This is not the only design requirement that DNA-C is not matching c9800. As you said DNA-C configuration paradigm is plain and completely different from IOS-XE (even from AireOS):
• This is 100% based on Cisco full stack: WLC, AAA server, security
• Not possible to configure different WLAN profiles with same SSID. User cases:
> Central vs. Local forwarding for the same SSID in different offices
> Anchored SSIDs, how do you configure them?
> Hybrid WPA2/WPA3 or WPA2 + WPA3 different SSID's depending on the site
> Support different 802.11 amendments (802.11 r/w) in different offices
> Provide different radios for the same SSID per office: we only broadcast Corp SSID in 5GHz, but some single sites restricted us to doing so because of internal policies in customer sites
• There is no support to standard PMF (802.11w) but only for Cisco-based MFP that is not been supported by current vendors
• Not possible to use MAB for Guest with CWA if there is no Cisco ISE defined in DNA-C (there is no option for MAB with third-party AAA servers)
• Not possible to use MAB if no Cisco ISE defined in DNA-C. Usecase for VoWLAN or IoT to allow certain voice devices bsed on MAC address.
• AAA override with 3rd-party server is not supported to deploy NAC-based access: policing, isolation
• CWA policy very difficult to implement if not impossible (pre-auth-acl)
• Mapping WLAN to Interface group
• 802.11 tuning impossible: PMF+SHA256/SHA1 simultaneously, FT opt/mandatory simultaneously, WPA2/WPA3 mixed WLAN profile
• Design of sites is flat in terms of site tags (AP groups) and RF, so no possibility to separate high density areas from low density: Floor X is unique, and cannot create canteen, auditoriums or event room, with separate RF features than corridors or leisure areas.
• I understand advanced RF Tuning is always to be done in WLC (data rates, channels, thresholds) but isn’t DNA-C focus on avoiding customers to configure anything on WLC?
And many other fatures you cannot relay on DNA-C.
