Cisco DNA Spaces Configuration Guide

Cisco DNA Spaces: IoT Services Configuration Guide

First Published: 2020-08-31

Last Modified: 2020-11-12

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH

THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,

CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.

CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT

LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS

HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network

topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional

and coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:

https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a

partnership relationship between Cisco and any other company. (1721R)

CONTENTS

Prerequisites 7

PART I

Overview 1

CHAPTER 1

Cisco DNA Spaces: IoT Services 1

Components of Cisco DNA Spaces: IoT Services 1

Prerequisites 5

CHAPTER 2

Prerequisites 5

Compatibility Matrix 5

Open Ports 9

CHAPTER 3

Open Ports 9

DNA Spaces Firewall Rules 9

Getting Started 15

CHAPTER 4

Getting Started 15

Verify Cisco DNA Spaces: Connector is added and active 15

Verify Cisco Catalyst 9800 Series Wireless Controllers is added and active 17

Enable IoT Manage Streams 19

Verify Syncing of Access Points 22

Configuration 25

PART II

AP as a Beacon 27

CHAPTER 5

AP as a Beacon 27

Configure AP as a Beacon (iBeacon, Eddystone UID, and Eddystone URL) 27

Cisco DNA Spaces: IoT Services Configuration Guide

iii

AP as a Gateway 33

CHAPTER 6

Access Point as a Gateway 33

Configure an AP as a Bluetooth Low Energy (BLE) Gateway 33

Install, Uninstall, or Upgrade an IOx Application on an Advanced Gateway 38

Beacons and Tags 45

CHAPTER 7

Beacons and Tags 45

Discover Beacons 45

Claiming a Beacon 50

Viewing a Beacon on IoT Services 53

Viewing Sensor Information 56

Troubleshooting 61

PART III

Wireless Controller 63

CHAPTER 8

Wireless Controller 63

Is BLE radio enabled on the controller? 63

Is there a streaming token for the gRPC connection on controller? 63

Is gRPC enabled in the AP Join Profile 64

Is gRPC up? 64

Are the TDL subscriptions created and valid? 64

What is the TDL status? 65

How do I view the current TDL values for an AP? 65

How do I get the telemetry connection status? 67

How do I view IOx AP state and mode? 68

How do I view gRPC details? 68

How do I view AP BLE configuration details? 68

IoX Application 71

CHAPTER 9

IOX Application 71

How do I verify the IOx application is running on the AP? 71

How do I start an interactive shell session for the IOx application? 71

Topic 2.1 72

Cisco DNA Spaces: IoT Services Configuration Guide

iv

Contents

How can I see the logs for the IOx application? 72

How do I monitor metrics in the IOx application? 72

What files exist in the IOx application? 73

Cisco DNA Spaces 75

CHAPTER 10

What region should I use for IoT Services? 75

How to view the different logs of IoT Services? 75

How to access the Cisco DNA Spaces Connector logs uploaded to cloud? 75

Connector 77

CHAPTER 11

Connector 77

How do I Reprovisioning IoT Services After Failover 77

How do I view floor beacon configuration requests and responses from the connector? 79

How do I view the IOx application install logs? 79

How do I view the gRPC certificate on the DNA Spaces Connector? 80

How do I verify that the gRPC certificate was created successfully? 81

Access Point 83

CHAPTER 12

Access Point 83

How do I check the gRPC connection status on the access point? 83

How do I check the stream token on the access point? 83

How do I view the gRPC server logs on the access point? 84

How do I view the beacons scanned by an access point running in Native Mode? 84

How do I view the beacon broadcast setting for an access point running in Native Mode? 85

Device Management 89

PART IV

Device Management 91

CHAPTER 13

Device Management 91

Device Manager Dashboard 91

Configure a Beacon from Device Manager 92

Appendix 103

PART V

Cisco DNA Spaces: IoT Services Configuration Guide

v

Contents

Cisco Catalyst 9800 Series Wireless Controller 105

CHAPTER 14

Cisco Catalyst 9800 Series Wireless Controllers 105

Disable Assurance with iCAP using Web UI (Versions 17.3.1 or lower) 105

Disable Assurance with iCAP using CLI (Versions 17.3.1 or lower) 107

Disable iCAP using WEBUI (Versions 17.3.2 or higher) 107

Disable iCAP using CLI (Versions 17.3.2 or higher) 108

Enable or Disable iCAP or Assurance using DNAC (Versions 17.3.2 or higher) 109

Cisco DNA Spaces: IoT Services Configuration Guide

vi

Contents

PART I

Prerequisites

•Overview, on page 1

•Prerequisites, on page 5

•Open Ports, on page 9

•Getting Started, on page 15

CHAPTER 1

Overview

•Cisco DNA Spaces: IoT Services, on page 1

Cisco DNA Spaces: IoT Services

Cisco DNA Spaces: IoT Services is a platform service within Cisco DNA Spaces that enables you to claim,

manage, and monitor Internet of Things (IoT) devices using Cisco's wireless infrastructure. IoT Services is

designed to enable management of Internet of Things (IoT) devices across vendors, form factors, and technology

protocols. Bluetooth Low Energy (BLE) is the first technology available for management using Internet of

Things (IoT) services.

IoT Services encompasses hardware, software, and partner components to enable the management of devices

that support critical business outcomes. IoT Services utilizes Cisco Catalyst 9800 Series Wireless Controllers,

Cisco DNA Spaces: Connector, Cisco WiFi6 access points, and Cisco DNA Spaces. IoT Services is a

next-generation approach to managing complexity in an enterprise Internet of Things (IoT) environment.

Using IoT Services, you can perform the following management activities:

• Deploy BLE gateways on supported APs in your network.

• Claim BLE beacons that you acquired from Cisco DNA Spaces: IoT Device Marketplace.

• Configure APs and manage floor beacons.

• You can monitor device attributes such as location, telemetry, battery status, and movement status.

Components of Cisco DNA Spaces: IoT Services

The section describes various components that work to complete the Cisco DNA Spaces: IoT Services solution.

The Cisco Catalyst 9100 Series Access Points acts as a gateway of communication between Cisco DNA

Spaces and the Internet of Things (IoT) devices. Cisco DNA Spaces: IoT Services can then use a range of

common APIs to communicate with edge devices and apps. The Cisco DNA Spaces: IoT Services collects

data from devices and apps, and passes it to Cisco-partnered Device Manager websites. The Device Manager

websites can leverage these edge-device signals and make the outcome specialized and targeted for each

industry.

Cisco DNA Spaces: IoT Services Configuration Guide

1

Figure 1: Components of IoT Services

Access Points

You can configure access points as gateways in this solution. You can find the list of supported APs in the

Compatibility Matrix section.

Depending on the type of Cisco access points (AP), you can configure an AP as one of the following types

of BLE gateways.

•Base BLE Gateway: The Base BLE gateway is a type of AP that you can configure in one of two modes.

Either the AP as a Beacon mode or the Scan mode.

In the AP as a Beacon mode, the AP can broadcast iBeacon, Eddystone URL, and Eddystone UID

profiles.

In the Scan mode, the AP can scan the vicinity for other BLE devices. Using gRPC on the AP, the AP

sends the scanned data to Cisco DNA Spaces: Connector. The AP can also receive telemetry data from

floor beacons. The Cisco DNA Spaces: Connector dashboard decodes and displays this information.

Cisco DNA Spaces: IoT Services Configuration Guide

2

Prerequisites

Access Points

•AdvancedBLEGateway:The Advanced BLE gateway is an AP that is installed with an IOX Application.

Using the installed IOX application, you can configure floor beacons on the Cisco-partnered Cisco DNA

Spaces: Connector website.

You can only configure this AP in the Scan mode.

In the Scan mode, the AP can scan the vicinity for other BLE devices. Using gRPC on the AP, the AP

sends the scanned data to Cisco DNA Spaces: Connector. The AP can also receive telemetry data from

floor beacons. The Cisco DNA Spaces: Connector dashboard decodes and displays this information.

Cisco Catalyst 9800 Series Wireless Controllers

The Cisco Catalyst 9800 Series Wireless Controller (controller) combines RF excellence with IOS-XE benefits

and it comes in physical or virtual form factor. This controller is reliable and highly secure. You can manage

this controller using CLI, Web UI, NETCONF, Yang, or the Cisco DNA Center.

The controller is the single point for configuring and managing a wireless network and access points. The

controller configures and manages APs using the CAPWAP protocol.

The controller receives BLE configuration from Cisco DNA Spaces over NETCONF and passes the

configuration to AP over CAPWAP. The feedback path from the AP to the wireless controller is through

CAPWAP and from the controller to Cisco DNA Spaces through TDL telemetry streaming. The gRPC

configuration from Cisco DNA Spaces also goes through the controller and from there to the access point.

The configuration sets up the gRPC channel between the AP and Cisco DNA Spaces. The AP sends gRPC

channel statistics to the controller where you can view the statistics.

• You can have only one gRPC session between an AP and the Connector.

• Cisco Catalyst 9800 devices running the IOS-XE image version 17.3.2 now supports the IoT Services

along with the Network Assurance solution on Cisco DNA Center.

However, IoT Services and Intellegent Capture (iCAP) feature is still mutually exclusive. That is, if

iCAP feature needs to be enabled on the device, then IoT Services cannot be deployed. Similarly, if IoT

Services needs to be enabled on the device, then iCAP feature cannot be deployed.

Depending on your release, you must disable features on the controller. Refer to Disable Assurance with

iCAP using Web UI (Versions 17.3.1 or lower) or Disable iCAP using WEBUI (Versions 17.3.2 or

higher).

Note

Cisco DNA Spaces: IoT Device Marketplace

Cisco DNA Spaces: IoT Device Marketplace is a platform where you can discover, research, and purchase

Internet of Things (IoT) devices. IoT Device Marketplace is a part of the Cisco DNA Spaces full-stack partner

ecosystem. Each device is preconfigured to give the customer an out-of-the-box experience with sensors, tags,

wearables, and more. All devices are compatible with applications in the App Center. Current devices in the

IoT Device Marketplace leverage BLE to transmit telemetry, with plans to add other technology in the future

such as Ultra Wide Band (UWB) and Zigbee.

Cisco DNA Spaces: Connector

Cisco DNA Spaces: Connector allows Cisco DNA Spaces to communicate with more than one Cisco Wireless

Controller (controller).

Cisco DNA Spaces: IoT Services Configuration Guide

3

Prerequisites

Cisco Catalyst 9800 Series Wireless Controllers

Access points connect to the Connector using the gRPC framework.

The APs establish a connection to the Connector using the gRPC protocol. gRPC protocol configures floor

beacons and receive telemetry data from the floor beacons. gRPC is a bi-directional streaming service, and

requires a certificate to validate the host connection and a token for authentication. Each AP creates a gRPC

connection. The Connector can thus support many simultaneous connections.

Cisco DNA Spaces: IoT Services Configuration Guide

4

Prerequisites

Cisco DNA Spaces: Connector

CHAPTER 2

Prerequisites

•Prerequisites, on page 5

Prerequisites

The following is the necessary prerequisites to get you started with Cisco DNA Spaces: IoT Services.

• Install Cisco DNA Spaces: Connector in your network.

• Install a Cisco Catalyst 9800 Series Wireless Controller with a 17.3 image.

• Deploy supported access points in your network (See Compatibility Matrix section).

• Ensure Cisco DNA Spaces is configured with maps either from Cisco Prime Infrastructure or Cisco DNA

Center.

Compatibility Matrix

Support for Cisco DNA Spaces: IoT ServicesApplication Name

• Supported on Cisco Catalyst 9800 Series

Wireless Controllers Release 17.3.1 only

• Not supported on Cisco Wireless Controller

• Not supported on Cisco Embedded Wireless

Controller on Catalyst Access Points (Cisco

EWC-AP)

Supported Wireless controllers controller

V2.0.455 and aboveCisco DNA Spaces: Connector Docker Version

2.3Cisco DNA Spaces: Connector OVA Version

Cisco DNA Spaces: IoT Services Configuration Guide

5

Support for Cisco DNA Spaces: IoT ServicesApplication Name

Supported Devices:

• 9800-CL

• 9800-L

• 9800-40

• 9800-80

Supported Images:

• 17.3.1 and above

Use latest software version or maintenance

release for each listed release.

Note

Cisco Catalyst 9800 Series Wireless Controllers

Not supportedCisco Embedded Wireless Controller on Catalyst

Access Points (Cisco EWC-AP)

Not supported.Cisco Wireless Controller

Cisco Prime Infrastructure Release 3.8MR1Cisco Prime Infrastructure

Cisco DNA Center Release 2.1.1Cisco DNA Center (For map import)

• Cisco Aironet 9105 Series Access Points

• Cisco Aironet 9115 Series Access Points

• Cisco Aironet 9117 Series Access Points

• Cisco Aironet 9120 Series Access Points

• Cisco Aironet 9130 Series Access Points

Access Points for advanced BLE gateway (WiFi 6)

• Cisco Aironet 1815 Series Access Points

• Cisco Aironet 2800 Series Access Points (USB

dongle needed. No in-built USB radio)

• Cisco Aironet 3800 Series Access Points (USB

dongle needed. No in-built USB radio)

• Cisco Aironet 4800 Series Access Points

Access points for basic BLE gateway

1.0.46 and aboveIOX Application Version

• 6.1

• Newer beacon models running version 1.1 ad

above

Kontakt firmware version

IoT Services is not supported on the following:

Cisco DNA Spaces: IoT Services Configuration Guide

6

Prerequisites

Compatibility Matrix

• Wave1 APs

• Direct connected and CMX tethering Connectors.

The following table lists the compatibility of the IOX-hosted BLE App and the Native BLE App with various

AP modes. This is not compatible with Cisco Embedded Wireless Controller on Catalyst Access Points (Cisco

EWC-AP)

Table 1: AP Modes and Apps

Native BLE AppIOX-hosted BLE AppAP Modes

• 11-AX: Supported

• Wave2: Supported

• 11-AX: Supported

• Wave2: Not supported

PI: Local

• 11-AX: Supported

• Wave2: Supported

• 11-AX: Supported

• Wave2: Not supported

P1: Flex

• 11-AX: Supported

• Wave2: Supported

• 11-AX: Supported

• Wave2: Not supported

P2: Fabric

• 11-AX: Supported

• Wave2: Supported

• 11-AX: Supported

• Wave2: Not supported

P3: Mesh

Cisco DNA Spaces: IoT Services Configuration Guide

7

Prerequisites

Compatibility Matrix

Cisco DNA Spaces: IoT Services Configuration Guide

8

Prerequisites

Compatibility Matrix

CHAPTER 3

Open Ports

•Open Ports, on page 9

Open Ports

This section lists the ports that need to be open for the proper functioning of IoT Services.

DNA Spaces Firewall Rules

The following table is best viewed in the HTML format.

Note

Cisco DNA Spaces: IoT Services Configuration Guide

9

Table 2: Data exchange between controller and Connector

More

information

ProtocolDestination

Port

Source PortTransportDirectionDestination

IP address

Source IP

address

• AP list

• Client

details

• AP

details

from

controller

to

Connector

• Client

RSSI

for

non-BLE(WiFi)

client

from

controller

to

Connector

Cisco

Network

Mobility

Services

Protocol

(NMSP)

16113AnyTCPunidirectionalCisco

Wireless

Controller

(controller)

and Cisco

Catalyst

9800 Series

Wireless

Controller

IP address

Connector

• Auth

list and

TDL

configuration

to

controller

Simple

Network

Management

Protocol

(SNMP)

161, 162AnyUDPunidirectionalCisco

Wireless

Controller

(controller)

IP address

Connector

NETCONF

over SSH.

BLE-related

configuration

push to

Cisco

Wireless

Controller

(controller)

from Cisco

DNA

Spaces

through

Connector

Network

Configuration

Protocol

(NETCONF)

830AnyTCPunidirectionalCisco

Catalyst

9800 Series

Wireless

Controller

IP address

Connector

DNSDNS53AnyUDP and

TCP

unidirectionalDNS or the

proxy

servers

Connector

Cisco DNA Spaces: IoT Services Configuration Guide

10

Prerequisites

DNA Spaces Firewall Rules

More

information

ProtocolDestination

Port

Source PortTransportDirectionDestination

IP address

Source IP

address

HTTP and

HTTPS to

Cisco DNA

Spaces (For

US and

APJC

locations)

HTTP and

HTTPS

443, 80AnyTCPunidirectional52.20.144.155,

34.231.154.95,

54.176.92.81,

54.183.58.225

Connector

HTTP and

HTTPS to

DNAS

Cloud (For

EU

locations)

HTTP and

HTTPS

443, 80AnyTCPunidirectional63.33.127.190,

63.33.175.64,

3.122.15.26,

3.122.15.7

Connector

NTPNTP123AnyUDPunidirectionalNTP

Servers

Connector

Communication

between

Connector

and Cisco

Wireless

Controller

(controller)

for

OpenRoaming

client’s

RADIUS

messages

RADIUS1812, 1813AnyUDPunidirectionalRADIUS

Server

Connector

Cisco DNA Spaces: IoT Services Configuration Guide

11

Prerequisites

DNA Spaces Firewall Rules

More

information

ProtocolDestination

Port

Source PortTransportDirectionDestination

IP address

Source IP

address

• AP list

or

BLE

telemetry

(beacon

or

sensor

data)

from

controller

to

Connector

•Controller-

configuration

verification

from

Cisco

DNA

Spaces

through

Connector

TDL8004AnyTCPunidirectionalAnyCisco

Wireless

Controller

(controller)

and Cisco

Catalyst

9800 Series

Wireless

Controller

IP address

SSH,

HTTPS

SSH,

HTTPS

22, 443AnyTCPunidirectionalConnectorIT

Management

Subnet

Table 3: Data sent from Access Point (AP) to Connector

Further

information

ProtocolDestination

Port

Source PortTransportDirectionDestination

IP address

Source IP

address

Cisco-proprietary

protocol to

send RSSI

and AoA

(for

Hyperlocation

AP)

Fastpath2003AnyUDPunidirectionalConnectorAP Subnet

gRPC

Remote

Procedure

Calls

(gRPC)

8000AnyTCPunidirectionalConnectorAP Subnet

Cisco DNA Spaces: IoT Services Configuration Guide

12

Prerequisites

DNA Spaces Firewall Rules

Page is loading ...

Cisco DNA Spaces Configuration Guide

Cisco DNA Spaces Configuration Guide

Related papers

Other documents