cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
9
Helpful
6
Replies

cisco 9800-40 32000 client capacity

Alex-Pr
Level 1
Level 1

I'm curious about the platform sizes and capacities

The 9800-40 states it is good for up to 2000 APs and 32000 clients.

I get the AP side of the house and balancing the AP's into the 5 WNCD processors to manage the CPU load but I don't see any literature about 32000 client max.

When running the config analyzer it shows both the AP count and client count per WNCD ID so I am assuming the number of clients will affect the CPU per processor so having things balanced as best as possible probably makes the most sense.

 

Is 32000 clients a hard max?

Is there a max per WNCD ?

Is there a recommended max before service degradation is expected ?

What is the best practices for sizing things?

 

Thanks

 

 

1 Accepted Solution

Accepted Solutions

Leo Laohoo
Hall of Fame
Hall of Fame

@Alex-Pr wrote:
The 9800-40 states it is good for up to 2000 APs and 32000 clients.

That depends who is answering the question.  A Cisco staff will stand by the figures.  

A Cisco customer, like me, will say otherwise. 

9800-40, -80 and the X have an WNCD (aka "load balancer") and every firmware is known to cause issues (memory leaks and crashes) when the AP load &/or client count exceeds 50% scale.  I have already seen Bug IDs where the 9800-40/-80 would crash even with an AP load of 100 and 200.  

Look at the photo below:

9800-80:  IOS v17.12.3, 3080 APs, <10k daily client count, inter-controller roaming, 12 weeks uptime9800-80: IOS v17.12.3, 3080 APs, <10k daily client count, inter-controller roaming, 12 weeks uptime

In early May 2024, this particular 9800-80 had about 1900 APs and <10k daily client count.  On the day the memory utilization jumped, we added >1200 APs (but daily client count remains <10k).  

The WNBU and developers have provided many reasons excuses.  And they are: 

  • Too many APs
  • Too many clients
  • Web authentication
  • Too many mobility groups
  • Too many RADIUS authentication
  • Netflow

The 03 May 2024 revision of the Cisco Catalyst 9800 Series Configuration Best Practices is testament that the software is significantly degrading the capability of the 9800-40/-80/-X:  

Cisco recommends limiting the load to around 80% of the AP and client scale.

The 80% scale is just a recommendation to start planning the design and deployment of a catalyst wireless network as this is tested and validated number.

For C9800-80, for example, this means 4800 APs and/or around 50k clients. Does this mean that you cannot have six thousand APs on a single C9800-80? No, not really; Cisco has a lot of successful deployments at maximum scale. The 80% scale is just a recommendation to start planning the design and deployment of a catalyst wireless network


 

View solution in original post

6 Replies 6

marce1000
VIP
VIP

 

 - I don't think you can associate the number of clients with WNCD's ;  it will depend on the AP-models being used and how performant and modern they are , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000
VIP
VIP

 

  - The client capacity will also depend on the traffic (throughput) that is being generated ; these CLI commands can be useful in that context :
      show platform hardware chassis active qfp datapath utilization (Check Processing Load (pct) below to see the utilization , should not exceed 92 %)
      show platform hardware chassis active qfp datapath utilization summary 

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo
Hall of Fame
Hall of Fame

@Alex-Pr wrote:
The 9800-40 states it is good for up to 2000 APs and 32000 clients.

That depends who is answering the question.  A Cisco staff will stand by the figures.  

A Cisco customer, like me, will say otherwise. 

9800-40, -80 and the X have an WNCD (aka "load balancer") and every firmware is known to cause issues (memory leaks and crashes) when the AP load &/or client count exceeds 50% scale.  I have already seen Bug IDs where the 9800-40/-80 would crash even with an AP load of 100 and 200.  

Look at the photo below:

9800-80:  IOS v17.12.3, 3080 APs, <10k daily client count, inter-controller roaming, 12 weeks uptime9800-80: IOS v17.12.3, 3080 APs, <10k daily client count, inter-controller roaming, 12 weeks uptime

In early May 2024, this particular 9800-80 had about 1900 APs and <10k daily client count.  On the day the memory utilization jumped, we added >1200 APs (but daily client count remains <10k).  

The WNBU and developers have provided many reasons excuses.  And they are: 

  • Too many APs
  • Too many clients
  • Web authentication
  • Too many mobility groups
  • Too many RADIUS authentication
  • Netflow

The 03 May 2024 revision of the Cisco Catalyst 9800 Series Configuration Best Practices is testament that the software is significantly degrading the capability of the 9800-40/-80/-X:  

Cisco recommends limiting the load to around 80% of the AP and client scale.

The 80% scale is just a recommendation to start planning the design and deployment of a catalyst wireless network as this is tested and validated number.

For C9800-80, for example, this means 4800 APs and/or around 50k clients. Does this mean that you cannot have six thousand APs on a single C9800-80? No, not really; Cisco has a lot of successful deployments at maximum scale. The 80% scale is just a recommendation to start planning the design and deployment of a catalyst wireless network


 

Thank you!  This is probably the best answer I have ever had on the cisco community site.  

Rich R
VIP
VIP

I'll also add my bit  - (@Leo Laohoo's answer already covers most of it) - it depends what features you configure and how you configure them.  For example with web auth enabled and https redirects enabled our 9800-80 couldn't handle the load - was dropping dozens of client connections even with a fairly small client load less than 10% of 64,000 capacity (where old AireOS 8540 would have coped).  We had to disable https redirects and that is the TAC recommendation as standard.  The 9800 architecture is fundamentally flawed in this respect in my opinion.  The developers have been trying to improve and optimise it in recent releases but they're not changing the underlying architecture which is the limiting factor.

Leo Laohoo
Hall of Fame
Hall of Fame

@Rich R wrote:
it depends what features you configure

This sums it all up accurately. 

To make the WLC stable and the WiFi network reliable & at scale (>50% AP load), the controller will need to be configured in the most basic settings: 

1.  All SSID must either be OPEN or PSK;

2.  Do not use Web Authentication or HTTP/HTTPS redirects;

3.  Do not use Mobility Groups;

4.  Do not use HA SSO;

5.  Disable all "telemetry" (NMSP, GRPC, etc).  

6.  Regular reboot of the controller (once every 3 to 4 months)

7.  Daily/Weekly reboot of the APs

Review Cisco Networking for a $25 gift card