Cisco SD-WAN vEdge Onboarding

lagapidis · June 24, 2023, 5:11am

Hello Kenneth

I don’t see this in the lesson itself, so I’m assuming you see this in your own topology? Notice that in the lesson, for vEdge1, the color is assigned to both the ge0/0 and ge0/1 interfaces. This should be the case for vEdge2 as well. When this configuration is applied using the commit command, you should see the correct colors as part of the output of the show sdwan interface command. Here’s an example of that output:

Router# show sdwan interface 

Interface    IP-Address      Color            Gateway
-----------------------------------------------------
GE0/0        10.0.0.1        biz-internet     10.0.0.2
GE0/1        192.0.2.1       mpls             192.0.2.2
Tunnel1      203.0.113.1     biz-internet     -
Tunnel2      203.0.113.2     mpls             -

The show ip route command will actually not display color information.

If you see the “default” color listed somewhere it is likely that the color for that particular interface was not configured correctly, or the configuration was not committed.

Notice in the configuration, there is a static route configured with the following parameters:

ip route 10.1.0.0/24 10.65.91.100

Once your SD-WAN configuration is up and running, you can then add whatever routing you like in order to route appropriate traffic via the biz-internet and the public-internet connections. Remember, the purpose of this particular route is simply to ensure that we have connectivity with the 10.1.0.0/24 subnet which is the subnet on Site 1 where all controllers exist.

If you add the ip route 10.1.0.0/24 10.65.92.100 command, you will create a second static route to the same subnet. In this case, the router will load balance across those two links to get to the Site 1 subnet. This is normal behavior of routing whether used in an SD-WAN environment or not.

Beyond these routing commands, it is necessary to add more routing configurations on the vEdge routers to ensure that the correct traffic is being routed via the correct path, based on the architecture of your particular implementation.

I hope this has been helpful!

Laz

kent2612 · June 25, 2023, 1:37pm

Seems like show sdwan interface is a cEdge router command. But it is not displaying the output? Any idea why?

Below is the output of show ip route on vEdge showing the color (anyway I figured out why the color was not previously display)

lagapidis · June 27, 2023, 5:12am

Hello Kenneth

Indeed it seems that the show sdwan interface is an obscure command that is kind of elusive in Cisco documentation. It happens sometimes. You can find it as a referenced operation command within the Configuration Commands chapter of the Cisco SD-WAN Command Reference document, but when you go to the Operation Commands section, it’s not there… It’s not the first time, nor the last… However, the operational commands have many show commands that you can use to further examine the color configured on the device.

Concerning the show ip route command, thanks for sharing your screenshot and the output which shows the colors. You mention that you’ve resolved the issue of why the color is not appearing previously. Can you share your discovery? Thanks!

I hope this has been helpful!

Laz

kent2612 · June 29, 2023, 4:42am

With reference to the show ip route output, seems like the color mpls appears after adding of default route with next hop of 172.16.20.1.

sumitsinha4u · June 28, 2023, 11:21pm

HI,

In topic - Add vEdge router to vManage.

Could you please help me with below error, while I am doing sameway you stated, I am getting bellow error. I am getting on Vbond and vMange.

vMange1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial number: 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE
-------------------------------------------------------------------------------------------^
syntax error: expecting
  installed-serial-num - Installed Serial number
  org-name             - Organization Name
  staging              - Device is in staging
  subject-serial-num   - Subject Serial number
vMange1#

vBond1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial number: 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE
------------------------------------------------------------------------------------------^
syntax error: expecting
  installed-serial-num - Installed Serial number
  org-name             - Organization Name
  staging              - Device is in staging
  subject-serial-num   - Subject Serial number
vBond1#

lagapidis · June 30, 2023, 7:19am

Hello Sumit

I noticed in your command, you have the following:

vMange1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial number: 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE

The keywords used should not be “serial number:” but should be “serial-num” in the command. This is the correct syntax:

vMange1# request vedge add chassis-num 3936bdd1-62a4-46f3-8436-e6ff9d492c6e serial-num 4B596C371A70DDAEA75A91B0C61A41C6641BBAAE

Take a look at this command reference for more information:

I hope this has been helpful!

Laz

sumitsinha4u · June 30, 2023, 7:57am

Thanks
I fixed it already.

Thanks again for your reply.

Sumit

kent2612 · July 2, 2023, 12:30pm

Please explain how is the command show sdwan interface executed? Also for cEdge how do I configure the color mpls or biz-internet?

ReneMolenaar · July 5, 2023, 11:51am

Hi @kent2612 ,

Off the top of my head, to configure color on a cEdge router you can do this:

sdwan
interface GigabitEthernet0/0/1
tunnel-interface
encapsulation ipsec
color default
allow-service all

As for show sdwan interface. I’m not sure this command is available on all Cisco SD-WAN platforms/versions. I see it in the command reference here:

But I don’t see it in the 17.x overview anymore:

Rene

kent2612 · July 5, 2023, 12:51pm

Hi Rene,

I am able to run the command, but not sure why show run is not showing the configure color?

cEdge-30(config)# sdwan
cEdge-30(config-sdwan)# interface GigabitEthernet1
cEdge-30(config-interface-GigabitEthernet1)# tunnel-interface
cEdge-30(config-tunnel-interface)# encapsulation ipsec
cEdge-30(config-tunnel-interface)# color biz-internet
cEdge-30(config-tunnel-interface)# allow-service all
cEdge-30(config-tunnel-interface)# commit

cEdge-30(config)# sdwan
cEdge-30(config-sdwan)# interface GigabitEthernet2
cEdge-30(config-interface-GigabitEthernet2)# tunnel-interface
cEdge-30(config-tunnel-interface)# encapsulation ipsec
cEdge-30(config-tunnel-interface)# color mpls
cEdge-30(config-tunnel-interface)# allow-service all
cEdge-30(config-tunnel-interface)# commit

lagapidis · July 11, 2023, 4:50am

Hello Kenneth

I see from your configuration in your post that you’ve set the color of Gi1 to biz-internet and the color of Gi2 to mpls. I also see in the output of the show sdwan control connections command, that the colors are appearing under the LOCAL COLOR column. Do you find that the configured colors are not showing up in the output of the show run command for those particular interfaces?

Make sure you’re looking in the right place. The color configuration should appear under the “sdwan” hierarchy in the running config. It should look something like this:

sdwan
 policy
  access-list
  ...
 !
 vpn 0
  interface ge0/0
   ip address 192.0.2.1/24
   tunnel-interface
    encapsulation ipsec
    color biz-internet
    ...

Take a look and let us know what you see in your configuration so we can help you further in your troubleshooting…

I hope this has been helpful!

Laz

kent2612 · July 13, 2023, 8:12am

Please note that the issue is on cEdge and not vEdge. Also the command show sdwan control connections is not supported on vEdge. You will just need to run the commands on cEdge to verify and see the issue.
Also for this command below show sdwan interface which is supported but output is showing errors. Please note that this is again on cEdge.

ReneMolenaar · August 17, 2023, 7:52am

Hi @kent2612 ,

Apologies for the late reply. On a cEdge router, you need to look at show sdwan running-config instead of show running-config:

It’s under the sdwan section of the SD-WAN config:

cEdge5#show sdwan running-config sdwan 
sdwan
 interface GigabitEthernet1
  tunnel-interface
   encapsulation ipsec
   color biz-internet
   allow-service all
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   no allow-service snmp
  exit
 exit
 interface GigabitEthernet2
  tunnel-interface
   encapsulation ipsec
   color public-internet
   allow-service all
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   no allow-service snmp
  exit
 exit

evelasq31 · July 21, 2024, 12:33am

Hello! When configuring multiple vEdges the site-id needs to be different on each for connectivity to build / routing to work. Might be worth mentioning in this article since it appears to work all the way up until building the Service VPNs. Not too hard to figure out, but I imagine other people are getting stuck on that. Not sure if this page or some of the other pages is the right spot.

lagapidis · July 22, 2024, 6:34am

Hello Edgar

Thank you for your valuable input. You’re absolutely correct. When configuring multiple vEdges, each one should have a unique site-id for proper connectivity and routing. This is indeed a critical point that might cause issues if overlooked.

I appreciate your suggestion and will inform @ReneMolenaar to take a look and consider making any necessary changes to the article and other relevant pages. It will certainly help others who are configuring multiple vEdges.

If you have any other suggestions or queries, feel free to share. We always appreciate feedback!

Thanks again!

Laz

sathish84be · November 19, 2024, 10:50pm

Hello Team,

I need to download serial file for vedges for my lab but while adding VEDGE-CLOUD-DNA , my smart account showing error : This is an export restricted product. Your smart account doesn’t have clearance to use this product."

I am getting this error, can someone guide me how to fix this

lagapidis · November 22, 2024, 5:31am

Hello Sathish

Hmm, that’s interesting. Without being an expert in this area of Cisco’s legal restrictions, this seems to be related to the company’s general export compliance. There are several factors that affect these restrictions:

The country you are downloading the software to. If there are legal restrictions concerning what country you are in, this may affect your ability to download the product.
The type of smart account you are using. Some smart accounts may have different restrictions depending on their parameters.
The actual product you’re downloading. Export restrictions are stricter for products that employ strong encryption and other security features.

Check out Cisco’s general export compliance documentation below to see if you fall within any of these restrictions.

If you don’t resolve the issue there, I suggest you contact Cisco support so they can tell you the specific reasons behind the restriction. In any case, let us know how you get along.

I hope this has been helpful!

Laz

sathish84be · November 22, 2024, 6:32am

Thank you @lagapidis for your swift response. I have created a fresh account with a new domain name ( new domain email id) and it was validated by cisco and received the privilege for full access.

Able to add devices and download viptela file…issue fixed

lagapidis · November 25, 2024, 5:17am

Hello Sathish

Perfect, I’m glad that the issue was fixed! Thanks for letting us know! Have a great week!

Laz

matlexco · May 9, 2025, 2:56pm

Hi! Rene, how can I get my vEdges to communicate with two vSmarts which are in two different Data Centers.