Requirement to Reauthenticate Cisco.com and Smart Account Credentials After Upgrade

After you upgrade to Catalyst Center 2.3.7.9, you must reauthenticate your Cisco.com credentials (under System > Settings > Cisco.com Credentials). To add a new user or change to a different user, you must open a private or incognito browser window (to avoid using previously cached credentials). To change the user, you must delete that user. Then, open a private or incognito browser window, click Add, and add the user.

Then, under System > Settings > Cisco Accounts > Smart Account, link your Smart Account user and your Smart Account name to your Smart Licensing account. To add a Smart Account user, use a private or incognito browser window (to avoid using previously cached credentials). After you click Add, enter the email address that's tied to your Cisco.com account.

If this Smart Account user now appears in both the Smart Account Credentials section and the Expired Smart Accounts section, you must delete it from the Expired Smart Accounts section.

Default Password Change in 2.3.7.9

The password must contain a minimum of nine characters.

Starting in 2.3.7.9, the default password for the Catalyst Center physical appliance changes to P@ssword9.

In 2.3.7.7 and earlier, the default password for the physical appliance is maglev1@3.

For the Catalyst Center virtual appliance 2.3.7.9 and earlier, the default password is maglev1@3.

Support of Mixed HA Clusters

Catalyst Center 2.3.7.9 adds support for mixed three-node clusters that have HA enabled. A mixed cluster consists of both second- and third-generation Catalyst Center appliances. For more information, see the "Supported Appliances" topic in the Cisco Catalyst Center High Availability Guide.

Enhancements to Wireless Maps to Support MLO Clients

Wireless maps include these enhancements to support multilink operation (MLO) clients:

• The 2D and 3D maps toolbar UI is enhanced to include separate buttons for the Wi-Fi bands instead of a Wi-Fi band filter drop-down list. You can now click the button to choose a corresponding Wi-Fi band.

• In the Data/Filters > Clients slide-in pane, the MLO Client column is added to the table.

• For a client, when you hover your cursor over the corresponding icon or click the icon to display the details in a slide-in pane, the Wi-Fi band information is displayed.

Enhancements to Wireless Maps to Support CNS Licenses

Wireless maps include these enhancements to support the CNS licenses:

• For APs that are license noncompliant, the 2D map toolbar displays an error notification. Click the corresponding hyperlink to view the details. In the dialog box, you can click License Manager to open the License Manager window.

• For APs that are in worldwide safe mode (WWSM), the center circle of the AP icon displays the letter W to indicate WWSM.

• For APs that are in WWSM, the radio status of the 5-GHz and 6-GHz bands is down.

• For APs that are in WWSM, when you hover your cursor over the corresponding AP icon, the license noncompliance information is displayed.

• In the Data/Filters > Access Points slide-in pane, the License Status column is added to the table.

Enhancements to Wireless Maps GUI

Catalyst Center enhances user experience in the Design > Network Hierarchy window by adding Wi-Fi Band attribute in the hover-over menu, and details slide-in pane for Access Points.

Parallel Redundancy Protocol

The Parallel Redundancy Protocol (PRP) provides high availability in Ethernet networks. This technology suits a variety of critical infrastructure and heavy industries that require continuous, high availability operation.

12-Hour or 24-Hour Clock Format

You can set a 12-hour or 24-hour display format for time across the GUI.

Auto Locate APs on a Floor Map

Using the Auto Locate Access Points feature, you can automatically position and locate APs on a floor map.

Collect Root Cause Analysis (RCA) Data of Provisioning Failure

The Support Bundle enables you to collect the RCA of provisioning failure and upload the RCA file to a Cisco TAC service request.

Consent to Connect Update for Advanced Features

Catalyst Center has updated the Consent to Connect for Advanced Features. For details, see the Cisco Catalyst Center Privacy Data Sheet and Cisco Catalyst Center Telemetry White Paper.

To review your current settings, choose System > Settings > Machine Reasoning Engine.

Compliance Support for Out-of-Band Configuration Changes

Catalyst Center allows you to view the details of an out-of-band configuration change. The details include username, IP address, terminal name of the user, configuration method used, and the event of the configuration change.

Enhancements to Enable Application Telemetry Workflow

The Enable Application Telemetry workflow now supports:

• Visibility and Control of Configurations: Allows you to preview the device configurations before deploying them.

• Enable Application Telemetry is enabled under the Actions drop-down list in the Inventory window even if application telemetry is already enabled on the device. You can now re-enable application telemetry or apply the latest changes to the device.

Enhancements to Remote Support Authorization

You can now create a remote support authorization without the SSH credentials and assign access roles for the Cisco specialists.

Forced Inventory Sync Now Includes a Two-Hour Timeout

In case of provisioning failure, configuration changes on the device and database changes in the inventory are rolled back. If these rollback operations fail, a forced inventory sync is attempted by an error handler in the provisioning stack. The duration of the inventory sync depends on the size of the configuration on the device and whether there are other devices in the queue for inventory sync. In earlier releases, inventory sync could take hours to complete, leaving users without feedback on the provisioning operation.

The forced inventory sync by the error handler now includes a two-hour timeout. As a rule of thumb, if a provisioning operation is reported as failed after two hours, you should perform a manual inventory sync from the Inventory window before starting another provisioning operation.

Media Redundancy Protocol (MRP) Ring

Catalyst Center supports MRP ring for Cisco Industrial Ethernet (IE) 3000, 4000, 5000 Series Switches. MRP provides fast convergence in a ring network topology for Industrial Automation networks.

Switch Refresh Workflow

Catalyst Center supports refresh of Cisco Switches. Switch Refresh workflow allows you to replace an old switch with a new switch.

Currently switch refresh is available for Cisco Catalyst 3650 and Cisco Catalyst 3850 Switches running on Cisco IOS XE.

View Device Certificate Status

You can now view the device certificate status on the Catalyst Center home window, Device Certificate Issues tile. The detailed view is displayed on Provision > Inventory window, under the Certificate Status column.

Enhancements to Configuring Global Device Credentials

On the Device Credentials window, you can now only assign and unassign device credentials to and from sites. On the Manage Credentials slide-in pane, you can manage your device credentials using the Focus drop-down list. Depending on which focus you choose (Current site or System), you can perform specific actions.

Enhancements to Device Onboarding and the Discovery Workflow

The Add Device option in the Catalyst Center Inventory is enhanced to include options for adding both new and existing devices.

The discovery workflow includes enhancements, such as:

• The Provide Credentials window now includes the option to configure advance settings along with the CLI and SNMP credentials.

• The Schedule Job window combines site assignment and scheduling of the discovery job.

Enhancement to Device Resynchronization

Prior to this release, restarting the inventory service would trigger resynchronization for all devices in the inventory. With this release, device resynchronization is triggered after the inventory service restart under these circumstances only:

• After Catalyst Center upgrade.

• If the device's synchronization is in terminated or delayed state after the service restart.

• If the device's last synchronization time has crossed the configured cutoff time.

Enhancements to Device Upgrade Readiness Check

• Flash Check: Calculates the space required for upgrading to a golden image with add-on and does a flash clean up proactively before image distribution.

• Weak Crypto Check: Checks whether the device is configured with weak crypto and blocks image upgrade. This readiness check is applicable only for devices with software image version 17.14 and later.

• File Transfer Check for FQDN Setup: Checks whether the name server associated with the device is reachable and displays an error message.

Enhancements to Disaster Recovery Witness Site Upgrade Process

Using an SSH client, you can upgrade a disaster recovery system's witness site using the witness upgrade command. In the Cisco Catalyst Center Administrator Guide, Release 2.3.7.x, see the "Implement Disaster Recovery" chapter's "Upgrade the Current Witness Site" topic.

Enhancements to LAN Automation Workflow

The LAN automation workflow has these enhancements:

• The Discovery Depth field allows you to specify the level up to which devices can be discovered through LAN automation. The default value for Discovery Depth is 2 and the maximum value is 5.

• You can specify a Session Timeout value for the LAN automation session.

• You can choose an option for device matching during discovery. In Strict mode, device discovery is restricted to the list of devices provided. In Relaxed mode, hostname and loopback IP is assigned to the discovered device if the device's serial number matches the uploaded device list.

• In the Edit Devices window, you can now edit the hostname and Loopback0 IP addresses for LAN automated and seed devices.

• LAN automation supports /27, /28, and /29 IP address pools.

CLNS MTU Configuration Changes During LAN Automation

In Catalyst Center Release 2.3.7.5 and later, the CLNS MTU is configured to a minimum value of 1492 instead of 1400 on LAN automated devices.

Progress Bar Support for Network Devices Provisioning

The Task Progress bar on Activities > Tasks window, displays the progress of the ongoing provisioning task for your network devices.

Support for the Workflow Progression View in Visibility- and Control-Enabled Provisioning Workflows

If a visibility- and control-enabled provisioning workflow supports the workflow progression view, the Preparing Devices and Configuration Models window displays the steps the system takes to prepare a listed device.

Support for Third-Generation Catalyst Center Appliances

Catalyst Center supports these third-generation appliances, which are based on the Cisco UCS C220 and C240 M6 servers:

• 32-core appliance: Cisco part number DN3-HW-APL

• 56-core appliance: Cisco part number DN3-HW-APL-L

• 80-core appliance: Cisco part number DN3-HW-APL-XL

For more information, see the Cisco Catalyst Center Third-Generation Appliance Installation Guide, Release 2.3.7.x.

Support for Viewing and Editing Layer 2 Configurations of a Device

You can view and edit the Layer 2 configurations of a device in the Catalyst Center inventory.

Third-Party Devices Support

Catalyst Center allows third-party devices to populate SNMP MIB-II values.

Weak Crypto Check

To ensure a secure network connection Catalyst Center does a weak crypto check to evaluate the device configuration, and blocks the device provisioning/upgrade/site assignment for devices that are configured only with MD5 authentication for SNMP credentials. This is applicable only for devices with software image version or golden tagged image version 17.14.1 and later.

Name Change to Catalyst Center

As part of our vision to converge our products around an integrated platform, we are changing the name of Cisco DNA Center to Catalyst Center in this release. The capability and functionality of Catalyst Center remains the same as Cisco DNA Center.

This name change is part of our simplified branding for the Catalyst Center Stack. Cisco is now connecting the power and flexibility of the Catalyst brand across the entire enterprise networking stack with Catalyst Center (formerly Cisco DNA Center), Catalyst Software and Licensing (formerly Cisco DNA Software and Licensing), Catalyst Wireless, Catalyst Switching, Catalyst Routing, and Catalyst SD-WAN (formerly Cisco SD-WAN or Viptela SD-WAN).

Enhancements to the Catalyst Center Home Page

The Catalyst Center home page displays a new welcome message and displays license and release banner messages relevant to Catalyst Center. The Tools area is removed and is accessible from the menu in the top-left corner.

Enhancements to the Menus

To streamline workflows and standard nomenclature, we changed several menu option names, moved several submenu options, and added a secondary launch point for Interactive Help.

The menu option changes include:

• Design > Network Settings > Network is now Design > Network Hierarchy > Servers.

• Design > Network Settings > SP Profiles is now Design > Service Provider Profiles.

• Provision > Stealthwatch Security Analytics is now Provision > Stealthwatch Security.

• Tools > Template Hub is now Design > CLI Templates.

• Tools > Model Config Editor is now Design > Feature Templates.

• The Activities menu option now lists two submenu options: Audit Logs and Tasks.

• System > System Health is now System > System 360 > System Health.

• System > Settings > Telemetry Collection is now System > Settings > Product Telemetry.

• The Help icon lists the new secondary launch point for Interactive Help.

Enhancements to the Configure AI-Enhanced RRM Workflow

You can configure an AI-enabled radio frequency profile without device provisioning.

Device Compliance and Pending Operation Prechecks for a Seamless Deployment

To ensure a seamless deployment, Catalyst Center does a set of prechecks to ensure that any pending operations that conflict with the current task and any device compliance issues are addressed.

Log Collection for a Device

When a resync is done for a specific device, the debug log is enabled automatically for that device, and XDE and device pack logs are collected.

Updating the KGV Bundle

You can request a new KGV download workflow by clearing all the stale and suspended integrity verification (IV) workflows, if there are any.

Usability Enhancements to Previewing Configurations in Visibility- and Control-Enabled Workflows

When previewing configurations in a visibility- and control-enabled workflow, you can display the device configurations in a side-by-side comparison view.

Usability Enhancements to Support Service

Support Service has these enhancements:

• When creating a remote support authorization, you must first accept the Access Permission Agreement.

• "SR" is replaced with "case number."

• The Past Authorizations table is searchable and contains a column for the case number.

Visibility and Control of AI RF Profile Configurations

With the Visibility and Control of Configurations feature, you can preview AI RF profile configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them.

AFC support for 6-GHz radio frequency in AP 360

In the AP 360 window, under the Detail Information > RF tab, Radio 2 (6-GHz band) includes support for Automated Frequency Coordination (AFC). This feature helps to reduce interference between APs and other devices operating on 6-GHz radio frequency, and enables the use of Standard Power AP operations.

Enhancements to the AI-Enhanced RRM Dashboard to Support CNS Licenses

Wi-Fi 7 APs use the CNS licenses. If there are any Wi-Fi 7 APs that don't meet the license requirements, the Summary dashlet displays the number of these APs for the 5-GHz and 6-GHz bands that aren’t operational. You can click the corresponding hyperlink to view a dialog box with the details.

Wi-Fi 7 Capability Support in Client Health Dashboard

With this release, Wi-Fi 7 capability support is added to Client 360. Multiple Link Operational (MLO) capable clients can now simultaneously establish connections to different combinations of 2.4-GHz, 5-GHz, or 6-GHz bands.

6-GHz Radio Band Support

6-GHz radio band support is added to the Peer Comparison dashboard.

Enhancements to the Power Distribution Dashlet in the AI-Enhanced RRM Dashboard

In the Power Distribution dashlet of the AI-Enhanced RRM dashboard, the Filter drop-down list is now available for all the radio bands. Using this option, you can view the data based on Power Level or Power dBm.

Enhancement to Error Messages

The error messages displayed across the Catalyst Center application now include a request ID, which helps the TAC team correlate and track the back-end service error logs.

Cisco TrustSec Environment Data Download Status

With this release, the Cisco TrustSec environment data download status issue support is extended to EVPN fabric deployments.

Enhancement to Deploying and Undeploying Sensor-Driven Test Templates

When you deploy or undeploy an IP Service-Level Agreement (SLA) performance test as a part of a sensor-driven test template, Catalyst Center asks if you want to configure the relevant commands on the wireless controllers to enable or disable IP SLA, so the sensors do or do not run the tests against the APs.

Enhancements to Intelligent Capture Settings

In Assurance > Settings > Intelligent Capture Settings, the enhancements include:

• The Configuration Status column is added to view the configuration status of the onboarding and full packet capture sessions.

  You can also view the configuration status of the AP Statistics Capture and Anomaly Capture sessions under the respective tabs.

• For AP Statistics Capture and Anomaly Capture, you can only enable or disable specific APs or all APs managed by a wireless controller. The None option to disable these two features on all APs is no longer supported.

• To streamline the nomenclature of Intelligent Capture, the tab names on the Intelligent Capture Settings are updated, including:

  • Client Schedule Capture is now Onboarding Packet Capture.

  • Client Data Packet Capture is now Full Packet Capture.

  • OTA Sniffer Capture is now OTA Sniffer.

Support of Visibility and Control of Wireless Device Configurations for Intelligent Capture

With Intelligent Capture support for the Visibility and Control of Configurations feature, you can preview AP and wireless controller configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them.

Telemetry Status in SD-Access Health Dashboard

In the Assurance > SD-Access Health dashboard, you can view the Telemetry Status of fabric sites, transits, and virtual networks. You can also troubleshoot the root cause and auto recovery for the missing telemetry data for the network devices.

Troubleshoot Telemetry Data for Wired Devices Using MRE Checks

Using MRE checks, you can troubleshoot the root cause of missing telemetry data for switches and routers. The MRE check includes:

• Check SNMP telemetry subscriptions status

• Get NETCONF details

MRE availability checks if it’s possible to automatically correct and resolve any certificate issues that are causing availability problems for network devices.

MRE for Time Drift issue: If an excessive time drift occurs between Catalyst Center and the network device and that time drift is resolved manually by configuring the NTP, during the next synchronization cycle, the excessive time drift issue is resolved automatically.

Assurance EVPN Support

With this release, Assurance supports EVPN fabric deployments. These issues are added:

• VNI(s) Down on Fabric Node: This issue is triggered when the VNI(s) are down on a fabric node device in an EVPN protocol network.

• Expected Peer not present on Fabric Node: This issue is triggered when the NVE peer is missing from a fabric node device in an EVPN protocol network.

• BGP Session to Spine Node Down: This issue is triggered when the BGP session is down between a fabric node and a spine role fabric node in a fabric site.

Assurance Issues

With this release, a new Assurance telemetry status is poor issue is added to Router, Core, Distribution, and Access issues, Controller, Wired Client, Wireless Client under the System category. This issue is triggered when the telemetry status of the network device or client is poor. The issue is automatically resolved when the telemetry status is good.

SNMPv3 Support for AES192 and AES256 Encryption

With this release, Catalyst Center supports CISCOAES192 and CISCOAES256 encryption for SNMPv3 configuration. If you add devices with AES192 or AES256 encryption to Catalyst Center, Assurance data is collected for those devices.

Support for Visibility and Control of RF Configurations in the AI-Enhanced RRM Control Center

With the Visibility and Control of Configurations feature, you can preview RF configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them. In the AI-Enhanced Radio Resource Management (RRM) Control Center, the AI RF Profile Simulator and Insights support the Visibility and Control of Configurations feature.

Telemetry Status in Assurance Health Dashboards

In the Assurance Network and Client Health dashboards, you can view the Telemetry Status of the devices and clients in your network.

API Operations

Catalyst Center platform supports new enhancements in API operations.

For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide.

For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet.

API Operations

Catalyst Center platform supports new API operations.

For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide.

For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet.

New Events

License Management Event

Catalyst Center Platform supports the following new License Management event:

LIC-PRODUCT-REG: This event notification is generated during Product License Registration.

System Internal Event

Catalyst Center Platform supports the following new System Internal event:

SYSTEM-INTERNAL-CERTIFICATE: This event will be published during the certificate health check and certificate refresh workflow. It is intended only for human visual consumption, with the contents subject to change at any time. If this event occurs, please contact the TAC team for remediation.

New Report Template

Inventory Report

This Catalyst Center Platform release supports a new Inventory report template called All Data Version 2.0. This new all data view provides detailed information about network devices, distribution of devices over time, device count by site, device count by device type, device count by software version and device count by fabric role, more efficiently.

For more information, see “Run an Inventory Report” in the Cisco Catalyst Center Platform User Guide.

API Operations

Catalyst Center platform supports new API operations.

For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide.

For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet.

New Events

System Notification Event

Catalyst Center platform supports the following new System Notification event:

CERTIFICATE_AUTHORITY_STATUS: This notification event is generated when the Certificate Authority is close to expiring or expired.

Introduction of v2 System Notification Events

With this release, the existing System Notification events are deprecated and new v2 events are introduced. To edit your event subscriptions, see the following table, "New and Deprecated System Notification Events in Catalyst Center Platform, Release 2.3.7.6."

SYSTEM-BACKUP

SYSTEM-BACKUP-v2

System Backup

System Backup v2

Cisco DNA Center System

System

Backup

System Backup

The event is generated on failure during backup operation.

SYSTEM-RESTORE

SYSTEM-RESTORE-v2

System Restore

System Restore v2

Cisco DNA Center System

System

Restore

System Restore

The event is generated on failure during restore operation.

SYSTEM-SOFTWARE-UPGRADE

SYSTEM-SOFTWARE-UPGRADE-v2

System Software Upgrade

System Software Upgrade v2

Cisco DNA Center System

System

Software Upgrade

System Software Upgrade

The event is generated on failure during software upgrade operation.

SYSTEM-DISASTER-RECOVERY

SYSTEM-DISASTER-RECOVERY-v2

Disaster Recovery health status

Disaster Recovery health status v2

Cisco DNA Center Appliance

System

Disaster Recovery

Disaster Recovery

This event publishes notifications to any subscriber, when the state of disaster recovery changes.

SYSTEM-EXTERNAL-CMX

SYSTEM-EXTERNAL-CMX-v2

CMX connectivity failure

CMX connectivity failure v2

Integrations

External Integrations

CMX

CMX Connectivity

This event publishes notifications to any subscriber, when the connectivity to CMX has failed.

SYSTEM-EXTERNAL-IPAM

SYSTEM-EXTERNAL-IPAM-v2

External IPAM provider connectivity failure

External IPAM provider connectivity failure v2

Integrations

External Integrations

IPAM Integration

IPAM Integration

This event publishes notifications to any subscriber, when the connectivity to the External IPAM provider has failed.

SYSTEM-EXTERNAL-ISE-AAA-TRUST

SYSTEM-EXTERNAL-ISE-AAA-TRUST-v2

ISE AAA trust establishment failure

ISE AAA trust establishment failure v2

Integrations

External Integrations

ISE

Cisco ISE AAA Trust Establishment

This event publishes notifications to any subscriber, when the ISE AAA Trust Establishment has failed.

SYSTEM-EXTERNAL-ISE-PAN-ERS

SYSTEM-EXTERNAL-ISE-PAN-ERS-v2

ISE PAN ERS connectivity failure

ISE PAN ERS connectivity failure v2

Connectivity

External Integrations

ISE

Cisco ISE PAN ERS Connectivity

This event publishes notifications to any subscriber, when the connectivity to the ISE Primary and Secondary PAN ERS has failed.

SYSTEM-EXTERNAL-ISE-PXGRID

SYSTEM-EXTERNAL-ISE-PXGRID-v2

ISE PxGrid health state change notification

ISE PxGrid health state change notification v2

Integrations

External Integrations

PxGrid

Cisco pxGrid

This event publishes notifications to any subscriber, when the connectivity to the ISE Primary and Secondary PAN ERS has failed.

SYSTEM-EXTERNAL-ITSM

SYSTEM-EXTERNAL-ITSM-v2

External ITSM provider connectivity failure

External ITSM provider connectivity failure v2

Integrations

External Integrations

ITSM Integration

ITSM Integration

This event publishes notifications to any subscriber, when the connectivity to the External ITSM provider has failed.

SYSTEM-CERTIFICATE

SYSTEM-CERTIFICATE-v2

System Certificate Status Notification

Certificate Status Notification v2

Cisco DNA Center System

System

Certificate

System Certificate

The notification event is generated when the system certificate, built-in certificate, proxy certificate, DR certificate or a third-party trusted certificate has expired, been revoked, or will expire in less than 90 days.

SYSTEM-NODE-CERTIFICATE

CISCO-IMC-CERTIFICATE-v2

Node Certificate Status Notification

Cisco IMC Certificate Status Notification v2

Cisco DNA Center System

Appliance

Certificate

Cisco IMC Certificate

The notification event is generated when the Cisco IMC certificate has expired, been revoked, or will expire in less than 90 days.

SYSTEM-CIMC

CISCO-IMC-v2

Cisco IMC Connectivity status

Cisco IMC Connectivity status v2

Cisco DNA Center Appliance

Appliance

Node

Cisco IMC

This event publishes notifications to any subscriber, when the state of Cisco IMC connectivity changes.

SYSTEM-CONFIGURATION

CISCO-IMC-CONFIGURATION-v2

System Appliance Configuration Status Notification

System Appliance Configuration Status Notification v2

Cisco DNA Center Appliance

Appliance

Hardware Configuration

Cisco IMC Configuration

This event publishes notifications to any subscriber, when the Cisco IMC Hardware configurations are not compliant with the Cisco Standards.

SYSTEM-HARDWARE

CISCO-IMC-HARDWARE-v2

System Hardware health status

System Hardware health status v2

Cisco DNA Center Appliance

Appliance

Memory, CPU, PowerSupply, RAID, DISK, Networking

Cisco IMC Hardware Health Status

This event publishes notifications to any subscriber, when the health state of any Hardware component changes. Hardware components supported are: CPU, Memory, Disk, NIC, Fan and Power Supply, and RAID Controller.

SYSTEM-MANAGED-SERVICES

SYSTEM-MANAGED-SERVICES-v2

System managed services

System managed services v2

Cisco DNA Center System

System

Platform Services

System Managed Services

The event is generated on state change of platform provided managed services.

SYSTEM-PERFORMANCE

SYSTEM-PERFORMANCE-v2

System Performance: Filesystem Utilization

System Performance: Filesystem Utilization v2

Cisco DNA Center System

System

FileSystem

System Performance: Filesystem Utilization

This event is used to monitor metrics related to the filesystems (partitions).

SYSTEM-SCALE-LIMITS

SYSTEM-SCALE-LIMITS-v2

System Scale Limits

System Scale Limits v2

Cisco DNA Center System

System

Scale Limits

System Scale Limits

This event is generated when there are scale limits breaches.

SYSTEM-APPLICATION-HEALTH-v1

SYSTEM-APPLICATION-HEALTH-v2

Application Health

Application Health v2

Cisco DNA Center System

System

Application Health

Application Health

The notification event is generated on health state change of applications registered for monitoring.

CISCO-TRUSTED-CERTIFICATE-BUNDLE-v1

CISCO-TRUSTED-CERTIFICATE-BUNDLE-v2

Cisco Trusted Certificate Update Notifications

Cisco Trusted Certificate Update Notifications v2

Cisco DNA Center System

System

Cisco Trusted Certificates

Cisco Trusted Certificates

The notification event is generated when a newer Cisco trusted certificate bundle is available.

INTERNET-URL-ACCESS

INTERNET-URL-ACCESS-v2

Internet URL Accessible Notifications

Internet URL Accessible Notifications v2

Cisco DNA Center System

System

Internet Access

Internet Access

This notification event is generated when any of the URLs that Catalyst Center needs to be able to access (listed in the Installation Guide) are not reachable, which could impact operations.

API Operations

Catalyst Center platform supports new API operations.

For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide.

For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet.

New Events

Assurance Events

Catalyst Center platform supports the following new Assurance events:

• NETWORK-SDA-1-322: The event is generated when the Fabric Border loses connectivity with the Multicast RP in the virtual network. Unique issues are generated for each virtual network.

• NETWORK-SDA-1-345: The event is generated when the Fabric Border loses connectivity with the Multicast RP in the virtual network. A single issue is generated for each pair of Border and RP.

System Notification Event

Catalyst Center platform supports the following new System Notification event:

INTERNET-URL-ACCESS: This notification event is generated when any of the URLs listed in the Installation Guide that Catalyst Center tries to access is not reachable and impacts operations.

New Reports

Audit Log Report

This release supports a new Audit Log report type that provides detailed information about audits for a given time frame.

• You can generate an Audit Log report based on the following criteria:

  • Event Id

  • Namespace

  • Name

  • Description

  • Type

  • Category

  • Domain

  • Sub Domain

  • Severity

  • Timestamp

  • Details

  • Note

  • User

  • Event Hierarchy

  • Message

  • Message Params

  • Parent InstanceId

  • Network

  • Start Time

  • Child Count

• Supported report file formats are CSV and JSON.

• In the Setup Report Scope window, you can sort the Audit Log report based on the following:

  • Domain

  • Category

  • Time Range

• In the Schedule Report window, you can define a date range and select a time zone to generate the report.

• To access the Audit Log report, click the menu icon and choose Reports > Reports Templates > Audit Log.

  For more information about the Audit Log report, see the Cisco Catalyst Center Platform User Guide.

API Operations

Catalyst Center platform supports new API operations.

For more information, see “New and changed information” in the Cisco Catalyst Center Platform User Guide.

For detailed information about the API operations, see the Cisco Catalyst Center APIs on Cisco DevNet.

New Events

Assurance Events

Catalyst Center platform supports the following new Assurance events:

• NETWORK-DEVICES-3-801: The event is generated to display the Assurance telemetry status.

• NETWORK-APPLICATIONS-3-600: The event is generated when business-relevant applications are experiencing network latencies that are higher than normal.

EVPN Events

Catalyst Center platform supports the following new events for EVPN deployments:

• NETWORK-FABRIC_WIRED-1-340: The event is generated when the BGP session is down between the fabric node and the spine role fabric node in the fabric site.

• NETWORK-FABRIC_WIRED-1-342: The event is generated when the NVE peer is missing from a fabric node device in an EVPN protocol network.

• NETWORK-FABRIC_WIRED-1-343: The event is generated when VNI(s) are down on the fabric node.

System Notification Events

Catalyst Center platform supports the following new System Notification events:

• SYSTEM-APPLICATION-HEALTH-v1: The event is generated when there is any change in the health state of the applications registered for monitoring.

• CISCO-TRUSTED-CERTIFICATE-BUNDLE-v1: The notification event is generated when a newer Cisco trusted certificate bundle is available.

Enhancements to the Mobility tab in the device details window

In the device details window, the Mobility tab for wireless controllers is now moved under the CONFIGURATION area.

Enhancements to wireless automation to support Cisco Networking Subscription licenses for Wi-Fi 7 APs

Wi-Fi 7 APs use the Cisco Networking Subscription (CNS) licenses. If these APs don't meet the license requirements, they are in worldwide safe mode (WWSM).

Wireless automation has these enhancements to support CNS licenses for Wi-Fi 7 APs:

• If there are APs that don't meet the license requirements, Catalyst Center displays a dialog box with the details on the Provision > Inventory window.

• In the Configure Access Points workflow, if you select APs that don't meet the license requirements, Catalyst Center displays a dialog box with the details.

• If there are APs associated with a Cisco Catalyst 9800 Series Wireless Controller that don't meet the license requirements, Catalyst Center displays a dialog box with the details during provisioning.

• If you're provisioning APs that don't meet the license requirements, Catalyst Center displays a dialog box with the details.

In the dialog box, you can click License Manager to open the License Manager window and enable the required licenses.

If there are APs that don't meet the license requirements, Catalyst Center also displays the details in the View Device Details window (on the Provision > Inventory window) for the corresponding devices:

• Configuration tab: For the corresponding APs

• Wireless Info tab: For Cisco Catalyst 9800 Series Wireless Controllers that are associated with the corresponding APs

Learn Device Configuration workflow updates

Learning the device configurations using these options is being deprecated:

• Learn Device Configuration workflow

• View Device Details > Learn WLC Config link on the Inventory window.

To manage the Cisco Catalyst 9800 Series Wireless Controllers with existing configurations, you can use the per-device configurations.

Support for Per-Device Configuration for Cisco Catalyst 9800 Series Wireless Controllers

The Per-Device Configuration feature on Catalyst Center enables you to customize individual features or parameters for a Cisco Catalyst 9800 Series Wireless Controller running Cisco IOS XE Release 17.12 or later.

By default, this feature is disabled for the Cisco Catalyst 9800 Series Wireless Controllers. You can enable it using the Enable Per-Device Configuration option on the device details window.

Support for CNS licenses

Catalyst Center supports these new license types:

• CNS Essentials

• CNS Advantage

In this release, these Wi-Fi 7 APs use the CNS licenses:

• Cisco Catalyst 9176D1 Series Access Points

• Cisco Catalyst 9176I Series Access Points

• Cisco Catalyst 9178I Series Access Points

The License Manager window has these enhancements to support CNS licenses:

• In the Overview tab, Catalyst Center also displays the information about the purchased, used, and available CNS licenses.

• In the Licenses tab, Catalyst Center also displays the total, about to expire, and out of compliance licenses details for CNS licenses.

• In the Devices tab, the change license level procedure is enhanced to support the CNS license conversion and removal.

• In the Reporting tab, you can now click the device name to view the corresponding license details. For wireless controllers, you can click the AP number link to view the AP license and compliance details.

To comply with CNS licensing, you must:

• Configure Smart Accounts.

• Choose the Cisco Smart Software Management connection mode.

  Registration of next-generation devices, including Wi-Fi 7, isn't supported in Cisco Smart Software Manager On-Prem connection mode.

• Enable Assurance telemetry for the device.

• Assign the device to a site.

• Enable NTP.

In Catalyst Center, you can register a Wi-Fi 7 AP under License Manager > Reporting. Use the Smart License Compliance workflow to register the AP.

Upgrade summary report

Open this new report to view the results of the latest upgrade of Catalyst Center and its applications.

Ability to edit the Catalyst Center FQDN in day-N

In earlier releases, you can’t edit the FQDN of the Cisco ISE server after Cisco ISE is added to Catalyst Center.

Starting from this release, you can edit the FQDN of the Cisco ISE server after Cisco ISE is added to Catalyst Center.

Automated tagging for flapping APs

In earlier releases, flapping APs triggered traps that resulted in continuous synchronizations of the associated wireless controller to update the AP information.

Effective with this release, Catalyst Center automatically tags flapping APs to discard any events on the AP and prevent unnecessary wireless controller synchronization. If this AP doesn't flap for 10 minutes, Catalyst Center automatically untags the AP.

Enhancements to AP discovery

Effective with this release, the time taken for AP discovery is reduced. Catalyst Center can now discover the APs that have newly joined a wireless controller using an SNMP trap.

Enhancements to IOS CLI generation in Configuration Preview for Cisco Catalyst 9800 Series Wireless Controller

Effective with this release, you can now generate IOS CLI from YANG configuration in the configuration preview for Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.15.1 or later.

Enhancements to remote LAN configuration

The Configure RLAN workflow has these enhancements:

• You can select multiple sites for RLAN configuration.

  Note	The selected sites must be managed by the same Cisco Catalyst 9800 Series Wireless Controller.

• You can reuse RLAN profiles and RLAN policies across multiple sites.

• You can delete unused RLAN profiles and RLAN policies.

Enhancements to SSIDs for multiband operations using the 6-GHz band on Cisco IOS XE devices

Multiband operations using 2.4-GHz, 5-GHz, and 6-GHz bands have these enhancements:

• For devices running Cisco IOS XE 17.12 or later, you can enable all the radio bands on the same SSID with WPA3 enabled.

• For devices running versions between Cisco IOS XE Release 17.7 and Cisco IOS XE Release 17.11, you must enable WPA3 and disable WPA2 for the 6-GHz band to be operational.

Enhancement to task management

You can manually stop in-progress tasks in the Tasks window.

Enhancements to the wireless SSID workflow

In the wireless SSID workflows for the enterprise and guest wireless networks, the settings are restructured to improve the usability.

The workflows also have these enhancements:

• Under the WPA2 Encryption, WPA3 Encryption, or WPA2/WPA3 Encryption section, you can now choose multiple encryption options.

• Auth Key Management section is updated for Wi-Fi 7 configuration.

• AP Beacon Protection check box is added.

Factory reset for APs

Using the Factory Reset feature, you can clear the configurations on the APs. These options are available for resetting the APs:

• Clear all the configurations on the AP and reset it to the default configuration.

• Clear all the configurations on the AP, except the static IP configuration.

After the AP configurations are cleared, the APs reboot.

IP address manager enhancements

In earlier releases, IP address pools on Catalyst Center were always synchronized with the IPAM; you couldn't skip the synchronization. In this release, you can choose whether to synchronize the IP address pools with the IPAM.

In earlier releases, when you updated an existing IPAM, you could change only the password. In this release, you can change the server name, server URL, username, password, and view of the IPAM. You can also choose to synchronize the IP address pools on Catalyst Center with the IPAM during the update.

Smart Call Home to Smart Transport transition for Smart License-enabled device

Smart Call Home (SCH) support for Smart Licensing reaches end-of-life from Catalyst Center 2.3.7.6. If you’re using SCH with smart licensing, we recommend that you transition to Smart Transport.

Support for new country codes

Catalyst Center supports new country codes for Cisco Wireless Controllers and APs running Cisco IOS XE Release 17.15.1 or later.

The radios within the APs are assigned to a specific regulatory domain at the factory, but the country code enables you to specify a particular country of operation within that regulatory domain. For a complete list of country codes supported per product, see https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html.

Support for new APs for the Wi-Fi 7 configuration

Catalyst Center supports these APs for Cisco IOS XE Release 17.15.2 or later:

• Cisco Catalyst 9176D1 Series Access Points

• Cisco Catalyst 9176I Series Access Points

• Cisco Catalyst 9178I Series Access Points

These APs support the 320-MHz channel width for the 6-GHz band.

Support for Visibility and Control of Configurations for the Cisco Wireless Controller High Availability configuration

The Visibility and Control of Configurations feature is now supported for the wireless controller High Availability (HA) configuration. This feature is supported on Cisco AireOS Wireless Controllers and Cisco Catalyst 9800 Series Wireless Controllers.

With enhanced visibility, you can enforce the previewing of device configurations before deploying them. With enhanced control, you can ensure only authentic and authorized configurations are provisioned onto your network devices through an IT Service Management (ITSM) check.

Wi-Fi 7 configuration on Catalyst Center

Catalyst Center supports the Wi-Fi 7 configuration for the devices that are running Cisco IOS XE Release 17.15.2. To enable the Wi-Fi 7 configuration, you can:

• Create the network settings for 802.11be profiles.

• Create custom feature templates for 802.11be status configuration.

• Add the 802.11be profile to the wireless network profiles.

• Enable the 802.11be parameters for the 6-GHz band in the RF profiles.

• Enable preamble puncturing for the 5-GHz and 6-GHz bands in the RF profiles.

• Set the maximum DBS channel width of 320 MHz for the 6-GHz band in the basic RF profiles.

  Note	320 MHz channel width is not available in the AI RF profiles.

Enhancements in displaying the MAC address details for APs

For APs, the MAC address details are now displayed under the Base Radio MAC Address column in these workflows:

• Access Point Refresh

• Configure Access Points

• Configure RLAN

For APs, on the Provision > Inventory window:

• The MAC Address column denotes the base radio MAC address.

• The AP Ethernet MAC Address column is now available to view the Ethernet MAC address.

• The device details display both the Base Radio MAC Address and Ethernet MAC Address.

Enhancements to the AP Refresh workflow

The Access Point Refresh workflow now supports:

• The Assurance use case where the new AP isn’t provisioned after AP refresh and only the old configuration is copied to the new AP.

  Note	If the new AP is onboarded through Plug and Play (PnP), the Assurance use case isn't supported.

• A toggle button to enable the automatic detection of the new APs using SwitchPort.

  Note	If the new AP is onboarded through PnP, automatic detection isn't supported.

Enhancements to the Certificate Management UI

System Certificates, Trusted Certificates, and Device Certificates UI are modified to have a uniform layout.

Enhancements to custom AP groups and flex groups for Cisco AireOS Wireless Controller

Instead of configuring and applying the newly added custom groups to the APs during wireless controller provisioning, Catalyst Center now configures and applies them during AP provisioning.

Effective with this release, you can use the same AP groups and flex groups across multiple sites for Cisco AireOS Wireless Controllers.

Enhancements to WLAN profile name or policy profile name usage for SSIDs with site-level overrides

Effective with this release, if an SSID associated with a network profile has site-level overrides, Catalyst Center uses the WLAN profile name or policy profile name from the overridden SSID during wireless controller provisioning for the corresponding sites. This rule applies when the overridden site is associated with the wireless controller's network profiles and is managed by the same wireless controller.

Support for displaying IOS CLI in configuration preview for Cisco Catalyst 9800 Series Wireless Controller

For Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.13.1 or later, you can generate IOS CLI from YANG configuration in the configuration preview.

Support for standard power service

For APs with the standard power capability, compliance with FCC regulations requires the activation of Automatic Frequency Coordination (AFC). The Standard Power Service toggle button in the Create Wireless Radio Frequency Profile and Create AI Radio Frequency Profile window enables you to activate AFC for the 6-GHz band within an RF profile.

When you provision the corresponding APs, the Summary window displays the standard power service configuration details.

Upload resource utilization details to CSSM: change to prerequisites

In earlier releases, to upload resource utilization details to CSSM, devices must have NETCONF enabled and devices must be added to the site. Effective with this release, devices don't have to have NETCONF enabled, and devices don't have to be added to the site.

Enhancements to AP provisioning for N+1 High Availability

Effective with this release, if you are using N+1 High Availability (HA) and modify any nonflex SSIDs that are already provisioned on the primary and secondary controllers to flex SSIDs (or conversely), ensure that the states of WLANs are consistent across both the primary and secondary controllers on the corresponding site.

Enhancements to custom flex profile creation

A custom flex profile is created during Cisco Wireless Controller provisioning (with feature templates) or during AP provisioning (without feature templates). In both scenarios, the custom profile is configured with settings that are similar to the default flex profile, except for the Catalyst Center intent configurations.

Catalyst Center also provides an option to autogenerate a flex profile name.

Enhancements to default AP profiles during upgrade

In earlier releases, the default AP profile was pushed to the wireless controller during upgrade.

When you upgrade to this release from an earlier version, by default, Catalyst Center doesn't push the default AP profile to the wireless controller. To update the default AP profile on the wireless controller, you must explicitly save it on the Design > Network Settings > Wireless > AP Profiles window. After you save the default AP profile, if there’s a difference between the current wireless controller configuration and the AP profile configuration saved on Catalyst Center, the default AP profile is pushed to the wireless controller during subsequent reprovisioning.

Enhancements to preauthentication ACLs

Preauthentication Access Control Lists (ACLs) have these enhancements:

• The Include auto rules toggle button to enable or disable pushing the Catalyst Center-generated rules to the applicable SSIDs.

• For Walled Garden URLs, a valid URL must have at least one period. Cisco AireOS Wireless Controllers don't support other special characters. Cisco Catalyst 9800 Series Wireless Controllers support the special characters . * - _.

Enhancements to VLAN ID configuration for wireless interfaces

In earlier releases, the valid range for VLAN ID for wireless interfaces was from 0 through 4094.

Effective with this release, the valid range for VLAN ID for wireless interfaces is from 1 through 4094.

In-Service Software Upgrade (ISSU) Support for Catalyst 9400 Fabric Edge Nodes and Catalyst 9800-CL Fabric Wireless Controllers

Catalyst Center adds ISSU support for Catalyst 9400 switches configured as fabric edge nodes and running IOS XE 17.12.3 or later. The Catalyst 9400 must be a pure fabric edge node; it cannot have a co-located role such as control plane node, internal border node, or Catalyst 9000 Switch Embedded Wireless Controller. Only Catalyst 9400 single-chassis, dual-supervisor fabric edge nodes support ISSU; Cisco StackWise Virtual is not supported.

Catalyst Center also adds ISSU support for Catalyst 9800-CL fabric wireless controllers running IOS XE 17.3.1 or later.

Update Fabric Site for Fabric Events

For fabric events such as IP address pool modification or addition of new stack members or line cards on existing devices in the fabric, a banner message is displayed in the fabric site window to reconfigure and update the fabric.

Device-Level Validations Precheck

Catalyst Center performs a Device Level Validations precheck before deploying the configuration on the devices. The check identifies and flags the following issues:

• Unsupported configurations that are used in the CLI template.

• Fabric devices that have not been resynchronized after an upgrade.

Enforcement of Group-Based Policy for VNs

Catalyst Center provides an option to enable or disable the enforcement of group-based policies for your virtual network (INFRA_VN).

Enhancements to Fabric Site Configuration Update Messages

The Fabric Sites window provides information on the outstanding configuration updates for one or more sites along with the available grace period to apply the updates.

ISSU Support for Catalyst 9800 Fabric Wireless Controllers

Catalyst Center supports ISSU for physical Catalyst 9800 fabric wireless controllers running IOS XE 17.3.1 or later.

Return Material Authorization (RMA) Support

Catalyst Center supports zero-touch onboarding for replacement fabric edge devices that are connected to intermediate nodes. The device requiring replacement must be unreachable, and the intermediate device must be registered as a managed device in the Catalyst Center Inventory.

SD-Access Application Scale Check

The scale thresholds for fabric sites are monitored periodically and the status is displayed in the Fabric Sites window.

The dot1x system-auth-control Command Supports Only Fabric Devices

Starting from 2.3.7.6, the dot1x system-auth-control command is provisioned on Cisco SD-Access fabric devices only, because the feature is designed only for use with fabric authentication.

Enhancements to Port Configuration Within Fabric Sites

The Port Assignment tab for a fabric site now displays the authentication template configured for each port. If you don't configure the authentication template for an individual port, the port inherits these settings from the global authentication template configuration. Inherited settings are displayed with an inherit icon next to the setting.

Enhancements to SD-Access Image Compatibility Check

Starting from 2.3.7.5, the SD-Access Image Compatibility Check feature introduced in 2.3.7.4 is enhanced to detect and block the user when a new device is being assigned a fabric role. It does not, however, block the user from any provisioning performed on existing fabric devices. This Add-to-Fabric validation can be turned off from the Settings > SD-Access Compatibility window. We recommend that you keep this validation turned on.

SD-Access Application Health Check

The health of the SD-Access application is checked periodically and the status is displayed on the System Health page.

Enhancements to the Embedded Wireless Controller Image Installation for Switches

Following are the enhancements to the embedded wireless controller image installation process for switches:

• The Activate image on device option is removed.

• During the image import, you can exit the window, and view the progress of the import and schedule the installation later using the Close option.

• After the image is imported, you can install it immediately or schedule the image installation for a later date or time.

• You can check the status of image installation on the Activities > Tasks window.

Enhancements to Provisioning of Wireless Changes on Fabric Devices

If the wireless capability is enabled for a fabric device in the SD-Access device slide-in pane and there are changes in the wireless settings, you must click Configure in the slide-in pane to push the changes to the device.

Reconfiguration of Fabric for IP Address Pool Changes

When you modify the IP address pools that are used in a fabric, you must reconfigure the fabric.

Software Image Compatibility Check for SD-Access Fabric Devices

Starting from 2.3.7.4, Catalyst Center includes a Software Image Compatibility Check for SD-Access fabric devices. This feature checks for software image compliance of devices with fabric roles assigned based on the Cisco SD-Access Compatibility Matrix. This feature also checks for compliance of golden tagged images to ensure that the image version is a supported version as per the matrix. The results of these checks are shown in the Software Image Compliance section, in the Image Compliance column in the inventory window under the Software Images focus, and in the SWIMS Image Update Readiness checks.

Unsupported SD-Access Configuration Detection on Fabric Devices

Catalyst Center allows you to detect the unsupported SD-Access configurations on fabric devices using the SD-Access Unsupported Configuration compliance check.

New and changed in 2.3.7.9

New Walkthroughs

• Enable Per-Device Configurations on a Cisco Catalyst 9800 Series Wireless Controller

• Manage a Cisco Catalyst 9800 Series Wireless Controller Using Per-Device Configurations

New and changed in 2.3.7.6

Deprecated Walkthroughs

• Create an IP Transit

• Create an SD-Access Transit

New and changed in 2.3.7.5

New Walkthroughs

• Configure AI-Enhanced RRM

• Create an AI RF Profile

• Enable Cisco AI-Enhanced RRM

• View AI-Enhanced RRM Dashboard

New and changed in 2.3.7.4

New Walkthroughs

Enable the Field Notices Trial

CSCwh60044

SWIM upgrade fails with the error NCSW32001.

CSCwh93547

Catalyst Center and Cisco ISE integration is broken, but OTT wireless controller and NF router provisioning still works.

CSCwi01450

In a disaster recovery environment with multiple Catalyst Center clusters, both the active and passive disaster recovery clusters are shown in Author mode.

CSCwi03241

When you create a Central Web Authentication (CWA) guest SSID or enterprise SSID with posture enabled:

• The preauthentication access control list (ACL) returned by Cisco ISE isn't mapped to the WLAN on the wireless controller.

• The Layer 3 web policy is set as open on the wireless controller.

CSCwi37770

Enhance the custom view table settings columns to arrange them alphabetically.

CSCwi44683

Include reachability as a factor for iperf sensor selection.

CSCwi47934

Although automatic disaster recovery failover works after shutting down the active cluster, when the shut-down cluster is powered on and becomes standby (passive), the rejoin operation to make it standby (active) fails.

CSCwi57988

New device onboarding to a nonfabric REP ring fails when image upgrade is part of the Plug and Play (PnP) process.

CSCwi72839

In IPv6-only networks, telemetry doesn't work with FQDN-only certificates. This problem occurs in an IPv6-only network when Catalyst Center pushes its FQDN as a telemetry receiver that can't be resolved by the IOS-XE device. To work around this problem, you must add the IPv6 addresses to the alt_names section.

CSCwi83992

/data/maglev/srv/maglev-system reaches 100% disk space usage. After recovering, a single-node Apache ZooKeeper runs into a configurable logic block (CLB). Kafka and collector services then run into a CLB, because ZooKeeper is not ready and running.

CSCwj11541

Performance degradation occurs while adding an edge node to the fabric.

CSCwk38688

AP information in Catalyst Center doesn't update correctly after the AP is moved to a new controller. This problem occurs when the SNMP queue isn't large enough to handle all device traps. New traps are dropped without notification until the existing traps are sent and slots become available in the queue.

CSCwk42988

Device details are not displayed in the Application Telemetry provisioning task under Activities > Tasks.

CSCwk46014

A back-end request error is seen intermittently on the Catalyst Center GUI after upgrading the cluster from 2.3.7.5.70434 to 2.3.7.6.70232.

CSCwk50629

Backup fails due to a postgres issue during the backup process.

CSCwm00568

Networks with high latency may experience prolonged device sync for more than 2 hours. For example, in a network with a Cisco Catalyst 9350 device located in India and a Catalyst Center server located in America, it might take longer than 2 hours for devices to synchronize.

In general, in networks with high latency, getBulk requests are made to return as much data as possible in as few packets as possible, which reduces the effect of individual packet latency. However, SNMP agents on some devices don't handle this well, and may not return responses for the bulk requests.

Therefore, it's important to set the per-packet SNMP_TIMEOUT to a small value. If the SNMP_TIMEOUT is set to a high value, it can increase the overall amount of time it takes to retrieve the SNMP table.

CSCwm12268

In the Per-Device Configuration feature, the option to enable or disable the logs for rules is unavailable for IPv4 extended ACL.

CSCwm31881

The Per-Device Configuration feature is unable read and provision the IPv4 extended ACL with multiple source ports.

CSCwm42689

In Per-Device Configuration, the default value for multicast start and end address is an invalid IP address (0.0.0.0) for media stream.

CSCwm63228

Unable to use a VLAN named "Management" when deploying ThousandEyes via Catalyst Center.

CSCwm80901

Per-Device Configuration doesn't support adding new AAA models.

CSCwm87166

In a scale setup with approximately 35,000 devices, it takes 15 minutes to mark 300 devices as reachable or unreachable. The time depends on the SNMP timeout and retries and the number of reachable and unreachable devices in the setup.

The setup has a default SNMP timeout of 5 seconds and 3 retries. The setup has 30 threads. Note that other polling tasks could also affect the time it takes to mark devices as unreachable or reachable.

CSCwn24135

After upgrading to Catalyst Center 2.3.7.6 from an earlier release, the in-progress/undeployed RLAN workflow cards are not retained in the RLAN workflow.

CSCwn39103

For the Per-Device Configuration feature, an extra set wlan user-priority command is included after cloning the QoS policy profile.

CSCwn46538

For the Per-Device Configuration feature, in the Security > AAA > AAA Advanced > Password Policy window, configuration of Max Number of Character Repetition is not supported.

CSCwn49600

For the Per-Device Configuration feature, updating the IPv6 address for the VLAN interface in the SVI profile fails.

CSCwn57748

The apic-em-network-programmer-service goes into a restart loop; you can't perform any provisioning operations.

CSCwn61885

For the Per-Device Configuration feature, AAA server key and PAC key aren’t set to clear text when it's not returned from the YANG configuration.

CSCwn85885

After upgrading from Catalyst Center 2.3.7.6 to 2.3.7.7 or 2.3.7.9 in an IPv6 deployment, if these packages were installed previously, they don't come up:

• Access Control Application

• Group-Based Policy Analytics

• Cisco Identity Services Engine Bridge

CSCwn87250

Per-Device Configuration isn't displayed in read-only view for the Observer role.

CSCwn94878

For the Per-Device Configuration feature, WLAN profile creation fails for Enterprise security policy when

• 6 GHz is enabled,

• Transition Disable check box is unchecked,

• WPA2 and WPA3 are enabled,

• Protected Management Frame (802.11w) is Optional, and

• under Auth Key Management, the 8021X and 8021X-SHA256 options are enabled.

CSCwn97572

After upgrading to Catalyst Center 2.3.7.9, the following warning message is displayed on the System > Settings > Cisco Accounts > Smart Licensing window, and you can’t register your Catalyst Center with Cisco SSM:

The Cisco Catalyst Center first-generation M4 appliance is end of sale and end of life.
As a result, registration of M4 appliances is disabled.
Upgrade to supported hardware for continued performance and security.

CSCwo03358

ACA Migration fails with error - "Error occurred during migration: Invalid SG.

CSCwo07202

When pushing a webhook event notification, the following error message is displayed:

Unable to publish notification.

CSCwo08776

SDflow restarted due to exit code:1 (panic from context-storeGo) which impacted netflow drop.

CSCwo14815

After the AP ranging is complete for auto locating the APs, star icons aren’t displayed for anchor APs.

CSCwq07175

Intermittent wired client data loss in the Assurance client dashboard.

CSCwo91550

BM2VA Post migration: UI becomes inaccessible and throws "HTTP ERROR 500" when restore fails.

CSCwh92668

External Authentication flag shows disabled in MongoDB after enabling on Catalyst Center.

CSCwk23946

Catalyst Center SWIM Precheck should include the NETCONF checks.

CSCwk45236

Getting "Internal Server Error" in Settings > Cisco Accounts > Smart Licensing page.

CSCwk96558

The Identitymgmt container keeps crashing after enabling IP Access Control.

CSCwm64358

No proper error message for user while enabling application telemetry from inventory.

CSCwm64596

RAPI - Port channel gets rejected as invalid interface.

CSCwm77685

Assurance Application dashboard has no data after upgrading from Catalyst Center 2.3.5.6 to 2.3.7.6 on a three-node IPv6 appliance.

CSCwm91906

Elastic search management service shows as degraded.

CSCwn17240

At daas-runtime, unable to find a valid certification path to the requested target.

CSCwn29224

When attempting to save changes under Design > Network Settings > Servers, the user encounters an error message in the GUI: "NCND00006: The input payload contains an invalid key: singleconnection.enablement."

CSCwn35135

During manual failover or pause of Catalyst Center Disaster Recovery (DR), the incorrect DR virtual IP may be calculated and device telemetry settings may be updated to use the incorrect virtual IP.

CSCwn44599

ISSU compatibility checks failed and shows a warning message.

CSCwn53856

Upgrade from Catalyst Center 2.3.7.7 to 2.3.7.9 fails with Access Control Application chart download failed error.

CSCwn81534

Fabric authentication key banner blocking fabric device deletion.

CSCwn88950

System upgrade from Catalyst Center 2.3.7.6 to 2.3.7.7 results in MongoDB failure.

CSCwn89140

Catalyst Center 2.3.7.7 upgrade failure due to mexplorer.

CSCwn95717

While multiple heavy loaded wireless controllers were undergoing sync together after moving APs from WLC1 to WLC2 using the AP configuration workflow, the task completes successfully and the APs are moved. However, on the inventory page, the associated wireless controller IP still displays the old wireless controller IP.

CSCwn98722

Catalyst Center 2.3.7.9: Single-node upgrade hangs; IP change isn’t detected by coreDNS.

CSCwn99251

A device drop and lag is observed in deviceprocessor.

CSCwn99377

Topology page does not load.

CSCwn99696

While updating address on a site in network hierarchy, the response shows success but the address is not updated.

CSCwo06723

Package upgrade for dnacaap-app-services fails.

CSCwo07511

After upgrading to Catalyst Center 2.3.7.7, SD-Access GUI disappeared.

CSCwo10844

Inventory threads blocked trying to contact IAM for token generation.

CSCwo19582

Restore fails at POST_RESTORE admin hook at dnacaap-app-services.

CSCwo20722

Inventory UI is not correctly reflecting reachability status of devices added using hostname.

CSCwo36284

After upgrading from Catalyst Center 2.3.3.4 to 2.3.7.7, sdflow goes in crash loop.

CSCwo38888

Updating Telemetry with force push removes subscriptions from other applications.

CSCwo45207

Unable to publish notification for subscription created.

CSCwo48722

During the migration of Catalyst Center to 2.3.7.7 and 2.3.7.9, the Certificate Authority, Device Certificate, and Trustpool pages fail to load. Instead, the error message "EJBCA Service is unavailable to service request" is displayed.

CSCwo66407

IPDT role change occurs every 5 minutes on some devices.

CSCwo85288

No devices are appearing under the License Manager > Devices tab.

CSCwo88779

Unable to edit or create routing profile from Catalyst Center UI.

CSCwo97608

PAN IP address in Network Settings > Client is blank after upgrade.

CSCwo98411

Catalyst Center reports fail due to missing "daas-worker-job" maglevjobs resource.

CSCwo99122

The SVL switch doesn't list all interfaces and also some interfaces are jumbled

CSCwp06281

No ThousandEyes tests or MSteams data seen on Application Health page.

CSCwp09093

Mandatory fabric updates banner push fails because Mac Address does not have six octets.

CSCwp10987

Unable to update the trustpool through UI or API. 400 error been thrown while updating the trustpool using the REST API (/api/v1/certificate-authority/update/default/trustpool) .

CSCwp13501

Credential update fails when Auth service account is locked.

CSCwp15512

Supplicant Based Extended Node (SBEN) onboarding fails at verifying dot1x status.

CSCwp16330

Notifications not forwarded for issue "Radio High Utilization (2.4GHz)".

CSCwp18344

Remedy stuck in loop re-adding static routes that already exist on host.

CSCwp19634

AP LRAD_REBOOTREASON unexpectedly triggers a full resync in a Catalyst 9800 wireless controller.

CSCwp27622

Activation of Catalyst 2960x stack switches is failing through Catalyst Center.

CSCwp29041

Extended onboarding bootup time optimization.

CSCwp31064

Catalyst Center: Presence of single quotes in custom pattern regex breaks the functionality.

CSCwp33031

The etcd service on Catalyst Center may restart due to an out of memory condition. This will result in the system being unstable.

CSCwp37123

Tx Rx values in AP radio report are shown same in every report for multiple APs however values are correct in AP report.

CSCwp39175

DR mongo replication failure due to tethering_apicrawl_faliures_api collection conflict.

CSCwp63899

During DR pause operation, the standby cluster may fail to pause with error "NCMA10002: disaster-recovery CLEANUP_MEMORY on provisioning-service".

CSCwp99887

SD-Access fabric provisioning failure due to NPE for wireless controller with older namespace naming convention.

CSCwq11463

Restore fails on Catalyst Center due to Legacy Elasticsearch indices from backup.

CSCwq31985

APs are automatically assigned and reprovisioned to another floor at a remote teleworker site.

CSCwq35225

Fresh install of Catalyst Center 2.3.7.9 points to Cisco internal Docker registry, causing upgrade failures.

CSCwq36661

Dual fullsync of MongoDB allows for potential data loss in case of failover.

CSCwj08671

Unable to create a wireless profile that contains more than three wireless controller anchors.

CSCwk64858

Multiple devices with the IP SLA configuration are managed with the NCIM12024 internal error.

CSCwm04137

Rogue on Wire threat on a Rogue client is not reclassified.

CSCwm13172

Unable to reboot APs from the Device 360 page using custom user roles.

CSCwm44216

Network device availability report may display inaccurate percentages.

CSCwn30796

Validation run with the Cisco ISE validation set selected tool may time out.

CSCwn36894

Entitlement refresh fails when more than 100 devices are registered to Cisco Smart Software Manager.

CSCwn39626

Catalyst Center reports a compliance violation because the PKI broker hasn't been notified that the PKCS certificate has been renewed

CSCwn44519

Installation of a SWIM certificate times out on a border node.

CSCwn49925

In certain VM setups, the max-width property of all HTML images is set to 100%. As a result, when you zoom in on a floor map, the background image is distorted and displays access points and heat maps in the wrong location.

CSCwn71779

Removing the one SSID that's associated with a feature template should delete the corresponding instance. Instead, the template indicates its applicability as none, which is applied to all SSIDs. This could cause conflicts and result in a failed validation during provisioning.

CSCwn77410

LAN Automation needs a new mechanism to safely migrate dummy pools.

CSCwn84700

Catalyst Center collects packages and images for Cisco Secure Firewall Management Center (FMC), even though it doesn't support Cisco Secure FMC upgrades.

CSCwn87952

After upgrading to Catalyst Center 2.3.7.7 from version 2.3.5.5, newly discovered devices are not displayed in the inventory until you restart the NCP service.

CSCwn88469

During provisioning, configuration drift labels a configuration as out-of-band.

CSCwo03400

Unable to delete a device from the Catalyst Center inventory.

CSCwo14806

Brownfield deployment's default method lists for authentication and authorization are overridden after provisioning wireless controllers.

CSCwo25948

LAN automation fails after upgrading to Catalyst Center 2.3.7.7 from version 2.3.5.6.

CSCwo36688

Catalyst Center Compatibility Matrix indicates the wrong device version for aWIPS profile configuration support.

CSCwo37568

The pki-broker service doesn't notify the provisioning service when it receives a SCEP renewal request from a device, which results in a compliance violation.

CSCwo58409

When the client is disconnected, use "network_user_id" to search /dna/intent/api/v1/client-enrichment-details and Catalyst Center displays a 404 error.

CSCwo67268

Airdrop signature is included in the aWIPS signature file that's pushed to Cisco Catalyst 9800 Series wireless LAN controllers, which results in "Airdrop Session" alarms.

CSCwo76482

Error message directs users to contact Cisco TAC when they haven't applied mandatory updates.

CSCwo79197

Multiple Catalyst Center is not enabled after upgrading to Catalyst Center 2.3.7.7 from version 2.3.5.5 (integrated with Cisco ISE 3.2).

CSCwo85458

Smart Licensing page indicates that a Smart Account is not configured even though it has been linked with Catalyst Center.

CSCwo87397

Deletion of security group tags is not reflected on Cisco ISE reader nodes.

CSCwo89095

Unable to trigger a new LAN Automation session when Catalyst Center uses an external IPAM server.

CSCwo89467

The response for a ping argument that includes a vertical bar (|) character indicates the Apache Tomcat version used by an API.

CSCwf35838

Clear a port assigned to a static with a client VLAN and generate a config preview. The preview config shows no config.

CSCwh72852

The "ha.apicnetworkprogrammer.service.queue.client_id" queue builds to hundreds of GB, causing RabbitMQ to crash.

CSCwj83682

SNP testing of long term client reports consistently failed with Rest API execution.

CSCwk05617

Catalyst Center GUI is stuck in a login loop.

CSCwk35953

Disaster Recovery: Link_Up/Down events delayed message is not triggered on active cluster even after generating trap for hour.

CSCwk38211

After performing Catalyst Center Over The Air (OTA) capture and then attempting to stop it, the stop action fails within the task.

CSCwk41435

Catalyst Center2.3.5.5: Device-manager goes to CrashLoopBackOff state.

CSCwk42963

Application telemetry shows "Not Provisioned" after upgrading Catalyst Center from 2.3.7.5.70434 to 2.3.7.6.70232.

CSCwk47192

GET issues API returns error 500.

CSCwk52561

Multiple messages are sent to Cisco ISE for the same Endpoint without any changes causing performance degradation on Cisco ISE.

CSCwk55471

During AP roaming, wireless controller fails with Internal Error com.cisco.xmp.grt.model.GlobalReference was altered.

CSCwk55701

The "Not Available" WAN links are shown as "Not tagged as WAN" for its corresponding network devices in Inventory, and sometimes are not even present in the device according to information in Device Details and Device360 page.

CSCwk57556

The Application Hosting application installation on an AP fails.

CSCwk67203

Subscriber subnets are learned as BGP routes in the Provider subnet, even though BGP is not in use in the deployment.

CSCwk71675

The "Update Wireless Profile" API call ignores the sites array and overwrites it with an empty list.

CSCwk73164

Client event data from Cisco AireOS Wireless Controllers are incorrectly filtered resulting in missing client sequencing.

CSCwk75623

Incorrect results from /dna/intent/api/v1/wireless/profile for flex attribute.

CSCwk79870

Software image distribution failed even though had enough space in the flash.

CSCwk85767

Wide Area Bonjour UI slowness is observed and some services become unavailable.

CSCwk86361

A stale NFS causes Catalyst Center instability.

CSCwk88772

The WLAN policy profile may be deleted and read when a controller is provisioned.

CSCwk97954

These APIs aren't accessible and return this error:

BAPI not found with technicalName and restMethod GET

• /dna/intent/api/v1/siteWiseProductName

• /dna/intent/api/v1/images

• dna/intent/api/v1/productNames

• /dna/intent/api/v1/networkDeviceImageUpdates

CSCwm02986

Catalyst Center QoS negates configuration from border nodes when previewing the QoS policies.

CSCwm04835

Telemetry is in connecting state due to null response from broker-agent.

CSCwm11070

Catalyst Center's Settings > System Health page may show a cluster's previous IP addressing scheme rather than the current one.

CSCwm12382

After marking a faulty fabric edge node for replacement, network readiness fails with this error:

Failed to shut neighbour device interface

CSCwm39961

Full SSH access to one of the Catalyst Center nodes may not be possible as the CLI session gets stuck.

CSCwm40905

Packet loss for some applications may be displayed as more than 100 % on Application 360 page.

CSCwm41038

Cannot trigger an Assurance full backup.

CSCwm47437

Even though the Catalyst Center bundle "Network Issue Monitor and Enrichment for ITSM" is configured, network events are not sent to ServiceNow. Network events created in the device are seen in the device UI. However, they are not seen in the runtime dashboard of Catalyst Center and ServiceNow.

CSCwm49148

SRBAC: Non global user delete the report generated by global user using API.

CSCwm50905

VM Upgrade retry from UI keeps failing after it fails initially due to NTP not in healthy state.

CSCwm51427

Catalyst Center may fail to resync a managed device citing the error internal error ObjectNotFoundException in StaticRouteTable.

CSCwm52004

System Validation for Cisco ISE retry interval should be increased.

CSCwm58191

Cisco ISE FQDN name changes in Catalyst Center after upgrade of Cisco ISE to version 3.2.

CSCwm58869

A stale DR_CONFIGURE_CLUSTER workflow causes an error.

CSCwm60695

The SPF data migration lock causes other operations to get stuck for more than 24 hours.

CSCwm63196

Unable to delete or modify the fabric configuration of a specific device.

CSCwm67561

Catalyst Center's system-manager service may remain in a crashloopbackoff state while the maglev user account is locked within the container.

CSCwm73135

SCH proxy device shows a "Connection mode out of sync" error. Process to update connection mode via Sync button fails to resolve message and shows successful.

CSCwm80339

The dnacaap-runtime pod doesn't have the trust certificates needed to connect to ServiceNow.

CSCwm85306

Due to a topology change, an RMA marked for replacement goes to readiness failed state.

CSCwm99015

Catalyst Center ServiceNow integration fails with error "Invalid CIClass(es)".

CSCwn70637

Elasticsearch node startup failures occur due to stale NFS handles during restarts

CSCwj55104

After upgrading from Catalyst Center 2.3.5.3 to 2.3.7.5, an error occurs when trying to provision a Cisco Catalyst 9800 Series wireless controller.

CSCwk06447

SWIM update operations on a tagged golden image with add-ons succeed, but Catalyst Center indicates the device's software image is non-compliant, and the Inventory window's OS Update Status field lists Activation Pending.

CSCwk73945

Catalyst Center's Image Repository may indicate that no images are available for a managed device family, even though files have actually been uploaded.

CSCwk74459

Unable to provision a Cisco Catalyst 9800 Series wireless controller after upgrading from Catalyst Center 2.3.5.3 to 2.3.7.5. The GUI displays this error message: Could not complete action. Role configuration failed.

CSCwm63528

In a 1+1+1 disaster recovery setup running Cisco DNA Center 2.3.5.5, user-defined templates may not be displayed as expected after a failover to the recovery site.

CSCwm75201

API error occurs after provisioning a template.

CSCwm79461

Disabling application telemetry on a wireless controller results in this error: Unable to push to device <IP-address> using protocol ssh2 the CLI no flow monitor avc_ipv4_assurance.

CSCwm82519

After a software upgrade of Cisco Industrial Ethernet 2000 Series switches, some of these switches were booted up from an SD card instead the local device flash. Since the current running configuration was not copied to the SD cards, these devices started up without the configuration.

CSCwm91649

RAPI client offset ranges from 1–10,000 clients, event though Catalyst Center supports more than 10,000 clients.

CSCwm97752

Not able to receive notifications regarding rogue and aWIPS events after restarting RabbitMQ.

CSCwm97791

OUI download doesn't work when the schemaregistry service is down.

CSCwn03375

The PoE dashboard's Estimated AP Power Saving tile indicates that no power has been consumed, even though PoE-capable devices are connected to Assurance.

CSCwn04845

In a Catalyst Center 2.3.7.6 instance deployed as a virtual machine, searching for a wired client by username may result in a page that cites an undefined error.

CSCwn06417

After running Catalyst Center's migration script on a server and restoring the corresponding backup file to a Catalyst Center on ESXi virtual appliance, the migration may fail and cite this error: ScriptProcessor Execution Failed with error: Exception: Admin service hook status api responded with failed status in \u003cscript\u003e at line number : 11.

CSCwn07846

Catalyst Center pushes a Cisco IOS XE upgrade to a Cisco Catalyst IE3400 Heavy Duty Series switch's flash memory instead of its SD card.

CSCwn09952

Unable to view API documentation after backing up a second-generation Catalyst Center appliance and restoring the backup file to a three-node cluster of XL third-generation appliances.

CSCwn13417

After manually importing admin certificates to Cisco ISE's trustpool, Catalyst Center may indicate that Cisco ISE integration was successful, even though the ise-bridge log lists a certificate chain mismatch error.

CSCwn17870

Can't enable application telemetry for a wireless profile whose name contains a space.

CSCwn20055

Migration of IPv4 pools to IPv6 fails. Fabric edge devices don't receive IPv6 configurations after migrating from a single-stack pool to a dual-stack pool.

CSCwn25172

Upgrade to Catalyst Center 2.3.7.6 fails because the mexplorer package doesn't deploy.

CSCwn29065

After upgrading to Catalyst Center 2.3.7.6, notifications are not sent after a device unreachable event in Assurance has been resolved.

CSCwn30355

Unable to upgrade the base-provision-core:2.1.718.60779 package when upgrading from either Catalyst Center 2.3.5.5 or 2.3.5.6 to 2.3.7.6.

CSCwn31554

After upgrading to Catalyst Center 2.3.7.6, a NullPointerException occurs when provisioning a Cisco SD-Access fabric with VN anchoring configured.

CSCwn37114

After upgrading to Catalyst Center 2.3.7.6.70319-CSCwn31915.SMU, an unknown error occurs after trying to import a subordinate CA certificate.

CSCwn46440

Kafka drops topology messages larger than 1 MB, resulting in missing topology exports.

CSCwn46681

Unable to start LAN automation. Invalid IP pool:Selected pool is being used by other services error is displayed.

CSCwn49940

A DeviceInterfaceInfo migrator exception occurs when a device's owning entity ID can't be found.

CSCwn50057

MongoDB's endpoint-analytics folder is bloated, which can cause backups to fail or result in disk utilization errors for MongoDB.

CSCwn58792

An incorrect container version was configured in the dnac_maglev_package repository.

CSCwn58913

Unable to edit floor maps or view planned APs.

CSCwn59947

A deleted template is not removed from the cache after a disaster recovery failover.

CSCwn75582

Can't remove a planned AP from a floor map, even though the AP has been removed from the inventory.

CSCwn81722

Removing an inherited virtual network removes the wireless controllers from the anchor site's LISP configuration.

CSCwn83587

Unable to migrate from Catalyst Center 2.3.7.7 to Catalyst Center 2.3.7.7 on ESXi by running the migration script.

CSCwn96300

After upgrading from Catalyst Center 2.3.3.7-72328 to 2.3.7.7-70047, the PKI broker fails to start when the root CA has expired.

CSCwo00326

Authentication and policy servers ignore read-only parameters.

CSCwo07397

Cisco IMC firmware version checks are not working properly.

CSCwo09495

Provisioning failure caused by a NullPointerException.

CSCwf51860

During upgrade from 2.3.3.x or earlier to 2.3.5.x or later, postgres is upgraded from version 9 to 11.

CSCwf95418

Catalyst Center ITSM CMDB sync fails with a timeout error on BAPI Schedule to Publish Inventory Details - ServiceNow Connector.

CSCwh32252

The etcd service exceeds memory limits, causing the system to be unstable in a disaster recovery environment.

CSCwi07228

The GlusterFS daemon keeps crashing for NDP brick. Pipelines are down.

CSCwi17650

The kibana-logging service has a CrashLoopBackOff [cross-writes] issue.

CSCwj25838

While creating a template in the Template Hub, the hint text may not show for variables in the provision workflow.

CSCwj58003

The "pipelineruntime-taskmgr-spa-apps" encounters an Out Of Memory (OOM) error due to a large SXPBindings string.

CSCwj77247

Catalyst Center 2.3.7.6: The System Certificates page showing the Enterprise JavaBeans Certificate Authority (EJBCA) Service is unavailable.

CSCwk03086

The Group-Based Access Control overview page shows most active policies and security group data. However, when clicking View Traffic for a security group, the page shows no matching records found.

CSCwk11847

The Catalyst Center reporting tab freezes when the MongoDB contains an excessive number of report records.

CSCwk33438

Rogue on wire is inconsistent when providing data about the switch port and other details.

CSCwk68425

Most fabric provisioning tasks are blocked because the Border AS is 65540.

CSCwk77874

After a Catalyst Center upgrade, the earlier allocated IP address of an overlapping pool reallocates again to P2P links, even though the same P2P address exists in the network.

CSCwk82429

Catalyst Center's REST API for managed device count may fail to return expected results, and returns instead a 404 error.

CSCwk86164

The Reports page is unresponsive and the number of records in trigger_execution_context table of MongoDB continues to grow.

CSCwm13770

Network orchestration service gets OOM killed.

CSCwm32603

WLAN provisioning/preview fails when managed locations are only floor level with site-level override.

CSCwm33160

Whenever static port assignment is done or an assigned port is cleared, "macro auto global processing" is enabled globally, which affects IP phone/AP onboarding due to the macro-based configuration pushed to those ports.

CSCwm34146

For Catalyst Center on ESXi, a long-path cluster upgrade from 2.3.7.3, 2.3.7.4, 2.3.7.5, or 2.3.7.6 to 2.3.7.7 fails during the node-readiness check because of a kubelet certificate refresh issue.

CSCwm38701

Wireless controller provisioning fails with this error:

Device Response - ";;;" is an invalid value

CSCwm41841

No lambda request is triggered and no error/traceback log is seen in provisioning service.

CSCwm46936

Cisco SD-Access: Fabric border may fail due to a NullPointerException in the network-programmer logs and this error in the GUI:

NCSO10008: Error in generating RFS due to internal error. 
RFS Generation Failed for task id 0191d1ae-5096-7f47-b681-0d4fd89881ca and 
network device id 5b8cd2ac-b44d-402c-8c33-d3420f681ddc.

CSCwm55658

Report generation may fail at scale due to API response time.

CSCwm56253

The ThousandEyes Enterprise agent tests tab does not display data on Catalyst Center.

CSCwm72038

Port assignment may fail with this error:

Port assignment has invalid VLAN/IP Pool.

CSCwm79013

Catalyst Center attempts to push an unexpected IPv6 config even without IPv6 pools added to the fabric.

CSCwm86090

Catalyst Center 2.3.7.6 upgrade: Network-visibility install fails if application-policy is deployed and uninstalled.

CSCwe60241

Image update readiness check and file transfer check may fail citing the error, "HTTPS is not reachable" when Catalyst Center has a fully qualified domain name (FQDN) in its CA certificate, instead of an IP address.

CSCwh84882

Wireless provision BAPI fails without optional "managedAPLocations" parameter.

CSCwi25271

Create Report APIs (/daas/core/data-set) throw a 500 error and fail to generate the reports.

CSCwi35447

Checking connectivity in a ServiceNow instance fails with this error:

processAsyncFailureResponse

CSCwi48257

Enterprise-SSID API responds with Failure for INVALID_RADIO_POLICY.

CSCwi76462

Devices are not showing in the smart license compliance workflow.

CSCwj32319

Unable to delete Catalyst 9300 device from Catalyst Center inventory.

CSCwj38338

Anycast gateway creation workflow stuck with "NCSP11192 Invalid/Null filters" error.

CSCwj48236

After Webhook configuration, Catalyst Center is either not sending the alerts or is sending them incorrectly.

CSCwj58902

Purchase count for Catalyst 9300 device is not matching on the overview page

CSCwj63052

Catalyst Center pushes unsupported commands to CMICR-4PS switch.

CSCwj79286

SWIM image repository allows arbitrary XML upload and command execution.

CSCwj98514

Catalyst Center may remove managed sites from the configuration of both primary and secondary Catalyst 9800 wireless LAN controllers during provisioning.

CSCwk17211

Upgrading to Catalyst Center 2.3.7.6 fails with this error:

DEPLOYMENT_ERROR - Exception in package: appsvc-remediation, kind: Plugin, 
name: dnac-mexplorer.

CSCwk11822

APs with the same IP address as the wireless controller cause AP provisioning failures.

CSCwd42565

Catalyst Center telemetry provision for AVC on wireless controller SSID disabled on failure

CSCwe68287

Software distribution on Cisco Catalyst 9800 Series Wireless Controller is not recognized if activation is skipped using SMU and APSP.

CSCwf30218

The workflow API_ENDPOINT_CREATE takes a long time to complete.

CSCwf86819

Catalyst Center started reporting SPF-service-down, could not retrieve compliance related device data.

CSCwh19272

Catalyst Center may initiate install commit for ISSU before staggered AP upgrade is completed.

CSCwh22030

Software image shows needs update even after successfully upgrading the software image on the device.

CSCwh23552

Software image activation failed while trying to upgrade the IOS-XE along with sub-package on wireless controller through Catalyst Center.

CSCwh56371

SWIM APSP activation is taking base image name instead of APSP image name.

CSCwh91534

Catalyst Center 2.3.3.7: Unable to generate inventory report with approximately100 device due to "BAPI Execution Failed" error.

CSCwh96306

Catalyst Center is generating reports without complete information.

CSCwi27239

Self-identifying antenna showing as 'Unsupported' in wireless maps.

CSCwi38620

Catalyst Center 2.3.5.4: SWIM task showing In Progress never fails or is completed.

CSCwi76666

The number of managed locations for a site is not changing after successful provisioning.

CSCwi79754

Cisco Catalyst 9800 Series Wireless Controller provisioning fails due to UnmanagedDCS duplicateKeyException.

CSCwi85506

Software image management fails for Catalyst 9600 StackWise virtual link due to connection timeout error.

CSCwj08940

Anchor wireless controller provisioning failed with error NCWL13000.

CSCwe74245

After a disaster recovery failover, Controller-Based Application Recognition (CBAR) provisioning fails in specific scenarios for Cisco Catalyst 9800 controllers, Catalyst 9300 switches, and Catalyst 9400 switches that have wireless enabled on them.

CSCwf13940

Inventory Insights shows configuration mismatches for nonexistent uplinks.

CSCwf90631

Image distribution fails for Cisco Catalyst 2960 devices.

CSCwh28002

After successfully generating a report, Catalyst Center doesn't send the report to the configured webhook server.

CSCwh52366

The "Add SSID to IP Pool Mapping" API fails with this error:

"bapiError": "Failed with error: SyntaxError: 
Invalid JSON: <json>:1:0 Expected json literal but found eof\n\n^",Expected json 
literal but found eof

CSCwi00888

Multiple switch provisioning fails on a template with an implicit variable.