Transport and Management Profile

The Transport and Management Profile helps you configure a VRF at WAN level. For each parameter of the feature that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown.

Transport VRF

The Transport VRF feature helps you configure the VRF for WAN.

For each parameter of the feature that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown.

The following table describes the options for configuring the Transport VPN feature.

Basic Configuration

Field

Description

VRF

Enter the identifier of the VRF.

Enhance ECMP Keying

Enable the use in the ECMP hash key of Layer 4 source and destination ports, in addition to the combination of the source IP address, destination IP address, protocol, and DSCP field​, as the ECMP hash key.

Default: Disabled

DNS

Field

Description

Add DNS

Primary DNS Address (IPv4)

Enter the IP address of the primary IPv4 DNS server in this VRF.

Secondary DNS Address (IPv4)

Enter the IP address of a secondary IPv4 DNS server in this VRF.

Add DNS IPv6

Primary DNS Address (IPv6)

Enter the IP address of the primary IPv6 DNS server in this VRF.

Secondary DNS Address (IPv6)

Enter the IP address of a secondary IPv6 DNS server in this VRF.

Host Mapping

Field

Description

Add New Host Mapping

Hostname

Enter the hostname of the DNS server. The name can be up to 128 characters.

List of IP

Enter up to 14 IP addresses to associate with the hostname. Separate the entries with commas.

Route

Field

Description

Add IPv4 Static Route

Network address

Enter the IPv4 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv4 static route to configure in the VRF.

Subnet Mask*

Enter the subnet mask.

Gateway*

Choose one of the following options to configure the next hop to reach the static route:

  • nextHop: When you choose this option and click Add Next Hop, the following fields appear:

    • Address: Enter the next-hop IPv4 address.

    • Administrative distance: Enter the administrative distance for the route.

  • dhcp

  • null0: When you choose this option, the following field appears:

    • Administrative distance: Enter the administrative distance for the route.

Add IPv6 Static Route

Prefix

Enter the IPv6 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv6 static route to configure in the VRF.

Next Hop/Null 0/NAT

Choose one of the following options to configure the next hop to reach the static route:

  • Next Hop: When you choose this option and click Add Next Hop, the following fields appear:

    • Address: Enter the next-hop IPv6 address.

      Administrative distance: Enter the administrative distance for the route.

  • Null 0: When you choose this option, the following field appears:

    • IPv6 Route Null 0: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

  • NAT: When you choose this option, the following field appears:

    • IPv6 NAT*: Choose NAT64 or NAT66.

ACL IPv4

The following table describe the options for configuring the ACL IPv4 feature.

Field

Description

ACL Sequence Name

Specifies the name of the ACL sequence.

Standard

Standard ACLs control traffic by the comparison of the source address of the IP packets to the addresses configured in the ACL.

Extended

Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL.

Add ACL Sequence

Sequential collection of permit and deny conditions that apply to an IP packet

Import ACL Sequence

Import an ACL sequence into the device

Drop or Accept

Action to perform if match exists or not.

Edit ACL Sequence

ACL Sequence Name

Enter a name for the ACL Sequence.

Source Address

Source address of IP packets

Source Address Host

A single source address host

Action Type

The default value is accept

Accept Actions

Select log from the drop-down list to log messages about packets that are permitted or denied by a standard IP access list.

You can select the specific ACL sequence in the ACL Policy window to edit, delete or add.


Note

You can also configure ACL Policy features from Transport and Service Profile configuration groups.

Management VRF

The following table describes the options for configuring the Management VRF feature.

Field

Description

Type

Choose a feature from the drop-down list.

Feature Name

Enter a name for the feature.

Description

Enter a description of the feature. The description can contain any characters and spaces.

DNS

Field

Description

Add DNS

Primary DNS Address (IPv4)

Enter the IPv4 address of the primary DNS server in this VPN.

Host Mapping

Field

Description

Hostname

Enter the hostname of the DNS server. The name can be up to 128 characters.

List of IP Address

Enter IP addresses to associate with the hostname. Separate the entries with commas.

IPv4/IPv6 Static Route

Field

Description

Add IPv4 Static Route

Network Address*

Enter the IPv4 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv4 static route to configure in the VRF.

Subnet Mask*

Enter the subnet mask.

Gateway*

Choose one of the following options to configure the next hop to reach the static route:

  • nextHop: When you choose this option and click Add Next Hop, the following fields appear:

    • Address*: Enter the next-hop IPv4 address.

    • Administrative distance*: Enter the administrative distance for the route.

  • dhcp

  • null0: When you choose this option, the following field appears:

    • Administrative distance: Enter the administrative distance for the route.

Add IPv6 Static Route

Prefix*

Enter the IPv6 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv6 static route to configure in the VRF.

Next Hop/Null 0

Choose one of the following options to configure the next hop to reach the static route:

  • Next Hop: When you choose this option and click Add Next Hop, the following fields appear:

    • Address*: Enter the next-hop IPv6 address.

      Administrative distance*: Enter the administrative distance for the route.

  • Null 0: When you choose this option, the following field appears:

    • NULL0*: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

Object Tracker

Use the Tracker feature to track the status of the tracker endpoints

The following table describes the options for configuring the Object Tracker feature.

Basic Settings

Parameter Name

Description

Name

Name of the tracker. The name can be up to 128 alphanumeric characters. You can configure up to eight trackers.

Description

Enter a description for the Object Tracker

Object Tracker ID

Name of the object tracker

Interface Name

Enter the global or device-specific tracker interface name. For example, Gigabitethernet1 or Gigabitethernet2

Interface Track Type

Duration to wait for the probe to return a response before declaring that the transport interface is down. Range: 100 through 1000 milliseconds. Default: 300 milliseconds . The options are:

  • Line-protocol

  • Ip-routing

  • Ipv6-routing

Route IP

Route IP prefix of the network

Route IP Mask

Subnet mask of the network

VRF Name

VRF name to be used as the basis to track route reachability

Delay Up (Seconds)

Sets delay of from 0 to 180 seconds before communication of up status of the tracked object or list of objects

Delay Down (Seconds)

Sets delay of from 0 to 180 seconds before communication of down status of the tracked object or list of objects

Object Tracker Group

Use this feature to configure an object tracker group. To ensure accurate tracking, add at least two object trackers before creating an object tracker group.

Basic Settings

Parameter Name

Description

Object tracker ID

Enter an ID for the object tracker group.

Range: 1 through 1000

Object tracker

Select a minimum of two previously created object trackers from the drop-down list.

Reachable

Choose one of the following values:

  • Either: Ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the route is active.

  • Both: Ensures that the transport interface status is reported as active if both the associated trackers of the tracker group report that the route is active.

Delay Up (Seconds)

Sets delay of from 0 to 180 seconds before communication of up status of the tracked object or list of objects

Delay Down (Seconds)

Sets delay of from 0 to 180 seconds before communication of down status of the tracked object or list of objects

Route Policy

Use this feature to configure the policy-based routing if you want certain packets to be routed through a specific path other than the obvious shortest path.

The following table describes the options for configuring the route policy feature.

Field

Description

Routing Sequence Name

Specifies the name of the routing sequence.

Protocol

Specifies the internet protocol. The options are IPv4, IPv6, or Both.

Condition

Specifies the routing condition. The options are:

  • Address

  • AS Path List

  • Community List

  • Extended Community List

  • BGP Local Preference

  • Metric

  • Next Hop

  • Interface

  • OSPF Tag

Action Type

Specifies the action type. The options are: Accept or Reject.

Accept Condition

Specifies the accept condition type. The options are:

  • AS Path

  • Community

  • Local Preference

  • Metric

  • Metric Type

  • Next Hop

  • Origin

  • OSPF Tag

  • Weight

VRF

DNS

The following table describes the options for configuring the Management VRF feature.

Field

Description

VRF Name

Enter a name for the VRF.

RD

Specify a route distinguisher for the VRF or use the system default.

A route distinguisher helps distinguish the distinct virtual private network routes of customers who connect to the provide

DNS

IP Address

Enter the IP address of the primary DNS server in this VRF

This IP address is used for resolving the Cisco SD-WAN Validator hostname

Host Mapping

Field

Description

Add New Host Mapping

Hostname

Enter the hostname of the DNS server. The limit is 128 characters.

List of IP

Enter IP addresses to associate with the hostname. Separate the entries with commas

Route

Field

Description

Add IPv4 Static Route

Network address

Enter the IPv4 address or prefix, in decimal four-point-dotted notation, to configure the VRF.

Subnet Mask

Enter the subnet mask for the prefix or the IP address. You can also choose a subnet mask from the drop-down list.

Gateway

 Choose one of the following options to configure the Next Hop to reach the static route:

  • Next Hop: When you choose this option and click Add , the following fields are displayed :

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

    • Object Tracker/Object Tracker Group:

      Object tracking is a mechanism for tracking an object to take any client action on another object as configured by the client. You can identify each tracked object by a unique name that is specified by the track parameter.

      Select an object from the drop-down list.

  • Null 0: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

    • Administrative distance: Specify the administrative distance for the route.

  • dhcp

    • Administrative distance: Enter the administrative distance for the route.

  • Interface: Click Add and specify the following details:

    • Interface Name: Specify a valid interface or choose a value from the drop-down list.

    • Add Next Hop:

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

IPv6 Static Route

Prefix

Enter the IPv6 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv6 static route to configure in the VRF.

Gateway

 Choose one of the following options to configure the Next Hop to reach the static route:

  • Next Hop: Select this option and click Add,the following fields are displayed :

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

  • Null 0: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

    • Administrative distance: Specify the administrative distance for the route.

  • Interface: Click Add and specify the following details:

    • Interface Name:Specify a valid interface or choose a value from the drop-down list.

    • Next Hop:

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

NAT

NAT
NAT Enable

Use the toggle button to enable NAT
Add NAT Interfaces

Add interfaces that are facing the Internet and which interfaces are facing the internal servers
Static NAT

Add a static NAT mapping
Static NAT Subnet

Define the subnet for the NAT mapping
NAT Port Forward

Define NAT port forwarding rules
Dynamic NAT Define Dynamic NAT rules.

Route Leak

Route leak from Global VRF
Route Protocol Choose a protocol from the available options to leak routes from global VRF to the service VRF that you are configuring.
Select Route Policy Choose a route policy from the drop-down list.
Redistribution (in VRF)
Protocol Choose a protocol from the available options to redistribute the leaked routes.
Select Route Policy Choose a route policy from the drop-down list.
Route leak to Global VRF
Route Protocol Choose a protocol from the available options to leak routes from the service VRF that you are configuring to the global VRF.
Select Route Policy Choose a route policy from the drop-down list.
Redistribution (in global VRF)
Protocol Choose a protocol from the available options to redistribute the leaked routes.
Select Route Policy Enter the name of the route policy.
Route leak from other Service VRF(s)
Source VRF Enter a value of the source VRF.
Route Protocol Choose a protocol from the available options to leak routes from the source service VRF to the service VRF that you are configuring.
Select Route Policy Choose a route policy from the drop-down list.
Redistribution (in Service VRF)
Protocol Choose a protocol from the available options to redistribute the leaked routes.
Select Route Policy Choose a route policy from the drop-down list.

Ethernet Interface

This feature helps you configure Ethernet Interface in the VRF.

The following table describes the options for configuring the Ethernet Interface feature.

Field

Description

Type

Choose a VRF from the drop-down list

Associated VRF

Choose a VRF

Basic Configuration

Field

Description

Shutdown

Enable or disable the interface.

Control Connection

Select on to enable control connections on the tunnel.

Bind Interface

Enter the name of a physical interface to bind to a loopback interface

Interface Name

Enter a name for the interface. Spell out the interface names completely (for example, GigabitEthernet0/0/0).

Configure all the interfaces of the router, even if you are not using them, so that they are configured in the shutdown state and so that all default values for them are configured.

Description

Enter a description for the interface

IPv4 Settings

Configure an IPv4 VRF interface.

  • Dynamic: Choose Dynamic to set the interface as a Dynamic Host Configuration Protocol (DHCP) client so that the interface receives its IP address from a DHCP server.

  • Static: Choose Static to enter an IP address that doesn't change.

Dynamic DHCP Distance

Enter an administrative distance value for routes learned from a DHCP server. This option is available when you choose Dynamic.

Default: 1

IPv4 Settings

Enter a static IPv4 address. This option is available when you choose Static.

.

Subnet Mask

Enter the subnet mask

Configure Secondary IP Address

Enter up to four secondary IPv4 addresses for a service-side interface.

  • IP Address: Enter the IP address

  • Subnet Mask: Enter the subnet mask

DHCP Helper

To designate the interface as a DHCP helper on a router, enter up to eight IP addresses, separated by commas, for DHCP servers in the network. A DHCP helper interface forwards BOOTP (broadcast) DHCP requests that it receives from the specified DHCP servers

IPv6 Settings

Configure an IPv6 VPN interface.

  • Dynamic: Choose Dynamic to set the interface as a Dynamic Host Configuration Protocol (DHCP) client so that the interface receives its IP address from a DHCP server.

  • Static: Choose Static to enter an IP address that doesn't change.

  • None

IPv6 Address Primary

Enter a static IPv6 address. This option is available when you choose Static.

BFD

Field

Description

Enable BFD

Enable this option to detect link failures

ARP

Field

Description

IP Address

Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name.

MAC Address

Enter the MAC address in colon-separated hexadecimal notation.

ACL

Field

Description

ACL IPv4 Ingress

Enter the name of an IPv4 access list to packets being received on the interface

ACL IPv4 Egress

Enter the name of an IPv4 access list to packets being transmitted on the interface

ACL IPv6 Ingress

Enter the name of an IPv6 access list to packets being received on the interface

ACL IPv6 Egress

Enter the name of an IPv6 access list to packets being transmitted on the interface

Advanced

Field

Description

Duplex

Specify whether the interface runs in full-duplex or half-duplex mode.

Default: full

MAC Address

Specify a MAC address to associate with the interface, in colon-separated hexadecimal notation.

IP MTU

Specify the maximum MTU size of packets on the interface.

Range: 576 through 9216

Default: 1500 bytes

Interface MTU

Enter the maximum transmission unit size for frames received and transmitted on the interface.

Range: 1500 through 1518 (GigabitEthernet0), 1500 through 9216 (other GigabitEthernet)

Default: 1500 bytes

TCP MSS

Specify the maximum segment size (MSS) of TPC SYN packets passing through the router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented.

Range: 500 to 1460 bytes

Default: None

Speed

Specify the speed of the interface, for use when the remote end of the connection does not support autonegotiation.

Values: 10, 100, 1000, 2500, or 10000 Mbps

ARP Timeout

ARP timeout controls how long we maintain the ARP cache on a router. Specify how long it takes for a dynamically learned ARP entry to time out.

Range: 0 through 2147483 seconds

Default: 1200 seconds

Autonegotiate

Enable this option to turn on autonegotiation.

Media Type

Specify the physical media connection type on the interface. Choose one of the following:

  • auto-select: A connection is automatically selected.

  • rj45: Specifies an RJ-45 physical connection.

  • sfp: Specifies a small-form factor pluggable (SFP) physical connection for fiber media.

Load Interval

Enter an interval value for interface load calculation

IP Directed Broadcast

An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet, but which originates from a node that is not itself part of that destination subnet.

A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.

If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached are broadcast on that subnet.

ICMP Redirect Disable

ICMP redirects are sent by a router to the sender of an IP packet when a packet is being routed sub-optimally. The ICMP redirect informs the sending host to forward subsequent packets to that same destination through a different gateway.

By default, an interface allows ICMP redirect messages.