Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Step 2

Create and configure the SVI Interface feature.

1. Configure the SVI Interface feature.

   Field	Description
   Type	Choose a feature from the drop-down list.
   Feature Name*	Enter a name for the feature.
   Description	Enter a description of the feature. The description can contain any characters and spaces.
   Associated VPN: VPN*	Choose a VPN.

2. Configure basic configuration fields.

   Table 2. Basic Configuration

   Field	Description
   Shutdown	Enable or disable the VLAN interface.
   VLAN Interface Name*	Enter a name for the VLAN interface. The name must contain a minimum of five characters. The name must be in the following format: ^Vlan(([1-9]\d|\d)/){0,2}(0|[1-9]\d*)([:|\.][1-9]\d*)?
   Interface Description	Enter a description for the interface.
   Interface MTU	Enter the maximum transmission unit size for frames received and transmitted on the interface. Range: 1500 through 9216 Default: 1500 bytes
   IP MTU	Enter the maximum transmission unit (MTU) size of IP packets sent on an interface. Range: 576 through 9216 Default: 1500 bytes
   Configure IPV4 Address
   IPv4 Address Prefix*	Enter the IPv4 address for the interface.
   List of DHCP helper addresses*	Enter up to eight IP addresses for DHCP servers in the network to have the interface be a DHCP helper. Separate each address with a comma. A DHCP helper interface forwards BOOTP (Broadcast) DHCP requests that it receives from the specified DHCP servers.
   Configure IPV4 Secondary Address
   Secondary IP Address*	Enter up to four secondary IP addresses.
   Configure IPV6 Address
   IPV6 address*	Enter the IPv6 address for the interface.
   Configure IPV6 Secondary Address
   Address*	Enter up to four secondary IP addresses.
   Configure IPV6 DHCP Helper
   Address*	Enter an IP address for DHCP servers in the network to have the interface be a DHCP helper. A DHCP helper interface forwards BOOTP (Broadcast) DHCP requests that it receives from the specified DHCP servers.
   VPN	VPN ID for the DHCP helper address.

3. Configure ACL fields.

   Table 3. ACL

   Field	Description
   Configure Access List V4
   Direction*	Choose a direction of the ACL: in or out.
   Name of ACL*	Enter the name of the access list.
   Configure Access List V6
   Direction*	Choose a direction of the ACL: in or out.
   Name of ACL*	Enter the name of the access list.

4. Configure VRRP fields.

   Table 4. VRRP

   Field	Description
   Configure VRRP
   Group ID*	Enter the virtual router ID, which is a numeric identifier of the virtual router. You can configure a maximum of 24 groups. Range: 1 through 255
   Priority*	Enter the priority level of the router. The router with the highest priority is elected as the primary router. If two routers have the same priority, the one with the higher IP address is elected as the primary router. Range: 1 through 254 Default: 100
   Timer*	Specify how often the primary VRRP router sends VRRP advertisement messages. If secondary routers miss three consecutive VRRP advertisements, they elect a new primary router . Range: 100 through 40950 seconds Default: 100 seconds
   Track OMP	When you enable this option, VRRP tracks the Overlay Management Protocol (OMP) session running on the WAN connection. If the primary VRRP router loses all its OMP sessions, VRRP elects a new default gateway from those that have at least one active OMP session.
   Prefix List*	Track both the OMP session and a list of remote prefixes, which is defined in a prefix list configured on the local router. If the primary VRRP router loses all its OMP sessions, VRRP failover occurs as described for the Track OMP option. In addition, if the reachability to one of the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic while the Cisco IOS XE Catalyst SD-WAN device determines the primary VRRP router.
   IP Address	Enter the IP address of the virtual router. This address must be different from the configured interface IP addresses of both the local router and the peer running VRRP.
   Add VRRP IP Address Secondary
   Address*	Enter an IP address for the secondary VRRP router.
   TLOC Preference Change	Enable or disable this option to set whether the TLOC preference can be changed or not.
   Add VRRP Tracking Object
   Tracker Id*	Enter the interface object ID or object group tracker ID.
   Track Action*	Choose one of the options: decrement shutdown
   Decrement Value	Enter a decrement value. Range: 1-255 From Cisco vManage Release 20.10.1, this option is enabled only when you choose decrement in Track Action.
   Configure VRRP IPv6
   Group ID*	Enter the virtual router ID, which is a numeric identifier of the virtual router. You can configure a maximum of 24 groups. Range: 1 through 255
   Priority*	Enter the priority level of the router. The router with the highest priority is elected as the primary router. If two routers have the same priority, the one with the higher IP address is elected as the primary router. Range: 1 through 254 Default: 100
   Timer*	Specify how often the primary VRRP router sends VRRP advertisement messages. If secondary routers miss three consecutive VRRP advertisements, they elect a new primary router . Range: 100 through 40950 seconds Default: 100 seconds
   Track OMP*	When you enable this option, VRRP tracks the Overlay Management Protocol (OMP) session running on the WAN connection. If the primary VRRP router loses all its OMP sessions, VRRP elects a new default gateway from those that have at least one active OMP session.
   Track Prefix List	Track both the OMP session and a list of remote prefixes, which is defined in a prefix list configured on the local router. If the primary VRRP router loses all its OMP sessions, VRRP failover occurs as described for the Track OMP option. In addition, if the reachability to one of the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic while the Cisco IOS XE Catalyst SD-WAN device determines the primary VRRP router.
   Add VRRP IPv6 Primary
   IPv6 Link Local*	Enter a virtual link local IPv6 address, which represents the link local address of the group. The address should be in standard link local address format. For example, FE80::AB8.
   Prefix	Enter the IPv6 address of the primary VRRP router.

5. Configure ARP fields.

   Table 5. ARP

   Field	Description
   Configure ARP
   IP Address*	Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name.
   MAC Address*	Enter the MAC address in colon-separated hexadecimal notation.

6. Configure advanced fields.

   Table 6. Advanced

   Field	Description
   TCP MSS	Specify the maximum segment size (MSS) of TPC SYN packets passing through the router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1960 bytes Default: None
   ARP Timeout	Specify how long it takes for a dynamically learned ARP entry to time out. Range: 0 through 2678400 seconds (744 hours) Default: 1200 (20 minutes)
   IP Directed-Broadcast	An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet but which originates from a node that is not itself part of that destination subnet. A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast. If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached are broadcast on that subnet.
   ICMP/ICMPv6 Redirect Disable	ICMP redirects are sent by a router to the sender of an IP packet when a packet is being routed sub-optimally. The ICMP redirect informs the sending host to forward subsequent packets to that same destination through a different gateway. By default, an interface allows ICMP redirect messages.

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

Step 2

Click Feature Templates.

1. Click Add Template.

2. Choose a Cisco IOS XE Catalyst SD-WAN device from the list.

3. If you are configuring the multilink interface in the transport VPN (VPN 0), click Transport & Management VPN or scroll to the Transport & Management VPN section.

   Under Additional VPN 0 Templates, located to the right of the screen, click VPN Interface SVI.

4. If you are configuring the multilink interface in a service VPN (VPNs other than VPN 0), click Service VPN or scroll to the Service VPN section.

   In the Service VPN drop-down list, enter the number of the service VPN. Under Additional VPN Templates, located to the right of the screen, click VPN Interface SVI.

5. From the VPN Interface SVI drop-down list, click Create Template. The VPN Interface SVI template form is displayed. This form contains fields for naming the template, and fields for defining multilink Interface parameters.

6. In Template Name, enter a name for the template. The name can be up to 128 characters and can contain only alphanumeric characters.

7. In Template Description, enter a description of the template. The description can be up to 2048 characters and can contain only alphanumeric characters.

Step 3

Configure the following parameters in the VPN Interface SVI feature template.

1. Configure basic VLAN interface functionality in a VPN.

   Table 7.

   Parameter Name	Description
   Shutdown*	Click No to enable the VLAN interface.
   VLAN Interface Name*	Enter the VLAN identifier of the interface. Range: 1 through 1094.
   Description	Enter a description for the interface.
   IP MTU	Specify the maximum MTU size of packets on the interface. Range: 576 through 1500. Default: 2000 bytes
   IPv4* or IPv6	Click to configure one or more IPv4 of IPv6 addresses for the interface. (Beginning with Cisco IOS XE SD-WAN Release 17.2.)
   IPv4 Address* IPv6 Address	Enter the IPv4 address for the interface.
   Secondary IP Address	Click Add to enter up to four secondary IP addresses. (Beginning with Cisco IOS XE SD-WAN Release 17.2.)
   DHCP Helper*	Enter up to eight IP addresses for DHCP servers in the network to have the interface be a DHCP helper. Separate each address with a comma. A DHCP helper interface forwards BOOTP (Broadcast) DHCP requests that it receives from the specified DHCP servers. Click Add to configure up to four DHCP helpers. (Beginning with Cisco IOS XE SD-WAN Release 17.2, for IPv6.)

2. Apply a rewrite rule, access lists, and policers to a router interface.

   Table 8.

   Parameter Name	Description
   Ingress ACL – IPv4	Click On and specify the name of the access list to apply to IPv4 packets being received on the interface.
   Egress ACL – IPv4	Click On and specify the name of the access list to apply to IPv4 packets being transmitted on the interface.
   Ingress Policer	Click On and specify the name of the policer to apply to packets being received on the interface.
   Egress Policer	Click On and specify the name of the policer to apply to packets being transmitted on the interface.

3. To have an interface run the Virtual Router Redundancy Protocol (VRRP), which allows multiple routers to share a common virtual IP address for default gateway redundancy, configure VRRP.

   Table 9.

   Parameter Name	Description
   Group ID	Enter the virtual router ID, which is a numeric identifier of the virtual router. You can configure a maximum of 24 groups. Range: 1 through 255
   Priority	Enter the priority level of the router. There router with the highest priority is elected as the primary router. If two Cisco IOS XE Catalyst SD-WAN devices have the same priority, the one with the higher IP address is elected as the primary one. Range: 1 through 254 Default: 100
   Timer	Specify how often the primary VRRP router sends VRRP advertisement messages. If the subordinate routers miss three consecutive VRRP advertisements, they elect a new primary router. Range: 1 through 3600 seconds Default: 1 second
   Track OMP ​Track Prefix List	By default, VRRP uses of the state of the service (LAN) interface on which it is running to determine which Cisco IOS XE Catalyst SD-WAN device is the primary virtual router. if a Cisco IOS XE Catalyst SD-WAN device loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, configure one of the following: Track OMP—Click On for VRRP to track the Overlay Management Protocol (OMP) session running on the WAN connection. If the primary VRRP router loses all its OMP sessions, VRRP elects a new default gateway from those that have at least one active OMP session. Track Prefix List—Track both the OMP session and a list of remote prefixes, which is defined in a prefix list configured on the local router. If the primary VRRP router loses all its OMP sessions, VRRP failover occurs as described for the Track OMP option. In addition, if reachability to all of the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the Cisco IOS XE Catalyst SD-WAN device determines the primary VRRP router.
   IP Address	Enter the IP address of the virtual router. This address must be different from the configured interface IP addresses of both the local Cisco IOS XE Catalyst SD-WAN device and the peer running VRRP.

4. Configure static Address Resolution Protocol (ARP) table entries on the interface.

   Table 10.

   Parameter Name	Description
   IP Address	Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name.
   MAC Address	Enter the MAC address in colon-separated hexadecimal notation.

5. Configure other interface properties.

   Table 11.

   Parameter Name	Description
   TCP MSS	Specify the maximum segment size (MSS) of TPC SYN packets passing through the Cisco IOS XE Catalyst SD-WAN device. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1460 bytes Default: None
   ARP Timeout	Specify how long it takes for a dynamically learned ARP entry to time out. Range: 0 through 2678400 seconds (744 hours) Default: 1200 (20 minutes)