Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Add MSE on Switch 3850


Does any body knows where to add the MSE key has on a Switch 3850, on WLC the command is 


config auth-list add lbs-ssc <MSE Ethernet MAC> <MSE key hash> 


thaks for your help.



Accepted Solutions
VIP Purple

HiSee whether this helps

VIP Purple

HiSee whether this helps

New Member

Hi Manannalage ras,I have

Hi Manannalage ras,

I have read your post and perform the commands to enable NMSP on the swich, now I can see the switch as ccontroller on Prime and assign it, thanks for your help

tep 1Login into MSE via ssh

tep 1
Login into MSE via ssh connection or via a console connection.
Step 2
Issue the commands:
[root@cmxmse ~]# cmdshell -- Issue this command to get into cmdshell
cmd> show server-auth-info - Issue this command to get auth info for the MSE
invoke command: com.aes.server.cli.CmdGetServerAuthInfo
AesLog queue high mark: 50000
AesLog queue low mark: 500
Server Auth Info
MAC Address: 00:0c:29:b1:f5:a8 - Note the MAC address
SHA1 Key Hash: ee68b5062b4181f68d5dd489db2bfcf5637b5eff
SHA2 Key Hash: ec7ebc55bbef366332da70e995f2c073bc7cfaf4cb6d845336adfc67ce961644 -- Make a
note of this key to be used later
Certificate Type: SSC
cmd> config unauthenticated-nmsp true - Enable Un-authenticated NSMP connection.
invoke command: com.aes.server.cli.CmdSetServerConfigParameter
Cisco Connected Mobile Experiences (CMX) CVD
Appendix E CMX Troubleshooting
Aspect Ratio Issues while Creating Maps
Parameter unauthenticated-nmsp was successfully modified
Step 3
Login into the WLC via SSH or Console shell and invoke the commands:
(Cisco Controller) >config auth-list add sha256-lbs-ssc <MAC ADDRESS> <KEY HASH>
MAC ADDRESS and KEY HASH are derived from Step 2.
Step 4
Verify that MSE has been manually added on the
WLC and the NSMP connections are up between the
two. Invoke the following commands on WLC:
(Cisco Controller) >show auth-list - Shows the manually added MSE to WLC
Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate.... yes
AP with Self-Signed Certificate................ yes
AP with Locally Significant Certificate........ yes
Mac Addr Cert Type Key Hash
----------------------- ---------- ------------------------------------------
00:0c:29:b1:f5:a8 LBS-SSC-SHA256
(Cisco Controller) >show nmsp status - Shows NSMP status
MSE IP Address Tx Echo Resp Rx Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------
<MSE IP > 75779 75779 210547 12

VIP Purple

Hi Salodh,The method you

Hi Salodh,

The method you described applicable only to AireOS controllers. So 3850/5760 it is little bit different. I have done a post to cover both scenarios. See below.



**** Pls rate all useful responses ****


CreatePlease to create content