Connected Mobile Experiences (CMX) is Cisco’s WiFi location analytic solution to provide a value-added and personalized user experience to WiFi users. If you are familiar with Cisco Mobility Service Engine (MSE), then CMX is the new brand name for that service with some improved features.
Below diagram summarize the CMX solution components
Specific to v10.x releases, Cisco has improved the scalability, performance of this platform compare to v8.x. Below is the architectural difference of those two versions.
Below diagram shows CMX 10.x components with more details
In this post we will look at “CMX Presence” and in next post we will look into “CMX – Location” Here is the CMX 10.2.0 Release notes which listed below new features .
- Presence Analytics (in CMX Prsence)
- Social Analytics (in CMX Location)
- Verticalization ( in CMX Location)
- HpeerLocation Module (in CMX Location with 10.2.1)
- CMX Fast Locate (in CMX Location with 10.2.1)
Pay attention to below details prior to move on to CMX 10.2
Once you install the CMX Application on either VM or Hardware (in my case I have used 3355 appliances), you can access GUI to install using https://cmx-ip:1984 as shown below.
You have to select either “Presence” or “Location” functionality. You cannot have both function in the same CMX instance. Also note that “Presence” service does not require any maps (Prime Infrastructure is not a requirement). So it is suited for customers that does not have many buildings/APs at given location, still they want to WiFi clients presence analytic.
Since I want to use this for “Presence” I have selected that option & continued. You will see below components get installed.
In the next Setup page, it is expected you to enter PI credential (if you have WLC sync with a PI).
Anyway in Presence, you should be able to work without PI, I will add controllers manually to CMX.
First you have to get CMX MAC address and SHA1 or SHA2 keys and configure them on your controllers. You can use”cmxctl config controllers show” and “cmxctl config controllers add” CLI command (Here is the 10.2 CLI Command Reference Guide).
[cmxadmin@cmx-p ~]$ cmxctl config controllers show ** To troubleshoot INACTIVE/INVALID controllers verify that: 1. the controller is reachable 2. the controller's time is same or ahead of MSE time 3. the SNMP port(161) is open on the controller 4. the NMSP port(16113) is open on the controller 5. the controller version is correct 6. the correct key hash is pushed across to the controller by referring the following: +-------------+------------------------------------------------------------------+ | MAC Address | xx:xx:xx:bb:1c:00 | +-------------+------------------------------------------------------------------+ | SHA1 Key | 9999999999999ead11d62dfa444c8e2396c668a4 | +-------------+------------------------------------------------------------------+ | SHA2 Key | 999999999999999999999992f240ab651cf73b76903f218fb704e9ce8240d565 | +-------------+------------------------------------------------------------------+
For AireOS controller, you require SNMP and NMSP communication between CMX & WLCs (Refer this post for how to configuring NMSP). You can CMX MAC & Keys as below. (Note that SHA2 support is only from AireOS 8.0.x onward)
(WLC) >config auth-list add sha256-lbs-ssc xx:xx:xx:bb:1c:00 99999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565
You can use “show auth-list” output to verify that CMX MAC address & SHA2 key listed there.
(WLC) >show auth-list Authorize MIC APs against Auth-list or AAA ...... disabled Authorize LSC APs against Auth-List ............. disabled APs Allowed to Join AP with Manufacturing Installed Certificate.... yes AP with Self-Signed Certificate................ no AP with Locally Significant Certificate........ no Mac Addr Cert Type Key Hash ----------------------- ---------- ------------------------------------------ xx:xx:xx:bb:1c:00 LBS-SSC-SHA256 99999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565
Below shows the CMX configuration to add AireOS WLC (I have already configured my WLC for SNMPv3 – Refer this post for more detail)
[cmxadmin@cmx-p ~]$ cmxctl config controllers add Please enter controller type [WLC / NGWC] [WLC]: Please enter controller IP: x.x.7.249 Please enter the controller image version [Optional]: Please enter controller SNMP version [v1 / v2c / v3] [v2c]: v3 Please enter the username: prime2 Please enter the auth type [none / hmacmd5 / hmacsha] [hmacsha]: Please enter the auth password: xxxx Please enter the privacy type [none / des / aescfb128] [aescfb128]: Please enter the privacy password: xxxx . Controller Added x.x.7.249
In IOS WLCs, you can do that as shown below. Once you enable NMSP you simply need to add CMX MAC address as username with SHA2 key as password.
nmsp enable username xxxxxxbb1c00 mac aaa attribute list CMX-P aaa attribute list CMX-P attribute type password 999999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565
In CMX, you can add a NGWC (5760/3850/3560/etc) as shown below.
[cmxadmin@cmx-p ~]$ cmxctl config controllers add Please enter controller type [WLC / NGWC] [WLC]: NGWC Please enter controller IP: x.x.49.1 Please enter the controller image version [Optional]: Please enter telnet username: admin Please enter telnet password: xxxx Please enter telnet enable password: xxxx . Controller Added x.x.49.1
You can verify the configured controller status using “cmxctl config controllers show” command.
[cmxadmin@cmx-p ~]$ cmxctl config controllers show
+--------------+------+-------------+------+--------+
| IP Address | Type | Version | SHA2 | Status |
+--------------+------+-------------+------+--------+
| x.x.x.35 | WLC | 7.6.130.26 | No | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.6.244 | WLC | 8.0.120.0 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.32 | NGWC | 7.0.999.999 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.31 | NGWC | 7.0.999.999 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.0.183 | WLC | 8.0.120.0 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.0.186 | WLC | 8.0.120.0 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.26 | NGWC | 03.06.03E | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.25 | NGWC | 7.0.999.999 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.49.1 | NGWC | 7.0.999.999 | Yes | ACTIVE |
+--------------+------+-------------+------+--------+
Note that CMX 10.2 is not compatible with current NGWC software codes (at least with 3.6.3E which I am running). Even though above indicate all good, I was unable to get those 3850 managed APs onto CMX. May be upcoming release may address it 😯
Once your WLCs added, you can log onto CMX GUI (https://cmx-ip) and do your presence analytic. (default admin/admin unless you have change it during initial setup).
You can manage licenses/users/notifications in “MANAGE” page.
CMX comes with 120 day evaluation license for both CMX Base and CMX advance license for 100 AP.(Refer CMX 10.x ordering & license guide for more detail). If you already have MSE 7.4/CMX8.x you can move those license across to CMX 10.2
CMX Base license provides the following services:
1. Location: The ability to determine the location of Wi-Fi clients, Bluetooth low energy (BLE) beacons, devices, and RFID tags. Includes tracking devices using FastLocate or Hyperlocation
2. CMX Connect: Visitor Wi-Fi onboarding platform
3. APIs: Third-party integration using standard REST APIs
CMX Advanced license provides the following services:
1. Includes all the CMX Base services – Location, APIs, CMX Connect
2. CMX Location Analytics
3. CMX Presence Analytics
Note: CMX Analytics and CMX Presence Analytics cannot be used simultaneously. A CMX instance will use either location or presence.
In the “Users” section, you can create different users and assigned them a specific role.
You can click on “Manage” under “PRESENCE ANALYTICS” to configure your sites, add APs to your sites & other related configurations.
You can create site individually (if you have small number of sites), otherwise you can import your site-list from a CSV file. Required format already available in information icon as shown below.
Once you create your sites, you should be able to map your AP onto those sites. You can do that in “Access Points” menu by filtering your AP and adding to a configured site.
You can create site group (if you create site for each building, then site group may useful to analyze all of those buildings WiFi users’ presence stats). Once you done all those, you can go to specific site and get some WiFi presence Analytics (total visitors, average dwell-time, peak hour stats, top device vendor,etc)
You can use “CONNECT & ENGAGE” settings to create portal for your visitors (public guest users) based on sites you created.
From the “SYSTEM” menu you can monitor your CMX system performance.
In next post, we will see how “CMX-Location” service setup and its features. This require Cisco Prime Infrastructure with updated maps.
References
- Cisco CMX 10.2 and Location Update (Wireless Field Day 8 – Oct 2015)
- BRKEWN-2012 – Connected Mobile Experiences (CMX) – CiscoLive 2015 San Diego
- Connect Mobile Experience – Cisco Docs
- CMX Configuration Guides
mrn-cciew 
Hi Rasika,
Really nice post!
two questions 🙂
what’s your suggestion about the design of the infrastructure?
That’s what I tough
internal WLC+MSE -> FW -> anchor WLC -> FW -> internet
but MSE has just one interface and all the traffic is going through the port 80 and 443 so if i allow traffic to those ports my guests can see all the welcome screen of the mse portal… I installed the version 10.2.0 and with this setup I got the following error which i posted on cisco forum
https://supportforums.cisco.com/discussion/12620276/mse-102-redirect-fail-https
Hi
I have replied to this thread.
Are you running WLC 8.0.x or higher software. If not try that first
HTH
Rasika
OK then I will keep this on the cisco forum
Thanks again for the help!
Very helpful article.
Thank you
Nice article and good explanations. Have you seen the example video Deakin have produced with CMX?
http://www.cisco.com/c/en/us/solutions/enterprise-networks/connected-mobile-experiences/deakin-university-connected-mobile-experiences-prototypehd.html
I enjoy reading your articles.
Yes Dan, I have seen this.
Good to see you make use of this CMX to enhance user experience.
Rasika
Hi I am trying to setup CMX10.2 for location only but I see issue between WLC and CMX. WLC is in inactive state. I have check ntp, snmp and all parameters but still status is inactive. tried deleting and re-adding it on both side but it did not help.
[cmxadmin@localhost ~]$ cmxctl config controllers show
+————+——+———–+——+———-+
| IP Address | Type | Version | SHA2 | Status |
+————+——+———–+——+———-+
| 10.36.0.11 | WLC | 8.0.120.0 | Yes | INACTIVE |
+————+——+———–+——+———-+
(WLC-01) >show auth-list
Authorize MIC APs against Auth-list or AAA …… disabled
Authorize LSC APs against Auth-List …………. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate…. yes
AP with Self-Signed Certificate……………. no
AP with Locally Significant Certificate…….. no
Mac Addr Cert Type Key Hash
———————– ———- ——————————————
00:0c:29:97:a8:49 LBS-SSC-SHA256 0e6a2f86d81a2634c3d7686059e9689282104179798d6d1c6e4674376da3fe16
any idea what else it could make the inactive. I am running 8.0.120.0 on cisco 5508 WLC.
Does this SNMP string has R/W permission ?
its working now. I had changed snmp from v2c to v3 then it started working. Thanks for your help and support.
Nice to hear that
Need to delete maps for new AP count tried “cmxctl config maps delete System Campus SLC !st floor” it comes back with a syntax error. How to you put in the campus building and floor argument? it does not like the ! mark in place of a one but, unfortunately that is how it got added.
Hi i´m using cmx 10.2, prime 3.0 and a wlc 7.6 everithing was working fine but now am staring to have some issues, the controller in CMX goes from active to inactive in a few seconds and i can not see any data on the detect and located screen
any idea what could be happend?
Best avenue to troubleshoot this is via TAC. Open a case & see how it goes.
HTH
Rasika
Solved!
I have got the same problem. To solve it I enabled used SNMPv2c with Read-Write credentials on WLC. And it become active, started display access point in the map and user.
Thanks Alex
hi rasika
inside in Prime 3.0 cannot connect mse
No response from Server. It may be unreachable, or server is down or HTTPS connection to server failed.
please help me
There is no such integration with Prime on MSE 10.2. So you do not want to add your MSE on PI
HTH
Rasika
but I need to import map to CMX
That you will do on CMX end only, give prime credential when configuring it on CMX.
inbox
please you have a mail for contact
mrncciew@gmail.com
Are you planning write up on CMX location service as state on this article ? if so when?
I will be working on production CMX deployment in April/May, I will complete the part 2 in that time frame.
Thanks so much for sharing this awesome info! I am looking forward to see more posts by you!
Hi
Since early 2015, I have been slowed down, even I could not believe sometime. Most of those energy gone to develop “mindfulness skills” 🙂
Anyway I’ll try to blog about things I am learning in WiFi space
Thanks
Rasika
When i install cmx 10.2 and on function Presence . Can i switch to fanction Location later ?
No you cannot, you need to have two instances. One for Presense & one for Location if you like information presented in both.
HTH
Rasika
My WLC running 8.1.131.10 is connected to my CMX location server running 10.2.1 but always shows inactive when connected to the CMX Presense 10.2.1 server. No matter how many times I verify SNMP connectivity between WLC and CMX, the WLC always show inactive. Deleting the controller and starting over does not seem to help neither does restarting the CMX services. What is the procedures for fixing this
Pls reach TAC & see, they may able to find exact cause for this.
Hi Nayarasi,
Thank you so much for such a great post.,
I am new to MSE, I got a task to install CMX 10.2 on vmware and configure Location
based on your post I have configured controller and is active now.(configured in GUI )
I cant import maps in Jpeg format in GUI and i got this error “CMX: System error” . please advise if any other format i have to use for maps.
also, I need to configure “Location” and i don’t find any useful docs/link for the same ,
Kindly share the doc if you have ?
Thank you very much
Sathish
Do you have Cisco Prime infrastructure? Usually maps uploaded via Prime for CMX location
HTH
Rasika
Good job, waiting for part 2 🙂
BTW. Is PI required only for maps import (uploading maps to PI, calibrate and then add existing APs) or should it be constantly connected to CMX?
With CMX 10.2.x , integration with PI is broken.
You would expect location based reporting can be executed on PI, but it is broken.
So at this stage primary use of PI is to upload maps, controller info CMX
HTH
Rasika
Hi Rasika,
Do you have the installation guide to upgrade a MSE 3355 running 8.0.130 to CMX 10.2?
Thanks,
Koevi
No upgrade path.
I replied to your thread on CSC
Cheers
Rasika
Hi Rasika,
How we can import maps individually to CMX 10.2 as we have export maps from old MSE 7.0 and need to import same one in CMX 10.2.
We don’t have Prime Infrastructure in our network.
Thanks in advance.
I do not think this is supported. As far as I know maps has to be exported from Prime Infrastructure.
HTH
Rasika
Thanks Rasika for reply. Currently we have selected Presence services and we need to configure connect experience with Facebook wifi. I have followed all steps mentioned in below link
(http://www.cisco.com/c/en/us/td/docs/wireless/mse/10-2/cmx_config/b_cg_cmx102/the_cisco_cmx_connect_and_engage_service.html)
But when we tried to assign default Facebook WIFI its stucked on paring and giving “error server was unable to verify gateway with facebook please check logs”
Can you help me on the same.?
Thanks in advance
You may need to reach TAC for support. I haven’t done this & difficult to assist
HTH
Rasika
hi rasika,
you have some tips or know of any cisco document that allows me to advise me precisely to review regarding the location.
I need to improve patterns rrm in 5GHz i works an APP dedicated iphone only first
if pass DEMO i works above App in android or another S.O
I require assistance regarding the proper radio settings need location
i have:
MSE 10.2.322
PI 3.1.0.0.132
WLC AS_5500_8_2_102_125
AP 3702 with HALO v2
Angle 180° in Prime coordinate plane,
elevation 0
Hi rasika ,
Thanks for this wonderful blog its really helping us ..
Actually we have configured with location service , and imported all floor maps. Now i am struggling to get live logs in activity map , currently no client and AP are visible .
So for that am I need to enable NMSP and add CMX MAC address as username with SHA2 key as password.
So can you help me how to find CMX mac address and SHA2 key to add it on controller.
Thanks in advance
If you use this command on CMX-CLI, you should able to see it
cmxctl config controllers show
HTH
Rasika
Hi Rasika,
I have tried with same command , its only showing below output
————–+——+————-+——+——–+
| IP Address | Type | Version | SHA2 | Status |
+————–+——+————-+——+——–+
| x.x.x.x | WLC | 8.1.131.0 | Yes | ACTIVE |
+————–+——+————-+——+——–+
I am not able to see mac address and SHA Key , can you help on the same.
Thanks in advance..
Hi Rasika,
Great post, lot of learning.
After i logged in, i clicked “location” and it took me to 2nd page where components were installed. Later i shutdown the server because i wanted to configure it later.
Now when i have powered on server, i think i am somewhere in configuration of “location” services (i think from where i left before). How do i go back to initial screen where you choose between “Presence” and “location” ? I want to try “Presence” services first.
Thanks
Khawar
Hi Khawar,
You have to do a fresh installation again, then only you can choose between “Presence” or “Location”. Once you select it, there is no way to go back & change.
HTH
Rasika
oh noooo….
Thanks Rasika for your quick reply.
Hi Rasika,
Do i have to factory reset the box ? Like begin from very start (configure CIMC and then run setup) ?
No, if you have set up the CIMC port,then you can launch KVM console via that. You can boot from .iso file.
HTH
Rasika
Hello, I am having difficulty with NMSP, controller from CMX is reachable, SNMP RW is also working and mac address with has in on WLC, NTP is also working fine . but once I checked netstat on CMX I see [cmxadmin@localhost ~]$ netstat -a | grep 16113
getnameinfo failed
getnameinfo failed
Could you help me out?
what version of CMX you running ? Is it a consistent issue or happening time to time ?
Rasika