[MUSIC PLAYING] ROBB BOYD: Welcome to TechWiseTV
as we continue our Catalyst wireless series with the
embedded wireless controller on Catalyst 9100 access points. You know, we recently featured
the Catalyst 9800 series, which is the latest IOS XE
based wireless controllers. It's hardware that can handle
thousands of access points and multiple
thousands of clients. But we also have
a show dedicated to the 9800-L, which is
hardware based control for smaller deployments. But what if you don't want to
deal with a physical controller at all? Can you still get Enterprise
grade quality and features? These are great questions. And Rajat Tayal
the Product Manager for Cisco's embedded
wireless controller. And he says it's
not only possible, it may be preferable
for many of us. Let's talk to him
now in the lounge. Well, Rajat, welcome
to TechWiseTV. RAJAT TAYAL: Thank
you all for having me. ROBB BOYD: Glad to have
you here always when it comes to wireless. We've got some new form
factors to talk about, some new ways of doing things-- RAJAT TAYAL: Yeah. ROBB BOYD: --the embedded
wireless controller. You're the product
manager for this. And I want to make sure that
I understand it, so all of us can take a look at
where this fits. So what is it, first of all? RAJAT TAYAL: Yeah, so we
have the Catalyst wireless controller on the appliances. ROBB BOYD: Right. RAJAT TAYAL: We have the 9800
off a private and public cloud. ROBB BOYD: OK. RAJAT TAYAL: We have 9800
embedded on Cat9K switches. And now we are introducing 9K
embedded on the Catalyst 9100 access points. And that's why we are calling
it the embedded wireless controller. ROBB BOYD: This has got
to be IOS XE and really, that flexibility-- RAJAT TAYAL: Absolutely. ROBB BOYD: --that we've been
talking about with that. So I'm assuming
that if someone's been studying that
deeply, they're probably going to see a really
close match, if not identical to everything here. RAJAT TAYAL: Right. ROBB BOYD: But when
we talk embedded, so it's running on an
access point, you're saying. And specifically, it's a 9100. Let's recap for
anyone not familiar. The 9100 series is our AX
compatible access points, correct? RAJAT TAYAL: Right, the
Wi-Fi six access points. ROBB BOYD: And these
all run IOS XE. They're all under
the new Catalyst branding as well to emphasize
how big this change is and how positive it is. Does this run on all of those? RAJAT TAYAL: Yes. So you know, we have the 9100
series of 11ax access points, the 9115, the 9117, the 9120. All of these will run
embedded wireless controller. ROBB BOYD: OK. RAJAT TAYAL: And now
we are introducing the 9130 as well, which is our
first tri-radio access point. And that is also going to
support embedded wireless controller. ROBB BOYD: OK. OK, so we can support
it on all of those. What about scale when it
comes to something like this? How many are we able to go up
to in this embedded fashion because it seems
like there's got to be some processor limitations
or something, I'm guessing. RAJAT TAYAL: Yeah, so
that's a great question. So when you look at
the software features, there is really no difference
across the access points. 9115, 17, 20, 30, from a
software parity standpoint, they all have the
same feature set. ROBB BOYD: OK. RAJAT TAYAL: The only difference
is actually in the scale. So the 9115 and
the 17 have a scale of 50 access points, 1,000
clients in a single deployment. And the 9120 and
30 support 100 APs and 2,000 clients
in a single embedded wireless control deployment. ROBB BOYD: That's actually
a pretty healthy scale. RAJAT TAYAL: Yeah. ROBB BOYD: So this
is not something that's just for small offices. You were mentioning
to me this notion of this is really focused
on distributed Enterprise where you've got big offices,
you've got small offices. And you got a lot of
different locations. RAJAT TAYAL: Yeah. ROBB BOYD: This really
ties into a system. It's not necessarily,
although it can be, designed to operate by itself. Can you walk me through
maybe a customer example? How are people using this level
of technology in real life? RAJAT TAYAL: Yeah, so we have
designed embedded wireless controller on Catalyst
access points for distributed Enterprise locations. ROBB BOYD: OK. RAJAT TAYAL: So let's
take an example of a bank. A bank has a campus and
has multiple retail branch locations. So you can deploy a Catalyst
9800 for the campus. But for the retail
branch locations, you don't have to put in
an appliance hardware. ROBB BOYD: Oh, wow. RAJAT TAYAL: You can deploy
embedded wireless controller on the Cat 9100 access points. And you know, there's
no additional cost to sort of deploy
controller hardware at each of these
retail bank locations. ROBB BOYD: So the hardware
is for the scale needed at a headquarter
location but still all operates as one system. You're not managing a bunch of
individual silos whatsoever. It still looks like one system
from a management standpoint. RAJAT TAYAL: Yeah. So because it is the same
Catalyst 9800 family, so from a management
standpoint, you can have DNS center, which
is your command and control center. It can manage your campus. It can manage all your
remote site locations. But you are running
independent controllers at these remote
branch locations. ROBB BOYD: OK, that makes sense. OK, but in the DNA
Center, though, which is jumping ahead to management. I'll ask you about
that again in a moment. But that's obviously
our big management play in terms of
here's what we really recommend for complete control. But just to make sure I've
covered something here, some people may be
familiar and say this sounds a lot
like Mobility Express. We've had that for
years on Air OS, which is a previous operating
system for wireless. What happens for someone
either running that or running old access points under
this new level of system if they want to take advantage
of embedded wireless, how does that work? RAJAT TAYAL: Yeah, so if
the customer has already invested in Mobility
Express, as you may know, Mobility Express was supported
on 11ac Wave 2 access points. ROBB BOYD: Right. RAJAT TAYAL: Right, so
if somebody has already invested in that
and if they want to try the new 9100,
what they can do is they migrate over all
those access points-- 11ac Wave 2 access points-- to an embedded wireless
controller running on 9100. So embedded wireless
controller running on 9100 is supported on 11ax APs, as
well as 11ac Wave 2 access points. ROBB BOYD: And those
Wave 2 access points can also still continue
to operate within that system as serving up-- RAJAT TAYAL: Absolutely. ROBB BOYD: --clients. RAJAT TAYAL: And they will
bring clients in remotely. ROBB BOYD: Clients [INAUDIBLE]. RAJAT TAYAL: They won't
support the embedded wireless controller. But they will bring
clients in remotely. ROBB BOYD: OK, so we're
not losing all value there whatsoever. And there's a nice
migration plan. RAJAT TAYAL: Yes. So when customers are
looking to migrate, we have a couple of
different options. We have a standalone tool. And what they can do is they can
export out the Mobility Express configuration, run
it through a tool, and the tool will give them
a comparable configuration for the embedded wireless
controller, which they can import it in. And they'll be up
and ready to go. ROBB BOYD: So you're
telling me kind of three areas that were
really important to understand in terms of what this solution
offers-- resilience, security, and management. Let's talk about resilience. What would you highlight
as a key feature that really says this is resilient? RAJAT TAYAL: So
resiliency is big when it comes to
Enterprise deployments. So what we have done
on embedded wireless controller is we have an
active controller, which runs on one of the access points. And then we have standby
controller, which runs on a second access point. And they're running
simultaneously. ROBB BOYD: OK. RAJAT TAYAL: So if the active
controllers, for whatever reason goes down, or
the AP that is running the active controller goes
down, the standby takes over within a few seconds. ROBB BOYD: Nice. RAJAT TAYAL: So that's one. ROBB BOYD: OK. RAJAT TAYAL: Right. And of course, it's running
9800, which runs IOS XE. So we have the greatness
that I IOS XE has, which is about hot
and cold patching. So if you find a problem
with a controller, instead of upgrading
to a new release, you can just apply a hot
patch or a cold patch. ROBB BOYD: So we're talking
about that modularity of IOS XE where you can really focus
updates into certain areas. You don't have to take
the entire system down because you're doing a
bug fix or a hot patch or something like that. RAJAT TAYAL: Exactly. ROBB BOYD: OK. RAJAT TAYAL: And you can stay
on the certified version. So let's say it's an
Enterprise, right-- they have given release. ROBB BOYD: Well, yeah, last
thing I want is a new update. RAJAT TAYAL: Exactly. They don't want to
do to full upgrade. ROBB BOYD: Right. RAJAT TAYAL: All they want to
do is take a fix for the issue that they have found, so we
can push it through a patch. And embedded wireless
controller supports that. The second big thing is that
you can apply AP service packs and AP device packs. So let's say there is an
issue not with the controller but with the access
points, right? You can actually patch an access
point wire AP service packs. ROBB BOYD: OK. RAJAT TAYAL: If we introduce
a new piece of hardware or a new access
point, for example, and you want to onboard them
onto your current controller version, you can apply
an AP device pack. ROBB BOYD: Nice. OK. RAJAT TAYAL: And that'll
allow you to basically onboard the AP. ROBB BOYD: OK. RAJAT TAYAL: So these are
some of the capabilities that are available with 9800. We have made sure
that all of these are available with embedded
wireless controller as well. ROBB BOYD: All right, before we
jump over to the lab, though, just real quick, so
security you mentioned is very, very important. RAJAT TAYAL: Security
is paramount. ROBB BOYD: A lot of things
are enabled by default. RAJAT TAYAL: Yes. ROBB BOYD: Yeah, so give
me one example or more that you would
highlight for security. RAJAT TAYAL: Yes, so
security, as you know, is top of mind for any customer. ROBB BOYD: Right. RAJAT TAYAL: [INAUDIBLE] So when
it comes to embedded wireless controller, we have features
that would secure the device-- for example, .1x supplicant
on the access point. ROBB BOYD: Right. It's a hardware level. RAJAT TAYAL: We have
security for the clients. So we have integration
with Umbrella. We support [INAUDIBLE]-- ROBB BOYD: DNS level security. OK. RAJAT TAYAL: Exactly. DNS level security against
all your malicious content and whatnot. ROBB BOYD: Right, very valuable. RAJAT TAYAL: For
securing the air, we support features like
Clean Air, Rogue, detection, classification, and
containment [INAUDIBLE] and things like that. ROBB BOYD: Oh, nice, so
the intrusion prevention and everything like
that, so again, a lot of Enterprise grade features. RAJAT TAYAL: Absolutely. ROBB BOYD: OK, so
management, there's also a couple of different
ways to look at management. We think of how we onboard,
how we set things up, and then control it over time. But also, you were
mentioning analytics, right? RAJAT TAYAL: Yes. So when you're deploying
in the Enterprises even at a branch
location, you want to get insights in terms of
what is happening at your branch location. You want to get insights
if you're having client connectivity issues. And you also want
to have capability to troubleshoot in case
you're having those issues. So like we have the 9800
and the access points, we have insights and analytics
and packet capture capabilities available with DNA assurance. We have the same
set of capabilities available with embedded
wireless controller. ROBB BOYD: OK. RAJAT TAYAL: So for
example, if you deploy embedded wireless controller
at a branch location, you can get all
that assurance data. You can get insights in terms
of what issues are happening. DNA Center or DNA
assurance will give you the remediation for the issues. And you can also
get packet captures. If you have
onboarding anomalies, the embedded wireless
controller running on the APs will also send you the packet
capture through DNA Center for troubleshooting purposes. ROBB BOYD: Wireless
experts are cheering right now because that's
one of the favorite ways. Just get down to
the packet level. If you want to really
figure out what's going on, let's see what's in the packet. That's so cool that we can do
that in such an easy manner. So DNA Center's really where
we want to go from a management perspective. We're going to take a look
at that in just a moment. But we're not limited
to DNA Center, correct? You can interoperate with this
embedded wireless controller in a couple of different ways. RAJAT TAYAL: Yes, you can. So if you don't
have a lot of sites or if you don't really have
an Enterprise deployment, but you are looking for
a product that gives you those Enterprise grade
capabilities, right, so if you just have a few
sites, you can deploy it. And we support
deployment using the app. You can use the app
to manage and monitor. If you don't want
to use the app, we do have a full
web view interface to allow you to do that. And best of all, because we
run 9800 and it runs IOS XE, we also have support for
programmable interface. So netcom [INAUDIBLE],, you know,
if you're using a third party tool to sort of
talk to the device, get telemetry from the device,
all of that is supported. ROBB BOYD: Those
structured data sets, we can interoperate
with all of that-- RAJAT TAYAL: Right, so
all of that is supported-- ROBB BOYD: OK, that's going
to be big for a lot of people. I want to take a look
at the management. Can we do that now? RAJAT TAYAL: Absolutely. Let's take a walk. ROBB BOYD: Come with me. So you've obviously
got access points here. I don't see a controller. RAJAT TAYAL: Because it is
running on the access points. ROBB BOYD: OK, that actually
makes complete sense. I didn't know if it
was hidden somewhere. Just to be sure. RAJAT TAYAL: Sure. ROBB BOYD: So explain why you
set this up in this fashion. RAJAT TAYAL: Yeah, what we have
here is a typical branch setup. I mean, we don't
have a router here. But we have a switch
to which the access points are connected. We have a few different
flavors of access points here. We have our latest Wi-Fi
six 9100 access points. So we have the
9115 and the 9120. And that's a 9115
down there as well. But we also have an 11ac. We have two access
points, which is a 2800. And this setup at the
moment is in day zero. It's waiting to be configured. ROBB BOYD: OK, so they're
just getting power. And they're sitting
on the network. But they're not
configured for use yet. RAJAT TAYAL: Right,
they're not yet configured. And what I'm going to
do is I'm going to use the mobile app to configure it. You can use a laptop. It is right now broadcasting-- provisioning a society
to which you can connect your laptop or a mobile device. But there is an app that you
can use to do [INAUDIBLE].. ROBB BOYD: I'm curious
about the app thing. RAJAT TAYAL: Yeah,
let's do that. So I'm going to take my phone. And I'm going to go to the app. So this is the mobile app. When you get to the launch
screen, what you need to do is just click on Continue. You have a few
different options. The first option is to set
up the Wi-Fi network, which is what I'm going to do here. ROBB BOYD: OK. RAJAT TAYAL: But let's say
it was already setup, right, and you wanted to
manage it using the app. ROBB BOYD: Oh, so you
could do that here, too. RAJAT TAYAL: You can click
on the Manage button. ROBB BOYD: OK. RAJAT TAYAL: And
once you manage it, the list of networks
that you're managing would appear under
Managed Networks. ROBB BOYD: OK. RAJAT TAYAL: Yeah, so
let's do the setup now. So what I'm going to do is I'm
going to click on the Setup. And what I'm going to do is
I'm going to scan the QR code. So instead of connecting
to the provisioning society using my Wi-Fi,
what I'm going to do is there's actually a QR code
at the back of these APs. And I'm going to
scan the QR code. And what I'm
essentially doing is I'm connecting my device
to the provisioning society automatically. And that's where the
QR code helps us. Once I'm connected,
then I can launch the setup wizard to sort of
go through the provisioning. And all I need to do essentially
is give it a admin account and set up that WLANs. That's about it. ROBB BOYD: So the
wizard now allows us to begin the next
step in the process. RAJAT TAYAL: Yeah. ROBB BOYD: OK. RAJAT TAYAL: So
what I'm going to do is I'm going to show
you the screen again. So the visit is very simple. So I'm connected to the
provisioning SSID now. And you can see that
I'm actually connected. So what I'm going
to do is I'm going to click on Let's Get Started. And essentially what
it is going to do is it is going to bring
up the setup wizard. All you need to do is enter
the username and password for your management account. Once you have done that, you
create your wireless network, right? You give it the name. Let's say your security
app is personal. All you do is you
enter the passphrase. And you hit deploy. Once you deploy it, the
network will be up and running. So once I'm done
entering the information, so I have created the
SSID called Employee. I've entered the passphrase. And the next thing
I want to do is I'm just going to click
on the Deploy button. ROBB BOYD: OK. RAJAT TAYAL: Once
I hit on Deploy, it says are you sure
you want to deploy. Yes, I'm sure. So let's deploy it. And what's going to happen
is within a minute or so, the Employee SSID is
going to broadcast. ROBB BOYD: OK. So the one you assigned. OK, the one you created. RAJAT TAYAL: Correct, the one
that I created using the app. There is no reboot, however. So this is one of the
things that we took care on the 9100 side. Once you transition from
[INAUDIBLE] day one, there is no reboot
of any access points. You seamlessly transition
from [INAUDIBLE] day one. And all the APs that
are there will actually connect with the controller. ROBB BOYD: OK. RAJAT TAYAL: Yeah. ROBB BOYD: Oh, that's fantastic. OK, so where do we go from here? RAJAT TAYAL: So we
created the Employee SSID. What we can do now is let's
see if the Employee SSID is up. It is. I can see it. So what I'm going
to do is I'm going to try and connect my
laptop or my MacBook to the Employee SSID. So let's enter the password as
Cisco123, which is what I gave. And I'm actually connected. Once I'm connected to the
SSID, all I need to do is I need to type in
my Wi-Fi, Cisco.com. I'm going to click on Advanced. And I'll just say proceed
to the log-in interface. So I'd given the controller
user and password to be Admin and Cisco123. And that's what I'm actually
going to enter here. And when I log in,
what I'm going to see is all my access points that
you see on the table here. So let's click on the Dashboard. And as you can see, I
have four access points. I have three on the table
and one on top of the switch. So I've got the
full access points. And then of course, I have one
network, the Employee network that I actually created. And I have a couple of clients. I have my MacBook. And of course, I have my phone
that is actually connected to this network as well. So once you log in, you
look at the Dashboard. The one thing that I would
like to highlight here is the look and feel of the
web UI is pretty much the same as the Catalyst 9800. But what we have done is we have
removed all the options, all the knobs, that are actually not
supported for embedded wireless controller. So we have a simplified UI
from that point of view. We also have a Simple
and Expert view, something that we had
on Mobility Express. And we thought it would
be useful here as well. So with Simple view, you get-- ROBB BOYD: --a very
limited set of the options. RAJAT TAYAL: Right, you
get limited set of knobs. But with Expert view, you
pretty much get everything. ROBB BOYD: But with
both as I understand it, you guys by default already have
a lot of security precautions, a lot of best practices that
Cisco has built over time. RAJAT TAYAL: Right. ROBB BOYD: Those are
coming on by default because this is meant for
Enterprise grade, right? RAJAT TAYAL: Correct. So it is Enterprise grade. But what we have also
done is, let's say, for a smart
deployment, right, we have best practices
enabled out of the box. ROBB BOYD: Yeah, I like that. RAJAT TAYAL: And
so when you deploy, all of those best
practices would be enabled. But we have designed
it for Enterprises. If you want to fine
tune those knobs, you have them available
here as well on the web UI. ROBB BOYD: Yeah, I like that. RAJAT TAYAL: So let's take
a look at the access points. So when I click
on the APs, I can see which one is
my current AP which is running the active
controller and the standby. And we also have a option to
sort of define if I have an AP that I want to fail over to
in case there's a failure. ROBB BOYD: Ah, you
want it to be specific. RAJAT TAYAL: Correct,
which is what we call it is a preferred master. So as you can see,
I have the 2800. And I have the two 9115s. And then of course, I have the
9120, which is right there. So I have all these
four APs here. ROBB BOYD: OK, so
you can do everything with a direct connection to it. This is not your only management
option, though, right? RAJAT TAYAL: This is not just
the only management option. I showed you the wireless app. I showed you the web UI. And I think it's time for
me to show you DNA Center. ROBB BOYD: Yeah, this
is the big daddy. This is for managing your
full Enterprise deployment. RAJAT TAYAL: Correct. ROBB BOYD: Beyond the ability
to just connect directly, you mentioned you
covered the app. We've got that for setup,
as well as management, you mentioned. We've also got the
direct connection. And this is the interface
we've been seeing here. But DNA Center is where you
really manage everything from a global scale,
so to speak, no matter how large your network may be. That's where we're going
to get all the goodness. RAJAT TAYAL: Right, so
let me show you that, Rob. So I'm going to open up
a new tab on the browser. I'm going to type in the
IP address of my DNA Center that is actually managing
embedded wireless controller on the access point networks. All right, so I've logged
into the DNA Center. And essentially,
of course, you come to their [INAUDIBLE]
summary Dashboard. But what I want to
do first is show you the embedded wireless
controller, right? So a bunch of devices-- ignore what you
see on the right. So essentially what I have
done here is I have defined a few different branch
locations, all running embedded wireless controller. So I have three branches, two
in Milpitas, one in San Jose. And they all have embedded
wireless controlling them. What I'm going to
click on is on the WLC because I want you to see
that the embedded wireless controller, which is
running on these APs, is recognized as a controller. ROBB BOYD: Gotcha, OK. RAJAT TAYAL: So I've
clicked on the WLCs. And I see three. I see one for San Jose branch. And I see one each for the
Milpitas branches, yeah? So let me just simplify
this a little bit. I'm going to clean
this up a little bit so that we don't have to
scroll and things like that. Let's hit on Apply. All right, so I'm going to
scroll a bit to the right. And as you can see,
the device settings here shows that you have
Cisco embedded wireless controller, which is running
on the Catalyst access points. And it also shows
you the platforms, the AP models which is running
this controller functionality. So what I'm demonstrating
here is that you can actually have a 9800 for your campus. And you can have embedded
wireless controller running on all your branch locations. And you can use DNA Center to
manage all of your network. ROBB BOYD: I like it. RAJAT TAYAL: Yeah. Let me quickly click on
the assurance page as well. Of course, this is a lab setup. It's got a lot of noise
and issues and whatnot. But we also have assurance
capabilities here. So I'm going to click
on the Network Health. And of course, on a
time series chart, we can see the health of
the network coming down a little bit. As you can see, there's a lot
of noise and things like that. Let me scroll down a
little bit where I can see all of my devices, right? So I see a list of my devices. Let's click on one of them. Let's click on, let's
say, the first one. And I'm looking at the
Device 360 view now, right? So I'm looking at the
health of the device. It tells me that it
actually went down, perhaps a little while back. Let's scroll down a little bit. And in terms of the
physical topology, I can see the
controller, the AP. And if I had clients,
they would actually show up under 2.4 or 5
gigahertz on this topology. ROBB BOYD: Excellent. So I love the
health information. And assurance seems to be
one of the fastest growing areas in terms of the
amount of information, especially on the wireless
side, that we can glean and be able to use more intelligently. It feels to me, like
if I was to summarize, I would say that you don't
have to sacrifice feature functionality, security,
resiliency, or management when it comes to the embedded
wireless controller. RAJAT TAYAL: Exactly. ROBB BOYD: And I'm amazed-- once more, the amount of scale
that you can get with the 9100 access points. It's going to vary on
the smaller access points up to the larger ones. But we're talking
up to, what, 2,00? RAJAT TAYAL: 2,000 clients. ROBB BOYD: Without running
a physical controller. RAJAT TAYAL: Yeah. ROBB BOYD: But then when you
do run a physical controller, it works in conjunction. So it allows you to
scale into certain areas where you don't want to spend
extra money on the hardware and go through all that
expense but still treat it as one system. Fair? RAJAT TAYAL: Fair. ROBB BOYD: Incredible stuff. Thank you so much. Appreciate your time. And guys, thank
you for watching. Be sure and check
out all the rest of the information on the
Catalyst Wireless Series that we've been doing. It's a lot of great information. IOS XE has totally changed
the game for wireless. And it's all to your benefit. Thank you so much for
watching TechWiseTV. We'll see you on the next one. [MUSIC PLAYING]
