is in Coordinated Universal Time (UTC). Configuring NTP on each system provides devices with the UTC time. The mobility services engine and its associated controllers must be mapped to the same NTP server and the same Cisco NCS server. An NTP server is required to automatically synchronize time between the controller, Cisco NCS, and the mobility services engine.
To synchronize NCS network designs, controllers, wired switches, or event groups with the mobility services engine, follow these steps:
Step 1 Choose Services > Synchronize Services.
Step 2 Choose the appropriate menu option (Network Designs, Ccontrollers, Wired Switches, or Event Groups).
Step 3 To assign a network design to a mobility services engine, From the left sidebar menu, choose Network Designs.
Step 4 Choose all the maps to be synchronized with the mobility services engine.
Note Through 6.0, you can assign only up to a campus level to a mobility services engine. Beginning with 7.0 this option is granular to a floor level. For example, you can choose to assign floor1 to MSE 1, floor2 to MSE 2, and floor3 to MSE 3.
Step 5 Click Change MSE Assignment.
Step 6 Select the mobility services engine to which the maps are to be synchronized.
Step 7 Click either of the following in the dialog box:
•Save—Saves the mobility services engine assignment. The following message appears in the Messages column of the Network Designs page:
To be assigned - Please synchronize.
•Cancel—Discards the changes to the mobility services engine assignment and returns to the Network Designs page.
You can also click Reset to undo the mobility services engine assignments.
Note A network design may include a floor in a campus or a large campus with several buildings, each monitored by a different mobility services engine. Because of this, you may need to assign a single network design to multiple mobility services engines.
Step 8 Click Synchronize to update the mobility services engine(s) database(s).
When items are synchronized, a green two-arrow icon appears in the Sync. Status column for each synchronized entry.
You can use the same procedure to assign wired switches or event groups to a mobility services engine. To assign a controller to a mobility services engine, see the "Synchronizing Controllers with Mobility Services Engines" section for more information.
Note Event groups can also be created by third-party applications. For more information on Third-party application-created event groups, see the "Working with Third-Party Elements" section.
To unassign a network design, controller, wired switch, or event group from a mobility services engine, follow these steps:
Step 1 On the respective tabs, select one or more elements, and click Change MSE Assignment. The Choose Mobility Services Engine dialog box appears.
Step 2 Deselect the mobility services engine check box if you do not want the elements to be associated with that mobility services engine.
Step 3 Click Save to save the changes to the assignments.
Step 4 Click Synchronize. The Sync Status column appears blank.
Synchronizing Controllers with Mobility Services Engines
You can assign an MSE to any wireless controller on a per-service (CAS or wIPS) basis.
To assign an MSE service to wireless controllers, follow these steps:
Step 1 In the synchronization page, choose Controllers.
Step 2 Choose the controllers to be assigned to the mobility services engine.
Step 3 Click Change MSE Assignment.
Step 4 Choose the mobility services engine to which the controllers must be synchronized.
Step 5 Click either of the following in the dialog box:
•Save—Saves the mobility services engine assignment. The following message appears in the Messages column of the Controllers page:
To be assigned - Please synchronize.
•Cancel—Discards the changes to the mobility services engine assignment and returns to the Controllers page.
You can also click Reset to undo the yellow button assignments.
Step 6 Click Synchronize to complete the synchronization process.
Step 7 Check if the mobility services engine is communicating with each of the controller for only the chosen service. This can be done by clicking the NMSP status link in the status page.
Note•After Synchronizing a controller, verify that the timezone is set on the associated controller. See the "Setting and Verifying the Timezone on a Controller" section section.
•Controller names must be unique for synchronizing with a mobility services engine. If you have two controllers with the same name, only one will be synchronized.
To unassign a network design, controller, wired switch, or event group from a mobility services engine, follow these steps:
Step 1 On the respective tabs, select one or more elements, and click Change MSE Assignment. The Choose Mobility Services Engine dialog box appears.
Step 2 Deselect the mobility services engine check box if you do not want the elements to be associated with that mobility services engine.
Step 3 Click Save to save the changes to the assignments.
Step 4 Click Synchronize. A two-arrow icon appears in the Sync Status column.
Working with Third-Party Elements
When you synchronize elements with MSE, there might be event groups on the MSE that have been created by third-party applications. You can either delete the unused elements or mark them as third-party elements.
To delete the elements or mark them as third-party elements:
Step 1 In the synchronization page, choose Third Party Elements from the left sidebar menu.
The Third Party Elements page appears.
Step 2 Choose one or more elements.
Step 3 Click one of the following buttons:
•Delete Event Groups—Deletes the selected event groups.
•Mark as 3rd Party Event Group(s)—Marks the selected event groups as third-party event groups.
Setting and Verifying the Timezone on a Controller
For controller releases 4.2 and later, if a mobility services engine (release 5.1 or greater) is installed in your network, it is mandatory that the time zone be set on the controller to ensure proper synchronization between the two systems.
Greenwich Mean Time (GMT) is used as the standard for setting the time zone system time of the controller.
You can automatically set the time zone during initial system setup of the controller or manually set it on a controller already installed in your network.
To manually set the time and time zone on an existing controller in your network using the CLI, follow these steps:
Step 1 Configure the current local time in GMT on the controller by entering the following commands:
(Cisco Controller) >config time manual 09/07/07 16:00:00
(Cisco Controller) >config end
Note When setting the time, the current local time is entered in terms of GMT and as a value between 00:00 and 24:00. For example, if it is 8 AM Pacific Standard Time (PST) in the US, you enter 16:00 (4 PM PST) as the PST time zone is 8 hours behind GMT.
Step 2 Verify that the current local time is set in terms of GMT by entering the following command:
(Cisco Controller) >show time
Time............................................. Fri Sep 7 16:00:02 2007
Timezone delta................................... 0:0
Step 3 Set the local time zone for the system by entering the following commands:
Note When setting the time zone, you enter the time difference of the local current time zone with respect to GMT (+/-). For example, Pacific Standard Time (PST) in the United States (US) is 8 hours behind GMT (UTC) time. Therefore, it is entered as -8.
(Cisco Controller) >config time timezone -8
(Cisco Controller) >config end
Step 4 Verify that the controller displays the current local time with respect to the local time zone rather than in GMT by entering the following command:
(Cisco Controller) >show time
Time............................................. Fri Sep 7 08:00:26 2007
Timezone delta................................... -8:0
Note The time zone delta parameter in the show time command displays the difference in time between the local time zone and GMT (8 hours). Prior to configuration, the parameter setting is 0.0.
Configuring Smart Mobility Services Engine Database Synchronization
Manual synchronization of NCS and mobility services engine databases provides immediate synchronization. However, future deployment changes (such as making changes to maps and access point positions), can yield incorrect location calculations and asset tracking until resynchronization reoccurs.
To prevent out-of-sync conditions, use NCS to carry out synchronization. This policy ensures that synchronization between NCS and mobility services engine databases is triggered periodically and any related alarms are cleared.
Any change to one or more of any synchronized components will be automatically synchronized with the mobility services engine. For example, if a floor with access points is synchronized with a particular mobility services engine and then one access point is moved to a new location on the same floor or another floor which is also synchronized with the mobility services engine, then the changed location of the access point will be automatically communicated.
To further ensure that NCS and MSE are in sync, smart synchronization happens in the background.
To configure smart synchronization, follow these steps:
Step 1 Choose Administration > Background Tasks.
The Background Tasks summary page appears (see Figure 16-1).
Figure 16-1 Administration > Background Tasks
Step 2 Select the Mobility Service Synchronization check box.
Step 3 Click the Mobility Service Synchronization link.
The Task > Mobility Service Synchronization page appears.
Step 4 To set the mobility services engine to send out-of-sync alerts, select the Enabled check box in the Out of Sync Alerts section or area.
Step 5 To enable smart synchronization, select the Smart Synchronization Enabled check box.
Note•Smart synchronization does not apply to elements (network designs, controllers, or event groups) that have not yet been assigned to a mobility services engine. However, out-of-sync alarms will still be generated for these unassigned elements. For smart synchronization to apply to these elements, you need to manually assign them to a mobility services engine.
•When a mobility services engine is added to an NCS, the data in the NCS is always treated as the primary copy that is synchronized with the mobility services engine. All synchronized network designs, controllers, event groups and wired switches that are present in the mobility services engine and not in the NCS are removed automatically from mobility services engine.
Step 6 Enter the time interval in minutes that the smart synchronization is to be performed.
By default, smart-sync is disabled.
Step 7 Click Submit.
For Smart controller assignment and selection scenarios, see the "Smart Controller Assignment and Selection Scenarios" section.
Smart Controller Assignment and Selection Scenarios
Scenario 1
If a floor having at least one access point from a controller is chosen to be synchronized with the mobility services engine from the Network Designs section of the Synchronization page, then the controller to which that access point is connected is automatically selected to be assigned to the mobility services engine for CAS service.
Scenario 2
When at least one access point from a controller is placed on a floor that is synchronized with mobility services engine, the controller to which the access point is connected is automatically assigned to the same mobility services engine for CAS service.
Scenario 3
An access point is added to a floor and is assigned to an mobility services engine. If that access point is moved from controller A to controller B, then controller B is automatically synchronized to the mobility services engine.
Scenario 4
If all access points placed on a floor which is synchronized to the mobility services engine are deleted then that controller is automatically removed from mobility services engine assignment or unsynchronized.
Out-of-Sync Alarms
Out-of-sync alarms are of Minor severity (yellow) and are raised in response to the following conditions:
•Elements have been modified in NCS (the auto-sync policy will push these elements).
•Elements have been modified in mobility services engine.
•Elements except controllers exist in the mobility services engine database but not in NCS.
•Elements have not been assigned to any mobility services engine (the auto-sync policy does not apply).
Out-of-sync alarms are cleared when the following occurs:
•Mobility services engine is deleted
Note When you delete a mobility services engine, the out-of-sync alarms for that system are also deleted. In addition, if you delete the last available mobility services engine, the alarms for "elements not assigned to any server" will also be deleted.
•Elements are synchronized manually or automatically
•User manually clears the alarms (although the alarms may reappear in the future when the scheduled task is next executed)
Note By default, out-of-sync alarms are enabled. You can disable them in NCS by choosing Administration > Scheduled Tasks, clicking Mobility Service Synchronization, unselecting the Auto Synchronization check box, and clicking Submit.
Viewing Mobility Services Engine Synchronization Status
You can use the Synchronize Servers command in NCS to view the status of network design, controller, and event group synchronization with a mobility services engine.
To view synchronization status, follow these steps:
Step 1 Choose Services > Synchronize Services.
Step 2 Choose the applicable menu option (Network Designs, Controllers, or Event Groups).
For each of the elements, the Sync. Status column shows the synchronization status. A green two-arrow icon indicates that its corresponding element is synchronized with the specified server such as a mobility services engine. A gray two-arrow icon with a red circle indicates that its corresponding item is not synchronized with a given server.
Note A green two-arrow icon does not indicate the NMSP connection status for a Controller.
You can also view the synchronization status and assign or unassign from campus view and building view along with floor view.
To access this page, choose Monitor > Maps > System Campus > Building > Floor
where Building is the building within the Campus and Floor is a specific floor in that campus building.
On the left sidebar there is a menu option called MSE Assignment. This shows which mobility services engine the floor is currently assigned to. You can also change mobility services engine assignment from this page.
Viewing Synchronization History
You can use the Synchronization History command in NCS to view the synchronization history for the last 30 days for a mobility services engine. This is especially useful when automatic synchronization is enabled as alarms are automatically cleared. Synchronization History provides a summary of those cleared alarms.
To view synchronization history, follow these steps:
Step 1 Choose Services > Synchronization History.
Step 2 Table 16-1 lists and describes the fields that appear in the Synchronization History.
You can click the column headers to sort the entries.
Viewing Notification Statistics
You can view the notification statistics for a specific mobility services engine. To view the Notification Statistics for a specific mobility services engine:
Go to Services > Mobility Services > MSE-name > Context Aware Service > Notification Statistics.
where MSE-name is the name of a mobility services engine.
Table 16-2 describes the fields in the Notification statistics page.
Managing System Properties for a Mobility Services Engine
You can manage the system properties of a mobility services engine using the NCS. This section describes the various system properties of a mobility services engine and contains the following topics:
•Editing General Properties for a Mobility Services Engine
•Editing NMSP Parameters for a Mobility Services Engine
•Viewing Active Session Details for a Mobility Services Engine
•Viewing and Adding Trap Destinations for a Mobility Services Engine
•Editing Advanced Parameters for a Mobility Services Engine
•Managing User and Group Accounts for a Mobility Services Engine
•Monitoring Status Information for a Mobility Services Engine
•Managing Maintenance for Mobility Services
Editing General Properties for a Mobility Services Engine
You can use NCS to edit the general properties of a mobility services engine registered in the NCS database. General properties include contact name, username, password, and HTTP.
To edit the general properties of a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services to display the Mobility Services page.
Step 2 Click the name of the mobility services engine that you want to edit. The General Properties page (with a General tab and Performance tab) opens.
In the General tab displays the following read-only server details:
•Device Name
•Device Type
•Device UDI
Note For licensing, the Device UID is the string between double quote characters (including spaces in the end if any). Exclude the double quote characters using copy-paste.
•Version
•Start Time
•IP Address
Step 3 From the General Properties page, modify the following Server Details as necessary:
•Contact Name—Enter a contact name for the mobility service.
•Username—Enter the login username for the NCS server that manages the mobility service.
•Password—Enter the login password for the NCS server that manages the mobility service.
•HTTP—Select the HTTP enable check box to enable HTTP.
Note When you have a non-default port or HTTPS turned on, you must pass the correct information along with the command. For example, getserverinfo must include -port <<port>> -protocol <<HTTP/HTTPS>>. Similarly, for stopping the server, stoplocserver - port <<port>> -protocol <HTTP/HTTPS>>.
•Legacy Port—8001
•Legacy HTTPS—Select the check box to enable the legacy HTTPS.
•Delete synchronized service assignments and enable synchronization—Select the Delete synchronized service assignments check box if you want to permanently remove all service assignments from the mobility services engine. This option will show up only when the delete synchronized service assignments check box was unselected while adding an mobility services engine.
Note NCS always uses HTTPS to communicate with a mobility services engine.
Note The following tcp ports are in use on a mobility services engine (MSE) in Release 6.0: tcp 22: MSE SSH port, tcp 80: MSE HTTP port, tcp 443: MSE HTTPS port, tcp 1411: AeroScout, tcp 1999: AeroScout internal port, tcp 4096: AeroScout notifications port, tcp 5900X: AeroScout (X could vary from 1 to 10), and tcp 8001: Legacy port. Used for location APIs.
Note The following udp ports are in use on a mobility services engine (MSE) in release 6.0: udp 123: NTPD port (open after NTP configuration), udp 162: AeroScout SNMP, udp/tcp 4000X: AeroScout proxy (X could vary from 1 to 5), udp 12091: AeroScout devices (TDOA Wi-Fi Receivers, chokepoints), udp 12092: AeroScout devices (TDOA Wi-Fi Receivers, chokepoints), udp 32768: Location internal port, udp 32769: AeroScout internal port, and udp 37008: AeroScout internal port.
Step 4 In the Mobility Services dialog box, select the Admin Status check box to enable the applicable (Context Aware Service or wIPS).
If you select Context Aware Service then you must select a location engine to perform location calculation.
Choose either:
•Cisco Tag Engine
or
•Partner Tag Engine
Note With MSE 6.0, you can enable multiple services (CAS and wIPS) simultaneously. Prior to version 6.0, mobility services engines could only support one active service at a time.
The Mobility Services dialog boxn also displays the following:
•Service Name
•Service Version
•Service Status
•License Type
Note Use the Click here link to view mobility services engine licensing details. See the "Mobility Services Engine (MSE) License Information" section for more information.
Step 5 Click Save to update the Cisco NCS and mobility service databases.
Note Use the Click here link to view mobility services engine licensing details.
Step 6 Click the Performance tab to view a graph of CPU and memory utilization percentages.
Editing NMSP Parameters for a Mobility Services Engine
Network Mobility Services Protocol (NMSP) manages communication between the mobility service and the controller. Transport of telemetry, emergency, and RSSI values between the mobility service and the controller is managed by this protocol.
Note•The NMSP parameter is supported in mobility services installed with release 3.0 through 7.0.105.0. It is not supported on releases later than 7.0.105.0.
•NMSP replaces the LOCP term introduced in release 3.0.
•Telemetry and emergency information is only seen on controllers and NCS installed with release 4.1 software or greater and on mobility services running release 3.0 or later software.
•The TCP port (16113) that the controller and mobility service communicate over MUST be open (not blocked) on any firewall that exists between the controller and mobility service for NMSP to function.
The NMSP Parameters dialog box of NCS enables you to modify NMSP parameters such as echo and neighbor dead intervals as well as response and retransmit periods.
To configure NMSP parameters, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine whose properties you want to edit.
Step 3 From the left sidebar menu, choose System > NMSP Parameters.
Step 4 Modify the NMSP parameters as appropriate.
Note No change in the default parameter values is recommended unless the network is experiencing slow response or excessive latency.
NMSP parameters include the following:
•Echo Interval—Defines how frequently an echo request is sent from a mobility service to a controller. The default value is 15 seconds. Allowed values range from 1 to 120 seconds.
Note If a network is experiencing slow response, you can increase the values of the echo interval, neighbor dead interval and the response timeout values to limit the number of failed echo acknowledgements.
•Neighbor Dead Interval—The number of seconds that the mobility service waits for a successful echo response from the controller before declaring the neighbor dead. This timer begins when the echo request is sent.
The default values is 30 seconds. Allowed values range from 1 to 240 seconds.
Note This value must be at least two times the echo interval value.
•Response Timeout—Indicates how long the mobility service waits before considering the pending request as timed out. The default value is one second. Minimum value is one (1). There is no maximum value.
•Retransmit Interval—Interval of time that the mobility service waits between notification of a response time out and initiation of a request retransmission. The default setting is 3 seconds. Allowed values range from 1 to 120 seconds.
•Maximum Retransmits—Defines the maximum number of retransmits that are done in the absence of a response to any request. The default setting is 5. Allowed minimum value is zero (0). There is no maximum value.
Step 5 Click Save to update the NCS and mobility service databases.
Viewing Active Session Details for a Mobility Services Engine
The Active Sessions dialog box of NCS enables you to view active user sessions on the mobility services engine.
To view active user sessions, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service.
Step 3 From the left sidebar menu, choose System > Active Sessions.
NCS displays a list of active mobility service sessions. For every session, NCS displays the following information:
•Session identifier
•IP address from which the mobility service is accessed
•Username of the connected user
•Date and time when the session started
•Date and time when the mobility service was last accessed
•How long the session was idle for since the last access
Viewing and Adding Trap Destinations for a Mobility Services Engine
The Trap Destinations dialog box of NCS enables you to specify which NCS or Cisco Security Monitoring, Analysi,s and Response System (CS-MARS) network management platform is the recipient of SNMP traps generated by the mobility services engine.
To view or manage trap destination for a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service.
Step 3 From the left sidebar menu, choose System > Trap Destinations.
NCS displays a list of current trap destinations including the following information:
•IP address
•Port number
•Community
•Destination type
•SNMP Version
Use the Select a command drop-down list to add or delete a trap destination.
To add a trap destination, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service.
Step 3 From the left sidebar menu, choose System > Trap Destinations.
Step 4 Choose Add Trap Destination from the command drop-down list.
The New Trap Destination page appears.
Step 5 Enter the following details (see Table 16-3).
Step 6 Click Save to save the changes or Cancel to discard the changes.
Editing Advanced Parameters for a Mobility Services Engine
The Advanced Parameters dialog box of NCS enables you to set the number of days events are kept, set session time out values, set an absent data interval cleanup interval, and enable or disable Advanced Debug.
Note You can use NCS to modify troubleshooting parameters for a mobility services engine.
To edit advanced parameters for a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service whose properties you want to edit.
Step 3 From the left sidebar menu, choose System > Advanced Parameters.
Step 4 View or modify the advanced parameters as necessary.
•General Information
•Advanced Parameters
Because advanced debugging slows the mobility service down, enable advanced debugging only under the guidance of TAC personnel.
–Number of Days to keep Events—Enter the number of days to keep logs. Change this value as required for monitoring and troubleshooting.
–Session Timeout—Enter the number of minutes before a session times out. Change this value as required for monitoring and troubleshooting. Currently this option appears dimmed.
•Cisco UDI
–Product Identifier (PID)—The Product ID of the mobility services engine.
–Version Identifier (VID)—The version number of the mobility services engine.
–Serial Number (SN)—Serial number of the mobility services engine.
•Advanced Commands
–Reboot Hardware—Click to reboot the mobility service hardware. See the "Rebooting the Mobility Services Engine Hardware" section for more information.
–Shutdown Hardware—Click to turn off the mobility service hardware. See the "Shutting Down the Mobility Services Engine Hardware" section for more information.
–Clear Database—Click to clear the mobility services database. See the "Clearing the Mobility Services Engine Database" section for more information. Unselect the Retain current service assignments in NCS check box to remove all existing service assignments from NCS and MSE. The resources have to be reassigned from Services > Synchronize Services page. This option is selected by default.
Step 5 Click Save to update the NCS and mobility service databases.
Rebooting the Mobility Services Engine Hardware
If you need to restart a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine that you want to reboot.
Step 3 Click System.
Step 4 Click Advanced Parameters.
Step 5 In the Advanced Commands dialog box, click Reboot Hardware.
Step 6 Click OK to confirm that you want to reboot the mobility services engine hardware.
The rebooting process takes a few minutes to complete.
Shutting Down the Mobility Services Engine Hardware
If you need to shut down a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine that you want to shut down.
Step 3 Click System.
Step 4 Click Advanced Parameters.
Step 5 In the Advanced Commands dialog box, click Shutdown Hardware.
Step 6 Click OK to confirm that you want to shut down the mobility services engine.
Clearing the Mobility Services Engine Database
To clear a mobility services engine configuration and restore its factory defaults, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine you want to configure.
Step 3 Click System.
Step 4 Click Advanced Parameters.
Step 5 In the Advanced Commands dialog box, unselect the Retain current service assignments in NCS check box to remove all existing service assignments from NCS and MSE.
The resources have to be reassigned in the Services > Synchronize Services page. By default, this option is selected.
Step 6 In the Advanced Commands dialog box, click Clear Database.
Step 7 Click OK to clear the mobility services engine database.
Working with Logs
This section describes how to configure logging options and how to download log files and contains the following topics:
•Downloading Mobility Services Engine Log Files
Configuring Logging Options
You can use NCS to specify the logging level and types of messages to log.
To configure logging options, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine that you want to configure.
Step 3 Choose System > Logs. The advanced parameters for the selected mobility services engine appear.
Step 4 Choose the appropriate options from the Logging Level drop-down list.
There are four logging options: Off, Error, Information, and Trace.
All log records with a log level of Error or above are logged to a new error log file locserver-error-%u-%g.log. This is an additional log file maintained along with the location server locserver-%u-%g.log log file. The error log file consists of logs of Error level along with their context information. The contextual information consists of 25 log records prior to the error. You can maintain upto 10 error log files. The maximum size allowed for each log file is 10 MB.
Use
Error and
Trace only when directed to do so by
Cisco Technical Assistance Center (TAC) personnel.
Step 5 Select the Enabled check box next to each element listed in that section to begin logging its events.
Step 6 Select the Enable check box in the Advanced Parameters dialog box to enable advanced debugging. By default, this option is disabled.
Step 7 To download log files from the server, click Download Logs. For more information, see the "Downloading Mobility Services Engine Log Files" section.
Step 8 In the Log File Parameters section, enter the following:
•The number of log files to be maintained in the mobility services engine. You can maintain a minimum of 5 log files and a maximum of 20 log files in the mobility services engine.
•The maximum log file size in MB. The minimum log file size is 10 MB and the maximum is 50 MB.
Step 9 In the MAC Address Based Logging Parameters section, do the following:
•Select the Enable check box to enable MAC address logging. By default, this option is disabled.
•Add one or more MAC addresses for which you want to enable logging. You can also remove MAC addresses that you have already added by selecting the MAC address from the list and clicking Remove.
For more information on MAC Address-based logging, see the "MAC Address-based Logging" section.
Step 10 Click Save to apply your changes.
MAC Address-based Logging
This feature allows you to create log files that are specific to an entity whose MAC address is specified. The log files are created in the locserver directory under the following path:
/opt/mse/logs/locserver
A maximum of 5 MAC addresses can be logged at a time. The Log file format for MAC address aa:bb:cc:dd:ee:ff is macaddress-debug-aa-bb-cc-dd-ee-ff.log
You can create a maximum of two log files for a MAC Address. The two log files may consist of one main and one backup or rollover log file.
The minimum size of a MAC log file is 10 MB. The maximum size allowed is 20 MB per MAC Address. The MAC log files that are not updated for more than 24 hours are pruned.
Downloading Mobility Services Engine Log Files
If you need to analyze mobility services engine log files, you can use NCS to download them to your system. NCS downloads a zip file containing the log files.
To download a zip file containing the log files, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine to view its status.
Step 3 From the left sidebar menu, choose Logs.
Step 4 Click Download Logs.
Step 5 Follow the instructions in the File Download dialog box to open the file or save the zip file to your system.
Managing User and Group Accounts for a Mobility Services Engine
This section describes how to configure and manage users and groups on the mobility services engine.
This section describes how to add, delete, and edit users for a mobility services engine and contains the following topics:
–Adding Users for a Mobility Services Engine
Note See the "Viewing Active Session Details for a Mobility Services Engine" section for information on viewing active sessions for each user.
•Managing Group Accounts—This section describes how to add, delete, and edit user groups for a mobility services engine and contains the following topics:
–Editing Group User Permissions
Adding Users for a Mobility Services Engine
To add a users to a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the device name of the mobility services engine that you want to edit.
Step 3 From the left sidebar menu, choose Systems > Accounts > Users.
Step 4 From the Select a command drop-down list, choose Add User.
Step 5 Click Go.
Step 6 Enter the username in the Username text box.
Step 7 Enter a password in the Password text box.
Step 8 Enter the name of the group to which the user belongs in the Group Name text box.
Step 9 Select a permission level from the Permission drop-down list.
There are three permission levels to select from: Read Access, Write Access, and Full Access (required for NCS to access a mobility services engine).
Group permissions override individual user permissions. For example, if you give a user full access and add that user to a group with read access, that user will not be able to configure mobility services engine settings.
Step 10 Click Save to add the new user to the mobility services engine.
Deleting Users
To delete a user from a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the device name of the mobility services engine that you want to edit.
Step 3 From the left sidebar menu, choose Systems > Accounts > Users.
Step 4 Select the check box(es) of the user(s) that you want to delete.
Step 5 From the Select a command drop-down list, choose Delete User.
Step 6 Click Go.
Step 7 Click OK to confirm that you want to delete the selected users.
Editing User Properties
To change user properties, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the device name of the mobility services engine that you want to edit.
Step 3 From the left sidebar menu, choose Systems > Accounts > Users.
Step 4 Click the username of the user that you want to edit.
Step 5 Make the required changes to the Password, Group Name, and Permission text boxes.
Step 6 Click Save to apply your change.
Adding User Groups
To add a user group to a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the device name of the mobility services engine that you want to edit.
Step 3 From the left sidebar menu, choose Systems > Accounts > Groups.
Step 4 From the Select a command drop-down list, choose Add Group.
Step 5 Click Go.
Step 6 Enter the name of the group in the Group Name text box.
Step 7 Choose a permission level from the Permission drop-down list.
There are three permissions levels to choose from:
•Read Access
•Write Access
•Full Access (required for NCS to access mobility services engines)
Step 8 Click Save to add the new group to the mobility services engine.
Group permissions override individual user permissions. For example, if you give a user full access and add that user to a group with read access permission, that user will not be able to configure mobility services engine settings.
Deleting User Groups
To delete user groups from a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the device name of the mobility services engine that you want to edit.
Step 3 From the left sidebar menu, choose Systems > Accounts > Groups.
Step 4 Select the check box(es) of the group(s) that you want to delete.
Step 5 From the Select a command drop-down list, choose Delete Group.
Step 6 Click Go.
Step 7 Click OK to confirm that you want to delete the selected users.
Editing Group User Permissions
To change user group permissions, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the device name of the mobility services engine that you want to edit.
Step 3 From the left sidebar menu, choose Systems > Accounts > Groups.
Step 4 Click the group name of the group that you want to edit.
Step 5 Choose a permission level from the Permission drop-down list.
Step 6 Click Save to apply your change.
Group permissions override individual user permissions. For example, if you give a user permission for full access and add that user to a group with read access, that user will not be able to configure mobility services engine settings.
Monitoring Status Information for a Mobility Services Engine
The System > Status page enables you to monitor server events, NCS alarms and events, and NMSP connection status for the mobility services engine.
This section provides additional information and contains the following topics:
•Viewing Server Events for a Mobility Services Engine
•Viewing NCS Alarms for a Mobility Services Engine
•Viewing NCS Events for a Mobility Services Engine
•Viewing NMSP Connection Status for a Mobility Services Engine
Viewing Server Events for a Mobility Services Engine
To view a list of server events, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the applicable mobility services engine.
Step 3 From the left sidebar menu, choose System > Status > Server Events.
The Status > Server Events page provides the following information:
•Timestamp—Time of the server event.
•Severity—Severity of the server event.
•Event—Detailed description of the event.
•Facility—The facility in which the event took place.
Viewing Audit Logs from a Mobility Services Engine
You can view the audit logs for User-triggered operations using the Audit Logs option available in a Mobility Services Engine. To view the audit logs, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the applicable mobility services engine.
Step 3 From the left sidebar menu, choose System > Status > Audit Logs.
The Status > Audit Logs page provides the following information:
•Username—The Username which has triggered the audit log.
•Operation—The operation that has been performed by the User.
•Operation Status—The status of the operation. It could be either SUCCESSFUL or FAILED.
•Invocation Time—The date and time at which the audit log was recorded for the specified operation.
Viewing NCS Alarms for a Mobility Services Engine
To view a list of NCS alarms, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the applicable mobility service.
Step 3 From the left sidebar menu, choose System > Status > NCS Alarms. See the "Monitoring Alarms" section for more information.
Viewing NCS Events for a Mobility Services Engine
To view a list of NCS events, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the applicable mobility service.
Step 3 From the left sidebar menu, choose System > Status > NCS Events. See the "Monitoring Events" section for more information.
Viewing NMSP Connection Status for a Mobility Services Engine
The NMSP Connection Status page allows you to verify the NMSP connection between the mobility services engine and the Cisco controller to which the mobility services engine is assigned.
Note Network Mobility Services Protocol (NMSP) is the protocol that manages communication between the mobility service and the controller.
To verify the NMSP connection between the controller and the mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the applicable mobility service.
Step 3 From the left sidebar menu, choose System > Status > NMSP Connection Status.
The NMSP Connection Status page displays the following information:
•Summary—The Summary section displays each device type, the total number of connections, and the number of inactive connections.
•NMSP Connection Status—This section displays the following:
–IP address—Click the device IP address to view NMSP connection status details for this device. See the "Viewing NMSP Connection Status Details" section for additional information.
–Target Type—Indicates the device to which the NMSP connection is intended.
–Version—Indicates the current software version for the device.
–NMSP Status—Indicates whether the connection is active or inactive.
–Echo Request Count—Indicates the number of echo requests that were sent.
–Echo Response Count—Indicates the number of echo responses that were received.
–Last Message Received—Indicates the date and time of the most recent message received.
Step 4 Verify that the NMSP Status is ACTIVE.
•If active, you can view details on wired switches, controllers, and wired clients.
•If not active, resynchronize the NCS device and the mobility services engine.
Note You can launch an NMSP troubleshooting tool for an inactive connection.
Viewing NMSP Connection Status Details
To view NMSP Connection Status details, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the applicable mobility service.
Step 3 From the left sidebar menu, choose System > Status > NMSP Connection Status.
Step 4 Click the device IP address to open the NMSP Connection Status Details page. The Details page displays the following information:
•Summary
–IP Address
–Version—The current software version for the device.
–Target Type—The device to which the NMSP connection is intended.
–NMSP Status—Indicates whether the connection is active or inactive.
–Echo Request Count—The number of echo requests that were sent.
–Echo Response Count—The number of echo responses that were received.
–Last Activity Time—The date and time of the most recent message activity between the device and the mobility services engine.
–Last Echo Request Message Received At—The date and time the last echo request was received.
–Last Echo Response Message Received At—The date and time the last echo response was received.
–Model—The device model.
–MAC Address—The MAC address of the device, if applicable.
–Capable NMSP Services—Indicates the NMSP-capable services for this device such as ATTACHMENT or LOCATION.
•Subscribed Services—Indicates subservices for each subscribed NMSP service. For example, MOBILE_STATION_ATTACHMENT is a subservice of ATTACHMENT.
•Messages
–Message Type—Message types may include: ATTACHMENT_NOTIFICATION, ATTACHMENT_REQUEST, ATTACHMENT_RESPONSE, CAPABILITY_NOTIFICATION, ECHO_REQUEST, ECHO_RESPONSE, LOCATION_NOTIFICATION, LOCATION_REQUEST, SERVICE_SUBSCRIBE_REQUEST, SERVICE_SUBSCRIBE_RESPONSE.
–In/Out—Indicates whether the message was an incoming or outgoing message.
–Count—Indicates the number of incoming or outgoing messages.
–Last Activity Time—The date and time of the most recent activity or message.
–Bytes—Size of the message in Bytes.
Managing Maintenance for Mobility Services
This section contains the following topics:
•Viewing or Editing Mobility Services Backup Parameters
•Backing Up Mobility Services Engine Historical Data
•Restoring Mobility Services Engine Historical Data
•Downloading Software to a Mobility Services Engine Using NCS
Viewing or Editing Mobility Services Backup Parameters
To view or edit mobility service backup parameters, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service whose properties you want to edit.
Step 3 From the left sidebar menu, choose Maintenance > Backup.
•Backups located at—Indicates the location of the backup file.
•Enter a name for the Backup—Enter or edit the name of the backup file.
•Timeout (in secs)—Indicate the length of time (in seconds) before attempts to back up files will time out.
Backing Up Mobility Services Engine Historical Data
NCS includes functionality for backing up mobility services engine data.
To back up mobility services engine data, follow these steps:
Step 1 In Cisco NCS, click Services > Mobility Services.
Step 2 Click the name of the mobility services engine that you want to back up.
Step 3 From the left sidebar menu, choose Maintenance > Backup.
Step 4 Enter the name of the backup.
Step 5 Enter the time in seconds after which the backup times out.
Step 6 Click Submit to back up the historical data to the hard drive of the server running NCS.
Status of the backup can be seen on the screen while the backup is in process. Three items will display on the screen during the backup process: (1) Last Status field provides messages noting the status of the backup; (2) Progress field shows what percentage of the backup is complete; and (3) Started at field shows when the backup began noting date and time.
Note You can run the backup process in the background while working on other mobility services engine operations in other NCS pages.
Note Backups are stored in the FTP directory that you specify during the NCS installation. However, in NCS installation, FTP directory is not specified. It might be necessary to give the full path of the FTP root.
Restoring Mobility Services Engine Historical Data
To restore a file back into the mobility service, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service whose properties you want to edit.
Step 3 From the left sidebar menu, choose Maintenance > Restore.
Step 4 Choose the file to restore from the drop-down list.
Step 5 Select the Delete synchronized service assignments check box if you want to permanently remove all service assignments from the mobility services engine.
This option is applicable for network designs, wired switches, controllers and event definitions. The existing location history data is retained, however you must use manual service assignments to do any future location calculations.
Step 6 Click Submit to start the restoration process.
Step 7 Click OK to confirm that you want to restore the data from the NCS Server hard drive.
When the restoration is complete, NCS displays a message to that effect.
Note You can run the restore process in the background while working on other mobility service engine operations in other NCS pages.
Downloading Software to a Mobility Services Engine Using NCS
To download software to a mobility services engine using NCS, follow these steps:
Step 1 Verify that you can ping the location appliance from NCS or an external FTP server, whichever you are going to use for the application code download.
Step 2 Choose Services > Mobility Services.
Step 3 Click the name of the mobility services engine to which you want to download software.
Step 4 On the left sidebar menu, choose Maintenance.
Step 5 Click Download Software.
To download software, do one of the following:
•To download software listed in the NCS directory, select the Select from uploaded images to transfer into the Server check box. Then, choose a binary image from the drop-down list.
NCS downloads the binary images listed in the drop-down list into the FTP server directory you specified during the NCS installation.
In NCS installation, FTP directory is not specified. It might be necessary to give the full path of the FTP root.
•To use downloaded software available locally or over the network, select the Browse a new software image to transfer into the Server check box and click Browse. Locate the file and click Open.
Step 6 Enter the time, in seconds (between 1 and 1800), after which the software download times out.
Step 7 Click Download to send the software to the /opt/installers directory on the mobility services engine.
Managing Cisco Adaptive wIPS Service Parameters
The wIPS Service page allows you to view or manage wIPS service administrative settings.
Note Cisco Adaptive wIPS functionality is not supported for non-root partition users.
Managing wIPS Service Administration Settings
To view or manage wIPS service administration settings, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Choose the device name of the applicable mobility services engine.
Step 3 From the left sidebar menu, choose wIPS Service.
Step 4 View or edit the following parameters:
•Log level—Choose the applicable log level from the drop-down list. Log levels include debug, error, important event, major debug, none, and warning.
•Forensic size limit (GB)—Enter the maximum allowable size of forensic files.
•Alarm ageout (hours)—Enter the age limit in hours for each alarm.
•Device ageout (days)—Enter the age limit in days for the device to send alarms.
Step 5 Click Save to confirm the changes or Cancel to close the page with no changes applied.
Managing Context-Aware Software Parameters
Context-Aware Software (CAS) allows a mobility services engine to simultaneously track thousands of mobile assets and clients by retrieving contextual information such as location, temperature and asset availability about a client or tag (Cisco CX version or later) from Cisco access points.
CAS relies on two engines for processing the contextual information it receives. The Context-Aware Engine for Clients processes data received from Wi-Fi clients and the Context-Aware Engine for Tags processes data received from Wi-Fi tags; these engines can be deployed together or separately depending on the business need.
Note Mobility services engines do not track or map non-Cisco CX tags.
Note CAS was previously referred to as Cisco location-based services.
You can modify Context-Aware Software properties as to the type and number of clients or tags that are tracked and whether or not locations are calculated for those clients or tags.
You can also modify parameters that affect the location calculation of clients and tags such as Receiver Signal Strength Indicator (RSSI) measurements.
Viewing Contextual Information
Before you can use NCS to view contextual information, initial configuration for the mobility services engine is required using a command-line (CLI) console session. Refer to the Cisco 3350 Mobility Services Engine Getting Started Guide and the Cisco 3100 Mobility Services Engine Getting Started Guide at the following URL: http://www.cisco.com/en/US/products/ps9742/tsd_products_support_series_home.html.
After its installation and initial configuration are complete, the mobility services engine can communicate with multiple Cisco wireless LAN controllers to collect operator-defined contextual information. You can then use the associated NCS to communicate with each mobility services engine to transfer and display selected data.
You can configure the mobility services engine to collect data for clients, rogue access points, rogue clients, mobile stations, interferers, and active RFID asset tags.
Licensing for Clients and Tags
You must purchase licenses from Cisco to retrieve contextual information on tags and clients from access points.
•Licenses for tags and clients are offered separately.
•The clients license also includes tracking of rogue clients and rogue access points, and interferers (if enabled).
•Licenses for tags and clients are offered in a variety of quantities, ranging from 1,000 to 12,000 units.
The AeroScout Context-Aware Engine for Tags support 100 permanent tag licenses; Context-Aware Software will consist of permanent tag licenses.
Note For more information on tags and client licenses, refer to the Release Notes for Cisco 3300 Series Mobility Services Engine for Software Release 6.0 at the following URL:
http://www.cisco.com/en/US/products/ps9742/tsd_products_support_series_home.html
For additional information on Context-Aware parameters, select one of the following topics:
•Context-Aware General Parameters
•Context-Aware Administration Parameters
•Context Aware Advanced Parameters
Context-Aware General Parameters
To access the Context Aware Service > General page, choose Services > Mobility Services > General from the left sidebar menu. This page provides the following information:
•Number of tracked clients
•Number of traced tags
•Number of tracked rogues
•Number of tracked interferers
•Number of tracked wired clients
•Limit for total elements tracked
•Limit for number of tracked tags
•Interactive graph of the mobility services engine client and tag count
Context-Aware Administration Parameters
This section contains the following topics:
•Modifying Tracking Parameters for Mobility Services
•Modifying Filtering Parameters for Mobility Services
•Modifying History Parameters for Mobility Services
•Enabling Location Presence for Mobility Services
•Importing Asset Information for Mobility Services
•Exporting Asset Information for Mobility Services
•Importing Civic Information for Mobility Services
Modifying Tracking Parameters for Mobility Services
The mobility services engine can track up to18,000 clients or up to18,000 tags (with the proper license purchase). Updates on the locations of elements being tracked are provided to the mobility services engine from the Cisco wireless LAN controller.
Only those elements designated for tracking by the controller are viewable in NCS maps, queries, and reports. No events and alarms are collected for non-tracked elements and none are used in calculating the 18,000 element limit for clients or tags.
You can modify the following tracking parameters using NCS:
•Enable and disable element locations (client stations, active asset tags, interferers, wired clients, rogue clients, and rogue access points) you actively track.
–Wired client location tracking enables servers in a data center to more easily find wired clients in the network. Servers are associated with wired switch ports in the network.
•Set limits on how many of a specific element you want to track.
For example, given a client license of 12,000 trackable units, you can set a limit to track only 8,000 client stations (leaving 4,000 units available to track rogue clients and rogue access points). Once the tracking limit is met for a given element, the number of elements not being tracked is summarized in the Tracking Parameters page.
•Disable tracking and reporting of ad hoc rogue clients and access points.
To configure tracking parameters for a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services to open the Mobility Services page.
Step 2 Click the name of the mobility services engine whose properties you want to edit. The General Properties page opens.
Step 3 In the Context-Aware Software menu located on the left sidebar menu, choose Tracking Parameters from the Administration sub-heading to display the configuration options.
Step 4 Modify the following tracking parameters as appropriate (see Table 16-4).
Step 5 Click Save to store the new settings in the mobility services engine database.
Modifying Filtering Parameters for Mobility Services
In NCS, you can limit the number of asset tags, wired clients, rogue clients, interferers and access points whose location is tracked by filtering on the following:
•MAC addresses
Specific MAC addresses can be entered and labeled as allowed or disallowed from location tracking. You can import a file with the MAC addresses that are to be allowed or disallowed, or you can enter them individually in the NCS GUI page.
The format for entering MAC addresses is xx:xx:xx:xx:xx:xx. If a file of MAC addresses is imported, the file must follow a specific format as follows:
–Each MAC address should be listed on a single line.
–Allowed MAC addresses must be listed first and preceded by an "[Allowed]" line item. Disallowed MAC addresses must be preceded by "[Disallowed]."
–Wildcard listings can be used to represent a range of MAC addresses. For example, the first entry "00:11:22:33:*" in the Allowed listing that follows is a wildcard.
Note Allowed MAC address formats are viewable in the Filtering Parameters configuration page. See Table 16-5 for details.
EXAMPLE file listing:
[Allowed]
00:11:22:33:*
22:cd:34:ae:56:45
02:23:23:34:*
[Disallowed]
00:10:*
ae:bc:de:ea:45:23
•Probing clients
Probing clients are clients that are associated to another controller but whose probing activity causes them to be seen by another controller and be counted as an element by the "probed" controller as well as its primary controller.
To configure filtering parameters for a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services. The Mobility Services page appears.
Step 2 Click the name of the mobility services engine whose properties you want to edit. The General Properties page appears.
Step 3 From the Context-Aware Software menu, choose Filtering Parameters from the Administration sub-heading to display the configuration options.
Step 4 Modify the following filtering parameters as appropriate (see Table 16-5).
Step 5 Click Save to store the new settings in the mobility services engine database.
Modifying History Parameters for Mobility Services
You can use NCS to specify how long to store (archive) histories on client stations, rogue clients, and asset tags. These histories are received from those controllers that are associated with the mobility service.
You can also program the mobility service to periodically remove (prune) duplicate data from its historical files to reduce the amount of data stored on its hard drive.
To configure mobility service history settings, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service whose properties you want to edit.
Step 3 From the left sidebar menu, choose Context Aware Service > History Parameters.
Step 4 Modify the following history parameters as appropriate (see Table 16-6).
Table 16-6 History Parameters
:
Step 5 Click Save to store your selections in the location appliance database.
Enabling Location Presence for Mobility Services
You can enable location presence on the mobility services engine to provide expanded Civic (city, state, postal code, country) and GEO (longitude, latitude) location information beyond the Cisco default setting (campus, building, floor, and X, Y coordinates). This information can then be requested by wireless and wired clients on a demand basis for use by location-based services and applications.
You can also import advanced location information such as the MAC address of a wired client and the wired switch slot and port to which the wired client is attached.
Location Presence can be configured when a new Campus, Building, Floor or Outdoor Area is being added or configured at a later date.
Once enabled, the mobility services engine is capable of providing any requesting Cisco CX v5 client its location.
Note Before enabling this feature, synchronize the mobility services engine.
To enable and configure location presence on a mobility services engine, follow these steps:
Step 1 Choose Services > Mobility Services > Device Name. Select the mobility services engine to which the campus or building or floor is assigned.
Step 2 From the left sidebar menu, choose Context Aware Services > Administration > Presence Parameters.
Step 3 Select the Service Type On Demand check box to enable location presence for Cisco CX clients v5.
Step 4 Select one of the following Location Resolution options:
a. When Building is selected, the mobility services engine can provide any requesting client, its location by building.
–For example, if a client requests its location and the client is located in Building A, the mobility services engine returns the client address as Building A.
b. When AP is selected, the mobility services engine can provide any requesting client, its location by its associated access point. The MAC address of the access point appears.
–For example, if a client requests its location and the client is associated with an access point with a MAC address of 3034:00hh:0adg, the mobility services engine returns the client address of 3034:00hh:0adg.
c. When X,Y is selected, the mobility services engine can provide any requesting client, its location by its X and Y coordinates.
–For example, if a client requests its location and the client is located at (50, 200) the mobility services engine returns the client address of 50, 200.
Step 5 Select any or all of the location formats:
a. Select the Cisco check box to provide location by campus, building and floor and X and Y coordinates. Default setting.
b. Select the Civic check box to provide the name and address (street, city, state, postal code, country) of a campus, building, floor, or outdoor area.
Note To import a file with multiple Civic listings, see the "Importing Civic Information for Mobility Services" section.
c. Select the GEO check box to provide the longitude and latitude coordinates.
Step 6 By default, the Text check box for Location Response Encoding is selected. It indicates the format of the information when received by the client. There is no need to change this setting.
Step 7 Select the Retransmission Rule Enable check box to allow the receiving client to retransmit the received information to another party.
Step 8 Enter a Retention Expiration value in minutes. This determines how long the received information is stored by the client before it is overwritten. Default value is 24 hours (1440 minutes).
Step 9 Click Save.
Importing Asset Information for Mobility Services
To import asset, chokepoint, and TDOA receiver information for the mobility services engine using NCS, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine for which you want to import information.
Step 3 Choose Context Aware Service > Administration > Import Asset Information.
Step 4 Enter the name of the text file or browse for the filename.
Specify information in the imported file in the following formats:
•tag format: #tag, 00:00:00:00:00:00, categoryname, groupname, assetname
•station format: #station, 00:00:00:00:00:00, categoryname, groupname, assetname
Step 5 When the import file name is located in the Browse text box, click Import.
Exporting Asset Information for Mobility Services
To export asset, chokepoint, and TDOA receiver information from the mobility services engine to a file using NCS, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine from which you want the export information.
Step 3 Choose Context Aware Service > Administration > Export Asset Information.
Information in the exported file is in the the following formats:
•tag format: #tag, 00:00:00:00:00:00, categoryname, groupname, assetname
•station format: #station, 00:00:00:00:00:00, categoryname, groupname, assetname
Step 4 Click Export.
Click Open (display to screen), Save (to external PC or server), or Cancel (to cancel the request).
Note If you select Save, you are asked to select the asset file destination and name. The file is named assets.out by default. Click Close in the dialog box when download is complete.
Importing Civic Information for Mobility Services
To import civic information for the mobility services engine using NCS, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine for which you want to import asset information.
Step 3 From the left sidebar menu, choose Context Aware Software .
Step 4 From theAdministration left sidebar menu, choose Import Civic Information.
Step 5 Enter the name of the text file or browse for the file name.
Information in the imported file should be one of the following formats:
Switch IP Address, Slot Number, Port Number, Extended Parent Civic Address, X, Y, Floor ID, Building ID, Network Design ID, ELIN:"ELIN", PIDF-Lo-Tag:"Civic Address Element Value"
Note Each entry must appear on a separate line.
Step 6 Click Import.
Context Aware Wired Parameters
This section describes the Context Aware Service > Wired drop-down list parameters and contains the following topics:
Monitoring Wired Switches
You can review details on the wired switch (IP address, MAC address, serial number, software version, and ELIN), its port, its wired clients (count and status), and its civic information.
Wired switch data is downloaded to the mobility services engine through NCS when the Ethernet switch and the mobility services engine are synchronized (Services > Synchronize Services > Switches). Communication between a location-capable switch and the mobility services engine is over NMSP. NCS and the mobility services engine communicate over XML.
To view details on wired switches, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 In the Mobility Services page, click the device name link of the appropriate wired location switch.
Step 3 Choose Context Aware Service > Wired > Wired Switches. A summary of wired switches that are synchronized with the mobility services engine appears.
Step 4 To see more details on the switch, its port, its wired clients (count and status), and its civic information click the IP address link. See the "Wired Switch Details" section for information on wired switch details.
Wired Switch Details
To view wired switch details, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 At the Mobility Services page, click the device name link of the appropriate mobility services engine.
Step 3 Choose Context Aware Service > Wired > Wired Switches. A summary of wired switches that are synchronized with the mobility services engine appears.
Step 4 Click the IP address link for the applicable wired switch. The Wired Switch Details page opens.
The Wired Switch Details page has four tabs: Switch Information, Switch Ports, Civic, and Advanced.
Note You can export civic information from the switch by choosing that option from the Select a command drop-down list. This option is available in all four dashlets of the Wired Switches page.
The Wired Switch Details tabs display the following information:
•Switch Information—Displays a total count summary of wired clients connected to the switch along with the state of the client (connected, disconnected, and unknown).
–Connected clients—Clients that are connected to the wired switch.
–Disconnected clients—Clients that are disconnected from the wired switch.
–Unknown clients—Clients are marked as unknown when the NMSP connection to the wired switch is lost.
Note You can view detailed wired client information by clicking in one of the client count links (total clients, connected, disconnected, and unknown). See the "Monitoring Wired Clients" section section for more information.
•Switch Ports—Displays a detailed list of the ports on the switch.
Note You can change the listing order (ascending, descending) of port IP addresses, slot numbers, module number, port type, and port number by clicking in the respective column heading.
•Civic—Displays a detailed list of the civic information for the wired switch.
•Advanced—Displays a detailed list of the additional civic information for the wired switch.
Monitoring Wired Clients
You can view details on a wired client (MAC address, IP address, username, serial number, UDI, model no., software version, VLAN ID, and VLAN ID), port association, and its civic information.
Wired client data is downloaded to the mobility services engine through NCS when the switch and the mobility services engine are synchronized (Services > Synchronize Services > Switches).
NCS and the mobility services engine communicate over XML.
You can view the details of the wired client on either the wired switches page (Context Aware Service > Wired > Wired Switches) or wired clients page (Context Aware Service > Wired > Wired Clients).
•If you know the IP address, MAC address, VLAN ID, serial number, or username, you can use the search field on the wired clients page.
•If you want to examine wired clients as they relates to a specific switch, you can view that information on the wired switches page. See the "Monitoring Wired Switches" section section for more information.
To view details on a wired client, follow these steps:
Step 1 Choose Services > Mobility Services. The Mobility Services page opens.
Step 2 Click the device name link of the appropriate wired location switch.
Step 3 Choose Context Aware Service > Wired > Wired Clients.
At the Wired Clients summary page, clients are grouped by their switch.
A client status is noted as connected, disconnected, or unknown:
•Connected clients—Clients that are active and connected to a wired switch.
•Disconnected clients—Clients that are disconnected from the wired switch.
•Unknown clients—Clients that are marked as unknown when the NMSP connection to the wired switch is lost. See the "Viewing NMSP Connection Status for a Mobility Services Engine" section for more information about NMSP connections.
If you know the MAC address of the wired client, you can click that link to reach the detail page of the client or use the search field. See the "Wired Client Details" section for more information on wired client details.
•You can also search for a wired client by its IP address, username, or VLAN ID.
If you click the IP address of the switch, you are forwarded to the detail page of the switch. See the "Monitoring Wired Switches" section section for more information.
Step 4 Click the MAC Address for the applicable client to view wired client details. See the "Wired Client Details" section for more information on wired client details.
Wired Client Details
To view wired client details, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 At the Mobility Services page, click the device name link of the appropriate mobility services engine.
Step 3 Choose Context Aware Service > Wired > Wired Clients. A summary of wired clients that are synchronized with the mobility services engine appears.
Step 4 Click the MAC address link for the applicable wired client. The Wired Client Details page opens.
The Wired Client Details page has four tabs: Device Information, Port Association, Civic Address, and Advanced.
The Wired Switch Details tabs display the following information:
•Device Information—Display MAC and IP address, username, serial and model numer, UDI, software version, VLAN ID, and VLAN name.
•Port Association—Displays the physical location of the switch port/slot/module on which the wired client terminates, the client status (connected, disconnected, unknown), and the switch IP address.
•Civic Address—Displays any civic address information.
•Advanced—Displays extended physical address details for the wired clients, if applicable.
Note A client takes on the civic address and advanced location information that is configured for the port on which the client terminates. If no civic and advanced information is defined for the its port (port/slot/module) then no location data is displayed.
Monitoring Interferers
The Monitor > Interferers page allows you to monitor interference devices detected by the CleanAir enabled access points.
This section provides information on the interferers detected by the CleanAir enabled access points. By default, the Monitor > Interferers > AP Detected Interferers page is displayed.
This section contains the following topics:
•Monitor > Interferers > AP Detected Interferers
•Monitor > Interferers > AP Detected Interferers > Interferer Details
•Monitor > Interferers > Edit View
•Monitor > Interferers > Edit View > Edit Search
Monitor > Interferers > AP Detected Interferers
Choose Monitor > Interferers to view all the interfering devices detected by the CleanAir enabled access points on your wireless network. This page enables you to view a summary of the interferring devices including the following default information:
•Interferer ID—A unique identifier for the interferer. This is a pseudo-randomly generated ID. Though it is similar to a MAC address, it is not a real address, which you can use to find the interfering device. Click this link to know more about the interferer.
•Type—Indicates the category of the interferer. Click to read more about the type of device. The dialog box appears displaying more details. The categories include the following:
–Bluetooth link—A Bluetooth link (802.11b/g/n only)
–Microwave Owen—A microwave oven (802.11b/g/n only)
–802.11 FH—An 802.11 frequency-hopping device (802.11b/g/n only)
–Bluetooth Discovery—A Bluetooth discovery (802.11b/g/n only)
–TDD Transmitter—A time division duplex (TDD) transmitter
–Jammer—A jamming device
–Continious Transmitter—A continuous transmitter
–DECT-like Phone—A digital enhanced cordless communication (DECT)-compatible phone
–Video—A video camera
–802.15.4—An 802.15.4 device (802.11b/g/n only)
–WiFi Inverted—A device using spectrally inverted Wi-Fi signals
–WiFi Invalid—A device using non-standard Wi-Fi channels
–SuperAG—An 802.11 SuperAG device
–Canopy—A Motorola Canopy device
–Radar—A radar device (802.11a/n only)
–XBox—A Microsoft Xbox (802.11b/g/n only)
–WiMAX Mobile—A WiMAX mobile device (802.11a/n only)
–WiMAX Fixed—A WiMAX fixed device (802.11a/n only)
•Status—Indicates the status of the interfering device.
–Active—Indicates that the interferer is currently being detected by the CleanAir enabled access point.
–Inactive—Indicates that the interferer is no longer being detected by the CleanAir enabled access point or the CleanAir enabled access point saw the interferer no longer reacheable by NCS.
•Severity—Displays the severity ranking of the interfering device.
•Affected Band—Displays the band in which this device is interfering.
•Affected Channels—Displays the affected channels.
•Duty Cycle (%)—The duty cycle of interfering device in percentage.
•Discovered—Displays the time at which it was discovered.
•Last Updated—The last time the interference was detected.
•Floor—The location where the interfering device is present.
Note These devices appear only if the option to track Interferers is enabled in the Tracking Parameters page. This option is disabled by default. For more information on tracking parameters, see the "Modifying Tracking Parameters for Mobility Services" section.
Monitor > Interferers > AP Detected Interferers > Interferer Details
Choose Monitor > Interferers > Interferer ID to view this page. This page enables you to view the details of the interfering devices detected by the access points. This page provides the following details about the interfering device.
•Interferer Properties
–Type—Displays the type of the interfering device detected by the AP.
•Status—The status of the interfering device. Indicates the status of the interfering device.
–Active—Indicates that the interferer is currently being detected by the CleanAir enabled access point.
–Inactive—Indicates that the interferer is no longer being detected by the CleanAir enabled access point or the CleanAir enabled access point saw the interferer no longer reachable by NCS.
–Severity—Displays the severity ranking of the interfering device.
–Duty Cycle (%)—The duty cycle of interfering device in percentage.
–Affected Band—Displays the band in which this device is interfering.
–Affected Channels—Displays the affected channels.
–Discovered—Displays the time at which it was discovered.
–Last Updated—The last time the interference was detected.
•Location
–Floor—The location where this interfering device was detected.
–Last Located At—The last time where the interfering device was located.
–On MSE—The Mobility Server Engine on which this interference device was located.
•Clustering Information
–Clustered By—Displays the following:
IP address of the controller if clustered by a controller.
IP address of the mobility services engine if clustered by a mobility services engine.
–Detecting APs—Displays the details of the access point that has detected the interfering device. The details include: Acces Point Name (Mac), Severity, and Duty Cycle(%).
Note The detecting access point information is available only for active devices. And even for some active devices, this information may not be available. This is because, those interferers are in the process of being marked inactive and in the next refresh of Monitor > Interferers page, those will appear inactive.
•Details—Displays a short description about the interfering type.
Select a command
The Select a command drop-down list provides access to the location history of the interfering device detected by the access point. See the "Monitor > Interferers > AP Detected Interferer Details > Interference Device ID > Location History" section.
Monitor > Interferers > AP Detected Interferer Details > Interference Device ID > Location History
Choose Monitor > Interferers > Interference Device ID, choose Location History from the Select a command drop-down list, and click Go to view this page.
•Interferer Information—Displays the basic information about the interfering device.
–Data Collected At—The time stamp at which the data was collected.
–Type—The type of the interfering device.
–Severity—The severity index of the interfering device.
–Duty Cycle—The duty cycle (in percentage) of the interfering device.
–Affected Channels—A comma separated list of the channels affected.
•Interferer Location History—Displays the location history of the interfering devices.
–Time Stamp
–Floor
•Clustering Information
–Clustered By
•Detecting APs
–AP Name—The access point that detected the interfering device.
–Severity—The severity index of the interfering device.
–Duty Cycle(%)—The duty cycle (in percentage) of the interfering device.
•Location
–Location Calculated At—Displays the time stamp at which this information was generated.
–Floor—Displays location information of the interfering device.
–A graphical view of the location of the interfering device is displayed in a map. Click the Enlarge link to view an enlarged image.
Monitor > Interferers > Edit View
The Edit View page allows you to add, remove, or reorder columns in the AP Detected Interferers Summary page. It also allows you to search for Interferers. By default only those interferers that are in Active state and with severity greater than or equal to 5 are displayed in the AP Detected Interferers page. For more information on editing search criteria, see the "Monitor > Interferers > Edit View > Edit Search" section.
To edit the columns in the AP Detected Interferers page, follow these steps:
Step 1 Choose Monitor > Interferers. The AP Detected Interferers page appears showing details of the interferers detected by the CleanAir enabled access points.
Step 2 Click the Edit View link in the AP Detected Interferers page.
Step 3 To add an additional column to the access points table, click to highlight the column heading in the left column. Click Show to move the heading to the right column. All items in the right column are displayed in the table.
Step 4 To remove a column from the access points table, click to highlight the column heading in the right column. Click Hide to move the heading to the left column. All items in the left column are not displayed in the table.
Step 5 Use the Up/Down buttons to specify the order in which the information appears in the table. Highlight the desired column heading and click Up or Down to move it higher or lower in the current list.
Step 6 Click Reset to restore the default view.
Step 7 Click Submit to confirm the changes.
Monitor > Interferers > Edit View > Edit Search
You can search for interferers based on certain criteria. By default only those interferers that are in Active state and with severity greater than or equal to 5 are displayed in the AP Detected Interferers page. Use the Edit Search option to customize the interferer search.
To edit the search criteria, follow these steps:
Step 1 Choose Monitor > Interferers. The AP Detected Interferers page appears.
Step 2 Click Edit Search and select the appropriate criteria. This option allows you to specify the following search criteria:
•Search Category—For interferer search, the search category is Interferers.
•Detected By—From the drop-down list, select Access Points or Spectrum Experts.
•Search By—From the list box, select any one of the following options:
–All Interferers
–Interferer ID
–Interferer Type
–Severity
–Duty Cycle
–Location
•Severity greater than—Enter the severity level in the text box.
•Detected within the last—From the list box, select any one of the following options:
–5 Minutes
–15 Minutes
–30 Minutes
–1 Hour
–3 Hours
–6 Hours
–12 Hours
–24 Hours
–All History
•Interferer status—From the list box, choose any of the following options:
–Active
–Inactive
–All
•Restrict By Radio Band/Channels—Select this check box if you want to restrict certain radio frequencies or channels from the search. By default, this check box is unselected. On selected this check box, a list box appears with 2.4 GHz, 5 GHz and Individual Channel options. If you select Individual Channel, an Affected Channels text box appears. Specify the channel and select either the Match All or Match Any radio button.
Step 3 Select the number of items per page that you want to view in the search results.
Step 4 Select the Save Search check box if you want to save the search.
Step 5 After specifying the search criteria. Click Go to view the search results.
Context Aware Advanced Parameters
This section contains the following topics:
•Modifying Location Parameters for Mobility Services
•Modifying Notification Parameters for Mobility Services
Modifying Location Parameters for Mobility Services
You can use NCS to specify whether the mobility service retains its calculation times and how soon the mobility service deletes its collected Receiver Signal Strength Indicator (RSSI) measurement times. You can also apply varying smoothing rates to manage location movement of an element.
To configure location parameters, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility service whose properties you want to edit.
Step 3 From the left sidebar menu, choose Context Aware Service > Location Parameters.
Step 4 Modify the location parameters as appropriate (see Table 16-7).
Step 5 Click Save to store your selections in the NCS and mobility service databases.
Modifying Notification Parameters for Mobility Services
You can use NCS to configure mobility services engine event notification parameters that define such items as how often the notifications are generated or resent by the mobility services engine.
Note Modify notification parameters only if you expect the mobility services engine to send a large number of notifications or if notifications are not being received.
You can also enable forwarding of northbound notifications for tags to be sent to third-party applications.
The format of northbound notifications sent by the mobility services engine is available on the Cisco developers support portal at the following URL:
http://developer.cisco.com/web/cdc
To configure notification parameters, follow these steps:
Step 1 Choose Services > Mobility Services.
Step 2 Click the name of the mobility services engine you want to configure.
Step 3 From the Context Aware Software left sidebar menu, choose Notification Parameters from the Advanced sub-heading to display the configuration options.
Step 4 Select the Enable Northbound Notifications check box to enable the function.
Step 5 Select the Notification Contents check box to send notifications to third-party applications (northbound).
Step 6 Select one or more of the following Notification content options:
•Chokepoints
•Telemetry
•Emergency
•Battery Level
•Vendor Data
•Location
Step 7 Select the Notification Triggers check box.
Step 8 Select one or more of the following Notification trigger options:
•Chokepoints
•Telemetry
•Emergency
•Battery Level
•Vendor Data
•Location Recalculation
Step 9 Enter the IP address and port for the system that is to receive the northbound notifications.
Step 10 Choose the transport type from the drop-down list.
Step 11 Select HTTPS if you want to use HTTPS protocol for secure access to the destination system.
Step 12 To modify the notification parameter settings, enter the new value in the appropriate text box in the Advanced tab of the page. Table 16-8 describes each parameter.
Step 13 Click Save.
Viewing Tag Engine Status
To access the Tag Engine Status page, choose Services > Mobility Services > MSE Name > Context Aware Service > Tag Engine > Status.
Note This option appears only if Partner Tag engine was chosen as the engine.
If tag licenses are available, then Aeroscout Tag Engine is enabled. Else, Cisco Tag Engine is enabled by default.
If only evaluation license is available then Cisco Tag Engine is enabled by default. The Tag Engine status page shows status based on whether it is Aeroscout Tag Engine or Cisco Tag Engine.
Note Aeroscout engine fails to start on MSE if WCS map names have special characters such as '&'.
Table 16-9 lists and describes the fields in the Tag Engine Status page for Aeroscout Tag Engine.
If you have selected Cisco Tag Engine for Context Aware Service, the Tag Engine Status page displays the following information.
Table 16-10 describes the fields in the Tag Engine Status page for Cisco Tag Engine.
Viewing Notification Information for Mobility Services
The Services > Context Aware Notifications page provides the ability to define events. This section contains the following topics:
•Viewing the Notifications Summary for Mobility Services
•Viewing and Managing Notifications Settings for Mobility Services
•Viewing Notification Statistics
Viewing the Notifications Summary for Mobility Services
To view the Notification Summary, choose Services > Context Aware Notifications > Summary.
The mobility service sends event notifications and does not store them (fire and forget). However, if NCS is a destination of notification events, it stores the notifications it receives and groups them into the following seven categories:
•Absence (Missing)—Generated when the mobility service cannot see the asset in the WLAN for the specified time.
•Location Changes—Generated when client stations, asset tags, rogue clients, and rogue access points move from their previous location.
•Chokepoint Notifications—Generated when a tag is seen (stimulated) by a chokepoint. This information is only reported and displayed for CCX v.1 compliant tags.
•In/Out Area—Generated when an asset is moved inside or outside a designated area.
Note You define a containment area (campus, building, or floor) in the Maps section of NCS (Monitor > Maps). You can define a coverage area using the Map Editor.
•Battery Level—Generated when a tracked asset tag hits the designated battery level.
•Movement from Marker—Generated when an asset is moved beyond a specified distance from a designated marker you define on a map.
•Emergency—Generated for a CCX v.1 compliant asset tag when the panic button of the tag is triggered or the tag becomes detached, tampered with, goes inactive or reports an unknown state. This information is only reported and displayed for CCX v.1 compliant tags.
The summary details include the following:
•All Notifications
•Client Stations
•Asset Tags
•Rogue Clients
•Rogue Access Points
Note To view details for each of the notifications, click the number under the Last Hour, Last 24 Hours, or Total Active column to open the details page for the applicable notification.
Notifications Cleared
A mobility service sends event notifications when it clears an event condition in one of the following scenarios:
•Missing (Absence)—Elements reappear.
•In/Out Area (Containment)—Elements move back in or out of the containment area.
•Distance—Elements move back within the specified distance from a marker.
•Location Changes—Clear state is not applicable to this condition.
•Battery Level—Tags are detected again operating with Normal battery level.
•Emergency
•Chokepoint
Note In NCS, the Notifications Summary page reflects whether notifications for cleared event conditions have been received.
Viewing and Managing Notifications Settings for Mobility Services
Note An Event Group must be created which contains the rules that trigger a notification.
To view the Notifications Settings, follow these steps:
Step 1 Choose Services > Context Aware Notifications.
Step 2 From the left sidebar menu, choose Settings.
Viewing Notification Statistics
You can view the notification statistics for a specific mobility services engine. To view the Notification Statistics for a specific mobility services engine, choose Services > Mobility Services > MSE-name > Context Aware Service > Notification Statistics.
where MSE-name is the name of a mobility services engine.
Table 16-2 lists and describes the fields in the Notification statistics page.
About Event Groups
To manage events more efficiently, you can use NCS to create event groups. Event groups help you organize your event definitions.
This section contains the following topics:
•Working with Event Definitions
Adding Event Groups
To add an event group, follow these steps:
Step 1 Choose Services > Context Aware Notifications.
Step 2 Click Notification Definitions from the left sidebar menu.
Step 3 From the Select a command drop-down list, choose Add Event Group.
Step 4 Click Go.
Step 5 Enter the name of the group in the Group Name text box.
Step 6 Click Save.
The new event group appears in the Event Settings page.
Deleting Event Groups
To delete an event group, follow these steps:
Step 1 Choose Services > Context Aware Notifications.
Step 2 Choose Notification Definitions from the left sidebar menu.
Step 3 Select the check box of the event group you want to delete.
Step 4 From the Select a command drop-down list, choose Delete Event Group(s).
Step 5 Click Go.
Step 6 Click OK to confirm the deletion.
Step 7 Click Save.
Working with Event Definitions
An event definition contains information about the condition that caused the event, the assets to which the event applies, and the event notification destinations. This section describes how to add, delete, and test event definitions.
Note NCS enables you to add definitions on a per-group basis. Any new event definition must belong to a particular group.
To add an event definition, follow these steps:
Step 1 Choose Services > Context Aware Notifications.
Step 2 From the left sidebar menu, choose Notification Definitions.
Step 3 Click the name of the group to which you want to add the event. An event definition summary page appears for the selected event group.
Step 4 From the Select a command drop-down list, choose Add Event Definition.
Step 5 Click Go.
Step 6 Enter the name of the event definition in the Event Definition Name text box.
Note The event definition name must be unique within the event group.
Step 7 Click Save.
Step 8 On the General tab, manage the following parameters:
•Admin Status—Enable event generation by selecting the Enabled check box (disabled by default).
•Priority—Set the event priority by choosing a number from the drop-down list. Zero is highest.
Note An event definition with higher priority is serviced before event definitions with lower priority.
•Activate—To continuously report events, select the All the Time option. To indicate specific days and times for activation, unselect the All the Time option and choose the applicable days and From/Until times. Click Save.
Step 9 On the Conditions tab, add one or more conditions. For each condition, specify the rules for triggering events notifications. To add a condition, follow these steps:
a. Click Add to open the Add/Edit Condition page.
b. Choose a condition type from the Condition Type drop-down list and configure its associated Trigger If parameters (Table 16-12).
c. In the Apply To drop-down list, choose the type of asset (Any, Clients, Tags, Rogue APs, Rogue Clients or Interferers) for which an event is generated if the trigger condition is met.
Note Emergency and chokepoint events are only applicable to tags (CCXv.1 compliant).
d. From the Match By drop-down list, choose the matching criteria (MAC Address, Asset Name, Asset Group, or Asset Category), the operator (Equals or Like), and enter the relevant text for the selected Match By element.
e. Click Add.
Step 10 In the Destination and Transport tab, follow these steps to add one or more destinations to receive event notifications and configure the transport settings:
a. Click Add to open the Add/Edit Destination and Transport page.
b. To add one or more new destinations, click Add New, enter the applicable IP address, and click OK.
Note The recipient system must have an event listener running to process notifications. By default, when you create an event definition, NCS adds its IP address as the destination.
c. To select a destination to receive notifications, click to highlight one or more IP addresses in the box on the right and click Select to add the IP address(es) to the box on the left.
d. In the Message Format field, select XML or Plain Text.
Note If you select NCS as the destination, you must select XML format.
e. Choose one of the following transport types from the Transport Type drop-down list:
–SOAP—Simple Object Access Protocol. Use SOAP to send notifications over HTTP/HTTPS and to be processed by web services on the destination.
Specify whether to send notifications over HTTPS by selecting its corresponding check box. Enter the destination port number in the Port Number text box.
–Mail—Use this option to send notifications via email.
Choose the protocol for sending the mail from the Mail Type drop-down list. Enter the following: username and password (if Authentication is enabled), name of the sender, prefix to add to the subject line, email address of recipient, and a port number if necessary.
–SNMP—Simple Network Management Protocol. Use this option to send notifications to SNMP-capable devices.
If you have selected SNMP version v2c then you would be prompted to enter the SNMP community string in the SNMP Community text box and the applicable port number in the Port Number text box.
If you have selected SNMP version v3 then you would be prompted to enter the username, security name, choose the authentication type from the drop-down list, enter the authentication password, choose the privacy type from the drop-down list and enter the privacy password.
–SysLog—Specifies the system log on the destination system as the recipient of event notifications.
–Enter the notification priority in the Priority text box, the name of the facility, and the port number on the destination system.
f. Click Add.
Step 11 Verify that the new event definition is listed for the event group (Context Aware Service > Notifications > Event > Settings > Event Group Name).
Adding Event Definitions
An event definition contains information about the condition that caused the event, the assets to which the event applies, and the event notification destination.
Cisco NCS enables you to add definitions for each group. An event definition must belong to a group. See the Cisco Content-Aware Software Configuration Guide for information on deleting or testing event definitions.
To add an event definition, follow these steps:
Step 1 Choose Services > Context Aware Notifications.
Step 2 Choose Notification Definitions from the left sidebar menu.
Step 3 Click the name of the group to which you want to add to the event. An event definition summary page appears for the selected event group.
Step 4 From the Select a command drop-down list, choose Add Event Definition, and click Go.
Step 5 At the Conditions tab, add one or more conditions. For each condition you add, specify the rules for triggering event notifications.
Tip For example, to keep track of heart monitors in a hospital, you could add rules to generate event notifications when a heart monitor is missing for one hour, a heart monitor moves off its assigned floor, or a heart monitor enters a specific coverage area within a floor.
To add a condition, follow these steps:
a. Click Add to add a condition that triggers this event.
b. In the Add/Edit Condition dialog box, follow these steps:
1. Choose a condition type from the Condition Type drop-down list.
If you chose Missing from the Condition Type drop-down list, enter the number of minutes after which a missing asset event is generated. For example, if you enter 10 in this text box, the mobility service engine generates a missing asset event if the mobility service engine has not found the asset for more than 10 minutes. Proceed to Step c.
If you chose In/Out from the Condition Type drop-down list, choose Inside of or Outside of, then select Select Area to select the area to monitor for assets going into it or out of it. In the Select dialog box, choose the area to monitor, then click Select. The area to monitor could be an entire campus, building within a campus, a floor in a building, or a coverage area (you can define a coverage area using the map editor). For example, to monitor part of a floor in a building, choose a campus from the Campus drop-down list, choose a building from the Building drop-down list, and choose the area to monitor from the Floor Area drop-down list. Then click Select. Proceed to Step c.
If you chose Distance from the Condition Type drop-down list, enter the distance in feet that will trigger an event notification if the monitored asset moves beyond the specified distance from a designated marker, then click Select Marker. In the Select dialog box, choose the campus, building, floor, and marker from the corresponding drop-down list, and click Select. For example, if you add a marker to a floor plan and set the distance in the Trigger If text box to 60 feet, an event notification will be generated if the monitored asset moves more than 60 feet away from the marker. Proceed to Step c.
Note You can create markers and coverage areas using the Map Editor. When you create marker names, make sure they are unique across the entire system.
If you chose Battery Level from the Condition Type drop-down list, select the check box next to the battery level (low, medium, normal) that will trigger an event. Proceed to Step c.
If you chose Location Change from the Condition Type drop-down list, proceed to Step c.
If you chose Emergency from the Condition Type drop-down list, click the button next to the emergency (any, panic button, tampered, detached) that will trigger an event. Proceed to Step c.
If you chose Chokepoint from the Condition Type drop-down list, proceed to Step c. There is only one trigger condition, and it is displayed by default. No configuration is required.
c. From the Apply To drop-down list, choose the type of asset (Any, Clients, Tags, Rogue APs, Rogue Clients, or Interferers) for which an event will be generated if the trigger condition is met.
Note If you choose the any option from the Apply to drop-down list, the battery condition is applied to all tags, clients, and rogue access points and rogue clients.
Note Emergency and chokepoint events apply only to Cisco-compatible extension tags version 1 (or later).
d. From the Match By drop-down list, choose the matching criteria (MAC Address, Asset Name, Asset Group, or Asset Category), the operator (Equals or Like) from the drop-down list, and enter the relevant text for the selected Match By element.
Some examples of asset matching criteria that you can specify:
–If you choose MAC Address from the Match By drop-down list, choose Equals from the Operator drop-down list, and enter a MAC address (for example 12:12:12:12:12:12), the event condition applies to the element whose MAC address is 12:12:12:12:12:12 (exact match).
–If you choose MAC Address from the Match By drop-down, choose Like from the Operator drop-down list, and enter 12:12, the event condition applies to elements whose MAC address starts with 12:12.
e. Click Add to add the condition you have just defined.
Note If you are defining a chokepoint, you must select the chokepoint after you add the condition.
To select a chokepoint, do the following:
1. Click Select Chokepoint. An entry page appears.
2. Choose Campus, Building, and Floor from the appropriate drop-down lists.
3. Choose a Chokepoint from the menu that appears.
You are returned to the Add/Edit Condition page, and the location path (Campus > Building > Floor) for the chokepoint auto-populates the text area next to the Select Checkpoint button.
Step 6 At the Destination and Transport tab, follow these steps to add one or more destinations to receive event notifications and to configure the transport settings:
a. To add a new destination, click Add. The Add/Edit Destination configuration page appears.
b. Click Add New.
c. Enter the IP address of the system that will receive event notifications, and click OK.
The recipient system must have an event listener running to process notifications. By default, when you create an event definition, Cisco NCS adds its IP address as the destination.
d. To select a destination to send event notifications to, highlight one or more IP addresses in the box on the right, and click Select to add the IP addresses to the box on the left.
e. Choose XML or Plain Text to specify the message format.
f. Choose one of the following transport types from the Transport Type drop-down list:
–SOAP—Specifies Simple Object Access Protocol, a simple XML protocol, as the transport type for sending event notifications. Use SOAP to send notifications over HTTP/HTTPS that are processed by web services on the destination.
If you choose SOAP, specify whether to send notifications over HTTPS by selecting its corresponding check box. If you do not, HTTP is used. Also, enter the destination port number in the Port Number text box.
–Mail—Use this option to send notifications via e-mail.
If you choose Mail, you need to choose the protocol for sending the mail from the Mail Type drop-down list. You also need to enter the following information: username and password (if Authentication is enabled), name of the sender, prefix to add to the subject line, e-mail address of recipient, and a port number if necessary.
–SNMP—Use Simple Network Management Protocol, a very common technology for network monitoring used to send notifications to SNMP-capable devices.
If you choose SNMP, enter the SNMP community string in the SNMP Community text box and the port number to send notifications to in the Port Number text box.
–SysLog—Specifies the system log on the destination system as the recipient of event notifications.
If you choose SysLog, enter the notification priority in the Priority text box, the name of the facility in the Facility text box, and the port number of the destination system in the Port Number text box.
g. To enable HTTPS, select the Enable check box next to it.
Port Number auto-populates.
h. Click Save.
Step 7 At the General tab, follow these steps:
a. Select the Enabled check box for Admin Status to enable event generation (disabled by default).
b. Set the event priority by choosing a number from the Priority drop-down list. Zero is the highest priority.
Note An event notification with high priority is serviced before event definitions with lower priority.
c. To select how often the event notifications are sent:
1. Select the All the Time check box to continuously report events. Proceed to Step g.
2. Unselect the All the Time check box to select the day and time of the week that you want event notifications sent. Days of the week and time fields appear for the selection. Proceed to Step d.
d. Select the check box next to each day you want the event notifications sent.
e. Select the time for starting the event notification by selecting the appropriate hour, minute, and AM/PM options from the Apply From heading.
f. Select the time for ending the event notification by selecting the appropriate hour, minute, and AM/PM options from the Apply Until heading.
g. Click Save.
Step 8 Verify that the new event notification is listed for the event group (Mobility > Notifications > Settings > Event Group Name).
Deleting an Event Definition
To delete one or more event definitions from NCS, follow these steps:
Step 1 Choose Services > Context Aware Notifications.
Step 2 From the left sidebar menu, choose Settings.
Step 3 Click the name of the group from which you want to delete the event definitions.
Step 4 Select the event definition that you want to delete by selecting its corresponding check box.
Step 5 From the Select a command drop-down list, choose Delete Event Definition(s).
Step 6 Click Go.
Step 7 Click OK to confirm that you want to delete the selected event definitions.
Upgrading from 5.x to 6.0 or 7.0
The number of supported clients, tags, and access points (wIPS) is reset to 100 clients, 100 tags, and 20 access points when you upgrade to release 6.0 or above. All tracking beyond these limits is lost. These limits correspond to the 60 day evaluation licenses that are standard.
When upgrading mobility services engine from 6.0 to 7.0, if any limits have been set on wireless clients or rogues, they will get reset because of the wired client limit change in 7.0.
You must backup the mobility services engine database
before upgrading from release 5.x1 or 6.0 to 7.0 to preserve client, tag, and access point configurations. You can restore the database after the software upgrade.
Note Release 5.1 did not support licenses. You must order, register, and install licenses to track client and tag locations (CA) or access points (wIPS) beyond the limits of the 60-day evaluation licenses.
To upgrade to release 7.0, follow these steps:
Step 1 Register the Product Authorization Key (PAK).
Note You receive a PAK when you order a license. If you have lost your PAK, you can use your sales order or the UDI number of the mobility services engine to register.
•Client and wIPS licenses are registered at:
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet
•Tag licenses are registered at:
http://www.aeroscout.com/support
Step 2 Backup the mobility services engine database:
a. Choose Services > Mobility Services.
b. Click the name of the mobility services engine on which you want to backup the database.
c. Choose Maintenance > Backup from under the System menu (left).
d. Enter a name for the backup file. Click Submit.
Step 3 Download release 7.0:
a. Choose Services > Mobility Services.
b. Click the name of the mobility services engine on which you want to upgrade the software.
c. Choose Maintenance > Download Software from under the System menu.
d. Select either an uploaded image or browse and upload an image. Click Download.
Step 4 Install release 7.0 using the MSE CLI:
a. To overwrite existing software, enter:
/etc/init.d/msed stop
cd opt/installers
./<mse software file name>
b. To do a fresh install, enter:
/etc/init.d/msed stop
cd /opt/mes/uninstall
./uninstall (enter this once in directory)
(Enter no when prompted to keep old database)
cd /opt/installers
./<mse software file name>
Step 5 Restore mobility services engine database (For Step 4 b.):
a. Choose Services > Mobility Services.
b. Click the name of the mobility services engine on which you upgraded the software.
c. Choose Maintenance > Restore from under the System menu.
d. Select file name to restore from the drop-down list. Click Submit.
Step 6 Install licenses:
Refer to Chapter 2 of the ContextAware Services Configuration Guide Release 7.0 at
http://www.cisco.com/en/US/products/ps9806/products_installation_and_configuration_guides_list.html
Viewing the MSE Alarm Details
In the Monitor > Alarms page, click an MSE item under Failure Source to access the alarms details for a particular MSE.
Alternatively, you can access Services > Mobility Services > MSE Name > System > Status > NCS Alarms page and click a particular MSE item under Failure Source to access the alarms details for a particular MSE.
Figure 16-2 shows a NCS Alarm for MSE.
Figure 16-2 MSE Alarm
Table 16-13 describes the various fields in the Alarm Detail page for an MSE.
Note The General information may vary depending on the type of alarm. For example, some alarm details may include location and switch port tracing information.
•Annotations—Enter any new notes in this text box and click Add to update the alarm. Notes appear in the "Annotations" display area.
•Messages—Displays information about the alarm.
•Audit Report—Click to view config audit alarm details. This report is only available for Config Audit alarms.
Configuration audit alarms are generated when audit discrepancies are enforced on config groups.
Note If enforcement fails, a critical alarm is generated on the config group. If enforcement succeeds, a minor alarm is generated on the config group.
The alarms have links to the audit report where you can view a list of discrepancies for each controller.
•Event History—Opens you to the MSE Alarm Events page to view events for this alarm. When there are multiple alarm pages, the page numbers appear at the top of the page with a scroll arrow on each side. Use these scroll arrows to view additional alarms.
Select a command
The Select a command drop-down list provides access to the following functions:
•Assign to me—Assign the selected alarm(s) to the current user.
•Unassign—Unassign the selected alarm(s).
•Delete—Delete the selected alarm(s).
•Clear—Clear the selected alarm(s). Indicates that the alarm is no longer detected by any access point.
Note Once the severity is Clear, the alarm is deleted from NCS after 30 days.
•Acknowledge—You can acknowledge the alarm to prevent it from showing up in the Alarm Summary page. The alarm remains in NCS and you can search for all Acknowledged alarms using the alarm search functionality. See the "Acknowledging Alarms" section for more information.
•Unacknowledge—You can choose to unacknowledge an already acknowledged alarm.
•Email Notification—Takes you to the All Alarms > Email Notification page to view and configure email notifications. See the "Monitoring RFID Tags" section for more information.
•Event History—Takes you to the Monitor > Events page to view events for this alarm. See the "Monitoring Events" section for more information.
For more information on Alarms, see the "Monitoring Alarms" section.
MSE License Overview
The MSE packages together multiple product features related to network topology, design such as NMSP, Network Repository along with related Service Engines and application processes, such as the following:
•Context Aware Service
•Wireless Intrusion Prevention Service (WIPS)
To enable smooth management of MSE and its services, various licenses are offered.
Note You must have a Cisco NCS license to use MSE and its associated services.
This section contains the following topics:
•Revoking and Reusing an MSE License
MSE License Structure Matrix
Table 16-14 lists the breakup of the licenses between the High end, Low end and Evaluation licenses for MSE, Location services, SCM, wIPS and MIR.
Sample MSE License File
The following is a sample MSE license file:
FEATURE MSE cisco 1.0 permanent uncounted \
VENDOR_STRING=UDI=udi,COUNT=1 \
HOST ID=ANY \
NOTICE="<LicFileID>MSELicense</LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>" \
SIGN="0C04 1EBA BE34 F208 404F 98ED 43EC \
45D7 F881 08F6 7FA5 4DED 43BC AF5C C359 0444 36B2 45CF 6EA6 \
1DB1 899F 413F F543 F426 B055 4C7A D95D 2139 191F 04DE"
This sample file has 5 license entries. The first word of the first line of any license entry tells you what type of license it is. It could either be a Feature or Increment. A feature license is a static lone item to license. There can be multiple Service Engines running in MSE. An Increment license is an additive license. In MSE, the individual Service Engines are treated as increment licenses.
The second word of the first line defines the specific component to be licensed. Example: MSE, LOCATION_TAG. The third word depicts the vendor of the license, example: Cisco. The fourth word denotes the version of the license, example 1.0. The fifth word denotes the expiration date, this could be permanent for licenses that never expire or a date in the format dd-mmm-yyyy. The last word defines whether this license is counted.
For more information on the license types, see the "Mobility Services Engine (MSE) License Information" section.
Revoking and Reusing an MSE License
You can revoke an MSE appliance license from one system and reuse it on another system. When you revoke a license, the license file is deleted from the system. If you want to reuse the license on another system, then the license needs to be rehosted.
If you want to reuse a license with an upgrade SKU on another system, then you need to have the corresponding base license SKU installed in the system to which you want to reuse the upgrade SKU. You cannot reuse the upgrade license SKU in a system if the corresponding base license SKU is deleted from it.
When you revoke a license, MSE restarts the individual service engines to reflect the changes to the licenses. Then the service engines receives the updated capacity from MSE during startup.
For more information on Licensing, see the following:
•Mobility Services Engine (MSE) License Information
•Mobility Services Engine (MSE) License Summary
Location Assisted Client Troublshooting from the ContextAware Dashboard
You can use the ContextAware tab in the NCS Home Page to troubleshoot a client.
You can specify a MAC address or Username or IP address as the search criteria, and click Troubleshoot.
Note Username, IP address and partial MAC address-based troubleshooting is supported only on MSEs with version 7.0.200.0 and later.
The Troubleshoot Client page appears.
You can view the Context Aware History report in the Context Aware History tab.
You can filter this report based on MSE Name. You can further filter the report based on Timezone, State or All. The states can be either associated or dissociated.
If you select timezone then you could select any of the following:
•Date and Time
Or
•Any one of these values from the drop-down list:
–Last 1 Hour
–Last 6 Hours
–Last 1 Day
–Last 2 Days
–Last 3 Days
–Last 4 Days
–Last 5 Days
–Last 6 Days
–Last 7 Days
–Last 2 Weeks
–Last 4 Weeks
Alternately, you can use the Generate Report link to generate a Client Location History report. You could also opt to export to CSV or PDF format or email the report using the icons available in the report page.
For more information on the ContextAware tab of the NCS Home Page, see the "Context Aware Dashboard" section.
MSE Reports
You can generate many ContextAware reports using the Report Launch Pad. For more information on ContextAware reports, see the "ContextAware Reports" section.
Planning for and Configuring Context-Aware Software
Context-Aware Software (CAS) resides on the mobility services engine. For more information on the CAS service, refer to the Cisco Context-Aware Software Configuration Guide.
Note If you have a location server, you can track or map non-Cisco CCX tags.
Note Context-Aware Software was previously referred to as Cisco location-based services.
Chapter 4 of the Cisco Conxtext-Aware Software Configuration Guide contains the following information on configuring and viewing system properties on the mobility services engine:
•Configuring general properties
•Modifying NMSP parameters
•Viewing active sessions on a system
•Adding and deleting trap destinations
•Viewing and configuring advanced parameters
Chapter 5 of the Cisco Context-Aware Software Configuration Guide contains information on configuring and managing users and groups on the mobility services engine.
Chapter 6 of the Cisco Context-Aware Software Configuration Guide contains the following information on event notifications:
•Adding and deleting event groups
•Adding, deleting, and testing event definitions
•Viewing event notification summary
•Notifications cleared
•Notification message formats
Chapter 7 of the Cisco Context-Aware Software Configuration Guide contains the following information on the tools and configurations that can be used to enhance the location accuracy of elements (clients, tags, rogue clients, interferers and rogue access points):
•Planning for data, voice, and location deployment
•Creating and applying calibration models
•Inspecting location readiness and quality
•Inspecting location quality using calibration data
•Verifying location accuracy
•Using chokepoints to enhance tag location reporting
•Using Wi-Fi TDOA receiver to enhance tag location reporting
•Using tracking optimized monitor mode to enhance tag location reporting
•Defining inclusion and exclusion regions on a floor
•Defining a rail line on a floor
•Modifying context aware software parameters
•Enabling Location Services on Wired Switches and Wired Clients.
•Assigning a Catalyst Switch to Mobility Services Engine and Synchronizing
Chapter 8 of the Cisco Context-Aware Software Configuration Guide contains the following information on how to monitor the mobility services engine by configuring and viewing alarms, events, and logs and how to generate reports on system utilization and element counts:
•Working with alarms
•Working with events
•Working with logs
•Generating reports
•Monitoring wireless clients
•Monitoring tagged assets
•Monitoring chokepoints
•Monitoring Wi-Fi TDOA receivers
•Monitoring Wired Switches
•Monitoring Wired Clients
•Monitoring Interferers
Chapter 9 of the Cisco Context-Aware Software Configuration Guide contains the following information on backing up and restoring mobility services engine data and updating the mobility services engine software:
•Recovering a lost password
•Recovering a lost root password
•Backing up and restoring mobility services engine data
•Downloading software to mobility services engines
•Configuring the NTP server
•Defragmenting the mobility services engine database
•Rebooting the mobility services engine hardware
•Shutting down the mobility services engine hardware
•Clearing mobility services engine configurations
wIPS Planning and Configuring
With a fully integrated solution, Cisco can continually monitor wireless traffic on both the wired and wireless networks and can use that network intelligence to analyze attacks from many different sources of information to more accurately pinpoint and proactively prevent attacks versus waiting until damage or exposure has occurred. See Cisco Adaptive Wireless IPS documentation for the following information:
•NCS and wIPS integration overview
•Mobility services engines
•wIPS profiles
•Configuring SSID group list
•Viewing wIPS alarms
•Viewing wIPS events
•Configuring access points and access point templates
• policy alarm encyclopedia
•NCS security vulnerability assessment
•Rogue management
•Radio resource management
Identity Services
Cisco Identity Services Engine (ISE) is a next-generation identity and policy-based network access platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations.
NCS manages the wired and the wireless clients in the network. When Cisco ISE is used as a RADIUS server to authenticate clients, NCS collects additional information about these clients from Cisco ISE and provides all client releavant information to NCS to be visible in a single console.
Note NCS communicates with ISE using REST API. For details see http://www.cisco.com/en/US/docs/security/ise/1.0/api_ref_guide/ise10_api_ref_guide_ch1.html.
Note Accounting data for wired clients are collected from ISE every 15 minutes. There is a background task ISE Status task which polls all ISEs added to NCS for every 15 minutes for the status of ISEs and updates the status. For more information, see "Viewing Identity Services Engine Status" section.
The ISE integration in NCS provides the following features:
•Periodic polling to ISE for collecting client statistics and other attributes requires for client list, dashboard charts, and reports.
•On demand query to ISE for getting additional client details such as Authorization Profile, Posture and Endpoint Type (profiler) etc.
•Cross launch ISE user interface with automatic single sign on. For details see, "Identity Services Engine Reports" section.
Fore more information about the ISE integration in NCS, see "Cisco Identity Service Engine Solution" section.
For more information about ISE, see Cisco Identity Services Engine User Guide, Release 1.0 : http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html
This section contains the following topics:
•Adding an Identity Services Engine
•Removing an Identity Services Engine
Viewing Identify Services
To see the Identity Services Engines that are added in NCS, choose Services > Identity Services. The following parameters appear:
•Server Address—IP Address of ISE.
•Port—HTTPS port number for the server.
•Retries—Indicates the number of retry attempts.
•Version—Indicates the version of the ISE.
•Status—Indicates the reachability status, that is, Reachable or Unreachable.
•Role—Indicates if a node is a primary, standalone or, standby node.
Adding an Identity Services Engine
Note A maximum of two ISEs can be added in NCS. If you add two ISEs, one should be primary and the other should be standby. When you are adding a standalone node, you can add only one standalone node and can not add any second node.
To add an Identity Services Engine, follow these steps:
Step 1 Choose Services > Identity Services.
Step 2 From the Select a command drop-down list, choose Add Identity Services Engine.
Step 3 In the Server Address text box, type the IP address of the server.
Step 4 In the Port text box, enter the port number of the server. The default is 443.
Step 5 In the Username text box, enter the username.
Step 6 In the Password text box, enter the password.
Step 7 Re-enter the password in the Confirm Password text box.
Note The credentials should be superuser credentials. Otherwise, ISE integration will not work. You can not add an ISE also.
Step 8 In the HTTP Connection Timeout text box, enter the amount of time (in seconds) allowed before the process time outs. The default is 30 seconds.
Step 9 Click Save.
Removing an Identity Services Engine
To remove an Identity Services Engine, follow these steps:
Step 1 Choose Services > Identity Services.
Step 2 Select the check box(es) of the identity services engines that you want to delete.
Step 3 From the Select a command drop-down list, choose Delete Identity Services Engine(s).
Step 4 Click OK to confirm the deletion.
•
Feedback