Cloud Monitoring for Wireless Requirements
Supported Wireless LAN Controllers
Cloud Monitoring for Wireless supports the following wireless controller models:
| Model | Minimum Software Release |
|---|---|
| CW9800H1 / CW9800H2 | IOS XE 17.15.3 |
| CW9800M | |
| C9800-80 | IOS XE 17.12.3 / IOS XE 17.15.1 |
| C9800-40 | |
| C9800-L-C / C9800-L-F | |
| C9800-CL | IOS XE 17.18.2 |
17.15.1 and later is required for Cloud CLI and CLI terminal
Supported Access Points
IOS XE 17.18.1 is required for AP Live Tools.
Cloud Monitoring for Wireless supports the following access point models when joined to a supported wireless controller.
Wi-Fi 7 Access Points
| Model | Minimum Software Release |
|---|---|
| CW9178I | IOS XE 17.15.3 |
| CW9176I / CW9176D1 | |
| CW9172I / CW9172H | IOS XE 17.17.1 |
1 Multi-Link Operation (MLO) information will not shown at launch. This will be built into later IOS XE releases.
Wi-Fi 6E Access Points
| Model | Minimum Software Release |
|---|---|
| C9136I | IOS XE 17.12.3 / IOS XE 17.15.1 |
| CW9166I / CW9166D1 | |
| CW9164I | |
| CW9163E | |
| CW9162I |
Wi-Fi 6 Access Points
| Model | Minimum Software Release |
|---|---|
| C9130AXI / C9130AXE | IOS XE 17.12.3 / IOS XE 17.15.1 |
| C9124AXI / C9124AXD / C9124AXE | |
| C9120AXI / C9120AXE | |
| C9117AXI | |
| C9115AXI | |
| C9105AXI / C9105AXW |
Wi-Fi 5 (802.11ac Wave 2) Access Points
| Model | Minimum Software Release |
|---|---|
| AIR-AP4800 | IOS XE 17.12.3 / IOS XE 17.15.1 |
| AIR-AP3802I / AIR-AP3802E | |
| AIR-AP2802I / AIR-AP2802E | |
| AIR-AP1562I / AIR-AP1562D / AIR-AP1562E |
Licensing
Cloud Monitoring for Wireless requires a Cisco DNA software license. Access points require a Cisco DNA Essentials or Advantage license and the Catalyst WLC license level add-on enabled for DNA Essentials or Advantage. Dashboard Client traffic analytics powered IOS XE AVC is available only with a Cisco DNA Advantage license.
C9800-CL Virtual Controller Licensing Requirements
In addition to needing valid Cisco DNA licensing, to get Technical Assistance Center (TAC) support, and OS upgrades and updates on 9800-CL controllers, customers will need to purchase Cisco Software Support Service (SWSS). For more information, please see here.
Additionally, if a 9800-CL WLC is not connected to a smart licensing service, there is a limit of 50 access points enforced on the device. Once a 9800-CL WLC is connected to a smart licensing service, this restriction disappears. The compliance of the controller is decided based on the licenses available. For more information, please see here.
Supported Dashboard Clusters
Catalyst Wireless LAN Controllers are supported in the following Meraki dashboard clusters:
Wireless Controller Dashboard Scale
When 9800 WLCs are connected to the dashboard, Cloud Monitoring for Wireless supports a maximum number of concurrently connected access points and clients at the following scales:
Hardware Controllers
|
Model |
Number of access points |
Number of clients |
|---|---|---|
|
C9800-L (F or C) |
250 |
3,000 |
|
C9800-40 / CW9800M |
1,300 |
10,000 |
|
C9800-80 / CW9800H1 / CW9800H2 |
2,000 |
20,000 |
If any wireless controller model exceeds 2,000 access points joined, the dashboard will stop collecting telemetry data until the AP joined count is lowered to under 2,000. An alert will be logged for the wireless controller if dashboard is unable to continue to collect telemetry data.
Increased scale for all 9800 WLC appliances may be available in future IOS XE releases.
C9800-CL Virtual Wireless Controller
|
Deployment Template |
Number of access points |
Number of clients |
|---|---|---|
|
Large (Normal and High Throughput) |
2,000 |
20,000 |
|
Medium (Normal and High Throughput) |
1,000 |
10,000 |
|
Small |
300 |
3,000 |
| Ultra-low | 30 | 300 |
Cloud Connectivity
In order to connect and monitor Catalyst Wireless LAN Controllers and Access Points with Dashboard, it must be able to communicate with the Cisco Meraki cloud over a secure Meraki Tunnel. Because Dashboard is located on the public internet, the Meraki Tunnel is always initiated outbound from the WLC and APs. Any upstream firewalls or access controls must permit WLCs and APs to access dashboard IP addresses. Once a connection is established, the tunnel is maintained by occasionally sending and receiving keep-alive packets.
In addition to permitting WLCs to access Dashboard IP addresses, APs must also be permitted outbound through the firewall. APs leverage the Meraki Tunnel to register to Dashboard as well as to leverage the Live Tools available.
When a firewall or gateway exists in the data path between Dashboard and the WLCs and APs, Cisco Meraki cloud IP addresses and ports must be permitted outbound through the firewall for the tunnel to function.
|
Destination IP |
Port |
Protocol |
|---|---|---|
|
209.206.48.0/20 |
443 |
TCP |
|
216.157.128.0/20 |
443 |
TCP |
|
158.115.128.0/19 |
443 |
TCP |
AVC Enablement for Traffic Analytics (Web UI and CLI)
In order for Traffic Analytics data to display in the dashboard, the Application Visibility must be enabled on the Catalyst WLC. Client traffic analytics powered IOS XE AVC is available only with a Cisco DNA Advantage license.
- In the wireless controller web interface, navigate to Configuration > Services > Application Visibility:
- Select Configured Profiles, apply application visibility on them and enable local collector (external collector not required for dashboard to display traffic analytics).
- The dashboard requires an additional profile configuration that is NOT configured by the web UI and must be done in the command line.
Wireless profile policy must be SHUTDOWN before adding the following commands. Clients connected to SSIDs using this Policy Profile will be disconnected when the policy is shut down.
wireless profile policy <Your Policy Profile Name>
ip nbar protocol-discovery
Enable NBAR protocol-discovery on other policy profiles as needed.
AVC Enablement for Traffic Analytics (CLI Only)
- To enable Application Visibility, first configure a local destination flow exporter:
flow exporter wireless-local-exporter
destination local wlc
- Next, configure two flow monitors, one for IPv4 and one for IPv6 records.
flow monitor wireless-avc-basic
exporter wireless-local-exporter
cache timeout active 60
record wireless avc basic
flow monitor wireless-avc-basic-ipv6
exporter wireless-local-exporter
cache timeout active 60
record wireless avc ipv6 basic
Wireless profile policy must be SHUTDOWN before adding the following commands. Clients connected to SSIDs using this Policy Profile will be disconnected when the Policy is shutdown.
wireless profile policy <Your Policy Profile Name>
shut
ip nbar protocol-discovery
ipv4 flow monitor wireless-avc-basic input
ipv4 flow monitor wireless-avc-basic output
ipv6 flow monitor wireless-avc-basic-ipv6 input
ipv6 flow monitor wireless-avc-basic-ipv6 output
no shut
Enable these commands on other policy profiles as needed.
Network Assurance and Device Classification Enablement
Network Assurance
In order for network assurance data (ex. roaming and client event data) to be sent to Dashboard, network assurance needs to be enabled on the Cisco WLC.
Using WebUI
- In the 9800 WebUI, navigate to Configuration > Services > Cloud Services
- Set Service Status to ENABLED and hit Apply.
Using CLI
- To enable Device Classification, go into global configuration mode and enter the following configuration:
network-assurance enable
Device Classification
Using WebUI
In order for Device type and OS data for clients to display in Dashboard, the Device Classification must be enabled on the Cisco 9800 WLC.
- In the 9800 WebUI, navigate to Configuration > Wireless > Wireless Global
- Select Device Classification and click Apply.
- After enabling device classification globally, client profiling can be enabled on Policy Profiles by navigating to Configuration > Tags & Profiles > Policy > Edit Policy Profile > Access Polices:
- Select HTTP TLV Caching and DHCP TLV Caching and click Update and Apply to Device.
Using CLI
- To enable Device Classification, go into global configuration mode and enter the following configuration:
device classifier
Dashboard Sizing Best Practices
Please see Meraki Cloud Sizing and Scaling Considerations and Best Practices for recommendations on inventory & per-network device limits