Successfully reported this slideshow.

Deploying the Cisco Mobility Services Engine for Advanced Wireless Services

27,644 views

Published on

Learn the fundamentals of advanced wireless services from design to deployment and operation. Includes Context-Aware for wireless location of users, clients and interference events with CleanAir and Adaptive Wireless IPS for advanced security protection. Learn More: http://www.cisco.com/go/wireless

Published in: Technology
  • Nice !! Download 100 % Free Ebooks, PPts, Study Notes, Novels, etc @ https://www.ThesisScientist.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Deploying the Cisco Mobility Services Engine for Advanced Wireless Services

  1. 1. Deploying Advanced Wireless Servicesusing Cisco Mobility Services Engine BRKEWN--2012
  2. 2. Session ObjectiveThis session focuses on design and deploymentfundamentals, as well as operational best practices tooptimize the performance and accuracy of Cisco Context-Aware Services. Troubleshooting techniques for resolvingissues related to tracking client and active RFID tags will becovered. You will learn the advantages of deploying wIPS tosecure your wireless deployment and how it providesgreater visibility over threats and mitigation for your wirelessnetwork. Finally the optimum deployment and redundancymechanisms for the MSE appliance will be discussed. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. Agenda§  Technology Background§  System Architecture§  Deploying Context Aware Services§  MSE 7.0-MR1 – Enhancements and New Features§  Best Practices Guidelines Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4. Technology Background
  5. 5. Cisco Wireless Topology with CAS 3rd-party location WCS Cisco WCS application (Client Browser) HTTPS Location API via SOAP/XML over HTTPSCisco Wireless LAN NMSP over SSL Cisco Controller Mobility Services Engine (MSE) Cisco Catalyst Switch Access Point Active Wireless WiredRFID Tag Client Client Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. Context-Aware Architecture Management Application and Cisco Wireless Control System Context-Aware ApplicationsAsset Visibility Network Visibility Mobility Services EngineBusiness Process Telemetry SiCisco MSE Context Si Cisco Catalyst SwitchesAware Service Network Cisco Wireless LAN Controller§  Provides contextual information of wired and Cisco Aironet wireless IP enabled Access Point devices Chokepoint§  Contextual information Devices Tag and provided through: SOAP/ XML API Active Wireless Wired network RFID Tags network devices devices Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. Context-Aware Services (CAS) Use Cases Network Enhanced CleanAir Asset Telemetry WorkerVisibility & WLAN Security Management Safety/ Control Workflow CUP Medianet Worker Safety Medianet NETWORK VISIBILITY ASSET VISIBILITY Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. Network Visibility Context Aware Services provide a single view showing clients, rogues, tags client Rogue AP: tag: Rogue clients: Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. CleanAir – Detecting Interference Sources Interferer Details Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  10. 10. NMSP Connection – Status and Details NMSP status Services that are utilizing NMSP Exchanged NMSP messages Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11. What is CleanAir Technology? Locate Mitigate Wireless LAN WCS, MSE Controller§  Classification processed POOR GOOD § on Access Point Classification processed on Access Point§  Interference impact and § data sent toimpact for Interference WLC and Maintain Air Quality real-time to WLC for real- data sent action time action§  WCS and MSE store data §  WCS and MSE store data for location, history, for location, history, and and troubleshooting Visualize and troubleshooting Troubleshoot CH 1 CH 11 AIR QUALITY PERFORMANCE Cisco CleanAir Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12. Cisco CleanAir ComponentsProduct Licensing Requirements FunctionalityAP3500 None §  Multi-interferer Detection & Classification §  AirQuality Monitoring §  Self-Healing Event Driven RRMWireless LAN Standard per AP §  AirQuality Aware RRMController §  Self-Learning Persistent Device Avoidance §  Spectrum Expert Connect §  AirQuality and Interferer AlertsMobility Services §  Context Aware “endpoints” required §  Interferer Tracking & Zone of impactEngine (MSE) for each interferer tracked §  Merging or correlating interferers §  MSE adds support for 100 interferers from multiple WLCs (psuedo MAC) when AP3500 present (5 per AP, §  Location Calculations license is additive) §  History StorageWCS/NCS Standard per AP count §  Remote Client Troubleshooting WCS: Plus required for MSE §  AirQuality Visualization and Mapping NCS: Single license model (CleanAir §  Forensics Tools supported by default) §  Location Visualization §  Impact Analysis §  History Playback Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. System Architecture
  14. 14. Cisco Context Aware Mobility Solution Tracking Tags and Clients Management Application and Cisco MSE§  Tracking tags (indoor and outdoor/ outdoor-like) Cisco WCS§  Context-aware engine for Context Context tags (Cisco or partner engine) Aware Aware Engine Engine§  Utilizes: for Tags for Clients CAPWAP infrastructure for Context Aware Software Si indoor environments Wi-Fi TDOA receivers for outdoor Network and outdoor-like environments Wi-Fi TDOA Partner HW/SW managed by System Receiver Manager (partner) and Cisco WCS§  Tracking clients (indoor)§  Context aware engine for clients (Cisco engine) Chokepoint 125 kHz Devices Tag and§  Utilizes CAPWAP infrastructure§  Managed by Cisco WCS AeroScout Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  15. 15. Receive Signal Strength Indication (RSSI) Overview§ Cisco RSSI-based location tracking solution based on network-side RSSI measurements§ Requires min. of three AP s; optimal accuracy requires more than 3 AP s§ Best suited for indoor office-like environments (carpeted, low ceiling, i.e. < 20 feet)§ Main factors affecting accuracy: AP density AP placement RF environment Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. Time Difference of Arrival (TDoA) Overview§  Based upon relative differences in time measurement§  Requires clock synchronization at receivers, but not the mobile device§  Requires min. of three time-synchronized TDoA receivers§  Time for message to be received at different receivers is proportional to length of transmission path between the mobile device and each receiver Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. Outdoor Location§  TDOA Receivers challenges §  costly §  require extra synchronization §  require License §  require third party software platform for configuration§  Cisco Outdoor Mesh APs can be used §  MSE successfully connects to WLC with mesh APs §  RFID tags detected by mesh APs and are shown on the campus map §  Location Accuracy Tool works with Mesh APs §  nearest AP support §  device will be displayed near the AP (with higher RSSI)§  Recommendations §  RFID tags should be placed at some height (4 to 5 ft.) above ground to avoid any blockage §  follow Mesh AP s deployment guidelines Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. Cisco Context Aware Tag Tracking Building Access Points or Wi-Fi (RSSI, Chokepoints Chokepoint) Important Points§  Only CCX Tags can be tracked§  Tags vendors have implemented CCXv1 Wi-Fi Devices or Active Tags§  Tags only operate in 2.4 GHz band (Battery Powered)§  Need Third Party Tag Activator to program Tags Price Between $50–$80§  May need Third Party tools for Calibration Telemetry Capabilities Calculation MethodReceived Signal Strength IndicationChokepoint for Zone Level Location Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. MSE Evaluation Mode§  Evaluation license ships by default on MSE§  Without a license, MSE provides try before you buy functionality for 60 days §  20 wIPS APs §  100 Location clients §  100 tags§  100 Permanent Interferers licenses are embedded in MSE. These Interferer Licenses open up as Clean Air APs (AP3500) are detected, in stages of 5 per 3500 AP§  Once the license is installed it is usage based, depending upon the service is enabled/disabled Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. MSE-3310 Service Support Matrix wIPS and Context Aware 2000 YClients / Tags 1000 Y Y 0 Y Y Y 0 1000 2000 wIPS Monitor Mode APs Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. MSE-3350/3355 Service Support Matrix wIPS and Context Aware 18000 YClients / Tags 12000 Y Y 6000 Y Y Y 0 Y Y Y Y 0 1000 2000 3000 wIPS Monitor Mode APs Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22. System Scalability§  MSE can be managed by only 1 WCS§  WCS can manage up to 5 MSE s§  1 WLC can have up to 10 NMSP sessions §  WLC with wIPS AP s cannot establish NMSP session with multiple MSE s§  MSE can have up to 500 NMSP sessions (i.e. 500 WLC s) §  Max. limit is based on client/tag count supported per WLC§  Max. number of moving elements §  MSE-3310: 150 elements/sec §  MSE-3350: 900 elements/sec§  Max. number of coverage areas: 50/floor§  End-to-end latency: up to 6 seconds under full load§  APs per Floor: 100 (Limit on WCS side)§  Floors per Building in a campus: 20 Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23. WLC – Device Tracking Capacity Client Tag Rogue AP Rouge ClientWLC Model Capabilities Capabilities Capabilities Capabilities WLCM 500 256 125 1002106/12/25 256 500 125 100 Catalyst3750G with 2,500 1,250 625 500 Integrated WLC 4402 2,500 1,250 625 500 4404 2,500 5,000 625 500 5508 7,000 5,000 2,000 2,500 WiSM/ 10,000 5,000 1,300 1,000 WiSM-2 Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  24. 24. MSE 7.0-MR1 –Enhancements and New Features
  25. 25. 7.0 Maintenance Release –MSE EnhancementsEnhancements in both SW and HW:§ MSE-3355§ Cisco + 3rd party Tag Engine§ wIPS Enhance Local Mode§ CCX – Calibration for Location§ MSE CAS Enhancements, Dashboard, Reporting Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  26. 26. Cisco MSE-3355 Platform
  27. 27. Cisco MSE 3355 Specification§  MSE-3355 configuration and deployment is the same as 3310/3350§  7.0-MR release: tracking performance @ 700-900 movements per second§  IBM x3550M3 Platform / 1RU Form Factor§  2 CPUs (Quad Core) – Intel E5504 Nehalem, 4Mb L2 cache§  16G DDR3 1333 MHz memory§  4 x 146GB hot-swappable SAS drives / 10K RPM / RAID 1+0§  Dual Gigabit Ethernet NICs§  Dual Hot-swappable Energy Star certified Power supplies§  Redundant internal cooling fans Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  28. 28. Platform Overview§  Latest Nehalem architecture based processor§  High Performance SAS disk drives – 6 Gbps transfer rate§  High Performance RAID card with 512 MB onboard cache§  Four Disk drives in RAID1+0 configuration; double the throughput of a RAID1 configuration with same reliability§  Six internal redundant cooling fans in three zones (2 fans per zone)§  IMM based out-of-band management for trouble free monitoring and management Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  29. 29. Comparing MSE-3350 & MSE-3355Feature MSE-3350 MSE-3355# of disk drives 2 4Storage Capacity 147 GB ~290 GBRAID level 1 1+0 (also referred to as RAID 10)Disk transfer rate 3 Gbps 6 GbpsInstalled memory 8 (PC2-5300) 16 (DDR3)Power supplies 2 (hot swappable) 2 (hot swappable)RAID card cache 256 Mb 512 MbManagement iLo not enabled IMM - supportedMonitoring Disk only Disks, Fans, Power supplies, Event log Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  30. 30. Appliance Monitoring Enhancements§  All internal fans (6) are monitored for failure §  Each fan has TWO internal redundant motors §  If one motor fails, the other motor increases speed and the system continues to function normally §  If both motors in a fan fail, the system shuts down §  If a single motor in a fan fails, an alarm is sent to WCS and the box must be replaced§  Power Supply status is also monitored §  Physical Existence of both power supplies §  Both power supplies being active (connected to power source) §  Health of power supplies §  Failure in any of the above triggers an alarm to WCS Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  31. 31. The Integrated Management Module (IMM)§  Web-based user interface for monitoring and managing the server, regardless of the state of the server§ Access to IMM §  Shared access via the standard Ethernet ports §  Dedicated management port§ IMM Log is actively monitored §  If the IMM log reaches 90% capacity, it is archived and cleared Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  32. 32. Troubleshooting§  Critical components (disk, power supply, fans) are actively monitored §  Scripts are run every 10-20 minutes to check health§  The Light Path Diagnostics Panel §  A unique accessory that provides critical information about the state of the hardware §  MSE Installation guide provides details on the various LEDs and conditions§  IMM is very reliable and easily accessible for monitoring the entire system§  System event log contains every event and can be viewed via IMM or using the ipmitool Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  33. 33. 7.0-MR1 MSE Tag Engine
  34. 34. Cisco Tag Engine §  Same CAS license provides tracking of RFID tags (plus clients) §  Migration of AeroScout license to Cisco license is NOT supported §  Aeroscout SW on Cisco Engine, e.g. MobileView, is NOT Cisco Engine AeroScout Engine supported RSSI based client + tag location RSSI + TDOA tag location Customers who wants to track both Existing AeroScout customers with clients and tags large number of tags Extend Rails and Regions Calibration Requires both RSSI and TDOA for to tag tracking tags. Flexible tag vendor selection, with Single vendor selection for tags, less support contract and licenses application and location engine. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  35. 35. Cisco Tag Engine License •  WCS managed, CAS license shared between client & tags count. •  AeroScout ‘partner’ engine, SW versions, licensing, tests and support will be provided by AeroScout Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  36. 36. MSE and wIPS ELM
  37. 37. Cisco Adaptive Wireless IPS with Enhanced LocalMode (ELM) •  Adaptive wIPS scanning via data serving access points, including HREAP •  Provides protection without needing a separate overlay network. •  Available as a free SW download for existing wIPS Monitor Mode customers. •  ELM supported APs: 1040, 1140, 1250, 1260 & 3500 Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  38. 38. Benefits over Controller-Based IDS§  Reduction in false positives WLC §  Only triggers an alarm when it detects attacks over the air that are causing damage to the wireless infrastructure network.§  Alarm aggregation §  Unique attacks seen over the air are correlated and aggregated into a single alarm.§  Forensics §  Provides the ability to capture attack forensics for further investigation and troubleshooting purposes.§  Rogue detection WCS§  Anomaly detection §  Includes specific alarms pertaining to anomalies in attack patterns or device characteristics captured.§  Default configuration profiles §  Profiles can be further customized to address the specific needs of the prospective deployment. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  39. 39. Deployment Recommendation:Monitor Mode•  Monitor-mode wIPS APs do not serve clients, thus have greater range•  Client-serving AP typically covers 3000-5000 square feet•  wIPS AP typically covers 15,000–35,000 square feet•  Ratio of wIPS monitor-mode APs to local-mode traffic APs varies by network design, but 1:5 ratio is reasonable estimate•  wIPS APs can simultaneously run context-aware location in monitor- mode Range Placement, Density Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  40. 40. Deployment Recommendation (cont’d) Option A: LM + MM Option B: ELM Enhanced Local Mode Local Mode WIPS Monitor Mode/ CleanAir MMAP + WIPS MM wIPS Monitor Mode or CleanAir MM + Turn on ELM on all APs wIPS MM on CleanAir AP: (including CleanAir) Recommendation – Ratio of 1:5 MMAP to Local Mode APs Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  41. 41. wIPS ELM Profile§  wIPS profile provide ELM signatures info§  Magnifying glass icon means Monitor Mode AP signatures support MM signatures MM signatures ELM off-channel §  ELM off-channel scanning only§  Error from pushing profile to WLC §  Check NMSP connection §  Check clocks (WLC is UTC)MSE> /opt/mse/wips/bin/wips_cliwIPS> show profile assignment Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  42. 42. Enhanced Local Mode wIPS AP CLI> show capwap am alarm <id>•  ELM Local AP detects attack 1 1•  MSE generates alarm 2•  WLC/WCS notifications 3 2 MSE> /opt/mse/wips/bin/wips_cli wIPS> show alarm list 3 Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  43. 43. 7.0-MR1 MSE CCX Calibration
  44. 44. CCX Enhancements•  CCXv5 creates a path loss measurement (PLM) request by an AP to be sent to the client which then causes the clients to send bursts of path loss measurement frames at regular intervals back to the AP•  Enable MSE to get more periodic data for cleaner client RSSI values.•  Compensates missing RSSIs and RSSI variations from challenging environment.•  Wireless adapter with optional CCXv5 features is Cisco AIR-CB21AG-A-K9.•  CCXv4 is more common, e.g. laptops with Intel wireless NICs w/ CCX V2+ capable. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  45. 45. CCX Calibration•  Does not require MSE MSE only needed when apply and sync calibration to map.•  Client needs to be associated•  WCS may show associated but WLC must show client is in run state.•  Client must be CCxV2 and above. • Intel PROSet/WIFI settings enable CCX - radio management • Cisco CB21ABG w/ ADU Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  46. 46. CCX Data Collection§  Common issue of getting stuck The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.§  Timer now sets 2 minutes then cancel if no data is received.§  One band is performed at a time.§  Take strongest AP samples, combined with other samples from The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. nearby APs within 100ft§  Take 10 samples from each AP. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  47. 47. CCX Logs§  Location is Prog~ WCS-7.0-MRwebnms logs§  Download log file includes calibration data.§  Validate connected client§  Check if CCX is enabled, e.g. CCX Radio Measurement Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  48. 48. Logs Validating client card Calibration model name Instantiating = Start Priming samples CCX Samples Total time (secs) X,Y Location Samples collected Priming samples Radio (0=b/g, 10 samples Access Points 1=a) per AP Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  49. 49. 7.0-MR1 Context AwareEnhancements
  50. 50. Context Aware Dashboard Troubleshoot location history Element counts Rogue index License Capacity Top MSEs Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  51. 51. Independent Rogue Tracking and Limiting§ Enable/disable Rogue AP/Rogue Clients tracking/ limiting independently Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  52. 52. Location History•  History logging must be enabled Enable logging for location history•  MSE tracks transition changes•  Filter history based on time period or state•  Movement, client association, network status Filter history based on time period or state Client status Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  53. 53. Map Enhancement§ Additional icons: rogue client, guest§ Troubleshooting Notes section added to map Troubleshooting notes Rogue AP Rogue Client Guest Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  54. 54. Context Aware Reports Filter by specific floor Context Aware Reports Missing device & Device In/out notification reports Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
  55. 55. Deploying for Context-Aware Services
  56. 56. Deploying a Context Aware Capable Infrastructure – WLAN DesignAccess Point Density (Office) Location coverage & capacity§ Use smaller, overlapping cells § For wireless data only deployments: 10% AP cell overlap § For wireless data + voice deployments: 20% AP cell overlap ~60 ft§ For good location fidelity, access points should be located 50-70 linear feet apart (15-22m)§ Typically about one access point every 2500 – 5000 square feet (230 – 460 sqm)§ APs/antennas height should be from 10 ft to 20 ft§ Enable antenna diversity§ AP s placed too close to each other can cause co-channel interference Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  57. 57. AP Positioning§ Optimal AP positioning can greatly improve accuracy§ Even distribution of APs provides better stability Wi-FI and repeatability of the device data points Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  58. 58. Location Readiness ToolA point on floor map islocation-ready if:§  min. of 4 AP s are deployed§  min. of 3 AP s are within 70 ft.§  At least 1 AP placed in each ofat least 3 surrounding quadrants. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
  59. 59. Coverage Gaps – Voice and Location §  Local mode AP placement Tracking Optimized Monitor Mode APs and density may be sufficient for data/voice TOMM Local TOMM applications §  Normal Coverage Deployment places the Local Mode Aps in the Centre of the Bldg Wi-Fi device §  Good for periphery of buildings to improve Local TOMM Local location accuracy without adding extra traffic that may impact voice or clientTOMMs act as dedicated sensors for location tracking servicesChannels on TOMM AP s should be same as §  Use TOMM AP s to fill in the local mode AP s coverage gaps Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
  60. 60. CleanAir Deployment RecommendationsCustomer Needs/Has: Customer Needs/Has: §  New or Upgrading to 802.11n §  Existing 802.11n §  New areas for ongoing deployments 1140, 1250 802.11n deployments §  Competitive Installed 802.11n §  Networks severely impacted deployments by non-WiFi interferenceDeploy: Deploy: Pervasively deploy Sprinkle In 3500 in local mode 3500 in monitor mode (1 monitor AP for 5 data APs) Self Healing Troubleshooting Self Healing Location Troubleshooting Location o  Do not sprinkle in local mode 3500s. Local mode 3500s scan o  CleanAir Technology required data serving channel only. in AP for Self Healing Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
  61. 61. Rails and Regions§  Allows for certain regions in map to be defined as within or outside the scope of valid location area – improving location accuracy§  Corridors or rooms where people or assets are constantly changing positions can be especially challenging§  Three types of regions can be specified Location inclusion region: tracked device cannot be outside of this polygon (examples: outside of building outer walls) Location exclusion region: tracked device cannot be inside of this polygon (examples: open atrium) Rails: tracked device must be within defined area with narrow band. Typically used within exclusion region (examples: conveyor belt).§  Regions defined in WCS and pushed (via synchronization process to MSE)§  In MSE, it works for only clients. Cells & Masks feature in Aero Scout – Systems Manager can be used for tags Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
  62. 62. Location Accuracy WCS Location Readiness ToolYes – 7m, 90% Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  63. 63. WCS Location Quality Tool§  Under tools select Location accuracy tool 7m, 90%§  Define On- Demand or Scheduled scan§  Select and position device §  Wait for 60 sec §  Run the test for 2 minutes§  Report in CSV or PDF file format Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
  64. 64. Understanding Cumulative ProbabilityDistribution ~60% of devices within 7m X 90%/13.6m X 50%/7.0m Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
  65. 65. Improving Accuracy
  66. 66. Comparison of Client Drivers Features Starting Point Better Legacy CCXv2Non – CCX CCXv2 or higherOr CCXv1APs do not know Tx Power of the APs do not know Tx Power of theprobes probesAps do not know channel Aps do not know channel CCXv4frequency of the probes frequency of the probesProbes can be detected on a Probes can be detected on awrong channel at a reduced power wrong channel at a reduced powerProbes transmitted infrequently Frames scheduled periodicallyPath Loss Model can show very Path Loss Model can show RSSIlarge scale RSSI variations variations- but variations are averaged as more frequent info available Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
  67. 67. WCS Planning Tool§ WCS has the ability for planning and simulating RF propagation for data, voice and location services primarily in indoor office or similar areas §  Supports Cisco AP’s and antenna only §  Provides a 2 dimensional prediction model and report §  Automatic or manual AP deployment §  Does not consider obstacles or wall attenuation when calculating AP positions §  True RF coverage pattern including obstacles and wall attenuation Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
  68. 68. WCS Map Editor Use scaling 1st Verify map is to scale tab to reset map scaleUse horizontalor vertical drag& drop to select distance Note! A warnng notification usually indicates the building requires resizing Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
  69. 69. Wall and Partition Properties Use obstacle§  Use obstacle tab to Select type to define wall properties dB lossNote: These values arerecommendation only§  Multiple lines can be ˜  -1dB Cubicle combined to ˜  -1.5dB Glass obtain required ˜  -2dB Light Wall loss! ˜  -4dB Light door ˜  -13dB Thick Wall ˜  -15dB Heavy Door Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
  70. 70. Calibration Models§  After installation, calibration function available within WCS can be used for higher location accuracy pre-defined models§  WCS provides a way for user to calibrate signal characteristics for a particular indoor environment or similar areas§  More accurate the model used, the results in better location accuracy§  Point calibration: client at fixed location. One location at a time§  Linear calibration: data collected between two different points (straight line)§  Calibration with non CCX clients is not supported Monitor > Clients > Client Details to verify CCX version Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
  71. 71. Calibration – Point ModeData Points Represents completed calibration area Disable RRM AP Power mode Calibration should be performed for every band Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
  72. 72. Calibration – Point ModeData Points Calibration date collected for entire floor space MSE is not involved during Calibration process After calibration model is created, the following steps are essential: •  Apply this model to the floor map(s) •  Synchronize WCS with MSE Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
  73. 73. Location Quality InspectorLaunch from Calibration Detail Page after calibration to check on how good the data pointscollected are and how much improvement is achieved for the desirable accuracy Calculated Location Test PointParticipating Apsdisplayed withRSSI values Scrolling mouse pointer on the area displays test points and also identifies the APs who participated in calibration as blue with RSSI values Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
  74. 74. Event Notifications
  75. 75. Types of Notifications§  Notifications from MSE can be classified into 2 broad categories. §  Northbound Notifications - applicable only for Tags. §  Conditional Notifications or Track Event based Notification §  applies to tags, wireless clients, rogues APs and clients and interferers. (Note: not wired clients) Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
  76. 76. Northbound Notifications §  Applicable to only Tags. §  Configuration done using the Notification Parameter page on the Context Aware Service -> Advanced Submenu under MSE on WCS. Note: The advanced Parameter settings on the same page do not apply to Northbound notifications. §  Can also be configured MSE API §  Configurable parameters include: Trigger - On what condition should the notification be triggered Contents – The data of interest to the destination in the notification Contents Trigger Destinations – Destination IP or hostname, Port and http/https option. Destinations (This can only be a SOAP destination) Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
  77. 77. Frequently Seen Problems § No notification received § Not getting all notifications § Getting only 1 of 5 notifications § Too many notifications § Not getting notifications for Clients, rogues, interferers and wired clients § Missing some notification Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
  78. 78. Troubleshooting: No NotificationsReceived § Check whether TAGS are detected by MSE. § Check whether the destination specified is a SOAP destination § Check whether the destination IP is pingable from MSE § Check whether the destination port is pingable from MSE. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
  79. 79. Troubleshooting: Not Receiving allNotifications § Check the Notification Statistics page under Context Aware Service menu. § Investigate summary page and details page for errors in communication or stress on MSE. § Analyze queue limits, queue usage percentage, average response time and delay. § Check if all the trigger conditions that are expected are enabled. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
  80. 80. Troubleshooting: Getting only 1 of 5notification §  This usually happens when the client or destination do not have correct implementation §  This happens due to the term asynchronous notifications from MSE. §  The notifications are sent using SOAP which is a request/ response based protocol. The destinations need to send an acknowledgement of the received notification. This can be a null or an empty soap response. §  This behavior can be observed from the notification statistics page from the Awaiting Response count statistics. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
  81. 81. Troubleshooting: Too Many Notifications § Yes, this is a problem for the application and can crash the application. § There is nothing the MSE can do. § Suggest removing trigger conditions that are not important. § Scalability on the application is the best solution. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
  82. 82. Troubleshooting: Not Getting Notifications forClients, Rogues, Interferers and Wired clients§ Only tags are supported.§ Suggest setting up track group events with a generic condition (explore) for other devices. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
  83. 83. Troubleshooting: Missing or droppednotification §  Analyze the Notification Statistics page for the dropped rate/count and response time. §  If the drop is slow and can be corrected if the queue size could accommodate little more, then increase the queue size using Notification Parameters page Advanced Settings. §  If the response time is slow, the generate rate and send rate will differ significantly. Suggest improving application response time to acknowledge notifications faster. §  The MSE may be running beyond its potential and no config change on MSE will help. Suggest splitting load on MSE or reducing the unnecessary notification triggers. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
  84. 84. Track Group Notifications§  These are applicable to all devices except Wired Clients.§  There are some predefined conditions to configure for a device.§  Supported destination types are: SOAP, SNMP, SMTP and Syslog.§  Some parameters can be configured using “Advanced Settings” on the SOAP, Syslog, SMTP and SNMP (v2 & v3) Notification Parameters page. For details on parameters refer config guide.§  General tips are to keep things at default. For complaints about notification delays increase set the refresh time, rate limit and retry count to 0. Increase Queue Size with care, this may not solve but just delay the problem. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
  85. 85. Problems with Track Group Notifications § No notifications received § Missing notifications § Dropped notifications Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
  86. 86. No Notifications Received § Check whether the track group event definition was enabled § Check whether the track group was synchronized with the MSE and any errors during sync. § Check whether the destination IP and port is pingable from MSE. § Check the correctness of the event definition. § Check whether the device is detected by the MSE. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
  87. 87. Missing Notification § Check correctness of event definition and whether they are all enabled. § Check errors during sync. § Check whether the devices configured in the events definitions are detected by MSE. § If the WCS is the notification receiver then the first notification will show up as an Alarm on the Notification Summary page and subsequent notifications will show up as events. Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
  88. 88. Dropped notification § Analyze the Notification Statistics. § Other troubleshooting steps similar to that of Northbound notification Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
  89. 89. SNMP v3Enhanced to support SNMPv3 trapcapability in the following areas:§  Location Event Notifications: §  SNMPv3 transport will be supported in addition to SNMPv2 §  Track Group SNMP transport definition will be extended to support SNMPv3 configuration§  MSE System Event Notifications: §  NMSP Connection status changes §  Licensing threshold crossover notifications §  Appliance related alarms generated by hardware monitoring tools §  WIPS Alarm Notifications Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
  90. 90. Summary of Best Practices forLocation Deployment§  Proper AP density and placement§  Create an AP perimeter§  Use CCXv4 or CCXv5 clients§  Calibrate the environment§  Use Rails & Regions§  Minimize interference level where possible§  Use chokepoints to prevent inter-floor location problem and provide room level accuracy§  When using active RFID tags, configure channels 1, 6 and 11 with 3 repetitions/channel (motion enabled & chirp rate configured Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
  91. 91. Important Configuration Steps
  92. 92. MSE System Configuration§  Use the following command which starts setup script to guide the user in setting the system parameters /opt/mse/setup/setup.sh§  /opt/mse/setup/setup.sh must be used set/change: §  Host name / Domain name changes §  Changing system IP address/subnet §  Dual homing §  Routes configuration §  Console/ssh access settings §  Root password changes §  WCS user password changes§  For managing Context Aware Engine for Clients §  Start command: /etc/init.d/msed start §  Status command: /etc/init.d/msed status §  Stop command: /etc/init.d/msed stop §  Restart command: /etc/init.d/msed restart Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
  93. 93. getserverinfo Command Wireless Clients Not Tracked due to the limiting: 0 Total Active Elements(Wireless Clients, Tags Not Tracked due to the limiting: 0 Tags, Rogue APs, Rogue Clients, Rogue APs Not Tracked due to the limiting: 390 Interferers, Wired Clients): 381 Rogue Clients Not Tracked due to the limiting: 31 Interferers Not Tracked due to the limiting: 0 Active Wireless Clients: 206 Wired Clients Not Tracked due to the limiting: 0 Total Elements(Wireless Clients, Rogue APs, Rogue Active Tags: 58 Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 421- Active Rogue APs: 50 ------------ Active Rogue Clients: 50 Context Aware Sub Services Active Interferers: 17 ------------- Subservice Name: Cisco Tag Engine Active Wired Clients: 0 Admin Status: Enabled Active Elements(Wireless Clients, Rogue Operation Status: Up APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 2100 Active Sessions: 1Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
  94. 94. Troubleshooting NMSP IssuesCommon Issue (certificate exchange) seen with NMSP §  Time synchronization/configuration §  Key hash template §  Key exchange §  WCS communication password mismatch §  NMSP status on the WLC §  NMSP status on the MSE §  NMSP status on the WCS Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
  95. 95. Time Synchronization/Configuration§  possible symptom of clock discrepancy between WLC and MSE: can t establish NMSP connection after adding MSE to the system§  suggested course of action: Use NTP server for synchronizing clocks (recommended) Manual configuration (controller time should be equal to or ahead of time on MSE) Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
  96. 96. Establishing NMSP ConnectionMSEroot@mse ~]# cmdshellcmd> show server-auth-infoinvoke command: com.aes.server.cli.CmdGetServerAuthInfo----------------Server Auth Info---------------- MAC address andMAC Address: 00:1e:0b:61:35:60 key hash forKey Hash: 5384ed3cedc68eb9c05d36d98b62b06700c707d9 authenticating NMSPCertificate Type: SSC session between MSE and WLC==============================WLC(Cisco controller) >config auth-list add lbs-ssc <MSE Ethernet MAC> <MSE key hash> (Cisco Controller) >show auth-list! Mac Addr Cert Type Key Hash! ----------------------- ---------- ------------------------------------------! 00:1e:0b:61:35:60 LBS-SSC 5384ed3cedc68eb9c05d36d98b62b06700c707d9! ! MSE MAC address MSE Key Hash Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
  97. 97. WCS Communication Password Mismatch §  WCS-to-MSE communication password is NOT the same as MSE ssh password §  WCS communication password is set in MSE during initial set up running setup script . Default is admin/admin §  Use the same password while adding MSE to the WCS §  To fix the mismatch, run the setup script again using /opt/mse/setup/setup.sh Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
  98. 98. Verifying NMSP Connection Status (WLC/MSE)(Cisco Controller) >show nmsp status!LocServer IP TxEchoResp !RxEchoReq TxData RxData!-------------- ----------- !--------- -------- ------- !172.20.224.17 18006 !18006 163023 10 !! -------------! Context Aware Service ------------- Total Active Elements(Clients, Rogues, Interferers): 129 Active Clients: 34 Active Tags: 29 Active Rogues: 66 Active Interferers: 0 Active Wired Clients: 0 # of active Active Elements(Clients, Rogues, Interferers) Limit: 100 NMSP sessions Active Tag Limit: 100 Active Wired Clients Limit: 0 Active Sessions: 1 Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
  99. 99. NMSP Status on WCS for MSE§  Navigate to Services>Mobility Services>MSE>Status§  WLC could have been added, but NMSP status can be Inactive§  Troubleshooting Tab provided next to Inactive buttonPresentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
  100. 100. NMSP Status Troubleshooting Tab §  Provides status of common NMSP issuesPresentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
  101. 101. Synchronization History§  Synchronization History shows §  Automatic Synchronization §  Automatic Controller Selection/Assignment §  Smart Synchronization§  Navigate to Services > Synchronization Services Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
  102. 102. Enabling Element Tracking If checked (Enabled), only then: § Devices will be tracked § History will be availablePresentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
  103. 103. History Parameters§  Number of days to save history is not limited in WCS UI Limited by disk space and system performance§  History of an element is recorded only if: Element moves more than 10m (30 ft) Tag: emergency or panic button is pressed Tag: passes by an exciter Floor changes, i.e. element moves between floors§  Element is declared inactive if it remains inactive for an hour. If it remains inactive for 24 hours, it is removed from tracking table , and it is not possible to see element’s historical location on the WCS Monitoring page. Absent Data Cleanup Interval helps to control tracking table . Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
  104. 104. Minimizing Latency§  Tag notification frame interval for stationary tag 3-5 minutes§  Tag notification frame interval for moving tags <10sec§  WLC NMSP aggregation window is 2 sec by default§  Correct aggregation window should be set to make sure that WLC has received updates from all the APs, before sending data to MSE via NMSP§  From WLC CLI aggregation window can be set independently for clients, tags, rogue APs, rogue clients and Rfids (Cisco Controller) >config nmsp notification interval rssi ? clients Measurement interval for clients. rfid Measurement interval for rfid tags. rogues Measurement interval for rogue APs and rogue clients Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
  105. 105. Immediate Notification from MSE Business Application SOAP/XML API MSE Context-Aware SoftwareContext Aware Context Aware SiEngine for Clients Engine for Tags Si RSSI RSSI / TDOA Mobile User Voice over 802.11 Smart Phone 802.11 Clients 802.11 CCX Tags Indoor & Outdoor Indoor Environment Environments Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
  106. 106. Immediate Notification from MSE§  With 7.0 code MSE can forward the tag info straight to third party§  Setting the first parameter to true will cause the MSE to immediately send the notification to Mobile View or any other application. This however will have old or no location.§  After the location calculation another notification will be fired with the latest location value§  If the location is not needed at all, then the second parameter should be set to true. Note the MSE will just act as a forwarding engine in this case and no location calculations will be computed Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
  107. 107. Wired Location Detection MSE - Location Service with wireless/wire map Si database Network Management Service Protocol (NMSP) §  Switches report to MSE switch port mapping of connected devices §  MSE actively tracks communicated information and location of both devices and chassis §  MSE maintains history of device connect, connection location, and C3750-E device disconnect §  MSE provides SOAP XML API toCDP/LLDP- external systems that are interested inMED location of chassis or endpoint devices §  Applications can query or receive async events when devices or chassis move location Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
  108. 108. Wired Location with MSE§ MSE  tracks  loca-on  history  of  wired  clients    § Loca-on  informa-on  configured  using  switch  CLIs   §   Define  the  loca-on  iden-fier   §   Enable  ip  device  tracking   §   ABach  the  iden-fier  to    the  switch  interface  § Switch  and  MSE  communicate  using  NMSP      § Switches  no-fy  MSE  of  wired  client  associa-on  /   disassocia-on      § Switches  supported  -­‐  Catalyst  2960,  3750,  3750E,  3560,   3560E,  4500,  4900  § Required  soRware  versions   Catalyst  switches  –12.2(50)SE   WCS  –  6.0.x  onwards   MSE  –  6.0.x  onwards   Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
  109. 109. Deployment Checklist§  Follow proper AP placement guidelines (location and density)§  Configure NTP server on both WLC and MSE or manually synchronize both the devices (and preferably WCS) with the correct time and time zone.§  Check the NMSP connection status on the controller§  Ensure that tracking is enabled for the right devices§  Ensure that the maps and AP positions are synchronized between the WCS and MSE§  Ensure that location calculations are taking place either on the tracking page or the MSE consoleFor Clients§  Verify tracking is enabled on MSE§  Verify clients are detected by controller§  Max calculation time taken into accountFor Tags§  Verify tracking is enabled on MSE§  Verify tags are detected by controller§  Max calculation time taken into account Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
  110. 110. Key Takeaways§  Cisco Mobility Services Engine enables the deployment of advanced services (Context Aware, CleanAir, wIPS)§  Implementing Context Aware Services requires following a set of best practices for optimal results§  7.0-MR1 software release has a number of feature enhancements specific to the MSE and associated services Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
  111. 111. Recommended Reading§  Cisco Mobility Services Engine - Context Aware Mobility Solution Deployment Guide http://www.cisco.com/en/US/products/ps9742/ products_tech_note09186a00809d1529.shtml§  Cisco Context-Aware Service Configuration Guide http://www.cisco.com/en/US/products/ps9742/ products_installation_and_configuration_guides_list.html§  Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/ data_sheet_c07-473865.html§  WiKi Page External http://www.cisco.com/en/US/products/ps9806/ products_qanda_item09186a0080af9513.shtml§  AeroScout Support Page http://support.aeroscout.com Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
  112. 112. Thank you.Presentation_ID © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 112

×