Network profiles overview
Network profiles allow you to configure settings and apply them to a specific site or group of sites. You can create network profiles for various elements in Catalyst Center:
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Network profiles allow you to configure settings and apply them to a specific site or group of sites. You can create network profiles for various elements in Catalyst Center:
![]() Note |
|
Step 1 |
From the main menu, choose . |
||
Step 2 |
Click +Add Profile and choose Assurance. |
||
Step 3 |
In the Profile Name field, enter a valid profile name and click Next. Catalyst Center adds the profile and the Edit Profile window appears. |
||
Step 4 |
Set the DEVICE TYPE and CATEGORY filters to view the type of issues you want to configure. |
||
Step 5 |
Click an issue in the Issue Name column to open a slide-in pane with the settings.
|
||
Step 6 |
To enable or disable whether Catalyst Center monitors the issue, click the Enabled toggle button. |
||
Step 7 |
To set the issue priority, click the Priority drop-down list and choose the priority:
|
||
Step 8 |
(For certain issues) In the Trigger Condition area, you can change the threshold value for when the issue is reported. Examples of a trigger condition:
|
||
Step 9 |
(Optional) If there are any changes to the settings, you can hover your cursor over View Default Settings to display the default settings. Click Use Default to restore all the issue settings to the default values. |
||
Step 10 |
Click Apply. |
||
Step 11 |
(For certain issues) Click Manage Subscription to subscribe to external notifications for supported issues when they are triggered. |
||
Step 12 |
To assign the profile to sites, click Assign Sites. Check the check box next to the sites that you want to associate with this profile and click Save. The Edit Profile window appears.
|
||
Step 13 |
Click Done. The newly added profile appears on the Network Profiles window. |
This workflow shows how to:
Create custom configurations.
Create Firepower Threat Defense (FTD) configurations.
View the profile summary.
Step 1 |
From the main menu, choose . |
Step 2 |
Click +Add Profile and choose Firewall. The Firewall Type page appears. |
Step 3 |
To create custom configurations for regular firewalls like Adaptive Security Appliance (ASA) firewalls: |
Step 4 |
To create FTD configurations to configure the FTD devices: |
This workflow shows how to:
Configure the router WAN.
Configure the router LAN.
Configure the integrated switch configuration.
Create custom configurations.
View the profile summary.
Step 1 |
From the main menu, choose . |
||
Step 2 |
Hover your cursor over + Add Profile and choose Routing. |
||
Step 3 |
The Router WAN Configuration page displays.
|
||
Step 4 |
The Router LAN Configuration page displays. To skip the router LAN configuration, click the Skip radio button and continue to Step 5. To configure the router LAN:
|
||
Step 5 |
Based on your router configuration, the Integrated Switch Configuration page displays. If the Integrated Switch Configuration page does not display, continue to Step 6. The integrated switch configuration allows you to add new VLANs or retain the previously chosen configuration in the router LAN configuration.
|
||
Step 6 |
The Custom Configuration page displays. Custom configurations are optional. You can skip this step and apply the configurations at any time in the Network Profiles window. If you choose to add custom configurations:
|
||
Step 7 |
On the Summary page, click Save. This page summarizes the router configurations. If you have multiple devices, you can click on each device to see its configuration data. The page provides hardware recommendations based on the devices and chosen services. |
||
Step 8 |
The Network Profiles window displays. In this window, you can edit and delete the network profiles. Click Assign Site to assign a site to the network profile. For more information, see Create, edit, and delete a site. |
You can apply two types of configuration templates to a switching profile:
Onboarding template
Day-n template
Define the Onboarding Configuration template that you want to apply to the devices. Such templates contain basic network configuration commands to onboard a device so that it can be managed on the network. See Create Templates to Automate Device Configuration Changes.
Step 1 |
From the main menu, choose . |
||||||
Step 2 |
Click +Add Profile and choose Switching. |
||||||
Step 3 |
In the Add a Network Profile page, enter the profile name in the Profile Name field. |
||||||
Step 4 |
Click the tab for the template type that you want to associate with this profile.
|
||||||
Step 5 |
Click Attach Templates. |
||||||
Step 6 |
In the Add Template slide-in pane, complete these steps: |
||||||
Step 7 |
Click Save. The profile that is configured on the switch is applied when the switch is provisioned. You must add the network profile to a site for it to be effective. |
Ensure that you have created wireless SSIDs, RF profiles, and AP profiles under the
tab.If necessary, ensure that you have created templates in the
window.If necessary, ensure that you have created feature templates in the
window.
Step 1 |
From the main menu, choose . |
Step 2 |
Click Add Profile and choose Wireless. |
Step 3 |
Enter a valid profile name in the Profile Name field. |
Step 4 |
To add sites to the profile, click Assign and do these steps: |
Step 5 |
Configure the required settings in these tabs:
|
Step 6 |
Click Save to add the network profile. Catalyst Center displays the new network profile on the window. |
Ensure that you have created wireless SSIDs under the
window.
Step 1 |
In the Add a Network Profile window ( ), click the SSID tab. |
||||
Step 2 |
Click Add SSID. |
||||
Step 3 |
From the SSID drop-down list, choose the SSID that you have already created. |
||||
Step 4 |
(Optional) In the WLAN Profile Name field, enter a name for the WLAN profile. Based on the WLAN profile name, Catalyst Center automatically generates the policy profile name.
|
||||
Step 5 |
(Optional) From the 802.11be Profile Name drop-down list, choose an 802.11be profile. This profile is applicable for wireless controllers running Cisco IOS XE Release 17.15.2 or later. The wireless controllers use only one dot11be-profile, which is the default-dot11be-profile. When you choose a 802.11be profile, the corresponding attributes map to the default-dot11be-profile on the wireless controller. For more information about 802.11be profiles, see Create an 802.11be profile. |
||||
Step 6 |
Specify whether the SSID is fabric or nonfabric using the Yes or No radio buttons. To create a nonfabric SSID, click No, and configure these parameters:
|
||||
Step 7 |
(Optional) To add another SSID, click the plus icon (
|
Configure the other necessary settings for the network profile. For more information, see Create network profiles for wireless.
An AP zone allows you to associate different SSIDs and RF profiles for a set of APs on the same site. You can use device tags to identify the APs for which you want to apply AP zone. From the AP Zones tab, you can create separate AP zones with a subset of SSIDs configured in the network profile for a device tag.
Catalyst Center applies the AP zone configurations to APs during AP provisioning.
![]() Note |
|
During AP provisioning:
Based on the device tag and site of the AP, Catalyst Center selects the corresponding AP zone and automatically assigns the RF profile.
If two AP zones are configured for an AP, you can choose the required AP zone.
If there are no AP zones for an AP, you can choose the required RF profile.
Ensure that you have created wireless SSIDs under the
window.
Step 1 |
In the Add a Network Profile window ( ), click the AP Zones tab. |
Step 2 |
Click Add AP Zone. |
Step 3 |
In the AP Zone Name field, enter a name for the AP zone. |
Step 4 |
From the Device Tags drop-down list, check the check box next to the device tags that you want to choose. |
Step 5 |
From the RF Profile drop-down list, choose an RF profile. |
Step 6 |
From the SSID drop-down list, choose the SSIDs. |
Step 7 |
(Optional) To add another AP zone, click the plus icon ( |
Configure the other necessary settings for the network profile. For more information, see Create network profiles for wireless.
To apply the AP zone configuration to an AP:
Reprovision the wireless controller. For more information, see Provision a Cisco AireOS Controller and Provision a Cisco Catalyst 9800 Series Wireless Controller.
Provision the AP. For more information, see Provision Cisco APs on day 1.
You can attach feature templates to a network profile.
Step 1 |
In the Add a Network Profile window ( ), click the Feature Templates tab. |
Step 2 |
Click Add Feature Template. |
Step 3 |
In the Add Feature Template slide-in pane, do these steps:
|
Configure the other necessary settings for the network profile. For more information, see Create network profiles for wireless.
You can associate a template with a network profile.
You must create the necessary templates in the Create templates.
window. For more information, see
Step 1 |
In the Add a Network Profile window ( ), click the Templates tab. |
Step 2 |
Do this task:
|
Step 3 |
Click Attach Templates. |
Step 4 |
In the Add Template slide-in pane, do these steps: |
Configure the other necessary settings for the network profile. For more information, see Create network profiles for wireless.
You can define custom names for AP groups, site tags, and policy tags in the Advanced Settings tab of the window. For more information, see Add AP groups, flex groups, site tags, and policy tags to a network profile.
Catalyst Center configures and applies the newly added custom names specified in the Provision Group settings of the Advanced Settings tab to the APs during AP provisioning.
![]() Note |
|
You can use the same AP groups and flex groups across sites (buildings or floors) across multiple areas. Child sites inherit the AP groups and flex groups from their parent sites. However, if you create AP groups or flex groups for a child site, it overrides the settings inherited from its parent site. If an SSID is overridden for different floors in a building, you can’t reuse the AP groups or flex groups for such floors. For AP group and flex group reuse examples, see Custom AP group and flex group reuse examples.
Consider these scenarios while using the same AP groups and flex groups across multiple sites:
You must configure the same RF profile for the shared AP groups.
For example, the custom AP group AP-Group-1 is shared across Network-Profile-1 and Network-Profile-2. It’s managed by the same wireless controller with the same AP zone name (default or custom AP zone). If Network-Profile-1 uses RF-Profile-1 and Network-Profile-2 uses RF-Profile-2, a validation error occurs during provisioning. You must configure the same RF profile for AP-Group-1.
You must configure the same AP zone name for the shared custom AP groups.
For example, the custom AP group AP-Group-1 is shared across Network-Profile-1 and Network-Profile-2. Both network profiles use the same RF profile RF-Profile-1. If Network-Profile-1 uses the AP zone default-zone and Network-Profile-1 uses AP-Zone-1, a validation error occurs during provisioning. You must configure the same AP zone name for AP-Group-1.
For shared custom AP groups, if any site with active APs is removed and the RF profile is also modified simultaneously, do one of these tasks before reprovisioning the APs:
Create another custom AP group and reprovision the APs in the sites that are removed from the custom AP group.
Reprovision the APs without creating a custom AP group so that the AP uses the Catalyst Center-generated AP group. Later, reprovision the APs with the updated RF profile and the shared custom AP group.
For example, the custom AP group AP-Group-1 that uses RF-Profile-1 is shared across Building-1/Floor-1 and Building-2/Floor-2. When you provision APs on Building-1/Floor-1 and Building-2/Floor-2, the APs join AP-Group-1 on both the floors. If you change the RF profile to RF-Profile-2 and simultaneously remove Building-2/Floor-2 from AP-Group-1, a validation error occurs during provisioning. You must reprovision the APs on Building-2/Floor-2 to move them to the required AP group. Later, reprovision APs on Building-1/Floor-1.
For shared custom AP groups, if the AP zone name is changed, you must reprovision the existing APs in the old AP zone. Later, reprovision the APs with the new AP zone and the custom AP group.
For example, Network-Profile-1 is assigned to Building-1/Floor-1 with AP-Group-1, RF-Profile-1, and AP-Zone-1. Network-Profile-2 is assigned to Building-2/Floor-2 with AP-Group-1, RF-Profile-1, and AP-Zone-1. The managed AP location for the Wireless-Controller-1 is configured as Building-1 and Building-2. AP1 is provisioned on Building-1/Floor-1 and AP2 is provisioned on Building-2/Floor-2. If you change the AP group to New-AP-Group and AP zone to AP-Zone-3 on both Network-Profile-1 and Network-Profile-2, and reprovision AP1 or AP2 with AP-Zone-3 on the corresponding floors, a validation error occurs. You must reprovision AP1 and AP2 with AP-Zone-1. Later, reprovision AP1 and AP2 with AP-Zone-3 and New-AP-Group.
For shared custom AP groups, if you modify the AP zone on a parent site, these modifications are also inherited by the child sites. You must create the required AP zone on the network profile assigned to the child site.
![]() Note |
If the child site has overridden configurations, the configurations aren’t overwritten. |
For example, Building-1 contains child sites Floor-1 and Floor-2. Network-Profile-1 is assigned to Building-1 and Floor-1, and AP-Group-1, AP-Zone-1, and RF-Profile-1 are configured for Building-1. Network-Profile-2 is assigned to Floor-2, and AP-Group-1, AP-Zone-1, and RF-Profile-1 are configured for Floor-2. AP1 is provisioned on Floor-1 and AP2 is provisioned on Floor-2 with AP-Zone-1. AP zone configuration for AP-Group-1 on Building-1 is updated to use AP-Zone-2 and RF-Profile-2. Since Floor-2 inherits values from Building-1, any updates to the AP group settings on Building-1 are automatically reflected in Floor-2. So, even though APZone-2 doesn't exist in Network-Profile-2, it’s updated in the Floor-2 AP group settings due to inheritance. If you reprovision AP1 on Floor-1 with AP-Zone-2, a validation error occurs. You must create AP-Zone-1 in Network-Profile-2.
For shared custom AP groups, if the SSID is changed in the AP group, you must reprovision the APs on all the sites that use the modified AP group. If you reprovision the APs on only a few sites using the modified AP group, the AP provisioning fails. To ensure successful reprovisioning of APs, we recommend that you do one of these tasks:
Create a unique custom AP group at the sites requiring updates to the AP group. This custom AP group can be shared by multiple sites before you reprovision the APs.
Reprovision the wireless controller.
For example, the custom AP group APGroup1 is shared across Building-1/Floor-1 and Building-2/Floor-2. Building-1/Floor-1 has AP-Group-1 with AP-Zone-1, the SSID WLAN-1, and the RF profile Typical. Building-1/Floor-2 has AP-Group-1 with AP-Zone-1, the SSID WLAN-2, and the RF profile Typical. AP1 is provisioned on Floor-1 and uses AP-Group-1. If you provision AP2 on Floor-2 with AP-Zone-1, WLAN-2, Typical, a validation error occurs. You can create a unique custom AP group for Floor-2 before reprovisioning AP2.
For shared custom AP groups, if you change the RF profile and reprovision the corresponding APs, the custom AP group is updated with the new RF profile across sites for all the APs using the custom AP group.
For example, the custom AP group AP-Group-1 is shared across Network-Profile-1 and Network-Profile-2. Network-Profile-1 is assigned to Building-1/Floor-1 and uses RF-Profile-1. Network-Profile-2 is assigned to Building-2/Floor-2 and uses RF-Profile-1. AP1 is provisioned on Floor-1 and AP2 is provisioned on Floor-2. If you update the RF profile of AP-Group-1 to RF-Profile-2, and reprovision the APs, all APs using AP-Group-1 are updated to use RF-Profile-2.
You can't use the same flex group on multiple sites with different native VLAN or AAA override VLAN.
Custom policy tags can be reused across sites (areas, buildings, and floors). When you assign a custom policy tag to a site—an area, a building, or multiple floors in a building—all APs provisioned to that site and AP zone can use the same custom policy tag. By default, the custom policy tags are applicable for APs in the default AP zone; for custom AP zones, edit the policy tag and assign the custom policy tag to the required zones.
![]() Note |
While reusing the custom policy tags:
|
Custom flex profiles are configured either during wireless controller provisioning or during AP provisioning accordingly:
During wireless controller provisioning: If there’s a flex feature template attached to the network profile, a custom flex profile or a Catalyst Center autogenerated flex profile (based on the option selected while configuring a custom site tag) is created during wireless controller provisioning. The custom flex profile is configured with the same settings as that of the default flex profile except for the Catalyst Center intent configurations as defined in the feature template with IP Overlap enabled. When you provision the AP after provisioning the wireless controller, the custom flex profile isn’t overwritten except for the FlexConnect VLAN settings (Native VLAN and AAA Override VLAN), if configured.
During AP provisioning: If there’s no feature template attached to the network profile, a custom flex profile is created during AP provisioning. The custom flex profile is configured with the same settings as that of the default flex profile except for the FlexConnect VLAN settings (Native VLAN and AAA Override VLAN), if configured. Catalyst Center enables the pairwise master key (PMK) propagation in the custom flex profile during AP provisioning.
A custom AP group and flex group are shared between multiple sites with no site overrides and all sites are managed by the same wireless controller.
Site |
Site override |
AP group, AP zone, and RF profile |
Native VLAN ID override |
Primary wireless controller |
---|---|---|---|---|
Area-1/Building-1/Floor-1 |
None |
Custom-AP-Group-1, default-zone, Typical |
None |
Wireless-Controller-1 |
Area-2/Building-1/Floor-1 |
None |
Custom-AP-Group-1, default-zone, Typical |
None |
Wireless-Controller-1 |
In this scenario, the custom AP group and flex group can be shared between the sites and the APs can be successfully provisioned to these sites using the same custom AP group.
A custom AP group is shared between multiple sites where some sites have site overrides for SSID and all the sites are managed by the same wireless controller.
Site |
Site override |
AP group, AP zone, and RF profile |
Primary wireless controller |
---|---|---|---|
Area-1/Building-1/Floor-1 |
Site override - PSK changes |
Custom-AP-Group-1, AP-Zone-1, HIGH |
Wireless-Controller-1 |
Area-2/Building-1/Floor-1 |
None |
Custom-AP-Group-1, AP-Zone-1, HIGH |
Wireless-Controller-1 |
In this scenario, the custom AP group can't be reused as it has different WLAN profile mapping for the same SSID. If you provision APs to these sites using the same custom AP group, a validation error occurs during provisioning.
![]() Note |
The AP provisioning for the first site in this site hierarchy (Area-1/Building-1/Floor-1) is successful but a validation error is displayed during the second AP provisioning at Area-2/Building-1/Floor-1, which is attempting to reuse the custom AP group. |
A custom AP group is shared between multiple sites with different RF profiles and all the sites are managed by the same wireless controller.
Site |
Site override |
AP group, AP zone, and RF profile |
Primary wireless controller |
---|---|---|---|
Area-1/Building-1/Floor-1 |
None |
Custom-AP-Group-1, AP-Zone-1, HIGH |
Wireless-Controller-1 |
Area-2/Building-1/Floor-1 |
None |
Custom-AP-Group-1, AP-Zone-1, LOW |
Wireless-Controller-1 |
In this scenario, the custom AP group can't be reused as it has different RF profiles. If you provision APs to these sites using the same custom AP group, a validation error occurs during provisioning.
![]() Note |
The AP provisioning for the first site in this site hierarchy (Area-1/Building-1/Floor-1) is successful but a validation error is displayed during the second AP provisioning at Area-2/Building-1/Floor-1, which is attempting to reuse the custom AP group. |
A custom AP group is shared between multiple sites where some sites have no site overrides for SSID for the primary controller, but has an override for the secondary controller.
Site |
Site override |
AP group, AP zone, and RF profile |
Primary wireless controller |
Secondary wireless controller |
---|---|---|---|---|
Building-1 |
None |
Custom-AP-Group-1, AP-Zone-1, HIGH |
Wireless-Controller-1 |
Wireless-Controller-2 |
Building-1/Floor-1 |
None |
Custom-AP-Group-1, AP-Zone-1, HIGH |
Wireless-Controller-1 |
Wireless-Controller-2 |
Building-1/Floor-2 |
None |
Custom-AP-Group-1, AP-Zone-1, HIGH |
Wireless-Controller-1 |
Wireless-Controller-2 |
Building-2/Floor-1 |
SSID override |
Custom-AP-Group-1, AP-Zone-1, LOW |
Wireless-Controller-2 |
None |
In this scenario, the custom AP group can't be reused as it has different WLAN profile mapping for the same SSID for Wireless-Controller-2. If you provision APs to these sites using the same custom AP group, a validation error occurs during provisioning.
![]() Note |
The AP provisioning for the first site in this site hierarchy (Building-1/Floor-1) is successful but a validation error is displayed during the second AP provisioning at Building-2/Floor-1, which is attempting to reuse the custom AP group. |
A custom AP group is shared between multiple sites with different sets of WLANs and all sites are managed by the same wireless controller.
Site |
Site override |
AP group, AP zone, and RF profile |
Primary wireless controller |
---|---|---|---|
Area-1/Building-1/Floor-1 |
None |
Custom-AP-Group-1, AP-Zone-1 (WLAN-1, WLAN-2), HIGH |
Wireless-Controller-1 |
Area-2/Building-1/Floor-1 |
None |
Custom-AP-Group-1, AP-Zone-1 (WLAN-3, WLAN-4), HIGH |
Wireless-Controller-1 |
In this scenario, the custom AP group can't be reused as it has different WLAN profile mapping for the same wireless controller. If you provision APs to these sites using the same custom AP group, a validation error occurs during provisioning.
![]() Note |
The AP provisioning for the first site in this site hierarchy (Area-1/Building-1/Floor-1) is successful but a validation error is displayed during the second AP provisioning at Area-2/Building-1/Floor-1, which is attempting to reuse the custom AP group. |
Scenario 1
A custom policy tag is shared between multiple sites with no site overrides and all sites are managed by the same Cisco Wireless Controller.
Site |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|
Building 1/Floor 1 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
Building 1/Floor 2 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
In this scenario, the custom policy tags can be shared between the sites and the APs can be successfully provisioned to these sites using the same custom policy tag.
Scenario 2
A custom policy tag is shared between multiple sites where some sites have site overrides for SSID and all the sites are managed by the same wireless controller.
Site |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|
Building 1/Floor 1 |
Site Override |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
Building 1/Floor 2 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
In this scenario, the custom policy tag cannot be reused because the same tag has two different WLAN profile and policy profile mappings for the same SSID. If you provision APs to these sites using the same custom policy tag, a validation error occurs during provisioning.
![]() Note |
The AP provisioning for the first site in this site hierarchy (Building 1/Floor 1) will be successful but a validation error is shown during the second AP provisioning at Building 1/Floor 2, which is attempting to reuse the custom policy tag. |
Scenario 3
A custom policy tag is shared between multiple sites where some sites have site overrides for SSID and the sites are managed by different primary wireless controllers.
Site |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|
Building 1/Floor 1 |
Site Override |
Custom Policy Tag 1, default-zone |
wireless controller 2 |
Building 1/Floor 2 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
In this scenario, the custom policy tags can be reused and the APs can be successfully provisioned to these sites using the same custom policy tag.
Scenario 4
A custom policy tag is shared between sites which have different policy profile (learned from pre-existing infrastructure) and all the sites are managed by the same wireless controller.
Site |
Site override |
Policy profile |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|---|
Building 1/Floor 1 |
None |
Profile 1 (learned from pre-existing infrastructure) |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
Building 1/Floor 2 |
None |
Profile 2 (learned from pre-existing infrastructure) |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
In this scenario, the custom policy tag cannot be reused because the same tag is mapped to two different policy profiles for the same SSID on the same wireless controller. If you provision APs to these sites using the same custom policy tag, a validation error occurs during provisioning.
![]() Note |
The AP provisioning for the first site in this site hierarchy (Building 1/Floor 1) will be successful but a validation error is shown during the second AP provisioning at Building 1/Floor 2, which is attempting to reuse the custom policy tag. |
Scenario 5
A custom policy tag is shared between multiple sites where some sites have no site overrides for the primary wireless controller and some sites have overrides for the secondary wireless controller. All the sites are managed by the same primary wireless controller and have N+1 HA configured.
Site |
Site override |
Policy tag and AP zone |
Primary wireless controller |
Secondary wireless controller |
---|---|---|---|---|
Building 1/Floor 1 |
No Override from Global level |
Custom Policy Tag 1, default -zone |
wireless controller 2 |
- |
Building 2 |
Site Override |
Custom Policy Tag 1, default -zone |
wireless controller 1 |
wireless controller 2 |
Building 2/Floor 1 |
No Override from Building 2 |
Custom Policy Tag 1, default -zone |
wireless controller 1 |
wireless controller 2 |
Building 2/Floor 2 |
No Override from Building 2 |
Custom Policy Tag 1, default -zone |
wireless controller 1 |
wireless controller 2 |
In this scenario, since all the sites are managed by the same N+1 wireless controller, the custom policy tag cannot be reused for wireless controller 2 because the same tag has two different WLAN profile and policy profile mappings for the same SSID on the same wireless controller (wireless controller 2). A validation error occurs when you provision wireless controller 2. However, there's no error expected while provisioning the wireless controller 1.
![]() Note |
Validation is done independently for each of the wireless controllers. |
Scenario 6
A custom policy tag is shared across areas with the same network profile.
Site |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|
Area 1/Building 1/Floor 1 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
Area 2/Building 2/Floor 1 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 or 2 |
In this scenario, custom policy tags can be shared across wireless controllers managing different areas under the same network profile.
Scenario 7
A custom policy tag is shared across areas with multiple network profiles.
Example 1
In this example, custom policy tag can be reused across areas with different network profiles.
Site |
Network profile |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|---|
Area 1/Building 1/Floor 1 |
Profile 1 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
Area 2/Building 2/Floor 1 |
Profile 2 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 or 2 |
Example 2
In this example, the custom policy tag cannot be reused due to site override in Area 2.
Site |
Network profile |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|---|
Area 1/Building 1/Floor 1 |
Profile 1 |
None |
Custom Policy Tag 1, default-zone |
wireless controller 1 |
Area 2/Building 2/Floor 1 |
Profile 2 |
Site Override in Area 2 |
Custom Policy Tag 1, default-zone |
wireless controller 1 or 2 |
Scenario 8
A custom policy tag is shared across multiple AP zones.
Example 1
In this example, the same custom policy tag can be reused across two AP zones (workarea, corridor) when they have the same set of SSID (SSID 1).
Site |
Site override |
Policy tag and AP zone |
Primary wireless controller |
---|---|---|---|
Area 1/Building 1/Floor 1 |
None |
Custom Policy Tag 1, workarea (SSID 1) |
wireless controller 1 |
Area 2/Building 2/Floor 1 |
None |
Custom Policy Tag 1, corridor (SSID 1) |
wireless controller 1 |
Example 2
In this example, the custom policy tag cannot be reused because the AP zones do not have the same set of SSIDs.
Site |
Site Override |
Policy Tag and AP Zone |
Primary wireless controller |
---|---|---|---|
Area 1/Building 1/Floor 1 |
None |
Custom Policy Tag 1, workarea (SSID 1, SSID 2) |
wireless controller 1 |
Area 2/Building 2/Floor 1 |
None |
Custom Policy Tag 1, corridor (SSID 1) |
wireless controller 1 |
![]() Note |
Reconfiguring a shared custom policy tag (for example, swapping the AP zone for a policy tag with another tag) results in conflicting configurations for existing APs on different floors that are yet to be reprovisioned. This prevents provisioning because the APs that are yet to be provisioned are still using the old configuration. However, reconfiguration of a shared custom policy tag is allowed in cases where all the APs that share the tag are on the same floor. The APs are updated with the latest configuration when you reprovision the APs of all the zones. |
Catalyst Center allows you to add AP groups, flex groups, site tags, and policy tags in a network profile. Adding AP groups and flex groups saves time during AP provisioning by eliminating the need to make repetitive configuration changes and ensures consistency across your devices. If you don't configure the custom names, Catalyst Center uses the autogenerated AP group names and tags for the APs.
![]() Note |
Flex group configuration is available only when the network profile has at least one associated flex-based SSID. |
Ensure that you have assigned a site to the network profile.
To create flex group names, under the SSIDs tab, ensure that you have checked the Flex Connect Local Switching check box and defined the VLAN ID in the Local to VLAN field to mark the nonfabric SSID as a flex-based SSID. For more information, see Add SSIDs to a network profile.
If you have enabled Flex Connect Local Switching for an SSID, all the APs on the floor where the network profile is mapped, switch to FlexConnect mode.
For information about reprovisioning the wireless devices, and using the groups and tags, see Overview of AP groups, flex groups, site tags, and policy tags.
Step 1 |
In the Add a Network Profile window ( ), hover your cursor over Advanced Settings and click Provision Group. |
Step 2 |
(Optional) To create an AP group in the network profile, expand AP Groups and AP Profiles and click Create Custom AP Group. In the Add AP Group slide-in pane, do these steps: |
Step 3 |
(Optional) To create a flex group in the network profile, expand Flex Group and click Create Flex Group. In the Create Flex Group slide-in pane, do these steps:
|
Step 4 |
(Optional) To create a site tag in the network profile, expand Site Tags and AP Profiles and click Create Custom Site Tag. In the Create Site Tag slide-in pane, do these steps: |
Step 5 |
(Optional) To create a policy tag in the network profile, expand Policy Tag and click Create Policy Tag. In the Create Policy Tag slide-in pane, do these steps: |
Configure the other necessary settings for the network profile. For more information, see Create network profiles for wireless.
An additional interface on a Cisco Wireless Controller maps a WLAN to a VLAN or subnet. You can configure additional interfaces for a network profile for wireless.
Step 1 |
In the Add a Network Profile window ( ), hover your cursor over Advanced Settings and click Additional Interface. |
||
Step 2 |
To create an additional interface, click Create New Interface and do these steps: Alternatively, you can create an additional interface on the Create a wireless interface. window. For more information, see |
||
Step 3 |
To add additional interfaces to a network profile, do one of these tasks
|
After configuring the necessary settings for the network profile, click Save. For more information, see Create network profiles for wireless.