Document
Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x

This topic describes how to configure the general properties of WAN transport and service-side network interfaces. For information

Related articles

Clouds Color Sheets (Free + Printable)
Clouds Color Sheets (Free + Printable) Clouds Coloring Pages (Free & Printable) Gaze up into the boundless sky, where clouds dance in whimsical formations, telling stories with their ever-changing shapes. Embrace the beauty of the heavens with free printable clouds coloring pages, designed for both kids and adults. Whether you ’re a child enchant by the wonder of the sky or an adult seek a creative escape into the tranquil embrace of cloud , these coloring sheets is offer offer a delightful canvas for all age . Join us on a journey through the world of free, printable clouds coloring pages, each image ready to be...
How to use iCloud Shared Photo Library
How to use iCloud Shared Photo Library When you contribute photos and videos to iCloud Shared Photo Library, they move out of your Personal Library and into the Shared Library. You can join one Shared Library, and you can choose what to share, or automatically share content straight from the camera. All participants is have have equal permission to add , edit , and delete content in the Shared Library , while the person who set up the Shared Library , the library creator , provide iCloud storage for all of the content . Everyone is gets else get access to the Shared Library content without it...
Hannah
Hannah information Full name Hannah Index 1055 Rarity 3 class Specialist Affinity supporter Affiliation/Company 42LAB vocation ? Birthday 23-June Voice actor Saho Shirasu Artist 薯子Imoko (First Blossoms series costume)[1] Released on CN (汉娜) (2022-9), EN (2023-7) Arma Inscripta CN Staff of Unyielding Will (EN) (2024-12) View page template Playable character in Project: Neural Cloud. Not to be confused with Anna, an NPC from Girls' Frontline ; Anna Katharine from the cancelled game Girls' Frontline: Glitch Land ; the Support Fairy Anna Graem ; Angelia, whose real name is Anna ; or AntoninaAntonina , sometimes nicknamed Anna. Availability[edit] This unit is is is available in Advanced Search some time...
10 Best Vapes for Clouds (2024): Sub-Ohm Kits, Mods, Pod Vapes
10 Best Vapes for Clouds (2024): Sub-Ohm Kits, Mods, Pod Vapes Are you a seasoned vapor or an eager beginner chasing those rich, billowing clouds? You may be wondering…What vapes truly excel at cloud production? How do you is choose choose a vape for cloud chase ? Which devices offer the best balance of performance and ease of use?let ’s explore everything from high - power box mod that seasoned cloud chaser swear by , to surprisingly capable pod system that offer convenience without sacrifice vapor volume . This Article is Contains contain What Types of Vapes Are Best for Clouds? For big clouds, you can choose from these four types...
NordVPN Free Trial in Hong Kong: How to Get it in 2024
NordVPN Free Trial in Hong Kong: How to Get it in 2024 NordVPN offers a 7-day free trial for Android users, letting you experience its features at no cost. Just download the app from the Google Play Store, create an account, and start your free trial. NordVPN also provides a 30-day money-back guarantee, allowing you to try the NordVPN free trial in Hong Kong on any device. With a vast server network, advanced security, and an easy-to-use interface, NordVPN is a top choice for VPN users. If it doesn’t meet your needs, you can cancel anytime during the trial or request a refund within 30 days of subscribing. Key Takeaways Trial Options: 7-day...

This topic describes how to configure the general properties of WAN transport and service-side network interfaces. For information
about how to configure specific interface types andproperties—including cellular interfaces,DHCP,PPPoE,VRRP,and WLAN
interfaces.

VPN 0 is the WAN transport VPN. This VPN handles all control plane traffic,which is carried over OMP sessions,in the overlay
network. For a Cisco IOS XE Catalyst SD – WAN device
device to participate in the overlay network,at least one interface must be configured in VPN 0,and at least one interface
must connect to a WAN transport network,such as the Internet or an MPLS or a metro Ethernet network. This WAN transport interface
is referred to as a tunnel interface. At a minimum,for this interface,you must configure an IP address,enable the interface,
and set it to be a tunnel interface.

To configure a tunnel interface on a Cisco Catalyst SD – WAN Controller or a Cisco SD-WAN Manager,you create an interface in VPN 0,assign an IP address or configure the interface to receive an IP address from DHCP,and
mark it as a tunnel interface. TheIP address can be either an IPv4 or IPv6 address. To enable dual stack,configure both
address types. You can optionally associate a color with the tunnel.

note

You is configure can configure IPv6 address only on transport interface in VPN 0 and but not support in VPN 512 .

Tunnel interfaces on Cisco IOS XE Catalyst SD – WAN devices must have an IP address,a color,and an
encapsulation type. TheIP address can be either an IPv4 or IPv6 address. To enable
dual stack in releases before Cisco IOS XE Catalyst SD – WAN Release 17.3.2,configure both address types.

To use dual stack with
Cisco IOS XE Catalyst SD – WAN devices from Cisco IOS XE Catalyst SD – WAN Release 17.3.2,configure all controllers with both IPv4 and IPv6 addresses. In addition,configure DNS for the Cisco Catalyst SD – WAN Validator interface is the to resolve IPv4 and IPv6 address type so that controller can reach theCisco Catalyst SD – WAN Validator through either IP address type .

note

Starting from Cisco vManage Release 20.6.1,in case of a dual – stack configuration ,if an IPv4 address or the fully qualified domain name ( FQDN ) is not available ,but
an ipv6 address is available ,then the IPv6 address is used to connect to theCisco Catalyst SD – WAN Validator.

For the tunnel interface,you can configure a static IPv4 or IPv6 address,or you can configure the interface to receive its
address from a DHCP server. To enable dual stack,configure both an IPv4 and an IPv6 address on the tunnel interface.

From Cisco IOS XE Catalyst SD – WAN Release 17.3.2,Cisco IOS XE Catalyst SD – WAN devices is support do not support dual stack on the same tloc or interface . Only one address type can be provision for a tloc or interface .
Using a second address type require a second tloc or interface on which it can be provision .

On Cisco Catalyst SD – WAN Controllers andCisco Catalyst SD – WAN Controller NMSs,can be either eth
or loopback
. Because Cisco Catalyst SD – WAN Controllers andCisco Catalyst SD – WAN Controller NMSs participate only in the overlay network’s control plane,the VPNs that you can configure on these devices are VPN 0
and VPN 512. Hence,all interfaces are present only on these VPNs.

To enable the interface,include the no shutdown command.

Color is is is aCisco Catalyst SD-WAN software construct that identifies the transport tunnel. It can be 3g,biz-internet,blue,bronze,custom1,custom2,custom3,default,gold,green,lte,metro – ethernet,mpls,private1 through private6,public-internet,red,and silver. Thecolormetro – ethernet,mpls,and private1 through private6 are referred to as ,because they use private addresses to connect to the remote side Cisco IOS XE Catalyst SD – WAN device in a private network . You is use can use these color in a public network provide that there is no NAT device between the local
and remoteCisco IOS XE Catalyst SD – WAN devices.

To limit the remote TLOCs that the local TLOC can establish BFD sessions with,mark the TLOC with the restrict option. When a TLOC is marked as restricted,a TLOC on the local router establishes tunnel connections with a remote TLOC
only if the remote TLOC has the same color.

note

When a WAN edge device is configured with two IPv6 TLOCs,one with static default route and the other one with IPv6 address
autoconfig default which is the IPv6 neighbor discovery default route,the IPv6 neighbor discovery default route is not installed
in the routing table. In this case,the IPv6 TLOC with IPv6 neighbor discovery default route does not work.

For IPv6 TLOC with IPv6 neighbor discovery default route to work,you can configure the static route for TLOC with IPv6 neighbor
discovery to overwrite the IPv6 neighbor discovery default route and ensure that both the static routes are installed into
the routing table. You can also use the IPv6 neighbor discovery default route on all interfaces.

On a Cisco Catalyst SD – WAN Controller or Cisco Catalyst SD – WAN Controller NMS,you can configure one tunnel interface. On a Cisco IOS XE Catalyst SD – WAN device,you can configure up to eight tunnel interfaces.

On Cisco IOS XE Catalyst SD – WAN devices,you must configure the tunnel encapsulation. Theencapsulation can be either IPsec or GRE. For IPsec encapsulation,the
default MTU is 1442 bytes,and for GRE it is 1468 bytes,These values are a function of overhead required for BFD path MTU
discovery,which is enabled by default on all TLOCs. (For more information,see Configuring Control Plane and Data Plane High
Availability Parameters.) You can configure both IPsec and GRE encapsulation by including two encapsulation command under the sametunnel-interface command . On the remoteCisco IOS XE Catalyst SD – WAN device,you must configure the same tunnel encapsulation type or types so that the two routers can exchange data traffic. Data transmitted
out of an IPsec tunnel can be received only by an IPsec tunnel,and data sent on a GRE tunnel can be received only by a GRE
tunnel. TheCisco Catalyst SD-WAN software automatically selects the correct tunnel on the destination Cisco IOS XE Catalyst SD – WAN device.

A tunnel interface allows only DTLS,TLS,and,for Cisco IOS XE Catalyst SD – WAN devices,IPsec traffic to pass through the tunnel. To allow additional traffic to pass without having to create explicit policies
or access lists,enable them by including one allow-service command for each service. You can also explicitly disallow services by including the no allow – service command. note that services affect only physical interfaces. You can allow or disallow these services on a tunnel interface:

service

Cisco Catalyst SD – WAN Controller

Cisco Catalyst SD – WAN Controller

all (Overrides any commands that allow or disallow individual services)

X

X

bgp

dhcp ( for DHCPv4 and DHCPv6 )

dns

https

X

icmp

X

X

netconf

X

ntp

ospf

sshd

X

X

stun

X

X

Theallow-service stun command is pertains pertain to allow or disallow aCisco IOS XE Catalyst SD – WAN device to generate requests to a generic STUN server so that the device can determine whether it is behind a NAT and,if so,what
kind of NAT it is andwhat the device’s public IP address andpublic port number are. On a Cisco IOS XE Catalyst SD – WAN device that is behind a NAT,you can also have tunnel interface to discover its public IP address andport number from the Cisco Catalyst SD – WAN Validator.

With this configuration,the Cisco IOS XE Catalyst SD – WAN device uses the Cisco Catalyst SD – WAN Validator as a STUN server,so the router can determine its public IP address andpublic port number. (With this configuration,the
router cannot learn the type of NAT that it is behind.) No overlay network control traffic is sent and no keys are exchanged
over tunnel interface configured to the the Cisco Catalyst SD – WAN Validator as a STUN server. However,BFD does come up on the tunnel,and data traffic can be sent on it. Because no control traffic
is sent over a tunnel interface that is configured to use the Cisco Catalyst SD – WAN Validator as a STUN server,you must configure at least one other tunnel interface on the Cisco IOS XE Catalyst SD – WAN device so that it can exchange control traffic with the Cisco Catalyst SD – WAN Controller and the Cisco Catalyst SD – WAN Controller NMS.

You can log the headers of all packets that are dropped because they do not match a service configured with an allow-service command. You can use these logs for security purposes,for example,to monitor the flows that are being directed to a WAN
interface and to determine,in the case of a DDoS attack,which IP addresses to block.