Cisco Catalyst 9800-80 Wireless Controller for Cloud
next generation of enterprise-class wireless controllers for cloud
Get a Quote!
Cisco Catalyst 9800-80 Wireless Controller:
Built from the ground-up for the intent-based network and Cisco DNA, Cisco Catalyst 9800 Series Wireless Controllers are Cisco IOS XE based and integrate the RF excellence of Cisco Aironet access points, creating a best-in-class wireless experience for your evolving and growing organization. The 9800 Series is built on an open and programmable architecture with built-in security, streaming telemetry, and rich analytics.
The Cisco Catalyst 9800 Series Wireless Controllers are built on the three pillars of network excellence -always on, secure, and deployed anywhere - which strengthen the network by providing the best wireless experience without compromise, while saving time and money.
The Cisco Catalyst 9800-CL is the next generation of enterprise-class wireless controllers for cloud, with seamless software updates for distributed branches and midsize campuses to large enterprises and service providers.
The Cisco Catalyst 9800-CL controller is feature rich and enterprise ready to power your business-critical operations and transform end-customer experiences:
- High availability and seamless software updates, enabled by hot and cold patching, keep your clients and services always on in planned and unplanned events.
- Secure air, devices, and users with the Cisco Catalyst 9800-CL. Wireless infrastructure becomes the strongest first line of defense with Cisco Encrypted Traffic Analytics (ETA) and Software-Defined Access (SD-Access). The controller comes with built-in security: runtime defenses, image signing and integrity verification.
- Deploy anywhere to enable wireless connectivity everywhere. Whether in a public or private cloud, the Cisco Catalyst 9800-CL best meets your organization’s needs.
- Built on a modular operating system, the 9800-CL features open and programmable APIs that enable automation of day-0 to day-N network operations. Model-driven streaming telemetry provides deep insights into the health of your network and clients.
- Cisco User Defined Network, a feature available in Cisco DNA Center, allows IT to give end users control of their very own wireless network partition on a shared network. End users can then remotely and securely deploy their devices on this network. Perfect for university dormitories or extended hospital stays, Cisco User Defined Network grants both device security and control, allowing each user to choose who can connect to their network.
- The Wi-Fi 6 readiness dashboard is a new dashboard in the Assurance menu of Cisco DNA Center. It will look through the inventory of all devices on the network and verify device, software, and client compatibility with the new Wi-Fi 6 standard. After upgrading, advanced wireless analytics will indicate performance and capacity gains as a result of the Wi-Fi 6 deployment. This is an incredible tool that will help your team define where and how the wireless network should be upgraded. It will also give you insights into the access point distribution by protocol (802.11 ac/n/abg), wireless airtime efficiency by protocol, and granular performance metrics.
- With Cisco In Service Software Upgrade (ISSU), network downtime during a software update or upgrade is a thing of the past. ISSU is a complete image upgrade and update while the network is still running. The software image—or patch—is pushed onto the wireless controller while traffic forwarding continues uninterrupted. All access point and client sessions are retained during the upgrade process. With just a click, your network automatically upgrades to the newest software.
Cisco Catalyst 9800-CL for Private Cloud
Cisco Catalyst 9800-CL for private cloud
- VMware ESXi, KVM, Hyper-V, and Cisco NFVIS (on ENCS) supported
- Supports centralized, Cisco FlexConnect, mesh, and fabric (SD-Access) deployment modes
- Multiple scale and throughput* profiles with a single deployment package to best meet your organization’s needs
- Small (low / high throughput): Designed for distributed branches and small campuses supporting up to 1000 Access Points (APs) and 10,000 clients
- Medium (low / high throughput): Designed for medium-sized campuses supporting up to 3000 APs and 32,000 clients
- Large (low / high throughput): Designed for large enterprises and service providers supporting up to 6000 APs and 64,000 clients
- One deployment package for all the scale templates. Pick the deployment size and the throughput profile when you instantiate the Virtual Machine (VM)
- Supports up to 2.1 Gbps of throughput in a centralized wireless deployment (low-throughput profile without SR-IOV)
- With a high (enhanced) throughput profile, up to 5 Gbps can be reached on ESXi and KVM with the right set of network cards and resources (SR-IOV-enabled NIC card)
- An intuitive bootstrap wizard is available during the VM instantiation to boot the wireless controller with recommended parameters
- Optimize your branch by deploying the 9800-CL as a virtual machine on the Cisco 5000 Series Enterprise Network Compute System (ENCS) running Cisco NFVIS
Cisco Catalyst 9800-CL for Public Cloud
Cisco Catalyst 9800-CL for public cloud
- Cisco Catalyst 9800-CL is available as an Infrastructure-as-a-Service (IaaS) solution on the Amazon Web Services (AWS) and Google Cloud Platform (GCP) Marketplaces
- Supported only with managed VPN deployment mode:
- The 9800-CL should be instantiated within a Virtual Private Cloud (VPC)
- A VPN tunnel has to be established from the customer site to AWS or GCP to enable communication between the Cisco access point and 9800-CL wireless controller
- Cisco FlexConnect central authentication and local switching
- Available on AWS GovCloud
- Supports up to 6000 access points and 64,000 clients
- Deploy a wireless controller instance in AWS using cloud-formation templates provided by Cisco (recommended) or by manually using the EC2 console
- Deploy a wireless controller in GCP using the guided workflow in the marketplace
|Maximum number of access points||Up to 6000|
|Maximum number of clients||64,000|
|Maximum throughput (low profile without SR-IOV)*||2.1 Gbps|
|Maximum throughput (high profile with SR-IOV)**||5 Gbps|
|Deployment modes||Centralized, Cisco FlexConnect, and Fabric Wireless (SD-Access)|
|License||Smart License enabled|
|Operating system||Cisco IOS XE Software|
|Management||Cisco DNA Center, Cisco Prime Infrastructure, integrated WebUI, and third party (open standards APIs)|
|Policy engine||Cisco Identity Services Engine|
|Location platform||Cisco Connected Mobile Experiences (CMX), Cisco DNA Spaces|
|Access points||Aironet 802.11ac Wave 1 and Wave 2, Cisco Catalyst 9100 802.11ax access points|
* For traffic with large (1374 bytes) packet size
** A high-throughput profile is supported on ESXi and KVM hypervisors only. Throughput numbers are with SR-IOV-enabled NICs.
Seamless software updates enable faster resolution of critical issues, introduction of new access points with zero downtime, and flexible software upgrades. Stateful switchover (SSO) with 1:1 active standby and N+1 redundancy keeps your network, services, and clients always on, even in unplanned events.
Secure air, devices, and users with the Cisco Catalyst 9800-CL. Wireless infrastructure becomes the strongest first line of defense with ETA and SD-Access. The controllers come with built-in security: runtime defenses, image signing, and integrity verification. Cisco Advanced Wireless Intrusion Prevention System (awIPS) is a complete wireless security solution that uses the Cisco Unified Access® infrastructure to detect, locate, mitigate, and contain wired and wireless rogues and threats.
Whether in a public or private cloud, the Cisco Catalyst 9800-CL wireless controllers can be deployed anywhere for wireless everywhere. The 9800-CL meets the needs of your branch and campus network deployments.
Open and programmable
The controller is built on the Cisco IOS XE operating system, which offers a rich set of open standards-based programmable APIs and model-driven telemetry that provide an easy way to automate day-0 to day-N network operations.
|Metric||Private Cloud||Public Cloud|
|Deployment modes supported||Centralized, Cisco FlexConnect, Fabric(SD-Access)||Centralized, Cisco FlexConnect, Fabric (SD-Access)||Centralized, Cisco FlexConnect, Fabric (SD-Access)||Cisco FlexConnect (local switching only)||Cisco FlexConnect (local switching only)||Cisco FlexConnect (local switching only)|
(Hyperthreading is not supported)
|4 – low throughput
7 – high throughput
|6 – low throughput
9 – high throughput
|10 – low throughput
13 – high throughput
|Preferred mode for high throughput*||SR-IOV||SR-IOV||SR-IOV||All traffic will be locally switched||All traffic will be locally switched||All traffic will be locally switched|
|NIC needed for SR-IOV||Intel x710 / Cisco Intel x710 adapter||Intel x710 / Cisco Intel x710 adapter||Intel x710 / Cisco Intel x710 adapter||All traffic will be locally switched||All traffic will be locally switched||All traffic will be locally switched|
|Drivers needed for SR-IOV||ESXi – i40en
KVM – i40e
|ESXi – i40en
KVM – i40e
|ESXi – i40en
KVM – i40e
|All traffic will be locally switched||All traffic will be locally switched||All traffic will be locally switched|
|RAM required (GB)||8||16||32||8||16||32|
|Recommended hard disk space (GB)||16||16||16||16||16||16|
|Hypervisors and cloud providers supported||ESXi 6.0/6.5/6.7, KVM, Hyper-V, NFVIS||ESXi 6.0/6.5/6.7, KVM, Hyper-V, NFVIS||ESXi 6.0/6.5/6.7, KVM, Hyper-V, NFVIS||AWS, GCP||AWS, GCP||AWS, GCP|
|Maximum number of access points||1000||3000||6000||1000||3000||6000|
|Maximum number of clients||10,000||32,000||64,000||10,000||32,000||64,000|
|Maximum throughput (low profile without SR-IOV)||2.1 Gbps||2.1 Gbps||2.1 Gbps||All traffic will be locally switched||All traffic will be locally switched||All traffic will be locally switched|
|Maximum throughput (high profile with SR-IOV)||5 Gbps||5 Gbps||5 Gbps||All traffic will be locally switched||All traffic will be locally switched||All traffic will be locally switched|
|Maximum site tags||1000||3000||6000||1000||3000||6000|
|Maximum APs per site||100||100||100||100||100||100|
|Maximum policy tags||1000||3000||6000||1000||3000||6000|
|Maximum RF tags||1000||3000||6000||1000||3000||6000|
|Maximum RF profiles||2000||6000||12000||2000||6000||12,000|
|Maximum policy profiles||1000||1000||1000||1000||1000||1000|
|Maximum Flex profiles||1000||3000||6000||1000||3000||6000|
|vNIC adapters||ESXi: VXNET3, E1000E, E1000
|ESXi: VXNET3, E1000E, E1000
|ESXi: VXNET3, E1000E, E1000
|Virtual switch||ESXi: vSwitch
KVM: OVS Linux Bridge(brctl)
KVM: OVS Linux Bridge(brctl)
KVM: OVS Linux Bridge(brctl)
|VMware Distributed Resource Scheduler****||Yes||Yes||Yes||—||—||—|
|VMware NIC Teaming****||Yes||Yes||Yes||—||—||—|
|Hyper-V NIC Teaming||Yes||Yes||Yes||—||—||—|
|High availability||SSO, N+1||SSO, N+1||SSO, N+1||N+1||N+1||N+1|
|Cisco DNA support||Automation, Assurance||Automation, Assurance||Automation, Assurance||—||—||—|
|Rogue detection / aWIPS||Yes||Yes||Yes||Yes||Yes||Yes|
|Client IPv6 support||Yes||Yes||Yes||Yes||Yes||Yes|
|Infrastructure IPv6 support||Yes||Yes||Yes||Yes||Yes||Yes|
* A high-throughput profile is supported on ESXi and KVM hypervisors only.
**For traffic with large (1374 bytes) packet size
***Cloning from snapshots is not supported
****vMotion, DRS, Snapshots, and vNIC Teaming not supported when SR-IOV mode is enabled.
Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various mechanisms that bring about network automation are outlined below, based on a device lifecycle.
- Automated device provisioning: This is the ability to automate the process of upgrading software images and installing configuration files on Cisco access points when they are being deployed in the network for the first time. Cisco provides turnkey solutions such as Plug and Play (PnP) that enable an effortless and automated deployment.
- API-driven configuration: Modern wireless controllers such as the Cisco Catalyst 9800-40 Wireless Controller support a wide range of automation features and provide robust open APIs over Network Configuration Protocol (NETCONF) using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision network resources.
- Granular visibility: Model-driven telemetry provides a mechanism to stream data from a wireless controller to a destination. The data to be streamed is driven through subscription to a data set in a YANG model. The subscribed data set is streamed out to the destination at configured intervals. Additionally, Cisco IOS XE enables the push model, which provides near-real-time monitoring of the network, leading to quick detection and rectification of failures.
- Seamless software upgrades and patching: To enhance OS resilience, Cisco IOS XE supports patching, which provides fixes for critical bugs and security vulnerabilities between regular maintenance releases. This support allows customers to add patches without having to wait for the next maintenance release.
- High availability: Stateful switchover with a 1:1 active standby and N+1 redundancy keeps your network, services, and clients always on, even in unplanned events.
- Software Maintenance Upgrades (SMUs) withhot and cold patching: Patching allows for a patch to be installed as a bug fix without bringing down the entire network and eliminates the need to requalify an entire software image.The SMU is a package that can be installed on a system to provide a patch fix or security resolution to a released image. SMUs allow you to address the network issue quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates the SMU compatibility and does not allow you to install incompatible SMUs. All SMUs are integrated into the subsequent Cisco IOS XE Software maintenance releases.
- Intelligent rolling access point upgrades and seamless multisite upgrades: The Cisco Catalyst 9800-CL Wireless Controller for Cloud comes equipped with intelligent rolling access point upgrades to simplify network operations. Multisite upgrades can now be done in stages, and access points can be upgraded intelligently without restarting the entire network.
- Standby monitoring of Cisco Catalyst 9800 Wireless Controllers in High-Availability (HA) mode: This enables monitoring of the health of the system on a standby controller in a HA pair using programmatic interfaces (NETCONF/YANG, RESTCONF) and CLIs without going through the active controller. For more details refer to technical documentation .
- In-Service Software Upgrade (ISSU): ISSU is a complete image upgrade/update with zero downtime while the network is still on. The software image or a patch is pushed onto the wireless controller while traffic forwarding continues uninterrupted. All AP/client sessions are retained during the upgrade process.
- Encrypted Traffic Analytics (ETA): ETA is a unique capability for identifying malware in encrypted traffic coming from the access layer. Since more and more traffic is being encrypted, the visibility this feature provides related to threat detection is critical for keeping your network secure at different layers. This feature is supported on private cloud deployments only.
- Cisco Wireless Intrusion Prevention System (WIPS): WIPS offers advanced network security to detect, locate, mitigate, and contain any intrusion and threat on your wireless network. It can monitor and detect wireless network anomalies, unauthorized access, and RF attacks. A new dedicated classification engine for rogue and aWIPS built on Cisco DNA Center. A fully integrated stack for WIPS solution includes Cisco DNA Center, Cisco Catalyst 9800 controller, Wave2, and Catalyst 9100 Access Points. This new architecture provides improved detection and security, simplicity and ease of use, and a reduction in false-positive alarms.
- Trustworthy systems: Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. With the Cisco Catalyst 9800-CL, these trustworthy systems help assure software authenticity for supply chain trust and strong mitigation against man-in-the-middle attacks on software and firmware. Trust Anchor capabilities include:
- Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software are authentic and unmodified. As the system boots, its software signatures are checked for integrity.
- Flexible NetFlow (FNF): Cisco IOSFNF is the next generation in flow visibility technology, allowing optimization of the network infrastructure, reducing operating costs, and improving capacity planning and security incident detection with increased flexibility and scalability.
Application Visibility and Control
- Next-Generation Network Based Application Recognition (NBAR2): NBAR2 enables advanced application classification techniques, with up to 1400 predefined and well-known application signatures and up to 150 encrypted applications on the Cisco Catalyst 9800-CL. Some of the most popular applications included are Skype, Office 365, Microsoft Lync, Cisco Webex®, and Facebook. Many others are already predefined and easy to configure. NBAR2 provides the network administrator with an important tool to identify, control, and monitor end-user application usage while helping ensure a quality user experience and securing the network from malicious attacks. It uses FNF to report application performance and activities within the network to any supported NetFlow collector, such as Cisco Prime, Stealthwatch®, or any compliant third-party tool.
Quality of Service
- Superior Quality of Service (QoS): QoS technologies are tools and techniques for managing network resources and are considered the key enabling technologies for the transparent convergence of voice, video, and data networks. QoS on the Cisco Catalyst 9800-CL consists of classification of traffic based on packet data as well as application recognition and traffic control actions such as dropping, marking and policing. A modular QoS command-line framework provides consistent platform-independent and flexible configuration behavior. The 9800-CL, also, supports policies at two levels of target: BSSID as well as client. Policy assignment can be granular down to the client level.
- WebUI: WebUI is an embedded GUI-based device-management tool that provides the ability to provision the device, simplify device deployment and manageability, and enhance the user experience. WebUI comes with the default image. There is no need to enable anything or install any license on the device. You can use WebUI to build a day-0 and day-1 configuration and from then on monitor and troubleshoot the device without having to know how to use the CLI.
|Wireless standards||IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11k, 802.11r, 802.11u, 802.11w, 802.11ac Wave1 and Wave2, 802.11ax|
|Wired, switching, and routing standards||IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q VLAN taggin, 802.1AX Link Aggregation|
|Authentication, Authorization, and Accounting (AAA) standards||
No licenses are required to boot up a Cisco Catalyst 9800 Series Wireless Controller. However, in order to connect any access points to the controller, Cisco DNA software subscriptions are required. To be entitled to connect to a Cisco Catalyst 9800 Series controller, each access point requires a Cisco DNA subscription license.
They can support 3 types of Cisco DNA license: Cisco DNA Essentials, Cisco DNA Advantage and Cisco DNA Premier:
Determining license requirements for access points connecting to Cisco Catalyst 9800 Series Wireless Controllers
As connecting to Cisco Catalyst 9800 Series controllers have new and simplified software subscription packages.
They can support three tiers of Cisco DNA software: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier.
Cisco DNA software subscriptions provide Cisco innovations on the AP. They also include perpetual Network Essentials and Network Advantage licensing options, which cover wireless fundamentals such as 802.1X authentication, QoS, and PnP; telemetry and visibility; and single-sign-on, as well as security controls.
Cisco DNA subscription software has to be purchased for a 3-, 5-, or 7-year subscription term. Upon expiration of the subscription, the Cisco DNA features will expire, whereas the Network Essentials and Network Advantage features will remain.
Two modes of licensing are available:
- Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more convenient way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure- you control what users can access. With Smart Licensing you get:
- Easy Activation: Smart licensing establishes a pool of software licenses that can be used across the entire organization-no more PAKs (Product Activation Keys).
- Unified Management: My Cisco Entitlements (MCE) provides a complete view into all of your Cisco Products and services in an easy-to-use portal, so you always know what you have and what you are using.
- License Flexibility: Your software is not node-locked to your hardware, so you can easily use and tranfer licenses as needed.
- Specific License Reservation (SLR) is a feature used in highly secure networks. It provides a method for customers to deploy a software license on a device (product instance) without communicating usage information to Cisco. There is no communication with Cisco or a satellite. The licenses are reserved for every controller. It is node-based licensing.
Four levels of license are supported on the Cisco Catalyst 9800 Series Wireless Controllers. The controllers can be configured to function at any one of the four levels.
- Cisco DNA Essentials: At this level the Cisco DNA Essentials feature set will be supported.
- Cisco DNA Advantage: At this level the Cisco DNA Advantage feature set will be supported.
- NE: At this level the Network Essentials feature set will be supported.
- NA: At this level the Network Advantage feature set will be supported.
Cisco DNA Premier is a bundle with ISE licenses and Cisco DNA Spaces Advantage. It is inclusive of Cisco DNA Advantage, so at this level the Cisco DNA Advantage feature set will be supported. For customers who purchase Cisco DNA Essentials, Network Essentials will be supported and will continue to function even after term expiration. And for customers who purchase Cisco DNA Advantage or Cisco DNA Premier, Network Advantage will be supported and will continue to function even after term expiration.
Initial bootup of the controller will be at the Cisco DNA Advantage level.
Managing licenses with Smart Accounts
Creating Smart Accounts by using the Cisco Smart Software Manager (SSM) enables you to order devices and licensing packages and also manage your software licenses from a centralized website. You can set up the Smart Account to receive daily email alerts and to be notified of expiring add-on licenses that you want to renew. A Smart Account is mandatory for Cisco Catalyst 9800 Series controllers.
Download the Cisco Catalyst 9800-CL Wireless Controller for Cloud Datasheet (PDF).
- Pricing and product availability subject to change without notice.
Get a Quote!