Adding Catalyst 9800 Wireless Controller and Access Points to Dashboard

Wireless Controller Prerequisites

Before the wireless controller can be onboarded in the dashboard, the Meraki Tunnel Service must be enabled.

Connecting Catalyst 9800 Wireless Controller to Dashboard

After the Meraki Tunnel has been established, the dashboard will check the wireless controller configuration to ensure the controller can be provisioned with the necessary dashboard configurations.

The username and password provided to the dashboard when adding the wireless controller to a Network must have privilege 15 access OR the wireless controller enable password must also be provided.
The wireless controller must use AAA New-model for device access control. This mode allows the dashboard to securely access the wireless controller.

aaa new-model

The wireless controller must have 4 unused consecutive VTY slots. These VTY lines will be provisioned and secured for only the dashboard to access the Controller on these lines.
The following SSH encryption algorithms are supported by dashbaord: aes128-gcm@openssh.com, aes256-gcm@openssh.com. aes128-ctr, aes192-ctr, and aes256-ctr.

IPv6 is used inside the Meraki Tunnel for the dashboard to access the wireless controller.

Dashboard Prerequisites

Currently only one wireless controller (or HA-SSO pair) can be added to a Network. Multiple wireless controllers in a Network will be supported in the future.

If you do not have a dashboard Account and Organization, follow the instructions in the Creating a dashboard Account and Organization guide https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Creating_a_dashboard_Account_and_Organization

Cloud Monitoring for Catalyst Wireless is a Meraki Dashboard Early Access Feature. Before you can add your wireless controller to dashboard you have to Opt-in to Cloud Monitoring for Catalyst Wireless. Go to Organization > Early access to enable.

In order to claim 9800 wireless controllers to you Organization, you must be using the New Version of Organization > Inventory. To use the the new version of inventory navigate to Organization > Inventory and select Try New Version in the upper right corner.

If you are using the Per-device licensing Organization Inventory page you cannot claim 9800 wireless controllers on the Inventory page. You can claim and add 9800 wireless controllers by:
- To create a new Network for your wireless controller go to Organization > Create network. Click +Claim devices
- To add a 9800 wireless controller to an existing Network navigate to the network and go to Network-wide > Add devices. Click +Claim devices

In order to use the Create network or Add devices pages you must be using the New Version of these pages. To use the new version select Try New Version in the top right corner of these pages.

Restrictions

For detailed recommendations on how to organize your wireless controllers and access points in dashboard networks see Cloud Monitoring for Catalyst Wireless Design Guide.

	Dashboard managed MR or CW (Meraki mode) access points CANNOT be added to the same Network as monitored access points and must be claimed to separate Networks.
	Dashboard managed MR or CW (Meraki mode) access points CAN be added to the same Network as wireless controllers as long as there are NO MR or CW (Meraki mode) access points in the Network.
	For Early Access (EA) wireless controllers and access points CANNOT be moved to different Networks in dashboard. To move wireless controllers and access points to new networks you mush remove the wireless controller from its network and re-add it to update the access point network selection. Note: If you remove an AP from a dashboard Network that is online and associated with a monitored wireless controller, the access point is automatically re-added to dashboard in its original network.
	A network can be reserved to hold access points of a single wireless controller. For example, you cannot add access points joined to wireless controller-A to a network that was already reserved to hold access points on wireless controller-B.

Claiming Wireless Controllers to Organization

To begin monitoring a C9800 wireless controller in the dashboard, it must first be claimed. If the C9800 wireless controller is an HA-SSO unit, we need to get the Cloud IDs (Meraki Serial Numbers) for both C9800 controllers in the pair.

If your dashboard Organization uses Per-device licensing you cannot claim your 9800 wireless controller from the Organization Inventory. Go to Network-wide > Configure > Add devices and click +Claim Devices

To claim the wireless controller into the dashboard we need to get the Cloud ID (Meraki Serial Number) from the Controller from either the Web UI or CLI.

Web UI

Navigate to Configuration > Services > Cloud Services > Meraki:

Standalone C9800

HA-SSO C9800

CLI

Standalone C9800

CMON-9800-L#show meraki

Chassis Num PID Serial Number Cloud ID Mac Address Status Mode

--------------------------------------------------------------------------------------------------

1 C9800-L-C-K9 FCL262201G3 Q2ZZ-LU6P-3RFF 0845.d11b.8340 Registered C9K-C

HA-SSO C9800

C9800-HA#show meraki

Chassis Num PID Serial Number Cloud ID Mac Address Status Mode

------------------------------------------------------------------------------------------------------------

1 C9800-L-F-K9 FCL270501CM Q2ZZ-2TQ8-CKHF 8c1e.806f.8bc0 Registered C9K-C

2 C9800-L-F-K9 FCL270501Q0 Q2ZZ-J9N6-8BNK 8c1e.806f.87a0 Registered C9K-C

Login to dashboard and navigate to Organization > Configure > Inventory

Click Claim devices.

Enter the C9800 wireless controller’s Meraki Serial Number (Cloud ID). For HA-SSO C9800 enter the serial number for each C9800 in the pair.

Click Claim Device.

The C9800 wireless controller will now be listed in your Organization inventory.

Add Wireless Controllers to Networks

Devices can be added to dashboard Networks from the Organization inventory page where you can add to an existing Network or create a new network, as well as the Organization Create Network page to create and add devices to a new Network.

Organization Inventory

Now that the wireless controller has been claimed to an Organization, it must now be added to a dashboard Network from the Organization > Configure > Inventory page.

From the Organization > Configure > Inventory page, check the box next to the C9800 wireless controller to add to a network. For HA-SSO C9800 enter the box for each C9800 in the pair.

Click Add to network.

a) If you have an existing dashboard network to add the wireless controller to select Existing network and choose the name of the Network from the drop-down

b) If you have an existing dashboard network add the wireless controller to select New network. Name the Network and choose the Network configuration. Click Next.

Network configuration is not applicable to Wireless controllers, however if this dashboard Network may also include Meraki Managed devices please choose the appropriate configuration option from the drop-down.

Choose an Access point dashboard Network assignment policy for the wireless controller

The access point assignment selection is required regardless if the wireless controller you are adding does no currently have any access points associated. The selection made will be preserved and applied to any access points that join this wireless controller.

Select Single network if ALL Access points are in the same physical LAN topology. Choose an Existing network or New network and name the new Network.

Select Different networks (by site tag) if the dashboard should create and assign Access points to dashboard networks using the Site Tag they are configured in the wireless controller.

Click Next.

Enter the wireless controller username and password for dashboard to use to perform the required dashboard configuration provisioning.

Select the check box to acknowledge that the dashboard will access the wireless controller to do the configuration provisioning.

Click Next.

Confirm the wireless controller Network assignment and the Access point dashboard Network assignment policy as well as the credentials required.

Click Confirm.

The Inventory page will update to show the wireless controller has been assigned to a network.

Access points are not immediately displayed in the inventory list

Click the Network name to navigate to the wireless controllers dashboard Network.

Organization Create Network

Now that the wireless controller has been claimed to an Organization, it must now be added to a dashboard Network from the Organization > Configure > Inventory page.

From the Organization > Configure > Create network page, name the new network and choose Combined hardware Network type.

Network configuration is not applicable to Wireless controllers, however if this dashboard Network may also include Meraki Managed devices please choose the appropriate configuration option from the drop-down.

Check the box next to the C9800 wireless controller to add to a network. For HA-SSO C9800 enter the serial number for each C9800 in the pair.

Click Create network.

Choose an Access point dashboard Network assignment policy for the wireless controller.

The access point assignment selection is required regardless if the wireless controller you are adding does no currently have any access points associated. The selection made will be preserved and applied to any access points that join this wireless controller.

Select Single network if ALL Access points are in the same physical LAN topology. Choose an Existing network or New network and name the new Network.

Select Different networks (by site tag) if the dashboard should create and assign Access points to dashboard networks using the Site Tag they are configured in the wireless controller.

Click Next.

Enter the wireless controller username and password for dashboard to use to perform the required dashboard configuration provisioning.

Select the check box to acknowledge that the dashboard will access the wireless controller to do the configuration provisioning.

Click Next.

Confirm the wireless controller Network assignment and the Access point dashboard Network assignment policy as well as the credentials required.

Click Confirm.

You will be redirected to the new Network to navigate to the wireless controllers dashboard Network.

Removing Wireless Controllers and Access Points From the Dashboard

Removing Wireless Controllers From Dashboard

We suggest you follow these steps when removing WLCs from your dashboard in order to avoid problems in the future.

Navigate to Wireless > Wireless LAN Controller > List
Make sure that the wireless controller that you want to remove is online (green)

Note: If the wireless controller that you want to remove from the network is offline and you don’t have a way to bring it online you can still follow the same steps, simply keep in mind that the wireless controller could have some configuration lines that you’ll need to manually remove.

Here you can find all the configuration lines that are added to a wireless controller whenever it’s added to a network.

Select the wireless controller that you want to remove from the network and click Remove

Wait for a couple of minutes
In order to confirm that the dashboard removed the configuration used to monitor the WLC from device, please login to your WLC and run the command #show run | inc meraki and ensure you don’t see the configuration lines related to the monitoring of the WLC from the meraki dashboard, particularly ensure you don’t see the lines:

# username meraki-user privilege 15 secret…
# username meraki-tdluser secret 9…

Stop communication between the device and the Meraki cloud.

As long as the Meraki service is still running in the device and the device has network access to the Meraki cloud, the node will continue to exchange keep-alives packets with the Meraki cloud. Disable the Meraki service to stop it.

Login to your WLC and run these commands:

# config t
# no service meraki connect

To make sure the WLC is no longer trying to communicate with the Meraki cloud, please run # show meraki connect and make sure the service meraki connect service is disabled.

Removing Monitored Access Points From Dashboard

When a wireless controller is removed from a network, all the access points (online or offline) associated with that wireless controller are also removed from their networks automatically.

Online Access Points

If you remove an AP that is online and associated with a monitored wireless controller from a dashboard network, the access point is automatically re-added to the dashboard in its original network.

Offline Access Points

Every access point that joins a monitored wireless controller is automatically added to a network as specified in the Organize APs section, when the wireless controller was originally added to a network. If the access points eventually lose communication with the wireless controller they’ll appear as offline on the dashboard.

In scenarios when you know the AP will never join the wireless controller back, like access points physically removed from the network, you can manually remove them from the dashboard. To do so, follow these steps:

Navigate to Wireless > Monitor > Access Points
Select the offline access points that you no longer want to monitor
Click Remove