Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Segmentation CLI Reference

CLI commands for configuring and monitoring segmentation (VPNs).

Segmentation Configuration Commands

Use the following commands to configure segmentation on a vEdge router.

vpn vpn-id
  bandwidth-downstream kbps (on vEdge routers and vManage NMSs only)
  bandwidth-upstream kbps (on vEdge routers and vManage NMSs only)
  dns ip-address [primary | secondary]
  ecmp-hash-key layer4 (on vEdge routers only)
  ​host hostname ip ip-address  
  interface interface-name    
    access-list acl-list (on vEdge routers only)
    arp 
      ip ip-address mac mac-address    
    arp-timeout seconds (on vEdge routers only)
    autonegotiate (on vEdge routers only)
    block-non-source-ip (on vEdge routers only)
    clear-dont-fragment
    dead-peer-detection interval seconds retries number (on vEdge routers only)
    description text 
    dhcp-helper ip-address (on vEdge routers only)
    dhcp-server (on vEdge routers only)
      address-pool prefix/length
      exclude ip-address
      lease-time seconds
      max-leases number
      offer-time minutes
      options
        default-gateway ip-address
        dns-servers ip-address
        domain-name domain-name
        interface-mtu mtu
        tftp-servers ip-address
      static-lease mac-address ip ip-address host-name hostname
    dot1x
      accounting-interval seconds
      acct-req-attr attribute-number (integer integer | octet octet | string string)
      auth-fail-vlan vlan-id
      auth-order (mab | radius)
      auth-reject-vlan vlan-id
      auth-req-attr attribute-number (integer integer | octet octet | string string)
      control-direction direction
      das
        client ip-address
        port port-number
        require-timestamp
        secret-key password
        time-window seconds
        vpn vpn-id
      default-vlan vlan-id
      guest-vlan vlan-id
      host-mode (multi-auth | multi-host | single-host)
      mac-authentication-bypass
        allow mac-addresses
        server
      nas-identifier string
      nas-ip-address ip-address
      radius-servers tag
      reauthentication minutes
      timeout 
        inactivity minutes
      wake-on-lan
    dead-peer-detection interval time-units retries number (on vEdge routers only)
    ​duplex (full | half) 
    flow-control (bidirectional | egress | ingress)
    icmp-redirect-disable
    ike (on vEdge routers only)
      authentication-type type
        local-id id
        pre-shared-secret password 
        remote-id id
      cipher-suite suite
      group number
      mode mode
      rekey seconds
      version number
    (ip address ipv4-refix/length | ip dhcp-client [dhcp-distance number])
    (ipv6 address ipv6-refix/length | ipv6 dhcp-client [dhcp-distance number] [dhcp-rapid-commit])
    ip address-list prefix/length (on vSmart controller containers only)
    ipsec (on vEdge routers only)
      cipher-suite suite
      perfect-forward-secrecy pfs-setting 
      rekey seconds
      replay-window number
    keepalive seconds retries (on vEdge routers only)
    mac-address mac-address    
    mtu bytes 
    nat (on vEdge routers only)
      block-icmp-error     
      direction (inside | outside)
      [no] overload 
      port-forward port-start port-number1 port-end port-number2
        proto (tcp | udp) private-ip-address ip address private-vpn vpn-id
      refresh (bi-directional | outbound)
      respond-to-ping
      static source-ip ip-address1 translate-ip ip-address2 (inside | outside)
      tcp-timeout minutes
      udp-timeout minutes
    pmtu (on vEdge routers only)
    policer policer-name (on vEdge routers only)
    ppp (on vEdge routers only)
      ac-name name
      authentication (chap | pap) hostname name password password 
    pppoe-client (on vEdge routers only)
      ppp-interface name 
    profile profile-id (on vEdge routers only)
    qos-map name (on vEdge routers only)
    rewrite-rule name (on vEdge routers only)
    secondary-address ipv4-address (on vEdge routers only)
    shaping-rate name (on vEdge routers only)
    [no] shutdown
    speed speed 
    static-ingress-qos number (on vEdge routers only)
    tcp-mss-adjust bytes
    technology technology (on vEdge routers only)
    tloc-extension interface-name (on vEdge routers only)
    tunnel-interface 
      allow-service service-name
      bind geslot/port (on vEdge routers only)
      carrier carrier-name 
      color color [restrict]
      connections-limit number
      encapsulation (gre | ipsec) (on vEdge routers only)
        preference number     
        weight number
      hello-interval milliseconds
      hello-tolerance seconds
      last-resort-circuit (on vEdge routers only)
      low-bandwidth-link (on vEdge routers only)
      max-control-connections number (on vEdge routers only)
      nat-refresh-interval seconds
      port-hop
      vbond-as-stun-server (on vEdge routers only)
      vmanage-connection-preference number (on vEdge routers only)
    tunnel-destination ip-address (GRE interfaces; on vEdge routers only)
    tunnel-destination (dns-name | ipv4-address) (IPsec interfaces; on vEdge routers only)
    (tunnel-source ip-address | tunnel-source-interface interface-name) (GRE interfaces; on vEdge routers only)
    (tunnel-source ip-address | tunnel-source-interface interface-name) (IPsec interfaces; on vEdge routers only)
    upgrade-confirm minutes
    vrrp group-name (on vEdge routers only)
      priority number
      timer seconds
      track-omp
  ! end vpn interface
  ip route ip-address/subnet next-hop-address
  name text
  omp
    advertise (aggregate prefix [aggregate-only] | bgp | connected | network prefix | ospf type | static) (on vEdge routers only)
  router (on vEdge routers only)
    bgp ... 
    igmp ...
    multicast-replicator local
      threshold number 
    ospf ...
    pim ...
  service service-name address ip-address (on vEdge routers only)

Segmentation Monitoring Commands

Use the following commands to monitor segmentation:

show bgp commands
show interface commands
show ospf commands

  • Was this article helpful?