Cisco CMX (10.2) – Part 2


, , , ,

In this post we will go through the CMX 10.2 with Location Services (If you interest in CMX Presence refer this post). More specifically CMX location provide following services

  1. Detecgt & Locate (Location of wireless devices)
  2. Analytics (provide WiFi devices location analysis-eg device count,dwell time,path)
  3. Connect & Engage (location aware guest services- custom portal, facebook WiFi)

I have use MSE 3365 Appliances for this installation. Once you run the initial set up with basic network configurations through CIMC port. Refer CMX installation guide for detail steps.

Then you can go to https://cmx-ip:1984 to start CMX location installation.


You have to select “Location” as flavor of CMX


Then all required installation will take place.


Once finish, you will see all green icons. During the installation if you need you can view the output on console by clicking the “console” button as shown in the below.


Once you click “continue setup” you will be prompted to complete initial configuration required. You have to change GUI admin user password (default pw is admin) and import map & controller information using Prime Infrastructure (PI). Also you need to set up mail server information (if you do not have any you can configure & proceed)


Below shows if you want to imports map & controller using CLI. If you use file option, then you have to export maps from PI & then copy it across to CMX. I have used WinSCP to copy file to CMX.

[cmxadmin@cmx1 ~]$ cmxctl config maps import
Please specify import type [PI / FILE] [FILE]: file
Override the existing maps [yes/no] [yes]: yes
Import zones [yes/no] [no]: no
Please enter map import path: /home/cmxadmin/ImportExport_c23a1efd5049eb78.tar.gz

Imported /home/cmxadmin/ImportExport_c23a1efd5049eb78.tar.gz

Here is how you can import controllers to CMX using  CLI.

[cmxadmin@cmx1 ~]$ cmxctl config controllers import
Please specify import type [PI / FILE] [FILE]: PI
Please enter PI ip address: x.x.32.32
Please enter PI username [root]: root
Please enter PI password [Public123]: xxxx

Import successfully started from PI x.x.32.32. Check import status using cmxctl config import status.

[cmxadmin@cmx1 ~]$ cmxctl config import status

Imported from PI x.x.32.32
Controller import status: IN_PROGRESS, last message: Imported 2 controllers, last updated: Jun 08 2016, 10:39
Map import status: NOT_STARTED, last message: None, last updated: Jun 08 2016, 10:39

Imported from PI x.x.32.32
Controller import status: COMPLETED, last message: Imported 20 controllers, last updated: Jun 08 2016, 10:41
Map import status: NOT_STARTED, last message: None, last updated: Jun 08 2016, 10:39

Even you added controllers info from PI, it does not mean CMX can get location info from WLCs directly. You have to allow CMX to talk to WLC using NMSP. You can verify WLC status in CMX using below command.

[cmxadmin@cmx1 ~]$ cmxctl config controllers show
| IP Address | Type | Version | SHA2 | Status |
| x.x.32.28 | NGWC | 7.0.999.999 | Yes | INVALID |
| x.x.7.245 | WLC | | Yes | INACTIVE |
| x.x.0.183 | WLC | | Yes | INACTIVE |
| x.x.32.30 | NGWC | 7.0.999.999 | Yes | INVALID |
| x.x.7.249 | WLC | | Yes | INACTIVE |
| x.x.0.200 | NGWC | 7.0.999.999 | Yes | INACTIVE |
| MAC Address | 00:c8:xx:xx:xx:e4 |
| SHA1 Key | xxxxxcaa6e921998c25dd0 |
| SHA2 Key | xxxxxxxf7554fb0bef32612e00205cb0e3d52 |

In order to allow CMX to get location info from WLCs you  have to add CMX as NMSP (refer this post for more detail). Below shows how you can do it using CLI on AireOS & IOS-XE based controllers.

Here is basic config on IOS-XE based controller (5760/3850)

nmsp enable
aaa attribute list <attribute_list_name>
attribute type password <SHA2_Key_of_CMX>
username <CMX-mac-without-colon> mac aaa attribute list <attribute_list_name>

Here is basic config on a AireOS controller

config auth-list add sha256-lbs-ssc <CMX_mac_with_colon> <SHA2_key_of_CMX>
save config

Once you do that you will see that controllers status become active in CMX

[cmxadmin@cmx1 ~]$ cmxctl config controllers show
| IP Address | Type | Version | SHA2 | Status |
| x.x.32.28 | NGWC | 7.0.999.999 | Yes | INVALID |
| x.x.7.245 | WLC | | No | ACTIVE |
| x.x.0.183 | WLC | | No | ACTIVE |
| x.x.32.30 | NGWC | 7.0.999.999 | Yes | INVALID |
| x.x.7.249 | WLC | | No | ACTIVE |
| x.x.0.200 | NGWC | 7.0.999.999 | Yes | ACTIVE |

Once this done, you can access the CMX using https://<cmx_ip&gt;. Default username/password is admin/admin. As you can see there are 5 main tabs for “Detect & Locate”, “Analytics”, “Connect & Engage”, “Manage” & “System” options.


By going to “Manage” section, you can create zones,add license, manage users, verticalization, notification & BLE beacon related configurations.

You can create Zones within your building floors in order to analyze  you wifi devices location movement more granular. Below shows an example creating  a new Zone on a floor.


You can upload licenses to your CMX system using “Manage > Licenses” page as shown below. You require CMX Advanced licenses for Analytics. Note that you get 120 days evaluation licenses (x 100 AP) for both CMX Base & Advanced.


Using notification menu, you can set up notification for your own application or 3rd party applications. This feature support following

  • HTTP receiver
  • MAC address scrambling
  • JSON & XML message format
  • Stream notification for RSSI tag
  • NW configuration change notification
  • REST notification over HTTPS


To better utilize CMX in your environment, it is recommend to pick the correct market vertical your business operate in. In this way CMX analytics will create some reports automatically with most important metrics for your business vertical. I have selected “Education” in this setup.


Using “Detect & Locate” menu, you can view all wireless devices (AP, Clients, Rougue AP, BLE beacons) location in real time. Below shows an example where clients & AP locations are shown. If you need you can search for a specific device & playback client movement history as well.

Green dots – Connected clients
Red dots – Probing clients
Blue circle – Access Points

There are different filters available for get different views. There are  Heatmap(client device concentration),Zones,Access Points,Interferes, Beacons,tags, filters, exclusion/inclusion options available.


By using “Analytics” menu, you can run some location analytic reports.


Here is a sample of a location analytics report I have set up.


You can set up you own custom reports & add widgets on below parameters

  1. Visitors
  2. Average Dwell time
  3. Correlation
  4. Path
  5. Associatd Status
  6. Dwell Time Breakdown

Below shows how to create a custom report for path analysis. I have added 3 widgets to the same report.


Then you can modify each dash-let with buildings/floors you want focus & see what is path analysis looks like for those. You can schedule these reports to send via emails.


Using “Social” tab in Analytics page, you can  do social media analytics if you already integrate CMX with twitter.(I have not set this up)

Using “heatmap” option in the Analytics page, you can play back how client density varies during a period of time.CMX-L19

Connect & Engage” is allow you to create custom portal (location specific) or use Facebook WiFi authentication for Guest Services.

In “System” menu, you can perform system related tasks which includes Dashboard, Alerts, Patterns, Metrics & Inventory view of system.

*** Refer the CMX 10.2 Configuration guide for more details ***


  1. Cisco_CMX_Config_Guide_10.2
  2. CMX 10.2 CLI Command Reference

Get every new post delivered to your Inbox.

Join 839 other followers