6 more weeks with the Cisco Catalyst 9800-40

In my last post I wrote about my first findings in trying to implement the C9800 in my wireless network.

As this was a "try&buy", and things were looking good - not perfect, but very reasonable and with great prospects - I went from "try" to "buy", and started migrating.

So I want to share some more insight about the process, about issues and about my setup. As of the time I began writing this post, 16.10.1e was the lastest released software. During writing, 16.11.1b was released, that includes some missing features (mDNS, CAPWAP over NAT/PAT,...) and fixes multiple bugs. As I am not yet running this software, this post is about 16.10, and if I discover new insights, I will make a new post about 16.11.

One of my two 9800-40 (in HA-SSO), mounted into the destination Rack. Connection as Multichassis-Etherchannel (20G for now, option to 40G) and 1G HA link, in different buildings, 2 PSUs on different circuits (one with UPS, one without), one building includes diesel generator.



- I went full IPv6 in the wireless infrastructure. Gone are the days of RFC1918 space, weird routes and NAT. The controller itself does have an IPv4 address in addition to the IPv6, as the RADIUS servers are (not yet) IPv6, and there are some APs outside of the network, that do not have an IPv6 connection. But my management, and the CAPWAP connection between AP and controller is IPv6 only. The APs do not even have an IPv4 address.

We have multiple distribution layers; every one of them has now its own "ap management" VLAN; DHCPv6 gives out addresses to the APs, including "DHCPv6 option 52", which is the controller v6 address.



Two caveats here - first: 2802 APs with manufacturing date March 2019 still ship with 8.2 code, which is on COS APs not IPv6 capable. So to install, you would need to "prime" them first on IPv4. Once they start shipping with newer code, this is no longer necessary. They boot, get IPv6 address and controller address from DHCP, and migrate from 8.2 code to the 16.x code. If you want to migrate and you're already running newer code, this is not an issue. Its just that the AP is "out of the box" on code that does not do IPv6.


Page 1 of 1, totaling 1 entries