Transport Management VPN Feature

Version:

Configure out of band management VPN (VPN 512) and its’ settings.

Diagram

Classes

transport_profiles (sdwan.feature_profiles)

Name	Type	Constraint	Mandatory	Default Value
management_vpn	Class	`[management_vpn]`	No

management_vpn (sdwan.feature_profiles.transport_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[^&<>! "]{1,128}$`	No	`management_vpn`
description	String		No
ethernet_interfaces	List	`[ethernet_interfaces]`	No
host_mappings	List	`[host_mappings]`	No
ipv4_primary_dns_address	IP		No
ipv4_primary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_secondary_dns_address	IP		No
ipv4_secondary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_static_routes	List	`[ipv4_static_routes]`	No
ipv6_primary_dns_address	IP		No
ipv6_primary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_secondary_dns_address	IP		No
ipv6_secondary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_static_routes	List	`[ipv6_static_routes]`	No
vpn_description	String	min: `0`, max: `244`	No
vpn_description_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ethernet_interfaces (sdwan.feature_profiles.transport_profiles.management_vpn)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[^&<>! "]{1,128}$`	Yes
description	String		No
arp_entries	List	`[arp_entries]`	No
arp_timeout	Integer	min: `0`, max: `2147483`	No
arp_timeout_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
auto_detect_bandwidth	Boolean	`true`, `false`	No
auto_detect_bandwidth_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
autonegotiate	Boolean	`true`, `false`	No
autonegotiate_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
duplex	Choice	`full`, `half`, `auto`	No
duplex_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
icmp_redirect_disable	Boolean	`true`, `false`	No
icmp_redirect_disable_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_description	String	max: `200`	No
interface_description_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_mtu	Integer	min: `1500`, max: `9216`	No
interface_mtu_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_name	String	Regex: (ATM\|ATM-ACR\|AppGigabitEthernet\|AppNav-Compress\|AppNav-UnCompress\|Async\|BD-VIF\|BDI\|CEM\|CEM-ACR\|Cellular\|Dialer\|Embedded-Service-Engine\|Ethernet\|Ethernet-Internal\|FastEthernet\|FiftyGigabitEthernet\|FiveGigabitEthernet\|FortyGigabitEthernet\|FourHundredGigE\|GMPLS\|GigabitEthernet\|Group-Async\|HundredGigE\|L2LISP\|LISP\|Loopback\|MFR\|Multilink\|Port-channel\|SM\|Serial\|Service-Engine\|TenGigabitEthernet\|Tunnel\|TwentyFiveGigE\|TwentyFiveGigabitEthernet\|TwoGigabitEthernet\|TwoHundredGigE\|Vif\|Virtual-PPP\|Virtual-Template\|VirtualPortGroup\|Vlan\|Wlan-GigabitEthernet\|nat64\|nat66\|ntp\|nve\|ospfv3\|overlay\|pseudowire\|ucse\|vasileft\|vasiright\|vmi)([0-9](. ?[1-9][0-9])*\|[0-9/]+\|[0-9]+/[0-9]+/[0-9]+:[0-9]+\|[0-9]+/[0-9]+/[0-9]+\|[0-9]+/[0-9]+\|[0-9]+)	No
interface_name_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ip_directed_broadcast	Boolean	`true`, `false`	No
ip_directed_broadcast_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ip_mtu	Integer	min: `576`, max: `9216`	No
ip_mtu_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
iperf_server	String		No
iperf_server_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_address	IP		No
ipv4_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_configuration_type	Choice	`dynamic`, `static`	No	`static`
ipv4_dhcp_distance	Integer	min: `1`, max: `255`	No
ipv4_dhcp_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_dhcp_helpers	List	IP	No
ipv4_dhcp_helpers_variable	String	Regex: `^[^"~`$&+,]{1,255}$`	No
ipv4_secondary_addresses	List	`[ipv4_secondary_addresses]`	No
ipv4_subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
ipv4_subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_configuration_type	Choice	`dynamic`, `static`, `none`	No	`none`
ipv6_address	IP		No
ipv6_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
load_interval	Integer	min: `30`, max: `600`	No
load_interval_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
mac_address	String	Regex: `^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$`	No
mac_address_variable	String	Regex: `^[^"~`$&+,]{1,255}$`	No
media_type	Choice	`auto-select`, `rj45`, `sfp`	No
media_type_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
shutdown	Boolean	`true`, `false`	No
shutdown_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
speed	Choice	`10`, `100`, `1000`, `2500`, `10000`	No
speed_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tcp_mss	Integer	min: `500`, max: `1460`	No
tcp_mss_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

host_mappings (sdwan.feature_profiles.transport_profiles.management_vpn)

Name	Type	Constraint	Mandatory
hostname	String	min: `1`, max: `32`	No
hostname_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ips	List	IP	No
ips_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_static_routes (sdwan.feature_profiles.transport_profiles.management_vpn)

Name	Type	Constraint	Mandatory	Default Value
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
gateway	Choice	`nexthop`, `dhcp`, `null0`	No	`nexthop`
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
next_hops	List	`[next_hops]`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_static_routes (sdwan.feature_profiles.transport_profiles.management_vpn)

Name	Type	Constraint	Mandatory	Default Value
gateway	Choice	`nexthop`, `nat`, `null0`	No	`nexthop`
nat	Choice	`nat64`, `nat66`	No
next_hops	List	`[next_hops]`	No
prefix	String	Regex: ((^\s((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}\|:))\|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}\|((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3})\|:))\|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})\|:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3})\|:))\|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})\|((:[0-9A-Fa-f]{1,4})?:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})\|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})\|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})\|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(:(((:[0-9A-Fa-f]{1,4}){1,7})\|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:)))(%.+)?\s(\/)(\b([0-9]{1,2}\|1[01][0-9]\|12[0-8])\b)$))	No
prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

arp_entries (sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces)

Name	Type	Constraint	Mandatory
ip_address	IP		No
ip_address_variable	String	Regex: `^[^"~`$&+,]{1,255}$`	No
mac_address	String	Regex: `^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$`	No
mac_address_variable	String	Regex: `^[^"~`$&+,]{1,255}$`	No

ipv4_secondary_addresses (sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops (sdwan.feature_profiles.transport_profiles.management_vpn.ipv4_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops (sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

Examples

Example-1: The example below demonstrates how to configure the management_vpn feature within a transport profile. It sets DNS addresses as global values, meaning they will be the same for all devices attached to a configuration group that contains this profile. Additionally, it includes one IPv4 static default route, where the next hop is defined as a variable. The value for this variable will be provided when a device is attached to a configuration group that contains this profile.

sdwan:
  feature_profiles:
    transport_profiles:
      - name: transport1
        management_vpn:
          name: management_vpn
          ipv4_primary_dns_address: 1.1.1.1
          ipv4_secondary_dns_address: 1.0.0.1
          ipv4_static_routes:
            - network_address: 0.0.0.0
              subnet_mask: 0.0.0.0
              next_hops:
                - address_variable: vpn512_default_gateway