Service LAN VPN Ethernet Interface Feature

Configure LAN VPN Ethernet interface feature.

Diagram

Classes

lan_vpns (sdwan.feature_profiles.service_profiles)

Name	Type	Constraint	Mandatory	Default Value
ethernet_interfaces	List	`[ethernet_interfaces]`	No

ethernet_interfaces (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[^&<>! "]{1,128}$`	Yes
description	String		No
arp_entries	List	`[arp_entries]`	No
arp_timeout	Integer	min: `0`, max: `2147483`	No
arp_timeout_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
autonegotiate	Boolean	`true`, `false`	No
autonegotiate_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
dhcp_server	String	Regex: `^[^&<>! "]{1,128}$`	No
duplex	Choice	`full`, `half`, `auto`	No
duplex_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
icmp_redirect_disable	Boolean	`true`, `false`	No
icmp_redirect_disable_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_description	String	max: `200`	No
interface_description_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_mtu	Integer	min: `1500`, max: `9216`	No
interface_mtu_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_name	String	Regex: (ATM\|ATM-ACR\|AppGigabitEthernet\|AppNav-Compress\|AppNav-UnCompress\|Async\|BD-VIF\|BDI\|CEM\|CEM-ACR\|Cellular\|Dialer\|Embedded-Service-Engine\|Ethernet\|Ethernet-Internal\|FastEthernet\|FiftyGigabitEthernet\|FiveGigabitEthernet\|FortyGigabitEthernet\|FourHundredGigE\|GMPLS\|GigabitEthernet\|Group-Async\|HundredGigE\|L2LISP\|LISP\|Loopback\|MFR\|Multilink\|Port-channel\|SM\|Serial\|Service-Engine\|TenGigabitEthernet\|Tunnel\|TwentyFiveGigE\|TwentyFiveGigabitEthernet\|TwoGigabitEthernet\|TwoHundredGigE\|Vif\|Virtual-PPP\|Virtual-Template\|VirtualPortGroup\|Vlan\|Wlan-GigabitEthernet\|nat64\|nat66\|ntp\|nve\|ospfv3\|overlay\|pseudowire\|ucse\|vasileft\|vasiright\|vmi)([0-9](. ?[1-9][0-9])*\|[0-9/]+\|[0-9]+/[0-9]+/[0-9]+:[0-9]+\|[0-9]+/[0-9]+/[0-9]+\|[0-9]+/[0-9]+\|[0-9]+)	No
interface_name_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ip_directed_broadcast	Boolean	`true`, `false`	No
ip_directed_broadcast_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ip_mtu	Integer	min: `576`, max: `9216`	No
ip_mtu_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_address	IP		No
ipv4_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_configuration_type	Choice	`dynamic`, `static`	No	`static`
ipv4_dhcp_distance	Integer	min: `1`, max: `255`	No
ipv4_dhcp_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_dhcp_helpers	List	IP	No
ipv4_dhcp_helpers_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_egress_acl	String		No
ipv4_ingress_acl	String		No
ipv4_secondary_addresses	List	`[ipv4_secondary_addresses]`	No
ipv4_subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
ipv4_subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_tracker	String	Regex: `^[^&<>! "]{1,128}$`	No
ipv4_tracker_group	String	Regex: `^[^&<>! "]{1,128}$`	No
ipv4_vrrp_groups	List	`[ipv4_vrrp_groups]`	No
ipv6_configuration_type	Choice	`dynamic`, `static`, `none`	No	`none`
ipv6_address	IP		No
ipv6_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_dhcp_helpers	List	`[ipv6_dhcp_helpers]`	No
ipv6_dhcp_secondary_addresses	List	`[ipv6_dhcp_secondary_addresses]`	No
ipv6_secondary_addresses	List	`[ipv6_secondary_addresses]`	No
ipv6_vrrp_groups	List	`[ipv6_vrrp_groups]`	No
load_interval	Integer	min: `30`, max: `600`	No
load_interval_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
mac_address	String	Regex: `^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$`	No
mac_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
media_type	Choice	`auto-select`, `rj45`, `sfp`	No
media_type_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
shutdown	Boolean	`true`, `false`	No
shutdown_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
speed	Choice	`10`, `100`, `1000`, `2500`, `10000`	No
speed_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
shaping_rate	Integer	min: `8`, max: `100000000`	No
shaping_rate_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tcp_mss	Integer	min: `500`, max: `1460`	No
tcp_mss_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
trustsec_enable_enforced_propogation	Boolean	`true`, `false`	No
trustsec_enable_sgt_propogation	Boolean	`true`, `false`	No
trustsec_sgt	Integer	min: `2`, max: `65519`	No
trustsec_sgt_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
trustsec_propogate	Boolean	`true`, `false`	No
trustsec_enforced_sgt	Integer	min: `2`, max: `65519`	No
trustsec_enforced_sgt_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
xconnect	String		No
xconnect_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

arp_entries (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
ip_address	IP		No
ip_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
mac_address	String	Regex: `^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$`	No
mac_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_vrrp_groups (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
id	Integer	min: `1`, max: `255`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
priority	Integer	min: `1`, max: `254`	No
priority_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
secondary_addresses	List	`[secondary_addresses]`	No
timer	Integer	min: `100`, max: `40950`	No
timer_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tloc_preference_change	Boolean	`true`, `false`	No
tloc_preference_change_value	Integer	min: `100`, max: `4294967295`	No
track_omp	Boolean	`true`, `false`	No
tracking_objects	List	`[tracking_objects]`	No

ipv6_dhcp_helpers (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
vpn_id	Integer	min: `1`, max: `65536`	No
vpn_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_dhcp_secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory	Default Value
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory	Default Value
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_vrrp_groups (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
id	Integer	min: `1`, max: `255`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
global_prefix	IP		No
global_prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
link_local_address	IP		No
link_local_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
priority	Integer	min: `1`, max: `254`	No
priority_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
timer	Integer	min: `100`, max: `40950`	No
timer_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
track_omp	Boolean	`true`, `false`	No

secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces.ipv4_vrrp_groups)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

tracking_objects (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces.ipv4_vrrp_groups)

Name	Type	Constraint	Mandatory
action	Choice	`decrement`, `shutdown`	No
action_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
decrement_value	Integer	min: `1`, max: `255`	No
decrement_value_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker_object	String	Regex: `^[^&<>! "]{1,128}$`	No
tracker_object_group	String	Regex: `^[^&<>! "]{1,128}$`	No

Examples

Example-1: The example below demonstrates how to configure a service ethernet interface feature under LAN VPN feature within a service profile with static IPv4 and IPv6 address settings. The interface is configured with VRRP high availability for both IPv4 and IPv6 address families, including tracking object for failover scenarios.

sdwan:
  feature_profiles:
    service_profiles:
      - name: branch-lan-vpn20
        description: Branch LAN VPN 20 with High Availability
        lan_vpns:
          - name: branch-lan-vpn20
            description: Branch LAN VPN for internal users with VRRP redundancy
            vpn_id: 20
            vpn_name: vpn20-lan
            ethernet_interfaces:
              - name: lan_int_static
                interface_name: GigabitEthernet0/0/1
                interface_description: "Branch LAN Interface with VRRP HA"
                shutdown: false
                ipv4_configuration_type: static
                ipv4_address: 192.168.20.2
                ipv4_subnet_mask: 255.255.255.0
                ipv4_vrrp_groups:
                  - id: 1
                    address: 192.168.20.1
                    priority: 110
                    timer: 1000
                    tracking_objects:
                      - tracker_object: tracker_obj1
                        action: decrement
                        decrement_value: 50
                ipv6_configuration_type: static
                ipv6_address: 2001:db8:20::2/64
                ipv6_vrrp_groups:
                  - id: 1
                    link_local_address: fe80::1
                    global_prefix: 2001:db8:20::1/64
                    priority: 110
                    timer: 1000

Example-2: The example below demonstrates how to configure a LAN VPN ethernet interface feature within a service profile with dynamic IPv4 and IPv6 address settings.

sdwan:
  feature_profiles:
    service_profiles:
      - name: branch-lan-vpn30
        description: Branch LAN VPN 30
        lan_vpns:
          - name: branch-lan-vpn30
            vpn_id: 30
            vpn_name: vpn30-lan
            ethernet_interfaces:
              - name: lan_int_dynamic
                interface_name: GigabitEthernet0/0/2
                interface_description: "DHCP Client Interface"
                ipv4_configuration_type: dynamic
                ipv4_dhcp_distance: 1
                ipv6_configuration_type: dynamic