global vision. local knowledge. - cisco - global home page · cisco® encrypted traffic analytics...

Cisco Connect 2019Serbia, 19th March 2019

Global vision.

Local knowledge.

Radoslav TsochevSystems EngineerMarch, 2019

The best of RF excellence with IOS XE benfits

Catalyst 9800 Series Wireless Controllers

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Vision: Intent-based networking everywhere

Policy and visibility, end to end

Linking every domain through innovation in security, automation, and analytics


Intent-based networking infrastructure

Powered by intent. Informed by context.

TranslationCapture business intent, translate to policies, and check integrity

ActivationOrchestrate policies and configure systems

AssuranceContinuous verification, insights, and visibility, with corrective actions

Always on Secure Deploy anywhere

DNA Center™


User experience starts with the access network

Access switchesAccess points Aggregation switches Wireless controllers

9200, 9300, 9400 Series

Cisco® Catalyst® Cisco Catalyst9500 Series

Cisco Catalyst9800 Series

Automation Security AnalyticsBuilt for intent-

based networking

The full experience, end to end


New Cisco Catalyst 9800 Series Wireless Controllers

Deploy anywhereAlways on

• Software updates with no disruption

• Rolling AP upgrades

• Seamlessly add new AP models

Secure

• Detect encrypted threats with Cisco® Encrypted Traffic Analytics (ETA)

• Automated macro and micro segmentation with Cisco Software-Defined Access (SD-Access)

• WPA3 support*

• On-premises, private or public cloud, embed wireless on a switch

• GovCloud ready

• Scale as you grow

Powered by Cisco IOS® XEOpen and programmable

Trustworthy solutionsModular operating system

* future


G l o b a l

S a l e s Tra i n i n g

Translate business intent into network policy andcapture actionable insights with DNA Center™

Cisco Aironetaccess points (APs)

Works with Cisco Aironet® 802.11ac Wave 1 and Wave 2 APs

DNA Center

Cisco Catalyst 9800 Series Wireless Controllers

Cisco Catalyst 9800-40Cisco® Catalyst® 9800-80

Cisco Catalyst 9800 for cloud Cisco Catalyst 9800 embedded wirelessfor Cisco Catalyst 9000 platform


C9800-40: Fixed wireless controller with seamless software updates

4x 1 GE/10 GE ports

SP/RP port Fiber RP portUSB 3.0Console

Up to 2000 APs Up to 32,000 clients 40 Gbps

Fully programmable multicore network processorSupport for NetFlow, Application Visibility and Control (AVC),

and ETA


C9800-80: Modular wireless controller with 100 GE modular uplink and seamless software updates

Redundant

power supply

AC or DC

SP/RP port

Fiber RP port8x 10 GE

uplinks

Modular uplinks:

1 GE, 10 GE, 40 GE, 100 GEUSB 3.0

Up to 6000 APs Up to 64,000 clients 80 Gbps

Fully programmable multicore network processor Support for NetFlow, Application Visibility and Control (AVC), and ETA


Unprecedented throughput with the Cisco Catalyst 9800 Series

Throughput option now available with C9800-80 going up to 80

Gbps

Always on:High availability and seamless

software updates

accuracy with ETA and Cisco Stealthwatch® integration

Cisco® Catalyst® 9800 Series Wireless Controllers

C9800-40 and C9800-80

Open standards-based programmability with

model-driven telemetry

Scale options for your campus

Programmable multicore network processor

Investment protection with modular uplinks

%+

Industry’s first 100 GE uplink


Scale to 6000 APs and 64,000 clients*

Centralized, Cisco FlexConnect®, Fabric

Open and programmable

Scale to 1000 APs and 10,000 clients

Cisco FlexConnect Local Switching

Open and programmable

Cisco Catalyst 9800 Series for private and public cloud

Cisco® Catalyst® 9800 for private cloud Cisco Catalyst 9800 for public cloud

*Only with FlexConnect and Fabric mode for 6,000 AP support


Fast deployment and cost savings with the 9800-CL

%Cost savings seen by a large

enterprise when deploying the 9800-CL for private cloud**^

minutes

Time taken to deploy the 9800-CL for AWS*

$The Cisco® Catalyst®

9800-CL price

No more planned or unplanned outages

Host the 9800-CL for public cloud in AWS’s FedRAMP-certified GovCloud

*Calculation done replacing 5x 8540 WLCs with large 9800-CL instances running on KVM. Flex mode only.

^Centralized support for 6000 APs in future.**Cisco Catalyst 9800 for public cloud: Cisco FlexConnect® only.

Deploy in the cloud of your choice

Scale to meet your wireless needs

Flexibly manage and orchestrate using third party or DNA Center™

Simplify and optimize your wireless core


C9800-CLAireOS vWLC

13

C9800-CL brings in the best of appliance features to Private Cloud

NoSSO High Availability Yes

Flex OnlyDeployment Modes Flex, Local, Fabric

NoGuest Anchor Yes

NoDNA-C Automation & Assurance Yes

500 MbpsMax Throughput 2.5 Gbps

3k APs, 32k ClientsMax AP and Client Scale 6k APs, 64k Clients

MultipleInstallation Image Single for any scale

vs.


Cisco Catalyst 9800 embedded wireless on the 9000 switch platform

Install Cisco Catalyst 9800 embedded wireless on your existing branch infrastructure

SD-AccessOptimized for SD-Access with an always-on fabric

Cisco Catalyst 9300Supported on Cisco Catalyst 9300 Series Switches

Up to 4000 clientsSupports up to 200 APs and 4000 clients

SD Access

deployment only


Cisco Catalyst 9800 Series: Always on

Deploy anywhereSecure



• WPA3 support*


• GovCloud ready




Always on




* future


AP Device PackNew AP Model

FlexiblePer-Site, Per-Model Updates

Unplanned EventsDevice and network interruptions

High Availability

16.10 Supported Supported after 16.10

Cisco Catalyst

9800 Wireless

Controller

Differentiators

Reducing downtime for Upgrades and Unplanned Events

Controller Software UpdateSoftware Maintenance updates ( SMU^ )

Access Point UpdatesNew AP Model & AP updates*

Software Image UpgradesWireless controller image upgrades

Cold PatchHA install on SSO Pair

Hot Patch(No Wireless Controller

reboot)Auto Install on Standby

Rolling AP Update (No Wireless Controller

Reboot)

N+1 Hitless Rolling AP Upgrade

SSO Active-Standby

N+1 Primary, Secondary

Per AP Primary, Secondary, Tertiary


Cisco Catalyst 9800 Series: Secure





Secure



• WPA3 support*


• GovCloud ready




* future


Intent-based wireless networks to secure the air, devices, and users with Cisco Catalyst 9800

Air UsersDevices

Rogue intrusion detection and prevention

Enhanced threat detection with ETA

Seamless BYOD onboarding with Cisco Identity Services Engine (ISE)

Standards compliance with WPA3*

Identity-based segmentation with SD-Access

Secure device management with Identity Pre-Shared Key (iPSK)- Enhanced security on open Wi-Fi

- Robust password protection - Superior data protection- Seamless customer migration

*Future


Robust password protection against brute force dictionary attacks

WPA3 provides a greater value proposition than WPA2 for enterprise Wi-Fi networks

Enhanced security for Open Wi-Fi Networks with encryption of unauthenticated traffic

Superior data protection for sensitive information with 192 bit encryption1010

101010000010101001010011100101011110101

01011

Seamless customer migration from WPA2 to WPA3


Cisco Catalyst 9800 Series enables Encrypted Traffic Analytics

ISE

Mitigation

Cisco Stealthwatch®

Change of authorization

(CoA)

Encrypted Traffic Analytics

Machine learning with enhanced behavior analytics

pxGrid

Analytics indicating malware in encrypted traffic at 99%+ efficacy

cognitive.cisco.com

Mitigation using ISE and network

ERSPAN to send traffic for deeper analysis

Cognitiveanalytics

Threat Grid Talos

Cisco® Catalyst® 9800 Series Wireless Controllers

https://cognitive.cisco.com/


Software-Defined Access

Cisco DNA Center™

AutomationSegmentation Assurance

IoT network Employee network

User mobility

Policy stays with user

Identity-based policy and segmentation

Security policy definition decoupled from VLAN and IP address

Automated network fabric

Single fabric for wired and wireless with workflow-based automation

Insights and telemetry

Analytics and insights into user and application behavior


Cisco Catalyst 9800 Series: Deploy anywhere





Secure



• WPA3 support*


• GovCloud ready




* future


Cisco Catalyst 9800 embedded wireless*

Cisco Catalyst 9800-80

Cisco Catalyst 9800-40

Deploy anywhere

*SD-Access only; Available on Cisco Catalyst 9300 Series+Cisco Catalyst 9800 for public cloud: Cisco FlexConnect® only

Cisco Catalyst 9800 for cloud+


Cisco Catalyst 9800 Series Wireless Controllers - Deploy the way you want to

Cisco Catalyst 9800-806000 APs, 64,000 clients, 80 Gbps

Cisco Catalyst 9800-402000 APs, 32,000 clients, 40 Gbps

Cisco Catalyst 9800-CL6000 APs, 64,000 clients^

Cisco® Catalyst® 9800-CL+

1000 APs, 10,000 clients

Cisco Catalyst 9800embedded wireless*200 APs, 4000 clients

Cisco Catalyst 9800-CL3000 APs, 32,000 clients

200 APs 1000 APs 6000 APs2000 APs 3000 APs

*SD-Access only+Cisco Catalyst 9800 for public cloud with Cisco FlexConnect® only

^Only with FlexConnect and Fabric mode for 6,000 AP support

SD-Access ready

ENCS


Cisco Catalyst 9800: Powered by Cisco IOS XE





Secure

• Detect encrypted threats with ETA

• Automated macro and micro segmentation with SD-Access

• WPA3 support*

• On-premises, private and public cloud, embed wireless on a switch

• GovCloud ready


*Future




Custom developmentDNA Center™Standards-based interoperability

Flexible management options with Cisco Catalyst 9800 Series Wireless Controllers

AnalyticsPolicy AutomationZero-touch

provisioningGuest shell

(On-box Python)

Model-driven programmability

YANG data models

App hostingSDN controllers

CI/CD tools

Network management

systems

Intent-basednetwork infrastructure

Cisco Catalyst 9800 Series Wireless Controllers

High Density HDX

Data Rates

DCA, TPC, CHDM

Profile threshold

for traps

Client Distribution

AireOS vs. Catalyst 9800 Config ModelGranular & simplified

What Policies on which Sites

with what RF characteristics

Going towards a more Modularized and Reusable model with Logical decoupling of configuration entities

Basic

Wireless

Advanced

Wireless

Wireless Security

Switching Policy

Network Policy

WLAN AP Group Flex Group

Network Policies

Wireless site

settings

RF Parameters

Site Specific

Policies

RF Profiles

Network Policies

Wireless security

Remote Site

Config

Remote site

parameters

Switching Policies

RF Profile

High Density HDX

Data Rates

DCA, TPC, CHDM

Profile threshold

for traps

Client Distribution

WLAN

Policy

Profile

Flex

Profile

AP Join

Profile

Basic

Wireless

Advanced

Wireless

Wireless Security

Switching Policy

Network Policy

Site

Tag

RF

Tag

Wireless site

settings

Site Specific

Policies

Remote Site

Config

Remote site

parameters

High Density HDX

Data Rates

DCA, TPC, CHDM

Profile threshold

for traps

Client Distribution

RF Profile

Policy

Tag

Site

Tag

RF Tag

Decouple

Modularize

AireOS Config Model

Policy

Tag

b/g

a/n/ac


Complete control of your day-0 to day-N operations with open and programmable APIs

Day 0 Day 1 Day 2 Day N

Onboarding

Zero-touch provisioning

Plug and Play

Configuration

YANG data modelsConfiguration protocols

Monitoring

Streaming telemetry

Optimization

Configuration management

AP provisioning automation

Model-drivenprogrammability

Model-driventelemetry

Integration with 3rd party configuration tools


Trustworthy solutions on Cisco Catalyst 9800 Series: Drive compliance and certification

• Secure network protocols

• Secure defaults

• Secure open containers, VMs, sandboxes

• Secure production and delivery

• Secure software deliveryand boot

• Secure runtime

Securing the deviceSecuring network communications

Securing the applications

global vision. local knowledge. - cisco - global home page · cisco® encrypted traffic analytics...

Documents