Cisco Catalyst Center User Guide, Release 3.1.3

About Inventory

The Inventory function retrieves and saves details, such as host IP addresses, MAC addresses, and network attachment points about devices in its database.

The Inventory feature can also work with the Device Controllability feature to configure the required network settings on devices, if these settings are not already present on the device.

Inventory uses these protocols, as required:

Link Layer Discovery Protocol (LLDP).
IP Device Tracking (IPDT) or Switch Integrated Security Features (SISF). (IPDT or SISF must be enabled on the device.)
LLDP Media Endpoint Discovery. (This protocol is used to discover IP phones and some servers.)
Network Configuration Protocol (NETCONF). For a list of devices, see Discovery prerequisites.

After the initial discovery, Catalyst Center maintains the inventory by polling the devices at regular intervals. The default interval is every 24 hours. However, you can change this interval as required for your network environment. For more information, see Update the device polling interval. Polling occurs for each device, link, host, and interface. Only the devices that have been active for less than one day are displayed. This prevents stale device data, if any, from being displayed. On average, polling 500 devices takes approximately 20 minutes. A configuration change in the device triggers an SNMP trap, which in turn triggers device resynchronization. Device resynchronization is also triggered after the inventory service restart under these circumstances:

If there is an upgrade (Catalyst Center upgrade) after the inventory service restart.
If the device's synchronization is in terminated or delayed state after the service restart.
If the Last Sync time for the device is more than 75 percent of the periodic resync interval configured on the device. For example, after the inventory service restart, if the Last Sync time for a device has crossed 18 hours and the configured periodic resync interval is 24 hours, the device will be resynchronized before the periodic resync interval. The percentage for the resync interval cutoff time may vary based on the value configured on the device.

Note the following points regarding device resynchronization:

Port up/down events are grouped together every 80 seconds. As a result, only one event is reported per 80-second window for each device. This process updates the device's port-related inventory data.
Configuration change events are grouped every 10 minutes, triggering a resync request for the device.
If three consecutive syncs occur due to port up/down traps or configuration change traps, the next event-based sync for that device is delayed by 5 minutes.
If the rate of event bursts exceeds 60% within a consolidation window, the resync for that device is delayed by 45 minutes.

Inventory and Cisco ISE authentication

Cisco ISE has two different use cases in Catalyst Center:

If your network uses Cisco ISE for device authentication, you need to configure the Cisco ISE settings in Catalyst Center. As a result, when provisioning devices, Catalyst Center configures the devices with the Cisco ISE server information that you defined. In addition, Catalyst Center configures the devices on the Cisco ISE server and propagates subsequent updates to the devices. For information about configuring Cisco ISE settings in Catalyst Center, see Configure global network servers.

Note

If you are using Cisco ISE for authenticating Cisco Catalyst 9800 series devices, you must configure Cisco ISE to provide privilege for NETCONF users.

If a device is not configured or updated on the Cisco ISE server as expected due to a network failure or the Cisco ISE server being down, Catalyst Center automatically retries the operation after a certain wait period. However, Catalyst Center does not retry the operation if the failure is due to a rejection from Cisco ISE, as an input validation error.

When Catalyst Center configures and updates devices in the Cisco ISE server, the transactions are captured in the Catalyst Center audit logs. You can use the audit logs to help troubleshoot issues related to the Catalyst Center and Cisco ISE inventories. You can also find information on the ISE integration status in the provisioning summary for the device and under the Provisioning Status column in Catalyst Center inventory (by clicking the See Details link).

After you provision a device, Catalyst Center authenticates the device with Cisco ISE. If Cisco ISE is not reachable (no RADIUS response), the device uses the local login credentials. If Cisco ISE is reachable, but the device does not exist in Cisco ISE or its credentials do not match the credentials configured in Catalyst Center, the device does not fall back to use the local login credentials. Instead, it goes into a partial collection state.

To avoid this situation, make sure that before you provision devices using Catalyst Center, you have configured the devices in Cisco ISE with the same device credentials that you are using in Catalyst Center. Also, make sure that you configured valid discovery credentials. For more information, see Discovery credentials. Any deviation in the Cisco TrustSec (CTS) credentials on the device is identified during compliance check and is displayed under the Network Settings tile in compliance summary.

If required, you can use Cisco ISE to enforce access control to groups of devices.

Display information about your inventory

You can display and filter for information about discovered devices in your inventory. You can also customize or change the information displayed in the Devices table.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information from the discovery process.

Note

For the devices that are added as Fully Qualified Domain Name (FQDN), hover your cursor over the i icon next to the device name in the IP address column to view the Resolved IP Address.

If the Inventory window contains APs that don't meet the license requirements, Catalyst Center displays a dialog box with the details. In this dialog box, you have the option to:


Option	Task
Skip this dialog box in the future.	Check the Don't show this again check box.
Open the License Manager window and enable the licenses.	Click License Manager (for more information, see "Manage Licenses" in the Cisco Catalyst Center Administrator Guide)
Enable the licenses later.	Click Do this later.

Step 2

(Optional) To change the site, click Global and use either the search bar or network hierarchy to find a site.

The Inventory window displays the devices available in the chosen site.

Step 3

(Optional) To change the Inventory view, use the toggle button () in the top-right corner.

You can change your default view (the list layout) to other layouts, such as the topology or map layout.

Step 4

(Optional) To change the Devices table focus views, from the Focus drop-down list, select a view, such as Default, Inventory, or Software Images.

Note

The displayed columns change depending on the chosen focus view.
The selected devices persist in each new focus view.

Step 5

(Optional) To filter for specific device details in the Devices table, use these filter options.


Option	Task
To filter for a device family	Select one or more of the device family buttons at the top of the Inventory window. For example, you can click Routers to display only routers in the table.
To filter for device work items, in the left pane	Check the check box of one or more work items. The table is immediately filtered for the work item. For example, you can check the Unreachable check box to display only unreachable devices in the table.
To filter for specific device details	Click Filter devices and select from these options: Quick Filters, Advanced Filters, or Recent Filters. Then click Apply.

For more information, see Filter devices.

Step 6

(Optional) To take a guided tour of the Inventory window, click Take a tour in the top-right corner.

Step 7

(Optional) To export all the data in the Devices table, click Export in the top-right corner.

Step 8

(Optional) To customize the Devices table, click the settings icon () in the top-right corner, select your preferred options in the Table Settings slide-in pane, and then click Apply.


Option	Description
Table Appearance	Select to use the default or compact table view and table striping.
Edit Table Columns	Select to create a custom view and to hide or display columns.

Note

The column selection doesn’t persist across sessions.

This table provides key information about specific table columns.

Column

Description

Device Name

Name of the device.

Click the device name for more information about that device.

Note

A device name that is displayed in red means that the inventory hasn’t polled the device and updated its information for more than 30 minutes.

Support Type

Shows the device support level:

Supported: The device profile is tested for all applications on Catalyst Center. You can open a service request if any of the Catalyst Center functionalities for these devices don’t work.
Limited: The device profile for legacy devices is tested only for these features and tested only on a best-effort basis on Catalyst Center.
- Discovery
- Topology
- Device Reachability
- Config Change Audit
- Inventory
- Software Image Management (Software images may not be available for EOL devices on cisco.com. Not recommended for EOL devices.)
- Template Provisioning (Applicable only for switches.)
For more information, see the Legacy Device Compatibility Matrix.
Third Party: The device profile has been tested on Catalyst Center for third-party devices that are capable of populating SNMP MIB 2 values. Catalyst Center supports limited base automation (Inventory and Topology) and limited assurance capabilities, such as third-party device 360, device health calculation based on reachability status and device interface and reachability issues.

For more information, see the Cisco Catalyst Center Compatibility Matrix.
Unsupported: All remaining Cisco and third-party devices that aren’t tested and certified on Catalyst Center. You can try out various functionalities on Catalyst Center for these devices, as a best effort. However, you can’t raise a service request or a bug if Catalyst Center features don’t work as expected.

Reachability

Shows various statuses:

Reachable: The device is reachable by Catalyst Center using SNMP, HTTP(S), and NETCONF polling.
Ping Reachable: The device is reachable by Catalyst Center using ICMP polling and not reachable using SNMP, HTTP, HTTPS, and NETCONF polling.
Unreachable: The device isn’t reachable using SNMP, HTTP, HTTPS, NETCONF, or ICMP polling.

EoX Status

Shows the EoX scan status:

Success: The device is scanned for EoX alerts successfully.
Not Scanned: The device isn’t scanned for EoX alerts.
Scan Failed: Catalyst Center isn’t able to scan the device for EoX alerts.
Scanning: Catalyst Center is scanning the device for EoX alerts.

Hover your cursor over the i icon next to EoX Status, and click Consent to Connect hyperlink. To initiate an EoX scan, you must accept and submit the authorization in the Consent to Connect dialog box.

For the devices that are scanned successfully, the EoX Status column shows the number of alerts, if any. Click the number of alerts to view the alerts in detail.

In the slide-in pane, click the Hardware, Software, and Module tabs to view the hardware, software, and module EoX alerts.

Manageability

Shows the device status:

Managed with green tick icon: Device is reachable and is fully managed.
Managed with orange error icon: Device is managed with some error, such as unreachable, authentication failure, missing NETCONF ports, internal error, and so on. Hover your cursor over the error message to view more details about the error and the impacted applications.
Unmanaged: Device can’t be reached and no inventory information was collected because of device connectivity issues.

Note

For an ongoing device resynchronization, the Syncing status is displayed. Click the status to view:

Ongoing sync details,
Previous sync details,
Reasons for the synchronization, and
The application that requested the synchronization.

A message is displayed for pending resync requests that are in the queue. If multiple requests are pending, they are merged based on the features to be synced and the priority. The sync details can display multiple reasons for a sync event.

Platform

Cisco product part number.

Device Role

Role assigned to each discovered device during the scan process. The device role is used to identify and group devices according to their responsibilities and placement within the network. If Catalyst Center is unable to determine a device role, it sets the device role to Unknown.

Note

If you manually change the device role, the assignment remains static. Catalyst Center doesn’t update the device role even if it detects a change during a subsequent device resynchronization.

If required, you can use the drop-down list in this column to change the assigned device role.

Site

The site to which the device is assigned.

If the device isn't assigned to any site, do these steps:

Click Assign.
Click Choose a Site.
select a site from the hierarchy.
Click Save.

For more information, see Network hierarchy overview.

Last Updated

Most recent date and time on which Catalyst Center scanned the device and updated the database with new information about the device.

Note

Click Sync Details to view the Last Sync Start Time and Reason(s) for Last Sync.

For an ongoing device resynchronization, Sync Details displays:

Ongoing sync details,
Previous sync details,
Reasons for the synchronization, and
The application that requested the synchronization.

A message is displayed for pending resync requests that are in the queue. If multiple requests are pending, they are merged based on the features to be synced and the priority. The sync details can display multiple reasons for a sync event.

Resync Interval

The polling interval for the device.

Set the resync interval from the Inventory window by choosing Actions > Edit Device > Resync Interval.

To set the resync type as Global, from the main menu, choose System > Settings. For more information, see the Cisco Catalyst Center Administrator Guide.

Provisioning Status

Shows the status of the last provisioning operation attempted on a device. Click See Details to view the status of past provisioning operations.

Success: The latest operation on the device was successful.
Success with a warning icon: The latest operation on the device was successful, but there are failures from past provisioning operations that may need user attention.
Failed: The latest operation on the device has failed.
Failed with a warning icon: The latest operation on the device has failed, and there are failures from past provisioning operations that may need user attention.
Configuring: The device is currently being configured.
Pending: The system is trying to determine if the device will be impacted by an ongoing provisioning operation.
Not Provisioned: The device has never been provisioned.
Out of Sync: The network settings or network profiles for a device have been modified after the last provisioning operation.

Credential Status

Shows the device credential status:

Not Applied: The device credential isn’t applied on the device.
Success: The device credential is applied on the device successfully.
Failed: The device credential failed on the device.

Click See Details to view the details about the credentials.

The Credential Status slide-in pane shows the Type, Name/Description, Status, and Details of the credential.

For a device whose status is Failed, hover your cursor over the ellipsis icon () in the Actions column and select Retry or Clear.

Retry: Applies the credential on the device.
Clear: Clears the device credential.

AP CDP Neighbors

Displays details about the switch and port connected to an AP in the Inventory window. This window displays information about AP CDP neighbors even if the connected access switch is managed by Catalyst Center.

Edit Custom Views: First you must create a custom view in the Edit Table Columns tab, and then you can edit the custom view.
Reset All Settings: Reset the table settings to the default settings.

Step 9

(Optional) To manage your devices from the Devices table, you can tag devices, add devices, or use the Actions drop-down list.


Name	Description
Tag	Click Tag to tag devices, edit and delete tags, or create port groups. For more information, see Manage devices in the Inventory window.
Add Device	Click Add Device to add a network or compute device, or to integrate a Meraki dashboard or Firepower Management Center (FMC) with Catalyst Center. For more information, see Types of devices in the Catalyst Center Inventory.
Actions drop-down list	Use the Actions drop-down list to manage your devices, software images, telemetry, and more. To view more details about each action option, click the right-adjacent information icon ().

Step 10

(Optional) In the Devices table, you can do a variety of actions.

To sort the columns in either ascending or descending order, click the column header.
To view more details about a device, click the device name and then click View Device Details.
To view a device's compliance details, click either Non-Compliant or Compliant under the Compliance column.
To assign a site to a device, click Assign under the Site column.
To change a device role, click the edit icon under the Device Role column and then select from the options, such as ACCESS or CORE.

To change the number of entries, scroll down to the bottom of the window, and from the Show Records drop-down list, select the number of entries that you want to appear.

Note

If there are more than 25 entries in the table and you select a different focus view, the same number of entries appears in each new view.

Note

Each focus view displays different columns, and you can customize a table view to include columns, such as Compliance, Site, Device Role, and Software Image.

Display information about a device

You can display, filter, and search for information about a discovered device, its security, and its compliance.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

In the Devices table, click the name of a device and more information about the device is displayed.

Step 3

Click View Device Details.

The device details are displayed in the window.

Step 4

Use this table that describes the available information in this window to display, filter, and search for details about a device.

Name

Description

Run Commands

This link is available only for routers, wireless controllers, switches, and hubs.

Launch the Command Runner application to run diagnostic CLI commands and view the resulting command output on a device.

To launch Command Runner, you must have installed the Command Runner application. For more information, see the Cisco Catalyst Center Administrator Guide.

Manage APs

This link is available only for Cisco Catalyst 9800 Series Wireless Controllers on which the Per-Device Configuration feature is enabled.

For a wireless controller that is provisioned using Per-Device Configuration, click this link to manage the associated APs.

Note

If the wireless controller is provisioned using the intent-based wireless network configurations with site-based network profiles, you can only view the list of associated APs using this link.

For more information, see Manage APs associated with a Cisco Catalyst 9800 Series Wireless Controller.

This link is available for all devices.

Displays the Device 360 window for that device.

To open this window, you must have installed the Assurance application.

Interfaces

This tab is available for all devices except APs.

Displays information about the device's ports, such as its Ethernet ports, in a topology or table view.

For more information about device interfaces, see Display information about a device interface.

Layer 2 Configuration

This tab is available only for Cisco Catalyst 9000 Series Switches and Cisco Catalyst IE switches running Cisco IOS-XE 17.3 or later. For a complete list of supported devices, see the Cisco Catalyst Center Compatibility Matrix.

Note

Classic IE switches are not supported.

Displays information about the layer 2 configuration of a device such as VLAN, Discovery Protocols, STP, VTP, and so on.

For more information, see View and edit layer 2 configuration of a device.

Security

This tab is available only for Cisco Catalyst 9000 Series Switches and Cisco Catalyst IE switches.

Displays the Cisco TrustSec details configured on the device.

For more information, see View and edit security configuration of a device.

Industrial Configuration

This tab is available only for Cisco Catalyst IE switches.

Displays configurations specific to IE switches such as, CIP and Profinet details, alarms, and port configurations.

For more information, see View and edit industrial configuration of a device.

Hardware & Software

This tab is available on all devices.

Displays the device's hardware and software details, such as its uptime, provision status, and Cisco ISE integration status, with an operational summary.

Configuration

This tab is available only for APs, routers, and switches.

For routers, switches, and hubs, this tab displays detailed configuration information that is similar to what is displayed in the output of the show running-config command. You can hide line numbers, search for a command line or piece of text, or export the CLI output.

For APs, this tab displays information about the AP configuration and radio configurations.

This feature is not supported for wireless controllers, so configuration data is not returned for this device type.

Power

This tab is available only for routers and switches.

Displays details about the device's power usage and supplies.

To specify or narrow down the data in the Power Supplies table, you can either:

Click Search Table, manually enter a value, and then press the Enter key. The narrowed search results are displayed with the value highlighted throughout the table.
Click the filter icon () to display power supplies by any combination of values, such as values for the Name, Operational Status, and Serial Number fields.

Fans

This tab is available only for routers and switches.

Displays details about fans.

To specify or narrow down the data in the Fans table, you can either:

Click Search Table, manually enter a value, and then press the Enter key. The narrowed search results are displayed with the value highlighted throughout the table.
Click the filter icon () to display fans by any combination of values for the Name and Operational Status fields.

SFP Modules

This tab is available only for routers and switches.

Displays details such as the manufacturer and the ports that Small Form-Factor Pluggable (SFP) modules are connected to.

To specify or narrow down the data in the SFP Modules table, you can either:

Click Search Table, manually enter a value, and then press the Enter key. The narrowed search results are displayed with the value highlighted throughout the table.
Click the filter icon () to display SPF modules by any combination of values, such as values for the Name, Platform, and Serial Number fields.

User Defined Fields

This tab is available for all devices.

Displays the user-defined fields that are associated with the device.

Click Manage User Defined Fields to display the Manage User Defined Fields slide-in pane. You can do these tasks:

Click Create New Fields to create a new field.
Click Search Table, manually enter a value, and then press the Enter key. The narrowed search results are displayed with the value highlighted throughout the table.
Click the filter icon () to display user-defined fields by any combination of values, such as values for the Name, Description, and Action fields.

To add a user-defined field to a device, you first must create a user-defined field in the Manage User Defined Fields slide-in pane. For more information, see Create user-defined fields.

To display a user-defined field, you must assign it to a device and add a value to it. For more information, see Add user-defined fields to a device.

Config Drift

This tab is available for all devices.

Displays configuration changes on the device, including a change history, and compares two configuration versions. You can do these tasks:

Label the configuration drift on the time line for future reference. For more information, see Label configuration drift.
Pick any two versions of the same device and compare their running configuration data.

REP Rings

This tab is available for Cisco Catalyst Industrial Ethernet 3100, 3200, 3300, 3400, 4000, 5000, and 9300 Series Switch. Cisco Embedded Services 3300 Series Switches (ESS3300), S5200, and S5800.

Displays details about Resilient Ethernet Protocol (REP) rings, such as its name, ring size, first adjacent device, and so on.

Click Create REP Ring and follow the workflow to create a REP ring.

For more information, see Delete a node from a REP ring or Delete a REP ring.

MRP Rings

This tab is available only for Cisco Industrial Ethernet (IE) 3000, 4000, 5000 Series Switches.

Displays details about Media Redundancy Protocol (MRP) rings, such as ring ID, ring size, VLAN ID, network topology status, profile value, and ring details.

To view the MRP ring details from Provision > Inventory > Topology view, click anywhere on the ring.

For more information, see MRP ring for nonfabric deployment and View MRP ring status for nonfabric deployment.

Wireless Info

This tab is available only for wireless controllers.

Displays details about managed sites, wireless, redundancy, health parameters, and more.

In the Wireless Summary tab, in the SSIDs table, you can search for a specific value by clicking Search Table, manually entering a value, and then pressing the Enter key. The narrowed search results are displayed with the value highlighted throughout the table.

CONFIGURATION

This area is available only for wireless controllers.

Mobility: This tab displays mobility details, such as the mobility group name, RF group name, and so on.

The Mobility Peers table is displayed if mobility peers are configured on the device. If mobility peers are not configured, see Configure mobility group.

You can filter the table to display specific mobility peers by any combination of values, such as values for MAC address, Device Name, and IP Address fields.

Per-Device Configuration: Available only for Cisco Catalyst 9800 Series Wireless Controllers on which this feature is enabled.

For the wireless controller, you can use Per-Device Configuration to manage individual features such as, WLAN configurations, RF configurations, and so on.

Note

If the wireless controller is provisioned using the intent-based configurations with site-based network profiles, you can only view the device configurations in this area.

For more information, see Per-Device Configuration for a Cisco Catalyst 9800 Series Wireless Controller.

Advisories

This tab is available for all devices.

Displays a device's advisory details in the Advisories table. You can do these tasks:

Click Manage All to display the Security Advisories window to manage your devices and advisories.
Click Filter to display advisories by any combination of values, such as values for the Advisory ID and Advisory Title fields. Then click Apply.
Click an advisory ID to display more information about that advisory.
In the Custom Match Pattern column, click Add match pattern to add or update a condition to match with devices in the CONDITIONS text box. Then you can save the match pattern and run a scan to check the number of devices that match with the match pattern.

Field Notices

Displays information about field notices for the device. See View Field Notices.

Potential Field Notices

Displays information about potential field notices for the device.

Summary

This tab is available for all devices.

Displays a device's compliance summary, such as when compliance last ran for the Startup vs Running configuration. You can do these tasks:

Click Run Compliance Check to check the device for compliance.
Click View Preference for Acknowledged Violations to view the list of acknowledged violation attributes. You can unlist a violation to open it.

Display information about a device interface

For routers, wireless controllers, switches, or hubs, you can display, search, and filter for information about a device's interface. Depending on the device, certain information is available.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

In the Devices table, click the name of a device, and then click View Device Details.

Step 3

In the left pane, expand Interfaces.

Step 4

Use this table that describes the Interfaces drop-down list options to display details about an interface.


Name	Description
Ethernet Ports	This tab is available for all devices except APs. Displays Ethernet ports details in two views: topology and table. The topology view displays the Ethernet port topology of a device with a color-coded system of each port's connection status. The table view displays Ethernet ports details, such as the ports' operational status, admin status, and so on. For more information about the two views, see Display information about Ethernet ports.
VLANs	This tab is only available for switches and hubs. Displays VLAN details, such as its operational status and admin status, in table format. The VLANs table displays the ID of these types of VLANs: VLAN ID of the manufacturing-supplied default VLAN VLAN ID of the configured default VLAN VLAN ID of the configured VLAN To specify or narrow down the data in the VLANs table, you can either: Click Search Table, manually enter a value, and then press the `Enter` key. The narrowed search results are displayed with the value highlighted throughout the table. Click the filter icon () to display VLANs by any combination of values, such as values for the VLAN Name, VLAN ID, and Operational Status fields.
Virtual Ports	This tab is only available for wireless controllers and routers. Displays details about ports, such as its operational status, admin status, and so on. To specify or narrow down the data in the VLANs table, you can either: Click Search Table, manually enter a value, and then press the `Enter` key. The narrowed search results are displayed with the value highlighted throughout the table. Click the filter icon () to display virtual ports by any combination of values, such as values for the Port Name, Operational Status, and Admin Status fields.

Display information about Ethernet ports

In the Ethernet Ports tab, you can display, search, and filter for certain information about a port or ports through either the topology view or table view.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

In the Devices table, click a device name, and then click View Device Details.

Step 3

In the left pane, expand Interfaces and select Ethernet Ports.

Step 4

In the upper-right corner, click Topology View () to view the Ethernet port topology if it's not already displayed.

This view displays the Ethernet port topology of a device with a color-coded system of each port's connection status. Hover your cursor over a port for more details.

Note

For Cisco Catalyst 4000 Series, 6000 Series, and 9000 Series Switches and Cisco ASR 1000 Series Aggregation Services Routers, this view displays line cards and supervisor cards details, such as the part number and serial number, if the cards are available.

Step 5

In the topology view, you can do these tasks:

To view the error reason for an error-disabled port, click the port.
To filter for a specific Ethernet port, use the Color Code drop-down list. The table describes the available drop-down list options.

Table 1. Color code drop-down list options
Name	Description
Status	Displays the default view of the topology view.
Access VLANs	Displays the access VLAN assigned to a particular port. The Access VLANs view allows you to select a maximum of five access VLANs and lists only the access VLANs associated with the port. This option displays the access VLANs in this color-coded system: Selected, Not Configured, Default, and VLAN.
Port Channels	Displays the top five port channels that are configured on the device. This option only displays the configured port channels on the device in this color-coded system: Selected and Port-channel with a corresponding number.

Step 6

In the upper-right corner, click Table View () to view the Ports table.

The Ports table displays Ethernet ports details, such as a ports' operational status, admin status, and so on.

Step 7

(Optional) To specify or narrow down the data in the Ports table, you can:

Click Search Table, manually enter a value, and then press the Enter key. The narrowed search results are displayed with the value highlighted throughout the table.
Click the filter icon () to display ports by any combination of values, such as values for the Tags, Port Name, and Type fields. Enter the wanted values, and click Search.

Step 8

(Optional) In the table view, you can do these tasks:

Click Tag to tag a port or ports, search for a tag, or manage tags.
For more information, see Assign tags to ports.
Click Export to export the Ports table data.

View and edit layer 2 configuration of a device

Use this procedure to view and edit the layer 2 configuration of a device.

Before you begin

Make sure that you have devices in your inventory. If not, discover the devices using the Discovery feature.

Ensure that the devices are in a reachable state.

Note

You cannot edit configurations for devices that are part of a network or device group or Cisco SD-Access fabric network.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

In the Devices table, click the device name, and then click View Device Details.

The device details and a summary of the device configurations is displayed. The Layer 2 Configuration area displays a summary of the layer 2 configurations on the device.

Step 3

Choose one of these options to view the layer 2 configuration details:

In the Layer2 Configuration area, click View Layer 2 Details.
In the left pane, expand Layer 2 Configuration.

Step 4

Use this table to view and edit the layer 2 configurations.

Click the Edit icon in the configuration details window to edit the configurations.

You can use these options available in the edit windows:

Reset and Set to Default options to reset the settings or to restore the default settings.
The x icon to remove a value from a field and the delete icon to remove a configuration.

Table 2. Layer 2 configurations
Name	Description
VLAN	Displays the list of supported VLANs. Click on the VLAN ID to view the VLAN details. Use these options to add or edit a VLAN: To add a new VLAN, click Add VLAN. Enter the VLAN ID, VLAN Name and add other configurations, if required. To edit a VLAN, check the check box next to the VLAN ID and click Edit. Edit the configurations and add other configurations, as required.
Discovery Protocols	Displays details such as admin status, hold time, timer, and so on, for the discovery protocols. Click the Edit icon to edit the configurations and add other configurations, as required.
STP	Displays the STP configurations such as the operational mode, STP port default fast mode, and other default configurations. It also displays the supported STP VLANs. Click the Edit icon to edit the configurations and add other configurations, as required. To edit a VLAN, check the check box next to the VLAN ID and click the Edit icon.
VTP	Displays the VTP details such as VTP mode, VTP version, and other default configurations. Click the Edit icon to edit the configurations and add other configurations, as required.
DHCP Snooping	Displays the DHCP Snooping details such as admin status, DHCP snooping on VLANS and other default configurations. Click the Edit icon to edit the configurations and add other configurations, as required.
IGMP Snooping	Displays the IGMP Snooping details such as admin status, IGMP Snooping Querier, and other default configurations. It also displays the supported IGMP Snooping VLANs. Click the Edit icon to edit the configurations and add other configurations, as required. To edit a VLAN, check the check box next to the VLAN ID and click Edit.
MLD Snooping	Displays the MLD Snooping configurations and the supported MLD Snooping VLANs. Click the Edit icon to edit the configurations and add other configurations, as required. To edit a VLAN, check the check box next to the VLAN ID and click Edit.
UDLD	Displays the UDLD configurations on the device such as the UDLD mode (enabled or disabled), message interval and other default configurations. Click the Edit icon to edit the configurations and add other configurations, as required.
Authentication	Displays the authentication details, such as the authentication status and configuration mode. Click the Edit icon to edit the configurations. You can enable or disable the authentication method.
Logical Ports	Displays the port channel configurations and the list of supported port channels. Click on the port channel name to view details. Click the Edit icon to edit the configurations and add other configurations, as required. In the Port Channel table, use the Add option to add port channels. From the drop-down list, choose the Port Channel Protocol. Enter a Port Channel Name. Add other configurations, if required. Click Save. To edit a port channel, check the check box next to the Port Channel Name and click Edit.
Port Configuration	Displays the list of supported ports. Click on the port name to view the port configuration details. Check the check box next to the Port Name and click Edit. Edit the configurations and add other configurations, as required.

Use these options to sort, filter, and export the table data displayed in the configuration details window:

To sort the columns in either ascending or descending order, click the column header.
Use the Search Table option to search for an item.
Click the filter icon to display the table items by any combination of values.
Click Export to export the table data.
Click the settings icon to customize the table.

Step 5

After editing the required configurations, click Next.

Step 6

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Step 7

On the Tasks window, monitor the task deployment.

What to do next

After successful provisioning, you can view the updated configurations in the Layer 2 Configuration tab under device details in the inventory. If there's any failure, the device inventory displays the existing configurations.

View and edit security configuration of a device

Use this procedure to view and manage the CiscoTrustSec details configured on the device.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Click the device name, and then click View Device Details.

Step 3

Use one of these options to view the security configuration details:

Under Summary, in the Security area, click View Security Details.
In the left pane, expand Security.

Step 4

Use this table to view and edit the configuration details.


Name	Description
Cisco TrustSec	Displays the Cisco TrustSec details. Device SGT: SGT number for the incoming traffic. Valid range is 2 to 65519 for IOS XE 17.6 or later. 2 to 65521 for IOS XE 17.6 or earlier. Authorization List Name: Cisco TrustSec global authorization. Enforcement: Enable or disable role-based access control. Default value is disabled. SGT VLAN Map: Displays number of SGT to VLAN mappings. Click the number to view the SGT and the mapped VLANs. Enforcement VLANs: List of VLANs on which SGACL policy is enabled.
Port Configuration	Displays the Cisco TrustSec details configured on the ports such as, role-based access control, manual control, SGT number and so on. Click the port name to view the details and use the edit option to configure the ports.

Step 5

Click the Edit icon to edit the configurations.

Step 6

After editing the required configurations, click Next.

Step 7

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Step 8

On the Tasks window, monitor the task deployment.

View and edit industrial configuration of a device

Use this procedure to view and edit the industrial configurations of an Industrial Ethernet (IE) switch.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

In the Devices table, click the device name, and then click View Device Details.

Step 3

Use one of these options to view the industrial configuration details:

Under Summary, in the Industrial configuration area, click View Industrial Configuration Details.
In the left pane, expand Industrial configuration.

Step 4

Use this table to view and edit the industrial configuration details.


Name	Description
CIP	Displays the CIP (Common Industrial Protocol) details. Window Timeout: Timeout duration after which the CIP session will be shut down. Valid range is 1 to 3600 seconds and the default value is 600 seconds. Encap Inactivity Timeout: Session timeout shared between switches under CIP. Valid range is 0 to 3600 seconds and the default value is 120 seconds. Interface VLAN ID: VLAN ID associated with CIP. CIP Status: Displays CIP status—enabled or disabled.
PROFINET	Displays the Profinet details. Profinet ID: Displays Profinet ID. Enable Profinet: Displays Profinet status—enabled or disabled. It is enabled by default. Connection Status: Displays connection status—connected or disconnected. Default value is disconnected. VLAN ID: The VLAN for the Profinet. Default VLAN ID is 1. Enable MRP: MRP status—enabled or disabled. It is enabled by default.
Modbus	Displays the Modbus configuration details. Number of TCP connections: Displays the number of parallel TCP connections supported. Valid range is 1 to 5. Default value is 1. Port Number: TCP port number. Valid range is 1 to 65535. Default value is 502. Modbus Status: Displays Modbus status on the device—enabled or disabled. It is disabled by default.
Alarm	Displays the alarm settings on the device. Relay Mode: Alarm output state—positive or negative. Default is positive. Facility FCS Hysteresis: Interface FCS error rate in hysteresis percentage. Default value is 10. Alarm Facility: Displays the number of alarm facilities supported on the device. The supported alarm facilities varies based on the device model. Click the number to view the alarm facilities. Use the edit option to modify the alarm facility configurations. Alarm Contact: Displays the number of alarm contacts supported on the device. Click the number to view the contact details. Use the edit option to modify the configurations. Alarm Profile: Displays the number of alarm profiles supported on the device. Click the number to view the profile details. Use the Add Alarm Profile option to add a alarm profile.
Port Configuration	Displays the list of ports and the associated alarm profile name. Use the edit option to configure a alarm profile for the port.

Step 5

Click the Edit icon to edit the configurations.

Step 6

After editing the required configurations, click Next.

Step 7

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Step 8

On the Tasks window, monitor the task deployment.

Manage port details

You can manage and edit certain port details of a device.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

In the Devices table, click a device name, and then click View Device Details.

Step 3

In the left pane, expand Interfaces and choose Ethernet Ports.

Step 4

Click a port in the topology view (), or click a port name in the table view ().

Information about the port displays.

Note

For Cisco Catalyst 2000, 3000, and 9000 Series Switches, port details include the port's maximum allocated power and power drawn.
This window displays the details of the CDP neighbor. If CDP is not present, the LLDP neighbor details displays. If both CDP and LLDP neighbors are not present, the Neighbor Details area is hidden from this window.

Step 5

(Optional) Click Tag to tag the port, search for a tag, manage tags, or create a new tag.

For more information, see Assign tags to ports.

Step 6

(Optional) To manage the port, click the Port Actions drop-down list and choose from these options:

To shut down the port and change the port's admin status to Down, choose Port Shut. Then click Okay to confirm.

This option is only available when the port is open and the admin status is Up.
To open the port and change the port's admin status to Up, choose Port No Shut. Then click Okay to confirm.

This option is only available when the port is shut and the admin status is Down.
To clear the port's MAC address, choose Clear Mac Address.
To activate an error-disabled port, clear the MAC address and shut down the port.

Note

The device software type must be Cisco IOS or Cisco IOS XE to clear the MAC address and shut down a port.
For wireless controllers, clearing the MAC address and shutting down the port are not supported.
Clearing the MAC address and shutting down the port are supported only on access ports.
Port shutdown disrupts the traffic on a port.

Step 7

To edit certain port details, such as the port description area, use this table.


Name	Description
Access VLAN	Click the Edit icon. In the Edit Access VLAN dialog box, choose an access VLAN from the drop-down list, and then click Save to assign the access VLAN to the port. You cannot update the access VLAN for the ports that have two access VLANs preconfigured.
Voice VLAN	Click the Edit icon next to Voice VLAN. In the Edit Voice VLAN dialog box, choose a voice VLAN from the Select Value drop-down list, and then click Save to assign the voice VLAN to the port.
Port Description	Click the Edit icon next to PORT DESCRIPTION, enter a description, click Save, and then click Okay to add a description to the port. Click the delete icon to delete the description. In the Warning dialog box, click Okay.

Note

The device software type must be Cisco IOS or Cisco IOS-XE to edit VLAN details and the port description.
Editing VLAN details is supported only on access ports.
For wireless controllers, editing VLAN details is not supported.

Inventory user interface enhancement

The enhanced Catalyst Center inventory user interface provides the existing inventory features while improving filters and layout for a better user experience.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1	From the main menu, choose Provision > Inventory. The enhances Inventory window appears by default and displays the device information gathered during the discovery process.
Step 2	Click the location option in the top menu bar to select the site, building, or floor from the network hierarchy to manage your device.
Step 3	Use the device families area appears at the top of the Inventory window to select one or more device families. The available device families are: Routers, Switches, Wireless Controllers, Access Points, and Sensors.
Step 4	Use the Focus drop-down list to filter the devices based on Inventory, Default, Software Image, Provision, Security, or Device Replacement.
Step 5	Use the divider bar at the left corner of the Device table to collapse or expand the table width.
Step 6	In the DEVICE WORK ITEMS area, select one or more filter criteria to narrow down the devices in the table.
Step 7	Click Add Device to add a new device in the inventory. For more information, see Add devices to the Catalyst Center Inventory.
Step 8	Use Tag to tag a device. For more information, see Manage devices in the Inventory window.
Step 9	Use the Action drop-down list to do the device actions on one or more devices.
Step 10	Click the i icon to learn about the list of actions and their respective functionalities.
Step 11	To edit or customize the inventory table, click the gear icon in the right corner at the top of the table and do these steps: Click Table Appearance to define the Table Density and Table Striping. Click Edit Table Columns to select the device information that you want to include in the inventory table during the discovery process. Click Edit Custom Views to customize your current view. Click Apply to save the changes or click Reset All Settings to apply the default settings for the inventory table.
Step 12	Use the Filter Devices option to apply the advanced filter in your device table. For more information, see Filter Devices.
Step 13	Click the toggle buttons at the top-right corner to switch between Dashboard, Table, Topology, and Map view.
Step 14	Click Go to old page to navigate to old inventory window.
Step 15	Use Export to export all data in the device table.

Manage user-defined fields

User-defined fields are custom labels that you can create and assign to any device in Catalyst Center. These labels allow you to display more details about the device. For a user-defined field to display, you must assign it to a device and add a value to it.

Create user-defined fields

Catalyst Center allows you to create user-defined fields and assign them to any device.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

In the Devices table, click the name of a device, and then click View Device Details.

Step 3

In the left pane, click User Defined Fields.

Step 4

Click Manage User Defined Fields.

Step 5

In the Manage User Defined Fields slide-in pane, click Create New Field.

Step 6

In the Create New Field dialog box, enter a field name and description.

Note

You can add device details that are not already present in the Device Details window, such as customer IP address and customer device name, in user-defined fields.

Step 7

Click Save.

To create more user-defined fields, click Create New Field again.

Step 8

(Optional) To edit a user-defined field, click the corresponding edit icon, make the required changes, and click Save.

Step 9

(Optional) To delete a user-defined field, click the corresponding delete icon and click Yes at the prompt.

Add user-defined fields to a device

Before you begin

You must have created at least one user-defined field in the Manage User Defined Fields window. See Create user-defined fields.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory.
Step 2	Click the name of the device for which you want to add user-defined fields, and then click View Device Details.
Step 3	In the left pane, click User Defined Fields.
Step 4	Click Add User Defined field.
Step 5	From the Field Name drop-down list, choose a user-defined field and enter its value in the Value field. For example, if you created a user-defined field for the customer IP address, choose it from the Field Name drop-down list, and enter the customer IP address in the Value field.
Step 6	(Optional) To remove a user-defined field from the device, click the corresponding delete icon.
Step 7	Click Save.

Launch Topology map from Inventory

You can launch the Topology map for the discovered devices from the Inventory window.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Use the toggle button () to switch between the Topology map view and the Inventory view. The Topology map view displays the topology and the provisioning status of the device. Click each node to view the device details. See About topology for more information on the Topology map.

Note

Click Collapse All or Expand All to collapse and expand the Topology map view.

Types of devices in the Catalyst Center Inventory

Devices show up in the inventory in one of two ways: by being discovered or by being added manually. Catalyst Center Inventory supports various types of devices, including:

Network Devices: Supported network devices include Cisco routers, switches, and wireless devices such as wireless controllers and access points (APs).
Compute Devices: Supported compute devices include the Cisco Unified Computing System (UCS), devices running Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS), and other data center devices.
Meraki Dashboard: Dashboard to the Cisco cloud management platform for managing Cisco Meraki products.
Firepower Management Center (FMC): Provides complete and unified management over Firepower Threat Defense (FTD) devices for managing Cisco network security solutions.
Third-Party Device: Third-party devices are capable of populating SNMP MIB 2 values. Catalyst Center support limited base automation (Inventory and Topology) and assurance capabilities such as third party device 360, device health calculation based on reachability status, and device interface and reachability issues.

For a complete list of supported devices, see the Cisco Catalyst Center Compatibility Matrix.

Add devices to the Catalyst Center Inventory

You can add new devices or existing devices to the Catalyst Center Inventory.

Procedure

Step 1	From the main menu, choose Provision > Inventory. The Inventory window displays the device information that is gathered during the discovery process.
Step 2	Click Add Device. The Add Device slide-in pane appears with options for adding new devices (using Plug and Play) and existing devices.
Step 3	Choose one of these options to add existing devices to the inventory. To add devices using the discovery process, click Discovery and follow the workflow. For more information, see Discover devices. To add a single device, click Single Device. Choose the type of device that you want to add. To add a network device, see Add a network device. To add a compute device, see Add a compute device. To integrate the Meraki dashboard, see Integrate the Meraki dashboard. To integrate the Firepower Management Center, see Integrate Firepower Management Center. To add a third-party device, see Add a third-party device. To import device configuration from a CSV file, click Import Inventory. For more information, see Import device configurations from a CSV file.
Step 4	Choose one of these options to add new devices to the inventory. New devices are added using the Plug and Play process. You can choose to add a single device, multiple devices, or devices from a Smart Account. Clicking on any of these tiles takes you to the corresponding options in the Plug and Play window. To add a single device, click Single Device. For more information, see Add or edit a device To add devices in bulk from a CSV file, click Bulk Devices. For more information, see Add devices in bulk. To add devices from a Smart Account, click Smart Account. For more information, see Add devices from a Smart Account.

What to do next

You can view and manage the devices in your inventory. For more information, see Manage devices in the Inventory window. To manage the newly added devices from the Plug and Play window, see View devices.

Manage network devices

Add a network device

You can add a network device to your inventory manually.

Before you begin

Make sure you configure your network device. For more information, see Discovery prerequisites.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Click Add Device.

The Add Device slide-in pane appears with options to add devices.

Step 3

In the Add Existing devices area, click the Single Device tile.

Step 4

From the Type drop-down list, choose Network Device.

Step 5

In the Device IP / DNS Name field, enter the IP address or name of the device.

Note

If the device uses the HSRP protocol, you must enter the primary IP address and not the virtual IP address.

Step 6

Expand the CLI area, if it is not already expanded, and do one of these steps:

To use global credentials, click the Select global credential radio button.

Note

If no CLI global credentials are available, create the global CLI credentials in the Network Settings > Device Credentials window. See Add global CLI credentials.

To configure credentials for the specific device, click the Add device specific credential radio button and configure these fields:

Table 3. CLI credentials

Field

Description

Name/Description

Name or phrase that describes the CLI credentials.

If authentication fails for CLI, Catalyst Center retries the authentication process for 300 seconds (5 minutes).

Username

Name that is used to log in to the CLI of the devices in your network.

Password

Password that is used to log in to the CLI of the devices in your network.

For security reasons, re-enter the password as confirmation.

Note

Passwords are encrypted for security reasons and are not displayed in the configuration.

Enable Password

Password used to move to a higher privilege level in the CLI. Configure this password only if your network devices require it.

For security reasons, re-enter the enable password.

Note

Passwords are encrypted for security reasons and are hidden in the configuration.

Step 7

Expand the SNMP area, if it is not already visible and do one of these steps:

To use global credentials, click the Select global credential radio button.

Note

If no SNMP global credentials are available, create the global SNMP credentials in the Network Settings > Device Credentials window. See Add global SNMPv2c credentials and Add global SNMPv3 credentials.

Click the Add device specific credential radio button then continue this procedure.

Step 8

From the Version drop-down list, choose V2C (SNMP Version 2c) or V3 (SNMP Version 3).

If you choose V2C, configure these fields:

Table 4. SNMPv2c credentials

Field

Description

Read

Name/Description: Name or description of the SNMPv2c settings that you are adding.
Read Community: Read-only community string password used only to view SNMP information on the device.

Note

Passwords are encrypted for security reasons and are hidden in the configuration.

Write

Name/Description: Name or description of the SNMPv2c settings that you are adding.
Write Community: Write community string used to make changes to the SNMP information on the device.

Note

Passwords are encrypted for security reasons and are hidden in the configuration.

If you choose V3, configure these fields:

Table 5. SNMPv3 credentials

Field

Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.

Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Select one of these modes:

Authentication and Privacy: Provides both authentication and encryption.
Authentication, No Privacy: Provides authentication, but does not provide encryption.
No Authentication, No Privacy: Does not provide authentication or encryption.

Auth. Type

Authentication type to be used. (Enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode.) Select one of these authentication types:

SHA: Authentication based on HMAC-SHA.
MD5 (not recommended): Authentication based on HMAC-MD5.

Auth. Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and are hidden in the configuration.

Privacy Type

Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Select one of these privacy types:

AES128: 128-bit CBC mode AES for encryption.
CISCOAES192: 192-bit CBC mode AES for encryption on Cisco devices.
CISCOAES256: 256-bit CBC mode AES for encryption on Cisco devices.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support encryption standards. Passwords (or passphrases) must be at least eight characters long.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and are hidden in the configuration.

Step 9

Expand the SNMP RETRIES AND TIMEOUT area, if it is not already expanded, and configure these fields:

Table 6. SNMP properties
Field	Description
Retries	Number of times Catalyst Center tries to communicate with network devices using SNMP.
Timeout (in Seconds)	Amount of time, in seconds, between retries.

Step 10

Expand the HTTP(S) area, if it is not already visible, and do one of these steps:

Click the Select global credential radio button if you want to use the global HTTP(S) credentials that have been already created.

Note

If no HTTP or HTTPS global credentials are available, create the global HTTP or HTTPS credentials in the Network Settings > Device Credentials window. See Configure Global HTTP(S) Credentials.

Click the Add device specific credential radio button and configure these fields:

Table 7. HTTP and HTTPS credentials

Field

Description

Type

Specifies the kind of HTTPS credentials you are configuring. Valid types are Read or Write.

Read

You can configure up to 10 HTTPS read credentials:

Name/Description: Name or description of the HTTPS credentials that you are adding.
Username: Name used to authenticate the HTTPS connection.
Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.
Port: Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).

The password must contain between 7 and 128 characters, including at least one of these characters:

Lowercase letter (a to z)
Uppercase letter (A to Z)
Number (0 to 9)
Special character: # _ * ? –

Note

The password cannot contain spaces or angle brackets (< >). Some Cisco IOS XE devices do not allow a question mark (?).

Write

You can configure up to 10 HTTPS write credentials:

Name/Description: Name or description of the HTTPS credentials that you are adding.
Username: Name used to authenticate the HTTPS connection.
Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.
Port: Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).

The password must contain between 7 and 128 characters, including at least one of these characters:

Lowercase letter (a to z)
Uppercase letter (A to Z)
Number (0 to 9)
Special character: # _ * ? –

Note

The password cannot contain spaces or angle brackets (< >). Some Cisco IOS XE devices do not allow a question mark (?).

Step 11

Expand the NETCONF area, if it is not already expanded, and configure the Port field.

Note

NETCONF requires that you configure SSH as the CLI protocol and define the SSH credentials.

Table 8. NETCONF setting
Field	Description
Port	Port on the device. You can use one of these ports: Port 830 (default). Any other port that is available on the device. A custom port that Catalyst Center configures. (You can use a custom port only if Device Controllability is enabled. For more information, see the Device Controllability section in the Cisco Catalyst Center Administrator Guide.) If authentication fails for NETCONF, Catalyst Center retries the authentication process for 300 seconds (5 minutes).

Step 12

Select one of the network Protocol radio button that enables Catalyst Center to communicate with remote devices. Valid values are SSH2 or Telnet.

Step 13

(Optional) Click Validate next to Credentials. Catalyst Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark.

All the credentials will be validated except the SNMP Write credentials.

Step 14

Click Add.

Update network device credentials

You can update the discovery credentials of selected network devices. The updated settings override the global and job-specific settings for the selected devices.

Note

You cannot update the credentials of a third-party device that is added to the inventory.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

You must have either administrator (ROLE_ADMIN) or policy administrator (ROLE_POLICY_ADMIN) permissions and the appropriate RBAC scope to do this procedure.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

Select the network devices that you want to update.

Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

Step 4

In the Edit Device dialog box, choose Network Device from the Type drop-down field, if it is not already selected.

Step 5

Expand the CLI area, if it is not already expanded, and do one of these steps:

If you want to use the global CLI credentials that have been already created, click the Select global credential radio button.

Note

If no CLI global credentials are available, create them in the Network Settings > Device Credentials window. See Configure Global CLI Credentials.

Click the Edit device specific credential radio button and configure these fields:

Table 9. CLI credentials
Field	Description
Username	Name that is used to log in to the CLI of the devices in your network.
Password	Password that is used to log in to the CLI of the devices in your network. For security reasons, re-enter the password as confirmation. Passwords are encrypted for security reasons and do not display in the configuration.
Enable Password	Password that is used to move to a higher privilege level in the CLI. For security reasons, re-enter the enable password. Passwords are encrypted for security reasons and do not display in the configuration.

Step 6

Expand the SNMP area, if it is not already expanded, and do one of these steps:

If you want to use the global SNMP credentials that have been already created, click the Select global credential radio button.

Note

If no SNMP global credentials are available, create them in the Network Settings > Device Credentials window. See Configure Global SNMPv2c Credentials and Configure Global SNMPv3 Credentials.

Click the Edit device specific credential radio button then continue with this procedure.

Step 7

From the Version drop-down list, choose V2C (SNMP Version 2c) or V3 (SNMP Version 3).

If you chose V2C, configure these fields:

Table 10. SNMPv2c credentials

Field

Description

Read

Name/Description: Name or description of the SNMPv2c settings that you are adding.
Read Community: Read-only community string password used only to view SNMP information on the device.

Note

Passwords are encrypted for security reasons and are not displayed in the configuration.

Write

Name/Description: Name or description of the SNMPv2c settings that you are adding.
Write Community: Write community string used to make changes to the SNMP information on the device.

Note

Passwords are encrypted for security reasons and are not displayed in the configuration.

If you chose V3, configure these fields:

Table 11. SNMPv3 credentials

Field

Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.

Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Select one of these modes:

Authentication and Privacy: Provides both authentication and encryption.
Authentication, No Privacy: Provides authentication, but does not provide encryption.
No Authentication, No Privacy: Does not provide authentication or encryption.

Auth. Type

Authentication type to be used. (Enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode.) Select one of these authentication types:

SHA: Authentication based on HMAC-SHA.
MD5 (not recommended): Authentication based on HMAC-MD5.

Auth. Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and are hidden in the configuration.

Privacy Type

Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Select one of these privacy types:

AES128: 128-bit CBC mode AES for encryption.
CISCOAES192: 192-bit CBC mode AES for encryption on Cisco devices.
CISCOAES256: 256-bit CBC mode AES for encryption on Cisco devices.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support encryption standards. Passwords (or passphrases) must be at least eight characters long.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and are hidden in the configuration.

Step 8

Expand the SNMP RETRIES AND TIMEOUT area, if it is not already expanded, and configure these fields.

Table 12. SNMP properties
Field	Description
Retries	Number of attempts allowed to connect to the device. Valid values are from 1 to 3. The default is 3.
Timeout	Number of seconds Catalyst Center waits when trying to establish a connection with a device before timing out. Valid values are from 1 to 300 seconds in intervals of 5 seconds. The default is 5 seconds.

Step 9

Expand the HTTP(S) area, if it is not already expanded, and do one of these steps:

If you want to use the global HTTP and HTTPS credentials that have already been created, click the Select global credential radio button.

Note

If no HTTP or HTTPS global credentials are available, create them in the Network Settings > Device Credentials window. See Configure Global HTTP(S) Credentials.

Click the Edit device specific credential radio button and configure these fields:

Table 13. HTTP and HTTPS
Field	Description
Username	Name that is used to log in to the HTTP and HTTPS of the devices in your network.
Password	Password that is used to log in to the HTTP and HTTPS of the devices in your network. For security reasons, re-enter the password as confirmation. Passwords are encrypted for security reasons and are hidden in the configuration.
Port	Specify the required HTTP or HTTPS port number.

Step 10

Expand the NETCONF area, if it is not already expanded, and configure the Port field.

NETCONF requires that you configure SSH as the CLI protocol and define the SSH credentials.

Step 11

Select one of the network Protocol radio buttons that enables Catalyst Center to communicate with remote devices. Valid values are SSH2 or Telnet.

Step 12

(Optional) Click Validate next to Credentials. Catalyst Center validates the device credentials and shows the valid credentials with green tick mark and invalid credentials with red cross mark.

If you have chosen more than one device for updating the credentials, the Validation button disables.

Step 13

Click Update.

Security focus for network devices

The Catalyst Center security focus allows you to view the results of the trustworthy checks on your devices.

Few security checks are done to ensure that your Cisco devices are authentic and are not compromised or altered physically.

As a part of device identity verification, checks run, including:

Verification of Secure Unique Device Identifier (SUDI) certificate chain.
Signature verification of SUDI certificate response of the device.
Product ID verification with the SUDI certificate.
Serial number verification with the SUDI certificate.

These checks are triggered under these circumstances:

Every time Inventory gets collected in the Catalyst Center.
When you make any configuration changes on your devices.
When you make any image upgrades in your devices.

This CLI command is used to do a device identity verification check:

show platform sudi certificate sign nonce ${randomNonceValue}

View the integrity verification status of a device

This procedure explains how to view the status of the integrity verification check.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

From the Focus drop-down menu, choose Security.

Step 3

In the Devices table, if the Integrity Verification column for your device displays Failed as the status, click the information icon () to display the reason.

Note

If the Integrity Verification column is not displayed, see Display information about your inventory.

View device certificate status

Device certificates are the certificates that are issued by Catalyst Center to authenticate the devices managed by it.

Use this procedure to view the device certificate status.

Note

You can view the number of device certificates that are expiring or expired on the Device Certificate Issues tile, on Catalyst Center home window.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

From the Focus drop-down list, choose Security.

Step 3

You can view the device certificate status under Certificate Status column.

One of these statuses display:


Item	Description
Active	Certificate is valid.
Expiring	Check SCEP connectivity or configuration required for device to renew the certificate.
Expired	If this is unexpected, you can generate a new certificate for the device by following the instructions in this Update device configuration using telemetry.
Not Provisioned	Certificate is not provisioned.
NA	Device certificate status is yet to be available. Please check again later.

Step 4

To view the device certificate details, click the device certificate status hyperlink.

Manage compute devices

Add a compute device

You can add a compute device to your inventory manually. A compute device includes devices such as the Cisco Unified Computing System (UCS), devices running Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS), and other data center devices.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

Click Add Device.

The Add Device slide-in pane appears with options to add devices.

Step 3

In the Add Existing devices area, click the Single Device tile.

Step 4

From the Type drop-down list, choose Compute Device.

Step 5

In the Device IP / DNS Name field, enter the IP address or name of the device.

Step 6

Expand the HTTP(S) area, if it is not already expanded, and do one of these steps:

If you want to use the global HTTP or HTTPS credentials that have already been created, click the Select global credential radio button.

Note

If no HTTP or HTTPS global credentials are available, create them in the Network Settings > Device Credentials window. See Add global HTTPS credentials.

Click the Add device specific credential radio button and configure these fields:

Table 14. HTTP and HTTPS
Field	Description
Username	Name used to authenticate the HTTPS connection.
Password	Password used to authenticate the HTTPS connection.
Port	Number of the TCP/UDP port used for HTTPS traffic. The default is port number 443 (the well-known port for HTTPS).

Step 7

Expand the CLI area, if it is not already expanded, and do one of these steps:

If you want to use the global CLI credentials that have been already created, click the Select global credential radio button.

Note

If no CLI global credentials are available, create them in the Network Settings > Device Credentials window. See Add global CLI credentials.

Click the Add device specific credential radio button and configure these fields:

Table 15. CLI credentials
Field	Description
Username	Name that is used to log in to the CLI of the devices in your network.
Password	Password that is used to log in to the CLI of the devices in your network. For security reasons, re-enter the password as confirmation. Passwords are encrypted for security reasons and are not displayed in the configuration.
Enable Password	Password that is used to move to a higher privilege level in the CLI. For security reasons, re-enter the enable password. Passwords are encrypted for security reasons and are not displayed in the configuration.

Step 8

Expand the SNMP area, if it is not already expanded, and do one of these steps:

If you want to use the global SNMP credentials that have been already created, click the Select global credential radio button.

Note

If no SNMP global credentials are available, create them in the Network Settings > Device Credentials page. See Add global SNMPv2c credentials and Add global SNMPv3 credentials.

Click the Add device specific credential radio button then continue this procedure.

Step 9

From the Version drop-down list, choose V2C (SNMP Version 2c) or V3 (SNMP Version 3).

If you chose V2C, configure these fields:

Table 16. SNMPv2c credentials

Field

Description

Read

Name/Description: Name or description of the SNMPv2c settings that you are adding.
Read Community: Read-only community string password used only to view SNMP information on the device.

Note

Passwords are encrypted for security reasons and are not displayed in the configuration.

Write

Name/Description: Name or description of the SNMPv2c settings that you are adding.
Write Community: Write community string used to make changes to the SNMP information on the device.

Note

Passwords are encrypted for security reasons and are not displayed in the configuration.

If you chose V3, configure these fields:

Table 17. SNMPv3 credentials

Field

Description

Name/Description

Name or description of the SNMPv3 settings that you are adding.

Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Select one of these modes:

Authentication and Privacy: Provides both authentication and encryption.
Authentication, No Privacy: Provides authentication, but does not provide encryption.
No Authentication, No Privacy: Does not provide authentication or encryption.

Auth. Type

Authentication type to be used. (Enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode.) Select one of these authentication types:

SHA: Authentication based on HMAC-SHA.
MD5 (not recommended): Authentication based on HMAC-MD5.

Auth. Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and are hidden in the configuration.

Privacy Type

Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Select one of these privacy types:

AES128: 128-bit CBC mode AES for encryption.
CISCOAES192: 192-bit CBC mode AES for encryption on Cisco devices.
CISCOAES256: 256-bit CBC mode AES for encryption on Cisco devices.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support encryption standards. Passwords (or passphrases) must be at least eight characters long.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and are hidden in the configuration.

Step 10

(Optional) Click Validate next to Credentials. Catalyst Center validates the device credentials and shows the valid credentials with green tick mark and invalid credentials with red cross mark.

All the credentials will be validated except the SNMP Write credentials.

Step 11

Click Add.

Update compute device credentials

You can update the discovery credentials of selected compute devices. The updated settings override the global and job-specific settings for the selected devices.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1	From the main menu, choose Provision > Inventory. The Inventory window displays the device information that is gathered during the discovery process.
Step 2	Select the devices that you want to update.
Step 3	From the Actions drop-down list, choose Inventory > Edit Device.
Step 4	In the Edit Device dialog box, from the Type drop-down list, choose Compute Device.
Step 5	Expand the HTTP(S) area, if it is not already expanded.
Step 6	In the Username and Password fields, enter the username and password.
Step 7	In the Port field, enter the port number.
Step 8	(Optional) Click Validate next to Credentials. Catalyst Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark. If you have chosen more than one device for updating the credentials, the Validation button is disabled.
Step 9	Click Update.

Manage Meraki dashboards

Integrate the Meraki dashboard

You can integrate your Meraki dashboard with Catalyst Center.

Procedure

Step 1	From the main menu, choose Provision > Inventory. The Inventory window displays the device information that is gathered during the discovery process.
Step 2	Click Add Device. The Add Device slide-in pane appears with options to add devices.
Step 3	In the Add Existing devices area, click the Single Device tile.
Step 4	From the Type drop-down list, choose Meraki Dashboard.
Step 5	Expand the HTTP(S) area, if it is not already expanded.
Step 6	In the API Key/Password field, enter the API key used to access the Meraki dashboard. Then, click the Get Organization details link.
Step 7	From the Organization drop-down list, select the organization options, or search for an organization name.
Step 8	(Optional) Click Validate next to Credentials. Catalyst Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark.
Step 9	Click Add. Only the selected organizations start collecting for the Meraki dashboard and devices.

Update Meraki dashboard credentials

You can update the Meraki dashboard credentials of selected devices. The updated settings override the global and job-specific settings for the selected devices.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1	From the main menu, choose Provision > Inventory. The Inventory window displays the device information that is gathered during the discovery process.
Step 2	Select the devices that you want to update.
Step 3	From the Actions drop-down list, choose Inventory > Edit Device.
Step 4	In the Edit Device slide-in pane, from the Type drop-down list, choose Meraki Dashboard.
Step 5	Expand the HTTP(S) area, if it is not already expanded.
Step 6	In the API Key / Password field, enter the API key used to access the Meraki dashboard.
Step 7	In the Port field, enter the port number.
Step 8	(Optional) Click Validate next to Credentials. Catalyst Center validates the device credentials and shows valid credentials with a green tick mark and invalid credentials with a red cross mark. If you have chosen more than one device for updating the credentials, the Validation button is disabled.
Step 9	Click Update.

Manage Firepower Management Center

Integrate Firepower Management Center

You can integrate your Firepower Management Center (FMC) with Catalyst Center.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Click Add Device.

The Add Device slide-in pane appears with options to add devices.

Step 3

In the Add Existing devices area, click the Single Device tile.

Step 4

From the Type drop-down list, choose Firepower Management Center.

Step 5

In the Device IP / DNS Name field, enter the IP address or name of the device.

Step 6

Expand the HTTP(S) area if it is not already expanded.

The Add device specific credential radio button is chosen by default.

Step 7

Enter this information:

Username: Name used to authenticate the HTTPS connection.
Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.
Port: The number of the TCP/UDP port used for HTTPS traffic. The default port number is 443.

Step 8

Click Add.

Note

When you add FMC to inventory, the Firepower Threat Defense (FTD) devices managed by FMC are also added to inventory automatically. The available High Availability (HA) pairs with details of active and standby FTDs are shown in the Inventory window.

Step 9

To view the HA details of the paired FTDs:

Click the device name of FTD.
Click View Device Details.

The paired FTD name is shown in the Device Details window. You can click the paired FTD name to view the paired FTD details.
In the Device Details window, click High Availability Details.

You can view the HA Pair Info, High Availability Link, and State Link details.

Update Firepower Management Center credentials

Catalyst Center allows you to update the Firepower Management Center (FMC) credentials. The updated settings override the global and job-specific settings for the selected devices.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Choose the FMC device that you want to update.

Note

You cannot update, edit, or delete the Firepower Threat Defense (FTD) devices that are managed by FMC. You must manage FTD devices though FMC in inventory.

Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

Step 4

In the Edit Device slide-in pane, click Credentials.

Step 5

Expand the HTTP(S) area if it is not already expanded.

The Add device specific credential radio button is chosen by default.

Step 6

Enter this information:

Username: Name used to authenticate the HTTPS connection.
Password: Password used to authenticate the HTTPS connection. Passwords are encrypted for security and are not displayed in the configuration.
Port: The number of the TCP/UDP port used for HTTPS traffic. The default port number is 443.

Step 7

Click Management IP and enter the IP address or name of the device in the Device IP / DNS Name field.

Step 8

Click Resync Interval and choose a resync interval type:

Global: By default, resync interval is set to 1440 minutes (24 hours).
Disable: Resync interval is disabled or set to zero.

Step 9

Click Role and choose a role in the Device Role drop-down list.

Step 10

Click Update.

Add a third-party device

You can add a third-party device to your inventory manually. Catalyst Center support limited base automation (Inventory and Topology) and assurance capabilities such as third party device 360, device health calculation based on reachability status, and device interface and reachability issues.

For third-party devices, reachability and interface related metrics are captured as part of Assurance capabilities. For more information, see Cisco Catalyst Assurance User Guide.

Some of the third-party devices are capable of populating SNMP MIB-II values. For more information, see the Cisco Catalyst Center Compatibility Matrix.

Before you begin

Make sure you configure your network device.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information.

Step 2

Click Add Device.

The Add Device slide-in pane displays.

Displays methods to add devices to your network.

Step 3

To add a device to your network, click the Single Device tile in the Add Existing devices area and do these steps:

Choose Third Party Device from the Type drop-down list.
In the Device IP / DNS Name field, enter the IP address or unique name for the device.

(Optional) Click Validate hyperlink in Credentials area to validate the device credentials. Valid credentials are authenticated with a green tick mark and invalid credentials are flagged with a red cross mark.

Note

All the credentials will be validated except the SNMP Write credentials.

Expand the SNMP area, if it is not already expanded, and do one of these steps:

To use global SNMP credentials, choose the Select global credential radio button and click the Network Settings > Device Credentials hyperlink to add the credentials. For more information, see Add global SNMPv2c credentials and Add global SNMPv3 credentials.

To use device-specific credentials, choose the Add device specific credential radio button and do these steps:

Choose V2C (SNMP version 2c) or V3 (SNMP version 3), from the Select Value drop-down list.

If you choose V2C, configure these fields:

Table 18. SNMPv2c Credentials

Field

Description

Read

Read Community: Read-only community string password used only to view SNMP information on the device.

Note

Passwords are encrypted for security reasons and do not display in the configuration.

Write

Write Community: Write community string used to make changes to the SNMP information on the device.

Note

Passwords are encrypted for security reasons and do not display in the configuration.

If you choose V3, configure these fields:

Table 19. SNMPv3 credentials

Field

Description

Username

Name associated with the SNMPv3 settings.

Mode

Security level that an SNMP message requires. Choose one of these modes:

Authentication and Privacy: Provides both authentication and encryption.
Authentication, No Privacy: Provides authentication, but does not provide encryption.
No Authentication, No Privacy: Does not provide authentication or encryption.

Authentication Type

Authentication type to be used (enabled if you select Authentication and Privacy or Authentication, No Privacy as Mode). Choose one of these authentication types:

SHA: Authentication based on HMAC-SHA.
MD5 (not recommended): Authentication based on HMAC-MD5.

Note

Catalyst Center does not support device discovery if only MD5 authentication type is configured on the device for software image version 17.14.1 and later.

If you wish to use MD5 authentication, it is recommended to configure SHA authentication as well for Catalyst Center to discover and manage devices running on software image 17.14.1 and later.

Authentication Password

SNMPv3 password used for gaining access to information from devices that use SNMPv3. These passwords (or passphrases) must be at least eight characters in length.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and do not display in the configuration.

Privacy Type

Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Choose one of these privacy types:

AES128: 128-bit CBC mode AES for encryption.

Note

Privacy type AES128 is supported for Discovery, Inventory, and Assurance.

Privacy Password

SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices that support encryption standards. Passwords (or passphrases) must be at least eight characters long.

Note

Some wireless controllers require that passwords (or passphrases) be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center.
Passwords are encrypted for security reasons and do not display in the configuration.

In the SNMP Retries and Timeout area, configure these fields:

Table 20. SNMP properties
Field	Description
Retries	Number of times Catalyst Center tries to communicate with network devices using SNMP.
Timeout (in Seconds)	Time interval between the retries.

Step 4

Click Add.

Filter devices

In the Inventory window, you can choose from basic or advanced filtering options to filter for device details in the Devices table.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Click Filter devices.

This table describes the available filtering options.


Name	Description
Quick Filters	You can choose from basic filtering options to narrow down the device details. For example, you can toggle the Manageability filter option to Managed to see all the managed devices.
Advanced Filters	You can set the filtering criteria using operators, such as Contains and Regex (Regular Expression), to narrow down the device details. For example, in the Tags drop-down list, you can choose the Contains operator and enter `ipsec` in the Tags field. Then from the autocomplete drop-down list, you can choose one option, such as branch-router-ipsec, which would filter for branch routers that are tagged with IP Security. You must enter filter criteria values based on the available data.
Recent Filters	In the RECENT area, you can choose a recent filter to reapply. To save a recent filter, drag and drop a recent filter to the SAVED area.

Step 3

Choose a filtering option and enter the appropriate value in the selected filter field.

Catalyst Center presents you with autocomplete values as you enter values in the other fields. Choose one of the suggested values, or finish entering the desired value.

For complex wildcard filtering scenarios, use the regex option under Advanced Filtering. These examples show how to use regex filtering with wildcards:


Regex with Wildcards	Result
^AP00.9.	Filters device names that start with AP00 and contain 9 anywhere in the remainder of the device name.
^AP84.24.	Filters device names that start with AP84 and contain 24 anywhere in the remainder of the device name.
^.47B3.24.*	Filters device names that contain 47B3 and also contain 24 anywhere in the remainder of the device name.

After entering the regex values, press Enter.

Step 4

Click Apply to filter the information.

The data displayed in the Devices table updates automatically according to your filter selection.

Note

You can use several filter types and more than one value per filter.

Step 5

(Optional) If needed, add more filters.

Step 6

(Optional) To remove all the filters, in the Filter devices field, click the x and then click Apply.

Step 7

(Optional) To delete a specific filter value, in the Filter devices field, drag your cursor over the value, press Delete, and then click Apply.

Manage devices in the Inventory window

These sections provide information about how to assign devices to sites and manage device tags by using the Inventory window.

Assign an unprovisioned device to a site

Use this procedure to assign a device that hasn’t been provisioned yet to a site.

Note

A wireless AP that hasn’t been provisioned yet can be assigned to only a floor. Later, if it’s still unprovisioned, it can be unassigned from the floor by removing it from its assigned floor map. For detailed steps, see Remove APs from a map.
Third-party devices can be assigned to a site, but the devices are not managed by Catalyst Center. It's only for visibility.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

Check the check box for the devices that you want to assign to a site.

Note

You cannot assign Firepower Threat Defense (FTD) high availability (HA) paired devices to different sites. Both the paired devices must be assigned to the same site.

Step 3

From the Actions menu, choose Provision > Assign Device to Site.

Step 4

In the Assign Device to Site slide-in pane, click the link next to the Site icon () for the device.

Step 5

In the Choose a floor slide-in pane, select the floor to assign to the device and click Save.

Step 6

(Optional) If you select multiple devices to add to the same location, check the Apply to All check box for the first device to assign its location to the rest of the devices and click Next.

Step 7

Review summary settings and click Next.

Note

Application Telemetry and Controller-Based Application Recognition (CBAR) is enabled on the applicable network devices by default, if you enable Application Telemetry and CBAR in the Design > Network Settings > Telemetry window. For more information, see Configure syslog, SNMP traps, NetFlow Collector servers, and wired client data collection using telemetry.

Application and Endpoint Visibility enablement is skipped by default for the devices that does not support Controller-Based Application Recognition (CBAR) enablement or undeployed Application Visibility Service (AVS).

Step 8

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Note

If only MD5 authentication type is configured on the device, the site assignment will be blocked for devices with software image version or golden tagged image version 17.14.1 and later.

To continue the site assignment, you must configure SHA authentication as well. For information on how to configure SHA as the authentication type for SNMP credentials, see Edit Global Device Credentials.

Step 9

On the Tasks window, monitor the task deployment.

Step 10

When assigning devices to a site, if Device Controllability is enabled, a workflow automatically triggers to push the device configuration from the site to the devices.

From the Focus drop-down list, choose Provision and click See Details in the Provision Status column. The configuration that is pushed to the device is shown in a separate window if you enabled Device Controllability.

Assign a provisioned device to a different site

Follow these high-level steps to assign any provisioned device, except provisioned wireless APs, to a different site.

To assign a provisioned wireless AP to a different floor, you must choose a different site for the AP during AP reprovisioning. For more information about reprovisioning, see Provision Cisco APs on day 1.

Procedure

Step 1

Delete the provisioned device that you want to reassign to a different site from the inventory.

For detailed steps, see Delete a network device.

Step 2

Readd the device that you deleted back to the inventory.

For detailed steps, see Add a network device.

Step 3

Assign the newly added device to the required site.

For detailed steps, see Assign an unprovisioned device to a site.

Tag devices

A device tag allows you to group devices based on an attribute or a rule. A single device can have multiple tags; similarly, a single tag can be applied to multiple devices.

When a device or port is tagged, it becomes a member of that tag. There are two types of tags:

Static: You can manually assign these tags to members.
Dynamic: Catalyst Center automatically assigns these tags to members based on the defined rules.

When a device is deleted and then re-added:

Static tags aren’t reassigned to the members.
Dynamic tags are reassigned to members that meet the defined rules for the tag.

You can add tags to or remove tags from devices in the Inventory window.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory. The Inventory window displays the device information gathered during the discovery process.
Step 2	Check the check box next to the devices for which you want to apply a tag, and then click Tag.
Step 3	Enter a tag name in the Tag Name field. If you’re creating a tag, click Create New Tag. You can also create a new tag with a rule. See Tag devices using rules. If you’re using an existing tag, select the tag from the list, and then click Apply. A tag icon and the tag names appear under the device names for which you applied the tags.
Step 4	To remove a tag from a device, do one of these tasks: Select the device and click Tag. Unselect all tags, and then click Apply. Hover the cursor over the yellow tag icon or tag name, and then click the delete icon to disassociate the tag from the device.

Create a Network Device Group tag

Use this procedure to create a Network Device Group (NDG) tag.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

Check the check box next to the device for which you want to apply a tag, and then click Tag.

Step 3

Click Create New Tag.

For the naming pattern, use the prefix NDG: and set the tag with the parent child hierarchy. Roots must be used for all NDG types. For example, use Location#All Locations, Device Type#All Device Types, or IPSEC#Is IPSEC. Use the entire root while creating the NDG tags.

Note

Custom roots are not allowed while creating the NDG tag. Only default NDG roots in Cisco ISE are allowed, which are Location#All Locations, Device Type#All Device Types, and IPSEC#Is IPSEC.

Cisco ISE will always have default NDG roots for devices unless they are overridden by Catalyst Center NDG tags.
Only one NDG tag can be added per NDG type for a device.
The maximum level of hierarchy, including parent and roots, is limited to seven. A child level is mandatory while creating tags.
Each level name cannot exceed 32 characters. The tag length cannot exceed 100.
NDG tags support the basic ASCII character set.
Catalyst Center doesn't reflect the NDG values set in Cisco ISE. A NDG tag update in Catalyst Center overrides the values set in Cisco ISE.

A tag icon and the tag name or names appear under the device name or names for which you applied the tag or tags.

Note

Tags that are prefixed with NDG: are reflected in Cisco ISE.

Tag devices using rules

You can group devices based on tags in which you define a rule. When you define a rule, Catalyst Center automatically applies the tag to all devices that match the specified rule. Rules can be based on device name, device family, device series, IP address, location, or version.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory. The Inventory window displays the device information gathered during the discovery process.
Step 2	Check the check box next to the device or devices for which you want to apply a tag, then click Tag.
Step 3	Enter a tag name in the Tag Name field, then click Create New Tag with Rule. In the Create New Tag window, the Manually Added field under Total Devices Tagged Count indicates the number of devices you selected.
Step 4	Click Add Condition, then complete the required fields for the rule. The Matching Devices number automatically changes to indicate how many devices match this condition. You can have two options to create additional conditions: And conditions: Click the Add Condition link. And appears above the condition. Or conditions: Click the add icon (+) next to an existing condition. Or appears next to the condition. You can add as many conditions as needed. As you make changes to the rule, the Matching Devices count changes to reflect how many devices in the inventory match the rule you specified. You can click on the device number to view the devices that match the rule.
Step 5	Click Save to save your tag with the defined rule. A tag icon and the tag name or names appear under the device name or names for which you applied the tag or tags. As devices are added to the inventory, if they match the rules you defined, the tag is automatically applied to the devices.

Edit device tags

You can edit device tags that you previously created.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory. The Inventory window displays device information gathered during the discovery process. In the Device Name column, you can see any previously created device tags listed under the device names.
Step 2	Without selecting any devices, click Tag. The previously created tags are listed.
Step 3	Click Manage Tags. The All Tags slide-in pane displays.
Step 4	Click the pencil icon next to the tag that you want to edit.
Step 5	Make changes to the tag, then click Save.

Delete tags

You can delete a device tag or template tag only if it is not associated with a device or template.

Before you begin

Remove the tag that is associated statically or dynamically (using rules) with the device.

Remove the tag that is associated with a template.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory. The Inventory window displays the device information gathered during the discovery process.
Step 2	Without selecting any devices, choose Tag > Manage Tags.
Step 3	Hover your cursor over the tag that you want to delete, then click the delete icon next to the tag name.
Step 4	At the prompt, click Yes. An error message is generated if the tag is associated with a device or template. Remove the tag associated with the device or template and delete the tag.

Configure a REP ring for devices

The Resilient Ethernet Protocol (REP) ring provides a way to control network loops, handle link failures, and improve convergence time.

Note

Limitation of a REP ring: You should not select a root node that has connectivity only through interfaces of the ring.
Device support for REP ring (nonfabric): Cisco Catalyst Industrial Ethernet Series Switch 3100, 3200, 3300, 3400, 4000, 5000, and 9300. Cisco Embedded Services 3300 Series Switches (ESS3300), S5200, and S5800.

Before you begin

Make sure the devices are onboarded and are in reachable state.
Identify the devices and its interfaces that end the REP ring.
Make sure all the interfaces which are part of the ring are configured with “switchport mode trunk”.

Procedure

Step 1

From the main menu, choose Workflows > Configure REP ring (nonfabric).

Alternatively, you can navigate to the Inventory site topology view, select the device node on which you want to create the REP ring, and click Create REP Ring under the REP Rings tab.

Step 2

If a task overview window appears, click Let's Do It to go directly to the workflow.

Step 3

In the Select a root device window, select the root device.

Note

The device must be in reachable state and have upstream connection.

Step 4

In the Select adjacent devices connected to root device window, choose one adjacent device that is part of the ring and connected to the root device.

Step 5

In the Select adjacent devices connected to root device window, choose other adjacent device that is part of the same ring and connected to the root device.

You need to choose two devices, part of the same ring and directly connected to the root device.

Step 6

Review and Edit your root device, and the chosen adjacent devices.

Step 7

To initiate the REP ring configuration, click Provision.

You can see a detailed status of the configuration progress on the REP Ring Configuration Status window.

Step 8

The REP Ring Summary window displays the details of the REP ring that is created along with the discovered devices.

After the creation of the REP ring, a success message displays.

Step 9

To verify the creation of the REP ring, go to the Inventory window topology view and click any device that is part of the ring. In the slide-in pane, under the REP Rings tab, you can see the list of all REP rings that exist on that device.

Click a REP ring name in the list to view the REP ring details, such as the devices present in the ring, ports of each device that connect to the ring, and so on.

Add a node to a REP ring for nonfabric deployment

Use this procedure to add a node to an existing REP ring.

Note

The feature supports these platforms: IE2000, IE3200, IE3300, IE3400, IE3400H, IE4000, IE4010, IE5000, IE9300 and ESS3300.

Before you begin

Make sure you add the device to Catalyst Center. For information on how to add a device, see Add or edit a device.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Plug and Play.

The device onboarded shows in the Plug and Play window.

Step 2

From the Actions drop-down list, click Claim.

Step 3

In Assign Site window, click Assign to assign the device to a site and click Next.

Step 4

To deploy the configuration to the device, click Assign and click Next.

Note

Plug and Play provisioning automatically deploys a device onboarding configuration template that corresponds to the type of device. For more information, see Plug and Play provisioning overview.

Step 5

In the Provision Templates window, click Preview Configuration to review the configuration and click Claim.

Step 6

Click Ok and Yes.

A success message displays upon claiming the device.

Step 7

Click Refresh. The device onboarding process might take some time.

By default, the devices table gets refreshed every 30 seconds. Click the Auto-Refresh drop-down list and choose a refresh time.

On completion of the process, the device moves to the Provisioned tab.

Step 8

From the main menu, choose Provision > Inventory.

Step 9

Click Refresh and wait until the device is in managed state.

Step 10

Use the toggle button () to switch between the Topology map view and the Inventory view. The change in the topology automatically triggers device rediscovery and the device is added to the REP.

Step 11

Click the REP and in the slide-in pane, click the REP Rings tab. The node insertion status is Success for successful addition of the device to the REP.

Step 12

In the REP Rings tab, click the REP link to view the steps executed. If any failure occurs, you can view the step at which the device insertion failed.

Step 13

(Optional) Under the Actions column, click the ellipsis to rediscover the failed node insertion.

Delete a node from a REP ring for nonfabric deployment

You can remove a node from an existing REP ring for nonfabric deployment.

These devices can be deleted from a REP ring:

Cisco Industrial Ethernet (IE) 2000, 3100, 4000, 4010, 5000 Series Switches
Cisco Catalyst IE 3200, 3300, 3400, 3400H, 9300, 9310, 9320 Rugged Series Switches
Cisco Embedded Services 3300 (ESS3300) and 9300 (ESS9300) Series Switches
Stratix 5400, 5410, and 5800 Switches

The feature has limitations, including:

If you remove an unreachable device, and instead of connecting the REP-configured ports, you connect the other port of reachable devices, the REP discovery fails.
You can't delete the root device.
If a REP ring contains both physical channels and port channels, deleting a node may break the REP ring.

Before you begin

Ensure that the REP ring to which the node belongs is complete.

Procedure

Step 1	Manually remove the device from the network.
Step 2	From the main menu, choose Provision > Inventory.
Step 3	Use the toggle button () to switch to the Topology map view. If a REP ring has any unreachable devices (manually removed devices or devices that went down), a warning alert displays.
Step 4	In the warning alert, click the REP ring link. The slide-in pane for the corresponding REP ring opens.
Step 5	In the REP Rings tab, under the Actions column, hover your cursor over the ellipsis icon () and click Rediscover.
Step 6	In the dialog box, click Yes. The device deletes from the REP ring, and the REP ring details update.

MRP ring for nonfabric deployment

To ensure uninterrupted network connection, Media Redundancy Protocol (MRP) provides fault tolerance in industrial networks by continuously monitoring the status of your network links in a ring network topology.

MRP Media Redundancy Manager (MRM) defines its maximum recovery time for a ring in this range: 10 ms, 30 ms, 200 ms, and 500 ms.

Device support for MRP ring (nonfabric): MRP supports Cisco Industrial Ethernet (IE) 3000, 4000, 5000 Series Switches.

Note

Currently MRP ring support is not available for Cisco Embedded Services 9300 Switches (ESS9300).

Note

Multiple rings within a given MRP ring is supported. A single MRM can comprise up to three rings.
By default, a maximum of 50 devices can be onboarded in a single MRP ring.
MRP supports both trunk and access port configuration.

View MRP ring status for nonfabric deployment

Use this procedure to view the Media Redundancy Protocol (MRP) ring status.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Use the toggle button ( ) to switch to the Topology map view.

Step 3

To view MRP ring details, click anywhere on the ring, and click the MRP Rings tab.

You can view these details:


Field	Description
Ring ID	Indicates the ring number that is given by default.
Ring Size	Number of devices in the ring.
VLAN ID	Displays VLAN ID.
Network Topology Status	Displays one of these statuses: Ring Open: Indicates a network connection failure. Ring Closed: Indicates normal operation of the network.
Profile Value	Defines the maximum recovery time for the ring.

Step 4

Click the Ring ID to view these details:


Field	Description
Hostname	Displays the hostname of the devices.
Configuration Mode	Displays the configuration mode.
Operational Mode	Displays one of these modes of operation: Manager: Indicates that the device serves as MRM of the ring. The MRM initiates and controls the ring topology to react to network faults by sending control frames on one ring port over the ring and receiving them from the ring over its other ring port, and conversely in the other direction. Client: Indicates that the device acts as a media redundancy client (MRC). The MRC reacts to received reconfiguration frames from the MRM and can detect and signal link changes on its ring ports.
Port-1/Port-2	Displays the interface name.
Port-1/Port-2 Status	Displays one of these statuses: Disabled: Ring ports drop all received frames. Blocked: Ring ports drop all received frames except MRP control frames and some standard frames, for example, LLDP. Forwarding: Ring ports forward all received frames. Not Connected: The link is physically down or disconnected. (This state differs from the Disabled state, in which the MRP Port is manually disabled through software.)

Step 5

You can view the Overview of the MRP ring by clicking View hyperlink under Details column of the Rings table.

You can view details such as, domain ID, domain name, priority, PROFINET or CLI managed, port MAC address, and so on.

Parallel redundancy protocol

Parallel Redundancy Protocol (PRP) provides hitless redundancy (zero recovery time after failures) in Ethernet networks.

To recover from network failures, redundancy can be provided by network elements connected in mesh or ring topologies using protocols like REP and MRP. These redundancy schemes can take between a few milliseconds to a few seconds for the network to recover and traffic to flow again.

Components of a PRP topology

PRP provides redundancy by connecting end nodes to two independent, disjointed, parallel networks (LAN-A and LAN-B). Each of these Dually Attached Nodes (DANs) has redundant paths to all other DANs in the network.

Singly Attached Nodes (SANs) are non-redundant endpoints in the network that attach only to either LAN-A or LAN-B.

Use a Redundancy Box (RedBox) when an end node without two network ports and PRP implementation must implement redundancy. Such an end node can connect to a RedBox, which provides connectivity to the two different networks on behalf of the device. Because a node behind a RedBox appears for other nodes like a DAN, it is called a Virtual DAN (VDAN). The RedBox itself is a DAN and acts as a proxy on behalf of its VDANs.

View the PRP topology status

Use this procedure to view the Parallel Redundancy Protocol (PRP) status.

The PRP topology

is applicable only to Cisco SD-Access deployments, and
works only if the configurations are correct. Otherwise, it shows incorrect LAN A and LAN B.

Device support for PRP: Cisco Catalyst Industrial Ethernet 3400, 4000, 4010, and 9320 Series Switch.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Use the toggle button ( The Topology view toggle button. ) to switch to the topology view.

You can also view the PRP topology from the Tools > Topology window. Then from the left hierarchy tree, choose the area, site, building, or floor, and click the Toggle Topology View button in the top-right corner of the window.

Step 3

Filter the topology for devices labeled Red Box, LAN A, and LAN B.

Click the Filter icon ().
Click the Redundancy > PRP radio button.
From the drop-down list, choose Show Redbox, LAN A, LAN B.

The topology view displays the devices labeled Red Box, LAN A, and LAN B.

Note

The nodes and links that are not participating in PRP are dim.
The links that are down display as a red dotted line.

Create port groups

You can group ports based on an attribute or rule.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays device information gathered during the discovery process.

Step 2

To create a new port tag, click Tag and choose Create New Tag.

The Create New Tag slide-in pane is displayed.

Step 3

In the Tag Name field, enter the tag name. In the Description field, add a description for the tag.

Note

The WAN tag is a reserved tag name. You can't create a new port tag named WAN, because the system autogenerates the WAN tag.

Step 4

In the Tag Rules area, click the Port tab.

Step 5

In the Device Scope area, click the drop-down list and choose Location or Tag Name of the device to define the filters.

Step 6

To add rules for tagging the ports, click the icon. You can tag the ports based on port status, speed, tag name, operational status, and description. You can add additional conditions using Boolean operators (AND, OR).

To delete a condition, click the delete icon.

Step 7

As the conditions are set, you can find the link for ports matching the condition at the bottom-left corner of the pane.

Click the link to view the ports. In the Matching Ports slide-in pane, you can view the device to which the port belongs and the port name.

Step 8

Click Save.

Assign tags to ports

You can manually assign tags to ports. For example, you can manually assign the system-generated WAN tag to a port.

Procedure

Step 1	From the main menu, choose Provision > Inventory.
Step 2	In the Inventory window, click a device name and choose View Device Details.
Step 3	In the left pane, expand Interfaces and click Ethernet Ports.
Step 4	In the top-right corner of the window, switch to the table view.
Step 5	Choose the port or ports to tag and click Tag.
Step 6	Choose the appropriate tags.
Step 7	Click Apply.

Port use information

You can check the last input received and last output sent by the port.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

In the Devices table, click a device name, and then click View Device Details.

The device details display in the window.

Step 3

In the left pane, choose Interfaces > Ethernet Ports.

Note

This tab is available for all devices except APs.

Step 4

Click the port to view its details.

In the window, you can view the timestamp of Last Input received by the port and Last Output transmitted by the port.

Schedule maintenance for devices

You can place one or more devices under maintenance mode in Catalyst Center. If a device is placed under maintenance mode, Catalyst Center will not process any telemetry data associated with the device. By placing faulty devices under maintenance mode, you can avoid receiving unnecessary alerts from the devices.

Note

From the devices in maintenance mode, you cannot collect any information and do polling operations.

Note

While scheduling the maintenance mode for Cisco Wireless Controllers and APs:

When you schedule maintenance for a Cisco Wireless Controller, all the APs associated with the wireless controller are moved under maintenance mode with the same schedule.
When a wireless controller is in maintenance mode, you cannot modify the maintenance schedule of a single AP associated with the wireless controller. A warning message saying that the device is already scheduled for maintenance is displayed. If you modify the schedule of the wireless controller, then all the APs under the wireless controller will be impacted.
When the wireless controller is not in maintenance mode, you can select the APs individually and schedule them for maintenance.
When an AP moves from one wireless controller to another, the maintenance mode is impacted accordingly:
- If the AP is moving from a wireless controller that is in maintenance mode to a wireless controller that is not under maintenance, then the AP will not have maintenance mode after moving.
- If the AP is moving from a wireless controller that is not in maintenance mode to a wireless controller that is under maintenance, then the AP will be in maintenance mode after moving.
- If the AP is in maintenance mode and is moving from a wireless controller that is not under maintenance mode to a wireless controller that is also not under maintenance, then the AP will retain its maintenance mode after moving.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Choose the devices that you want to schedule maintenance.

Step 3

From the Actions drop-down list, choose Inventory > Schedule Maintenance.

The Schedule Maintenance slide-in pane is displayed.

Step 4

In the Reason For Maintenance field, enter a reason for placing the device under maintenance mode.

By default, Catalyst Center adds a reason, and you can modify it.

Step 5

In the Define Maintenance Window area, do this step:

Choose the start date and time for maintenance.
Choose the end date and time for maintenance.

Alternately, click Days/Hours and enter days and hours for maintenance.

Note

To choose recurrence for maintenance, choose the Days/Hours option.

Step 6

In the Maintenance Recurrence area, click None, Daily, or Weekly.

None: Maintenance will not recur.
Daily: Enter the interval in days in the Run at Interval (Days) field.
Weekly: Enter the interval in weeks in the Run at Interval (Weeks) field.

Step 7

If you have chosen Daily or Weekly for recurrence, check the Set Schedule End check box.

Step 8

Click End Date or End After (Occurrences).

End Date: Enter month, date, and year for maintenance end.
End After (Occurrences): Enter the number of occurrences after you want maintenance to end.

Step 9

In the Maintenance Time Zone area, choose time zone for maintenance.

Step 10

Click Submit.

Manage maintenance schedule for devices

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

From the Actions drop-down list, choose Inventory > Manage Maintenance.

The Manage Maintenance slide-in pane is displayed. The Status column shows the current status of maintenance schedules.

Step 3

Click the Search or Filter icon to search or filter maintenance schedules.

Step 4

In the Actions column, click the Edit icon to edit the maintenance schedule.

Note

For in-progress maintenance schedules, you can only extend the maintenance end time.

Step 5

Click the Delete icon in the Actions column to delete the maintenance schedule.

Note

You cannot delete in-progress maintenance schedules.

Remove a device from maintenance

You can remove a device from maintenance after achieving the purpose for scheduled maintenance.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

From the Actions drop-down list, choose Inventory > Exit Maintenance.

Step 3

In the Exit Maintenance window, click Confirm.

Note

The schedule remains active even after removing the device from the maintenance window. You can schedule another maintenance for the device only after the existing maintenance window ends. Otherwise, edit the maintenance schedule to end sooner.

Inventory Insights

The Inventory Insights window displays devices that have configuration inconsistencies with other directly-connected devices. It also displays devices that are misconfigured, as compared with the Catalyst Center best-practice recommendations. Additionally, you can view whether the link between the devices is up (active) or down (inactive), a link is down when the connection between devices no longer exists. Historical data is retained for future reference.

For example, assume that there is a network link between device A and device B. If you remove the link from device B and connect it to a new device C:

The old link between device A and device B remains present and can be manually deleted by the user from the Tools > Topology window. No action is required by the user on the Inventory Insights window, it is shown to retain the historical data for your reference.
The new link between device A and device C is shown as up.

Catalyst Center provides theaw insights with suggested actions.

Speed and duplex settings mismatch

Catalyst Center displays the devices that are connected with each other but configured with different speed and duplex values at the two ends of a device link.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory Insights. The Inventory Insights window displays.
Step 2	Click Speed/Duplex settings mismatch to see the suggested actions that can be done on devices. The suggested actions appear in the right pane.
Step 3	Click the number of instances to see the mismatches. The Speed/Duplex settings mismatch window highlights the mismatches of speed and duplex.
Step 4	Make the required changes in the device configuration by doing the suggested actions.

VLAN mismatch

Catalyst Center displays the devices that are connected with each other but configured with different VLANs at the two ends of a device link.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory Insights. The Inventory Insights window displays.
Step 2	Click VLAN Mismatch to see the suggested actions that can be done on devices. The suggested actions display in the right pane.
Step 3	Click the number of instances to see the mismatches.
Step 4	Make the required changes in the device configuration by doing the suggested actions.

Manage system beacon

You can highlight switches in the Catalyst Center inventory by using system beacons.

You can enable a system beacon on these devices:

Cisco Catalyst 9200 Series Switches
Cisco Catalyst 9300 Series Switches
Cisco Catalyst 3850 Series Ethernet Stackable Switches

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Choose the devices for which you want to enable or disable beacons.

Note

You can enable beacons on up to five standalone devices at a time.
To enable beacons on stacked devices, you must choose only one device at a time. In a stacked device, you can enable beacons on one or more stack members.

Step 3

From the Actions drop-down list, choose Inventory > Manage System Beacon.

Step 4

In the Manage System Beacon slide-in pane, click the Enabled radio button under System Beacon State and then click Apply to enable a beacon on the chosen devices.

After the system beacon is enabled, a blue beacon icon () is displayed next to the device name in the inventory.

Step 5

(Optional) If you have chosen a stacked device, do these steps in the Manage System Beacon slide-in pane:

Check the Update System Beacon Status? check box corresponding to the stack members that you want to enable beacon.
Under System Beacon State, click the Enabled radio button.
Click Apply.

Step 6

(Optional) To disable a beacon on the chosen devices, do these steps in the Manage System Beacon slide-in pane:

Under System Beacon State, click the Disabled radio button.
Click Apply.

Alternatively, in the Inventory window, hover the cursor over the blue beacon icon () next to the device name and click Disable.

Device roles

During the discovery process, Catalyst Center autoassigns a role to each of the discovered devices. You can also manually change the device role from the Inventory window. For detailed steps, see Change the device role manually.

Catalyst Center uses device roles

to identify and group devices,
to determine if specific configurations are pushed to the devices, and
to determine the device placement on the network topology map on the Tools > Topology window.

The device roles are tiered topologically. This table lists each device role and its corresponding topological tier.

Table 21. Device roles and topology positions
Topology position	Device role
Tier 1	Internet (not configurable)
Tier 2	Border Router
Tier 3	Core
Tier 4	Distribution
Tier 5	Access
Tier 6	Unknown

Change the device role manually

Use this procedure to change the device role manually from the Inventory window.

For more information about device roles, see Device roles.

Note

If you manually change the device role, the assignment remains static. Catalyst Center does not update the device role even if it detects a change during a subsequent device resynchronization. So, after the device role is manually changed, it needs to be manually managed.
When the Access role is manually or automatically assigned to a device, IP Device Tracking (IPDT) is either configured or removed from the device based on the IPDT settings of the site.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1	From the main menu, choose Provision > Inventory.
Step 2	In the Inventory table, check the check box next to the device whose role you want to change.
Step 3	From the Actions drop-down list, choose Inventory > Edit Device.
Step 4	In the Edit Device slide-in pane, update the device role. Click the Device Role tab. From the Device Role drop-down list, choose an appropriate role. Click Update.

Update a device management IP address

You can update the management IP address of a device.

Note

You cannot update more than one device at a time. Also, you cannot update a Meraki device management IP address.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Select the device that you want to update.

Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

The Edit Device slide-in pane is displayed.

Step 4

Click the Management IP tab, and enter the new management IP address in the Device IP/ DNS Name field.

Note

Make sure that the new management IP address is reachable from Catalyst Center and that the device credentials are correct. Otherwise, the device might enter an unmanaged state.

What to do next

Reprovision the device to update the source-interface configuration.

Update the device polling interval

You can update the polling interval at the global level for all devices by choosing System > Settings > Network Resync Interval or at the device level for a specific device by choosing Device Inventory. When you set the polling interval using the Network Resync Interval, that value takes precedence over the Device Inventory polling interval value.

If you do not want a device to be polled, you can disable polling.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Select the devices that you want to update.

Step 3

From the Actions drop-down list, choose Inventory > Edit Device.

Step 4

In the Edit Device slide-in pane, click Resync Interval.

Step 5

Select the resync type.

Note

To set the resync type as global, go to System > Settings.
The device-specific polling time supersedes the global polling time. If you set the device-specific polling time and then change the global polling time, Catalyst Center continues to use the device-specific polling time.

Step 6

In the Resync Interval (in Mins) field, enter the time interval (in minutes) between successive polling cycles.

Step 7

Click Update.

Resynchronize device information

You can immediately resynchronize device information for selected devices, regardless of their resynchronization interval configuration.

Note

The number of devices that can be resynchronized simultaneously depends on the configuration size of the devices and on the number of APs associated with the devices. In large-scale environments with thousands of APs, if there is resource contention, the sync request is queued and processed based on priority.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

Select the devices for which you want to gather information.

Step 3

From the Actions drop-down list, choose Inventory > Resync Device.

Note

When the resync is done for a specific device, the debug log is enabled automatically for that device, and XDE and device pack logs are collected under System > System 360 > Cluster Tools > Monitoring or Log Explorer.

Step 4

Click OK.

Delete a network device

Use this procedure to delete a network device from Catalyst Center.

You can delete devices that aren't a part of the fabric network from the Catalyst Center database.

Note

If the device is a part of the fabric network, you can't delete it. Remove the device from the fabric network, and then delete it from the inventory. For detailed steps, see Remove a device from a fabric.
When you remove a wireless sensor from the inventory, the sensor resets to factory defaults. When the sensor rejoins, it gets the current configuration.

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

Check the check box next to the device or devices that you want to delete.

Note

You can select multiple devices by checking additional check boxes, or select all the devices by checking the check box at the top of the list.

Step 3

From the Actions drop-down list, choose Inventory > Delete Device.

Note

When you delete devices integrated with Cisco ISE, the deleted devices are moved to new Network Device Group (NDG) group in Cisco ISE.

Step 4

(Optional) In the Warning window, check the Config Clean-Up check box to remove the network settings and telemetry configuration from the selected device.

Note

When you check this check box for a wireless controller that is provisioned through Catalyst Center, all AAA-related commands are deleted, including the commands that were manually configured on the wireless controller before it was discovered in Catalyst Center.

To keep the AAA configurations during device deletion, do not check this check box.
To view which AAA commands are deleted, manage AAA configurations in Catalyst Center.

Step 5

Click OK to confirm the action.

Launch Command Runner (Inventory)

You can launch the Command Runner application for selected devices from within the Inventory window.

Before you begin

Install the Command Runner application. For more information, see the Cisco Catalyst Center Administrator Guide.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Select the devices on which you want to run commands.

Step 3

From the Actions drop-down list, choose More > Command Runner.

For information about the commands that you can run and how to run them, see Run diagnostic commands on devices.

Troubleshoot device reachability issues using Run Commands

You can launch the Run Commands window from the Inventory window and run platform commands, such as ping, traceroute, and snmpget, to troubleshoot device reachability issues.

Note

If you want to execute the platform commands directly on a Catalyst Center cluster, do not select any device before launching Run Commands. Otherwise, the execution of commands is for that device and not the platform.

Before you begin

Install the Command Runner application. For more information, see the Cisco Catalyst Center Administrator Guide.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

From the Actions drop-down list, choose More > Run Commands.

You can enter man anytime to retrieve a list of currently supported commands and shortcuts.

Use a CSV file to import and export device configurations

CSV File Import

You can use a CSV file to import your device configurations or sites from another source into Catalyst Center. If you want to download a sample template, do these steps:

Go to the Inventory window and click Add Device.
In the Add Device slide-in pane, click Import Inventory.
Click Download Template to download a sample CSV file template.

When you use a CSV file to import device or site configurations, the extent to which Catalyst Center can manage your devices depends on the information you provide in the CSV file. If you do not provide values for CLI username, password, and enable password, Catalyst Center will have limited functionality and cannot modify device configurations, update device software images, or do any other valuable functions.

You can specify the credential profile in the CSV file to apply the corresponding credentials to a set of devices. If you specify the credential profile and also enter the values manually in the CSV file, the manually entered credentials take higher priority and the device is managed based on a combination of manually entered credentials and credential profile. For example, if the CSV file contains a credential profile with SNMP and SSH or Telnet credentials in addition to manually entered SNMP credentials, the device is managed based on the manually entered SNMP credentials and the SSH or Telnet credentials in the credential profile. Telnet is not recommended.

Note

You also must provide values for the fields that correspond to the protocol you specify. For example, if you specify SNMPv3, you must specify values for the SNMPv3 fields in the sample CSV file such as the SNMPv3 username and authorization password.

For partial inventory collection in Catalyst Center, you must provide these values in the CSV file:

Device IP address
SNMP version
SNMP read-only community strings
SNMP write community strings
SNMP retry value
SNMP timeout value

For full inventory collection in Catalyst Center, you must provide these values in the CSV file:

Device IP address
SNMP version
SNMP read-only community strings
SNMP write community strings
SNMP retry value
SNMP timeout value
Protocol
CLI username
CLI password
CLI enable password
CLI timeout value

CSV File Export

Catalyst Center enables you to create a CSV file that contains all or selected devices in the inventory. When you create this file, you must enter a password to protect the configuration data that the file will contain.

Import device configurations from a CSV file

You can import device configurations from a CSV file.

Procedure

Step 1	From the main menu, choose Provision > Network Devices > Inventory. The Inventory window displays the device information gathered during the discovery process.
Step 2	Click Add Device.
Step 3	In the Add Device slide-in pane, click Import Inventory to import the device credentials.
Step 4	In the Import Inventory slide-in pane, drag and drop the CSV file into the boxed area or click Choose a file and browse to the CSV file.
Step 5	Click Import.

Export device data

You can export specific data pertaining to selected devices to a CSV file. The CSV file is compressed. Click Export to export the data of filtered devices or all devices.

Caution

Handle the CSV file with care because it contains sensitive information about the exported devices. Ensure that only users with special privileges perform a device export.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

The Inventory window displays the device information gathered during the discovery process.

Step 2

To export configuration information for only certain devices, check the check box next to the devices that you want to include. To include all devices, check the check box at the top of the device list.

Step 3

From the Actions drop-down list, choose Inventory > Export Inventory to export the device configurations.

The Export Inventory dialog box appears.

Step 4

In the Password field, enter a password that will be used to encrypt the exported CSV file.

Note

The password is required to open the exported file.

Step 5

Confirm the encryption password.

Step 6

Check the Include SSH key information check box to include information such as initial SSH key, initial SSH key algorithm, current SSH key, and current SSH key algorithm in the exported CSV file.

Step 7

Click Export.

Note

Depending on your browser configuration, you can save or open the compressed file.

Export device credentials

You can export device credentials to a CSV file. You are required to configure a password to protect the file from unwanted access. You need to supply the password to the recipient so that the file can be opened.

Caution

Handle the CSV file with care because it lists all of the credentials for the exported devices. Ensure that only users with special privileges do a device export.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

The Inventory window displays the device information that is gathered during the discovery process.

Step 2

Check the check box next to the devices that you want to include in the CSV file. To include all the devices, select the check box at the top of the list.

Step 3

From the Actions drop-down list, choose Inventory > Export Inventory.

The Export dialog box appears.

Step 4

In Select Export Type, click the Credentials radio button.

Step 5

Check the Include SSH key information check box to include information such as initial SSH key, initial SSH key algorithm, current SSH key, and current SSH key algorithm in the exported CSV file.

Step 6

In the Password field, enter a password that will be used to encrypt the exported CSV file.

Note

The password is required to open the exported file.

Step 7

Confirm the encryption password and click Export.

Note

Depending on your browser configuration, you can save or open the compressed file.

Configuration drift of a device

Configuration changes made on devices are saved in the internal Catalyst Center server. For information on how to view the configuration drift, see View configuration drift of a device.

Configuration drifts are captured when these events occur:

First Time Collection: On adding a device to Catalyst Center, device configuration is collected.

Syslog-Based Collection: Catalyst Center monitors Syslog events sent by devices, and identifies the configuration changes. The configuration archive is triggered after 2 minutes, on occurrence of the latest event. Based on the login IP Address in Syslog events, configuration drifts are marked in-band (configuration changes done by Catalyst Center) or out-of-band (configuration changes done outside Catalyst Center).

Note

Catalyst Center must be configured as a Syslog server, from Design > Network Settings > Telemetry > Syslogs for Syslog-Based collection to work. For more information, see Configure syslog, SNMP traps, NetFlow Collector servers, and wired client data collection using telemetry.
New traps within the 2 minutes window will restart the timer to avoid multiple archives with partial changes. For accurate results, we recommend you to wait for at least 2 minutes.

Daily Backup Collection: Catalyst Center performs automated backup of device configurations that is scheduled to run every day at 11:00 p.m. (UTC time zone). During this process, Catalyst Center compares the timestamp of the last device configuration collection with the timestamp of the device configuration archived. If the difference is more than 30 minutes, the device configuration archive runs.

Weekly Backup Collection: Catalyst Center performs periodic weekly backup of device configurations, that is scheduled to run every Sunday at 11:30 p.m. (UTC time zone). When none of the above mentioned events are received for a device, the configuration changes that are done outside Catalyst Center or in Catalyst Center are captured by the weekly backup archive. For more information, see "Configure Device Configuration Backup Settings" section in Cisco Catalyst Center Administrator Guide.

Note

Configuration drifts detected by weekly backup archive are classified as in-band (configuration changes done by Catalyst Center), even though it is possible that the configuration changes were done outside Catalyst Center.

Note

If number of config drifts saved for the device exceeds the value set in System > Settings > Device Settings > Configuration Archive > Internal window, the oldest configuration is automatically deleted to create space for the new configuration to be archived. The default value of configuration drift that can be saved per device is 15 and the maximum value is 50.
Disk use is optimized by ignoring the collected archive when no changes are present. Disk space optimization is not applicable for the First Time Collection.

View configuration drift of a device

Procedure

Step 1	From the main menu, choose Provision > Inventory.
Step 2	In the Devices table, click the device name. More information about the device is displayed.
Step 3	Click View Device Details hyperlink. The device details are displayed in the window.
Step 4	In the left pane, click Config Drift. The Configuration Changes window appears and you can view this information: Total config drifts being saved: Shows the number of configuration drifts saved per device that includes labelled configs. You can change the number of config drifts being saved per device from System > Settings > Device Settings > Configuration Archive window. Total labelled configs: Shows the number of labelled configs for the device. Last Archived: Shows the timestamp of the last configuration archived. This timestamp ensures that the users have access to the most up-to-date configuration data. Also, by knowing the specific time of the last configuration archived, you can track changes and identify potential issues or discrepancies. For information on how to archive the configuration of your network devices, see "Configure Device Configuration Backup Settings" section in Cisco Catalyst Center Administrator Guide. Last Verified: Shows the timestamp of the config-drift verification that was performed when an event was received by the system. The event refers to first time collection, syslog-based collection, daily backup collection or weekly backup collection that is described in the previous section. The last verified timestamp allows you to monitor when the check was last performed, ensuring the devices are continuously monitored for configuration inconsistencies.
Step 5	Expand the Change History tab to view these details: Config drift date range: Click the Start Date and End date to choose the date range for which you want to view the config drift. By default, the start and end dates are set to display the config drift for the last 15 days. Config drift timeline graph: Shows the config drift for the chosen date range. By default, the last 15 days of config drift are shown in the timeline graph. The timeline graph shows these details: In-band Config Drift: Configuration changes done by Catalyst Center are shown as a blue bubble in the timeline graph. Out-of-band Config Drift: Configuration changes done outside Catalyst Center are shown as a purple bubble in the timeline graph. Labeled Config: The config version labeled and archived in Catalyst Center is shown as an orange bubble in the timeline graph. For more information, see Label configuration drift. Config Drift Version: Click the down arrow to view all the available config drift versions. Running Config: Click the config drifts on the timeline graph. The comparison is shown under the Running Config tab. The differences between the config versions are marked in different colors for better visibility.

Label configuration drift

You can label the config drift on the timeline graph for future reference. The labeled config drift will never be deleted unless it is unlabeled.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Click the device name, and more information about the device displays.

Step 3

Click View Device Details.

Device details display in the window.

Step 4

In the left pane, click Config Drift.

The Configuration Changes window displays.

Step 5

Choose the config drift in timeline graph that you want to label. The timestamp of the chosen config drift shows in the Config Drift Version below the timeline graph.

Step 6

Click Label Config corresponding to the chosen config drift version.

Step 7

In the Label Configuration window, enter a name for the config version. The prefix of the label config is fixed as CCA_.

Note

Do not use special characters for the config version name.

Step 8

Click Save. The labeled config drift is shown in orange in the timeline graph.

Note

If the number of labeled config versions is greater than the chosen range, change the total number of config drifts to be saved. For more information on how to configure the number of config drifts to be saved, see the "Configure Device Configuration Backup Settings" section in the Cisco Catalyst Center Administrator Guide.
Catalyst Center permits the labeling of up to 80% of the total configuration drift. When a user reaches this 80% threshold in labeled configurations drift, a warning banner displays at the top of the Configuration Changes window.

Step 9

To remove the label, select the labeled config version and click Remove label.

Visibility and control of device configurations

The Visibility and Control of Configurations feature provides a solution to further secure your planned network configurations before deploying them onto your devices. With enhanced visibility, you can enforce the previewing of device configurations (CLI and NETCONF commands) before deploying them. With enhanced control, you can ensure only authentic and authorized configurations are provisioned onto your network devices through an IT Service Management (ITSM) check. These two options also offer you the flexibility to preview configurations at your own pace. You can preview the configurations immediately in a visibility- and control-supported workflow or later in the Activities > Tasks window.

By default, the Visibility and Control of Configurations settings include this configuration:

Visibility of Configurations (Configuration Preview) is enabled.
Control of Configurations (ITSM Approval) is disabled.

To enable or disable these settings, see "Enable Visibility and Control of Configurations" in the Cisco Catalyst Center Administrator Guide.

Note

If a provisioning workflow supports Visibility and Control of Configurations, this banner message displays when you schedule the deployment of your task:

This workflow supports enforcing network administrators and other users to preview configurations before deploying them on the network devices. To configure this setting, go to System > Settings > Visibility and Control of Configurations.

Visibility and Control of Configurations workflow

When it’s time to schedule your task during a provisioning workflow, depending on the Visibility and Control of Configurations settings, you can do these tasks:

If Configuration Preview is enabled, Preview and Deploy (Recommended) is selected by default. This means that the Now and Later scheduling options are dimmed (unavailable) because you must preview the device configurations before deploying them.
If Configuration Preview and ITSM Approval are enabled, Preview and Deploy (Recommended) is selected by default. This means that the Now and Later scheduling options are dimmed (unavailable) because you must preview the device configurations and submit them to an IT administrator for approval before deploying them.
If Configuration Preview and ITSM Approval are disabled, you can choose any available option: Now, Later, or Preview and Deploy (Recommended).

If you choose Preview and Deploy (Recommended), Catalyst Center do these high-level steps:


	Step	Description
1	Catalyst Center performs a set of network provisioning prechecks to ensure a seamless provisioning operation.	On the Performing Initial Checks window, Catalyst Center checks for and notifies you of any Pending Operations and Device Compliance issues. You must address all the identified issues and do a recheck to ensure all the validations are successful. For more information, see Network provisioning prechecks.
2	Catalyst Center prepares the chosen devices to generate the configurations.	On the Preparing Devices and Configuration Models window, if the provisioning workflow supports the workflow progression view, the steps the system takes to prepare a listed device display. Otherwise, an in-progress message displays. Because this preparation step can take some time, you can exit the workflow and return to it later while the system continues the process in the background.
3	Catalyst Center displays the device configurations for the first listed device.	On the Preview Configuration window, Catalyst Center displays a side-by-side comparison of the running configuration and the planned configuration for the first listed device. You can review the device configurations and then, when you’re ready, deploy them or submit them for ITSM approval.

While reviewing the configurations on the Preview Configuration window, you can do these tasks:

To... Do this...

Preview a device's configurations.

Choose a device in the left pane.

Filter the data in the configuration preview pane.

From the View by Configuration Source drop-down list, choose an available option.

View a side-by-side comparison of the planned configuration and the running configuration, or view only the planned configuration.

Click the view switcher ().

Note

Viewing YANG configurations in the side-by-side comparison view isn’t supported.

Highlight corresponding commands between the running and planned configurations.

Click one command in one configuration to highlight the corresponding command in the other configuration.

Note

Keep these limitations in mind:

The system supports only side-by-side highlighting for first-level commands, not sublevel commands.
All commands must be a complete match for the system to display the side-by-side highlighting between configurations.
If you click any commands starting with No in one configuration, the system will ignore the No portion when checking for a match in the other configuration.

Search for a value in the displayed configuration.

Use the Search configuration field.

Preview the YANG configuration in a tree view for Cisco Catalyst 9800 Series Wireless Controllers.

Click the Tree View () button.

Note

The View by Configuration Source drop-down list isn’t available in the tree view.

Generate the IOS CLI from the YANG configuration for Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Release 17.15.1 or later.

Click the Generate CLI from Yang Configuration () button.

Note

Keep these limitations in mind:

The time taken to generate the IOS CLI varies based on the scale of your network and the type of the current operation.
IOS CLI generation from YANG configuration isn't supported for Embedded Wireless Controller on Catalyst 9000 Series Switches
If the Candidate Configuration feature with candidate datastore is enabled on the wireless controller, IOS CLI generation from the YANG configuration isn't supported.
When you modify a configuration and generate the IOS CLI, the CLI change on the device after applying the YANG configuration displays in the configuration preview. You can't use the generated CLI on the wireless controller.

For example, if the current device configuration already matches the YANG configuration, the generated IOS CLI in the configuration preview doesn't contain any commands.
If the validation fails, the IOS CLI isn’t generated from the YANG configuration in the configuration preview.
The admin state for some of the objects must be changed to the shutdown state before applying the modified configuration. The admin state of the object is returned to the no shutdown state at the end of the CLI sequence for such modifications. For these configurations, the configuration preview doesn't contain the CLIs in sequence for the shutdown command.

For example, for configuring the media stream, broadcast SSID, and radio in WLAN, the YANG configuration handles the shutdown and activation internally. This is an example of the ideal CLI sequence for this configuration:
```
wlan test4
shutdown
broadcast-ssid
dot11bg 11g
media-stream multicast-direct
no shutdown
```
However, the CLI generated from the YANG configuration may not include the shutdown command. This is an example CLI generated from the YANG configuration:
```
wlan test4
broadcast-ssid
dot11bg 11g
media-stream multicast-direct
no shutdown
```
Therefore, the CLI generated in the configuration preview may not work on the wireless controller when used in Virtual TeleType (VTY).

Display the workflow progression view.

Choose a device in the left pane, and then click Back to workflow progress in the top-right corner of the right pane. To return to the configuration preview pane, click Go to generated config.

Note

Back to workflow progress and Go to generated config are only available if the workflow supports the workflow progression view.

Exit the workflow and review the device configurations later.

Click Exit and Preview Later.

When you’re ready to continue reviewing the configurations, go to the Activities > Tasks window and open the relevant work item.

After reviewing the configurations, depending on the Visibility and Control of Configuration settings, you can do these tasks:

To...

Do this...

Discard the work item permanently.

Click Discard and, in the Warning dialog box, click Yes. If you discard it, you can't recover it later.

Retain any generated configurations and discard all other resources.

Click Discard and, in the Discard dialog box, check the Retain generated configs (if any) check box and click Accept.

Tip

If a configuration preview fails, consider retaining any generated configurations and discarding all other resources so that you or your IT administrator can inspect the issue.

If you retain any generated configurations and discard all other resources, Exit displays instead of Exit and Preview Later because you’ve previewed all the configurations and discarded the nongenerated ones.

Deploy the configurations or submit them for ITSM approval.

Click Deploy or Submit for ITSM Approval.

Note

If Save Intent displays instead of Deploy, the parameters that you chose during the workflow are already present on the device. To save those parameters to the database, click Save Intent. No configuration is pushed to the device because the device already has the required configuration.
If there are multiple devices, you must click each device to preview its configuration. However, when you click Deploy, the configurations are pushed to all the devices even if the configurations have not been previewed on all devices.

In the slide-in pane, schedule the time and date of the deployment and, if you’re submitting the configurations for ITSM approval, add notes for the IT administrator. Then click Submit.

Note

For a provisioning task, after deploying the configuration on the devices, the Task Progress bar displays the progress of the ongoing provisioning task under Activities > Tasks (which you can view by clicking the task name).

You can check the work item’s approval status or the task’s deployment status on the Tasks window. If the work item isn’t approved, you need to resubmit the work item for ITSM approval. When it’s approved, it is deployed at the scheduled time.

Note

When you preview the configurations, Catalyst Center creates a snapshot of the configuration previews. If there are any changes in the network settings or network profiles after this operation is scheduled for deployment, the changes are not included during the device provisioning.

Deploy your device configurations now or later

When you reach the scheduling step of a workflow that supports Visibility and Control of Configurations, use this procedure to deploy your device configurations now or later.

Before you begin

Ensure that you’ve disabled Visibility and Control of Configurations in the settings. For details, see Visibility and control of device configurations.

Procedure

Step 1

Click Now or Later and, if necessary, update the task name.

Note

If only visibility is enabled or both visibility and control are enabled, Preview and Deploy (Recommended) is chosen by default, and Now and Later are dimmed.

Step 2

On the Performing Initial Checks window, prepare and submit the task for deployment.

Address all the issues to deploy the device configurations.

Ensure all validations are successful by clicking Recheck in the bottom-right corner of the window.
Click Submit.

The device configurations will deploy at the scheduled time. You can view the task on the Tasks window.

Preview and deploy your device configurations

When you reach the scheduling step of a workflow that supports Visibility and Control of Configurations, use this procedure to preview and deploy your device configurations.

Before you begin

Ensure that you’ve enabled Visibility and Control of Configurations in the settings. For more information, see Visibility and control of device configurations.

Procedure

Step 1

Click Preview and Deploy (Recommended) and, if necessary, update the task name.

Note

If only visibility is enabled or both visibility and control are enabled, Preview and Deploy (Recommended) selects by default, and Now and Later are dimmed.

Step 2

On the Performing Initial Checks window, address all the issues to continue with your current deployment.

Ensure all validations are successful by clicking Recheck in the bottom-right corner of the window.

Step 3

On the Preparing Devices and Configuration Models window, wait for the system to prepare the devices and generate the device configurations.

Tip

This preparation can take some time. You can click Exit and Preview Later and view the work item in the Tasks window.

Step 4

On the Preview Configuration window, review the device configurations and then appears a deployment option.


Click...	To...
Deploy or Submit for Approval	deploy the device configurations.
Exit and Preview Later	review and deploy the device configurations later. Later, go to the Tasks window, open the work item, and click Deploy or Submit for Approval.

Note

You can submit the device configurations for ITSM approval and deploy them without previewing all the configurations.

Step 5

Schedule the deployment.

Indicate when and, if applicable, where you want to deploy the configuration.

If you’re submitting the configurations for review, add notes for the IT administrator.

Click Submit.

You can check the work item approval status or the task deployment status on the Tasks window. If it's not approved, resubmit the work item for ITSM approval. When it’s approved, it's deployed at the scheduled time.

Note

After submitting the task, view the progress of the provisioning task with the Task Progress bar in the Activities > Tasks window by clicking the task name.

Network provisioning prechecks

To ensure a seamless provisioning operation, Catalyst Center runs a set of prechecks to ensure that there are no pending operations that might conflict with the current task and devices are compliant.

Note

This feature is only applicable for provisioning, SWIM, and RMA workflows.

The prechecks are run during any provisioning workflow after you schedule the configuration deployment by choosing the Now or Later option or after choosing the Preview and Deploy (Recommended) option, if applicable.

On the Performing Initial Checks window, Catalyst Center notifies you of any issues, including:


Item	Description
icon	This icon indicates that there are no errors, and you can click Next or Submit to proceed with provisioning.
icon	This icon indicates that you must address all the issues to proceed with provisioning.
icon	This icon indicates that the issue needs your attention. You can also choose to ignore the issue, but it is recommended to address the issues.

If you are notified of any issues, do these tasks:

If any Pending Operations are identified, click the Manage in Activities link to go to the Activities > Tasks window (as displayed in the figure). You can Discard the pending operation, or you can wait for the process to complete. If you discard the pending operation, click Recheck, in the bottom-right corner of the window, to update the validation status.

If the Device Compliance check displays any noncompliant devices with links to each device's Compliance Summary window (as displayed in the figure), you must fix, acknowledge, or ignore the compliance issues to continue with provisioning.

To fix the issues, click Manage Compliance and then click Fix Compliance in the Compliance Summary window. For more information, see Fix compliance violations.

Note

The precheck checks for compliance violations (open and acknowledged) for only the Network Settings, Network Profiles, Fabric, Application Visibility, Umbrella, and Workflows tiles. It is not applicable for other categories available in compliance summary, as these categories are not affected by the provisioning workflow.

The acknowledged violations are also flagged during the precheck. This is to ensure that all compliance violations are checked before device provisioning.

To ignore the issues, click Ignore in the Device Compliance area as shown in this figure.

The Device Compliance dashlet lists the noncompliant devices with the option to manage device compliance.

You must click Recheck in the bottom-right corner of the Performing Validations window to ensure the green check mark icon displays next to the prechecks. Then click Next to proceed to the next step in the provisioning workflow.

The Device Level Validations check identifies the issues, including:

Unsupported configurations used in the CLI template: For a chosen device, the Unsupported Lines indicate the number of lines in a CLI template that have unsupported configuration.

Note

This check is only applicable for fabric devices. Currently the check does not validate the CLI templates for non-fabric devices.

Click View Details to view the specific line with unsupported configuration highlighted, as shown in this image.

The image displays the unsupported CLI commands highlighted.

Hover your cursor over the highlighted CLI command to view the reason for which the line is highlighted.

To remove the unsupported configuration, click the View Template link. It will take you to the CLI Template window, where you can edit the template.

This table shows examples of unsupported configurations:


Item	Description
Macsec	Unsupported for fabric edge and extended nodes only.
Private-vlan	Unsupported on all fabric roles.
Flexlink + CLI (Rep segment)	Unsupported on fabric edge devices.

After fixing the issues, click Recheck at the bottom-right corner of the Device Level Validations window to ensure the icon displays next to the prechecks. Then click Next to proceed to the next step in the provisioning workflow.
If you wish to proceed without fixing the issues, you can click the Ignore button. It is not recommended to skip the issues.

Device is not resynchronized after an upgrade: Lists one or more devices which have not been resynchronized after an upgrade. You must resynchronize the devices to proceed with the provisioning. Click the Inventory link to view the devices in the inventory and run the Resync operation.

Note

Currently, this check is applicable for fabric devices only.
For devices that are resynchronized after an upgrade but are unreachable or not in a managed state, an error message displays in the Preview Configuration window. You can choose to retry the resynchronization or continue to deploy the configurations that are generated.

Device level validation for device resync.

After fixing the issues, click Recheck at the bottom-right corner of the Device Level Validations window to ensure the green check mark icon displays next to the prechecks. Then click Next to proceed to the next step in the provisioning workflow.

Note

You must address the issues that are found during precheck to proceed with the deployment.

Replace a faulty device

The Return Material Authorization (RMA) workflow lets you replace failed devices quickly. RMA provides a common workflow to replace routers, switches, and APs.

When using the RMA workflow with routers and switches, the software image, configuration, and license are restored from the failed device to the replacement device. For wireless APs, the replacement device is assigned to the same site, which is provisioned with primary wireless controller, RF profile, and AP group settings, and placed on the same floor map location in Catalyst Center as the failed AP. For Cisco switch stacks (hardware stacking), you don't need to follow a separate procedure in Catalyst Center for member switch replacement, which is handled by the active switch. The member switch is replaced by the active switch by providing the software image and configuration. Full stack replacement is handled by Catalyst Center.

Note

You can also replace a faulty device using the Replace Device workflow. For more details, see Replace Device.
Replacing a faulty device from the Inventory window streamlines the workflow, starting you on the Choose Replacement Device window. To replace a faulty device using the full Replace Device workflow, see Replace Device.
Marking the device for replacement and replacing the device can be done at different times.

Before you begin

The software image version of the faulty device must be imported in the image repository before marking the device for replacement.
The faulty device must be in an unreachable state.
If the replacement device onboards to Catalyst Center through Plug and Play (PnP), the faulty device must be assigned to a user-defined site.
The replacement device must not be in a provisioning state while triggering the RMA workflow.
For switch stacks replacement, the number of stacks for the faulty and replacement device must be the same.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

From the Inventory window, mark the faulty device for replacement.

Check the check box of the faulty device that you want to replace.
From the Actions drop-down list, choose Device Replacement > Mark Device for Replacement.

In the Mark for Replacement dialog box, click Mark for confirmation.

Note

To achieve seamless replacement of fabric devices, a DHCP server is configured on the neighbor device. This is required to assign an IP address to the replacement device for onboarding the device to Catalyst Center through PnP. This DHCP server is removed after successful replacement of the faulty device.

The latest configuration changes from the faulty device are pushed to the replaced device during the RMA workflow.

From the Inventory drop-down list, choose Marked for Replacement.

A list of devices that are marked for replacement displays.
(Optional) If you don't want to replace this device, check the check box of the device and choose Actions > Unmark for Replacement.

Step 3

(Optional) From the Inventory window, replace the faulty device.

Check the check box of the faulty device that you want to replace.
From the Actions drop-down list, choose Device Replacement > Replace Device.
In the Choose Replacement Device window, choose a replacement device from the Plug and Play tab or the Inventory tab and then click Next.
The Plug and Play tab shows the devices that are onboarded through PnP. The Inventory tab shows the devices that are onboarded through inventory or discovery.

If the replacement device hasn't been onboarded through PnP, add it manually or automatically.
- Manual: Under the Plug and Play tab, click Add Device. Then in the Add New Device window, enter the serial number of the device and click Add New Device.
- Automatic: Under the Plug and Play tab, click Sync with Smart Account. Then, in the Sync with Smart Account window, click Sync.

On the Summary window, review the summarized details.

If necessary, click Edit to update the device type or faulty device details.

Note

If Visibility and Control of Configurations is disabled, review the replacement device configuration by clicking View under Replacement Device.

In the Schedule Replacement window, schedule the task for deployment.
Depending on Visibility and Control of Configurations settings, you can either:
- Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
- Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Step 4

From the Inventory window, view the progress of the device replacement task as the device is replaced.

Alternatively, you can monitor the task from the Tasks window.

On the Inventory window, from the Focus drop-down list, choose Device Replacement.

In the Replace Status column, view the replacement status of the device.

If the device replacement is successful, the Replaced status is displayed.

If the device replacement fails and an error message displays, click the error link. Click Retry to retry the workflow with the same set of faulty and replacement devices.

Note

The main inventory window displays the details of the new replacement device that has replaced the faulty device.

In the Replace Status column, click the status of the device to view more information in a slide-in pane.

For example, the slide-in pane displays these steps that the system follows to complete the task:
1. Run readiness checks for device replacement.
2. Claim the (PnP) replacement device.
3. Distribute and activate the software image to the replacement device.
4. Deploy licenses.
5. Provision VLAN configurations.
6. Provision startup configurations.
7. Reload the replacement device.
8. Check for reachability of the replacement device.
9. Deploy SNMPv3 credentials to the replacement device.
10. Synchronize the replacement device.
11. Remove the faulty device from CSSM.
12. Add the replacement device to CSSM.
13. Revoke and create the PKI certificate.
14. Update Cisco ISE.
15. Delete the faulty device.

Replace a faulty access point

Using the AP RMA feature, you can replace a faulty AP with a replacement AP available in the device inventory.

Before you begin

The access point (AP) Return Material Authorization (RMA) feature supports only like-to-like replacement. The replacement AP must have the same model number and PID as the faulty AP.
The replacement AP must have joined the same Cisco Wireless Controller as the faulty AP.
A Cisco Mobility Express AP that acts as the wireless controller is not a candidate for the replacement AP.
The software image version of the faulty AP must be imported in the image repository before marking the device for replacement.
The faulty device must be assigned to a user-defined site if the replacement device onboards Catalyst Center through Plug and Play (PnP).
The replacement AP must not be in provisioning state while triggering the RMA workflow.
The faulty device must be in an unreachable state.
You must have access to the site and devices where you want to perform the replacement.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

Step 2

Check the check box of the faulty AP that you want to replace.

Step 3

From the Actions drop-down list, choose Device Replacement > Mark Device for Replacement.

Step 4

In the Mark for Replacement dialog box, click Mark for confirmation.

If you decide that you don't want to replace this AP right now, you can unmark it for replacement and mark the correct faulty AP for replacement.

Check the check box of the AP that you don't want to replace.
From the Actions drop-down list, choose Actions > Unmark for Replacement.
Repeat Step 2, Step 3, and Step 4 for the correct faulty AP.

Step 5

In the Mark for Replacement window, click the radio button next to the faulty device name.

Step 6

From the Actions drop-down list, choose Replace Device.

Step 7

In the Replace Device window, click Start.

Step 8

In the Available Replacement Devices table, click the radio button next to the replacement device name.

Step 9

Click Next.

Step 10

Review the replacement Summary and then click Next.

Step 11

In the Schedule Replacement window, choose a scheduling option, update the task name as necessary, and then click Apply.

Now: Immediately deploy the configurations.
Later: Schedule the deployment by setting the date, time, and time zone.

Step 12

Continue with the deployment based on the option that you chose.

If you chose Now, click Submit.
If you chose Later, click Schedule.

The task will deploy at the scheduled time. You can view the task on the Tasks window.

Step 13

From the Inventory window, monitor the task as the faulty AP is replaced.

Use this table to view AP replacement task details and retry a failed task.


If you want to...	Then...
view the progress of the task	On the Inventory window, from the Focus drop-down list, choose Device Replacement. In the Replace Status column, view the replacement status of the faulty AP as it's replaced. If the device replacement is successful, the Replaced status is displayed. Click the status of the faulty AP to view more information in a slide-in pane.
view the replacement history	On the Inventory window, from the Focus drop-down list, choose Device Replacement. From the Actions drop-down list, choose Device Replacement > Replacement History. The Replacement History slide-in pane lists the replaced devices in a tabular format. In the Replace Status column, click the status, such as Replaced, which indicates a successful device replacement. The Replace Status tab lists the steps that the system took to complete the task.
view the task failure reason	On the Inventory window, from the Focus drop-down list, choose Device Replacement. In the Replace Status column, view the AP replacement failure reason with the error message. You can either replace the faulty AP with another new AP or retry the failed replacement using the AP RMA Retry feature.
retry a failed AP replacement	On the Inventory window, from the Focus drop-down list, choose Device Replacement. In the Replace Status column, click the error message for that faulty AP and then click Retry.

Limitations of the RMA Workflow in Catalyst Center

RMA supports replacement of all switches, routers, and Cisco SD-Access devices, except for :
- Devices with embedded wireless controllers
- Cisco Wireless Controllers
- Chassis-based Nexus 7700 Series Switches
- Switch stacks (SVL stacking)
RMA supports devices with an external SCEP broker PKI certificate. The PKI certificate is created and authenticated for the replacement device during the RMA workflow. The PKI certificate of the replaced faulty device must be manually deleted from the certificate server.
The RMA workflow supports device replacement only if:
- Both the faulty and replacement devices have the same extension cards.
- The number of ports in both devices does not vary because of the extension cards.
- The faulty device is managed by Catalyst Center with a static IP. (RMA is not supported for devices that are managed by Catalyst Center with a DHCP IP, except extended node and AP in fabric.)
Make sure that the replacement device is connected to the same port to which the faulty device was connected.

In Catalyst Center 2.3.7.4 and 2.3.7.5 only, fabric edge replacement does not support the DHCP server configuration in the neighbor device if the neighbor device is not part of the fabric. Because intermediate nodes are not part of the Cisco SD-Access fabric, the DHCP server with option 43 is not pushed.

Note

This limitation is removed in Catalyst Center 2.3.7.6 and later.

Catalyst Center does not support legacy license deployment.

The RMA workflow deregisters the faulty device from Cisco SSM and registers the replacement device with Cisco SSM.
- If the software image installed on the faulty device is earlier than Cisco IOS XE 16.8, the License Details window does not display the Network and Feature License details and no warning message is displayed. Therefore, you should be aware of the legacy network license configured on the faulty device and manually apply the same legacy network license on the replacement device.
- If the software image installed on the faulty device is Cisco IOS XE 16.8 or later, the License Details window displays details of the network license (for example, Legacy or Network) and the feature license (for example, IP Base, IP Service, or LAN Base). This warning message displays while marking the faulty device for replacement:
  Some of the faulty devices don't have a license. Please ensure your replacement device has the same Legacy license of the faulty device enabled.
- If the legacy network licenses of the replacement and faulty devices do not match, this error message displays during the license deployment:
  Catalyst Center doesn't support legacy license deployment. So manually update the faulty device license on the replacement device and resync before proceeding.
Catalyst Center supports PnP onboarding of the replacement device in a fabric network, except when:
- The faulty device is connected to an uplink device using multiple interfaces.
- LAN automation uses overlapping pools.
If the replacement device onboards through the PnP-DHCP functionality, make sure that the device gets the same IP address after every reload and the lease timeout of DHCP is longer than two hours.
In a fabric setup with Catalyst Center 9800 HA devices, if one of the HA devices goes down, you must complete these steps to replace it:
1. From the Inventory window, resynchronize the HA device that failed. Catalyst Center shows the device as standalone; the standby has failed and has been removed.
2. Set the priority for the devices. If you want the existing device to return as the active device after forming HA with the new device, ensure that the HA priority of the existing device is set to 2 (or the highest available priority value). You can configure the device priority from the web UI, under Administration > Device > Redundancy.
  Alternatively, you can enter this CLI command to configure the device priority:
```
chassis <chassis_number> priority 2
```
  To view the chassis number and the current priority value, enter the show chassis EXEC command.
  
  If the priority is set to the default value of 1 on both devices, the device with the lower MAC address becomes the active device.
3. Configure the chassis redundancy command on the new device using the same local and remote IP addresses that were used on the failed device. You can configure the chassis redundancy in either the web UI or the CLI.
4. Reboot both devices to form the HA pair.
5. After HA is up, resynchronize the devices in Catalyst Center. The Inventory window shows the new HA pair. Verify the serial numbers in the Serial Number column. For an HA pair, both the active and standby serial numbers are shown.

Reboot an access point

Using the AP Reboot feature, you can reboot one or more APs for troubleshooting and maintenance.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery feature.

Procedure

Step 1	From the main menu, choose Provision > Inventory.
Step 2	Check the check box of the APs that you want to reboot.
Step 3	From the Actions drop-down list, choose Inventory > Reboot Device.
Step 4	In the Reboot Device slide-in pane, choose whether you want to reboot the AP Now or schedule it for later.
Step 5	Expand Selected Devices to view the AP name and floor details of the reboot AP.
Step 6	Click Reboot. After the Cisco Wireless Controller initiates the task of rebooting the selected APs, a `Reboot Initiated Successfully` message is displayed.
Step 7	In the Task Submitted dialog box, click the Task link. This dialog box displays for a few seconds and then disappears. To navigate to the task, click the menu icon and choose Activities > Tasks.
Step 8	Click the task name to view the reboot initiation status.

Bias-Free Language

Results

Chapter: Manage Your Inventory

Manage Your Inventory

About Inventory

Inventory and Cisco ISE authentication

Display information about your inventory

Before you begin

Procedure

Display information about a device

Before you begin

Procedure

Display information about a device interface

Procedure

Display information about Ethernet ports

Procedure

View and edit layer 2 configuration of a device

Before you begin

Procedure

What to do next

View and edit security configuration of a device

Procedure

View and edit industrial configuration of a device

Procedure

Manage port details

Procedure

Inventory user interface enhancement

Before you begin

Procedure

Manage user-defined fields

Create user-defined fields

Procedure

Add user-defined fields to a device

Before you begin

Procedure

Launch Topology map from Inventory

Procedure

Types of devices in the Catalyst Center Inventory

Add devices to the Catalyst Center Inventory

Procedure

What to do next

Add a network device

Before you begin

Procedure

Update network device credentials

Before you begin

Procedure

Security focus for network devices

View the integrity verification status of a device

Procedure

View device certificate status

Procedure

Add a compute device

Procedure

Update compute device credentials

Before you begin

Procedure

Integrate the Meraki dashboard

Procedure

Update Meraki dashboard credentials

Before you begin

Procedure

Integrate Firepower Management Center

Procedure

Update Firepower Management Center credentials

Before you begin

Procedure

Add a third-party device

Before you begin

Procedure

Filter devices

Procedure

Manage devices in the Inventory window

Assign an unprovisioned device to a site

Procedure

Assign a provisioned device to a different site

Procedure

Tag devices

Procedure