Release Notes for Cisco Catalyst Center 2.3.7.x on ESXi
Catalyst Center on ESXi is a new form factor that supports Catalyst Center in a virtual environment. The virtual form factor helps customers rapidly deploy and operate Catalyst Center. For customers who are running Cisco Prime Infrastructure on a virtual machine (VM), Catalyst Center on ESXi provides a migration path to take advantage of Catalyst Center features.
Note |
Cisco DNA Center has been rebranded as Cisco Catalyst Center. During the rebranding process, you will see the former and rebranded names used in different collaterals. Be assured that Cisco DNA Center and Catalyst Center refer to the same product. |
This document describes the features, limitations, and bugs for Catalyst Center on ESXi.
For links to all of the guides in this release, see Related Documentation.
Change History
The following table lists changes to this document since its initial release.
Date |
Change |
Location |
---|---|---|
2024-08-30 |
Added CSCwm39056 to the open bugs list. Described the limitation that Catalyst Center on ESXi doesn't enforce the API rate limit policies that are documented in the official API documentation. |
|
2024-08-02 |
Updated with information about Catalyst Center 2.3.7.6 on ESXi software. |
— |
2024-04-16 |
Updated the package versions. |
Package Versions |
2024-04-11 |
Added CSCwi86275 to the resolved bugs list. |
Resolved Bugs |
2024-04-08 |
Updated with information about Catalyst Center 2.3.7.5 on ESXi software. |
— |
2024-01-18 |
Added the link to download the Catalyst Center on ESXi 2.3.7.4 software. |
|
2023-12-20 |
Initial release. |
— |
Package Versions
Package Name |
Release 2.3.7.6 |
Release 2.3.7.5 | Release 2.3.7.4 |
---|---|---|---|
Release Build Version |
|||
Release Version |
2.3.7.6.75360 |
2.3.7.5.75367 |
2.3.7.4.75326 |
System Updates | |||
System |
2.6.54 |
2.5.64 |
2.3.132 |
System Commons |
2.718.65458 |
2.715.65430 |
2.714.65447 |
Package Updates |
|||
Access Control Application |
2.718.65458 |
2.715.65430 |
2.714.65447 |
AI Endpoint Analytics |
1.11.1148 |
1.11.919 |
1.11.726 |
AI Network Analytics |
3.1.41 |
3.1.39 |
3.1.30 |
Application Hosting |
2.3.124050804 |
2.3.124020205 |
2.3.123120506 |
Application Visibility and Policy |
2.718.117879 |
2.715.1175429 |
2.714.1175142 |
Assurance |
2.370.6243 |
2.370.5148 |
2.370.4191 |
Assurance Sensor |
2.370.6211 |
— |
— |
Automation - Intelligent Capture |
2.718.65458 |
2.715.65430 |
2.714.65422 |
Automation - Sensor |
2.718.65458 |
— |
— |
Catalyst Center API Catalog |
6.6.50 |
6.5.142 |
— |
Cisco Catalyst Center Global Search |
6.6.3 |
6.5.14 |
6.3.8 |
Cisco Catalyst Center Platform |
6.6.40 |
6.5.185 |
6.3.138 |
Cisco Catalyst Center UI |
3.3.176 |
3.2.350 |
3.1.69 |
Cisco Identity Services Engine Bridge |
2.716.90701 |
2.715.90505 |
2.714.90200 |
Cloud Connectivity |
6.4.33 |
6.3.18 |
6.1.45 |
Cloud Connectivity - Contextual Content |
6.5.8 |
6.4.18 |
6.2.15 |
Cloud Connectivity - Digestor |
6.6.2 |
6.4.15 |
6.2.10 |
Core-Addons |
0.8.10 |
— |
— |
Core Platform |
0.8.96 |
0.7.78 |
0.5.200 |
DxHub Cloud Connectivity |
6.6.35 |
6.5.16 |
6.3.14 |
Gateway |
0.8.13 |
— |
— |
Group-Based Policy Analytics |
3.7.6 |
— |
— |
Identity and Access Management |
5.2.35 |
5.1.21 |
4.0.33 |
Identity and Access Management - UI |
5.2.15 |
5.1.12 |
3.1.11 |
Multiple Cisco Catalyst Center |
2.718.65458 |
2.715.65430 |
2.714.65422 |
Network Controller Platform |
2.718.65458 |
2.715.65430 |
2.714.65422 |
Network Data Platform - Base Analytics |
2.370.60118 |
2.370.50207 |
2.370.40107 |
Network Data Platform - Caching Infra |
6.4.6 |
6.3.22 |
6.2.8 |
Network Data Platform - Core |
6.4.509 |
6.3.513 |
6.2.34 |
Network Data Platform - Ingestion Infra |
6.4.3 |
6.3.44 |
6.2.17 |
Network Data Platform - Manager |
6.4.3 |
6.3.103 |
6.2.13 |
Network Data Platform - Pipeline Infra |
6.4.521 |
6.3.522 |
6.2.27 |
Network Data Platform - Storage Management |
6.4.9 |
6.3.51 |
6.2.54 |
RCA-Scripts Package |
0.2.2 |
0.2.2 |
0.1.11 |
Rogue and aWIPS |
2.9.605 |
2.9.408 |
2.9.210 |
SD Access |
2.718.65458 |
2.715.65430 |
2.714.65422 |
Shared Managed Services |
0.8.8 |
— |
— |
Stealthwatch Security Analytics |
2.718.1095210 |
— |
— |
System Management Operations |
1.4.52 |
1.3.51 |
1.1.1108 |
System Remediation |
1.1.0 |
1.0.1 |
— |
Telemetry |
3.5.14 |
3.4.14 |
3.2.18 |
Wide Area Bonjour |
2.718.77018 |
— |
— |
Features
New and Changed Features
New and Changed Features for Catalyst Center 2.3.7.6 on ESXi
Feature |
Description |
---|---|
Group-Based Policy Analytics (VA) |
This feature is now supported on ESXi VA. Group-Based Policy Analytics is an application on Catalyst Center that helps administrators visualize group-to-group interactions, and helps to build policies by using discovered ports and protocols used between groups. For information, see the Cisco Catalyst Center User Guide, Release 2.3.7.x. |
Wide-Area Bonjour |
This feature is now supported on ESXi VA. Cisco Wide Area Bonjour enables global service routing beyond a single IP gateway for traditional LAN and WLAN networks. For information, see the Cisco Wide Area Bonjour Application on Cisco Catalyst Center User Guide. |
Stealthwatch Security Analytics (SSA) |
This feature is now supported on ESXi VA. The Stealthwatch Security Analytics service on Catalyst Center, in conjunction with Cisco Stealthwatch, provides real-time monitoring of all network traffic. For information, see the Stealthwatch Security Analytics Service 2.3.7.x User Guide. |
1800S Sensor Support on Assurance (VA) |
This feature is now supported on ESXi VA. Assurance supports the 1800S sensor. This feature includes wireless performance analytics, real-time client troubleshooting, and proactive health assessment. For information, see the Cisco Catalyst Assurance User Guide, Release 2.3.7.x. |
New and Changed Features for Catalyst Center 2.3.7.5 on ESXi
This Catalyst Center on ESXi release has no new features.
New and Changed Features for Catalyst Center 2.3.7.4 on ESXi
Feature |
Description |
---|---|
Default Single Network Interface Card (NIC) |
By default, one NIC is enabled when you install Catalyst Center 2.3.7.4 as a virtual appliance on ESXi. See "Deploy a Virtual Appliance" for setup instructions in the Cisco Catalyst Center 2.3.7.x on ESXi Deployment Guide. |
Second NIC Installation (Day-N) |
As an option, after you install Catalyst Center 2.3.7.4 on ESXi, you can add an additional NIC to your deployment. For information, see "Configure an Additional Network Adapter" in the Cisco Catalyst Center 2.3.7.x on ESXi Deployment Guide. |
ESXi Launcher App Enhancements |
You can configure a virtual appliance using the ESXi Launcher App in interactive mode or silent mode. For information, see the following topics in the Cisco Catalyst Center 2.3.7.x on ESXi Deployment Guide.
|
Diagnostics Center Validation Tool |
The validation tool ( ) is supported with some limitations. |
Unsupported Features
Catalyst Center 2.3.7.x on ESXi supports all of the features that Catalyst Center supports, except for the following features:
-
Automation: Cisco DNA Traffic Telemetry Appliance.
-
Wireless: Cisco User-Defined Network (UDN), Cisco Umbrella.
-
System Workflows: Backup and Restore using VMware vSphere Client snapshot function, Backup and Restore from Catalyst Center hardware appliance to Catalyst Center on ESXi virtual appliance.
-
Setting Page: Authentication API Encryption.
-
Telemetry: VM- and host-level telemetry.
VA Requirements
Catalyst Center on ESXi is intended for enterprise environments, such as manufacturing or education, where a large-scale requirement is present within a single physical environment.
The following requirements must be met in order to successfully deploy a Catalyst Center on ESXi virtual appliance. For performance tips that cover the most performance-critical areas of VMware vSphere, see:
-
VMware vSphere Client 7.0: Performance Best Practices for VMware vSphere 7.0 (PDF)
-
VMware vSphere Client 8.0: Performance Best Practices for VMware vSphere 8.0 (PDF)
Feature | Description |
---|---|
Virtualization platform and hypervisor |
VMware vSphere (which includes ESXi and vCenter Server) 7.0.x or later, including all patches |
Processors |
Intel 2.1-GHz and above CPU 32 vCPUs with 64-GHz reservation must be dedicated to the VM |
Memory |
256-GB DRAM with 256-GB reservation must be dedicated to the VM |
Storage |
3-TB solid-state drive (SSD) If you plan to create backups of your virtual appliance, also reserve additional datastore space. For information, see "Backup Server Requirements" in the Cisco Catalyst Center on ESXi Administrator Guide. |
IO Bandwidth |
180 MB/sec |
IOPS |
2000-2500 |
Latency |
Catalyst Center on ESXi to network device connectivity: 200 ms |
Limitations and Restrictions
Catalyst Center on ESXi has the following limitations and restrictions:
-
In 2.3.7.6, the API rate limit policies that are documented in the official API documentation aren’t enforced. As a result, users might exceed the recommended API request limits without being automatically throttled or blocked by the system with an error response 429.
While exceeding the API rate limits is not recommended, it is unlikely to cause immediate service disruption or security vulnerabilities. However, excessive API usage could lead to:
-
Performance degradation: High API request volumes could impact the overall performance of the Catalyst Center platform, potentially causing slower response times or temporary unavailability.
-
Resource contention: Increased API activity could consume additional system resources, affecting other platform functions or user experiences.
-
Unexpected behavior: In some cases, exceeding the API rate limits could trigger unexpected platform behavior or errors.
To ensure optimal platform performance and stability, we recommend that you adhere to the documented API rate limit policies.
-
-
For Group-Based Policy Analytics, the summary for the 24-hour and 12-hour Sankey charts isn't available in Catalyst Center on ESXi.
-
Unlike the Catalyst Center platform, you cannot connect VMs to create three-node clusters. To achieve high availability, you need to use VMware vSphere. For more information, see the "High Availability" section in the Cisco Catalyst Center on ESXi Administrator Guide.
-
Catalyst Center on ESXi does not support the following VMware vSphere features:
-
Fault tolerance
-
Suspending and resuming VMs
-
Cloning VMs
-
Snapshot (as backup)
-
-
With Catalyst Center on ESXi, application telemetry is not supported for Cisco Catalyst 9500 Series Switches.
-
To configure the Management interface and the Enterprise interface, manually create a virtual machine using the VMware vSphere UI and then configure both interfaces using either the Maglev Configuration wizard or the Install Configuration wizard. For more information, see the "Deploy a Virtual Appliance" section in the Cisco Catalyst Center on ESXi Deployment Guide.
Multiple Catalyst Centers—Limited Availability
Multiple Catalyst Center allows you to define a single global set of virtual networks for software-defined access across multiple Catalyst Center clusters integrated with a single Cisco ISE system. This Multiple Catalyst Center functionality is a Limited Availability offering in Catalyst Center on ESXi.
To facilitate global administration of Cisco SD-Access across multiple Catalyst Center clusters with a consistent set of virtual networks, the Multiple Catalyst Center feature leverages the existing secure connection with Cisco ISE to propagate virtual networks, Security Group Tags (SGTs), access contracts, and Group-Based Access Control (GBAC) Policy from one cluster to another cluster, all integrated with the same Cisco ISE deployment. Cisco ISE takes the information learned from one cluster (the Author node) and propagates it to the other clusters (Reader nodes).
Because there are significant caveats for the Multiple Catalyst Center functionality, the Cisco SD-Access Design Council reviews the requests and provides guidance for use of the Multiple Catalyst Center to participants in the Limited Availability program.
Contact your account team to submit a request to the Cisco SD-Access Design Council to participate in the Limited Availability program.
Customers who are using Cisco ISE Version 3.1 or earlier must request and install the Limited Availability package before enabling Multiple Catalyst Center.
Note |
After this functionality is enabled, it can be disabled only by deleting Cisco ISE. In addition, if this functionality is enabled, because pxGrid is a required component of the solution, pxGrid cannot be disabled subsequently. |
Deployment Overview
For information about how to deploy Catalyst Center in a VMware vSphere environment, see the Cisco Catalyst Center on ESXi Deployment Guide. The guide also covers configurations we recommend you make before you use the product.
Bugs
Open Bugs
The following table lists the open bugs in Catalyst Center on ESXi for this release.
Bug Identifier | Headline |
---|---|
In setups with a large number of APs, the compliance visibility reporting process takes a long time to complete. |
|
An air-gap upgrade fails because the NTP IP subnet is not included in the allowed IP address range. |
|
The Cisco Wireless AireOS Access Point workflow hangs in in-progress state. |
|
The "Managed Service elasticsearch(ndp) is DEGRADED" event is displayed on the System Health page even though the service is running correctly. |
|
After a successful restore operation, the GUI displays "first-time setup" at login. |
|
When migrating from DN1 to VA, package validation is not performed during the restore process to VA. |
|
When the SearchService file calls the network-profile API, and the call fails, the provisioning-service webapp will fail during start-up. |
|
The API endpoints for provisioning settings are unavailable on Virtual Appliances. |
|
In 2.3.7.6, Catalyst Center on ESXi doesn't enforce the API rate limit policies that are documented in the official API documentation. As a result, users might exceed the recommended API request limits without being automatically throttled or blocked by the system with an error response 429. |
Resolved Bugs
Catalyst Center 2.3.7.6 on ESXi
There are no resolved bugs in Catalyst Center 2.3.7.6 on ESXi.
Catalyst Center 2.3.7.5 on ESXi
The following table lists the resolved bugs in Catalyst Center 2.3.7.5 on ESXi.
Bug Identifier |
Headline |
---|---|
Client data and AP health aren't displayed in the Assurance Custom Dashboard Library. |
|
Under scale conditions, the Catalyst Center on ESXi UI is not accessible for several hours while restoring data. |
|
When the managed service is restored, the mongo database is restored in the end. |
|
An event doesn't trigger an email notification. |
|
PnP fails to onboard an AP. |
|
The first time you display the Fabric site table, it displays only 10 sites. |
|
Login fallback, although enabled, fails to function when an external TACACS authorization timeout occurs. |
|
Email notification for reports includes a link that contains the management IP address instead of the Enterprise IP address. |
|
Cisco Wireless AireOS Controller is unable to send Cisco AireOS Network Assurance telemetry due to an unauthorized JSON Web Token (JWT). |
|
Import of the System Certificate in the wrong file format causes IOS-XE-based devices to be reported as not managed in Assurance. |
|
When using TACACs for external authentication with a case-sensitive username that contains mixed or uppercase letters, authentication succeeds, but the browser enters a redirect loop between login and home page. |
Catalyst Center 2.3.7.4 on ESXi
The following table lists the resolved bugs in Catalyst Center 2.3.7.4 on ESXi.
Bug Identifier |
Headline |
---|---|
When a user performs an advanced fresh installation with a proxy server for authentication, the installation fails, and the proxy server details are not set in the KVstore yaml in kvstore.config.cluster file. |
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Related Documentation
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)