Skip to main content
Cisco Meraki Documentation

Cloud Monitoring for Catalyst Wireless Requirements

Cloud Monitoring for Catalyst Wireless is a Meraki Dashboard Early Access Feature. Before you can add your wireless controller to dashboard you have to Opt-in to Cloud Monitoring for Catalyst Wireless. Go to Organization > Early access to enable. 

Supported wireless controllers

Cloud Monitoring for Catalyst Wireless supports the following wireless controller models:

  • C9800-L-C

  • C9800-L-F

  • C9800-40

  • C9800-80

Supported access points

Cloud Monitoring for Catalyst Wireless supports the following access point models when joined to a supported C9800 wireless controller:

Wi-Fi 6E:

  • Cisco Catalyst 9136 Series

  • Cisco Catalyst 9166 Series (including 9166D1)

  • Cisco Catalyst 9164 Series

  • Cisco Catalyst 9163 Series

  • Cisco Catalyst 9162 Series

Wi-Fi 6:

  • Cisco Catalyst 9130 Series

  • Cisco Catalyst 9124 Series

  • Cisco Catalyst 9120 Series

  • Cisco Catalyst 9117 Series

  • Cisco Catalyst 9115 Series

  • Cisco Catalyst 9105 Series

11ac Wave 2:

  • 4800 Series access points

  • 3800 Series access points

  • 2800 Series access points

Supported IOS XE Software

The C9800 wireless controller must be running an IOS XE software release that supports the Meraki Tunnel. Cloud Monitoring for Catalyst Wireless is supported on the following IOS XE releases:

  • 17.12.3

  • 17.15.1 and Later

Licensing

Cloud Monitoring for Catalyst Wireless requires Cisco DNA Software license. Access points require a Cisco DNA Essentials or Advantage license and the Catalyst 9800 wireless controllers license level addon enabled for DNA Essentials or Advantage. Dashboard Client traffic analytics powered IOS XE AVC is available only with a Cisco DNA Advantage license.

Wireless Controller Dashboard Scale

Currently only one wireless controller (or HA-SSO pair) can be added to a Network. Multiple wireless controllers in a Network will be supported in the future

When C9800 wireless controllers running IOS XE 17.12.3 / 17.15.1 or later are connected to the dashboard, the monitoring feature of the dashboard supports a maximum number of concurrently connected access points and clients at the following scales:

Model

Number of access points

Number of clients

C9800-L (F or C)

250

3,000

C9800-40

1,300

10,000

C9800-80

2,000

20,000

If any wireless controller model exceeds 2,000 access points joined, dashboard will stop collecting telemetry data until the access point joined count is lowered to under 2,000. An alert will be logged for the wireless controller if dashboard is unable to continue to collect telemetry data.

Increased scale for all C9800 wireless controller appliances may be available in future IOS XE releases.

Cloud Connectivity

In order to connect and monitor a C9800 wireless controller with dashboard, it must be able to communicate with the Cisco Meraki cloud over a secure tunnel.  Because the dashboard is located on the public internet, the tunnel is always initiated outbound from the C9800 wireless controller and any upstream firewalls or access controls must permit wireless controllers and access points to access dashboard IP addresses. Once a connection is established, the wireless controller maintains the connection by occasionally sending packets and receiving a response. 

In addition to permitting wireless controllers to access dashboard IP addresses, access points must also be permitted outbound through the firewall so they can be registered with the dashboard. After an access point completes its registration, it will no longer contact dashboard access point registration.

When a firewall or gateway exists in the data path between the wireless controller, access points and dashboard, Cisco Meraki cloud IP addresses and ports must be permitted outbound through the firewall for the secure tunnel to function. 

Access points only communicate with dashboard to register.

 

Destination IP

Port

Protocol

209.206.48.0/20

443

TCP

216.157.128.0/20

443

TCP

158.115.128.0/19

443

TCP

AVC Enablement for Traffic Analytics (WebUI + CLI)

In order for Traffic Analytics data to display in Dashboard, the Application Visibility must be enabled on the C9800 wireless controller. Client traffic analytics powered IOS XE AVC is available only with a Cisco DNA Advantage license.

In the wireless controller web interface, navigate to Configuration > Services > Application Visibility:

Enable AVC in Cisco DNA for Catalyst AP

Select Configured Profiles and apply application visibility on them and enable local collector (external collector not required for dashboard to display traffic analytics).

Dashboard requires an additional Profile configuration that is NOT configured by the WebUI and must be done with the command line.

Wireless profile policy must be SHUTDOWN before adding the following commands. Clients connected to SSIDs using this Policy Profile will be disconnected when the Policy is shutdown.

 

wireless profile policy <Your Policy Profile Name>

 ip nbar protocol-discovery

 

Enable NBAR protocol-discovery on other Policy Profiles as needed. 

 

AVC Enablement for Traffic Analytics (CLI Only)

To enable Application Visibility first configure a local destination flow exporter:

flow exporter wireless-local-exporter

 destination local wlc

Next, configure two flow monitors, one for IPv4 and one for IPv6 records.

flow monitor wireless-avc-basic

 exporter wireless-local-exporter

 cache timeout active 60

 record wireless avc basic

 

flow monitor wireless-avc-basic-ipv6

 exporter wireless-local-exporter

 cache timeout active 60

 record wireless avc ipv6 basic

Wireless profile policy must be SHUTDOWN before adding the following commands. Clients connected to SSIDs using this Policy Profile will be disconnected when the Policy is shutdown.

wireless profile policy <Your Policy Profile Name>

 shut

 ip nbar protocol-discovery

 ipv4 flow monitor wireless-avc-basic input

 ipv4 flow monitor wireless-avc-basic output

 ipv6 flow monitor wireless-avc-basic-ipv6 input

 ipv6 flow monitor wireless-avc-basic-ipv6 output

 no shut

Enable these commands on other Policy Profiles as needed. 

Device Classification Enablement (Web UI)

In order for Device type and OS data for clients to display in Dashboard, the Device Classification must be enabled on the C9800 wireless controller. 

In the wireless controller web interface, navigate to Configuration > Wireless > Wireless Global:

clipboard_e13ae6d4c020e9a367eb24144ca07b78f.png

Select Device Classification and click Apply.

After enabling device classification globally, enable client profiling can be enabled on  Policy Profiles:

navigate to Configuration > Tags & Profiles > Policy > Edit Policy Profile > Access Polices:

Cisco DNA, enabling client profiling in the access policies.

Select HTTP TLV Caching and DHCP TLV Caching and click Update and Apply to Device.

Dashboard Sizing Best Practices

Please see Meraki Cloud Sizing and Scaling Considerations and Best Practices for recommendations on inventory & per-network device limits

  • Was this article helpful?