Cisco Catalyst Center 3.1.x on ESXi Deployment Guide

PDF

Complete the quick start workflow

Updated: March 18, 2026

Want to summarize with AI?

Log in

Overview

Describes the initial login, security setup, and device discovery process required to start using Catalyst Center.

After you have deployed and configured a Catalyst Center on ESXi virtual appliance, you can log in to its GUI. Use a compatible, HTTPS-enabled browser when accessing Catalyst Center on ESXi.

When you log in for the first time as the admin superuser (with the username admin and the SUPER-ADMIN-ROLE assigned), the Quick Start workflow automatically starts. Complete this workflow to discover the devices that Catalyst Center on ESXi will manage. This process also enables the collection of telemetry from those devices.

Before you begin

To log in to Catalyst Center on ESXi and complete the Quick Start workflow, you will need:

Procedure

1.

Do one of these:

  • If you completed either of the Maglev Configuration wizards, access the Catalyst Center on ESXi GUI by using https:// and the IP address of the Catalyst Center on ESXi GUI that was displayed at the end of the configuration process.

  • If you completed either of the browser-based configuration wizards, click Open Catalyst Center Virtual Appliance on the wizard's last page.

One of these messages appears (depending on the browser that you are using):

  • Google Chrome: Your connection is not private

  • Mozilla Firefox: Warning: Potential Security Risk Ahead

2.

Ignore the message and click Advanced.

One of these messages appears (depending on the browser that you are using):

  • Google Chrome: 
    This server could not prove that it is GUI-IP-address; its security certificate is not trusted by your computer's
 operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
  • Mozilla Firefox: 
    Someone could be trying to impersonate the site and you should not continue.
Websites prove their identity via certificates.
Firefox does not trust GUI-IP-address because its certificate issuer is unknown,
the certificate is self-signed, or the server is not sending the correct intermediate certificates.

These messages appear because the controller uses a self-signed certificate. For information on how Catalyst Center on ESXi uses certificates, see the "Certificate and private key support" section in the Cisco Catalyst Center Administrator Guide.
3.

Ignore the message and do one of these:

  • Google Chrome: Click the Proceed to GUI-IP-address (unsafe) link.

  • Mozilla Firefox: Click Accept the Risk and Continue.
4.

Click Log In.

The Catalyst Center on ESXi login screen appears.
5.

Do one of these and then click Login:

  • If you completed either of the Maglev configuration wizards or the browser-based Install configuration wizard, enter the admin username (admin) and password (P@ssword9).

  • If you completed the browser-based Advanced Install configuration wizard, enter the admin username (admin) and password that you set when you configured your Catalyst Center on ESXi appliance.

In the next screen, you are prompted to configure a new admin user (as the default credentials used to log in for the first time will be deleted).
6.

Do these in the resulting dialog box, then click Submit.

  • In the Roles drop-down list, ensure that the SUPER-ADMIN user role is selected.

  • Enter the new admin user's username.

  • Enter and then confirm the new admin user's password.
7.

Click Log In.

The Catalyst Center on ESXi login screen appears.
8.

Enter the username and password you configured for the new admin user, then click Login.
9.

Enter your cisco.com username and password (which are used to register software downloads and receive system communications) and then click Next.

Note

If you don't want to enter these credentials at this time, click Skip instead.

The Terms & Conditions screen opens, providing links to the software End User License Agreement (EULA) and any supplemental terms that are currently available.
10.

After reviewing these documents, click Next to accept the EULA.

The Quick Start Overview slider opens. Click > to view a description of the tasks that the Quick Start workflow will help you complete in order to start using Catalyst Center on ESXi.
11.

Complete the Quick Start workflow:

  1. Click Let's Do it.

  2. In the Discover Devices: Provide IP Ranges page, enter this information and then click Next:

    • The name for the device discovery job.

    • The ranges of IP addresses for the devices you want to discover. Click + to enter additional ranges.

    • Specify whether you want to designate your appliance's loopback address as its preferred management IP address. For more information, see the "Preferred Management IP Address" topic in the Cisco Catalyst Center User Guide.

  3. In the Discover Devices: Provide Credentials screen, enter the information described in this table for the type of credentials you want to configure and then click Next:

    GUI Components Description

    CLI (SSH) Credentials

    Username field

    Username used to log in to the CLI of the devices in your network.

    Password field

    Password used to log in to the CLI of the devices in your network. The password you enter must be at least eight characters long.

    Name/Description field

    Name or description of the CLI credentials.

    Enable Password field

    Password used to enable a higher privilege level in the CLI. Configure this password only if your network devices require it.

    SNMP Credentials

    SNMPv2c radio button

    Click to use SNMPv2c credentials.

    SNMPv3 radio button

    Click to use SNMPv3 credentials.

    SNMP Credentials: SNMPv2c

    SNMPv2c Type drop-down list

    Choose either a read or write community string when SNMPv2c credentials are used.

    Name/Description field

    Name or description of the SNMPv2c read or write community string.

    Community String field

    Read-only community string password used only to view SNMP information on the device.

    SNMP Credentials: SNMPv3

    Name/Description field

    Name or description of the SNMPv3 credentials.

    Username field

    Username associated with the SNMPv3 credentials.

    Mode field

    Security level that SNMP messages require:

    • No Authentication, No Privacy (noAuthnoPriv): Does not provide authentication or encryption.

    • Authentication, No Privacy (authNoPriv): Provides authentication, but does not provide encryption.

    • Authentication and Privacy (authPriv): Provides both authentication and encryption.

    Authentication Password field

    Password required to gain access to information from devices that use SNMPv3. The password must be at least eight characters in length. Note these points:

    • Some wireless controllers require that passwords be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center on ESXi.

    • Passwords are encrypted for security reasons and are not displayed in the configuration.

    Authentication Type field

    Hash-based Message Authentication Code (HMAC) type used when either Authentication and Privacy or Authentication, No Privacy is set as the authentication mode:

    • SHA: HMAC-SHA authentication.

    • MD5: HMAC-MD5 authentication.

    Privacy Type field

    Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Choose one of these privacy types:

    • AES128: 128-bit CBC mode AES for encryption.

    • AES192: 192-bit CBC mode AES for encryption on Cisco devices.

    • AES256: 256-bit CBC mode AES for encryption on Cisco devices.

    Note

    • Privacy types AES192 and AES256 are supported only for use with Discovery and Inventory features. Assurance features are not supported.

    • Privacy type AES128 is supported for Discovery, Inventory, and Assurance.

    Privacy Password field

    SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices supported with AES128, AES192, and AES256 encryption standards. Passwords (or passphrases) must be at least eight characters long.

    Note these points:

    • Some wireless controllers require that passwords be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center on ESXi.

    • Passwords are encrypted for security reasons and are not displayed in the configuration.

    NETCONF

    Port field

    The NETCONF port that Catalyst Center on ESXi should use in order to discover wireless controllers that run Cisco IOS-XE.

  4. In the Create Site screen, group the devices you are going to discover into one site in order to facilitate telemetry and then click Next.

    You can enter the site's information manually or select the preferred GUI that was displayed at the end of the configuration process using the map interface.

  5. In the Enable Telemetry screen, check the network components that you want Catalyst Center on ESXi to collect telemetry for and then click Next.

  6. In the Summary screen, review the settings that you have entered and then do one of these:

    • If you want to make changes, click the appropriate Edit link to open the relevant screen.

    • If you are satisfied with the settings, click Start Discovery and Telemetry. Catalyst Center on ESXi validates your settings to ensure that they will not result in any issues. After validation is complete, the screen updates.

      Catalyst Center on ESXi begins the process of discovering your network's devices and enabling telemetry for the network components you selected. The process takes at least thirty minutes (0.5 hours). It may take longer for larger networks.

  7. Click Launch Homepage to open the Catalyst Center on ESXi homepage.

    From here, you can monitor the progress of device discovery and telemetry enablement. While these tasks are completing, do one or more of these:

    • To open the Discoveries page and confirm that the devices in your network have been discovered, click the menu icon and choose Tools > Discovery.

    • To verify that the credentials you entered previously have been configured for your site, click the menu icon and choose Design > Network Settings. Then click the Device Credentials tab.

    • To view any tasks (such as a weekly scan of the network for security advisories) that Catalyst Center on ESXi has already scheduled to run, click the menu icon and choose Activities. Then click the Tasks tab.

    • To access guided workflows that will help you set up and maintain your network, click the menu icon and choose Workflows.