Cisco DNA Spaces Configuration Guide

Category
Networking
Type
Configuration Guide
Cisco DNA Spaces: IoT Services Configuration Guide
First Published: 2020-08-31
Last Modified: 2020-11-12
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright ©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
©2020 Cisco Systems, Inc. All rights reserved.
CONTENTS
Prerequisites 7
PART I
Overview 1
CHAPTER 1
Cisco DNA Spaces: IoT Services 1
Components of Cisco DNA Spaces: IoT Services 1
Prerequisites 5
CHAPTER 2
Prerequisites 5
Compatibility Matrix 5
Open Ports 9
CHAPTER 3
Open Ports 9
DNA Spaces Firewall Rules 9
Getting Started 15
CHAPTER 4
Getting Started 15
Verify Cisco DNA Spaces: Connector is added and active 15
Verify Cisco Catalyst 9800 Series Wireless Controllers is added and active 17
Enable IoT Manage Streams 19
Verify Syncing of Access Points 22
Configuration 25
PART II
AP as a Beacon 27
CHAPTER 5
AP as a Beacon 27
Configure AP as a Beacon (iBeacon, Eddystone UID, and Eddystone URL) 27
Cisco DNA Spaces: IoT Services Configuration Guide
iii
AP as a Gateway 33
CHAPTER 6
Access Point as a Gateway 33
Configure an AP as a Bluetooth Low Energy (BLE) Gateway 33
Install, Uninstall, or Upgrade an IOx Application on an Advanced Gateway 38
Beacons and Tags 45
CHAPTER 7
Beacons and Tags 45
Discover Beacons 45
Claiming a Beacon 50
Viewing a Beacon on IoT Services 53
Viewing Sensor Information 56
Troubleshooting 61
PART III
Wireless Controller 63
CHAPTER 8
Wireless Controller 63
Is BLE radio enabled on the controller? 63
Is there a streaming token for the gRPC connection on controller? 63
Is gRPC enabled in the AP Join Profile 64
Is gRPC up? 64
Are the TDL subscriptions created and valid? 64
What is the TDL status? 65
How do I view the current TDL values for an AP? 65
How do I get the telemetry connection status? 67
How do I view IOx AP state and mode? 68
How do I view gRPC details? 68
How do I view AP BLE configuration details? 68
IoX Application 71
CHAPTER 9
IOX Application 71
How do I verify the IOx application is running on the AP? 71
How do I start an interactive shell session for the IOx application? 71
Topic 2.1 72
Cisco DNA Spaces: IoT Services Configuration Guide
iv
Contents
How can I see the logs for the IOx application? 72
How do I monitor metrics in the IOx application? 72
What files exist in the IOx application? 73
Cisco DNA Spaces 75
CHAPTER 10
What region should I use for IoT Services? 75
How to view the different logs of IoT Services? 75
How to access the Cisco DNA Spaces Connector logs uploaded to cloud? 75
Connector 77
CHAPTER 11
Connector 77
How do I Reprovisioning IoT Services After Failover 77
How do I view floor beacon configuration requests and responses from the connector? 79
How do I view the IOx application install logs? 79
How do I view the gRPC certificate on the DNA Spaces Connector? 80
How do I verify that the gRPC certificate was created successfully? 81
Access Point 83
CHAPTER 12
Access Point 83
How do I check the gRPC connection status on the access point? 83
How do I check the stream token on the access point? 83
How do I view the gRPC server logs on the access point? 84
How do I view the beacons scanned by an access point running in Native Mode? 84
How do I view the beacon broadcast setting for an access point running in Native Mode? 85
Device Management 89
PART IV
Device Management 91
CHAPTER 13
Device Management 91
Device Manager Dashboard 91
Configure a Beacon from Device Manager 92
Appendix 103
PART V
Cisco DNA Spaces: IoT Services Configuration Guide
v
Contents
Cisco Catalyst 9800 Series Wireless Controller 105
CHAPTER 14
Cisco Catalyst 9800 Series Wireless Controllers 105
Disable Assurance with iCAP using Web UI (Versions 17.3.1 or lower) 105
Disable Assurance with iCAP using CLI (Versions 17.3.1 or lower) 107
Disable iCAP using WEBUI (Versions 17.3.2 or higher) 107
Disable iCAP using CLI (Versions 17.3.2 or higher) 108
Enable or Disable iCAP or Assurance using DNAC (Versions 17.3.2 or higher) 109
Cisco DNA Spaces: IoT Services Configuration Guide
vi
Contents
PART I
Prerequisites
•Overview, on page 1
•Prerequisites, on page 5
•Open Ports, on page 9
•Getting Started, on page 15
CHAPTER 1
Overview
•Cisco DNA Spaces: IoT Services, on page 1
Cisco DNA Spaces: IoT Services
Cisco DNA Spaces: IoT Services is a platform service within Cisco DNA Spaces that enables you to claim,
manage, and monitor Internet of Things (IoT) devices using Cisco's wireless infrastructure. IoT Services is
designed to enable management of Internet of Things (IoT) devices across vendors, form factors, and technology
protocols. Bluetooth Low Energy (BLE) is the first technology available for management using Internet of
Things (IoT) services.
IoT Services encompasses hardware, software, and partner components to enable the management of devices
that support critical business outcomes. IoT Services utilizes Cisco Catalyst 9800 Series Wireless Controllers,
Cisco DNA Spaces: Connector, Cisco WiFi6 access points, and Cisco DNA Spaces. IoT Services is a
next-generation approach to managing complexity in an enterprise Internet of Things (IoT) environment.
Using IoT Services, you can perform the following management activities:
• Deploy BLE gateways on supported APs in your network.
• Claim BLE beacons that you acquired from Cisco DNA Spaces: IoT Device Marketplace.
• Configure APs and manage floor beacons.
• You can monitor device attributes such as location, telemetry, battery status, and movement status.
Components of Cisco DNA Spaces: IoT Services
The section describes various components that work to complete the Cisco DNA Spaces: IoT Services solution.
The Cisco Catalyst 9100 Series Access Points acts as a gateway of communication between Cisco DNA
Spaces and the Internet of Things (IoT) devices. Cisco DNA Spaces: IoT Services can then use a range of
common APIs to communicate with edge devices and apps. The Cisco DNA Spaces: IoT Services collects
data from devices and apps, and passes it to Cisco-partnered Device Manager websites. The Device Manager
websites can leverage these edge-device signals and make the outcome specialized and targeted for each
industry.
Cisco DNA Spaces: IoT Services Configuration Guide
1
Figure 1: Components of IoT Services
Access Points
You can configure access points as gateways in this solution. You can find the list of supported APs in the
Compatibility Matrix section.
Depending on the type of Cisco access points (AP), you can configure an AP as one of the following types
of BLE gateways.
•Base BLE Gateway: The Base BLE gateway is a type of AP that you can configure in one of two modes.
Either the AP as a Beacon mode or the Scan mode.
In the AP as a Beacon mode, the AP can broadcast iBeacon, Eddystone URL, and Eddystone UID
profiles.
In the Scan mode, the AP can scan the vicinity for other BLE devices. Using gRPC on the AP, the AP
sends the scanned data to Cisco DNA Spaces: Connector. The AP can also receive telemetry data from
floor beacons. The Cisco DNA Spaces: Connector dashboard decodes and displays this information.
Cisco DNA Spaces: IoT Services Configuration Guide
2
Prerequisites
Access Points
•AdvancedBLEGateway:The Advanced BLE gateway is an AP that is installed with an IOX Application.
Using the installed IOX application, you can configure floor beacons on the Cisco-partnered Cisco DNA
Spaces: Connector website.
You can only configure this AP in the Scan mode.
In the Scan mode, the AP can scan the vicinity for other BLE devices. Using gRPC on the AP, the AP
sends the scanned data to Cisco DNA Spaces: Connector. The AP can also receive telemetry data from
floor beacons. The Cisco DNA Spaces: Connector dashboard decodes and displays this information.
Cisco Catalyst 9800 Series Wireless Controllers
The Cisco Catalyst 9800 Series Wireless Controller (controller) combines RF excellence with IOS-XE benefits
and it comes in physical or virtual form factor. This controller is reliable and highly secure. You can manage
this controller using CLI, Web UI, NETCONF, Yang, or the Cisco DNA Center.
The controller is the single point for configuring and managing a wireless network and access points. The
controller configures and manages APs using the CAPWAP protocol.
The controller receives BLE configuration from Cisco DNA Spaces over NETCONF and passes the
configuration to AP over CAPWAP. The feedback path from the AP to the wireless controller is through
CAPWAP and from the controller to Cisco DNA Spaces through TDL telemetry streaming. The gRPC
configuration from Cisco DNA Spaces also goes through the controller and from there to the access point.
The configuration sets up the gRPC channel between the AP and Cisco DNA Spaces. The AP sends gRPC
channel statistics to the controller where you can view the statistics.
• You can have only one gRPC session between an AP and the Connector.
• Cisco Catalyst 9800 devices running the IOS-XE image version 17.3.2 now supports the IoT Services
along with the Network Assurance solution on Cisco DNA Center.
However, IoT Services and Intellegent Capture (iCAP) feature is still mutually exclusive. That is, if
iCAP feature needs to be enabled on the device, then IoT Services cannot be deployed. Similarly, if IoT
Services needs to be enabled on the device, then iCAP feature cannot be deployed.
Depending on your release, you must disable features on the controller. Refer to Disable Assurance with
iCAP using Web UI (Versions 17.3.1 or lower) or Disable iCAP using WEBUI (Versions 17.3.2 or
higher).
Note
Cisco DNA Spaces: IoT Device Marketplace
Cisco DNA Spaces: IoT Device Marketplace is a platform where you can discover, research, and purchase
Internet of Things (IoT) devices. IoT Device Marketplace is a part of the Cisco DNA Spaces full-stack partner
ecosystem. Each device is preconfigured to give the customer an out-of-the-box experience with sensors, tags,
wearables, and more. All devices are compatible with applications in the App Center. Current devices in the
IoT Device Marketplace leverage BLE to transmit telemetry, with plans to add other technology in the future
such as Ultra Wide Band (UWB) and Zigbee.
Cisco DNA Spaces: Connector
Cisco DNA Spaces: Connector allows Cisco DNA Spaces to communicate with more than one Cisco Wireless
Controller (controller).
Cisco DNA Spaces: IoT Services Configuration Guide
3
Prerequisites
Cisco Catalyst 9800 Series Wireless Controllers
Access points connect to the Connector using the gRPC framework.
The APs establish a connection to the Connector using the gRPC protocol. gRPC protocol configures floor
beacons and receive telemetry data from the floor beacons. gRPC is a bi-directional streaming service, and
requires a certificate to validate the host connection and a token for authentication. Each AP creates a gRPC
connection. The Connector can thus support many simultaneous connections.
Cisco DNA Spaces: IoT Services Configuration Guide
4
Prerequisites
Cisco DNA Spaces: Connector
CHAPTER 2
Prerequisites
•Prerequisites, on page 5
Prerequisites
The following is the necessary prerequisites to get you started with Cisco DNA Spaces: IoT Services.
• Install Cisco DNA Spaces: Connector in your network.
• Install a Cisco Catalyst 9800 Series Wireless Controller with a 17.3 image.
• Deploy supported access points in your network (See Compatibility Matrix section).
• Ensure Cisco DNA Spaces is configured with maps either from Cisco Prime Infrastructure or Cisco DNA
Center.
Compatibility Matrix
Support for Cisco DNA Spaces: IoT ServicesApplication Name
• Supported on Cisco Catalyst 9800 Series
Wireless Controllers Release 17.3.1 only
• Not supported on Cisco Wireless Controller
• Not supported on Cisco Embedded Wireless
Controller on Catalyst Access Points (Cisco
EWC-AP)
Supported Wireless controllers controller
V2.0.455 and aboveCisco DNA Spaces: Connector Docker Version
2.3Cisco DNA Spaces: Connector OVA Version
Cisco DNA Spaces: IoT Services Configuration Guide
5
Support for Cisco DNA Spaces: IoT ServicesApplication Name
Supported Devices:
• 9800-CL
• 9800-L
• 9800-40
• 9800-80
Supported Images:
• 17.3.1 and above
Use latest software version or maintenance
release for each listed release.
Note
Cisco Catalyst 9800 Series Wireless Controllers
Not supportedCisco Embedded Wireless Controller on Catalyst
Access Points (Cisco EWC-AP)
Not supported.Cisco Wireless Controller
Cisco Prime Infrastructure Release 3.8MR1Cisco Prime Infrastructure
Cisco DNA Center Release 2.1.1Cisco DNA Center (For map import)
• Cisco Aironet 9105 Series Access Points
• Cisco Aironet 9115 Series Access Points
• Cisco Aironet 9117 Series Access Points
• Cisco Aironet 9120 Series Access Points
• Cisco Aironet 9130 Series Access Points
Access Points for advanced BLE gateway (WiFi 6)
• Cisco Aironet 1815 Series Access Points
• Cisco Aironet 2800 Series Access Points (USB
dongle needed. No in-built USB radio)
• Cisco Aironet 3800 Series Access Points (USB
dongle needed. No in-built USB radio)
• Cisco Aironet 4800 Series Access Points
Access points for basic BLE gateway
1.0.46 and aboveIOX Application Version
• 6.1
• Newer beacon models running version 1.1 ad
above
Kontakt firmware version
IoT Services is not supported on the following:
Cisco DNA Spaces: IoT Services Configuration Guide
6
Prerequisites
Compatibility Matrix
• Wave1 APs
• Direct connected and CMX tethering Connectors.
The following table lists the compatibility of the IOX-hosted BLE App and the Native BLE App with various
AP modes. This is not compatible with Cisco Embedded Wireless Controller on Catalyst Access Points (Cisco
EWC-AP)
Table 1: AP Modes and Apps
Native BLE AppIOX-hosted BLE AppAP Modes
• 11-AX: Supported
• Wave2: Supported
• 11-AX: Supported
• Wave2: Not supported
PI: Local
• 11-AX: Supported
• Wave2: Supported
• 11-AX: Supported
• Wave2: Not supported
P1: Flex
• 11-AX: Supported
• Wave2: Supported
• 11-AX: Supported
• Wave2: Not supported
P2: Fabric
• 11-AX: Supported
• Wave2: Supported
• 11-AX: Supported
• Wave2: Not supported
P3: Mesh
Cisco DNA Spaces: IoT Services Configuration Guide
7
Prerequisites
Compatibility Matrix
Cisco DNA Spaces: IoT Services Configuration Guide
8
Prerequisites
Compatibility Matrix
CHAPTER 3
Open Ports
•Open Ports, on page 9
Open Ports
This section lists the ports that need to be open for the proper functioning of IoT Services.
DNA Spaces Firewall Rules
The following table is best viewed in the HTML format.
Note
Cisco DNA Spaces: IoT Services Configuration Guide
9
Table 2: Data exchange between controller and Connector
More
information
ProtocolDestination
Port
Source PortTransportDirectionDestination
IP address
Source IP
address
• AP list
• Client
details
• AP
details
from
controller
to
Connector
• Client
RSSI
for
non-BLE(WiFi)
client
from
controller
to
Connector
Cisco
Network
Mobility
Services
Protocol
(NMSP)
16113AnyTCPunidirectionalCisco
Wireless
Controller
(controller)
and Cisco
Catalyst
9800 Series
Wireless
Controller
IP address
Connector
• Auth
list and
TDL
configuration
to
controller
Simple
Network
Management
Protocol
(SNMP)
161, 162AnyUDPunidirectionalCisco
Wireless
Controller
(controller)
IP address
Connector
NETCONF
over SSH.
BLE-related
configuration
push to
Cisco
Wireless
Controller
(controller)
from Cisco
DNA
Spaces
through
Connector
Network
Configuration
Protocol
(NETCONF)
830AnyTCPunidirectionalCisco
Catalyst
9800 Series
Wireless
Controller
IP address
Connector
DNSDNS53AnyUDP and
TCP
unidirectionalDNS or the
proxy
servers
Connector
Cisco DNA Spaces: IoT Services Configuration Guide
10
Prerequisites
DNA Spaces Firewall Rules
More
information
ProtocolDestination
Port
Source PortTransportDirectionDestination
IP address
Source IP
address
HTTP and
HTTPS to
Cisco DNA
Spaces (For
US and
APJC
locations)
HTTP and
HTTPS
443, 80AnyTCPunidirectional52.20.144.155,
34.231.154.95,
54.176.92.81,
54.183.58.225
Connector
HTTP and
HTTPS to
DNAS
Cloud (For
EU
locations)
HTTP and
HTTPS
443, 80AnyTCPunidirectional63.33.127.190,
63.33.175.64,
3.122.15.26,
3.122.15.7
Connector
NTPNTP123AnyUDPunidirectionalNTP
Servers
Connector
Communication
between
Connector
and Cisco
Wireless
Controller
(controller)
for
OpenRoaming
client’s
RADIUS
messages
RADIUS1812, 1813AnyUDPunidirectionalRADIUS
Server
Connector
Cisco DNA Spaces: IoT Services Configuration Guide
11
Prerequisites
DNA Spaces Firewall Rules
More
information
ProtocolDestination
Port
Source PortTransportDirectionDestination
IP address
Source IP
address
• AP list
or
BLE
telemetry
(beacon
or
sensor
data)
from
controller
to
Connector
•Controller-
configuration
verification
from
Cisco
DNA
Spaces
through
Connector
TDL8004AnyTCPunidirectionalAnyCisco
Wireless
Controller
(controller)
and Cisco
Catalyst
9800 Series
Wireless
Controller
IP address
SSH,
HTTPS
SSH,
HTTPS
22, 443AnyTCPunidirectionalConnectorIT
Management
Subnet
Table 3: Data sent from Access Point (AP) to Connector
Further
information
ProtocolDestination
Port
Source PortTransportDirectionDestination
IP address
Source IP
address
Cisco-proprietary
protocol to
send RSSI
and AoA
(for
Hyperlocation
AP)
Fastpath2003AnyUDPunidirectionalConnectorAP Subnet
gRPC
Remote
Procedure
Calls
(gRPC)
8000AnyTCPunidirectionalConnectorAP Subnet
Cisco DNA Spaces: IoT Services Configuration Guide
12
Prerequisites
DNA Spaces Firewall Rules
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118

Cisco DNA Spaces Configuration Guide

Category
Networking
Type
Configuration Guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI