Quick Start for Branch Users Using Cisco ISR-4451-X

This chapter describes how to get started quickly with ISR-WAAS on the Cisco ISR 4451-X.

Prerequisites and Requirements for Using the EZConfig Program

This ection contains the following subsections:

Prerequisites

Before getting started with ISR-WAAS on the Cisco ISR 4451-X, ensure that you have the following:

  • Cisco ISR 4451-X router with 8 GB RAM, 16GB compact flash memory, and 200 GB hard disk
  • Valid cisco.com username and password
  • CCO image from Cisco.com
  • Cisco ISR image with AppX licensing with RTU
  • ISR-WAAS package file (OVA) that is shipped on the boot flash.
  • Wide Area Virtualization Engine (WAVE) appliance as the peer device
  • WAAS Central Manager (WCM)

Requirements

  • Cisco recommends that you connect the Cisco ISR 4451-X router to the WCM before using the EZConfig program. If you do not connect them, the EZConfig program still starts the service but displays an error at the end. You can later register the service with the WCM by using the WCM-specific commands service waas wcm ip address ip_address and service waas wcm deregister.
  • You also need to configure an SRV record on a DNS server that is reachable from the router. The system uses the SRV record to look up the IP address of the WCM.
  • You must manually configure the WAN and LAN interfaces and the WAN connectivity routes before you can use the EZConfig program.
  • The EZConfig program attempts to enable the ISR-WAAS solution on the WAN interfaces that you enter. If the WAN interfaces are down or not configured for proper connectivity, the EZConfig program still configures the ISR-WAAS solution but the WAAS optimization functionality will not work until the WAN interfaces are enabled properly.
  • If there is an existing configuration for ISR-WAAS (both the AppNav-XE component and the virtual container) on the Cisco ISR 4451-X that is not associated with the name AUTOWAAS, then you must manually clean the configuration before running the EZConfig program. EZConfig uses the name AUTOWAAS for the entire internal configuration naming so that the configuration can be tracked together and shown as being associated with the EZConfig menu.

Enabling ISR-WAAS on a Cisco ISR 4451-X Using the EZConfig Program

The EZConfig program is a single CLI command that launches an interactive mode for enabling ISR-WAAS on the Cisco ISR 4451-X. The program walks you through a series of questions and enables the corresponding AppNav Controller, container, interface, and connected application configurations.

Using the EZConfig Program

To run the EZConfig program, issue the following CLI command on a Cisco ISR 4451-X while logged in with privilege 15:

router# service waas enable
 

The system displays a welcome message and prompts you for several input parameters, as explained in subsequent sections.

router# service waas enable
**************************************************************************
**** Entering WAAS service interactive mode. ****
**** You will be asked a series of questions, and your answers ****
**** will be used to modify this device's configuration to ****
**** enable a WAAS Service on this router. ****
**************************************************************************
 
Continue? [y]:
 
At any time: ? for help, CTRL-C to exit.
 
Existing/conflicting WAAS configuration found.
Do you want to clean existing configuration so a fresh configuration through this interactive menu can proceed? [y]: y
% Virtual service AUTOWAAS was not activated
deactivating!!!!!!!!!!!!
 
removing previous profile extraction
 
*Nov 14 18:29:12.911: %VIRT_SERVICE-5-INSTALL_STATE: Successfully uninstalled virtual service AUTOWAAS
 
Continuing with WAAS service enablement...

Selecting the OVA Package

The EZConfig program searches the router storage devices, router flash, and hard disks for ISR-WAAS images with the following Cisco-approved naming convention: ISR4451-X-WAAS*.ova. The system only uses images with this naming convention as choices. If the system only finds one OVA package, it automatically uses it.

note.gif

Noteblank.gif You can use the.OVA and.tar image to configure the ISR-WAAS on the Cisco 4451-X ISR. The.tar image is support only from Cisco IOX XE 16.9.X and later images.


Here is an example of the system only finding one OVA package:

Only one WAAS image found locally (harddisk:/ISR4451-X-WAAS-eft.ova) - using as default
 
Extracting profile from harddisk:/vWAAS-kvm-5.1.2-SP4-b9.ova, this may take a couple of minutes...
 

Here is an example of the system finding multiple OVA packages:

Select a WAAS image to install:
1.harddisk:/ISR4451-X-WAAS-eft.ova
2.harddisk:/ISR4451-X-WAAS-test.ova
3.Enter your own image
 
Select image [2]:
 
Extracting profile from harddisk:/ISR4451-X-WAAS-test.ova, this may take a couple of minutes...
 

The system sets the OVA image with the latest timestamp as the default. If you press enter without selecting an image, the system uses the default image. If you choose to enter an image name, the system prompts you for the image location and name, as in the example below. However, you can only select an image from the hard disk or the router flash.

Select a WAAS image to install:
1.harddisk:/ISR4451-X-WAAS-eft.ova
2.harddisk:/ISR4451-X-WAAS-test.ova
3.Enter your own image
 
Select image [2]: 3
Enter the local WAAS image to install. (blank to return) []: harddisk:/ISR4451-X-WAAS-myfile.ova

Selecting the ISR-WAAS Profile

Each ISR-WAAS image is shipped with multiple profiles. The profiles dictate the resources used by the ISR-WAAS virtual instance and the number of connections supported. The system prompts you to select a profile, as in the following example:

These are the available profiles
1. ISR-WAAS-2500
2. ISR-WAAS-1300
3. ISR-WAAS-750
 
Choose profile [1]:
 

The system sets the profile with the highest number of connections as the default. You can press enter to select the default profile or select a different profile.

Entering the Host IP Address and the ISR-WAAS Service IP Address

You must enter an internal IP address and subnet mask for the host, as well as an IP address for the ISR-WAAS service. The ISR-WAAS service IP address must be in the same network as the host. The host IP address is the address used by the router to communicate with the container.

Alternatively, you can specify that the ISR-WAAS service IP address be in the same subnet as one of the active router interfaces. This interface IP address can then be borrowed as the host IP address using IP unnumbered. The system inserts a static route to divert traffic to ISR-WAAS.

note.gif

Noteblank.gif The system supports IPv4 and IPv6.

  • The host IP address and subnet mask must be in the format “a.b.c.d/nn” or “a.b.c.d a.b.c.d”.


 

The following example illustrates the EZConfig IP address prompt. The system does not prompt you for the host IP address:

The following ip address type supported for WAAS
1) ipv4
2) ipv6
 
Select ip address type (1 or 2):2
 
Enter the IP address to be configured on the WAAS service: 10:10:10:10::10
 
The following ip address type supported for Host on Router
1) ipv4
2) ipv6
 
Select ip address type (1 or 2):2
 
Enter the IP address to be configured on this router: 10:10:10:11::10/24
 

Because the service IP address entered was in the same subnet as one of the interfaces, say GigabitEthernet0/0/1, the system borrows the service IP address for the host from this interface using IP unnumbered. If you are not using IP unnumbered, the system prompts you to enter the ISR-WAAS service IP address, the host IP address, and the subnet mask.

Entering the WAAS Central Manager (WCM) IP Address

The WAAS Central Manager (WCM) manages the WAAS service. It configures the WAAS policy and the application accelerators. The IP address of the WCM must be reachable from the router; otherwise, the WCM registration fails. If this happens, the EZConfig program continues with the remaining configuration and you can manually connect ISR-WAAS to WCM using the service waas wcm command.

The system uses a DNS SRV record to look up the WCM IP address. The system sends the IP address to ISR-WAAS for registration with the WCM. In order to successfully look up the IP address, make sure that the following record is available on a DNS server that is reachable from the router:

_waascms._tcp.cisco.com
Example:
ip host waas-cm.cisco.com 100.0.0.100
ip host _waascms._tcp.ciscowaas.local srv 1 100 8443 waas-cm.cisco.com
 

If the system cannot reach the DNS server, or if there is no SRV record, and the system cannot obtain the IP address of the WCM, the system prompts you to manually enter it.

note.gif

Noteblank.gif You must disable the boost license before you use the virtual-service command.


Use the show virtual-service detail command to check the status of the WCM registration.

The following is an example of the EZConfig WCM IP address prompt:

The following ip address type supported for WAAS Central Manager
1) ipv4
2) ipv6
 
Select ip address type (1 or 2):2
 
Enter the IP address of the WAAS Central Manager (WCM): 10:10:10:10::12
 

After the EZConfig program installs and activates the ISR-WAAS virtual instance, the system displays the virtual instance in the WCM.

Entering the WAAS Interception Interfaces

The EZConfig program displays a list of interfaces on the router. Enter the WAN interfaces where WAAS functionality is enabled using the underlying WAAS interception and routing mechanism AppNav.

note.gif

Noteblank.gif You cannot use the GigabitEthernet0 interface because it is a management interface used by the router.


See the following example:

The following IP interfaces are currently available on the router:
 
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.9.1 YES NVRAM up up
GigabitEthernet0/0/1 10.10.9.1 YES NVRAM up up
GigabitEthernet0/0/2 100.0.0.2 YES NVRAM up up
GigabitEthernet0/0/3 unassigned YES NVRAM down down
GigabitEthernet0 1.1.220.8 YES NVRAM up up
 
Enter a WAN interface to enable WAAS interception (blank to skip) []: Gi 0/0/0
 
Enter additional WAN interface (blank to finish) []:

Verifying Input

After you enter all the requested information, the EZConfig program displays a configuration summary so that you can review the inputs and modify them if needed. The following is a sample:

****************************
** Configuration Summary: **
****************************
 
a) WAAS Image and Profile Size:
bootflash:/ISR4451-X-WAAS-eft.ova (1331268265) bytes
ISR-WAAS-750
 
b) Router IP/mask:
Using IP unnumbered from interface GigabitEthernet0/0/1
 
WAAS Service IP:
10.10.9.10
 
c) WAAS Central Manager:
100.0.0.1
 
d) Router WAN Interfaces:
GigabitEthernet0/0/0
 
Choose letter ‘a-d’ to edit, 'v' to view config script, 's' to apply config [s]:
 

If you select s, which is the default, the system applies the above configuration. If you choose a letter a through d, the system prompts you to modify the configuration that you chose. If you select v, the system displays the configuration as shown below:

The following configuration will be applied:
interface VirtualPortGroup31
ip unnumbered GigabitEthernet0/0/1
ip route 10.10.9.10 255.255.255.255 VirtualPortGroup31
 
virtual-service AUTOWAAS
interface VirtualPortGroup31
ip address 10.10.9.10
exit
profile ISR-WAAS-750
activate
 
interface GigabitEthernet0/0/2
service-insertion waas
exit
 
service-insertion service-node-group AUTOWAAS-SNG
description AUTOWAAS
node-discovery enable
service-node 10.10.9.10
exit
 
service-insertion appnav-controller-group AUTOWAAS-SCG
description AUTOWAAS
appnav-controller 10.10.9.1
exit
 
ip access-list extended EPMAP
permit tcp any any eq 135
ip access-list extended NFS
permit tcp any any eq 2049
ip access-list extended HTTPS
permit tcp any any eq 443
ip access-list extended CIFS
permit tcp any any eq 139
permit tcp any any eq 445
ip access-list extended RTSP
permit tcp any any eq 554
permit tcp any any eq 8554
ip access-list extended Citrix-ICA
permit tcp any any eq 1494
ip access-list extended Citrix-CGP
permit tcp any any eq 2598
ip access-list extended HTTP
permit tcp any any eq 80
permit tcp any any eq 3218
permit tcp any any eq 8000
permit tcp any any eq 8080
permit tcp any any eq 8088
ip access-list extended SN_OR_WCM
permit tcp host 10.10.9.10 any
permit tcp any host 10.10.9.10
permit tcp host 100.0.0.1 any
permit tcp any host 100.0.0.1
ip access-list extended AUTOWAAS
permit tcp any any
class-map type appnav match-any SN_or_WCM
match access-group name SN_or_WCM
class-map type appnav match-any NFS
match access-group name NFS
class-map type appnav match-any HTTP
match access-group name HTTP
class-map type appnav match-any HTTPS
match access-group name HTTPS
class-map type appnav match-any CIFS
match access-group name CIFS
class-map type appnav match-any MAPI
match protocol mapi
class-map type appnav match-any RTSP
match access-group name RTSP
class-map type appnav match-any Citrix-ICA
match access-group name Citrix-ICA
class-map type appnav match-any Citrix-CGP
match access-group name Citrix-CGP
class-map type appnav match-any AUTOWAAS
match access-group name AUTOWAAS
policy-map type appnav AUTOWAAS
description AUTOWAAS global policy
class SN_OR_WCM
pass-through
class HTTP
distribute service-node-group AUTOWAAS-SNG
monitor-load http
class MAPI
distribute service-node-group AUTOWAAS-SNG
monitor-load mapi
class HTTPS
distribute service-node-group AUTOWAAS-SNG
monitor-load ssl
class CIFS
distribute service-node-group AUTOWAAS-SNG
monitor-load cifs
class Citrix-ICA
distribute service-node-group AUTOWAAS-SNG
monitor-load ica
class Citrix-CGP
distribute service-node-group AUTOWAAS-SNG
monitor-load ica
class EPMAP
distribute service-node-group AUTOWAAS-SNG
monitor-load MS-port-mapper
class NFS
distribute service-node-group AUTOWAAS-SNG
monitor-load nfs
class RTSP
distribute service-node-group AUTOWAAS-SNG
monitor-load video
class AUTOWAAS
distribute service-node-group AUTOWAAS-SNG
service-insertion service-context waas/1
service-policy AUTOWAAS
service-node-group AUTOWAAS-SNG
appnav-controller-group AUTOWAAS-SCG
enable
 

service waas wcm ip address 100.0.0.1

****************************

** Configuration Summary: **

****************************
 
a) WAAS Image and Profile Size:
harddisk:/ISR4451-X-WAAS-eft.ova (1331268265) bytes
ISR-WAAS-750
 
b) Router IP/mask:
Using ip unnumbered from interface GigabitEthernet0/0/1
WAAS Service IP:
10.10.9.10
 
c) WAAS Central Manager:
100.0.0.100
 
d) Router WAN Interfaces:
GigabitEthernet0/0/0
 
Choose letter 'a-d' to edit, 'v' to view config script, 's' to apply config [s]: c
 
Enter the IP address of the WAAS Central Manager (WCM): 100.0.0.1
 
****************************
** Configuration Summary: **
****************************
a) WAAS Image and Profile Size:
harddisk:/ISR4451-X-WAAS-eft.ova (1331268265) bytes
ISR-WAAS-750
 
b) Router IP/mask:
Using ip unnumbered from interface GigabitEthernet0/0/1
 
WAAS Service IP:
10.10.9.10
 
c) WAAS Central Manager:
100.0.0.1
 
d) Router WAN Interfaces:
GigabitEthernet0/0/1
 
Choose letter 'a-d' to edit, 'v' to view config script, 's' to apply config [s]: b
 
An internal IP interface and subnet is required to deploy a WAAS service on this router. This internal subnet must contain two usable IP addresses that can route and communicate with the WAAS Central Manager (WCM).
 
Enter the IP address to be configured on the WAAS service: 9.9.9.1
 
Enter the IP address/mask to be configured on this router: 9.9.9.2/24
 
 
****************************
** Configuration Summary: **
****************************
 
a) WAAS Image and Profile Size:
harddisk:/ISR4451-X-WAAS-eft.ova (1331268265) bytes
ISR-WAAS-750
 
b) Router IP/mask:
9.9.9.2
255.255.255.0
 
WAAS Service IP:
9.9.9.1
 
c) WAAS Central Manager:
100.100.0.1
 
d) Router WAN Interfaces:
GigabitEthernet0/0/0
 
Choose letter 'a-d' to edit, 'v' to view config script, 's' to apply config [s]:

Applying the Configuration

After verifying the configuration, the EZConfig program displays the progress of the WAAS installation and activation. The system then applies the configuration and displays the status of the WAAS virtual service. See the following example:

The configuration will be applied and the status of the WAAS service will be displayed after deployment
Installing bootflash:/ISR4451-X-WAAS-eft.ova
installing!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*Dec 13 04:52:07.227: %VIRT_SERVICE-5-INSTALL_STATE: Successfully installed virtual service AUTOWAAS
System is attempting to deploy and activate WAAS image, this may take up to 10 minutes
activating!!!!
 
*Dec 13 04:52:26.718: %VIRT_SERVICE-5-ACTIVATION_STATE: Successfully activated virtual service AUTOWAAS
*Dec 13 04:52:28.717: %LINK-3-UPDOWN: Interface VirtualPortGroup31, changed state to up
*Dec 13 04:52:29.717: %LINEPROTO-5-UPDOWN: Line protocol on Interface VirtualPortGroup31, changed state to up
 
Waiting for WAAS application to be at a stage to accept WCM IP configuration.
 
Waiting!
*Dec 13 04:52:31.080: %LINK-3-UPDOWN: Interface AppNav-Compress1, changed state to up
*Dec 13 04:52:32.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface AppNav-Compress1, changed state to up
*Dec 13 04:52:32.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface AppNav-UnCompress1, changed state to up
*Dec 13 04:52:32.048: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WAAS service activated!
Note: Please issue "copy running-config startup-config" command to save changes!

Disabling the WAAS Service Using the EZConfig Program

The EZConfig program uses the name AUTOWAAS for the virtual service, AppNav, class map, and policy map configuration. Whenever you run the EZConfig program, the system checks the configuration for any previously configured virtual instances and any AppNav configurations named AUTOWAAS. If the system finds any, the EZConfig program prompts you to clean up the system before enabling the WAAS service. See the following example:

router# service waas enable
**************************************************************************
**** Entering WAAS service interactive mode. ****
**** You will be asked a series of questions, and your answers ****
**** will be used to modify this device's configuration to ****
**** enable a WAAS Service on this router. ****
**************************************************************************
 
Continue? [y]: y
 
At any time: ? for help, CTRL-C to exit.
 
Existing/conflicting WAAS configuration found.
 
Do you want to clean existing configuration so a fresh configuration through this interactive menu can proceed? [y]: y
 
deactivating!!!!!!!!!!
 
removing previous profile extraction
 
*Aug 29 00:35:46.126: %VIRT_SERVICE-5-INSTALL_STATE: Successfully uninstalled virtual service AUTOWAAS
 
Continuing with WAAS service enablement...
 

Another way to clean up old EZConfig configurations is to use the service waas disable command. This command deactivates the virtual instance, uninstalls the OVA image, and removes all configurations with the name AUTOWAAS. See the following example:

router# service waas disable
***************************************************
** WAAS disable service interactive mode. **
** You will be asked a series of questions **
** and your answers will be used to *REMOVE* **
** the WAAS and AppNav Service configuration **
** on this router. **
***************************************************
 
Are you sure you want to remove 'AUTOWAAS' service and configuration for WAAS/AppNav? [yes]: yes
deactivating!!!!!!!!!!
 
*Aug 29 00:51:12.912: %LINK-3-UPDOWN: Interface VirtualPortGroup31, changed state to down
*Aug 29 00:51:13.913: %LINEPROTO-5-UPDOWN: Line protocol on Interface VirtualPortGroup31, changed state to down
*Aug 29 00:51:20.268: %LINK-5-CHANGED: Interface VirtualPortGroup31, changed state to administratively down
*Aug 29 00:51:21.297: %VIRT_SERVICE-5-INSTALL_STATE: Successfully uninstalled virtual service
 
AUTOWAAS
WAAS/AppNav configuration and service removed!
Note:Please issue "copy running-config startup-config" command to save changes!

Automatic Configuration Entries

In addition to setting the ISR-WAAS IP address and default gateway configuration entries (either using the EZConfig program or setting them manually as described in Chapter 3, “Detailed Configuration”), the system also automatically applies the following host router configurations entries to the ISR-WAAS:

Hostname

The system automatically sets the ISR-WAAS hostname to be “Router-” followed by the router hostname, as in the following example:

hostname Router-ISR-WAAS

Domain Name

The system automatically sets the ISR-WAAS domain name to the same domain name as the host router.

ip domain-name cisco.com

Timezone

The system automatically sets the ISR-WAAS timezone configuration to the same timezone setting as the host router.

clock timezone PDT -8 0

NTP Servers

The host router allows up to six NTP servers but ISR-WAAS only allows up to three NTP servers. The system uses the first three NTP servers configured on the router for ISR-WAAS.

ntp server 50.116.38.157
ntp server 199.102.46.72
 

The system also configures the WCM server with the same clock source.

DNS Server

The host router allows up to six DNS servers but ISR-WAAS only allows up to three DNS servers. The system uses the first three DNS servers configured on the router for ISR-WAAS.

ip name-server 208.67.222.222
ip name-server 208.67.220.220

WAAS Central Manager (WCM) Changes for ISR-WAAS

Below are the changes in the WCM GUI that are unique to ISR-WAAS:

  • The following pages under the Configure > Network tab are read-only:

blank.gif Network Interfaces

blank.gif Default Gateway

blank.gif DNS

  • The Jumbo MTU link under the Configure > Network tab is unavailable.
  • On the Configure > Interception > Interception Configuration page, the AppNav Controller is the only supported interception method.
  • The CIFS accelerator is unavailable in ISR-WAAS, which leads to the following:

blank.gif The CIFS Accelerator and Windows Print Accelerator fields under the Configure > Acceleration > Enabled Features page are unavailable on the device level and appropriate warning message will be provided in the device group level. The WCM ensures that CIFS-related configurations are not pushed to the ISR-WAAS application from DG level to prevent the device-level page from going into override mode.

blank.gif The CIFS Acceleration Report under the Monitor > Acceleration tab is unavailable.

blank.gif The ISR-WAAS application is not supported on the Preposition and Dynamic shares pages under the Home > CIFS File Services tab.