Discovering the secrets of AI/ML in Cisco Catalyst Center

Discovering the secrets of
AI/ML in Cisco Catalyst Center

Adam Radford, Distinguished Solutions Engineer
@adamradford123
Lila Rousseaux, Principal Solutions Engineer
@lila_rousseaux
BRKOPS-2208
#CiscoLive
Cisco Webex App
https://ciscolive.ciscoevents.com/
ciscolivebot/#BRKOPS-2208
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space
4 Enter messages/questions in the Webex space
Webex spaces will be moderated Enter your personal notes here
by the speaker until June 7, 2024.
BRKOPS-2208 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
• Introduction
• Proactive Issues and Dynamic
Baselines
• Data Analysis
Agenda • Gen-AI
Network Virtual Assistant
• AI Enhanced RRM
• AI Endpoint Analytics
• Conclusion
Introduction
#CiscoLive BRKOPS-2208 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public
#CiscoLive BRKOPS-2208 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Hybrid Cloud Architecture
Anomalies and Insights
Cisco Catalyst
Center
WLC
Controller
Strong Anonymization
Cloud Agent Anonymized

Data
WSACollector
WSA Collector
Cisco AI Cloud
Cisco Catalyst Center
Appliance
• Network Analytics
• Endpoint Analytics
• AI RRM
Network Infrastructure • Event Analytics
Proactive Issues
Cisco Catalyst Center Issues
Assurance Issues help identify

problems rather than monitoring data
Threshold Based Issues
Custom thresholds = Potential Alert overload
AI-Driven Issues
Dynamic baselines = relevant anomalies
AI-Driven Issues
• Dynamically Generated “Green Band”: Expected Normal Range

based on AI Statistical modeling
• Predictive model that derived from number of variables and KPIs.
AI-Driven Issues - Categories Reference
Cisco Catalyst Center 2.3.7
Connection Issues Network Connectivity Issues
Roaming Issues Throughput Issues
AI Driven Issues - Root Cause Analysis
What
Who
When & Where
What
How
Why
Demo AI Issues
Network Reasoner
Knowledge Base Conclusions

• Technology Expertise (Inference) • Root Cause Analysis & Remedy
• Workflows & Algorithms Identification
• Best Practices & Validated Designs • Consistency
• Business Rules & Policies • Conflict detection & resolution
Insight generation based on externally captured knowledge

and aligned with best practices and validated designs..
Network Reasoner and Issue Root Cause
• Root cause for

some issues.
Examples: Power
Supply Failure, Layer
2 loop, Interface
down, High CPU
• Other MRE
workflows can be
run from the
Network Reasoner
Tool.
Demo Issue
Troubleshooting
with MRE
Baselines
Baseline Dashboard for wireless onboarding
Analysis on wireless onboarding

KPI’s across every building and
SSID
Uses machine learning to define

the baseline relevant to the
specific network and sites.
Baselines Demo
Data Analysis
Trends and
Insights
Trends and Insights
AP Performance Advisories
APs with potential client experience

problems, aggregated by common
root cause
Trends and Insights
High Co-Channel High Client Activity High AP Density

Interference
Low AP Density
Trends and Insights Catalyst Center
2.3.7
AP Performance Advisories Reference
• External RF load • High AP deployment density

• External RF load with high client • Low AP deployment density
activity
• Low AP deployment density and
• Frequent channel change external interference
• High RF load • Low AP deployment density and
high load
• High channel utilization
• High client activity
• High client load
Trends and Insights
• APs continually analyzed over long periods of time using Machine

Learning
• Identifies APs with poor client Quality of Experience (QoE)
• KPIs used: SNR, RSSI, link-speed, packet retries and packet failures
• APs with suboptimal client experience are grouped by underlying
reasons
Insights generated and suggested actions provided
Trends and Insights
AP Performance Advisories - How data is analyzed and processed
• AI Network Analytics needs to be enabled.

• No other configuration is needed
• APs analyzed on separate frequency bands (2.4, 5 and 6 GHz)
• Insights will not be generated until 4-weeks after on-boarding
• Analyzed once per week, using 4-weeks of historic data collected
in the cloud
APs with the same root-cause analysis (RCA) are grouped together
Trends and Insights
Trends Deviations
Displays significant deviations in client
count or radio throughput over a 4-week
period on AP’s and Sites
AP Performance
Advisories &
Trends and
Insights Demo
Network
Heatmaps
Network Heatmap
Visually compare all the

APs or switches in the
network for a given month
and a specific site to spot
trends
Compare APs across

different KPIs and band
frequencies.
Network Heatmap
Network and
Peer
Comparison
Network Comparison
View, compare, and identify

performance improvement opportunities
for elements in your network (buildings,
AP model, wireless endpoints) across
selected KPIs
Helps determine how a network is
Peer Comparison performing in comparison to peer
networks for a selected Key Performance
Indicator (KPI).
The peer networks that are used for

comparison are of similar network size.
Event analytics
Event Analytics
• Analytics and data visualisation for
networking events
• Based on Syslog and reachability
• Wired and wireless
Event Analytics
Demo
Event Analytics Configuration
• AI Network Analytics must be System > Settings > Cisco AI Analytics
enabled
• Event Analytics log export must
be enabled to view
complete syslog message
Otherwise, only metadata is
sent
• The syslog raw message is sent
in plain text without
anonymization of potentially
sensitive customer data
Event Analytics
Reference
Syslog Syslog Reachability
• Highest severity events • Message Volume Increase / • Top Status Transitions
• Highest severity events that Decrease • Most frequent status
occurred in the selected • Events with the highest transitions ordered by the
period sorted by severity. increase / decrease in volume current status. The chart
within the selected period displays the breakdown by
• Rare Events sorted by variation. previous status sorted by
• Least frequent events that occurrence.
occurred in the selected • New events
period sorted by occurrence • Events that started occurring • Top Devices by Events
at the end of the selected • Devices that generated the
• High Volume events period sorted by occurrence. highest volume of
• Most frequent events that reachability transitions in the
occurred in the selected • Most Active Devices selected period, sorted by
period sorted by • Devices that generated the volume.
occurrence. highest volume of events in
the selected period sorted by
volume.
Site analytics
Site Analytics Dashboard • Aggregated KPI Stats on a Per
Site Basis
• Insights into best and worst
performing sites in the network.
• Required AI Analytics
Site Analytics Dashboard
Following KPI’s available (wireless only) Reference
• Onboarding Attempts - percentage of wireless clients that are able to onboard to an

AP
• Onboarding duration - percentage of successfully onboarded wireless clients that are
able to onboard to an AP within the configured threshold time
• Coverage - percentage of time wireless clients have data traffic with an RSSI value
that is higher than the target value.
• Roaming Attempts- percentage of wireless clients that are able to successfully roam
from one AP to another AP
• Roaming Duration - percentage of wireless clients that are able to successfully roam
from one AP to another, within the configured threshold time
• Connection Speed percentage of time the wireless clients have data traffic with over-
the-air data rates that are higher than the target data rate.
Site Analytics Dashboard
Performance Percentages Key Performance Metrics that are

for each KPI monitored across all sites
3 worst performing child

sites within the site
Site Analytics Customizable SLA
Setup overall SLA
Setup SLA per

KPI
SLA per KPI Customization Example
Gen-AI
Network Virtual
Assistant
Gen-AI
Network Virtual
Assistant Demo
AI Enhanced
RRM
Why radio resource management
• 10min worth of data

• No "busy hour(s)"
• No building
segmentation
• No visibility
• Lots of tuning knobs
• No simulation mode ** #CiscoLive BRKOPS-2208 © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Dashboard
Utilization and channel allocation
Reference
Prerequisite Reference
• 17.7.x 9800 code

• 2.3.3.x Catalyst Center code
• Cloud connection
• 6E support
• 17.11 9800 code
• 2.3.7 Catalyst Center
Now support brownfield
Configuring
Assign an AI RF profile
Create AI RF profile
Create AI RF profile
Advanced
Reference
Advanced (2)
Reference
Select the profile and apply
Review and deploy
RRM verification
Reference
9800-pnp> show ap dot11 5ghz group
Radio RF Grouping
RF Group Name : Open-RRM

RF Protocol Version(MIN) : 100(30)
RF Packet Header Version
802.11a Group Mode
:
:
2
AUTO
Cisco DNA Catalyst IP
802.11a Group Role : Remote-Member address
802.11a Group Update Interval : 600 seconds
802.11a Group Leader : 10.10.10.181 (10.10.10.181)
Secure-RRM : Disabled
9800 IP address
RF Group Members
Controller name Controller IP Controller IPv6 DTLS status

----------------------------------------------------------------------------------------------------------
9800-pnp 10.10.10.146 N/A
Disable
Reference
Spatial density and power distribution
Reference
Revert back to standard RF profile
Reference
Verifying
Reference
9800-pnp#show ap dot11 5ghz group
Radio RF Grouping
RF Group Name : default

RF Protocol Version(MIN) : 100(30)
RF Packet Header Version : 2
802.11a Group Mode : AUTO
802.11a Group Role : Auto-Leader
802.11a Group Update Interval : 600 seconds
802.11a Group Leader : 9800-pnp (10.10.10.146)
802.11a Last Run : 72 seconds ago
Secure-RRM : Disabled
RF Group Members
Controller name Controller IP Controller IPv6 DTLS status

----------------------------------------------------------------------------------------------------------
9800-pnp 10.10.10.146 N/A
Scale Limits
All AP can be enabled:
Limit per building

- 1500 (5 & 2.4 GHz radios)
- 600 (6GHz radio)
AI Endpoint
Analytics
AI Endpoint Analytics on Cisco Catalyst Center
Rapidly reducing the unknowns by aggregating data from different sources
ML Analytics
?? Endpoint
Profiling
Data
Aggregation
DPI-based Network Easy Onboarding CMDB

Fingerprint/ Telemetry Tools Connector
Behavior Probes
CMDB: Configuration Management Database
Classification based on Deep Packet Inspection (DPI)
Endpoint type:
Multifactor classification
CT scanner
Manufacturer:
Globex Corp.
Model:
DPI Ultima
Operating system:
Deep packet MS Windows 7
inspection
L7
EA
ML analytics DICOM:
GE CT540
L6 Cisco® Catalyst® 9000
Series Switch - powered by
Probes NBAR
DHCP
CMDB Class-ID:
connector Globex Ultima MSFT
CT scanner (Windows 7)
Options to support non-Cisco devices available.
Reducing Unknowns with Machine Learning
Device data
lake
ML groups Creates Admin labels AI learns
Known endpoints rules endpoints from new
DPI IPhones
These are
labels
Bosch
Cluster 2 Coffee New labels
Machines
Bosch
ML analytics
Attribute B
= Coffee
Cluster 1 Machine
Endpoint
Analytics These are
Unknown New labels
Apple
Watches. Apple
=
CMDB Watch
connector Attribute A
= done in cloud
Trust Scores and Remediation
Adaptive Network Control - ANC

Remediate the host via Identity Services
Engine - ISE
Endpoint Analytics Compatibility Matrix
Wired CAT9k Wireless CAT9800 4 Traffic
Telemetry
Capability DNAC
Fabric Non-Fabric Local Flex Appliance
(TTA)
DPI Based
2.1.2.x ✓ ✓ ✓ ✓ ✓
Profiling
AI Smart
2.1.2.x ✓ ✓ ✓ ✓ ✓
Grouping
AI Spoofing
2.2.2.x ✓ ✓ ✓ ✓ ✓
Detection2
Changed profile
2.2.3.x ✓ ✓ ✓ ✓ ✓
labels
NAT Detection 2.2.3.x ✓ ✓ ✓ ✓ ✓
Concurrent MAC
2.2.3.x ✓ ✓ ✓1 ✓1 ✕
Detection
Open Port Scan3 2.3.2.x (CA) ✓ ✓ ✕ ✕ ✕
Weak Credential
2.3.2.x (CA) ✓ ✓ ✕ ✕ ✕
Scan3
Talos Low
2.3.3.x ✓ ✓ ✓ ✓ ✓
Reputation2 IP
1– Concurrent MAC violations can not occur on wireless CAT9k Controller, but can detect concurrent MACs between wired and wireless. BRKOPS-2208
2– AI Spoofing Detection and Talos low reputation needs netflow configuration, other functionalities need NBAR.
3– Open port scan, weak credential scan needs security sensor (SDAVC app provisioned as container in Cat9300 and 9400 models. Cat9200
4– Support for Fabric and Flexconnect from IOSXE 17.7+. Local mode supported in 17.6
#CiscoLive © 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Complete Your Session Evaluations
Complete a minimum of 4 session surveys and the Overall Event Survey to be

entered in a drawing to win 1 of 5 full conference passes to Cisco Live 2025.
Earn 100 points per survey completed and compete on the Cisco Live
Challenge leaderboard.
Level up and earn exclusive prizes!
Complete your surveys in the Cisco Live mobile app.
cisco.com/go/catalyst-center
Continue
your education
www.youtube.com/@CiscoCatalystCenter
cs.co/dnac-resources
• Visit the Cisco Showcase
for related demos
• Book your one-on-one

Meet the Engineer meeting
Continue Attend the interactive education
your education
•
with DevNet, Capture the Flag,
and Walk-in Labs
• Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand
Thank you
#CiscoLive

Discovering the secrets of AI/ML in Cisco Catalyst Center

Uploaded by

Copyright:

Available Formats

You might also like

Discovering the secrets of AI/ML in Cisco Catalyst Center

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Discovering the secrets of AI/ML in Cisco Catalyst Center

Uploaded by

Copyright:

Available Formats

Discovering the secrets of

AI/ML in Cisco Catalyst Center

2 Click “Join the Discussion”

3 Install the Webex App or go directly to the Webex space

4 Enter messages/questions in the Webex space

Webex spaces will be moderated Enter your personal notes here

by the speaker until June 7, 2024.

Cloud Agent Anonymized

Assurance Issues help identify

Custom thresholds = Potential Alert overload

Dynamic baselines = relevant anomalies

• Dynamically Generated “Green Band”: Expected Normal Range

Connection Issues Network Connectivity Issues

Roaming Issues Throughput Issues

Knowledge Base Conclusions

Insight generation based on externally captured knowledge

• Root cause for

Analysis on wireless onboarding

Uses machine learning to define

APs with potential client experience

High Co-Channel High Client Activity High AP Density

• External RF load • High AP deployment density

• APs continually analyzed over long periods of time using Machine

Insights generated and suggested actions provided

• AI Network Analytics needs to be enabled.

Visually compare all the

Compare APs across

View, compare, and identify

The peer networks that are used for

• Onboarding Attempts - percentage of wireless clients that are able to onboard to an

Performance Percentages Key Performance Metrics that are

3 worst performing child

Setup overall SLA

Setup SLA per

• 10min worth of data

• 17.7.x 9800 code

RF Group Name : Open-RRM

Controller name Controller IP Controller IPv6 DTLS status

RF Group Name : default

Controller name Controller IP Controller IPv6 DTLS status

All AP can be enabled:

Limit per building

DPI-based Network Easy Onboarding CMDB

Adaptive Network Control - ANC

Complete a minimum of 4 session surveys and the Overall Event Survey to be

Level up and earn exclusive prizes!

Complete your surveys in the Cisco Live mobile app.

• Book your one-on-one

• Visit the On-Demand Library

You might also like