You can specify the underlay configuration of a hub device or site by using the Configure Site feature on the Site Management page.
You can also configure an SD-WAN on-premise spoke site using dual CPE devices. The workflow to configure a site with dual CPE devices is similar to single CPE device. You need at least one WAN link per CPE to act as a OAM_AND_DATA for redundancy, so that the individual nodes establish connectivity with CSO.
You must provide the serial number and the activation code for both the primary and the secondary devices.
To configure a site:
The Configure Site Site Name page is displayed.
Table 168: Fields on the Configure On-Premise Hub Site Page
Field | Description |
|---|---|
Site Type | Displays the site type as hub. |
Management Region | Displays the regional server with which the CPE device communicates based on the information in the device template. This field cannot be modified. |
Selected Plan | Displays the connection plan that you selected when you created the site. This field cannot be modified. |
Hub Multihoming | Displays whether multihoming was enabled or disabled on the site during the creation of the site. This field cannot be modified. |
Configuration Based on the site requirements, the following fields are displayed. | |
| Connectivity | |
Primary Hub Site | Select the primary hub site to which the spoke site must connect. |
Secondary Hub Site | Select the secondary hub site to which the spoke site must connect. In case of multihoming, a single spoke site can connect to more than one hub site. |
Management Connectivity | |
OAM Traffic Information | Enable Operation, Administration, and Maintenance (OAM) traffic information to specify the IP prefix for the site management network. |
IP Prefix | Enter an IP address prefix for the cloud hub site’s management network. You can specify an IPv4 or IPv6 address. Example: 192.0.2.10/24 |
WAN_0, WAN_1, WAN_2, WAN_3 | |
WAN Interface | Displays the interface name configured in the device profile. This field cannot be modified. |
Link Type | Displays the link type (MPLS or Internet) configured in the device profile. This field cannot be modified. |
Use for Fullmesh | Click the toggle button to specify that the WAN link is part of fullmesh or partial-mesh topology. |
Connects To Hubs | Click the toggle button to specify that the WAN link of the spoke site connects to a hub. |
Address Assignment | Select the method of IP address assignment. Select DHCP to assign IP addresses by using a DHCP sever or Static to assign a static IP address. |
Traffic Type | Select the traffic type. You specify whether you want to use the WAN link to transmit only data traffic(DATA_ONLY) or both management traffic and data traffic (OAM_AND_DATA). You must select the traffic type as OAM_and_DATA when you configure a site with dual CPE devices. You need atleast one WAN link per CPE device to act as a OAM_AND_DATA for redundancy. |
Data VLAN ID | Enter the VLAN ID that is associated with the data link. A data VLAN identifier is an integer in the range 0–4095. |
Local Breakout | Displays whether local breakout was enabled on the WAN link during creation of the site. This field cannot be modified. If the WAN link is selected to be used for only local breakout traffic, then the Overlay Tunnel section is not displayed. |
Autocreate Source NAT Rule | Select this option to enable interface-based source NAT on the WAN link. Note: If this option is enabled for a WAN interface W1 during the site creation workflow, a series of NAT source rules are automatically created. Each automatically created NAT rule is from a zone to the WAN interface, with a translation of type interface. Each pair of [zone - interface] represents a rule-set. For example, the following zone to W1 interface rule-set might be created: Zone1 --> W1: Translation=Interface Zone2 --> W1: Translation=Interface Zone3 --> W1: Translation=Interface To manually override any of these rules, you can create a NAT rule within a particular rule-set. For example, to use a source NAT pool instead of an interface for translation, create a NAT rule within this particular rule-set, that includes the relevant zone and WAN interface as the source and destination. For example: Zone1 --> W1 : Translation=Pool-2 The manually created NAT rule is placed at a higher priority than the corresponding automatically created NAT rule. You can also add other fields (such as addresses, ports, protocols, and so on) as part of the source or destination endpoints. For example: Zone1, Port 56578 --> W1: Translation=Pool-2 |
Overlay Tunnel | |
Tunnel Type | Select the tunnel type—GRE or GRE over IPsec. |
Peer Device | Displays the hub device to which the site is connected. |
Interface Name | Select the interface name of the hub device to which the MPLS or Internet link is connected. |
| Advanced Configuration | |
Name Servers | Specify the IP addresses of one or more DNS name servers. Example: 192.0.2.15 |
NTP Servers | Specify the FQDNs or IP addresses of one or more NTP servers. Example: ntp.example.net |
Time Zone | Specify the time zone for your NTP Server. Example: UTC |
| Devices | |
Assign CPE Devices | |
Device Redundancy | Displays whether CPE device redundancy is enabled or disabled for an SD-WAN on-premise spoke site. |
Primary Device Serial Number | Enter the serial number of the primary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive. |
Primary Device Activation Code | Enter the activation code of the primary device that your service provider supplied for the device. Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes. |
Secondary Device Serial Number | Enter the serial number of the secondary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive. |
Secondary Device Activation Code | Enter the activation code of the secondary device that your service provider supplied for the device. Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes. |
Boot Image | (Optional) If you want to upgrade the device image for an SRX Series or an NFX Series device, select the boot image from the list. The boot image is the device image that was previously uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process. If the boot image is not provided, then the device skips the automatic upgrade procedure. The boot image (NFX or SRX) is populated based on the connection profile that you have selected while creating a site. See Uploading a Device Image. |
Table 169: Fields on the Configure On-Premise Spoke Site Page
Field | Description |
|---|---|
Site Type | Displays the site type. |
Management Region | Displays the regional server with which the CPE device communicates based on the information in the device template. This field cannot be modified. |
Selected Plan | Displays the connection plan that you selected when you created the site. This field cannot be modified. |
Device Model | Select a device model from the list. Device models are listed based on the connection plan that you selected while creating the site. For example, if the connection plan that you selected is NFX150 as SD-WAN CPE, the Device Model field lists NFX150 models only. |
Hub Multihoming | Displays whether multihoming was enabled or disabled on the site during the creation of the site. This field cannot be modified. |
Configuration Based on the site requirements, the following fields are displayed. | |
| Connectivity | |
Primary Hub Site | Select the primary hub site to which the spoke site must connect. |
Secondary Hub Site | Select the secondary hub site to which the spoke site must connect. In case of multihoming, a single spoke site can connect to more than one hub site. |
PPPoE Settings | |
Username | Specify the username for the CPE device. |
Password | Specify the password for the CPE device. |
Management Connectivity | |
OAM Traffic Information | Enable Operation, Administration, and Maintenance (OAM) traffic information to specify the IP prefix for the site management network. |
IP Prefix | Specify one or more prefixes for the site management network. Example: 192.0.2.16/24 |
WAN_0, WAN_1, WAN_2, WAN_3 | |
WAN Interface | Displays the interface name configured in the device profile. This field cannot be modified. |
Link Type | Displays the link type (MPLS or Internet) configured in the device profile. This field cannot be modified. |
Use for Fullmesh | Click the toggle button to specify that the WAN link is part of fullmesh or partial-mesh topology. |
Connects To Hubs | Click the toggle button to specify that the WAN link of the spoke site connects to a hub. |
Address Assignment | Select the method of IP address assignment. Select DHCP to assign IP addresses by using a DHCP sever or Static to assign a static IP address. |
Traffic Type | Select the traffic type. You specify whether you want to use the WAN link to transmit only data traffic(DATA_ONLY) or both management traffic and data traffic (OAM_AND_DATA). You must select the traffic type as OAM_and_DATA when you configure a site with dual CPE devices. You need atleast one WAN link per CPE device to act as a OAM_AND_DATA for redundancy. |
Use for OAM Traffic | Click the toggle button to enable the WAN interface for transmitting OAM traffic. This WAN interface is used to establish the OAM tunnel. By default, this option is enabled for the first two WAN links. |
Data VLAN ID | VLAN ID associated with the WAN link. |
Local Breakout | Displays whether local breakout was enabled on the WAN link during creation of the site. This field cannot be modified. If the WAN link is selected to be used for only local breakout traffic, then the Overlay Tunnel section is not displayed. |
Autocreate Source NAT Rule | Select this option to enable interface-based source NAT on the WAN link. Note: If this option is enabled for a WAN interface W1 during the site creation workflow, a series of NAT source rules are automatically created. Each automatically created NAT rule is from a zone to the WAN interface, with a translation of type interface. Each pair of [zone - interface] represents a rule-set. For example, the following zone to W1 interface rule-set might be created: Zone1 --> W1: Translation=Interface Zone2 --> W1: Translation=Interface Zone3 --> W1: Translation=Interface To manually override any of these rules, you can create a NAT rule within a particular rule-set. For example, to use a source NAT pool instead of an interface for translation, create a NAT rule within this particular rule-set, that includes the relevant zone and WAN interface as the source and destination. For example: Zone1 --> W1 : Translation=Pool-2 The manually created NAT rule is placed at a higher priority than the corresponding automatically created NAT rule. You can also add other fields (such as addresses, ports, protocols, and so on) as part of the source or destination endpoints. For example: Zone1, Port 56578 --> W1: Translation=Pool-2 |
Overlay Tunnel | |
Tunnel Type | Select the tunnel type—GRE or GRE over IPsec. |
Peer Device | Displays the hub device to which the site is connected. |
Interface Name | Select the interface name of the hub device to which the MPLS or Internet link is connected. |
| Advanced Configuration | |
Name Servers | Specify the IP addresses of one or more DNS name servers. Example: 192.0.2.15 |
NTP Servers | Specify the FQDNs or IP addresses of one or more NTP servers. Example: ntp.example.net |
Time Zone | Specify the time zone for your NTP Server. Example: UTC |
| Devices | |
Assign CPE Devices | |
Device Redundancy | Displays whether CPE device redundancy is enabled or disabled for an SD-WAN on-premise spoke site. |
Primary Device Serial Number | Enter the serial number of the primary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive. |
Primary Device Activation Code | Enter the activation code of the primary device that your service provider supplied for the device. Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes. |
Secondary Device Serial Number | Enter the serial number of the secondary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive. |
Secondary Device Activation Code | Enter the activation code of the secondary device that your service provider supplied for the device. Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes. |
Boot Image | (Optional) Select the boot image from the drop-down list. The boot image is the device image that was previously uploaded to the image management system through the “Images” page. The boot image is used to upgrade the device when the CSO starts the ZTP process. If the boot image is not provided, then the device skips the automatic upgrade procedure. See Uploading a Device Image. |