A world map is displayed in the right pane.

By default, Global is the parent node.

The site is created under the parent node in the left pane.

You can also upload an existing hierarchy.

A world map is displayed in the right pane.

You can also upload an existing hierarchy.

By default, Global is the parent node.

The building that you created is added under the parent site in the left menu.

• Upper or lower case letters or both

• Numbers

• Underscores (_)

• Hyphens (-)

• Periods (.)

• Spaces ( )

After you import a map, make sure that you mark the Overlay Visibility as On (Floor > View Option > Overlays). By default, overlays are not displayed after you import a map.

Access points that are not assigned to any floors appear in the list.

• To position the APs, click an AP and drag and drop it to the appropriate location on the floor map. Alternatively you can update the x and y coordinates and AP Height in the Selected AP Details window. When you drag an access point on the map, its horizontal (x) and vertical (y) position appears in the text field. When selected, the access point details are displayed in the right pane. The Selected AP Details window displays the following:

  • Position by 3 points: You can draw three points on the floor map and position APs using the points created. To do this:

    1. Click Position by 3 points.

    2. To define the points, click anywhere on the floor map to start drawing the first point. Click again to finish drawing a point. A dialog box appears to set the distance to first point. Enter the distance, in meters, and click Set Distance.

    3. Define the second and third points similarly, and click Save.

  • Position by 2 Walls: You can define two walls on the floor map and position APs between the defined walls. This helps you to know the position of APs between the two walls. This helps you to understand the AP position between the walls.

    1. Click Position by 2 walls.

    2. To define the first wall, click anywhere on the floor map to start drawing the line. Click again to finish drawing a line. A dialog box appears to set the distance to the first wall. Enter the distance in meters and click Set Distance.

    3. Define the second wall similarly and click Save.

       The AP is placed automatically as per the defined distance between the walls.

  • AP Name: Shows the AP name.

  • AP Model: Indicates the AP model for the selected access point.

  • MAC Address: Displays the MAC address.

  • x: Indicates the horizontal span of the map, in feet.

  • y: Indicates the vertical span of the map, in feet.

  • AP Height: Indicates the height of the access point.

  • Protocol: Protocol for this access point: 802.11a/n/ac, 802.11b/g/n (for Hyper Location APs), or 802.11a/b/g/n.

  • Antenna: Antenna type for this access point.

    Note	For external APs, you must select an antenna, or the AP will not be present in the map.

  • Antenna Image: Shows the AP image.

  • Antenna Orientation: Indicates the Azimuth and the Elevation orientations, in degrees.

  • Azimuth: This option does not appear for omnidirectional antennas because their pattern is nondirectional in azimuth.

    The azimuth is the angle of the antenna measured relative to the x axis. The azimuth range is 0 to 360. In Cisco DNA Center, north is 0 or 360 degrees; east is 90 degrees.

The heatmap is generated based on the new position of the AP.

If a Cisco Connected Mobile Experiences (CMX) is synchronized with Cisco DNA Center, you can view the location of clients on the heatmap. See Create Cisco CMX Settings.

The available coverage areas are highlighted on the map.

The available coverage areas are highlighted on the map.

All the available obstacles are highlighted on the map.

All the available obstacles are highlighted on the map.

A drawing icon appears.

The available rails are highlighted on the map.

All the available rail lines are highlighted on the map.

A drawing icon appears.

The available markers are highlighted on the map.

All the available markers are highlighted on the map.

A location icon appears.

A Place Marker dialog box appears to specify a physical address, latitude, and longitude coordinates of GPS marker on the floor map.

A world map is displayed in the right pane.

In the left pane, navigate to the floor on which you want to identify the interferer.

The Interferer window shows the following attributes of the identified interferer:

• Type

• State

• Name

• Interferer reported by either CMX or Cisco DNA Spaces

• MAC address

• Detecting AP(s)

• Duty cycle

• Affected channels

• Zone of impact

• First detected

• Last reported

The search results appear in a tabular format.

You can draw the planned APs and obstacles on the selected floor.

The Add Planned AP window appears.

The antenna image reflects the antenna selected.

The newly added planned AP appears on the floor map.

For more information, see Create Obstacles.

The PDF is created and downloaded to your local machine. The PDF contains the floor map along with the planned AP details that you configured. The planned APs are listed based on the AP model.

You can draw the planned APs and obstacles on the selected floor.

The list of AP models that are available on a particular floor appears on the left side of the floor map.

The Select AP models to add dialog box appears.

The new AP models are added to the floor.

You can only remove an AP model if no APs of that model type are added to the floor map.

A planned AP of the selected model is added to the floor map and the Edit Planned AP pane appears on the right, with an AP name added to it by default.

The Name pattern dialog box appears.

The #### in the name pattern is replaced by numbers in the AP Name, for example SJC-BLD21-FL2-AP0001, SJC-BLD21-FL2-AP0002, and so on.

The antenna image reflects the antenna selected.

A new AP appears on the map with all of the properties inherited and the AP name appended, for example BLD1-AP0002-TX.

The Edit Planned AP window appears. Make your changes in the Edit Planned AP window, and then click Save.

The Create an Enterprise Wireless Network window appears.

The SSID name can contain up to 32 alphanumeric characters, including one space. All special characters, except for < /, are allowed.

The following combination of substring is not allowed: .*

If you select Voice and Data, the quality of service is optimized to access either voice or data traffic.

If you select Data Only option, the quality of service is optimized for wireless data traffic only.

By selecting Fast Lane, you can set the IOS devices to receive an optimized level of wireless connectivity and enhanced Quality of Service (QoS).

Turning off the Broadcast SSID hides the SSID from clients attempting to connect to this SSID, thereby reducing unnecessary load on the wireless infrastructure.

• Dual band operation (2.4 GHz and 5 GHz): The WLAN is created for both 2.4 GHz and 5 GHz. The band select is disabled by default.

• Dual band operation with band select: The WLAN is created for 2.4 GHz and 5 GHz and band select is enabled.

• 5 GHz only: The WLAN is created for 5 GHz and band select is disabled.

• 2.4 GHz only: The WLAN is created for 2.4 GHz and band select is disabled.

• WPA2 Enterprise: Provides a higher level of security using Extensible Authentication Protocol (EAP) (802.1x) to authenticate and authorize network users with a remote RADIUS server.

• WPA2 Personal: Provides a good security using a passphrase or a preshared key (PSK). This allows anyone with the passkey to access the wireless network. If you select WPA2 Personal, enter the passphrase in the Passphrase field.

  Note	You can override a preshared key (PSK) at the site, building, or floor level. If you override a PSK at the building level, the subsequent floors inherit the new settings. For more information, see Preshared Key Override.

• Open: Provides no security. Allows any device to access the wireless network without any authentication.

• Enterprise: You can configure both WPA2 and WPA3 security authentication type by checking the respective check boxes. By default, the WPA2 check box is enabled.

  Wi-Fi Protected Access (WPA2) uses the stronger Advanced Encryption Standard encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP).

  WPA3 is the latest version of WPA which is a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3-Enterprise provides higher grade security protocols for sensitive data networks.

• Personal: You can configure WPA2 and WPA3 security authentication types by checking the respective check boxes. If you choose Personal, enter the passphrase key in the Pass Phrase field. This key is used as the pairwise master key (PMK) between clients and the authentication server.

  WPA3-Personal brings better protection to individual users by providing more robust password-based authentication making the brute-force dictionary attack much more difficult and time-consuming.

• Open Secured: From the Assign Open SSID drop-down list, select an open SSID to redirect the clients to open secured SSID. The open secured policy provides least security.

• Open: Provides no security. It allows any device to connect to the wireless network without any authentication.

By default, Fast Transition (802.11r) is in Adaptive mode.

The 802.11r allows wireless clients to quickly roam from one AP to another AP. Fast transition ensures less disrupted connectivity when a wireless client roams from one AP to another AP.

By default, the Over the DS check box is enabled.

When you enable MAC filtering, only the MAC addresses that you add to the wireless LAN are allowed to join the network.

The session timeout is the maximum time for a client session to remain active before reauthorization. By default, the Session Timeout is enabled with a timeout of 1800 seconds. The session timeout range is from 300 to 86400 seconds.

When a user fails to authenticate, the wireless controller excludes client from connecting. The client is not allowed to connect to the network until the exclusion timer expires. By default, the Client Exclusion is enabled with a timeout of 180 seconds. The range is from 0 to 2147483647 seconds.

Management Frame Protection (MFP) increases the security of management frames. It provides security for the otherwise unprotected and unencrypted 802.11 management messages that are passed between access points and clients. MFP provides both infrastructure and client support.

By default, the Optional radio button is selected. If you click the Required radio button, then the clients are allowed to associate only if the MFP is negotiated (that is, if WPA2 is configured on the wireless controller and the client supports CCXv5 MFP and is also configured for WPA2).

To facilitate roaming, a 11k capable client that is associated with an AP sends request to a list of neighboring APs. The request is sent in the form of an 802.11 management frame, which is known as an action frame. The AP responds with a list of neighbor APs on the same WLAN with their Wi-Fi channel numbers. The response is also an action frame. The client identifies the AP candidates for next roam from the response frame.

The BSS Max idle period is the timeframe during which an AP does not disassociate a client due to nonreceipt of frames from the connected client.

If the data sent by the client is more than the threshold quota specified within the user idle timeout, the client is considered to be active and the wireless controller refreshes for another timeout period.

By default, the Client User Idle Timeout is enabled with a user idle timeout of 300 seconds.

By default, the Directed Multicast Service is enabled. Using the Directed Multicast Service (DMS), the client requests APs to transmit the required multicast packets as unicast frames. This allows clients to sleep for a longer time and saves the battery power.

The Wireless Profiles window appears. You can associate the SSID to a wireless profile.

Fabric SSID is a wireless network, which is part of Software Defined-Access (SD-Access). With fabric SSID, it is mandatory to have SD-Access. Nonfabric is a traditional wireless network that does not require SD-Access.

This is the VLAN ID that is associated with the wireless interface.

This is the VLAN ID that is associated with the wireless interface.

If you want to change the VLAN ID, in the Local to VLAN field, enter a new value for the VLAN ID.

You can either select a parent site or the individual sites. If you select a parent site, all children inherit their settings from the parent site. You can uncheck the check box to deselect a site.

The Add Model Config window appears.

You can either search for a device name by entering its name in the Search field, or expand Wireless Controller and select the device type.

The created profile appears in the Wireless Profiles window.

You can use tags on templates only when you have to push different templates for the same device type based on the device tag.

The created profile appears in the Wireless Profiles window.

The Configure AAA Server for SSID window appears.

The Cisco DNA Center allows you to override the set of AAA server configuration for SSID on the site level. For each set of overridden AAA settings per SSID, the Cisco DNA Center creates a new WLAN profile with the corresponding AAA servers mapped to it. If an SSID is overridden for different floors, and you make changes in the AAA servers, the Cisco DNA Center creates the new WLAN profiles equals to the number of floors.

You must reprovision the device to override the AAA servers on the site level. See Provision Devices.

The Create a Guest Wireless Network window appears.

The name can contain up to 32 alphanumeric characters, including one space. All special characters are allowed except for the following: < /

The following combination substring is not allowed: .*

• Click the Admin Status button off, to disable the admin status.

• Click the BROADCAST SSID button off, if you do not want the SSID to be visible to all wireless clients within the range. Turning off the Broadcast SSID hides the SSID from clients attempting to connect to this SSID, reducing unnecessary load on the wireless infrastructure.

• Enterprise: You can configure either WPA2 or WPA3 security authentication type by checking the respective check boxes. By default, the WPA2 check box is enabled.

  Wi-Fi Protected Access (WPA2) uses the stronger Advanced Encryption Standard encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP). Fast transition is applicable for enterprise WPA2 SSID.

  WPA3 security authentication is the latest version of WPA which is a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3-Enterprise provides higher grade security protocols for sensitive data networks.

• Personal: You can configure both WPA2 and WPA3 or configure WPA2 and WPA3 individually by checking the respective check boxes.

  WPA3 personal security authentication brings better protection to individual users by providing more robust password-based authentication. This makes the brute-force dictionary attack much more difficult and time-consuming.

  Enter the passphrase key in the Pass Phrase field. This key is used as the pairwise master key (PMK) between the clients and the authentication server.

• Open Secured: From the Assign Open SSID drop-down list, choose an open SSID to associate with the open SSID. Associating secures the open SSID. You must have an open SSID created before associating it with the open secured SSID.

  Note	Fast Transition is not applicable for open-secured SSID.

• Open: The open policy provides no security. It allows any device to connect to the wireless network without any authentication.

The Web Policy encryption and authentication type provides a higher level of Layer 3 security.

• For an External Web Authentication (EWA), click the Web Policy radio button as the level of security under L3 Security and Web Authentication External as the authentication server from the Authentication drop-down list.

• For a Central Web Authentication (CWA), click the Web Policy as the level of security under L3 Security and ISE Authentication as the authentication server from the Authentication drop-down list.

• Self Registered: The guests are redirected to the Self-Registered Guest portal to register by providing information to automatically create an account.

• HotSpot: The guests can access the network without providing any credentials.

Choose where you want to redirect the guests after successful authentication from the WHERE WILL YOUR GUESTS REDIRECT AFTER SUCCESSFUL AUTHENTICATION ? drop-down list:

• Success Page: The guests are redirected to an Authentication Success window.

• Original URL: The guests are redirected to the URL they had originally requested.

• Custom URL: The guests are redirected to the custom URL that is specified here. Enter a redirect URL in the Redirect URL field.

  Now that you have created an SSID, you must associate it with a wireless profile. This profile helps you to construct a topology, which is used to deploy devices on a site.

Web authentication or Web Auth is a layer 3 security method that allows a client to pass Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) traffic only until they have passed some form of authentication.

Web passthrough is a solution that is used for guest access and requires no authentication credentials. In web passthrough authentication, wireless users are redirected to the usage policy page while trying to use the Internet for the first time. After accepting the policy, users are allowed to browse the Internet.

• If you choose Web Authentication Internal or Web Passthrough Internal from the Authentication Server drop-down list, then the page is reconstructed by the Cisco Wireless Controller.

• If you choose Web Authentication External or Web Passthrough External from the Authentication Server drop-down list, then the client is redirected to the specified URL. You need to enter a redirect URL in the Web Auth Url field.

The clients with guest access that have had successful web authentication are allowed to sleep and wake up without having to go through another authentication process through the login page. You can configure the duration for which the sleeping clients are to be remembered for before reauthentication becomes necessary. The valid range is 10 minutes to 43200 minutes, with the default being 720 minutes. You can configure the duration on a WLAN and on a user group policy that is mapped to the WLAN. The sleeping timer becomes effective after the idle timeout. If the client timeout is lesser than the time configured on the sleeping timer of the WLAN, then the lifetime of the client is used as the sleeping time.

• Click the Always authenticate radio button to enable authentication for sleeping clients.

• Click the Authenticate after radio button and enter the duration for which the sleeping clients are to be remembered before reauthentication becomes necessary. The valid range is 10 minutes to 43200 minutes and the default duration is 720 minutes.

When a user fails to authenticate, the wireless controller excludes the client from connecting and is not allowed to connect to the network until the exclusion timer expires. By default, the Client Exclusion is enabled with a timeout of 180 seconds. The range is 0 to 2147483647 seconds.

The session timeout is the maximum time for a client session to remain active before reauthorization. By default, the Session Timeout is enabled with a timeout of 1800 seconds. The range is 300 to 86400 seconds.

Management Frame Protection (MFP) increases the security of management frames. It provides security for the otherwise unprotected and unencrypted 802.11 management messages that are passed between access points and clients. MFP provides both infrastructure and client support.

By default, the Optional is selected. If you choose Required, the clients are allowed to associate only if the MFP is negotiated (that is, if WPA2 is configured on the wireless controller and the client supports CCXv5 MFP and is also configured for WPA2).

To facilitate roaming, a 11k capable client that is associated with an AP sends request to a list of neighboring APs. The request is sent in the form of an 802.11 management frame, which is known as an action frame. The AP responds with a list of neighbor APs on the same WLAN with their Wi-Fi channel numbers. The response is also an action frame. The client identifies the AP candidates for the next roam from the response frame.

The BSS Max idle period is the timeframe during which an AP does not disassociate a client due to nonreceipt of frames from the connected client.

If the data sent by the client is more than the threshold quota specified within the user idle timeout, then the client is considered to be active and the wireless controller refreshes for another timeout period.

By default, the Client User Idle Timeout is enabled with a user idle timeout of 300 seconds.

By default, the Directed Multicast Service is enabled. Using the Directed Multicast Service (DMS), the client requests APs to transmit the required multicast packets as unicast frames. This allows clients to sleep for a longer time and save the battery power.

The Wireless Profiles window is displayed.

Fabric SSID is a wireless network, which is part of Software Defined-Access (SD-Access). SD-Access is a solution that automates and simplifies configuration, policy, and troubleshooting of wired and wireless networks. With fabric SSID, it is mandatory to have SDA. Nonfabric is a traditional wireless network that does not require SD-Access.

If you want your guest SSID to be a guest anchor, click Yes.

This is the VLAN ID that is associated with the wireless interface.

The Add Model Config window appears.

You can either search for a device name by entering its name in the Search... field or expand Wireless Controller and select the device type.

The created profile appears in the Wireless Profiles window.

The Portal Builder window appears.

• The variables for the Login page are:

  • Access Code

  • Header Text

  • AUP

  • Text Fields

• The variables for the Registration page are:

  • First Name

  • Last Name

  • Phone Number

  • Company

  • SMS Provider

  • Person being visited

  • Reason for a visit

  • Header text

  • User Name

  • Email Address

  • AUP

• The variables for the Registration Success page are:

  • Account Created

  • Header texts

• The variable for the Success page is: Text fields.

The created portal appears in the Portal Customization window.

The Configure AAA Server for SSID window appears.

The Cisco DNA Center allows you to override the set of AAA server configuration for SSID on the site level. For each set of overridden AAA settings per SSID, the Cisco DNA Center creates a new WLAN profile with the corresponding AAA servers mapped to it. If an SSID is overridden for different floors, and you make changes in the AAA servers, the Cisco DNA Center creates the new WLAN profiles equals to the number of floors.

You must reprovision the device to override the AAA servers on the site level. See Provision Devices.

The New Interfaces window appears.

The new interface appears under Wireless Interfaces.

The Wireless Radio Frequency window appears.

• Under Parent Profile, select High, Medium (Typical), Low, or Custom. (The Data Rate and Tx Configuration fields change depending on the parent profile selected. For example, if you select High, it populates the profile configurations available in the device for 2.4 GHz. If you change any settings in the populated Data Rate and Tx Configuration, the Parent Profile automatically changes to Custom.) Note that a new RF profile is created only for the select custom profiles.

  Note	Low, Medium (Typical), and High are the pre-canned RF profiles. If you select any of the pre-canned RF profiles, the respective RF profiles which are there in the device is used and the new RF profile is not be created on Cisco DNA Center.

• DCA dynamically manages channel assignment for an RF group and evaluates the assignments on a per-AP radio basis.

  • Check the Select All check box to select DCA channels 1, 6, and 11. Alternatively, check the individual check boxes next to the channel numbers.

  • Click Show Advanced to select the channel numbers under the Advanced Options. Check the Select All check box to select DCA channels that are under Advanced Options, or check the check box next to the individual channel numbers. The channel numbers that are available for B profile are 2, 3, 4, 5, 7, 8, 9, 10, 12, 13, and 14.

    Note	You need to configure these channels globally on Cisco Wireless Controller.

• Use the Supported Data Rate slider to set the rates at which data can be transmitted between an access point and a client. The available data rates are 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54.

• Under Tx Power Configuration, you can set the power level and power threshold for an AP.

  • Power Level—To determine whether the power of an AP needs to be reduced or not. Reducing the power of an AP helps mitigate co-channel interference with another AP on the same channel or in close proximity. Use the Power Level slider to set the minimum and maximum power level. The range is -10 to 30 dBm and the default is -10 dBM.

  • Power Threshold—It is the cutoff signal level used by Radio Resource Management (RRM) to determine whether to reduce the power of an AP or not. Use the Power Threshold slider to increase and decrease the power value which causes the AP to operate at higher or lower transmit power rates. The range is -50 dBM to 80 dBM and the default threshold is -70 dBM.

  • RX SOP—Receiver Start of Packet Detection Threshold (RX SOP) determines the Wi-Fi signal level in dBm at which an APs radio demodulates and decodes a packet. From the RX SOP drop-down list, choose High, Medium, Low, or Auto threshold values for each 802.11 band.

• From the Parent Profile drop-down list, choose High, Medium (Typical), Low, or Custom. (The Data Rate and Tx Configuration fields change depending on the parent profile selected. For example, if you select High, it populates the configurations available in the device for 2.4 GHz. If you change any settings in the populated Data Rate and Tx Configuration fields, the Parent Profile automatically changes to Custom.) Note that a new RF profile is created only for select custom profiles.

  Note	Low, Medium (Typical), and High are the pre-canned RF profiles. If you select any of the pre-canned RF profiles, the respective RF profiles which are already there in the device is used and the new RF profile is not be created on the Cisco DNA Center.

• From the Channel Width drop-down list, choose one of the channel bandwidth options: Best, 20 MHz, 40 MHz, 80 MHz, or 160 MHz, or Best.

• Set the DCA Channel to manage channel assignments:

  Note	You must configure the channels globally on Cisco Wireless Controller.

  • UNNI-1 36-48—The channels available for UNII-1 band are: 36, 40, 44, and 48. Check the UNII-1 36-48 check box to include all channels or check the check box of the channels to select them individually.

  • UNII-2 52-144—The channels available for UNII-2 band are: 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, and 144. Check the UNII-2 52-144 check box to include all channels or check the check box of the channels to select them individually.

  • UNII-3 149-165—The channels available for UNII-3 band are: 149, 153, 157, 161, and 165. Check the UNII-3 149-165 check box to include all channels or check the check box of the channels to select them individually.

• Use the Data Rate slider to set the rates at which data can be transmitted between an access point and a client. The available data rates are 6, 9, 12, 18, 24, 36, 48, and 54.

• Under Tx Power Configuration, you can set the power level and power threshold for an AP.

  • Power Level—To determine whether the power of an AP needs to be reduced or not. Reducing the power of an AP helps mitigate co-channel interference with another AP on the same channel or in close proximity. Use the Power Level slider to set the minimum and maximum power level. The range is -10 to 30 dBm and the default is -10 dBM.

  • Power Threshold—It is the cutoff signal level used by Radio Resource Management (RRM) to determine whether to reduce the power of an AP or not. Use the Power Threshold slider to increase and decrease the power value which causes the AP to operate at higher or lower transmit power rates. The range is -50 dBM to 80 dBM and the default threshold is -70 dBM.

  • RX SOP—Receiver Start of Packet Detection Threshold (RX SOP) determines the Wi-Fi signal level in dBm at which an APs radio demodulates and decodes a packet. From the RX SOP drop-down list, choose High, Medium, Low, or Auto threshold values for each 802.11 band.

• Enter the profile name in the Name text box.

• Select the number of Service Providers and Devices from the drop-down list. Up to three service providers and two devices are supported per profile.

• Select the Service Provider Profile from the drop-down list. For more information, see Configure Service Provider Profiles.

• Select the Device Type from the drop-down list.

• Enter a unique string in the Device Tag to identify the different devices, or select an existing tag from the drop-down list. Select the appropriate tag, because your selection is used as part of the matching criteria for Day-0 and Day-N templates applied to the network profile.

• To enable at least one line link for each device to proceed, click O and check the check box next to Connect. Select the Line Type from the drop-down list. Click OK.

• Click +Add Services to add services to the profile. The Add Services window appears. Click on a Router, Firewall, or Application icon and drag it onto the diagram. Based on your selection, the default network connections are automatically created. You can also select Custom- Net to add custom services or networks to the profile.

  To configure the router, click on the router and select Configuration. Select the Type, Image and Profile from the drop-down list. For more information, see Import a Software Image. Set the vNIC Mapping fields as required.

  To configure the firewall, click on the firewall and select Configuration. Select the Type, Image and Profile from the drop-down list. The drop-down list for Type is populated based on the firewall plugins installed on the system. Set the vNIC Mapping fields as required.

  To configure the application, click on the application and select Configuration. Select the Type, Image and Profile from the drop-down list. The drop-down list for Type is populated based on the application plugins installed on the system. Set the vNIC Mapping fields as required.

  To configure custom networks, click on custom-net interface. Select Connect from and click on the node you want to add the custom network to and select Connect to. Click on custom-net and select Add Configuration. Select the Network Mode and enter the VLAN ID in VLAN.

  Click Save.

• Click Next.

• Click +Add Row. Select Type from the drop-down list and enter the VLAN ID/Allowed VLAN and the Description.

• Click Next.

The custom configurations are optional. You may skip this step and apply the configurations at any time in the Network Profiles page.

If you choose to add the custom configurations:

• Select the Onboarding Template(s) or Day-N Templates tab, as required.

• Select the Template from the drop-down list. The templates are filtered by the Device Type and Tag Name.

• Click Next.

This page summarizes the router configurations. Based on the devices and services selected, the hardware recommendation is provided in this page.

• Click Save.

Click Assign Sites to assign a site to the network profile. For more information, see Create a Site in a Network Hierarchy.

• Enter the profile name in the Name text box.

• Select the number of Service Providers and Devices from the drop-down list. Up to three service providers and ten devices are supported per profile.

• Select the Service Provider Profile from the drop-down list. For more information, see Configure Service Provider Profiles.

• Select the Device Type from the drop-down list.

• Enter a unique string in the Device Tag to identify the different devices, or select an existing tag from the drop-down list. Use the device tag if two or more devices are of the same type. If all the devices are of a different type, the device tag is optional. Select the appropriate tag, because your selection is used as part of the matching criteria for Day-0 and Day-N templates applied to the network profile.

• To enable at least one line link for each device to proceed, click O and check the check box next to Connect. Select the Line Type from the drop-down list. Click OK.

  If you select multiple service providers, you can select the primary interface as gigabit Ethernet and the secondary as cellular, or both the interfaces as gigabit Ethernet. You can also select the primary interface as cellular and the secondary interface as gigabit Ethernet.

  Note	Only Cisco 1100 Series Integrated Services Routers, Cisco 4200 Series Integrated Services Routers, Cisco 4300 Series Integrated Services Routers, and Cisco 4400 Series Integrated Services Routers support the cellular interface.

• Click Next.

• Click the Configure Connection radio button and choose L2, L3, or both.

• If you choose L2, select the Type from the drop-down list and enter the VLAN ID/Allowed VLAN and the Description.

• If you choose L3, select the Protocol Routing from the drop-down list and enter the Protocol Qualifier.

You can click Skip to skip the configuration.

• Click Next.

The integrated switch configuration allows you to add new VLANs or retain the previous configuration selected in the router LAN configuration.

• To add one or more new VLANs, click +.

• To delete a VLAN, click x.

• Click Next.

The custom configurations are optional. You can skip this step and apply the configurations at any time in the Network Profiles page.

If you choose to add custom configurations:

• Click the Onboarding Template(s) or Day-N Templates tab, as required.

• Choose a template from the drop-down list. The templates are filtered by Device Type and Tag Name.

• Click Next.

This page summarizes the router configurations. Based on the devices and services selected, the hardware recommendation is provided.

Click Assign Sites to assign a site to the network profile. For more information, see Create a Site in a Network Hierarchy.

The Firewall Type page appears.

Depending on the type of template that you want to create, click OnBoarding Template(s) or Day-N Template(s).

• Click +Add.

• Select Switches and Hubs from the Device Type drop-down list.

• Select the Tag Name from the drop-down list. This step is optional. If the tag that you selected has already been associated with a template, only that template is available in the Template drop-down list.

• Select the Device Type from the drop-down list.

• Select a Template from the drop-down list. You can select the Onboarding Configuration template that you have already created.

The profile that is configured on the switch is applied when the switch is provisioned. Note that you must add the network profile to a site for it to be effective.

Before assigning a wireless network profile, make sure that you have created wireless SSIDs under Design > Network Settings > Wireless tab.

The SSIDs that were created are populated.

The SSID type is displayed.

When you enable local switching, any FlexConnect access point that advertises this WLAN is able to locally switch data packets.

If you want to change the VLAN ID, in the Local to VLAN text box, enter a new value for the VLAN ID.

The Add Model Config window appears.

You can either search for a device name by entering its name in the Search field or expand Wireless Controller and select the device type.

The attached model config appears under the Attach Model Config area in the Add a Network Profile window.

You can either search for a device name by entering its name in the Search field or expand Wireless Controller and select the device type.

You can use tags on templates only when you have to push different templates for the same device type based on the device tag.

The created profile appears in the Wireless Profiles window.

The newly added network profile appears on the Design > Network Profiles page.

You can select a parent node or the individual sites. If you select a parent site, all the children under the parent node are also selected. You can uncheck the check box to deselect a site.

The Create an AP Group window appears.

The options are High, Typical, Low, custom_rf_profile2, and rf_prof1_custom.

The AP group is created based on the selected RF profile under the AP Group area in the Edit Network Profile window.

The Flex Group option is enabled under View Advanced Settings.

The Create Flex Group window appears.

The flex group is created under the Flex Group area in the Edit Network Profile window.

The Create a Site Tag window appears.

The site tag is created under the Site Tag area in the Edit Network Profile window.

To apply the credential to a site, click on the site in the hierarchy on the left, select the button next to the credential, then click Save.