Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Catalyst 9800-CL Wireless Controller for Cloud Deployment Guide

White Paper

Available Languages

Download Options

  • PDF
    (9.2 MB)
    View with Adobe Reader on a variety of devices
Updated:January 25, 2021

Available Languages

Download Options

  • PDF
    (9.2 MB)
    View with Adobe Reader on a variety of devices
Updated:January 25, 2021
 

Introduction

This document provides installation guidance for the virtual Cisco® Catalyst® Wireless Controller for Cloud with VMware ESXi, Linux KVM, and Cisco Enterprise Network Compute System (ENCS) Network Function Virtualization Infrastructure Software (NFVIS). The document:

     Provides an overview of the virtual deployment options

     Provides instructions for configuring and setting up the virtual wireless controller.

Supported VMware, KVM, and NFVIS versions

     VMware Virtual Machine version 11, minimum of ESXi 6.0 Update 2

     Red Hat Enterprise RHEL 7.1 and 7.2, Ubuntu 14.04, 16.04 LTS

     Cisco NFVIS Release 3.8 or later

9800-CL virtual machine requirements

Scale and sizing suggest the minimum virtual resource requirements shown in the table below.

Table 1.        Minimum virtual resource requirements for small, medium, and large configurations

 

Existing supported templates Pre IOS XE 17.3 release

Templates added as part of IOS XE 17.3 release

Model Configuration

Small

(Low throughput)

Medium

(Low throughput)

Large

(Low throughput)

Small

(High throughput)

Medium

(High throughput)

Large

(High throughput)

Minimum Number of vCPUs

4

6

10

7

9

13

Minimum CPU Allocation (MHz)

4,000

6,000

10,000

4,000

6,000

10,000

Minimum Memory (GB)

8

16

32

8

16

32

Required Storage (GB)

8

8

8

8

8

8

Virtual NICs (vNIC)

(*) 3nd NIC is for High Availability

2/(3)*

2/(3)*

2/(3)*

2/(3)*

2/(3)*

2/(3)*

ESXi vNIC

VMXNET3

VMXNET3

VMXNET3

VMXNET3

VMXNET3

VMXNET3

Linux KVM vNIC

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

NIC Virtualization

Virtio

Virtio

Virtio

Virtio

Virtio

Virtio

Maximum Access Points

1000

3,000

6,000

1000

3,000

6,000

Maximum Clients Support

10,000

32,000

64,000

10,000

32,000

64,000

vMotion, vNIC teaming, Snapshot, DRS

Supported

Supported

Supported

Supported

Supported

Supported

L2 LAG

Not supported

Not supported

Not supported

Not supported

Not supported

Not supported

Note:     VM operations like DRS, Snapshot, vMotion, vNIC teaming are not supported with SR-IOV.

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-E8E8D7B2-FE67-4B4F-921F-C3D6D7223869.html

Note:     Cloning from snapshots is not supported.

Note:     In the low throughput templates 2 cores are allocated to dataplane (packet processing) and in the high throughput templates 5 cores are allocated to dataplane functionality

Note:     For the Cisco ENCS platform, only the small size is supported (1000 APs and 10,000 wireless clients).

Note:     To avoid stability and performance issues, it’s advisable to fully reserve the vCPU resources needed for the 9800-CL and never oversubscribe them.

High Availability

High Availability (HA) is supported on the 9800-CL VM hosts using virtual redundant ports, in a stateful switchover (SSO) configuration.

9800-CL file format options

Catalyst 9800-CL deployment OVA template (OVA)

    C9800-CL-universalk9.BLD_V***.ova

Catalyst 9800-CL deployment image

    C9800-CL-universalk9.BLD_V***.iso

Catalyst 9800-CL upgrade and patches (bin)

    C9800-CL-universalk9.upgrade***.bin

Deploying the 9800-CL OVA to ESXi using the vSphere client

You can use the provided OVA file package to deploy the Cisco wireless controller to the VM. The OVA package includes an OVF file that contains a default VM configuration based on the Cisco IOS® XE release and the supported hypervisor.

The following considerations apply when deploying the OVA package to the VM:

     The single OVA package creates a VM with options for three types of virtual wireless controllers, small, medium, and large. Selecting a profile specifies the required virtual CPU and memory. The hard disk requirement will be the same—8 GB—for any wireless controller type. We do not recommend changing the virtual CPU and memory configuration after deployment.

     When deploying using the OVA template, the VM will bootstrap with three interfaces: one is for out-of-band management, one is for wireless management (usually mapped to a trunk interface on the switch side), and the third is for HA to connect to the SSO peer.

     You can monitor the installation process on the virtual VGA console or the console on the virtual serial port. A virtual serial port is optional and can be added after deploying the OVA. At FCS the serial console port is not supported for large-scale deployments; Appendix A describes how to configure it, in case you want to use it.

Deploying the 9800-CL OVA to an ESXi 6.0 host using the vSphere client

VMware ESXi provides a direct deployment of the virtual Catalyst 9800-CL wireless controller without bootstrap customization (see “Deploying the OVA to ESXi 6.0 with vCenter Server”).

Perform the following steps in the VMware vSphere client.

Step 1.      Log in to the VMware vSphere client.

VMware vSphere client

Step 2.      From the vSphere client menu bar, choose File > Deploy OVF Template.

Deploy OVF Template

Step 3.      In the OVA wizard, point the source to the Cisco wireless controller OVA to be deployed. Click Next.

Cisco wireless controller OVA

Step 4.      Verify the OVA template details and click Next.

Verify the OVA template details

Step 5.      Under Name and Location, specify the name for the VM and click Next.

Under Name and Location

Step 6.      Under Deployment Configuration, select the desired hardware configuration (AP and client scale) profile from the drop-down menu and click Next.

Under Deployment Configuration

Step 7.      Under Disk Format, select the disk format option (select the default).

Under Disk Format

Step 8.      Configure and map the wireless controller management interface: Under Network Mapping, allocate one vNIC on the destination network using the drop-down list. By default, the 9800-CL comes with three network interfaces:

     GigabitEthernet1 -> Device management interface: Map it to the out-of-band management network. This is the equivalent of the service port.

     GigabitEthernet2 -> Wireless management interface: Map it to your network to reach APs and services. Usually this interface is a trunk to carry multiple VLANs.

     GigabitEthernet3 -> High Availability interface: Map it to a separate network for peer-to-peer communication for SSO.

Note:     Do not connect two interfaces to a single network, as that may cause network loops. When a trunk port is used, it is required to either prune vlans from vCenter or have the gig interfaces in a different vSwitch.

C9800-CL

 

Network Mapping

Note:     SR-IOV Intrefaces : SR-IOV are High performance interfaces possible in certain Intel NIC cards. Refer to SR-IOV Enablement section to see see how to enable and attach them to C9800-CL

Step 9.      Click Finish to deploy the OVA.

Click Finish to deploy the OVA

 

59% Deploying Cisco VWLC

Step 10.   Once the VM is created, select the wireless controller VM and choose Edit Settings.

Edit Settings

Mapping 9800-CL network interfaces to ESXi VM network interfaces

The Catalyst 9800-CL maps the GigabitEthernet network interfaces to the logical vNIC name assigned by the VM. The VM in turn maps the logical vNIC name to a physical MAC address.

When the Catalyst 9800-CL is booted for the first time, the router interfaces are mapped to the logical vNIC interfaces that were added when the VM was created. The figure below shows the relationship between the vNICs and the Catalyst 9800-CL interfaces.

By default, the 9800-CL comes with three network interfaces:

     GigabitEthernet1 -> Device management interface: Map it to the out-of-band management network.

     GigabitEthernet2 -> Wireless management interface: Map it to your network to reach APs and services. Usually this interface is a trunk to carry multiple VLANs.

     GigabitEthernet3 -> High Availability interface: Map it to a separate network for peer-to-peer communication for SSO.

Note:     Do not connect two interfaces to a single network, as this might cause network loops.

Mapping the vNICs to the Catalyst 9800-CL interfaces

Figure 1.      

Mapping the vNICs to the Catalyst 9800-CL interfaces

The figure below shows an example of mapping the hypervisor physical port (vmnic2, connected to a switch trunk) to vSwitch0, as intended for the 9800-CL VM management interface. An optional interface intended for use in redundant HA configuration (vmnic3) is named RP and mapped to vSwitch3.

Note:     If testing two 9800-CL controllers in the same Cisco UCS® server and using RP ports for HA, it is not necessary to connect the physical RP mapped physical adapters at all. However, if active and standby 9800-CL controllers are on separate hypervisors, the RP mapped physical ports need to be connected to the network and must be Layer 2 adjacent and reachable by each other.

Mapping the hypervisor to the VM management interface

Figure 2.      

Mapping the hypervisor to the VM management interface

vSwitch promiscuous mode

By default, a hypervisor vswitch is configured to reject promiscuous mode. If the 9800-CL is using tagged traffic (for a management VLAN, AP VLAN, etc.) via the management port, promiscuous mode allows the vSwitch to carry tagged traffic. Therefore, configure the vSwitch to accept promiscuous mode.

Step 1.      Under Hypervisor > Configuration > Hardware > Networking, select the vSwitch# being mapped to the 9800-CL management interface.

Step 2.      Select Ports > Configuration > vSwitch and click Edit.

Step 3.      On the Security tab, under Policy Exceptions, set Promiscuous Mode = Accept.

Step 4.      Also set Forged Transmits = Accept.

Enabling promiscuous mode

Figure 3.      

Enabling promiscuous mode

Enabling and using SR-IOV nic in ESXI

SR-IOV (single root input/output virtualization) Introduction

SR-IOV provides the ability to partition a single physical PCI resource into virtual PCI functions which can then be injected into a VM. These Network VFs (Virtual Functions) of SR-IOV improves north-south network performance by allowing traffic to bypass the host machine’s network stack.

     Each virtual machine is directly assigned and given access to the physical resources (VFs) by the hypervisor (VMM)

     VMs load up specific driver to support SR-IOV

     VM boots up and probes its PCIe config space to see what devices it has

     VMM tells it has a VF attached and indicates the HW registers for VFs to the nic driver in the VM.

     Nic then fills up the VF descriptors in the HW with the address space where to and from copy over the packet in VM address space

Enabling and using SR-IOV nic in ESXI

Reference : Intel SR-IOV architecture

Steps for Enabling SR-IOV on C9800-CL on ESXI

Step 1.      Enable SR-IOV on the network adapter

This can be enabled on the Physical Adapter setting

Enable SR-IOV on the network adapter

Enable and configure the Virtual functions on the adapter

Ethernet Server Adapter X710, which supports up to 32 VFs per port.

One VF per port gives the maximum performance.

Enable and configure the Virtual functions on the adapter

Each VF would represent a NIC.

Note:     The ESXI host needs to be re-booted for this to take effect .

Step 2.      Attach the SR-IOV to C9800-CL VM .

1.     Create a new switch with out any ports

Create a new switch with out any ports

2.     Create a new port without any Physical ports

Create a new port without any Physical ports

3.     Edit and add the VF to this port

Edit and add the VF to this port

4.     Edit the VM and remove the network port already attached and add a network new adapter and add the port group created above. Now choose the Physical adapter with SR-IOV and adapter type to SRiov-Passthrough

Edit the VM and remove the network port

5.     Save the config and reboot the VM

Step 3.      Security Settings (Verify that the Trust settings are update correctly on the NIC)

https://kb.vmware.com/s/article/74909

vSwitch security policy is not persistent when SRIOV is enabled to work around this

SSH to ESXI

Use the following command to verify that the NIC is trusted and spoof check is disabled.

esxcli intnet sriovnic vf get -n <nic>

Example:

esxcli intnet sriovnic vf get -n vmnic6

VF ID           Trusted         Spoof Check

-----           -------         -----------

0               true            false

If this is not set correctly.

1.     Stop the C9800-CL VM at the boot prompt

GNU GRUB version 0.97 (638K lower / 3143552K upper memory

+-------------------------------------------------------------------+

|   vWLC – packages.conf

|   vWLC – GOLDEN IMAGE

2.     Use the cli to set the trust parameters using the following commands

esxcli intnet sriovnic vf set -t on -s off -v <vf num> -n <nic>

-t sets the trust mode

-s sets the spoof check

For firmware and driver versions prior to and including firmware version 7.0, and driver version 1.8.6, the above two steps are always needed on VM reboot.

For firmware and driver versions after and including firmware version 7.10, and driver version 1.10.6, entering the following command once after setting the trust, and spoof check makes the setting permanent.

Verified and Recommended Software versions

Guest OS

NIC

Driver Version

Firmware

Notes

VMWare Version 6.5

Intel x710

I40en 1.10.6

Plugin version 1.4.1

7.10

VMWare Version 6.5

Ciscoized x710

I40en 1.8.6

Plugin version 1.4.1

7.0

7.0 firmware and 1.8.6 driver has trust mode persistence issue across VM reload. Issue will be fixed in subsequent firmware and driver versions.

Configuring the basic 9800-CL settings

Let’s create the minimal configuration to connect to the WebUI of the 9800-CL and use the DAY 0 guided flow to get the controller fully operational. At FCS, DAY 0 assumes that the box has two separate virtual interfaces (one for device management and one for wireless management and client traffic) and that the first login happens on the device management (out-of-band) interface. The wireless management interface is configured via the DAY 0 guided flow. If you have a different setup and, for example, you want to use only one interface, see the next section on how you can skip the DAY 0 guided flow and configure the initial settings via the Command-Line Interface (CLI).

Connect to the CLI via the VGA console and follow these steps for the basic configuration:

Step 1.      Terminate the configuration wizard (this is the general Cisco IOS CLI wizard, and it’s not specific for wireless).

Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]:yes

Step 2.      Optionally, set the hostname:

WLC(config)#hostname C9800

Step 3.      Add login credentials, using the following command:

C9800(config)#username <name> privilege 15 password <yourpwd>

Step 4.      Add an IP address on the device management interface. The example assumes you have mapped GigabitEthernet1 to the out-of-band/device management network during VM bootstrap:

C9800(config)#interface g1

C9800(config-if)#no switchport

C9800(config-if)#ip address 10.58.55.5 255.255.255.0

Step 5.      Add the route to the remote network from which you want to manage the 9800-CL.

C9800(config)#ip route 10.58.0.0 255.255.0.0 10.58.55.254

Important note: With an ESXi direct host, no default bootstrap configuration is passed to the instance. If one is desired, you would have to enter the following commands manually (these are automatically configured if using vCenter):

netconf-yang

ip http server

ip http secure-server

line vty 0 4

 transport input telnet ssh

 login local

Verify that you can ping your management station, and then from there, just enter https://<IP of the device management interface>. Use the credentials you entered earlier. Since the box has never been configured, the WebUI will redirect you to the DAY 0 page. Please see the DAY 0 section later in this document.

9800-CL DAY 0 configuration setup wizard

To simplify the bootstrap process of the Catalyst 9800-CL wireless controller, a DAY 0 wizard will appear after a virtual instance is deployed, with network connectivity but without any other wireless configuration.

To connect to the DAY 0 GUI, log in to the defined device management interface via https.

9800-CL DAY 0 configuration setup wizard

To log in, use the username and password credentials given during the 9800-CL instance creation described in the previous sections.

Once logged in, you are presented with a simplified configuration flow to set the basic parameters and have the controller fully operational. On the first page, enter the required information.

General Settings_Standalone

These are: Deployment Mode, Country code, Date, Time, NTP Servers (optional), and AAA Servers (optional).

Note that for the VM you can chose standalone or active/standby if you want to configure SSO.

Then enter the wireless management interface configuration.

Wireless Management Settings

Notice that you can only select an interface that is different from the one you used to access the GUI (so you can select either GigabitEthernet2 or GigabitEthernet3 in this case). You can configure the interface GigabitEthernet2 by choosing the VLAN, the IP address, and the default gateway. This will automatically configure the interface as the trunk, the Switch Virtual Interface (SVI) for wireless management, and the default gateway. Click Next.

On the next page you can add a WLAN (optional) so that clients can connect. In this example the PSK dialog is shown.

On the next page you can add a WLAN

On the next page you can set some basic RF parameters and the AP certificate.

On the next page you can set some basic RF parameters

A trustpoint is basically a certificate authority that you trust implicitly. A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or another party. A trustpoint is needed for an AP to join the 9800-CL, and you can decide to automatically generate one during DAY 0, or you can toggle Generate Certificate to No, and then it will have to configure its own certificate authority at DAY 1 for APs to join.

Click Summary to review the configuration, and then click Finish. The configuration and trustpoint will be pushed to the device and you will be logged out. The 9800-CL controller will not reboot, but it will take about 60 seconds to prompt you to log in again; enter the same credentials.

Click Summary to review the configuration

This time it will skip the DAY 0 page, since the box has already an initial configuration, and you will be redirected to the main dashboard for the DAY 1 configuration.

Configuring the 9800-CL via the CLI: Skipping the DAY 0 guided flow

If you don’t want to use two separate virtual interfaces for device management and wireless management, you can create the DAY 0 configuration via the CLI and then access the GUI for the DAY 1 configuration.

Follow these steps to configure the 9800-CL with a wireless management interface and skip the DAY 0 flow. This example assumes that GigabitEthernet1 is connected to a trunk interface on the switch and you want to configure multiple VLANs and dedicate one for the wireless management interface.

Step 1.      Access the CLI via the VGA/monitor console of ESXi.

Step 2.      Terminate the configuration wizard (this wizard is not specific for the wireless controller).

Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]:yes

Step 3.      Optionally, set the hostname:

WLC(config)#hostname C9800

Step 4.      Enter the config mode and add login credentials using the following command:

C9800(config)#username <name> privilege 15 password <yourpwd>

Step 5.      Configure the VLAN for the wireless management interface:

C9800#conf t

Enter configuration commands, one per line. End with CNTL/Z.

C9800(config)#vlan 122

C9800(config-vlan)#name wireless_management

Step 6.      Configure the SVI for the wireless management interface; for example:

C9800(config)#int vlan 122

C9800(config-if)#ip address 172.20.229.21 255.255.255.192

C9800(config-if)#no shutdown

Step 7.      Configure the interface GigabitEthernet1 as the trunk:

C9800(config-if)#interface GigabitEthernet1  

C9800(config-if)#switchport mode trunk

C9800(config-if)#switchport trunk allowed vlan 122

C9800(config-if)#shut

C9800(config-if)#no shut

Step 8.      Configure a default route (or a more specific route) to reach the box:

C9800(config-if)#ip route 0.0.0.0 0.0.0.0 172.20.229.1

Step 9.      Disable the wireless network to configure the country code:

C9800(config)#ap dot11 5ghz shutdown

Disabling the 802.11a network may strand mesh APs.

Are you sure you want to continue? (y/n)[y]: y

C9800(config)#ap dot11 24ghz shutdown

Disabling the 802.11b network may strand mesh APs.

Are you sure you want to continue? (y/n)[y]: y

Step 10.   Configure the AP country domain. This configuration is what will trigger the GUI to skip the DAY 0 flow, as the 9800-CL needs a country code to be operational:

C9800(config)# c9800-10-30(config)#ap country?

 WORD  Enter the country code (e.g. US,MX,IN) upto a maximum of 20 countries

Step 11.   A certificate is needed for the AP to join the virtual 9800-CL. This can be created automatically via the DAY 0 flow or manually using the following commands.

     Specify the interface to be the wireless management interface:
C9800(config)#wireless management interface vlan 122

     In exec mode, issue the following command:
C9800(#wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 <pwd>
Configuring vWLC-SSC…
Script is completed

This is a script that automates the whole certificate creation.

     Verify certificate installation:
C9800#show wireless management trustpoint
Trustpoint Name : ewlc-default-tp
Certificate Info : Available
Certificate Type : SSC
Certificate Hash : e55e61b683181ff0999ef317bb5ec7950ab86c9e
Private key Info : Available

Note:     You can skip the certificate/trustpoint configuration, but if you do, APs will not be able to join. You would need to go to the GUI and configure it from there by importing the desired certificate.

Verify that you can ping the wireless management interface, and then just enter https://<IP of the device wireless management interface>. Use the credentials you entered earlier. Since the box has a country code configured, the GUI will skip the DAY 0 page and you will get access to the main dashboard for the DAY 1 configuration.

Accessing the 9800-CL WebUI

Once the 9800-CL can be reached successfully from the network, you can access the main dashboard to continue the DAY 1 and DAY 2 operations.

Step 1.      Access the 9800-CL WebUI using https://C9800-IP. The username and password will be what you provided during the OVA installation.

Access the 9800-CL WebUI

 

Cisco vEWLC

Congratulations—you have installed your virtual 9800-CL.

Deploying the OVA to ESXi 6.0 with vCenter server

VMware vCenter has a flow similar to that of standalone ESXi, except for the ability to customize and bootstrap the virtual wireless controller with login and network information so that you don’t have to use the CLI at all.

Follow these steps:

Step 1.      Log in to vCenter, and choose vSphere Web Client (Flash).

Log in to vCenter, and choose vSphere Web Client (Flash)

Step 2.      Select Actions > Deploy OVF template.

Select Actions > Deploy OVF template

Step 3.      Browse to the OVA file, select the data center, and click Next.

Browse to the OVA file, select the data center, and click Next

Step 4.      Select the cluster and host and click Next.

Select the cluster and host and click Next

Step 5.      Review the details of the OVF deployment and click Next.

Review the details of the OVF deployment and click Next

Step 6.      Select the configuration (AP and client scale) profile and click Next.

Select the configuration (AP and client scale) profile and click Next

Step 7.      Select the storage and click Next.

Select the storage and click Next

Step 8.      Map the virtual network interface(s) and click Next.

Map the virtual network interface(s) and click Next

As was mentioned earlier, vCenter deployment provides an option to customize or bootstrap the Catalyst 9800-CL wireless controller with a hostname, network configuration, and login.

Step 9.      Go through the steps to provide any necessary information using the provided template, and click Next.

Yhe provided template, and click Next

Note:     Here you need to specify the device management interface. This is the interface you mapped to the out-of-band management network. It is configured as a Layer 3 routed interface with the IP address provided in this step. The network you enter here in step 2.4 is the remote network from which you want to manage your 9800-CL. This will create a static route to that specified network.

Step 10.   Finally, review the configuration data and click Next to deploy the 9800-CL in vCenter.

Finally, review the configuration data and click Next to deploy the 9800-CL in vCenter

Step 11.   Select Power on after deployment.

Select Power on after deployment

Deploying the 9800-CL with ESXi 6.5

At the time of this writing, installing the OVA file for the 9800-CL using the GUI does not work. There are issues specific to VMware 6.5 and the 9800-CL OVA file deployment in which the deployment will fail with the warning “A required disk image was missing.” In addition, the error “Failed to deploy VM: postNFCData failed: Cannot POST to non-disk files” is seen. There are two options to install the 9800-CL on VMware ESXi 6.5.

     Install an ISO file for the 9800-CL using the ESXi embedded GUI (ESXI 6.5 client version 1.29.0 is tested and required).

     Install an OVA file for the 9800-CL using the OVF tool.

Deploying the 9800-CL ISO to ESXi 6.5 using the VMware embedded GUI

Step 1.      Copy the 9800-CL ISO file into the datastore.

Step 2.      If needed, update the ESXI 6.5 client version to the minimum version, 1.29.0.

ESXI 6.5 client version to the minimum version, 1.29.0

Step 3.      Create a new virtual machine and choose the OS family/version as suggested below.

     Compatibility: ESXi 6.5 virtual machine

     Guest OS family: Linux

     Guest OS version: Other 3.x or later Linux (64-bit)

OS family/version

Step 4.      Select the datastore for deploying the 9800-CL.

Select the datastore for deploying the 9800-CL

Step 5.      Choose the CPU, memory, and hard disk size depending on your deployment requirements. Refer to the virtual machine requirement and scale shown earlier in Table 1.

Choose the CPU, memory

Step 6.      Ensure that the network Adapter Type is VMXNET 3 and the Virtual Device Node is IDE controller 0.

Ensure that the network Adapter Type is VMXNET 3

Step 7.      After ISO installation, walk through the initial setup wizard and configure SVIs, wireless interface, trustpoint, etc. (Review the previous sections, as these will be the same.)

Step 8.      Finally, join and register the access points.

Deploying the 9800-CL OVA to ESXi 6.5 using the VMware OVF tool

Step 1.      Download and install the OVF tool from the VMware website. The minimum tested version is 4.2.0.

https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL430&productId=742

Step 2.      Download the OVA file for the 9800-CL into a folder.

Example: /users/xyz/C9800/ova-file-on-esxi6.5/

Step 3.      Create a file named “.ovftool” (in the folder you created above), and modify it with the following content:

$ more .ovftool

acceptAllEulas

datastore=<datastore name>

deploymentOption=<#>CPU-<#>GB  *check VM requirement per scale required

name=prsna-vm

net:GigabitEthernet1=<network name>

prop:com.cisco.vwlc.hostname.1=<C9800 hostname>

Step 4.      At this point, your folder must have two files:

$ ls -la

total 1192960

..

-rw-r--r--   1 prasannathakku  staff        156 May 22 14:29 .ovftool

-rw-r--r--   1 prasannathakku  staff  610785280 Apr 25 02:50 vWLC.ova

Step 5.      Execute the following command from the folder (where you have both the OVA file and the .ovftool file).

For example:

$/Applications/VMware\ OVF\ Tool/ovftool  ./C9800-CL.ova vi://"root:password"@<Host IP address>

Note:

The OVA file that you need to deploy is - C9800-CL.

ESXi 6.5 info - vi://"root:<password>"@<Host IP address>”

Execute this command from the location where you have the OVA file and also the .ovftool file.

Step 6.      Access the ESXi GUI and power up the related VM that was just installed using the OVF tool.

Access the ESXi GUI and power up the related VM that was just installed using the OVF tool

Step 7.      After OVA installation with the embedded client, you can browse to the ESXi 6.5 host and see the 9800-CL VM that was installed.

After OVA installation with the embedded client

Step 8.      Make any changes as required (network mapping, etc.).

Make any changes as required

Step 9.      Power on the VM, and walk through the initial setup wizard, configuring SVIs, wireless interface, trustpoint, etc. (Review the previous sections, as these will be the same.)

Deploying the virtual 9800-CL on Linux KVM

The virtual Cisco Catalyst 9800-CL Wireless Controller for Cloud can be deployed in Linux KVM using an ISO file (downloaded from the Cisco website), with support for the following distribution:

     Red Hat Enterprise Linux (RHEL) 7.1 or higher

     Ubuntu 16.04 LTS or higher

This guide will not cover every aspect of Linux or KVM components, only the general set of instructions needed to deploy a virtual wireless controller on KVM.

Scale for the virtual 9800-CL on Linux KVM

Table 2.        Minimum virtual resource requirements for small, medium, and large configurations

 

Existing supported templates Pre IOS XE 17.3 release

Templates  added as part of IOS XE 17.3 release

Model Configuration

Small

(Low throughput)

Medium

(Low throughput)

Large

(Low throughput)

Small

(High throughput)

Medium

(High throughput)

Large

(High throughput)

Minimum Number of vCPUs

4

6

10

7

9

13

Minimum CPU Allocation (MHz)

4,000

6,000

10,000

4,000

6,000

10,000

Minimum Memory (GB)

8

16

32

8

16

32

Required Storage (GB)

8

8

8

8

8

8

Virtual NICs (vNIC)

(*) 3nd  NIC is for High Availability

2/(3)*

2/(3)*

2/(3)*

2/(3)*

2/(3)*

2/(3)*

Linux KVM vNIC

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

OVS

Linux bridge (brctl)

NIC Virtualization

Virtio

Virtio

Virtio

Virtio

Virtio

Virtio

Maximum Access Points

1000

3,000

6,000

1000

3,000

6,000

Maximum Clients Support

10,000

32,000

64,000

10,000

32,000

64,000

vMotion, vNIC teaming, L2 LAG, SRIOV

Not supported

Not supported

Not supported

Not supported

Not supported

Not supported

^At FCS the large image will support the full scale with FlexConnect local switching and fabric deployment mode. For local and Flex central switching deployment modes, the scale is 3000 APs and 32,000 clients, the same as for the medium configuration.

Prerequisites before installing KVM

To run KVM, you need a processor that supports hardware virtualization. Intel and AMD both have developed extensions for their processors, deemed respectively Intel VT-x (code nameVanderpool) and AMD-V (code name Pacifica).

To see if the processor supports one of these extensions, issue the following command and review the output:  

egrep -c '(vmx|svm)' /proc/cpuinfo 

If the result is 0, it means your CPU doesn't support hardware virtualization.

If it is 1 or more, it does support hardware virtualization, but you still need to make sure that virtualization is enabled in the BIOS.

Required packages for KVM

The following KVM packages are required for installation:

Qemu-kvm

Qemu-utils

Uml-utilities

Bridge-utils

Socat

Kvm

Libvirt-bin

Virtinst

The following are Ubuntu sample commands to install the packages:

apt-get install qemu-kvm qemu-utils uml-utilities bridge-utils socat

apt-get install kvm libvirt-bin virtinst

Use the following command to install the packages in RHEL:

yum install kvm libvirt

KVM networking

Networking options vary within Linux. Effectively, KVM supports the following:

Linux bridge

OVS switch

The following are sample network settings, where br0 and br1 can be mapped to the virtual wireless controller interface(s):

vim /etc/network/interfaces

 

interfaces(5) file used by ifup(8) and ifdown(8)

auto lo

iface lo inet loopback

 

 

auto br0

iface br0 inet static

        address 10.104.170.99

        netmask 255.255.255.0

        network 10.104.170.0

        broadcast 10.104.170.255

        #gateway 10.104.170.1

        #up route add default gw 10.104.170.1

        # dns-* options are implemented by the resolvconf package, if installed

        bridge_ports eth0

        bridge_stp off

        bridge_fd 0

        bridge_maxwait 0

        dns-nameservers 72.163.128.140

 

 

auto br1

iface br1 inet static

        address 9.11.124.44

        network 9.11.124.0

        netmask 255.255.255.0

        bridge_ports eth1

        bridge_stp off

        bridge_fd 0

        bridge_maxwait 0

KVM SR-IOV Configuration

1.     Install the latest drivers for the NIC.

The ethernet and driver versions can be verified using the commands

ethtool -i <interface name>

Example Output:

Install the latest drivers for the NIC

The script below can print all the Ethernet information followed by the Drivers version and the SRIO VF names.

SRIO VF names

Sample output from below script

#!/bin/bash

# Copy this script to a .sh file and execute

echo "Listing all the PCI NIC Interfaces "

echo --------------------------------------------------------

lspci | grep -i eth

 

 

NIC_DIR="/sys/class/net"

for i in $( ls $NIC_DIR) ;

do

        if [ -d "${NIC_DIR}/$i/device" -a ! -L "${NIC_DIR}/$i/device/physfn" ]; then

                declare -a VF_PCI_BDF

                declare -a VF_INTERFACE

                k=0

                for j in $( ls "${NIC_DIR}/$i/device" ) ;

                do

                        if [[ "$j" == "virtfn"* ]]; then

                                VF_PCI=$( readlink "${NIC_DIR}/$i/device/$j" | cut -d '/' -f2 )

                                VF_PCI_BDF[$k]=$VF_PCI

                                #get the interface name for the VF at this PCI Address

                                for iface in $( ls $NIC_DIR );

                                do

                                        link_dir=$( readlink ${NIC_DIR}/$iface )

                                        if [[ "$link_dir" == *"$VF_PCI"* ]]; then

                                                VF_INTERFACE[$k]=$iface

                                        fi

                                done

                                ((k++))

                        fi

                done

                NUM_VFs=${#VF_PCI_BDF[@]}

                if [[ $NUM_VFs -gt 0 ]]; then

                    echo +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    echo "Driver Versions"

                        ethtool -i $i

                    echo --------------------------------------------------------------------

                        #get the PF Device Description

                        PF_PCI=$( readlink "${NIC_DIR}/$i/device" | cut -d '/' -f4 )

                        PF_VENDOR=$( lspci -vmmks $PF_PCI | grep ^Vendor | cut -f2)

                        PF_NAME=$( lspci -vmmks $PF_PCI | grep ^Device | cut -f2).

                        echo "Virtual Functions on $PF_VENDOR $PF_NAME ($i):"

                        echo -e "PCI BDF\t\tInterface"

                        echo -e "=======\t\t========="

                        for (( l = 0; l < $NUM_VFs; l++ )) ;

                        do

                                echo -e "${VF_PCI_BDF[$l]}\t${VF_INTERFACE[$l]}"

                        done

                        unset VF_PCI_BDF

                        unset VF_INTERFACE

                        echo " "

                fi

        fi

done

References for the firmware downloads can be found in the links below

Firmware for Intel NIC

https://downloadcenter.intel.com/product/82947/Intel-Ethernet-Controller-X710-Series

Driver for Intel and Cisco NIC

https://downloadcenter.intel.com/download/24411/Intel-Network-Adapter-Driver-for-PCIe-40-Gigabit-Ethernet-Network-Connections-Under-Linux-?product=82947

Firmware for Cisco NIC

https://www.cisco.com/c/en/us/support/servers-unified-computing/ucs-c-series-rack-servers/tsd-products-support-series-home.html

2.     Verify that the Intel VT-D support is enabled on the Linux Kernel

Verify this by running the command dmesg | grep -e DMAR -e IOMMU

This should show that the IOMMU is enabled as shown in the example below

IOMMU

If the VT-D support is not enabled

Steps to Activate Intel VT-D

1)   Activate Intel VT-d in the kernel by adding the intel_iommu=on and iommu=pt parameters to the end of the GRUB_CMDLINX_LINUX line, within the quotes, in the /etc/sysconfig/grub file.

2)   Regenerate /etc/grub2.cfg by running:
grub2-mkconfig -o /etc/grub2.cfg

3)   Reboot the system to enable the changes. System is now capable of PCI device assignment.

3.     Configure SR-IOV Virtual Fucntion (VFs) on the NIC

In the step 1 if the VF is not seen in the output of the script enable using the following commands

Configure VF on the NIC

echo 1 > /sys/class/net/enp129s0f0/device/sriov_numvfs

One VF created per port for max performance

configure spoofcheck, trust mode and mac using the command below.

ip link set dev enp129s0f0 vf 0 trust on

ip link set enp129s0f0 vf 0 spoofchk off

ip link set enp129s0f0 vf 0 mac 3c:fd:fe:de:cc:bc

Verify the settings using the command below

ip link show <nic name>

 

ip link show enp129s0f0

6: enp129s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000

    link/ether 3c:fd:fe:de:01:bc brd ff:ff:ff:ff:ff:ff

    vf 0 MAC 3c:fd:fe:de:cc:bc, spoof checking off, link-state auto, trust on

4.     SR-IOV setting persistence

SR-IOV configurations comfigured in the above way are not persistent across the reboots . To fix this the above configuration can be run as a service that is auto enabled on host reboots

Step 1.      Create bash script with the commands to be persisted, for eg in /usr/bin/sriov-config Write the script in : /usb/bin/sriov-config :

#!/bin/sh

echo 1 > /sys/class/net/enp129s0f0/device/sriov_numvfs

ip link set dev enp129s0f0 vf 0 trust on

ip link set enp129s0f0 vf 0 spoofchk off

ip link set enp129s0f0 vf 0 mac 3c:fd:fe:de:cc:bc

Repeat the above for all VFs.

Step 2.      Provide execute permission for the script:

chmod 777 /usr/bin/sriov-config

Step 3.      Create the system service: Define a new systemd service to be executed at the end of boot . This service executes the bash script which has the required sriov commands, written in Step 1.

Note "ExecStart=/usr/bin/sriov-config" given below executes the script.

A new file "sriov.service" in /usr/lib/systemd/system should have the following content:

[Unit]

Description=SR-IOV configuration

After=rc-local.service

Before=getty.target

[Service]

Type=oneshot

ExecStart=/usr/bin/sriov-config

[Install]

WantedBy=multi-user.target

Step 4.      Enable and start the service using:

systemctl --now enable sriov.service

This command will start the service immediately and also ensures this service is run every time host reboots.

Refernce : SRIOV configuration for KVM is explained here:

https://www.intel.com/content/www/us/en/embedded/products/networking/xl710-sr-iov-config-guide-gbe-linux-brief.html

5.     Attaching the SR-IOV to the C9800-CL

Attaching to a New VM using command line

Add the PCI VF devices using the host device command. Using the script from step1 note the PCI BDF number and ue that to attch the devices

Attaching to a New VM using command line

VM Create and Launch

sudo virt-install   --virt-type=kvm   --name ewlc_sriov_3-18  --ram 16384  --vcpus=9     --hvm  --cdrom=/home/C9800-CL-universalk9.BLD_POLARIS_DEV_LATEST_20200318_062819-serial.iso    --network none  --host-device=pci_0000_18_06_0 --host-device=pci_0000_18_06_1 --graphics vnc  --disk path=/var/lib/libvirt/images/ewlc_sriov_3-18.qcow2,size=8,bus=virtio,format=qcow2

Verify this on the C9800 console after launching

EWLC>en

EWLC#show platform software vnic-if interface-mapping   

-------------------------------------------------------------               

 Interface Name        Driver Name         Mac Addr                

-------------------------------------------------------------               

 GigabitEthernet2       net_i40e_vf        3cfd.fede.ccbd          

 GigabitEthernet1       net_i40e_vf        3cfd.fede.ccbc          

-------------------------------------------------------------                        

Attaching to an existing VM using command line

By adding the PCI device number

Attaching to an existing VM using command line

Address domain , bus ,slot and function are derived from the PCI BDF from the script in step1

# virsh edit <VM name>

 

# virsh edit <name of virtual machine>                                                      

# virsh dump <name of virtual machine>                                                  

<domain>                                                                                   

…                                                                                           

<devices>                                                                                  

…                                                                                          

<hostdev mode='subsystem' type='pci' managed='yes'>                           

      <source>                                                                              

        <address domain='0x0000' bus='0x18' slot='0x06' function='0x0'/>

      </source>                                                                              

</hostdev>                                                                                  

…                                                                                           

</devices>                                                                                   

…                                                                                           

</domain>                                                                                   

Attaching to C9800-CL using virt-manager

In the virt manager use the Add hardware button to add the PCI host device. Navigate to the NIC card and choose the VF that needs to be attached to the VM

Attaching to C9800-CL using virt-manager

Once the PCI is added to the VM , start the VM.

Table 3.        Verified and Recommended Software versions for SR-IOV

Guest OS

NIC

Driver Version

Firmware

KVM RedHat Version 7.5

Intel x710

I40e 2.10.19.82

7.10

KVM RedHat Version 7.4

Ciscoized x710

I40e 2.10.19.82

7.0

Creating the Catalyst 9800-CL VM using the Virtual Machine Manager GUI tool

Once the Linux KVM requirement is met, the packages have been installed, and networking has been configured, download the ISO from Cisco for use with the Virtual Machine Manager (virt-manager). This GUI tool is the easiest method for deploying the virtual 9800-CL wireless controller. The following examples are based on Ubuntu/Gnome as a desktop environment.

Step 1.      Start Virtual Machine Manager and choose Create a new virtual machine. Select Local install media (ISO image) and click Forward.

Start Virtual Machine Manager

Step 2.      Browse and select the Catalyst 9800-CL ISO file.

Browse and select the Catalyst 9800-CL ISO file

Step 3.      Using the AP and client scale guide in Table 2, set the CPU and memory requirements. For example, four CPUs and 8 GB RAM are recommended for small deployments with 1000 APs and 6000 clients. Click Forward.

Using the AP and client scale guide

Step 4.      Create a disk of 8 GB (standard for all deployment sizes). Click Forward.

Create a disk of 8 GB (standard for all deployment sizes). Click Forward

Step 5.      Provide a name for the VM and select Customize configuration before install. (Note: This setting is important.) Click Forward.

Customize configuration before install

The default is a single interface at the time of VM creation. This can be used as any of the functional virtual 9800-CL interfaces, for example, the wireless management interface. However, if an additional interface (or serial port) is needed, use the Add New Virtual Hardware tool.

Step 6.      Go to Add New Virtual Hardware > Network interface. Map each of the vNICs to the target bridge interface defined in the Linux network configuration.

Virtual Hardware > Network interface

Step 7.      For each vNIC, set the Device model to virtio. Click Finish.

For each vNIC, set the Device model to virtio. Click Finish

Step 8.      A virtual serial console also exists for KVM. Simply add the virtual hardware, select Serial, Host = 127.0.0.1(local host), and the port number (user-defined), and check Use Telnet. Click Finish.

A virtual serial console also exists for KVM

Below is an example of a console using Telnet to connect to the KVM hypervisor at a user-defined port.

Telnet to connect to the KVM hypervisor

Step 9.      Next, click Begin Installation. The VM will boot and progress through the installation process.

Next, click Begin Installation

Step 10.   Progress can be monitored through the KVM VM console.

Progress can be monitored through the KVM VM console

Step 11.   Configure the wireless controller using the console CLI.

Configure the wireless controller using the console CLI

Step 12.   Open the web browser and connect to the 9800-CL WebUI using https://C9800-IP.

Open the web browser and connect to the 9800-CL

Deploying the virtual 9800-CL on the Cisco ENCS NFVIS platform

Overview of Cisco NFVIS software

Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) is Linux-based infrastructure software designed to help service providers and enterprises dynamically deploy virtualized network functions, such as a virtual router, firewall, and WAN acceleration, on a supported Cisco device. The addition of a physical device for every network function is not required; you can use automated provisioning and centralized management.

The Cisco Enterprise NFVIS solution helps you convert your critical network functions into software, making it possible to deploy network services in minutes across dispersed locations. It provides a fully integrated platform that can run on top of a diverse network of both virtual and physical devices.

The Cisco 5400 Enterprise Network Compute System (ENCS) combines routing, switching, storage, processing, and a host of other computing and networking activities into a compact 1-Rack-Unit (1RU) box. This high-performance unit achieves this goal by providing the infrastructure to deploy virtualized network functions and acting as a server that addresses processing, workload, and storage challenges.

The virtual Catalyst 9800-CL Wireless Controller for Cloud can be deployed on a Cisco ENCS NFVIS platform using an ISO file or tar.gz (download from the Cisco website).

The NFVIS software version should be higher than 3.8. If the NFVIS software version is lower than 3.8, it should be upgraded to any version higher than 3.8. To upgrade the NFVIS software, refer to the “Upgrading Cisco NFVIS” section in the following document:

https://www.cisco.com/c/en/us/td/docs/routers/nfvis/config/3-10-1/nfvis-config-guide-3-10-1.html

Scale for the virtual 9800-CL on Cisco ENCS NFVIS

The virtual Catalyst 9800-CL Wireless Controller for Cloud on the ENCS NFVIS platform supports:

     1000 access points

     10,000 wireless clients

It needs four CPUs, 8 GB of RAM, 8 GB of storage space, and 3 vNICs. (The third vNIC is for HA/SSO.)

Note:     Other sizes (medium and large) for the 9800-CL are not supported on the Cisco ENCS NFVIS platform.

Installation procedure

Log in to the WebUI of NFVIS with the username (admin) and the password that was set up.

Uploading the image on NFVIS

Follow the procedure below to upload an image to NFVIS (a screen shot highlighting the procedure described is given below for reference).

Step 1.      Select VM Life Cycle Ò Image Repository.

Step 2.      Select the Image Registration tab, click Drop Files or Click, and select the 9800-CL virtual image file for NFVIS from your local machine to be uploaded (for example, C9800-CL-universalk9.16.10.01e.tar.gz).

Step 3.      Click Start to upload the image.

After the image is uploaded, NFVIS creates respective profiles and registers the image. You can find your file listed in the Images section on the same page.

NFVIS

Creating a network

Follow the procedure below to create a network.

Step 1.      Select VM Life Cycle Ò Networking.

Select VM Life Cycle _ Networking

Step 2.      Click the + (Create) icon next to Networks & Bridges.

Click the + (Create) icon next to Networks & Bridges

Step 3.      Populate the fields with values (Network, Mode, VLAN, Bridge, and Interface).

Populate the fields with values

Note:     Create separate network interfaces for the wireless management network, service interface, and HA, and map them to separate bridge interfaces. Each bridge interface maps to a physical interface.

Example:

     A wireless management network named mgmt-intf with the Mode set to Trunk, carrying multiple VLANs, mapped to a bridge interface named mgmt-br tied to physical interface GE0-0.

     An HA network named ha-intf with the Mode set to access, mapped to a bridge interface named ha-br tied to physical interface GE0-1.

Deploying the 9800-CL virtual controller on NFVIS

Follow the procedure below to deploy the 9800-CL virtual controller on NFVIS.

Step 1.      Select VM Life Cycle Ò Deploy.

Select VM Life Cycle _ Deploy

Step 2.      From the VM Deployment window, drag and drop the controller icon to the pane below and map it to the desired networks as required. In the VM Details area, enter a name for the 9800-CL controller. Select the image and profile from the drop-down menu.

Note:     Only 1000 APs and 10,000 clients are supported.

From the VM Deployment window

Step 3.      Map the network interfaces and click Deploy.

Map the network interfaces and click Deploy

Once deployed, check the 9800-CL’s status in VM Life Cycle Ò Manage Ò VM Status.

Life Cycle _ Manage _VM Status.

Click the console symbol next to the VM name to open the console to the 9800-CL virtual controller that is deployed.

9800-CL virtual controller

At this stage, follow the procedure outlined in the earlier sections for the basic setup of the 9800-CL and DAY 0 guided workflow or detailed configuration by skipping the DAY 0 workflow. (See the sections beginning with “Configuring the Basic 9800-CL Settings.”)

To enable serial console access, issue the following command on the 9800-CL VM:

C9800_SJC_1#conf t

C9800-SJC_1(config)#platform console serial

SSH to the management interface of ENCS to access the 9800-CL console.

nfvis# show system deployments

NAME  ID  STATE   

-------------------

  vWLC  2   running 

 

nfvis# vmConsole ?

            Possible completions:

  VM name; "show system deployments" command shows list of VM names.

     nfvis# vmConsole <VM name >

Viewing VM resource allocation

Follow the procedure below to the view the VM resource allocations.

Step 1.   From NFVIS, select VM Life Cycle Ò Resource Allocation.

This opens up the VM CPU Allocation tab, which displays the overall CPU allocations.

NFVIS, select VM Life Cycle Ò Resource Allocation

Step 2.      Click the VM Memory Allocation tab. 

This tab shows the overall memory allocations.

Click the VM Memory Allocation tab

Step 3.      Click the VM Disk Allocation tab.

This tab shows the overall disk allocations.

Click the VM Disk Allocation tab

Viewing VM statistics

Follow the procedure below to the view the VM resource utilization.

Step 1.      From NFVIS, select VM Life Cycle Ò VM Monitoring.

This opens up the VM CPU Utilization tab, which displays the overall CPU utilization per VM. Click the other tabs—Memory Utilization, vNIC Utilization, and Disk Utilization—to view the utilization of the resource.

From NFVIS, select VM Life Cycle _ VM Monitoring

Appendix A: Adding a virtual serial port (optional)

Adding a virtual serial port allows an administrator to connect to the virtual wireless controller in a manner similar to accessing a physical appliance’s serial console.

Step 1.      Choose Add Hardware and select Serial Port for console access to the wireless controller.

Choose Add Hardware and select Serial Port

Step 2.      For the port type, select Connect via Network, as you will Telnet to the ESXi network address and custom port assignment.

For the port type, select Connect via Network

Step 3.      For Network Backing, select Server and enter the port URI:

telnet://<ESXi IP address>:<port>

For Network Backing, select Server and enter the port URI

Step 4.      Complete adding the serial port; you will see the new serial port displayed in the Hardware list.

Complete adding the serial port; you will see the new serial port displayed in the Hardware list

Step 5.      Select Power on after deployment to automatically power on the VM.

Select Power on after deployment to automatically power on the VM

Step 6.      Important: For the first boot after creating your VM, you need to use the vSphere client console to view and select a boot option. Options will be VGA or serial (recommended).

For the first boot after creating your VM

 

Options will be VGA or serial

Step 7.      Select vWLC Serial Console. This will be a one-time action.

Select vWLC Serial Console

Step 8.      If you selected vWLC Virtual (VGA) Console, to enable the serial console, enter the command within the VI Client console. For example:

C9800>enable

C9800#config terminal

C9800(config)#platform console serial

The mode will be available on the next reload.

If you selected vWLC Virtual (VGA) Console

Step 9.      Once the 9800-CL has booted with the serial console option selected (or platform serial mode enabled), connect to the console for your 9800-CL by using Telnet to your ESXi and assigned port.

Once the 9800-CL

 

paul - telnet

The following is an example configuration:

version 16.8

!

platform console serial

!

hostname C9800

!

username admin privilege 15 secret 5 $1$2W5l$ufMvehFW/3MAonJwjLODb.

!

!

interface GigabitEthernet1

 negotiation auto

 no mop enabled

 no mop sysid

!

interface Vlan1

 no ip address

 shutdown

 no mop enabled

 no mop sysid

Enabling ESXi VM serial security

By default, the ESXi (6.x) security profile does not have VM serial port mode enabled, and this mode is required for a serial console to the 9800-CL virtual machine (if configured).

Go to the ESXi server and choose Configuration > Software > Security Profile > Firewall > Properties. Enable VM serial port connected over network.

Enabling ESXi VM serial security

Appendix B: Resetting the 9800-CL to the factory default

To reset the 9800-CL instance to the factory default, you can use the following commands:

C9800-CL#wr erase

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]

[OK]

Erase of nvram: complete

Then reload the box:

C9800-CL#reload

System configuration has been modified. Save? [yes/no]: no

Type “no” at the prompt:

Reload command is being issued on Active unit, this will reload the whole stack

Proceed with reload? [confirm]

Then press Enter at the second prompt. The box will reload and come up with the default configuration.

If the 9800-CL was configured via ESXi vCenter, there is a configuration bootstrap that will always get applied, so “wr erase” and “reload” will not bring the box to the default configuration. In this case you can change the configuration register and configure the 9800-CL to ignore the configuration at startup. By default, the configuration register is set to 0x2102. This needs to be changed to 0x2142 as explained here: https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/50421-config-register-use.html.

In configuration mode, enter the following command:

C9800-CL(config)#config-register 0x2142

Verify via the “show ver” command that the register will change at the next reload:

C9800-CL#show ver

[snip]

Configuration register is 0x2102 (will be 0x2142 at next reload)

Proceed with the reload and type “no” if prompted to change the configuration:

C9800-CL#reload

System configuration has been modified. Save? [yes/no]: no

Reload command is being issued on Active unit, this will reload the whole stack

Proceed with reload? [confirm]

The box will come up with the default configuration.

Note:     Remember to change the configuration register back to 0x2102 so that next time you reboot, the box will read the saved configuration.

Appendix C: 9800-CL CLI reference

C9800#show platform software vnic-if interface-mapping

-------------------------------------------------------------

 Interface Name        Driver Name         Mac Addr

-------------------------------------------------------------

 GigabitEthernet1       net_vmxnet3        0050.5693.1d6e

 

 

C9800 #show int gig 1

GigabitEthernet1 is up, line protocol is up

 Hardware is CSR vNIC, address is 0050.5693.1d6e (bia 0050.5693.1d6e)

 

C9800 #show ip int brief

Interface              IP-Address      OK? Method Status                Protocol

GigabitEthernet1       unassigned      YES unset  up                    up     

Capwap1                unassigned      YES unset  up                    up     

Capwap2                unassigned      YES unset  up                    up     

Capwap3                unassigned      YES unset  up                    up     

Vlan1                  unassigned      YES NVRAM  administratively down down   

Vlan10                 10.10.1.2       YES NVRAM  up                    up     

Vlan118                172.20.228.41   YES NVRAM  up                    up     

Deploying to ESXi 6.5 – OVF command reference

Through VCenter 6.5

usr/bin/ovftool --acceptAllEulas --X:injectOvfEnv --overwrite --powerOn -ds="datastore1" -dm=thin --deploymentOption="4CPU-8GB " -n="<ewlc_vm_name>" --net:"GigabitEthernet1"="<network name>" --net:"GigabitEthernet2"="<network name>" --net:"GigabitEthernet3"="<network name>" --prop:com.cisco.vwlc.hostname.1="<hostname>" --prop:com.cisco.vwlc.login-username.1="<username>" --prop:com.cisco.vwlc.login-password.1="<password>" --prop:com.cisco.vwlc.privilege-password.1="<privileged_password>"   ./<path to ovafile>  <vcenter_username>:<vcenter_password>@<vcenter_server_ip>?ip=<vhost_server_ip>

Example

usr/bin/ovftool --acceptAllEulas --X:injectOvfEnv --overwrite --powerOn -ds="datastore1" -dm=thin --deploymentOption="4CPU-8GB" -n="ewlc_single_cli" --net:"GigabitEthernet1"="Dummy" --net:"GigabitEthernet2"="Dummy" --net:"GigabitEthernet3"="Dummy" --prop:com.cisco.vwlc.hostname.1="ewlc_single_cli-host" --prop:com.cisco.vwlc.login-username.1="cisco" --prop:com.cisco.vwlc.login-password.1="cisco" --prop:com.cisco.vwlc.privilege-password.1="cisco" ./wlc9500C-universalk9.2018-10-04_17.22_subgadam-vga.ova vi://administrator@vsphere.local:Cisco@123@10.105.203.182?ip=10.104.170.96

Deploying directly in vhost

usr/bin/ovftool --acceptAllEulas --X:injectOvfEnv --overwrite --powerOn -ds="datastore1" -dm=thin --deploymentOption="" -n="<ewlc_vm_name>" --net:"GigabitEthernet1"="<network name>" --net:"GigabitEthernet2"="<network name>" --net:"GigabitEthernet3"="<network name>" --prop:com.cisco.vwlc.hostname.1="<hostname>" --prop:com.cisco.vwlc.login-username.1="<username>" --prop:com.cisco.vwlc.login-password.1="<password>" --prop:com.cisco.vwlc.privilege-password.1="<privileged_password>"  ./<path to ova file>  <vhost_username>:<vhost_password>@<vhost_server_ip>

 

 usr/bin/ovftool --acceptAllEulas --X:injectOvfEnv --overwrite --powerOn -ds="datastore1" -dm=thin --deploymentOption="4CPU-8GB" -n="ewlc_single_cli" --net:"GigabitEthernet1"="Dummy" --net:"GigabitEthernet2"="Dummy" --net:"GigabitEthernet3"="Dummy" --prop:com.cisco.vwlc.hostname.1="ewlc_single_cli-host" --prop:com.cisco.vwlc.login-username.1="cisco" --prop:com.cisco.vwlc.login-password.1="cisco" --prop:com.cisco.vwlc.privilege-password.1="cisco" ./wlc9500C-universalk9.2018-10-04_17.22_subgadam-vga.ova vi://root:Cisco@123@10.104.170.96

NFVIS

 

NFVIS

 

 

 

Learn more