Release Notes for Cisco Catalyst Center, Release 2.3.7.x
This document describes the features, limitations, and bugs for Catalyst Center, Release 2.3.7.x.
![]() Note |
|
Change history
This table lists changes to this document since its initial release.
Date | Change | Location | ||
---|---|---|---|---|
2025-08-28 |
Added the list of packages in 2.3.7.10. |
|||
Added the resolved bugs for 2.3.7.10. |
||||
Added the open bugs for 2.3.7.10. |
||||
2025-08-13 |
Noted that Cisco User-Defined Network (UDN) workflows are no longer supported. |
|||
2025-07-21 |
Noted general availability of the 2.3.7.9.70301.10 software maintenance update for Catalyst Center 2.3.7.9. |
|||
2025-06-12 |
Added a limitation about Wi-Fi 7 APs that don't meet license requirements. |
|||
Added information about the 2.3.7.9.70301.10 software maintenance update. |
||||
2025-06-05 |
Indicated that 2.3.7.9 is the current recommended release. |
|||
2025-04-29 |
For wireless QoS policies, added a limitation of three applications per traffic class. |
|||
2025-04-21 |
Updated the supported Cisco Integrated Management Controller (Cisco IMC) versions. |
|||
2025-04-11 |
Added a wireless limitation about an internal error for Cisco AireOS Wireless Controllers with associated APs. |
|||
Added a guideline about integrating Catalyst Center with Cisco ISE 3.3 Patch 2 or later. |
||||
2025-03-27 |
Added CSCwn25172 to the Catalyst Center 2.3.7.7-70047-CSCwn89323.SMU Software Maintenance Update's resolved bugs table. |
|||
2025-03-24 |
Added a wireless limitation about the out-of-band configurations for Cisco Catalyst 9800 Series Wireless Controllers. |
|||
2025-03-01 |
Added information about the 2.3.7.7-70047-CSCwn89323.SMU. |
|||
2025-02-26 |
Added the list of packages in 2.3.7.9. |
|||
Added the resolved bugs for 2.3.7.9. |
||||
Added the open bugs for 2.3.7.9. |
||||
Added information that the IOS CLI generation in configuration preview is supported for Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.15.1 or later for 2.3.7.6. |
||||
2024-12-20 |
Added information about potential impact to existing wireless configurations after upgrading to 2.3.7.6 and 2.3.7.7. |
|||
2024-12-19 |
Added information about the single tenancy guidelines. |
|||
2024-11-18 |
Added the list of packages in 2.3.7.7. |
|||
Added the resolved bugs for 2.3.7.7. |
||||
2024-10-21 |
Added the wireless fabric configuration guidelines. |
Guidelines and limitations | ||
2024-10-16 |
Clarified the definition of RMA support. |
|||
2024-08-23 |
Added information about enhancements to WLAN profile name or policy profile name usage for SSIDs with site-level overrides for 2.3.7.5. |
|||
2024-08-13 |
Added a CMX prerequisite: To avoid interruption of service between Catalyst Center and CMX, you must configure the CMX SSL/TLS certificates and import the CMX certificate to Catalyst Center Trusted Certificates before upgrading to Catalyst Center 2.3.7.x.
|
|||
2024-08-02 |
Added the list of packages in 2.3.7.6. |
|||
Added the resolved bugs for 2.3.7.6. |
||||
Added the open bugs for 2.3.7.6. |
||||
2024-04-15 |
Updated the list of packages in 2.3.7.5. |
|||
2024-04-08 |
Added the list of packages in 2.3.7.5. |
|||
Added the resolved bugs for 2.3.7.5. |
||||
Added the open bugs for 2.3.7.5. |
||||
Added information about enhancements to VLAN ID configuration for wireless interfaces in 2.3.7.4. |
||||
Added information about AI-Enhanced RRM guidelines for scale provisioning for 2.3.7.4. |
||||
2024-01-09 |
Added that Catalyst Center supports CISCOAES192 and CISCOAES256 encryption for SNMPv3 configuration. If you add devices with AES192 or AES256 encryption to Catalyst Center, Assurance data is collected for those devices. |
|||
Added a limitation about provisioning wireless devices that are tagged with the INV_EVENT_SYNC_DISABLED tag. |
||||
2023-12-20 |
Initial release. |
— |
Upgrade to the latest Catalyst Center release
For information about upgrading your current release of Catalyst Center, see the Cisco Catalyst Center Upgrade Guide.
As part of our operational simplification strategy for our products, Cisco provides a single general availability release that is patched and up to date. Earlier releases of Catalyst Center within the release train are available upon request to Cisco TAC.
Before you upgrade, use the Validation Tool to perform an appliance health and upgrade readiness check for Catalyst Center. Choose the Appliance Infrastructure Status and Upgrade Readiness Status validation sets for running preupgrade checks. For more information, see "Use the Validation Tool" in the "Configure System Settings" chapter of the Cisco Catalyst Center Administrator Guide.
Package versions in Catalyst Center
To download Catalyst Center software, go to https://software.cisco.com/download/home/286316341/type.
Package name | Release 2.3.7.10 | Release 2.3.7.9 | Release 2.3.7.7 | Release 2.3.7.6 | Release 2.3.7.5 | Release 2.3.7.4 | ||
---|---|---|---|---|---|---|---|---|
Release Build Version |
||||||||
Release Version |
2.3.7.10.70209 |
2.3.7.9.70301.10 |
2.3.7.9.70301 |
2.3.7.7-70047-CSCwn89323.SMU |
2.3.7.7.70047 |
2.3.7.6.70319 |
2.3.7.5.70434 |
2.3.7.4.70424 |
System Updates | ||||||||
System |
1.8.594 |
1.8.409 |
1.8.232 |
1.8.222 |
1.8.114 |
1.7.1105 |
||
System Commons |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
Package Updates |
||||||||
Access Control Application |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
AI Endpoint Analytics |
1.11.1426 |
1.11.1325 |
1.11.1185 |
1.11.1180 |
1.11.1166 |
1.11.938 |
1.11.726 |
|
AI Network Analytics |
3.3.67.47 |
3.3.59.23 |
3.3.58.21 |
3.1.41.389 |
3.1.41.389 |
3.1.39.362 |
3.1.30.335 |
|
Application Hosting |
2.3.22507290119 |
2.3.22412090506 |
2.3.12406270628 |
2.3.12406270628 |
2.3.12402020457 |
2.3.12311300818 |
||
Application Policy |
2.1.723.117625 |
2.1.722.118005 |
2.1.722.117743 |
2.1.720.117227 |
2.1.718.117586 |
2.1.715.117447 |
2.1.714.117457 |
|
Application Registry |
2.1.723.117625 |
2.1.722.118005 |
2.1.722.117743 |
2.1.720.117227 |
2.1.718.117586 |
2.1.715.117447 |
2.1.714.117457 |
|
Application Visibility Service |
2.1.723.117625 |
2.1.722.118005 |
2.1.722.117743 |
2.1.720.117227 |
2.1.718.117586 |
2.1.715.117447 |
2.1.714.117457 |
|
Application and Service Remediation |
1.3.1007 |
1.2.1009 |
1.1.32 |
1.1.30 |
1.1.27 |
- |
- |
|
Assurance - Base |
2.3.7.10144 |
2.3.7.9228 |
2.3.7.9226 |
2.3.7.7006 |
2.3.7.7004 |
2.3.7.6236 |
2.3.7.5165 |
2.3.7.4138 |
Assurance - Sensor |
2.3.7.10127 |
2.3.7.9229 |
2.3.7.9163 |
2.3.7.7003 |
2.3.7.6206 |
2.3.7.5122 |
2.3.7.4139 |
|
Automation - Base |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
Automation - Intelligent Capture |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
|
Automation - Sensor |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
|
Catalyst Center API Catalog |
1.17.74.0 |
1.16.101.0 |
1.16.95.0 |
1.15.69 |
1.15.69 |
— |
— |
|
Catalyst Center Docs |
2.1.723.60765 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
||
Catalyst Center Global Search |
1.17.1.8 |
1.16.1.8 |
1.15.1.12 |
1.15.1.12 |
1.14.1.22 |
1.13.1.7 |
||
Catalyst Center Platform |
1.17.84.0 |
1.16.69.0 |
1.15.105.0 |
1.15.96.0 |
1.15.74.0 |
1.14.160.64 |
1.13.247.0 |
|
Catalyst Center UI |
1.7.9.44 |
1.7.8.233 |
1.7.7.71 |
1.7.7.70 |
1.7.6.210 |
1.7.6.128 |
||
Cisco Identity Services Engine Bridge |
2.1.723.12 |
2.1.719.25 |
2.1.716.90701 |
2.1.716.90701 |
2.1.716.90701 |
2.1.715.90510 |
2.1.714.90200 |
|
Cisco Umbrella |
2.1.723.590245 |
2.1.722.590272 |
2.1.720.590098 |
2.1.718.590198 |
2.1.715.590202 |
2.1.714.590189 |
||
Cloud Connectivity - Contextual Content |
2.13.1.22 |
2.12.1.12 |
2.11.2.542 |
2.11.2.542 |
2.10.1.425 |
2.9.1.424 |
||
Cloud Connectivity - Data Hub |
1.17.44 |
1.16.31 |
1.15.57 |
1.15.57 |
1.14.20 |
1.13.29 |
||
Cloud Connectivity - Tethering |
2.38.1.52 |
2.37.1.22 |
2.36.1.47 |
2.36.1.47 |
2.35.1.17 |
2.34.1.30 |
||
Cloud Device Provisioning Application |
2.1.723.60765 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
||
Command Runner |
2.1.723.60765 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
||
Device Onboarding |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
|
Disaster Recovery |
2.1.723.360038 |
2.1.722.360077 |
2.1.720.360029 |
2.1.718.360137 |
2.1.715.360110 |
2.1.714.360086 |
||
Disaster Recovery—Witness Site |
2.1.723.370014 |
2.1.722.370030 |
2.1.720.370005 |
2.1.718.370029 |
2.1.715.370026 |
2.1.714.370028 |
||
Group-Based Policy Analytics |
2.3.10.15 |
2.3.9.139 |
2.3.7.140 |
2.3.7.99 |
2.3.7.43 |
2.3.7.23 |
||
Image Management |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
Machine Reasoning |
2.1.723.210261 |
2.1.722.210276 |
2.1.720.210013 |
2.1.718.210221 |
2.1.715.210132 |
2.1.714.210081 |
||
NCP - Base |
2.1.723.60765 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
||
NCP - Services |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
|
Network Controller Platform |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
Network Data Platform - Base Analytics |
2.3.7.1000210 |
2.3.7.950209 |
2.3.7.750156 |
2.3.7.750049 |
2.3.7.60144 |
2.3.7.50173 |
2.3.7.40097 |
|
Network Data Platform - Core |
1.9.7029 |
1.9.6073 |
1.9.5055 |
1.9.5045 |
1.9.4202 |
1.9.4068 |
||
Network Data Platform - Manager |
1.9.7001 |
1.9.6004 |
1.9.5001 |
1.9.5001 |
1.9.4202 |
1.9.4006 |
||
Network Experience Platform - Core |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
|
Path Trace |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
RBAC Extensions |
2.1.723.1900004 |
2.1.722.1900010 |
2.1.720.1900009 |
2.1.718.1900012 |
2.1.715.1900005 |
2.1.714.1900008 |
||
Rogue and aWIPS |
2.9.0.1005 |
2.9.0.811 |
2.9.0.808 |
2.9.0.654 |
2.9.0.653 |
2.9.0.609 |
2.9.0.404 |
2.9.0.207 |
SD-Access |
2.1.723.60765 |
2.1.722.61167 |
2.1.722.60901 |
2.1.720.61514 |
2.1.720.60128 |
2.1.718.60779 |
2.1.715.60719 |
2.1.714.60631 |
Stealthwatch Security Analytics |
2.1.723.1090234 |
2.1.722.1090265 |
2.1.720.1090100 |
2.1.718.1090204 |
2.1.715.1090255 |
2.1.714.1090194 |
||
Support Services |
2.1.723.880024 |
2.1.720.880010 |
2.1.720.880010 |
2.1.718.880020 |
2.1.715.880018 |
2.1.714.880008 |
||
System Remediation |
1.5.0 |
1.4.1 |
1.4.0 |
1.4.0 |
1.3.0 |
1.2.1 |
||
Wide Area Bonjour |
2.4.723.75222 |
2.4.722.75251 |
2.4.718.75196 |
2.4.718.75196 |
2.4.715.75176 |
2.4.714.75197 |
New and changed information
New and changed features in Catalyst Center
Feature | Description |
---|---|
Install applications in bulk using CSV |
Catalyst Center enables bulk installation of applications on multiple APs. |
File share support |
Catalyst Center supports the setup of NFS, Microsoft Windows, and HTTP-based file shares. In the Cisco Catalyst Center Administrator Guide, Release 2.3.7.x, see the "Set up a file share" section. |
Feature | Description |
---|---|
Requirement to Reauthenticate Cisco.com and Smart Account Credentials After Upgrade |
After you upgrade to Catalyst Center 2.3.7.9, you must reauthenticate your Cisco.com credentials (under ). To add a new user or change to a different user, you must open a private or incognito browser window (to avoid using previously cached credentials). To change the user, you must delete that user. Then, open a private or incognito browser window, click Add, and add the user. Then, under Add, enter the email address that's tied to your Cisco.com account. , link your Smart Account user and your Smart Account name to your Smart Licensing account. To add a Smart Account user, use a private or incognito browser window (to avoid using previously cached credentials). After you clickIf this Smart Account user now appears in both the Smart Account Credentials section and the Expired Smart Accounts section, you must delete it from the Expired Smart Accounts section. |
Default Password Change in 2.3.7.9 |
The password must contain a minimum of nine characters. Starting in 2.3.7.9, the default password for the Catalyst Center physical appliance changes to P@ssword9. In 2.3.7.7 and earlier, the default password for the physical appliance is maglev1@3. For the Catalyst Center virtual appliance 2.3.7.9 and earlier, the default password is maglev1@3. |
Support of Mixed HA Clusters |
Catalyst Center 2.3.7.9 adds support for mixed three-node clusters that have HA enabled. A mixed cluster consists of both second- and third-generation Catalyst Center appliances. For more information, see the "Supported Appliances" topic in the Cisco Catalyst Center High Availability Guide. |
Enhancements to Wireless Maps to Support MLO Clients |
Wireless maps include these enhancements to support multilink operation (MLO) clients:
|
Enhancements to Wireless Maps to Support CNS Licenses |
Wireless maps include these enhancements to support the CNS licenses:
|
Enhancements to Wireless Maps GUI |
Catalyst Center enhances user experience in the window by adding Wi-Fi Band attribute in the hover-over menu, and details slide-in pane for Access Points. |
Parallel Redundancy Protocol |
The Parallel Redundancy Protocol (PRP) provides high availability in Ethernet networks. This technology suits a variety of critical infrastructure and heavy industries that require continuous, high availability operation. |
Feature | Description | ||
---|---|---|---|
12-Hour or 24-Hour Clock Format |
You can set a 12-hour or 24-hour display format for time across the GUI. |
||
Auto Locate APs on a Floor Map |
Using the Auto Locate Access Points feature, you can automatically position and locate APs on a floor map.
|
||
Collect Root Cause Analysis (RCA) Data of Provisioning Failure |
The Support Bundle enables you to collect the RCA of provisioning failure and upload the RCA file to a Cisco TAC service request. |
||
Consent to Connect Update for Advanced Features |
Catalyst Center has updated the Consent to Connect for Advanced Features. For details, see the Cisco Catalyst Center Privacy Data Sheet and Cisco Catalyst Center Telemetry White Paper. To review your current settings, choose . |
||
Compliance Support for Out-of-Band Configuration Changes |
Catalyst Center allows you to view the details of an out-of-band configuration change. The details include username, IP address, terminal name of the user, configuration method used, and the event of the configuration change. |
||
Enhancements to Enable Application Telemetry Workflow |
The Enable Application Telemetry workflow now supports:
|
||
Enhancements to Remote Support Authorization |
You can now create a remote support authorization without the SSH credentials and assign access roles for the Cisco specialists. |
||
Forced Inventory Sync Now Includes a Two-Hour Timeout |
In case of provisioning failure, configuration changes on the device and database changes in the inventory are rolled back. If these rollback operations fail, a forced inventory sync is attempted by an error handler in the provisioning stack. The duration of the inventory sync depends on the size of the configuration on the device and whether there are other devices in the queue for inventory sync. In earlier releases, inventory sync could take hours to complete, leaving users without feedback on the provisioning operation. The forced inventory sync by the error handler now includes a two-hour timeout. As a rule of thumb, if a provisioning operation is reported as failed after two hours, you should perform a manual inventory sync from the Inventory window before starting another provisioning operation. |
||
Media Redundancy Protocol (MRP) Ring |
Catalyst Center supports MRP ring for Cisco Industrial Ethernet (IE) 3000, 4000, 5000 Series Switches. MRP provides fast convergence in a ring network topology for Industrial Automation networks. |
||
Switch Refresh Workflow |
Catalyst Center supports refresh of Cisco Switches. Switch Refresh workflow allows you to replace an old switch with a new switch. Currently switch refresh is available for Cisco Catalyst 3650 and Cisco Catalyst 3850 Switches running on Cisco IOS XE. |
||
View Device Certificate Status |
You can now view the device certificate status on the Catalyst Center home window, Device Certificate Issues tile. The detailed view is displayed on window, under the Certificate Status column. |
Feature | Description | ||
---|---|---|---|
Enhancements to Configuring Global Device Credentials |
On the Device Credentials window, you can now only assign and unassign device credentials to and from sites. On the Manage Credentials slide-in pane, you can manage your device credentials using the Focus drop-down list. Depending on which focus you choose (Current site or System), you can perform specific actions. |
||
Enhancements to Device Onboarding and the Discovery Workflow |
The Add Device option in the Catalyst Center Inventory is enhanced to include options for adding both new and existing devices. The discovery workflow includes enhancements, such as:
|
||
Enhancement to Device Resynchronization |
Prior to this release, restarting the inventory service would trigger resynchronization for all devices in the inventory. With this release, device resynchronization is triggered after the inventory service restart under these circumstances only:
|
||
Enhancements to Device Upgrade Readiness Check |
|
||
Enhancements to Disaster Recovery Witness Site Upgrade Process |
Using an SSH client, you can upgrade a disaster recovery system's witness site using the witness upgrade command. In the Cisco Catalyst Center Administrator Guide, Release 2.3.7.x, see the "Implement Disaster Recovery" chapter's "Upgrade the Current Witness Site" topic. |
||
Enhancements to LAN Automation Workflow |
The LAN automation workflow has these enhancements:
|
||
CLNS MTU Configuration Changes During LAN Automation |
In Catalyst Center Release 2.3.7.5 and later, the CLNS MTU is configured to a minimum value of 1492 instead of 1400 on LAN automated devices. |
||
Progress Bar Support for Network Devices Provisioning |
The Task Progress bar on window, displays the progress of the ongoing provisioning task for your network devices. |
||
Support for the Workflow Progression View in Visibility- and Control-Enabled Provisioning Workflows |
If a visibility- and control-enabled provisioning workflow supports the workflow progression view, the Preparing Devices and Configuration Models window displays the steps the system takes to prepare a listed device. |
||
Support for Third-Generation Catalyst Center Appliances |
Catalyst Center supports these third-generation appliances, which are based on the Cisco UCS C220 and C240 M6 servers:
For more information, see the Cisco Catalyst Center Third-Generation Appliance Installation Guide, Release 2.3.7.x. |
||
Support for Viewing and Editing Layer 2 Configurations of a Device |
You can view and edit the Layer 2 configurations of a device in the Catalyst Center inventory.
|
||
Third-Party Devices Support |
Catalyst Center allows third-party devices to populate SNMP MIB-II values. |
||
Weak Crypto Check |
To ensure a secure network connection Catalyst Center does a weak crypto check to evaluate the device configuration, and blocks the device provisioning/upgrade/site assignment for devices that are configured only with MD5 authentication for SNMP credentials. This is applicable only for devices with software image version or golden tagged image version 17.14.1 and later. |
Feature | Description | ||
---|---|---|---|
Name Change to Catalyst Center |
As part of our vision to converge our products around an integrated platform, we are changing the name of Cisco DNA Center to Catalyst Center in this release. The capability and functionality of Catalyst Center remains the same as Cisco DNA Center. This name change is part of our simplified branding for the Catalyst Center Stack. Cisco is now connecting the power and flexibility of the Catalyst brand across the entire enterprise networking stack with Catalyst Center (formerly Cisco DNA Center), Catalyst Software and Licensing (formerly Cisco DNA Software and Licensing), Catalyst Wireless, Catalyst Switching, Catalyst Routing, and Catalyst SD-WAN (formerly Cisco SD-WAN or Viptela SD-WAN). |
||
Enhancements to the Catalyst Center Home Page |
The Catalyst Center home page displays a new welcome message and displays license and release banner messages relevant to Catalyst Center. The Tools area is removed and is accessible from the menu in the top-left corner. |
||
Enhancements to the Menus |
To streamline workflows and standard nomenclature, we changed several menu option names, moved several submenu options, and added a secondary launch point for Interactive Help. The menu option changes include:
|
||
Enhancements to the Configure AI-Enhanced RRM Workflow |
You can configure an AI-enabled radio frequency profile without device provisioning. |
||
Device Compliance and Pending Operation Prechecks for a Seamless Deployment |
To ensure a seamless deployment, Catalyst Center does a set of prechecks to ensure that any pending operations that conflict with the current task and any device compliance issues are addressed. |
||
Log Collection for a Device |
When a resync is done for a specific device, the debug log is enabled automatically for that device, and XDE and device pack logs are collected. |
||
Updating the KGV Bundle |
You can request a new KGV download workflow by clearing all the stale and suspended integrity verification (IV) workflows, if there are any. |
||
Usability Enhancements to Previewing Configurations in Visibility- and Control-Enabled Workflows |
When previewing configurations in a visibility- and control-enabled workflow, you can display the device configurations in a side-by-side comparison view.
|
||
Usability Enhancements to Support Service |
Support Service has these enhancements:
|
||
Visibility and Control of AI RF Profile Configurations |
With the Visibility and Control of Configurations feature, you can preview AI RF profile configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them. |
New and changed features in Cisco Catalyst Assurance
Feature | Description |
---|---|
AFC support for 6-GHz radio frequency in AP 360 |
In the AP 360 window, under the tab, Radio 2 (6-GHz band) includes support for Automated Frequency Coordination (AFC). This feature helps to reduce interference between APs and other devices operating on 6-GHz radio frequency, and enables the use of Standard Power AP operations. |
Feature | Description |
---|---|
Enhancements to the AI-Enhanced RRM Dashboard to Support CNS Licenses |
Wi-Fi 7 APs use the CNS licenses. If there are any Wi-Fi 7 APs that don't meet the license requirements, the Summary dashlet displays the number of these APs for the 5-GHz and 6-GHz bands that aren’t operational. You can click the corresponding hyperlink to view a dialog box with the details. |
Wi-Fi 7 Capability Support in Client Health Dashboard |
With this release, Wi-Fi 7 capability support is added to Client 360. Multiple Link Operational (MLO) capable clients can now simultaneously establish connections to different combinations of 2.4-GHz, 5-GHz, or 6-GHz bands. |
Feature | Description |
---|---|
6-GHz Radio Band Support |
6-GHz radio band support is added to the Peer Comparison dashboard. |
Enhancements to the Power Distribution Dashlet in the AI-Enhanced RRM Dashboard |
In the Power Distribution dashlet of the AI-Enhanced RRM dashboard, the Filter drop-down list is now available for all the radio bands. Using this option, you can view the data based on Power Level or Power dBm. |
Enhancement to Error Messages |
The error messages displayed across the Catalyst Center application now include a request ID, which helps the TAC team correlate and track the back-end service error logs. |
Feature | Description |
---|---|
Cisco TrustSec Environment Data Download Status |
With this release, the Cisco TrustSec environment data download status issue support is extended to EVPN fabric deployments. |
Enhancement to Deploying and Undeploying Sensor-Driven Test Templates |
When you deploy or undeploy an IP Service-Level Agreement (SLA) performance test as a part of a sensor-driven test template, Catalyst Center asks if you want to configure the relevant commands on the wireless controllers to enable or disable IP SLA, so the sensors do or do not run the tests against the APs. |
Enhancements to Intelligent Capture Settings |
In , the enhancements include:
|
Support of Visibility and Control of Wireless Device Configurations for Intelligent Capture |
With Intelligent Capture support for the Visibility and Control of Configurations feature, you can preview AP and wireless controller configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them. |
Telemetry Status in SD-Access Health Dashboard |
In the SD-Access Health dashboard, you can view the Telemetry Status of fabric sites, transits, and virtual networks. You can also troubleshoot the root cause and auto recovery for the missing telemetry data for the network devices. |
Troubleshoot Telemetry Data for Wired Devices Using MRE Checks |
Using MRE checks, you can troubleshoot the root cause of missing telemetry data for switches and routers. The MRE check includes:
MRE availability checks if it’s possible to automatically correct and resolve any certificate issues that are causing availability problems for network devices. MRE for Time Drift issue: If an excessive time drift occurs between Catalyst Center and the network device and that time drift is resolved manually by configuring the NTP, during the next synchronization cycle, the excessive time drift issue is resolved automatically. |
Feature | Description | ||
---|---|---|---|
Assurance EVPN Support |
With this release, Assurance supports EVPN fabric deployments. These issues are added:
|
||
Assurance Issues |
With this release, a new Assurance telemetry status is poor issue is added to Router, Core, Distribution, and Access issues, Controller, Wired Client, Wireless Client under the System category. This issue is triggered when the telemetry status of the network device or client is poor. The issue is automatically resolved when the telemetry status is good. |
||
SNMPv3 Support for AES192 and AES256 Encryption |
With this release, Catalyst Center supports CISCOAES192 and CISCOAES256 encryption for SNMPv3 configuration. If you add devices with AES192 or AES256 encryption to Catalyst Center, Assurance data is collected for those devices. |
||
Support for Visibility and Control of RF Configurations in the AI-Enhanced RRM Control Center |
With the Visibility and Control of Configurations feature, you can preview RF configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them. In the AI-Enhanced Radio Resource Management (RRM) Control Center, the AI RF Profile Simulator and Insights support the Visibility and Control of Configurations feature. |
||
Telemetry Status in Assurance Health Dashboards |
In the Assurance Network and Client Health dashboards, you can view the Telemetry Status of the devices and clients in your network. |
New and changed features in Catalyst Center platform
For detailed information about the APIs, see the Cisco Catalyst Center APIs on Cisco DevNet.
Feature | Description | |
---|---|---|
API Operations |
Catalyst Center platform supports new enhancements in API operations. For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide. For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet. |
Feature | Description | |
---|---|---|
API Operations |
Catalyst Center platform supports new API operations. For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide. For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet. |
|
New Events |
||
License Management Event |
Catalyst Center Platform supports the following new License Management event: LIC-PRODUCT-REG: This event notification is generated during Product License Registration. |
|
System Internal Event |
Catalyst Center Platform supports the following new System Internal event: SYSTEM-INTERNAL-CERTIFICATE: This event will be published during the certificate health check and certificate refresh workflow. It is intended only for human visual consumption, with the contents subject to change at any time. If this event occurs, please contact the TAC team for remediation. |
|
New Report Template |
||
Inventory Report |
This Catalyst Center Platform release supports a new Inventory report template called All Data Version 2.0. This new all data view provides detailed information about network devices, distribution of devices over time, device count by site, device count by device type, device count by software version and device count by fabric role, more efficiently. For more information, see “Run an Inventory Report” in the Cisco Catalyst Center Platform User Guide. |
Feature | Description |
---|---|
API Operations |
Catalyst Center platform supports new API operations. For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide. For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet. |
New Events |
|
System Notification Event |
Catalyst Center platform supports the following new System Notification event: CERTIFICATE_AUTHORITY_STATUS: This notification event is generated when the Certificate Authority is close to expiring or expired. |
Introduction of v2 System Notification Events |
With this release, the existing System Notification events are deprecated and new v2 events are introduced. To edit your event subscriptions, see the following table, "New and Deprecated System Notification Events in Catalyst Center Platform, Release 2.3.7.6." |
Deprecated event ID |
New event ID |
Deprecated event name |
New event name |
Deprecated domain |
New domain |
Deprecated subdomain |
New subdomain |
Event description |
---|---|---|---|---|---|---|---|---|
SYSTEM-BACKUP |
SYSTEM-BACKUP-v2 |
System Backup |
System Backup v2 |
Cisco DNA Center System |
System |
Backup |
System Backup |
The event is generated on failure during backup operation. |
SYSTEM-RESTORE |
SYSTEM-RESTORE-v2 |
System Restore |
System Restore v2 |
Cisco DNA Center System |
System |
Restore |
System Restore |
The event is generated on failure during restore operation. |
SYSTEM-SOFTWARE-UPGRADE |
SYSTEM-SOFTWARE-UPGRADE-v2 |
System Software Upgrade |
System Software Upgrade v2 |
Cisco DNA Center System |
System |
Software Upgrade |
System Software Upgrade |
The event is generated on failure during software upgrade operation. |
SYSTEM-DISASTER-RECOVERY |
SYSTEM-DISASTER-RECOVERY-v2 |
Disaster Recovery health status |
Disaster Recovery health status v2 |
Cisco DNA Center Appliance |
System |
Disaster Recovery |
Disaster Recovery |
This event publishes notifications to any subscriber, when the state of disaster recovery changes. |
SYSTEM-EXTERNAL-CMX |
SYSTEM-EXTERNAL-CMX-v2 |
CMX connectivity failure |
CMX connectivity failure v2 |
Integrations |
External Integrations |
CMX |
CMX Connectivity |
This event publishes notifications to any subscriber, when the connectivity to CMX has failed. |
SYSTEM-EXTERNAL-IPAM |
SYSTEM-EXTERNAL-IPAM-v2 |
External IPAM provider connectivity failure |
External IPAM provider connectivity failure v2 |
Integrations |
External Integrations |
IPAM Integration |
IPAM Integration |
This event publishes notifications to any subscriber, when the connectivity to the External IPAM provider has failed. |
SYSTEM-EXTERNAL-ISE-AAA-TRUST |
SYSTEM-EXTERNAL-ISE-AAA-TRUST-v2 |
ISE AAA trust establishment failure |
ISE AAA trust establishment failure v2 |
Integrations |
External Integrations |
ISE |
Cisco ISE AAA Trust Establishment |
This event publishes notifications to any subscriber, when the ISE AAA Trust Establishment has failed. |
SYSTEM-EXTERNAL-ISE-PAN-ERS |
SYSTEM-EXTERNAL-ISE-PAN-ERS-v2 |
ISE PAN ERS connectivity failure |
ISE PAN ERS connectivity failure v2 |
Connectivity |
External Integrations |
ISE |
Cisco ISE PAN ERS Connectivity |
This event publishes notifications to any subscriber, when the connectivity to the ISE Primary and Secondary PAN ERS has failed. |
SYSTEM-EXTERNAL-ISE-PXGRID |
SYSTEM-EXTERNAL-ISE-PXGRID-v2 |
ISE PxGrid health state change notification |
ISE PxGrid health state change notification v2 |
Integrations |
External Integrations |
PxGrid |
Cisco pxGrid |
This event publishes notifications to any subscriber, when the connectivity to the ISE Primary and Secondary PAN ERS has failed. |
SYSTEM-EXTERNAL-ITSM |
SYSTEM-EXTERNAL-ITSM-v2 |
External ITSM provider connectivity failure |
External ITSM provider connectivity failure v2 |
Integrations |
External Integrations |
ITSM Integration |
ITSM Integration |
This event publishes notifications to any subscriber, when the connectivity to the External ITSM provider has failed. |
SYSTEM-CERTIFICATE |
SYSTEM-CERTIFICATE-v2 |
System Certificate Status Notification |
Certificate Status Notification v2 |
Cisco DNA Center System |
System |
Certificate |
System Certificate |
The notification event is generated when the system certificate, built-in certificate, proxy certificate, DR certificate or a third-party trusted certificate has expired, been revoked, or will expire in less than 90 days. |
SYSTEM-NODE-CERTIFICATE |
CISCO-IMC-CERTIFICATE-v2 |
Node Certificate Status Notification |
Cisco IMC Certificate Status Notification v2 |
Cisco DNA Center System |
Appliance |
Certificate |
Cisco IMC Certificate |
The notification event is generated when the Cisco IMC certificate has expired, been revoked, or will expire in less than 90 days. |
SYSTEM-CIMC |
CISCO-IMC-v2 |
Cisco IMC Connectivity status |
Cisco IMC Connectivity status v2 |
Cisco DNA Center Appliance |
Appliance |
Node |
Cisco IMC |
This event publishes notifications to any subscriber, when the state of Cisco IMC connectivity changes. |
SYSTEM-CONFIGURATION |
CISCO-IMC-CONFIGURATION-v2 |
System Appliance Configuration Status Notification |
System Appliance Configuration Status Notification v2 |
Cisco DNA Center Appliance |
Appliance |
Hardware Configuration |
Cisco IMC Configuration |
This event publishes notifications to any subscriber, when the Cisco IMC Hardware configurations are not compliant with the Cisco Standards. |
SYSTEM-HARDWARE |
CISCO-IMC-HARDWARE-v2 |
System Hardware health status |
System Hardware health status v2 |
Cisco DNA Center Appliance |
Appliance |
Memory, CPU, PowerSupply, RAID, DISK, Networking |
Cisco IMC Hardware Health Status |
This event publishes notifications to any subscriber, when the health state of any Hardware component changes. Hardware components supported are: CPU, Memory, Disk, NIC, Fan and Power Supply, and RAID Controller. |
SYSTEM-MANAGED-SERVICES |
SYSTEM-MANAGED-SERVICES-v2 |
System managed services |
System managed services v2 |
Cisco DNA Center System |
System |
Platform Services |
System Managed Services |
The event is generated on state change of platform provided managed services. |
SYSTEM-PERFORMANCE |
SYSTEM-PERFORMANCE-v2 |
System Performance: Filesystem Utilization |
System Performance: Filesystem Utilization v2 |
Cisco DNA Center System |
System |
FileSystem |
System Performance: Filesystem Utilization |
This event is used to monitor metrics related to the filesystems (partitions). |
SYSTEM-SCALE-LIMITS |
SYSTEM-SCALE-LIMITS-v2 |
System Scale Limits |
System Scale Limits v2 |
Cisco DNA Center System |
System |
Scale Limits |
System Scale Limits |
This event is generated when there are scale limits breaches. |
SYSTEM-APPLICATION-HEALTH-v1 |
SYSTEM-APPLICATION-HEALTH-v2 |
Application Health |
Application Health v2 |
Cisco DNA Center System |
System |
Application Health |
Application Health |
The notification event is generated on health state change of applications registered for monitoring. |
CISCO-TRUSTED-CERTIFICATE-BUNDLE-v1 |
CISCO-TRUSTED-CERTIFICATE-BUNDLE-v2 |
Cisco Trusted Certificate Update Notifications |
Cisco Trusted Certificate Update Notifications v2 |
Cisco DNA Center System |
System |
Cisco Trusted Certificates |
Cisco Trusted Certificates |
The notification event is generated when a newer Cisco trusted certificate bundle is available. |
INTERNET-URL-ACCESS |
INTERNET-URL-ACCESS-v2 |
Internet URL Accessible Notifications |
Internet URL Accessible Notifications v2 |
Cisco DNA Center System |
System |
Internet Access |
Internet Access |
This notification event is generated when any of the URLs that Catalyst Center needs to be able to access (listed in the Installation Guide) are not reachable, which could impact operations. |
Feature | Description |
---|---|
API Operations |
Catalyst Center platform supports new API operations. For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide. For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet. |
New Events |
|
Assurance Events |
Catalyst Center platform supports the following new Assurance events:
|
System Notification Event |
Catalyst Center platform supports the following new System Notification event: INTERNET-URL-ACCESS: This notification event is generated when any of the URLs listed in the Installation Guide that Catalyst Center tries to access is not reachable and impacts operations. |
New Reports |
|
Audit Log Report |
This release supports a new Audit Log report type that provides detailed information about audits for a given time frame.
|
Feature | Description | ||
---|---|---|---|
API Operations |
Catalyst Center platform supports new API operations. For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide. For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet. |
||
New Events |
|||
Assurance Events |
Catalyst Center platform supports the following new Assurance events:
|
||
EVPN Events |
Catalyst Center platform supports the following new events for EVPN deployments:
|
||
System Notification Events |
Catalyst Center platform supports the following new System Notification events:
|
New and changed features in Catalyst Center automation
Feature | Description |
---|---|
Enhancements to the synchronization process for wireless controller configuration changes |
The synchronization process triggered by a wireless controller configuration change event is optimized to improve performance:
|
Enhancements to AFC integration with Standard Power Mode |
Catalyst Center supports configuring AP Geolocation Parameters through the AP configuration workflow. You can view and edit geolocation parameters for eligible APs, which are utilized for Automated Frequency Coordination (AFC). In addition, Catalyst Center supports new APs to be configured with AFC. |
Support for new APs for Wi-Fi 7 configuration |
Catalyst Center supports these APs for Cisco IOS XE Release 17.17.1 or later:
|
Support for OS licenses |
Catalyst Center supports OS Essentials and OS Advantage perpetual device licenses for these switches:
Enhancements to the License Manager window for OS licenses:
During the PnP onboarding of these switches, you can now select OS Essentials or OS Advantage stack license level from the Select a License Level drop-down list. |
Feature | Description | ||
---|---|---|---|
Enhancements to the Mobility tab in the device details window |
In the device details window, the Mobility tab for wireless controllers is now moved under the CONFIGURATION area. |
||
Enhancements to wireless automation to support Cisco Networking Subscription licenses for Wi-Fi 7 APs |
Wi-Fi 7 APs use the Cisco Networking Subscription (CNS) licenses. If these APs don't meet the license requirements, they are in worldwide safe mode (WWSM). Wireless automation has these enhancements to support CNS licenses for Wi-Fi 7 APs:
In the dialog box, you can click License Manager to open the License Manager window and enable the required licenses. If there are APs that don't meet the license requirements, Catalyst Center also displays the details in the View Device Details window (on the window) for the corresponding devices:
|
||
Learn Device Configuration workflow updates |
Learning the device configurations using these options is being deprecated:
To manage the Cisco Catalyst 9800 Series Wireless Controllers with existing configurations, you can use the per-device configurations. |
||
Support for Per-Device Configuration for Cisco Catalyst 9800 Series Wireless Controllers |
The Per-Device Configuration feature on Catalyst Center enables you to customize individual features or parameters for a Cisco Catalyst 9800 Series Wireless Controller running Cisco IOS XE Release 17.12 or later. By default, this feature is disabled for the Cisco Catalyst 9800 Series Wireless Controllers. You can enable it using the Enable Per-Device Configuration option on the device details window.
|
||
Support for CNS licenses |
Catalyst Center supports these new license types:
In this release, these Wi-Fi 7 APs use the CNS licenses:
The License Manager window has these enhancements to support CNS licenses:
To comply with CNS licensing, you must:
In Catalyst Center, you can register a Wi-Fi 7 AP under . Use the Smart License Compliance workflow to register the AP. |
Feature | Description |
---|---|
Upgrade summary report |
Open this new report to view the results of the latest upgrade of Catalyst Center and its applications. |
Feature | Description | ||
---|---|---|---|
Ability to edit the Catalyst Center FQDN in day-N |
In earlier releases, you can’t edit the FQDN of the Cisco ISE server after Cisco ISE is added to Catalyst Center. Starting from this release, you can edit the FQDN of the Cisco ISE server after Cisco ISE is added to Catalyst Center. |
||
Automated tagging for flapping APs |
In earlier releases, flapping APs triggered traps that resulted in continuous synchronizations of the associated wireless controller to update the AP information. Effective with this release, Catalyst Center automatically tags flapping APs to discard any events on the AP and prevent unnecessary wireless controller synchronization. If this AP doesn't flap for 10 minutes, Catalyst Center automatically untags the AP. |
||
Enhancements to AP discovery |
Effective with this release, the time taken for AP discovery is reduced. Catalyst Center can now discover the APs that have newly joined a wireless controller using an SNMP trap. |
||
Enhancements to IOS CLI generation in Configuration Preview for Cisco Catalyst 9800 Series Wireless Controller |
Effective with this release, you can now generate IOS CLI from YANG configuration in the configuration preview for Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.15.1 or later. |
||
Enhancements to remote LAN configuration |
The Configure RLAN workflow has these enhancements:
|
||
Enhancements to SSIDs for multiband operations using the 6-GHz band on Cisco IOS XE devices |
Multiband operations using 2.4-GHz, 5-GHz, and 6-GHz bands have these enhancements:
|
||
Enhancement to task management |
You can manually stop in-progress tasks in the Tasks window. |
||
Enhancements to the wireless SSID workflow |
In the wireless SSID workflows for the enterprise and guest wireless networks, the settings are restructured to improve the usability. The workflows also have these enhancements:
|
||
Factory reset for APs |
Using the Factory Reset feature, you can clear the configurations on the APs. These options are available for resetting the APs:
After the AP configurations are cleared, the APs reboot. |
||
IP address manager enhancements |
In earlier releases, IP address pools on Catalyst Center were always synchronized with the IPAM; you couldn't skip the synchronization. In this release, you can choose whether to synchronize the IP address pools with the IPAM. In earlier releases, when you updated an existing IPAM, you could change only the password. In this release, you can change the server name, server URL, username, password, and view of the IPAM. You can also choose to synchronize the IP address pools on Catalyst Center with the IPAM during the update. |
||
Smart Call Home to Smart Transport transition for Smart License-enabled device |
Smart Call Home (SCH) support for Smart Licensing reaches end-of-life from Catalyst Center 2.3.7.6. If you’re using SCH with smart licensing, we recommend that you transition to Smart Transport. |
||
Support for new country codes |
Catalyst Center supports new country codes for Cisco Wireless Controllers and APs running Cisco IOS XE Release 17.15.1 or later. The radios within the APs are assigned to a specific regulatory domain at the factory, but the country code enables you to specify a particular country of operation within that regulatory domain. For a complete list of country codes supported per product, see https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html. |
||
Support for new APs for the Wi-Fi 7 configuration |
Catalyst Center supports these APs for Cisco IOS XE Release 17.15.2 or later:
These APs support the 320-MHz channel width for the 6-GHz band. |
||
Support for Visibility and Control of Configurations for the Cisco Wireless Controller High Availability configuration |
The Visibility and Control of Configurations feature is now supported for the wireless controller High Availability (HA) configuration. This feature is supported on Cisco AireOS Wireless Controllers and Cisco Catalyst 9800 Series Wireless Controllers. With enhanced visibility, you can enforce the previewing of device configurations before deploying them. With enhanced control, you can ensure only authentic and authorized configurations are provisioned onto your network devices through an IT Service Management (ITSM) check. |
||
Wi-Fi 7 configuration on Catalyst Center |
Catalyst Center supports the Wi-Fi 7 configuration for the devices that are running Cisco IOS XE Release 17.15.2. To enable the Wi-Fi 7 configuration, you can:
|
Feature | Description | ||||
---|---|---|---|---|---|
Enhancements in displaying the MAC address details for APs |
For APs, the MAC address details are now displayed under the Base Radio MAC Address column in these workflows:
For APs, on the window:
|
||||
Enhancements to the AP Refresh workflow |
The Access Point Refresh workflow now supports:
|
||||
Enhancements to the Certificate Management UI |
System Certificates, Trusted Certificates, and Device Certificates UI are modified to have a uniform layout. |
||||
Enhancements to custom AP groups and flex groups for Cisco AireOS Wireless Controller |
Instead of configuring and applying the newly added custom groups to the APs during wireless controller provisioning, Catalyst Center now configures and applies them during AP provisioning. Effective with this release, you can use the same AP groups and flex groups across multiple sites for Cisco AireOS Wireless Controllers.
|
||||
Enhancements to WLAN profile name or policy profile name usage for SSIDs with site-level overrides |
Effective with this release, if an SSID associated with a network profile has site-level overrides, Catalyst Center uses the WLAN profile name or policy profile name from the overridden SSID during wireless controller provisioning for the corresponding sites. This rule applies when the overridden site is associated with the wireless controller's network profiles and is managed by the same wireless controller. |
||||
Support for displaying IOS CLI in configuration preview for Cisco Catalyst 9800 Series Wireless Controller |
For Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.13.1 or later, you can generate IOS CLI from YANG configuration in the configuration preview. |
||||
Support for standard power service |
For APs with the standard power capability, compliance with FCC regulations requires the activation of Automatic Frequency Coordination (AFC). The Standard Power Service toggle button in the Create Wireless Radio Frequency Profile and Create AI Radio Frequency Profile window enables you to activate AFC for the 6-GHz band within an RF profile.
When you provision the corresponding APs, the Summary window displays the standard power service configuration details. |
||||
Upload resource utilization details to CSSM: change to prerequisites |
In earlier releases, to upload resource utilization details to CSSM, devices must have NETCONF enabled and devices must be added to the site. Effective with this release, devices don't have to have NETCONF enabled, and devices don't have to be added to the site. |
Feature | Description | ||
---|---|---|---|
Enhancements to AP provisioning for N+1 High Availability |
Effective with this release, if you are using N+1 High Availability (HA) and modify any nonflex SSIDs that are already provisioned on the primary and secondary controllers to flex SSIDs (or conversely), ensure that the states of WLANs are consistent across both the primary and secondary controllers on the corresponding site. |
||
Enhancements to custom flex profile creation |
A custom flex profile is created during Cisco Wireless Controller provisioning (with feature templates) or during AP provisioning (without feature templates). In both scenarios, the custom profile is configured with settings that are similar to the default flex profile, except for the Catalyst Center intent configurations. Catalyst Center also provides an option to autogenerate a flex profile name. |
||
Enhancements to default AP profiles during upgrade |
In earlier releases, the default AP profile was pushed to the wireless controller during upgrade. When you upgrade to this release from an earlier version, by default, Catalyst Center doesn't push the default AP profile to the wireless controller. To update the default AP profile on the wireless controller, you must explicitly save it on the window. After you save the default AP profile, if there’s a difference between the current wireless controller configuration and the AP profile configuration saved on Catalyst Center, the default AP profile is pushed to the wireless controller during subsequent reprovisioning. |
||
Enhancements to preauthentication ACLs |
Preauthentication Access Control Lists (ACLs) have these enhancements:
|
||
Enhancements to VLAN ID configuration for wireless interfaces |
In earlier releases, the valid range for VLAN ID for wireless interfaces was from 0 through 4094. Effective with this release, the valid range for VLAN ID for wireless interfaces is from 1 through 4094.
|
New and changed features in Cisco Software-Defined Access
Feature | Description |
---|---|
In-Service Software Upgrade (ISSU) Support for Catalyst 9400 Fabric Edge Nodes and Catalyst 9800-CL Fabric Wireless Controllers |
Catalyst Center adds ISSU support for Catalyst 9400 switches configured as fabric edge nodes and running IOS XE 17.12.3 or later. The Catalyst 9400 must be a pure fabric edge node; it cannot have a co-located role such as control plane node, internal border node, or Catalyst 9000 Switch Embedded Wireless Controller. Only Catalyst 9400 single-chassis, dual-supervisor fabric edge nodes support ISSU; Cisco StackWise Virtual is not supported. Catalyst Center also adds ISSU support for Catalyst 9800-CL fabric wireless controllers running IOS XE 17.3.1 or later. |
Update Fabric Site for Fabric Events |
For fabric events such as IP address pool modification or addition of new stack members or line cards on existing devices in the fabric, a banner message is displayed in the fabric site window to reconfigure and update the fabric. |
Feature | Description | ||
---|---|---|---|
Device-Level Validations Precheck |
Catalyst Center performs a Device Level Validations precheck before deploying the configuration on the devices. The check identifies and flags the following issues:
|
||
Enforcement of Group-Based Policy for VNs |
Catalyst Center provides an option to enable or disable the enforcement of group-based policies for your virtual network (INFRA_VN). |
||
Enhancements to Fabric Site Configuration Update Messages |
The Fabric Sites window provides information on the outstanding configuration updates for one or more sites along with the available grace period to apply the updates. |
||
ISSU Support for Catalyst 9800 Fabric Wireless Controllers |
Catalyst Center supports ISSU for physical Catalyst 9800 fabric wireless controllers running IOS XE 17.3.1 or later. |
||
Return Material Authorization (RMA) Support |
Catalyst Center supports zero-touch onboarding for replacement fabric edge devices that are connected to intermediate nodes. The device requiring replacement must be unreachable, and the intermediate device must be registered as a managed device in the Catalyst Center Inventory. |
||
SD-Access Application Scale Check |
The scale thresholds for fabric sites are monitored periodically and the status is displayed in the Fabric Sites window. |
||
The dot1x system-auth-control Command Supports Only Fabric Devices |
Starting from 2.3.7.6, the dot1x system-auth-control command is provisioned on Cisco SD-Access fabric devices only, because the feature is designed only for use with fabric authentication. |
Feature | Description |
---|---|
Enhancements to Port Configuration Within Fabric Sites |
The Port Assignment tab for a fabric site now displays the authentication template configured for each port. If you don't configure the authentication template for an individual port, the port inherits these settings from the global authentication template configuration. Inherited settings are displayed with an inherit icon next to the setting. |
Enhancements to SD-Access Image Compatibility Check |
Starting from 2.3.7.5, the SD-Access Image Compatibility Check feature introduced in 2.3.7.4 is enhanced to detect and block the user when a new device is being assigned a fabric role. It does not, however, block the user from any provisioning performed on existing fabric devices. This Add-to-Fabric validation can be turned off from the window. We recommend that you keep this validation turned on. |
SD-Access Application Health Check |
The health of the SD-Access application is checked periodically and the status is displayed on the System Health page. |
Feature | Description | ||
---|---|---|---|
Enhancements to the Embedded Wireless Controller Image Installation for Switches |
Following are the enhancements to the embedded wireless controller image installation process for switches:
|
||
Enhancements to Provisioning of Wireless Changes on Fabric Devices |
If the wireless capability is enabled for a fabric device in the SD-Access device slide-in pane and there are changes in the wireless settings, you must click Configure in the slide-in pane to push the changes to the device.
|
||
Reconfiguration of Fabric for IP Address Pool Changes |
When you modify the IP address pools that are used in a fabric, you must reconfigure the fabric.
|
||
Software Image Compatibility Check for SD-Access Fabric Devices |
Starting from 2.3.7.4, Catalyst Center includes a Software Image Compatibility Check for SD-Access fabric devices. This feature checks for software image compliance of devices with fabric roles assigned based on the Cisco SD-Access Compatibility Matrix. This feature also checks for compliance of golden tagged images to ensure that the image version is a supported version as per the matrix. The results of these checks are shown in the Software Image Compliance section, in the Image Compliance column in the inventory window under the Software Images focus, and in the SWIMS Image Update Readiness checks. |
||
Unsupported SD-Access Configuration Detection on Fabric Devices |
Catalyst Center allows you to detect the unsupported SD-Access configurations on fabric devices using the SD-Access Unsupported Configuration compliance check.
|
New and changed features in interactive help
Feature | Description |
---|---|
New and changed in 2.3.7.9 |
|
New Walkthroughs |
|
New and changed in 2.3.7.6 |
|
Deprecated Walkthroughs |
|
New and changed in 2.3.7.5 |
|
New Walkthroughs |
|
New and changed in 2.3.7.4 |
|
New Walkthroughs |
Enable the Field Notices Trial |
Telemetry subscription changes
When you upgrade to the latest release from Release 2.3.5.3 or earlier, a banner message with information about the telemetry subscription changes is displayed on the
window.These changes are also displayed as telemetry subscription compliance violations under Network Settings on the Compliance Summary window.
To address the changes, do one of the following:
-
In the banner message on the Apply Fix to apply the changes to the applicable devices.
window, click -
On the Compliance Summary window, click Network Settings and perform the necessary compliance remediation to address the compliance violations.
Cisco Support Assistant Extension for Catalyst Center
For enhanced support, you can use the Cisco Support Assistant Extension (CSA-Extension) with Catalyst Center. When you’re signed in securely via cisco.com authentication, the CSA-Extension brings support closer to the product by enabling seamless case creation, troubleshooting, and file sharing directly from the Catalyst Center interface. CSA Extension lets you:
-
Open a Cisco support case from the Catalyst Center GUI
-
Record your issue (audio and video) and upload it to your Cisco service request
-
Collect and upload HAR logs
-
Upload files (like RCA bundles and validation logs) to your Cisco service request
For details, see Cisco Support Assistant Extension for Cisco Catalyst Center.
New features in the previous releases
Before upgrading to the latest release of Catalyst Center, review the new features in the previous releases, Cisco DNA Center 2.3.7.0 and 2.3.7.3. See New and Changed Information. The features in 2.3.7.0 and 2.3.7.3 are rolled up to later releases.
Deprecated features
Cisco User-Defined Network
Starting in August 2025, Cisco User Defined Network Plus replaces UDN for Catalyst Center as the supported UDN solution. As part of this change, these GUI workflows are no longer supported:
vManage
Starting in 2.3.7.5, Catalyst Center no longer integrates with vManage.
Catalyst Center compatibility matrix
For information about devices—such as routers, switches, and wireless APs—and software releases supported by each application in Catalyst Center, see the Cisco Catalyst Center Compatibility Matrix.
Cisco SD-Access compatibility matrix
For information about Cisco SD-Access hardware and software support for Catalyst Center, see the Cisco Software-Defined Access Compatibility Matrix. This information is helpful for deploying Cisco SD-Access.
Compatible browsers
The Catalyst Center GUI is compatible with the following HTTPS-enabled browsers:
-
Google Chrome: Version 93 or later.
-
Mozilla Firefox: Version 92 or later.
Screen resolution:
-
Minimum: 1368 x 768 pixels
-
Recommended: 1920 x 1080 pixels
We recommend that the client systems you use to log in to Catalyst Center be equipped with 64-bit operating systems and browsers.
![]() Note |
For an upgrade to Catalyst Center 2.3.7.x, we recommend that you use Chrome, not Firefox. |
Supported hardware appliances
Cisco delivers Catalyst Center in the form of a rack-mountable, physical appliance. Versions of available Catalyst Center appliances include:
-
Second generation
-
44-core appliance: DN2-HW-APL (Cisco UCS C220 M5)
-
44-core promotional appliance: DN2-HW-APL-U (Cisco UCS C220 M5)
-
56-core appliance: DN2-HW-APL-L (Cisco UCS C220 M5)
-
56-core promotional appliance: DN2-HW-APL-L-U (Cisco UCS C220 M5)
-
112-core appliance: DN2-HW-APL-XL (Cisco UCS C480 M5)
-
112-core promotional appliance: DN2-HW-APL-XL-U (Cisco UCS C480 M5)
-
-
Third generation
-
32-core appliance: DN3-HW-APL (Cisco UCS C220 M6)
-
56-core appliance: DN3-HW-APL-L (Cisco UCS C220 M6)
-
80-core appliance: DN3-HW-APL-XL (Cisco UCS C240 M6)
-
Statement of volatility
For the statement of volatility for the physical appliances, see the Statement of Volatility for Cisco UCS Hardware.
Supported virtual appliances
Catalyst Center is supported for deployment as a virtual appliance (VA) only on Amazon Web Services (AWS) in the cloud, or on VMware ESXi for on-premises environments. Neither Catalyst Center nor Cisco TAC can provide support for any issues, bugs, or unexpected behavior that occur in environments that use other hypervisors.
Supported firmware
Cisco Integrated Management Controller (Cisco IMC) versions are independent from Catalyst Center releases.
Catalyst Center 2.3.7.5 and 2.3.7.6 have been validated only against these firmware versions:
-
Cisco IMC Version 4.3(2.240009) for appliance model DN2-HW-APL, DN2-HW-APL-L, DN2-HW-APL-XL
-
Cisco IMC Version 4.3(2.230270) and 4.3(2.240009) for appliance model DN3-HW-APL, DN3-HW-APL-L, DN3-HW-APL-XL
Catalyst Center 2.3.7.7 has been validated only against these firmware versions:
-
Cisco IMC Version 4.3(2.240009) for appliance model DN2-HW-APL, DN2-HW-APL-L, DN2-HW-APL-XL
-
Cisco IMC Version 4.3(5.250030) for appliance model DN3-HW-APL, DN3-HW-APL-L, DN3-HW-APL-XL
Catalyst Center 2.3.7.9 has been validated only against these firmware versions:
-
Cisco IMC Version 4.3(2.240077) for appliance model DN2-HW-APL, DN2-HW-APL-L, DN2-HW-APL-XL
-
Cisco IMC Version 4.3(5.250030) for appliance model DN3-HW-APL, DN3-HW-APL-L, DN3-HW-APL-XL
Update the Cisco IMC firmware
To update your Cisco IMC firmware, review the Catalyst Center release notes for the release that you are installing. The “Supported Firmware” section of the release notes lists the Cisco IMC firmware version for your Catalyst Center release.
Then, see the Cisco Host Upgrade Utility User Guide for instructions on updating the firmware.
If your deployment uses a three-node cluster configuration, before you update the Cisco IMC firmware, shut down all nodes in the cluster. Alternatively, you can upgrade the nodes individually. See “Typical Cluster Node Operations” in the Cisco Catalyst Center High Availability Guide and follow the steps to shut down one or all nodes for maintenance.
Catalyst Center scale
For Catalyst Center scale numbers, see the Cisco Catalyst Center Data Sheet.
IP address and FQDN firewall requirements
To determine the IP addresses and fully qualified domain names (FQDNs) that must be made accessible to Catalyst Center through an existing network firewall, see "Required Internet URLs and Fully Qualified Domain Names" in the "Plan the Deployment" chapter of the Cisco Catalyst Center Installation Guide.
Product telemetry
Telemetry data is collected by default in Catalyst Center, but you can opt out of some data collection. The data collection is designed to help the development of product features and address any operational issues, providing greater value and return on investment. Cisco collects these categories of data: Cisco.com ID, System, Feature Usage, Network Device Inventory, and License Entitlement. See the Cisco Catalyst Center Data Sheet for a more expansive list of data that we collect. To opt out of some of the data collection, contact your Cisco account representative or Cisco TAC.
Support for Cisco Connected Mobile Experiences
Catalyst Center supports Cisco Connected Mobile Experiences (CMX) Release 10.6.2 or later. Earlier versions of Cisco CMX are not supported.
![]() Caution |
|
Support for the Web Content Accessibility Guidelines 2.1 standard
Catalyst Center supports the Web Content Accessibility Guidelines (WCAG) 2.1 standard for the AA conformance level, with the following limitations:
WCAG Success Criterion | Support | Limitation |
---|---|---|
1.2.4: Captions (Live) |
Not Supported |
— |
1.2.5: Audio Description (Prerecorded) |
Not Supported |
— |
1.3.4: Orientation |
Not Supported |
— |
1.3.5: Identify Input Purpose |
Supported |
— |
1.4.3: Contrast (Minimum) |
Supported |
— |
1.4.4: Resize Text |
Supported |
— |
1.4.5: Images of Text |
Supported |
— |
1.4.10: Reflow |
Supported |
— |
1.4.11: Non -Text Contrast |
Supported |
— |
1.4.12: Text Spacing |
Supported |
— |
1.4.13: Content on Hover or Focus |
Supported |
— |
2.4.5: Multiple Ways |
Supported |
— |
2.4.6: Headings and Labels |
Supported |
— |
2.4.11: Focus Appearance (Minimum) |
Supported |
— |
2.5.7: Dragging Movements |
Partially Supported |
Dashboard partially supports drag and drop due to third-party library limitations. |
2.5.8: Target Size (Minimum) |
Supported |
— |
3.1.2: Language of Parts |
Supported |
— |
3.2.3: Consistent Navigation |
Supported |
— |
3.2.4: Consistent Identification |
Supported |
— |
3.3.3: Error Suggestion |
Supported |
— |
3.3.4: Error Prevention (Legal, Financial, Data) |
Not Supported |
— |
Guidelines and limitations
AP guidelines
Starting with Release 2.3.7.10, a wireless controller configuration change triggers only a wireless controller synchronization. During this synchronization, Catalyst Center:
-
collects the wireless controller-related configurations, but
-
doesn't update the configuration and status of the APs associated with the wireless controller.
To view updated information for APs associated with the wireless controller (like AP status, new AP discovery, AP configuration, and so on), you must manually perform a full wireless controller synchronization. For a full synchronization, complete these steps:
-
On the Inventory window, select the wireless controller.
-
Choose
.
Cloud connectivity through SSL intercept guidelines
Some Catalyst Center applications, such as the Cisco AI Network Analytics agent on the Catalyst Center appliance, require establishing a secure communication to the cloud with mutual authentication, using X.509 certificates.
In addition to direct connectivity, use of a proxy is also supported, as long as the SSL communication is terminated directly at the agent and cloud endpoint, without any SSL interception device in between.
![]() Note |
Cloud connection through an SSL intercept device is not supported and might result in connectivity failures. |
Backup and restore guidelines
-
Backing up to cloud-based Linux servers running rsync and NFS is only supported with cloud-based Catalyst Center implementations. On-premises Catalyst Center appliances attempting to back up to cloud-based servers has not been tested and therefore is not supported.
-
You cannot take a backup of one version of Catalyst Center and restore it to another version of Catalyst Center. You can only restore a backup to an appliance that is running the same Catalyst Center software version, applications, and application versions as the appliance and applications from which the backup was taken.
-
After performing a restore operation, update your integration of Cisco ISE with Catalyst Center. After a restore operation, Cisco ISE and Catalyst Center might not be in sync. To update your Cisco ISE integration with Catalyst Center, choose . In the Actions column, click Edit adjacent to the corresponding server. Enter your Cisco ISE password to update.
-
After performing a restore operation, the configuration of devices in the network might not be in sync with the restored database. In such a scenario, you should manually enter the CLI commands that are pushed for authentication, authorization, and accounting (AAA) and configuration on the network devices. See the corresponding network device documentation for information about the CLI commands to enter.
-
Re-enter the device credentials in the restored database. If you updated the site-level credentials before the database restore, and the backup that is being restored doesn't have the credential change information, all the devices go to partial collection after the restore. You must then manually update the device credentials on the devices for synchronization with Catalyst Center, or perform a rediscovery of those devices to learn the device credentials.
-
Perform AAA provisioning only after adjusting network device differential changes to the restored database. Otherwise, device lockouts might occur.
-
You can back up and restore only Automation data or both Automation and Assurance data. You cannot use the GUI or the CLI to back up or restore only Assurance data.
AI-Enhanced RRM guidelines
In earlier releases, Catalyst Center marked the AI-Enhanced RRM tasks as failed if the AP provisioning didn't complete within 3 hours. During scale provisioning for a large number of APs, provisioning can take a longer time. Even if the tasks were marked as failed after 3 hours, the AP provisioning continued in Catalyst Center.
Effective with Release 2.3.7.4, the timeout value for AI-Enhanced RRM tasks is increased to 24 hours to accommodate the scale provisioning scenarios for large number of APs.
Cisco ISE integration guidelines
-
To integrate Catalyst Center with Cisco ISE 3.3 Patch 2 or later and configure RADIUS shared secret keys for network access devices, you must enable the Show Password in Plaintext option on Cisco ISE.
In the Cisco ISE GUI, choose . In the Ciphers and Security Settings area, enable the Show Password in Plaintext option.
-
ECDSA keys are not supported as either SSH keys for Cisco ISE SSH access or in the certificates in Catalyst Center and Cisco ISE.
-
Full certificate chains must be uploaded to Catalyst Center while replacing an existing certificate. If a Catalyst Center certificate is issued by a subCA of a rootCA, the certificate chain uploaded to Catalyst Center while replacing the Catalyst Center certificate must contain all three certificates.
-
Self-signed certificates applied on Catalyst Center must have the Basic Constraints extension with cA:TRUE (RFC5280 section-4.2.19).
-
The IP address or FQDN of both Cisco ISE and Catalyst Center must be present in either the Subject Name field or the Subject Alt Name field of the corresponding certificates.
-
If a certificate is replaced or renewed in either Cisco ISE or Catalyst Center, trust must be re-established.
-
The Catalyst Center and Cisco ISE IP address or FQDN must be present in the proxy exceptions list if there is a web proxy between Catalyst Center and Cisco ISE.
-
Catalyst Center and Cisco ISE nodes cannot be behind a NAT device.
-
If pxGrid policies that restrict access to certain user groups subscribed to topics of Catalyst Center are present, the Catalyst Center client username must be manually readded to the user group whenever Catalyst Center reintegrates with Cisco ISE. This is because the association between the username and the user group is lost during the reintegration workflow on Catalyst Center. Currently, there is no way to associate a pxGrid client to a user group through a REST API call; this must be performed manually from the Cisco ISE GUI.
Device onboarding guidelines
For IE-3200-8P2S-E/A, IE-3200-8T2S-E/A, IE-3300-8P2S-E/A, and IE-3300-8T2S-E/A devices with Cisco IOS XE 17.8.1 or later, we recommend that you boot the devices in install mode before onboarding them.
If you upgrade an onboarded IE3200 or IE3300 device to Cisco IOS XE 17.8.1 or later, ensure that the device is in install boot mode before upgrading.
Wireless fabric configuration guidelines
-
In a fabric site, when you remove the wireless role from a Cisco Catalyst 9800 Series Wireless Controller, Catalyst Center removes only the corresponding fabric configurations. The wireless controller retains the nonfabric wireless configurations such as tags that are required for maintaining the AP associations. Retaining the nonfabric configurations ensures support for any existing nonfabric deployments.
-
In a fabric site, if the wireless role is enabled on an Embedded Wireless Controller for a Cisco Catalyst 9000 Series Switch, Catalyst Center removes the corresponding wireless configurations when:
-
The wireless role is disabled on the switch.
-
The switch is removed from the fabric site. Catalyst Center also removes the corresponding fabric configurations.
On an Embedded Wireless Controller for a Cisco Catalyst 9000 Series Switch, the wireless controller operates as a process within the IOS XE operating system. This process is initiated when Catalyst Center pushes the wireless-controller command to the switch.
When the fabric wireless role is removed from the switch, Catalyst Center removes all the associated wireless configurations from the switch, including fabric and nonfabric configurations such as tags. However, the wireless-controller configuration is retained on the switch to facilitate a seamless reactivation of wireless functionality without the need for a process restart.
To remove the wireless-controller configuration from the switch, you must reboot the switch. To remove this configuration and trigger a switch reboot from Catalyst Center, use the following steps:
-
Choose
. -
Select the fabric site.
-
Under the Fabric Infrastructure tab, click the switch name.
-
In the slide-in pane, click Reboot.
-
In the Warning dialog box, click Yes.
Note
To reboot the switch manually instead of using Catalyst Center, use the no wireless-controller command.
-
Visibility and control guidelines
The Visibility and Control of Configurations feature does not cover out-of-band or event-based changes.
If you generate a configuration preview and then an out-of-band or event-based change occurs (such as a device role change, VIP change, or credential update), the configuration preview is based on the older device configuration.
Single-tenancy guidelines
Catalyst Center operates on a single-tenancy model, meaning it serves only one customer (or tenant) at a time. When performing tasks such as device provisioning across multiple browser tabs, refresh the other tabs after completing a task in one tab. This step ensures that all tabs display the up-to-date information and helps prevent potential errors.
CNS license guidelines
For Wi-Fi 7 APs that don't meet the CNS license requirements, Catalyst Center displays the license noncompliance information. The license noncompliance information is displayed only when the following prerequisites are met:
-
The wireless controller to which the APs are associated must be assigned to a site.
-
Telemetry connectivity between the wireless controller and Catalyst Center must be available.
Note
Telemetry data synchronization between the wireless controller and Catalyst Center can take up to 5 minutes.
-
Assurance must be set up on Catalyst Center. For more information, see "Basic Setup Workflow" in the "Set Up Catalyst Center to Use Assurance" chapter of the Cisco Catalyst Assurance User Guide.
Assurance limitations
In Assurance, don’t use a custom template to create a custom dashboard. Creating a custom dashboard from a custom template causes anomalies in the custom dashboard. You can, however, create a custom dashboard directly (not from a template) and add the dashlets that you want to monitor. You can use and apply location and time filters on top of the custom dashboard.
Upgrade limitations
In-Service Software Upgrade (ISSU) is not supported in Cisco SD-Access deployments, except for the following:
-
ISSU is supported for Catalyst 9400 switches configured with the fabric edge node role.
For Catalyst 9400, the fabric edge node must be running Cisco IOS XE Release 17.12.3 or later. The fabric edge node must be only a fabric edge node; it cannot have other fabric roles (like edge plus wireless, or edge plus border and control plane). Only Catalyst 9400 single-chassis, dual-supervisor fabric edge nodes support ISSU; Cisco StackWise Virtual is not supported.
-
ISSU is supported for physical Catalyst 9800 wireless controllers and 9800-CL wireless controllers that implement the fabric wireless controller role.
For Catalyst 9800, the fabric wireless controller must be running Cisco IOS XE Release 17.3.1 or later.
-
The Cisco Catalyst 9200 switch is classified as a low-flash memory device. Although Catalyst Center typically recommends using install mode for SWIM upgrades, this method may fail on Catalyst 9200 switches. Therefore, for SWIM upgrades on Catalyst 9200 switches, you must use bundle mode instead of install mode.
In-product help limitations
-
The online help and Interactive Help support light mode only. The online help and Interactive Help do not support dark mode.
-
When you place the Interactive Help widget on the top-right, right-center, and bottom-right locations, if you hover your cursor beyond the right edge of the widget, the widget may flicker.
License limitations
-
After changing the enterprise IP address or FQDN, before you attempt a licensing-related task, all services must be up and running.
-
The Catalyst Center License Manager supports Smart Licensing only for wireless controller models that run Cisco IOS XE. The License Manager doesn't support Smart License registration of the Cisco 5500 Series AireOS Wireless Controller when the connection mode is smart proxy.
-
The Catalyst Center License Manager doesn't support the following operations under for Cisco IOS 17.3.2 and later:
-
Enable License Reservation
-
Update License Reservation
-
Cancel/Return License Reservation
-
Factory License Reservation
-
-
When the license level changes from Essentials to Advantage, or conversely, the License Manager window may temporarily display an incorrect count of used licenses for the wireless controllers in the Overview tab. This discrepancy is resolved after the Inventory sync is complete, and the correct count is then displayed.
-
Catalyst Center doesn't support license operations and doesn't display the license status in the License Manager window for these routers:
-
Cisco 8100 Series Secure Routers
-
Cisco Catalyst 8200 Series Edge Platforms
-
Cisco 8200 Series Secure Routers
-
Cisco Catalyst 8300 Series Edge Platforms
-
Cisco 8300 Series Secure Routers
-
Cisco 8400 Series Secure Routers
-
Cisco 8500 Series Secure Routers
-
Fabric limitations
-
IP address pools that are reserved at the area level are inherited at the building level under Host Onboarding window if the fabric site is defined at the building level. If the fabric site is defined at the building level, you must reserve the IP address pools at the building level. If the fabric site is defined at the area level, you must reserve the IP address pools at the area level.
. However, these IP address pools are not listed in theTo work around this issue, release and reserve the IP address pool at the same level (area or building) as the fabric site, or reconfigure the fabric site at the same level as the reserved IP address pool.
-
Catalyst Center supports only native multicast across multiple fabric sites that are connected by an SD-Access transit. Head-end replication is not supported over SD-Access transit.
-
Multicast routing over LISP/BGP SD-Access transit is not supported.
-
Cisco Catalyst 9000 Series switches support MACsec switch-to-switch connections.
Note
We do not recommend using MACsec between switch-to-host connections in an overlay network.
For assistance with an existing switch-to-host MACSEC implementation or a design review, contact your Cisco Sales Representative or Channel Partner.
-
If you manually remove an SD-Access fabric-related CLI from the switch, Catalyst Center may not apply the command during normal device provisioning. In such cases, you must manually add the command on the fabric node. Alternately, remove the device from the fabric, and then readd the device to the fabric.
Existing feature-related limitations
-
Catalyst Center cannot learn device credentials.
-
You must enter the preshared key (PSK) or shared secret for the AAA server as a part of the import flow.
-
Catalyst Center doesn't learn the details about DNS, WebAuth redirect URL, and syslog.
-
Catalyst Center can learn device configuration only once per controller.
-
Catalyst Center can learn only one wireless controller at a time.
-
For site profile creation, only the AP groups with AP and SSID entries are considered.
-
Automatic site assignment is not possible.
-
SSIDs with an unsupported security type and radio policy are discarded.
-
For authentication and accounting servers, if the RADIUS server is present in the device, it is given first preference. If the RADIUS server is not present, the TACACS server is considered for design.
-
The Cisco ISE server (AAA) configuration cannot be learned through existing device provisioning.
-
The authentication and accounting servers must have the same IP addresses for them to be learned through existing device provisioning.
-
When an SSID is associated with different interfaces in different AP groups, during provisioning, the newly created AP group with the SSID is associated with the same interface.
-
A wireless conflict is based only on the SSID name and doesn't consider other attributes.
High availability limitation
Catalyst Center doesn't support HA for the Cisco Embedded Wireless Controller on Catalyst Access Points.
Wireless limitations
-
When the wireless controllers that are configured with the 5-GHz and 6-GHz RF profiles using Catalyst Center are upgraded to Cisco IOS XE Release 17.9 or later, Catalyst Center displays the following compliance violations under Network Profiles on the Compliance Summary window:
-
The RF profile for the 6-GHz band is removed and the RF tags are changed to default-rf-profile-6ghz.
-
The multi-BSSID profile is removed.
-
Preamble puncture is enabled on Catalyst Center and disabled on the wireless controllers.
To address the compliance issues, do one of the following:
-
On the Compliance Summary window, click Network Profiles and perform the necessary compliance remediation to address the compliance violations.
-
Reprovision the wireless controllers.
-
-
If an AP is migrated after a wireless policy is created, you must manually edit the wireless policy and point the policy to an appropriate AP location before deploying the policy. Otherwise, the
Policy Deployment failed
message is displayed. -
For Cisco Catalyst 9800 Series Wireless Controllers, some configurations can't be completed using the intent configurations in Catalyst Center. For these configurations,
-
use the day-n CLI templates in Catalyst Center, or
-
perform the out-of-band configurations directly on the wireless controller.
-
-
Catalyst Center doesn't support the display of Bluetooth Low Energy (BLE) radios in wireless maps.
-
Don’t provision wireless devices (APs and wireless controllers) that are tagged with the INV_EVENT_SYNC_DISABLED tag. Because the INV_EVENT_SYNC_DISABLED tag blocks the synchronization operation based on events, provisioning wireless devices that have that tag can lead to inconsistent information in Catalyst Center.
-
The following existing wireless configurations may have potential issues after an upgrade:
-
In-progress Configure AI-Enhanced RRM workflows
-
In-progress Unassign AI-Enhanced RRM workflows
-
In-progress Configure Access Points workflows
-
AP Plug and Play (PnP) configuration
-
AP configuration templates
The following table lists the potential impacts to these existing wireless configurations after an upgrade.
Upgrade scenario
Potential impact
Upgrade to Release 2.3.7.9
Additional workflows that were previously unavailable may be displayed as in-progress workflows in the Workflows window (due to the migration of some records). You can view and delete these workflows if necessary.
Upgrade to Release 2.3.7.7
-
In-progress workflows from Release 2.3.7.6 are displayed in the Workflows window, but they can’t be edited or deleted. To delete these workflows, contact Cisco TAC.
-
Existing wireless configurations are available on the UI. You can view and delete these configurations if necessary.
-
Additional workflows that were previously unavailable may be displayed as in-progress workflows in the Workflows window (due to the migration of some records). You can view and delete these workflows if necessary.
Upgrade to Release 2.3.7.6
In-progress workflows and existing configurations may not be available on the UI.
-
-
When you add a Cisco AireOS Wireless Controller with associated APs to the inventory, a synchronization may trigger an internal error. To resolve the issue, you can perform a manual synchronization. If the issue persists, contact Cisco TAC.
AP limitations
-
Configuring APs in FlexConnect mode before provisioning the locally switched WLANs bypasses the AP provisioning error. Otherwise, AP provisioning fails when the locally switched WLANs are provisioned on the wireless controller or APs through Catalyst Center.
After the provisioning failure, the AP rejoins the wireless controller. You can reprovision the AP for a successful provisioning.
-
In the Inventory window, if you add a wireless controller with associated Wi-Fi 7 APs that don't meet license requirements, Catalyst Center displays a dialog box with details of these APs. If these APs become unreachable later, Catalyst Center continues to list them in the dialog box.
-
The Cisco Catalyst 9130AXE AP with antenna C-ANT9104 doesn't support the Disable option for Dual Radio mode.
-
The Cisco Catalyst 9124AXE AP doesn't support the Auto option for Dual Radio mode.
-
When only Link Layer Discovery Protocol (LLDP) is enabled between an AP and its directly connected upstream neighbor:
-
The Tools > Topology window doesn’t display the directly connected neighbor link.
-
The Inventory table doesn’t display the directly connected neighbor details.
-
Inter-Release Controller Mobility (IRCM) limitation
The interface or VLAN configuration is not differentiated between foreign and anchor controllers. The VLAN or interface that is provided in Catalyst Center is configured on both foreign and anchor controllers.
IP device tracking limitations
-
With IPDT on trunk ports, rogue-on-wire detection is impacted. Catalyst Center doesn't show all the clients connected to a switch through an access point in bridge mode. The trunk port is used to exchange all the VLAN information. When you enable IP device tracking on the trunk port, clients connected on the neighbor switch are also shown. Catalyst Center doesn't collect client data if the connected interface is a trunk port and the neighbor is a switch. As a best practice, disable the IP device tracking on the trunk port. Rogue-on-wire is not detected if IP device tracking is enabled on the trunk port.
-
When you add a line card to a chassis, or remove a line card from a chassis, the changes take several minutes to get updated on Catalyst Center. IPDT configurations, if any, are pushed to the device automatically for newly added interfaces.
-
When you add a device to a stack pool, or remove a device from a stack pool, the changes take several minutes to get updated on Catalyst Center. IPDT configurations, if any, are pushed to the device automatically for newly added interfaces.
To add or remove a device from the stack, you must use manual CLI configurations.
IPv6 limitations
If you choose to run Catalyst Center in IPv6 mode:
-
Access Control Application, Group-Based Policy Analytics, SD Access, Cisco AI Endpoint Analytics, Cisco ISE, and Support Services packages are disabled and cannot be downloaded or installed. Before upgrading, remove those packages from the IPv6 deployment, because those packages don't support IPv6.
-
Communication through Cisco ISE pxGrid is disabled because Cisco ISE pxGrid doesn't support IPv6.
-
LAN automation is not supported.
-
Adding devices to a site is supported, but provisioning is not supported.
-
ITSM integration is not supported.
-
Network profiles for wireless devices are not supported.
-
Stealthwatch Security Analytics is not supported.
-
Disaster Recovery is not supported.
-
Catalyst Center does not support integration with Cisco ISE when it’s also configured for IPv6. It only supports the use of Cisco ISE as a AAA server.
Cisco Plug and Play limitations
-
Virtual Switching System (VSS) is not supported.
-
The Cisco Plug and Play mobile app is not supported with Plug and Play in Catalyst Center.
-
The Stack License workflow task is supported for Cisco Catalyst 3650 and 3850 Series switches running Cisco IOS XE 16.7.1 and later.
-
The Plug and Play agent on the switch is initiated on VLAN 1 by default. Most deployments recommend that VLAN 1 be disabled. If you do not want to use VLAN 1 when PnP starts, enter the following command on the upstream device:
pnp startup-vlan <vlan_number>
Cisco Group-Based Policy Analytics limitations
-
Cisco Group-Based Policy Analytics supports up to five concurrent requests based on realistic customer data. While it is desirable for GUI operations to respond within 5 seconds or less, for extreme cases based on realistic data, it can take up to 20 seconds. There is no mechanism to prevent more than five simultaneous requests at a time, but if it does happen, it might cause some GUI operations to fail. Operations time out after 1 minute.
-
Data aggregation occurs at hourly offsets from UTC in Cisco Group-Based Policy Analytics. However, some time zones are at a 30-minute or 45-minute offset from UTC. If the Catalyst Center server is located in a time zone with a 30-minute or 45-minute offset from UTC, and the client is located in a time zone with an hourly offset from UTC, or vice versa, the time ranges for data aggregation in Cisco Group-Based Policy Analytics are incorrect for the client.
For example, assume that the Catalyst Center server is located in California PDT (UTC-7), where data aggregations occur at hourly offsets (8:00 a.m., 9:00 a.m., 10:00 a.m., and so on). When a client located in India IST (UTC+5.30) wants to see the data between 10:00 to 11:00 p.m. IST, which corresponds to the time range 9:30 to 10:30 a.m. PDT in California, no aggregations are seen.
-
Group changes that occur within an hour are not captured. When an endpoint changes from one security group to another, Cisco Group-Based Policy Analytics is unaware of this change until the next hour.
-
You cannot sort the Security Group and Stealthwatch Host Group columns in the Search Results window.
-
You might see discrepancies in the information related to Network Access Device (including location) between Assurance and Cisco Group-Based Policy Analytics.
Application telemetry limitation
-
With Catalyst Center, application telemetry is not supported for Cisco Catalyst 9500 Series Switches.
-
When configuring application telemetry on a device, Catalyst Center might choose the wrong interface as the source for NetFlow data.
To force Catalyst Center to choose a specific interface, add the netflow-source command in the description of the interface. You can use a special character followed by a space after netflow-source but not before it. For example, the following syntax is valid:
netflow-source MANAGEMENT netflow-source MANAGEMENTnetflow-source netflow-source MANAGEMENT netflow-sourceMANAGEMENT netflow-source & MANAGEMENT netflow-source |MANAGEMENT
The following syntax is invalid:
MANAGEMENT | netflow-source * netflow-source netflow-source|MANAGEMENT
IP address manager limitations
-
Infoblox limitations:
-
Infoblox doesn't expose a name attribute; therefore, the comment field in Infoblox is populated by the IP pool name during a sync.
-
For a pool import, the first 50 characters of the comment field are used. If there are spaces in the comments, they are replaced by underscores.
-
If an IP pool name is updated for an imported pool, the comments are overwritten and the new name is reflected.
-
-
You may see the following error when editing an existing IPAM integration or when adding a new IPAM:
NCIP10283: The remote server presented a certificate with an incorrect CN of the owner
To correct this, regenerate a new certificate for IPAM and verify that any one of the following conditions are met:
-
No values are configured in the SAN field of the certificate.
-
If a value is configured, the value and type (IP address or FQDN) must match the configured URL under
.
-
-
Catalyst Center supports integration with an external IPAM server that has trusted certificates. In the Catalyst Center GUI, under , you may see the following error message:
NCIP10282: Unable to find the valid certification path to the requested target.
To correct this error for a self-signed certificate:
-
Using OpenSSL, enter one of the following commands to download the self-signed certificate, depending on your IPAM type. (You can specify the FQDN [domain name] or IP address in the command.)
-
openssl s_client -showcerts -connect Infoblox-FQDN:443
-
openssl s_client -showcerts -connect Bluecat-FQDN:443
-
-
From the output, use the content from ---BEGIN CERTIFICATE--- to ---END CERTIFICATE--- to create a new .pem file.
-
Go to Import, and upload the certificate (.pem file).
, click -
Go to
and configure the external IPAM server. (If the IPAM server is already configured, skip this step.)
To correct this error for a CA-signed certificate, install the root certificate and intermediate certificates of the CA that is installed on the IPAM, into the Catalyst Center trustpool ( ).
-
-
You may see the following error if a CA-signed certificate is revoked by the certificate authority:
NCIP10286: The remote server presented with a revoked certificate. Please verify the certificate.
To correct this, obtain a new certificate from the certificate authority and upload it to
. -
You may see the following error after configuring the external IPAM details:
IPAM external sync failed: NCIP10264: Non Empty parent pool <CIDR> exists in external ipam.
To correct this, do the following:
-
Log in to the external IPAM server (such as BlueCat).
-
Confirm that the parent pool CIDR exists in the external IPAM server, and remove all the child pools that are configured under that parent pool.
-
Return to the Catalyst Center GUI and reconfigure the IPAM server under .
-
-
You may see the following error while using IP Address Manager to configure an external IPAM:
NCIP10114: I/O error on GET request for "https://<IP>/wapi/v1.2/": Host name '<IP>' does not match the certificate subject provided by the peer (CN=www.infoblox.com, OU=Engineering, O=Infoblox, L=Sunnyvale, ST=California, C=US); nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name '<IP>' does not match the certificate subject provided by the peer (CN=www.infoblox.com, OU=Engineering, O=Infoblox, L=Sunnyvale, ST=California, C=US) |
To correct this, do the following:
-
Log in to the external IPAM server (such as Infoblox).
-
Regenerate your external IPAM certificate with the common name (CN) value as the valid hostname or IP address. In the preceding example, the CN value is
www.infoblox.com
, which is not the valid hostname or IP address of the external IPAM. -
After you regenerate the certificate with a valid CN value, go to
. -
Click Import and upload the new certificate (.pem file).
-
Go to
and configure the external IPAM server with the server URL as the valid hostname or IP address (as listed as the CN value in the certificate).
-
Reports limitation
Reports with significant data can sometimes fail to generate in the Catalyst Center platform. If this occurs, we recommend that you use filters to reduce the report size to prevent such failures.
Custom application limitation
If a custom application is configured as a part of the default bucket, Catalyst Center doesn't push the configuration to the managed devices.
Application Policy and Application Visibility limitation
-
When you provision the Application Policy feature or the Application Visibility feature from Catalyst Center, changes made outside these features do not reflect automatically in Catalyst Center. For the changes to be reflected in Catalyst Center, you must reprovision these features.
-
When you deploy a wireless QoS policy on a flex or fabric SSID on a wireless controller, the policy is downloaded to the APs. There is an 8-KB limit for the policy on the APs and a limit of three applications per traffic class.
If the QoS policy doesn’t adhere to the AP and traffic class constraints, it is marked as invalid. To check the QoS policy on the device, enter these CLI commands:show platform software qos database policy-map <ssid> show tech-support wireless qos ap-name <ap-name> ssid <ssid>
-
In Catalyst Center 2.3.7.x, Application Visibility uses the Controller-Based Application Recognition (CBAR) instead of the NBAR cloud connector. After you upgrade from Catalyst Center 2.3.5.x, you must register Catalyst Center with Cisco Catalyst Cloud under and then enable CBAR Cloud in Application Visibility.
Third-party device support limitations
Consider these points regarding Catalyst Center's support of third-party devices:
-
Third-party devices are defined as non-Cisco devices that support MIB-II (RFC 1213) and can be added to Catalyst Center.
-
Cisco will not issue any new entitlements for third-party devices.
-
Cisco will not update its General Terms for third-party devices.
-
Third-party devices added to Catalyst Center have limited (visibility-only) functionality and are not supported by the Cisco TAC. If you encounter an issue with a third-party device, you'll need to contact its vendor or whoever you have a support contract with for assistance.
API limitations
After upgrading to either Catalyst Center 2.3.7.6 or 2.3.7.7, these APIs may be inaccessible:
-
/dna/intent/api/v1/siteWiseProductName
-
/dna/intent/api/v1/images
-
/dna/intent/api/v1/productNames
-
/dna/intent/api/v1/networkDeviceImageUpdates
Access any of these APIs and you may see this error: BAPI not found with technicalName and restMethod GET
To work around this issue, which is resolved in Catalyst Center 2.3.7.9, do this:
-
From the main menu, choose .
The Bundles tab should already be selected.
-
Click the Catalyst Center REST API bundle link.
-
Click Disable.
-
Wait a few minutes and then re-enable the bundle.
Bugs
Open bugs
This table lists the open bugs in Catalyst Center for this release.
![]() Note |
You can use the Cisco Bug Search Tool to search for a specific bug or to search for all open bugs in this release. To search for a documented Cisco product issue, type in the browser: <bug_number> site:cisco.com |
Bug identifier | Headline |
---|---|
SWIM upgrade fails with the error |
|
Catalyst Center and Cisco ISE integration is broken, but OTT wireless controller and NF router provisioning still works. |
|
In a disaster recovery environment with multiple Catalyst Center clusters, both the active and passive disaster recovery clusters are shown in Author mode. |
|
When you create a Central Web Authentication (CWA) guest SSID or enterprise SSID with posture enabled:
|
|
Enhance the custom view table settings columns to arrange them alphabetically. |
|
Include reachability as a factor for iperf sensor selection. |
|
Although automatic disaster recovery failover works after shutting down the active cluster, when the shut-down cluster is powered on and becomes standby (passive), the rejoin operation to make it standby (active) fails. |
|
New device onboarding to a nonfabric REP ring fails when image upgrade is part of the Plug and Play (PnP) process. |
|
In IPv6-only networks, telemetry doesn't work with FQDN-only certificates. This problem occurs in an IPv6-only network when Catalyst Center pushes its FQDN as a telemetry receiver that can't be resolved by the IOS-XE device. To work around this problem, you must add the IPv6 addresses to the alt_names section. |
|
/data/maglev/srv/maglev-system reaches 100% disk space usage. After recovering, a single-node Apache ZooKeeper runs into a configurable logic block (CLB). Kafka and collector services then run into a CLB, because ZooKeeper is not ready and running. |
|
Performance degradation occurs while adding an edge node to the fabric. |
|
AP information in Catalyst Center doesn't update correctly after the AP is moved to a new controller. This problem occurs when the SNMP queue isn't large enough to handle all device traps. New traps are dropped without notification until the existing traps are sent and slots become available in the queue. |
|
Device details are not displayed in the Application Telemetry provisioning task under . |
|
A back-end request error is seen intermittently on the Catalyst Center GUI after upgrading the cluster from 2.3.7.5.70434 to 2.3.7.6.70232. |
|
Backup fails due to a postgres issue during the backup process. |
|
Networks with high latency may experience prolonged device sync for more than 2 hours. For example, in a network with a Cisco Catalyst 9350 device located in India and a Catalyst Center server located in America, it might take longer than 2 hours for devices to synchronize. In general, in networks with high latency, getBulk requests are made to return as much data as possible in as few packets as possible, which reduces the effect of individual packet latency. However, SNMP agents on some devices don't handle this well, and may not return responses for the bulk requests. Therefore, it's important to set the per-packet SNMP_TIMEOUT to a small value. If the SNMP_TIMEOUT is set to a high value, it can increase the overall amount of time it takes to retrieve the SNMP table. |
|
In the Per-Device Configuration feature, the option to enable or disable the logs for rules is unavailable for IPv4 extended ACL. |
|
The Per-Device Configuration feature is unable read and provision the IPv4 extended ACL with multiple source ports. |
|
In Per-Device Configuration, the default value for multicast start and end address is an invalid IP address (0.0.0.0) for media stream. |
|
Unable to use a VLAN named "Management" when deploying ThousandEyes via Catalyst Center. |
|
Per-Device Configuration doesn't support adding new AAA models. |
|
In a scale setup with approximately 35,000 devices, it takes 15 minutes to mark 300 devices as reachable or unreachable. The time depends on the SNMP timeout and retries and the number of reachable and unreachable devices in the setup. The setup has a default SNMP timeout of 5 seconds and 3 retries. The setup has 30 threads. Note that other polling tasks could also affect the time it takes to mark devices as unreachable or reachable. |
|
After upgrading to Catalyst Center 2.3.7.6 from an earlier release, the in-progress/undeployed RLAN workflow cards are not retained in the RLAN workflow. |
|
For the Per-Device Configuration feature, an extra set wlan user-priority command is included after cloning the QoS policy profile. |
|
For the Per-Device Configuration feature, in the window, configuration of Max Number of Character Repetition is not supported. |
|
For the Per-Device Configuration feature, updating the IPv6 address for the VLAN interface in the SVI profile fails. |
|
The apic-em-network-programmer-service goes into a restart loop; you can't perform any provisioning operations. |
|
For the Per-Device Configuration feature, AAA server key and PAC key aren’t set to clear text when it's not returned from the YANG configuration. |
|
After upgrading from Catalyst Center 2.3.7.6 to 2.3.7.7 or 2.3.7.9 in an IPv6 deployment, if these packages were installed previously, they don't come up:
|
|
Per-Device Configuration isn't displayed in read-only view for the Observer role. |
|
For the Per-Device Configuration feature, WLAN profile creation fails for Enterprise security policy when
|
|
After upgrading to Catalyst Center 2.3.7.9, the following warning message is displayed on the window, and you can’t register your Catalyst Center with Cisco SSM:
|
|
ACA Migration fails with error - "Error occurred during migration: Invalid SG. |
|
When pushing a webhook event notification, the following error message is displayed:
|
|
SDflow restarted due to exit code:1 (panic from context-storeGo) which impacted netflow drop. |
|
After the AP ranging is complete for auto locating the APs, star icons aren’t displayed for anchor APs. |
|
Intermittent wired client data loss in the Assurance client dashboard. |
|
BM2VA Post migration: UI becomes inaccessible and throws "HTTP ERROR 500" when restore fails. |
Resolved bugs
Catalyst Center 2.3.7.10
This table lists the resolved bugs in Catalyst Center, Release 2.3.7.10.
Bug identifier | Headline |
---|---|
External Authentication flag shows disabled in MongoDB after enabling on Catalyst Center. |
|
Catalyst Center SWIM Precheck should include the NETCONF checks. |
|
Getting "Internal Server Error" in page. |
|
The Identitymgmt container keeps crashing after enabling IP Access Control. |
|
No proper error message for user while enabling application telemetry from inventory. |
|
RAPI - Port channel gets rejected as invalid interface. |
|
Assurance Application dashboard has no data after upgrading from Catalyst Center 2.3.5.6 to 2.3.7.6 on a three-node IPv6 appliance. |
|
Elastic search management service shows as degraded. |
|
At daas-runtime, unable to find a valid certification path to the requested target. |
|
When attempting to save changes under Design > Network Settings > Servers, the user encounters an error message in the GUI: "NCND00006: The input payload contains an invalid key: singleconnection.enablement." |
|
During manual failover or pause of Catalyst Center Disaster Recovery (DR), the incorrect DR virtual IP may be calculated and device telemetry settings may be updated to use the incorrect virtual IP. |
|
ISSU compatibility checks failed and shows a warning message. |
|
Upgrade from Catalyst Center 2.3.7.7 to 2.3.7.9 fails with Access Control Application chart download failed error. |
|
Fabric authentication key banner blocking fabric device deletion. |
|
System upgrade from Catalyst Center 2.3.7.6 to 2.3.7.7 results in MongoDB failure. |
|
Catalyst Center 2.3.7.7 upgrade failure due to mexplorer. |
|
While multiple heavy loaded wireless controllers were undergoing sync together after moving APs from WLC1 to WLC2 using the AP configuration workflow, the task completes successfully and the APs are moved. However, on the inventory page, the associated wireless controller IP still displays the old wireless controller IP. |
|
Catalyst Center 2.3.7.9: Single-node upgrade hangs; IP change isn’t detected by coreDNS. |
|
A device drop and lag is observed in deviceprocessor. |
|
Topology page does not load. |
|
While updating address on a site in network hierarchy, the response shows success but the address is not updated. |
|
Package upgrade for dnacaap-app-services fails. |
|
After upgrading to Catalyst Center 2.3.7.7, SD-Access GUI disappeared. |
|
Inventory threads blocked trying to contact IAM for token generation. |
|
Restore fails at POST_RESTORE admin hook at dnacaap-app-services. |
|
Inventory UI is not correctly reflecting reachability status of devices added using hostname. |
|
After upgrading from Catalyst Center 2.3.3.4 to 2.3.7.7, sdflow goes in crash loop. |
|
Updating Telemetry with force push removes subscriptions from other applications. |
|
Unable to publish notification for subscription created. |
|
During the migration of Catalyst Center to 2.3.7.7 and 2.3.7.9, the Certificate Authority, Device Certificate, and Trustpool pages fail to load. Instead, the error message "EJBCA Service is unavailable to service request" is displayed. |
|
IPDT role change occurs every 5 minutes on some devices. |
|
No devices are appearing under the License Manager > Devices tab. |
|
Unable to edit or create routing profile from Catalyst Center UI. |
|
PAN IP address in Network Settings > Client is blank after upgrade. |
|
Catalyst Center reports fail due to missing "daas-worker-job" maglevjobs resource. |
|
The SVL switch doesn't list all interfaces and also some interfaces are jumbled |
|
No ThousandEyes tests or MSteams data seen on Application Health page. |
|
Mandatory fabric updates banner push fails because Mac Address does not have six octets. |
|
Unable to update the trustpool through UI or API. 400 error been thrown while updating the trustpool using the REST API (/api/v1/certificate-authority/update/default/trustpool) . |
|
Credential update fails when Auth service account is locked. |
|
Supplicant Based Extended Node (SBEN) onboarding fails at verifying dot1x status. |
|
Notifications not forwarded for issue "Radio High Utilization (2.4GHz)". |
|
Remedy stuck in loop re-adding static routes that already exist on host. |
|
AP LRAD_REBOOTREASON unexpectedly triggers a full resync in a Catalyst 9800 wireless controller. |
|
Activation of Catalyst 2960x stack switches is failing through Catalyst Center. |
|
Extended onboarding bootup time optimization. |
|
Catalyst Center: Presence of single quotes in custom pattern regex breaks the functionality. |
|
The etcd service on Catalyst Center may restart due to an out of memory condition. This will result in the system being unstable. |
|
Tx Rx values in AP radio report are shown same in every report for multiple APs however values are correct in AP report. |
|
DR mongo replication failure due to tethering_apicrawl_faliures_api collection conflict. |
|
During DR pause operation, the standby cluster may fail to pause with error "NCMA10002: disaster-recovery CLEANUP_MEMORY on provisioning-service". |
|
SD-Access fabric provisioning failure due to NPE for wireless controller with older namespace naming convention. |
|
Restore fails on Catalyst Center due to Legacy Elasticsearch indices from backup. |
|
APs are automatically assigned and reprovisioned to another floor at a remote teleworker site. |
|
Fresh install of Catalyst Center 2.3.7.9 points to Cisco internal Docker registry, causing upgrade failures. |
|
Dual fullsync of MongoDB allows for potential data loss in case of failover. |
Catalyst Center 2.3.7.9.70301.10 Software Maintenance Update
This table lists the resolved bugs in the Catalyst Center 2.3.7.9.70301.10 software maintenance update (SMU).
![]() Note |
|
Bug identifier | Headline |
---|---|
Unable to create a wireless profile that contains more than three wireless controller anchors. |
|
Multiple devices with the IP SLA configuration are managed with the NCIM12024 internal error. |
|
Rogue on Wire threat on a Rogue client is not reclassified. |
|
Unable to reboot APs from the Device 360 page using custom user roles. |
|
Network device availability report may display inaccurate percentages. |
|
Validation run with the Cisco ISE validation set selected tool may time out. |
|
Entitlement refresh fails when more than 100 devices are registered to Cisco Smart Software Manager. |
|
Catalyst Center reports a compliance violation because the PKI broker hasn't been notified that the PKCS certificate has been renewed |
|
Installation of a SWIM certificate times out on a border node. |
|
In certain VM setups, the max-width property of all HTML images is set to 100%. As a result, when you zoom in on a floor map, the background image is distorted and displays access points and heat maps in the wrong location. |
|
Removing the one SSID that's associated with a feature template should delete the corresponding instance. Instead, the template
indicates its applicability as |
|
LAN Automation needs a new mechanism to safely migrate dummy pools. |
|
Catalyst Center collects packages and images for Cisco Secure Firewall Management Center (FMC), even though it doesn't support Cisco Secure FMC upgrades. |
|
After upgrading to Catalyst Center 2.3.7.7 from version 2.3.5.5, newly discovered devices are not displayed in the inventory until you restart the NCP service. |
|
During provisioning, configuration drift labels a configuration as out-of-band. |
|
Unable to delete a device from the Catalyst Center inventory. |
|
Brownfield deployment's default method lists for authentication and authorization are overridden after provisioning wireless controllers. |
|
LAN automation fails after upgrading to Catalyst Center 2.3.7.7 from version 2.3.5.6. |
|
Catalyst Center Compatibility Matrix indicates the wrong device version for aWIPS profile configuration support. |
|
The pki-broker service doesn't notify the provisioning service when it receives a SCEP renewal request from a device, which results in a compliance violation. |
|
When the client is disconnected, use "network_user_id" to search /dna/intent/api/v1/client-enrichment-details and Catalyst Center displays a 404 error. |
|
Airdrop signature is included in the aWIPS signature file that's pushed to Cisco Catalyst 9800 Series wireless LAN controllers, which results in "Airdrop Session" alarms. |
|
Error message directs users to contact Cisco TAC when they haven't applied mandatory updates. |
|
Multiple Catalyst Center is not enabled after upgrading to Catalyst Center 2.3.7.7 from version 2.3.5.5 (integrated with Cisco ISE 3.2). |
|
Smart Licensing page indicates that a Smart Account is not configured even though it has been linked with Catalyst Center. |
|
Deletion of security group tags is not reflected on Cisco ISE reader nodes. |
|
Unable to trigger a new LAN Automation session when Catalyst Center uses an external IPAM server. |
|
The response for a ping argument that includes a vertical bar (|) character indicates the Apache Tomcat version used by an API. |
Catalyst Center 2.3.7.9
This table lists the resolved bugs in Catalyst Center, Release 2.3.7.9.
Bug identifier | Headline |
---|---|
Clear a port assigned to a static with a client VLAN and generate a config preview. The preview config shows no config. |
|
The "ha.apicnetworkprogrammer.service.queue.client_id" queue builds to hundreds of GB, causing RabbitMQ to crash. |
|
SNP testing of long term client reports consistently failed with Rest API execution. |
|
Catalyst Center GUI is stuck in a login loop. |
|
Disaster Recovery: Link_Up/Down events delayed message is not triggered on active cluster even after generating trap for hour. |
|
After performing Catalyst Center Over The Air (OTA) capture and then attempting to stop it, the stop action fails within the task. |
|
Catalyst Center2.3.5.5: Device-manager goes to CrashLoopBackOff state. |
|
Application telemetry shows "Not Provisioned" after upgrading Catalyst Center from 2.3.7.5.70434 to 2.3.7.6.70232. |
|
GET issues API returns error 500. |
|
Multiple messages are sent to Cisco ISE for the same Endpoint without any changes causing performance degradation on Cisco ISE. |
|
During AP roaming, wireless controller fails with Internal Error com.cisco.xmp.grt.model.GlobalReference was altered. |
|
The "Not Available" WAN links are shown as "Not tagged as WAN" for its corresponding network devices in Inventory, and sometimes are not even present in the device according to information in Device Details and Device360 page. |
|
The Application Hosting application installation on an AP fails. |
|
Subscriber subnets are learned as BGP routes in the Provider subnet, even though BGP is not in use in the deployment. |
|
The "Update Wireless Profile" API call ignores the sites array and overwrites it with an empty list. |
|
Client event data from Cisco AireOS Wireless Controllers are incorrectly filtered resulting in missing client sequencing. |
|
Incorrect results from /dna/intent/api/v1/wireless/profile for flex attribute. |
|
Software image distribution failed even though had enough space in the flash. |
|
Wide Area Bonjour UI slowness is observed and some services become unavailable. |
|
A stale NFS causes Catalyst Center instability. |
|
The WLAN policy profile may be deleted and read when a controller is provisioned. |
|
These APIs aren't accessible and return this error:
|
|
Catalyst Center QoS negates configuration from border nodes when previewing the QoS policies. |
|
Telemetry is in connecting state due to null response from broker-agent. |
|
Catalyst Center's page may show a cluster's previous IP addressing scheme rather than the current one. |
|
After marking a faulty fabric edge node for replacement, network readiness fails with this error:
|
|
Full SSH access to one of the Catalyst Center nodes may not be possible as the CLI session gets stuck. |
|
Packet loss for some applications may be displayed as more than 100 % on Application 360 page. |
|
Cannot trigger an Assurance full backup. |
|
Even though the Catalyst Center bundle "Network Issue Monitor and Enrichment for ITSM" is configured, network events are not sent to ServiceNow. Network events created in the device are seen in the device UI. However, they are not seen in the runtime dashboard of Catalyst Center and ServiceNow. |
|
SRBAC: Non global user delete the report generated by global user using API. |
|
VM Upgrade retry from UI keeps failing after it fails initially due to NTP not in healthy state. |
|
Catalyst Center may fail to resync a managed device citing the error internal error ObjectNotFoundException in StaticRouteTable. |
|
System Validation for Cisco ISE retry interval should be increased. |
|
Cisco ISE FQDN name changes in Catalyst Center after upgrade of Cisco ISE to version 3.2. |
|
A stale DR_CONFIGURE_CLUSTER workflow causes an error. |
|
The SPF data migration lock causes other operations to get stuck for more than 24 hours. |
|
Unable to delete or modify the fabric configuration of a specific device. |
|
Catalyst Center's system-manager service may remain in a crashloopbackoff state while the maglev user account is locked within the container. |
|
SCH proxy device shows a "Connection mode out of sync" error. Process to update connection mode via Sync button fails to resolve message and shows successful. |
|
The dnacaap-runtime pod doesn't have the trust certificates needed to connect to ServiceNow. |
|
Due to a topology change, an RMA marked for replacement goes to readiness failed state. |
|
Catalyst Center ServiceNow integration fails with error "Invalid CIClass(es)". |
|
Elasticsearch node startup failures occur due to stale NFS handles during restarts |
Catalyst Center 2.3.7.7-70047-CSCwn89323.SMU Software Maintenance Update
This table lists the resolved bugs in the Catalyst Center 2.3.7.7-70047-CSCwn89323.SMU.
![]() Note |
|
Bug identifier | Headline |
---|---|
After upgrading from Catalyst Center 2.3.5.3 to 2.3.7.5, an error occurs when trying to provision a Cisco Catalyst 9800 Series wireless controller. |
|
SWIM update operations on a tagged golden image with add-ons succeed, but Catalyst Center indicates the device's software image is non-compliant, and the Inventory window's OS Update Status field lists |
|
Catalyst Center's Image Repository may indicate that no images are available for a managed device family, even though files have actually been uploaded. |
|
Unable to provision a Cisco Catalyst 9800 Series wireless controller after upgrading from Catalyst Center 2.3.5.3 to 2.3.7.5. The GUI displays this error message: |
|
In a 1+1+1 disaster recovery setup running Cisco DNA Center 2.3.5.5, user-defined templates may not be displayed as expected after a failover to the recovery site. |
|
API error occurs after provisioning a template. |
|
Disabling application telemetry on a wireless controller results in this error: |
|
After a software upgrade of Cisco Industrial Ethernet 2000 Series switches, some of these switches were booted up from an SD card instead the local device flash. Since the current running configuration was not copied to the SD cards, these devices started up without the configuration. |
|
RAPI client offset ranges from 1–10,000 clients, event though Catalyst Center supports more than 10,000 clients. |
|
Not able to receive notifications regarding rogue and aWIPS events after restarting RabbitMQ. |
|
OUI download doesn't work when the schemaregistry service is down. |
|
The PoE dashboard's Estimated AP Power Saving tile indicates that no power has been consumed, even though PoE-capable devices are connected to Assurance. |
|
In a Catalyst Center 2.3.7.6 instance deployed as a virtual machine, searching for a wired client by username may result in a page that cites an undefined error. |
|
After running Catalyst Center's migration script on a server and restoring the corresponding backup file to a Catalyst Center on ESXi virtual appliance, the migration may fail and cite this error: |
|
Catalyst Center pushes a Cisco IOS XE upgrade to a Cisco Catalyst IE3400 Heavy Duty Series switch's flash memory instead of its SD card. |
|
Unable to view API documentation after backing up a second-generation Catalyst Center appliance and restoring the backup file to a three-node cluster of XL third-generation appliances. |
|
After manually importing admin certificates to Cisco ISE's trustpool, Catalyst Center may indicate that Cisco ISE integration was successful, even though the ise-bridge log lists a certificate chain mismatch error. |
|
Can't enable application telemetry for a wireless profile whose name contains a space. |
|
Migration of IPv4 pools to IPv6 fails. Fabric edge devices don't receive IPv6 configurations after migrating from a single-stack pool to a dual-stack pool. |
|
Upgrade to Catalyst Center 2.3.7.6 fails because the mexplorer package doesn't deploy. |
|
After upgrading to Catalyst Center 2.3.7.6, notifications are not sent after a device unreachable event in Assurance has been resolved. |
|
Unable to upgrade the base-provision-core:2.1.718.60779 package when upgrading from either Catalyst Center 2.3.5.5 or 2.3.5.6 to 2.3.7.6. |
|
After upgrading to Catalyst Center 2.3.7.6, a NullPointerException occurs when provisioning a Cisco SD-Access fabric with VN anchoring configured. |
|
After upgrading to Catalyst Center 2.3.7.6.70319-CSCwn31915.SMU, an unknown error occurs after trying to import a subordinate CA certificate. |
|
Kafka drops topology messages larger than 1 MB, resulting in missing topology exports. |
|
Unable to start LAN automation. |
|
A DeviceInterfaceInfo migrator exception occurs when a device's owning entity ID can't be found. |
|
MongoDB's endpoint-analytics folder is bloated, which can cause backups to fail or result in disk utilization errors for MongoDB. |
|
An incorrect container version was configured in the dnac_maglev_package repository. |
|
Unable to edit floor maps or view planned APs. |
|
A deleted template is not removed from the cache after a disaster recovery failover. |
|
Can't remove a planned AP from a floor map, even though the AP has been removed from the inventory. |
|
Removing an inherited virtual network removes the wireless controllers from the anchor site's LISP configuration. |
|
Unable to migrate from Catalyst Center 2.3.7.7 to Catalyst Center 2.3.7.7 on ESXi by running the migration script. |
|
After upgrading from Catalyst Center 2.3.3.7-72328 to 2.3.7.7-70047, the PKI broker fails to start when the root CA has expired. |
|
Authentication and policy servers ignore read-only parameters. |
|
Cisco IMC firmware version checks are not working properly. |
|
Provisioning failure caused by a NullPointerException. |
Catalyst Center 2.3.7.7
This table lists the resolved bugs in Catalyst Center, Release 2.3.7.7.
Bug identifier | Headline | ||
---|---|---|---|
During upgrade from 2.3.3.x or earlier to 2.3.5.x or later, postgres is upgraded from version 9 to 11. |
|||
Catalyst Center ITSM CMDB sync fails with a timeout error on BAPI Schedule to Publish Inventory Details - ServiceNow Connector. |
|||
The etcd service exceeds memory limits, causing the system to be unstable in a disaster recovery environment. |
|||
The GlusterFS daemon keeps crashing for NDP brick. Pipelines are down. |
|||
The kibana-logging service has a CrashLoopBackOff [cross-writes] issue. |
|||
While creating a template in the Template Hub, the hint text may not show for variables in the provision workflow. |
|||
The "pipelineruntime-taskmgr-spa-apps" encounters an Out Of Memory (OOM) error due to a large SXPBindings string. |
|||
Catalyst Center 2.3.7.6: The System Certificates page showing the Enterprise JavaBeans Certificate Authority (EJBCA) Service is unavailable. |
|||
The Group-Based Access Control overview page shows most active policies and security group data. However, when clicking View Traffic for a security group, the page shows no matching records found. |
|||
The Catalyst Center reporting tab freezes when the MongoDB contains an excessive number of report records. |
|||
Rogue on wire is inconsistent when providing data about the switch port and other details. |
|||
Most fabric provisioning tasks are blocked because the Border AS is 65540. |
|||
After a Catalyst Center upgrade, the earlier allocated IP address of an overlapping pool reallocates again to P2P links, even though the same P2P address exists in the network. |
|||
Catalyst Center's REST API for managed device count may fail to return expected results, and returns instead a 404 error. |
|||
The Reports page is unresponsive and the number of records in trigger_execution_context table of MongoDB continues to grow. |
|||
Network orchestration service gets OOM killed. |
|||
WLAN provisioning/preview fails when managed locations are only floor level with site-level override. |
|||
Whenever static port assignment is done or an assigned port is cleared, "macro auto global processing" is enabled globally, which affects IP phone/AP onboarding due to the macro-based configuration pushed to those ports. |
|||
For Catalyst Center on ESXi, a long-path cluster upgrade from 2.3.7.3, 2.3.7.4, 2.3.7.5, or 2.3.7.6 to 2.3.7.7 fails during the node-readiness check because of a kubelet certificate refresh issue.
|
|||
Wireless controller provisioning fails with this error:
|
|||
No lambda request is triggered and no error/traceback log is seen in provisioning service. |
|||
Cisco SD-Access: Fabric border may fail due to a NullPointerException in the network-programmer logs and this error in the GUI:
|
|||
Report generation may fail at scale due to API response time. |
|||
The ThousandEyes Enterprise agent tests tab does not display data on Catalyst Center. |
|||
Port assignment may fail with this error:
|
|||
Catalyst Center attempts to push an unexpected IPv6 config even without IPv6 pools added to the fabric. |
|||
Catalyst Center 2.3.7.6 upgrade: Network-visibility install fails if application-policy is deployed and uninstalled. |
Catalyst Center 2.3.7.6
This table lists the resolved bugs in Catalyst Center, Release 2.3.7.6.
Bug identifier | Headline |
---|---|
Image update readiness check and file transfer check may fail citing the error, "HTTPS is not reachable" when Catalyst Center has a fully qualified domain name (FQDN) in its CA certificate, instead of an IP address. |
|
Wireless provision BAPI fails without optional "managedAPLocations" parameter. |
|
Create Report APIs (/daas/core/data-set) throw a 500 error and fail to generate the reports. |
|
Checking connectivity in a ServiceNow instance fails with this error:
|
|
Enterprise-SSID API responds with Failure for INVALID_RADIO_POLICY. |
|
Devices are not showing in the smart license compliance workflow. |
|
Unable to delete Catalyst 9300 device from Catalyst Center inventory. |
|
Anycast gateway creation workflow stuck with "NCSP11192 Invalid/Null filters" error. |
|
After Webhook configuration, Catalyst Center is either not sending the alerts or is sending them incorrectly. |
|
Purchase count for Catalyst 9300 device is not matching on the overview page |
|
Catalyst Center pushes unsupported commands to CMICR-4PS switch. |
|
SWIM image repository allows arbitrary XML upload and command execution. |
|
Catalyst Center may remove managed sites from the configuration of both primary and secondary Catalyst 9800 wireless LAN controllers during provisioning. |
|
Upgrading to Catalyst Center 2.3.7.6 fails with this error:
|
|
APs with the same IP address as the wireless controller cause AP provisioning failures. |
Catalyst Center 2.3.7.5
This table lists the resolved bugs in Catalyst Center, Release 2.3.7.5.
Bug identifier | Headline |
---|---|
Catalyst Center telemetry provision for AVC on wireless controller SSID disabled on failure |
|
Software distribution on Cisco Catalyst 9800 Series Wireless Controller is not recognized if activation is skipped using SMU and APSP. |
|
The workflow API_ENDPOINT_CREATE takes a long time to complete. |
|
Catalyst Center started reporting SPF-service-down, could not retrieve compliance related device data. |
|
Catalyst Center may initiate install commit for ISSU before staggered AP upgrade is completed. |
|
Software image shows needs update even after successfully upgrading the software image on the device. |
|
Software image activation failed while trying to upgrade the IOS-XE along with sub-package on wireless controller through Catalyst Center. |
|
SWIM APSP activation is taking base image name instead of APSP image name. |
|
Catalyst Center 2.3.3.7: Unable to generate inventory report with approximately100 device due to "BAPI Execution Failed" error. |
|
Catalyst Center is generating reports without complete information. |
|
Self-identifying antenna showing as 'Unsupported' in wireless maps. |
|
Catalyst Center 2.3.5.4: SWIM task showing In Progress never fails or is completed. |
|
The number of managed locations for a site is not changing after successful provisioning. |
|
Cisco Catalyst 9800 Series Wireless Controller provisioning fails due to |
|
Software image management fails for Catalyst 9600 StackWise virtual link due to connection timeout error. |
|
Anchor wireless controller provisioning failed with error |
Catalyst Center 2.3.7.4
This table lists the resolved bugs in Catalyst Center, Release 2.3.7.4.
Bug identifier | Headline |
---|---|
After a disaster recovery failover, Controller-Based Application Recognition (CBAR) provisioning fails in specific scenarios for Cisco Catalyst 9800 controllers, Catalyst 9300 switches, and Catalyst 9400 switches that have wireless enabled on them. |
|
Inventory Insights shows configuration mismatches for nonexistent uplinks. |
|
Image distribution fails for Cisco Catalyst 2960 devices. |
|
After successfully generating a report, Catalyst Center doesn't send the report to the configured webhook server. |
|
The "Add SSID to IP Pool Mapping" API fails with this error:
|
|
Multiple switch provisioning fails on a template with an implicit variable. |