Service Profile

ACL IPv4

The following table describe the options for configuring the ACL IPv4 feature.

Field

Description

ACL Sequence Name

Specifies the name of the ACL sequence.

Standard

Standard ACLs control traffic by the comparison of the source address of the IP packets to the addresses configured in the ACL.

Extended

Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL.

Add ACL Sequence

Sequential collection of permit and deny conditions that apply to an IP packet

Import ACL Sequence

Import an ACL sequence into the device

Drop or Accept

Action to perform if match exists or not.

Edit ACL Sequence

ACL Sequence Name

Enter a name for the ACL Sequence.

Source Address

Source address of IP packets

Source Address Host

A single source address host

Action Type

The default value is accept

Accept Actions

Select log from the drop-down list to log messages about packets that are permitted or denied by a standard IP access list.

You can select the specific ACL sequence in the ACL Policy window to edit, delete or add.


Note

You can also configure ACL Policy features from Transport and Service Profile configuration groups.

DHCP Server

This feature allows an interface to be configured as a DHCP helper so that it forwards the broadcast DHCP requests that it receives from the DHCP servers.

For each parameter of the feature that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and choose one of the following:

Basic Configuration

Field

Description

Address Pool

Enter the IPv4 prefix range, in the format prefix/length, for the pool of addresses in the service-side network for which the router interface acts as the DHCP server.

Exclude

Enter one or more IP addresses to exclude from the DHCP address pool. To specify multiple individual addresses, list them separated by a comma. To specify a range of addresses, separate them with a hyphen.

Lease Time(seconds)

Specify how long a DHCP-assigned IP address is valid.

Range: 60 through 31536000 seconds

Default: 86400

Static Lease

Field

Description

Add Static Lease

MAC Address

Enter the MAC address of the client to which the static IP address is being assigned.

IP

Enter the static IP address to assign to the client.

DHCP Options

Field

Description

Add Option Code

Code

Configure the option code.

Range: 1-254

Type

Choose one of the three types:

  • ASCII: Specify an ASCII value.

  • Hex: Specify a hex value.

  • IP: Specify IP addresses. You can specify up to eight IP addresses.

Advanced

Field

Description

Interface MTU

Specify the maximum MTU size of packets on the interface.

Range: 68 to 65535 bytes

Domain Name

Specify the domain name that the DHCP client uses to resolve hostnames.

Default Gateway

Enter the IP address of a default gateway in the service-side network.

DNS Servers

Enter one or more IP address for a DNS server in the service-side network. Separate multiple entries with a comma. You can specify up to eight addresses.

TFTP Servers

Enter the IP address of a TFTP server in the service-side network. You can specify one or two addresses. If two, separate them with a comma.

Object Tracker

Use the Tracker feature to track the status of the tracker endpoints

The following table describes the options for configuring the Object Tracker feature.

Basic Settings

Parameter Name

Description

Name

Name of the tracker. The name can be up to 128 alphanumeric characters. You can configure up to eight trackers.

Description

Enter a description for the Object Tracker

Object Tracker ID

Name of the object tracker

Interface Name

Enter the global or device-specific tracker interface name. For example, Gigabitethernet1 or Gigabitethernet2

Interface Track Type

Duration to wait for the probe to return a response before declaring that the transport interface is down. Range: 100 through 1000 milliseconds. Default: 300 milliseconds . The options are:

  • Line-protocol

  • Ip-routing

  • Ipv6-routing

Route IP

Route IP prefix of the network

Route IP Mask

Subnet mask of the network

VRF Name

VRF name to be used as the basis to track route reachability

Delay Up (Seconds)

Sets delay of from 0 to 180 seconds before communication of up status of the tracked object or list of objects

Delay Down (Seconds)

Sets delay of from 0 to 180 seconds before communication of down status of the tracked object or list of objects

Object Tracker Group

Use this feature to configure an object tracker group. To ensure accurate tracking, add at least two object trackers before creating an object tracker group.

Basic Settings

Parameter Name

Description

Object tracker ID

Enter an ID for the object tracker group.

Range: 1 through 1000

Object tracker

Select a minimum of two previously created object trackers from the drop-down list.

Reachable

Choose one of the following values:

  • Either: Ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the route is active.

  • Both: Ensures that the transport interface status is reported as active if both the associated trackers of the tracker group report that the route is active.

Delay Up (Seconds)

Sets delay of from 0 to 180 seconds before communication of up status of the tracked object or list of objects

Delay Down (Seconds)

Sets delay of from 0 to 180 seconds before communication of down status of the tracked object or list of objects

Route Policy

Use this feature to configure the policy-based routing if you want certain packets to be routed through a specific path other than the obvious shortest path.

The following table describes the options for configuring the route policy feature.

Field

Description

Routing Sequence Name

Specifies the name of the routing sequence.

Protocol

Specifies the internet protocol. The options are IPv4, IPv6, or Both.

Condition

Specifies the routing condition. The options are:

  • Address

  • AS Path List

  • Community List

  • Extended Community List

  • BGP Local Preference

  • Metric

  • Next Hop

  • Interface

  • OSPF Tag

Action Type

Specifies the action type. The options are: Accept or Reject.

Accept Condition

Specifies the accept condition type. The options are:

  • AS Path

  • Community

  • Local Preference

  • Metric

  • Metric Type

  • Next Hop

  • Origin

  • OSPF Tag

  • Weight

VRF

DNS

The following table describes the options for configuring the Management VRF feature.

Field

Description

VRF Name

Enter a name for the VRF.

RD

Specify a route distinguisher for the VRF or use the system default.

A route distinguisher helps distinguish the distinct virtual private network routes of customers who connect to the provide

DNS

IP Address

Enter the IP address of the primary DNS server in this VRF

This IP address is used for resolving the Cisco SD-WAN Validator hostname

Host Mapping

Field

Description

Add New Host Mapping

Hostname

Enter the hostname of the DNS server. The limit is 128 characters.

List of IP

Enter IP addresses to associate with the hostname. Separate the entries with commas

Route

Field

Description

Add IPv4 Static Route

Network address

Enter the IPv4 address or prefix, in decimal four-point-dotted notation, to configure the VRF.

Subnet Mask

Enter the subnet mask for the prefix or the IP address. You can also choose a subnet mask from the drop-down list.

Gateway

 Choose one of the following options to configure the Next Hop to reach the static route:

  • Next Hop: When you choose this option and click Add , the following fields are displayed :

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

    • Object Tracker/Object Tracker Group:

      Object tracking is a mechanism for tracking an object to take any client action on another object as configured by the client. You can identify each tracked object by a unique name that is specified by the track parameter.

      Select an object from the drop-down list.

  • Null 0: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

    • Administrative distance: Specify the administrative distance for the route.

  • dhcp

    • Administrative distance: Enter the administrative distance for the route.

  • Interface: Click Add and specify the following details:

    • Interface Name: Specify a valid interface or choose a value from the drop-down list.

    • Add Next Hop:

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

IPv6 Static Route

Prefix

Enter the IPv6 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv6 static route to configure in the VRF.

Gateway

 Choose one of the following options to configure the Next Hop to reach the static route:

  • Next Hop: Select this option and click Add,the following fields are displayed :

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

  • Null 0: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

    • Administrative distance: Specify the administrative distance for the route.

  • Interface: Click Add and specify the following details:

    • Interface Name:Specify a valid interface or choose a value from the drop-down list.

    • Next Hop:

    • Address: Specify the next-hop IPv4 address.

    • Administrative distance: Specify the administrative distance for the route.

NAT

NAT
NAT Enable

Use the toggle button to enable NAT
Add NAT Interfaces

Add interfaces that are facing the Internet and which interfaces are facing the internal servers
Static NAT

Add a static NAT mapping
Static NAT Subnet

Define the subnet for the NAT mapping
NAT Port Forward

Define NAT port forwarding rules
Dynamic NAT Define Dynamic NAT rules.

Route Leak

Route leak from Global VRF
Route Protocol Choose a protocol from the available options to leak routes from global VRF to the service VRF that you are configuring.
Select Route Policy Choose a route policy from the drop-down list.
Redistribution (in VRF)
Protocol Choose a protocol from the available options to redistribute the leaked routes.
Select Route Policy Choose a route policy from the drop-down list.
Route leak to Global VRF
Route Protocol Choose a protocol from the available options to leak routes from the service VRF that you are configuring to the global VRF.
Select Route Policy Choose a route policy from the drop-down list.
Redistribution (in global VRF)
Protocol Choose a protocol from the available options to redistribute the leaked routes.
Select Route Policy Enter the name of the route policy.
Route leak from other Service VRF(s)
Source VRF Enter a value of the source VRF.
Route Protocol Choose a protocol from the available options to leak routes from the source service VRF to the service VRF that you are configuring.
Select Route Policy Choose a route policy from the drop-down list.
Redistribution (in Service VRF)
Protocol Choose a protocol from the available options to redistribute the leaked routes.
Select Route Policy Choose a route policy from the drop-down list.

IPv4/IPv6 Static Route Service

IPv4/IPv6 Static Route

Field

Description

Add IPv4 Static Route

IP Address*

Enter the IPv4 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv4 static route to configure in the VPN.

Subnet Mask*

Enter the subnet mask.

Gateway*

Choose one of the following options to configure the next hop to reach the static route:

  • nextHop: When you choose this option and click Add Next Hop, the following fields appear:

    • Address*: Enter the next-hop IPv4 address.

    • Administrative distance*: Enter the administrative distance for the route.

  • dhcp

  • null0: When you choose this option, the following field appears:

    • Administrative distance: Enter the administrative distance for the route.

Add IPv6 Static Route

Prefix*

Enter the IPv6 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv6 static route to configure in the VPN.

Next Hop/Null 0/NAT

Choose one of the following options to configure the next hop to reach the static route:

  • Next Hop: When you choose this option and click Add Next Hop, the following fields appear:

    • Address*: Enter the next-hop IPv6 address.

      Administrative distance*: Enter the administrative distance for the route.

  • Null 0: When you choose this option, the following field appears:

    • NULL0*: Enable this option to set the next hop to be the null interface. All packets sent to this interface are dropped without sending any ICMP messages.

  • NAT: When you choose this option, the following field appears:

    • IPv6 NAT: Choose NAT64 or NAT66.