Deploying Cisco Catalyst 9800 Controller on VMware ESXi

June 21, 2019 By Rowell 4 Comments

The next-generation wireless controller from Cisco is here. It’s completely written with IOS-XE, different from the Converged Wireless days. In this tutorial, I’ll be going through the deployment of the C9800-CL. To learn how to install the C9800-CL on VMware Fusion check out François Vergès’ blog.

---

Do you find this content useful? If so, consider buying me a coffee!

---

Hardware

For this lab, I initially tried to get this working using an 6th Generation Intel Core i3 Processor NUC. The i3 is not going to work.

To run the Catalyst 9800 wireless LAN controller you should get an Intel i7, minimum. My VMware lab included:

• Intel NUC mini PC kit NUC7i7BNH (Intel Core i7)
• 32GB Kit (2 x 16GB) 2400Mhz PC4-19200 260-Pin So-Dimm DDR4
• Samsung 850 EVO 500GB 2.5-Inch SATA III Internal SSD
• SanDisk Cruzer Fit 8GB USB (for ESXi)

The whole kit cost me approximately $789.79.

VMware ESXi

I’m using version 6.7.0 of VMware ESXi which is stored on the 8GB USB drive. The host boots off of that USB drive so I can keep as much of the hard drive space dedicated to virtual machines.

Prior to deploying Catalyst 9800 controller you’ll want to configure three networks within ESXi or port groups.

C9800-CL has three network interfaces. Each one will be mapped to a port group assigned on the VM. Here’s how the interfaces map on boot:

• GigabitEthernet1 = Device management interface
• GigabitEthernet2 = Wireless management interface
• GigabitEthernet3 = HA interface

The Device management interface will be used as an out-of-band management to the Catalyst 9800 controller.

The Wireless management interface will be used for AP management and can also be used to manage the controller.

The HA interface is used for redundancy between C9800 controllers.

I have two different port groups defined within ESXi for initial deployment.

• VM Network – Where GigabitEthernet1 will be mapped.
• INFRA – a trunk port where GigabitEthernet2 will be mapped.

Step 1 – OVF Tool

Next, you have to download and install the VMware OVF Tool. This is going to be used to deploy the .ova file of the C9800-CL. We are required to use the OVF Tool since we’re not running VMware vSphere Client.

Download and install the OVF Tool from VMware with a login.

Catalyst 9800-CL Controller

It’s important to understand which version of the C9800-CL will be deployed. In this lab, I am using the Small configuration.

C9800-CL Scale

Step 2 – Download OVA File

Next, download the .ova file for the C9800-CL. In this tutorial I am using version Gibraltar-16.101e. (You’ll need a CCO account and a valid support contract to download the .ova file.)

Step 3 – ovftool

Now that the file is downloaded to your Desktop, the first step is to create an ovftool file with some parameters for the virtual machine which will be used to deploy the .ova.

vi .ovftool

Within this new file, insert the following text and save.

acceptAllEulas
datastore=datastore1
deploymentOption=4CPU-8GB
name=9800-wlc
net:GigabitEthernet1=VM Network
net:GigabitEthernet2=INFRA
net:GigabitEthernet3=LAB WIRELESS
prop:com.cisco.vwlc.hostname.1=9800-wlc

You’ll want to modify the datastore entry to match whatever your datastore is.

The deploymentOption is set to the small instance.

The network interfaces are also mapped to a port group within VMware ESXi. You’ll want to change those networks to match what you have in your environment.

Step 4 – Transfer ova File to VMware ESXi

Now, we’re going to transfer the .ova file to ESXi. Here’s the command to run on OSX command line.

/Applications/VMware\ OVF\ Tool/ovftool ./wlc9500C-universalk9.BLD_V1610_THROTTLE_LATEST_20181006_071153_V16_10_0_134-vga.ova vi://"root:<password>”@ip-address-of-esxi

We’re using the ovftool to deploy the .ova file we selected, in this case the C9800-CL, to our ESXi server. I am passing the login credentials to the ESXi server.

Once completed you’ll see the following message:

Opening OVA source: ./wlc9500C-universalk9.BLD_V1610_THROTTLE_LATEST_20181006_071153_V16_10_0_134-vga.ova
The manifest validates
Opening VI target: vi://[email protected]:443/
Deploying to VI: vi://[email protected]:443/
Transfer Completed
Completed successfully

Step 5 – Check VMware ESXi

You should now see the VM deployed in ESXi but it hasn’t started up yet. Select the VM and click on Power On.

Step 6 – Initial Configuration

Click on Console to open a console in-browser for the C9800-CL. You’ll see the controller boot up process. Once boot is completed, you’ll be prompted to enter initial configuration mode. Make sure to terminate autoinstall and opt out of entering intial configuration by saying no.

terminate auto install

Would you like to enter the initial configuration dialog? [yes/no]: no
Would you like to terminate autoinstall? [yes]: 

Step 7 – Device Management Interface

Now we’re going to configure the device management interface so the controller can be managed out-of-band. My out-of-band management will be set on GigabitEthernet1.

We will first add a static IP address and set a default route for the controller . This is to properly communicate on the network across subnets.

en
conf t
int g1
no switchport
ip address 192.168.140.6 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.140.1

Step 8 – Set Default Route

In order to access the C9800-CL CLI and web interface we’ll need to create a login.

Username admin priv 15 secret password1234

Step 9 – Day 0 Configuration

The initial configuration is complete with an IP address and user account to log in. Browse to the IP address of the C9800-CL and enter the credentials you defined in Step 8.

General Settings

In this section various parameters are defined such as the Country, time/timezone, NTP servers, and

Wireless Networks

Click on Next and now it is possible to create a wireless network. To create a new wireless network, click on Add and you will be prompted for the network name, type, and security settings.

Configure the wireless networks to your environment. Then click Next.

Advanced Settings

In this window, configure your RF Group name. Under AP Certificate ensure YES is selected and a password is configured for the AP certificate. The AP certificate is what allows access points to join the C9800-CL controller.

Click on Next to view the Summary to view all the changes.

Once everything has been reviewed Click on Finish. The initial configuration is complete. You will be logged out and prompted to log back in.

After logging in you will be able to configure the Catalyst 9800-CL controller. Further configuration of the C9800-CL will be covered in a future post.