Brkewn 2026

Wireless Network Automation
with Cisco DNA Center
Paul Lysander - Technical Marketing Engineer

Peng Xu - Technical Marketing Engineer
BRKEWN-2026
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKEWN-2026 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Introducing Cisco
DNA Center
Cisco DNA Center
Intent-based Automation & Assurance Platform
Cisco DNA Center
Intent based Platform
• Single pane of glass for all devices
• End-to-end health info in real time
Policy Design
• Granular visibility
• Simplified workflows
Automation for Provisioning Provision Assurance
• Zero-touch deployment
• Device Lifecycle Management
• Policy enforcement
Analytics for Assurance Cisco DNA Center Appliance

• Verify intent of network settings
• Proactively resolve issues
• Reduce time spent troubleshooting
Platform for Extensibility
• Integrate APIs with 3rd party solutions Physical and Virtual Infrastructure
• Integrate and customize ServiceNow
• Evolve operational tools and processes Cisco & 3rd Party
Cisco DNA Automation
Existing Approach Cisco DNA Approach
Multiple Apps for Management across Integrated Workflows across Domains

Domains
Device Centric Configurations Intent driving service provisioning & Policy

Abstraction
Multiple tools for Automation and One Box Solution with closed loop
Assurance
Automation
Software Update is Manual and Proactive and Consistent Software

Reactive update and Patching
Out of the box Integration with IT

IT process tools working in Silos Process tools
The Network that Scales for the Digital Business

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
DNA Center Overview ..1
Architecture & Components
DNA Center Cisco AI Cloud
DNA Center Platform

Data
Cisco AI Network
Cisco DNA Automation Cisco DNA Assurance
Analytics Engine
Feedback
Design Provision Policy Assurance
Protocols & APIs (CLI,SNMP, NetConf, JSON, NetFlow, pxGrid...)
CMX
DHCP EM
WAN
Network Control Points

Office Site Network Services DC
Metrics, Events, Config, ...
Customer Network Control, Notifications, ...
DNA Center Overview ..2
Architecture & Components
DNA Center Cisco AI Cloud
Cisco AI Network
Cisco DNA Automation Cisco DNA Assurance Analytics Engine
Assurance &
Design Provision Policy
Analytics
• Create the structure and Prepare and configure devices Create policies that reflect
• • • Provide proactive and
framework of the network organization's business
• Add devices to sites / site predictive actionable
• The Network settings to locations intent insights
discover your network The policy is translated into
• Assigning devices to the • • Performance and health of
infrastructure network or device specific
inventory the network infrastructure,
• Create device specific configurations applications, and end-user
profiles that can be applied • Deploying the required
• Policies vary based on clients.
throughout the network settings and policies
device types, makes,
• Adding new devices into the • Creating fabric domains, and models, operating systems,
network - Zero touch adding devices to the fabric roles, and resource
deployment constraints
Protocols & APIs (CLI,SNMP, NetConf, JSON, NetFlow, pxGrid...)
CMX
DHCP EM
WAN
Network Control Points

Office Site Network Services DC Metrics, Events, Config, ...
Customer Network BRKEWN-2026 © 2020 Control,
Cisco and/or its affiliates. All rights Notifications,
reserved. Cisco Public... 8
DNA Center Overview
Power of Automation & Analytics
DNA Center
Telemetry, alerts,
violations
Assurance and
Automation Analytics
Network inventory,
topology, and
configuration
Network and telemetry Streaming telemetry

configuration & network data
Agenda
• Introduction to Cisco DNA Center and C9800 Wireless Controller
• Wireless Automation Workflow with C9800 Wireless Controller
• Planning-Map Innovation (Planned AP/Ekahau Integration)
• Network Settings
• Design Workflow
• Provision Workflow (N+1 HA Provision)
• Day N Changes
• Deployment Models
• Embedded Wireless Controller (EWC) on Catalyst Access Points
• Software Image Management (SWIM)

• Rolling AP Upgrades
• Key Takeaways
Cisco DNA Center - Automation Principles
Lifecycle Management IT Process Automation Policy Based Automation
Introduction to
Cisco Catalyst
9800 Series
Controller
Catalyst 9800 Series Wireless Controllers
Translate business intent into network policy and
DNA Center capture actionable insights with DNA Center
Catalyst 9800-80 Catalyst 9800-40 Catalyst 9800-L
Catalyst 9800 for Cloud Catalyst 9800 embedded wireless

Aironet and Catalyst for Cat 9k Switch
Works with Cisco Aironet 802.11ac
Access Wave 1 and Wave 2 and 802.11ax
Global
C9100 Access Points
Points Sales Training
Cisco’s Next Gen Wireless Stack is Ready for Scale Deployments
• Enabling next-generation mobility powered for Wi-Fi 6
Cisco Catalyst 9800 Cisco Catalyst 9100

Wireless Controllers Access Points
Managed by Digitized by
Cisco DNA Center Cisco DNA Spaces
Translate business intent into network policy Digitize people, spaces and things
and capture actionable insights
Resilient Secure Intelligent
Catalyst 9800 - Fastest Ramping Wireless Controller
ENCS
C
7000+ units sold 2,000+ unique customers
Catalyst Wireless Stack Innovations
Catalyst 9800 Cisco DNA-C Innovations on

Launched Assurance Wireless Stack
WLC SMU AI/ML Base Analytics ISSU
AP SP and AP DP App Visibility and Experience IoT Gateway
Programmability Intelligent Capture Open Roaming
Encrypted Traffic Analytics Network Sensor BLE Management
Software Define Access Apple, Samsung Analytics 11ax Analytics
iPSK, Rogue, wIPS
Catalyst 9100 Cisco DNA

Launched Spaces
11ax features like Partner App integration
OFDMA, MUMIMO, Room Finder
BSS Coloring, TWT, Location Analytics
Spectrum Intelligence Guest portal management
Device Eco System
Deploy It the Way You Want It
ENCS
Catalyst 9800-SW* Catalyst 9800-CL+ Catalyst 9800-CL Catalyst 9800-CL

200 APs, 4K Clients 1000 APs, 10K Clients 3000 APs, 32K Clients 6000 APs, 64K Clients^
250 APs 1000 APs 2000 APs 3000 APs 6000 APs
Catalyst 9800-L Catalyst 9800-40 Catalyst 9800-80

2000 APs, 32K Clients, 40 Gbps 6000 APs, 64K Clients, 80 Gbps
250 APs, 5K Clients, 5 Gbps
On-premise Appliance | Pubic or Private Cloud | On a Switch

*SD-Access only
+C9800-CL for Public Cloud with FlexConnect;
Next-generation Cisco Catalyst wireless access
Ecosystem partnerships with Apple, Samsung, Intel, and Microsoft
Cisco Catalyst 9800 Series Cisco Catalyst 9100

Wireless Controllers Access Points
Powered by Cisco IOS® XE Powered by Wi-Fi 6 technology
Open and programmable Superior RF experience
Resilient Secure Intelligent
• Zero downtime with Software updates • Detect encrypted threats with • Enhanced analytics with
and upgrades Encrypted Traffic Analytics (ETA) Cisco DNA
• WLC SMU
• RF Snapshots, WPA3, • Programmable network processor
• AP Service and Device Pack Trustworthy systems and IOx infra support
• Intelligent Rolling AP Upgrade
• Automated macro and micro • Multi-lingual AP to enable
• Deterministic capacity at scale segmentation with SD-Access enterprise IoT
• Superior battery life for IoT and • Deploy in infrastructure of choice
mobile devices and cloud of choice
Extending Cisco’s Innovation Beyond

Leadership in Wireless networking
intent-based network © 2020
the Standard
Cisco and/or its affiliates. All rights reserved. Cisco Public
Benefits of New Configuration Model
Reusability
Easy Provisioning Change Management
Config modularized as
With AP attribute Site based filtering
objects
Tagging
Rule-based Tagging
Simplicity For easy Day 1
No inheritance or configuration
containers
AireOS vs. Catalyst 9800 Config Model
Going towards a more Modularized and Reusable model with Logical decoupling of configuration entities Granular & simplified
What Policies on which Sites
with what RF characteristics
WLAN AP Group Flex Group RF Profile Basic Policy Site

Tag
Wireless Tag
Policy
Basic Network Policies High Density HDX Tag
Network Policies Advanced
Wireless
Wireless WLAN RF
Profile Tag
Advanced Wireless site Wireless security Data Rates
Wireless settings
Decouple Wireless Security
Remote Site
Wireless Security RF Parameters DCA, TPC, CHDM
Config
Site Specific Remote site Profile threshold Modularize Switching Policy

RF Tag
Switching Policy parameters for traps
Policies
Policy a/n/ac
Profile
Network Policy RF Profiles Switching Policies Client Distribution
Network Policy b/g
High Density HDX
High Density HDX

Data Rates
Site Tag
AireOS Config Model Wireless site
settings Data Rates
AP Join DCA, TPC, CHDM
Profile
Site Specific
Policies DCA, TPC, CHDM
Profile threshold
for traps
Profile threshold
for traps
Remote Site Client Distribution
Config
Client Distribution
Flex
Remote site Profile
parameters
RF Profile
Cisco Catalyst 9800 Config Model
Access Points
Policy Tag RF Tag

RF
WLAN
Profile
Profile
2.4 GHz
RF
Policy
Profile
Profile
5 GHz
Defines the broadcast domain (list of Defines the RF properties

WLANs to be broadcasted) with the of the network
properties of the respective SSIDs
Site Tag
AP Join
Profile
Flex
Profile
Defines the properties of the

central and the remote site APs
C9800 Wireless LAN Controller Support in Cisco DNA Center
• Same Day-0 Design and Provision Workflows as AireOS WLC.
• Provisioning is done via the combination of NETCONF and CLI.
• Plug-and-Play support for C9800 is on roadmap.
Wireless Automation
Workflow with C9800
Wireless Controller
Scenario
A large enterprise is refreshing their wireless infrastructure to C9800 across
multiple sites/buildings. Site B
Business Intent
Site A
Site C
Deploy Enterprise & Guest

SSIDs with customized RF
Site
profiles across sites. D
WAN/Internet Site I
Campus Core
Site F Site H
Site E Site G
Typical Customer Network

Wireless Automation - Overview
Plan Design Design Provision

Network Network
Services Profile
Wireless Deployment Workflow
Profile Mapped to
Site SSIDs and RF
Parameters that
represent wireless
network
Network Services WLC Mapped to

Mapped to Sites Sites
Map sites
Common settings that WLC
for Sites will manage
Site/Building
AP Mapped to Site
APs inherits the
properties of the Profile
associated to site
Plan
Site Hierarchy & Maps
Plan Design Network Design

Network Profile Provision
Services
Scenario - Plan
Plan deployment across all sites with common set of network components
(i.e. DNS, DHCP, NTP)
Site B
Cisco Prime Site A

Infrastructure Site C
Cisco CMX
Site
D
WAN/Internet Site I
Sites, buildings,
floors
Campus Core
WLCs
APs Site F Site H
Site E Site G
Switches
Routers

Plan
Step -1 Create Site Hierarchy along with Buildings and Floors
Step -2 Import Floor Maps
Step -3 Manage Floor Map Properties

or
Export the Site Hierarchy and Maps from PI and import
Step -4
into Cisco DNAC (PI Customers)
Export Sites and Maps from Prime Infrastructure
Export Sites Step 2
Step 1
Site.CSV
Export Sites and Maps from Prime Infrastructure
Export Maps
Step 2
Step 1
Maps.tar.gz
Position APs on Map – Traditional Way
Critical Part of AP Onboarding Lifecyle
1. RF Planning - Real AP or Predictive Site Survey to plan AP

positions via RF survey tools
2. Give a copy of floor plan with AP positions to installers for

installing APs
3. Installers connect the cables and power on APs.
4. APs join WLC and are discovered by NMS tools.
5. On NMS tools, network admin drags and drops APs to

positions on map based on the same floor plan in step 2.
Position APs on Map – Traditional Way
Challenges with Traditional Way
• Waiting… Waiting…. Waiting…
• Why position APs manually twice?
Once in RF tools, Once in NMS map.
Position APs on Map – New Way
How to resolve challenges from traditional way?
Traditional Way New Way
1. RF Planning - Real AP or Predictive Site Survey 1. RF Planning - Real AP or Predictive Site Survey
to plan AP positions via RF survey tools to plan AP positions via RF survey tools
2. Give a copy of floor plan with AP positions to 2. On Cisco DNA Center, plan AP positions natively
installers for installing APs or import AP position from Ekahau survey tool
3. Installers connect the cables and power on APs. 3. Give a copy of floor plan with AP positions to
installers for installing APs
4. APs join WLC and are discovered by NMS tools
4. Installers connect the cables and power on APs.
5. On NMS tools, network admin drags and drops
APs to positions on map based on the same floor 5. Cisco DNA Center claims APs to desired
plan in step 2. site/controller via PnP and they are shown on
map automatically in planned positions.
Planned APs on Map – Under the Hood
Cisco DNA Center 1.3.1
• Users defined planned APs with name, model, antenna and positions on map.
• When real APs are added into inventory either via discovery or PnP claim,
Cisco DNA Center will match them against planned APs based on AP name,
model and antenna.
• When all matched, APs are put to planned AP positions automatically. The heatmap are
displayed accordingly.
• Otherwise, planned APs stay. Users can manually assign real APs to planned APs if required.
Planned APs on Map – Under the Hood
Cisco DNA Center 1.3.1
There are two options to define planned APs:
1. Create natively on Cisco DNA Center
In 1.3.1 release, it only support creating planned APs with name, model, antennas and position. It is
NOT predictive RF planning with heatmap.
2. Import from Ekahau project
• Ekahau 10.0.2 or later.
• Only Ekahau project created in planning mode, not site survey mode.
• Support Ekahau project file size to 500 Mb.
• Support importing APs, maps and obstacles
Planned APs on Map – Under the Hood Cisco DNA Center 1.3.1
To import Ekahau project successfully, follow the rules below:
• Define Network Hierarchy in Cisco DNA Center first.
• Match building and floor names in Cisco DNA Center what are defined in
Ekahau.
• Import insertion point in “Network Hierarchy” of Cisco DNA Center needs to

be one level higher than top level of hierarchy in Ekahau.
• If building and floors are defined in Ekahau, import at “Area” level of Cisco DNA Center.
• If only floors are defined in Ekahau, import at “Building” level of Cisco DNA Center.
Demo - Network Hierarchy and Map with
Ekahau Integration
Design Network
Services

Network Profile Provision
Services
Scenario - Planning
Plan deployment across all sites with common set of network components
(i.e. AAA, DNS, DHCP, NTP, syslog)
Site B
Site A
Site C
Site
D
WAN/Internet Site I
Campus Core
Site F Site H
Site E Site G

Network Services and Credentials
Network Services
• AAA (Network and Client)
• DNS, DHCP
• NTP
Monitoring Services
• Syslog
• Traps
• Netflow and Application Visibility
Credentials
• CLI
• SNMP
• HTTP
Design Network
Configuring Network Settings
New
Infrastructure
Add Site Add Area Add Building Add Floor
Network
Hierarchy
Import Sites /
Maps
Design
Network Device IP Address

Network
Settings Credentials Pools
SNMP CLI Add IP Pool

Existing AAA Server
Infrastructure Server Credentials
DHCP SNMP Import from
NFC Server
Server Credentials IPAM Server
DNS HTTP(S)
NTP Server Import from
Server Credentials
IPAM Server
Syslog
Time Zone
Server
Challenges with Network Services & Credentials
▪ Vary by :
▪ Location
▪ Differences in Network Design
▪ Information often stored in Files - Error
Prone
▪ Day 2 Updates become a challenge
AAA/ISE Integration
AAA Server - ISE Integration
Objectives and Key Points
• Single pane of management for all AAA/policy administration between
network devices and ISE
• Automate RADIUS/TACACS configuration for network devices.
• Support only one ISE cluster.
• Enable secure services between Cisco DNAC and ISE:
o pxGrid Service to pull the info out of ISE (Uni-Directional)
Obtain TrustSec metadata such as SGT, IP-SGT mappings & TrustSec policy.
o ERS (External RESTful Services) APIs - Bi-Directional Communication
▪ Fetch deployment model from ISE, such as PAN and PSN info
▪ Add devices to ISE as network devices
▪ Create SGT, IP-SGT mappings & TrustSec policy on ISE
Pre-Requisites
• The minimum supported ISE version is 2.3

• pxGrid service and SSH should be enabled on ISE.
• ISE super admin credential is used for trust establishment for SSH/ERS API
communication.
• ISE CLI and UI user accounts must use the same username and password
• ISE admin certificate must contain ISE IP or FQDN in either CN or SAN.
• DNA-C system certificate must contain DNAC IP or FQDN in either subject
name or SAN.
• pxGrid node should be reachable on eth0 IP of ISE from DNA-C.
Add ISE in DNA-C
Shared secret
between ISE and
devices for TACACS
or Radius
FQDN from ISE

deployment
Policy Preview
AAA Server - (Non-ISE) Integration
Key Points:
• Non-ISE server definition:
• ISE running 2.2 or below
• ACS or any third-party AAA Server
• Only automate RADIUS/TACACS
configuration for network devices
• Require to add network devices to AAA
clients manually.
• Can have multiples non-ISE AAA servers
Network Settings
AAA Settings
TACACS
Policy Service
Node
Policy Admin
Node
RADIUS
Demo - Network Settings
What did we do so far?
Planned the Sites & Hierarchy
Extracted Common/Standard across Wired and Wireless to

be self managed
Design Network
Profile for Wireless

Network Provision
Services
Profile
Traditionally ..
HA Configuration
Interfaces Configuration for Enterprise and Guest
Radius & AAA Servers
SSID - Authentication, QoS
WLC Advanced : Local Profiling, Client DHCP, Local/Flex Connect
Manage AP Groups- RF Profiles (DCA Settings, RRM),WLAN Interface
Associate AP to AP Groups
Problem with this approach
Need to manually manage the mapping of AP to AP
Groups
Need to manually map SSID’s to AP Groups
Increased Complexity and Error prone
Similar issue for AP Configuration
No Repeatability for Future growth
Network Deployment using Profiles
A Single Profile Site B

can be mapped to Small Sites - Small Profile
multiple sites with Site A Medium Sites - Medium Profile
multiple devices Site C
Large Sites - Large Profile
WAN/Internet
Site D Site I
Campus Core
Site H
Site E Site F Site G

Network Deployment using Profile
• Plan for the network
deployment
Network Before • Feature and Capabilities to be
Design enabled based on requirements
• Topology for network
deployment
• PnP Based Day 0 Deployment

Deployment During • Version management of Profile
Standardization for Day 2 Change Management
Profile Based Deployment

• Configuration Compliance
Network Validation against Profile
After • Remediation of Configuration to
Compliance
Golden Configuration
Simplified Network Integrated IT

Configuration Consistency
Deployment BRKEWN-2026 © 2020 Cisco and/or its affiliates.Process
All rights reserved. Flows
Cisco Public 57
Contents of a Wireless Profile
Services
• SSID
• Guest Network 70%-80% of the WLC
• RF Profiles Config or more
• Deployment mode
Services
(Intent)
Named Capabilities
• Clean Air
• 11k
• 11v
Advanced 20%-30% of the
Capabilities WLC Config or less
CLI Templates
• Customized Features
• Cisco Best Practice Out of the
box
Wireless Network Profile - Composition View
System Generated Configuration by

Cisco DNA Center UI Orchestration
CLI Templates
• Network Settings
• Device Credentials
Network Settings • Wireless Settings
User Defined Configuration

Device Credentials
• CLI Templates
Wireless Settings
Wireless Profile - Design Workflow
Assign
Define
Define Define Create CLI Wireless
Create Wireless
Network Wireless Templates Network
Sites Network
Settings Settings (Optional) Profile to
Profile
Sites
Design- Wireless Settings
SSIDs
Based on best practices
Wireless Interfaces
Map dynamic interface
to VLAN
RF Profiles
Based on best Practices
Design- Define Wireless Settings
Create Sites
Define Network
Settings
Define Wireless
3 Settings
Create
Create Templates Enterprise
(Optional)
Wireless SSID
Define Wireless
Network Profile
Assign Wireless
Network Profile to Sites
Design- Wireless Settings
Advanced Parameters in SSID Supported in Cisco DNAC 1.3
▪ 802.11r - Over the DS

▪ Session Timeout
▪ Client Exclusion
▪ MFP Client Protection
▪ 802.11k
▪ 802.11v
Design - Define Wireless Settings
Create Sites
Create
Define Network Wireless
Settings Interfaces
Define Wireless
3 Settings
Create Templates
(Optional)
Define Wireless
Network Profile
Assign Wireless
Design - Define Wireless Settings
Create Sites
Define Network
Settings
Define Wireless
3 Settings
Create RF
Create Templates
(Optional) Profile
Define Wireless
Network Profile
Assign Wireless
Design - Create Templates
Create Sites
Define Network
Settings
Create Project
Define Wireless
Settings
and Template in
“Template Editor”
Create Templates
4 (Optional)
Define Wireless
Network Profile
Assign Wireless
Create Sites
• Cool programming-like template view for copy/paste and editing.
• Template engine is based on Apache Velocity engine.
Define Network • Use “$” sign to define variable.
Settings
Define Wireless Define

Settings
Variables
Create Templates
4 (Optional)
Define Wireless
Network Profile
variable
Assign Wireless
Form View
Create Sites
• Define detailed info of variable in “Input Form” view.
• Default value of variable will auto populate for user during provisioning.
Define Network
Settings
Define Wireless
Settings
Create Templates
4 (Optional)
Define Wireless
Network Profile
Assign Wireless
Create Sites
Define Network Save &

Settings
Commit
Define Wireless
Settings
4
Create Templates • Save
(Optional)
• Writable version of template on Cisco DNA Center
• Can not be used for provisioning
Define Wireless
Network Profile
• Commit
• Once committed, it becomes read-only
Assign Wireless
Network Profile to Sites • Can commit multiple times to create multiple versions of template
• Only latest commit version can be used for provisioning
Design - Define Wireless Network Profile
Create Sites
Define Network
Settings
Define Wireless
Settings
Create Templates
(Optional)
Define Wireless
5 Network Profile
Assign Wireless
Design - Assign Wireless Network Profile to Sites
Create Sites
Define Network
Settings
Define Wireless
Settings
Create Day-N
Templates (Optional)
Define Wireless
Network Profile
Assign Wireless
6 Network Profile to Sites
Demo – Design
1. Create Wireless Profile with Enterprise SSID
2. Assign Wireless Profile to Site

be self managed
Captured the business intent within a Network Profile
Provision

Network Provision
Services
Profile
Scenario - Provision
Provision WLCs and APs
Site B
Site A
Cisco Site C
DNA Center
Wireless
LAN Site
controller D
WAN/Internet Site I
Access
Points Campus Core
Site F Site H
Site E Site G

Provision Workflows
APs Discover
Provision
Discover WLC Cisco DNAC Provision APs
WLC to Site
via PnP
WLC Provisioning AP Provisioning
Provision - Discover WLC
1 Discover WLC For C9800 Wireless Controller, minimum configuration

required for successful discovery and management on
Cisco DNA Center are as below:
Provision WLC to
• SSH and NETCONF are enabled
Site
• CLI Login Credentials
• Wireless Management Interface
APs Discover
Cisco DNA
Center via PnP
Provision APs to
Site
1 Discover WLC Ensure NETCONF

is enabled
Provision WLC to
Site
APs Discover
Cisco DNA
Center via PnP
Provision APs to
Site
1 Discover WLC The following configuration is added to Cat9800 after

discovery:
• Install multiple certificates:
• Cisco DNA Center device certificate issuing ca, sd-network-infra-iwan
Provision WLC to • Enroll device certificate of Cat9800 to sdn-network-infra-iwan for assurance
Site • Cisco DNA Center server certificate and its issuing ca certificate
• Cisco smart licensing agent root CA
APs Discover • Generate self-signed certificate named “ewlc-tp1” for AP joining
Cisco DNA Center
via PnP • SSH/HTTP source interface from management SVI/IP
• Enable network assurance telemetry
Provision APs to
Site
Provision - N+1 HA WLCs
Supported HA Deployment Models:

• 1:1 HA from 1.1 release.
• N+1 from 1.3 release.
Challenges in N+1 HA Deployment Models :

• Ensure primary and secondary WLCs’ configuration in sync.
• Ensure APs are provisioned with correct primary and secondary WLCs.
Provision - N+1 HA WLCs
▪ The same wireless profile is applied to both primary and secondary WLCs.
▪ “Secondary Managed AP Locations” concept is introduced during WLC provision in 1.3.
▪ WLC that assigned to be sites with “Secondary Managed AP Locations” acts as
secondary WLC for all APs on that site.
▪ Can not provision secondary WLC to a site if there is no primary WLC assigned to it.
▪ Claiming APs to a site will provision APs with primary and secondary WLC automatically.
Provision - Provision WLC to Site Define Primary and
Secondary WLCs
Primary WLC for BLDG3
Discover WLC
Provision WLC to
2
Site
APs Discover
Cisco DNA
Center via PnP
Provision APs to
Site Secondary WLC for BLDG3
Provision - Provision WLC to Site Define Mobility, RF
Groups
Discover WLC
Provision WLC to
2
Site
APs Discover
Cisco DNA
Center via PnP
Provision APs to
Site Note that you only need to define mobility and RF groups, and mobility peers on primary WLC. Cisco DNA
Center will configure mobility peering automatically between mobility peers. Also set the same mobility and
RF groups between them.
Provision - Provision WLC to Site
Discover WLC
Provision WLC to
2
Site
APs Discover
Cisco DNA
Center via PnP
Provision APs to
Site
Provision - Provision WLC to Site On C9800 Wireless Controller
• Country Code
• WLAN and Policy Profiles
• Network Settings: • Mobility and RF Groups
TACACS, Radius, SNMP,
Syslog, DHCP, DNS, NTP
and etc.
wlan profile name and policy

profile name are the same
Note that WLAN index is 17.
On C9800 Wireless Controller
WLAN
Profile
Policy
Profile
wlan profile
name and
policy profile
name are the
same
Mobility Group and

Peer Configuration
On ISE
Discover WLC
Provision WLC
2 to Site
Cisco DNA Center add WLC into ISE as

network device automatically for Radius
APs Discover and TACACS via ERS API.
DNA-C via PnP
Provision APs
to Site
Demo- WLC Provisioning

be self managed
Converting Business Intent to Network Policy - WLC

Provisioning
Provision Workflows
APs Discover
Discover Provision Provision
Cisco DNAC
WLC WLC to Site APs
via PnP
Provision Workflow - AP
Option 1- Unclaimed Workflow Option - 2
Onboard AP - Plug & Play Import a CSV with the AP

S/N, AP Name, Location, RF
Profile
Claim AP to Site AP gets automatically claimed

and provisioned
Provision AP
More Control on AP Pre-Provisioning/Planned

Provisioning
Provision Workflow - AP PnP Discovery
Cisco
DNAC IP Cisco DNA Center
Option 43
5A1D;B2;K4;I192.168.139.151;J80
Policy Automation Analytics

DHCP
Server PnP Server
SSL
AP
PnP Server Discovery Options
Routers
DHCP with option 43 (ASR, ISR)
1 PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server
Wireless
Automated
Access Points
DNS lookup
2
pnpserver.localdomain resolves to DNA Center IP Address
Switches
(Catalyst®)
3 Redirect
Cloud re-direction https://devicehelper.cisco.com/device-helper
Cisco hosted cloud, re-directs to on-prem DNA Center IP Address
USB-based bootstrapping*
4 router-confg/router.cfg/ciscortr.cfg Manual discovery
Manual
not supported for

Access Points
Manual - using the Cisco® Installer App**

5 iPhone, iPad, Android
*Supported on Cat 9K only for switches

* *DNA Center Support in Roadmap
How did the APs find their WLC?
San Jose - Building 1 Floor 1 AP’s
SJC-WLC-1 RTP - Building 1 Floor 1,2 AP’s
Site : San Jose
Managed AP AP’s Floor

Locations Information
(Eg : SJC-B1- (Eg : SJC-B1- Claim AP PnP with
F1) F1) DNS/
DHCP-
Option 43

Provision- Provision APs to Site
Discover WLC What will be provisioned? Option -1
• On APs (via PnP):

Provision WLC to • AP Hostname
Site • Primary and Secondary WLCs’ Hostnames
• Primary and Secondary WLCs’ IPs
• Policy, Site and RF Tags if WLC is C9800s
APs Discover Cisco
DNAC via PnP
• On C9800 WLC (via NETCONF and CLI):
• Create RF Profile if applicable
Provision APs to • Create Wireless Flex Profile if applicable
4
Site • Create Policy, Site and RF tags
• Assign AP mode with corresponding policy, site and RF tags
Option -1
Discover WLC
Provision WLC to
Site
APs Discover Cisco

3
DNAC via PnP
Provision APs to
Site
Option -1
Discover WLC
Provision WLC to AP is configured as FlexConnect AP if

Site any SSID in the site profile is enabled
with “FlexConnect Local Switching”.
APs Discover Cisco

DNAC via PnP APs must be
Define AP name assigned to
floor level.
Provision APs to
4
Site
Option -1
Discover WLC
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP RF profile is used to
generate RF Tag and
associate it to AP.
Provision APs to
4
Site
Discover WLC Option -1
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP
Provision APs to
4
Site
Sample AP Console Log
Discover WLC
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP
Provision APs to
4
Site
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP
Note that AP will stay in “Onboarding” state until AP joins desired WLC.
Once AP joins desired WLC, WLC will send AP join trap to Cisco DNA
Center, which in turn triggers resync with WLC and adds AP to inventory.
Provision APs to Finally, AP PnP status will become “Provisioned” as PnP completes.
4
Site
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP
Provision APs to
4
Site
AP is added to inventory and assigned to the desired floor.
Cisco DNA Center
Map
Discover WLC
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP
Provision APs to
4
Site
Discover WLC
Provision WLC to
Site
APs Discover Cisco

DNAC via PnP
Provision APs to
4
Site
Discover WLC ON C9800 Wireless Controller
Provision WLC to Site Tag

Site
Policy Tag
APs Discover Cisco

DNAC via PnP
RF Tag
Provision APs to
4
Site
Option - 2 : Bulk AP Deployment
1 Import APs
2 Prepare AP Bulk Import CSV and Upload
Status: Import APs vs. Actively

Connected APs
3 Auto Claim APs when they contact Cisco DNA Center via PnP
Demo - AP Provisioning
Extracted Common/Standard across Wired and Wireless to be

self managed
Converting Business Intent to Network Policy - WLC

Provisioning
Converting Business Intent to Network Policy - AP Provisioning
• Network Profiles are mapped to Sites and
Site becomes the glue for Automation
• Configuration Standardization & Compliance
Summary using Network Profiles
• Automated Policy, Site and RF tags creation
for AP Onboarding.
• APs are placed to planned position
automatically. No more waiting!
Day 2 Changes
Configuration
Changes
Scenario – Day N Configuration Changes
Provision wireless LAN controllers and access points across sites
Site B
Site A
Site C
Site
D
WAN/Internet Site I
Campus Core
Site F Site H
Site E Site G

Changes with Network Settings & Credentials
• Single place to change

the credentials and
Network settings for the
sites
• During the device
provision, these
changes will be
configured
Network Profile Lifecycle
1
UPDATE
PROFILE (v1) PROFILE (v2)
Mismatch
with Profile
2
3
Compliance mismatch
of v1 and v2
Wireless Profile - Day 2 Changes
V1 of the
Profile
New SSID V2 of the

Profile
IRCM for Guest Anchoring
User Case:
Inter-Release Controller Mobility (IRCM) is critical for mobility roaming and guest
anchoring. With introduction of C9800 IOS-XE WLC, Cisco DNA Center can simplify
both green-field deployment and integration with AireOS WLC, starting guest
anchoring support from 1.3 release.
Foreign Anchor Cisco DNA Center Support
C9800 IOS-XE WLC C9800 IOS-XE WLC Yes from 1.3

C9800 IOS-XE WLC AireOS WLC Yes from 1.3
AireOS WLC AireOS WLC Yes from 1.2
AireOS WLC C9800 IOS-XE WLC No
Note that it requires AireOS WLC release 8.8.111.0 or above.
Key Points
• Only one wireless profile required for both Foreign and Anchor WLCs
• In wireless profile, there is at least one SSID required to be specified as guest anchoring
• For Foreign WLC, Cisco DNA Center provision all SSIDs in the profile
• For Anchor WLC, Cisco DNA Center will deploy only guest anchor SSID in profile based
on matching ”Manage AP Location” for Foreign and Anchor WLCs
Workflow
Design Provision
Provision
Design Guest Provision Anchor
SSID Foreign WLC WLC
Day 2 Example- IRCM Guest Anchoring
Design Guest SSID C9800s as both
Foreign and Anchor
Day 2 Example - IRCM Guest Anchoring
Design Guest SSID C9800s as both
Foreign and Anchor
Provision Foreign WLC(s) C9800s as both
Foreign and Anchor
Provision Foreign WLC(s) C9800s as both
Foreign and Anchor
It will remain “disabled” until anchor

WLC is also provisioned with this SSID.
What else in WLAN?

• Webauth Parameter Map
• Authentication List
• Preauthentication ACL
Day 2 Example - IRCM Guest Anchoring C9800s as
Provision Anchor WLC(s) both Foreign
and Anchor
Select at least one

matching “Manage AP
Location” as foreign WLC
Wireless interface
created on anchor WLC
Provision Anchor WLC(s) C9800s as both
Foreign and Anchor
Note that only guest SSID will

be created on anchor WLC
Foreign and Anchor
Why?
• Enable guest WLAN and
create anchor
configuration on foreign
WLC
• Create guest WLAN and
anchor configuration
• Create mobility peers on
both foreign and anchor
WLCs
Provision Anchor WLC(s)
C9800s as both
Foreign and Anchor
On Anchor
What else in WLAN?
• Webauth Parameter Map
• Authentication List
• Preauthentication ACL
Provision Anchor WLC(s)
C9800s as both
Foreign and Anchor
Policy profile is same

as WLAN profile.
On Anchor
Foreign and Anchor
Foreign C9800 WLC is

required to have matching
WLAN profile and policy
profile names as anchor
when C9800 is anchor.
it is enabled now.
On Foreign
Foreign and Anchor
Foreign C9800 WLC is

required to have matching
WLAN profile and policy
profile names as anchor
when C9800 is anchor.
Anchor to Anchor
C9800
On Foreign
Provision Mobility Peers C9800s as both
Foreign and Anchor
On Anchor
Foreign WLCs
Anchor WLC
On Foreign
Demo- Day 2
Implement Foreign and Anchor Guest Solution
Deployment
Models
Same Workflows for Different Wireless Branch
Deployments
Configure
Centralized
Set up
Flex Connect EWC/ME
Operate Catalyst 9800
From a web
browser or Cisco Controller Next Gen Wireless
Eliminate the need
Ease of Deployment
wireless app, useand Functionality Stack
for a Controller at
management
the setup wizard Embedded in the
every Site
to enable multiple Access Point
APs
simultaneously
Embedded Wireless
Controller on
Catalyst Access
Points
EWC on Cisco Catalyst Access Points
Ready for enterprise deployments
Runs 9800 Series Cisco

Modern OS, scalable, open
IOS® XE wireless
and programmable,
controller on Cisco
supports telemetry
Catalyst access points
HA, SMU, adaptive wireless

Supports advanced
IPS (aWIPS), Cisco
enterprise feature set
Umbrella™, NetFlow, ICAP
Use mobile app, WebUI, and

Flexible
Cisco DNA Center to deploy,
management options
manage, and monitor
Migrate access points to

Investment protection controller for more than 100
access points
EWC on Cisco Catalyst 9100 Access Points
Ideal for single or multisite small to medium- Mission critical Best in class
sized enterprise deployments Best suited for high-density enterprise branch deployments
Powered by Powered by
Cisco RF ASIC Cisco RF ASIC
C9115AX-EWC C9117AX-EWC C9120AX-EWC C9130AX-EWC

• 50 APs, 1000 clients • 50 APs, 1000 clients • 100 APs, 2000 clients • 100 APs, 2000 clients
• 4x4 + 4x4 • 8x8 + 4x4 • 4x4 + 4x4 • 8x8 + 4x4 or 4x4 + 4x4 + 4x4
• MU-MIMO, OFDMA • MU-MIMO, OFDMA (only • MU-MIMO, OFDMA • Tri-radio (dual 5 GHz + 2.4 GHz),
• Spectrum Intelligence DL) • Cisco RF ASIC HDX
• Bluetooth 5 • Spectrum Intelligence • Dual 5 GHz, HDX • Cisco RF ASIC
• 1x 2.5 Multigigabit • Bluetooth 5 • RF signature capture • RF signature capture
• USB • 1x 5 Multigigabit • 1x 2.5 Multigigabit • Decrypted data packet ICAP
• Integrated or • USB • Integrated or external antenna • 1x 5 Multigigabit
external antenna • Integrated antenna only • 8-port smart antennas
Software feature parity Supports up to 100 APs, Supports Wave 2 APs as Cisco DNA Assurance
across APs 2000 clients client serving with ICAP
EWC Automation Key Points
Supported Not Supported
• EWC Release 16.12.2 and above • EWC Day-0 templates via PnP
• Cisco DNA Center Release 1.3.3 • EWC Image upgrade via PnP
• Profile-based Design and Provision
• For PnP, support only EWC APs
running on the same AP base
image
• Only Day-N CLI Templates
EWC Design Workflow
Create Day-N Assign Wireless

Define Network Define Wireless Define Wireless
Create Sites Templates Network Profile
Settings Settings Network Profile
(Optional) to Sites
EWC design workflow is exactly same as wireless controller.
EWC Onboarding Workflow
Step 0 Step 1 Step 2 Step 3

Plan for PnP Onboard Complete Profile Provision EWC APs
Discovery Provisioning
• DHCP Option 43 or DNS • Part 1- PnP Claim • Provision Day-N CLI On EWC:
for EWC to discover Cisco Device Credentials of Profile Template(s) (Optional)
• • Create native VLAN and
DNA Center
• Management IP and Default WLAN to VLAN mappings
• Switch port connecting to GW in default flex profile
EWC should be trunk with Hostname
• • Create policy and RF tags
management VLAN of
EWC as native VLAN • Part 2- Add to Inventory • Assign policy and RF tags
• Network Settings of Profile to APs
• Only master EWC AP will
call home to Cisco DNA • Enable wireless assurance
Center in case of multiple Remove day-0 default EWC
• On Cisco DNA Center:
EWCs config (e.g. day-0 banner,
webui login, • Place EWC APs on map
CiscoAirProvision SSID)
• SSIDs of Profile
Software Image
Upgrade (SWIM)
Core Principles of Software
Upgrade with DNA Center
1 2 3
Intent based Network Upgrades Seamless Upgrades Reduce Downtime

with Patching
Standardization of Software by Pre/Post check validations Upgrade only what is

Network device role, device with rollback provide needed with minimal to
type and location confidence for upgrades zero downtime
Software Upgrade Process
Request
Software
Update
Identify
Close CR Golden
Image
Post Select
Deploy Devices
Validations
Activate Create
Software CR
DNA Center
NMS Software
Distribute Approve
Software CR
PreCheck
Validations
DNA Center - Software Update Workflow
Custom Python Custom Python

Pre-Check Post-Check
scripts scripts
System
Define Golden Pre-Check
Identifies Software Post Upgrade
Image by Validation for
Devices not in Upgrade Validation
Device Family Disk/Memory
compliance
Stop Upgrade Rollback to

older version
Defining Golden Image
Device Family Device Role Site Override
• Golden image per • Devices in the • Golden Images

device family same family can be
classified by role overridden at a
• Device family site level
includes router, • Ex: CAT3850 as a
switches and access switch vs • Ex: Amer uses
wireless (WLC) distribution v16.1 vs APJC
switch uses v3.8
SMU (Software Maintenance Upgrade)
What is SMU ?
▪ Point Fixes for the IOS-XE images (16.x onwards)

▪ Provides the ability to just update what is needed
Why SMU ?
Each device Copy Images to
Reduced IT
update causes New Code site over slow
Staff
network outage VPN tunnels
Business Slows down Requires bug

Time
Loss & software analysis,
Consuming
Downtime rollouts certification
Use Case: Upgrading AP’s in a
Staggered way to achieve Zero Down
Time of the Network.
Rolling AP Upgrade
Rolling AP Upgrade – RRM Based Candidate AP
Selection
User selects % of APs to upgrade in one go [5, 15, 25]

For 25%, Neighbors marked = 6 [Expected number of iterations ~ 5]
For 15%, Neighbors marked = 12 [Expected number of iterations ~ 12]
For 5%, Neighbors marked = 24 [Expected number of iterations ~ 22] © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Rolling AP Upgrade - Client Steering
▪ Clients steered from candidate APs

to non-candidate APs
▪ 802.11v BSS Transition Request
▪ Dissociation imminent
▪ If clients do not honor this, they will
be de-authenticated before AP 802.11v
reload
N+1 Rolling AP Upgrade AP
• Wireless Controller image upgrade using N+1 staging Controller
Trigger Rolling
Upgrade
X
Version : X+1 Mobility Group Version: X+1
Primary 1. Device auto selects candidate APs based Upgraded N+1

on selected % and RRM AP Neighbor
Map
2. Upgrade process kicks-in

• Image download to Primary Wireless
Controller
• Image pre-download to APs
• Selective redirect of clients using 11v
• APs moved to N+1 Wireless
Controller in rolling manner
• Primary Wireless Controller Reboot
• APs moved back to Primary Wireless
Controller (optional)
3. Monitor progress on the Device
Rolling AP Upgrade Workflow prerequisites
▪ Making N+1 WLC is Ready : The N+1 WLC should be running the same configuration as the
Primary WLC in terms of the WLANs and policies. For this reason, the config design of
primary WLC should be replicated on the N+1 WLC as a first step.
▪ Mobility Tunnel : The Primary WLC and N+1 WLC should be part of same Mobility Group and
the Mobility Tunnel should be UP between the two before initiating the Rolling AP upgrade
process
▪ N+1 WLC should be running on Golden image before starting the Rolling AP upgrade.
▪ The Rolling AP Upgrade workflow is Only Supported with Catalyst 9800 Wireless Controller
Rolling AP Upgrade Workflow
The Rolling AP Upgrades should

be enabled while provisioning of
the primary WLC and Need to
Provide the percentage for AP
reboot.
Check the Image upgrade readiness

check to confirm if WLC is meeting
Prerequisites.
Select the Primary WLC to update

Image
▪ Once the upgrade process started,
Rolling AP Upgrade will get triggered and
AP’s will be upgraded In a staggered way
based on the AP reboot percentage
provided.
▪ The Detailed View provides the AP’s

which got upgraded for each iteration
Demo - SWIM
Manage Software Images
❖ Import Images/SMU
from :
▪ URL(http/ftp)
▪ Local PC
▪ cisco.com
Image Standardization - “Golden Images”
Devices not Compliant with Golden Image
Built-in
Compliancy
checks to
Automatically
flag devices
SMU (Software Maintenance Upgrade)
▪ SMU Details on DNA-Center
▪ Impact on the Device -

Reboot/Hitless
SWIM/SMU Workflow Experience with DNA Center
1
Select device/(s) to
1 update Image/SMU
▪ Automatic Pre-
2 Checks done for
RAM & Flash
▪ Abort if Pre-Check
Fails
2
SWIM/SMU Workflow Experience with DNA Center
3
3 ▪ Detailed status information
regarding the Upgrade
Process
▪ SMU Activation Pre and

Post Checks with detailed
log information - CPU,
Disk Space, Route
Summary
▪ In case of failure during

Image upgrade or Pre &
Post checks, provide
reason for failure and
automatically Rollback
DNA Automation / Assurance driven events or
issues translate into ITSM events
• An ITSM Event can spawn off

an alert or an incident or a
change.
• You as a customer choose

what it does.
ITSM Event spawns off a problem depending on
impact and user defined criteria
• An ITSM Event resulted in a problem

record for a specific device.
• The problem record has all the

information about the device – current
image, recommended image, impact
to neighborhood topology
ITSM Incident or Change Request gets updated
with relevant analysis from DNA-C
• Cisco DNA Tab gets enriched with the
relevant context for an ITSM leader to
resolve issues faster.
• This enrichment can be based on user,
device, application context.
▪ Software Images are mapped to Sites
▪ Extremely simplified upgrade process
▪ Upgrade with Confidence - Integrate with
YOUR Pre-Check/Post-Check scripts
▪ Closed Loop Automation for Software
Images Upgrades
Summary
Key Takeaways
Key Takeaways
Intent Based Workflows that are WLC Architecture Agnostic

(Flex vs ME vs EWC vs C9800 vs AireOS)
“Network Profiles” help deliver Business Intent - Day 0 to Day N
AP Plug and Play and Ekahau integration provide easy AP

onboarding experience and reduce Opex.
Opening Keynote 09:00 MOB
Mobility Track
BRKWEN-2028
Meraki Wireless 11:15
under the hood
BRKEWN-2006
Advancements in 14:30 BRKEWN-2014
Wireless Security Be my guest! - 14:45
Design and Deploy
Wireless Guest
Access that Works
BRKEWN-2005 Guest Keynote 17:00
Securely Designing 17:00
Your Wireless LAN Cisco Live
for Threat Mitigation, Celebration 18:30
Policy and BYOD
Security
#CLEMEA
TUESDAY WEDNESDAY THURSDAY FRIDAY
Keynote 09:30
08:30
08:30
11:00 BRKWEN-2028
Meraki Wireless 11:15
under the hood
11:00
09:00
BRKEWN-2006 14:45
Advancements in 14:30 BRKEWN-2014
Wireless Security Be my guest! - 14:45
Design and Deploy
Wireless Guest 16:45
Access that Works 11:30
BRKEWN-2005 16:45 Keynote 17:00
Securely Designing 17:00
Your Wireless LAN Customer
for Threat Mitigation,
MOB
Appreciation 19:00
Policy and BYOD
Security #CLEMEA
Mobility Track
Opening Keynote 09:00
MOB
BRKEWN-3010
BRKEWN-3010
Cisco Catalyst RF 08:30
Mobility Track
Cisco Catalyst RF 11:00 Innovations, WiFi6 and
Innovations, WiFi6 Beyond!
and Beyond!
BRKEWN-2017
BRKEWN-2017 RF Fundamentals 14:45
RF Fundamentals 14:30 from WiFi to WiFi6
from WiFi to WiFi6 (11ax) Wireless
(11ax) Wireless Networks
Networks
BRKEWN-2439
7 New ways to Fail as 16:45 Guest Keynote 17:00
a Wireless Expert...
Cisco Live
Celebration 18:30
RF
Optimization
#CLEMEA
Keynote 09:30
08:30
BRKEWN-3010
BRKEWN-3010 Cisco Catalyst RF 08:30
Cisco Catalyst RF 11:00 Innovations, WiFi6 and
Innovations, WiFi6 Beyond! 11:00
and Beyond!
11:00
BRKEWN-2017 09:00
BRKEWN-2017 RF Fundamentals 14:45
RF Fundamentals 14:30 from WiFi to WiFi6
from WiFi to WiFi6 (11ax) Wireless
(11ax) Wireless
14:45
Networks BRKEWN-2013
High Density Wi-Fi
Networks 16:45
Design, Deployment, 11:30
BRKEWN-2439 and Optimization
7 New ways to Fail as 16:45 Keynote 17:00
17:00 a Wireless Expert...
Customer
Appreciation 19:00
MOB
RF Optimization Mobility Track
#CLEMEA
LTREWN-2673
Lab: Build your 09:30 BRKEWN-2026
Mobility Track
Wireless Network Wireless Network 11:15
Programmability & Automation with
Telemetry solution Cisco DNA Center
from scratch! BRKEWN-2033
Next generation Wifi 14:45
Networks enhanced
with Cisco DNA
Analytics and
Machine Learning
BRKEWN-2034
Cisco DNA Wireless 16:45
BRKEWN-2050 Assurance: Isolate Guest Keynote 17:00
Telemetry and 17:00
problems for faster
Programmability in Cisco Live
troubleshooting
the Next Generation Celebration 18:30
Wireless Stack
Management,
Analytics &
Assurance
#CLEMEA
Keynote 09:30
08:30
LTREWN-2673
Lab: Build your 09:30 BRKEWN-2026
Wireless Network Wireless Network 11:15
Programmability & Automation with
Telemetry solution Cisco DNA Center
from scratch! BRKEWN-2033 09:00
Next generation Wifi 14:45
Networks enhanced 14:45
14:30 with Cisco DNA
Analytics and
Machine Learning
16:45
BRKEWN-2034 11:30
Cisco DNA Wireless 16:45
BRKEWN-2050 Assurance: Isolate Keynote 17:00
Telemetry and 17:00
problems for faster
Programmability in Customer
MOB
troubleshooting
the Next Generation Appreciation 19:00
Wireless Stack
Management, Analytics & Mobility Track

Assurance #CLEMEA
LABEWN-2127
Walk in Lab:
Every day Mobility Track
Integration of DNA
Spaces with Aironet
and Catalyst Based
wireless networks
PSOEN-2817
Cisco DNA Spaces - 14:00
Wi-Fi as a behavior
sensor enabling BRKEWN-2012
business outcomes Design and Use 17:00
Cases of a location
enabled Wi-Fi
network, supported
by Cisco DNA Spaces
Services
#CLEMEA
MONDAY TUESDAY WEDNESDAY
Keynote 09:30
08:30
LABEWN-2127
Walk in Lab: Every day
11:00 Integration of DNA
Spaces with Aironet 11:00
and Catalyst Based
wireless networks
PSOEN-2817 14:45 14:45

Cisco DNA Spaces - 14:00
Wi-Fi as a behavior
sensor enabling BRKEWN-2012
business outcomes Design and Use 17:00 16:45
Cases of a location
enabled Wi-Fi
network, supported Keynote 17:00
17:00
by Cisco DNA Spaces
Customer
Appreciation 19:00
MOB
Services Mobility Track
#CLEMEA
Opening Keynote 09:00 BRKEWN-2003
Optimize your WLANs 08:30
MOB
LABEWN-1098
Walk in Lab: IOS-XE
BRKEWN-2670
Every day Introduction to Cisco 08:30
for Small and Mobile
Devices (Phones,
Mobility Track
Embedded WLC on Catalyst 9800 Tablets and alike)
AP 9100 series Wireless Controller
LABEWN-1038 BRKEWN-2020
Walk in Lab: Migrate Every day Cisco SD-Access 11:00 BRKEWN-2027
from AireOS to Wireless Integration Design and 09:00
Cat9800 (IOS-XE) Deployment of
Outdoor Wireless
BRKEWN-2016 Networks
BRKEWN-2010 Design and Deployment 14:45
Introduction to Next 11:00 of Wireless for Branch
Generation Wireless and Remote Offices
Stack
LTREWN-2030 Guest Keynote 17:00

Hands-on Solutions 14:30
Lab on Catalyst Cisco Live
Wireless 9800 Celebration 18:30
Controllers
Portfolio &
Design
#CLEMEA
Keynote 09:30 BRKEWN-2003

Optimize your WLANs 08:30
LABEWN-1098 BRKEWN-2670 for Small and Mobile
Walk in Lab: IOS-XE Every day Introduction to Cisco 08:30 Devices (Phones,
Embedded WLC on Catalyst 9800 Tablets and alike)
AP 9100 series Wireless Controller 11:00
LABEWN-1038 BRKEWN-2020
Walk in Lab: Migrate Every day Cisco SD-Access 11:00 BRKEWN-2027
from AireOS to Wireless Integration Design and 09:00
Cat9800 (IOS-XE) 14:45 Deployment of
Outdoor Wireless
BRKEWN-2016 Networks
BRKEWN-2010 Design and Deployment 14:45
Introduction to Next 11:00 of Wireless for Branch
Generation Wireless and Remote Offices 16:45
Stack 11:30
LTREWN-2030 16:45 Keynote 17:00

Hands-on Solutions 14:30
Customer
MOB
Lab on Catalyst
Wireless 9800 18:30 Appreciation 19:00
Controllers
Portfolio & Design #CLEMEA Mobility Track

Opening Keynote 09:00
MOB
LABEWN-1505
Mobility Track
Cisco 9800 Controllers Every day
- Understanding,
deploying and BRKEWN-3011
troubleshooting Advanced 11:00 BRKEWN-3013
Troubleshooting of BRKEWN-2809 Advanced 09:00
Wireless LANs The Final Fails. 6 for 14:45 Troubleshooting of
(WiFi) 6 Cisco Catalyst 9800
Wireless Controller
BRKEWN-2480
Plan, design and 16:45
troubleshoot your Cisco
DNA driven 9800 WLC
wireless network: Best Guest Keynote 17:00
Practices and lessons
Cisco Live
learnt from the field
Celebration 18:30
Troubleshooting
#CLEMEA
Keynote 09:30
08:30
LABEWN-1505 08:30
Cisco 9800 Controllers Every day
- Understanding, 11:00
deploying and BRKEWN-3011 BRKEWN-3013
troubleshooting Advanced 11:00 Advanced Troubleshooting
Troubleshooting of BRKEWN-2809 of Cisco Catalyst 9800 09:00
Wireless LANs The Final Fails. 6 for 14:45 Wireless Controller
14:30 (WiFi) 6
BRKEWN-2480
Plan, design and 16:45 16:45
troubleshoot your Cisco 11:30
DNA driven 9800 WLC
wireless network: Best Keynote 17:00
17:00
Practices and lessons
Customer
MOB
learnt from the field
Appreciation 19:00
Troubleshooting Mobility Track

#CLEMEA
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.
Continue your education
Demos in the
Walk-in labs
Cisco campus
Meet the engineer

Related sessions
1:1 meetings
Thank you

Brkewn 2026

Uploaded by

Copyright:

Available Formats

Brkewn 2026

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkewn 2026

Uploaded by

Copyright:

Available Formats

Wireless Network Automation

with Cisco DNA Center

Paul Lysander - Technical Marketing Engineer

Automation for Provisioning Provision Assurance

Analytics for Assurance Cisco DNA Center Appliance

Multiple Apps for Management across Integrated Workflows across Domains

Device Centric Configurations Intent driving service provisioning & Policy

Software Update is Manual and Proactive and Consistent Software

Out of the box Integration with IT

The Network that Scales for the Digital Business

DNA Center Cisco AI Cloud

DNA Center Platform

Design Provision Policy Assurance

Protocols & APIs (CLI,SNMP, NetConf, JSON, NetFlow, pxGrid...)

Network Control Points

Network Control Points

Network and telemetry Streaming telemetry

• Software Image Management (SWIM)

Lifecycle Management IT Process Automation Policy Based Automation

Catalyst 9800-80 Catalyst 9800-40 Catalyst 9800-L

Catalyst 9800 for Cloud Catalyst 9800 embedded wireless

Cisco Catalyst 9800 Cisco Catalyst 9100

Resilient Secure Intelligent

7000+ units sold 2,000+ unique customers

Catalyst 9800 Cisco DNA-C Innovations on

Catalyst 9100 Cisco DNA

Catalyst 9800-SW* Catalyst 9800-CL+ Catalyst 9800-CL Catalyst 9800-CL

Catalyst 9800-L Catalyst 9800-40 Catalyst 9800-80

On-premise Appliance | Pubic or Private Cloud | On a Switch

Cisco Catalyst 9800 Series Cisco Catalyst 9100

Resilient Secure Intelligent

Extending Cisco’s Innovation Beyond

WLAN AP Group Flex Group RF Profile Basic Policy Site

Site Specific Remote site Profile threshold Modularize Switching Policy

High Density HDX

Policy Tag RF Tag

Defines the broadcast domain (list of Defines the RF properties

Defines the properties of the

• Same Day-0 Design and Provision Workflows as AireOS WLC.

• Provisioning is done via the combination of NETCONF and CLI.

• Plug-and-Play support for C9800 is on roadmap.

Deploy Enterprise & Guest

Typical Customer Network

Plan Design Design Provision

Network Services WLC Mapped to

Plan Design Network Design

Cisco Prime Site A

Typical Customer Network

Step -1 Create Site Hierarchy along with Buildings and Floors

Step -2 Import Floor Maps

Step -3 Manage Floor Map Properties

1. RF Planning - Real AP or Predictive Site Survey to plan AP

2. Give a copy of floor plan with AP positions to installers for

3. Installers connect the cables and power on APs.

4. APs join WLC and are discovered by NMS tools.

5. On NMS tools, network admin drags and drops APs to

Challenges with Traditional Way

• Waiting… Waiting…. Waiting…

• Why position APs manually twice?