Upload
cisco-mobility
View
14.241
Download
1
Embed Size (px)
DESCRIPTION
Learn the fundamentals of advanced wireless services from design to deployment and operation. Includes Context-Aware for wireless location of users, clients and interference events with CleanAir and Adaptive Wireless IPS for advanced security protection. Learn More: http://www.cisco.com/go/wireless
Citation preview
Deploying Advanced Wireless Services using Cisco Mobility Services Engine
BRKEWN--2012
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 2
Session Objective
This session focuses on design and deployment fundamentals, as well as operational best practices to optimize the performance and accuracy of Cisco Context-Aware Services. Troubleshooting techniques for resolving issues related to tracking client and active RFID tags will be covered. You will learn the advantages of deploying wIPS to secure your wireless deployment and how it provides greater visibility over threats and mitigation for your wireless network. Finally the optimum deployment and redundancy mechanisms for the MSE appliance will be discussed.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 3
§ Technology Background
§ System Architecture
§ Deploying Context Aware Services
§ MSE 7.0-MR1 – Enhancements and New Features
§ Best Practices Guidelines
Agenda
Technology Background
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 5
NMSP over SSL
Cisco WCS
Cisco Wireless LAN Controller
Cisco Mobility Services Engine (MSE)
Access Point
Location API via SOAP/XML over HTTPS
3rd-party location application
HTTPS
WCS (Client Browser)
Wired Client
Cisco Catalyst Switch
Active RFID Tag
Wireless Client
Cisco Wireless Topology with CAS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 6
Context-Aware Architecture
SiSi
SiSi
Cisco Wireless Control System
Cisco Aironet Access Point
Cisco Wireless LAN Controller
Wireless network devices
Tag and D
evices N
etwork
Application and
Managem
ent
Active RFID Tags Wired network
devices
Mobility Services Engine
Cisco Catalyst Switches
Cisco MSE Context Aware Service § Provides contextual
information of wired and wireless IP enabled devices
§ Contextual information provided through: SOAP/XML API
Context-Aware Applications
Asset Visibility Network Visibility
Telemetry Business Process
Chokepoint
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 7
Context-Aware Services (CAS) Use Cases
Asset Management Telemetry
Worker Safety
CleanAir
ASSET VISIBILITY NETWORK VISIBILITY
Medianet
Telemetry
Network Visibility &
Control
Enhanced WLAN Security
CleanAir
Medianet
Worker Safety/
Workflow
CUP
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 8
Network Visibility
client tag:
Rogue AP: Rogue clients:
Context Aware Services provide a single view showing clients, rogues, tags
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 9
CleanAir – Detecting Interference Sources
Interferer Details
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 10
NMSP status
Exchanged NMSP messages
Services that are utilizing NMSP
NMSP Connection – Status and Details
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 11
Mitigate Wireless LAN
Controller
What is CleanAir Technology?
Cisco CleanAir
§ Classification processed on Access Point
§ Interference impact and data sent to WLC for real-time action
§ WCS and MSE store data for location, history, and troubleshooting
GOOD POOR
CH 1 CH 11
Maintain Air Quality
Locate WCS, MSE
Visualize and Troubleshoot
§ Classification processed on Access Point
§ Interference impact and data sent to WLC for real-time action
§ WCS and MSE store data for location, history, and troubleshooting
AIR QUALITY PERFORMANCE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 12
Product Licensing Requirements Functionality AP3500 None § Multi-interferer Detection &
Classification § AirQuality Monitoring § Self-Healing Event Driven RRM
Wireless LAN Controller
Standard per AP § AirQuality Aware RRM § Self-Learning Persistent Device
Avoidance § Spectrum Expert Connect § AirQuality and Interferer Alerts
Mobility Services Engine (MSE)
§ Context Aware “endpoints” required for each interferer tracked
§ MSE adds support for 100 interferers when AP3500 present (5 per AP, license is additive)
§ Interferer Tracking & Zone of impact § Merging or correlating interferers
from multiple WLCs (psuedo MAC) § Location Calculations § History Storage
WCS/NCS Standard per AP count WCS: Plus required for MSE NCS: Single license model (CleanAir supported by default)
§ Remote Client Troubleshooting § AirQuality Visualization and Mapping § Forensics Tools § Location Visualization § Impact Analysis § History Playback
Cisco CleanAir Components
System Architecture
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 14
Cisco Context Aware Mobility Solution Tracking Tags and Clients
§ Tracking tags (indoor and outdoor/outdoor-like)
§ Context-aware engine for tags (Cisco or partner engine)
§ Utilizes: CAPWAP infrastructure for indoor environments
Wi-Fi TDOA receivers for outdoor and outdoor-like environments
Partner HW/SW managed by System Manager (partner) and Cisco WCS
§ Tracking clients (indoor)
§ Context aware engine for clients (Cisco engine)
§ Utilizes CAPWAP infrastructure
§ Managed by Cisco WCS
Netw
ork A
pplication and M
anagement
SiSi
Cisco WCS
Cisco MSE
Wi-Fi TDOA Receiver
Context Aware Software
Context Aware Engine for Tags
Tag and D
evices
AeroScout
Chokepoint 125 kHz
Context Aware Engine for Clients
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 15
Receive Signal Strength Indication (RSSI) Overview
§ Cisco RSSI-based location tracking solution based on “network-side” RSSI measurements
§ Requires min. of three AP’s; optimal accuracy requires more than 3 AP’s
§ Best suited for indoor office-like environments (carpeted, low ceiling, i.e. < 20 feet)
§ Main factors affecting accuracy: AP density
AP placement
RF environment
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 16
Time Difference of Arrival (TDoA) Overview
§ Based upon relative differences in time measurement
§ Requires clock synchronization at receivers, but not the mobile device
§ Requires min. of three time-synchronized TDoA receivers
§ Time for message to be received at different receivers is proportional to length of transmission path between the mobile device and each receiver
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 17
Outdoor Location § TDOA Receivers challenges
§ costly § require extra synchronization § require License § require third party software platform for configuration
§ Cisco Outdoor Mesh APs can be used § MSE successfully connects to WLC with mesh APs § RFID tags detected by mesh APs and are shown on the campus map § Location Accuracy Tool works with Mesh APs § nearest AP support § device will be displayed near the AP (with higher RSSI)
§ Recommendations § RFID tags should be placed at some height (4 to 5 ft.) above ground
to avoid any blockage § follow Mesh AP’s deployment guidelines
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 18
Important Points
Calculation Method
Cisco Context Aware Tag Tracking
Wi-Fi Devices or Active Tags (Battery Powered)
Price Between $50–$80 Telemetry Capabilities
Received Signal Strength Indication Chokepoint for Zone Level Location
Building Wi-Fi (RSSI, Chokepoint)
Access Points or Chokepoints
§ Only CCX Tags can be tracked § Tags vendors have implemented CCXv1 § Tags only operate in 2.4 GHz band § Need Third Party “Tag Activator” to program Tags § May need Third Party tools for “Calibration”
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 19
MSE Evaluation Mode
§ Evaluation license ships by default on MSE § Without a license, MSE provides “try before you buy”
functionality for 60 days § 20 wIPS APs
§ 100 Location clients
§ 100 tags
§ 100 Permanent Interferers licenses are embedded in MSE. These Interferer Licenses open up as Clean Air APs (AP3500) are detected, in stages of 5 per 3500 AP
§ Once the license is installed it is usage based, depending upon the service is enabled/disabled
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 20
MSE-3310 Service Support Matrix wIPS and Context Aware
2000 Y 1000 Y Y
0 Y Y Y 0 1000 2000
wIPS Monitor Mode APs
Clie
nts
/ Tag
s
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 21
MSE-3350/3355 Service Support Matrix wIPS and Context Aware
18000 Y 12000 Y Y 6000 Y Y Y
0 Y Y Y Y 0 1000 2000 3000
wIPS Monitor Mode APs
Clie
nts
/ Tag
s
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 22
System Scalability § MSE can be managed by only 1 WCS
§ WCS can manage up to 5 MSE’s
§ 1 WLC can have up to 10 NMSP sessions § WLC with wIPS AP’s cannot establish NMSP session with multiple
MSE’s
§ MSE can have up to 500 NMSP sessions (i.e. 500 WLC’s) § Max. limit is based on client/tag count supported per WLC
§ Max. number of moving elements § MSE-3310: 150 elements/sec § MSE-3350: 900 elements/sec
§ Max. number of coverage areas: 50/floor
§ End-to-end latency: up to 6 seconds under full load
§ APs per Floor: 100 (Limit on WCS side)
§ Floors per Building in a campus: 20
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 23
WLC Model Client Capabilities
Tag Capabilities
Rogue AP Capabilities
Rouge Client Capabilities
WLCM 500 256 125 100
2106/12/25 256 500 125 100
Catalyst 3750G with Integrated
WLC
2,500 1,250 625 500
4402 2,500 1,250 625 500
4404 2,500 5,000 625 500
5508 7,000 5,000 2,000 2,500
WiSM/WiSM-2 10,000 5,000 1,300 1,000
WLC – Device Tracking Capacity
MSE 7.0-MR1 – Enhancements and New Features
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 25
7.0 Maintenance Release – MSE Enhancements
Enhancements in both SW and HW: § MSE-3355
§ Cisco + 3rd party Tag Engine
§ wIPS Enhance Local Mode
§ CCX – Calibration for Location § MSE CAS Enhancements, Dashboard, Reporting
Cisco MSE-3355 Platform
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 27
Cisco MSE 3355 Specification
§ IBM x3550M3 Platform / 1RU Form Factor
§ 2 CPUs (Quad Core) – Intel E5504 Nehalem, 4Mb L2 cache
§ 16G DDR3 1333 MHz memory § 4 x 146GB hot-swappable SAS drives / 10K RPM / RAID 1+0
§ Dual Gigabit Ethernet NICs
§ Dual Hot-swappable Energy Star certified Power supplies
§ Redundant internal cooling fans
§ MSE-3355 configuration and deployment is the same as 3310/3350
§ 7.0-MR release: tracking performance @ 700-900 movements per second
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 28
Platform Overview § Latest Nehalem architecture based processor
§ High Performance SAS disk drives – 6 Gbps transfer rate
§ High Performance RAID card with 512 MB onboard cache
§ Four Disk drives in RAID1+0 configuration; double the throughput of a RAID1 configuration with same reliability
§ Six internal redundant cooling fans in three zones (2 fans per zone)
§ IMM based out-of-band management for trouble free monitoring and management
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 29
Feature MSE-3350 MSE-3355 # of disk drives 2 4 Storage Capacity 147 GB ~290 GB RAID level 1 1+0 (also referred to as RAID 10) Disk transfer rate 3 Gbps 6 Gbps Installed memory 8 (PC2-5300) 16 (DDR3) Power supplies 2 (hot swappable) 2 (hot swappable) RAID card cache 256 Mb 512 Mb Management iLo not enabled IMM - supported Monitoring Disk only Disks, Fans, Power supplies,
Event log
Comparing MSE-3350 & MSE-3355
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 30
Appliance Monitoring Enhancements § All internal fans (6) are monitored for failure
§ Each fan has TWO internal redundant motors § If one motor fails, the other motor increases speed and
the system continues to function normally § If both motors in a fan fail, the system shuts down
§ If a single motor in a fan fails, an alarm is sent to WCS and the box must be replaced
§ Power Supply status is also monitored § Physical Existence of both power supplies § Both power supplies being active (connected to power
source) § Health of power supplies § Failure in any of the above triggers an alarm to WCS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 31
The Integrated Management Module (IMM) § Web-based user interface for monitoring and
managing the server, regardless of the state of the server
§ Access to IMM § Shared access via the standard Ethernet ports § Dedicated management port
§ IMM Log is actively monitored § If the IMM log reaches 90% capacity, it is
archived and cleared
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 32
Troubleshooting § Critical components (disk, power supply, fans) are actively
monitored § Scripts are run every 10-20 minutes to check health
§ The Light Path Diagnostics Panel § A unique accessory that provides critical information
about the state of the hardware § MSE Installation guide provides details on the various
LEDs and conditions
§ IMM is very reliable and easily accessible for monitoring the entire system
§ System event log contains every event and can be viewed via IMM or using the ipmitool
7.0-MR1 MSE Tag Engine
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 34
Cisco Tag Engine
§ Same CAS license provides tracking of RFID tags (plus clients)
§ Migration of AeroScout license to Cisco license is NOT supported
§ Aeroscout SW on Cisco Engine, e.g. MobileView, is NOT supported
Cisco Engine AeroScout Engine
RSSI based client + tag location RSSI + TDOA tag location
Customers who wants to track both clients and tags
Existing AeroScout customers with large number of tags
Extend Rails and Regions Calibration to tag tracking
Requires both RSSI and TDOA for tags.
Flexible tag vendor selection, with less support contract and licenses
Single vendor selection for tags, application and location engine.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 35
Cisco Tag Engine License
• WCS managed, CAS license shared between client & tags count.
• AeroScout ‘partner’ engine, SW versions, licensing, tests and support will be provided by AeroScout
MSE and wIPS ELM
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 37
Cisco Adaptive Wireless IPS with Enhanced Local Mode (ELM)
• Adaptive wIPS scanning via data serving access points, including HREAP
• Provides protection without needing a separate overlay network.
• Available as a free SW download for existing wIPS Monitor Mode customers.
• ELM supported APs: 1040, 1140, 1250, 1260 & 3500
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 38
Benefits over Controller-Based IDS § Reduction in false positives
§ Only triggers an alarm when it detects attacks over the air that are causing damage to the wireless infrastructure network.
§ Alarm aggregation § Unique attacks seen over the air are correlated and
aggregated into a single alarm.
§ Forensics § Provides the ability to capture attack forensics for further
investigation and troubleshooting purposes.
§ Rogue detection § Anomaly detection
§ Includes specific alarms pertaining to anomalies in attack patterns or device characteristics captured.
§ Default configuration profiles § Profiles can be further customized to address the
specific needs of the prospective deployment.
WCS
WLC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 39
Deployment Recommendation: Monitor Mode
• Monitor-mode wIPS APs do not serve clients, thus have greater range
• Client-serving AP typically covers 3000-5000 square feet
• wIPS AP typically covers 15,000–35,000 square feet
• Ratio of wIPS monitor-mode APs to local-mode traffic APs varies by network design, but 1:5 ratio is reasonable estimate
• wIPS APs can simultaneously run context-aware location in monitor-mode
Range Placement, Density
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 40
WIPS Monitor Mode/CleanAir MMAP + WIPS MM
Local Mode
wIPS Monitor Mode or CleanAir MM + wIPS MM on CleanAir AP:
Recommendation – Ratio of 1:5 MMAP to Local Mode APs
Option A: LM + MM Option B: ELM
Deployment Recommendation (cont’d)
Turn on ELM on all APs (including CleanAir)
Enhanced Local Mode
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 41
wIPS ELM Profile § wIPS profile provide ELM signatures info
§ Magnifying glass icon means Monitor Mode AP signatures support
§ ELM off-channel scanning only
§ Error from pushing profile to WLC § Check NMSP connection
§ Check clocks (WLC is UTC)
MM signatures MM signatures MM signatures ELM off-channel
MSE> /opt/mse/wips/bin/wips_cli wIPS> show profile assignment
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 42
Enhanced Local Mode wIPS
• ELM Local AP detects attack
• MSE generates alarm
• WLC/WCS notifications
1
2
3
1AP CLI> show capwap am alarm <id>
MSE> /opt/mse/wips/bin/wips_cli wIPS> show alarm list
3
2
7.0-MR1 MSE CCX Calibration
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 44
CCX Enhancements • CCXv5 creates a path loss measurement (PLM) request by an AP to be sent to the
client which then causes the clients to send bursts of path loss measurement frames at regular intervals back to the AP
• Enable MSE to get more periodic data for cleaner client RSSI values.
• Compensates missing RSSIs and RSSI variations from challenging environment.
• Wireless adapter with optional CCXv5 features is Cisco AIR-CB21AG-A-K9.
• CCXv4 is more common, e.g. laptops with Intel wireless NICs w/ CCX V2+ capable.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 45
CCX Calibration • Does not require MSE
MSE only needed when apply and sync calibration to map.
• Client needs to be associated
• WCS may show associated but WLC must show client is in run state.
• Client must be CCxV2 and above.
• Intel PROSet/WIFI settings enable CCX - radio management • Cisco CB21ABG w/ ADU
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 46
CCX Data Collection § Common issue of getting ‘stuck’
§ Timer now sets 2 minutes then cancel if no data is received.
§ One band is performed at a time.
§ Take strongest AP samples, combined with other samples from nearby APs within 100ft
§ Take 10 samples from each AP.
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 47
CCX Logs § Location is \Prog~
\WCS-7.0-MR\webnms\logs
§ Download log file includes calibration data.
§ Validate connected client
§ Check if CCX is enabled, e.g. CCX Radio Measurement
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 48
Logs
Samples collected Priming samples
10 samples per AP
Radio (0=b/g, 1=a)
X,Y Location Total time (secs)
Access Points
CCX Samples
Priming samples
Instantiating = Start
Calibration model name
Validating client card
7.0-MR1 Context Aware Enhancements
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 50
Context Aware Dashboard
License Capacity
Troubleshoot location history
Element counts Element counts
Top MSEs
Rogue index
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 51
Independent Rogue Tracking and Limiting
§ Enable/disable Rogue AP/Rogue Clients tracking/limiting independently
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 52
Location History
• History logging must be enabled
• MSE tracks transition changes
• Filter history based on time period or state
• Movement, client association, network status
Filter history based on time period or state
Enable logging for location history
Client status
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 53
Map Enhancement
§ Additional icons: rogue client, guest
§ Troubleshooting Notes section added to map
Rogue AP Rogue Client Guest
Troubleshooting notes
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 54
Context Aware Reports
Context Aware Reports
Filter by specific floor
Missing device & Device In/out notification reports
Deploying for Context-Aware Services
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 56
Deploying a Context Aware Capable Infrastructure – WLAN Design
Access Point Density (Office) § Use smaller, overlapping cells
§ For wireless data only deployments: 10% AP cell overlap
§ For wireless data + voice deployments: 20% AP cell overlap
§ For good location fidelity, access points should be located 50-70 linear feet apart (15-22m)
§ Typically about one access point every 2500 – 5000 square feet (230 – 460 sqm)
§ APs/antennas height should be from 10 ft to 20 ft
§ Enable antenna diversity § AP’s placed too close to each
other can cause co-channel interference
Location coverage & capacity
~60 ft
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 57
AP Positioning
§ Optimal AP positioning can greatly improve accuracy
§ Even distribution of APs provides better stability and repeatability of the data points
Wi-FI device
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 58
Location Readiness Tool
A point on floor map is location-ready if: § min. of 4 AP’s are deployed
§ min. of 3 AP’s are within 70 ft.
§ At least 1 AP placed in each of at least 3 surrounding quadrants.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 59
Coverage Gaps – Voice and Location § Local mode AP placement
and density may be sufficient for data/voice applications
§ Normal Coverage Deployment places the Local Mode Aps in the Centre of the Bldg
§ Good for periphery of buildings to improve location accuracy without adding extra traffic that may impact voice or client services
§ Use TOMM AP’s to fill in coverage gaps
Local
Local Local TOMM
TOMM TOMM
Wi-Fi device
TOMMs act as dedicated sensors for location tracking
Tracking Optimized Monitor Mode APs
Channels on TOMM AP’s should be same as the local mode AP’s
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 60
CleanAir Deployment Recommendations
§ Existing 802.11n deployments 1140, 1250
§ Competitive Installed 802.11n deployments
§ New or Upgrading to 802.11n § New areas for ongoing
802.11n deployments § Networks severely impacted
by non-WiFi interference
Sprinkle In 3500 in monitor mode
(1 monitor AP for 5 data APs)
Self Healing Troubleshooting Location
o CleanAir Technology required in AP for Self Healing
Customer Needs/Has: Customer Needs/Has:
Deploy: Deploy: Pervasively deploy 3500 in local mode
Self Healing Troubleshooting Location
o Do not ‘sprinkle in’ local mode 3500s. Local mode 3500s scan data serving channel only.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 61
Rails and Regions § Allows for certain regions in map to be defined as within
or outside the scope of valid location area – improving location accuracy
§ Corridors or rooms where people or assets are constantly changing positions can be especially challenging
§ Three types of regions can be specified Location inclusion region: tracked device cannot be outside of this polygon (examples: outside of building outer walls)
Location exclusion region: tracked device cannot be inside of this polygon (examples: open atrium)
Rails: tracked device must be within defined area with narrow band. Typically used within exclusion region (examples: conveyor belt).
§ Regions defined in WCS and “pushed” (via synchronization process to MSE)
§ In MSE, it works for only clients. “Cells & Masks” feature in Aero Scout – Systems Manager can be used for tags
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 62 62
Location Accuracy WCS Location Readiness Tool
Yes – 7m, 90%
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 63
WCS Location Quality Tool § Under tools
select Location accuracy tool
§ Define On-Demand or Scheduled scan
§ Select and position device
§ Wait for 60 sec § Run the test for
2 minutes
§ Report in CSV or PDF file format
7m, 90%
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 64
Understanding Cumulative Probability Distribution
X
X
90%/13.6m
50%/7.0m
~60% of devices within 7m
Improving Accuracy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 66
Comparison of Client Drivers Features
Legacy CCXv2 Non – CCX Or CCXv1
CCXv2 or higher
APs do not know Tx Power of the probes
APs do not know Tx Power of the probes
Aps do not know channel frequency of the probes
Aps do not know channel frequency of the probes
Probes can be detected on a wrong channel at a reduced power
Probes can be detected on a wrong channel at a reduced power
Probes transmitted infrequently Frames scheduled periodically Path Loss Model can show very large scale RSSI variations
Path Loss Model can show RSSI variations- but variations are averaged as more frequent info available
Starting Point Better
CCXv4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 67
WCS Planning Tool
§ WCS has the ability for planning and simulating RF propagation for data, voice and location services primarily in indoor office or similar areas § Supports Cisco AP’s and antenna only § Provides a 2 dimensional prediction model and report § Automatic or manual AP deployment § Does not consider obstacles or wall attenuation when
calculating AP positions § True RF coverage pattern including obstacles and
wall attenuation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 68 68
WCS Map Editor 1st Verify map is to scale
Use scaling tab to reset map scale
Use horizontal or vertical drag & drop to select
distance Note! A warnng notification
usually indicates the building
requires resizing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 69 69
Wall and Partition Properties
§ Use obstacle type to define dB loss
Note: These values are recommendation only
§ Multiple lines can be combined to obtain required loss!
Use obstacle tab to Select
wall properties
� -1dB Cubicle � -1.5dB Glass � -2dB Light Wall � -4dB Light door � -13dB Thick Wall � -15dB Heavy Door
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 70
Calibration Models § After installation, calibration function available within WCS can be used for
higher location accuracy
§ WCS provides a way for user to calibrate signal characteristics for a particular indoor environment or similar areas
§ More accurate the model used, the results in better location accuracy
§ Point calibration: client at fixed location. One location at a time
§ Linear calibration: data collected between two different points (straight line)
§ Calibration with non CCX clients is not supported Monitor > Clients > Client Details to verify CCX version
pre-defined models
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 71
Represents completed calibration area
Calibration – Point Mode Data Points
Disable RRM AP Power mode Calibration should be performed for every band
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 72
Calibration date collected for entire floor space
Calibration – Point Mode
MSE is not involved during Calibration process After calibration model is created, the following steps are essential: • Apply this model to the floor map(s) • Synchronize WCS with MSE
Data Points
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 73
Location Quality Inspector Launch from Calibration Detail Page after calibration to check on how good the data points collected are and how much improvement is achieved for the desirable accuracy
Test Point
Participating Aps displayed with RSSI values
Scrolling mouse pointer on the area displays test points and also identifies the APs who participated in calibration as blue with RSSI values
Calculated Location
Event Notifications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 75
Types of Notifications § Notifications from MSE can be classified into 2 broad
categories. § Northbound Notifications - applicable only for Tags. § Conditional Notifications or Track Event based
Notification § applies to tags, wireless clients, rogues APs and
clients and interferers. (Note: not wired clients)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 76
Northbound Notifications § Applicable to only Tags.
§ Configuration done using the Notification Parameter page on the Context Aware Service -> Advanced Submenu under MSE on WCS.
Note: The advanced Parameter settings on the same page do not apply to Northbound notifications.
§ Can also be configured MSE API
§ Configurable parameters include: Trigger - On what condition should the notification be triggered Contents – The data of interest to the destination in the notification
Destinations – Destination IP or hostname, Port and http/https option. (This can only be a SOAP destination)
Trigger Contents
Destinations
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 77
Frequently Seen Problems
§ No notification received § Not getting all notifications § Getting only 1 of 5 notifications § Too many notifications § Not getting notifications for Clients, rogues,
interferers and wired clients § Missing some notification
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 78
Troubleshooting: No Notifications Received
§ Check whether TAGS are detected by MSE. § Check whether the destination specified is a
SOAP destination § Check whether the destination IP is pingable
from MSE § Check whether the destination port is pingable
from MSE.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 79
§ Check the Notification Statistics page under Context Aware Service menu.
§ Investigate summary page and details page for errors in communication or stress on MSE.
§ Analyze queue limits, queue usage percentage, average response time and delay.
§ Check if all the trigger conditions that are expected are enabled.
Troubleshooting: Not Receiving all Notifications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 80
Troubleshooting: Getting only 1 of 5 notification
§ This usually happens when the client or destination do not have correct implementation
§ This happens due to the term asynchronous notifications from MSE.
§ The notifications are sent using SOAP which is a request/response based protocol. The destinations need to send an acknowledgement of the received notification. This can be a null or an empty soap response.
§ This behavior can be observed from the notification statistics page from the “Awaiting Response” count statistics.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 81
Troubleshooting: Too Many Notifications
§ Yes, this is a problem for the application and can crash the application.
§ There is nothing the MSE can do. § Suggest removing trigger conditions that are not
important. § Scalability on the application is the best solution.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 82
Troubleshooting: Not Getting Notifications for Clients, Rogues, Interferers and Wired clients
§ Only tags are supported. § Suggest setting up track group events with
a generic condition (explore) for other devices.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 83
Troubleshooting: Missing or dropped notification
§ Analyze the Notification Statistics page for the dropped rate/count and response time.
§ If the drop is slow and can be corrected if the queue size could accommodate little more, then increase the queue size using Notification Parameters page Advanced Settings.
§ If the response time is slow, the generate rate and send rate will differ significantly. Suggest improving application response time to acknowledge notifications faster.
§ The MSE may be running beyond its potential and no config change on MSE will help. Suggest splitting load on MSE or reducing the unnecessary notification triggers.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 84
Track Group Notifications § These are applicable to all devices
except Wired Clients. § There are some predefined conditions
to configure for a device. § Supported destination types are: SOAP,
SNMP, SMTP and Syslog. § Some parameters can be configured
using “Advanced Settings” on the Notification Parameters page. For details on parameters refer config guide.
§ General tips are to keep things at default. For complaints about notification delays increase set the refresh time, rate limit and retry count to 0. Increase Queue Size with care, this may not solve but just delay the problem.
SOAP, Syslog, SMTP and SNMP (v2 & v3)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 85
Problems with Track Group Notifications
§ No notifications received § Missing notifications § Dropped notifications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 86
No Notifications Received
§ Check whether the track group event definition was enabled
§ Check whether the track group was synchronized with the MSE and any errors during sync.
§ Check whether the destination IP and port is pingable from MSE.
§ Check the correctness of the event definition. § Check whether the device is detected by the MSE.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 87
Missing Notification
§ Check correctness of event definition and whether they are all enabled.
§ Check errors during sync. § Check whether the devices configured in the
events definitions are detected by MSE. § If the WCS is the notification receiver then the
first notification will show up as an Alarm on the Notification Summary page and subsequent notifications will show up as events.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 88
Dropped notification
§ Analyze the Notification Statistics. § Other troubleshooting steps similar to that of
Northbound notification
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 89
SNMP v3 Enhanced to support SNMPv3 trap capability in the following areas:
§ Location Event Notifications: § SNMPv3 transport will be supported
in addition to SNMPv2 § Track Group SNMP transport
definition will be extended to support SNMPv3 configuration
§ MSE System Event Notifications: § NMSP Connection status changes § Licensing threshold crossover
notifications § Appliance related alarms generated
by hardware monitoring tools § WIPS Alarm Notifications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 90
Summary of Best Practices for Location Deployment § Proper AP density and placement § Create an AP perimeter § Use CCXv4 or CCXv5 clients § Calibrate the environment § Use Rails & Regions § Minimize interference level where possible § Use chokepoints to prevent inter-floor location problem
and provide room level accuracy § When using active RFID tags, configure channels 1, 6 and
11 with 3 repetitions/channel (motion enabled & chirp rate configured
Important Configuration Steps
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 92
MSE System Configuration § Use the following command which starts setup script to guide the user in
setting the system parameters /opt/mse/setup/setup.sh
§ /opt/mse/setup/setup.sh must be used set/change: § Host name / Domain name changes
§ Changing system IP address/subnet
§ Dual homing
§ Routes configuration
§ Console/ssh access settings
§ Root password changes
§ WCS user password changes
§ For managing Context Aware Engine for Clients § Start command: /etc/init.d/msed start
§ Status command: /etc/init.d/msed status
§ Stop command: /etc/init.d/msed stop
§ Restart command: /etc/init.d/msed restart
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 93
“getserverinfo” Command Total Active Elements(Wireless Clients,
Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 381
Active Wireless Clients: 206
Active Tags: 58
Active Rogue APs: 50
Active Rogue Clients: 50
Active Interferers: 17
Active Wired Clients: 0
Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 2100
Active Sessions: 1
Wireless Clients Not Tracked due to the limiting: 0 Tags Not Tracked due to the limiting: 0 Rogue APs Not Tracked due to the limiting: 390 Rogue Clients Not Tracked due to the limiting: 31 Interferers Not Tracked due to the limiting: 0 Wired Clients Not Tracked due to the limiting: 0 Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 421- ------------ Context Aware Sub Services
------------- Subservice Name: Cisco Tag Engine Admin Status: Enabled
Operation Status: Up
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 94
Common Issue (certificate exchange) seen with NMSP § Time synchronization/configuration
§ Key hash template
§ Key exchange
§ WCS communication password mismatch
§ NMSP status on the WLC
§ NMSP status on the MSE
§ NMSP status on the WCS
Troubleshooting NMSP Issues
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 95
Time Synchronization/Configuration
§ possible symptom of clock discrepancy between WLC and MSE: can’t establish NMSP connection after adding MSE to the system
§ suggested course of action: Use NTP server for synchronizing clocks (recommended)
Manual configuration (controller time should be equal to or ahead of time on MSE)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 96
Establishing NMSP Connection
MAC address and key hash for authenticating NMSP session between MSE and WLC
MSE root@mse ~]# cmdshell
cmd> show server-auth-info
invoke command: com.aes.server.cli.CmdGetServerAuthInfo
----------------
Server Auth Info
----------------
MAC Address: 00:1e:0b:61:35:60
Key Hash: 5384ed3cedc68eb9c05d36d98b62b06700c707d9
Certificate Type: SSC
==============================
WLC
(Cisco controller) >config auth-list add lbs-ssc <MSE Ethernet MAC> <MSE key hash>
(Cisco Controller) >show auth-list!
Mac Addr Cert Type Key Hash!
----------------------- ---------- ------------------------------------------!
00:1e:0b:61:35:60 LBS-SSC 5384ed3cedc68eb9c05d36d98b62b06700c707d9!
!
MSE MAC address MSE Key Hash
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 97
WCS Communication Password Mismatch
§ WCS-to-MSE communication password is NOT the same as MSE ssh password
§ WCS communication password is set in MSE during initial set up running “setup script”. Default is “admin/admin
§ Use the same password while adding MSE to the WCS
§ To fix the mismatch, run the setup script again using /opt/mse/setup/setup.sh
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 98
Verifying NMSP Connection Status (WLC/MSE)
(Cisco Controller) >show nmsp status!
LocServer IP TxEchoResp !RxEchoReq TxData RxData!
-------------- ----------- !--------- -------- ------- !
172.20.224.17 18006 !18006 163023 10 !
!
!
------------- Context Aware Service ------------- Total Active Elements(Clients, Rogues,
Interferers): 129 Active Clients: 34 Active Tags: 29 Active Rogues: 66 Active Interferers: 0 Active Wired Clients: 0 Active Elements(Clients, Rogues, Interferers)
Limit: 100 Active Tag Limit: 100 Active Wired Clients Limit: 0 Active Sessions: 1
# of active NMSP sessions
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 99
NMSP Status on WCS for MSE § Navigate to Services>Mobility Services>MSE>Status
§ WLC could have been added, but NMSP status can be “Inactive”
§ Troubleshooting Tab provided next to “Inactive” button
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 100
NMSP Status Troubleshooting Tab
§ Provides status of common NMSP issues
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 101
Synchronization History § Synchronization History shows
§ Automatic Synchronization § Automatic Controller Selection/Assignment § Smart Synchronization
§ Navigate to Services > Synchronization Services
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 102
Enabling Element Tracking
If checked (Enabled), only then: § Devices will be tracked § History will be available
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 103
History Parameters
§ Number of days to save history is not limited in WCS UI Limited by disk space and system performance
§ History of an element is recorded only if: Element moves more than 10m (30 ft) Tag: emergency or panic button is pressed Tag: passes by an exciter Floor changes, i.e. element moves between floors
§ Element is declared inactive if it remains inactive for an hour. If it remains inactive for 24 hours, it is removed from “tracking table”, and it is not possible to see element’s historical location on the WCS Monitoring page. “Absent Data Cleanup Interval” helps to control “tracking table”.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 104
Minimizing Latency § Tag notification frame interval for stationary tag 3-5 minutes
§ Tag notification frame interval for moving tags <10sec
§ WLC NMSP aggregation window is 2 sec by default
§ Correct aggregation window should be set to make sure that WLC has received updates from all the APs, before sending data to MSE via NMSP
§ From WLC CLI aggregation window can be set independently for clients, tags, rogue APs, rogue clients and Rfids
(Cisco Controller) >config nmsp notification interval rssi ? clients Measurement interval for clients. rfid Measurement interval for rfid tags. rogues Measurement interval for rogue APs and rogue clients
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 105
Immediate Notification from MSE
SiSi
SiSi
Indoor Environment Indoor & Outdoor Environments
Context Aware Engine for Clients
Business Application
MSE
Smart Phone
Voice over 802.11
Mobile User
802.11 Clients 802.11 CCX Tags
RSSI RSSI / TDOA
Context-Aware Software
Context Aware Engine for Tags
SOAP/XML API
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 106
Immediate Notification from MSE
§ With 7.0 code MSE can forward the tag info straight to third party
§ Setting the first parameter to true will cause the MSE to immediately send the notification to Mobile View or any other application. This however will have old or no location.
§ After the location calculation another notification will be fired with the latest location value
§ If the location is not needed at all, then the second parameter should be set to true. Note the MSE will just act as a forwarding engine in this case and no location calculations will be computed
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 107
C3750-E
MSE - Location Service with wireless/wire map database
Wired Location Detection
CDP/LLDP-MED
§ Switches report to MSE switch port mapping of connected devices
§ MSE actively tracks communicated information and location of both devices and chassis
§ MSE maintains history of device connect, connection location, and device disconnect
§ MSE provides SOAP XML API to external systems that are interested in location of chassis or endpoint devices
§ Applications can query or receive async events when devices or chassis move location
SiSi
Network Management Service Protocol (NMSP)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 108
§ MSE tracks loca-on history of wired clients § Loca-on informa-on configured using switch CLIs
§ Define the loca-on iden-fier § Enable ip device tracking § ABach the iden-fier to the switch interface
§ Switch and MSE communicate using NMSP § Switches no-fy MSE of wired client associa-on / disassocia-on
§ Switches supported -‐ Catalyst 2960, 3750, 3750E, 3560, 3560E, 4500, 4900
§ Required soRware versions Catalyst switches –12.2(50)SE WCS – 6.0.x onwards MSE – 6.0.x onwards
Wired Location with MSE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 109
Deployment Checklist § Follow proper AP placement guidelines (location and density) § Configure NTP server on both WLC and MSE or manually synchronize both
the devices (and preferably WCS) with the correct time and time zone. § Check the NMSP connection status on the controller § Ensure that tracking is enabled for the right devices § Ensure that the maps and AP positions are synchronized between the WCS
and MSE § Ensure that location calculations are taking place either on the tracking page or
the MSE console For Clients § Verify tracking is enabled on MSE § Verify clients are detected by controller § Max calculation time taken into account For Tags § Verify tracking is enabled on MSE § Verify tags are detected by controller § Max calculation time taken into account
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 110
Key Takeaways
§ Cisco Mobility Services Engine enables the deployment of advanced services (Context Aware, CleanAir, wIPS)
§ Implementing Context Aware Services requires following a set of best practices for optimal results
§ 7.0-MR1 software release has a number of feature enhancements specific to the MSE and associated services
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 111
Recommended Reading
§ Cisco Mobility Services Engine - Context Aware Mobility Solution Deployment Guide http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a00809d1529.shtml
§ Cisco Context-Aware Service Configuration Guide http://www.cisco.com/en/US/products/ps9742/products_installation_and_configuration_guides_list.html
§ Cisco 3300 Series Mobility Services Engine Licensing and Ordering Guide http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c07-473865.html
§ WiKi Page External http://www.cisco.com/en/US/products/ps9806/products_qanda_item09186a0080af9513.shtml
§ AeroScout Support Page http://support.aeroscout.com
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID 112
Thank you.