Managing Branch Sites

This chapter contains the following sections:

Overview

After you have configured and set up the hub site, add devices to Cisco IWAN and provision them to the sites.

Greenfield and Brownfield Devices

You can add and provision two types of devices:

  • Greenfield Devices

blank.gif Greenfield devices are brand new out-of-the-box routers.

blank.gif Discovered by the Cisco Plug-n-Play (Cisco PnP) application.

blank.gif No pre-existing configurations to synchronize with IWAN-based configuration, no configuration conflicts to address.

  • Brownfield Devices

blank.gif Brownfield devices belong to existing sites that are being added to Cisco IWAN.

blank.gif Discovered by the Cisco APIC-EM application.

blank.gif May have pre-existing configurations to synchronize with IWAN-based configuration.

blank.gif While provisioning a brownfield device, the IWAN app performs a validation step to determine whether any configuration conflicts exist. If an error or warning is reported, correct the issue on the device and perform the validation again. See Brownfield Validation Messages .

Deployment Requirements

  • For both greenfield and brownfield devices, ensure that the device is added to the system using the WAN interface only.
  • For successful deployment, the controller must be able to reach the device WAN interface before the deployment.

IWAN App Operation with NAT

Spoke Behind NAT

Use of network address translation (NAT) is supported for WAN links connected to public Internet clouds for all topologies—both for greenfield devices (using PnP discovery) and brownfield branch devices (discovered through APIC-EM). Both static NAT and dynamic NAT are supported.

For greenfield devices, the PnP application discovers the device if the device is reachable by APIC-EM, irrespective of whether there is a NAT router. Ensure that the device is reachable by APIC-EM.

For brownfield devices, discover the device using the external or public IP address.

To enable connections from Cisco APIC-EM to the NAT router during provisioning, enable port forwarding on the NAT router with following standard ports. This is required both for greenfield and brownfield devices.

  • SSH—port 22
  • Telnet—port 23
  • SNMP—port 161

After the provisioning is complete and the branch devices are managed by Cisco APIC-EM using the loopback interface, you can optionally remove these configurations.

note.gif

Noteblank.gif The NAT router is not managed by Cisco IWAN. Configure the NAT router manually.

note.gif

Noteblank.gif Spoke behind NAT supports many-to-one, many-to-many, and PAT translations. Many-to-one and PAT translations are the most common scenarios.

APIC-EM Behind NAT

The IWAN app supports network topologies in which the APIC-EM controller communicates with spoke (branch) sites through network address translation (NAT).

When setting up an APIC-EM-behind-NAT network, configure the NAT public IP address of the APIC-EM controller before provisioning any spoke sites. Configure the address in the following location:

IWAN app home page > Configure Hub Site & Settings > System tab > IP Address section

 

366911.jpg

IWAN App Provides the NAT Public IP Address to Spoke Devices

Spoke devices that connect to the APIC-EM controller through a public link (such as INET) require the NAT public address of the controller.

  • Greenfield sites : The PnP application automatically acquires the APIC-EM public NAT IP address. During provisioning, the IWAN app provides this address to the spoke devices that connect by public link.
  • Brownfield sites : During provisioning, the IWAN app provides the manually configured NAT public IP address of the APIC-EM controller to the spoke devices that connect by public link.

Note : During provisioning, add a brownfield spoke site using its public link interface IP address, or its NAT public IP address (in the case of spoke-behind-NAT).

 

366196.tif

Workflow for Managing Branch Sites

 

Table 5-1 Basic Workflow for Managing Branch Sites
No.
Task
Reference

1

Bootstrap devices discovered by the Cisco PnP application.

Bootstrapping Greenfield Devices

2

Add devices to Cisco IWAN and then provision them to the sites.

Adding and Provisioning Greenfield Devices to the Branch Site

Adding and Provisioning Brownfield Devices to the Branch Site

3

View the site status.

Viewing Site Status Information

Bootstrapping Greenfield Devices

You can bootstrap devices discovered by the Cisco PnP application. These are greenfield devices.

Use this procedure to download a bootstrap file.

Procedure

Step 1blank.gif From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2blank.gif Click the Bootstrap tab. The bootstrap files that are available for download are displayed.

Step 3blank.gif From the Download column, click the download bootstrap icon to download the bootstrap file to a local directory on your computer. If required, you can use this file as a template to manually copy to the device so that PnP can call-home.

For details, see the Cisco Open Plug-n-Play Agent Configuration Guide at: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pnp/configuration/xe-3e/pnp-xe-3e-book.html.

 

Adding and Provisioning Greenfield Devices to the Branch Site

Use this procedure to add greenfield devices that are discovered by the Cisco PnP application and provision them to the branch site.

note.gif

Noteblank.gif Saving the configuration

Before you use the devices to provision the site, we recommend that you save the running configuration in flash or bootflash in the IWAN_RECOVERY.cfg file so that you can restore the configuration if needed.

  • VTY lines

There must be at least 16 VTY lines configured.

  • Support for 4G/cellular interface

The IWAN app supports configuration of a 4G/cellular interface for Cisco ISR4000 Series routers at branch sites.

 

Supported Connection Types

The IWAN app supports many types of routing and switching devices at branch sites, but support for some features is limited to specific types of devices. The following table describes supported connection types.

 

WAN connection type
Devices that support the connection type

Internet (including T1, E1, Ethernet)

All

MPLS

All

4G/cellular interface

Cisco ISR 4000 Series routers on MPLS link only

Procedure

Step 1blank.gif From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2blank.gif Click the Device(s) tab. A list of unclaimed devices is displayed as shown in the following figure:

 

365888.tif

 

Field
Description

Checkbox

Click this checkbox to choose the unclaimed device for provisioning.

Serial Number

Serial number of the device.

IP Address

IP address of the device.

Note If a NAT router is present, then the NAT IP address appears in this column.

Type

Type of device.

Site Name

Name of the site to which the device belongs. To edit the site name, double-click it, and then add the new name.

Host Name

Device host name.

Discovered By

Can be one of the following:

    • PNP—Discovered by the Cisco PnP application. This indicates a greenfield device.
    • APIC—Discovered by the Cisco APIC-EM application. This indicates a brownfield device.

Validation Status

Displays the following for greenfield devices:

    • N/A—Devices discovered by the Cisco PnP application.

Can be one of the following for brownfield devices:

    • Success—Devices successfully validated and ready for provisioning to the branch site. These devices are either discovered by the Cisco APIC-EM application or are manually added by clicking the Add Device tab.
    • Failure—Devices that have must-fix errors. These devices are either discovered by the Cisco APIC-EM application or are manually added by clicking the Add Device tab.
    • Warning—You can choose to ignore these errors or fix them.These devices are either discovered by the Cisco APIC-EM application or are manually added by clicking the Add Device tab.

Step 3blank.gif Select the checkbox next to the greenfield device(s) that you want to use, and then click the Provision Site tab. The Select Topology tab opens and displays the available topologies.

The available topology options depend on the network settings configured for the hub site on the IWAN app “Network wide settings” page. See the configuration of service provider count in Configuring IP Address Pools and and the topology in Configuring Service Providers.

Topology options may include:

  • 1-link option: Requires hub router connected to one (1) WAN cloud
  • 2-link option: Requires hub router connected to two (2) WAN clouds
  • 3-link option: Requires hub router connected to three (3) WAN clouds
note.gif

Noteblank.gif To determine if the device is brownfield or greenfield, look at the Discovered By column in the Add Devices page. PNP indicates that it is a greenfield device. APIC indicates that it is a brownfield device.

note.gif

Noteblank.gif You can choose a maximum of two devices.

note.gif

Noteblank.gif Greenfield and brownfield devices cannot be part of the same site.

Step 4blank.gif Click the topology that is appropriate for your network. The L2/L3 options display.

note.gif

Noteblank.gif The topology options that display are dependent on the number of devices you selected in Step 3.

Step 5blank.gif Click the L2 option. The Configure Topology page displays.

note.gif

Noteblank.gif L3 is not supported on greenfield devices.

Step 6blank.gif From the Configure Topology page, specify the following properties:

 

Field
Description

Site Name

Site name, which you can change if needed.

Site Location

Click Set Geo to specify the site location on a map. A map opens. Click on the site, the Site Location field is populated. Click anywhere outside the map to exit the map.

POP to Connect

Choose the preferred hub site for this branch site from the drop-down list.

Select WAN

Choose the WAN from the drop-down list.

Step 7blank.gif Configure WAN settings for the branch device. Do the following:

a.blank.gif Click the + icon next to the WAN cloud. The Configure WAN Cloud dialog box opens. The WAN type selected in the previous step determines the fields that appear in the Configure WAN Cloud dialog box. (These fields differ, depending on the WAN type, such as T1, E1, Ethernet, or Cellular.)

b.blank.gif Enter the required properties, and click Save. The + icon next to the WAN cloud changes to a checkmark icon.

  • For a Public WAN, the Configure WAN Cloud dialog box displays the following fields.

 

Field
Description

WAN Type

Public

Interface Type

Type of interface. Values: T1, E1, Ethernet, Cellular

Interface

Choose the interface that connects to the WAN cloud from the drop-down list.

Connect to WAN

Connection method.

NAT Enabled

Check this option if NAT IP address is used.

NAT IP Address

Public IP address.

Enable

Choose one of the two radio buttons as appropriate:

  • Static IP—When selected, the following additional fields display: WAN IP Address, WAN IP Mask, and WAN Gateway IP Address.
  • DHCP

Note This option is not shown if interface type is Cellular.

Upload (Mbps)

Upload bandwidth (in Mbps).

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 9000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 9000 Mbps

Service Provider

Choose a service profile from the drop-down list.

The drop-down list includes default and custom 8 Class service profiles that were configured in the Service Providers tab.
  • For a Private non-MPLS WAN, the Configure WAN Cloud dialog box displays the following fields.

 

Field
Description

WAN Type

Private

Interface Type

Type of interface. Values: T1, E1, or Ethernet.

Interface

Choose an interface from the drop-down list.

Connect to WAN

Connection method.

CE IP Address

Customer Edge Server IP Address. This field is auto-populated if the interface has a static IP address already configured.

Note Depending on the number of links that you created when setting up the hub sites in the IWAN Aggregation Site, you might need to specify additional IP addresses for CE devices.

CE IP Mask

The mask of the CE IP address.

PE IP Address

Provider Edge Server IP Address. This field is auto-populated if the interface has an IP address and default gateway.

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 9000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 9000 Mbps

Service Provider

Choose a service profile from the drop-down list.

The drop-down list includes all default and custom service profiles (4 Class, 5 Class, 6 Class, and 8 Class) that were configured in the Service Providers tab.
  • For an MPLS cloud, the Configure WAN Cloud dialog box displays the following fields.

 

Field
Description

WAN Type

Private

Interface

Choose an interface from the drop-down list.

Connect to WAN

MPLS

Upload (Mbps)

Upload bandwidth (Mbps)

Download (Mbps)

Download bandwidth (Mbps)

Service Provider

Choose a service profile from the drop-down list.

The drop-down list includes all default and custom service profiles (4 Class, 5 Class, 6 Class, and 8 Class) that were configured in the Service Providers tab.

Step 8blank.gif Configure LAN settings. Do the following:

Displays the following for greenfield devices:

note.gif

Noteblank.gif You can either create the LAN greenfield IP address pool during hub provisioning, or you can add it after hub provisioning for greenfield deployments. When the LAN greenfield IP address pool is not present, the system automatically uses the generic pool IP address.

a.blank.gif Click the + icon next to the LAN. If site specific IP address pools are configured for the site, the Configure VLAN dialog box opens.

b.blank.gif Enter the following properties, and click Save :

 

Field
Description
LAN Interface

Site Interface

Enter or choose the LAN interface from the drop-down list.
VLAN

VLAN Type

Enter or choose a VLAN type from the drop-down list.

Default Values: Data, Guest, Voice & Video, or Wireless.

To create a custom VLAN, click the + icon in the last VLAN, and then enter the name of the VLAN.

VLAN ID

Numeric value within the following ranges: 1 - 98; 100 - 1001; 1006 - 4094.

You cannot duplicate a VLAN ID.

Total IPs

Number of hosts in the VLAN.

Step 9blank.gif (During provisioning of a branch site with two routers) When provisioning a branch site with two routers, one of the two must be selected as master controller. To specify a device as the Master Controller (MC), hover the cursor over the device icon, then select the Master Controller switch in the pop-up.

 

366874.jpg

Step 10blank.gif From the Provisioning Sites page, click Apply Changes. The Provisioning Site Summary dialog box opens with a summary of the configuration.

Step 11blank.gif Review the information, and then do one of the following:

    • Click the Apply Now radio button, and then click Submit.
    • Click the Schedule radio button, specify a date and time to apply the site provisioning, and then click Submit.
note.gif

Noteblank.gif The Apply Now option does not check for validations in conflict with future scheduled workflows. You must reevaluate scheduled jobs based on the changes and update the jobs as required. If there is a conflict when the scheduled job is activated, it might fail to provision the site.

 

Adding and Provisioning Brownfield Devices to the Branch Site

Use this procedure to add brownfield devices that are discovered by the Cisco APIC-EM application and provision them to the branch site.

Brownfield devices are not automatically displayed on the Devices tab. You must first add them to Cisco IWAN, and then provision them to the branch site.

Tutorial Video

IWAN App Brownfield Branch Provisioning

note.gif

Noteblank.gif Saving the configuration

Before you use the devices to provision the site, we recommend that you save the running configuration in bootflash in the IWAN_RECOVERY.cfg file so that you can restore the configuration if needed.

  • VTY lines

There must be at least 16 VTY lines configured.

  • SNMP

Devices that are configured with SNMP version 2 or version 3 can be used as branch devices.

  • Support for 4G/cellular

The IWAN app now supports configuration of a 4G/cellular interface at branch sites for: Cisco ISR4000 Series routers, Cisco 1000 Series Integrated Services Routers, Cisco 5000 Series Enterprise Network Compute System (ENCS)

 

The IWAN app supports many types of routing and switching devices at branch sites, but support for some features is limited to specific types of devices. The following table describes supported connection types.

 

WAN connection type
Devices that support the connection type

Internet (including T1, E1, Ethernet)

All

MPLS

All

4G/cellular

Cisco ISR4000 Series routers, Cisco 1000 Series Integrated Services Routers, Cisco 5000 Series Enterprise Network Compute System (ENCS)

Procedure

Step 1blank.gif From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2blank.gif Click the Device(s) tab. The following page displays.

 

365868.tif

Step 3blank.gif To add a brownfield device, click the Add Device tab. The Add Device dialog box opens and displays a list of devices discovered by the Cisco APIC-EM application as shown in the following figure:

note.gif

Noteblank.gif Alternatively, you can add devices using the Cisco APIC EM discovery feature.

 

365867.tif

Step 4blank.gif Do one of the following:

    • Choose an existing Cisco APIC-EM discovered device—From the Devices Discovered by APIC-EM area, click the radio button next to the device you want to add to Cisco IWAN, and then click Claim Device (see figure above). The claimed device is added to the Devices page and is available for provisioning.
    • Add a new device—Click Adding New Device (see figure above). The Add Device dialog box opens, where you specify the IP address for the new device and additional properties, as shown in the following figure and the table that follows, and then click Add Device.

 

365866.tif

 

Field
Description

Router Management IP

IP address for the new device.

If you have a spoke device behind a NAT router and you want that NAT router to be the management router, enter the IP address of the NAT router in this field.
SNMP

Version

SNMP version number.

Depending on the version number you choose, different properties display.

Read Community

(Displayed if you chose SNMP V2C.)

SNMP V2C read community string.

Write Community

(Displayed if you chose SNMP V2C.)

(Optional) SNMP V2C write community string.

Mode

(Displayed if you chose SNMP V3.)

Choose the mode from the drop-down list. Options are:

  • Authentication and Encryption
  • No Authentication and No Encryption
  • Authentication and No Encryption

Auth. Type

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption; or Authentication and No Encryption in the Mode field.

Choose the authentication type from the drop-down list. Options are:

  • HMAC-SHA
  • HMAC-MDS

Username

(Displayed if you chose SNMP V3.)

Displayed if you chose SNMP V3.

The authentication username.

Auth. Password

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption; or Authentication and No Encryption in the Mode field.

The password for the authentication username.

Encryption Type

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption in the Mode field.

The encryption username.

Encryption Password

(Displayed if you chose SNMP V3.)

Displayed if you chose Authentication and Encryption in the Mode field.

The password for the encryption username.
SNMP Retries and Timeout

Retries

Number of SNMP retries. Default: 3

Timeout (secs)

Number of seconds to wait before the system considers an SNMP request to have timed out.

Default: 10
SSH/Telnet

Protocol

Protocol used to communicate to the host (SSH or Telnet).

Username

SSH or Telnet username.

Password

SSH or Telnet password.

Enable Password

Enable password for the username.

Timeout (secs)

Number of seconds to wait before the system considers an SSH or Telnet request to have timed out.

The device is verified in the background to determine if the device is suitable for provisioning. The following occurs:

The Cisco IWAN app accesses the router and checks its configuration to determine if it has any configuration that might conflict with the Cisco IWAN app. This is called Brownfield Validation.

If the router does not have conflicting configurations, an orange icon appears on top of the device and the Configure Router Dialog opens.

If the router has conflicting configurations, the Validation Status dialog opens listing all the validation failures, as shown in the following figure:

 

366193.tif

c.blank.gif The validation status could be either Warning or Must Fix. Do the following:

blank.gif If the validation status is Warning, you can fix it or ignore it.

blank.gif If the validation status is Must Fix, remove the configurations suggested by the description, and then click Revalidate.

For information about the messages displayed in the Validation Status dialog box, see Appendix A, “Brownfield Validation Messages.”

Step 5blank.gif From the Devices page, select the checkbox next to the brownfield device(s) that you want to provision for a site, and then click the Provision Site tab. The Select Topology tab opens and displays the available topologies.

The available topology options depend on the network settings configured for the hub site on the IWAN app “Network wide settings” page. See the configuration of service provider count in Configuring IP Address Pools and and the topology in Configuring Service Providers.

Topology options may include:

  • 1-link option: Requires hub router connected to one (1) WAN cloud
  • 2-link option: Requires hub router connected to two (2) WAN clouds
  • 3-link option: Requires hub router connected to three (3) WAN clouds
note.gif

Noteblank.gif To determine if the device is brownfield or greenfield, look at the Discovered By column in the Add Devices page. PNP indicates that it is a greenfield device. APIC indicates that it is a brownfield device.

note.gif

Noteblank.gif You can choose a maximum of two devices.

Step 6blank.gif Click the topology that is appropriate for your network. The L2/L3 options display.

note.gif

Noteblank.gif The topology options that display are dependent on the number of devices you selected in Step 5.

Step 7blank.gif Depending on the LAN site configuration, c lick the appropriate L2/L3 option. The Configure Topology page displays.

note.gif

Noteblank.gif If the VLAN on branch devices are on the same subnet, choose L2. If the VLAN on the branch devices are on different subnets, choose L3.

Step 8blank.gif From the Configure Topology page, specify the following properties:

 

Field
Description

Site Name

Site name, which you can change if needed.

Site Location

Click Set Geo to specify the site location on a map. A map opens. Click on the site, the Site Location field is populated. Click anywhere outside the map to exit the map.

POP to Connect

Choose the hub that you specified in the IWAN Aggregation Site from the drop-down list.

Select WAN

Choose the WAN from the drop-down list.

Step 9blank.gif Configure WAN settings for the branch device. Do the following:

a.blank.gif Click the + icon next to the WAN cloud. The Configure WAN Cloud dialog box opens. Depending on the WAN type you chose in Step 8. the fields that display in the Configure WAN Cloud dialog box change.

b.blank.gif Enter the required properties, and click Save. The + icon next to the WAN cloud changes to a checkmark icon.

  • For a Public WAN, the Configure WAN Cloud dialog box displays the following fields.

 

Field
Description

WAN Type

Public

Interface Type

Type of interface. Values: T1, E1, Ethernet, Cellular

Interface

Choose the interface that connects to the WAN cloud from the drop-down list.

Connect to WAN

Connection method.

NAT Enabled

Check this option if NAT IP address is used.

NAT IP Address

Public IP address.

Enable

Choose one of the two radio buttons as appropriate:

  • Static IP—When selected, the following additional fields display: WAN IP Address, WAN IP Mask, and WAN Gateway IP Address.
  • DHCP

Note This option is not shown if interface type is Cellular.

Upload (Mbps)

Upload bandwidth (in Mbps).

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 10000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 10000 Mbps

Service Provider

Choose a service profile from the drop-down list.

The drop-down list includes default and custom 8 Class service profiles that were configured in the Service Providers tab.
  • For a Private WAN, the Configure WAN Cloud dialog box displays the following fields.

 

Field
Description

WAN Type

Private

Interface Type

Type of interface. Values: T1, E1, or Ethernet.

Interface

Choose an interface from the drop-down list.

Connect to WAN

Connection method.

CE IP Address

Customer Edge Server IP Address. This field is auto-populated if the interface has a static IP address already configured.

Note Depending on the number of links that you created when setting up the hub sites in the IWAN Aggregation Site, you might need to specify additional IP addresses for CE devices.

CE IP Mask

The mask of the CE IP address.

PE IP Address

Provider Edge Server IP Address. This field is auto-populated if the interface has an IP address and default gateway.

Download (Mbps)

E1 interface—Preset bandwidth value of 3.

T1 interface—Preset bandwidth value of 1.5.

GigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 1000

TenGigabitEthernet interface—Select a bandwidth from the drop-down list or enter a value in the range: 0.1 to 10000

For interfaces of types other than E1, T1, GigabitEthernet, or TenGigabitEthernet, the default range will be: 0.1 to 10000 Mbps

Service Provider

Choose a service profile from the drop-down list.

The drop-down list includes all default and custom service profiles (4 Class, 5 Class, 6 Class, and 8 Class) that were configured in the Service Providers tab.
  • For an MPLS cloud, the Configure WAN Cloud dialog box displays the following fields.

 

Field
Description

WAN Type

Private

Interface

Choose an interface from the drop-down list.

Connect to WAN

MPLS

Upload (Mbps)

Upload bandwidth (Mbps)

Download (Mbps)

Download bandwidth (Mbps)

Service Provider

Choose a service profile from the drop-down list.

The drop-down list includes all default and custom service profiles (4 Class, 5 Class, 6 Class, and 8 Class) that were configured in the Service Providers tab.

Step 10blank.gif Configure LAN settings. Do the following:

Click the + icon next to the LAN. If you selected L2 topology and the LAN interface is a physical interface or a switchport interface, the Configure VLAN dialog box opens (see bellow). Choose the LAN interface from the drop-down list, and click Save.

note.gif

Noteblank.gif If you selected a dual router topology, the common VLANs between devices are displayed.

  • Make sure there are no site-specific IP address pools configured for brownfield sites.
  • The VLAN information seen on the Configure VLAN dialog box is auto populated based on the LAN interface that you selected on the router.
  • You cannot edit the auto populated information from the Configure VLAN interface dialog box.
  • You can either create the LAN brownfield IP address pool during hub provisioning; or you can add it after hub provisioning for brownfield deployments. When the LAN brownfield IP address pool is not present, the system automatically creates site-specific pools for the brownfield devices.

 

 

365885.tif

 

If you selected L3 topology, the following Configure VLAN dialog box opens as shown in the following figure. Do the following:

a.blank.gif Choose the LAN interface from the drop-down list. The IP address is automatically populated.

 

365873.tif

b.blank.gif Click Save.

c.blank.gif If you have dual routers, choose the LAN interface for that device, and click Save.

d.blank.gif Click the + icon above Routing Configuration. The LAN Routing Configuration dialog box opens as shown in the following figure. Enter the properties and click Save.

note.gif

Noteblank.gif VLANs are displayed per device.

 

365920.tif

 

Field
Description

Site Prefix

Network prefixes auto-learned for the site.

Add Prefix button

Click this button to manually add additional site prefix.

Discovered Pane

Prefixes automatically discovered by Cisco IWAN.

Arrows

Click on the --> arrow to move the prefix from the Discovered pane into the Selected pane.

Click on the <-- arrow to move the prefix from the Selected pane into the Discovered pane.

Selected Pane

List of selected prefixes.
LAN Routing Protocol

Routing Protocol

Default routing protocol running on the devices. Can be: EIGRP or OSPF

Note EIGRP and OSPF are supported routing protocols, which means that LAN-WAN redistribution is performed by Cisco IWAN. Cisco IWAN does not perform LAN-WAN redistribution for BGP protocol.

Area Number/AS Number

Depending on the routing protocol, enter the following:

  • Area number for OSPF.
  • AS number for EIGRP.

Note For a dual router site, make sure that the area numbers for OSPF and the AS numbers for EIGRP are the same across both devices.

Step 11blank.gif (During provisioning of a branch site with two routers) To specify a device as the Master Controller (MC), click the device icon and select the Master Controller switch in the pop-up.

 

366874.jpg

Step 12blank.gif From the Provisioning Sites page, click Apply Changes. The Provisioning Site Summary dialog box opens with a summary of the configuration.

Step 13blank.gif Review the information and then do one of the following:

    • Click the Apply Now radio button, and then click Submit.
    • Click the Schedule radio button, specify the date and time to apply the site provisioning, and then click Submit.
note.gif

Noteblank.gif The Apply Now option does not check for validations in conflict with future scheduled workflows. You must reevaluate scheduled jobs based on the changes and update the jobs as required. If there is a conflict when the scheduled job is activated, it might fail to provision the site.

 

Viewing Site Status Information

Use this procedure to view the information about the site and determine its overall status.

Procedure

Step 1blank.gif From the Cisco IWAN home page, click Manage Branch Sites. The Sites page opens.

Step 2blank.gif Click the Site(s) tab. The following properties appear:

 

Field
Description

Health

Health of the hub and health of the site.

App Health

Application heath for the hub.

Prime credentials must be configured to view this information.

Site

Click the hub name or site name as appropriate to display the following details:

  • Site status—Whether the site is provisioned.
  • Application status—Status of the application.
  • Alarms tab—If there are issues with the site, this tab provides information about the problem. In addition, the system also provides suggestions to troubleshoot and fix the problem.
  • Hub Topology or Site Topology tab—Topology of the site, including the site name, site location, and preferred POP. Hover on the devices and WAN clouds in the topology to get more details.
  • IP Address Allocation tab—List of devices, including the subnet mask and the IP address pool to which the device is allocated.
  • Application tab—Application usage on the site in a graphical format. The graph displays the following:

blank.gif Various applications configured for the site.

blank.gif Bandwidth usage for each application.

blank.gif Statistical trend for each application.

Location

Location of the site.

Status

Whether the site is provisioned.

Action

Can be one of the following:

blank.gif Add or delete site prefixes after hub provisioning. This option is only available for L3 brownfield sites. See Adding or Deleting Site Prefixes.

blank.gif Modify the QoS bandwidth percentage for a selected branch site. Modifying the QoS Bandwidth Percentages for a Branch Site.

 

Support for 4G/Cellular Technology for WAN Link

The IWAN app supports use of a 4G cellular connection by Cisco ISR 4000 Series routers at branch sites, as a WAN connection option.

Example Scenario

The full instructions for provisioning appear in the Adding and Provisioning Greenfield Devices to the Branch Site and Adding and Provisioning Brownfield Devices to the Branch Site sections. The following is a brief description of the provisioning steps for an example scenario using 4G connection for a WAN link:

Procedure

Step 1blank.gif In the Configure Hub Site & Settings > Service Providers tab, configure a services provider with a 4G cellular connection. Note that cellular connections must be configured with a WAN Type value of Public.

Step 2blank.gif In the Configure Hub Site & Settings > IWAN aggregation site tab, connect a hub site device to the 4G cellular WAN in the graphical display of the topology.

 

366173.tif

Step 3blank.gif On a branch site that includes a Cisco ISR 4000 Series device, connect the device to the 4G cellular WAN.

a.blank.gif On the Sites page, select the Device(s) tab. Select an unclaimed Cisco ISR 4000 Series device. This displays the Provisioning Site page.

b.blank.gif At the Select Topology step, select a topology and click Next.

c.blank.gif At the Select L2/L3 step, select an option and click Next.

d.blank.gif At the Configure Topology step, click the plus-sign on the link between the device and one of the WAN "cloud" options. A Configure WAN Cloud pop-up opens. For each interface on the device, configure any necessary details and click Save to proceed to the next interface on the device. When the "Connect to WAN" field in the pop-up displays the name of the 4G cellular WAN, ensure that the Interface field is configured to "Cellular". Click Save to complete configuration of the WAN connections for the device. The Configure VLAN pop-up opens.

e.blank.gif Configure the LAN or verify the existing settings and click Save. The Provisioning Site page appears, showing that the WAN connections for the branch device, including the 4G cellular WAN link. The WAN connections of the device appear as solid lines with a check icon on the line, indicating a valid configuration.

 

366174.tif

f.blank.gif Click Apply Changes to apply the configuration to the device. A Provisioning Site Summary page appears. The cellular WAN link appears in the summary.

Notes and Limitations

Greenfield devices

Supported topologies

  • L2 greenfield single router two links
  • L2 greenfield Single router three links
  • L2 greenfield field dual router three links
  • L2 greenfield Dual router dual link
  • L2 greenfield Single router single link

Using cellular link for management interface

To use 4G cellular as a management interface on the IWAN app, ensure that the cellular interface is reachable from the APIC-EM controller.

Brownfield devices

Supported topologies

  • Brownfield L2/L3 Single router single link
  • Brownfield L2/L3 Single router dual link
  • Brownfield L2/L3 Single router 3 link
  • Brownfield L2/L3 Dual router single link
  • Brownfield L2/L3 Dual router three link

Using cellular link for management interface: Supported

To use 4G cellular as a management interface on the IWAN app, ensure that the cellular interface is reachable from the APIC-EM controller.

Hub WAN address connected to cellular cloud must be reachable

The hub WAN address connected to the cellular cloud must be reachable from the cellular branch device before provisioning.

4G-Cellular Support for MPLS Cloud

The IWAN App supports use of 4G-cellular WAN links on a private MPLS cloud.

  • All topologies are supported.
  • Any topology may include one 4G-cellular interface.

Day 0:

Day N:

Limitations

  • The 4G-cellular interface may be used for WAN clouds, not within a LAN.

Updating the WAN Bandwidth of a Provisioned Branch Site

You can change the upload or download WAN bandwidth after a branch site is provisioned ("day N"). Also see Updating the WAN Bandwidth of a Provisioned Hub Site.

note.gif

Noteblank.gif Beginning with the IWAN App 1.5.0 release, a 4G interface can support an MPLS cloud.

Valid bandwidth values depend on the interface type:

  • TenGigabit interface: 0.1 to 10000 Mbps
  • Gigabit interface: 0.1 to 1000 Mbps
  • Cellular interface: 0.1 to 300 Mbps

Use the following procedure to update the bandwidth settings.

Procedure

Step 1blank.gif From the IWAN app home page, click Set up Branch Sites.

Step 2blank.gif Click the Sites tab.

Step 3blank.gif Click the pencil icon (Edit Site) for a spoke (branch) site. The Update Site dialog box opens.

Step 4blank.gif In the Site Topology area, click the pencil icon on a WAN link. The Configure WAN Cloud parameters are displayed in the dialog box.

 

366197.tif

Step 5blank.gif In the Upload or Download fields, enter new bandwidth values.

Step 6blank.gif Click the Update button.

 

Updating the WAN IP Parameters of a Provisioned Branch Site

You can change the WAN IP, mask, or next hop settings for a spoke site even after it has been provisioned ("day N").

Use the following procedure to change the IP settings.

Procedure

Step 1blank.gif From the IWAN app home page, click Set up Branch Sites.

Step 2blank.gif Click the Sites tab.

Step 3blank.gif Click the pencil icon (Edit Site) for a spoke (branch) site. The Update Site dialog box opens.

Step 4blank.gif In the Site Topology area, click the pencil icon on a WAN link.

 

366197.tif

The link settings appear in the dialog box. The available options depend on the type of WAN link.

Step 5blank.gif Edit the IP address in or more of the following fields:

  • CE IP Address: “Customer edge” IP address. This is the WAN IP address of the branch WAN link.
  • CE IP Mask: “Customer edge” IP mask.
  • PE IP Address: “Provider edge” IP. This is the gateway of the next hop for the WAN link.

Step 6blank.gif Click the Update button.

note.gif

Noteblank.gif To discard changes, click the Reset button.

If you enter a value for CE or PE IP address that is not reachable, the operation will succeed, but connectivity between the APIC-EM controller and the site will be lost. If this occurs, restore connectivity. The method for restoring connectivity depends on the specific network. Possible remedies include:

  • If the site specified by the new IP address is not active, activate the site to enable connectivity.
  • If a new IP address was specified in error, restore the previous IP address. This requires configuring the IP address value directly on the device (not through the IWAN app). Once complete, update the IWAN app with the new valid IP using the “Updating the WAN IP Parameters of a Provisioned Branch Site” procedure described in this section.

 

Modifying the QoS Bandwidth Percentages for a Branch Site

You can modify the QoS bandwidth percentages for a branch site after the site is provisioned (Day N).

Procedure

Step 1blank.gif From the IWAN app home page, click Set up Branch Sites. The Sites page opens.

Step 2blank.gif Click the Sites tab.

Step 3blank.gif Click the pencil icon (Edit Site) for a branch site. The Update Site dialog box opens.

Step 4blank.gif In the Site Topology area, click the pencil icon on a WAN link (link between router and cloud).

 

366197.tif

The Configure Link dialog box opens.

Step 5blank.gif In the Configure Link dialog box, click the Edit (pencil) icon next to the Service Provider field. A dialog box opens, showing information for the specific service profile.

Step 6blank.gif Modify the QoS bandwidth percentages as needed.

Step 7blank.gif Click Update. The modified bandwidth percentages are applied to the WAN link.