We’ve been examining the benefits of Intent-Based Networking and seeing how organizations are using Cisco’s programmable network platform to improve application performance and transform rigid business processes into flexible digital workflows. Wireless access, in particular, plays a significant role in the process of digital transformation, making it possible for employees to work anywhere, anytime with instant access to applications and data sources in the data center, branch, or cloud.

Wireless networking controllers and access points (APs) are integral to Cisco’s Intent-Based Networking. Organizations are connecting thousands of APs to tens of thousands of distributed endpoints, and managing them all through Cisco DNA Center. Now, with IoT projects gaining momentum, organizations are adding thousands of additional wireless connections to a wide variety of device types with varying transmission requirements. Healthcare organizations, for example, are connecting staff with mobile tablets, tracking medical equipment with location beacons, and monitoring patients’ vital signs through wireless networks.

Wi-FiConnections that support critical operations depend on networked services being always on, secure, and deployable anywhere—essentially making Intent-Based Networks available everywhere. As organizations of all types grow utterly dependent on wireless connectivity, Cisco has been busy reinventing our wireless access platform to meet the current and future needs of enterprises on their digital transformation journey. It’s a catalyst for change.

Catalyst 9800: Designed and Built for Intent-Based Networks

The Cisco Catalyst 9800 family of controllers is the next generation wireless architecture designed and engineered to support Intent-Based Networks with enhanced always-on Wi-Fi access points, integrated security, and the ability to deploy controllers and access points anywhere. Powered by IOS XE, a modular, open, and programmable network operating system, the Catalyst 9800 controller provides new features built on three principles:

  • Always on Wi-Fi that accommodates seamless software upgrades across sites, the addition of new AP models, and application of PSIRT security updates enabled by hot patching, resulting in no downtime or restarts.
  • Security designed in with advanced threat detection enabled by Encrypted Traffic Analytics and automated segmentation with SD-Access.
  • Deploy anywhere in the infrastructure you need to run your business: public and private cloud IaaS platforms, Gov Cloud, on-premise in branches, or integrated with Catalyst 9000 switches in the data center.

Let’s examine these advancements to see how they support your organization’s real-time business processes.

Always On Wi-Fi for Always-On Enterprises

Employees, customers, patients, and guests of businesses have expectations that their mobile devices are always connected to the internet and the information resources they need. Moreover, as key mobile business applications reach out to internet SaaS platforms for data processing, an always-on Wi-Fi fabric throughout campuses and branches is a strategic asset for productivity and interactivity. Cisco’s next-generation Wi-Fi controllers ensure that the network is always available for time-critical processes.

The Catalyst 9800 incorporates several features to ensure maximum uptime for planned and unplanned events. Applying software updates and security patches are a fact of life across hardware and software platforms. The Catalyst 9800 family makes it seamless to install a security patch or OS updates while controllers and APs keep operating, avoiding disruptions of wireless connectivity—an industry first. Managing all software patching and upgrades through Cisco DNA Center centralizes control over distributed controllers and access points. Services such as voice, video, and data are always on with hot standby controllers immediately picking up traffic should a parallel controller fail. Clients stay connected with stateful switchover for endpoints to prevent unexpected de-authentication.

Granular, Layered Security Everywhere

As enterprises continue to add wireless capabilities to their business processes—such as mobile device access to patient records—security of sensitive data traffic is a top priority. We’ve built-in layers of security to Catalyst controllers and Aironet access points to protect data in transit and defend against threats. The layered security approach protects Air (transmissions), Devices, and People.

  • In the background, Catalyst controllers are continuously examining encrypted traffic, applying machine learning to detect hidden malware and other threats with Encrypted Threat Analytics (ETA).
  • As people bring their own devices to work, each one needs to be seamlessly onboarded with the proper security permissions. The Cisco Identity Services Engine and SD-Access work in concert with Cisco DNA Center to identify the device type and associate it with login credentials and access permissions for the device owner. Security policies are automatically applied whenever the device connects and moves around the network among access points.
  • IoT devices, many of which have minimal built-in security, need to be segmented from the primary business traffic to ensure business-sensitive data is kept separate from telemetry and machine-to-machine traffic. SD-Access operating on the wireless controller applies micro-segmentation policies to IoT devices according to network intents, protecting endpoints from communicating with malicious external sources and keeping IoT traffic from mixing with business data.

These integrated security layers provide safe and secure ubiquitous connectivity in branch, campus, and cloud for wireless devices.

Deploy Secure Wireless Fabric Anywhere, at Any Scale

multicloud securityAs the use of wireless devices continues to expand into every niche in the enterprise, the controllers need to operate anywhere, at any scale, for maximum efficiency. Catalyst 9800 works at all levels of the enterprise: in distributed branches, in data center switches, in private and public cloud infrastructure, or on an appliance. The wireless controller functions can be deployed on Catalyst 9800 appliances, on the Catalyst 9300 switch, in private clouds such as ESXi, KVM, Cisco ENCS, or in the AWS public cloud. Catalyst 9800 provides flexibility of deployment at the scale that the customer wants and needs.

The Catalyst 9800 family is designed to sustain an organization’s growth. Catalyst 9800s can support from 200 APs connecting 4000 clients to 6000 APs connecting 64,000 endpoints. Build a next-generation university and healthcare campus-wide wireless network. Move critical business applications to a public cloud and have secure Wi-Fi access built right into the cloud infrastructure. There is really no limit to how connected your wireless enterprise can become with the Catalyst 9800 family of Wi-Fi Controllers.

Wireless Access Re-engineered for Speed, Scale, and Reliability

We’ve re-engineered our wireless controller platform for Intent-Based Networking to ensure your wireless network can handle the always-on nature of business in the age of digital transformation. The new controllers are also ready to support Wi-Fi 6 when it becomes available, future-proofing your investment for the next generation of speedier and more efficient Wi-Fi access points and devices. From scalable options for mobile applications, machine-to-machine IoT traffic, to cloud everywhere connectivity, Cisco’s next-generation wireless platform provides speed, scale, security, and always on reliability.

Visit the Cisco wireless website for details and specifications on the new Catalyst 9800 Wireless Controllers.

Catalyst 9800
Catalyst 9800




Anand Oswal

No Longer with Cisco