FAQ
Product Analytics on Catalyst 9800 Wireless Controllers
IOS-XE 17.9.4+, 17.10+, 17.11+, 17.12+ & 17.13+
Contents
Q1. What is Product Analytics?
Q2. How does this help customers?
Q3. What information is collected by Product Analytics?
Q4. How is the information collected and sent?
Q6. Will enabling this functionality impact device functionality?
Q7. How is the data secured in transport & storage?
Q8. Where would the product analytics data be sent?
Q9. How do I opt out/turn off Product Analytics?
Q10. Where can I find more information on the End User License Agreement and Data Usage Statement?
Q11. Is the data collection and storage GDPR Compliant?
Q12. What is the frequency of report collections?
Q13. What are the bandwidth requirements for this feature?
Q14. How can I reach out for further questions?
A1. Cisco is constantly striving to advance its products and services. Knowing how you use Cisco’s products is critical to accomplishing this goal. To that end, Cisco will collect device, licensing and Systems Information for product and customer experience improvement, analytics, and adoption. Cisco processes your data following the Cisco End User License Agreement, the Cisco Privacy Statement, and any other applicable agreement with Cisco.
This product analytics functionality would be enabled from IOS-XE releases 17.9.4 onward on 17.9.x train and in all releases from IOS-XE 17.10, 17.11, 17.12 and 17.13 onwards on Catalyst 9800 family Wireless LAN Controllers (WLC). This applies to all WLC models (9800-L, 9800-40, 9800-80 & 9800-CL).
Wireless Product Analytics (CLI support) |
Wireless Product Analytics (Enabled by default) |
17.9.4 onward |
17.9.5 |
17.10.1 onward |
17.10.1 |
17.11.1 onward |
17.11.1 |
17.12.1 onward |
17.12.2 |
17.13.1 onward |
17.13.1 |
A2. This data will be used to help Cisco to serve customers better.
For example, this information would help in the decisions such as the version of software on which a new platform can be introduced, and lifecycle of products that Cisco ships, features that can be enabled by default to simplify the deployments for customers, etc.
A3. Product Analytics will only collect System Information and no Personal Identifiable Information (PII) such as MAC/IP addresses, usernames, custom configuration names or user-provided strings, are gathered as part of product analytics.
Cisco IOS-XE Product Analytics Description Sheet describes the processing of Systems Information by Product Analytics. All reports collected/sent can be viewed from the device, like deployment models, wireless client onboarding, RF usage, network services, etc.
The Feature Description Sheet outlines feature enablement data and product usage data as system-level information that is through aggregated data, flags, and categorical breakdown. All data reported back to Cisco is auditable on the device with reporting period and content of the different attributes being reported.
Refer to the links below:
· Definition of Personal Identifiable Information (PII) data
· Cisco IOS-XE Product Analytics Feature Description Sheet (Cisco Trust Portal)
https://trustportal.cisco.com/c/r/ctp/trust-portal.html#/19893400266872729
A4. Feature usage data are collected on the device and summarized as statistics. A 7-day grace period is implemented before starting Product Analytics enablement and data collection. Once Product Analytics is enabled, a report will be created at the end of each day with these anonymized metrics generated and sent in encrypted format to the Cisco cloud.
A Cisco-signed policy file drives the collection of these statistics and their summarization. This policy would be periodically updated by Cisco.
A5. The following commands on the device show the data and contents being sent.
· show product-analytics kpi
· show product-analytics report
· show product-analytics stats
Reports available on the device:
9800-80#show product-analytics report summary
Product Analytics Engine Reports
Report ID Policy Version
--------------------------- ----------------
1688256000 17.11.1
Feature Names (KPIs) in a report:
9800-80#show product-analytics kpi report 1688256000
Product Analytics Engine KPIs
Report ID : 1688256000
Computed at : 07/02/2023 00:00:00
KPI Name : rogue
KPI Value : [{"rogue_ap_count":0,"rogue_client_count":0}]
Report ID : 1688256000
Computed at : 07/02/2023 00:00:00
KPI Name : ha_state
KPI Value : [{"ha_state":"DB_RF_ACTIVE","peer_state":"DB_RF_DISABLED","ha_enabled":"false","leaf_mode":"SSO"}]
Report ID : 1688256000
Computed at : 07/02/2023 00:00:00
KPI Name : site_tag
KPI Value : [{"is_local_site":"false","count":1}]
Report Transmission Details:
9800-cl#show product-analytics report detail
Product Analytics Engine Reports
Report ID : 1688853600
Policy Version : 17.12.1
Engine Version : 17.12.1
File Version : 5
Period Start : 07/08/2023 00:00:02
Period End : 07/09/2023 00:00:00
Timezone : 7200
Software Version : 17.12.01.0.1030.1686298637..Dublin
Serial Number : XXXXXX
Product Identifier : C9800-CL-K9
Vendor Identifier : V02
Policy file signature : HjZxuQOI0r6neiLmsAh4/DDF0s9My4YqB/SxeYL7tUTBZodaX6YzaCEWVsN93XHwpWUkQOqx6o0bVSE++gq4HwuirecqcmUgFekFyX2BVsFZCByePZXGV6LDzn8M2nE0M3U5+BgW9QtkhiAdabXsZI94nG+jeH1bxS7XoAvAlVV6LPy3oBGYQYxag2zGOPMWLPLOfIX9roSs6stobZ2bRMrj825UnepWLyggz44K6dlc8a/iE/OPcTrmDovotqMnK8q2e4vvzTF0OcNOQP4wV9unA1OrXtiQ5XkSxVJSvJyAQWySKGbggCPuRyLZ1PNjS5Ga2KOaH3XlrGHImlJ5mw==
Channels
Sent: Sent, Sent, Sent, Sent
Retry: 1, 1, 1, 1
Event History
Timestamp #Times Event RC Context
----------------------- -------- ------------------- -- ----------------------------------------
07/09/2023 04:49:50.342 1 REPORT_SEND 0 TDL
07/09/2023 04:49:50.342 1 REPORT_SEND 0 TEST
07/09/2023 00:00:00.788 1 SERVICEABILITY_ADD 0 tdl_counters
07/09/2023 00:00:00.788 1 SERVICEABILITY_ADD 0 counters
07/09/2023 00:00:00.788 1 KPI_ADD 0 rmi_rp_information
07/09/2023 00:00:00.788 1 KPI_ADD 0 clients_max_capability_protocol
07/09/2023 00:00:00.788 1 KPI_ADD 0 dot11ac_client_bandwidth_usage
07/09/2023 00:00:00.788 1 KPI_ADD 0 clients_concurrent_wireless
07/09/2023 00:00:00.787 1 KPI_ADD 0 smart_license_transport_type
07/09/2023 00:00:00.787 1 KPI_ADD 0 aps_per_wncd
A6. No, the infrastructure to collect the analytics is separate from any core functionality of the device and would not cause undue degradation of service.
A7. Data is encrypted and securely transmitted over a mutually authenticated HTTPS connection during transport. Data is encrypted at rest on a Cisco secure infrastructure.
Both the transport and storage abide by the Customer Master Data Protection Agreement.
A8. All the product analytics data is sent to the URL https://dnaservices.cisco.com/, and the URL link is hosted and assigned by Amazon AWS. Blocking this URL using a firewall stops the report from being sent to Cisco. The data collected would reside in the USA.
A9. From releases 17.12.2 and 17.13.1, If the product analytics is not configured explicitly (either enabled or disabled explicitly), it will be enabled by default and the user is given a 7-day grace period to turn it off explicitly. During this time, no data would be collected or sent from the device. During this grace period, the show commands for product analytics would display the status as “Not responding” or “Unavailable”.
To explicitly turn off the feature at any time, use the no form of the pae command in configuration mode, as shown in the example below:
Device(config)# no pae
The no pae command is available in releases starting from 17.9.4+, 17.10.x, 17.11.x, 17.12.x and 17.13.x.
Turning this feature off stops the device's Product Analytics collection and reports. These changes are preserved in the WLC device configuration across reboots.
Note: Turning off product analytics does not impact the collection of Systems Information from other Cisco products such as Cisco DNA Center and disablement of that should be done in those respective products.
A10. The End User License Agreement, Cisco Privacy Statement and Data Usage Statement can be found at the following URLs:
· EULA: https://www.cisco.com/c/en/us/about/legal/cloud-and-software/end_user_license_agreement.html
· Cisco Privacy Statement: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
· How we use data: https://www.cisco.com/c/en/us/about/trust-center/data-management.html
· Systems Information FAQs: https://www.cisco.com/c/en/us/about/trust-center/systems-information.html#%7Eq-a
A11. Yes, it is GDPR compliant. No Personal Identifiable Information (PII) data is collected or sent. All data is encrypted at Rest.
A12. The data is collected over the course of the day and a report is generated at midnight in the local time zone. The report may be sent randomly at any time in the next 12 hours.
Note: If the customer opts out before midnight, data is not sent even after upgrading to a new software.
A13. This feature uses a few kilobytes of data per report and sends only 1 report per day.
A14. Write to wireless_products_analytics@cisco.com, if you have further questions.