Configure Catalyst 9800 WLC Smart Licensing Using Policy with DNA Center

Introduction

This document describes Smart Licensing Using Policy (SLUP) on air-gapped Catalyst 9800 Wireless LAN Controller (WLC) via Cisco Digital Network Architecture (DNA) Center.

Prerequisites

Basic knowledge of Cisco Catalyst 9800 WLC and Cisco DNA Center.

Requirements

Smart Licensing Using Policy (SLUP) on Catalyst 9800 WLC with the help of DNA Center requires WLC image version 17.3.2a or higher, and DNA Center version 2.2.1 or higher.

Components Used

• 9800 WLC 17.3.3.
• DNA Center 2.2.2.5.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

SLUP Workflow With DNA Center

Like older AireOS based controllers, the 9800 WLC itself does not need to be licensed. You only need to license the Access Points (APs) that are joined to the controller. The access point license usage needs to be reported to Cisco's smart license server (also known as Cisco Smart Software Manager - CSSM). There are several ways to achieve this. In wireless enterprise networks, WLCs are often air gapped without Internet access. This makes it difficult to report AP license usage to the CSSM. This article assumes that the WLC is air gapped and that DNA Center has access to CSSM over TCP ports 80 and 443.

Note: Unlike AireOS WLCs, 9800 WLC that is not correctly licensed continues to function even after the evaluation license expires.

Once the APs are joined to the WLC, license consumption information is stored in a secured location on the device in the form of RUM/Usage reports. Cisco DNA Center pulls these reports from WLC and upload it to CSSM on demand or periodically. Each time a RUM report is uploaded to the CSSM, the DNA Center needs to let the WLC know.

Catalyst 9800 WLC Configuration

There is minimal configuration related to licenses required on the 9800 side. Once the license level is configured on WLC, majority of the work is handled by DNA Center.

The only requirement is that WLC is added to the DNA Center device inventory and assigned to a site.

Since the only thing that needs license in a 9800 deployment are the access points joined to it, ensure that there is at least 1 AP joined to the WLC.

License level can be changed in the WLC web interface under Licensing menu when you select the Change Wireless License Level button:

License level can either be set to essential or advantage level. Both AIR Network License and AIR DNA License need to be the same level. The change of the license level requires a reload.

Before WLC is added to the DNA Center, ensure that:

1. WLC must be added to the DNA Center via its Wireless Management Interface. Other out of band management interfaces like GigabitEthernet0 cannot be used
2. WLC needs to have 2 aaa commands configured:
   

   aaa authorization exec default <local or radius/tacacs group>
   aaa authentication login default <local or radius/tacacs group>​

3. NetCONF protocol needs to be enabled (port 830 used by default)
4. Simple Network Management Protocol (SNMP) needs to be enabled and communities/users need to be configured on WLC
5. WLC wireless management interface and DNA Center need to be able to communicate over ports 161/162 (SNMP), 830 (NetCONF) and 20830 (telemetry)

Refer to this article for additional information about WLC and DNA Center integration: https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/214587-managing-and-provisioning-non-fabric-cat.html

DNA Center Configuration

Configure Smart Account Details

Before licensing is configured, smart account credentials need to be added to the DNA Center. In DNA Center web interface navigate to System > Settings > Cisco Accounts > Smart Account. Add the credentials of the Cisco Smart account:

Configure License Manager

In the DNA Center web interface, navigate to Tools > License Manager.

Navigate to Reporting & Compliance tab and select the Smart Licensing Compliance workflow:

The guided workflow wizard pops up. To begin, select Let's Do It.

In this next step select the Smart Account and Virtual Account you want to use. Click Next to proceed.

Select the site and check all the WLCs that DNA Center is intended to license:

Reporting Interval can be modified here. Default value is 30 days:

Final page provides a summary of all of the data and devices whose license usage is queued to be reported to the CSSM:

Click Next to begin the sync of licence usage data and observe the real time status. It takes a minimum of 4 minutes to complete the sync and get the acknowledgement back from the CSSM cloud.

Green color indicates a success. Select Finish to complete the workflow:

Verification

Overview tab of the license manager page shows the current license consumption:

Over on the Catalyst 9800 side, navigate to the Licensing > Service Settings and verify if the connection mode is set to Air Gap: