Tags
In this post we will go through the CMX 10.2 with Location Services (If you interest in CMX Presence refer this post). More specifically CMX location provide following services
- Detecgt & Locate (Location of wireless devices)
- Analytics (provide WiFi devices location analysis-eg device count,dwell time,path)
- Connect & Engage (location aware guest services- custom portal, facebook WiFi)
I have use MSE 3365 Appliances for this installation. Once you run the initial set up with basic network configurations through CIMC port. Refer CMX installation guide for detail steps.
Then you can go to https://cmx-ip:1984 to start CMX location installation.
You have to select “Location” as flavor of CMX
Then all required installation will take place.
Once finish, you will see all green icons. During the installation if you need you can view the output on console by clicking the “console” button as shown in the below.
Once you click “continue setup” you will be prompted to complete initial configuration required. You have to change GUI admin user password (default pw is admin) and import map & controller information using Prime Infrastructure (PI). Also you need to set up mail server information (if you do not have any you can configure 127.0.0.1 & proceed)
Below shows if you want to imports map & controller using CLI. If you use file option, then you have to export maps from PI & then copy it across to CMX. I have used WinSCP to copy file to CMX.
[cmxadmin@cmx1 ~]$ cmxctl config maps import Please specify import type [PI / FILE] [FILE]: file Override the existing maps [yes/no] [yes]: yes Import zones [yes/no] [no]: no Please enter map import path: /home/cmxadmin/ImportExport_c23a1efd5049eb78.tar.gz Imported /home/cmxadmin/ImportExport_c23a1efd5049eb78.tar.gz
Here is how you can import controllers to CMX using CLI.
[cmxadmin@cmx1 ~]$ cmxctl config controllers import Please specify import type [PI / FILE] [FILE]: PI Please enter PI ip address: x.x.32.32 Please enter PI username [root]: root Please enter PI password [Public123]: xxxx Import successfully started from PI x.x.32.32. Check import status using cmxctl config import status. [cmxadmin@cmx1 ~]$ cmxctl config import status Imported from PI x.x.32.32 Controller import status: IN_PROGRESS, last message: Imported 2 controllers, last updated: Jun 08 2016, 10:39 Map import status: NOT_STARTED, last message: None, last updated: Jun 08 2016, 10:39 Imported from PI x.x.32.32 Controller import status: COMPLETED, last message: Imported 20 controllers, last updated: Jun 08 2016, 10:41 Map import status: NOT_STARTED, last message: None, last updated: Jun 08 2016, 10:39
Even you added controllers info from PI, it does not mean CMX can get location info from WLCs directly. You have to allow CMX to talk to WLC using NMSP. You can verify WLC status in CMX using below command.
[cmxadmin@cmx1 ~]$ cmxctl config controllers show +--------------+------+-------------------+------+----------+ | IP Address | Type | Version | SHA2 | Status | +--------------+------+-------------------+------+----------+ | x.x.32.28 | NGWC | 7.0.999.999 | Yes | INVALID | +--------------+------+-------------------+------+----------+ | x.x.7.245 | WLC | 8.0.134.13 | Yes | INACTIVE | +--------------+------+-------------------+------+----------+ | x.x.0.183 | WLC | 8.1.131.18 | Yes | INACTIVE | +--------------+------+-------------------+------+----------+ | x.x.32.30 | NGWC | 7.0.999.999 | Yes | INVALID | +--------------+------+-------------------+------+----------+ | x.x.7.249 | WLC | 8.1.131.18 | Yes | INACTIVE | +--------------+------+-------------------+------+----------+ | x.x.0.200 | NGWC | 7.0.999.999 | Yes | INACTIVE | +-------------+------------------------------------------------------------------+ | MAC Address | 00:c8:xx:xx:xx:e4 | +-------------+------------------------------------------------------------------+ | SHA1 Key | xxxxxcaa6e921998c25dd0 | +-------------+------------------------------------------------------------------+ | SHA2 Key | xxxxxxxf7554fb0bef32612e00205cb0e3d52 | +-------------+------------------------------------------------------------------+
In order to allow CMX to get location info from WLCs you have to add CMX as NMSP (refer this post for more detail). Below shows how you can do it using CLI on AireOS & IOS-XE based controllers.
Here is basic config on IOS-XE based controller (5760/3850)
nmsp enable aaa attribute list <attribute_list_name> attribute type password <SHA2_Key_of_CMX> username <CMX-mac-without-colon> mac aaa attribute list <attribute_list_name>
Here is basic config on a AireOS controller
config auth-list add sha256-lbs-ssc <CMX_mac_with_colon> <SHA2_key_of_CMX> save config y
Once you do that you will see that controllers status become active in CMX
[cmxadmin@cmx1 ~]$ cmxctl config controllers show +--------------+------+-------------+------+----------+ | IP Address | Type | Version | SHA2 | Status | +--------------+------+-------------+------+----------+ | x.x.32.28 | NGWC | 7.0.999.999 | Yes | INVALID | +--------------+------+-------------+------+----------+ | x.x.7.245 | WLC | 8.0.134.13 | No | ACTIVE | +--------------+------+-------------+------+----------+ | x.x.0.183 | WLC | 8.1.131.18 | No | ACTIVE | +--------------+------+-------------+------+----------+ | x.x.32.30 | NGWC | 7.0.999.999 | Yes | INVALID | +--------------+------+-------------+------+----------+ | x.x.7.249 | WLC | 8.1.131.18 | No | ACTIVE | +--------------+------+-------------+------+----------+ | x.x.0.200 | NGWC | 7.0.999.999 | Yes | ACTIVE |
Once this done, you can access the CMX using https://<cmx_ip>. Default username/password is admin/admin. As you can see there are 5 main tabs for “Detect & Locate”, “Analytics”, “Connect & Engage”, “Manage” & “System” options.
By going to “Manage” section, you can create zones,add license, manage users, verticalization, notification & BLE beacon related configurations.
You can create Zones within your building floors in order to analyze you wifi devices location movement more granular. Below shows an example creating a new Zone on a floor.
You can upload licenses to your CMX system using “Manage > Licenses” page as shown below. You require CMX Advanced licenses for Analytics. Note that you get 120 days evaluation licenses (x 100 AP) for both CMX Base & Advanced.
Using notification menu, you can set up notification for your own application or 3rd party applications. This feature support following
- HTTP receiver
- MAC address scrambling
- JSON & XML message format
- Stream notification for RSSI tag
- NW configuration change notification
- REST notification over HTTPS
To better utilize CMX in your environment, it is recommend to pick the correct market vertical your business operate in. In this way CMX analytics will create some reports automatically with most important metrics for your business vertical. I have selected “Education” in this setup.
Using “Detect & Locate” menu, you can view all wireless devices (AP, Clients, Rougue AP, BLE beacons) location in real time. Below shows an example where clients & AP locations are shown. If you need you can search for a specific device & playback client movement history as well.
Green dots – Connected clients
Red dots – Probing clients
Blue circle – Access Points
There are different filters available for get different views. There are Heatmap(client device concentration),Zones,Access Points,Interferes, Beacons,tags, filters, exclusion/inclusion options available.
By using “Analytics” menu, you can run some location analytic reports.
Here is a sample of a location analytics report I have set up.
You can set up you own custom reports & add widgets on below parameters
- Visitors
- Average Dwell time
- Correlation
- Path
- Associatd Status
- Dwell Time Breakdown
Below shows how to create a custom report for path analysis. I have added 3 widgets to the same report.
Then you can modify each dash-let with buildings/floors you want focus & see what is path analysis looks like for those. You can schedule these reports to send via emails.
Using “Social” tab in Analytics page, you can do social media analytics if you already integrate CMX with twitter.(I have not set this up)
Using “heatmap” option in the Analytics page, you can play back how client density varies during a period of time.
“Connect & Engage” is allow you to create custom portal (location specific) or use Facebook WiFi authentication for Guest Services.
In “System” menu, you can perform system related tasks which includes Dashboard, Alerts, Patterns, Metrics & Inventory view of system.
*** Refer the CMX 10.2 Configuration guide for more details ***
mrn-cciew 
Hey,
As usual, great blog 😊
Just a couple of questions:
which browser did you used? first time I tried with chrome and failed. Had to reboot the vm and install the cmx with firefox.
which PI are you using; 3.0? 3.1? I used 3.0 but I’m thinking to upgrade it to 3.1.
cheers,
Vasco
I used chrome Version 51.0.2704.84 m
I saw you need to use Chrome 50.x or above in Cisco documents
HTH
Rasika
Great Blog
Thanks Nathan..
hi nayarasi, please i need information or help for any question for deployment retail.
i need force or learn the hallways path inside the market
Hi Nayarasi,
This Blog is amazing and very useful!
I am from China, I found this blog once I browsed supportforums.cisco.com.
keeping update.
Could I ask a question about external web authentication?
Tks, yes post it on CIsco forum, so many others can help you & you will get faster response
Rasika
Actually , I had posted it one week ago but no one answer.
The WLC will intercept the usename and password to AAA server when using external portal rather then the external web sending failed or success message to WLC, is that right?
Hi Rasika ,
Currently we have configure Location service in CMX . As we are not having PI in our network we have exported all maps from existing WCS and import back in test setup PI. Same has been exported from PI and import back to CMX, then only all Maps are visible in CMX. But currently we are not able to see AP allocation and Real time user connection . Can you guide us how we can manually locate AP in map to get real time connection?
Thanks in advance..
Hi Rasika,
Any experience with PI 3.1? Do you know if has the same size issue with /opt partition?
We’re running 3.1 at our office but we only have 5 APs so there isn’t much to populate the db.
Regards,
Vasco
No I did not experience that issue with 3.1. Obviously I hv modified some of data retention defaults
Rasika
Ok, thanks.
I’m seeing some threads in the support community with some minor warning signs but still nothing regarding my main concern.
Let’s see if I can give my customer some good news…
Vasco
Hi Rasika,
Nice post.
I have 2 questions:
1) The CIMC IP address and CMX IP address could be from the same subnet or CIMC IP address should reside on management network.
2) Can you run both instances (presence and location) on same hardware appliance ?
Thanks
Tariq
Hi Tariq
1. I would put into different vlan.
2. Not possible as of today 10.2.x (may change in future)
HTH
Rasika
Legend, thanks Rasika.
Are you running both instances or just one ? I am just thinking which one will be more suitable in campus environment, is it worth getting both on 2 appliances (and secondary units as well for HA) ?
Thanks
Tariq
Location is the one you should have. There is no HA feature available in CMX 10.x
Rasika
hi nayarasi, do yo know if there is a way on cmx that can track a wifi device on the wireless network and notify a third party system about that wifi device has arrived and then when that same wifi device left? thank you!
Look for API integration with CMX. I believe this can be done, but haven’t play with any of API work with CMX
Rasika
Hi Rasika,
Great blog!
I am running into an issue here though. I have a brand new 3365. After I use https://192.168.8.101:1984 to upgrade to the latest version (10.2.2 – I need the hyper location feature), I can’t http into the CMX GUI interface. https://192.168.8.101 “refused to connect”. The pc and 3365 can ping each other happily. What could be wrong?
Thanks,
Yi
if you go to CLI & “cmxctl status” to ensure all services are running after the upgrade.
If you can see few services are not running you can “cmxctl stop -a” and “cmxctl start -a” to stop and start all services.
Give it a go and see
HTH
Rasika
Hello Rasika. I love your site. Very well done.
I have one question. Have you setup the CMX Facebook login before. I am wondering if you can supply more than one facebook accounts in one CMX box.
Can you add the CMX appliance into Prime the way you would add an MSE so there is a “single pane of glass” for users to administer? I tried adding the CMX platform under “Services -> Mobility Services Engines” but I keep getting an error that there is no response from the server.
Nope, CMX 10.x is not there yet 🙂
I have the same question
Cisco CMX cannot act as MSE and work with Prime 3. 1?
Handle wIPS?
No, CMX can’t do wIPS at the moment. Refer the release notes of CMX which listed limitations/ restriction.
You require MSE 8.x if you want those features.
HTH
Rasika
Hi
I had done the installation of 3365 and was able to login. CMX ver is 10.2.0 But when i try logging the next day its asking me to upgrade and i cannot do anything. when you login its landing on Upgrade page.
“An existing Cisco mobility instalation has been detected. You need to upgrade to newer version”
Does it prompt you to do the upgrade.If so go with it (10.2.3.x is the latest)
HTH
Rasika
First time you go to https://cmx-ip:1984 to complete initial configuration of cmx. Once that is done including upgrading code on it, you need to go to https://cmx-ip (without the :1984 bit). This will take you to normal login page where you can use admin account you created during initial configuration.
Thanks Khawar
hi
thanks for the info.
would like to know how to get the UDI for 3365 physical appliance to get license from cisco and i have add the map i can see APs on one floor but not on the other floor why is that
thank you
Verify NMSP is working properly between WLC & CMX
“cmxos inventory” is the command to verify UDI & Serial Number of CMX appliance or VM
HTH
Rasika
Hi,
the the PAK i got was node based so it was asking for UDI. So requested Cisco to regenerate it.
Use “cmxos inventory” command on CLI
HTH
Rasika
Hi
thanks for the response
but the format of UDI is as show below
Format: PID:Version:SN. Example: AIR-MSE-3365-K9:V01:FTX1311503C
but the out show as below
[cmxadmin@DH-MSE1 ~]$ cmxos inventory
UDI: AIR-MSE-3365-K9 Serial Number – FCHXXXXXXXX
Regards,
Prashanth
Thank you for this very good post.
The very first time I loaded the OVA everything worked. Then the password locked out. Even after trying to recover the password, it would not work. So, I reloaded the OVA.
Box came up, imported controllers- no maps. Found your very useful blog, went through trying to use PI & FILE, no maps.
Redeployed again because easy with snapshot and OVA. Same issue. We have a very large PI 3.1- so I tried exporting just a portion of the maps. I see it on the CMX via ls- and your instruction. No maps/presence.
We don’t have maintenance, but we have a Cisco team I can request help from. If you have any thoughts or suggestion that would be wonderful.
Thanks in advance,
Jamie
Added detail, I am able to connect to all of my controllers and import the APs.
Well– looking over your blog again, I did the “presence” not location. I also had a bad install trying to use IE over Chrome. Lessons learned. I can now add maps.
—
On a side note, it appears not all of my maps come through- I have a lot of pink floors. If you know a fix- super! 😉
When you import too many maps (for instance large campus), you will get to see some pink floors (with no walls, just a plain pink floor) due to a bug. I hit that bug and fixed it by upgrading CMX to 10.3 (it was released like a week ago).
Thanks for feedback Khawar, may be useful to many others (including me) who struggle with this platform 🙂
Hi Rasika,
Nice post!! 😀
I have a question for you? Do you have or know some procedure that you can share me to migrate existing licenses from a MSE 8.0.110.0 to a new CMX 10.2.2.-340?
Best regards.
I think you need to reach TAC to get this licence migrated
HTH
Rasika
Hi Rasika,
1. How have you divided your campus in to zones ?
2. For what applications (like way finding etc.) you are using CMX beside analytic reports
Thanks for the nice post. Really learnt from it which helped in configuring CMX.
Cheers
1. Initially thought adding all rooms.. it is well beyond 3K. Each of these CMX appliance has hard limit of 1100 zones/floors/buildings.
So had to rework how zones to be defined. Then mostly use teaching spaces, important area as zones instead of all rooms.
2. At the moment, do not have specific apps to use this information. It is in our plan to develop something to give end user the benefit of it.
HTH
Rasika
Thanks Rasika,
I am of the same opinion to create zones for class rooms and lecture theaters. I have started looking into some applications like Agile work spaces (find where free desk is, find where the person is on floor), how busy are classes after hours (so administration can keep them open, because library is bit far away), Open Day SSiD with FB login and few other applications. I will let you know if come across something interesting
Yes, pls share it. That would be really nice
Hi Rasika
Thanks for the detailed guide which was very helpful. I have MSE 8.0.100.0 and installed a CMX 10.3. Now I am trying to move the license from MSE 8.0 to CMX 10.3. How do I achieve this? What is the best way to do this?
Regards
Ashok
Hi Ashok,
I would suggest you to reach TAC (licensing) & get help on it
HTH
Rasika
Hi Rasika,
Can we disable the GUI for CMX without hampering the API calls?
And, can we monitor CMX through any NMS server like HP or CIsco Prime?
Regards
Dabas
I do not think you can disable GUI of CMX.
Regarding CMX monitoring, I think 10.3 onward, it is talking back to Prime. So CMX service availability should be able to monitor via Prime.
I haven’t play with 10.3 yet
Rasika
Hi Rasika,
I am completely new on this CMX thing, We got the CMX ova and install it, i added the wlc and it is in active state, so I need to add maps but i do not have prime, is there other way so i can add maps to cmx without cisco prime?
BR!
There is no way other than upload it via Prime. If you do not have Prime, I would suggest to go with CMX-Presence to get some statistics
HTH
Rasika
How can you change from Presence to Location after having installed Presence. We have Prime.
Regards
Ian
Hi Ian,
No, you can’t change it without re-installation
Rasika
how do we resintall can you please guide on this
How to find the serial number on CMX?? I used “cmxos inventory” but i got
“UDI: MSE Virtual Appliance” which didn’t work to install lic
Hello,
Could you do it?
Hi
i have brought up my CMX but during Location installation, it got stuck on the consul installation with errors. Please what is the next step to continue the installation
I would try fresh install, if same issue exist reach TAC
Rasika
Hi,
I have 2 questions regarding maps & APs location on maps.
1) After i import the maps to either CMX or PI, how APs will be located on the map to get actual heat-map? do i have to add them manually?
2) Is calibration has anything to do with identifying APs locations on the map or it is just for accuracy enhancement? When should i make calibration?
1. You have to import maps using Cisco Prime. Since you already placed AP in correct location on floor maps in Prime, CMX simply get accurate information about AP placement.
2. Calibration option also to be used when you imports maps from Cisco prime to CMX
HTH
Rasika
Dear Rasika
thank you for the updated.
Could you please to share with us when we need to do Calibration.
and if we have Basic location tracking license , if we must do the Calibration.
Thx
Hi Rasika
Can you have multiple SSIDs for connect portal? Say you have a floor or zone where you need 3 to 4 SSIDs which needs separate login portal via CMX. How do you achieve this? I am using CMX 10.3 and connect experiences dos not have option to configure portal per SSID.
Regards
Ashok
Hello Rasika,
I’ve MSE 3365 with CMX. During initail installation of CMX, Presence service was choosen by mistake instead of location service. How to roll that back in details, please?
Hi Omar,
In that case you have to re-install from fresh, there is no way you can change it later in your installation process
HTH
Rasika
Hi Rasika,
Thanks for the reply. Yes i understand that it should be a fresh installation. Should i look at the guides on which i load the ISO image to the MSE and go through these steps? Like as here: https://www.cisco.com/c/en/us/td/docs/wireless/mse/8-0/MSE_CMX/8_0_MSE_CAS/8_0_MSE_CAS_chapter_010010.html
Hi Nayarsi,
For me WLC still showing in inactive state. I have 4 wlc. 3 of them are having 8.5.140 and 1 is 8.0.140 Airos. The one who has old IOS is working fine and showing active.but eventhough with the same config all 3 controllers are showing inacitve. I have checked NTP is configured correctly. WLC are reachable to prime & CMX and vice versa. the only this is NMSP IP is not appering in all 3 wlc and i am not able to find the command to add it manually for 8.5.140 Airos.
Could you please help me what can be wrong here ?
Pls have a look in this post to see how you can add CMX NMSP connection to WLC (look 5508 configs in that post)
https://mrncciew.com/2014/09/25/what-is-nmsp/
HTH
Rasika
I am working with a CMX running 10.6. The maps are having problems rendering and come back with pink boxes. This was recently upgraded from 10.5.1 to 10.6 and the problem has gotten better, but is not gone. I found a bug that is similar and the workaround is
“Modify qSize in /opt/cmx/etc/configuration.threads under [image.tiler] section to 2000. Save the file and restart configuration server using ‘cmxctl configuration restart’. This will create the missing image tiles, might take few minutes to complete (less than 10 minutes).”
Any idea on how to do this? Is admin CLI access going to be enough?
Hi David,
My experience with 10.6.x is not good so far..I think best advise is to work with TAC on this case.
Rasika