Enhancements to Configuring Global Device Credentials

On the Device Credentials window, you can now only assign and unassign device credentials to and from sites. On the Manage Credentials slide-in pane, you can manage your device credentials using the Focus drop-down list. Depending on which focus you choose (Current site or System), you can perform specific actions.

Enhancements to Device Onboarding and the Discovery Workflow

The Add Device option in the Catalyst Center Inventory is enhanced to include options for adding both new and existing devices.

The discovery workflow includes enhancements, such as:

• The Provide Credentials window now includes the option to configure advance settings along with the CLI and SNMP credentials.

• The Schedule Job window combines site assignment and scheduling of the discovery job.

Enhancement to Device Resynchronization

Prior to this release, restarting the inventory service would trigger resynchronization for all devices in the inventory. With this release, device resynchronization is triggered after the inventory service restart under the following circumstances only:

• After Catalyst Center upgrade.

• If the device's synchronization is in terminated or delayed state after the service restart.

• If the device's last synchronization time has crossed the configured cutoff time.

Enhancements to Device Upgrade Readiness Check

• Flash Check: Calculates the space required for upgrading to golden image with add-on and performs flash clean up proactively before image distribution.

• Weak Crypto Check: Checks whether the device is configured with weak crypto and blocks image upgrade. This readiness check is applicable only for devices with software image version 17.14 and later.

• File Transfer Check for FQDN Setup: Checks whether the name server associated with the device is reachable and displays an error message.

Enhancements to Editing LAN Automated Devices

In the Edit Devices window, you can now edit the hostname for the devices that are discovered through LAN automation.

Progress Bar Support for Network Devices Provisioning

The Task Progress bar on Activities > Tasks window, displays the progress of the ongoing provisioning task for your network devices.

Support for the Workflow Progression View in Visibility- and Control-Enabled Provisioning Workflows

If a visibility- and control-enabled provisioning workflow supports the workflow progression view, the Preparing Devices and Configuration Models window displays the steps the system takes to prepare a listed device.

Support for Third-Generation Catalyst Center Appliances

Catalyst Center now supports the following third-generation appliances, which are based on the Cisco UCS C220 and C240 M6 servers:

• 32-core appliance: Cisco part number DN3-HW-APL

• 32-core promotional appliance: Cisco part number DN3-HW-APL-U

• 56-core appliance: Cisco part number DN3-HW-APL-L

• 56-core promotional appliance: Cisco part number DN3-HW-APL-L-U

• 80-core appliance: Cisco part number DN3-HW-APL-XL

• 80-core promotional appliance: Cisco part number DN3-HW-APL-XL-U

For more information, see the Cisco Catalyst Center Third-Generation Appliance Installation Guide, Release 2.3.7.x.

Support for Viewing and Editing Layer 2 Configurations of a Device

You can view and edit the Layer 2 configurations of a device in the Catalyst Center inventory.

Third-Party Devices Support

Catalyst Center allows third-party devices to populate SNMP MIB-II values.

Weak Crypto Check

To ensure a secure network connection Catalyst Center performs weak crypto check to evaluate the device configuration, and blocks the device provisioning/upgrade/site assignment for devices that are configured only with MD5 authentication for SNMP credentials. This is applicable only for devices with software image version or golden tagged image version 17.14.1 and later.

Enhancements to the disaster recovery witness site upgrade process.

Using an SSH client, you can upgrade a disaster recovery system's witness site using the witness upgrade command. In the Cisco Catalyst Center Administrator Guide, Release 2.3.7.x, see the "Implement Disaster Recovery" chapter's "Upgrade the Current Witness Site" topic.

Name Change to Catalyst Center

As part of our vision to converge our products around an integrated platform, we are changing the name of Cisco DNA Center to Catalyst Center in this release. The capability and functionality of Catalyst Center remains the same as Cisco DNA Center.

This name change is part of our simplified branding for the Catalyst Center Stack. Cisco is now connecting the power and flexibility of the Catalyst brand across the entire enterprise networking stack with Catalyst Center (formerly Cisco DNA Center), Catalyst Software and Licensing (formerly Cisco DNA Software and Licensing), Catalyst Wireless, Catalyst Switching, Catalyst Routing, and Catalyst SD-WAN (formerly Cisco SD-WAN or Viptela SD-WAN).

Enhancements to the Catalyst Center Home Page

The Catalyst Center home page displays a new welcome message and displays license and release banner messages relevant to Catalyst Center. The Tools area is removed and is accessible from the menu in the top-left corner.

Enhancements to the Menus

To streamline workflows and standard nomenclature, we changed several menu option names, moved several submenu options, and added a secondary launch point for Interactive Help.

The menu option changes include:

• Design > Network Settings > Network is now Design > Network Hierarchy > Servers.

• Design > Network Settings > SP Profiles is now Design > Service Provider Profiles.

• Provision > Stealthwatch Security Analytics is now Provision > Stealthwatch Security.

• Tools > Template Hub is now Design > CLI Templates.

• Tools > Model Config Editor is now Design > Feature Templates.

• The Activities menu option now lists two submenu options: Audit Logs and Tasks.

• System > System Health is now System > System 360 > System Health.

• System > Settings > Telemetry Collection is now System > Settings > Product Telemetry.

• The Help icon lists the new secondary launch point for Interactive Help.

Enhancements to the Configure AI-Enhanced RRM Workflow

You can configure an AI-enabled radio frequency profile without device provisioning.

Device Compliance and Pending Operation Prechecks for a Seamless Deployment

To ensure a seamless deployment, Catalyst Center performs a set of prechecks to ensure that any pending operations that conflict with the current task and any device compliance issues are addressed.

Log Collection for a Device

When a resync is done for a specific device, the debug log is enabled automatically for that device, and XDE and device pack logs are collected.

Software Image Compatibility Check for Fabric Devices

To ensure the network devices (before and after a fabric deployment) are compatible with the recommended or supported software image versions based on the Catalyst Center package version, Catalyst Center performs an Image Compatibility check to evaluate the network devices.

Updating the KGV Bundle

You can request a new KGV download workflow by clearing all the stale and suspended integrity verification (IV) workflows, if there are any.

Usability Enhancements to Previewing Configurations in Visibility- and Control-Enabled Workflows

When previewing configurations in a visibility- and control-enabled workflow, you can display the device configurations in a side-by-side comparison view.

Usability Enhancements to Support Service

Support Service has the following enhancements:

• When creating a remote support authorization, you must first accept the Access Permission Agreement.

• "SR" is replaced with "case number."

• The Past Authorizations table is searchable and contains a column for the case number.

Visibility and Control of AI RF Profile Configurations

With the Visibility and Control of Configurations feature, you can preview AI RF profile configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them.

Cisco TrustSec Environment Data Download Status

With this release, the Cisco TrustSec environment data download status issue support is extended to EVPN fabric deployments.

Enhancement to Deploying and Undeploying Sensor-Driven Test Templates

When you deploy or undeploy an IP Service-Level Agreement (SLA) performance test as a part of a sensor-driven test template, Catalyst Center asks if you want to configure the relevant commands on the wireless controllers to enable or disable IP SLA, so the sensors do or do not run the tests against the APs.

Enhancements to Intelligent Capture Settings

In the Assurance > Settings > Intelligent Capture Settings, the enhancements include:

• The Configuration Status column is added to view the configuration status of the onboarding and full packet capture sessions.

  You can also view the configuration status of the AP Statistics Capture and Anomaly Capture sessions under the respective tabs.

• For AP Statistics Capture and Anomaly Capture, you can now only enable or disable specific APs or all APs managed by a wireless controller. The None option to disable these two features on all APs is no longer supported.

• To streamline the nomenclature of Intelligent Capture, the tab names on the Intelligent Capture Settings are updated, as follows:

  • Client Schedule Capture is now Onboarding Packet Capture.

  • Client Data Packet Capture is now Full Packet Capture.

  • OTA Sniffer Capture is now OTA Sniffer.

Support of Visibility and Control of Wireless Device Configurations for Intelligent Capture

With Intelligent Capture now supporting the Visibility and Control of Configurations feature, you can preview AP and wireless controller configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them.

Telemetry Status in SD-Access Health Dashboard

In the Assurance > SD-Access Health dashboard, you can view the Telemetry Status of fabric sites, transits, and virtual networks. You can also troubleshoot the root cause and auto recovery for the missing telemetry data for the network devices

Troubleshoot Telemetry Data for Wired Devices Using MRE Checks

Using MRE checks, you can troubleshoot the root cause of missing telemetry data for switches and routers. The MRE check includes:

• Check SNMP telemetry subscriptions status

• Get NETCONF details

MRE availability checks if it’s possible to automatically correct and resolve any certificate issues that are causing availability problems for network devices.

MRE for Time Drift issue: If an excessive time drift occurs between Catalyst Center and the network device and that time drift is resolved manually by configuring the NTP, during the next synchronization cycle, the excessive time drift issue is resolved automatically.

Assurance EVPN Support

With this release, Assurance supports EVPN fabric deployments. The following issues are newly added:

• VNI(s) Down on Fabric Node: This issue is triggered when the VNI(s) are down on a fabric node device in an EVPN protocol network.

• Expected Peer not present on Fabric Node: This issue is triggered when the NVE peer is missing from a fabric node device in an EVPN protocol network.

• BGP Session to Spine Node Down: This issue is triggered when the BGP session is down between a fabric node and a spine role fabric node in a fabric site.

Assurance Issues

With this release, a new Assurance telemetry status is poor issue is added to Router, Core, Distribution, and Access issues, Controller, Wired Client, Wireless Client under the System category. This issue is triggered when the telemetry status of the network device or client is poor. The issue is automatically resolved when the telemetry status is good.

SNMPv3 Support for AES192 and AES256 Encryption

With this release, Catalyst Center supports CISCOAES192 and CISCOAES256 encryption for SNMPv3 configuration. If you add devices with AES192 or AES256 encryption to Catalyst Center, Assurance data is collected for those devices.

Support for Visibility and Control of RF Configurations in the AI-Enhanced RRM Control Center

With the Visibility and Control of Configurations feature, you can preview RF configurations and send those configurations to IT Service Management (ITSM) for approval before deploying them. In the AI-Enhanced Radio Resource Management (RRM) Control Center, the AI RF Profile Simulator and Insights support the Visibility and Control of Configurations feature.

Telemetry Status in Assurance Health Dashboards

In the Assurance Network and Client Health dashboards, you can view the Telemetry Status of the devices and clients in your network.

New APIs

LAN Automation APIs

Catalyst Center platform supports the following LAN Automation APIs:

• POST <cluster-ip>/dna/intent/api/v2/lan-automation

  LAN Automation Start V2.

• PUT <cluster-ip>/dna/intent/api/v2/lan-automation/${id}

  LAN Automation Stop and Update Devices V2.

To access the new LAN Automation APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Site Management drop-down list and choose LAN Automation.

Reports APIs

Catalyst Center platform supports the following Reports APIs:

• GET <cluster-ip>/dna/data/api/v1/flexible-report/schedule/${reportId}

  Get Flexible report schedule by report ID.

• GET <cluster-ip>/dna/data/api/v1/flexible-report/report/${reportId}/executions

  Get Execution ID by report ID.

• POST <cluster-ip>/dna/data/api/v1/flexible-report/report/${reportId}/execute

  Executing the Flexible report.

• PUT <cluster-ip>/dna/data/api/v1/flexible-report/schedule/${reportId}

  Update schedule of Flexible report.

• GET <cluster-ip>/dna/data/api/v1/flexible-report/schedules

  Get all Flexible report schedules.

• GET <cluster-ip>/dna/data/api/v1/flexible-report/report/content/${reportId}/${executionId}

  Download Flexible report.

To access the new Reports APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Operational Tasks drop-down list and choose Reports.

SDA APIs

Catalyst Center platform supports the following SDA APIs:

Extranet Policy APIs

• GET <cluster-ip>/dna/intent/api/v1/sda/extranetPolicies

  Get extranet policies.

• PUT <cluster-ip>/dna/intent/api/v1/sda/extranetPolicies

  Update extranet policy.

• POST <cluster-ip>/dna/intent/api/v1/sda/extranetPolicies

  Add extranet policy.

• GET <cluster-ip>/dna/intent/api/v1/sda/extranetPolicies/count

  Get extranet policy count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/extranetPolicies/${id}

  Delete extranet policy by ID.

Port Assignment APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/portAssignments

  Add port assignments.

• GET <cluster-ip>/dna/intent/api/v1/sda/portAssignments

  Get port assignments.

• PUT <cluster-ip>/dna/intent/api/v1/sda/portAssignments

  Update port assignments.

• GET <cluster-ip>/dna/intent/api/v1/sda/portAssignments/count

  Get port assignment count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/portAssignments/${id}

  Delete port assignment by ID.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/portAssignments

  Delete port assignments.

Fabric Site APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/fabricSites

  Add fabric site.

• PUT <cluster-ip>/dna/intent/api/v1/sda/fabricSites

  Update fabric site.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricSites/${id}

  Delete fabric site by ID.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricSites

  Get fabric sites.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricSites/count

  Get fabric site count.

Fabric Zone APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/fabricZones

  Add fabric zone.

• PUT <cluster-ip>/dna/intent/api/v1/sda/fabricZones

  Update fabric zone.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricZones/${id}

  Delete fabric zone by ID.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricZones

  Get fabric zones.

• GET <cluster-ip>/dna/intent/api/v1 /sda/fabricZones/count

  Get fabric zone count.

Authentication Profile APIs

• PUT <cluster-ip>/dna/intent/api/v1/sda/authenticationProfiles

  Update authentication profile.

• GET <cluster-ip>/dna/intent/api/v1/sda/authenticationProfiles

  Get authentication profiles.

Bulk Device Provisioning APIs

• GET <cluster-ip>/dna/intent/api/v1/sda/provisionDevices

  Get provisioned devices.

• POST <cluster-ip>/dna/intent/api/v1/sda/provisionDevices

  Provision devices.

• GET <cluster-ip>/dna/intent/api/v1/sda/provisionDevices/count

  Get provisioned devices count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/provisionDevices

  Delete provisioned devices.

• PUT <cluster-ip>/dna/intent/api/v1/sda/provisionDevices

  Reprovision devices.

• DELETE <cluster-ip>/dna/intent/api/v1/ sda/provisionDevices/${id}

  Delete provisioned device by ID.

Fabric Device APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/fabricDevices

  Add fabric devices.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices

  Get fabric devices.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/count

  Get fabric devices count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices

  Delete fabric devices.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/${id}

  Delete a fabric device by ID.

• PUT <cluster-ip>/dna/intent/api/v1/sda/fabricDevices

  Update fabric devices.

Fabric Device Layer 2 Handoff APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer2Handoffs

  Add fabric devices Layer 2 handoffs.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer2Handoffs

  Get fabric devices Layer 2 handoffs.

• GET <cluster-ip>/ dna/intent/api/v1/sda/fabricDevices/layer2Handoffs/count

  Get fabric devices Layer 2 handoffs count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer2Handoffs

  Delete fabric devices Layer 2 handoffs.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer2Handoffs/${id}

  Delete fabric device Layer 2 handoff by ID.

Fabric Device IP Transit Layer 3 Handoff APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/ipTransits

  Add fabric devices Layer 3 handoffs with IP transit.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/ipTransits

  Get fabric devices Layer 3 handoffs with IP transit.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/ipTransits/count

  Get fabric devices Layer 3 handoffs with IP transit count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/ipTransits

  Delete fabric devices Layer 3 handoffs with IP transit.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/ipTransits/${id}

  Delete fabric device Layer 3 handoff with IP transit by ID.

• PUT <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/ipTransits

  Update fabric devices Layer 3 handoffs with IP transit.

Fabric Device SDA Transit Layer 3 Handoff APIs

• POST <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs /sdaTransits

  Add fabric devices Layer 3 handoffs with SDA transit.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer3Handoffs/sdaTransits

  Get fabric devices Layer 3 handoffs with SDA transit.

• GET <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer3Handoffs/sdaTransits/count

  Get fabric devices Layer 3 handoffs with SDA transit count.

• DELETE <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/ layer3Handoffs/sdaTransits

  Delete fabric devices Layer 3 handoffs with SDA transit.

• PUT <cluster-ip>/dna/intent/api/v1/sda/fabricDevices/layer3Handoffs/sdaTransits

  Update fabric devices Layer 3 handoffs with SDA transit.

Anycast Gateways APIs

• DELETE <cluster-ip>/dna/intent/api/v1/sda/anycastGateways/${id}

  Delete anycast gateway by ID.

• PUT <cluster-ip>/dna/intent/api/v1/sda/anycastGateways

  Update anycast gateways.

• GET <cluster-ip>/dna/intent/api/v1/sda/anycastGateways

  Get anycast gateways.

• POST <cluster-ip>/dna/intent/api/v1/sda/anycastGateways

  Add anycast gateways.

• GET <cluster-ip>/dna/intent/api/v1/sda/anycastGateways/count

  Get anycast gateway count.

To access the new SDA APIs, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Connectivity drop-down list and choose SDA.

API Enhancements

LAN Automation APIs

• The LAN Automation Device Update API now includes a new query param HOSTNAME_UPDATE to change the hostname of the device based on the new request body parameter hostnameUpdateDevices.

• The LAN Automation Status By Id and LAN Automation Status APIs now include three additional optional parameters discoveryLevel, discoveryTimeout, and discoveryDevices which are displayed in the response body when the user starts LAN Automation using the LAN Automation Start V2 API.

Devices APIs

• In this release, you can provide IPv6 addresses to assign the devices in the Assign Devices to Site API.

• In the Export Device list API, the password parameter is now optional.

• With this release, Catalyst Center platform supports the following changes in the response parameters of the Get Device Interfaces by specified range, Get Interface info by Id, Get Interface by IP, Get OSPF interfaces, Get ISIS interfaces, Get Interface by interface name, Get all interfaces, and Get Interface by Id APIs:

  • The addresses, lastOutgoingPacketTime, lastIncomingPacketTime, mtu, and name response parameters are now included in the above APIs.

  • The poweroverethernet, networkdevice_id, managedNetworkElementUrl, managedNetworkElement, managedComputeElementUrl, and managedComputeElement response parameters are now removed from the above APIs.

Network Settings API

In this release, a new groupName request query parameter is added in the Get Reserve IP Subpool API. The siteId parameter is now optional.

Deprecated APIs

None

—

API Changes That Break Backward Compatibility

None

—

New Events

Assurance Events

Catalyst Center platform supports the following new Assurance events:

• NETWORK-SDA-1-322: The event is generated when the Fabric Border loses connectivity with the Multicast RP in the virtual network. Unique issues are generated for each virtual network.

• NETWORK-SDA-1-345: The event is generated when the Fabric Border loses connectivity with the Multicast RP in the virtual network. A single issue is generated for each pair of Border and RP.

System Notification Event

Catalyst Center platform supports the following new System Notification event:

INTERNET-URL-ACCESS: This notification event is generated when any of the URLs listed in the Installation Guide that Catalyst Center tries to access is not reachable and impacts operations.

New Reports

Audit Log Report

This release supports a new Audit Log report type that provides detailed information about audits for a given time frame.

• You can generate an Audit Log report based on the following criteria:

  • Event Id

  • Namespace

  • Name

  • Description

  • Type

  • Category

  • Domain

  • Sub Domain

  • Severity

  • Timestamp

  • Details

  • Note

  • User

  • Event Hierarchy

  • Message

  • Message Params

  • Parent InstanceId

  • Network

  • Start Time

  • Child Count

• Supported report file formats are CSV and JSON.

• In the Setup Report Scope window, you can sort the Audit Log report based on the following:

  • Domain

  • Category

  • Time Range

• In the Schedule Report window, you can define a date range and select a time zone to generate the report.

• To access the Audit Log report, click the menu icon and choose Reports > Reports Templates > Audit Log.

  For more information about the Audit Log report, see the Cisco Catalyst Center Platform User Guide.

New APIs

User and Roles APIs

Catalyst Center platform supports the following User and Roles APIs:

• POST <cluster-ip>/dna/system/api/v1/users/external-servers/aaa-attribute

  Add and update AAA Attribute API.

• GET <cluster-ip>/dna/system/api/v1/users/external-servers/aaa-attribute

  Get AAA Attribute API.

• DELETE <cluster-ip>/dna/system/api/v1/users/external-servers/aaa-attribute

  Delete AAA Attribute API.

• POST <cluster-ip>/dna/system/api/v1/users/external-authentication

  Manage External Authentication Setting API.

• GET <cluster-ip>/dna/system/api/v1/users/external-authentication

  Get External Authentication Setting API.

To access the new User and Roles APIs, click the menu icon and choose Platform > Developer Toolkit > APIs > User and Roles.

ITSM Integration API

Catalyst Center platform supports the following ITSM Integration API:

GET <cluster-ip>/dna/intent/api/v1/integration-settings/status

Fetches the ITSM integration status.

To access the new ITSM Integration API, click the menu icon and choose Platform > Developer Toolkit > APIs.

Expand the Integrations drop-down list and choose ITSM Integration.

API Enhancements

Devices API

In the Add User-Defined-Field to device API, the value request parameter is now a required attribute.

Discovery APIs

The request parameters of the Create Global Credentials V2 and Update Global Credentials V2 APIs, httpRead.name and httpWrite.name, are now changed to httpRead.description and httpWrite.description, respectively.

Deprecated APIs

Devices API

The Get Device Config for all devices API is deprecated.

New Events

Assurance Events

Catalyst Center platform supports the following new Assurance events:

• NETWORK-DEVICES-3-801: The event is generated to display the Assurance telemetry status.

• NETWORK-APPLICATIONS-3-600: The event is generated when business-relevant applications are experiencing network latencies that are higher than normal.

EVPN Events

Catalyst Center platform supports the following new events for EVPN deployments:

• NETWORK-FABRIC_WIRED-1-340: The event is generated when the BGP session is down between the fabric node and the spine role fabric node in the fabric site.

• NETWORK-FABRIC_WIRED-1-342: The event is generated when the NVE peer is missing from a fabric node device in an EVPN protocol network.

• NETWORK-FABRIC_WIRED-1-343: The event is generated when VNI(s) are down on the fabric node.

System Notification Events

Catalyst Center platform supports the following new System Notification events:

• SYSTEM-APPLICATION-HEALTH-v1: The event is generated when there is any change in the health state of the applications registered for monitoring.

• CISCO-TRUSTED-CERTIFICATE-BUNDLE-v1: The notification event is generated when a newer Cisco trusted certificate bundle is available.

Enhancements in Displaying the MAC Address Details for APs

For APs, the MAC address details are now displayed under the Base Radio MAC Address column in the following workflows:

• Access Point Refresh

• Configure Access Points

• Configure RLAN

For APs, on the Provision > Inventory window:

• The MAC Address column denotes the base radio MAC address.

• The AP Ethernet MAC Address column is now available to view the Ethernet MAC address.

• The device details display both the Base Radio MAC Address and Ethernet MAC Address.

Enhancements to the AP Refresh Workflow

The Access Point Refresh workflow now supports the following:

• The Assurance use case where the new AP isn’t provisioned after AP refresh and only the old configuration is copied to the new AP.

  Note	If the new AP is onboarded through Plug and Play (PnP), the Assurance use case isn't supported.

• A toggle button to enable the automatic detection of the new APs using SwitchPort.

  Note	If the new AP is onboarded through PnP, automatic detection isn't supported.

Enhancements to Certificate Management UI

System Certificates, Trusted Certificates, and Device Certificates UI are modified to have a uniform layout.

Enhancements to Custom AP Groups and Flex Groups for Cisco AireOS Wireless Controller

Instead of configuring and applying the newly added custom groups to the APs during wireless controller provisioning, Catalyst Center now configures and applies them during AP provisioning.

Effective with this release, you can use the same AP groups and flex groups across multiple sites for Cisco AireOS Wireless Controllers.

Support for Displaying IOS CLI in Configuration Preview for Cisco Catalyst 9800 Series Wireless Controller

For Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.13.1 or later, you can generate IOS CLI from YANG configuration in the configuration preview.

Support for Standard Power Service

For APs with the standard power capability, compliance with FCC regulations requires the activation of Automatic Frequency Coordination (AFC). The Standard Power Service toggle button in the Create Wireless Radio Frequency Profile and Create AI Radio Frequency Profile window enables you to activate AFC for the 6-GHz band within an RF profile.

When you provision the corresponding APs, the Summary window displays the standard power service configuration details.

Upload Resource Utilization Details to CSSM: Change to Prerequisites

In earlier releases, to upload resource utilization details to CSSM, devices must have NETCONF enabled and devices must be added to the site. Effective with this release, devices don't have to have NETCONF enabled, and devices don't have to be added to the site.

Enhancements to AP Provisioning for N+1 High Availability

Effective with this release, if you are using N+1 High Availability (HA) and modify any nonflex SSIDs that are already provisioned on the primary and secondary controllers to flex SSIDs (or conversely), ensure that the states of WLANs are consistent across both the primary and secondary controllers on the corresponding site.

Enhancements to Custom Flex Profile Creation

A custom flex profile is created during Cisco Wireless Controller provisioning (with model configurations) or during AP provisioning (without model configurations). In both scenarios, the custom profile is configured with settings that are similar to the default flex profile, except for the Catalyst Center intent configurations.

Catalyst Center also provides an option to autogenerate a flex profile name.

Enhancements to Default AP Profiles During Upgrade

In earlier releases, the default AP profile was pushed to the wireless controller during upgrade.

When you upgrade to this release from an earlier version, by default, Catalyst Center doesn't push the default AP profile to the wireless controller. To update the default AP profile on the wireless controller, you must explicitly save it on the Design > Network Settings > Wireless > AP Profiles window. After you save the default AP profile, if there’s a difference between the current wireless controller configuration and the AP profile configuration saved on Catalyst Center, the default AP profile is pushed to the wireless controller during subsequent reprovisioning.

Enhancements to Preauthentication ACLs

Preauthentication Access Control Lists (ACLs) have the following enhancements:

• The Include auto rules toggle button to enable or disable pushing the Catalyst Center-generated rules to the applicable SSIDs.

• For Walled Garden URLs, a valid URL must have at least one period. Cisco AireOS Wireless Controllers don't support other special characters. Cisco Catalyst 9800 Series Wireless Controllers support the special characters . * - _.

Enhancements to VLAN ID Configuration for Wireless Interfaces

In earlier releases, the valid range for VLAN ID for wireless interfaces was from 0 through 4094.

Effective with this release, the valid range for VLAN ID for wireless interfaces is from 1 through 4094.

Enhancements to Port Configuration Within Fabric Sites

The Port Assignment tab for a fabric site now displays the authentication template configured for each port. If you don't configure the authentication template for an individual port, the port inherits these settings from the global authentication template configuration. Inherited settings are displayed with an inherit icon next to the setting.

SD-Access Compatibility Check

A device is added to the SD-Access fabric only if the device runs a software release that is compatible with the Catalyst Center release.

SD-Access Application Health Check

The health of SD-Access application is checked periodically and the status is displayed on the System Health page.

Enhancements to the Embedded Wireless Controller Image Installation for Switches

Following are the enhancements to the embedded wireless controller image installation process for switches:

• The Activate image on device option is removed.

• During the image import, you can exit the window, and view the progress of the import and schedule the installation later using the Close option.

• After the image is imported, you can install it immediately or schedule the image installation for a later date or time.

• You can check the status of image installation on the Activities > Tasks window.

Enhancements to Provisioning of Wireless Changes on Fabric Devices

If the wireless capability is enabled for a fabric device in the SD-Access device slide-in pane and there are changes in the wireless settings, you must click Configure in the slide-in pane to push the changes to the device.

Reconfiguration of Fabric for IP Address Pool Changes

When you modify the IP address pools that are used in a fabric, you must reconfigure the fabric.

Unsupported SD-Access Configuration Detection on Fabric Devices

Catalyst Center allows you to detect the unsupported SD-Access configurations on fabric devices using the SD-Access Unsupported Configuration compliance check.

New in 2.3.7.5

New Walkthroughs

• Configure AI-Enhanced RRM

• Create an AI RF Profile

• Enable Cisco AI-Enhanced RRM

• View AI-Enhanced RRM Dashboard

New in 2.3.7.4

New Walkthroughs

Enable the Field Notices Trial

CSCwh60044

SWIM upgrade fails with the error NCSW32001.

CSCwh67057

Unable to switch between tabs from Fabric Infrastructure to L2, L3, Anycast Gateway, and Port Assignment.

CSCwh70738

Wireless controller provisioning fails with the error NCSP11051 on all fabric and nonfabric wireless controllers.

CSCwh86488

Catalyst Center is unable to verify the Stealthwatch certificate, even though the Stealthwatch certificate and Catalyst Center certificate are signed by the same CA and the root CA certificate is already imported in the trustpool.

CSCwh93547

Catalyst Center and Cisco ISE integration is broken, but OTT wireless controller and NF router provisioning still works.

CSCwh94671

Manual failover to the disaster recovery site fails due to the following BGP VIP advertisement:

"Failed to do a failover. Reason: [{'name': 'Start Bgp Vip Advertisement Task', 
'status': ['Failed to start DR VIP advertisement. 
Reason: 10.14.0.105/32 VIP is not configured on same interface as 10.14.20.106 to advertise, 
Error while Validating VIP Advertisement payload']}]"

CSCwi01450

In a disaster recovery environment with multiple Catalyst Center clusters, both the active and passive disaster recovery clusters are shown in Author mode.

CSCwi03241

When you create a Central Web Authentication (CWA) guest SSID or enterprise SSID with posture enabled:

• The preauthentication access control list (ACL) returned by Cisco ISE isn't mapped to the WLAN on the wireless controller.

• The Layer 3 web policy is set as open on the wireless controller.

CSCwi28581

The network profile contains duplicate templates if multiple device series are added to the template.

CSCwi31665

When IE3x00 (IE3100, 3200, 3300, and 3400) devices are enabled with the PROFINET feature, Catalyst Center fails to recognize the IE3x00 devices as Cisco devices. Instead, Catalyst Center lists them incorrectly as third-party devices in the Inventory window, and the IE3x00 devices cannot be managed by Catalyst Center.

CSCwi37770

Enhance the custom view table settings columns to arrange them alphabetically.

CSCwi44683

Include reachability as a factor for iperf sensor selection.

CSCwi45597

The DHCP address is updated in three out of five segments during Layer 2 handoff.

CSCwi46523

After upgrading to Catalyst Center 2.3.7.4, disaster recovery rejoin fails with the error SODR10140.

CSCwi47048

Under System > Settings > System Certificates, the Disaster Recovery tab displays a "No expiry date" error.

CSCwi47693

When Cisco ISE is in inactive state during the Catalyst Center upgrade, the eps and eaworker pods crash until Cisco ISE becomes active.

CSCwi47934

Although automatic disaster recovery failover works after shutting down the active cluster, when the shut-down cluster is powered on and becomes standby (passive), the rejoin operation to make it standby (active) fails.

CSCwi51216

Extended node reprovisioning fails with the following error:

NCSO10008: Error in generating RFS due to internal error

CSCwi53916

When you enter the magctl sts status redis command on the host machine, an error is returned.

CSCwi57988

New device onboarding to a nonfabric REP ring fails when image upgrade is part of the Plug and Play (PnP) process.

CSCwi72839

In IPv6-only networks, telemetry doesn't work with FQDN-only certificates. This problem occurs in an IPv6-only network when Catalyst Center pushes its FQDN as a telemetry receiver that can't be resolved by the IOS-XE device. To work around this problem, you must add the IPv6 addresses to the alt_names section.

CSCwj11541

Performance degradation occurs while adding an edge node to the fabric.

CSCwj25876

When creating or editing an AP zone, the SSID selection gets cut off.

CSCwj27165

The wireless controller provisioning workflow generates the following error while loading the Flex configuration model configs:

Internal Server Error: An unexpected condition was encountered.
Please try after the system is restored.

CSCwj33450

Cisco Catalyst 9800 Series Wireless Controller device provisioning fails with the following error:

unable to push configs to the device <device_ip>

CSCwj40948

Package download hangs while upgrading to Catalyst Center 2.3.7.5.

CSCwj45318

Network Issue Monitor and Enrichment for ITSM (ServiceNow) bundle Help button is not working. Contact Cisco TAC to apply a workaround.

CSCwj48236

After Webhook configuration, Catalyst Center is either not sending the alerts or is sending them incorrectly.

CSCwj49460

After disaster recovery failover, postgres ongoing data replication has stopped.

CSCwj60411

WLAN profile and policy profile is out of synch, causing provisioning failures.

CSCwd42565

Catalyst Center telemetry provision for AVC on wireless controller SSID disabled on failure

CSCwe68287

Software distribution on Cisco Catalyst 9800 Series Wireless Controller is not recognized if activation is skipped using SMU and APSP.

CSCwf30218

The workflow API_ENDPOINT_CREATE takes a long time to complete.

CSCwf86819

Catalyst Center started reporting SPF-service-down, could not retrieve compliance related device data.

CSCwh19272

Catalyst Center may initiate install commit for ISSU before staggered AP upgrade is completed.

CSCwh22030

Software image shows needs update even after successfully upgrading the software image on the device.

CSCwh23552

Software image activation failed while trying to upgrade the IOS-XE along with sub-package on wireless controller through Catalyst Center.

CSCwh56371

SWIM APSP activation is taking base image name instead of APSP image name.

CSCwh91534

Catalyst Center 2.3.3.7: Unable to generate inventory report with approximately100 device due to "BAPI Execution Failed" error.

CSCwh96306

Catalyst Center is generating reports without complete information.

CSCwi27239

Self-identifying antenna showing as 'Unsupported' in wireless maps.

CSCwi38620

Catalyst Center 2.3.5.4: SWIM task showing In Progress never fails or is completed.

CSCwi76666

The number of managed locations for a site is not changing after successful provisioning.

CSCwi79754

Cisco Catalyst 9800 Series Wireless Controller provisioning fails due to UnmanagedDCS duplicateKeyException.

CSCwi85506

Software image management fails for Catalyst 9600 StackWise virtual link due to connection timeout error.

CSCwj08940

Anchor wireless controller provisioning failed with error NCWL13000.

CSCwe74245

After a disaster recovery failover, Controller-Based Application Recognition (CBAR) provisioning fails in specific scenarios for Cisco Catalyst 9800 controllers, Catalyst 9300 switches, and Catalyst 9400 switches that have wireless enabled on them.

CSCwf13940

Inventory Insights shows configuration mismatches for nonexistent uplinks.

CSCwf90631

Image distribution fails for Cisco Catalyst 2960 devices.

CSCwh28002

After successfully generating a report, Catalyst Center doesn't send the report to the configured webhook server.

CSCwh52366

The "Add SSID to IP Pool Mapping" API fails with the following error:

"bapiError": "Failed with error: SyntaxError: 
Invalid JSON: <json>:1:0 Expected json literal but found eof\n\n^",Expected json 
literal but found eof

CSCwi00888

Multiple switch provisioning fails on a template with an implicit variable.