Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configure the vEdge Routers

Once you have set up and started the virtual machines (VMs) for the vEdge Cloud routers and set up and started the hardware vEdge routers in your overlay network, they come up with a factory-default configuration. For the overlay network to be operational and for the vEdge routers to be able to participate in the overlay network, you must do the following:

  • Configure a tunnel interface on at least one interface in VPN 0. This interface must connect to a WAN transport network that is accessible by all Viptela devices. VPN 0 carries all control plane traffic among the Viptela devices in the overlay network.
  • Ensure that the Overlay Management Protocol (OMP) is enabled. OMP is the protocol responsible for establishing and maintaining the Viptela control plane. It is enabled by default, and you cannot disable it. If you edit the configuration from the CLI, do not remove the omp configuration command.
  • Ensure that BFD is enabled. BFD is the protocol that the transport tunnels on vEdge routers use for transmitting data traffic through the overlay network. BFD is enabled by default, and you cannot disable it. If you edit the configuration from the CLI, do not remove the bfd color command.
  • Configure the IP address of DNS name of your network's vBond orchestrator.
  • Configure the router's IP address.

You should also assign a system IP address to each vEdge router. This address, which is similar to the router ID on non-Viptela routers, is a persistent address that identifies the router independently of any interface addresses. The system IP is a component of the device's TLOC address. Setting the system IP address for a device allows you to renumber interfaces as needed without affecting the reachability of the Viptela device. Control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers and between vSmart controllers and vBond orchestrators is sent over the system interface identified by the system IP address. In the transport VPN (VPN 0), the system IP address is used as the device's loopback address. You cannot use this same address for another interface in VPN 0.

You can also configure other features and functions required for your network topology.

You configure vEdge routers by creating configuration templates on the vManage NMS. For each configuration templates, you create one or more feature templates, which you then  consolidate into a vEdge router device template. You then attach the device template to a vEdge router. When the vEdge router joins the overlay network, the vManage NMS automatically pushes the configuration template to the router.

It is strongly recommended that you create the full configuration for vEdge routers by creating configuration templates on the vManage NMS. When the vManage NMS discovers a router in the overlay network, it pushes the appropriate configuration template to the device. The configuration parameters in the configuration template overwrite the initial configuration.

Create Configuration Templates for the vEdge Routers

To create vEdge configuration templates, first create feature templates:

  1. In vManage NMS, select the Configuration ► Templates screen.
  2. From the Templates title bar, select Feature.
  3. Click Add Template.
  4. In the left pane, select vEdge Cloud or a router model.
  5. In the right pane, select the System feature template. Configure the following parameters:
    1. Template Name
    2. Description
    3. Site ID
    4. System IP
    5. Timezone
    6. Hostname
    7. Console baud rate (vEdge hardware routers only)
    8. GPS location
  6. Click Save to save the System template.
  7. In the right pane, select the VPN-Interface-Ethernet feature template. Configure the following parameters:
    1. Template Name
    2. Description
    3. Shutdown No
    4. Interface name
    5. IPv4 address (static or DHCP)
    6. IPv6 address (static of DHCPv6), if desired (in Releases 16.3 and later)
    7. Tunnel interface (for VPN 0), color, encapsulation, and services to allow.
  8. Click Save to save the VPN-Interface Ethernet template.
  9. In the right pane, select other templates to configure any desired features. Save each template when you complete the configuration. For information about configuration cellular parameters for vEdge 100m and vEdge 100wm routers, see the next section in this article.

For information about configuration templates and parameters, see the vManage configuration help articles for your software release.

Next, create a device template that incorporates all the feature templates for the vEdge router:

  1. In the vManage NMS, select the Configuration ► Templates screen.
  2. From the Templates title bar, select Device.
  3. Click Create Template, and from the drop-down list select From Feature Template.
  4. From the Device Model drop-down, select the type of device for which you are creating the device template. vManage NMS displays the feature templates for the device type you selected. Required templates are indicated with an asterisk (*).
  5. Enter a name and description for the device template. These fields are mandatory. The template name cannot contain special characters.
  6. In the Transport & Management VPN section, under VPN 0, from the drop-down list of available templates, select the desired feature template. The list of available templates shows the ones that you have previously created.
  7. To include additional feature templates in the device template, in the remaining sections, select the feature templates in turn, and from the drop-down list of available templates, select the desired template. The list of available templates are the ones that you have previously created. Ensure that you select templates for all mandatory feature templates and for any desired optional feature templates.
  8. Click Create to create the device template.

To attach a device template to a device:

  1. In the vManage NMS, select the Configuration ► Templates screen.
  2. From the Templates title bar, select Device.
  3. Select a template.
  4. Click the More Actions icon to the right of the row and click Attach Device.
  5. In the Attach Device window, either search for a device or select a device from the Available Device(s) column to the left.
  6. Click the arrow pointing right to move the device to the Selected Device(s) column on the right.
  7. Click Attach.

When the vManage NMS discovers that the vEdge router has joined the overlay network, it pushes the configuration template to the router.

Configuring Cellular Routers

For vEdge 100m and vEdge 100wm routers, you configure cellular interface parameters on the VPN-Interface-Cellular feature template. In this template, the default Profile ID is 0, which enables automatic profile selection. The automatic profile uses the Mobile Country Code/Mobile Network Code (MCC/MNC) values on the router's SIM card. Profile 0 enables the cellular router to automatically join the overlay network during the Viptela ZTP automatic provisioning process.

If your MCC/MNC is not supported, the automatic profile selection process fails, and the ZTP process is unable to autodetect the router. In this case, you must configure a cellular profile as follows:

  1. In the right pane, select the Cellular Profile feature template.
  2. Set the Profile ID to a value from 1 through 15, and configure the desired cellular parameters.
  3. Save the Cellular Profile feature template.
  4. In the right pane, select the VPN-Interface-Cellular template.
  5. Select the Profile ID you configured in Step 2, and for Shutdown, click Yes.
  6. Save the VPN-Interface-Cellular feature template.
  7. Include the Cellular Profile and VPN-Interface Cellular templates in a device template.
  8. Attach the device template to the vEdge router to activate the MCC/MCN.
  9. In the right pane, select the VPN-Interface-Cellular template.
  10. For Shutdown click No, to enable the cellular interface.
  11. Save the VPN-Interface-Cellular feature template.
  12. Repush the device template to the vEdge router. This is the device template that you pushed in Step 8.

Configure the vEdge Routers from the CLI

Normally, you create vEdge router configurations using vManage configuration templates. However, in some situations, such as network test and proof-of-concept (POC) environments, you might want to configure vEdge routers manually, either to speed up the configuration process or because your test environment does not include a vManage NMS. In such situations, you can configure vEdge routers from the router's CLI.

Note: If you configure a vEdge router manually from the CLI and then the router later becomes managed by a vManage NMS, when the vManage NMS discovers the router, it pushes the router's configuration from the vManage server to the router, overwriting the existing configuration.

For vEdge Cloud routers, use SSH to open a CLI session to the router. For hardware vEdge routers, connect to the router via the management console.

Configure Minimum Parameters from the CLI

To create the initial configuration on a Viptela device from a CLI session:

  1. Open a CLI session to the Viptela device via SSH or the console port.
  2. Log in as the user admin, using the default password, admin. The CLI prompt is displayed.
  3. Enter configuration mode:
    vEdge# config
    vEdge(config)#
  4. Configure the hostname:
    vEdge(config)# system host-name hostname
    Configuring the hostname is optional, but is recommended because this name in included as part of the prompt in the CLI and it is used on various vManage NMS screens to refer to the device.
  5. Configure the system IP address. In Releases 16.3 and later, the IP address can be an IPv4 or an IPv6 address. In earlier releases, it must be an IPv4 address.
    vEdge(config-system)# system-ip ip-address
    The vManage NMS uses the system IP address to identify the device so that the NMS can download the full configuration to the device.
  6. Configure the numeric identifier of the site where the device is located:
    vEdge(config-system)# site-id site-id
  7. Configure the numeric identifier of the domain in which the device is located:
    vEdge(config-system)# domain-id domain-id
  8. Configure the IP address of the vBond orchestrator or a DNS name that points to the vBond orchestrator. The vBond orchestrator's IP address must be a public IP address, to allow all Viptela devices in the overlay network to reach the vBond orchestrator:
    vEdge(config-system)# vbond (dns-name | ip-address)
  9. Configure a time limit for confirming that a software upgrade is successful:
    vEdge(config-system)# upgrade-confirm minutes
    The time can be from 1 through 60 minutes. If you configure this time limit, when you upgrade the software on the device, the vManage NMS (when it comes up) or you must confirm that a software upgrade is successful within the configured number of minutes. If the device does not received the confirmation within the configured time, it reverts to the previous software image.
  10. Change the password for the user "admin":
    vEdge(config-system)# user admin password password
    The default password is "admin".
  11. Configure an interface in VPN 0 to be used as a tunnel interface. VPN 0 is the WAN transport VPN, and the tunnel interface carries the control traffic among the devices in the overlay network. For vEdge Cloud routers, the interface name has the format ethnumber. For hardware vEdge routers, the interface name has the format geslot/port. You must enable the interface and configure its IP address, either as a static address or as a dynamically assigned address received from a DHCP server. In Releases 16.3 and later, the IP address can be an IPv4 or an IPv6 address, or you can configure both to enable dual-stack operation. In earlier releases, it must be an IPv4 address.
    ​vEdge(config)# vpn 0
    ​vEdge(config-vpn-0)# interface interface-name
    vEdge(config-interface)# (ip dhcp-client | ip address prefix /length)
    vSmart(config-interface)# (ipv6 address ipv6-prefix/length | ipv6 dhcp-client [dhcp-distance number | dhcp-rapid-commit])
    vEdge(config-interface)# no shutdown
    vEdge(config-interface)# tunnel-interface

Note: You must configure a tunnel interface on at least one interface in VPN 0 in order for the overlay network to come up and for the vManage NMS to be able to participate in the overlay network. This interface must connect to a WAN transport network that is accessible by all Viptela devices. VPN 0 carries all control plane traffic among the Viptela devices in the overlay network.

  1. Configure a color for the tunnel to identify the type of WAN transport. You can use the default color (default), but you can also configure a more appropriate color, such as mpls or metro-ethernet, depending on the actual WAN transport.
    vEdge(config-tunnel-interface)# color color
  2. Configure a default route to the WAN transport network:
    vEdge(config-vpn-0)# ip route 0.0.0.0/0 next-hop
  3. Commit the configuration:
    vEdge(config)# commit and-quit
    vEdge#
  4. Verify that the configuration is correct and complete:
    vEdge# show running-config

After the overlay network is up and operational, create a vEdge configuration template on the vManage NMS that contains the initial configuration parameters. Use the following vManage feature templates:

  • System feature template to configure the hostname, system IP address, and vBond functionality.
  • AAA feature template to configure a password for the "admin" user.
  • VPN-Interface-Ethernet feature template to configure the interface in VPN 0.

Configure General System Parameters from the CLI

When you are creating the initial vEdge router configuration, you may also want to configure the following general system parameters from the CLI:

  1. Configure the organization name, which is the name that is included in the certificates on all devices in the overlay network. This name must be the same on all devices.
    vEdge(config-system)# organization-name name
  2. Configure the timezone, NTP servers, and physical location. See the Configuring Time and Location article for your software release.
  3. For vBond orchestrators, vSmart controllers, and vEdge routers, configure a login banner, which is text that is displayed before the login prompt, and configure a general banner, which is text displayed after a user successfully logs in. The text strings can be up to 2048 characters. Use \n to insert line breaks.
    vEdge(config)# banner login "text"
    vEdge(config)# banner motd "text"
  4. Modify the logging parameters for syslog messages. By default, syslog messages are always logged to the local hard disk. All syslog messages above the "informational" priority value are stored in the file /var/log/vsyslog, and all debug messages for modules whose debugging is turned on and all syslog messages above the configured priority value are saved to the file /var/log/tmplog/vdebug. Syslog files are rotated when the file size reaches 10 MB, and the last 10 files are retained. You can modify the priority value or the file rotation information:
    vEdge(config-system)# logging disk
    vEdge(config-logging)# priority priority
    vEdge(config-logging)# size megabytes
    vEdge(config-logging)# rotate number

    vEdge can also log syslog messages to one or more remote hosts reachable in one of the VPNs in the overlay network:
    vEdge(config-system)# logging server (dns-name | hostname | ip-address)
    vEdge(config-server)# priority priority
    vEdge(config-server)# vpn vpn-id
  5. Optionally, for vEdge Cloud routers running Releases 17.2 and later, configure the router run in eco-friendly mode, so that it uses its CPU only minimally when not processing packets. Enabling this mode is useful when you are upgrading multiple vEdge Cloud routers simultaneously, especially routers that have only one virtual CPU (vCPU), because it allows the routers to download the software image files without timing out. (A software image download times out after 60 minutes).
    vEdgeCloud(config-system)# eco-friendly
  6. Configure AAA, and RADIUS and TACACS+ servers. See the Configuring User Access and Authentication article for your software release.
  7. Configure SNMP. See the Configuring SNMP article for your software release.
  8. Configure a DNS server for VPN 0. See the Configuring Segmentation (VPNs) article for your software release.
  9. Commit the configuration:
    vEdge(config)# commit and-quit
    vEdge#

After the overlay network is up and operational, create a vEdge router configuration template on the vManage NMS that contains the initial general system configuration parameters. Use the following vManage feature templates:

  • System feature template to configure the organization name, NTP servers, timezone, physical location, banners, and system logging.
  • AAA feature template to configure AAA parameters.
  • VPN feature template to configure a DNS server for VPN 0.

Sample Initial CLI Configuration

Below is an example of a simple configuration on a vEdge router. Note that this configuration includes a number of settings from the factory-default configuration and shows a number of default configuration values.

vEdge# show running-config 
system
 host-name         vEdge
 gps-location latitude 40.7127837
 gps-location longitude -74.00594130000002
 system-ip         172.16.251.20
 site-id           200
 max-controllers   1
 organization-name "Viptela Inc"
 clock timezone America/Los_Angeles
 upgrade-confirm   15
 vbond 184.122.2.2
 aaa
  auth-order local radius tacacs
  usergroup basic
   task system read write
   task interface read write
  !
  usergroup netadmin
  !
  usergroup operator
   task system read
   task interface read
   task policy read
   task routing read
   task security read
  !
  user admin
   password encrypted-password
  !
 !
 logging
  disk
   enable
  !
 !
 ntp
  keys
   authentication 1 md5 $4$L3rwZmsIic8zj4BgLEFXKw== 
   authentication 2 md5 $4$LyLwZmsIif8BvrJgLEFXKw== 
   authentication 60124 md5 $4$LXbzZmcKj5Bd+/BgLEFXKw==
   trusted 1 2 60124
  !
  server 180.20.1.2
   key              1
   source-interface ge0/3
   vpn              1
   version          4
  exit
 !
 radius
  server 180.20.1.2
   vpn              1 
   source-interface ge0/3
   secret-key       $4$L3rwZmsIic8zj4BgLEFXKw==
  exit
 !
 tacacs
  server 180.20.1.2 
   vpn              1024
   source-interface ge0/3
   secret-key       $4$L3rwZmsIic8zj4BgLEFXKw==
  exit  
 !
!                                                                                                            
omp
 no shutdown
 gradeful-restart
 advertise bgp
 advertise connected
 advertise static
!
security
 ipsec
  authentication-type ah-sha1-hmac sha1-hman
 !
! 
snmp
 no shutdown
 view v2
  oid 1.3.6.1
 !
 community private
  view          v2
  authorization read-only
 !
 trap target vpn 0 10.0.1.1 16662
  group-name     Viptela
  community-name private
 !
 trap group test
  all
   level critical major minor
  exit
 exit
!
vpn 0
 interface ge0/0
  ip address 184.111.20.2/24
  tunnel-interface
   encapsulation ipsec
   color mpls restrict
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stune
  !
  no shutdown
  bandwidth-upstream   60
  bandwidth-downstream 60
 !
 interface ge0/1
   no shutdown
 !
 interface ge0/2
   no shutdown
 !
 ip route 0.0.0.0/0 184.111.20.1                                                                                        
! 
vpn 1
 router
   bgp 111000
    neighbor 172.16.1.20
     no shutdown
     remote-as 111000
     password  $4$LzLwZj1ApK4zj4BgLEFXKw==
    !
   !
   ospf
    timers spf 200 1000 10000
    area 0
     interface ge0/1
       authentication type message-direct
       authentication message-digest message-digest-key 1 md5 $4$LzLwZj1ApK4zj4BgLEFXKw==
      exit
     exit
   !
 !
!        
  • Was this article helpful?