EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USConfiguration Groups Overview
A configuration group is a logical grouping of features or configurations that can be applied to one or more devices in the Cisco SD-WAN fabric. You can define and customize this grouping based on your business needs.
There are multiple benefits to using configuration groups. First is simplicity, since you can easily identify what is necessary, what is optional, and what is the recommended Cisco networking best practice. You can reuse different configuration components, which helps to simplify management. When using group configurations, you can group devices based on a shared configuration.
Supported devices and prerequisites for configuration groups:
-
Configuration groups are supported only on Cisco IOS XE SD-WAN devices.
-
Minimum software version for Cisco IOS XE SD-WAN is Cisco IOS XE Release 17.8.1a.
-
Minimum software version for Cisco vManage is Release 20.8.1.
You can create configuration groups based on your business needs. For example, if your company has offices in North America on both the West Coast and East Cost and each coast has different transport needs, you can create two configuration groups, the East Coast Configuration Group and the West Coast Configuration Group. Both configuration groups can use the same system and service profiles while using different transport profiles, as shown in the figure.
Configuration Group Structure
Configuration groups are built from feature profiles, and each feature profile contains individual feature configurations. A single feature profile can be reused in multiple configuration groups. If a feature inside a feature profile is modified in one group, the changes apply to all other groups using the feature profile. You can also disassociate a feature profile from a configuration group or change the associated feature profile at any time.
payment][payment]
For a minimally functional configuration group, at least System and Transport feature profiles are required. This will provide the required system settings and network connectivity for control connections. You can also configure the local area network, various policies, or a CLI template
Configuration Group Workflows
Cisco vManage provides a simple workflow for creating and deploying device configurations using configuration groups. The workflows are located in the main menu under Workflows. There are currently two configuration group workflows available: one for creating configuration groups and one for deploying configuration groups.
The Create Configuration Group workflow provides a simple user interface divided into five sections where the user can define system and network settings to provision a simple single WAN Edge router site. The first section of the workflow is the site type. Right now, only the single router site type is supported but additional site types should be available in the future. The second section of the workflow is the site settings, where you define the local user password and system banners. The third and fourth sections are used to configure the WAN network, including interfaces and routing. The last section is used to configure the service-side networks, including VPNs, interfaces, and routing.
payment]/payment]
The Create Configuration Group workflow generates the following components:
-
The configuration group
-
Three basic feature profiles:
-
System profile: containing system settings such as site-id, system-ip, authentication, authorization, and accounting (AAA) services, or logging
-
Transport and management profile: containing the network settings for the transport and management VPNs
-
Service profile: containing network settings for the service-side VPNs, such as the VPNs, interfaces, switching, or routing
-
You can modify or add to these settings as you wish. You can use pre-populated or custom values that fit your business needs.
Deploying Configuration Groups
Once you have created your configuration group, the next step is to associate devices to your configuration group and deploy the configuration. You can choose the individual devices to associate with a configuration group, based on similar network architecture at the individual sites. After you associate the devices, you initiate the deployment.
Configuration group deployments require two steps. In the first step, you must provide the variable values for any device-specific parameters, such as system-ip or interface IP addresses. After you provide all the variable values, in the second step, you can preview the deployment configuration and compare it to the current running configuration on the device. If the candidate configuration meets your expectations, you can deploy the configuration to the devices
Configuration Group Feature Profile Overview
A feature profile is a flexible building block of configurations that can be reused across different configuration groups. You can create profiles based on features that you need for your environment and then put the profiles together to complete a device configuration. Feature profiles consist of features that are the individual capabilities that you want to share across different configuration groups.
Cisco vManage groups individual features into the following feature profiles:
-
System Profile
-
Transport and Management Profile
-
Service Profile
-
Security Profile
-
Policy Profile
-
CLI Profile
-
Other Profile
In the figure, notice that there are currently three feature profiles associated to the Branch_singleTransport_v1 configuration group: a system feature profile, a transport and management feature profile, and a service feature profile. Also notice that there are several unconfigured feature profiles (security, CLI, other)
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Deploy & Configure vManage & Generate Certificate
- Deploy & Configure vBond & Generate Certificate
- Deploy & Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Enterprise CA for SDWAN Instances
- ZTP Process & PnP Overview
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- How Our Online Python Certification Will Prepare You for a Career in Network Automation
- What You'll Learn in Juniper Mist Labs: A Deep Dive into AI-Driven Wireless Networking
- 10 Benefits of Studying Cisco ISE for Network and Security Folks
- Which AWS Advanced Networking Labs Course Includes # Real World Traffic Flows and Examines Objectives?
- How Do You Practice Cisco Nexus Configuration with Online Labs, No Physical Equipment?
- Why Cisco SD-WAN Viptela Training is Necessary in the Current Cloud-First Networking Age
- 5 Best Reasons to Learn Cisco SD-Access: From Networking Issues to Automation Solutions
- What is Cisco SD-LAN? A Beginner’s Guide to Software-Defined Access
- Why Enroll in Cisco UCS Online Training? Key Benefits for Network Engineers
- Why Python Network Automation Training is a Must-Have for Modern IT Engineers
LEAVE A COMMENT
Please login here to comment.