Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

color

vpn 0 interface tunnel-interface color—Identify an individual WAN transport tunnel (on vEdge routers only). In the Viptela software, the tunnel is identified by a color. The color is one of the TLOC parameters associated with the tunnel.

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface Cellular (for vEdge cellular wireless routers only)
Configuration ► Templates ► VPN Interface Ethernet
Configuration ► Templates ► VPN Interface PPP

Command Hierarchy

vpn 0
  interface interface-name
    tunnel-interface
   ​   color color [restrict]

Options

Color
color color
Identify an individual WAN transport tunnel by assigning it a color. The color is one of the TLOC parameters associated with the tunnel. (While the CLI on a vSmart controller allows you to configure a color, the color has no meaning because vSmart controllers have no TLOCs.)
On a vEdge router, you can configure only one tunnel interface that has the color default.
The colors metro-ethernet, mpls, and private1 through private6 are private colors. They use private addresses to connect to the remote side vEdge router in a private network. You can use these colors in a public network provided that there is no NAT device between the local and remote vEdge routers.
Values: 3g, biz-internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, metro-ethernet, mpls, private1, private2, private3, private4, private5, private6, public-internet, red, and silver
Default: default
Restrict WAN Transport Tunnel
color color restrict
Allow the local WAN transport tunnel to be created and a BFD session for the tunnel to established to the remote vEdge router only if a tunnel of the same color exists on the remote router.
If, for a tunnel, you change the color only, the restrict option remains configured. To remove the restriction on a color, first issue the no color command and then configure the new color.

Example

On a vEdge router, configure two tunnel interfaces (two TLOCs). The tunnel on ge0/1 connects to a public WAN, and the tunnel on ge0/2 connects to a private MPLS network. BFD sessions on the tunnel on interface ge0/2 are established only to other TLOCs on other vEdge routers whose color is also mpls. The no control-connections command disables attempts to establish control connections over the MPLS network.

vpn 0
  interface ge0/1
    ip address 172.16.31.3/24
    tunnel-interface
      encapsulation ipsec
      color biz-internet
      allow-service dhcp
      allow-service dns
      allow-service icmp
      no allow-service sshd
      no allow-service ntp
      no allow-service stun
      !
    no shutdown
    !
  interface ge0/2
    ip address 10.10.23.3/24
    tunnel-interface
      encapsulation ipsec
      color mpls restrict
      no control-connections
      allow-service dhcp
      allow-service dns
      allow-service icmp
      no allow-service sshd
      no allow-service ntp
      no allow-service stun
      !
    no shutdown
    !
  !
!

Release Information

Command introduced in Viptela Software Release 14.1.​
restrict option added in Release 15.1.
Colors private3, private4, private5, and private6 added in Release 15.2.
In Release 15.2, restrict option can be applied to any color.

Additional Information

encapsulation
See the Configuring Interfaces article for your software release.

  • Was this article helpful?