Cisco Catalyst 9800-80 Wireless Controller for Cloud
next generation of enterprise-class wireless controllers for cloud
Get a Quote!
Cisco Catalyst 9800-80 Wireless Controller:
Built from the ground-up for the Intent-based networking and Cisco DNA, Cisco Catalyst 9800 Series Wireless Controllers are Cisco IOS® XE based and integrate the RF excellence of Cisco Aironet® access points creating the best-in-class wireless experience for your evolving and growing organization. The Cisco Catalyst 9800 Series Wireless Controllers are built on an open and programmable architecture with built-in security, streaming telemetry and rich analytics.
The Cisco Catalyst 9800 Series Wireless Controllers are built on the three pillars of network excellence— always on, secure, and deployed anywhere— which strengthen the network by providing the best wireless experience without compromise, while saving time and money.
The Cisco® Catalyst® 9800-CL is the next generation of enterprise-class wireless controllers for cloud, with seamless software updates for distributed branches and midsize campuses to large enterprises and service providers.
The Cisco Catalyst 9800-CLController is feature rich and enterprise ready to power your business-critical operations and transform end-customer experiences:
- High availability and seamless software updates, enabled by hot patching, keep your clients and services always on in planned and unplanned events.
- Secure air, devices, and users with the Cisco Catalyst 9800-CL. Wireless infrastructure becomes the strongest first line of defense with Cisco Encrypted Traffic Analytics (ETA) and Software-Defined Access (SD-Access). The controller comes with built-in security: runtime defenses, image signing and integrity verification.
- Deploy anywhere to enable wireless connectivity everywhere. Whether in a public or private cloud, the Cisco Catalyst 9800-CL best meets your organization’s needs.
- Built on a modular operating system, the 9800-80 features open and programmable APIs that enable automation of day-0 to day-N network operations. Model-driven streaming telemetry provides deep insights into the health of your network and clients.
Cisco Catalyst 9800-CL for Private Cloud
Cisco Catalyst 9800-CL for private cloud
- Multiple scale templates (small, medium, and large)
- VMware ESXi, KVM, and Cisco NFVIS (on ENCS) supported
- Supports centralized, Cisco FlexConnect®, and fabric (SD-Access) deployment
- Multiple scale options with a single deployment package to best meet your organization’s needs.
- Small: Designed for distributed branches and small campuses supporting up to 1000 Access Points (APs) and 10,000 clients
- Medium: Designed for medium-sized campuses supporting up to 3000 APs and 32,000 clients
- Large: Designed for large enterprises and service providers supporting up to 6000 APs and 64,000 clients
- Supports up to 1.5 Gbps of throughput in a centralized wireless deployment
- One deployment package for all the scale templates. Pick the deployment size when you instantiate the Virtual Machine (VM)
- An intuitive bootstrap wizard is available during the VM instantiation to boot the wireless controller with recommended parameters
- Optimize your branch by deploying the 9800-CL as a virtual machine on the Cisco 5000 Series Enterprise Network Compute System (ENCS) running Cisco NFVIS
Cisco Catalyst 9800-CL for Public Cloud
Cisco Catalyst 9800-CL for public cloud
- IaaS solutionsavailable in the AWS Marketplace
- Supported only with managed VPN
- Cisco FlexConnect central authentication and local switching
- Available on AWS GovCloud
- Cisco Catalyst 9800-CL is available in the AWS Marketplace.
- Supports up to 3000 access points and 32,000 clients.
- The 9800-CL should be instantiated within a Virtual Private Cloud (VPC).
- A VPN tunnel has to be established from the customer site to AWS to enable communication between the Cisco access point and 9800-CL wireless controller.
- Deploy a wireless controller instance in AWS using cloud-formation templates provided by Cisco (recommended) or by manually using the EC2 console.
|Maximum number of access points||Up to 6000|
|Maximum number of clients||64,000|
|Maximum throughput||Up to 1.5 Gbps|
|Deployment modes||Centralized, Cisco FlexConnect, and Fabric Wireless (SD-Access)|
|License||Smart License enabled/td>|
|Operating system||Cisco IOS XE Software|
|Management||Cisco DNA Center 1.2.8, Cisco Prime® Infrastructure 3.5, integrated WebUI, and third party (open standards APIs)|
|Interoperability||AireOS-based controllers with 8.8 MR2, 8.5 MR4, and 8.5 MR3 special|
|Policy engine||Cisco Identity Services Engine (ISE) 2.2, 2.3, and 2.4|
|Cisco Connected Mobile Experiences (CMX)||CMX 10.5.1|
|Access points||Aironet 802.11ac Wave 1 and Wave 2 access points|
Seamless software updates enable faster resolution of critical issues, introduction of new access points with zero downtime, and flexible software upgrades. Stateful switchover (SSO) with 1:1 active standby and N+1 redundancy keeps your network, services, and clients always on, even in unplanned events.
Secure air, devices, and users with the Cisco Catalyst 9800-CL. Wireless infrastructure becomes the strongest first line of defense with ETA and SD-Access. The controllers come with built-in security: runtime defenses, image signing and integrity verification.
Whether in a public or private cloud, the Cisco Catalyst 9800-CL wireless controllers can be deployed anywhere for wireless everywhere. The 9800-CL meets the needs of your branch and campus network deployments.
Open and programmable
The controller is built on the Cisco IOS XE operating system, which offers a rich set of open standards-based programmable APIs and model-driven telemetry that provide an easy way to automate day-0 to day-N network operations.
|Metric||Private Cloud||Public Cloud|
|Deployment modes supported||Centralized, Cisco FlexConnect, Fabric(SD-Access)||Centralized, Cisco FlexConnect, Fabric (SD-Access)||Centralized, Cisco FlexConnect, Fabric (SD-Access)||Cisco FlexConnect (local switching only)||Cisco FlexConnect (local switching only)|
|RAM required (GB)||8||16||32||8||16|
|Hypervisors and cloud providers supported||ESXi 6.0/6.5, KVM, NFVIS||ESXi 6.0/6.5, KVM, NFVIS||ESXi 6.0/6.5, KVM, NFVIS||AWS||AWS|
|Maximum number of access points||1000||3000||6000||1000||3000|
|Maximum number of clients||10,000||32,000||64,000||10,000||32,000|
|Maximum throughput||1.5 Gbps||1.5 Gbps||1.5 Gbps||(All traffic will be locally switched)||(All traffic will be locally switched)|
|Maximum site tags||1000||3000||6000||1000||3000|
|Maximum APs per site||100||100||100||100||100|
|Maximum policy tags||1000||3000||6000||1000||3000|
|Maximum RF tags||1000||3000||6000||1000||3000|
|Maximum RF profiles||2000||6000||12000||2000||6000|
|Maximum policy profiles||1000||1000||1000||1000||1000|
|Maximum Flex profiles||1000||3000||6000||1000||3000|
|vNIC adapters||ESXi: VXNET3, E1000E, E1000
|ESXi: VXNET3, E1000E, E1000
|ESXi: VXNET3, E1000E, E1000
|Virtual switch||ESXi: vSwitch
KVM: OVS Linux Bridge(brctl)
KVM: OVS Linux Bridge(brctl)
KVM: OVS Linux Bridge(brctl)
|High availability||SSO, N+1||SSO, N+1||SSO, N+1||N+1||—|
|Cisco DNA support||Automation, Assurance||Automation, Assurance||Automation, Assurance||—||—|
|Client IPv6 support||Yes||Yes||Yes||Yes||—|
|Infrastructure IPv6 support||Yes||Yes||Yes||Yes||—|
Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various mechanisms that bring about network automation are outlined below, based on a device lifecycle.
- Automated device provisioning: This is the ability to automate the process of upgrading software images and installing configuration files on Cisco access points when they are being deployed in the network for the first time. Cisco provides turnkey solutions such as Plug and Play (PnP) that enable an effortless and automated deployment.
- API-driven configuration: Modern wireless controllers such as the Cisco Catalyst 9800-40 Wireless Controller support a wide range of automation features and provide robust open APIs over Network Configuration Protocol (NETCONF) using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources.
- Granular visibility: Model-driven telemetry provides a mechanism to stream data from a wireless controller to a destination. The data to be streamed is driven through subscription to a data set in a YANG model. The subscribed data set is streamed out to the destination at configured intervals. Additionally, Cisco IOS XE enables the push model, which provides near-real-time monitoring of the network, leading to quick detection and rectification of failures.
- Seamless software upgrades and patching: To enhance OS resilience, Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support allows customers to add patches without having to wait for the next maintenance release.
- High availability: Stateful switchover with a 1:1 active standby and N+1 redundancy keeps your network, services, and clients always on, even in unplanned events.
- Software Maintenance Upgrades (SMUs) withhot and cold patching: Patching allows for a patch to be installed as a bug fix without bringing down the entire network and eliminates the need to requalify an entire software image.The SMU is a package that can be installed on a system to provide a patch fix or security resolution to a released image. SMUs allow you to address the network issue quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates the SMU compatibility and does not allow you to install incompatible SMUs. All SMUs are integrated into the subsequent Cisco IOS XE Software maintenance releases.
- Intelligent rolling access point upgrades and seamless multisite upgrades: The Cisco Catalyst 9800-40 Wireless Controller comes equipped with intelligent rolling access point upgrades to simplify network operations. Multisite upgrades can now be done in stages, and access points can be upgraded intelligently without restarting the entire network.
- Encrypted Traffic Analytics (ETA): ETA is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is being encrypted, the visibility this feature provides related to threat detection is critical for keeping your network secure at different layers.
- Trustworthy systems: Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. With the Cisco Catalyst 9800-40, these trustworthy systems help assure hardware and software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks on software and firmware. Trust Anchor capabilities include:
- Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software are authentic and unmodified. As the system boots, its software signatures are checked for integrity.
- Flexible NetFlow (FNF): Cisco IOSFNF is the next generation in flow visibility technology, allowing optimization of the network infrastructure, reducing operating costs, and improving capacity planning and security incident detection with increased flexibility and scalability.
Application Visibility and Control
- Next-Generation Network Based Application Recognition (NBAR2): NBAR2 enables advanced application classification techniques, with up to 1400 predefined and well-known application signatures and up to 150 encrypted applications on the Cisco Catalyst 9800-40. Some of the most popular applications included are Skype, Office 365, Microsoft Lync, Cisco Webex®, and Facebook. Many others are already predefined and easy to configure. NBAR2 provides the network administrator with an important tool to identify, control, and monitor end-user application usage while helping ensure a quality user experience and securing the network from malicious attacks. It uses FNF to report application performance and activities within the network to any supported NetFlow collector, such as Cisco Prime, Stealthwatch®, or any compliant third-party tool.
Quality of Service
- Superior Quality of Service (QoS): QoS technologies are tools and techniques for managing network resources and are considered the key enabling technologies for the transparent convergence of voice, video, and data networks. QoS on the Cisco Catalyst 9800-40 consists of classification of traffic based on packet data as well as application recognition and traffic control actions such as drop, marking and policing. A modular QoS command-line framework provides consistent platform-independent and flexible configuration behavior. The 9800-40 also supports policies at two levels of target: BSSID as well as client. Policy assignment can be granular down to the client level.
- WebUI: WebUI is an embedded GUI-based device-management tool that provides the ability to provision the device, simplify device deployment and manageability, and enhance the user experience. WebUI comes with the default image. There is no need to enable anything or install any license on the device. You can use WebUI to build a day-0 and day-1 configuration and from then on monitor and troubleshoot the device without having to know how to use the CLI.
|Wireless standards||IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11k, 802.11r, 802.11u, 802.11w, 802.11ac Wave1 and Wave2|
|Wired, switching, and routing standards||IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q VLAN taggin, 802.1AX Link Aggregation|
|Authentication, Authorization, and Accounting (AAA) standards||
The Cisco Catalyst 9800 Series Wireless Controllers require mandatory Smart Licensing. This provides ease of use for Cisco DNA license management, consumption, and tracking.
No licenses are required to boot up a Cisco Catalyst 9800 Series Wireless Controller. However, in order to connect any access points to the controller, Cisco DNA licenses are required. Every access point connecting to Catalyst 9800 requires a Cisco DNA subscription license to be entitled to connect to the controller.
The APs connecting to Catalyst 9800 has a new and simplified licensing package.
They can support 3 types of Cisco DNA license: Cisco DNA Essentials, Cisco DNA Advantage and Cisco DNA Premier: The Cisco DNA licenses provide Cisco innovations on the AP. The Cisco DNA license also includes the Network Essentials and Network Advantage licensing options whichcover wireless fundamentals such as 802.1x authentication, QoS, PnP etc, telemetry and visibility, SSO, as well as security controls. These Network essentials and Network advantage components are perpetual and is valid till the life of the AP. Cisco DNA subscription licenses have to be purchased for a 3-, 5-, or 7-year subscription term. However. upon expiry of Cisco DNA license, Cisco DNA features will expire, whereas network essentials and network advantage features will remain.
Features included in the Network Advantage and Network Essentials packages
|Features||Network Essentials||Network Advantage|
|Internet of Things (IoT) optimized
Identity pre-shared keys (PSK), enhanced device profilers
Federal Information Processing Standards (FIPS), CC, UCAPL, USGV6
|Telemetry and visibility
|High availability and resiliency (advanced)
|Flexible Network Segmentation
Features included in the Cisco DNA Advantage and Cisco DNA Essentials packages
|Features||Cisco DNA Essentials||Cisco DNA Advantage/Premier|
Plug and Play, network site design and device provisioning
Image management, network topology and discovery, AVC
Health dashboard (network, client, and application), AP floor map and coverage map, predefined reports
Basic wireless IPS
Location Plug and Play
Automated ISE integration for guest
3rd party API integration
|Assurance and Analytics
Apple iOS Insights
Proactive issue Detection
App 360, AP 360, Client 360 and WLC 360
|Enhanced security and IoT
Encrypted Traffic Analytics, Advanced WIPS
EasyQoS configuration, EasyQoS monitoring, Policy based Automation
Patch Lifecycle Management
Two modes of licensing are available:
- SL: Smart Licensing simplifies and adds flexibility to licensing. It is:
- Simple: Procure, deploy, and manage licenses easily. Devices self-register, removing the need for Product Activation Keys (PAKs).
- Flexible: Pool license entitlements in a single account. Move licenses freely through the network, wherever you need them.
- Smart: Manage your license deployments with real-time visibility of ownership and consumption.
- SLR mode
- Specific License Reservation (SLR) is a feature used in highly secure networks. It provides a method for customers to deploy a software license on a device (Product Instance) without communicating usage information to Cisco. There will be no communication with Cisco or a satellite. The licenses will be reserved for every controller. It will be node-based licensing.
Four levels of license are supported on the Cisco Catalyst 9800 Series Wireless Controllers. The controllers can be configured to function at any one of the four levels.
- Cisco DNA Essential: At this level the Cisco DNA Essentials features set will be supported.
- Cisco DNA Advantage: At this level the Cisco DNA Advantage feature set will be supported.
- NE: At this level the Network Essentials feature set will be supported.
- NA: At this level the Network Advantage feature set will be supported.
- For customers who purchase Cisco DNA Essentials, Network Essentials will be supported and will continue to function even after term expiration. And for customers who purchase Cisco DNA Advantage, Network Advantage will be supported and will continue to function even after term expiration.
- Initial bootup of the controller will be at the Cisco DNA Advantage level.
Download the Cisco Catalyst 9800-CL Wireless Controller for Cloud Datasheet (PDF).
- Pricing and product availability subject to change without notice.
Get a Quote!