Cisco SD-WAN vEdge Onboarding

Lessons Discussion
64

Hello Kenneth

I don’t see this in the lesson itself, so I’m assuming you see this in your own topology? Notice that in the lesson, for vEdge1, the color is assigned to both the ge0/0 and ge0/1 interfaces. This should be the case for vEdge2 as well. When this configuration is applied using the commit command, you should see the correct colors as part of the output of the show sdwan interface command. Here’s an example of that output:

Router# show sdwan interface 

Interface    IP-Address      Color            Gateway
-----------------------------------------------------
GE0/0        10.0.0.1        biz-internet     10.0.0.2
GE0/1        192.0.2.1       mpls             192.0.2.2
Tunnel1      203.0.113.1     biz-internet     -
Tunnel2      203.0.113.2     mpls             -

The show ip route command will actually not display color information.

If you see the “default” color listed somewhere it is likely that the color for that particular interface was not configured correctly, or the configuration was not committed.

Notice in the configuration, there is a static route configured with the following parameters:

ip route 10.1.0.0/24 10.65.91.100

Once your SD-WAN configuration is up and running, you can then add whatever routing you like in order to route appropriate traffic via the biz-internet and the public-internet connections. Remember, the purpose of this particular route is simply to ensure that we have connectivity with the 10.1.0.0/24 subnet which is the subnet on Site 1 where all controllers exist.

If you add the ip route 10.1.0.0/24 10.65.92.100 command, you will create a second static route to the same subnet. In this case, the router will load balance across those two links to get to the Site 1 subnet. This is normal behavior of routing whether used in an SD-WAN environment or not.

Beyond these routing commands, it is necessary to add more routing configurations on the vEdge routers to ensure that the correct traffic is being routed via the correct path, based on the architecture of your particular implementation.

I hope this has been helpful!

Laz

65

Seems like show sdwan interface is a cEdge router command. But it is not displaying the output? Any idea why?
image

image

Below is the output of show ip route on vEdge showing the color (anyway I figured out why the color was not previously display)

image
image802×618 122 KB

66

Hello Kenneth

Indeed it seems that the show sdwan interface is an obscure command that is kind of elusive in Cisco documentation. It happens sometimes. You can find it as a referenced operation command within the Configuration Commands chapter of the Cisco SD-WAN Command Reference document, but when you go to the Operation Commands section, it’s not there… :crazy_face: It’s not the first time, nor the last… However, the operational commands have many show commands that you can use to further examine the color configured on the device.

Concerning the show ip route command, thanks for sharing your screenshot and the output which shows the colors. You mention that you’ve resolved the issue of why the color is not appearing previously. Can you share your discovery? Thanks!

I hope this has been helpful!

Laz

67

With reference to the show ip route output, seems like the color mpls appears after adding of default route with next hop of 172.16.20.1.

1 Like
68

HI,

In topic - Add vEdge router to vManage.

Could you please help me with below error, while I am doing sameway you stated, I am getting bellow error. I am getting on Vbond and vMange.

vMange1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial number: 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE
-------------------------------------------------------------------------------------------^
syntax error: expecting
  installed-serial-num - Installed Serial number
  org-name             - Organization Name
  staging              - Device is in staging
  subject-serial-num   - Subject Serial number
vMange1#

vBond1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial number: 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE
------------------------------------------------------------------------------------------^
syntax error: expecting
  installed-serial-num - Installed Serial number
  org-name             - Organization Name
  staging              - Device is in staging
  subject-serial-num   - Subject Serial number
vBond1#
69

Hello Sumit

I noticed in your command, you have the following:

vMange1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial number: 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE

The keywords used should not be “serial number:” but should be “serial-num” in the command. This is the correct syntax:

vMange1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial-num 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE

Take a look at this command reference for more information:

I hope this has been helpful!

Laz

70

Thanks :slight_smile:
I fixed it already.

Thanks again for your reply.

Sumit

71

Please explain how is the command show sdwan interface executed? Also for cEdge how do I configure the color mpls or biz-internet?
image

72

Hi @kent2612 ,

Off the top of my head, to configure color on a cEdge router you can do this:

sdwan
interface GigabitEthernet0/0/1
tunnel-interface
encapsulation ipsec
color default
allow-service all

As for show sdwan interface. I’m not sure this command is available on all Cisco SD-WAN platforms/versions. I see it in the command reference here:

But I don’t see it in the 17.x overview anymore:

Rene

73

Hi Rene,

I am able to run the command, but not sure why show run is not showing the configure color?

cEdge-30(config)# sdwan
cEdge-30(config-sdwan)# interface GigabitEthernet1
cEdge-30(config-interface-GigabitEthernet1)# tunnel-interface
cEdge-30(config-tunnel-interface)# encapsulation ipsec
cEdge-30(config-tunnel-interface)# color biz-internet
cEdge-30(config-tunnel-interface)# allow-service all
cEdge-30(config-tunnel-interface)# commit

cEdge-30(config)# sdwan
cEdge-30(config-sdwan)# interface GigabitEthernet2
cEdge-30(config-interface-GigabitEthernet2)# tunnel-interface
cEdge-30(config-tunnel-interface)# encapsulation ipsec
cEdge-30(config-tunnel-interface)# color mpls
cEdge-30(config-tunnel-interface)# allow-service all
cEdge-30(config-tunnel-interface)# commit

image
image1330×162 5.72 KB

74

Hello Kenneth

I see from your configuration in your post that you’ve set the color of Gi1 to biz-internet and the color of Gi2 to mpls. I also see in the output of the show sdwan control connections command, that the colors are appearing under the LOCAL COLOR column. Do you find that the configured colors are not showing up in the output of the show run command for those particular interfaces?

Make sure you’re looking in the right place. The color configuration should appear under the “sdwan” hierarchy in the running config. It should look something like this:

sdwan
 policy
  access-list
  ...
 !
 vpn 0
  interface ge0/0
   ip address 192.0.2.1/24
   tunnel-interface
    encapsulation ipsec
    color biz-internet
    ...

Take a look and let us know what you see in your configuration so we can help you further in your troubleshooting…

I hope this has been helpful!

Laz

75

Please note that the issue is on cEdge and not vEdge. Also the command show sdwan control connections is not supported on vEdge. You will just need to run the commands on cEdge to verify and see the issue.
Also for this command below show sdwan interface which is supported but output is showing errors. Please note that this is again on cEdge.
image

76

Hi @kent2612 ,

Apologies for the late reply. On a cEdge router, you need to look at show sdwan running-config instead of show running-config:

It’s under the sdwan section of the SD-WAN config:

cEdge5#show sdwan running-config sdwan 
sdwan
 interface GigabitEthernet1
  tunnel-interface
   encapsulation ipsec
   color biz-internet
   allow-service all
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   no allow-service snmp
  exit
 exit
 interface GigabitEthernet2
  tunnel-interface
   encapsulation ipsec
   color public-internet
   allow-service all
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   no allow-service snmp
  exit
 exit