Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add an Enterprise Hub Site for SD-WAN Deployments

 

An enterprise hub is an SD-WAN site that is used to carry site-to-site traffic between on-premise spoke sites and to break out backhaul (central breakout) traffic from on-premise spoke sites.

To add an enterprise hub:

  1. On the Sites page (Resources > Site Management) of the CSO portal, click Add, and select Enterprise Hub.

    The Add enterprise hub for Tenant-Name page appears.

  2. Complete the configuration settings according to the guidelines provided in Table 1.
  3. Click OK.

    When the site is successfully created, the Site Status on the Sites page changes to Provisioned.

If you did not enter serial number while creating the enterprise hub site, you must manually enter the serial number after adding the enterprise hub site, in order to activate the site. See Add Enterprise Hubs with SD-WAN Capability for more information.

Table 1: Enterprise Hub Site Settings

Field

Description

General

Site Name

Enter a unique name for the site. You can use alphanumeric characters and hyphen (-); the maximum length is 32 characters.

Site Capabilities

SD-WAN capability is selected by default. You cannot clear the selection.

WAN

Device Series

Select the device series to which the CPE device belongs—SRX, NFX150, or NFX250.

Device Template

Select a device template for the selected device series.

The device template contains information for configuring a device.

Serial Number

Enter the serial number of the CPE device.

You can also add the enterprise hub site but activate the site later. If you do not enter the serial number of the CPE device when creating the enterprise hub site, you must enter it while activating the site, using the Activate Site link.

See Add Enterprise Hubs with SD-WAN Capability for more information.

Auto Activate

If the selected device template supports auto authorization, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added.

The Activation Code field appears if the selected device template does not support auto authorization or if you disable the Auto Activate option.

In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.

IP Prefix

Enter the IPv4 prefix to be used for the management network. This IP address must be unique across the entire management network.

  • For NFX150 and NFX250 devices, if the USE_SINGLE_SSH_TO_NFX parameter is disabled in the device template, then enter the IP address prefix as /29 or lower based on the number of VNFs.

  • For all other devices, enter the IP address prefix as /32.

WAN Links

WAN_0

This field is enabled by default.

You can configure up to 4 WAN links as required.

Link Type

Select whether the link would be an MPLS link or Internet link.

Note: If the enterprise hub and the SD-WAN branch site are not in the same network, that is if these devices are not directly reachable, select one link as Internet and assign a public IP to the Internet-type link.

Egress Bandwidth

Enter the maximum bandwidth, in Mbps, allowed on the WAN link.

Range: 1 through 10,000.

Address Assignment

Select the method of assigning an IP address to the WAN link—DHCP or STATIC.

If you select STATIC, you must provide the IP address prefix and the gateway address for the WAN link.

Static IP Prefix

If you configured the address assignment method as STATIC, enter the IP address prefix of the WAN link.

Note: If the enterprise hub and the SD-WAN branch site are not in the same network, assign a public IP to the Internet-type link

Gateway IP Address

If you configured the address assignment method as STATIC, enter the IP address of the gateway of the WAN service provider.

Advanced Settings

Use For Fullmesh

Click the toggle button to specify whether the WAN link can be a part of a full mesh topology.

A site can have a maximum of three links enabled for meshing.

Add LAN Segment

Name

Enter a name for the LAN segment.

The name for a LAN segment should be a unique string of alphanumeric characters and some special characters (. -). No spaces are allowed and the maximum length is 15 characters.

Type

Select the type of LAN segment:

  • Directly Connected—Indicates that the LAN segment is directly connected to the site. This is the default.

  • Dynamic Routed—Indicates that the LAN segment is not directly connected to the site and is reachable by using a dynamic route. If you select this option, you must specify the dynamic routing information.

Department

Select a department to which the LAN segment is to be assigned.

Alternatively, click the Create Department link to create a new department and assign the LAN segment to it. See Add a Department for details.

You group LAN segments as departments for ease of management and for applying policies at the department-level. For LAN segments that are dynamically routed, you can assign only a data center department.

Gateway Address/Mask

Enter a valid gateway IP address and mask for the LAN segment; for example, 192.0.2.8/24.

CPE Ports

Select the ports from the Available column and click the right-arrow to move the ports to the Selected column.