EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

SD-WAN Strict Hub & Spoke Policy

SD-WAN Strict Hub & Spoke Policy

Posted on Jan 27, 2020 (0)

SD-WAN Strict Hub & Spoke Policy

Task: Configure the Control policy in such a way that limits TLOC & Routes from vSmart to DC vEdge-001 Hub sites only.

Topology:

Solution:

Deactivate the Lab 5 Policy and verify that each branch is able to send its routes and TLOC to each other and verify the connectivity

Go back to the Policies in vManage | Add Policy from the top left corner or mid window if there are no Policies.

Create the Site List name dc-hubs with Site id 600 and VPN-List with VPN id 1.

Click Next and move to Configure Topology and VPN membership

Click Add Topology and select Hub and Spoke and provide the following details mentioned in below figure

Click Save Hub-and-Spoke Policy.

Click Next.

Click Next.

Now you will reach to Apply Policy to Sites and VPN

Provide policy name and Preview and Copy CLI configuration in notepad and save the policy.

Now Click on Configuration | policy | Centralized Policy | Select Policy | Activate

Here you may find error that may say that vSmart is not managed by vManage, then in order to make this policy work, use the CLI configuration, which you copied in above steps and configure in vSmart as given below:

policy
control-policy control_1678979107
sequence 10
match route
site-list dc-hubs
vpn-list VPN1
!
action accept
!
!
sequence 20
match tloc
site-list dc-hubs
!
action accept
!
!
default-action reject
!
lists
site-list dc-hubs
site-id 600
!
site-list dclessons-branch
site-id 200
site-id 300
site-id 400
!
vpn-list VPN1
vpn 1
!
!
!
apply-policy
site-list dclessons-branch
control-policy control_1678979107 out
!
!

Now go to vEdge-004 and verify Sh ip routes command, here you will see that only vEdge-001 routes are present and only TLOC routes are present




Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.