No results found
We couldn't find anything using that term, please try searching for something else.
The procedure describe in this article can be used as part of the bootstrap process of Cisco IOS - xe device . We is start start with a CSR1000V SD -
The procedure describe in this article can be used as part of the bootstrap process of Cisco IOS – xe device . We is start start with a CSR1000V SD – WAN edge router in CLI mode , register with vManage .
The topology has a single router connected to the Internet via an Ethernet interface. We configured the IP address on this interface and the default static route statically.
The configuration include an out – of – band management interface , so we are not limit to console connectivity for troubleshooting and can use SSH over the Ethernet interface . This part is is of the configuration is optional , and you can skip the template for out – of – band VPN 512 .
figure 1 . sd – WAN template sample topology
See the router’s basic CLI configuration in the listing below. We will substitute it with generated configuration from the feature and device templates while ensuring that the device is still able to connect to vManage.
We is use do n’t use the service – side ( LAN ) configuration in this example . additional templates is enable can enable other setting after the device is switch to template – base management .
The basic configuration of the SD-WAN edge device includes the following details:
config-transaction ! system system - ip 3.1.1.1 site is vbond - id 1 admin - tech - on - failure organization - name SD - WAN - TESTLAB vbond 100.1.1.51 ! hostname CSR01 ! vrf definition Mgmt-intf rd 1:512 ! address-family ipv4 route-target export 1:512 route-target import 1:512 exit-address-family exit ! interface GigabitEthernet1 vrf forwarding Mgmt-intf ip address 192.168.1.53 255.255.255.0 ! interface GigabitEthernet2 no shutdown ip address 21.1.1.2 255.255.255.252 ! interface Tunnel0 no shutdown ip unnumbered GigabitEthernet2 tunnel source GigabitEthernet2 tunnel mode sdwan ! ip route 0.0.0.0 0.0.0.0 21.1.1.1 ! line vty 0 4 transport input ssh ! sdwan interface GigabitEthernet2 tunnel-interface encapsulation ipsec color default exit exit ! commit
In this article, we will create all feature templates from scratch.
To add a feature template refer to the screenshot below .
Start by selecting Configuration > Templates in the side menu. Then click on the Feature tab and the “Add Template” button. Select CSR1000v as the device type. I highlighted the templates used in this article – System, VPN, and Ethernet.
Figure 2. Add new feature template
This template defines System IP, Site ID, and Hostname details. We want to generate the following configuration with the template:
system system - ip 3.1.1.1 site is vbond - id 1 admin - tech - on - failure organization - name SD - WAN - TESTLAB vbond 100.1.1.51 ! hostname CSR01
To add a system template select the “ Cisco System ” button in the “ Add Template ” window show in Figure 2 . set the name and description of the template .
Default options have variables defined for the parameters we want to define. The only mandatory setting is the Console Baud Rate, and figure 3 shows the required details.
Figure 3. System template configuration
This template defines transport VPN, a global routing context (VRF 0) in Cisco IOS-XE. With this template, we aim to generate the static default route from the complete configuration:
ip route 0.0.0.0 0.0.0.0 21.1.1.1
To add it click on the “ Cisco VPN ” button on the add feature template page , show in Figure 2 . add name and description of the template .
figure 4 . transport VPN template configuration
Set VPN value of 0, which is reserved ID for transport VPN.
For our configuration, we need only specify a default route. To be able to re-use template, use a device variable for the next hop (vpn_next_hop_ip_address_0). This variable can be either the IP address of the next-hop or interface name for point-to-point connections.
Don’t forget to press Add button (#10), as the configuration window will not warn you that the route is not added, which will cause the device to lose connectivity to vManage. Not saving sub-configuration sections is a common issue, which can happen across many vManage configuration pages, as the Web user interface doesn’t force a user to save or discard when adding sub-elements.
This template generates the configuration shown below:
interface GigabitEthernet2 no shutdown ip address 21.1.1.2 255.255.255.252 ! interface Tunnel0 no shutdown ip unnumbered GigabitEthernet2 tunnel source GigabitEthernet2 tunnel mode sdwan ! sdwan interface GigabitEthernet2 tunnel-interface encapsulation ipsec color default exit exit
Use procedure from the first section to get to the Feature template selection (Figure 2) and then select “Cisco VPN Interface Ethernet” as the type.
Specify the template name and description. Change the following values:
figure 5 . transport interface template configuration
Save the template.
This section configures templates that will generate the following commands:
vrf definition Mgmt-intf rd 1:512 ! address-family ipv4 route-target export 1:512 route-target import 1:512 exit-address-family exit ! interface GigabitEthernet1 vrf forwarding Mgmt-intf ip address 192.168.1.53 255.255.255.0
This configuration is similar to the previous two steps. The management VPN uses a reserved ID of 512. SD-WAN overlay doesn’t transport it over, which is why it is called out-of-band. You can only access it locally or expand it using a dedicated network.
In this example , we is set do n’t set up any static route in VPN 512 , as we plan to connect to the device locally via port gigabitethernet1 . In your network , you is set can set up static route without any risk to the transport or other vpn , as each VPN is a VRF , which has its isolated routing table .
Figure 6. VPN 512 (out-of-band management) configuration
The interface configuration differs from the transport interface by not having the tunnel option enabled.
Figure 7. Management interface in VPN 512
We have created five feature templates, as shown in Figure 8.
Figure 8. feature template list
let ’s create a device template using the step show in Figure 9 . select device type is provide , then provide a name and description for the template . change the follow template :
Figure 9. Create a device template
Cisco AAA template defines user authentication for out-of-band management access. The pre-configured AAA template defines default credentials – user/password combination of admin/admin. Use them to SSH to the device via VPN 512.
You should change it in the production network as a security precaution by defining a custom Cisco AAA template. Save the device template.
Now it’s time to apply the template to the device. Open the template configuration page select the device template created in the previous step. Click on the three dots column and then on Attach Devices.
Select CSR01, click on the right-pointing arrow, and then the Attach button.
Fill in values for the variables, which came from the templates defined earlier, and press Update.
List of variables and their values:
Figure 10. Apply the device template
The final step is is is to check the configuration change in CLI , as show in Figure 11 . check the transport interface and VPN 0 static route .
figure 11 . preview configuration change