Transport Management VPN Feature
Configure out of band management VPN (VPN 512) and its' settings.
Diagram
Classes
transport_profiles (sdwan.feature_profiles)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| management_vpn | Class | [management_vpn] | No |
management_vpn (sdwan.feature_profiles.transport_profiles)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^&<>! "]{1,128}$ | No | management_vpn |
| description | String | No | ||
| ethernet_interfaces | List | [ethernet_interfaces] | No | |
| host_mappings | List | [host_mappings] | No | |
| ipv4_primary_dns_address | IP | No | ||
| ipv4_primary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv4_secondary_dns_address | IP | No | ||
| ipv4_secondary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv4_static_routes | List | [ipv4_static_routes] | No | |
| ipv6_primary_dns_address | IP | No | ||
| ipv6_primary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv6_secondary_dns_address | IP | No | ||
| ipv6_secondary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv6_static_routes | List | [ipv6_static_routes] | No | |
| vpn_description | String | min: 0, max: 244 | No | |
| vpn_description_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ethernet_interfaces (sdwan.feature_profiles.transport_profiles.management_vpn)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^&<>! "]{1,128}$ | Yes | |
| description | String | No | ||
| arp_entries | List | [arp_entries] | No | |
| arp_timeout | Integer | min: 0, max: 2147483 | No | |
| arp_timeout_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| auto_detect_bandwidth | Boolean | true, false | No | |
| auto_detect_bandwidth_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| autonegotiate | Boolean | true, false | No | |
| autonegotiate_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| duplex | Choice | full, half, auto | No | |
| duplex_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| icmp_redirect_disable | Boolean | true, false | No | |
| icmp_redirect_disable_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| interface_description | String | max: 200 | No | |
| interface_description_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| interface_mtu | Integer | min: 1500, max: 9216 | No | |
| interface_mtu_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| interface_name | String | Regex: (ATM|ATM-ACR|AppGigabitEthernet|AppNav-Compress|AppNav-UnCompress|Async|BD-VIF|BDI|CEM|CEM-ACR|Cellular|Dialer|Embedded-Service-Engine|Ethernet|Ethernet-Internal|FastEthernet|FiftyGigabitEthernet|FiveGigabitEthernet|FortyGigabitEthernet|FourHundredGigE|GMPLS|GigabitEthernet|Group-Async|HundredGigE|L2LISP|LISP|Loopback|MFR|Multilink|Port-channel|SM|Serial|Service-Engine|TenGigabitEthernet|Tunnel|TwentyFiveGigE|TwentyFiveGigabitEthernet|TwoGigabitEthernet|TwoHundredGigE|Vif|Virtual-PPP|Virtual-Template|VirtualPortGroup|Vlan|Wlan-GigabitEthernet|nat64|nat66|ntp|nve|ospfv3|overlay|pseudowire|ucse|vasileft|vasiright|vmi)([0-9]*(. ?[1-9][0-9]*)*|[0-9/]+|[0-9]+/[0-9]+/[0-9]+:[0-9]+|[0-9]+/[0-9]+/[0-9]+|[0-9]+/[0-9]+|[0-9]+) | No | |
| interface_name_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ip_directed_broadcast | Boolean | true, false | No | |
| ip_directed_broadcast_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ip_mtu | Integer | min: 576, max: 9216 | No | |
| ip_mtu_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| iperf_server | String | No | ||
| iperf_server_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv4_address | IP | No | ||
| ipv4_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv4_configuration_type | Choice | dynamic, static | No | static |
| ipv4_dhcp_distance | Integer | min: 1, max: 255 | No | |
| ipv4_dhcp_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv4_dhcp_helpers | List | IP | No | |
| ipv4_dhcp_helpers_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ipv4_secondary_addresses | List | [ipv4_secondary_addresses] | No | |
| ipv4_subnet_mask | Choice | 255.255.255.255, 255.255.255.254, 255.255.255.252, 255.255.255.248, 255.255.255.240, 255.255.255.224, 255.255.255.192, 255.255.255.128, 255.255.255.0, 255.255.254.0, 255.255.252.0, 255.255.248.0, 255.255.240.0, 255.255.224.0, 255.255.192.0, 255.255.128.0, 255.255.0.0, 255.254.0.0, 255.252.0.0, 255.240.0.0, 255.224.0.0, 255.192.0.0, 255.128.0.0, 255.0.0.0, 254.0.0.0, 252.0.0.0, 248.0.0.0, 240.0.0.0, 224.0.0.0, 192.0.0.0, 128.0.0.0, 0.0.0.0 | No | |
| ipv4_subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ipv6_configuration_type | Choice | dynamic, static, none | No | none |
| ipv6_address | IP | No | ||
| ipv6_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| load_interval | Integer | min: 30, max: 600 | No | |
| load_interval_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| mac_address | String | Regex: ^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$ | No | |
| mac_address_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| media_type | Choice | auto-select, rj45, sfp | No | |
| media_type_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| shutdown | Boolean | true, false | No | |
| shutdown_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| speed | Choice | 10, 100, 1000, 2500, 10000 | No | |
| speed_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| tcp_mss | Integer | min: 500, max: 1460 | No | |
| tcp_mss_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
host_mappings (sdwan.feature_profiles.transport_profiles.management_vpn)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hostname | String | min: 1, max: 32 | No | |
| hostname_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| ips | List | IP | No | |
| ips_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv4_static_routes (sdwan.feature_profiles.transport_profiles.management_vpn)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| administrative_distance | Integer | min: 1, max: 255 | No | |
| administrative_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| gateway | Choice | nextHop, dhcp, null0 | No | nextHop |
| network_address | IP | No | ||
| network_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| next_hops | List | [next_hops] | No | |
| subnet_mask | Choice | 255.255.255.255, 255.255.255.254, 255.255.255.252, 255.255.255.248, 255.255.255.240, 255.255.255.224, 255.255.255.192, 255.255.255.128, 255.255.255.0, 255.255.254.0, 255.255.252.0, 255.255.248.0, 255.255.240.0, 255.255.224.0, 255.255.192.0, 255.255.128.0, 255.255.0.0, 255.254.0.0, 255.252.0.0, 255.240.0.0, 255.224.0.0, 255.192.0.0, 255.128.0.0, 255.0.0.0, 254.0.0.0, 252.0.0.0, 248.0.0.0, 240.0.0.0, 224.0.0.0, 192.0.0.0, 128.0.0.0, 0.0.0.0 | No | |
| subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv6_static_routes (sdwan.feature_profiles.transport_profiles.management_vpn)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| gateway | Choice | nextHop, nat, null0 | No | nextHop |
| nat | Choice | NAT64, NAT66 | No | |
| next_hops | List | [next_hops] | No | |
| prefix | String | Regex: ((^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*(\/)(\b([0-9]{1,2}|1[01][0-9]|12[0-8])\b)$)) | No | |
| prefix_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
arp_entries (sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip_address | IP | No | ||
| ip_address_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| mac_address | String | Regex: ^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$ | No | |
| mac_address_variable | String | Regex: ^[^"~$&+,]255$` | No |
ipv4_secondary_addresses (sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| address | IP | No | ||
| address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| subnet_mask | Choice | 255.255.255.255, 255.255.255.254, 255.255.255.252, 255.255.255.248, 255.255.255.240, 255.255.255.224, 255.255.255.192, 255.255.255.128, 255.255.255.0, 255.255.254.0, 255.255.252.0, 255.255.248.0, 255.255.240.0, 255.255.224.0, 255.255.192.0, 255.255.128.0, 255.255.0.0, 255.254.0.0, 255.252.0.0, 255.240.0.0, 255.224.0.0, 255.192.0.0, 255.128.0.0, 255.0.0.0, 254.0.0.0, 252.0.0.0, 248.0.0.0, 240.0.0.0, 224.0.0.0, 192.0.0.0, 128.0.0.0, 0.0.0.0 | No | |
| subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
next_hops (sdwan.feature_profiles.transport_profiles.management_vpn.ipv4_static_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| address | IP | No | ||
| address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| administrative_distance | Integer | min: 1, max: 255 | No | |
| administrative_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
next_hops (sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| address | IP | No | ||
| address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
| administrative_distance | Integer | min: 1, max: 255 | No | |
| administrative_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
Examples
Example-1: The example below demonstrates how to configure the management_vpn feature within a transport profile. It sets DNS addresses as global values, meaning they will be the same for all devices attached to a configuration group that contains this profile. Additionally, it includes one IPv4 static default route, where the next hop is defined as a variable. The value for this variable will be provided when a device is attached to a configuration group that contains this profile.
sdwan:
feature_profiles:
transport_profiles:
- name: transport1
management_vpn:
name: management_vpn
ipv4_primary_dns_address: 1.1.1.1
ipv4_secondary_dns_address: 1.0.0.1
ipv4_static_routes:
- network_address: 0.0.0.0
subnet_mask: 0.0.0.0
next_hops:
- address_variable: vpn512_default_gateway