06-16-2019 10:30 PM - edited 06-17-2019 12:14 AM
Hi, I have problem with my ISR4351 base on sd-wan ios xe : isr4300-ucmk9.16.11.1a.SPA.bin
I can't create vpn 0. I mean there no command start with vpn 0 or any vpn interface under config-transaction environment. also I think I should enbale hseck9 feature in licensing. "Show license feature" output is here:
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: hseck9
-------------------------------------------
Also have problem with bringing up vedge in vmanage and errors is here:
Event Name : vbond-reject-vedge-connection
reason=ERR_BID_NOT_VERIFIED
is there anyone know how to handle it ?
06-18-2019 04:46 AM - edited 06-18-2019 04:50 AM
It's not about licensing. Your VPN 0 on IOS-XE SDWAN is actually global routing table, so "vpn 0" configuration is not required.
You can find IOS-XE SDWAN configuration guide here: https://www.cisco.com/c/en/us/support/routers/sd-wan/products-installation-and-configuration-guides-list.html
If you configure device via CLI instead of vManage feature template, your basic configuration may look like below:
system system-ip x.y.z.ABC overlay-id 1 site-id ABC control-session-pps 300 no admin-tech-on-failure sp-organization-name "YOUR ORGNAME HERE" organization-name "YOUR SP ORGNAME HERE, for single tenant = org-name" console-baud-rate 9600 vbond <vbond address> port 12346 ! vrf definition Mgmt-intf address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! ip route 0.0.0.0 0.0.0.0 <default-gw ISP1> 1 ip route 0.0.0.0 0.0.0.0 <default-gw ISP2> 1 ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 <default-gw for management network vpn 512 if needed > interface GigabitEthernet0/0/0 no shutdown arp timeout 1200 ip address <ip address ISP1> <mask> ip redirects mtu 1500 ip mtu 1500 exit interface GigabitEthernet0/0/1 no shutdown arp timeout 1200 ip address <ip address ISP2> <mask> no ip redirects mtu 1500 ip mtu 1500 exit interface Vlan1 vrf forwarding Mgmt-intf ip address <ip address management> <mask> exit interface Tunnel0 no shutdown ip unnumbered GigabitEthernet0/0/0 no ip redirects ipv6 unnumbered GigabitEthernet0/0/0 no ipv6 redirects tunnel source GigabitEthernet0/0/0 tunnel mode sdwan exit interface Tunnel1 no shutdown ip unnumbered GigabitEthernet0/0/1 no ip redirects ipv6 unnumbered GigabitEthernet0/0/1 no ipv6 redirects tunnel source GigabitEthernet0/0/1 tunnel mode sdwan ! sdwan interface GigabitEthernet0/0/0 tunnel-interface encapsulation ipsec weight 1 color mpls no last-resort-circuit vmanage-connection-preference 5 no allow-service all no allow-service bgp allow-service dhcp allow-service dns allow-service icmp no allow-service sshd no allow-service netconf no allow-service ntp no allow-service ospf no allow-service stun exit ! exit interface GigabitEthernet0/0/1 tunnel-interface encapsulation ipsec weight 1 color biz-internet no last-resort-circuit vmanage-connection-preference 5 no allow-service all no allow-service bgp allow-service dhcp allow-service dns allow-service icmp no allow-service sshd no allow-service netconf no allow-service ntp no allow-service ospf no allow-service stun exit exit
For ISR4xxx/ASR1000 don't forget to replace "Vlan1" with "GigabitEthernet0":
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide