VPN Interface SVI
Use the VPN Interface SVI template for Cisco IOS XE routers running the SD-WAN software.
You configure a switch virtual interface (SVI) to configure a VLAN interface.
To configure DSL interfaces on Cisco routers using vManage templates, create a VPN Interface SVI feature template to configure VLAN interface parameters, as described in this article.
Navigate to the Template Screen and Name the Template
- In vManage NMS, select the Configuration ► Templates screen.
- In the Device tab, click Create Template.
- From the Create Template drop-down, select From Feature Template.
- From the Device Model drop-down, select the type of device for which you are creating the template.
- If you are configuring the SVI in the transport VPN (VPN 0):
- Click the Transport & Management VPN tab located directly beneath the Description field, or scroll to the Transport & Management VPN section.
- Under Additional VPN 0 Templates, located to the right of the screen, click VPN Interface SVI.
- If you are configuring the SVI in a service VPN (VPNs other than VPN 0):
- Click the Service VPN tab located directly beneath the Description field, or scroll to the Service VPN section.
- In the Service VPN drop-down, enter the number of the service VPN.
- Under Additional VPN Templates, located to the right of the screen, click VPN Interface SVI.
- From the VPN Interface SVI drop-down, click Create Template. The VPN Interface SVI template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining VLAN Interface parameters.
- In the Template Name field, enter a name for the template. The name can be up to 128 characters and can contain only alphanumeric characters.
- In the Template Description field, enter a description of the template. The description can be up to 2048 characters and can contain only alphanumeric characters.
When you first open a feature template, for each parameter that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and select one of the following:
|
Parameter Scope |
Scope Description |
|---|---|
|
Device Specific (indicated by a host icon) |
Use a device-specific value for the parameter. For device-specific parameters, you cannot enter a value in the feature template. You enter the value when you attach a Viptela device to a device template. When you click Device Specific, the Enter Key box opens. This box displays a key, which is a unique string that identifies the parameter in a CSV file that you create. This file is an Excel spreadsheet that contains one column for each key. The header row contains the key names (one key per column), and each row after that corresponds to a device and defines the values of the keys for that device. You upload the CSV file when you attach a Viptela device to a device template. For more information, see Create a Template Variables Spreadsheet. To change the default key, type a new string and move the cursor out of the Enter Key box. Examples of device-specific parameters are system IP address, hostname, GPS location, and site ID. |
|
Global (indicated by a globe icon) |
Enter a value for the parameter, and apply that value to all devices. Examples of parameters that you might apply globally to a group of devices are DNS server, syslog server, and interface MTUs. |
Configure Basic Interface Functionality
To configure basic VLAN interface functionality in a VPN, select the Basic Configuration tab and configure the following parameters. Parameters marked with an asterisk are required to configure an interface.
| Parameter Name | Description |
|---|---|
| Shutdown* | Click No to enable the VLAN interface. |
| VLAN Interface Name* | Enter the VLAN identifier of the interface. Range: 1 through 1094 |
| Description | Enter a description for the interface. |
| IPv4 Address* | Enter the IPv4 address for the interface. |
| DHCP Helper* | Enter up to eight IP addresses for DHCP servers in the network, separated by commas, to have the interface be a DHCP helper. A DHCP helper interface forwards BOOTP (Broadcast) DHCP requests that it receives from the specified DHCP servers. |
| IP MTU | Specify the maximum MTU size of packets on the interface. Range: 576 through 1804 Default: 1500 bytes |
To save the feature template, click Save.
Apply Access Lists
To apply a rewrite rule, access lists, and policers to a router interface, select the ACL tab and configure the following parameters:
| Parameter Name | Description |
|---|---|
| Ingress ACL – IPv4 |
Click On, and specify the name of the access list to apply to IPv4 packets being received on the interface. |
| Egress ACL – IPv4 | Click On, and specify the name of the access list to apply to IPv4 packets being transmitted on the interface. |
| Ingress Policer | Click On, and specify the name of the policer to apply to packets being received on the interface. |
| Egress Policer | Click On, and specify the name of the policer to apply to packets being transmitted on the interface. |
To save the feature template, click Save.
Configure VRRP
To have an interface run the Virtual Router Redundancy Protocol (VRRP), which allows multiple routers to share a common virtual IP address for default gateway redundancy, select the VRRP tab. Then click Add New VRRP and configure the following parameters:
| Parameter Name | Description |
|---|---|
| Group ID |
Enter the virtual router ID, which is a numeric identifier of the virtual router. You can configure a maximum of 24 groups. |
| Priority |
Enter the priority level of the router. There router with the highest priority is elected as master. If two vEdge routers have the same priority, the one with the higher IP address is elected as master. |
| Timer |
Specify how often the VRRP master sends VRRP advertisement messages. If slave routers miss three consecutive VRRP advertisements, they elect a new master. |
| Track OMP Track Prefix List |
By default, VRRP uses of the state of the service (LAN) interface on which it is running to determine which vEdge router is the master virtual router. if a vEdge router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, configure one of the following: Track OMP—Click On for VRRP to track the Overlay Management Protocol (OMP) session running on the WAN connection. If the master VRRP router loses all its OMP sessions, VRRP elects a new default gateway from those that have at least one active OMP session. Track Prefix List—Track both the OMP session and a list of remote prefixes, which is defined in a prefix list configured on the local router. If the master VRRP router loses all its OMP sessions, VRRP failover occurs as described for the Track OMP option. In addition, if reachability to one of the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the vEdge routers determine the VRRP master. |
| IP Address | Enter the IP address of the virtual router. This address must be different from the configured interface IP addresses of both the local vEdge router and the peer running VRRP. |
Add ARP Table Entries
To configure static Address Resolution Protocol (ARP) table entries on the interface, select the ARP tab. Then click Add New ARP and configure the following parameters:
| Parameter Name | Description |
|---|---|
| IP Address | Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name. |
| MAC Address | Enter the MAC address in colon-separated hexadecimal notation. |
To save the ARP configuration, click Add.
To save the feature template, click Save.
Configure Other Interface Properties
To configure other interface properties, select the Advanced tab and configure the following properties:
| Parameter Name | Description |
|---|---|
| TCP MSS | Specify the maximum segment size (MSS) of TPC SYN packets passing through the vEdge router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1460 bytes Default: None |
| ARP Timeout | Specify how long it takes for a dynamically learned ARP entry to time out. Range: 0 through 2678400 seconds (744 hours) Default: 1200 (20 minutes) |
To save the feature template, click Save.
Release Information
Introduced in vManage NMS in Release 18.3.