Cisco CMX (10.2) – Part 1


, , ,

Connected Mobile Experiences (CMX) is Cisco’s WiFi location analytic solution to provide a value-added and personalized user experience to WiFi users. If you are familiar with Cisco Mobility Service Engine (MSE), then CMX is the new brand name for that service with some improved features.

Below diagram summarize the CMX solution components

CMX-P1-01Specific to v10.x releases, Cisco has improved the scalability, performance of this platform compare to v8.x. Below is the architectural difference of those two versions.


Below diagram shows CMX 10.x components with more details

CMX-P1-03In this post we will look at “CMX Presence” and in next post we will look into “CMX – Location” Here is the CMX 10.2.0 Release notes which listed below new features .

  1. Presence Analytics (in CMX Prsence)
  2. Social Analytics (in CMX Location)
  3. Verticalization ( in CMX Location)
  4. HpeerLocation Module (in CMX Location  with 10.2.1)
  5. CMX Fast Locate (in CMX Location with 10.2.1)

Pay attention to below details prior to move on to CMX 10.2

CMX-P1-16Once you install the CMX Application on either VM or Hardware (in my case I have used 3355 appliances), you can access GUI to install using https://cmx-ip:1984 as shown below.

CMX-P1-04You have to select either “Presence” or “Location” functionality. You cannot have both function in the same CMX instance. Also note that “Presence” service does not require any maps (Prime Infrastructure is not a requirement). So it is suited for customers that does not have many buildings/APs at given location, still they want to WiFi clients presence analytic.

CMX-P1-05Since I want to use this for “Presence” I have selected that option & continued. You will see below components get installed.

CMX-P1-06In the next Setup page, it is expected you to enter PI credential (if you have WLC sync with a PI).

CMX-P1-07Anyway in Presence, you should be able to work without PI, I will add controllers manually to CMX.

First you have to get CMX MAC address and SHA1 or SHA2 keys and configure them on your controllers. You can use”cmxctl config controllers show” and “cmxctl config controllers add” CLI command (Here is the 10.2 CLI Command Reference Guide).

[cmxadmin@cmx-p ~]$ cmxctl config controllers show
** To troubleshoot INACTIVE/INVALID controllers verify that: 

     1. the controller is reachable
     2. the controller's time is same or ahead of MSE time
     3. the SNMP port(161) is open on the controller
     4. the NMSP port(16113) is open on the controller
     5. the controller version is correct
     6. the correct key hash is pushed across to the controller by referring the following:

| MAC Address | xx:xx:xx:bb:1c:00                                                |
| SHA1 Key    | 9999999999999ead11d62dfa444c8e2396c668a4                         |
| SHA2 Key    | 999999999999999999999992f240ab651cf73b76903f218fb704e9ce8240d565 |

For AireOS controller, you require SNMP and NMSP communication between CMX & WLCs (Refer this post for how to configuring NMSP). You can CMX MAC & Keys as below. (Note that SHA2 support is only from AireOS 8.0.x onward)

(WLC) >config auth-list add sha256-lbs-ssc xx:xx:xx:bb:1c:00   99999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565

You can use “show auth-list” output to verify that CMX MAC address & SHA2 key listed there.

(WLC) >show auth-list 
Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
  AP with Manufacturing Installed Certificate.... yes
  AP with Self-Signed Certificate................ no
  AP with Locally Significant Certificate........ no

Mac Addr                  Cert Type    Key Hash
-----------------------   ----------   ------------------------------------------
xx:xx:xx:bb:1c:00         LBS-SSC-SHA256      99999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565

Below shows the CMX configuration to add AireOS WLC (I have already configured my WLC for SNMPv3 – Refer this post for more detail)

[cmxadmin@cmx-p ~]$ cmxctl config controllers add
Please enter controller type [WLC / NGWC] [WLC]: 
Please enter controller IP: x.x.7.249
Please enter the controller image version [Optional]: 
Please enter controller SNMP version [v1 / v2c / v3] [v2c]: v3
Please enter the username: prime2
Please enter the auth type [none / hmacmd5 / hmacsha] [hmacsha]: 
Please enter the auth password: xxxx
Please enter the privacy type [none / des / aescfb128] [aescfb128]: 
Please enter the privacy password: xxxx
Controller Added x.x.7.249

In IOS WLCs, you can  do that as shown below. Once you enable NMSP you simply need to add CMX MAC address as username with SHA2 key as password.

nmsp enable
username xxxxxxbb1c00 mac aaa attribute list CMX-P
aaa attribute list CMX-P
 attribute type password 999999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565

In CMX, you can add a NGWC (5760/3850/3560/etc) as shown below.

[cmxadmin@cmx-p ~]$ cmxctl config controllers add
Please enter controller type [WLC / NGWC] [WLC]: NGWC
Please enter controller IP: x.x.49.1
Please enter the controller image version [Optional]: 
Please enter telnet username: admin
Please enter telnet password: xxxx
Please enter telnet enable password: xxxx
Controller Added x.x.49.1

You can verify the configured controller status using “cmxctl config controllers show” command.

[cmxadmin@cmx-p ~]$ cmxctl config controllers show
| IP Address   | Type | Version     | SHA2 | Status |
| x.x.x.35 | WLC  |  | No   | ACTIVE |
| x.x.6.244  | WLC  |   | Yes  | ACTIVE |
| x.x.32.32 | NGWC | 7.0.999.999 | Yes  | ACTIVE |
| x.x.32.31 | NGWC | 7.0.999.999 | Yes  | ACTIVE |
| x.x.0.183   | WLC  |   | Yes  | ACTIVE |
| x.x.0.186   | WLC  |   | Yes  | ACTIVE |
| x.x.32.26 | NGWC | 03.06.03E   | Yes  | ACTIVE |
| x.x.32.25 | NGWC | 7.0.999.999 | Yes  | ACTIVE |
| x.x.49.1  | NGWC | 7.0.999.999 | Yes  | ACTIVE |

Note that CMX 10.2 is not compatible with current NGWC software codes (at least with 3.6.3E which I am running). Even though above indicate all good, I was unable to get those 3850 managed APs onto CMX. May be upcoming release may address it :shock:

Once your WLCs added, you can log onto CMX GUI (https://cmx-ip) and do your presence analytic. (default admin/admin unless you have change it during initial setup).

You can manage licenses/users/notifications in “MANAGE” page.

CMX-P1-14CMX comes with 120 day evaluation license for both CMX Base and CMX advance license for 100 AP.(Refer CMX 10.x ordering & license guide for more detail). If you already have MSE 7.4/CMX8.x you can move those license across to CMX 10.2

CMX Base license provides the following services:
1. Location: The ability to determine the location of Wi-Fi clients, Bluetooth low     energy (BLE) beacons, devices, and RFID tags. Includes tracking devices using FastLocate or Hyperlocation
2. CMX Connect: Visitor Wi-Fi onboarding platform
3.  APIs: Third-party integration using standard REST APIs

CMX Advanced license provides the following services:
1.  Includes all the CMX Base services – Location, APIs, CMX Connect
2.  CMX Location Analytics
3.  CMX Presence Analytics

Note: CMX Analytics and CMX Presence Analytics cannot be used simultaneously. A CMX instance will use either location or presence.

In the “Users” section, you can create different users and assigned them a specific role.


You can click on “Manage” under “PRESENCE ANALYTICS” to configure your sites, add APs to your sites & other related configurations.

CMX-P1-08You can create site individually (if you have small number of sites), otherwise you can import your site-list from a CSV file. Required format already available in information icon as shown below.

CMX-P1-09Once you create your sites, you should be able to map your AP onto those sites. You can do that in “Access Points” menu by filtering your AP and adding to a configured site.

CMX-P1-10You can create site group (if you create site for each building, then site group may useful to analyze all of those buildings WiFi users’ presence stats). Once you done all those, you can go to specific site and get some WiFi presence Analytics (total visitors, average dwell-time, peak hour stats, top device vendor,etc)

CMX-P1-11You can use “CONNECT & ENGAGE” settings to create portal for your visitors (public guest users) based on sites you created.

CMX-P1-12From the “SYSTEM” menu you can monitor your CMX system performance.

CMX-P1-15In next post, we will see how “CMX-Location” service setup and its features. This require Cisco Prime Infrastructure with updated maps.


  1. Cisco CMX 10.2 and Location Update (Wireless Field Day 8 – Oct 2015)
  2. BRKEWN-2012 – Connected Mobile Experiences (CMX) – CiscoLive 2015 San Diego
  3. Connect Mobile Experience – Cisco Docs
  4. CMX Configuration Guides

Related Posts

  1. What is NMSP
  2. MSE 8.0 Upgrade
  3. Configuring SNMPv3

Get every new post delivered to your Inbox.

Join 638 other followers