Data SheetCisco Catalyst 9800-40 WirelessControllerBuilt from the ground up for intent-based networking 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 1 of 23

ContentsProudct 12Software Requirements15Licensing16Warranty21Ordering Information22Cisco Capital22Document History23 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 2 of 23

Product OverviewFigure 1.Cisco Catalyst 9800-40 Wireless ControllerBuilt from the ground-up for the Intent-based networking and Cisco DNA, Cisco Catalyst 9800 Series Wireless Controllersare Cisco IOS XE based and integrate the RF excellence of Cisco Aironet access points creating the best-in-classwireless experience for your evolving and growing organization. The Cisco Catalyst 9800 Series Wireless Controllers arebuilt on an open and programmable architecture with built-in security, streaming telemetry and rich analytics.The Cisco Catalyst 9800 Series Wireless Controllers are built on the three pillars of network excellence— always on,secure, and deployed anywhere— which strengthen the network by providing the best wireless experience withoutcompromise, while saving time and money.The Cisco Catalyst 9800-40 is a fixed wireless controller with seamless software updates for midsize and largeenterprises.The Cisco Catalyst 9800-40 is feature rich and enterprise ready to power your business-critical operations and transformend-customer experiences: High availability and seamless software updates, enabled by hot and cold patching, keep your clients and servicesalways on during planned and unplanned events. Secure air, devices, and users with the Cisco Catalyst 9800-40. Wireless infrastructure becomes the strongest firstline of defense with Cisco Encrypted Traffic Analytics (ETA) and Software-Defined Access (SD-Access). Thecontroller comes with built-in security: secure boot, runtime defenses, image signing, integrity verification, andhardware authenticity. Built on a modular operating system, the 9800-40 features open and programmable APIs that enable automationof day-0 to day-N network operations. Model-driven streaming telemetry provides deep insights into the health ofyour network and clients.FeaturesTable 1.Key featuresMetricValueMaximum number of access pointsUp to 2000Maximum number of clients32,000Maximum throughputUp to 40 GbpsMaximum WLANs4096Maximum VLANs4096 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 3 of 23

MetricValueMax Site Tags2000Max Flex APs per Site100Max Policy Tags2000Max RF Tags2000Max RF Profiles4000Max Policy Profiles1000Max Flex Profiles2000Interfaces4x 10 GE/1 GE SFP /SFPPower supplyAC power with optional redundant AC powerMaximum power consumption381WDeployment modesCentralized, Cisco FlexConnect , and Fabric Wireless (SD-Access)Form factor1RULicenseSmart License enabledOperating systemCisco IOS XEManagementCisco DNA Center 1.2.8, Cisco Prime Infrastructure 3.5, integrated WebUI,and third party (open standards APIs)InteroperabilityAireOS-based controllers with 8.8 MR2, 8.5 MR4, and 8.5 MR3 specialPolicy engineCisco Identity Services Engine (ISE) 2.2, 2.3, and 2.4Cisco Connected Mobile Experiences (CMX)CMX 10.5.1Access pointsAironet 802.11ac Wave 1 and Wave 2 access pointsAlways onSeamless software updates enable faster resolution of critical issues, introduction of new access points with zerodowntime, and flexible software upgrades. Stateful switchover (SSO) with 1:1 active standby and N 1 redundancy keepsyour network, services, and clients always on, even in unplanned events.SecureSecure air, devices, and users with the Cisco Catalyst 9800-40 Wireless Controller. Wireless infrastructure becomes thestrongest first line of defense with ETA and SD-Access. The controller comes with built-in security: secure boot, runtimedefenses, image signing, integrity verification, and hardware authenticity. 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 4 of 23

Open and programmableThe controller is built on the Cisco IOS XE operating system, which offers a rich set of open standards-basedprogrammable APIs and model-driven telemetry that provide an easy way to automate day-0 to day-N networkoperations.DetailsPhysical dimensionsTable 2.Physical dimensionsDimensionValueWidth17.3 inches (43.94 cm)Depth19.5 inches (49.53 cm)Height1.72 inches (4.37 cm)Weight22.8 lb (10.34 kg)Front PanelFigure 2.Front panelFigure 3.Front panel components 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 5 of 23

Figure 4.10 GE/1 GE portsTable 3.Descriptions of front panel componentsLabelComponent1PWR: Power LED2SYS: System LED3ALM: Alarm LED4HA: High-availability LED5CON: RJ-45 compatible console port6EN: USB console-enabled LED7CON: Mini USB console port8USB ports 0 and 19SP: RJ-45 10/100/1000 management Ethernet port10RP: RJ-45 10/100/1000 redundancy Ethernet port11RP: 1 GE SFP port (the only SFPs supported on the RP port are GLC-SX-MMD and GLC-LH-SMD)12LINK: RJ-45 connector LED13SSD: SSD activity LED14TE0: 1 GE SFP/10 GE SFP port 015TE1: 1 GE SFP/10 GE SFP port 116TE2: 1 GE SFP/10 GE SFP port 217TE3: 1 GE SFP/10 GE SFP port 3 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 6 of 23

PortsTable 4.Ports and their purposePortPurpose1x RJ-45 console portConsole port for out-of-band management1x USB 3.0 console portConsole port for out-of-band management2x USB 3.0 portsUSB 3.0 ports for plugging in external memory1x RJ-45 management portManagement port used for out-of-band management. Also known as service port1x RJ-45 redundancy portRedundancy port used for SSO1x SFP Gigabit Ethernetredundancy portRedundancy port used for SSO4x 10 GE/1 GE SFP or SFP portsPorts used for sending and receiving traffic between access points and controller, northboundtraffic, in-band management traffic, and wireless client traffic. Must be connected to the switch Redundancy port used for SSO; works with Cisco supported SFPs (GLC-LH-SMD and GLC-SX-MMD) for RPportFront panel LEDsTable 5.Front panel LEDsLEDColorFunctionPowerGreenGreen if all power rails are within specSystem statusGreenOn: IOS has boot completeBlinking: IOS boot in progressAmberOn: System crashBlinking: Secure boot failureOff: ROMMON bootHigh AvailabilityGreenOn: HA activeBlinking: HA standby hotAmberSlow blink: Booted with HA standby coldFast blink: HA maintenanceAlarmGreenOn: ROMMON boot completeBlinking: System upgrade in progressAmberOn: ROMMON boot and SYSTEM bootupBlinking: Temperature err and secure boot failureUSB consoleGreenWhen LED is lit, USB Console is enabled (RJ-45 console is disabled)SSD activityGreenIndicates active use of the hard disk SSD memory devices in the unitNetwork linkGreenSolid green indicates linkFlashing green indicates activity 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 7 of 23

Rear panelFigure 5.Rear panelTable 6.Descriptions of rear panel componentsLabelComponent1Fans2Optional redundant power supply (PEM 1)3Power supply (PEM 0)4Power/standby switchRear panel LEDsTable 7.Power LEDsGreen LEDAmber LEDPower supply statusOffOffNo AC power to all power suppliesOffOnPower supply failure (includes over voltage, over current, over temperature, and fan failure)Off1 Hz blinkingPower supply warning events in which the power supply continues to operate (high temperature,high power, and slow fan)1 Hz blinkingOffAC present, 12VSB on (power supply off)OnOffPower supply on and OK 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 8 of 23

PowerThe 9800-40 controller supports an optional redundant AC power supply.The AC input ranges are as follows: Worldwide ranging AC input range (90 to 264 VAC)The Power Entry Modules (PEMs) provide redundant power to the system, and the 9800-40 can operate continuouslywith only a single PEM installed. The PEMs are hot-swappable, and replacement of a single PEM can be made withoutpower interruption to the system. All external connections to the PEMs are made from the rear panel of the chassis, andthey are removed or inserted from the rear. The main power switch for the unit is located directly next to the PEMs on therear of the chassis.SFPs supportedThe four data ports can operate in either 10 GE or 1 GE mode.Note:Table 8.10/100-Mbps operation is not supported.SFPs supportedTypeModules supportedSmall Form-FactorPluggable DGLC-TEEnhanced SFP (SFP -ACU10MDWDM-SFP10G-30.33 - DWDM-SFP10G-61.41 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 9 of 23

BenefitsCisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through networkautomation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a networkdevice. The various mechanisms that bring about network automation are outlined below, based on a device lifecycle. Automated device provisioning: This is the ability to automate the process of upgrading software images andinstalling configuration files on Cisco access points when they are being deployed in the network for the first time. Ciscoprovides turnkey solutions such as Plug and Play (PnP) that enable an effortless and automated deployment. API-driven configuration: Modern wireless controllers such as the Cisco Catalyst 9800-40 Wireless Controller support awide range of automation features and provide robust open APIs over Network Configuration Protocol (NETCONF)using YANG data models for external tools, both off-the-shelf and custom built, to automatically provision networkresources. Granular visibility: Model-driven telemetry provides a mechanism to stream data from a wireless controller to adestination. The data to be streamed is driven through subscription to a data set in a YANG model. The subscribed dataset is streamed out to the destination at configured intervals. Additionally, Cisco IOS XE enables the push model, whichprovides near-real-time monitoring of the network, leading to quick detection and rectification of failures. Seamless software upgrades and patching: To enhance OS resilience, Cisco IOS XE supports patching, which providesfixes for critical bugs and security vulnerabilities between regular maintenance releases. This support allows customersto add patches without having to wait for the next maintenance release.Always on High availability: Stateful switchover with a 1:1 active standby and N 1 redundancy keeps your network, services, andclients always on, even in unplanned events. Software Maintenance Upgrades (SMUs) withhot and cold patching: Patching allows for a patch to be installed as abug fix without bringing down the entire network and eliminates the need to requalify an entire software image.TheSMU is a package that can be installed on a system to provide a patch fix or security resolution to a released image.SMUs allow you to address the network issue quickly while reducing the time and scope of the testing required. TheCisco IOS XE platform internally validates the SMU compatibility and does not allow you to install incompatible SMUs.All SMUs are integrated into the subsequent Cisco IOS XE Software maintenance releases. Intelligent rolling access point upgrades and seamless multisite upgrades: The Cisco Catalyst 9800-40 WirelessController comes equipped with intelligent rolling access point upgrades to simplify network operations. Multisiteupgrades can now be done in stages, and access points can be upgraded intelligently without restarting the entirenetwork. 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 10 of 23

Security Encrypted Traffic Analytics (ETA): ETA is a unique capability for identifying malware in encrypted traffic coming fromthe access layer. Since more and more traffic is being encrypted, the visibility this feature provides related to threatdetection is critical for keeping your network secure at different layers. Trustworthy systems: Cisco Trust Anchor Technologies provide a highly secure foundation for Cisco products. With theCisco Catalyst 9800-40, these trustworthy systems help assure hardware and software authenticity for supply chaintrust and strong mitigation against man-in-the-middle attacks on software and firmware. Trust Anchor capabilitiesinclude: Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other software areauthentic and unmodified. As the system boots, its software signatures are checked for integrity. Secure Boot: Cisco Secure Boot technology anchors the boot sequence chain of trust to immutable hardware,mitigating threats against a system's foundational state and the software that is to be loaded, regardless of a user'sprivilege level. It provides layered protection against the persistence of illicitly modified firmware. Cisco Trust Anchor module: A tamper-resistant, strong cryptographic, single-chip solution uniquely identifies theproduct so that its origin can be confirmed to Cisco, providing assurance that the product is genuine.Flexible NetFlow Flexible NetFlow (FNF): Cisco IOSFNF is the next generation in flow visibility technology, allowing optimization of thenetwork infrastructure, reducing operating costs, and improving capacity planning and security incident detection withincreased flexibility and scalability.Application Visibility and Control Next-Generation Network Based Application Recognition (NBAR2): NBAR2 enables advanced applicationclassification techniques, with up to 1400 predefined and well-known application signatures and up to 150 encryptedapplications on the Cisco Catalyst 9800-40. Some of the most popular applications included are Skype, Office 365,Microsoft Lync, Cisco Webex , and Facebook. Many others are already predefined and easy to configure. NBAR2provides the network administrator with an important tool to identify, control, and monitor end-user application usagewhile helping ensure a quality user experience and securing the network from malicious attacks. It uses FNF to reportapplication performance and activities within the network to any supported NetFlow collector, such as Cisco Prime,Stealthwatch , or any compliant third-party tool. 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 11 of 23

Quality of Service Superior Quality of Service (QoS): QoS technologies are tools and techniques for managing network resources and areconsidered the key enabling technologies for the transparent convergence of voice, video, and data networks. QoS onthe Cisco Catalyst 9800-40 consists of classification of traffic based on packet data as well as application recognition andtraffic control actions such as drop, marking and policing. A modular QoS command-line framework provides consistentplatform-independent and flexible configuration behavior. The 9800-40 also supports policies at two levels of target:BSSID as well as client. Policy assignment can be granular down to the client level.Smart operation Bluetooth ready: The Cisco Catalyst 9800-40 has hardware support to connect a Bluetooth dongle to the controller,enabling you to use this wireless interface as a management port. This port functions as an IP management interfaceand can be used for configuration and troubleshooting using WebUI or the Command-Line Interface (CLI), and totransfer images and configurations. WebUI: WebUI is an embedded GUI-based device-management tool that provides the ability to provision the device,simplify device deployment and manageability, and enhance the user experience. WebUI comes with the default image.There is no need to enable anything or install any license on the device. You can use WebUI to build a day-0 and day-1configuration and from then on monitor and troubleshoot the device without having to know how to use the CLI.SpecificationsTable 9.SpecificationsItemSpecificationWireless standardsIEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n,802.11k, 802.11r, 802.11u, 802.11w, 802.11ac Wave1 and Wave2Wired, switching, androuting standardsIEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX, 1000BASE-T. 1000BASE-SX,1000-BASE-LH, IEEE 802.1Q VLAN taggin, 802.1AX Link AggregationData standards RFC 768 User Datagram Protocol (UDP) RFC 791 IP RFC 2460 IPv6 RFC 792 Internet Control Message Protocol (ICMP) RFC 793 TCP RFC 826 Address Resolution Protocol (ARP) RFC 1122 Requirements for Internet Hosts RFC 1519 Classless Interdomain Routing (CIDR) RFC 1542 Bootstrap Protocol (BOOTP) RFC 2131 Dynamic Host Configuration Protocol (DHCP) RFC 5415 Control and Provisioning of Wireless Access Points (CAPWAP) Protocol RFC 5416 CAPWAP Binding for 802.11 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 12 of 23

ItemSecurity standardsSpecification Wi-Fi Protected Access (WPA) IEEE 802.11i (WPA2, RSN) RFC 1321 MD5 Message-Digest Algorithm RFC 1851 Encapsulating Security Payload (ESP) Triple DES (3DES) Transform RFC 2104 HMAC: Keyed-Hashing for Message Authentication RFC 2246 TLS Protocol Version 1.0 RFC 2401 Security Architecture for the Internet Protocol RFC 2403 HMAC-MD5-96 within ESP and AH RFC 2404 HMAC-SHA-1-96 within ESP and AH RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV RFC 2407 Interpretation for Internet Security Association Key Management Protocol(ISAKMP) RFC 2408 ISAKMP RFC 2409 Internet Key Exchange (IKE) RFC 2451 ESP CBC-Mode Cipher Algorithms RFC 3280 Internet X.509 Public Key Infrastructure (PKI) Certificate and CertificateRevocation List (CRL) Profile RFC 4347 Datagram Transport Layer Security (DTLS) RFC 5246 TLS Protocol Version 1.2Encryption standards Static Wired Equivalent Privacy (WEP) RC4 40, 104 and 128 bits Advanced Encryption Standard (AES): Cipher Block Chaining (CBC), Counter with CBC-MAC (CCM), Counter with CBC Message Authentication Code Protocol (CCMP) Data Encryption Standard (DES): DES-CBC, 3DES Secure Sockets Layer (SSL) and Transport Layer Security (TLS): RC4 128-bit and RSA1024- and 2048-bit DTLS: AES-CBC IPsec: DES-CBC, 3DES, AES-CBC 802.1AE MACsec encryptionAuthentication,Authorization, andAccounting (AAA)standards IEEE 802.1X RFC 2548 Microsoft Vendor-Specific RADIUS Attributes RFC 2716 Point-to-Point Protocol (PPP) Extensible Authentication Protocol (EAP)-TLS RFC 2865 RADIUS Authentication RFC 2866 RADIUS Accounting RFC 2867 RADIUS Tunnel Accounting RFC 2869 RADIUS Extensions RFC 3576 Dynamic Authorization Extensions to RADIUS RFC 5176 Dynamic Authorization Extensions to RADIUS RFC 3579 RADIUS Support for EAP RFC 3580 IEEE 802.1X RADIUS Guidelines RFC 3748 Extensible Authentication Protocol (EAP) Web-based authentication TACACS support for management users 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 13 of 23

ItemManagement standardsSpecification Simple Network Management Protocol (SNMP) v1, v2c, v3 RFC 854 Telnet RFC 1155 Management Information for TCP/IP-based Internets RFC 1156 MIB RFC 1157 SNMP RFC 1213 SNMP MIB II RFC 1350 Trivial File Transfer Protocol (TFTP) RFC 1643 Ethernet MIB RFC 2030 Simple Network Time Protocol (SNTP) RFC 2616 HTTP RFC 2665 Ethernet-Like Interface Types MIB RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, MulticastFiltering, and Virtual Extensions RFC 2819 Remote Monitoring (RMON) MIB RFC 2863 Interfaces Group MIB RFC 3164 Syslog RFC 3414 User-Based Security Model (USM) for SNMPv3 RFC 3418 MIB for SNMP RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs RFC 4741 Base NETCONF protocol RFC 4742 NETCONF over SSH RFC 6241 NETCONF RFC 6242 NETCONF over SSH RFC 5277 NETCONF event notifications RFC 5717 Partial Lock Remote Procedure Call RFC 6243 With-Defaults capability for NETCONF RFC 6020 YANG Cisco private MIBsManagement interfaces Web-based: HTTP/HTTPS Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port SNMP NETCONFHard Disk Drives (HDD)Environmental conditionssupported SATA Solid-State Drive (SSD) 240GB of memoryOperating temperature: Normal: 5 to 40 C(41 to 104 F) Short term: 5 to 50 C (41 to 122 F)Nonoperating temperature: -40 to 65 C (-104 to 149 F)Operating humidity: Nominal: 5% to 85% no-condensing Short term: 5% to 90% noncondensingNonoperating temperature humidity: 5% to 93% at 82 F (28 C)Operating altitude: Appliance operating: 0 to 3000 m (0 to 10,000 ft) Appliance nonoperating: 0 to 12,192 m (0 to 40,000 ft)Electrical input: AC input frequency range: 47 to 63 Hz AC input range: 90 to 264 VAC with AC PEM 1100W AC with optional redundant power supply (hot-swappable)Maximum power: 381WHeat dissipation: 1,300 BTU/hrSound power level measure: A-weighted sound power level is 74.1 LpAm(dBA) @ 27C nominal operation 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 14 of 23

ItemSpecificationRegulatory complianceSafety: UL/CSA 60950-1 IEC/EN 60950-1 AS/NZS 60950.1 CAN/CSA-C22.2 No. 60950-1EMC – Emissions:Class A FCC 47CFR15 AS/NZS CISPR 22 CISPR 22 EN55022/EN55032 (EMI-1) ICES-003 VCCI KN 32 (EMI-2) CNS-13438EMC – Emissions: EN61000-3-2 Power Line Harmonics (EMI-3) EN61000-3-3 Voltage Changes, Fluctuations, and Flicker (EMI-3)EMC – Immunity: IEC/EN61000-4-2 Electrostatic Discharge Immunity IEC/EN61000-4-3 Radiated Immunity IEC/EN61000-4-4 EFT-B Immunity (AC Power Leads) IEC/EN61000-4-4 EFT-B Immunity (DC Power Leads) IEC/EN61000-4-4 EFT-B Immunity (Signal Leads) IEC/EN61000-4-5 Surge AC Port IEC/EN61000-4-5 Surge DC Port IEC/EN61000-4-5 Surge Signal Port IEC/EN61000-4-6 Immunity to Conducted Disturbances IEC/EN61000-4-8 Power Frequency Magnetic Field Immunity IEC/EN61000-4-11 Voltage Dips, Short Interruptions, and Voltage Variations K35 (EMI-2)EMC (ETSI/EN) EN 300 386 Telecommunications Network Equipment (EMC) (EMC-3) EN55022 Information Technology Equipment (Emissions) EN55024/CISPR 24 Information Technology Equipment (Immunity) EN50082-1/EN61000-6-1 Generic Immunity Standard (EMC-4)Software RequirementsThe Cisco Catalyst 9800-40 runs on Cisco IOS XE Software version 16.10.1 or later. This software release includes all thefeatures listed earlier in the Platform Benefits section.Table 10.Minimum software requirementsModelDescriptionMinimum software requirementC9800-40-K9Cisco Catalyst 9800-40 Wireless ControllerCisco IOS XE Software Release 16.10.1 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 15 of 23

LicensingThe Cisco Catalyst 9800 Series Wireless Controllers require mandatory Smart Licensing. This provides ease of use forCisco DNA license management, consumption, and tracking.No licenses are required to boot up a Cisco Catalyst 9800 Series Wireless Controller. However, in order to connect anyaccess points to the controller, Cisco DNA licenses are required. Every access point connecting to Catalyst 9800 requires aCisco DNA subscription license to be entitled to connect to the controller. See Figure 2.Figure 6.The APs connecting to Catalyst 9800 has a new and simplified licensing package. 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 16 of 23

They can support 3 types of Cisco DNA license: Cisco DNA Essentials, Cisco DNA Advantage and Cisco DNA Premier:The Cisco DNA licenses provide Cisco innovations on the AP. The Cisco DNA license also includes the Network Essentialsand Network Advantage licensing options whichcover wireless fundamentals such as 802.1x authentication, QoS, PnPetc, telemetry and visibility, SSO, as well as security controls. These Network essentials and Network advantagecomponents are perpetual and is valid till the life of the AP. Cisco DNA subscription licenses have to be purchased for a 3-,5-, or 7-year subscription term. However. upon expiry of Cisco DNA license, Cisco DNA features will expire, whereasnetwork essentials and network advantage features will remain.Here is a brief description of what each base and add-on package includes: 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 17 of 23

Note:It is not required to deploy Cisco DNA Center just to use one of the above packages.The following table shows the features included in the Network Advantage and Network Essentials package. 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 18 of 23

Table 11.Features included in the Network Advantage and Network Essentials packagesFeaturesNetwork EssentialsNetwork AdvantageEssential capabilities 802.1x authentications, Guest access, deviceonboarding, Infra and client IPv6, ACLs, QoS,Videostream, Smart defaults, RRM, Spectrumintelligence, BLE, Zigbee, USB,TrustSecSXP,SSO, Dynamic QoS, Analytics,ADP, OpenDNS, mDNS, IPSec, RogueManagement and Detection, MobilityOptimized RF FRA, Client link, ClearAir Advanced, NG-HDX, Predictive/Proactive RRMInternet of Things (IoT) optimizedIdentity pre-shared keys (PSK), enhanceddevice profilersDevOPS integration PnP Agent** NETCONF, RESTCONF , gNMI , Yang Data Models GuestShell (On-Box Python)*Federal CertificationsFederal Information Processing Standards(FIPS), CC, UCAPL, USGV6Telemetry and visibility Model-driven Telemetry NETCONF dial-in, gRPC dial out*High availability and resiliency (advanced) ISSU, Process Restart Rolling AP Upgrades, Patching (CLI) AP service pack/AP device packFlexible Network Segmentation VXLAN 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 19 of 23

The following table shows the features included in the Cisco DNA Advantage and Cisco DNA Essentials packages.Table 12.Features included in the Cisco DNA Advantage and Cisco DNA Essentials packagesFeaturesCisco DNA EssentialsCisco DNA Advantage/PremierBase Automation Plug and Play, network site design and deviceprovisioningElement managementImage management, network topology anddiscovery, AVCBase AssuranceHealth dashboard (network, client, andapplication), AP floor map and coverage map,predefined reportsTelemetryFlexible NetFlowBase securityBasic wireless IPSAdvanced AutomationSD-AccessLocation Plug and PlayAutomated ISE integration for guest3rd party API integrationAssurance and AnalyticsGuided RemediationApple iOS InsightsProactive issue DetectionAironet Active Sensor TestsIntelligent captureClient Location HeatmapsSpectrum AnalyzerApplication performance (Packet Loss, Latencyand Jitter),App 360, AP 360, Client 360 and WLC 360Custom Reports*Enhanced security and IoTEncrypted Traffic Analytics, Advanced WIPS 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 20 of 23

FeaturesCisco DNA EssentialsCisco DNA Advantage/PremierPolicy-based workflow EasyQoS configuration, EasyQoS monitoring,Policy based AutomationElement ManagementPatch Lifecycle ManagementTwo modes of licensing are available: SL: Smart Licensing simplifies and adds flexibility to licensing. It is: Simple: Procure, deploy, and manage licenses easily. Devices self-register, removing the need for Product ActivationKeys (PAKs). Flexible: Pool license entitlements in a single account. Move licenses freely through the network, wherever you needthem. Smart: Manage your license deployments with real-time visibility of ownership and consumption. SLR mode Specific License Reservation (SLR) is a feature used in highly secure networks. It provides a method for customers todeploy a software license on a device (Product Instance) without communicating usage information to Cisco. Therewill be no communication with Cisco or a satellite. The licenses will be reserved for every controller. It will be nodebased licensing.Four levels of license are supported on the Cisco Catalyst 9800 Series Wireless Controllers. The controllers can beconfigured to function at any one of the four levels. Cisco DNA Essential: At this level the Cisco DNA Essentials features set will be supported. Cisco DNA Advantage: At this level the Cisco DNA Advantage feature set will be supported. NE: At this level the Network Essentials feature set will be supported. NA: At this level the Network Advantage feature set will be supported. For customers who purchase Cisco DNA Essentials, Network Essentials will be supported and will continue to functioneven after term expiration. And for customers who purchase Cisco DNA Advantage, Network Advantage will besupported and will continue to function even after term expiration. Initial bootup of the controller will be at the Cisco DNA Advantage level.For questions, contact the Cisco Catalyst 9800 Series Wireless Controllers Licensing mailer group at askcatalyst9800licensing.Managing licenses with Smart AccountsCreating Smart Accounts by using the Cisco Smart Software Manager (CSSM) enables you to order devices and licensingpackages and also manage your software licenses from a centralized website. You can set up the Smart Account toreceive daily email alerts and to be notified of expiring add-on licenses that you want to renew. A Smart Account ismandatory for Catalyst 9800 controller. For more information on Smart Account refer to

License Smart License enabled Operating system Cisco IOS XE Management Cisco DNA Center 1.2.8, Cisco Prime Infrastructure 3.5, integrated WebUI, and third party (open standards APIs) Interoperability AireOS-based controllers with 8.8 MR2, 8.5 MR4, and 8.5 MR3 special Policy engine Cisco