When a client station is set for Power Save mode, it will shut down some of the transceiver components for a period of time to conserve power. The STA indicates that it is using Power Save mode by changing the value of the Power Management bit to 1 within Frame Control field. Below shows a STA send a null-data frame to AP indicating it is going to Power Save mode. Power Management mode shall not change during any single frame exchange sequence. This means the Power Management bit is the same for all MPDUs in an A-MPDU.

Once AP receive this from STA, it will buffer all unicast frame to that STA. Typically STA can sleep for longer period of time & then awaken in time to hear an upcoming beacon which list AID values of unicast frame buffered at the AP. How often the STA awaken is based on a variable called “listen interval” & usually vendor specific.

When a STA receives the beacon, it checks to see whether its AID is set in the TIM, indicating that a buffered unicast frame waits. If so STA remain awake & send a 20-byte PS-Poll frame to the AP. Here is the frame format of a PS-Poll frame.(CWAP study guide – page 203)

Here is a PS-Poll frame capture. It is a control frame with subtype value of 10. Note that Duration field is used to represent AID value of the STA sending PS-Poll frame.

When AP sends the data to the STA, the STA need to know when all buffered unicast data has been received so that it can go back to sleep. When STA receivesa buffered unicast frame with the More Data field set to 1, then STA knows that it cannot go back to sleep yet, because there is some more buffered data at the AP. When More Data field set to 1, STA needs to send another PS-Poll frame & wait to receive next buffered unicast frame. When the More Data bit set to 0, STA knows that is the last buffered unicast frame & it can go to sleep again once sent the ACK to AP. Below shows this procedure in legacy power save mode.

PS-Poll frame recovery.
A STA in PS mode, in an ESS, initiates a frame exchange sequence by transmitting a PS-Poll frame to request data from an AP. In the event that neither an ACK frame nor a data frame is received from the AP in response to a PS-Poll frame, then the STA shall retry the sequence, by transmitting another PS-Poll frame.

If the AP sends a data frame in response to a PS-Poll frame, but fails to receive the ACK frame acknowledging this data frame, the next PS-Poll frame from the same STA may cause a retransmission of the last MSDU. If the AP responds to a PS-Poll by transmitting an ACK frame, then responsibility for the data frame delivery error recovery shifts to the AP because the data are transferred in a subsequent frame exchange sequence, which is initiated by the AP. The AP shall attempt to deliver one MSDU to the STA that transmitted the PS-Poll, using any frame exchange sequence valid for an individually addressed MSDU.

If the PS STA that transmitted the PS-Poll returns to Doze state after transmitting the ACK frame in response to successful receipt of this MSDU, but the AP fails to receive this ACK frame, then the AP retries transmission of this MSDU until the relevant retry limit is reached.

Reference
1. CWAP Official Study Guide – Chapter 5
2. IEEE 802.11-2012 standard

The Sequence Control field is 16 bits in length and consists of two subfields, the Sequence Number and the Fragment Number. The sequence Control field is not present in control frames (as no frame body). The format of the Sequence Control field is shown below.

Sequence Number
The Sequence Number field is a 12-bit field indicating the sequence number of an MSDU, A-MSDU, or MMPDU. Each MSDU, A-MSDU, or MMPDU transmitted by a STA is assigned a sequence number.The sequence number remains constant in all retransmissions of an MSDU, MMPDU, or fragment thereof.

Fragment Number
The Fragment Number field is a 4-bit field indicating the number of each fragment of an MSDU or MMPDU. The fragment number is set to 0 in the first or only fragment of an MSDU or MMPDU and is incremented by one for each successive fragment of that MSDU or MMPDU. The fragment number remains constant in all retransmissions of the fragment.

Fragments are always sent in what is known as a “fragment burst“. Once Tx STA gains control of the medium, it maintains control through NAV Duration values & SIFS. Value of the Duration field in the MAC header of first fragment is used to reserve the medium for the next fragment. If a fragment is not acknowledged, then retries begin at unacknowledged fragment (using DIFS) & not beginning of the original MSDU.

Below shows an example for a STA configured with a fragmentation threshold (min 256 byte) of 300 bytes. So any MSDU larger than 300 bytes will be fragmented. Fragmentation does not take into account frame body expansion due to encryption, thus encrypted fragment may exceed the fragmentation threshold. Given example consider non-QoS data frame with MAC header size of 24 bytes (ie 32 -6 -2 bytes where 6 byte less for 4th address field & 2 bytes less for no QoS control field) and 4 byte CRC. So fragment size should be 272 bytes (300-28).

The first fragment to be transmitted will be fragment#0 & the More Fragment bit in the Frame Control bit set to 1. The More Fragments bit will stay to 1 until the last fragment, at which time it will change to 0 indicating that there is no more fragments (fragment#4 in the below).

Reference
1. CWAP Official Study Guide – Chapter 3

With the ratification of 802.11n amendment, two types of frame aggregation were added to 802.11
1. Aggregate MAC Service Data Unit (A-MSDU)
2. Aggregate MAC Protocol Data Unit (A-MPDU)

Frame aggregation allows multiple smaller MSDU or MPDUs to be grouped together into a single frame, reducing the amount of overhead that would have been necessary for each individual frame.

A-MSDU Operation

• If encryption is enabled, then all MSDU are encrypted together as a single payload.
• An A-MSDU shall contain only MSDUs whose DA and SA parameter values map to the same RA and TA values.
• The constituent MSDUs of an A-MSDU shall all have the same priority parameter value.
• An A-MSDU shall be carried, without fragmentation, within a single QoS data MPDU.
• The Address 1 field of an MPDU carrying an A-MSDU shall be set to an individual address.
• The channel access rules for a QoS data MPDU carrying an A-MSDU are the same as a data MPDU carrying an MSDU (or fragment thereof) of the same TID.

Below diagram (CWAP Study Guide – Page 225) show the A-MSDU Aggregation

A-MPDU Operation

• If encryption enabled, then each MPDU is encrypted individually.
• The individual MPDU within an A-MPDU must all have same receiver address.
• The individual MPDU must all be of the same 802.11e QoS access category.
• A-MPDU also require the use of Block Ack.
• The Duration/ID fields in the MAC headers of all MPDUs in an A-MPDU carry the same value.
• All protected MPDUs within an A-MPDU have the same Key ID.

References
1. CWAP Official Study Guide – Chapter 6
2. IEEE 802.11-2012 standard

Protection mechanisms cause a STA that is a potential interferer to defer any transmission for a known period of time. When these mechanisms are used,

1. non-ERP STAs do not interfere with frame exchanges using ERP PPDUs between ERP STAs.
2. non-HT STAs do not interfere with frame exchanges using HT PPDUs between HT STAs.

As a result, non-ERP and/or non-HT STAs are allowed to coexist with ERP and/or HT STAs.

Protection mechanism for non-ERP

IEEE 802.11-2007 standard mandate support for both DSSS (Direct Sequence Spread Spectrum) & OFDM (Orthogonal Frequency Division Multiplexing) technologies for clause 19 ERP (802.11g) radios. When clause 18 (HR-DSSS) & clause 15 DSSS (802.11) coexisting in ERP BSS, 802.11g devices need to provide compatibility for slower 802.11/802.11b devices. In this mixed mode 802.11g devices enable “Protection mechanism” also known as 802.11g Protected mode.

ERP Information Element (IE) contains information about Claue15 (802.11) or Clause 18 (802.11b) stations in the BSS that are not capable of communicating Clause 19 (ERP-OFDM) data rates. It also identifies whether AP should use protection mechanism & whether to use long or short preambles. Below shows the ERP IE frame format.

Element ID – value set to 42
Non_ERP_Present – set to 1 when non-ERP station is associated to the BSS
Use_Protection – set to 1 when non-ERP station is associated to the BSS
Barker_Preamble_mode – se to 1 if one or more associated non-ERP stations are not capable of using short preambles.

ERP STAs shall use protection mechanisms (such as RTS/CTS or CTS-to-self) for
ERP-OFDM MPDUs of type Data or an MMPDU when the Use_Protection field of the ERP element is equal to 1. Note that when using the Clause 19 options, ERP-PBCC or DSSS-OFDM, there is no need to use protection mechanisms, as these frames start with a DSSS header.

In following scenarios that can trigger protection in an ERP basic service set.
1.)  If a non-ERP STA associates with an ERP AP, the ERP AP will enable the NonERP_Present bit in its own beacons, enabling protection mechanisms in its BSS. In other words, an HR-DSSS (802.11b) client association will trigger protection.
2.) If an ERP AP hears a beacon from an AP where the supported data rates contain only 802.11b or 802.11 DSSS rates, it will enable the NonERP_Present bit in its own beacons, enabling protection mechanisms in its BSS. In simpler terms, if an 802.11g AP hears a beacon frame from an 802.11 or 802.11b access point or ad hoc client, the protection mechanism will be triggered.
3.) If an ERP AP hears a management frame (other than a probe request) where the supported rate includes only 802.11 or 802.11b rates, the NonERP_Present bit may be set to 1.

Read “Protection Ripple in ERP 802.11 WLANs” CWNP White paper for more detail on this.

Protection mechanism for HT Transmission
HT transmissions, are protected if there are other STAs present that cannot interpret HT transmissions correctly. The HT Protection and Nongreenfield HT STAs Present fields in the HT Operation element within Beacon and Probe Response frames are used to indicate the protection requirements for HT transmissions.

The HT Protection field may be set to no protection mode only if the following are true:
1.) All STAs detected in the primary or the secondary channel are HT STAs, and
2.) All STAs that are known by the transmitting STA to be a member of this BSS are either
2.1) 20/40 MHz HT STAs in a 20/40 MHz BSS, or
2.2) 20 MHz HT STAs in a 20 MHz BSS.

The HT Protection field may be set to nonmember protection mode only if the following are true:
— A non-HT STA is detected in either the primary or the secondary channel or in both the primary and secondary channels, that is not known by the transmitting STA to be a member of this BSS, and
— All STAs that are known by the transmitting STA to be a member of this BSS are HT STAs.

The HT Protection field may be set to 20 MHz protection mode only if the following are true:

• All STAs detected in the primary channel and all STAs detected in the secondary channel are HT STAs and all STAs that are members of this BSS are HT STAs, and
• This BSS is a 20/40 MHz BSS, and
• There is at least one 20 MHz HT STA associated with this BSS.

The HT Protection field is set to non-HT mixed mode otherwise.

Note that in IEEE 802.11-2012 some of the clause numbers revised (from IEEE 802.11-2007). So do not confuse with those numbers when reading both 2007 & 2012 standard. For CWAP exam perspective it is based on 2007 standard. Here is the snapshot of those clause number changes in 2012 standard.

References
1. CWAP Official Study Guide – Chapter 5
2. IEEE 802-11-2012 Standard

Fragmentation
The process of partitioning an MSDU or an MMPDU into smaller MAC level frames, MPDUs, is called fragmentation. The MAC may fragment and reassemble individually addressed MSDUs or MMPDUs. The fragmentation and defragmentation mechanisms allow for fragment retransmission.

The length of each fragment shall be an equal number of octets for all fragments except the last, which may be smaller. The length of a fragment shall never be larger than dot11FragmentationThreshold unless security encapsulation is invoked for the MPDU. If security encapsulation is active for the MPDU, then the MPDU shall be expanded by the encapsulation overhead and this may result in a fragment larger than dot11FragmentationThreshold.

Under below conditions an MSDU not be fragmented even its length exceed the fragmentation threshold.
1. An MSDU transmitted under HT-immediate or HT-delayed Block Ack agreement
2. An MSDU or MMPDU transmitted within an AMPDU.
3. Group addressed MSDUs or MMPDUs

If a fragment requires retransmission, its frame body content and length shall remain fixed for the lifetime of the MSDU or MMPDU at that STA. Each fragment shall contain a Sequence Control field, which is comprised of a sequence number and fragment number. When a STA is transmitting an MSDU or MMPDU, the sequence number shall remain the same for all fragments of that MSDU or MMPDU.

The fragments shall be sent in order of lowest fragment number to highest fragment number, where the fragment number value starts at 0, and increases by 1 for each successive fragment. The Frame Control field also contains a bit, the More Fragments bit, that is equal to 0 to indicate the last (or only) fragment of the MSDU or MMPDU. Below diagram (page 223 – CWAP Study Guide) shows a MSDU that has been fragmented to 4 fragments.

Defragmentation
Each fragment contains information to allow the complete MSDU or MMPDU to be reassembled from its constituent fragments. The header of each fragment contains the following information that is used by the destination STA to reassemble the MSDU or MMPDU:
— Frame type
— Address of the sender, obtained from the Address2 field
— Destination address
— Sequence Control field: This field allows the destination STA to check that all incoming fragments belong to the same MSDU or MMPDU, and the sequence in which the fragments should be reassembled. The sequence number within the Sequence Control field remains the same for all fragments of an MSDU or MMPDU, while the fragment number within the Sequence Control field increments for each fragment.
— More Fragments indicator: Indicates to the destination STA that this is not the last fragment of the MSDU or MMPDU. Only the last or sole fragment of the MSDU or MMPDU shall have this bit set to 0. All other fragments of the MSDU or MMPDU shall have this bit set to 1.

References
1. CWAP Official Study Guide – Chapter 6
2. IEEE 802.11-2012 Standard.

Below shows a frame format of a Data Frame. (source IEEE 802.11-2012 standard)

The content of the address fields of data frames are dependent upon the values of the To DS and From DS fields in the Frame Control field and whether the Frame Body field contains either an MSDU (or fragment thereof) or an entire A-MSDU, as determined by the A-MSDU Present subfield of the QoS Control field.

The content of the address fields is shown in below table (source IEEE 802-11 2012 Table 8-19). Where the content of a field is shown as not applicable (N/A), the field is omitted. Note that Address 1 always holds the receiver address of the intended receiver, and that Address 2 always holds the address of the STA that is transmitting the frame.

These addresses field descriptions as shown as below.

Source Address (SA) : This is the address where the frame is sent from.
Destination Address (DA) : This is the address where the frame is being sent to.
Transmitter Address (TA) : This is the address of the station that is transmitting the RF frame.
Receiver Address (RA) : This is the address of the station that is receiving the RF frame.
Basic Service Set Identifier (BSSID) : This is the basic service set ID of the AP.

Typically all 4 address fields are used only in Wireless Distribution system (WDS) or Mesh AP back-haul scenarios. Below shows a Wireless bridge topology where you can see all the 4 address fields are being used.

Here is the packet capture of the wireless bridge, which shows a QoS data frame with To DS=1 & From DS=1. As you can see below, all 4 Address fields of MAC header are being used.

Address 1: RA – a4:0c:c3:1a:ee:60 (AAP1 802.11 BSSID for SSID-MGMT)
Address 2: TA – 64:ae:0c:93:75:90 (AAP2 802.11 BSSID for SSID-MGMT)
Address 3: DA – c8:f9:f9:d7:3b:a7 (7965 MAC address)
Address 4: SA – 00:1a:e3:a7:ff:40 (vlan 2 gateway MAC in C3750)

In case of a A-MSDU frame, Address 3 will be always BSSID. If address 4 is used that also BSSID.

For data frames of subtype Null (no data), CF-Ack (no data), CF-Poll (no data), and CF-Ack+CF-Poll (no data) and for the corresponding QoS data frame subtypes, the Frame Body field is null (i.e., has a length of 0 octets); these subtypes are used for MAC control purposes.

For data frames of subtypes Data, Data+CF-Ack, Data+CF-Poll, and Data+CF-Ack+CF-Poll, the Frame Body field contains all of, or a fragment of, an MSDU after any encapsulation for security.

For data frames of subtypes QoS Data, QoS Data+CF-Ack, QoS Data+CF-Poll, and QoS Data+CF-Ack+CF-Poll, the Frame Body field contains an MSDU (or fragment thereof) or A-MSDU after any encapsulation for security.

The maximum length of the Frame Body field can be determined from the maximum MSDU length plus the length of the Mesh Control field (if present) plus any overhead from encapsulation for encryption (i.e., it is always possible to send a maximum length MSDU, with any encapsulations provided by the MAC layer within a single data MPDU). When the frame body carries an A-MSDU, the size of the frame body field is limited by:
— The PHY’s maximum PLCP service data unit (PSDU) length
— If A-MPDU aggregation is used, a maximum MPDU length of 4095 octets

The duration value calculation for the data frame is based on the rules in 9.7 that determine the data rate at which the control frames in the frame exchange sequence are transmitted. If the calculated duration includes a fractional microsecond, that value is rounded up to the next higher integer. All STAs process Duration/ID field values less than or equal to 32 767 from valid data frames (without regard for the RA, DA, and/or BSSID address values that might be present in these frames) to update their NAV settings as appropriate under the coordination function rules.

References
1. CWAP Official Study Guide – Chapter 6
2. IEEE 802.11-2102 Standard

Related Posts

1. 802.11 Data Frame Types

Basic Rates & Supported Rates
IEEE 802.11-2007 standard defines required rates as basic rates. For a client
station to successfully associate with an AP, the station must be capable of communicating by using the configured basic rates that the access point requires.

In addition to the basic rates, the access point defines a set of supported rates. This set of supported rates is advertised by the access point in the beacon frame and is also in some of the other management frames.After a station associates with an access point, it will use one of the advertised supported rates to communicate with the access point.

Dynamic Rate Selection
Also know as Dynamic Rate Shifting, Adaptive Rate Selection,Automatic Rate Selection. If you watch this 5 min CWNP video you will understand this concept well.

In simple terms as client station radios move away from an access point, they will shift down to lower bandwidth capabilities by using a process known as dynamic rate switching (DRS). Access points can support multiple data rates depending on the spread spectrum technology used by the AP’s radio card. Below diagram shows HR-DSSS (802.11b or Clause 18) AP client dynamically shift rates based on the signal quality (RSSI, SNR) it receive from the AP.

The objective of DRS is up-shifting and downshifting for rate optimization and improved performance. The algorithms used for dynamic rate switching are proprietary and are defined by radio card manufacturers. Most vendors base DRS on receive signal strength indicator (RSSI) thresholds, packet error rates, and retransmissions. Because vendors implement DRS differently, you may have two different vendor client cards at the same location, while one is communicating wit the access point at 11 Mbps and the other is communicating at 2 Mbps. Below is an sample chart showing the RSSI & SNR to achieve particular data rate for a given WLAN vendor. (page 227 – CWAP Official Study Guide)

Here is an example for Cisco 1262 AP receive sensitivity details listed in the AP specs.

References
1. CWAP  Official Study Guide – Chapter 6

Here are the information elements added in 802.11n (HT)

In this post we will see the details of HT Operations information element. HT Operation Element is found in Beacon, Reassociation Response & Probe Response frames transmitted by an AP.

Here is a frame capture of a beacon frame shows these fields. HT Operation Element ID is 61 & length is set to 22 bytes.

Here is a brief description of each field that can be found in HT Operation Element.

1. Primary Channel
Indicates the channel number of the primary channel.

2. Secondary Channel Offset (2 bits)
Indicates the offset of the secondary channel relative to the primary channel.
1 (SCA) -secondary channel is above the primary channel
3 (SCB) -secondary channel is below the primary channel
0 (SCN) -no secondary channel is present
2 -reserved

3. STA Channel Width (1 bit)
Defines the channel widths that may be used to transmit to the STA.
0 – 20 MHz channel width
1 –  allows use of any channel width in the Supported channel width set

4. RIFS Mode ( 1 bit)
Indicates whether the use of reduced interframe space is permitted within the BSS. RIFS can be used only when a HT Greenfield network is in place.
0 – RIFS is prohibited
1- RIFS is permitted

5. HT Protection
Indicates protection requirements of HT transmissions.
0 – no protection mode (Green Field mode)
1 – nonmember protection mode
2 – 20 MHz protection mode
3- non-HT mixed mode

RTS/CTS & CTS-Self
When HT protection is enabled within an HT BSS, an HT STA will precede HT transmissions with either an RTS/CTS control frame exchange or a CTS-to-Self control frame using modulation and coding understandable to the STAs that are being protected against. The Duration ID within these control frames causes STAs to update their network allocation vector (NAV), preventing them from initiating a new transmission until the end of the transmitting HT STA’s TXOP.

When protecting the transmission of 40 MHz HT frames against clause 17 (OFDM) radios and clause 19 (ERP) radios, protection mechanism control frames can be sent over the 40 MHz channel using non-HT duplicate transmissions. Non-HT duplicate transmissions allow the two identical 20 MHz non-HT control frames to be transferred simultaneously on both the primary and secondary channels as shown below (CWAP Study Guide – page 422).

6. Non Greenfield HT STAs present
AP indicates if any HT STAs that are not HT-greenfield capable have associated. Determines when a non-AP STA should use HTgreenfield protection. Present in Beacon and Probe response frames transmitted by an AP or mesh STA. Otherwise reserved.
0 – all HT STAs that are associated are HT-greenfield capable or all HT peer mesh STAs are HT-greenfield capable.
1 – one or more HT STAs that are not HT-greenfield capable are associated or one or more HT peer mesh STAs are not HT-greenfield capable

7. OBSS Non-HT STAs Present
Indicates if the use of protection for non-HT STAs by overlapping BSSs is determined to be desirable.
1 – use of protection for non-HT STAs by OBSSs is determined to be desirable.
0 – otherwise

8. Dual Beacon
Indicates whether the AP transmits an STBC beacon.
0 – no STBC beacon is transmitted
 1 – STBC beacon is transmitted by the AP

9. Dual CTS Protection
Dual CTS protection is used by the AP to set a NAV at STAs that do not support
STBC and at STAs that can associate solely through the STBC beacon.
0 – dual CTS protection is not required
1 – dual CTS protection is required

10. STBC Beacon
Indicates whether the beacon containing this element is a primary or an STBC beacon. The STBC beacon has half a beacon period shift relative to the primary beacon. Defined only in a Beacon transmitted by an AP. Otherwise reserved.
0 – primary beacon
1 – STBC beacon

When implementing STBC, the received signal may be improved by up to 8 dB, resulting in greater range shown in the below figure (CWAP- Page 423). An 8 dB increase in signal strength can yield up to 69 percent more range. This increased range will only apply to STBC frames and therefore does not automatically mean an increased BSS size for all STAs.

11. L-SIG TXOP Protection Full Support
Indicates whether all HT STA in the BSS support L-SIG TXOP protection.
0 – one or more HT STA in the BSS do not support L-SIG TXOP protection
1 – all HT STA in the BSS support L-SIG TXOP protection

L-SIG TXOP protection is an optional Physical layer protection mechanism, which uses the L-SIG (Legacy Signal) fi eld in the HT mixed PPDU header.

12. PCO Active
Indicates whether Phased Coexistence Operation(PCO) is active in the BSS Present in Beacon/Probe Response frames transmitted by an AP. Otherwise reserved. Non-PCO STAs regard the BSS as a 20/40 MHz BSS and may associate with the BSS without regard to this field.
0 – PCO is not active in the BSS
1 – PCO is active in the BSS

This is an optional mode of operation that divides time and alternates between 20 MHz and 40 MHz transmissions. The HT access point designates time slices for 20 MHz operations in both primary and secondary 20 MHz channels and designates time slices for 40 MHz transmissions.

The main advantage of PCO is that no protection mechanisms are needed during the 40 MHz operational phase. PCO might improve throughput in some situations. However, switching back and forth between channels could increase jitter, and therefore PCO mode is not recommended when VoWiFi phones are deployed.

13. PCO Phase
Indicates the PCO phase of operation Defined only in a Beacon and Probe  Response frames when PCO Active is 1. Otherwise reserved.
0 – indicates switch to or continue 20 MHz phase
1 – indicates switch to or continue 40 MHz phase

14. Basic MCS Set
Indicates the MCS values that are supported by all HT STAs in the BSS. Present in Beacon, Probe Response, Mesh Peering Open and Mesh Peering Confirm frames.  Otherwise reserved.
The Basic MCS Set is a bitmap of size 128 bits. Bit 0 corresponds to MCS 0.
A bit is set to 1 to indicate support for that MCS and 0 otherwise

The last field in the HT Operation Element is the Basic MCS Set. This field has a similar format to the RX MCS Bitmask subfield in the supported MCS Set field of the HT Capabilities Element. Unlike the RX MCS Set subfield, which shows the MCS supported by the AP, the Basic MCS Set field shows only MCS values that are supported by all HT STAs within the BSS.

References
1. CWAP Official Study Guide – Chapter 10
2. IEEE 802.11-2012 standard.

Related Posts

1. CWAP – Introduction to 802.11n
2. CWAP – HT Control Field
3. CWAP – HT Capabilities IE
4. CWAP – HT 20/40 BSS Coexistece IE
5. CWAP – HT Overlapping BSS Scan IE

For wireless network analysis, promiscuous mode is no longer good enough. This mode would require the wireless card to be associated to an access point and would not capture all wireless frames in the environment. By default, many wireless NIC drivers will not pass up 802.11 management and control frames and therefore would not be visible in the protocol analyzer. 802.11 wireless networks are  half-duplex, and wireless NICs cannot listen (receive packets) while transmitting.

Because of these issues, wireless analyzers place the NICs into a special mode called RF monitor mode; in this mode, the card becomes a passive monitoring device and cannot transmit, and therefore normal wireless network operation is disabled. In RF monitor mode, wireless NICs listen to all 802.11-encoded signals
on the channel on which they are currently monitoring.

Analyzer Location
Identifying the correct location to place a network analyzer is an essential step in performing successful wireless network analysis. Incorrect placement of the wireless analyzer can lead to false conclusions being made. For example, if you are capturing traffic too far away from the source and destination, you might see a lot of corrupted frames; however, the intended recipient may not be experiencing any frame anomalies.

An access point acts as the central point in an 802.11 wireless network, and all traffic must fl ow through the access point. Therefore, placing the analyzer as close to the AP as possible will allow the wireless analyst to observe the RF environment from the same perspective as the AP.

Capture Options

• Channel Selection & Scanning
  • Fixed Channel
    Fixed channel analysis will lock the wireless NIC card onto one channel, enabling it to capture all 802.11-encoded traffic on the selected channel.
  • Channel Scanning
    When channel scanning is selected, the wireless NIC will capture traffic on all selected channels, spending a short amount of time on each channel before moving to the next one.
  • Country code
    Within a given frequency band, every country has its own regulations that govern which channels are allowed to be used. After installing a customized analysis driver, you might find that you have the wrong number of channels available within your wireless analyzer. This is likely to be because the driver is configured with an incorrect country code.
  • 2.4GHz channel overlap
    Because the channels in the 2.4 GHz ISM band overlap, it is quite common to capture packets on channels other than the one on which they were originally transmitted. The channel a frame was captured on is displayed in the packet information at the top of every packet decode.To determine the channel a frame was transmitted on, you need to start examining the packet decode. A 2.4 GHz AP advertises the channel the BSS is operating on in the Direct Sequence Parameter Set information element contained in the beacon and probe response frames, as shown below.To determine which channel other frame types were transmitted on, because the transmitted channel information is not recorded within the frame. The following three-step procedure can be used to determine the transmit channel of a 2.4 GHz packet:
    1. Determine the BSSID from the packet in question. You can find this in the MAC header.
    2. Find a beacon frame with a matching BBSID. This could be done using a filter or search.
    3. Look up the BSS channel in the Direct Sequence Parameter Set information element.
    This method works for all frames transmitted as part of a BSS. However, it is not possible to determine the channel of a probe request frame, because these frames are used for BSS discovery and are transmitted on all channels by stations performing active scanning.
• Buffer size
  The capture buffer is an allocation of memory (RAM) that will be reserved for your packet capture. This memory is used by your analyzer to store captured frames.
• Save to disk
  If you need to capture packets over a sustained period of time, just selecting a large capture buffer will probably not provide enough storage, so the other option is to save the packets to disk.
• Packet Slicing
  Packet slicing allows you to just capture the first so many bytes of each packet, disregarding the rest of the frame. Often the only information we are interested in is the header information, and we do not have any interest in the data elements of the packets. This is especially the case on wireless networks when encryption is used and the data is unreadable. By using packet slicing, you can store a significantly larger number of packets to disk.
• Peer Map Function
  A peer map is a visual representation of which STAs are communicating with each other. Lines between peers indicate communication.
  Physical peer maps identify which physical devices (identified by their MAC address) are communicating. Physical peer maps draw lines between the source and destination MAC address within the MAC header.
  Logical (layer 3) peer maps are also available. On an IP logical peer map, lines are drawn between the source and destination address in the IP header.

Capture Filter vs Display Filters
Capture filters are applied to the packet stream before the packets enter the capture buffer. Anything filtered out at capture time is not stored and therefore cannot be recovered later. Capture filters can make your packet captures more readable by removing unneeded traffic.

Display filters or post-capture filters provide a way of hiding from view unwanted packets.An advantage of display filters is that the packets are only hidden and can be retrieved if required.

Expert Analysis
Expert analysis is the automatic detection of network events, errors, and problems by an analyzer. Expert analysis is a term used by the more traditional protocol analysis vendors, whereas the WIDS vendors tend to refer to their expert analysis as a set of alarms. There are two types of expert analysis, threshold-based and heuristic-based.

• Threshold-Based
  Threshold-based expert analysis collects network statistics and compares them to configured threshold values. When the statistics exceed the configured threshold, an expert event is triggered, and a notification is sent. An example of a threshold-based expert event would be “Too many retransmissions,” where the threshold value is configured to trigger this event when retransmissions reach an unacceptable level.
• Heuristic-Based
  Heuristic-based expert analysis looks for patterns in the traffic flow and compares them to a set of rules. Traffic that does not conform to these rules is reported. A good example of a heuristic-based expert event would be “Inefficient client,” which looks for clients sending data using only small packet sizes.

VoWiFi Analysis
The level of VoWiFi analysis that can be performed if encryption is used on the wireless network will be limited. Although we cannot analyze VoIP calls and their signaling on an encrypted network, we can still analyze two of the most import requirements for voice on a wireless network: QoS and fast efficient roaming.

• WMM Analysis
  QoS on a wireless network is achieved through the use of wireless multimedia (WMM). WMM-capable access points will advertise their WMM capabilities in beacon frame, as shown below.

• Call Analysis
  On unencrypted networks or on networks where you can enter a preshared key to decrypt the packets, you are able to analyze the call and signaling information of your VoIP conversations. Some network analyzers include special VoIP analysis features:
  • Call list
  • Call Quality matrix (MOS & R-Factor)
    The mean opinion score (MOS) is a value from 1 to 5 that indicates the perceived quality of a call.
    MOS score displayed by your protocol analyzer is what is called passive MOS. Passive MOS is calculated from another quality metric that you will see  displayed in your protocol analyzer, called R-Factor. R-Factor is calculated from measurable information such as jitter (the variation in packet delay over time), packet loss, and latency. R-Factor is a value from 0 to 100. Below shows the MOS & R-Factor value mapping.
    • Signaling diagrams
    • Call replay
    • VoIP expert events

Multiple Channel Protocol Analysis
One method of capturing traffic on different channels is to configure your wireless analyzer to perform channel scanning. The limitation of channel scanning is that the wireless capture adapter is capable of capturing packets on only one channel at a time and therefore only captures a snapshot of what is happening on each channel analysis or detailed troubleshooting is impossible, because too many of the required packets will be missing.

• Multiple Network Analyzer
  In an MCA environment, where the channel sets 1, 6, and 11 have been deployed, this approach would involve three separate analyzers on three separate laptops, with each analyzer configured for a different channel. This would produce three separate packet trace files.
• Simultaneous Captures & Multiple Adapter Support
  Some analyzers support the ability to start simultaneous captures from different network adapters. The advantage of this approach is that you need only one protocol analyzer; however, you are still left with three separate capture files—one for each channel.
• Multichannel Aggregation
  Multichannel aggregation takes capture streams from multiple adapters and aggregates them together into one capture. Each adapter can be configured
  for a different channel.

Roaming Analysis
Roaming is the method by which client stations move between RF coverage cells in a seamless manner. Seamless communications for stations moving between the coverage zones within an extended service set (ESS) is vital for uninterrupted mobility.
The best way to troubleshoot a roaming problem is to use an analyzer that supports multichannel aggregation and to confi gure one adapter for each of the channels used by the wireless network.

Distributed Protocol Analysis

• Wireless Analyzer with remote capture probes
• Wireless Analyzer with remote engines
• Centralized server with wireless sensors (WIPS)

References
1. CWAP  Official Study Guide – Chapter 12

Do you have a “developed mind” ? This will give an idea how you can decide it.How can you develop your own mind ? Simple answer is you have to study about “yourself” among the other studies you do. This leads you to develop skills to control your mind.

If you can keep your own mind at the present moment, that’s the key to improve your productivity. If you watch this ~5 min video, you will get an idea what I am referring to.

PS: Believe me I don’t have a “developed mind” as most of you  :smile: ,  but I am determine to develop my skills to “keep my mind at the present moment” & improve my productivity level.

Whatever you do in your life this should help you. Try it yourself & see…

Cisco has released Prime Infrastructure 2.2 today, a version long awaited by many of us. ISE 1.3, IOS-XE3.7, AeroOS-8.0 is supported in this PI2.2 version. Here is the release notes of this version & you need to go through it for greater details.

So what is the upgrade procedure for PI 2.2 ? You would think you can upgrade existing version to this like any other upgrade. You are wrong in this case :shock: . Here is what PI2.2 Quick Start Guide says about it.

“This version of Prime Infrastructure does not offer an in-place upgrade. To upgrade to the latest version, you must instead install this version of Prime Infrastructure as a virtual appliance on a fresh server, or order it pre-installed on a fresh hardware appliance. You can then migrate your data from your old Prime Infrastructure installation to the new one, using an application backup from the previous installation.

If you are currently using one of the following versions of Prime Infrastructure, you can back up your existing data and then restore that data to a different server running Prime Infrastructure 2.2:

• Cisco Prime Infrastructure 2.1.2 (with the UBF patch)
• Cisco Prime Infrastructure 2.1.1 (with the UBF patch)
• Cisco Prime Infrastructure 2.1.0.0.87
• Cisco Prime Infrastructure 1.4.2
• Cisco Prime Infrastructure 1.4.1
• Cisco Prime Infrastructure 1.4.0.45

If you are using a version earlier than 1.4.0.45 or 2.1.0.0.87, you will need to upgrade your server to version 2.1.0.0.87 (or version 1.4.0.45) before taking the backup.”

So in this post we will see what it involved to go to PI2.2 from a previous release. In my case, I am running PI 2.1.0.0.87 where I can directly take backup & restore of a PI 2.2 server.

First of all you need to build your PI2.2 server using .ova files available on CCO page(Downloads Home-> Products-> Cloud and Systems Management-> Routing and Switching Management-> Network Management Solutions-> Prime Infrastructure-> Prime Infrastructure 2.2-> Prime Infrastructure Software-2.2).

Since I am using VM, I have used PI-VA-2.2.0.0.158.ova to build the VM. Depend on the scale of your network, you need to size the VM accordingly. Below shown the minimum server requirement & supported scale for each type of installation.

Once you build the PI2.2 VM, then you need to backup & restore the existing PI application backup.

I have used remote-backup option where I can backup existing config onto a remote FTP server. You can configure a remote FTP repository as shown below. I have given a name called “ftpserver” & specify its IP address & username password.

prime2/admin(config)# repository ftpserver
 prime2/admin(config-Repository)# url ftp://x.x.y.214
 prime2/admin(config-Repository)# user <username> password plain <ftp_password>
 prime2/admin(config-Repository)# exit

You can verify the remote ftp server using below command where it should listed all files available in that FTP server

prime2/admin# show repository ftpserver
 10_14_7_247_140918_0230.cfg
.

Then you can backup your Prime Application configuration onto that FTP server as shown below.  Note that depend on the database size, time taken for the backup may vary. In my case it took around 50min to complete this backup process.

prime2/admin# backup PI-Backup ?
 repository  Repository to store backup in
prime2/admin# backup PI-Backup repository ?
 <WORD>  Repository name (Max Size - 80)
prime2/admin# backup PI-Backup repository ftpserver ?
 application  Application-only backup, excludes OS system data
 <cr>         Carriage return.
prime2/admin# backup PI-Backup repository ftpserver application ?
 <WORD>  Application name to be backed up (Max Size - 255)

prime2/admin# backup PI-Backup repository ftpserver application NCS
 
% Creating backup with timestamped filename: PI-Backup-141218-1452.tar.gpg
 Backup Started at : 12/18/14 14:52:29
 Stage 1 of 7: Database backup ...
 Database size: 96G
 -- completed at  12/18/14 15:13:42
 Stage 2 of 7: Database copy ...
 -- completed at  12/18/14 15:13:42
 Stage 3 of 7: Backing up support files ...
 -- completed at  12/18/14 15:14:57
 Stage 4 of 7: Compressing Backup ...
 -- completed at  12/18/14 15:15:26
 Stage 5 of 7: Building backup file ...
 -- completed at  12/18/14 15:31:29
 Stage 6 of 7: Encrypting backup file ...
 -- completed at  12/18/14 15:37:42
 Stage 7 of 7: Transferring backup file ...
 -- completed at 12/18/14 15:40:29
 Total Backup duration is: 0h:48m:0s

Note that I have shutdown the old VM & use same hostnames , IP for the new VM. Once new VM built,You can define a remote FTP repository specifying the same FTP server where config backed up.

prime2/admin(config)#repository ftpserver
 prime2/admin(config-Repository)# url ftp://x.x.y.214
 prime2/admin(config-Repository)# user <username> password plain <ftp_password>
 prime2/admin(config-Repository)# exit
 
 prime2/admin# show repository ftpserver
 10_14_7_247_140918_0230.cfg

Then you can restore the backed up configuration as shown below. Note that there are some important notes displayed where you have to pay attention. You have to be patient & it will take around 1.5 hours (again depend on your PI database size)

 prime2/admin#restore PI-Backup-141218-1452.tar.gpg repository ftpserver application NCS

* NOTE *
 If the system console is disconnected or got cleared on session timeout
 run 'show restore log' to see the output of the last restore session.

Restore will restart the application services. Continue? (yes/no) [yes] ? yes

DO NOT press ^C while the restoration is in progress
Aborting restore with a ^C may leave the system in a unrecoverable state

Initiating restore.  Please wait...
 Restore Started at 12/18/14 16:22:42
 Stage 1 of 9: Transferring backup file ...
 -- completed at 12/18/14 16:24:48
 Stage 2 of 9: Decrypting backup file ...
 -- completed at  12/18/14 16:32:13
 Stage 3 of 9: Unpacking backup file ...
 -- completed at  12/18/14 16:32:15
 Stopping strongSwan IPsec...
 Stage 4 of 9: Decompressing backup ...
 -- completed at  12/18/14 16:42:23
 Stage 5 of 9: Restoring Support Files ...
 -- completed at  12/18/14 16:42:27
 Stage 6 of 9: Restoring Database Files ...
 -- completed at  12/18/14 16:42:45
 Stage 7 of 9: Recovering Database ...
 -- completed at  12/18/14 17:04:49
 Stage 8 of 9: Updating Database Schema ...
 Stage 1 of 5: Pre Migration Schema Upgrade ...
 -- completed at: 2014-12-18 17:24:06.287, Time Taken : 0 hr, 15 min, 21 sec
 Stage 2 of 5: Schema Upgrade ...
 : This could take long time based on the existing data size.
 -- completed at: 2014-12-18 17:34:56.075, Time Taken : 0 hr, 10 min, 49 sec
 Stage 3 of 5: Post Migration Schema Upgrade ...
 -- completed at: 2014-12-18 17:44:13.068, Time Taken : 0 hr, 9 min, 16 sec
 Stage 4 of 5: Enabling DB Constraints ...
 -- completed at: 2014-12-18 17:44:39.7, Time Taken : 0 hr, 0 min, 22 sec
 Stage 5 of 5: Finishing Up ...
 -- completed at: 2014-12-18 17:44:52.668, Time Taken : 0 hr, 0 min, 12 sec
 -- completed at  12/18/14 17:45:18
 Stage 9 of 9: Re-enabling Database Settings ...
 -- completed at  12/18/14 17:45:18
 Total Restore duration is: 01h:22m:36s
 INFO: Restore completed successfully.
 
Starting PI Server... This may take some time
 Passwd reset alread in progress
Starting Prime Infrastructure...
This may take a while (10 minutes or more) ...
 Prime Infrastructure started successfully.
Starting strongSwan 5.0.1 IPsec [starter]...

prime2/admin# show application status NCS
Health Monitor Server is running.
Matlab Server Instance 1 is running
Ftp Server is running
Database server is running
Matlab Server is running
Tftp Server is running
NMS Server is running.
Matlab Server Instance 2 is running
Plug and Play Gateway is running.
SAM Daemon is running ...
DA Daemon is running ...

If everything went well you should be able to log onto your PI2.2 & enjoy the features of new version :smile: .

After one month of wait, finally I got my CWNE result today & become CWNE#153.

In this post I would like to summarize my CWNE journey as it may give some inspirations for future CWNEs. Even though I have completed my CCIE Wireless lab on Aug 2013, I felt some skills gap in my wireless knowledge. I knew how to configure Cisco products in-depth, but did not have sound knowledge about how WiFi works. Without doubt anyone will agree with me, the CWNP program is the best option to learn WiFi. So in December 2013 I decided CWNE is my study goal for 2014.

As of 2014, here are the requirements to become a CWNE.

Here are the details of clarifications on what qualified as “Achievements”  in the section 4 in the above.

Here are the 4 exams you have to complete which is one of the requirement for the CWNE. There are official study guides available for all of these exams & you can find some instructor-led classes as well. This post gives some other useful reference for CWNP studies outside above formal materials.

1. CWNA – Certified Wireless Network Administrator
2. CWSP – Certified Wireless Security Professional
3. CWAP – Certified Wireless Analysis Professional
4. CWDP – Certified Wireless Design Professional

Keeping the momentum is one challenge with these exams. In CCIE, you have to do lots of hands on tasks where it helps to keep it going. For CWNA & CWNP exams, mostly you have to read the study guides & try to understand the concepts. I managed to do my CWNA exam by end of February.

For the professional level exams ( CWSP, CWAP, CWDP) first challenge is to decide, in which order you have to approach it. (in fact you can do it whatever order you like). What is the logical order of doing it ? Many agree CWAP -> CWSP -> CWDP makes sense. This gives you opportunity to learn by analyzing packets what’s going on WiFi to get a sound understanding of WiFi operations before moving onto WiFi Security & WiFi Design. (Since I have done all these 3 exams, I can tell you CWAP is the most difficult one, so be prepared :shock: ).

In my journey, I have selected CWSP first, thinking that would be the most difficult one (based on my own judgement & own skill in that area), then CWAP & finally CWDP. If you know WiFi operation & WiFi security well, then it should help you in WiFi Design. I was fortunate to find a good study partner to help each other in this Journey. (Tuhin : You are an admirable friend :smile: )

Even though everything inline, we could not get the concentration required easily, so 5-6 months passed without any CWNP studies. So in August, I decided to schedule these 3 exams in 3 months (16 Sep – CWSP, 21 Oct – CWAP & 25 Nov – CWDP) & stick to a schedule for studies. We used a simple strategy, I have to select half of the chapters (i choose odd numbers  & my friend took even number chapters :) , for fairness) in CWSP study guide & study those first. Then you have to teach those to your study partner. My partner did the same (teaching is powerful way of learning, so try to use that method whenever possible). At least 2 times during weekdays (1-2hr) & 2 times during weekends (2-4 hrs) discussions were held (my friend from US & I used to start my day 4.30 AM to study 2 hrs in everyday). These discussions gave each other required motivation & momentum to keep going.

In CWSP, if you could configure & test it yourself, that would give lots of benefit to remember those tiny details. So I have done few blog posts on what I have done with CWSP topics.

How to Study for CWSP

I went for the exam on 16th September. Based on our study plan we covered all the topics & practice questions came with study guide & available on CWNP website as well. I was very confident & happy with the result (passed with 85%). By the way my friend also passed the exam in couple of weeks time (as he was so busy with his work, had to reschedule)

Then we moved on to CWAP & continued the same strategy. If you followed my blog during this time (October 2014), you would realize how intense it was. I did almost 1 blog per day for a topic related to this exam. This is all about analyzing wireless frames & visualize detail  WiFi operation. Apart from the CWAP study guide, IEEE 802.11-2007 standard would become a handy reference for you. By end of the 1 month study, it becomes too many details to remember & I found blogging about it helped me to remember certain things.

I went for CWAP exam on 21st Oct. I realized in certain questions, I have to make some guesses, so end up with 68% & failed (70% was the pass mark). If you study properly, failing this sort exam won’t let you down, as it always give you another learning opportunity (same for CCIE & failing it make you stronger by giving you opportunity to learn it in detail). So I scheduled it again 5th Nov & read more on the area I was not that confident. So this time, I managed to pass it with 78%. Here are my study notes on CWAP. (Unfortunately my friend could not do the exam due to his workload)

My CWAP Study Notes

Finally start moved to CWDP studies. In CWDP, there is nothing much you can do with hands on while you are studying. If you have wireless deployment experience, you will understand most of the topics without much trouble. I found RF  concepts /hardware chapters (CH6 & 7) are little hard while all others are easy read. After reading all those chapters & did chapter review questions & other question banks comes with book CD, available in CWNP site, went to the exam on 25th Nov.  I managed to pass this with 76%.  Due to the nature of topics & limited time I had during studies did not get any time to do blogging like CWAP & CWSP for CWDP.

Once you complete these exam requirements, it is just matter of completing your CWNE applications while fulfilling other given requirements.  You have to write about 3 WiFi projects you involved highlighting how you utilized your skills in that project to address some of the challenges in those projects. Regarding publications requirement, I have done enough WiFi related posts & I simply used them. I had CCIE R&S , CISSP certification to fulfill other certification requirement. Also you have to get endorsement from 3 individual who know about your wireless experience. I got one from my manager (always helped me on my studies & lucky to have someone like him as my manager ) & others form two of my colleagues (Thanks a lot @wirelessguru and @scottpstapleton )

Here is the current CWNE distribution around the Globe. I know I am the 4th CWNE here in Australia :smile:

End of the day, most important thing is the journey you go to achieve these. To get the respect comes with these certs, you have to deliver what is expect from a true expert. So don’t try to find shortcuts or keep a goal of getting these numbers in quickest possible time (no value in my perspective).

Go your journey at your own phase (depend on experience you have you can determine how much time you have to spend on these). Try to find an admirable friend/friends to help each others. Always share your knowledge (via blog, forums, community events) & that will give you a satisfaction you cannot buy it from any other means. Also try to inspire someone else to make this journey .(be someone who makes others to follow)

I have two wishes at this point of time

1. This post will inspire future CWNEs & CWNP program become more popular.
2. My friend Tuhin, will get his CWNE status in 2015 :)

The WordPress.com stats helper prepared a 2014 annual report for mrncciew blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 480,000 times in 2014. If it were an exhibit at the Louvre Museum, it would take about 21 days for that many people to see it.

Click here to see the complete report.

Cisco has announced its 2015 Cisco Designated VIP class based on the contribution made by its members in CSC forum during 2104.

I am glad that I have been selected as one (out of 3) of VIP based on the effort put in “Wireless-Mobility” section of this forum. Here is the complete list of 2015 Cisco Designated VIPs.

This is the 2nd time I have been awarded this & thank you CSC to recognize its members in this way. Also congrats all 2015 VIP members & thanks for their effort to share the knowledge through this forum.

As a VIP, I will get a free entry to CiscoLive 2015 & hoping to go for Melbourne event to be held on 17-20 March this year. If you are planning to come to this one, let’s catch up, specially if you know me through this blog, but never got a chance to meet me in person :)

I would like to encourage you to participate these forums & share your knowledge to help wireless community.

Relates Posts

1. 2014-Cisco Designated VIP (Wireless)

In my previous post on “How to improve your productivity” it was mentioned living in the present moment is the way. But how do you do that ? I did not had an answer at the time of that writing. Now I have something to work on this.

I have spent past 10 days on a course which gave me a great technique based on “living in the present moment” concept. So I brief my experience here so many others can get benefit from it.

Its called “Vipassana” an ancient meditation technique used to eradicate mental impurities (see this video for short introduction). It is full on 10 days course where you have to live cut off from the rest of world :shock: . It is not the only challenge, you have to stick to a serious schedule (4:00 AM to 9:30 PM) with following breakdown of task.

4:00 am                 Morning wake-up bell
4:30-6:30 am         Meditate in the hall or in your room
6:30-8:00 am         Breakfast break
8:00-9:00 am         Group meditation in the hall
9:00-11:00 am       Meditate in the hall or in your room according to the teacher’s instructions
11:00-12:00 noon  Lunch break
12noon-1:00 pm    Rest and interviews with the teacher
1:00-2:30 pm         Meditate in the hall or in your room
2:30-3:30 pm         Group meditation in the hall
3:30-5:00 pm         Meditate in the hall or in your own room according to the teacher’s instructions
5:00-6:00 pm         Tea break
6:00-7:00 pm         Group meditation in the hall
7:00-8:15 pm         Teacher’s Discourse in the hall
8:15-9:00 pm         Group meditation in the hall
9:00-9:30 pm         Question time in the hall
9:30 pm                 Retire to your own room–Lights out

Effectively 12 hours of meditation per day (including 1 hour talk explaining the concepts). It is a kind of another CCIE final preparation :smile: . During this time you cannot communicate with each other (even no eye contact), cannot have anything to read, write, watch or listen . All those rules are there for a reason; keeping your mind focus on one thing.

First  3 days, you learn a technique to control your mind to focus on natural reality of breath as it enters & leaves the nostrills (called Anapana meditation). If you think you already have this capability try to close your eyes for 2-3 min & see you can keep your mind focus on one thing. You will realize your mind wanders away endlessly into “past” & “future” rather stick into the present moment. With 3 days effort, one will develop skill to mastery over the mind to make them ready for the next phase of the course.

By the fourth day the mind is calmer and more focused, better able to undertake the practice of Vipassana itself: observing sensations throughout the body, understanding their nature, and developing equanimity by learning not to react to them. You will continue this for 6 days & be end of this period you can realize how well this technique works for you.

This was most challenging part for me. I have not done any meditation prior & this was my first experience of doing it. Even though it is expected to stay in the same position for 1 hour in one go, initially I could only stay 20-30min max, but once you have great determination & continue you will develop skills to stay longer while not reacting to any sensation (pleasant or unpleasant, gross or subtle). Only on 8th day, I could sit for 1 hour first time :smile: . During 6-7-8th days, you will experience a change within your body where your mind get very light, more energetic, reduced sleeping times-still feel very energetic next day.Here is a short extract of Teacher’s talk explaining this bit. Definitely you feel your capacity has increased.

On the 10th day,  participants learn the meditation of loving kindness or goodwill towards all, in which the purity developed during the course is shared with all beings. Also you get opportunity to communicate with other students on this day, which helps you get ready to go back to your normal life on the next day.

Overall this was my best 10 days period in this life. I was very fortunate to be in this course & learn this great technique to work on rest of my life. (you have to practice this daily, that would be the secret of your success on this path)

I will encourage everyone of you to give it a try & see how it will improve your life by practicing this technique. Most importantly, these courses are 100% free (it is funny we spend 3-5k for 3-5 days course, where something  like this available for free of charge). Also it is available through  275 centers worldwide. See one may be close to you, still you may not aware of it :shock: .

*** How did I go there ***

It took me nearly 37 years to find this sort of great learning. Even after that many years, If I haven’t met my lovely wife Rajika, I may not get this opportunity in this life. She has done this few times & encouraged me to go there while taking care of all the hardship of family life for this 10 day period. I am very fortunate to have someone like her as my lifetime partner. May all my merits share with her & help her to progress further in this Dhamma journey.

References
1. www.dhamma.org

After a long wait (I did this post in 2 years back), finally Cisco has refreshed CCIEW v2.0 to CCIEW v3.0. According to this announcement, 13 September 2015 is that last day to do written or lab exam under version 2.0.

So what are the differences made on v3.0 compare to v2.0. There are couple of major differences

1. Lab exam format
Cisco has changed the format of the Lab exam to align with other CCIE lab exams. So you will get 1 hour Diagnostic/Troubleshooting session prior to go to 7 hours hands on lab. You have to earn minimum passing score on both section & minimum total cutoff as well to pass the Lab exam.

2. Converged Access
Cisco has introduces Converged Access deployment as part of Unified Access. So you have to learn this in addition to Centralized & FlexConnect deployment model in Unified Access.

Here is the high level module changes in v3.0 compare to v2.0. Here (CCIEWireless_Labv3 ) is the detail blue print for v3.0 lab exam.

3. Hardware & Software changes.
You have to learn AireOS 8.0 & IOS-XE 3.6 as software versions of AireOS conntrollers & IOS-XE switches/controllers (3650/5760).  Addition to this ISE (Identity Service Engine) has been added as Radius server replacing ACS. Prime Infrastructure 2.2 added replacing WCS. MSE 3300 listed without any specific software version, but I am sure it is 8.x to inline with other products software version.

Below summarize those changes in CCIEWv3.0

4. Feature addition/removal.
With introduction of software code 8.0 to that Lab, there are lots of new features someone need to learn. Also addition of ISE,IOS-XE,later version of MSE gives Cisco opportunity to test latest features. Here are the new additions in v3.0

1. Configure and troubleshoot stacking
2. Configure and troubleshoot basic OSPFv3
3. Configure and troubleshoot basic IPv6 EIGRP address families
4. Configure and troubleshoot SXP/SGT
5. Configure and troubleshoot PSPF
6. Configure and troubleshoot Flexconnect
7. Configure and troubleshoot new mobility
8. Configure and troubleshoot a Unified Deployment Model (Converged)
9. Configure and troubleshoot client profiling and provisioning
10. Configure and troubleshoot CoA
11. Configure and troubleshoot basic sponsor policy (Guest)
12. Implement and troubleshoot CMX
13. Integrate ISE
14. Integrate netflow
15. Configure andf troubleshoot BDRL
16. Configure and troubleshoot mDNS
17. Configure and troubleshoot AVC and netflow

Cisco has listed following topics as “removed” when refreshing from v2.0 to 3.0

1. Configure and troubleshoot MFP
2. Configure and troubleshoot peer-to-peer blocking
3. Configure and troubleshoot IGMP snooping
4. Configure and troubleshoot WDS (L2)
5. Upgrade Autonomous to Unified
6. Configure and troubleshoot H-REAP
7. Implement local DHCP services for clients

As you can see, feature removal is negligible compare to amount of features added. So better think of this is CCIEW2.0 + lot of new features/products.

So knowing CCIEW v3.0 is around the corner, what should be your strategy. Here is my view for someone in that situation.

1. If you already started your CCIEW2.0 journey (or even attempted lab exam already), then do not get distracted, keep studying on v2.0 & try to pass the lab exam. If you already booked your 1st lab attempt around July/Aug, I would consider bring it forward (at least giving you an opportunity to go back in case you cannot make it in first go).

2. If you haven’t schedule your lab exam yet, then I would consider go for v3.0 lab exam instead of v2.0. Though it is challenging decision, if you learn all these latest & greatest product with included features, you will pretty much know what currently deploying (it is not like you learn older software codes & then realize those are out of date in current market)

3. If you haven’t start your CCIEW journey, but was thinking of it then do not disappoint with this announcement. Yes, you have to learn a lot, but all good for you. I know lot of people get on with Converged Access (as of the challenges in deployments) & stay away from it as much as they can.(more comfortable with Centralized deployment model). If you are in that mindset, please move out of it. You will create your own barrier to study it.

4. In v2.0, you could use older hardware (WLC: 4400,2100, SW: 2960,3750, AP: 1260,3500) to setup your home lab. In v3.0, this is going to be challenging as you require 5508 (or min 2504), 5760 & 3650 all latest,so finding them cheaply is a challenge. So remote racks going to be primary method of lab practice. If you get opportunity to work with 3650/5760 in a project, get maximum benefit rather than stay away from it saying its challenging.

At last, keep remember everything is changing. so does these technologies, blueprint,etc. If you give up your CCIEW inspiration due to these latest changes, that is the biggest harm you going to do for yourself.

Related Posts

1. Get Ready for CCIEW v3.0
2. How to become CCIE Wireless ?

Cisco has published initial release (8.1.102.0) of AireOS 8.1 code. In this post we will look at what it brings & points you need to consider before jump into this code. Here is the release notes of 8.1.102.0 code.

Main purpose of this code release is  to support two new controller platforms (CT5520 & CT8540). These two platform has largely increased scalability compare to its predecessor  CT5508 & CT8510 platforms. (eg 500AP,7K clients ,8Gbps throughput  in 5508 where as 1500AP, 20K clients, 20Gbps in 5520)

This does not mean 5508 & 8510 goes EoL, but if you are purchasing AireOS controllers, these two new platform are the one you should buying now on.

The other important fact about this new software version is Cisco has stop supporting 3 different indoor AP models namely 1130,1240,1250 series. Also this new codes stops supporting 1520 series outdoor AP models. You may already knew that if you seen the below post few months back

https://supportforums.cisco.com/blog/12385701/cisco-access-point-models-not-supported-81-code

This will be the most  critical factor when deciding move on to this new code, if you already having a deployed wireless network. If you have those AP models, then start replacing them prior to move on to 8.1

If you are not in that situation, then you have to keep a WLC with older software version (7.4,7.6 or 8.0) to support those AP models in future (until you replace them)

Also 1040,1140,1260 Series AP will able to register 8.1 code WLC, but those AP model will not support any new features added in 8.1. Here is the list of AP model supported in this new code. Refer this compatibility matrix document for more details

Lightweight APs: 1040, 1140, 1260, 1600, 1700, 2600, 2700, 3500e, 3500i, 3500p, 3600e, 3600i, 3600p, 3702e, 3702i, 3702p, 600 OEAP, 700, 700W, AP801, and AP802

Outdoor Mesh APs: 1532E, 1532I, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, 1552S, and 1570

Another important point to note if you have deployed 5508 as Mobility Controller in Converged Access deployment (3850/3650 as MA, 5508/WiSM2 as MC). In 8.1 code this MC functionality is not supported in AireOS WLC. So if you have dedicated MC with AireOS, you have to plan to migrate that to IOS-XE MC (such as 5760)

Still “new mobility” feature is supported in AireOS & you can configure mobility between AireOS & IOS-XE MC (5760). So roaming will work between these two systems. Below extract from Release Note.

“Seamless roaming with Inter-Release Controller Mobility (IRCM) between Cisco 8510 WLC, Cisco 8540 WLC, and Cisco 5520 WLC with Cisco 5760 WLC—Enables seamless mobility and wireless services across high scale WLCs running Cisco AireOS and Cisco IOS using new mobility for features such as Layer 2 and Layer 3 roaming and guest access or termination.”

Here is the some of key features introduced in 8.1

Enhanced HD experience:
– Dynamic Bandwidth Selection (DBS)—Automatic and intelligent configuration of 5-GHz channel bandwidth (20, 40, 80 MHz) for good channel width. This can be achieved by the learning of both client mix and the presence of neighboring APs and wireless networks.
– Flexible Dynamic Frequency Selection (DFS)—Automatic adjustment of channel selection and channel width for 5 GHz spectral regions requiring radar detection and avoidance.
– Enhanced Interference Mitigation—Event-driven RRM (ED-RRM) is additionally triggered by Wi-Fi interference (faster channel change than the typical dynamic channel assignment cycle in RRM).
– Optimized Roaming Extensions —802.11v Basic Service Set (BSS) Transition Management (the infrastructure provides explicit advice to clients for reassociation and roaming).

 Cisco WLAN Express and Best Practices on Wireless Controllers —Simplifies the initial (day 0) setup for Cisco WLCs with over-the-air setup and best practices defaults that enable RF parameter optimization and network profiles

AVC for FlexConnect Local Switch AP-This release extends the AVC functionality from Cisco WLC to the AP. The AVC on FlexConnect AP provides application visibility and control for locally switched client traffic. The AVC on FlexConnect uses Protocol Pack 8.0 and NBAR engine version 16

Guest Anchor Priority —Assigns a fixed priority to each anchor WLC or HA pair. The highest priority Cisco WLC is designated as the primary anchor. This feature also allows load distribution in round-robin fashion if the priorities are of the same assigned value.

Multi-country domain support on WLC for bridge AP—Enables multiple country codes to be configured on a single Cisco WLC with bridge mode APs connected.

Like any other code, it has listed large number of open/resolved bugs in this code. You have to deploy & see how stable this new code is.

Reference
Cisco Wireless Release 8.1 Bulletin
Cisco WLAN Configuration Guide – Release 8.1

Related Posts

1. What’s new in WLC 8.0

Today is a special day for this blog, where stats count reached over 1 million. It took just little over 3 years to get there since it started in April 2012. In this post I look back and go through what’s behind this success.

Here is daily stats for past 30 days.

Here is the stats on monthly basis.

Here is the stats where users came from. As you can see two-third of hits came from top 10 countries leading by US contributing to 30% of total traffic.

Here is some interesting stats on how long it took to reach 1 million views. It only got 20k (2%) traffic in first 12 months where as ~700k (70%) traffic came during past 12 months.

Here is the list of most popular post in my blog. I have done almost 320 posts over past 3 years and some post get popular while others are not. AP conversion (Lightweight <-> Autonomous) related posts leading the way. Some of the recent posts like “What’s ne in WLC 8.0″ and “How to go there PI 2.2″ got some attractions & came to top 10 list.

There are 508 subscribers to this blog and here are first followers of my blog. (thanks for being long time subscribers)

Now let’s go through what is secret behind success of this blog.

Whatever I do, I always look for 10 qualities to improve. My blog became a platform to practice those qualities and that become one of the main reason why this blog keep going.

1. Generosity
Though I started this blog as study notes for my CCIE Wireless exam, quickly I realized it is not only for me,many others can get benefits. Since then I spent lots of hours on blogging primarily to benefit the others. Even after completed my CCIEW lab exam, I  kept this blog running as it benefits broader wireless community. As you know I am not expecting anything from you for sharing my knowledge. (so if you give some thing give it 100% not expecting anything in return)

2. Integrity (Morality)
If you follow my blog for some time, you may already note that I am trying to be ethical all the time. If I got any references, I disclosed them within those posts. I always wrote those post independently & no commercial gain received from any of those.

3. Right Intention
I always see if I have right intention to do something. Whatever it is,  that should not leads to build up my ego. I am a very simple person who is working towards get rid of my ego. I did not try to build an image about myself through this blog,If you perceive this differently please let me know.

4. Wisdom
I try to understand things as it is (impermanence nature of every thing). Even this blog may not be there one day (no plan to purposely shutdown, but who can predict future). I pay attention to details when writing a blog post and that helps me to improve my wisdom.

5. Sustained Effort
I have kept sustained effort to achieve my goals. During 2012-13 for CCIE Wireless lab exam, in 2014 for CWNE certification and in 2015 more to learn about self. Even after all these, I will put persistent effort to keep this blog going.

6. Patience
It is the practice of exercising patience toward behavior or situations that might not necessarily deserve it. Sometime certain blog posts took long time and I had to be patient about it.

7. Truthfulness
This is one of the key success of my blog. I believe I have being open & honest with my blog posts, comments and that help to build trusted relationship between you and me. There is no hidden agenda.

8. Determination
Whatever you do you need to have a strong determination. I have demonstrated it pursuing CCIE Wireless lab exam, CWNE certification during past 2-3 years.

9. Friendliness
I got connected with many of you through this blog. Even though I may not known you personally, I tried to help you as a true friend and helped you as much as I can (whoever contacted me for any assistance know this better).

10. Equanimity (evenness of mind)
In my life there are ups & downs all the time, even I was down at some situations, this blog helped me to recover from those situations . Some time your feedback  gave me the energy to come back strongly (when I failed CCIEW lab first time ;) ).

You may think these are basic qualities that everyone should have, but it is difficult to find people with those qualities & hence I am trying to be one of those. These qualities help me to be successful whatever I am doing including running this blog.

I would like to end this post with below quote as it helps me to practice living in the present moment.

“Energy follows attention, therefore whatever you place your attention on is what will receive energy in your life”

Related Posts

1. 100k hits for my blog
2. 2014 in Review

Connected Mobile Experiences (CMX) is Cisco’s WiFi location analytic solution to provide a value-added and personalized user experience to WiFi users. If you are familiar with Cisco Mobility Service Engine (MSE), then CMX is the new brand name for that service with some improved features.

Below diagram summarize the CMX solution components

Specific to v10.x releases, Cisco has improved the scalability, performance of this platform compare to v8.x. Below is the architectural difference of those two versions.

Below diagram shows CMX 10.x components with more details

In this post we will look at “CMX Presence” and in next post we will look into “CMX – Location” Here is the CMX 10.2.0 Release notes which listed below new features .

1. Presence Analytics (in CMX Prsence)
2. Social Analytics (in CMX Location)
3. Verticalization ( in CMX Location)
4. HpeerLocation Module (in CMX Location  with 10.2.1)
5. CMX Fast Locate (in CMX Location with 10.2.1)

Pay attention to below details prior to move on to CMX 10.2

Once you install the CMX Application on either VM or Hardware (in my case I have used 3355 appliances), you can access GUI to install using https://cmx-ip:1984 as shown below.

You have to select either “Presence” or “Location” functionality. You cannot have both function in the same CMX instance. Also note that “Presence” service does not require any maps (Prime Infrastructure is not a requirement). So it is suited for customers that does not have many buildings/APs at given location, still they want to WiFi clients presence analytic.

Since I want to use this for “Presence” I have selected that option & continued. You will see below components get installed.

In the next Setup page, it is expected you to enter PI credential (if you have WLC sync with a PI).

Anyway in Presence, you should be able to work without PI, I will add controllers manually to CMX.

First you have to get CMX MAC address and SHA1 or SHA2 keys and configure them on your controllers. You can use”cmxctl config controllers show” and “cmxctl config controllers add” CLI command (Here is the 10.2 CLI Command Reference Guide).

[cmxadmin@cmx-p ~]$ cmxctl config controllers show
** To troubleshoot INACTIVE/INVALID controllers verify that: 

     1. the controller is reachable
     2. the controller's time is same or ahead of MSE time
     3. the SNMP port(161) is open on the controller
     4. the NMSP port(16113) is open on the controller
     5. the controller version is correct
     6. the correct key hash is pushed across to the controller by referring the following:

+-------------+------------------------------------------------------------------+
| MAC Address | xx:xx:xx:bb:1c:00                                                |
+-------------+------------------------------------------------------------------+
| SHA1 Key    | 9999999999999ead11d62dfa444c8e2396c668a4                         |
+-------------+------------------------------------------------------------------+
| SHA2 Key    | 999999999999999999999992f240ab651cf73b76903f218fb704e9ce8240d565 |
+-------------+------------------------------------------------------------------+

For AireOS controller, you require SNMP and NMSP communication between CMX & WLCs (Refer this post for how to configuring NMSP). You can CMX MAC & Keys as below. (Note that SHA2 support is only from AireOS 8.0.x onward)

(WLC) >config auth-list add sha256-lbs-ssc xx:xx:xx:bb:1c:00   99999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565

You can use “show auth-list” output to verify that CMX MAC address & SHA2 key listed there.

(WLC) >show auth-list 
Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
  AP with Manufacturing Installed Certificate.... yes
  AP with Self-Signed Certificate................ no
  AP with Locally Significant Certificate........ no

Mac Addr                  Cert Type    Key Hash
-----------------------   ----------   ------------------------------------------
xx:xx:xx:bb:1c:00         LBS-SSC-SHA256      99999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565

Below shows the CMX configuration to add AireOS WLC (I have already configured my WLC for SNMPv3 – Refer this post for more detail)

[cmxadmin@cmx-p ~]$ cmxctl config controllers add
Please enter controller type [WLC / NGWC] [WLC]: 
Please enter controller IP: x.x.7.249
Please enter the controller image version [Optional]: 
Please enter controller SNMP version [v1 / v2c / v3] [v2c]: v3
Please enter the username: prime2
Please enter the auth type [none / hmacmd5 / hmacsha] [hmacsha]: 
Please enter the auth password: xxxx
Please enter the privacy type [none / des / aescfb128] [aescfb128]: 
Please enter the privacy password: xxxx
.
Controller Added x.x.7.249

In IOS WLCs, you can  do that as shown below. Once you enable NMSP you simply need to add CMX MAC address as username with SHA2 key as password.

nmsp enable
username xxxxxxbb1c00 mac aaa attribute list CMX-P
aaa attribute list CMX-P
 attribute type password 999999999999999999999999f240ab651cf73b76903f218fb704e9ce8240d565

In CMX, you can add a NGWC (5760/3850/3560/etc) as shown below.

[cmxadmin@cmx-p ~]$ cmxctl config controllers add
Please enter controller type [WLC / NGWC] [WLC]: NGWC
Please enter controller IP: x.x.49.1
Please enter the controller image version [Optional]: 
Please enter telnet username: admin
Please enter telnet password: xxxx
Please enter telnet enable password: xxxx
.
Controller Added x.x.49.1

You can verify the configured controller status using “cmxctl config controllers show” command.

[cmxadmin@cmx-p ~]$ cmxctl config controllers show
+--------------+------+-------------+------+--------+
| IP Address   | Type | Version     | SHA2 | Status |
+--------------+------+-------------+------+--------+
| x.x.x.35 | WLC  | 7.6.130.26  | No   | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.6.244  | WLC  | 8.0.120.0   | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.32 | NGWC | 7.0.999.999 | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.31 | NGWC | 7.0.999.999 | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.0.183   | WLC  | 8.0.120.0   | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.0.186   | WLC  | 8.0.120.0   | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.26 | NGWC | 03.06.03E   | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.32.25 | NGWC | 7.0.999.999 | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+
| x.x.49.1  | NGWC | 7.0.999.999 | Yes  | ACTIVE |
+--------------+------+-------------+------+--------+

Note that CMX 10.2 is not compatible with current NGWC software codes (at least with 3.6.3E which I am running). Even though above indicate all good, I was unable to get those 3850 managed APs onto CMX. May be upcoming release may address it :shock:

Once your WLCs added, you can log onto CMX GUI (https://cmx-ip) and do your presence analytic. (default admin/admin unless you have change it during initial setup).

You can manage licenses/users/notifications in “MANAGE” page.

CMX comes with 120 day evaluation license for both CMX Base and CMX advance license for 100 AP.(Refer CMX 10.x ordering & license guide for more detail). If you already have MSE 7.4/CMX8.x you can move those license across to CMX 10.2

CMX Base license provides the following services:
1. Location: The ability to determine the location of Wi-Fi clients, Bluetooth low     energy (BLE) beacons, devices, and RFID tags. Includes tracking devices using FastLocate or Hyperlocation
2. CMX Connect: Visitor Wi-Fi onboarding platform
3.  APIs: Third-party integration using standard REST APIs

CMX Advanced license provides the following services:
1.  Includes all the CMX Base services – Location, APIs, CMX Connect
2.  CMX Location Analytics
3.  CMX Presence Analytics

Note: CMX Analytics and CMX Presence Analytics cannot be used simultaneously. A CMX instance will use either location or presence.

In the “Users” section, you can create different users and assigned them a specific role.

You can click on “Manage” under “PRESENCE ANALYTICS” to configure your sites, add APs to your sites & other related configurations.

You can create site individually (if you have small number of sites), otherwise you can import your site-list from a CSV file. Required format already available in information icon as shown below.

Once you create your sites, you should be able to map your AP onto those sites. You can do that in “Access Points” menu by filtering your AP and adding to a configured site.

You can create site group (if you create site for each building, then site group may useful to analyze all of those buildings WiFi users’ presence stats). Once you done all those, you can go to specific site and get some WiFi presence Analytics (total visitors, average dwell-time, peak hour stats, top device vendor,etc)

You can use “CONNECT & ENGAGE” settings to create portal for your visitors (public guest users) based on sites you created.

From the “SYSTEM” menu you can monitor your CMX system performance.

In next post, we will see how “CMX-Location” service setup and its features. This require Cisco Prime Infrastructure with updated maps.

References

1. Cisco CMX 10.2 and Location Update (Wireless Field Day 8 – Oct 2015)
2. BRKEWN-2012 – Connected Mobile Experiences (CMX) – CiscoLive 2015 San Diego
3. Connect Mobile Experience – Cisco Docs
4. CMX Configuration Guides

Related Posts

1. What is NMSP
2. MSE 8.0 Upgrade
3. Configuring SNMPv3

Couple of months back I upgraded our prime infrastructure to 3.0 from 2.2. That time I chose to go with inline upgrade as it was supported. If you have worked with this product, many of us know “do a fresh install and import maps” is the safest  approach for a Prime Infrastructure Upgrade. Of course you will loose historical data and has to do manual work, still worth doing.

When I upgraded CPI 2.2 to CPI 3.0 most of the settings left as default unless those were changed in 2.2. Within 2 months of the upgrade, got to below alerts stating CPI running on low disk space.

When checked in CLI, PI database size is 638G (97% of allocated space ). As suggested, did a “disc cleanup” and that helped to recover ~25G. Within a day that space consumed by the database and constantly getting above alert. You can check your CPI database utilization as below (optvol is the one holding CPI database which is running out of space)

prime/admin# root
Enter root password :
Starting root bash shell ...

ade # df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/smosvg-rootvol
                      3.8G  461M  3.2G  13% /
/dev/mapper/smosvg-varvol
                      3.8G  784M  2.9G  22% /var
/dev/mapper/smosvg-optvol
                      694G  638G   21G  97% /opt
/dev/mapper/smosvg-tmpvol
                      1.9G   36M  1.8G   2% /tmp
/dev/mapper/smosvg-usrvol
                      6.6G  1.3G  5.1G  20% /usr
/dev/mapper/smosvg-recvol
                       93M  5.6M   83M   7% /recovery
/dev/mapper/smosvg-home
                       93M  5.6M   83M   7% /home
/dev/mapper/smosvg-storeddatavol
                      9.5G  151M  8.9G   2% /storeddata
/dev/mapper/smosvg-altrootvol
                       93M  5.6M   83M   7% /altroot
/dev/mapper/smosvg-localdiskvol
                      130G   53G   71G  43% /localdisk
/dev/sda2              97M  5.6M   87M   7% /storedconfig
/dev/sda1             485M   25M  435M   6% /boot
tmpfs                 7.8G  2.6G  5.3G  33% /dev/shm
ade # exit

here is how you could do the disk cleanup

prime/admin# ncs cleanup
***************************************************************************
!!!!!!!                           WARNING                           !!!!!!!
***************************************************************************
The clean up can remove all files located in the backup staging directory.
Older log files will be removed and other types of older debug information
will be removed
***************************************************************************
Do you wish to continue? ([NO]/yes) yes
 
***************************************************************************
!!!!!!!                DATABASE CLEANUP WARNING                     !!!!!!!
***************************************************************************
Cleaning up database will stop the server while the cleanup is performed.
The operation can take several minutes to complete
***************************************************************************
Do you wish to cleanup database? ([NO]/yes) yes
 
***************************************************************************
!!!!!!!                USER LOCAL DISK WARNING                      !!!!!!!
***************************************************************************
Cleaning user local disk will remove all locally saved reports, locally
backed up device configurations. All files in the local FTP and TFTP
directories will be removed.
***************************************************************************
Do you wish to cleanup user local disk? ([NO]/yes) yes
===================================================
Starting Cleanup: Wed Nov 11 09:41:11 AEDT 2015
===================================================
{Wed Nov 11 09:44:07 AEDT 2015} Removing all files in backup staging directory
{Wed Nov 11 09:44:07 AEDT 2015} Removing all Matlab core related files
{Wed Nov 11 09:44:07 AEDT 2015} Removing all older log files
{Wed Nov 11 09:44:09 AEDT 2015} Cleaning older archive logs
{Wed Nov 11 09:45:01 AEDT 2015} Cleaning database backup and all archive logs
{Wed Nov 11 09:45:01 AEDT 2015} Cleaning older database trace files
{Wed Nov 11 09:45:01 AEDT 2015} Removing all user local disk files
{Wed Nov 11 09:47:31 AEDT 2015} Cleaning database
{Wed Nov 11 09:47:45 AEDT 2015} Stopping server
{Wed Nov 11 09:50:07 AEDT 2015} Not all server processes stop. Attempting to stop remaining
{Wed Nov 11 09:50:07 AEDT 2015} Stopping database
{Wed Nov 11 09:50:09 AEDT 2015} Starting database
{Wed Nov 11 09:50:23 AEDT 2015} Starting database clean
{Wed Nov 11 09:50:23 AEDT 2015} Completed database clean
{Wed Nov 11 09:50:23 AEDT 2015} Stopping database
{Wed Nov 11 09:50:37 AEDT 2015} Starting server
===================================================
Completed Cleanup
Start Time: Wed Nov 11 09:41:11 AEDT 2015
Completed Time: Wed Nov 11 10:01:41 AEDT 2015
===================================================

ade # df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/smosvg-rootvol
                      3.8G  461M  3.2G  13% /
/dev/mapper/smosvg-varvol
                      3.8G  784M  2.9G  22% /var
/dev/mapper/smosvg-optvol
                      694G  614G   45G  94% /opt
/dev/mapper/smosvg-tmpvol
                      1.9G   36M  1.8G   2% /tmp
/dev/mapper/smosvg-usrvol
                      6.6G  1.3G  5.1G  20% /usr
/dev/mapper/smosvg-recvol
                       93M  5.6M   83M   7% /recovery
/dev/mapper/smosvg-home
                       93M  5.6M   83M   7% /home
/dev/mapper/smosvg-storeddatavol
                      9.5G  151M  8.9G   2% /storeddata
/dev/mapper/smosvg-altrootvol
                       93M  5.6M   83M   7% /altroot
/dev/mapper/smosvg-localdiskvol
                      130G  188M  123G   1% /localdisk
/dev/sda2              97M  5.6M   87M   7% /storedconfig
/dev/sda1             485M   25M  435M   6% /boot
tmpfs                 7.8G  2.5G  5.4G  32% /dev/shm

Since disc clean up did not help, reached TAC to see if they could help here. They logged onto DB and removed some old data (mainly alarms/alerts), still recovered space was not released and disc utilization was same as before. I think this issue is tracked by below bug ID

Symptom:
PI 2.2 - Need a method to reclaim free space after data retention
As of now once records got deleted from tables that doesn't mean that the database engine automatically gives those newly freed bytes of hard disk real estate back to the operating system. 
That space will still be reserved and will be used later in order to write into database , So we need an enhancement in order to reclaim that unused space

Conditions:
NA
Workaround:
NA
Last Modified:Nov 11,2015
Status:Open
Severity:6 Enhancement
Product:Network Level Service
Support Cases:5
Known Affected Releases: 2.2(0.0.58)

So at this point, no way other than building CPI 3.0 from fresh.

Due to this space recovery issue of CPI 3.0 you have to make sure you modify the default data retention policies appropriately. Here is the values I have modified in this new CPI 3.0 installation (Administration > Settings > System Settings > Data Retention). Note that some of these values suggested by TAC.

Under  Alarms and Events settings (Administration > Settings > System Settings > Alarms and Events > Alarms and Events)  you have to modified the clean up options. By default some of these options not enable and if you leave as it is, this will take considerable amount of disk space. Once you migrate such CPI system to 3.0, database size will be assigned depend on the space of Alarm & Event consumed. Later on even if you delete these file CPI 3.0 will not release that space back for any other thing.

Data Retention under “Clients & User settings” as well you may have to modified some of those default values.

It is a good idea to change some of the event notification threshold. Specially you do not want to hear the bad news when disk is 90% utilized. I have reduced it to 60%

After all those policy modifications in fresh CPI 3.0 installation, I have added all network devices manually. With 2 weeks of data I can see database size is 100G which is 11% of the disk allocated. I hope with those modified settings PI database remain manageable size.

ade # df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/smosvg-rootvol
                      3.8G  323M  3.3G   9% /
/dev/mapper/smosvg-varvol
                      3.8G  143M  3.5G   4% /var
/dev/mapper/smosvg-optvol
                      941G   98G  795G  11% /opt
/dev/mapper/smosvg-tmpvol
                      1.9G   36M  1.8G   2% /tmp
/dev/mapper/smosvg-usrvol
                      6.6G  1.3G  5.1G  20% /usr
/dev/mapper/smosvg-recvol
                       93M  5.6M   83M   7% /recovery
/dev/mapper/smosvg-home
                       93M  5.6M   83M   7% /home
/dev/mapper/smosvg-storeddatavol
                      9.5G  151M  8.9G   2% /storeddata
/dev/mapper/smosvg-altrootvol
                       93M  5.6M   83M   7% /altroot
/dev/mapper/smosvg-localdiskvol
                      174G  9.7G  155G   6% /localdisk
/dev/sda2              97M  5.6M   87M   7% /storedconfig
/dev/sda1             485M   18M  442M   4% /boot
tmpfs                  12G  3.9G  8.0G  33% /dev/shm

So here is my advice if you are going to CPI 3.0 from older versions.

1. Always go with a fresh installation with map import
2. Modify the Data Retention Policies and Alarms/Events settings. Do not leave the default settings.
3. If historical data is essential, make sure delete unnecessary files prior to do the inline migration & aware of PI database size.
4. Monitor the growth of CPI 3.0 database over time take necessary actions before running out of space.
5. You can copy the license from 2.x to 3.0 ( /opt/CSCOlumos/license)

Not sure how many of you experience this issue (done inline migration & later on had to fresh build). If you managing large scale environment be aware of this.

References

1. Cisco Prime Infrastructure 3.0 Release Notes
2. Cisco Prime Infrastructure 3.0 Quick Start Guide
3. Cisco Prime Infrastructure 3.0 Administrator Guide4. Cisco Prime Infrastructure 3.0 Documentation Overview

Related Posts

1. How to go there – PI 2.2
2. Cisco Prime – Device Mgt using SNMPv3
3. Upgrade Prime using CLI
4. WLC Config Backup using Prime