Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configuration Commands

Overview of Configuration Commands
a
aaa
system aaa—Configure role-based access to a Viptela device using authentication, authorization, and accounting.
access-list
policy access-list, vpn interface access-list—Configure or apply an IPv4 access list.
access-list
policy ipv6 access-list, vpn interface access-list—Configure or apply an IPv6 access list.
accounting-interval
vpn interface dot1x accounting-interval—How often to send interim accounting updates during an 802.1X session.
acct-req-attr
vpn interface dot1x acct-req-attr—Configure that accounting attributes to send to the RADIUS accounting server during an 802.1X session.
action
policy app-route-policy vpn-list sequence action, policy control-policy sequence action, policy route-policy sequence action, policy data-policy vpn-list sequence action, policy vpn-membership sequence action—Configure the actions to take when the match portion of an IPv4 policy is met.
action
policy ipv6 access-list sequence action—Configure the actions to take when the match portion of an IPv6 policy is met.
address-family
vpn router bgp address-family, vpn router bgp neighbor address-family—Configure global and per-neighbor BGP address family information.
address-pool
vpn interface dhcp-server address-pool—Configure the pool of addresses in the service-site network for which the interface acts as DHCP server.
admin-auth-order
system aaa admin-auth-order—Have the "admin" user use the authentication order configured in the auth-order command.
admin-state
vpn interface dhcp-server admin-state—Enable or disable the DHCP server functionality on the interface.
admin-tech-on-failure
system admin-tech-on-failure—When a Viptela device reboots, collect system status information.
advertise
omp advertise—Advertise routes learned locally by the vEdge router to OMP.
age-time
bridge age-time—Configure when MAC table entries age out.
allow-local-exit
vpn cloudexpress allow-local-exit—Configure Cloud OnRamp for SaaS to use an interface with Direct Internet Access (DIA).
allow-same-site-tunnels
system allow-same-site-tunnels—Allow tunnels to be formed between vEdge routers in the same site.
allow-service
vpn 0 interface tunnel-interface allow-service—Configure the services that are allowed to run over the WAN connection in VPN 0, which is the VPN that is reserved for control plane traffic.
app-route-policy
policy app-route-policy—Configure or apply an application-aware routing policy.
app-visibility
policy app-visibility—Enable application visibility so that a vEdge router can monitor and track the applications running on the LAN.
applications
vpn cloudexpress applications—Configure applications for which to enable Cloud OnRamp for SaaS.
apply-policy
apply-policy—Have a policy take effect by applying it to sites within the overlay network.
archive
system archive— Periodically archive a copy of the full running configuration to an archival file.
area
vpn router ospf area—Configure an OSPF area within a VPN on a vEdge router.
arp
vpn interface arp—Configure an ARP table entry for an interface in a VPN.
arp-timeout
vpn interface arp-timeout—Configure how long it takes for a dynamically learned ARP entry to time out.
auth-fail-vlan
vpn interface dot1x auth-fail-vlan—Configure a critical VLAN on an interface running IEEE 802.1X.
auth-fallback
auth-fallback—Configure authentication to fall back to the next authentication method if a higher-priority authentication method fails.
auth-order
system aaa auth-order—Configure the order is which the Viptela software tries different authentication methods when verifying  user access to a Viptela device.
auth-order
vpn interface dot1x auth-order—Configure the order in which the Viptela software tries different authentication methods when authenticating devices that are attempting to connect to a WAN.
auth-reject-vlan
vpn interface dot1x auth-reject-vlan—Configure an authentication-reject VLAN to place IEEE 802.1X-enabled clients into if authentication is rejected by the RADIUS server.
auth-req-attr
vpn interface dot1x auth-req-attr—Configure RADIUS authentication attribute–value (AV) pairs to send to the RADIUS accounting server during an 802.1X session.
authentication
vpn router ospf area interface authentication—Configure authentication for OSPF protocol exchanges.
authentication-type
vpn interface ike authentication-type—Configure the type of authentication to use during IKE key exchange.
authentication-type
security ipsec authentication-type—Configure the type of authentication to use on IPsec tunnel connections between vEdge routers.
auto-cost reference-bandwidth
vpn router ospf auto-cost reference-bandwidth—Control how OSPF calculates the default metric for an interface.
auto-rp
vpn router pim auto-rp— Enable and disable auto-RP for PIM.
autonegotiate
Configure whether an interface runs in autonegotiation mode.
b
bandwidth-downstream
vpn interface bandwidth-downstream—Generate notifications when the bandwidth of traffic received on a physical interface in the WAN transport VPN exceeds a specific limit.
bandwidth-upstream
vpn interface bandwidth-upstream—Generate notifications when the bandwidth of traffic transmitted on a physical interface in the WAN transport VPN exceeds a specific limit.
banner login
banner login—Configure banner text to be displayed before the login prompt.
banner motd
banner motd—Configure banner text to be displayed after a user logs in to a Viptela device.
best-path
vpn router bgp best-path—Configure how the active BGP path is selected.
bfd app-route
bfd—Configure the Bidirectional Forwarding Protocol timers used by application-aware routing.
bfd color
bfd color—Configure the Bidirectional Forwarding Protocol timers used on transport tunnels.
bgp
vpn router bgp— Configure BGP within a VPN on a vEdge router.
bind
vpn 0 interface tunnel-interface bind—Bind a physical WAN interface to a loopback interface.
block-icmp-error
vpn interface nat block-icmp-error— Prevent a vEdge router that is acting as a NAT device from receiving inbound ICMP error messages.
block-non-source-ip
vpn interface block-non-source-ip—Do not allow an interface to forward traffic if the source IP address of the traffic does not match the IP prefix range.
bridge
bridge—Create a bridging domain.
c
capability-negotiate
vpn router bgp capability-negotiate—Allow the BGP session to learn about the BGP extensions that are supported by the neighbor.
carrier
vpn 0 interface tunnel-interface carrier—Associate a carrier name or private network identifier with a tunnel interface.
cellular
cellular—Configure a cellular module.
cflowd-template
policy cflowd-template—Create a template that defines the location of cflowd collectors, how often sets of sampled flows should be sent to the collectors, and how often the cflowd template should be sent to the collectors.
channel
wlan channel—Specify the radio channel.
channel-bandwidth
wlan channel-bandwidth—Specify the IEEE 802.11n and 802.11ac channel bandwidth.
cipher-suite
vpn interface ipsec ike cipher-suite, vpn interface ipsec ipsec cipher-suite—Configure the type of authentication and integrity to use during IKE key exchange and on the IPsec tunnel being used for IKE key exchange.
class-map
class-map—Map forwarding classes to output queues.
clear-dont-fragment
vpn interface clear-dont-fragment—Clear the Don't Fragment (DF) bit in the IPv4 packet header for packets being transmitted out the interface.
clock
system clock—Set the timezone to use on the local device.
cloud-qos
policy cloud-qos—Enable QoS scheduling and shaping for traffic that the router receives from transport-side interfaces.
cloud-qos-service-side
policy cloud-qos-service-side—Enable QoS scheduling and shaping for traffic that the router receives from service-side interfaces.
cloudexpress
vpn cloudexpress—Configure Cloud OnRamp for SaaS in a VPN.
collector
policy cflowd-template collector—Configure the address of a cflowd collector (on vSmart controllers only).
color
vpn 0 interface tunnel-interface color—Identify an individual WAN transport tunnel.
community
snmp community—Define an SNMP community.
compatible rfc1583
vpn router ospf compatible rfc1583—Calculate the cost of summary routes based on RFC 1583 rather than RFC 2328.
connections-limit
vpn 0 interface tunnel-interface connections-limit—Configure the maximum number of HTTPS connections that can be established to a vManage application server.
console-baud-rate
system console-baud-rate—Change the baud rate of the console connection on a vEdge router.
contact
snmp contact—Configure the name of a network management contact person for this Viptela device.
container
container—Configure a vSmart controller as a container with a vContainer host.
control
security control—Configure the protocol to use on control-plane connections to a vSmart controller.
control-connections
vpn 0 interface tunnel-interface control-connections—Attempt to establish a DTLS or TLS control connection for a TLOC.
control-direction
vpn interface dot1x control direction—Configure how the 802.1x interface sends packets to and receive packets from unauthorized hosts.
control-policy
policy control-policy—Configure or apply a centralized control policy.
control-session-pps
system control-session-pps—Police the flow of DTLS control session traffic.
controller-group-id
system controller-group-id—Configure the identifier of the controller group to which a vSmart controller belongs.
controller-group-list
system controller-group-list—List of controller groups to which the vEdge router belongs.
cost
vpn router ospf area interface cost—Configure the cost of an OSPF interface.
country
wlan country—Specify the country for the WLAN.
d
das
vpn interface dot1x das—Configure DAS parameters so the router can accept CoA request from a RADIUS server.
data-policy
policy data-policy—Configure or apply a centralized data policy based on data packet header fields.
data-security
wlan interface data-security—Configure the WPA data security method to use an IEEE 802.11i wireless LAN.
dead-interval
vpn router ospf area interface dead-interval—Set the interval during which at least one OSPF hello packet must be received from a neighbor before declaring that neighbor to be down.
dead-peer-detection
vpn interface dead-peer-detection—Configure the parameters for detecting unreachable IKE peers.
default-action
policy control-policy default-action, policy route-policy default-action, policy data-policy vpn-list default-action, policy vpn-membership default-action—Configure the default action to take when the match portion of a policy is not met.
default-information originate
vpn router ospf default-information originate—Generate a default external route into an OSPF routing domain.
default-vlan
vpn interface dot1x default-vlan—Configure the VLAN for 802.1X–compliant clients that are successfully authenticated by the RADIUS server.
description
description—Configure a text description for a parameter or property.
device-groups
device-groups—Configure one or more groups to which the Viptela device belongs.
dhcp-helper
vpn interface dhcp-helper—Allow an interface to act as a DHCP helper.
dhcp-server
vpn interface dhcp-server—Enable DHCP server functionality on a vEdge router so it can assign IP addresses to hosts in the service-side network.
direction
vpn interface nat direction— Configure the direction in which a NAT interface performs address translation.
discard-rejected
omp discard-rejected—Have OMP discard routes that have been rejected on the basis of policy.
distance
Define the BGP route administrative distance based on route type.
distance
vpn router ospf distance—Define the OSPF route administration distance based on route type.
dns
vpn dns—Configure the address of a DNS server within a VPN.
domain-id
system domain-id — Configure the identifier for the Viptela overlay network domain.
dot1x
vpn interface dot1x—Configure port-level 802.1X parameters on a router interface.
duplex
vpn interface duplex—Configure whether the interface runs in full-duplex or half-duplex mode.
e
ebgp-multihop
vpn router bgp neighbor ebgp-multihop—Attempt BGP connections to and accept BGP connections from external peers on networks that are not directly connected to this network.
ecmp-hash-key
vpn ecmp-hash-key—Determine how equal-cost paths are chosen.
ecmp-limit
omp ecmp-limit—Configure the maximum number of OMP paths that can be installed in the vEdge router's route table.
eco-friendly-mode
system eco-friendly — Configure a vEdge router not to use its CPU minimally or not at all when the router is not processing any packets.
encapsulation
vpn 0 interface tunnel-interface encapsulation—Set the encapsulation for the tunnel interface.
exclude
vpn interface dhcp-server exclude—Exclude specific addresses from the pool of addresses for which the interface acts as DHCP server.
exclude-controller-group-list
vpn 0 interface tunnel-interface exclude-controller-group-list—Configure the vSmart controllers that the tunnel interface is not allowed to connect to.
f
flow-active-timeout
policy cflowd-template flow-active-timeout—For a cflowd template, how long to collect a set of flows for a flow on which traffic is actively flowing.
flow-control
vpn interface flow-control—Configure flow control, which is a mechanisms for temporarily stopping the transmission of data on the interface.
flow-inactive-timeout
policy cflowd-template flow-inactive-timeout—For a cflowd template, how long to wait to send a set of sampled flows to a collector for a flow on which no traffic is flowing.
flow-sampling-interval
policy cflowd-template flow-sampling-interval—For a cflowd template, how many packets to wait before creating a new flow.
flow-visibility
policy flow-visibility—Enable cflowd visibility so that a vEdge router can perform traffic flow monitoring on traffic coming to the router from the LAN.
g
gps-location
system gps-location—Set the latitude and longitude of the Viptela device.
graceful-restart
omp graceful-restart—Control graceful restart for OMP.
group
vpn interface ike group—Configure the group number for an IKEv1 session.
group
snmp group—Configure an SNMPv3 group.
guard-interval
wlan guard-interval—Configure the amount of time between symbol transmissions on a wireless WAN.
guest-vlan
vpn interface dot1x guest-vlan—Configure a guest VLAN to provide network access to limited services for non-802.1X-enabled clients.
h
hello-interval
vpn router ospf area interface hello-interval—Set the interval at which the router sends OSPF hello packets.
hello-interval
vpn router pim interface hello-interval— Modify the PIM hello message interval for an interface.
hello-interval
vpn 0 interface tunnel-interface hello-interval—Configure the interval between Hello packets sent on a DTLS or TLS WAN transport connection.
hello-tolerance
vpn 0 interface tunnel-interface hello-tolerance—Configure how long to wait for a Hello packet on a DTLS or TLS WAN transport connection before declaring that transport tunnel to be down.
host
vpn host—Configure a static mapping between a hostname and an IP address.
host-mode
vpn interface dot1x host-mode—Set whether the 802.1X interface grants access to a single client or to multiple clients.
host-name
system host-name—Configure a name for the Viptela device, to be prepended to the device's shell prompt.
host-policer-pps
system host-policer-pps—For a policer, configure the rate to deliver packets to the control plane.
i
icmp-error-pps
system icmp-error-pps—For a policer, configure how many ICMP error messages can be generated per second.
idle-timeout
Set how long the CLI is inactive before the user is logged out.
igmp
vpn router igmp—Configure IGMP.
ike
vpn interface ipsec ike—Configure the Internet Key protocol for use on an IPsec tunnel.
implicit-acl-logging
policy implicit-acl-logging—Log all flows that are not explicitly configured with an allow-services command.
interface
bridge interface—Associate an interface with a bridging domain.
interface
vpn router igmp interface—Configure the interfaces that participate in the IGMP domain, and configure the groups for the interface to join.
interface
vpn router pim interface— Configure the interfaces that participate in the PIM domain, and configure PIM timers for the interfaces.
interface
vpn interface— Configure an interface within a VPN.
interface
wlan interface—Configure virtual access points (VAPs) for an IEEE 802.11i wireless LAN.
interface gre
vpn interface gre—Configure a GRE tunnel interface interface in the transport VPN.
interface ipsec
vpn interface ipsec—Configure IKE parameters for IPsec tunnels.
interface irb
vpn interface irb—Configure an interface to use for integrated routing and bridging (IRB).
interface
vpn router ospf area interface—Configure the properties of an interface in an OSPF area.
interface ppp
vpn interface ppp—Configure the Point-to-Point Protocol over Ethernet (PPPoE).
ipsec
vpn interface ipsec ipsec—Configure the IPsec tunnel to use for IKE key exchange.
ipsec
security ipsec—Configure parameters for IPsec tunnel connections.
iptables-enable
system iptables-enable—Enable the collection of iptable packet-filtering chains for all DTLS peers.
ip address
vpn interface ip address—Configure an interface's IPv4 address.
ip dhcp-client
vpn interface ip dhcp-client—Configure an interface in VPN 0 to receive its IPv4 address from a DHCP server.
ip route
vpn ip route—Configure an IPv4 static route in a VPN.
ipv6 address
vpn 0 interface ipv6—Configure a static IPv6 address IPv6 on an interface.
ipv6 dhcp-client
vpn 0 interface ipv6 dhcp-client—Configure an interface in the WAN transport VPN (VPN 0) to receive its IPv6 address from a DHCPv6 server.
ipv6 route
vpn 0 ipv6 route—Configure an IPv6 static route in a VPN.
ip address-list
ip address-list—Configure the IP addresses reachable by the interfaces on a container.
ip gre-route
vpn ip gre-route—Configure a GRE-specific static route in a service VPN (a VPN other than VPN 0 or VPN 512) to direct traffic from the service VPN to a GRE tunnel.
ip ipsec-route
vpn ip ipsec-route—Configure an IPsec-specific static route in a service VPN (a VPN other than VPN 0 or VPN 512) to direct traffic from the service VPN to an IPsec tunnel
ip secondary-address
vpn interface secondary-address—Configure secondary IPv4 addresses for a service-side interface.
j
join-group
vpn router igmp interface join-group—Configure an interface on the vEdge router to initiate a request to join a multicast group.
join-prune-interval
vpn router pim interface join-prune-interval— Modify the PIM join/prune message interval for an interface.
k
keepalive
vpn interface gre keepalive—Configure how often a GRE interface sends keepalive packets.
l
last-resort-circuit
vpn 0 interface tunnel-interface last-resort-circuit—Use this tunnel interface as the gateway of last resort.
lease-time
vpn interface dhcp-server lease-time—Configure the time period for which a DHCP-assigned IP address is valid.
lists
policy lists—Create groupings of similar objects, such as IP prefixes, sites, TLOC addresses, and AS paths, for use when configuring policy match conditions or action operations and for when applying a policy.
local-interface-list
vpn cloudexpress local-interface-list—Configure Direct Internet Access (DIA) interfaces for Cloud OnRamp for SaaS.
location
system location—Configure a text string the describes the location of the device.
location
snmp location—Configure the location of the device.
log-frequency
policy log-frequency—Configure how often packet flows are logged.
log-translations
vpn interface nat log-translations— Log the creation and deletion of NAT flows.
logging disk
system logging disk—Log event notification system log (syslog) messages to a file on the local device's hard disk.
logging server
system logging server — Log event notification system logging (syslog) messages to a remote host.
logs
system aaa logs—Configure the logging of AAA and Netconf system logging (syslog) messages.
low-bandwidth-link
vpn 0 interface tunnel-interface low-bandwidth-link—Characterize the tunnel interface as a low-bandwidth link.
m
mac-accounting
vpn interface mac-accounting—Generate accounting information for IP traffic.
mac-address
vpn interface mac-address—Configure a MAC address to associate with the interface in the VPN.
mac-authentication-bypass
vpn interface dot1x mac-authentication-bypass—Authorize clients based on the client's MAC address when IEEE 802.1X authentication times out.
match
policy match—Define the properties that must be matched so that an IPv4 policy action can take effect.
match
policy ipv6 access-list sequence match—Define the properties that must be matched so that an IPv6 policy action can take effect.
max-clients
wlan interface max-clients—Configure the maximum number of clients allowed to connect to the wireless LAN.
max-control-connections
vpn 0 interface tunnel-interface  max-control-connections—Configure the maximum number of vSmart controllers that the WAN tunnel interface can connect to.
max-controllers
system max-controllers—Configure the maximum number of vSmart controllers that the vEdge router is allowed to connect to.
max-leases
vpn interface dhcp-server max-leases—Configure the maximum number of IP addresses that can be assigned.
max-macs
bridge max-macs—Set the maximum number of MAC addresses that a bridging domain can learn.
max-metric
vpn router ospf max-metric—Configure OSPF to advertise a maximum metric so that other routers do not prefer this vEdge router as an intermediate hop in their Shortest Path First calculation.
max-omp-sessions
system max-omp-sessions—Configure the maximum number of OMP sessions that a vEdge router can establish to vSmart controllers.
mgmt-security
wlan interface mgmt-security—Configure the encryption of management frames sent on the wireless LAN.
mirror
mirror—Configure or apply a mirror to copy data packets to a specified destination for analysis.
mode
vpn interface ike mode—Configure the mode to use in IKEv1 Diffie-Hellman key exchanges.
mtu
vpn interface mtu—Set the maximum MTU size of packets on an interface.
multicast-buffer-percent
system multicast-buffer-percent—Configure the amount of interface bandwidth that multicast traffic can use.
multicast-replicator
vpn router multicast-replicator— Configure a vEdge router to be a multicast replicator.
n
name
snmp name—Provide a text name for the Viptela device.
name
vpn name—Provide a text description for the VPN.
nas-identifier
vpn interface dot1x nas-identifier—Configure the NAS identifier of the local router, to send to the RADIUS server during an 802.1X session.
nas-ip-address
vpn interface dot1x nas-identifier—Configure the NAS IP address of the local router, to send to the RADIUS server during an 802.1X session.
nat
vpn interface nat— Configure a vEdge router to act as a NAT device.
nat-refresh-interval
vpn 0 interface tunnel-interface nat-refresh-interval—Configure the interval between NAT refresh packets sent on a DTLS or TLS WAN transport connection.
natpool
vpn interface nat natpool—Configure a pool of addresses to use in NAT translation.
neighbor
vpn router bgp neighbor—  Configure a BGP neighbor.
network
vpn router ospf area interface network—Set the OSPF network type.
next-hop-self
vpn router bgp neighbor next-hop-self—Configure the router to be the next hop to the BGP neighbor.
node-type
vpn cloudexpress node-type—Configure a node type for Cloud OnRamp for SaaS.
nssa
vpn router ospf area nssa—Configure an OSPF area to be an NSSA (a not-so-stubby area).
ntp
system ntp—Configure Network Time Protocol (NTP) servers and MD5 authentication keys for the servers.
o
offer-time
vpn interface dhcp-server offer-time—Configure how long the IP address offered to a DHCP client is reserved for that client.
omp
omp, vpn omp— Modify the OMP configuration.
options
vpn interface dhcp-server options—Configure the DHCP options to send to the client when the DHCP client request them.
organization-name
system organization-name—Configure the name of your organization.
ospf
vpn router ospf—Configure OSPF within a VPN on a vEdge router.
overlay-as
omp overlay-as—Configure a BGP AS number that OMP advertises to the router's BGP neighbors
overload
vpn interface nat overload— Control the mapping of addresses on a vEdge router that is acting as a NAT device.
p
passive-interface
vpn router ospf area interface passive-interface—Set the OSPF interface to be passive.
password
vpn router bgp neighbor password—Configure message digest5 (MD5) authentication and an MD5 password on the TCP connection with the BGP peer.
perfect-forward-secrecy
vpn interface ipsec ipsec perfect-forward-secrecy—Configure the PFS settings to use on an IPsec tunnel that is being used for IKE key exchange.
pim
vpn router pim— Configure PIM.
pmtu
vpn interface pmtu—Enable path MTU discovery on the interface, to allow the router to determine the largest MTU size supported without requiring packet fragmentation.
policer
policy policer—Configure or apply a policer to be used for data traffic.
policy
policy—Configure IPv4 policy.
policy ipv6
policy ipv6—Configure IPv6 policy.
port-forward
On a vEdge router operating as a NAT gateway, create port-forwarding rules to allow requests from an external network to reach devices on the internal network.
port-hop
system port-hop, vpn 0 interface tunnel-interface—For a Viptela device that is behind a NAT device or for an individual tunnel interface (TLOC) on that Viptela device, rotate through a pool of preselected OMP port numbers, known as base ports, to establish DTLS connections with other Viptela devices when a connection attempt is unsuccessful
port-offset
system port-offset—Offset the base port numbers to use for the TLOC when multiple Viptela devices are present behind a single NAT device.
ppp
vpn 0 interface ppp—Configure the Point-to-Point Protocol properties associated with a PPPoE virtual interface.
pppoe-client
vpn interface pppoe-client—Enable a PPPoE client on an interface.
priority
vpn router ospf area interface priority—Set the priority of the router to be elected as the designated router.
profile
cellular profile—Add, modify, or delete a cellular profile.
profile
vpn 0 interface cellular profile—Configure the profile assigned to a cellular interface.
propagate-aspath
vpn router bgp propagate-aspath—Carry the BGP AS path into OMP.
q
qos-map
qos-map—Configure a QoS map or apply one on an interface.
qos-scheduler
policy qos-scheduler—Configure a QoS scheduler for a forwarding class.
r
radius
system radius—Configure the properties of a RADIUS server to use for AAA authorization and authentication, and IEEE 802.1X LAN and IEEE 802.11i WLAN authentication.
radius-servers
system aaa radius-servers, vpn interface dot1x radius-servers, wlan interface radius-servers—Configure which RADIUS servers to use for AAA, IEEE 802.1X, and IEEE 802.11i authentication.
range
vpn router ospf area range—Summarize OSPF areas at an area boundary so that only a single summary router is advertised to other areas by an ABR.
reauthentication
vpn interface dot1x reauthentication—Enable periodic reauthentication of 802.1X clients.
redistribute
vpn router ospf redistribute—Redistribute routes learned from other protocols into OSPF.
refresh
vpn interface nat refresh— Configure how NAT mappings are refreshed.
rekey
vpn interface ipsec ike rekey, vpn interface ipsec ipsec rekey—Modify the IPsec rekeying timer to use during IKE key exchanges or on the IPsec tunnel being used for IKE key exchange.
rekey
security ipsec rekey—Modify the IPsec rekeying timer.
remote-as
vpn router bgp neighbor remote-as—Configure AS number of the remote peer.
replay-window
vpn interface ipsec ipsec replay-window—Modify the size of the IPsec replay window on an IPsec tunnel that is being used for IKE key exchange.
replay-window
security ipsec replay-window—Modify the size of the IPsec replay window.
replicator-selection
vpn router pim replicator-selection— Allow vEdge routers to use different replicators for the same multicast group.
respond-to-ping
vpn interface nat respond-to-ping—Have a vEdge router that is acting as a NAT device respond to ping requests received from the public side of the connection.
retransmit-interval
vpn router ospf area interface retransmit-interval—Set the interval at which the router retransmits OSPF link-state advertisements to its adjacencies.
rewrite-rule
rewrite-rule—Configure a rewrite rule to overwrite the DSCP field of a packet's outer IP header, or apply a rewrite rule on an interface.
route-consistency-check
system route-consistency-check—Check whether the IPv4 routes in the device's route and forwarding table are consistent.
route-policy
policy route-policy—Configure or apply a localized control policy.
router
vpn router— Configure the BGP, OSPF, and PIM routing protocol to run in a VPN.
router-id
vpn router bgp router-id—Configure the BGP router ID, which is the IP address associated with the router for BGP sessions.
router-id
vpn router ospf router-id—Configure the OSPF router ID, which is the IP address associated with the router for OSPF adjacencies.
s
security
security—Configure security parameters.
send-backup-paths
omp send-backup-paths—Have OMP send backup routes to vEdge routers (on vSmart controllers only). By default, OMP sends only the best route or routes.
send-community
vpn router bgp neighbor send-community—Send the local router's BGP community attribute to the BGP neighbor.
send-ext-community
vpn router bgp neighbor send-ext-community—Send the local router's BGP extended community attribute to the BGP neighbor.
send-path-limit
omp send-path-limit—Configure the number of routes that can be advertised.
service
vpn service—Configure a service, such as a firewall or IDS, that is present on the local network in which the vEdge router is located.
shaping-rate
vpn interface shaping-rate—Configure the aggregate traffic rate on an interface to be less than line rate so that the interface transmits less traffic than it is capable of transmitting.
shutdown
shutdown—Disable or enable a parameter or property.
site-id
system site-id—Configure the identifier of the site in the Viptela overlay network, such as a branch, campus, or data center, in which the device resides.
sla-class
policy sla-class—Create groupings of properties that identify an application for a policy to use with application-aware routing.
snmp
snmp—Configure the Simple Network Management Protocol.
sp-organization-name
system sp-organization-name—Configure the name of your service provider for a vBond orchestrator or vSmart controller that is part of a software multitenant architecture.
speed
vpn interface speed—Set the speed of the interface.
spt-threshold
vpn router pim spt-threshold— Configure when a PIM router should join the shortest-path source tree.
ssid
wlan interface ssid—Configure the service set identifier (SSID) for a WLAN.
static-ingress-qos
vpn interface static-ingress-qos—Allocate ingress traffic on an interface to a specific queue.
static-lease
vpn interface dhcp-server static-lease—Assign a static IP address to a host or other device on the service-side network.
static
vpn interface nat static— Configure 1:1 static NAT on a vEdge router that is acting as a NAT device.
stub
vpn router ospf area stub—Configure an OSPF stub area.
system
system—Configure system-wide parameters.
system-ip
system system-ip—Configure a system IP address for a Viptela device.
system-tunnel-mtu
system system-tunnel-mtu—Configure the MTU to use on the DTLS tunnels that send control traffic between Viptela devices.
t
tacacs
system tacacs—Configure the properties of a TACACS+ server that is used in conjunction with AAA to authorize and authenticate users who attempt to access Viptela devices.
tcp-mss-adjust
vpn interface tcp-mss-adjust—Adjust the maximum segment size (MSS) of TCP SYN packets passing through a vEdge router.
tcp-optimization
vpn tcp-optimization—Fine-tune TCP to decrease round-trip latency and improve throughout for TCP traffic.
tcp-optimization-enabled
system tcp-optimization-enabled—Carve out a separate CPU core to use for performing TCP optimization.
tcp-timeout
vpn interface nat tcp-timeout— Configure when NAT translations over a TCP session time out.
technology
vpn 0 interface cellular technology—Associate a radio access technology with a cellular interface.
template-refresh
policy cflowd-template template-refresh—How often to send the cflowd template record fields to the collector.
timeout inactivity
vpn interface dot1x timeout inactivity—Set how long to wait before revoking the authentication of an client that is using 802.1X to access a network.
timer
system timer—Configure the DNS cache timeout.
timers
vpn router bgp timers, vpn router bgp neighbor timers—Configure global and per-neighbor BGP timers.
timers
omp timers—Configure OMP timers on vEdge routers and vSmart controllers.
timers
vpn router ospf timers—Configure OSPF timers.
tloc-extension
vpn 0 interface tloc-extension—Bind this interface, which connects to another vEdge router at the same site, to the local router's WAN transport interface.
tloc-extension-gre-from
tloc-extension-gre-from—Configure an interface as an extended interface channeling the TLOC traffic from the source branch router to the local WAN interface.
tloc-extension-gre-to
tloc-extension-gre-to—Configure a tunnel-interface with the tloc-extension-gre-to service.
track-default-gateway
For a static route, determine whether the next hop is reachable before adding that route to the device's route table.
track-interface-tag
system track-interface-tag—Configure a tag to apply to routes associated with a network that is connected to a non-operational interface
track-transport
system track-transport—Regularly check whether the DTLS connection between the local device and a vBond orchestrator is up.
tracker
system tracker, vpn 0 interface tracker—Track the status of transport interfaces the connect to the internet.
trap group
snmp trap group—Configure SNMP trap groups.
trap target
snmp trap target—Configure the target SNMP server to receive the SNMP traps generated by this device.
tunnel-destination
vpn interface gre tunnel-destination—Configure the destination IP address of a GRE tunnel interface.
tunnel-destination
vpn interface ipsec tunnel-destination—Configure the destination IP address of an IPsec tunnel that is being used for IKE key exchange.
tunnel-interface
vpn interface tunnel-interface—Configure the interface to be a secure DTLS WAN transport connection.
tunnel-source
vpn interface gre tunnel-source—Configure the source IP address of a GRE tunnel interface.
tunnel-source-interface
vpn interface gre tunnel-source-interface—Configure the physical interface that is the source of a GRE tunnel.
tunnel-source-interface
vpn interface ipsec tunnel-source-interface—Configure the physical interface that is the source IP interface of an IPsec tunnel that is being used for IKE key exchange.
tunnel-source
vpn interface ipsec tunnel-source—Configure the source IP address of an IPsec tunnel that is being used for IKE key exchange.
u
udp-timeout
vpn interface nat udp-timeout— Configure when NAT translations over a UDP session time out.
update-source
vpn router bgp neighbor update-source—Allow BGP to use a specific IP address or interface for the TCP connection to the neighbor.
upgrade-confirm
system upgrade-confirm—Configure the time limit for confirming that a software upgrade is successful.
usb-controller
system usb-controller—Enable or disable the USB controller, which drives the external USB ports.
user
system aaa user—Configure a login account for each user who can access the local Viptela device.
user
snmp group—Configure an SNMPv3 user.
usergroup
system aaa usergroup—Configure groupings of users and assign authorization privileges to the group.
v
vbond
system vbond—Configure the IP address and other information related to the vBond orchestrator.
vbond-as-stun-server
vpn 0 interface tunnel-interface vbond-as-stun-server—Enable Session Traversal Utilities for NAT (STUN) to allow the tunnel interface to discover its public IP address and port number when the vEdge router is located behind a NAT.
view
snmp view—Define an SNMP MIB view.
vlan
bridge vlan—Set the tag to use as the VLAN ID for the bridging domain.
vmanage-connection-preference
vpn 0 interface tunnel-interface vmanage-connection-preference—Set the preference for using a tunnel interface to exchange control traffic with the vManage NMS.
vpn
vpn— Configure VPNs to use for segmentation of the Viptela overlay network.
vpn-membership
vpn-membership—Configure or apply a centralized data policy based on VPN membership.
vrrp
vpn interface vrrp—Configure the Virtual Router Redundancy Protocol to allow multiple routers to share a common virtual IP address for default gateway redundancy.
w
wake-on-lan
vpn interface dot1x wake-on-lan—Allow a client to be powered up when the vEdge router receives an Ethernet magic packet frame.
wlan
wlan—Configure a WLAN.
wpa-personal-key
wlan interface wpa-personal-key—Configure the password to access a wireless LAN that uses wpa-personal or wpa2-personal security.
  • Was this article helpful?