New and changed features in Catalyst Center

This table summarizes the new and changed features in Catalyst Center 3.1.6 and tells you where they are documented.

Table 1. New and changed features in Catalyst Center 3.1.6
Feature Description

SNMPv3 authentication support for SHA256

Catalyst Center now supports SHA256 as an SNMPv3 authentication type.

The use of SHA256 provides a stronger authentication mechanism compared to older algorithms, enhancing the security of SNMP communication with Catalyst Center.

AP Locally Significant Certificate (LSC) renewal for wireless devices

Catalyst Center enables you to create AP LSC renewal profiles and renew the AP LSCs for wireless devices before it expires.

Note

 

The device must be running Cisco IOS XE Release 17.1.7.1 or later.

See Create an AP LSC renewal profile, Renew AP LSC for a wireless device, Provision a Cisco Catalyst 9800 Series Wireless Controller, Provision Embedded Wireless on Cisco Catalyst 9000 Series Switches, and Add a device to a fabric.

Enhancements to 802.11be profiles

For Cisco IOS XE Release 17.18.1, the 802.11be profiles have these enhancements:

  • Mark as default toggle button to set an 802.11be profile as the default profile.

  • Support for Multi-Link Operation (MLO) groups to use multiple frequency bands at the same time.

See Create an 802.11be profile, Add SSIDs to a network profile, and Enable the Wi-Fi 7 configuration

Enhancements to Per-Device Configurations for Cisco Catalyst 9800 Series Wireless Controllers

The Per-Device Configuration feature on Catalyst Center now supports these configurations and parameters for a Cisco Catalyst 9800 Series Wireless Controller running Cisco IOS XE Release 17.18.1 or later:

  • Enhancements to 802.11be configurations

  • Wi-Fi 7 per-band status in WLAN profiles

  • WLAN scheduler in policy profiles

  • LSC provision

  • AP upgrade configurations

See Create a WLAN profile for a Cisco Catalyst 9800 Series Wireless Controller, Create a policy profile for a Cisco Catalyst 9800 Series Wireless Controller, Configure the 802.11be profile for a Cisco Catalyst 9800 Series Wireless Controller, Create a multi-BSSID profile for a Cisco Catalyst 9800 Series Wireless Controller, Configure LSC provision parameters for a Cisco Catalyst 9800 Series Wireless Controller, Create an LSC provisioning entry for a Cisco Catalyst 9800 Series Wireless Controller, and Configure AP upgrade settings for a Cisco Catalyst 9800 Series Wireless Controller.

OFDMA uplink, OFDMA downlink, MU-MIMO uplink, and MU-MIMO downlink configuration changes for 802.11be settings

Starting with Cisco IOS XE Release 17.18.2, the OFDMA Uplink, OFDMA Downlink, MU-MIMO Uplink, and MU-MIMO Downlink parameters are deprecated and ignored in these 802.11be configurations:

  • 802.11be profiles for the 2.4-GHz and 5-GHz bands

  • 802.11BE PARAMETERS section in RF profiles for the 6-GHz band

To configure these settings:

  • For the 2.4-GHz and 5-GHz bands: use the 802.11ax Configuration tab in the Advanced SSID Configuration feature template.

  • For the 6-GHz band: use the 802.11AX PARAMETERS section in the RF profiles.

See Create an 802.11be profile, Create a feature template for advanced SSID, Create a wireless radio frequency profile, Create an AI radio frequency profile, and Enable the Wi-Fi 7 configuration.

Security service insertion for SD-Access

Catalyst Center supports security service insertion for SD-Access to enhance network security by steering the traffic through firewalls based on predefined policies.

Note

 

This feature is in beta.

See Security service insertion for SD-Access and Configure security service insertion on a fabric site.

Support for campus networks

The Campus Network feature in Catalyst Center enables you to manage devices across multiple sites using networks and device groups. You can compare device configurations and learn or create group profiles within your network.

Note

 

This feature is in beta.

See Provision Campus Networks.

Support for Cisco C9350 Series Smart Switches as fabric edge device

Catalyst Center supports Cisco C9350 Series Smart Switches as edge devices within a fabric network.

Note

 

Cisco C9350 Series Smart Switches do not support wireless capability or the configuration of extended nodes.

See Supported hardware platforms and Configure an extended node.

Support for Cisco Wireless 9171I Series Access Points

Catalyst Center supports the Cisco Wireless 9171I Series Access Points for Wi-Fi 7 configuration with Cisco IOS XE Release 17.18 or later.

This AP supports dual-band (XOR) capability allowing slot 1 to operate in either 5-GHz or 6-GHz radio modes.

Note

 

When configuring this AP using the Configure Access Points workflow, you can't configure the radio parameters for slot 1 in the Configure 5 GHz Radio Parameters or Configure 6 GHz Radio Parameters windows. Instead, use the Configure Dual-Band (XOR) Radio Parameters window to manage these settings.

See Configure APs, Schedule recurring events for APs, Supported hardware platforms, and Enable the Wi-Fi 7 configuration.

Traffic steering policy configuration

Catalyst Center supports the configuration of traffic steering policies to redirect the required traffic to the firewall. You can use the traffic steering policies for security service insertion.

Note

 

This feature is in beta.

See Configure Traffic Steering Policies.

This table summarizes the new and changed features in Catalyst Center 3.1.5 and tells you where they are documented.

Table 2. New and changed features in Catalyst Center 3.1.5
Feature Description

Beta home page

Catalyst Center introduces a new beta home page. This beta home page provides a more granular summary view of your network, allowing you to quickly assess its overall performance, status, and health.

See Beta home page.

Enhancements to cloning Per-Device Configurations across multiple wireless controllers

Catalyst Center supports cloning these Per-Device Configuration features from another Cisco Catalyst 9800 Series Wireless Controller:

  • Flex profiles

  • RF profiles

  • Site tags

See Clone a Per-Device Configuration from another Cisco Catalyst 9800 Series Wireless Controller.

Rule-based compliance policies

Catalyst Center enables you to create custom configuration rules and policies that it periodically evaluates across your network to detect any violations.

See Configure Rule-Based Compliance Policies.

Overlapping IP address pools

Catalyst Center allows you to enable overlapping for the CIDR subnet of an IP address pool, which provides more flexibility when assigning IP addresses dynamically.

See Overlapping IP address pools.

This table summarizes the new and changed features in Catalyst Center 3.1.3 and tells you where they are documented.

Table 3. New and changed features in Catalyst Center 3.1.3
Feature Description

Custom role for Cisco SD-Access fabric

Catalyst Center supports the creation of custom roles with the SD-Access capability that allows users to create and manage Cisco SD-Access fabric.

See Role-based access control for Cisco SD-Access.

Energy Management

Catalyst Center’s Energy Management offers insights into energy consumption patterns. This enables more strategic energy usage, significantly reduces operational costs, and reduces the carbon footprint contributing to environmental sustainability.

See Manage energy on network devices, Use the Energy Management dashboard, View energy consumption of network devices, View energy savings, and Compare energy across sites.

Cloning the profiles across multiple wireless controllers

Catalyst Center supports cloning the existing profiles created for wireless controllers. This allows users to reuse the configurations across multiple controllers, reducing the time taken to manually recreate the settings.

See Clone a Per-Device Configuration from another Cisco Catalyst 9800 Series Wireless Controller.

Access point (AP) priming for Cisco Catalyst 9800 Series Wireless Controller

AP priming for Cisco Catalyst 9800 Series Wireless Controller enables users to preconfigure an AP to join a specific wireless controller. The AP then automatically joins its preferred wireless controller when it starts.

See Create an AP priming profile for a Cisco Catalyst 9800 Series Wireless Controller.

Editable policy profile name in SSIDs and wireless network profiles

In earlier releases, the policy profile name that was automatically generated from the WLAN profile name in SSIDs creation workflows and wireless network profiles was not editable.

Starting in this release, you can edit the policy profile name in SSID creation workflows and wireless network profiles using the Copy to Policy Profile Name check box. You can also configure site-level overrides for policy profile name in SSIDs.

See Create SSIDs for an enterprise wireless network, Configure site-level overrides for an SSID for enterprise networks, Create SSIDs for a guest wireless network, Configure site-level overrides for an SSID for guest networks, and Add SSIDs to a network profile.

Enhancements to Per-Device Configuration on Cisco Catalyst 9800 Series Wireless Controller

The Per-Device Configuration feature on Catalyst Center is enhanced to customize more features and parameters for a Cisco Catalyst 9800 Series Wireless Controller running Cisco IOS XE Release 17.12 or later.

See:

Enhancements to discovery dashboard

The discovery dashboard now has the option to monitor and manage all the scheduled network operations.

See Discovery dashboard.

Enhancements to software image repository

The software image repository now includes more options. You can check the status of image updates, schedule an image update for a specific date and time, and download the readiness report.

See View software images, Import a software image, and Schedule Image Update.

Updates to the application of global device credentials

The application of global device credentials now supports these updates:

  • Support for Visibility and Control of Configurations: Preview configurations before deploying them to your devices.

  • CLI credential configuration update: Choose to push or not push a CLI credential to affected devices for device management.

  • CLI credential verification update: Choose to verify or not verify that a CLI credential grants access to the affected devices.

Note

 

Catalyst Center doesn't support the application of HTTPS Read and HTTPS Write credentials to the devices in a site.

See Apply device credentials to site devices.

Enhancements to Layer 2 virtual network configurations in Cisco SD-Access fabric

Layer 2 virtual network supports configuration of these attributes:

  • Resource Guard: Option to block or unblock the SSDP traffic in the Cisco SD-Access fabric.

  • Flood Access Tunnel: Enable or disable flood access tunnel for a Layer 2 virtual network.

  • Flooding Address Assignment: Option to choose between a shared or custom flooding address and configure the custom flooding address.

See Create a Layer 2 virtual network and Create anycast gateways.

Enhancements to the AP configuration workflow

The Configure Access Points workflow includes these AP configurations to support the Per-Device Configuration feature:

  • VLAN tag

  • DNS configuration

  • LAN port parameters

  • BSS color configuration

See Configure APs and Configure APs using existing templates.

Enhancements to site hierarchy changes in Cisco SD-Access fabric

You can move a site under a new site if it is within the fabric. You cannot move fabric sites to a new fabric or to a site outside the fabric.

See Add a fabric site.

Mapping transits to sites in Cisco SD-Access fabric network

Associating a transit (SDA transit and IP transit) to a geographical site such as an area, building, or floor allows site users to efficiently manage the transits.

See Create an SD-Access transit and Create an IP transit.

Role-based access control enhancements for wireless devices

Catalyst Center supports site-based, role-based access control (SRBAC), which limits a user's scope of access to certain network sites. You must ensure you have access to the sites and devices while using the wireless provisioning workflows.

See Plug and Play provisioning prerequisites, Role-based access control, Replace a faulty access point.

Security and industrial configurations

You can view and edit these device configurations in Catalyst Center inventory:

  • Security: Supported for Cisco Catalyst 9000 Series Switches and Cisco Catalyst IE switches.

  • Industrial configurations: Supported for Cisco Catalyst IE switches only.

See Display information about a device, View and edit security configuration of a device, and View and edit industrial configuration of a device.

Support for new APs for Wi-Fi 7 configuration

Catalyst Center supports these APs for Cisco IOS XE Release 17.17.1 or later:

  • Cisco Catalyst 9172H Series Access Points

  • Cisco Catalyst 9172I Series Access Points

See Configure APs, Schedule recurring events for APs, and Supported hardware platforms.

Support for site-based, role-based access control

You can create access groups that limit access to certain network sites. An access group combines a role and a site.

The behavior of Catalyst Center features depends on the user role and site specified in the access group.

See User profile roles and permissions.

Support for XOR parameters on Cisco Catalyst 9176D1 Series APs and Cisco Catalyst 9176I Series APs

Catalyst Center supports dual-band (XOR) between 2.4-GHz and 5-GHz radio modes on slot 0 for these APs when they're running Cisco IOS XE Release 17.17.1 or later:

  • Cisco Catalyst 9176D1 Series Access Points

  • Cisco Catalyst 9176I Series Access Points

Note

 

If the APs are running Cisco IOS XE Release 17.15.2, slot 0 supports only the 2.4 GHz band.

See Configure APs and Schedule recurring events for APs.

Support for optional voice VLAN configuration in Cisco SD-Access fabric authentication templates

Catalyst Center provides an option to enable or disable the default voice VLAN (VLAN 2046) for a fabric site during fabric site creation or at day n using an authentication template.

See Add a fabric site and Configure an authentication template for the fabric site.

Validation enhancements for assigning sites between different parent sites

In network hierarchy, you can move a site under a different parent site only when the new parent site shares the same network settings as the current parent site. Ensure the new parent site has the same network profile as your site.

See Create, edit, and delete a site.

Support for new country codes

Catalyst Center supports new country codes for the Cisco Wireless Controllers and APs running Cisco IOS XE Release 17.17.1 or later.

Each radio within an AP is assigned to a regulatory domain at the factory. A country code enables you to specify a particular country of operation within that regulatory domain. For a complete list of country codes supported per product, see https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html.

Enhancements to AFC integration with Standard Power Mode

Catalyst Center supports configuring AP Geolocation Parameters through the AP configuration workflow. You can view and edit geolocation parameters for eligible APs, which are utilized for Automated Frequency Coordination (AFC).

See Configure APs and Configure APs using existing templates.

VLAN support for trunk ports

Catalyst Center supports the configuration of the allowed and native VLAN values for each trunk port.​

See Configure ports within the fabric site and Configure a port channel.

Configure Parallel Redundancy Protocol

This workflow helps you set up and manage Parallel Redundancy Protocol (PRP) channels. These channels ensure high availability and eliminate packet loss in critical network systems.

See Configure Parallel Redundancy Protocol in fabric site