Table Of Contents
Service Design
Policy Manager
Template Manager
View Template Manager Tree and Data Pane
Create Folders and Subfolders
Create Template
Create Data File
Edit
Delete
Template Examples
Summary of Repository Variables
Protocol Manager
Protocols
Create TCP
Create UDP
Create ICMP
Create IGMP
Create IP
Edit
Delete
Protocol Bundles
Create Protocol Bundles
Edit Protocol Bundles
Delete Protocol Bundles
Link QoS Manager
Create
Edit
Delete
Network Objects Manager
Create Network Objects
Edit Network Objects
Delete Network Objects
Service Design
From the Home window of Cisco IP Solution Center (ISC), you receive upon logging in, click the Service Design tab and you receive a window as shown in Figure 7-1, "Service Design Selections."
Figure 7-1 Service Design Selections
Next you can navigate to the following selections:
•
Policy Manager Create and manage Policies for licensed services.
•Template Manager Create and manage Templates and associated data.
•Protocol Manager Create and manage Protocols and Protocol Bundles.
•Link QoS Manager Create and manage IP Link QoS settings.
•Network Objects Manager Create and manage network objects for security services.
Policy Manager
Policy Manager is explained in each of the User Guides for each of the licensed services.
Template Manager
The ISC Template Manager supports the browsing, creation, and deletion of Template Folders, Templates, and Data Files as well as the viewing of Template-generated configurations. The configuration created from the template and data file can be downloaded to devices. When creating a Service Request, you can select from the list of templates and data files and associate them with the Service Request. At Deploy time, the template and data file are instantiated and the configuration is appended or prepended to the configlet generated by ISC. Then the combined configuration is downloaded to the device.
To use the Template Manager, do the following:
Step 1 Navigate to Service Design > Template Manager and you receive a window as shown in Figure 7-2, "Template Manager."
Figure 7-2 Template Manager
Template examples are shown in the left column. A complete list of template examples is specified in the "Template Examples" section. A complete list of Repository variables is shown in the "Summary of Repository Variables" section.
Step 2 Then you can do any of the following:
•View Template Manager Tree and Data Pane
•Create Folders and Subfolders
•Create Template
•Create Data File
•Edit
•Delete
View Template Manager Tree and Data Pane
When you navigate to Service Design > Template Manager, you receive a window as shown in Figure 7-3, "Tree and Data Pane Structure."
The Template Manager tree is in the left column. You can continue clicking the + sign next to each created folder and subfolder until you get to the last level of information. The last possible level is the template name. Data file information is not kept in the tree.
The right section of the window is the data pane. The name of the folder or template is in the upper-left corner. When you click the checkbox next to the template or data file information, the Create Template, Create Data File, Edit, or Delete buttons are enabled as described in the following sections.
When there are many templates in a folder or many data files in a template, the Show Template Matching or Show Data File Matching filter in the upper right hand corner of the data pane can be very useful. For example, you may just want to work with templates or data files that start with abc. In this case, enter abc* in the field and then click the Show button. Only the templates or data files that start with abc appear.
You can also View configurations when the table displays data files.
Figure 7-3 Tree and Data Pane Structure
Create Folders and Subfolders
To create a new folder or subfolder, do the following:
Step 1 Navigate to Service Design > Template Manager.
Step 2 In the Template Manager tree, right click in the white area and select New > Folder to create a new folder or right click on an existing folder or subfolder and select New > Folder to create a subfolder.
Note There is no limit to the number of levels of folders and subfolders you can create.
Step 3 In the new text field that appears in the Template Manager tree, type the new folder or subfolder name, as shown in the first entry of the Template Manager tree in Figure 7-4, "Folder Naming."
Figure 7-4 Folder Naming
Create Template
You can either create a new template in an existing folder or you can create a new folder first and then create the template. To create a new folder, refer to the section "Create Folders and Subfolders".
To create a new template, do the following:
Step 1 Navigate to Service Design > Template Manager.
Step 2 In the Template Manager tree, left click on the folder in which you want to create a new template.
Step 3 A window appears as shown in Figure 7-5, "Folder with Existing Templates."
Figure 7-5 Folder with Existing Templates
Step 4 Click the Create Template button and you receive a window as shown in Figure 7-6, "Template Editor."
Figure 7-6 Template Editor
Step 5 Enter the following:
•Template Name (required) This must be a unique name. This name must begin with an alphabetic character and can only contain alphanumeric characters and the underscore.
•Description (optional) You can enter any description here.
•Body (required) Enter the configuration text, Velocity template language directives and variables that you want included.
Note The Velocity template language is explained at http://jakarta.apache.org/velocity/user-guide.html.
An example template is shown in Figure 7-7, "Example Template."
Figure 7-7 Example Template
Step 6 Click the Select & Click Go drop-down button. If you want to validate the information you entered in Step 5, select Validate and then click the Go button. Otherwise, select Variables and then click the Go button and you receive a window as in Figure 7-8, Template Variables".
Figure 7-8 Template Variables
Step 7 Click the radio button for the Variable you want to edit and click Edit. You receive a window as in Figure 7-9, "Variable Definition—Type String."
Figure 7-9 Variable Definition—Type String
Step 8 In Figure 7-9, click the drop-down menu for Type to receive the following choices:
•String Proceed to Step 9.
•Integer Proceed to Step 10.
•Float Proceed to Step 11.
•IPv4 Address Proceed to Step 12.
•Sub-Template Proceed to Step 13.
•Dynamic Java Class Proceed to Step 14.
•Dynamic URL Proceed to Step 15.
Step 9 The default Type to appear is String, a combination of ASCII characters considered as a group. The resulting Variable window is shown in Figure 7-9 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
•Dimension Choose 0 (default), which indicates a scalar or enum variable; choose 1, in which case the variable becomes a one-dimensional array; or choose 2, in which case the variable becomes a two-dimensional array.
•Default (optional) If there is a default value for the specified variable, specify it here. If you also have Available Values defined, this default value must be an Available Value.
•Pattern (optional) Specify a regular expression pattern of the string. For example, a pattern of isc[0-9]+ defines a string that starts with isc followed by one or more digits from 0 to 9.
•Minimum Length (optional) If you specify a minimum length, the string cannot be less than the length specified here.
•Maximum Length (optional) If you specify a maximum length, the string cannot exceed the length specified here.
•Available Values (optional) Enter string values for this variable. Separate the values by commas.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Step 10 When you choose the Type Integer, a whole number, the resulting Variable window is shown in Figure 7-10 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
•Dimension Choose 0 (default), which indicates a scalar or enum variable; choose 1, in which case the variable becomes a one-dimensional array; or choose 2, in which case the variable becomes a two-dimensional array.
•Default (optional) If there is a default value for the specified variable, specify it here. If you also have Available Values defined, this default value must be an Available Value.
•Minimum Length (optional) If you specify a minimum length, the integer cannot be less than the length specified here.
•Maximum Length (optional) If you specify a maximum length, the integer cannot exceed the length specified here.
•Available Values (optional) Enter integer values for this variable. Separate the values by commas.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Figure 7-10 Variable Definition—Type Integer
Step 11 When you choose the Type Float, a number that has no fixed number of digits before or after the decimal point, the resulting Variable window is shown in Figure 7-11 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
•Dimension Choose 0 (default), which indicates a scalar or enum variable; choose 1, in which case the variable becomes a one-dimensional array; or choose 2, in which case the variable becomes a two-dimensional array.
•Default (optional) If there is a default value for the specified variable, specify it here. If you also have Available Values defined, this default value must be an Available Value.
•Minimum Length (optional) If you specify a minimum length, the values cannot be less than the length specified here.
•Maximum Length (optional) If you specify a maximum length, the values cannot exceed the length specified here.
•Available Values (optional) Enter floating point values for this variable. Separate the values by commas.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Figure 7-11 Variable Definition—Type Float
Step 12 When you choose the Type IPv4, the resulting Variable window is shown in Figure 7-12 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
•Dimension Choose 0 (default), which indicates a scalar or enum variable; choose 1, in which case the variable becomes a one-dimensional array; or choose 2, in which case the variable becomes a two-dimensional array.
•Default (optional) If there is a default value for the specified variable, specify it here. If you also have Available Values defined, this default value must be an Available Value.
•Subnet Mask (optional) Enter a valid subnet mask.
•Class (optional) Enter the class of the IP address. The options are: A, B, or C.
•Available Values (optional) Enter IPv4 values for this variable. Separate the values by commas.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Figure 7-12 Variable Definition—Type IPv4
Step 13 When you choose the Type Sub-Template, the resulting Variable window is shown in Figure 7-13 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
•Location (required) Enter the full path name of the parent template. For example /test2/testyy.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Figure 7-13 Variable Definition—Type Sub-Template
Step 14 When you choose the Type Dynamic Java Class, the resulting Variable window is shown in Figure 7-14 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Figure 7-14 Variable Definition—Type Dynamic Java Class
Step 15 When you choose the Type Dynamic URL, the resulting Variable window is shown in Figure 7-15 and its attributes are as follows:
•Description (optional) You can enter any descriptive statement about this variable here.
•Required Leave the default of the clicked checkbox if this variable is required. Otherwise, click to uncheck it.
After you enter all the data, click OK to accept this information for the specified variable; click OK in a window such as Figure 7-8, which now includes this updated variable; click Save and then Close or click Close and when asked, agree to Save for a window such as Figure 7-6; and create more variables by repeating the steps in this section, "Create Template". Create a Data File is shown in the "Create Data File" section, Edit is shown in the "Edit" section, and Delete is shown in the "Delete" section.
Figure 7-15 Variable Definition—Type Dynamic URL
Create Data File
You can create a new data file from an existing template. If the template you want is not available, go to the "Create Template" section.
To create a data file, do the following:
Step 1 Navigate to Service Design > Template Manager.
Step 2 In the Template Manager tree in the left part of your window, do one of the following
1. Left click on the folder or subfolder in which the template for which you want to create a data file exists or
2. Click on the + next to the folder of choice and then click on the template for which you want to create a data file.
Step 3 If you chose 1. in Step 2, a window appears as shown in Figure 7-16, "Choose Existing Template > Create Data File."
Figure 7-16 Choose Existing Template > Create Data File
Click the checkbox for the template for which you want to create a data file and click Create Data File. Then proceed to Step 5.
Otherwise, proceed to Step 4.
Step 4 If you chose 2. in Step 2, the buttons appear as shown in Figure 7-17, "Choose Existing Template > Create Data File."
Figure 7-17 Choose Existing Template > Create Data File
Click Create Data File and proceed to Step 5.
Step 5 An example of a window that appears is shown in Figure 7-18, "Template Data File Editor."
Figure 7-18 Template Data File Editor
Step 6 In the General area, fill in the following:
•Data File Name (required) This must be a unique name. This name must begin with an alphabetic character and can only contain alphanumeric characters and the underscore.
•Description (optional) Enter any description that helps you identify this data file.
Step 7 In the example in Figure 7-18, in the Variables area, a is a string variable (Dimension defined when the template was created was 0); b is a one-dimensional array (Dimension defined when the template was created was 1); and c is a two-dimensional array (Dimension defined when the template was created was 1).
Step 8 If you click Vars as shown in Figure 7-18, you receive a window as shown in Figure 7-19, "Template Data File Editor."
Figure 7-19 Template Data File Editor
Click the Services drop-down menu to have access to variables for:
•IPsec
•IPsecRA (IPsec Remote Access)
•NAT
•MPLS
•L2VPN
Then click the entry in Variables that you want to use and click Select.
If you have a 0 dimensional entry (set as Dimension 0 when creating a template), you can only enter variables in the provided field.
Step 9 When you click Edit. The resulting window depends on whether you are editing a 1 or 2 dimensional array.
Proceed to Step 10 for information about a 1 dimensional array.
Proceed to Step 13 for information about a 2 dimensional array.
Step 10 For a one-dimensional array (set as Dimension 1 when creating the template), when you click Edit, you receive a window as shown in Figure 7-20, "Editing a One-Dimensional Array."
Figure 7-20 Editing a One-Dimensional Array
Step 11 To add a variable, click Add and a window as shown in Figure 7-21, "Adding a Variable," appears in which you can add the variable. Then click OK.
Figure 7-21 Adding a Variable
Step 12 To edit or delete a variable, highlight the variable in Figure 7-20 and click Edit or Delete. For Edit you receive a figure as in Figure 7-21. Then click OK. For Delete, be sure you want to delete. Once you click Delete, it automatically occurs and the window is updated. Proceed to Step 19.
Step 13 For a two-dimensional array (set as Dimension 2 when creating the template), when you click Edit, you receive a window as shown in Figure 7-22, "Editing a Two-Dimensional Array.
Figure 7-22 Editing a Two-Dimensional Array
Step 14 Click Add Row and a window as shown in Figure 7-23, "Enter Row Information," appears. Enter a value and click OK.
Figure 7-23 Enter Row Information
Step 15 Click Add Column and a window as shown in Figure 7-24, "Enter Column Information," appears. Enter a value and click OK.
Figure 7-24 Enter Column Information
Step 16 A resulting window, as shown in Figure 7-25, "Two-Dimensional Array Results," appears.
Figure 7-25 Two-Dimensional Array Results
Step 17 You can click any of the checkboxes (toggles) and you can then Edit or Delete that row or column. You can also continue to Add Row and Add Column as shown in Step 16 and Step 17, respectively.
Step 18 When you complete setting up your two-dimensional array, click OK.
Step 19 A window as shown in Figure 7-18 is updated to reflect the new data file information.
Step 20 You can then click Save and then Close to save this information and close this file; click Configure to show the configuration file; or click Close and then be sure to click OK, if you want to save the information you have created. If you do not want to save this information, click Close and then click Cancel.
Edit
To edit a Template or Data File, do the following:
Step 1 Navigate to Service Design > Template Manager.
Step 2 In the Template Manager tree, left click on the folder or subfolder in which the template you want to edit exists or the template in which the data file you want to edit exists. Alternatively, when the name in the upper left corner of the data pane is a template, you can click on the template name to edit the template.
Step 3 To edit a template, a window appears as shown in Figure 7-26, "Choose Existing Template > Edit." To edit a data file, a window appears as shown in Figure 7-27, "Choose Existing Data File > Edit."
Figure 7-26 Choose Existing Template > Edit
Figure 7-27 Choose Existing Data File > Edit
Step 4 Click the checkbox for the template or data file you want to edit.
Note For a data file, there is a Configlet column in which you can click View to view the configuration file.
Step 5 Click Edit.
Step 6 When editing a template, you receive a window as shown in Figure 7-6, "Template Editor." Then proceed as in Step 6 in the "Create Template" section. When editing a data file, you receive a window as shown in Figure 7-17, "Choose Existing Template > Create Data File." Then proceed as in Step 5 in the "Create Data File" section.
Delete
To delete a Template or Data File, do the following:
Step 1 Navigate to Service Design > Template Manager.
Step 2 In the Template Manager tree, left click on the folder or subfolder in which the template you want to delete exists or the template in which the data file you want to delete exists.
Step 3 To delete a template, a window appears as shown in Figure 7-28, "Choose Existing Template > Delete." To delete a data file, a window appears as shown in Figure 7-29, "Choose Existing Data File > Delete."
Figure 7-28 Choose Existing Template > Delete
Figure 7-29 Choose Existing Data File > Delete
Step 4 Click the checkbox for the template or data file you want to delete.
Note For a data file, there is a Configlet column in which you can click View to view the configuration file.
Step 5 Click Delete.
Step 6 You receive an updated window as shown in Figure 7-28, "Choose Existing Template > Delete" or Figure 7-29, "Choose Existing Data File > Delete" with the deleted template or data file no longer available.
Template Examples
In the left column, the hierarchy pane, of Service Design > Template Manager, as shown in Figure 7-2, "Template Manager," template examples appear. See Table 7-1, "Template Examples and Their Descriptions."
Table 7-1 Template Examples and Their Descriptions
Folder
|
Template
|
Description
|
Examples
|
AccessList
|
Demonstrates templates with nested repeat loop and multi-dimension variable.
|
| |
AccessList1
|
Demonstrates the simplest template variable substitution.
|
| |
CEWanCOS
|
Demonstrates if-else statements, repeat statements, mathematical expressions, and one-dimensional variables.
|
IDS/
Audit
|
Set-Audit_Rule
|
Set up ACLs for the audit rule. Set up the audit rule for signatures of information and attack types. Apply the audit rule to the interfaces.
|
IDS/ Notification
|
Notify-Syslog-Server
|
Specify the messages in the syslog format for event notification. Specify the syslog server as the event destination.
|
| |
Notify-Director
|
Specify the messages in NetRanger format for event notification. Specify the local Post Office parameters used when sending event notification to the NetRanger Director. Specify Post Office parameters for the NetRanger Director receiving event notification from the router.
|
| |
Notify-Syslog-Console
|
Specify the messages in the syslog format for event notification. Specify the syslog console as the event destination.
|
IDS
Signature
|
Disable-Signatures
|
Disable individual signatures.
|
| |
Enable-Signatures
|
Enable a list of signatures or qualify the audit of the signatures with an access control list.
|
IDS/
Initialization
|
Set-Thresholds
|
Set the threshold beyond which spamming in e-mail messages is suspected. Set the threshold beyond which queued events are dropped from the event queue for sending to the NetRanger Director.
|
Firewall-IPsec
|
Permit-IPsec-IOS
|
Allow only IPsec traffic, management traffic, and data traffic that came through an IPsec tunnel on a Cisco IOS router.
|
| |
Permit-IPsec-PIX
|
Allow only IPsec traffic, management traffic, and data traffic that came through an IPsec tunnel on a PIX.
|
Certificate
|
RSA-Key-Generation
|
Cisco IOS commands to generate private/public key pair for this router.
|
| |
Root-Cert-Import
|
SampleCisco IOS template to import root certificate to the router.
|
| |
Root-Cert-By-Auth
|
Sample Cisco IOS template to authenticate root certificate server and obtain root certificate.
|
| |
Cert-Enrollment
|
Sample Cisco IOS template to enroll with root certificate server and obtain certificate of this router.
|
VPN 3000/
Routing
|
Ethernet-RIP
|
Sets up a Routing Information Protocol (RIP) protocol for a particular Ethernet interface.
|
| |
Ethernet-OSPF
|
Configures an Open Shortest Path First (OSPF) interface of a particular Ethernet interface.
|
| |
Static-Routes
|
Configures static route records.
|
| |
Default-Gateway
|
Sets up a default gateway.
|
| |
General-OSPF
|
Sets up General OSPF parameters.
|
| |
Create-OSPFArea
|
Creates general OSPF Area parameters.
|
| |
Modify-OSPFArea
|
Modifies a particular OSPF area.
|
| |
VRRP
|
Sets up VRRP redundancy
|
VPN 3000/
Servers
|
DNS-Server
|
Sets up Domain Name System (DNS) server parameters.
|
| |
FTP-Server
|
Sets up File Transfer Protocol (FTP) server parameters.
|
| |
HTTP-Server
|
Sets up Hypertext Transfer Protocol (HTTP) server parameters.
|
| |
HTTPS-Server
|
Sets up HTTPS server parameters.
|
| |
TFTP-Server
|
Sets up Trivial File Transfer Protocol (TFTP) server parameters.
|
| |
Telnet-Server
|
Sets up telnet server parameters.
|
| |
Telnet-SSL-Server
|
Sets up telnet over Secure Socket Layer (SSL) parameters.
|
| |
SNMP-Server
|
Sets up SNMP server parameters.
|
| |
SNMP-Communities
|
Sets up an SNMP communities string.
|
| |
SSL
|
Sets up SSL record parameters.
|
| |
SSH
|
Sets up SSH record parameters.
|
| |
DHCP-Server
|
Sets up Dynamic Host Configuration Protocol (DHCP) server parameters.
|
| |
DHCP-Server-Modify
|
Modifies DHCP server parameters.
|
VPN 3000/
Events
|
General-Event
|
Sets up general event parameters.
|
| |
FTPLogBackup
|
Sets up FTP log back up parameters.
|
| |
EventClass-Create
|
Sets up EventClass record parameters.
|
| |
EventClass-Modify
|
Modifies a particular event class.
|
| |
TrapDestination-Create
|
Sets up Trap Destination record parameters.
|
| |
TrapDestination-Modify
|
Modifies a particular trap destination.
|
| |
SyslogServer-Create
|
Sets up syslog server record parameters.
|
| |
SyslogServer-Modify
|
Modifies syslog server record parameters.
|
| |
SMTPServer-Create
|
Creates an Simple Mail Transfer Protocol (SMTP) server.
|
| |
SMTPServer-Modify
|
Modifies SMTP server parameters.
|
| |
EmailRecipient-Create
|
Creates an e-mail recipient record.
|
| |
EmailRecipient-Modify
|
Modifies an e-mail recipient record.
|
interface
|
shutdownIf
|
Shuts down all nonsecured interfaces of a given device in the IPsec Service Request.
|
| |
noshutdownIf
|
Brings up all nonsecured interfaces of a given device in the IPsec Service Request.
|
Summary of Repository Variables
This section contains the following tables:
•Table 7-2, "IPsec Remote Access Repository Variables
•Table 7-3, "IPsec Site-to-Site Repository Variables"
•Table 7-4, "L2VPN Repository Variables"
•Table 7-5, "MPLS Repository Variables"
•Table 7-6, "NAT Repository Variables"
•Table 7-7, "QoS Repository Variables"
Table 7-2 provides a summary of the IPsec Remote Access Repository variables available from the ISC Template Manager.
Table 7-2 IPsec Remote Access Repository Variables
Repository Variable
|
Dimension
|
Description
|
Example
|
RA-AAServerNameList
|
1
|
List of authentication server names
|
North_Am_AA
|
RA-GroupNameList
|
1
|
List of Group names
|
North_AM_Sales
|
RA-IPSecPrivateInterfaceAddress (also known as RA-
UnsecureInterfaceIPAddressMask\List
|
1
|
List of private interface IP addresses and their subnet masks
|
171.23.44.33/24
171.23.45.33/24
|
RA-IPSecPrivateInterfaceName (also known as RA-UnsecureInterfaceNameList)
|
1
|
List of private interface names
|
Ethernet0,
Ethernet1
|
RA-IPSecProtectedSubnets (also known as RA-LocalProtectedIPAddressMaskList
|
1
|
List of IP address ranges and subnet masks protected by this edge device
|
209.165.20.129/30
209.165.20.130/30...
|
RA-IPSecProtectedSubnetsInclusion
|
1
|
Specifies whether the current prefix is to be included or excluded
|
true, false
|
RA-IPSecPublicInterfaceAddress (also known as RA-
SecureInterfaceIPAddressMaskList)
|
1
|
List of public interface IP addresses and their masks
|
192.209.10.10/30
192.209.11.10/30
|
RA-IPSecPublicInterfaceName (also known as RA-
SecureInterfaceNameList)
|
1
|
List of CPE's public interface names
|
Serial0/0, Serial0/1
|
RA-SplitTunnelingNetworkLists
|
2
|
List of split-tunneling networks
|
List 0 (Sales Group)
10.1.1.0/24
10.1.2.0/24
|
RA-SplitTunnelingTypeList
|
1
|
List of split-tunneling types
|
Entry 0 (Acct Group) in-list
Entry1 (Mkt Group) in-list
|
Table 7-3 provides a summary of the IPsec Site-to-Site Repository variables available from the ISC Template Manager.
Table 7-3 IPsec Site-to-Site Repository Variables
Repository Variable
|
Dimension
|
Description
|
Example
|
IPSecEigrpAsNumber
|
0
|
EIGRP AS number
|
193
|
IPSecGreDeleteInterfaceName
|
1
|
DMVPN GRE interface name to be deleted
|
Tunnel0, Tunnel2
|
IPSecGreInterfaceName
|
1
|
DMVPN GRE interface name to be added
|
Tunnel0, Tunnel2
|
IPSecMultipointGreDeleteInterface
Name
|
1
|
List of GRE point-to-multipoint interfaces to be deleted
|
Tunnel0, Tunnel2
|
IPSecMultipointGreInterfaceName
|
1
|
List of GRE point-to-multipoint interfaces created by ISC
|
Tunnel0, Tunnel2
|
IPSecOspfAreaId
|
0
|
OSPF Area ID
|
0
|
IPSecOspfProcessId
|
0
|
OSPF router process ID
|
10
|
IPSecPrivateInterfaceAddress
|
1
|
List of private interfaces IP addresses
|
209.165.202.131,
209.165.203.131
|
IPSecPrivateInterfaceName
|
1
|
List of private interface names
|
Ethernet1, Ethernet0
|
IPSecPrivateTunnelEndptInterface
Address
|
0
|
IPsec private tunnel endpoint IP address
|
2.2.2.2/24
|
IPSecPrivateTunnelEndptInterfaceName
|
0
|
IPsec private tunnel endpoint interface names
|
FastEthernet0/1
|
IPSecProtectedSubnets
|
1
|
List of IP addresses protected by this edge device
|
1.1.1.0/24,
1.1.1.3/0...
|
IPSecProtectedSubnetsInclusion
|
1
|
Specifies whether the current prefix is to be included or excluded
|
true, false
|
IPSecPublicInterfaceAddress
|
1
|
List of IP addresses for the CPE's public interfaces
|
209.165.202.
129/24,
209.165.203.
129/24
|
IPSecPublicInterfaceName
|
1
|
List of public interface names
|
Serial1/1, Serial1/2
|
IPSecPublicTunnelEndptInterface
Address
|
0
|
IPsec tunnel endpoint interface address
|
1.1.1.1/24
|
IPSecPublicTunnelEndptInterfaceName
|
0
|
IPsec tunnel endpoint interface name
|
Serial1/1
|
IPSecRemoteAddress
|
1
|
List of IPsec endpoint's IP addresses for remote peers
|
209.165.202.
131/28,
209.165.203.
131/24
|
IPSecRemoteDeviceType
|
1
|
Type of the remote device
|
Cisco IOS, PIX, VPN 3000
|
IPSecRemoteFailoverAddress
|
2
|
IPsec tunnel endpoint IP address for the remote peers
|
209.165.202.
131/28,
209.165.203.
131/24
|
IPSecRemoteFailoverDeviceType
|
2
|
Remote failover device type
|
PIX, Cisco IOS, VPN 3000,...
|
IPSecRemoteFailoverGreInterfaceName
|
2
|
Name of the GRE point-to-point interface created to the remote failover devices
|
Tunnel1, Tunnel2,...
|
IPSecRemoteFailoverHostName
|
2
|
List of failover devices for the remote peers
|
IPsec_Atlanta, IPsec_NY,...
|
IPSecRemoteFailoverWildcardPresharedKey
|
2
|
Wildcard preshared key for remote failover devices
|
<my_secret1>, <my_secret2>,...
|
IPSecRemoteGreInterface Name
|
1
|
Name of the GRE point-to-point interface created for the remote peer
|
Tunnel1, Tunnel2
|
IPSecRemoteHostName
|
1
|
List of remote peer host names
|
IPsec_Atlanta, IPsec_NY
|
IPSecRemoteOpType
|
1
|
Operation type for the current tunnel
|
ADD, DELETE
|
IPSecRemotePresharedKey
|
1
|
List of preshared keys to be used to establish tunnels with remote peers
|
<secret_value1>, <secret_value2> Note: Keys are 128 alphanumeric characters
|
IPSecRemoteSiteName
|
1
|
Names of remote sites
|
San Jose,
New York
|
IPSecRemoteSubnets
|
2
|
List of IP addresses protected by remote peers
|
209.165.202.129
209.165.202.130...
|
IPSecRemoteSubnetsInclusion
|
2
|
Specifies whether the current remote prefix is to be included or excluded
|
true, false,...
|
IPSecRemoteWildcardPresharedKey
|
1
|
Wildcard preshared key for remote devices
|
<secret_value1>, <secret_value2> Note: Keys are 128 alphanumeric characters
|
IPSecRoutingProtocol
|
0
|
IPsec VPN routing protocol
|
NONE or OSPF
|
IPSecStaticAdminDistance
|
0
|
Administration distance for static routes
|
1
|
IPSecTopologyRole
|
0
|
Topology role for the current device
|
HUB, SPOKE
|
Table 7-4 provides a summary of the L2VPN Repository variables available from the ISC Template Manager.
Table 7-4 L2VPN Repository Variables
Repository Variable
|
Dimension
|
Description
|
AC_Loopback_Address
|
0
|
PE loopback address also known as the router ID
|
CE_DLCI
|
0
|
DLCI value on CE for Frame Relay encapsulation
|
CE_Encap
|
0
|
Encapsulation of the CE interface
|
CE_Intf_Desc
|
0
|
Interface description for the CE interface
|
CE_Intf_Shutdown
|
0
|
Shutdown flag for the CE interface
|
CE_VCD
|
0
|
VCD value on CE for ATM encapsulation
|
CE_VCI
|
0
|
VCI value on CE for ATM encapsulation
|
CE_Vlan_ID
|
0
|
VLAN ID on CE for Ethernet encapsulation
|
CE_VPI
|
0
|
VPI value on CE for ATM encapsulation
|
L2TP_Class_Authentication
|
0
|
Not supported
|
L2TP_Class_Dfbit_Set
|
0
|
Not supported
|
L2TP_Class_Hello
|
0
|
Not supported
|
L2TP_Class_Hidden
|
0
|
Not supported
|
L2TP_Class_Initial_Retries
|
0
|
Not supported
|
L2TP_Class_Password
|
0
|
Not supported
|
L2TP_Class_Receive_Window
|
0
|
Not supported
|
L2TP_Class_Retries
|
0
|
Not supported
|
L2TP_Class_RTimeout_Max
|
0
|
Not supported
|
L2TP_Class_RTimeout_Min
|
0
|
Not supported
|
L2TP_Class_Timeout_Max
|
0
|
Not supported
|
L2TP_Class_Timeout_Min
|
0
|
Not supported
|
L2TP_V3_MODE
|
0
|
Not supported
|
PE_DLCI
|
0
|
DLCI value on PE for Frame Relay encapsulation
|
PE_Encap
|
0
|
Encapsulation of the PE interface
|
PE_Intf_Desc
|
0
|
Interface description for the PE interface
|
PE_VCD
|
0
|
VCD value on PE for ATM encapsulation
|
PE_VCI
|
0
|
VCI value on PE for ATM encapsulation
|
PE_Vlan_ID
|
0
|
VLAN ID on PE for Ethernet encapsulation
|
PE_VPI
|
0
|
VPI value on PE for ATM encapsulation
|
PseudoWire_Class_IP_Dfbit_Set
|
0
|
Not supported
|
PseudoWire_Class_IP_PMTU
|
0
|
Not supported
|
PseudoWire_Class_IP_Protocol
|
0
|
Not supported
|
PseudoWire_Class_IP_TOS
|
0
|
Not supported
|
PseudoWire_Class_IP_TTL
|
0
|
Not supported
|
PseudoWire_Class_IP_Vrf_Forwarding
|
0
|
Not supported
|
PseudoWire_Class_Payload
|
0
|
Not supported
|
PseudoWire_Class_Protocol
|
0
|
Not supported
|
PseudoWire_Class_Type_Of_Core
|
0
|
Core type of the Service Provider over which L2VPN is provisioned
|
Uni_Aging
|
0
|
Length of time the MAC address can stay on the port security table
|
Uni_Cdp_Enable
|
0
|
Flag to enable or disable layer 2 tunnelling on a Cisco Discover Protocol (CDP)
|
Uni_Cdp_Threshold
|
0
|
Number of packets per second to be received before the interface is shut down for the CDP protocol
|
Uni_Mac_Address
|
0
|
Number of MAC addresses allowed for port security
|
Uni_Port_Security
|
0
|
Flag to enable or disable security on a UNI interface
|
Uni_Protocol_Tunnelling
|
0
|
Flag to enable or disable Layer 2 Bridge Protocol Data Unit (BPDU) protocol tunnelling on a UNI interface
|
Uni_Recovery_Interval
|
0
|
Amount of time to wait before recovering a UNI port
|
Uni_Shutdown
|
0
|
Flag indicating whether the User Network Interface (UNI) is shutdown
|
Uni_Speed
|
0
|
Value of the UNI link speed
|
Uni_Stp_Enable
|
0
|
Flag to enable or disable layer 2 tunnelling on a Spanning Tree Protocol (STP)
|
Uni_Stp_Threshold
|
0
|
Flag to enable or disable layer 2 tunnelling on an STP
|
Uni_Violation_Access
|
0
|
Action taken when a port security violation is detected
|
Uni_Vtp_Enable
|
0
|
Flag to enable or disable layer 2 tunnelling on a VLAN Trunk Protocol (VTP)
|
Uni_Vtp_Threshold
|
0
|
Flag to enable or disable layer 2 tunnelling on a VTP
|
Table 7-5 provides a summary of the MPLS Repository variables available from the ISC Template Manager.
Table 7-5 MPLS Repository Variables
Repository Variable
|
Dimension
|
Description
|
Advertised_Routes_To_CE
|
2
|
List of one or more IP addresses of the advertised static route to be placed on the PE to define the CE's address space
|
CE_BGP_AS_ID
|
0
|
BGP AS ID on a CE when the routing protocol between a CE and a PE is BGP
|
CE_DLCI
|
0
|
DLCI value on CE for Frame Relay encapsulation
|
CE_EIGRP_AS_ID
|
0
|
EIGRP AS ID on a CE when the routing protocol between a CE and a PE is EIGRP
|
CE_Facing_MVRFCE_BGP_AS_ID
|
0
|
BGP AS ID on an MVRFCE when the routing protocol between a CE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_DLCI
|
0
|
DLCI value on CE facing MVRFCE interface for Frame Relay encapsulation, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_EIGRP_AS_ID
|
0
|
EIGRP AS ID on an MVRFCE when the routing protocol between a CE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Intf
|
0
|
Name of the CE facing interface on an MVRFCE, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Intf_Address
|
0
|
IP address assigned to the CE facing MVRFCE interface, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Intf_Encap
|
0
|
Encapsulation for CE facing of an MVRFCE interface, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Intf_Name
|
0
|
Name of the CE facing MVRFCE interface, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Intf_Type
|
0
|
Interface type for CE facing of an MVRFCE interface, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Ospf_Process_ID
|
0
|
OSPF process ID on MVRFCE when the routing protocol between a CE and an MVRCE is OSPF, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_Tunnel_Src_
Addr
|
0
|
Tunnel source address on CE facing MVRFCE interface for GRE encapsulation when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_VCD
|
0
|
VCD value on CE facing MVRFCE interface for ATM encapsulation, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_VCI
|
0
|
VCI value on CE facing MVRFCE interface for ATM encapsulation, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_VLAN_ID
|
0
|
VLAN ID on CE facing MVRFCE interface for Ethernet encapsulation, when an MPLS link includes an MVRFCE
|
CE_Facing_MVRFCE_VPI
|
0
|
VPI value on CE facing MVRFCE interface for ATM encapsulation, when an MPLS link includes an MVRFCE
|
CE_Intf_Address
|
0
|
IP address assigned to the CE interface
|
CE_Intf_Encap
|
0
|
Encapsulation of the CE interface
|
CE_Intf_Name
|
0
|
Name of the CE interface
|
CE_MVRFCE_Bandwidth_Metric_For_
Redistribution
|
0
|
Bandwidth metric for redistribution of EIGRP when the routing protocol between a CE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFC
|
CE_MVRFCE_BGP_AS_ID
|
0
|
BGP AS ID on a CE when the routing protocol between a CE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
CE_MVRFCE_Delay_Metric_For_
Redistribution
|
0
|
Delay metric for redistribution of EIGRP when the routing protocol between a CE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFC
|
CE_MVRFCE_EIGRP_AS_ID
|
0
|
EIGRP AS ID on a CE when the routing protocol between a CE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
CE_MVRFCE_Loading_Metric_For_
Redistribution
|
0
|
Loading metric for redistribution of EIGRP when the routing protocol between a CE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFC
|
CE_MVRFCE_MTU_Metric_For_
Redistribution
|
0
|
MTU metric for redistribution of EIGRP when the routing protocol between a CE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFC
|
CE_MVRFCE_Ospf_Process_ID
|
0
|
OSPF process ID on CE when the routing protocol between a CE and an MVRCE is OSPF, when an MPLS link includes an MVRFCE
|
CE_Ospf_Process_ID
|
0
|
OSPF process ID on CE when the routing protocol between a CE and a PE is OSPF
|
CE_Tunnel_Src_Addr
|
0
|
Tunnel source address on CE for GRE encapsulation
|
CE_VCD
|
0
|
VCD value on CE for ATM encapsulation
|
CE_VCI
|
0
|
VCI value on CE for ATM encapsulation
|
CE_Vlan_ID
|
0
|
VLAN ID on CE for Ethernet encapsulation
|
CE_VPI
|
0
|
VPI value on CE for ATM encapsulation
|
Export_Map
|
0
|
Name of the export map associated with the VRF
|
Extra_CE_Loopback_Required
|
0
|
Flag to indicate whether an extra loopback request is required on the CE
|
Import_Map
|
0
|
Name of the import map associated with the VRF
|
Is_Default_Info_Originate
|
0
|
Flag to indicate whether the default-information originate command for BGP on the PE when STATIC is a running protocol between a CE and a PE
|
Is_Default_Routes_Sent_To_CE
|
0
|
Flag to indicate whether the default routes are sent to a remote CE
|
Join_Grey_Mgmt_Vpn
|
0
|
Flag to indicate whether MPLS will join a Grey Management VPN
|
Max_route_threshold
|
0
|
Percentage of the maximum number of routes that can be imported into the VRF
|
Max_Routes
|
0
|
Maximum number of routes than can be imported into the VRF
|
MVRFCE_CE_Advertised_Routes_To_
CE
|
2
|
List of one or more IP addresses of the advertised static route to be placed on the PE to define the CE's address space, when the MPLS link includes an MVRFCE
|
MVRFCE_CE_IP_Unnumbered
|
0
|
Flag to indicate whether the MVRCE to CE link is unnumbered, when an MPLS link includes an MVRFCE
|
MVRFCE_CE_Is_Default_routes_Sent_To_CE
|
0
|
Flag to indicate whether the default routes are sent to a remote CE, when an MPLS link includes an MVRFCE
|
MVRFCE_CE_NBR_ALLOW_AS_IN
|
0
|
AllowASIn flag when the routing protocol between a CE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
MVRFCE_CE_NBR_AS_OVERRIDE
|
0
|
ASOverride flag when the routing protocol between a CE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
MVRFCE_CE_Ospf_Area_Number
|
0
|
OSPF area number when the routing protocol between a CE and an MVRCE is OSPF, when an MPLS link includes an MVRFCE
|
MVRFCE_CE_Routes_To_Reach_
Other_Sites
|
2
|
List of one or more IP addresses to specify the static routes to put on the CE, when the MPLS link includes an MVRFCE
|
MVRFCE_CE_Routing_Protocol
|
0
|
Routing protocol between MVRFCE and CE
|
PE_BGP_AS_ID
|
0
|
BGP AS ID on a PE when the routing protocol between a CE and a PE is BGP
|
PE_Cable_Both_Helper_Address_List
|
1
|
List of DHCP server IP addresses to which both cable modem and host UDP broadcasts are forwarded
|
PE_Cable_Modem_Helper_Address_list
|
1
|
List of DHCP server IP addresses to which cable modem UDP broadcasts are forwarded
|
PE_Cable_Modem_Host_Helper_
Address_List
|
1
|
List of DHCP server IP addresses to which host UDP broadcasts are forwarded
|
PE_Cable_Modem_Secondary_Address_
List
|
1
|
List of cable modem secondary addresses for cable interfaces
|
PE_CE_Bandwidth_Metric_For_
Redistribution
|
0
|
Bandwidth metric for redistribution of EIGRP when the routing protocol between a CE and a PE is EIGRP
|
PE_CE_Delay_Metric_For_
Redistribution
|
0
|
Delay metric for redistribution of EIGRP when the routing protocol between a CE and a PE is EIGRP
|
PE_CE_IP_Unnumbered
|
0
|
Flag to indicate whether the PE to CE link is unnumbered
|
PE_CE_Loading_Metric_For_
Redistribution
|
0
|
Loading metric for redistribution of EIGRP when the routing protocol between a CE and a PE is EIGRP
|
PE_CE_MTU_Metric_For_
Redistribution
|
0
|
MTU metric for redistribution of EIGRP when the routing protocol between a CE and a PE is EIGRP
|
PE_CE_NBR_Allow_AS_In
|
0
|
AllowASIn flag when the routing protocol between a CE and a PE is BGP
|
PE_CE_NBR_AS_Override
|
0
|
ASOverride flag when the routing protocol between a CE and a PE is BGP
|
PE_CE_Ospf_Area_Number
|
0
|
OSPF area number when the routing protocol between a CE and a PE is OSPF
|
PE_CE_Reliability_Metric_For_
Redistribution
|
0
|
Reliability metric for redistribution of EIGRP when the routing protocol between a CE and a PE is EIGRP
|
PE_CE_Routing_Protocol
|
0
|
Routing protocol between PE and CE
|
PE_DLCI
|
0
|
DLCI value on PE for Frame Relay encapsulation
|
PE_EIGRP_AS_ID
|
0
|
EIGRP AS ID on a PE when the routing protocol between a CE and a PE is EIGRP
|
PE_Facing_MVRFCE_BGP_AS_ID
|
0
|
BGP AS ID on an MVRFCE when the routing protocol between a PE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_DLCI
|
0
|
DLCI value on PE facing MVRFCE interface for Frame Relay encapsulation, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_EIGRP_AS_ID
|
0
|
EIGRP AS ID on an MVRFCE when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_Intf
|
0
|
Name of the PE facing interface on an MVRFCE, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_Intf_Address
|
0
|
IP address assigned to the PE facing MVRFCE interface, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_Intf_Encap
|
0
|
Encapsulation for PE facing of an MVRFCE interface, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_Intf_Name
|
0
|
Name of the PE facing MVRFCE interface, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_Intf_Type
|
0
|
Interface type for PE facing of an MVRFCE interface, when an MPLS link includes an MVRFCE
|
PE_FACING_MVRFCE_OSPF_
Process_ID
|
0
|
OSPF process ID on an MVRFCE when the routing protocol between a PE and an MVRCE is OSPF, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_Tunnel_Src_Addr
|
0
|
Tunnel source address on PE facing MVRFCE interface for GRE encapsulation when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_VCD
|
0
|
VCD value on PE facing MVRFCE interface for ATM encapsulation, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_VCI
|
0
|
VCI value on PE facing MVRFCE interface for ATM encapsulation, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_VLAN_ID
|
0
|
VLAN ID on PE facing MVRFCE interface for Ethernet encapsulation, when an MPLS link includes an MVRFCE
|
PE_Facing_MVRFCE_VPI
|
0
|
VPI value on PE facing MVRFCE interface for ATM encapsulation, when an MPLS link includes an MVRFCE
|
PE_Intf_Address
|
0
|
IP address assigned to the PE interface
|
PE_Intf_Desc
|
0
|
Interface description for the PE interface
|
PE_Intf_Encap
|
0
|
Encapsulation of the PE interface
|
PE_Intf_Name
|
0
|
Name of the PE interface
|
PE_Intf_Shutdown
|
0
|
Shutdown flag for the PE interface
|
PE_IS_Cable_Modem_Maintenance_
Interface
|
0
|
Flag to indicate whether the interface is a maintenance interface
|
PE_MVRFCE_Bandwidth_Metric_For_Redistribution
|
0
|
Bandwidth metric for redistribution of EIGRP when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_BGP_AS_ID
|
0
|
BGP AS ID on a PE when the routing protocol between a PE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_Delay_Metric_For_
Redistribution
|
0
|
Delay metric for redistribution of EIGRP when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_EIGRP_AS_ID
|
0
|
EIGRP AS ID on a PE when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_IP_Unnumbered
|
|
Flag to indicate whether the PE to MVRFCE link is unnumbered, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_Loading_Metric_For_
Redistribution
|
0
|
Loading metric for redistribution of EIGRP when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_MTU_Metric_for_
redistribution
|
0
|
MTU metric for redistribution of EIGRP when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_NBR_ALLOW_AS_IN
|
0
|
AllowASIn flag when the routing protocol between a PE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_NBR_AS_OVERRIDE
|
0
|
ASOverride flag when the routing protocol between a PE and an MVRFCE is BGP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_Ospf_Area_Number
|
0
|
OSPF area number when the routing protocol between a PE and an MVRCE is OSPF, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_OSPF_Process_ID
|
0
|
OSPF process ID on PE when the routing protocol between a PE and an MVRCE is OSPF, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_Reliability_Metric_For_Redistribution
|
0
|
Reliability metric for redistribution of EIGRP when the routing protocol between a PE and an MVRFCE is EIGRP, when an MPLS link includes an MVRFCE
|
PE_MVRFCE_Routing_Protocol
|
0
|
Routing protocol between PE and MVRFCE, when an MPLS link includes an MVRFCE
|
PE_OSPF_PROCESS_ID
|
0
|
OSPF process ID on PE when the routing protocol between a CE and a PE is OSPF
|
PE_Tunnel_Src_Addr
|
0
|
Tunnel source address on PE for GRE encapsulation
|
PE_VCD
|
0
|
VCD value on PE for ATM encapsulation
|
PE_VCI
|
0
|
VCI value on PE for ATM encapsulation
|
PE_Vlan_ID
|
0
|
VLAN ID on PE for Ethernet encapsulation
|
PE_VPI
|
0
|
VPI value on PE for ATM encapsulation
|
rd
|
0
|
Route Distinguisher value for the VRF
|
Redistribute_Connected
|
0
|
Flag to indicate whether the connected routes are redistributed into BGP on the PE
|
Redistribute_Static
|
0
|
Flag to indicate whether the static routes are redistributed into BGP on the PE
|
Redistributed_Protocol
|
1
|
List of routing protocols to be redistributed
|
Rip_Metrics
|
0
|
Metric for redistribution associated with RIP
|
Routes_To_Reach_Other_Sites
|
2
|
List of one or more IP addresses to specify the static routes to put on the CE.
|
vrfName
|
0
|
Name of the VRF
|
Table 7-6 provides a summary of the NAT Repository variables available from the ISC Template Manager.
Table 7-6 NAT Repository Variables
Repository Variable
|
Dimension
|
Description
|
Example
|
InsideInterfaceNameList
|
1
|
List of NAT inside interface names, empty for non-Cisco IOS devices
|
Ethernet0, Ethernet1, ...
|
NATIsOverlapping
|
0
|
If the site behind this device is overlapping with others. The value is either true or false.
|
true, false
|
NATLocalExPrefixList
|
1
|
List of exclusion prefixes (IP address ranges) behind this device.
|
10.10.1.5/32
10.11.1.0/30...
|
NATLocalPrefixList
|
1
|
List of prefixes (IP address ranges) behind this device
|
10.10.1.0/24
10.11.1.0/24...
|
NATPeerExPrefixList
|
1
|
List of peer's exclusion prefixes (IP address ranges)
|
10.12.1.1/32
10.13.1.8/30
|
NATPeerPrefixList
|
1
|
List of peer's prefixes (IP address ranges)
|
10.12.1.0/24
10.13.1.0/24
|
OutsideInterfaceNameList
|
1
|
List of NAT outside interface names, empty for non-Cisco IOS devices
|
Serial0, Serial1, ...
|
Table 7-7 provides a summary of the QoS Repository variables available from the ISC Template Manager.
Table 7-7 QoS Repository Variables
Repository Variable
|
Dimension
|
Description
|
Example
|
QoS_Customer
|
0
|
Name of the customer
|
ABC
|
QoS_Policy
|
0
|
Name of the QoS policy
|
Gold
|
QoS_Supported_MPLS
|
0
|
Boolean flag to indicate whether MPLS is supported in the core. The value is either true or false.
|
true
false
|
QoS_PE_Remarking_ReRateLimiting
|
0
|
Boolean flag to indicate whether re-marking and re-rate-limiting is required on PE. The value is either true or false.
|
true
false
|
QoS_CE_Marking_RateLimiting_
Interfaces
|
1
|
List of marking and rate-limiting interfaces on CE
|
serial0
serial1
ethernet1
|
QoS_CE_Marking_RateLimiting_
Interface_Encap
|
1
|
List of interface encapsulation types of the marking and rate-limiting interfaces on CE (same order as QoS_CE_Marking_Rate
Limiting_Interfaces)
|
HDLC
HDLC
ethernet
|
QoS_PECLE_Marking_RateLimiting_
Interface
|
0
|
Name of the marking and rate-limiting interface on PECLE (for Ethernet QoS)
|
ethernet1
|
QoS_PECLE_Marking_RateLimiting_
Interface_Encap
|
0
|
Interface encapsulation type of the marking and rate-limiting interface on PECLE (for Ethernet QoS)
|
ethernet
|
QoS_Link_Bandwidth
|
0
|
Bandwidth of the CE and PE link (bps)
|
128000
|
QoS_LinkEndpoint_Role
|
0
|
Role of the link endpoint (that is, CPE or PE)
|
CPE_Endpt
PE_Endpt
|
QoS_LinkEndpoint_Hostname
|
0
|
Hostname of the link endpoint
|
enpe1
|
QoS_LinkEndpoint_Platform
|
0
|
Platform type of the link endpoint
|
7206
|
QoS_LinkEndpoint_Linecard_Model
|
0
|
Line-card model of the link endpoint
|
8OC03_ATM_TS-
IR-B
|
QoS_LinkEndpoint_Interface
|
0
|
Interface name of the link endpoint
|
FastEthernet8/10.7
00
|
QoS_LinkEndpoint_Interface_Encap
|
0
|
Interface encapsulation type of the link endpoint interface
|
DOT1Q
|
QoS_LinkEndpoint_Type
|
0
|
Enumerator to indicate the type of the link endpoint ("Interface", "ATM", or "FRAME_RELAY")
|
FRAME_RELAY
|
QoS_LinkEndpoint_FR_Dlci
|
0
|
Frame-Relay DLCI number of the link endpoint
|
102
|
QoS_LinkEndpoint_ATM_VPI
|
0
|
VPI value of the ATM VC of the link endpoint
|
110
|
QoS_LinkEndpoint_ATM_VCI
|
0
|
VCI value of the ATM VC of the link endpoint
|
256
|
QoS_LinkEndpoint_ATM_VCD
|
0
|
VCD value of the ATM VC of the link endpoint
|
Atm1
|
QoS_LinkEndpoint_ATM_PA_Model
|
0
|
The ATM port adaptor model of the link endpoint
|
PA-A1-OC3MM
|
QoS_LinkEndpointVLAN_Id
|
0
|
The VLAN ID of the link endpoint (Ethernet QoS)
|
800
|
Protocol Manager
Protocol Manager allows you to define customized protocol(s) that are not predefined. ISC defines most commonly used protocols. This Protocol Manger is used to customize protocol definition(s). For more information, refer to Chapter 6, "Firewall Services," in the Cisco IP Solution Center, 3.1: Security Management User Guide, 3.1.
The protocol is used by access rules in an ISC Firewall policy.
From Figure 7-1, navigate Service Design > Protocol Manager and you can choose either of the following:
•Protocols Create and manage protocols.
•Protocol Bundles Create and manage protocol bundles.
Protocols
The Protocols feature allows you to create customized protocols for TCP, UDP, ICMP, IGMP, and IP protocols.
All the possible choices for Protocols can be handled as follows:
Step 1 Navigate Service Design > Protocol Manager and then choose Protocols. A window such as Figure 7-30, "Protocols," appears.
Figure 7-30 Protocols
Proceed to one of the following:
•Create TCP Make no selections. From the Create click-down menu, click TCP.
•Create UDP Make no selections. From the Create click-down menu, click UDP.
•Create ICMP Make no selections. From the Create click-down menu, click ICMP.
•Create IGMP Make no selections. From the Create click-down menu, click IGMP.
•Create IP Make no selections. From the Create click-down menu, click IP.
•Edit Click one checkbox to select one protocol, and then click Edit to modify it.
•Delete Click one or more checkboxes to select one or more protocols, and then click Delete to delete the chosen protocols (you can select all the listed protocols by clicking the checkbox in the header row).
Create TCP
To create a TCP protocol, navigate Service Design > Protocol Manager, choose Protocols, and follow these steps:
Step 1 Click the Create button and from the drop-down menu, click TCP.
Step 2 A window as shown in Figure 7-31, "Create TCP Protocol," appears.
Figure 7-31 Create TCP Protocol
Enter the following fields:
Protocol Name (required)
Source Port Start (optional) Specify the Source Port Start.
Source Port End (optional) Specify the Source Port End.
Source Port Operation (optional) The drop-down menu choices are eq for equal; gt for greater than; lt for less than; neq for not equal; and range for a range of values. The check is for the port number and these qualifiers are for that port. For example, checking only for a port number equal (eq) to the port number specified, checking only for port numbers greater than (gt) the port specified, and so on.
Destination Port Start (required) Specify the Destination Port Start.
Destination Port End (optional) Specify the Destination Port End.
Destination Port Operation (required when Source Port Start is specified) The drop-down menu choices are eq for equal; gt for greater than; lt for less than; neq for not equal; and range for a range of values. The check is for the port number and these qualifiers are for that port. For example, checking only for a port number equal (eq) to the port number specified, checking only for port numbers greater than (gt) the port specified, and so on.
Click Save.
Step 3 You return to an updated Figure 7-30 and a Status block with a green check mark for Succeeded.
Create UDP
To create a UDP protocol, navigate Service Design > Protocol Manager, choose Protocols, and follow these steps:
Step 1 Click the Create button and from the drop-down menu, click UDP.
Step 2 A window as shown in Figure 7-32, "Create UDP Protocol," appears.
Figure 7-32 Create UDP Protocol
Enter the following fields:
Protocol Name (required)
Source Port Start (optional) Specify the Source Port Start.
Source Port End (optional) Specify the Source Port End.
Source Port Operation (required) The drop-down menu choices are eq for equal; gt for greater than; lt for less than; neq for not equal; and range for a range of values. The check is for the port number and these qualifiers are for that port. For example, checking only for a port number equal (eq) to the port number specified, checking only for port numbers greater than (gt) the port specified, and so on.
Destination Port Start (required) Specify the Destination Port Start.
Destination Port End (optional) Specify the Destination Port End.
Destination Port Operation (required when Source Port Start is specified) The drop-down menu choices are eq for equal; gt for greater than; lt for less than; neq for not equal; and range for a range of values. The check is for the port number and these qualifiers are for that port. For example, checking only for a port number equal (eq) to the port number specified, checking only for port numbers greater than (gt) the port specified, and so on.
Click Save.
Step 3 You return to an updated Figure 7-30 and a Status block with a green check mark for Succeeded.
Create ICMP
To create an ICMP protocol, navigate Service Design > Protocol Manager, choose Protocols, and follow these steps:
Step 1 Click the Create button and from the drop-down menu, click ICMP.
Step 2 A window as shown in Figure 7-33, "Create ICMP Protocol," appears.
Figure 7-33 Create ICMP Protocol
Enter the following fields:
Protocol Name (required)
Type (required) This must be a valid ICMP type.
Step 3 Click Save.
Step 4 You return to an updated Figure 7-30 and a Status block with a green check mark for Succeeded.
Create IGMP
To create an IGMP protocol, navigate Service Design > Protocol Manager, choose Protocols, and follow these steps:
Step 1 Click the Create button and from the drop-down menu, click IGMP.
Step 2 A window as shown in Figure 7-34, "Create IGMP Protocol," appears.
Figure 7-34 Create IGMP Protocol
Enter the following fields:
Protocol Name (required)
Type (required) This must be a valid IGMP type.
Step 3 Click Save.
Step 4 You return to an updated Figure 7-30 and a Status block with a green check mark for Succeeded.
Create IP
To create an IP protocol, navigate Service Design > Protocol Manager, choose Protocols, and follow these steps:
Step 1 Click the Create button and from the drop-down menu, click IP.
Step 2 A window as shown in Figure 7-35, "Create IP Protocol," appears.
Figure 7-35 Create IP Protocol
Enter the following fields:
Protocol Name (required)
Protocol Number (required) For example, for the GRE protocol, the protocol number is 47.
Step 3 Click Save.
Step 4 You return to an updated Figure 7-30 and a Status block with a green check mark for Succeeded.
Edit
From Figure 7-30, do the following to edit a protocol:
Step 1 Click one checkbox, thus selecting only one protocol.
Click the Edit button and a window as shown in the create section for this protocol type appears, except that this is an Edit window and the Name cannot be changed. Complete the remaining fields as explained in the Create sections. And then click Save.
Step 2 Figure 7-30 appears with the updated information.
Delete
From Figure 7-30, do the following to delete protocols:
Step 1 Click one or more checkboxes (to choose all the listed protocols, click the checkbox in the header row), thus selecting protocol(s).
Click the Delete button and a Confirm Delete window gives you the opportunity to continue, by clicking Delete or cancel the delete process by clicking Cancel.
Step 2 Figure 7-30 appears with the updated information.
Protocol Bundles
Protocol Bundles allows you to group Protocols and to use them as a single entity.
All the possible choices for Protocols Bundles can be handled as follows:
Step 1 Navigate Service Design > Protocol Manager and then choose Protocol Bundles. A window such as Figure 7-36, "Protocols Bundles," appears.
Figure 7-36 Protocols Bundles
Proceed to one of the following:
•Create Protocol Bundles Make no selection. Click Create.
•Edit Click one checkbox to select one protocol bundle, and then click Edit to modify it.
•Delete Click one or more checkboxes to select one or more protocol bundles, and then click Delete to delete the chosen protocol bundles (you can select all the listed protocol bundles by clicking the checkbox in the header row).
Create Protocol Bundles
Navigate Service Design > Protocol Manager, choose Protocol Bundles, and follow these steps:
Step 1 Click the Create button.
Step 2 A window as shown in Figure 7-37, "Create Protocol Bundles," appears.
Figure 7-37 Create Protocol Bundles
Enter the following fields:
Protocol Bundle Name (required)
Protocols (required) Click Add and a list of protocols appears. Select one or more protocols for this protocol bundle and then click Select. The protocols are listed. You can select highlight one or more protocols and then click Remove to remove these selections.
Description (optional) This information is for clarity of description of the protocol bundle.
Step 3 Click Save.
Step 4 You return to an updated Figure 7-36 and a Status block with a green check mark for Succeeded.
Edit Protocol Bundles
From Figure 7-36, do the following to edit a protocol bundle:
Step 1 Click one checkbox, thus selecting only one protocol bundle.
Click the Edit button and a window as shown in Figure 7-37 appears, except that this is an Edit Protocol Bundle window and the Name cannot be changed. Complete the remaining fields as explained in the "Create Protocol Bundles" section. And then click Save.
Step 2 Figure 7-36 appears with the updated information.
Delete Protocol Bundles
From Figure 7-36, do the following to delete protocol bundles:
Step 1 Click one or more checkboxes (to choose all the listed protocol bundles, click the checkbox in the header row), thus selecting protocol bundle(s).
Click the Delete button and a Confirm Delete window gives you the opportunity to continue, by clicking Delete or cancel the delete process by clicking Cancel.
Step 2 Figure 7-36 appears with the updated information.
Link QoS Manager
The link QoS manager deals with link-level QoS settings such as Aggregate Shapers (FRTS; ATM Shapers, parent-level cb-shaper), Link Efficiency Mechanisms (FRF.12, LFIoMLPPP, and cRTP), and Interface-based CAR, those that depend on Layer2 encapsulation and link bandwidth.
You can create a link QoS setting for a network independent of a VPN service. To create a Link QoS setting for an MPLS service, see Chapter 7, "Applying QoS Policies to VPN Services," in the Cisco IP Solution Center, 3.1: Quality of Service Management User Guide, 3.1.
When you navigate Service Design > Link QoS Manager, a window appears, as shown in Figure 7-38, "Link QoS Settings."
Figure 7-38 Link QoS Settings
The current Link QoS settings are available for QoS service requests, including the following information about each Link QoS setting:
•Set Name the name of your link QoS settings
•Owner Customer or Provider
•Type IP Link QoS Setting
•Encapsulation
•Bandwidth (in kbps) for IP Link QoS Setting
The explanation of the buttons and subsequent drop-down menus is given as follows:
•Create This section explains how to create IP Link QoS Settings.
•Edit This section explains how to edit an IP Link QoS Setting.
•Delete This section explains how to delete an IP Link QoS Setting.
Create
When you navigate Service Design > Link QoS Manager, click the Create button at the bottom of the window, as shown in Figure 7-38. To create IP Link QoS settings, proceed as follows:
Step 1 When you click the Create button, you receive a window as shown in Figure 7-39, "IP Link Settings Editor."
Figure 7-39 IP Link Settings Editor
Step 2 Fill in the following:
•Set Name (required) The name of the link QoS settings. Specify a name that describes the service offered by the settings. Examples: Frame_64K_Gold; ATM_2Mb_Silver. The name Frame_64K_Gold indicates that this set should be used on a CPE-PE link of bandwidth 64kbps, whose layer-2 encapsulation is Frame Relay and to meet an SLA of Gold.
•Owner (required) Keep the Customer radio button selected (default) or click the Provider radio button. Then click Select and you receive a list of the customers or providers, as applicable. You can filter this list. From the selected customers or providers, click the radio button for the customer or provider you want to select and click Select. You can repeat this procedure if you want to change your selection.
•Link Bandwidth (required) The link bandwidth specifies the maximum amount of bandwidth allocated for packets belonging to this link.
•Aggregated Traffic Shaper Applies traffic shaping QoS parameters to the device interface. Use this method instead of applying traffic shaping parameters with a service class. Click on the words Aggregated Traffic Shaper and you receive a window as shown in Figure 7-40, "Aggregated Traffic Shaper."
Figure 7-40 Aggregated Traffic Shaper
–Click the drop-down menu for the CE and for the PE and select one of the following traffic shaper types. You receive another window in which to specify more information for Attribute and Value.
FR Traffic Shaper Frame Relay Traffic Shaper. Class-based Parent-level Shaper that operates only in distributed mode on VIP-based routers, such as the Cisco 7500 series platforms.
FR Traffic Shaper (non-MQC) Frame Relay Traffic Shaper. This shaper operates on 72xx and low-end routers.
Parent-level Class-based Shaper Used in the context of nested policy. A nested policy consists of a bottom-level policy that identifies one or more classes of traffic, and a top-level policy that shapes the output of the traffic classes into a single shape rate. You can apply a nested policy to an interface or subinterface.
ATM Traffic Shaper (VBR-rt) Variable bit rate-real time Intended for real-time applications, such as compressed voice over IP and video conferencing, that require tightly constrained delays (cell transfer delay or cell delay variation).
ATM Traffic Shaper (VBR-nrt) Variable bit rate-non real time Follows a leaky bucket or token bucket algorithm.
ATM Traffic Shaper (CBR) Constant bit rate Designed for ATM virtual circuits (VCs) that need a static amount of bandwidth that is continuously available for the duration of the active connection.
ATM Traffic Shaper (ABR) Configures a router to transmit at a rate that varies with the amount of bandwidth available in the network or along the end-to-end transmission path.
None
–Click OK. The updated information appears in Figure 7-39. You can repeat this process until you get what you want.
•Link Efficiency Based on the bandwidth of CPE-PE link. Link efficiency features work with queueing and traffic shaping to improve the efficiency and predictability of the application service levels. Click on the words Link Efficiency and you receive a window as shown in Figure 7-41, "Link Efficiency Settings."
Figure 7-41 Link Efficiency Settings
–Click the checkbox for one of the following:
LFI on Frame Relay (FRF.12) (default) Supports the transport of real-time voice and data traffic on Frame Relay virtual circuits (VCs) without causing excessive delay to the real-time traffic. If you choose this, you can override the following field with a number (16 - 1600), which specifies the fragmentation size in bytes.
or
LFI on MLPP Multilink PPP (MLPPP) provides a method of splitting, recombining, and sequencing datagrams across multiple logical data links. MLPPP allows packets to be fragmented and the fragments to be sent at the same time over multiple point-to-point links to the same remote address.
–Leave the cRTP checkbox for Header Compression checked (default) or uncheck it. cRTP compresses the IP/UDP/RTP header in an RTP data packet from 40 bytes to approximately 2 to 5 bytes. Use cRTP on a WAN interface where bandwidth is an issue and much of the traffic is RTP traffic.
–Click OK. The updated information appears in Figure 7-39. You can repeat this process until you get what you want.
•Interface-based Aggregated Rate Limiter This provides rate limiting for the traffic on a particular interface for the CPE-PE link. Click on the words Interface-based Aggregated Rate Limiter and you receive a window as shown in Figure 7-42, "Interface-based Aggregated Rate Limiter List."
Figure 7-42 Interface-based Aggregated Rate Limiter List
–Add is available when no choice is made. Click Add and you receive a window that lets you enter the following information. Then click OK to return to Figure 7-42 with updated information.
Traffic Classification (required) Specifies the method for classifying traffic. Click edit to access the Traffic Classification Editor and choose from these selections.
Direction (required) Click the drop-down menu and choose OUTPUT (default) or INPUT. This specifies the direction of traffic to apply rate limiting parameters to.
Mean Rate in bps: (8000 - 2000000000) (required).
Conformed burst size in bytes: (2100 - 512000000) (required).
Extended burst size in bytes: (2000 - 1024000000) (required).
Conform—Action (required) Click the drop-down menu and choose: Transmit, which sends the packet; Drop, which drops the packet; Set-dscp-transmit, which sets the DSCP value and transmits the packet (must additionally specify a DSCP value in the drop-down menu); Set-prec-transmit, which sets the IP Precedence (0 to 7) values and sends the packet (must additionally specify an IP Precedence value in the drop-down menu); Set-mpls-exp-transmit, which sets the mpls experimental (0 to 7) values and sends the packet (must additionally specify an mpls experimental value in the drop-down menu); Set-dscp-continue, which sets the DSCP value and transmits the packet (must additionally specify a DSCP value in the drop-down menu); Set-prec-continue, which sets the IP Precedence (0 to 7) values and sends the packet (must additionally specify an IP Precedence value in the drop-down menu); or Set-mpls-exp-continue, which sets the mpls experimental (0 to 7) values and sends the packet (must additionally specify an mpls experimental value in the drop-down menu).
Exceed—Action (required) Click the drop-down menu and use the same choices as in Conform—Action to specify how to handle packets that exceed the configured rate limit.
–Edit is available when one checkbox is selected. You can edit the information that is specified for Add. Click Edit. After you make your edits, click OK.
–Delete is available when one or more checkboxes are selected. Click Delete. The selection is deleted without confirmation.
Note Be careful that you are sure you want to delete before clicking Delete. It happens automatically.
–OK returns you to Figure 7-38.
–Cancel is available to cancel this process.
Step 3 After making all the selections in Step 2, click Save in Figure 7-39.
Step 4 Figure 7-38 reappears with the new IP Link QoS Setting and a Status box in the lower left corner with a green check mark for Succeeded.
Edit
The edit button, at the bottom of Figure 7-38, allows you to edit a specific link QoS setting. Follow these steps:
Step 1 Navigate Service Design > Link QoS Settings.
Step 2 Click the checkbox for the row of the link QoS setting that you want to edit.
Step 3 Click the Edit button and a window appears as in Figure 7-39. Edit, following the windows in Create.
The Owner cannot be changed.
Step 4 Click Save and Figure 7-38 reappears with the new Link QoS Setting and a Status box in the lower left corner with a green check mark for Succeeded.
Delete
The Delete button, at the bottom of Figure 7-38, allows you to delete one or more link QoS settings. Follow these steps:
Step 1 Navigate Service Design > Link QoS Settings.
Step 2 Click the checkbox(es) for the row(s) of the link QoS setting(s) you want to delete or click the checkbox in the header row to select all the link QoS settings for deletion.
Step 3 Click the Delete button and the selected link QoS settings are deleted without a chance to confirm. Otherwise click Cancel.
Note You receive no opportunity to confirm what you want to delete, so be sure you want to delete what you have selected.
Network Objects Manager
Network Objects Manager allows you to create network objects. A network object is a group of IP addresses. When you define a network object you can use this object in a Firewall policy rather than using the actual address itself. This simplifies Firewall policy creation.
From Figure 7-1, navigate Service Design > Network Objects Manager and follow these steps:
Step 1 The first window to appear is as shown in Figure 7-43, "Network Objects."
Figure 7-43 Network Objects
Step 2 From this window, you can do any of the following:
•Create Network Objects This is enabled when no network objects are selected.
•Edit Network Objects This is enabled when only one network object is selected.
•Delete Network Objects This is enabled when one or more network objects are selected.
Create Network Objects
From Figure 7-43, do the following to create a network object:
Step 1 Click no checkbox, thus selecting no network objects.
Step 2 Click the Create button and a window as shown in Figure 7-44, "Create Network Object," appears.
Figure 7-44 Create Network Object
Enter the following information:
Name (required)
Type (required) Click the drop-down menu and choose STRING, NETWORK, or HOST.
Values (required) Enter a valid IP address in the format of a.b.c.d/e or a list of valid IP addresses in that format.
Container Type (required) Click the drop-down menu and choose Global, Customer, Site, or CPE.
Container (required) If you chose Customer (proceed to Step 3), Site, (proceed to Step 4), or CPE (proceed to Step 5) as the Container Type, then Select is enabled here. Once you make your selection in the resulting window, click Select and you return to the updated Figure 7-44.
Step 3 If you set the Container Type to Customer, when you click Select for Container, a Customer for Container Selection window occurs, in which you can click one of the radio buttons and then click Select. This customer is added to your Container.
Step 4 If you set the Container Type to Site, when you click Select for Container, a Site for Container Selection window appears in which you can select one radio button for a site and then click Select. This site is added to your Container.
Step 5 If you set the Container Type to CPE, when you click Select for Container, a CPE for Container Selection window appears in which you can select one radio button for a CPE and then click Select. This CPE is added to your Container.
Step 6 Click Save in Figure 7-44 and you return to an updated Figure 7-43.
Edit Network Objects
From Figure 7-43, do the following to edit a network object:
Step 1 Click one checkbox, thus selecting only one network object.
Click the Edit button and a window as shown in Figure 7-44 appears, except that this is an Edit Network Object window and the Name cannot be changed. Complete the remaining fields as explained in the "Create Network Objects" section. And then click Save.
Step 2 Figure 7-43 appears with the updated information.
Delete Network Objects
From Figure 7-43, do the following to delete network objects:
Step 1 Click one or more checkboxes (to choose all the listed network objects, click the checkbox in the header row), thus selecting network object(s).
Click the Delete button and a Confirm Delete window gives you the opportunity to continue, by clicking Delete or cancel the delete process by clicking Cancel.
Step 2 Figure 7-43 appears with the updated information.
