EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Configuring Segmentation

Configuring Segmentation

Posted on Jan 27, 2020 (0)

Configuring Segmentation

In Cisco Viptela network, VPNs are used to segregate the network traffic and by default two VPN are already available for Transport and management.

To segment and isolate the user network and data traffic locally, there are need to configure and create the additional VPNs. These VPNs are not VPN 0 and VPN 512 but are identified by any another number. In order to enable data traffic, an interface must be associated to VPN and IP address must be assigned to that interface. These interface may connect to local site network and not to WAN transport cloud.

Configure the Transport VPN on a vEdge Router

Configure the WAN transport interface:

vEdge(config)# vpn 0 interface interface-name
vEdge(config-interface)#

Configure a static IPv4 address for the interface:

vEdge(config-interface)# ip address prefix/length
vEdge(config-interface)#

Or you can enable DHCP on the interface so that the interface learn its IP address dynamically:

vEdge(config-interface)# ip dhcp-client [dhcp-distance number]
vEdge(config-interface)#

When an interface learns its IPv4 address from a DHCP server, it can also learn routes with AD 1 by default .To change the default value, include the dhcp-distance option, specifying a distance from 1 through 255.

To enable dual stack, configure a static IPv6 address for the interface:

vEdge(config-interface)# ipv6 address prefix/length
vEdge(config-interface)#

Or you can enable DHCPv6 on the interface so that the interface learn its IP address dynamically:

vEdge(config-interface)# ipv6 dhcp-client [dhcp-distance number] [dhcp-rapid-commit]
vEdge(config-interface)#

When an interface learns its IPv6 address from a DHCPV6 server, it can also learn routes with AD 1 by default .To change the default value, include the dhcp-distance option, specifying a distance from 1 through 255

Enable the interface:

vEdge(config-interface)# no shutdown

Configure the WAN transport tunnel connection:

vEdge(config-interface)# tunnel-interface
vEdge(config-tunnel-interface)#

Configure a color for the tunnel connection as an identifier for the tunnel:

vEdge(config-tunnel-interface)# color color
vEdge(config-tunnel-interface)#

color can be 3g, biz-internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, metroethernet, mpls, private1 through private6, public-internet, red, and silver. The default color is default.

Configure the encapsulation to use on tunnel connection:

vEdge(config-tunnel-interface)# encapsulation (gre | ipsec)
vEdge(config-tunnel-interface)#

To configure both IPsec and GRE encapsulation, include two encapsulation commands

Enable DNS service in the VPN by configuring the IP address of a DNS server reachable from VPN 0:

vEdge(config-vpn-0)# dns ip-address (primary | secondary)

The address can be either an IPv4 or IPv6 address. By default, the IP address is for the primary DNS server.

If required configure IPv4 and IPv6 static routes in VPN 0:

vEdge(config-vpn-0)# ip route prefix/length next-hop [administrative-distance]
vEdge(config-vpn-0)# ipv6 route prefix/length next-hop [administrative-distance]

Activate the configuration:

vEdge(config)# commit

Below is the example for VPN0, which has gi0/0 interface configured and other seven interface are also part of VPN 0 as we have not configured yet.


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.