Managing Branch Sites

This chapter contains the following sections:

Overview

After you have configured and set up the hub site, add devices to Cisco IWAN and provision them to the sites.

You can add and provision two types of devices:

  • Greenfield Devices

Greenfield devices are brand new out-of-the-box routers.

Discovered by the Cisco Plug-n-Play (Cisco PnP) application.

No pre-existing configurations to synchronize with IWAN-based configuration, no configuration conflicts to address.

  • Brownfield Devices

Brownfield devices belong to existing sites that are being added to Cisco IWAN.

Discovered by the Cisco APIC-EM application.

May have pre-existing configurations to synchronize with IWAN-based configuration.

While provisioning a brownfield device, the IWAN app performs a validation step to determine whether any configuration conflicts exist. If an error or warning is reported, correct the issue on the device and perform the validation again. See Brownfield Validation Messages .

Workflow for Managing Branch Sites

 

Table 5-1 Basic Workflow for Managing Branch Sites
No.
Task
Reference

1

Bootstrap devices discovered by the Cisco PnP application.

Bootstrapping Greenfield Devices

2

Add devices to Cisco IWAN and then provision them to the sites.

Adding and Provisioning Greenfield Devices to the Branch Site

Adding and Provisioning Brownfield Devices to the Branch Site

3

View the site status.

Viewing Site Status Information

Bootstrapping Greenfield Devices

You can bootstrap devices discovered by the Cisco PnP application. These are greenfield devices.

Use this procedure to download a bootstrap file.

Procedure

Step 1 From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2 Click the Bootstrap tab. The bootstrap files that are available for download are displayed.

Step 3 From the Download column, click the download bootstrap icon to download the bootstrap file to a local directory on your computer. You can use this file as a template for PnP call-home.

After the greenfield devices are provisioned to a site, the appropriate bootstrap file is automatically uploaded on to the device.

For details, see the Cisco Open Plug-n-Play Agent Configuration Guide at: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pnp/configuration/xe-3e/pnp-xe-3e-book.html.

 

Adding and Provisioning Greenfield Devices to the Branch Site

Use this procedure to add greenfield devices that are discovered by the Cisco PnP application and provision them to the branch site.

Note Before you use the devices to provision the site, we recommend that you save the running configuration in flash or bootflash in the IWAN_RECOVERY.cfg file so that you can restore the configuration if needed.

  • There must be at least 16 VTY lines configured.

 

Procedure

Step 1 From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2 Click the Device(s) tab. A list of unclaimed devices are displayed as shown in the following figure:

 

 

Field
Description

Checkbox

Choose this checkbox to choose the unclaimed device for provisioning.

Serial Number

Serial number of the device.

IP Address

IP address of the device.

Type

Type of device.

Site Name

Name of the site to which the device belongs. To edit the site name, double-click it, and then add the new name.

Host Name

Device host name.

Discovered By

Can be one of the following:

    • PNP—Discovered by the Cisco PnP application. This indicates a greenfield device.
    • APIC—Discovered by the Cisco APIC-EM application. This indicates a brownfield device.

Validation Status

Displays the following for greenfield devices:

    • N/A—Devices discovered by the Cisco PnP application.

Can be one of the following for brownfield devices:

    • Success—Devices successfully validated and ready for provisioning to the branch site. These devices are either discovered by the Cisco APIC-EM application or are manually added by clicking the Add Device tab.
    • Failure—Devices that have must-fix errors. These devices are either discovered by the Cisco APIC-EM application or are manually added by clicking the Add Device tab.
    • Warning—You can choose to ignore these errors or fix them.These devices are either discovered by the Cisco APIC-EM application or are manually added by clicking the Add Device tab.

Step 3 Select the checkbox next to the greenfield device(s) that you want to use, and then click the Provision Site tab. The Select Topology tab opens and displays the available topologies.

The available topology options depend on the network settings configured for the hub site on the IWAN app “Network wide settings” page. See the configuration of service provider count in Wizard Step 3—Configuring IP Address Pools and and the topology in Wizard Step 4—Configuring Service Providers.

Topology options may include:

  • 1-link option: Requires hub router connected to one (1) WAN cloud
  • 2-link option: Requires hub router connected to two (2) WAN clouds
  • 3-link option: Requires hub router connected to three (3) WAN clouds

Note To determine if the device is brownfield or greenfield, look at the Discovered By column in the Add Devices page. PNP indicates that it is a greenfield device. APIC indicates that it is a brownfield device.

Note You can choose a maximum of two devices.

Note Greenfield and brownfield devices cannot be part of the same site.

Step 4 Click the topology that is appropriate for your network. The L2/L3 options display.

Note The topology options that display are dependent on the number of devices you selected in Step 3.

Step 5 Click the L2 option. The Configure Topology page displays.

Note L3 is not supported on greenfield devices.

Step 6 From the Configure Topology page, specify the following properties:

 

 

Field
Description

Site Name

Site name, which you can change if needed.

Site Location

Click Set Geo to specify the site location on a map. A map opens. Click on the site, the Site Location field is populated. Click anywhere outside the map to exit the map.

POP to Connect

Choose the preferred hub site for this branch site from the drop-down list.

Select WAN

Choose the WAN from the drop-down list.

Step 7 Configure WAN settings for the branch device. Do the following:

a. Click the + icon next to the WAN cloud. The Configure WAN Cloud dialog box opens. Depending on the WAN type you chose in Step 6. the fields that display in the Configure WAN Cloud dialog box change.

b. For an Public WAN, the Configure WAN Cloud dialog box displays the following fields. Enter the required properties, and then click Save.

 

Field
Description

WAN Type

Public

Interface Type

Type of interface. Values: T1, E1, or Ethernet.

Interface

Choose the interface that connects to the WAN cloud from the drop-down list.

Connect to WAN

Connection method.

Enable

Choose one of the two radio buttons as appropriate:

  • Static IP—When selected, the following additional fields display: WAN IP Address, WAN IP Mask, and WAN Gateway IP Address.
  • DHCP

Upload (Mbps)

Upload bandwidth (in Mbps).

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 9000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 9000 Mbps

Service Profile

Profile name configured in the Service Providers tab.

c. For a Private WAN, the Configure WAN Cloud dialog box displays the following fields. Enter the required properties, and then click Save.

 

Field
Description

WAN Type

Private

Interface Type

Type of interface. Values: T1, E1, or Ethernet.

Interface

Choose an interface from the drop-down list.

Connect to WAN

Connection method.

CE IP Address

Customer Edge Server IP Address. This field is auto-populated if the interface has a static IP address already configured.

Note Depending on the number of links that you created when setting up the hub sites in the IWAN Aggregation Site, you might need to specify additional IP addresses for CE devices.

CE IP Mask

The mask of the CE IP address.

PE IP Address

Provider Edge Server IP Address. This field is auto-populated if the interface has an IP address and default gateway.

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 9000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 9000 Mbps

Service Profile

Profile name configured in the Service Providers tab.

Step 8 Configure LAN settings. Do the following:

Displays the following for greenfield devices:

Note You can either create the LAN greenfield IP address pool during hub provisioning, or you can add it after hub provisioning for greenfield deployments. When the LAN greenfield IP address pool is not present, the system automatically uses the generic pool IP address.

a. Click the + icon next to the LAN. If site specific IP address pools are configured for the site, the Configure VLAN dialog box opens.

b. Enter the following properties, and then click Save :

 

Field
Description
LAN Interface

Site Interface

Enter or choose the LAN interface from the drop-down list.
VLAN

VLAN Type

Enter or choose a VLAN type from the drop-down list.

Default Values: Data, Guest, Voice & Video, or Wireless.

To create a custom VLAN, click the + icon in the last VLAN, and then enter the name of the VLAN.

VLAN ID

Numeric value within the following ranges: 1 - 98; 100 - 1001; 1006 - 4094.

You cannot duplicate a VLAN ID.

Total IPs

Number of hosts in the VLAN.

Step 9 From the Provisioning Sites page, click Apply Changes. The Provisioning Site Summary dialog box opens with a summary of the configuration.

Step 10 Review the information, and then do one of the following:

    • Click the Apply Now radio button, and then click Submit.
    • Click the Schedule radio button, specify a date and time to apply the site provisioning, and then click Submit.

Note The Apply Now option does not check for validations in conflict with future scheduled workflows. You must reevaluate scheduled jobs based on the changes and update the jobs as required. If there is a conflict when the scheduled job is activated, it might fail to provision the site.

 

Adding and Provisioning Brownfield Devices to the Branch Site

Use this procedure to add brownfield devices that are discovered by the Cisco APIC-EM application and provision them to the branch site.

Brownfield devices are not automatically displayed on the Devices tab. You must first add them to Cisco IWAN, and then provision them to the branch site.

Note Before you use the devices to provision the site, we recommend that you save the running configuration in bootflash in the IWAN_RECOVERY.cfg file so that you can restore the configuration if needed.

  • There must be at least 16 VTY lines configured.
  • Devices that are configured with SNMP version 2 or version 3 can be used as branch devices.

 

Procedure

Step 1 From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2 Click the Device(s) tab. The following page displays.

 

Step 3 To add a brownfield device, click the Add Device tab. The Add Device dialog box opens and displays a list of devices discovered by the Cisco APIC-EM application as shown in the following figure:

Note Alternatively, you can add devices using the Cisco APIC EM discovery feature.

 

Step 4 Do one of the following:

    • Choose an existing Cisco APIC-EM discovered device—From the Devices Discovered by APIC-EM area, click the radio button next to the device you want to add to Cisco IWAN, and then click Claim Device (see figure above). The claimed device is added to the Devices page and is available for provisioning.
    • Add a new device—Click Adding New Device (see figure above). The Add Device dialog box opens, where you specify the IP address for the new device and additional properties, as shown in the following figure and the table that follows, and then click Add Device.

 

 

Field
Description

Router Management IP

IP address for the new device.
SNMP

Version

SNMP version number.

Depending on the version number you choose, different properties display.

Read Community

(Displayed if you chose SNMP V2C.)

SNMP V2C read community string.

Write Community

(Displayed if you chose SNMP V2C.)

(Optional) SNMP V2C write community string.

Mode

(Displayed if you chose SNMP V3.)

Choose the mode from the drop-down list. Options are:

  • Authentication and Encryption
  • No Authentication and No Encryption
  • Authentication and No Encryption

Auth. Type

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption; or Authentication and No Encryption in the Mode field.

Choose the authentication type from the drop-down list. Options are:

  • HMAC-SHA
  • HMAC-MDS

Username

(Displayed if you chose SNMP V3.)

Displayed if you chose SNMP V3.

The authentication username.

Auth. Password

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption; or Authentication and No Encryption in the Mode field.

The password for the authentication username.

Encryption Type

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption in the Mode field.

The encryption username.

Encryption Password

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption in the Mode field.

The password for the encryption username.
SNMP Retries and Timeout

Retries

Number of SNMP retries. Default: 3

Timeout (secs)

Number of seconds to wait before the system considers an SNMP request to have timed out.

Default: 10
SSH/Telnet

Protocol

Protocol used to communicate to the host (SSH or Telnet).

Username

SSH or Telnet username.

Password

SSH or Telnet password.

Enable Password

Enable password for the username.

Timeout (secs)

Number of seconds to wait before the system considers an SSH or Telnet request to have timed out.

The device is verified in the background to determine if the device is suitable for provisioning. The following occurs:

The Cisco IWAN app accesses the router and checks its configuration to determine if it has any configuration that might conflict with the Cisco IWAN app. This is called Brownfield Validation.

If the router does not have conflicting configurations, an orange icon appears on top of the device and the Configure Router Dialog opens.

If the router has conflicting configurations, the Validation Status dialog opens listing all the validation failures, as shown in the following figure:

 

 

c. The validation status could be either Warning or Must Fix. Do the following:

If the validation status is Warning, you can fix it or ignore it.

If the validation status is Must Fix, remove the configurations suggested by the description, and then click Revalidate.

For information about the messages displayed in the Validation Status dialog box, see Appendix A, “Brownfield Validation Messages.”

Step 5 From the Devices page, select the checkbox next to the brownfield device(s) that you want to provision for a site, and then click the Provision Site tab. The Select Topology tab opens and displays the available topologies.

The available topology options depend on the network settings configured for the hub site on the IWAN app “Network wide settings” page. See the configuration of service provider count in Wizard Step 3—Configuring IP Address Pools and and the topology in Wizard Step 4—Configuring Service Providers.

Topology options may include:

  • 1-link option: Requires hub router connected to one (1) WAN cloud
  • 2-link option: Requires hub router connected to two (2) WAN clouds
  • 3-link option: Requires hub router connected to three (3) WAN clouds

Note To determine if the device is brownfield or greenfield, look at the Discovered By column in the Add Devices page. PNP indicates that it is a greenfield device. APIC indicates that it is a brownfield device.

Note You can choose a maximum of two devices.

Step 6 Click the topology that is appropriate for your network. The L2/L3 options display.

Note The topology options that display are dependent on the number of devices you selected in Step 5.

Step 7 Depending on the LAN site configuration, c lick the appropriate L2/L3 option. The Configure Topology page displays.

Note If the VLAN on branch devices are on the same subnet, choose L2. If the VLAN on the branch devices are on different subnets, choose L3.

Step 8 From the Configure Topology page, specify the following properties:

 

Field
Description

Site Name

Site name, which you can change if needed.

Site Location

Click Set Geo to specify the site location on a map. A map opens. Click on the site, the Site Location field is populated. Click anywhere outside the map to exit the map.

POP to Connect

Choose the hub that you specified in the IWAN Aggregation Site from the drop-down list.

Select WAN

Choose the WAN from the drop-down list.

Step 9 Configure WAN settings for the branch device. Do the following:

a. Click the + icon next to the WAN cloud. The Configure WAN Cloud dialog box opens. Depending on the WAN type you chose in Step 8. the fields that display in the Configure WAN Cloud dialog box change.

b. For a Public WAN, the Configure WAN Cloud dialog box displays the following fields. Enter the required properties, and then click Save.

 

Field
Description

WAN Type

Public

Interface Type

Type of interface. Values: T1, E1, or Ethernet.

Interface

Choose an interface that connects to the WAN cloud from the drop-down list.

Connect to WAN

Connection method.

Enable

Choose one of the two radio buttons as appropriate:

  • Static IP—When selected, the following additional fields display: WAN IP Address, WAN IP Mask, and WAN Gateway IP Address.
  • DHCP

Upload (Mbps)

Upload bandwidth (in Mbps).

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 9000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 9000 Mbps

Service Profile

Profile name configured in the Service Providers tab.

c. For a Private WAN, the Configure WAN Cloud dialog box displays the following fields. Enter the required properties, and then click Save.

 

Field
Description

WAN Type

Private

Interface Type

Type of interface. Values: T1, E1, or Ethernet.

Interface

Choose an interface from the drop-down list.

Connect to WAN

Connection method.

CE IP Address

Customer Edge Server IP Address. This field is auto-populated if the interface has a static IP address already configured.

Note Depending on the number of links that you created when setting up the hub sites in the IWAN Aggregation Site, you might need to specify additional IP addresses for CE devices.

CE IP Mask

The mask of the CE IP address.

PE IP Address

Provider Edge Server IP Address. This field is auto-populated if the interface has an IP address and default gateway.

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 9000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 9000 Mbps

Service Profile

Profile name configured in the Service Providers tab.

Step 10 Configure LAN settings. Do the following:

Click the + icon next to the LAN. If you selected L2 topology and the LAN interface is a physical interface or a switchport interface, the Configure VLAN dialog box opens (see bellow). Choose the LAN interface from the drop-down list, and then click Save.

Note If you selected a dual router topology, the common VLANs between devices are displayed.

  • Make sure there are no site-specific IP address pools configured for brownfield sites.
  • The VLAN information seen on the Configure VLAN dialog box is auto populated based on the LAN interface that you selected on the router.
  • You cannot edit the auto populated information from the Configure VLAN interface dialog box.
  • You can either create the LAN brownfield IP address pool during hub provisioning; or you can add it after hub provisioning for brownfield deployments. When the LAN brownfield IP address pool is not present, the system automatically creates site-specific pools for the brownfield devices.

 

 

 

If you selected L3 topology, the following Configure VLAN dialog box opens as shown in the following figure. Do the following:

a. Choose the LAN interface from the drop-down list. The IP address is automatically populated.

 

b. Click Save.

c. If you have dual routers, choose the LAN interface for that device, and then click Save.

d. Click the + icon above Routing Configuration. The LAN Routing Configuration dialog box opens as shown in the following figure. Enter the properties and then click Save.

Note VLANs are displayed per device.

 

 

Field
Description

Site Prefix

Network prefixes auto-learned for the site.

Add Prefix button

Click this button to manually add additional site prefix.

Discovered Pane

Prefixes automatically discovered by Cisco IWAN.

Arrows

Click on the --> arrow to move the prefix from the Discovered pane into the Selected pane.

Click on the <-- arrow to move the prefix from the Selected pane into the Discovered pane.

Selected Pane

List of selected prefixes.
LAN Routing Protocol

Routing Protocol

Default routing protocol running on the devices. Can be: EIGRP or OSPF

Note EIGRP and OSPF are supported routing protocols, which means that LAN-WAN redistribution is performed by Cisco IWAN. Cisco IWAN does not perform LAN-WAN redistribution for BGP protocol.

Area Number/AS Number

Depending on the routing protocol, enter the following:

  • Area number for OSPF.
  • AS number for EIGRP.

Note For a dual router site, make sure that the area numbers for OSPF and the AS numbers for EIGRP are the same across both devices.

Step 11 From the Provisioning Sites page, click Apply Changes. The Provisioning Site Summary dialog box opens with a summary of the configuration.

Step 12 Review the information and then do one of the following:

    • Click the Apply Now radio button, and then click Submit.
    • Click the Schedule radio button, specify the date and time to apply the site provisioning, and then click Submit.

Note The Apply Now option does not check for validations in conflict with future scheduled workflows. You must reevaluate scheduled jobs based on the changes and update the jobs as required. If there is a conflict when the scheduled job is activated, it might fail to provision the site.

 

Viewing Site Status Information

Use this procedure to view the information about the site and determine its overall status.

Procedure

Step 1 From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2 Click the Site(s) tab. The following properties appear:

 

Field
Description

Health

Health of the hub and health of the site.

App Health

Application heath for the hub.

Prime credentials must be configured to view this information.

Site

Click the hub name or site name as appropriate to display the following details:

  • Site status—Whether the site is provisioned.
  • Application status—Status of the application.
  • Alarms tab—If there are issues with the site, this tab provides information about the problem. In addition, the system also provides suggestions to troubleshoot and fix the problem.
  • Hub Topology or Site Topology tab—Topology of the site, including the site name, site location, and preferred POP. Hover on the devices and WAN clouds in the topology to get more details.
  • IP Address Allocation tab—List of devices, including the subnet mask and the IP address pool to which the device is allocated.
  • Application tab—Application usage on the site in a graphical format. The graph displays the following:

Various applications configured for the site.

Bandwidth usage for each application.

Statistical trend for each application.

Location

Location of the site.

Status

Whether the site is provisioned.

Action

Can be one of the following: