Embedded Files
NOTE on the branch router config:
Assign LAN interface (where internal devices reside) to the SD-WAN service VRF
Relevant Configuration Steps:
Step 1: Assign LAN interface to the service VRF
Apply Config
CLI Configuration and Verifications
CLI Configuration and Verifications
NOTE: most of the SD-WAN (BGP and VPN) configurations are auto generated by mfusion orchestrator. Do not try to configure SD-WAN features using CLI.
Below are the relevant gateway CLI configs for reference only (other general configs are omitted).
!
interface eth1
description "Default connection to LAN"
enable
ip vrf 4
ip address 192.168.8.1/22
dhcp-server
lease-time 86400 86400
router 192.168.8.1
dns 8.8.8.8 8.8.4.4
range 192.168.8.10 192.168.11.254
enable
!
router bgp 65051 vrf 4
bgp timer 5 15
neighbor 0168_RansNet_SSL3OPENVPN_4 as-peer
neighbor 0168_RansNet_SSL3OPENVPN_4 as-remote 65051
neighbor 0168_RansNet_SSL3OPENVPN_4 next-hop-self
neighbor 0168_RansNet_SSL3OPENVPN_4 soft-reconfiguration
neighbor 0168_RansNet_SSL3OPENVPN_4 weight 0
neighbor 10.4.168.1 as-peer 0168_RansNet_SSL3OPENVPN_4
network 192.168.8.1/22
!
firewall-input 500 permit all tcp dport 179 src 10.0.0.0/8
!
firewall-access 500 permit outbound eth0 remark "Permit out to Internet"
firewall-access 501 permit outbound tap+ remark "Permit SD-WAN traffic"
firewall-access 502 permit inbound tap+ remark "Permit SD-WAN traffic"
!
firewall-snat 500 overload outbound eth0
!
security sslvpn-client 4
tap vrf 4
start
!
Verifications:
Branch# show ip bgp summary
IPv4 Unicast Summary (VRF 4):
BGP router identifier 10.18.18.190, local AS number 65051 vrf-id 18
BGP table version 10
RIB entries 2, using 384 bytes of memory
Peers 1, using 724 KiB of memory
Peer groups 1, using 64 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
10.4.168.1 4 65051 561 557 0 0 0 00:29:17 1 1 N/A
Total number of neighbors 1
Branch# show
Branch# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF 4:
B>* 0.0.0.0/0 [200/0] via 10.4.168.1, tap4, weight 1, 00:29:23
C>* 10.4.168.0/22 is directly connected, tap4, 00:48:27
C>* 192.168.8.0/22 is directly connected, eth1, 00:22:03
VRF default:
K>* 0.0.0.0/0 [0/1002] via 10.18.18.1, eth0, src 10.18.18.190, 23:26:14
C>* 2.1.2.1/32 is directly connected, lo, 23:34:24
K * 10.18.18.0/24 [0/1002] is directly connected, eth0, 23:26:14
C>* 10.18.18.0/24 is directly connected, eth0, 23:26:14
Report abuse