Scribd
Upload
142 views177 pages

Cisco DNA Center Wireless Automation

The document outlines a session at Cisco Live LA focused on wireless network automation using Cisco DNA Center. It covers topics such as the introduction to the next-generation wireless stack, automation workflows, deployment models, and key takeaways. Additionally, it highlights the challenges in current wireless networks and the benefits of Cisco's DNA automation principles.

Uploaded by

ansafi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
142 views177 pages

Cisco DNA Center Wireless Automation

The document outlines a session at Cisco Live LA focused on wireless network automation using Cisco DNA Center. It covers topics such as the introduction to the next-generation wireless stack, automation workflows, deployment models, and key takeaways. Additionally, it highlights the challenges in current wireless networks and the benefits of Cisco's DNA automation principles.

Uploaded by

ansafi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 177

#CiscoLiveLA

Wireless Network
Automation with Cisco
DNA Center
Flavio Correa- Technical Solutions Architect
CCIE Wireless #38913 @correaflavio

BRKEWN-2026

#CiscoLiveLA
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKEWN-2026


by the speaker until November 1st , 2019.

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Why automation and Network Intuitive
• Introduction to Wireless Next Gen Stack
• Wireless Automation Workflow
• Day N Changes
• Automation with 3rd party and APIs
• Deployment Models
• Key Takeaways

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Other Mobility sessions during this week
• BRKEWN-2010 Introduction to Next Generation Wireless Stack
BRKEWN-2017 RF Fundamentals from WiFi to WiFi6 (11ax) Wireless Networks
Wednesday

• BRKEWN-2034 Cisco DNA Assurance: Isolate wireless network problems for


faster troubleshooting using AI and Machine learning
• BRKEWN-2670 Introduction to Catalyst 9800 Wireless Controllers

• BRKEWN-2012 Design and Use Cases of a location enabled Wi-Fi network


supported by Cisco DNA Spaces
Thursday

• BRKEWN-2016 Branch Office Wireless LAN Design


• LTREWN-2030 Hands-on Solutions Lab on Catalyst Wireless 9800 Controllers

#CiscoLiveLA Session ID © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Other Cisco DNA related sessions
• BRKCRS-2046 SD-Access Design and Deployment for Campus and Branches
• BRKCRS-3810 Cisco SD-Access technology deepdive
• BRKCRS-2810 Cisco SD-Access - A Look Under the Hood
• BRKCRS-2188 SDA and SD-WAN Interworking in the Cisco Multi-domain Architecture
• BRKCRS-3811 Cisco SD-Access - Policy Driven Manageability
• BRKCRS-2105 The Hybrid Campus: How to deploy a combined Cisco SD-Access and
Meraki solution
• BRKNMS-2910 Enhance the Security of your network with Cisco DNA Center
• TECCRS-2700 Cisco Digital Network Architecture: Enabling Enterprise networks for
the digitalized business

#CiscoLiveLA Session ID © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The cost of Doing Business in the Digital World
Enterprise Trends driving Digital
Transformation
Data growth
Connected devices 3.64
7.5B
Threat surface areas Mobility
Devices per IoT Things Cloud
Person Connected

$60B Spent of
Network
Resources Operations

An evolved world needs a network evolved.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Why are companies spending so much ?

95% 70% 75%

Network Changes Policy Violations OpEx Spent on Network


Performed Manually Due to Human Error Changes & Troubleshooting
*McKinsey study conducted for Cisco in 2016

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Today’s Key Challenges for Wireless Networks

Configuration Complex to set-up Hardware & Box centric


Inconsistencies and manage Provisioning takes
“Cookbooks” need to Scale redefines Months
be constantly updated Complexity

The challenges will only grow as we move to next generation workspaces


#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
The Network. Intuitive.
Constantly learning, adapting and protecting.
LEARNING
Informed
DNA Center by Context
Visibility into traffic
and threat patterns
Who, What, When,
Policy Automation Analytics Where, How

INTENT CONTEXT
Powered Intent-based
by Intent Network Infrastructure
Translate Business Intent
to Network Policy
Automate the management
and provisioning millions of
devices instantly

SECURITY
#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Software-Defined Access
DNA Center Automation has great benefits independent of the Secure Fabric and Assurance

Automation Secure Fabric Assurance

Simple Policy Definition Virtual Networks and Monitoring


and Enforcement Groups Made Easy and Troubleshooting

Industry Best-Practices Decouple Policy from Network Proactive Issue Identification and
and Policy Compliance Topology Resolution

11
#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Automation
Existing Approach Cisco DNA Approach

Multiple Apps for Management across Integrated Workflows across Domains


Domains

Device Centric Configurations Intent driving service provisioning &


Policy Abstraction

Multiple tools for Automation and One Box Solution with closed loop
Assurance Automation

Software Update is Manual and Proactive and Consistent Software


Reactive update and Patching

Out of the box Integration with IT


IT process tools working in Silos Process tools

The Network that Scales for the Digital Business


#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco DNA Center - Automation Principles

Lifecycle Management IT Process Automation Policy Based Automation

BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center Automation - Journey Map

Day 0 Day 1 Day 2 Day N


Network On-boarding Config & Operations Security & Optimization Patching and Maintenance

• MRE based Security


• Software upgrade
• WiFi site planning & • Device Provisioning Advisory
using SWIM
deployment • Security Policy • Netflow/ETA enablement
• Application Policy
• AP Deployment / Refresh w/ Stealthwatch

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introduction to
Cisco Next
Generation
Wireless Stack
Cisco Next Generation Wireless Stack

Catalyst 9100 Catalyst 9800 Cisco DNA Cisco DNA


Access Points Wireless Controllers Automation & Spaces
Assurance

Resilient, Secure, Intelligent


#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Flexible Deployment Options
Catalyst 9800-80
6000 APs, 64K clients
80 Gbps

Catalyst 9800-40
2000 Aps, 32K Clients,
40 Gbps

Catalyst 9800-CL
1000, 3000 or 6000 APs
Catalyst 9800-L 10K, 32K or 64K Clients
250 APs, 5K Clients,
5 Gbps
Catalyst 9800
Embedded Wireless**
200 APs, 4K Clients
Catalyst 9800
Embedded Wireless* Catalyst 9800-CL***
100 APs, 2K Clients 1000 APs, 10K Clients *Supports Local Switching only
**SD-Access only
*** Catalyst 9800 for Public cloud FlexConnect only

Up to 100 APs Up to 250 APs Up to 1000 APs Up to 3000 APs Up to 6000 APs

Distributed Branch & Small Campus Medium Campus Large Campus


#CiscoLiveLA BRKEWN-2010 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
New Cisco Catalyst 9100 Series Access Points
Ideal for small to medium-sized deployments Mission critical

Powered by the
Cisco RF ASIC
Catalyst 9115 Catalyst 9117 Catalyst 9120
(Wi-Fi 6 certifiable) (Wi-Fi 6 compatible) (Wi-Fi 6 certifiable)
• 4x4 + 4x4 • 8x8 + 4x4 • 4x4 + 4x4
• MU-MIMO, OFDMA • MU-MIMO, OFDMA (only DL) • Cisco RF ASIC
• Spectrum Intelligence • Spectrum intelligence • Dual 5GHz, HDX
• 1 x 2.5 mGig • 1 x 5 mGig • RF signature capture
• TWT • Non Triggered TWT • IoT ready (Zigbee, Thread)
• Integrated Antenna only • Container support for IOT apps
• 1 x 2.5 mGig
• TWT

DNA Assurance with Full Wireless Integrated and external


iCAP Bluetooth 5 Capabilities with antenna SKUs
802.3at/PoE+
#CiscoLiveLA BRKEWN-2010 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
AireOS vs. Catalyst 9800 Config Model
Going towards a more Modularized and Reusable model with Logical decoupling of configuration entities Granular & simplified
What Policies on which Sites
with what RF characteristics

WLAN AP Group Flex Group RF Profile Basic


Policy Site
Tag
Wireless Tag
Policy
Basic Tag
Network Policies Network Policies High Density HDX Advanced
Wireless
Wireless WLAN RF
Tag
Advanced Wireless site Wireless security Data Rates
Wireless settings
Decouple Wireless Security

Remote Site
Wireless Security RF Parameters DCA, TPC, CHDM
Config

Site Specific Remote site Profile threshold Modularize Switching Policy


RF Tag
Switching Policy parameters for traps
Policies
Policy a/n/ac
Profile
Network Policy RF Profiles Switching Policies Client Distribution Network Policy b/g
High Density HDX

High Density HDX


Data Rates
Site Tag
AireOS Config Model Wireless site
settings Data Rates
AP Join DCA, TPC, CHDM
Profile
Site Specific
Policies DCA, TPC, CHDM
Profile threshold
for traps
Profile threshold
for traps
Remote Site Client Distribution
Config
Client Distribution
Flex
Remote site Profile
parameters

RF Profile
#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Benefits of the new config model

Reusability
Easy Provisioning Change Management
Config modularized as
With AP attribute Site based filtering
objects
Tagging

Rule-based Tagging
Simplicity For easy Day 1
No inheritance or configuration
containers

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Wireless
Automation
Workflow
Scenario
A large enterprise is refreshing their wireless infrastructure to C9800 across
multiple sites/buildings. Site B

Intent Site C
Site
A

Deploy Enterprise & Guest


SSIDs with customized RF
Site
profiles across sites. D
WAN/Internet Site I

Campus Core

Site F Site H
Site E Site G

Typical Customer Network


#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Wireless Automation - Overview

Plan Design Design Provision


Network Business
Services Intent

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Wireless Deployment Workflow
Profile Mapped to
Site SSIDs and RF
Parameters that
represent wireless
network

Network Services WLC Mapped to


Mapped to Sites Sites
Map sites
Common settings that WLC
for Sites will manage

Site/Building

AP Mapped to Site
APs inherits the
properties of the Profile
associated to site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Plan
Site Hierarchy & Maps

Plan Design Network Design


Business Intent Provision
Services
Plan
Step -1 Create Site Hierarchy along with Buildings and Floors

Step -2 Import Floor Maps

Step -3 Manage Floor Map Properties


or
Export the Site Hierarchy and Maps from PI and import
Step -4
into DNAC (PI Customers)

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Export Sites and Maps from Prime Infrastructure
Export Sites
Step 1 Step 2

Site.CSV

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Export Sites and Maps from Prime Infrastructure
Export Maps
Step 1 Step 2

Maps.tar.gz

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Import Ekahau 10.0.2 Project File into DNAC 1.3.1

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ekahau Project File information

Imports The Building, the floors (maps-scaled),Obstructions (walls – doors) and


all AP’s placed on the map
APs that match AP name/type become Active APs

Building, all floors


and AP’s Imported AP’s placed on Map
as Active AP’s, not Planned,
if matched on name/model
against discovered AP’s
in DNA Center Inventory

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Workflow for Un-Matched AP’s
• AP’s that do not match – are still placed on the
map as a Planned AP
• Rich workflow for assignment built in
• Hover over a planned AP and choose Assign
option – opens the AP Assignment dialogue
• AP’s match by name and then by type The
dialogue lists:
• AP’s with similar names
• AP’s with same type
• And all AP’s currently unassigned
• A matched AP assumes the Active AP’s name
and becomes active

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Design Network
Services

Plan Design Network Design


Business Intent Provision
Services
Network Services and Credentials
Network Services
• AAA (Network and Client)
• DNS, DHCP
• NTP

Monitoring Services
• Syslog
• Traps
• Netflow and Application Visibility

Credentials
• CLI
• SNMP
• HTTP

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Challenges with Network Services & Credentials

§ Vary by :
§ Location
§ Differences in Network Design
§ Information often stored in Files - Error
Prone
§ Day 2 Updates become a challenge

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Manage Site Hierarchy

• Create Sites --> Buildingsà


Floors
• Sites could be Area/Building
• Areas can contain areas
within them
• Upload Floor Map

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Manage Maps
Add new Floors to the Building and Upload Maps

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Manage Maps
Edit Map Properties & Position AP’s

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Automate Roll Out of Regional Changes
Common Network Settings

§ Update AAA, DHCP,


DNS, NTP, Servers

§ Manage Collectors like Inheritance


Indicator
the Syslog, Netflow &
Trap Receivers

§ All Properties Inherited


and Overridden at
Sites/Area/Building

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Adhere to Password Compliance Standards
Device Credentials

§ Manage Device
Credentials (CLI),
SNMP Read/Write
Credentials and
Https(s) Credentials

§ All Properties
Inherited and
Overridden at
Sites/Area/Building

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
§ Network Services get
mapped to Sites
Design § Automatic Inheritance
Network manages the settings for
Services YOU

§ Eliminate “Fat Fingering”


Summary § Reduce “Opex Time”

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
AAA/ISE Integration

BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
AAA Server - ISE Integration ?
Objectives and Key Points
• Single pane of management for all AAA/policy administration between
network devices and ISE
• Automate RADIUS/TACACS configuration for network devices.
• Support only one ISE cluster.
• Enable secure services between Cisco DNAC and ISE:
o pxGrid Service to pull the info out of ISE (Uni-Directional)
Obtain TrustSec metadata such as SGT, IP-SGT mappings & TrustSec policy.
o ERS APIs (Bi-Directional Communication)
§ Fetch deployment model from ISE, such as PAN and PSN info
§ Add devices to ISE as network devices
§ Create SGT, IP-SGT mappings & TrustSec policy on ISE
#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
?
AAA Server - ISE Integration
Pre-Requisites

• The minimum supported ISE version is 2.3


• pxGrid service and SSH should be enabled on ISE.
• ISE super admin credential is used for trust establishment for SSH/ERS API
communication.
• ISE CLI and UI user accounts must use the same username and password
• ISE admin certificate must contain ISE IP or FQDN in either CN or SAN.
• DNA-C system certificate must contain DNAC IP or FQDN in either subject
name or SAN.
• pxGrid node should be reachable on eth0 IP of ISE from DNA-C.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
AAA Server - ISE Integration
Add ISE in
EasyQoS DNA-C
Step3d - Trust and Verify
Shared secret
between ISE and
devices for TACACS
or Radius

FQDN from ISE


deployment

Policy Preview

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
AAA Server - (Non-ISE) Integration
Key Points:
• Non-ISE server definition:
• ISE running 2.2 or below
• ACS or any third-party AAA Server
• Only automate RADIUS/TACACS
configuration for network devices
• Require to add network devices to AAA
clients manually.
• Can have multiples non-ISE AAA servers

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Network Settings

AAA Settings
TACACS
Policy Service
Node
Policy Admin
Node

RADIUS

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Demo - Network Hierarchy and Network
Settings
What did we do so far ?

Planned the Sites & Hierarchy

Extracted Common/Standard across Wired and Wireless to


be self managed

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Design Business
Intent for Wireless

Plan Design Network Design


Business Provision
Services
Intent
Traditionally ..
HA Configuration

Interfaces Configuration for Enterprise and Guest

Radius & AAA Servers

SSID - Authentication, QoS

WLC Advanced : Local Profiling, Client DHCP, Local/Flex Connect

Manage AP Groups- RF Profiles (DCA Settings, RRM),WLAN Interface

Associate AP to AP Groups

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Problem with this approach
Need to manually manage the mapping of AP to AP
Groups

Need to manually map SSID’s to AP Groups

Increased Complexity and Error prone

Similar issue for AP Configuration

No Repeatability for Future growth

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Network Deployment using Profiles

A Single Profile Site B


can be mapped to Small Sites - Small Profile
multiple sites with Site A Medium Sites - Medium Profile
multiple devices Site C
Large Sites - Large Profile

Site D
WAN/Internet
Site I

Campus Core

Site H
Site E Site F Site G

Typical Customer Network


#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Network Deployment using Profile
• Plan for the network
Network deployment
Before • Feature and Capabilities to be
Design enabled based on requirements
• Topology for network
deployment

• PnP Based Day 0 Deployment


Deployment During • Version management of Profile
Standardization for Day 2 Change Management

Profile Based Deployment


• Configuration Compliance
Network After
Validation against Profile
Compliance • Remediation of Configuration to
Golden Configuration

Simplified Network Integrated IT


Configuration Consistency
Deployment #CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates.Process
All rights reserved. Flows
Cisco Public 59
Contents of a Wireless Profile

Services
• SSID
• Guest Network 70%-80% of the WLC
• RF Profiles Config or more
• Deployment mode

Services
(Intent)
Named Capabilities
• Clean Air
• 11k
• 11v
Advanced 20%-30% of the
Capabilities WLC Config or less
CLI Templates
• Customized Features
• Cisco Best Practice Out of the
box

BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Wireless Network Profile - Composition View

System Generated Configuration by


Cisco DNA Center UI Orchestration
CLI Templates
• Network Settings

• Device Credentials

Network Settings • Wireless Settings

User Defined Configuration


Device Credentials
• CLI Templates
Wireless Settings

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Wireless Profile - Design Workflow

Assign
Define
Define Define Create CLI Wireless
Create Wireless
Network Wireless Templates Network
Sites Network
Settings Settings (Optional) Profile to
Profile
Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Design- Wireless Settings

SSIDs
Based on best practices

Wireless Interfaces
Map dynamic interface
to VLAN

RF Profiles
Based on best Practices

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Design- Define Wireless Settings
Create Sites

Define Network
Settings

Define Wireless
3
Settings
Create
Create Templates Enterprise
(Optional)
Wireless SSID
Define Wireless
Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Design- Wireless Settings
Supported in Cisco DNAC 1.3
Advanced Parameters in SSID

§ 802.11r - Over the DS


§ Session Timeout
§ Client Exclusion
§ MFP Client Protection
§ 802.11k
§ 802.11v

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Design - Define Wireless Settings
Create Sites
Create
Define Network
Wireless
Settings Interfaces

Define Wireless
3
Settings

Create Templates
(Optional)

Define Wireless
Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Design - Define Wireless Settings
Create Sites

Define Network
Settings

Define Wireless
3
Settings

Create RF
Create Templates
(Optional) Profile

Define Wireless
Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Design - Create Templates

Create Sites

Define Network
Settings

Create Project
Define Wireless
Settings
and Template in
“Template Editor”
Create Templates
4
(Optional)

Define Wireless
Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Design - Create Templates

Create Sites
• Cool programming-like template view for copy/paste and editing.
• Template engine is based on Apache Velocity engine.
Define Network • Use “$” sign to define variable.
Settings

Define Wireless Define


Settings
Variables
Create Templates variable
4
(Optional)

Define Wireless
Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Design - Create Templates
Form View
Create Sites
• Define detailed info of variable in “Input Form” view.
• Default value of variable will auto populate for user during provisioning.

Define Network
Settings

Define Wireless
Settings

Create Templates
4
(Optional)

Define Wireless
Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Design - Create Templates

Create Sites

Define Network Save &


Settings
Commit
Define Wireless
Settings

4 Create Templates • Save


(Optional)
• Writable version of template on Cisco DNA Center
• Can not be used for provisioning
Define Wireless
Network Profile
• Commit
• Once committed, it becomes read-only
Assign Wireless
Network Profile to Sites
• Can commit multiple times to create multiple versions of template
• Only latest commit version can be used for provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Design - Define Wireless Network Profile
Create Sites

Define Network
Settings

Define Wireless
Settings

Create Templates
(Optional)

Define Wireless
5 Network Profile

Assign Wireless
Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Design - Assign Wireless Network Profile to Sites
Create Sites

Define Network
Settings

Define Wireless
Settings

Create Day-N
Templates (Optional)

Define Wireless
Network Profile

Assign Wireless
6 Network Profile to Sites

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
What did we do so far ?

Planned the Sites & Hierarchy

Extracted Common/Standard across Wired and Wireless to


be self managed

Captured the business intent within a Network Profile

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Demo – Design
1. Create Wireless Profile with Enterprise SSID
2. Assign Wireless Profile to Site
Provision

Plan Design Network Design


Business Provision
Services
Intent
Provision Workflows

APs Discover
Discover Provision
Cisco DNAC Provision APs
WLC WLC to Site
via PnP

WLC Provisioning AP Provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Provision - Discover WLC
1 Discover WLC For C9800 Wireless Controller, minimum configuration
required for successful discovery and management on
Cisco DNA Center are as below:

Provision WLC to
• SSH and NETCONF are enabled
Site
• CLI Login Credentials
• Wireless Management Interface
APs Discover
Cisco DNA
Center via PnP

Provision APs to
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Provision - Discover WLC

1 Discover WLC Ensure NETCONF


is enabled

Provision WLC to
Site

APs Discover
Cisco DNA
Center via PnP

Provision APs to
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Provision - Discover WLC

The following configuration is added to Cat9800 after


1 Discover WLC
discovery:
• Install multiple certificates:
• Cisco DNA Center device certificate issuing ca, sd-network-infra-iwan
Provision WLC to • Enroll device certificate of Cat9800 to sdn-network-infra-iwan
Site • Cisco DNA Center server certificate and its issuing ca certificate
• Cisco smart licensing agent root CA
APs Discover • Generate self-signed certificate named “ewlc-tp1” for AP joining
Cisco DNA Center
via PnP • SNMP credentials
• DNS Server
SSH/HTTP source interface from management SVI/IP
Provision APs to •

Site • Enable network assurance telemetry

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Provision - N+1 HA WLCs
Supported HA Deployment Models:
• 1:1 HA from 1.1 release.
• N+1 from 1.3 release.

Challenges in N+1 HA Deployment Models :


• Ensure primary and secondary WLCs’ configuration in sync.

• Ensure APs are provisioned with correct primary and secondary WLCs.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Provision - N+1 HA WLCs
§ The same wireless profile is applied to both primary and secondary WLCs.
§ “Secondary Managed AP Locations” concept is introduced during WLC provision in
1.3.
§ WLC that assigned to be sites with “Secondary Managed AP Locations” acts as
secondary WLC for all APs on that site.
§ Can not provision secondary WLC to a site if there is no primary WLC assigned to it.
§ Claiming APs to a site will provision APs with primary and secondary WLC
automatically.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Provision - Provision WLC to Site
Discover WLC

Primary
WLC
2
Provision WLC to
Site

APs Discover Locations should be


the same
Cisco DNA
Center via PnP
Secondary
Provision APs to WLC
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Provision - Provision WLC to Site
Discover WLC

2
Provision WLC to
Site

APs Discover
Cisco DNA
Center via PnP

Provision APs to
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Behind the Scenes …

Global Settings • AAA Configuration

• SSID creation
WLAN Creation • Dynamic Interface creation
• QoS for Voice/Data
QoS Settings • AVC
• Fastlane

Security • Enterprise/Personal/None

Profiling • WLC Local Profiling

RF Profiles • Creation of RF Profiles

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Provision - Provision WLC to Site On C9800 Wireless Controller

• Country Code
• WLAN and Policy Profiles
• Network Settings:
TACACS, Radius, SNMP,
Syslog, DHCP, DNS, NTP
and etc.

wlan profile name and policy


profile name are the same

Note that wlan index is 17.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Provision - Provision WLC to Site
On C9800 Wireless Controller

WLAN
Profile

wlan profile name and policy


profile name are the same

Policy
Profile

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Behind the Scenes ….
Common Network Settings

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Behind the Scenes ….
Common Network Settings

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Behind the Scenes ….
Common Network Settings

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Behind the Scenes ….
Dynamic Interfaces & WLAN Creation

WLAN/SSID Creation :
Profile name =
<Site Name_SSID_unique#>

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Behind the Scenes ….
WLAN Parameters

§ SSID Creation

§ Automatic association of
Dynamic Interfaces to
WLAN

§ Broadcast SSID

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Behind the Scenes ….
WLAN Parameters - Security Policy

§ WPA2 Enterprise :
WPA2 Policy Enabled + WPA2 Encryption
(AES) + Dot1x enabled

§ WPA2 Personal :
WPA2 Policy Enabled + WPA2 Encryption
(AES) + PSK

§ Open :
Layer 2 Security = None

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Behind the Scenes ..
WLAN Parameters - QoS

§ During SSID Creation :

Voice & Data Platinum QoS

Data Silver QoS

§ Automatically enable
AVC for that WLAN

§ Enable Fastlane if
selected

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Behind the Scenes ….
WLAN Parameters - Advanced

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Behind the Scenes ….
RF Profiles

Custom RF Profiles are created

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Provision - Provision WLC to Site
On ISE
Discover WLC

Provision WLC
2 to Site

Cisco DNA Center add WLC into


APs Discover ISE as network device
automatically for Radius and
DNA-C via PnP
TACACS via ERS API.

Provision APs
to Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Summary of attributes applied by DNAC
Enterprise Personal Open Guest-External Guest-ISE
AVC Enabled Enabled Enabled Disabled Disabled
Allow AAA Override Enabled Disabled Disabled Enabled Enabled
Coverage Hole Detection Enabled Enabled Enabled Enabled Enabled
Session Timeout 1800 Disabled Disabled Disabled Disabled
Client Exclusion Enabled Enabled Enabled Enabled Enabled
11ac MU-MIMO Enabled Enabled Enabled Enabled Enabled
11k Neighbor List Enabled Enabled Enabled Enabled Enabled
11k Dual Band Neighbor List Disabled Disabled Disabled Disabled Disabled
MFP Client Protection Optional Optional Optional Optional Optional
NAC State None None None None ISE NAC

Local Client Profiling Enabled Enabled Enabled Enabled Enabled


11v Enabled Enabled Enabled Enabled Enabled

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Demo- WLC Provisioning
What did we do so far ?

Planned the Sites & Hierarchy

Extracted Common/Standard across Wired and Wireless to


be self managed

Captured the business intent within a Network Profile

Converting Business Intent to Network Policy - WLC


Provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Provision Workflows

APs Discover
Discover Provision Provision
Cisco DNAC
WLC WLC to Site APs
via PnP

WLC Provisioning AP Provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Provision Workflow - AP
Option - 1 Option - 2
Import a CSV with the AP
Onboard AP - Plug & Play S/N, AP Name, Location, RF
Profile

Claim AP to Site AP gets automatically claimed


and provisioned

Provision AP

More Control on AP Pre-Provisioning/Planned


Provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Provision Workflow - AP PnP Discovery
Cisco
DNAC IP Cisco DNA Center
Option 43
5A1D;B2;K4;I192.168.139.151;J80

Policy Automation Analytics


DHCP
Server PnP Server
P
HTT
1D ia co e
c t v Cis c om
H e ll A be AC
di CP
sc onn sta ot C d DN
ov ex C d in ro a n o
er ch an AC Ps Cisc
SSL
T
Ci ang 2 DN T n
sc e t o H d” o
o h
DN to itc aime
AC S w cl
3 “ Un

AP

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
PnP Server Discovery Options
Routers
DHCP with option 43 (ASR, ISR)
1
PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server

Wireless
Automated

Access Points
DNS lookup
2
pnpserver.localdomain resolves to DNA Center IP Address
Switches
(Catalyst®)

3 Redirect
Cloud re-direction https://devicehelper.cisco.com/device-helper
Cisco hosted cloud, re-directs to on-prem DNA Center IP Address

USB-based bootstrapping*
4 router-confg/router.cfg/ciscortr.cfg Manual discovery
not supported for
Manual

Access Points

Manual - using the Cisco® Installer App**


5 iPhone, iPad, Android

*Supported on Cat 9K only for switches


* *DNA Center Support in Roadmap
#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
How did the APs find their WLC ?
San Jose - Building 1 Floor 1 AP’s

SJC-WLC-1 RTP - Building 1 Floor 1,2 AP’s

Site : San Jose

Managed AP AP’s Floor


Locations Information
(Eg : SJC-B1- (Eg : SJC-B1- Claim AP PnP with
F1) F1) DNS/
DHCP-
Option 43

WLC Provisioning AP Provisioning


#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Provision- Provision APs to Site

Option -1
Discover WLC

Provision WLC to
Site

APs Discover Cisco


3
DNAC via PnP

Provision APs to
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Provision- Provision APs to Site

Discover WLC What will be provisioned? Option -1

• On APs (via PnP):


• AP Hostname
Provision WLC to
Site • Primary and Secondary WLCs’ Hostnames
• Primary and Secondary WLCs’ IPs
• Policy, Site and RF Tags if WLC is C9800s

APs Discover Cisco


DNAC via PnP
• On C9800 WLC (via NETCONF and CLI):
• Create RF Profile if applicable
• Create Wireless Flex Profile if applicable
Provision APs to
4
Site • Create Policy, Site and RF tags
• Assign AP mode with corresponding policy, site and RF tags

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Provision- Provision APs to Site

Discover WLC Option -1

Provision WLC to
AP is configured as FlexConnect AP if
Site any SSID in the site profile is enabled
with “FlexConnect Local Switching”.

APs Discover Cisco


DNAC via PnP APs must be
assigned to
floor level.

Provision APs to
4
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Provision- Provision APs to Site

Discover WLC Option -1

Provision WLC to
Site

APs Discover Cisco


DNAC via PnP

RF profile is used to
generate RF Tag and
Provision APs to
4 associate it to AP.
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Provision- Provision APs to Site

Discover WLC Option -1

Provision WLC to
Site

APs Discover Cisco


DNAC via PnP

Provision APs to
4
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Provision- Provision APs to Site
Sample AP Console Log

Discover WLC

Provision WLC to
Site

APs Discover Cisco


DNAC via PnP

Provision APs to
4
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Provision- Provision APs to Site
On C9800 Wireless Controller

Discover WLC

Provision WLC to
Site

APs Discover Cisco


DNAC via PnP

Provision APs to
4
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Provision- Provision APs to Site

Discover WLC
ON C9800 Wireless Controller

Provision WLC to Site Tag


Site
Policy Tag

APs Discover Cisco


DNAC via PnP
RF Tag

Provision APs to
4
Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Provision Workflow - AP’s Option -1

Discover WLC

AP is configured as FlexConnect AP if any


APs must be SSID in the site profile is enabled with
Provision WLC assigned to “FlexConnect Local Switching”.
to Site floor level.

APs Discover RF profile is used to


DNA-C via PnP generate AP group.

Provision APs
AP’s get associated to the
to Site WLC and move to the
DNAC Inventory

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Provision Workflow - AP’s Option -1

Discover WLC

Provision WLC
to Site

APs Discover
DNA-C via PnP

Provision APs
to Site

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Behind the Scenes …
AP Groups Creation

§ AP Groups are created by default : <Site-Name>_<RF Profile Name>_Unique ID

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Behind the Scenes …
SSID’s Mapping

§ SSID automatically assigned to AP Groups


§ SSID’s mapped to the Interface

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Behind the Scenes …
RF Profiles

RF Profiles are automatically assigned to AP Groups

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Option - 2 : Bulk AP Deployment
1 Import APs

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Option - 2 : Bulk AP Deployment
2 Prepare AP Bulk Import CSV and Upload

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Option - 2 : Bulk AP Deployment

Status: Import APs vs. Actively


Connected APs
#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Option - 2 : Bulk AP Deployment
3 Auto Claim APs when they contact Cisco DNA Center via PnP

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Demo - AP Provisioning
• Network Profiles are mapped to Sites and
Site becomes the glue for Automation

Provisioning • Configuration Standardization & Compliance


using Network Profiles
• Automated Policy, Site and RF tags creation
Summary for AP Onboarding.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
What did we do so far ?
Planned the Sites & Hierarchy

Extracted Common/Standard across Wired and Wireless to be


self managed

Captured the business intent within a Network Profile

Converting Business Intent to Network Policy - WLC


Provisioning

Converting Business Intent to Network Policy - AP Provisioning


#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Day 2 Changes
Configuration
Changes
Changes with Network Settings & Credentials

• Single place to change


the credentials and
Network settings for the
sites
• During the device
provision, these
changes will be
configured

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
?
Network Profile Lifecycle
1
UPDATE
PROFILE (v1) PROFILE (v2)

Mismatch
with Profile
2

3
Compliance mismatch
of v1 and v2

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Wireless Profile - Day 2 Changes

V1 of the
Profile

New SSID V2 of the


Profile

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
IRCM for Guest Anchoring
User Case:

Inter-Release Controller Mobility (IRCM) is critical for mobility roaming and guest
anchoring. With introduction of C9800 IOS-XE WLC, Cisco DNA Center can simplify
both green-field deployment and integration with AireOS WLC, starting guest
anchoring support from 1.3 release.
Foreign Anchor Cisco DNA Center Support

C9800 IOS-XE WLC C9800 IOS-XE WLC Yes from 1.3

C9800 IOS-XE WLC AireOS WLC Yes from 1.3


AireOS WLC AireOS WLC Yes from 1.2
AireOS WLC C9800 IOS-XE WLC No

Note that it requires AireOS WLC release 8.8.111.0 or above.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
IRCM for Guest Anchoring
Key Points
• Only one wireless profile required for both Foreign and Anchor WLCs

• In wireless profile, there is at least one SSID required to be specified as guest anchoring

• For Foreign WLC, Cisco DNA Center provision all SSIDs in the profile

• For Anchor WLC, Cisco DNA Center will deploy only guest anchor SSID in profile based
on matching ”Manage AP Location” for Foreign and Anchor WLCs

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
IRCM for Guest Anchoring
Workflow

Design Provision
Provision
Design Guest Provision Anchor
SSID Foreign WLC
WLC

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Day 2- IRCM Guest Anchoring
Design Guest SSID C9800s as both
Foreign and Anchor

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Day 2- IRCM Guest Anchoring
Provision Foreign WLC(s) C9800s as both
Foreign and Anchor

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Day 2- IRCM Guest Anchoring
Provision Foreign WLC(s) C9800s as both
Foreign and Anchor

It will remain “disabled” until anchor


WLC is also provisioned with this SSID.

What else in WLAN?


• Webauth Parameter Map
• Authentication List
• Preauthentication ACL

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Day 2- IRCM Guest Anchoring
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor

Select at least one


matching “Manage AP
Location” as foreign WLC

Wireless interface
created on anchor WLC

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
Day 2- IRCM Guest Anchoring
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor
Note that only guest SSID
will be created on anchor
WLC

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
Day 2- IRCM Guest Anchoring
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor

Why?
• Enable guest WLAN and
create anchor configuration
on foreign WLC
• Create guest WLAN and
anchor configuration
• Create mobility peers on
both foreign and anchor
WLCs

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Day 2- IRCM Guest Anchoring
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor

On Anchor
What else in WLAN?
• Webauth Parameter Map
• Authentication List
• Preauthentication ACL

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
Day 2- IRCM Guest Anchoring
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor

Policy profile is same


as WLAN profile.

On Anchor

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Day 2- IRCM Guest Anchoring
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor
Foreign C9800 WLC is
required to have matching
WLAN profile and policy
profile names as anchor
when C9800 is anchor. it is enabled now.

On Foreign
Anchor to Anchor
C9800

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Day 2- IRCM Guest Anchoring
Provision Mobility Peers C9800s as both
Foreign and Anchor

On Anchor
Foreign WLCs

On Foreign
Anchor WLC

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
Demo- Day 2
Implement Foreign and Anchor Guest Solution
Deployment
Models
Same Workflows for different Wireless Branch
Deployments

Configure
Centralized
From a web FlexSetConnect
up Mobility Express
Operate Catalyst 9800
browser or Cisco Controller Next Gen Wireless
Eliminate the need
Ease of Deployment
wireless app, useand Functionality Stack
for a Controller at
management
the setup wizard Embedded in the
every Site
to enable multiple Access Point
APs
simultaneously

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Flex-Based
Deployment
Flex Deployment
Design Network Design Business
Plan
Services Intent

During the Profile


Creation, an SSID
can be Centralized
vs Flex Connect

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
Behind the Scenes ..

WLC Provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
Behind the Scenes ..
• Unique Flex Group name is generated based on
site names with random number at the end.
• WLAN to VLAN mappings are created.

AP Provisioning
AP Provisioning

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
Intent Based
Software Updates
Core Principles of Software
Upgrade with DNA Center
1 2 3

Intent based Network Upgrades Seamless Upgrades Reduce Downtime


with Patching

Standardization of Software by Pre/Post check validations Upgrade only what is


Network device role, device with rollback provide needed with minimal to
type and location confidence for upgrades zero downtime

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Software Upgrade Process
Request
Software
Update
Identify
Close CR Golden
Image

Post Select
Deploy Devices
Validations

Activate Create
Software CR

DNA Center
NMS Software

Distribute Approve
Software CR

PreCheck
Validations
#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
N+1 rolling AP upgrades: Zero client downtime
during image upgrades
Unified management
with Cisco DNA Center Key highlights
Policy Automation Assurance

ü Automated group creation


N+1 Cisco® Catalyst® with Radio Resource
9800 Series Wireless Management for
Controllers N+1 rolling AP upgrades

ü No more manual
intervention to create
groups in Cisco Prime®
Infrastructure

ü Manage all your software


Wave 1 and Wave 2 updates and upgrades
access points through Cisco DNA Center

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
AP
N+1 Rolling AP Upgrade
Wireless Controller image upgrade using N+1 staging Controller
Trigger Rolling Upgrade

X
Version : X+1 Mobility Group Version: X+1

Primary 1. Device auto selects candidate APs Upgraded N+1


based on selected % and RRM AP
Neighbor Map

2. Upgrade process kicks-in


• Image download to Primary
Wireless Controller
• Image pre-download to APs
• Selective redirect of clients using
11v
• APs moved to N+1 Wireless
Controller in rolling manner
• Primary Wireless Controller Reboot
• APs moved back to Primary
Wireless Controller (optional)

3. Monitor progress on the Device


#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Neighbor Marking

N=4 Neighbor APs N=8 Neighbor APs N=24 Neighbor APs

User selects % of APs to upgrade in one go [5, 15, 25]


For 25%, Neighbors marked = 6 [Expected number of iterations ~ 5]
For 15%, Neighbors marked = 12 [Expected number of iterations ~ 12]
For 5%, Neighbors marked = 24 [Expected number of iterations ~ 22]
Client Steering

• Clients steered from candidate


APs to non-candidate APs
• 802.11v BSS Transition
Request
802.11v
• Dissociation imminent
• If clients do not honor this, they will be de-
authenticated before AP reload

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center - Software Update Workflow

Custom Python Custom Python


Pre-Check Post-Check
scripts scripts

System
Define Golden Pre-Check
Identifies Software Post Upgrade
Image by Validation for
Devices not in Upgrade Validation
Device Family Disk/Memory
compliance

Stop Upgrade Rollback to


older version

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
Demo
§ Software Images are mapped to Sites
§ Extremely simplified upgrade process
§ Upgrade with Confidence - Integrate with
YOUR Pre-Check/Post-Check scripts
Provisioning § Closed Loop Automation for Software
Images Upgrades

Summary

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
DNA Center as a
Platform
The Journey to Intent-based Networking
Increased
IT Agility

Platforms

rm Systems
tf o
Pla
pen nt er
O Ce Products
DNA t ure
co uc
C is r as tr
d Inf
-b ase
t e nt
In

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Platform Capabilities – APIs, Adapters & SDKs
Intent APIs
IT and Network
Assurance Network Inventory /
System Process • •
Discovery /Tagging
• Path Trace
• SDA
ITSM • Command Runner
• Topology
• Template
IPAM Programmer • Plug-n-Play
Reporting • NFV Provisioning • Software Image
Management
• Wireless
(SWIM)
Provisioning

X-Domain Integration

3rd Party SDKs Networking

Map 3rd Party Network Devices to Data Model


Level 1 Operations support:
Discovery, Inventory, Topology, Availability, Command Runner

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing Cisco DNA Center Platform

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
Introduction Cisco DNA Center Platform

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
Intent APIs
Network APIs Business APIs
• Network Level - Features based API • Intent Based API for network operations

• Consistent model for feature across all • Network capabilities abstraction


devices types
• API’s aligned with business constructs
• All UI capabilities of Cisco DNA Center
available via the API • Custom Business API from an
aggregation of network APIs
• Example: SWIM workflow
• Example: SWIM Workflow
• Check validations for new software image
• Perform clean up • Single API – define golden image for
device family and get compliance of
• Copy software
all devices to the golden image
• Activate new software
• Perform post deployment check

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
Example of Business Intent API: Create SSID

Ø Create Dynamic Interface


Ø Create SSID
Ø Create Wireless Network Profile
Ø Create SSID Business API
Ø Associate device physical location
Ø Associate managed AP locations
Ø Provision WLC

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
API Catalog

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
API Usability

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 179
Cisco DevNet and DNA Center
developer.cisco.com

#CiscoLiveLA Session ID © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 180
DNACaaP
ITSM Integration
Streamlining IT Processes
Before After

IT and IT and
Network How do I correlate all this
Network
data – and take the correct
Systems actions?
Systems Let’s code the interactions and
reap the results
ITSM
IT and network
IPAM Human
operations
middleware
orchestrator
Reporting
ITSM
Alerts,
telemetry, IPAM
CLI, scripts
Reporting

Infrastructure Infrastructure

From “human middleware”


#CiscoLiveLA
to “IT orchestrator”
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 182
Integration Adapters with Cisco DNA Center

ITSM

Domain API’s

IT Ecosystem
Standardized
Cisco DNA
Center IPAM

Platform
Direct Integration Reporting

Available Today: ITSM(Service Now), IPAM (Infoblox, Bluecat) and Reporting (Tableau)

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 183
DNA Automation / Assurance driven events or
issues translate into ITSM events

• An ITSM Event can spawn off


an alert or an incident or a
change.

• You as a customer choose


what it does.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 184
ITSM Event spawns off a problem depending on
impact and user defined criteria

• An ITSM Event resulted in a problem


record for a specific device.

• The problem record has all the


information about the device – current
image, recommended image, impact
to neighborhood topology
#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
ITSM Incident or Change Request gets updated
with relevant analysis from DNA-C
• Cisco DNA Tab gets enriched with the
relevant context for an ITSM leader to
resolve issues faster.
• This enrichment can be based on user,
device, application context.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
Key Takeaways
Key Takeaways
• Intent Based Workflows that are WLC Architecture Agnostic

• “Network Profiles” for easier network wide config and compliance

• DNA Center has tight integration with Identity Service Engine (ISE)

• “Business Profiles” for SSID and related configs deployment

• Use Plug and Play for faster and better WLC and AP on-boarding

• Use DNAC Automation for Guest and Guest Anchor deployments

• Software Management can be faster and more reliable with DNAC

• Extend DNAC Automation capabilities through it’s APIs & DevNet


#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• All surveys can be taken:
– Cisco Live Mobile App
– Logging in to the Session Catalog:
https://reg.rainfocus.com/flow/cisco/cllatam19/adash/
page/dashboard

Cisco Live sessions will be available for viewing


on demand after the event at ciscolive.cisco.com.

#CiscoLiveLA BRKEWN-2026 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKEWN-2026


by the speaker until November 1st , 2019.

#CiscoLiveLA © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
Thank you

#CiscoLiveLA
#CiscoLiveLA

You might also like