Cisco launches a new Wireless platform (9800) to replace their old AireOS Controllers. This new platform are running IOS-XE as rest of their 9000 series products. For people familiar with IOS this was nice news. This also causing a lot of migration projects from AireOS to 9800 and also they have launched a new product to replace Prime. Cisco DNA Center… Now called Cisco Catalyst Center.
In the past 4-5 years this has taking a lot of my time. _This is a brush-up of common how-to’s that i have collected over the years and also a description for new customers that want to migrate. In following scenario, my customer have Prime and 5520 Controller and want to migrate to Catalyst Center, CW9800M Controller and new AP’s.
Wireless Controllers are physically installed in both DCs with cabling and initial configuration. It is recommended that, in addition to 2 x 10G uplink + redundant uplink, you also connect to the console server (Out-of-band management)
Catalyst Center (Cat-C) is installed in one DC with 10Gb Enterprise uplink, as well as uplink to CIMC (if possibly also Out-of-band management))
A Smart licensing connection is established to Cisco Smart Licensing Portal.
Via Cat-C the CW9800M is configured, the 5520 is added and maps are migrated in from Prime (PDART). It is ensured that the site hierarchy is as desired. Switches may be loaded. in Cat-C. (Upgrading/patching Prime/5520 may need to be done before)
CW9800M functionality is tested, including WLAN, VLAN, redundancy etc.
APs < 1700/2700 are prioritized to be replaced first (1700/2700 are supported up to and including ios-xe ver. 17.12.3). Then 1700/2700 and finally 1800/2800 (It must be ensured that the possibility of roaming between different AP/WLC models is avoided).
AP replacement takes place via PnP in the Catalyst Center.
AP/WLC handling in Catalyst Center.
Without Wireless Controllers being provisioned in the Catalyst Center
Automatic PnP where Wireless LAN Controllers are set up with Cat-C Assurance and configured directly and bypass Cat-C. In this setup, it is possible to provision APs with Policy-Tags, Site-Tags and RF-tags. This takes place via AP join to Cat-C PnP. It is also possible to automatically configure Tags via “filter” in the Controllers. Configuration of AP/RF parameters etc. is also possible via Workflows in Cat-C.
Digital Site maps will be able to be upgraded via a 3rd party supplier/electrician, who with the right access will be able to update maps and AP location in Cat-C.
Wireless Controllers are provisioned in Catalyst Center (recommended)
In order to achieve an even higher degree of automation, it would be advantageous to choose to provision Wireless LAN Controllers via Cat-C and thus secure additional PnP options and feature gains.
APs join Cat-C, are provisioned via serial number/MAC and are placed in the site hierarchy. configuration is assigned based on position in hierarchy..
The process for Wireless Controller provisioning via Cat-C will be to use Wireless Network Profiles under “Design -> Network Profiles”. Profiles and Controllers are assigned via site hierarchy in Cat-C, after which Access Points inherit these settings, depending on where in the site hierarchy they are placed.
Provisioning of WLC via Cat-C will also give the following benefits:
Using the built-in Plug and Play (PnP) server and workflow function (Replace Device and Access Point Refresh), Cat-C can automatically provision/configure Access Points with minimal manual processes. By using the PnP functionality, a network technician will be able to replace/provision an Access Point centrally, where a 3rd party supplier/electrician can solve the physical task (assembly and cabling).
It is possible to replace a failed Access Point with a corresponding device, where the configuration is carried over to the replacement device. The option is found inside Cat-C “Inventory” where the device to be replaced is marked and “Inventory>Device Replacement>Mark Device for Replacement” is selected. From here, a workflow will guide you through the replacement process. This whole process will be able to be carried out without a network technician having to physically go to the device, and an electrician or 3rd party can solve the physical work.
Switch handling in the Catalyst Center.
Using the built-in Plug and Play (PnP) server and template function (day-0 and day-n), Cat-C can automatically provision/configure a switch with minimal manual processes. By using the PnP functionality, a network technician will be able to centrally provision a switch (configuration), where a 3rd party or an electrician can solve the physical task (assembly and cabling).
The process is as follows:
- On the seed switch (existing switch where the new one is connected), configure the port the new switch is connected to. This can be done either by a network technician connecting to the switch via SSH and configure the port, or that the same configuration is pushed out to the switch via. Cat-C templates.
- An electrician or 3rd party mounts and cables the switch up to the configured port on the seed switch.
- The PnP process will now automatically start, and the switch will be found in Cat-C under the PnP menu.
- From the PnP menu, the new switch is now “claimed” and the PnP onboarding workflow starts.
- In the PnP workflow, basic information is filled in so that the switch can be provisioned. This includes hostname, management IP and that uplink ports are selected.
- Once the necessary information is filled in, the PnP workflow will take over and the day-0 template will be applied to the switch. From here, the switch is ready for use. The used day-0 and day-n templates will be able to be edited from within Cat-C, where there will be corresponding version control and auditing of changes.
Software image management (SWIM) is the built-in function of Cat-C to software update switches automatically. Here it is possible to set a “golden image” with the desired version of software you want in your network, as well as to schedule a software update in two stages as desired.
It is possible to replace an RMA notified unit with a similar unit, where configuration is carried over to the replacement unit. The option is found inside Cat-C “Inventory” where the device to be replaced is marked and “Inventory > Device Replacement > Mark Device for Replacement” is selected. From here, a workflow will guide you through the replacement process. This entire process will be able to be carried out without a network technician having to physically go to the device, and an electrician or 3rd party can solve the physical work.
“Template hub / CLI Templates” is the functionality by which configuration templates can be pushed out to one or more switches. The templates that are pushed out to the switches will be continuously checked by the built-in compliance engine in Cat-C, which checks that the desired configuration is present on the switches. If there is a mismatch between the configurations, the device will be listed as “Non-Compliant”.
Functionality
2 pieces CW9800M installed in HA setup ensures a very high uptime on the wireless network. If one CW9800M (or network around it) becomes defective, the other CW9800M will immediately take over. This happens without clients losing their session.
In addition, an HA setup allows for upgrading/patching, without downtime for the wireless network (ISSU upgrade (In-Service Software Upgrade) / Requires Network Advantage license).
The CW9800M platform provides the option to terminate client traffic locally at the AP uplink port (Flex Connect) and/or on the CV9800M’s uplink ports (Central switching).
Cat-C is used to monitor, manage and provision the wireless network (and wired networks). If you choose to provision the CV9800M from Cat-C, you get additional automation in your wireless environment.
Cat-C assurance (requires Advantage license), provides great insight into clients and equipment (360° view) as well as great help with troubleshooting.
Overview of features in relation to Essentials/Advantage licensing: https://www.cisco.com/c/m/en_us/products/software/dna-subscription-wireless/en-sw-sub-matrix-wireless.html?oid=porew018984
Implementation
2 x CW9800M + CAT-C are installed alongside the existing setup with 2 x 5520, virtual WLC and Prime being in operation. The new setup is configured and tested before starting the replacement of APs and possibly move existing APs that are supported by the new platform. Depending on the existing map structure in Prime, the PDART tool is used to migrate maps + Hierarchy to Cat-C.
The Cat-C PnP ip address is created in DNS, after which new APs will be provisioned via Cat-C as described under the “solution description”
