Cisco Catalyst SD-WAN Control Components and Device Management Guide, Releases 26.x and Later

PDF

Configuring global system settings

Want to summarize with AI?

Log in

Configure global system settings using a configuration group

Before you begin

Perform these steps to configure basic parameters for devices.

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

2.

Create and configure a Global feature in a System profile.

  1. Configure services.

    Table 1. Services

    Field

    Description

    HTTP Server

    Enable or disable HTTP server.

    HTTPS Server

    Enable or disable secure HTTPS server.

    FTP Passive

    Enable or disable passive FTP.

    Domain Lookup

    Enable or disable Domain Name System (DNS) lookup.

    ARP Proxy

    Enable or disable proxy ARP.

    RSH/RCP

    Enable or disable remote shell (RSH) and remote copy (rcp) on the device.

    Line Virtual Teletype (Configure Outbound Telnet)

    Enable or disable outbound telnet.

    Cisco Discovery Protocol (CDP)

    Enable or disable Cisco Discovery Protocol (CDP).

    Link Layer Discovery Protocol (LLDP)

    Enable or disable Link Layer Discovery Protocol (LLDP).

    Specify interface for source address

    Enter the address of the source interface in all HTTPS client connections.

  2. Configure NAT64.

    Table 2. NAT 64

    Field

    Description

    UDP Timeout

    Specify the NAT64 translation timeout for UDP.

    Range: 1 to 536870 (seconds)

    Default: 300 seconds (5 minutes)

    TCP Timeout

    Specify the NAT64 translation timeout for TCP.

    Range: 1 to 536870 (seconds)

    Default: 3600 seconds (1 hour)

  3. Configure authentication.

    Table 3. Authentication

    Field

    Description

    HTTP Authentication

    Choose the HTTP authentication mode.

    Accepted values: Local, AAA

    Default: Local

  4. Configure SSH.

    Table 4. SSH Version

    Field

    Description

    SSH Version

    Choose the SSH version.

    Default: Disabled

  5. Configure other settings.

    Table 5. Other Settings

    Field

    Description

    TCP Keepalives (In)

    Enable or disable generation of keepalive timers when incoming network connections are idle.

    TCP Keepalives (Out)

    Enable or disable generation of keepalive timers when outgoing network connections are idle.

    TCP Small Servers

    Enable or disable small TCP servers (for example, ECHO).

    UDP Small Servers

    Enable or disable small UDP servers (for example, ECHO).

    Console Logging

    Enable or disable console logging. By default, the router sends all log messages to its console port.

    IP Source Routing

    Enable or disable IP source routing. IP source routing is a feature that enables the originator of a packet to specify the path for the packet to use to get to the destination.

    VTY Line Logging

    Enable or disable the device to display log messages to a vty session in real time.

    SNMP IFINDEX Persist

    Enable or disable SNMP IFINDEX persistence, which provides an interface index (ifIndex) value that is retained and used when the device reboots.

    Ignore BOOTP

    Enable or disable BOOTP server. When enabled, the device listens for the BOOTP packet that comes in sourced from 0.0.0.0. When disabled, the device ignores these packets.

    (optional) Interface statistics per minute

    Minimum supported release: Cisco IOS XE Catalyst SD-WAN Release 26.1.1

    Choose the time interval for interface statistics data collection:

    • 1 minute

    • 5 minutes (default)

What to do next

Refer to Deploy a Configuration Group in the Cisco Catalyst SD-WAN Configuration Groups Reference Guide.


Configure global system settings using templates

Configure global system settings using templates.

From Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.2.x, you can use the Global Settings template to configure device global parameters such as:

  • Services such as HTTP and Telnet

  • NAT64 time-outs

  • HTTP authentication mode

  • TCP keepalive

  • TCP and UDP small servers

  • Console logging

  • IP source routing

  • VTY line logging

  • SNMP IFINDEX persistence

  • BOOTP server

Before you begin

Follow these steps to configure global system settings.

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

2.

Click Feature Templates.

In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

3.

Click Add Template.

4.

Select a device type.

5.

Create a Global Settings template.

6.

Enter a name and description.

7.

Configure these parameters according to your requirements.

  1. Configure services.

    Field

    Description

    HTTP Server

    Enable or disable HTTP server.

    HTTPS Server

    Enable or disable secure HTTPS server.

    Passive FTP

    Enable or disable passive FTP.

    IP Domain-Lookup

    Enable or disable domain name server (DNS) lookup.

    Arp Proxy

    Enable or disable proxy ARP.

    RSH/RCP

    Enable or disable remote shell (RSH) and remote copy (RCP) on the device.

    Telnet (Outbound)

    Enable or disable outbound telnet.

    CDP

    Enable or disable Cisco Discovery Protocol (CDP). From Cisco IOS XE SD-WAN Release 17.3.1, CDP on interfaces is enabled when the cdp run command is executed globally on Cisco ASR 1000 series devices.

  2. Configure NAT64.

    Field

    Description

    UDP Timeout

    NAT64 translation timeout for UDP

    Range: 1 to 65536 (seconds)

    Default: 300 seconds (5 minutes)

    Note

    From Cisco IOS XE Catalyst SD-WAN Release 17.6.1a and Cisco vManage Release 20.6.1, the default UDP Timeout value for NAT64 has changed to 300 seconds (5 minutes).

    TCP Timeout

    NAT64 translation timeout for TCP

    Range: 1 to 65536 (seconds)

    Default: 3600 seconds (1 hour)

    Note

    From Cisco IOS XE Catalyst SD-WAN Release 17.6.1a and Cisco vManage Release 20.6.1, the default TCP Timeout value for NAT64 has been changed to 3600 seconds (1 hour).

  3. Configure authentication.

    Field

    Description

    HTTP Authentication

    HTTP authentication mode

    Accepted values: Local, AAA

    Default: Local

  4. Configure SSH.

    Field

    Description

    SSH version

    Specify an SSH version.

    Default value: Version 2

  5. Configure other settings.

    Field

    Description

    TCP Keepalives (In)

    Enable or disable generation of keepalive timers when incoming network connections are idle.

    TCP Keepalives (Out)

    Enable or disable generation of keepalive timers when outgoing network connections are idle.

    TCP Small Servers

    Enable or disable small TCP servers (for example, ECHO).

    UDP Small Servers

    Enable or disable small UDP servers (for example, ECHO).

    Console Logging

    Enable or disable console logging. By default, the router sends all log messages to its console port.

    IP Source Routing

    Enable or disable IP source routing. IP source routing is a feature that enables the originator of a packet to specify the path for the packet to use to get to the destination.

    VTY Line Logging

    Enable or disable the device to display log messages to a VTY session in real time.

    SNMP IFINDEX Persist

    Enable or disable SNMP IFINDEX persistence, which provides an interface index (ifIndex) value that is retained and used when the device reboots.

    Ignore BOOTP

    Enable or disable BOOTP server. When enabled, the device listens for the bootp packet that comes in sourced from 0.0.0.0. When disabled, the device ignores these packets.


Configure global system settings using CLI commands

Configure global system settings using CLI commands in a CLI add-on profile or CLI add-on template.

These CLI instructions are not comprehensive.

Before you begin

Perform these steps to configure global system settings using CLI commands.

Procedure

1.

Create a CLI add-on profile or CLI add-on template.

2.

Enable or disable services.

Enable services:

system
    ip http server
    ip http secure-server
    ip ftp passive
    ip domain lookup
    ip arp proxy disable
    ip rcmd rsh-enable
    ip rcmd rcp-enable
    cdp run enable
Note

From Cisco IOS XE SD-WAN Release 17.3.1, CDP on interfaces is enabled when the cdp run command is executed globally on Cisco ASR 1000 series devices.

Enable outbound Telnet:

system
    line vty 0 4
        transport input telnet ssh

Disable services:

system
    no ip http server
    no ip http secure-server
    no ip ftp passive
    no ip domain lookup
    no ip arp proxy disable
    no ip rcmd rsh-enable
    no ip rcmd rcp-enable
    no cdp run enable

Disable outbound Telnet:

system
    line vty 0 4
        transport input ssh
3.

Enable or disable other settings.

Enable:

system
    service tcp-keepalives-in
    service tcp-keepalives-out
    service tcp-small-servers
    service udp-small-server
    logging console
    ip source-route
    logging monitor
    snmp-server ifindex persist
    ip bootp server

Disable:

system
    no service tcp-keepalives-in
    no service tcp-keepalives-out
    no service tcp-small-servers
    no service udp-small-server
    no logging console
    no ip source-route
    no logging monitor
    no snmp-server ifindex persist
    no ip bootp server
4.

Configure NAT64.

system
    nat64 translation timeout udp timeout
    nat64 translation timeout tcp timeout
5.

Configure authentication.

system
    ip http authentication {local | aaa}