Call a Specialist Today! 888-785-4402
Free Shipping! Free Shipping!

Cisco Catalyst 9800-80 Wireless Controller for Cloud
next generation of enterprise-class wireless controllers for cloud

Cisco Catalyst 9800-CL


Cisco Catalyst 9800 Series
Cisco Catalyst 9800-CL Wireless Controller
Cisco Catalyst 9800-CL Wireless Controller
#C9800-CL
Get a Quote!

 

Cisco Catalyst 9800-80 Wireless Controller:

Built from the ground-up for the Intent-based networking and Cisco DNA, Cisco Catalyst 9800 Series Wireless Controllers are Cisco IOS® XE based and integrate the RF excellence of Cisco Aironet® access points creating the best-in-class wireless experience for your evolving and growing organization. The Cisco Catalyst 9800 Series Wireless Controllers are built on an open and programmable architecture with built-in security, streaming telemetry and rich analytics.

The Cisco Catalyst 9800 Series Wireless Controllers are built on the three pillars of network excellence— always on, secure, and deployed anywhere— which strengthen the network by providing the best wireless experience without compromise, while saving time and money.

The Cisco® Catalyst® 9800-CL is the next generation of enterprise-class wireless controllers for cloud, with seamless software updates for distributed branches and midsize campuses to large enterprises and service providers.

The Cisco Catalyst 9800-CLController is feature rich and enterprise ready to power your business-critical operations and transform end-customer experiences:

  • High availability and seamless software updates, enabled by hot patching, keep your clients and services always on in planned and unplanned events.
  • Secure air, devices, and users with the Cisco Catalyst 9800-CL. Wireless infrastructure becomes the strongest first line of defense with Cisco Encrypted Traffic Analytics (ETA) and Software-Defined Access (SD-Access). The controller comes with built-in security: runtime defenses, image signing and integrity verification.
  • Deploy anywhere to enable wireless connectivity everywhere. Whether in a public or private cloud, the Cisco Catalyst 9800-CL best meets your organization’s needs.
  • Built on a modular operating system, the 9800-80 features open and programmable APIs that enable automation of day-0 to day-N network operations. Model-driven streaming telemetry provides deep insights into the health of your network and clients.

Cisco Catalyst 9800-CL for Private Cloud

Cisco Catalyst 9800-CL for private cloudCisco Catalyst 9800-CL for private cloud

Key highlights

  • Multiple scale templates (small, medium, and large)
  • VMware ESXi, KVM, and Cisco NFVIS (on ENCS) supported
  • Supports centralized, Cisco FlexConnect®, and fabric (SD-Access) deployment
  • Multiple scale options with a single deployment package to best meet your organization’s needs.
    • Small: Designed for distributed branches and small campuses supporting up to 1000 Access Points (APs) and 10,000 clients
    • Medium: Designed for medium-sized campuses supporting up to 3000 APs and 32,000 clients
    • Large: Designed for large enterprises and service providers supporting up to 6000 APs and 64,000 clients
  • Supports up to 1.5 Gbps of throughput in a centralized wireless deployment
  • One deployment package for all the scale templates. Pick the deployment size when you instantiate the Virtual Machine (VM)
  • An intuitive bootstrap wizard is available during the VM instantiation to boot the wireless controller with recommended parameters
  • Optimize your branch by deploying the 9800-CL as a virtual machine on the Cisco 5000 Series Enterprise Network Compute System (ENCS) running Cisco NFVIS

Cisco Catalyst 9800-CL for Public Cloud

Cisco Catalyst 9800-CL for public cloudCisco Catalyst 9800-CL for public cloud

Key highlights

  • IaaS solutionsavailable in the AWS Marketplace
  • Supported only with managed VPN
  • Cisco FlexConnect central authentication and local switching
  • Available on AWS GovCloud
  • Cisco Catalyst 9800-CL is available in the AWS Marketplace.
  • Supports up to 3000 access points and 32,000 clients.
  • The 9800-CL should be instantiated within a Virtual Private Cloud (VPC).
  • A VPN tunnel has to be established from the customer site to AWS to enable communication between the Cisco access point and 9800-CL wireless controller.
  • Deploy a wireless controller instance in AWS using cloud-formation templates provided by Cisco (recommended) or by manually using the EC2 console.

Key Features:

Metric Value
Maximum number of access points Up to 6000
Maximum number of clients 64,000
Maximum throughput Up to 1.5 Gbps
Maximum WLANs 4096
Maximum VLANs 4096
Deployment modes Centralized, Cisco FlexConnect, and Fabric Wireless (SD-Access)
License Smart License enabled/td>
Operating system Cisco IOS XE Software
Management Cisco DNA Center 1.2.8, Cisco Prime® Infrastructure 3.5, integrated WebUI, and third party (open standards APIs)
Interoperability AireOS-based controllers with 8.8 MR2, 8.5 MR4, and 8.5 MR3 special
Policy engine Cisco Identity Services Engine (ISE) 2.2, 2.3, and 2.4
Cisco Connected Mobile Experiences (CMX) CMX 10.5.1
Access points Aironet 802.11ac Wave 1 and Wave 2 access points

Always on

Seamless software updates enable faster resolution of critical issues, introduction of new access points with zero downtime, and flexible software upgrades. Stateful switchover (SSO) with 1:1 active standby and N+1 redundancy keeps your network, services, and clients always on, even in unplanned events.

Secure

Secure air, devices, and users with the Cisco Catalyst 9800-CL. Wireless infrastructure becomes the strongest first line of defense with ETA and SD-Access. The controllers come with built-in security: runtime defenses, image signing and integrity verification.

Deploy anywhere

Whether in a public or private cloud, the Cisco Catalyst 9800-CL wireless controllers can be deployed anywhere for wireless everywhere. The 9800-CL meets the needs of your branch and campus network deployments.

Open and programmable

The controller is built on the Cisco IOS XE operating system, which offers a rich set of open standards-based programmable APIs and model-driven telemetry that provide an easy way to automate day-0 to day-N network operations.

Key Specifications

Metric Private Cloud Public Cloud
  Small Medium Large Small Medium
Deployment modes supported Centralized, Cisco FlexConnect, Fabric(SD-Access) Centralized, Cisco FlexConnect, Fabric (SD-Access) Centralized, Cisco FlexConnect, Fabric (SD-Access) Cisco FlexConnect (local switching only) Cisco FlexConnect (local switching only)
vCPUs Required 4 6 10 4 6
RAM required (GB) 8 16 32 8 16
Hypervisors and cloud providers supported ESXi 6.0/6.5, KVM, NFVIS ESXi 6.0/6.5, KVM, NFVIS ESXi 6.0/6.5, KVM, NFVIS AWS AWS
Maximum number of access points 1000 3000 6000 1000 3000
Maximum number of clients 10,000 32,000 64,000 10,000 32,000
Maximum throughput 1.5 Gbps 1.5 Gbps 1.5 Gbps (All traffic will be locally switched) (All traffic will be locally switched)
Maximum WLANs 4096 4096 4096 4096 4096
Maximum VLANs 4096 4096 4096 4096 4096
Maximum site tags 1000 3000 6000 1000 3000
Maximum APs per site 100 100 100 100 100
Maximum policy tags 1000 3000 6000 1000 3000
Maximum RF tags 1000 3000 6000 1000 3000
Maximum RF profiles 2000 6000 12000 2000 6000
Maximum policy profiles 1000 1000 1000 1000 1000
Maximum Flex profiles 1000 3000 6000 1000 3000
vNIC adapters ESXi: VXNET3, E1000E, E1000
KVM: VIRTIO
ESXi: VXNET3, E1000E, E1000
KVM: VIRTIO
ESXi: VXNET3, E1000E, E1000
KVM: VIRTIO
Virtual switch ESXi: vSwitch
KVM: OVS Linux Bridge(brctl)
ESXi: vSwitch
KVM: OVS Linux Bridge(brctl)
ESXi: vSwitch
KVM: OVS Linux Bridge(brctl)
High availability SSO, N+1 SSO, N+1 SSO, N+1 N+1
Cisco DNA support Automation, Assurance Automation, Assurance Automation, Assurance
Guest anchor Yes Yes Yes
Client IPv6 support Yes Yes Yes Yes
Infrastructure IPv6 support Yes Yes Yes Yes

Benefits:

Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various mechanisms that bring about network automation are outlined below, based on a device lifecycle.

  • Automated device provisioning: This is the ability to automate the process of upgrading software images and installing configuration files on Cisco access points when they are being deployed in the network for the first time. Cisco provides turnkey solutions such as Plug and Play (PnP) that enable an effortless and automated deployment.
  • API-driven configuration: Modern wireless controllers such as the Cisco Catalyst 9800-40 Wireless Controller support a wide range of automation features and provide robust open APIs over Network Configuration Protocol (NETCONF) using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources.
  • Granular visibility: Model-driven telemetry provides a mechanism to stream data from a wireless controller to a destination. The data to be streamed is driven through subscription to a data set in a YANG model. The subscribed data set is streamed out to the destination at configured intervals. Additionally, Cisco IOS XE enables the push model, which provides near-real-time monitoring of the network, leading to quick detection and rectification of failures.
  • Seamless software upgrades and patching: To enhance OS resilience, Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support allows customers to add patches without having to wait for the next maintenance release.

Always on

  • High availability: Stateful switchover with a 1:1 active standby and N+1 redundancy keeps your network, services, and clients always on, even in unplanned events.
  • Software Maintenance Upgrades (SMUs) withhot and cold patching: Patching allows for a patch to be installed as a bug fix without bringing down the entire network and eliminates the need to requalify an entire software image.The SMU is a package that can be installed on a system to provide a patch fix or security resolution to a released image. SMUs allow you to address the network issue quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates the SMU compatibility and does not allow you to install incompatible SMUs. All SMUs are integrated into the subsequent Cisco IOS XE Software maintenance releases.
  • Intelligent rolling access point upgrades and seamless multisite upgrades: The Cisco Catalyst 9800-40 Wireless Controller comes equipped with intelligent rolling access point upgrades to simplify network operations. Multisite upgrades can now be done in stages, and access points can be upgraded intelligently without restarting the entire network.

Security

  • Encrypted Traffic Analytics (ETA): ETA is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is being encrypted, the visibility this feature provides related to threat detection is critical for keeping your network secure at different layers.
  • Trustworthy systems: Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. With the Cisco Catalyst 9800-40, these trustworthy systems help assure hardware and software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks on software and firmware. Trust Anchor capabilities include:
    • Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software are authentic and unmodified. As the system boots, its software signatures are checked for integrity.

Flexible NetFlow

  • Flexible NetFlow (FNF): Cisco IOSFNF is the next generation in flow visibility technology, allowing optimization of the network infrastructure, reducing operating costs, and improving capacity planning and security incident detection with increased flexibility and scalability.

Application Visibility and Control

  • Next-Generation Network Based Application Recognition (NBAR2): NBAR2 enables advanced application classification techniques, with up to 1400 predefined and well-known application signatures and up to 150 encrypted applications on the Cisco Catalyst 9800-40. Some of the most popular applications included are Skype, Office 365, Microsoft Lync, Cisco Webex®, and Facebook. Many others are already predefined and easy to configure. NBAR2 provides the network administrator with an important tool to identify, control, and monitor end-user application usage while helping ensure a quality user experience and securing the network from malicious attacks. It uses FNF to report application performance and activities within the network to any supported NetFlow collector, such as Cisco Prime, Stealthwatch®, or any compliant third-party tool.

Quality of Service

  • Superior Quality of Service (QoS): QoS technologies are tools and techniques for managing network resources and are considered the key enabling technologies for the transparent convergence of voice, video, and data networks. QoS on the Cisco Catalyst 9800-40 consists of classification of traffic based on packet data as well as application recognition and traffic control actions such as drop, marking and policing. A modular QoS command-line framework provides consistent platform-independent and flexible configuration behavior. The 9800-40 also supports policies at two levels of target: BSSID as well as client. Policy assignment can be granular down to the client level.

Smart operation

  • WebUI: WebUI is an embedded GUI-based device-management tool that provides the ability to provision the device, simplify device deployment and manageability, and enhance the user experience. WebUI comes with the default image. There is no need to enable anything or install any license on the device. You can use WebUI to build a day-0 and day-1 configuration and from then on monitor and troubleshoot the device without having to know how to use the CLI.

Specifications:

Item Specification
Wireless standards IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11k, 802.11r, 802.11u, 802.11w, 802.11ac Wave1 and Wave2
Wired, switching, and routing standards IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q VLAN taggin, 802.1AX Link Aggregation
Data standards
  • RFC 768 User Datagram Protocol (UDP)
  • RFC 791 IP
  • RFC 2460 IPv6
  • RFC 792 Internet Control Message Protocol (ICMP)
  • RFC 793 TCP
  • RFC 826 Address Resolution Protocol (ARP)
  • RFC 1122 Requirements for Internet Hosts
  • RFC 1519 Classless Interdomain Routing (CIDR)
  • RFC 1542 Bootstrap Protocol (BOOTP)
  • RFC 2131 Dynamic Host Configuration Protocol (DHCP)
  • RFC 5415 Control and Provisioning of Wireless Access Points (CAPWAP) Protocol
  • RFC 5416 CAPWAP Binding for 802.11
Security standards
  • Wi-Fi Protected Access (WPA)
  • IEEE 802.11i (WPA2, RSN)
  • RFC 1321 MD5 Message-Digest Algorithm
  • RFC 1851 Encapsulating Security Payload (ESP) Triple DES (3DES) Transform
  • RFC 2104 HMAC: Keyed-Hashing for Message Authentication
  • RFC 2246 TLS Protocol Version 1.0
  • RFC 3280 Internet X.509 Public Key Infrastructure (PKI) Certificate and Certificate Revocation List (CRL) Profile
  • RFC 4347 Datagram Transport Layer Security (DTLS)
  • RFC 5246 TLS Protocol Version 1.2
Encryption standards
  • Static Wired Equivalent Privacy (WEP) RC4 40, 104 and 128 bits
  • Advanced Encryption Standard (AES): Cipher Block Chaining (CBC), Counter with CBC-MAC (CCM), Counter with CBC Message Authentication Code Protocol (CCMP)
  • Data Encryption Standard (DES): DES-CBC, 3DES
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS): RC4 128-bit and RSA 1024- and 2048-bit
  • DTLS: AES-CBC
  • IPsec: DES-CBC, 3DES, AES-CBC
  • 802.1AE MACsec encryption
Authentication, Authorization, and Accounting (AAA) standards
  • IEEE 802.1X
  • RFC 2548 Microsoft Vendor-Specific RADIUS Attributes
  • RFC 2716 Point-to-Point Protocol (PPP) Extensible Authentication Protocol (EAP)-TLS
  • RFC 2865 RADIUS Authentication
  • RFC 2866 RADIUS Accounting
  • RFC 2867 RADIUS Tunnel Accounting
  • RFC 2869 RADIUS Extensions
  • RFC 3576 Dynamic Authorization Extensions to RADIUS
  • RFC 5176 Dynamic Authorization Extensions to RADIUS
  • RFC 3579 RADIUS Support for EAP
  • RFC 3580 IEEE 802.1X RADIUS Guidelines
  • RFC 3748 Extensible Authentication Protocol (EAP)
  • Web-based authentication
  • TACACS support for management users
Management standards
  • Simple Network Management Protocol (SNMP) v1, v2c, v3
  • RFC 854 Telnet
  • RFC 1155 Management Information for TCP/IP-based Internets
  • RFC 1156 MIB
  • RFC 1157 SNMP
  • RFC 1213 SNMP MIB II
  • RFC 1350 Trivial File Transfer Protocol (TFTP)
  • RFC 1643 Ethernet MIB
  • RFC 2030 Simple Network Time Protocol (SNTP)
  • RFC 2616 HTTP
  • RFC 2665 Ethernet-Like Interface Types MIB
  • RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual Extensions
  • RFC 2819 Remote Monitoring (RMON) MIB
  • RFC 2863 Interfaces Group MIB
  • RFC 3164 Syslog
  • RFC 3414 User-Based Security Model (USM) for SNMPv3
  • RFC 3418 MIB for SNMP
  • RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs
  • RFC 4741 Base NETCONF protocol
  • RFC 4742 NETCONF over SSH
  • RFC 6241 NETCONF
  • RFC 6242 NETCONF over SSH
  • RFC 5277 NETCONF event notifications
  • RFC 5717 Partial Lock Remote Procedure Call
  • RFC 6243 With-Defaults capability for NETCONF
  • RFC 6020 YANG
  • Cisco private MIBs
Management interfaces
  • Web-based: HTTP/HTTPS
  • Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port
  • SNMP
  • NETCONF

Licensing:

The Cisco Catalyst 9800 Series Wireless Controllers require mandatory Smart Licensing. This provides ease of use for Cisco DNA license management, consumption, and tracking.

No licenses are required to boot up a Cisco Catalyst 9800 Series Wireless Controller. However, in order to connect any access points to the controller, Cisco DNA licenses are required. Every access point connecting to Catalyst 9800 requires a Cisco DNA subscription license to be entitled to connect to the controller.

Licensing PackageThe APs connecting to Catalyst 9800 has a new and simplified licensing package.

They can support 3 types of Cisco DNA license: Cisco DNA Essentials, Cisco DNA Advantage and Cisco DNA Premier: The Cisco DNA licenses provide Cisco innovations on the AP. The Cisco DNA license also includes the Network Essentials and Network Advantage licensing options whichcover wireless fundamentals such as 802.1x authentication, QoS, PnP etc, telemetry and visibility, SSO, as well as security controls. These Network essentials and Network advantage components are perpetual and is valid till the life of the AP. Cisco DNA subscription licenses have to be purchased for a 3-, 5-, or 7-year subscription term. However. upon expiry of Cisco DNA license, Cisco DNA features will expire, whereas network essentials and network advantage features will remain.

Features included in the Network Advantage and Network Essentials packages

Features Network Essentials Network Advantage
Essential capabilities
  • 802.1x authentications, Guest access, device onboarding, Infra and client IPv6, ACLs, QoS, Videostream, Smart defaults, RRM, Spectrum intelligence, BLE, Zigbee, USB, TrustSecSXP,SSO, Dynamic QoS, Analytics, ADP, OpenDNS, mDNS, IPSec, Rogue Management and Detection, Mobility
Optimized RF
  • FRA, Client link, ClearAir Advanced, NG-HDX, Predictive/Proactive RRM
Internet of Things (IoT) optimized
Identity pre-shared keys (PSK), enhanced device profilers
DevOPS integration
  • PnP Agent
  • NETCONF, RESTCONF, gNMI,
  • Yang Data Models
  • GuestShell (On-Box Python)
Federal Certifications
Federal Information Processing Standards (FIPS), CC, UCAPL, USGV6
Telemetry and visibility
  • Model-driven Telemetry
  • NETCONF dial-in, gRPC dial out
High availability and resiliency (advanced)
  • ISSU, Process Restart
  • Rolling AP Upgrades,
  • Patching (CLI)
  • AP service pack/AP device pack
Flexible Network Segmentation
  • VXLAN

Features included in the Cisco DNA Advantage and Cisco DNA Essentials packages

Features Cisco DNA Essentials Cisco DNA Advantage/Premier
Base Automation
Plug and Play, network site design and device provisioning
Element management
Image management, network topology and discovery, AVC
Base Assurance
Health dashboard (network, client, and application), AP floor map and coverage map, predefined reports
Telemetry
Flexible NetFlow
Base security
Basic wireless IPS
Advanced Automation
SD-Access
Location Plug and Play
Automated ISE integration for guest
3rd party API integration
Assurance and Analytics
Guided Remediation
Apple iOS Insights
Proactive issue Detection
  • Aironet Active Sensor Tests
  • Intelligent capture
  • Client Location Heatmaps
  • Spectrum Analyzer
Application performance (Packet Loss, Latency and Jitter),
App 360, AP 360, Client 360 and WLC 360
Custom Reports
Enhanced security and IoT
Encrypted Traffic Analytics, Advanced WIPS
Policy-based workflow
EasyQoS configuration, EasyQoS monitoring, Policy based Automation
Element Management
Patch Lifecycle Management

Two modes of licensing are available:

  • SL: Smart Licensing simplifies and adds flexibility to licensing. It is:
    • Simple: Procure, deploy, and manage licenses easily. Devices self-register, removing the need for Product Activation Keys (PAKs).
    • Flexible: Pool license entitlements in a single account. Move licenses freely through the network, wherever you need them.
    • Smart: Manage your license deployments with real-time visibility of ownership and consumption.
  • SLR mode
    • Specific License Reservation (SLR) is a feature used in highly secure networks. It provides a method for customers to deploy a software license on a device (Product Instance) without communicating usage information to Cisco. There will be no communication with Cisco or a satellite. The licenses will be reserved for every controller. It will be node-based licensing.

Four levels of license are supported on the Cisco Catalyst 9800 Series Wireless Controllers. The controllers can be configured to function at any one of the four levels.

  • Cisco DNA Essential: At this level the Cisco DNA Essentials features set will be supported.
  • Cisco DNA Advantage: At this level the Cisco DNA Advantage feature set will be supported.
  • NE: At this level the Network Essentials feature set will be supported.
  • NA: At this level the Network Advantage feature set will be supported.
    • For customers who purchase Cisco DNA Essentials, Network Essentials will be supported and will continue to function even after term expiration. And for customers who purchase Cisco DNA Advantage, Network Advantage will be supported and will continue to function even after term expiration.
    • Initial bootup of the controller will be at the Cisco DNA Advantage level.

Pricing Notes:

Cisco Catalyst 9800 Series
Cisco Catalyst 9800-CL Wireless Controller
Cisco Catalyst 9800-CL Wireless Controller
#C9800-CL
Get a Quote!