Network Mobility Services Protocol
• Information About Network Mobility Services Protocol, on page 1
• Enabling NMSP on Premises Services, on page 2
• Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues , on page 2
• Modifying the NMSP Notification Threshold for Clients, RFID Tags, and Rogues, on page 3
• Configuring NMSP Strong Cipher, on page 4
• Verifying NMSP Settings, on page 4
• Examples: NMSP Settings Configuration, on page 6
• NMSP by AP Groups with Subscription List from CMX, on page 7
• Verifying NMSP by AP Groups with Subscription List from CMX, on page 7
• Probe RSSI Location, on page 8
• Configuring Probe RSSI , on page 9
• RFID Tag Support, on page 10
• Configuring RFID Tag Support, on page 11
• Verifying RFID Tag Support, on page 11
Information About Network Mobility Services Protocol
Cisco Network Mobility Services Protocol (NMSP) is a secure two-way protocol that can be run over a
connection-oriented (TLS) or HTTPS transport. The wireless infrastructure runs the NMSP server and Cisco
Connected Mobile Experiences (Cisco CMX) acts as an NMSP client. The controller supports multiple services
and multiple Cisco CMXs can connect to the NMSP server to get the data for the services (location of wireless
devices, probe RSSI, hyperlocation, wIPS, and so on.) over the NMSP or HTTPS session.
NMSP defines the intercommunication between Cisco CMX and the controller. Cisco CMX communicates
to the controller over a routed IP network. Both publish-subscribe and request-reply communication models
are supported. Typically, Cisco CMX establishes a subscription to receive services data from the controller
in the form of periodic updates. The controller acts as a data publisher, broadcasting services data to multiple
CMXs. Besides subscription, Cisco CMX can also send requests to the controller, causing the controller to
send a response back.
The following is a list of the Network Mobility Services Protocol features:
• NMSP is disabled by default.
• NMSP communicates with Cisco CMX using TCP, and uses TLS for encryption.
• Wireless intrusion prevention system (wIPS) is supported only over TCP and TLS.
Network Mobility Services Protocol
1
• Bidirectional communication is supported and Cisco CMX can send a message asynchronously over the
established channel.
HTTPS is not supported for data transport between controller and Cisco CMX.
Note
Enabling NMSP on Premises Services
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
Device# configure terminal
Enables NMSP on premises services.nmsp enable
Step 2
Example:
By default, the NMSP is enabled on the
controller.
Note
Device(config)# nmsp enable
Returns to privileged EXEC mode.
Alternatively, you can also press Ctrl-Z to exit
global configuration mode.
end
Example:
Device(config)# end
Step 3
Modifying the NMSP Notification Interval for Clients, RFID Tags,
and Rogues
NMSP manages communication between the Cisco Connected Mobile Experience (Cisco CMX) and the
controller for incoming and outgoing traffic. If your application requires more frequent location updates, you
can modify the NMSP notification interval (to a value between 1 and 180 seconds) for clients, active RFID
tags, and rogue access points and clients.
The TCP port (16113) that the controller and Cisco CMX communicate over must be open (not blocked) on
any firewall that exists between the controller and the Cisco CMX for NMSP to function.
Note
Network Mobility Services Protocol
2
Network Mobility Services Protocol
Enabling NMSP on Premises Services
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
Device# configure terminal
Sets the NMSP notification interval value for
clients, RFID tags, rogue clients, and access
points.
nmsp notification interval {rssi {clients | rf id
| rogues {ap | client } | spectrum interferers
} interval}
Step 2
Example:
interval-NMSP notification interval value, in
seconds for RSSI measurement. Valid range is
from 1 to 180.
Device(config)# nmsp notification
interval rssi rfid 50
Returns to privileged EXEC mode.
Alternatively, you can also press Ctrl-Z to exit
global configuration mode.
end
Example:
Device(config)# end
Step 3
Modifying the NMSP Notification Threshold for Clients, RFID
Tags, and Rogues
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
Device# configure terminal
Configures the NMSP notification threshold for
clients, RFID tags, rogue clients, and access
points.
location notify-threshold {clients | rogues ap
| tags } threshold
Example:
Step 2
threshold- RSSI threshold value in db. Valid
range is from 0 to 10, with a default value of
0..
Device(config)# location notify-threshold
clients 5
Returns to privileged EXEC mode.
Alternatively, you can also press Ctrl-Z to exit
global configuration mode.
end
Example:
Device(config)# end
Step 3
Network Mobility Services Protocol
3
Network Mobility Services Protocol
Modifying the NMSP Notification Threshold for Clients, RFID Tags, and Rogues
Configuring NMSP Strong Cipher
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
Device# configure terminal
Enable strong ciphers for NMSP server, which
contains
nmsp strong-cipher
Example:
Step 2
"ECDHE-RSA-AES128-GCM-SHA256:,
Device(config)# nmsp strong-cipher
ECDHE-ECDSA-AES128-GCM-SHA256:,
AES256-SHA256:AES256-SHA:, and
AES128-SHA256:AES128-SHA".
Normal cipher suite contains,
"ECDHE-RSA-AES128-GCM-SHA256:,
ECDHE-ECDSA-AES128-GCM-SHA256:,
and AES128-SHA".
Returns to privileged EXEC mode.
Alternatively, you can also press Ctrl-Z to exit
global configuration mode.
end
Example:
Device(config)# end
Step 3
Verifying NMSP Settings
To view the NMSP capabilities of the controller , use the following command:
Device# show nmsp capability
Service Subservice
-----------------------------
RSSI Rogue, Tags, Mobile Station,
Spectrum Aggregate Interferer, Air Quality, Interferer,
Info Rogue, Mobile Station,
Statistics Rogue, Tags, Mobile Station,
AP Monitor Subscription
On Demand Services Device Info
AP Info Subscription
To view the NMSP notification intervals, use the following command:
Device# show nmsp notification interval
NMSP Notification Intervals
---------------------------
RSSI Interval:
Client : 2 sec
RFID : 50 sec
Rogue AP : 2 sec
Rogue Client : 2 sec
Spectrum : 2 sec
Network Mobility Services Protocol
4
Network Mobility Services Protocol
Configuring NMSP Strong Cipher
To view the connection-specific statistics counters for all CMX connections, use the following command:
Device# show nmsp statistics connection
NMSP Connection Counters
------------------------
CMX IP Address: 10.22.244.31, Status: Active
State:
Connections : 1
Disconnections : 0
Rx Data Frames : 13
Tx Data Frames : 99244
Unsupported messages : 0
Rx Message Counters:
ID Name Count
----------------------------------------------
1 Echo Request 6076
7 Capability Notification 2
13 Measurement Request 5
16 Information Request 3
20 Statistics Request 2
30 Service Subscribe Request 1
Tx Message Counters:
ID Name Count
----------------------------------------------
2 Echo Response 6076
7 Capability Notification 1
14 Measurement Response 13
15 Measurement Notification 91120
17 Information Response 6
18 Information Notification 7492
21 Statistics Response 2
22 Statistics Notification 305
31 Service Subscribe Response 1
67 AP Info Notification 304
To view the common statistic counter of the controller 's NMSP service, use the following command:
Device# show nmsp statistics summary
NMSP Global Counters
--------------------
Number of restarts :
SSL Statistics
--------------------
Total amount of verifications : 6
Verification failures : 6
Verification success : 0
Amount of connections created : 8
Amount of connections closed : 7
Total amount of accept attempts : 8
Failures in accept : 0
Amount of successful accepts : 8
Amount of failed registrations : 0
AAA Statistics
--------------------
Total amount of AAA requests : 7
Failed to send requests : 0
Requests sent to AAA : 7
Responses from AAA : 7
Responses from AAA to validate : 7
Responses validate error : 6
Responses validate success : 1
Network Mobility Services Protocol
5
Network Mobility Services Protocol
Verifying NMSP Settings
To view the overall NMSP connections, use the following command:
Device# show nmsp status
NMSP Status
-----------
CMX IP Address Active Tx Echo Resp Rx Echo Req Tx Data Rx Data Transport
-----------------------------------------------------------------------------------------
127.0.0.1 Active 6 6 1 2 TLS
To view all mobility services subscribed by all CMXs, use the following command:
Device# show nmsp subscription detail
CMX IP address 127.0.0.1:
Service Subservice
-----------------------------
RSSI Rogue, Tags, Mobile Station,
Spectrum
Info Rogue, Mobile Station,
Statistics Tags, Mobile Station,
AP Info Subscription
To view all mobility services subscribed by a specific CMX, use the following command:
Device# show nmsp subscription detail <ip_addr>
CMX IP address 127.0.0.1:
Service Subservice
-----------------------------
RSSI Rogue, Tags, Mobile Station,
Spectrum
Info Rogue, Mobile Station,
Statistics Tags, Mobile Station,
AP Info Subscription
To view the overall mobility services subscribed by all CMXs, use the following command:
Device# show nmsp subscription summary
Service Subservice
-----------------------------
RSSI Rogue, Tags, Mobile Station,
Spectrum
Info Rogue, Mobile Station,
Statistics Tags, Mobile Station,
AP Info Subscription
Examples: NMSP Settings Configuration
This example shows how to configure the NMSP notification interval for RFID tags:
Device# configure terminal
Device(config)# nmsp notification interval rssi rfid 50
Device(config)# end
Device# show nmsp notification interval
This example shows how to configure the NMSP notification interval for clients:
Device# configure terminal
Device(config)# nmsp notification interval rssi clients 180
Device(config)# end
Device# show nmsp notification interval
Network Mobility Services Protocol
6
Network Mobility Services Protocol
Examples: NMSP Settings Configuration
NMSP by AP Groups with Subscription List from CMX
The Cisco CMX group support allows you to send only the required Network Mobility Services Protocol
(NMSP) data to Cisco CMX (applicable to both on-premises and cloud-based CMX). The Cisco CMX can
subscribe to NMSP data of specific APs or AP groups based on the active services in the wireless controller.
This feature helps in load balancing and optimizing the data flow load, when the APs are distributed across
different CMX servers. The Cisco CMX server creates a CMX AP group giving it a unique name and groups
the APs under it.
The Cisco CMX AP Group is the list of Cisco APs managed by the Cisco CMX for location services. This
AP group is not the same as the wireless controller AP group.
Note
This feature supports the following services:
• Client
• Probe client filtering
• Hyperlocation
• BLE Services
NMSP subscription is available only for those services that are in enabled state in the wireless controller.
Note
Verifying NMSP by AP Groups with Subscription List from CMX
To verify mobility services group subscription summary of all CMX connections, use the following command:
Device# show nmsp subscription group summary
CMX IP address: 127.0.0.1
Groups subscribed by this CMX server:
Group name: Group1
To view the services that are subscribed for an AP group by a CMX connection, use the following command:
Device# show nmsp subscription group details services group-name cmx-IP-addrress
CMX IP address: 127.0.0.1
CMX Group name: Group1
CMX Group filtered services:
Service Subservice
-----------------------------
RSSI Mobile Station,
Spectrum
Info
Statistics
Network Mobility Services Protocol
7
Network Mobility Services Protocol
NMSP by AP Groups with Subscription List from CMX
To view the AP MAC list that is subscribed for an AP group by a CMX connection, use the following command:
Device show nmsp subscription group detail ap-list group-name cmx-IP-addrress
CMX IP address: 127.0.0.1
CMX Group name: Group1
CMX Group AP MACs:
: 00:00:00:00:70:02 00:00:00:00:66:02 00:99:00:00:00:02 00:00:00:bb:00:02
00:00:00:00:55:02 00:00:00:00:50:02 00:33:00:00:00:02 00:d0:00:00:00:02
00:10:00:10:00:02 00:00:00:06:00:02 00:00:00:02:00:02 00:00:00:00:40:02
00:00:00:99:00:02 00:00:00:00:a0:02 00:00:77:00:00:02 00:22:00:00:00:02
00:00:00:00:00:92 00:00:00:00:00:82 00:00:00:00:03:02 aa:00:00:00:00:02
00:00:00:50:00:42 00:00:0d:00:00:02 00:00:00:00:00:32 00:00:00:cc:00:02
00:00:00:88:00:02 20:00:00:00:00:02 10:00:00:00:00:02 01:00:00:00:00:02
00:00:00:00:00:02 00:00:00:00:00:01 00:00:00:00:00:00
To view CMX-AP grouping details for all CMXs, use the following command:
Device# show nmsp subscription group detail all
CMX IP address: 127.0.0.1
Groups subscribed by this CMX server:
Group name: Group1
CMX Group filtered services:
Service Subservice
-----------------------------
RSSI Mobile Station,
Spectrum
Info
Statistics
CMX Group AP MACs:
: 00:00:00:00:00:03 00:00:00:00:00:02 00:00:00:00:00:01
Group name: Group2
CMX Group filtered services:
Service Subservice
-----------------------------
RSSI Tags,
Spectrum
Info
Statistics
CMX Group AP MACs:
: 00:00:00:00:03:00 00:00:00:00:02:00 00:00:00:00:01:00
Group name: Group3
CMX Group filtered services:
Service Subservice
-----------------------------
RSSI Rogue,
Spectrum
Info
Statistics
CMX Group AP MACs:
: 00:00:00:03:00:00 00:00:00:02:00:00 00:00:00:01:00:00
Probe RSSI Location
The Probe RSSI Location feature allows the wireless controller and Cisco CMX to support the following:
Network Mobility Services Protocol
8
Network Mobility Services Protocol
Probe RSSI Location
• Load balancing
• Coverage Hole detection
• Location updates to CMX
When a wireless client is enabled, it sends probe requests to identify the wireless networks in the vicinity and
also to find the received signal strength indication (RSSI) associated with the identified Service Set Identifiers
(SSIDs).
The wireless client periodically performs active scanning in background even after being connected to an
access point. This helps them to have an updated list of access points with best signal strength to connect.
When the wireless client can no longer connect to an access point, it uses the access point list stored to connect
to another access point that gives it the best signal strength. The access points in the WLAN gather these probe
requests, RSSI and MAC address of the wireless clients and forwards them to the wireless controller s. The
Cisco CMX gathers this data from the wireless controller and uses it to compute the updated location of the
wireless client when it roams across the network.
Configuring Probe RSSI
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
Device# configure terminal
Enables filtering of unacknowledged probe
requests from AP to improve the location
accuracy. Filtering is enabled by default.
wireless probe filter
Example:
Device(config)# wireless probe filter
Step 2
Use the no form of the command to disable the
feature. This will forward both acknowledged
and unacknowledged probe requests to the
controller.
Configures the number of probe request
reported to the wireless controller from the AP
for the same client on a given interval.
wireless probe limit limit-value interval
Example:
Device(config)# wireless probe limit 10
100
Step 3
Use the no form of the command to revert to
the default limit, which is 2 probes at an interval
of 500 ms.
Enables the reporting of probes from clients
having locally administered MAC address.
wireless probe locally-administered-mac
Example:
Step 4
Device(config)# wireless probe
locally-administered-mac
Network Mobility Services Protocol
9
Network Mobility Services Protocol
Configuring Probe RSSI
PurposeCommand or Action
Sets the probe RSSI measurement updates to a
more accurate algorithm but with more CPU
overhead.
location algorithm rssi-average
Example:
Device(config)# location algorithm
rssi-average
Step 5
(Optional) Sets the probe RSSI measurement
updates to a faster algorithm with smaller CPU
overhead, but less accuracy.
location algorithm simple
Example:
Device(config)# location algorithm simple
Step 6
Use the no form of the command to revert the
algorithm type to the default one, which is
rssi-average.
Configures the timeout for RSSI values.location expiry client interval
Step 7
Example:
The no form of the command sets it to a default
value of 15.
Device(config)# location expiry client
300
Configures the notification threshold for clients.location notify-threshold client threshold-db
Step 8
Example:
The no form of the command sets it to a default
value of 0.
Device(config)# location notify-threshold
client 5
Configures half life when averaging two RSSI
readings.
location rssi-half-life client time-in-seconds
Example:
Step 9
To disable this option, set the value to 0.
Device(config)# location rssi-half-life
client 20
What to do next
Use the show wireless client probing command to view each probing client (associated and probing only)
by batch of 10 MAC addresses.
RFID Tag Support
The controller enables you to configure radio frequency identification (RFID) tag tracking. RFID tags are
small wireless battery-powered tags that continuously broadcast their own signal and are affixed to assets for
real-time location tracking. They operate by advertising their location using special 802.11 packets, which
are processed by access points, the controller , and the Cisco CMX. Only active RFIDs are supported. A
combination of active RFID tags and wireless controller allows you to track the current location of equipment.
Active tags are typically used in real-time tracking of high-value assets in closed-loop systems (that is,) systems
in which the tags are not intended to physically leave the control premises of the tag owner or originator.
General Guidelines
• You can verify the RFID tags on the controller .
• High Availability for RFID tags are supported.
Network Mobility Services Protocol
10
Network Mobility Services Protocol
RFID Tag Support
Configuring RFID Tag Support
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
Device# configure terminal
Enables RFID tag tracking.wireless rfid
Step 2
Example:
The default value is enabled.
Device(config)# wireless rfid
Use the no form of this command to disable
RFID tag tracking.
Configures the RFID tag data timeout value to
cleanup the table.
wireless rfid timeout timeout-value
Example:
Step 3
The timeout value is the amount of time that
the controller maintains tags before expiring
Device(config)# wireless rfid timeout 90
them. For example, if a tag is configured to
beacon every 30 seconds, we recommend that
you set the timeout value to 90 seconds
(approximately three times the beacon value).
The default value is 1200 seconds.
Verifying RFID Tag Support
To view the summary of RFID tags that are clients, use the following command:
Device# show wireless rfid client
To view the detailed information for an RFID tag, use the following command:
Device# show wireless rfid detail <rfid-mac-address>
RFID address 000c.cc96.0001
Vendor Cisco
Last Heard 6 seconds ago
Packets Received 187
Bytes Received 226
Content Header
==============
CCX Tag Version 0
Tx power: 12
Channel: 11
Reg Class: 4
CCX Payload
==============
Last Sequence Control 2735
Payload length 221
Network Mobility Services Protocol
11
Network Mobility Services Protocol
Configuring RFID Tag Support
Payload Data Hex Dump:
00000000 00 02 00 00 01 09 00 00 00 00 0c b8 ff ff ff 02 |................|
00000010 07 42 03 20 00 00 0b b8 03 4b 00 00 00 00 00 00 |.B. .....K......|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
To view the summary information for all known RFID tags, use the following command:
Device# show wireless rfid summary
Total RFID entries: : 16
Total Unique RFID entries : 16
RFID ID VENDOR Closet AP RSSI Time Since Last Heard
0012.b80a.c791 Cisco 7069.5a63.0520 -31 3 minutes 30 seconds ago
0012.b80a.c953 Cisco 7069.5a63.0460 -33 4 minutes 5 seconds ago
0012.b80b.806c Cisco 7069.5a63.0520 -46 15 seconds ago
0012.b80d.e9f9 Cisco 7069.5a63.0460 -38 4 minutes 28 seconds ago
0012.b80d.ea03 Cisco 7069.5a63.0520 -43 4 minutes 29 seconds ago
0012.b80d.ea6b Cisco 7069.5a63.0460 -39 4 minutes 26 seconds ago
0012.b80d.ebe8 Cisco 7069.5a63.0520 -43 3 minutes 21 seconds ago
0012.b80d.ebeb Cisco 7069.5a63.0520 -43 4 minutes 28 seconds ago
0012.b80d.ec48 Cisco 7069.5a63.0460 -42 4 minutes 7 seconds ago
0012.b80d.ec55 Cisco 7069.5a63.0520 -41 1 minute 52 seconds ago
To view the location-based system RFID statistics, use the following command:
Device# show wireless rfid stats
RFID stats :
==============
RFID error db full : 0
RFID error invalid paylod : 0
RFID error invalid tag : 0
RFID error dot11 hdr : 0
RFID error pkt len : 0
RFID error state drop : 0
RFID total pkt received : 369
RFID populated error value : 0
RFID error insert records : 0
RFID error update records : 0
RFID total insert record : 16
RFID ccx payload error : 0
RFID total delete record : 0
RFID error exceeded ap count : 0
RFID error record remove : 0
RFID old rssi expired count: 0
RFId smallest rssi expireed count : 0
RFID total query insert : 0
RFID error invalid rssi count : 0
To view the NMSP notification interval, use the following command:
Device# show nmsp notification interval
NMSP Notification Intervals
---------------------------
RSSI Interval:
Client : 2 sec
RFID : 50 sec
Rogue AP : 2 sec
Network Mobility Services Protocol
12
Network Mobility Services Protocol
Verifying RFID Tag Support
Rogue Client : 2 sec
Spectrum : 2 sec
Network Mobility Services Protocol
13
Network Mobility Services Protocol
Verifying RFID Tag Support
Network Mobility Services Protocol
14
Network Mobility Services Protocol
Verifying RFID Tag Support
