Cisco Catalyst SD-WAN Control Components and Device Management Guide, Releases 26.x and Later

PDF

Configuring global system settings

Updated: June 9, 2026

Want to summarize with AI?

Describes methods for configuring global system settings.

Configure global system settings using a configuration group

Before you begin

Perform these steps to configure basic parameters for devices.

Procedure

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Create and configure a Global feature in a System profile.

Configure services.

Table 1. Services
Field	Description
HTTP Server	Enable or disable HTTP server.
HTTPS Server	Enable or disable secure HTTPS server.
FTP Passive	Enable or disable passive FTP.
Domain Lookup	Enable or disable Domain Name System (DNS) lookup.
ARP Proxy	Enable or disable proxy ARP.
RSH/RCP	Enable or disable remote shell (RSH) and remote copy (rcp) on the device.
Line Virtual Teletype (Configure Outbound Telnet)	Enable or disable outbound telnet.
Cisco Discovery Protocol (CDP)	Enable or disable Cisco Discovery Protocol (CDP).
Link Layer Discovery Protocol (LLDP)	Enable or disable Link Layer Discovery Protocol (LLDP).
Specify interface for source address	Enter the address of the source interface in all HTTPS client connections.

Configure NAT64.

Table 2. NAT 64
Field	Description
UDP Timeout	Specify the NAT64 translation timeout for UDP. Range: 1 to 536870 (seconds) Default: 300 seconds (5 minutes)
TCP Timeout	Specify the NAT64 translation timeout for TCP. Range: 1 to 536870 (seconds) Default: 3600 seconds (1 hour)

Configure authentication.

Table 3. Authentication
Field	Description
HTTP Authentication	Choose the HTTP authentication mode. Accepted values: Local, AAA Default: Local

Configure SSH.

Table 4. SSH Version
Field	Description
SSH Version	Choose the SSH version. Default: Disabled

Configure other settings.

Table 5. Other Settings
Field	Description
TCP Keepalives (In)	Enable or disable generation of keepalive timers when incoming network connections are idle.
TCP Keepalives (Out)	Enable or disable generation of keepalive timers when outgoing network connections are idle.
TCP Small Servers	Enable or disable small TCP servers (for example, ECHO).
UDP Small Servers	Enable or disable small UDP servers (for example, ECHO).
Console Logging	Enable or disable console logging. By default, the router sends all log messages to its console port.
IP Source Routing	Enable or disable IP source routing. IP source routing is a feature that enables the originator of a packet to specify the path for the packet to use to get to the destination.
VTY Line Logging	Enable or disable the device to display log messages to a vty session in real time.
SNMP IFINDEX Persist	Enable or disable SNMP IFINDEX persistence, which provides an interface index (ifIndex) value that is retained and used when the device reboots.
Ignore BOOTP	Enable or disable BOOTP server. When enabled, the device listens for the BOOTP packet that comes in sourced from 0.0.0.0. When disabled, the device ignores these packets.
(optional) Interface statistics per minute	Minimum supported release: Cisco IOS XE Catalyst SD-WAN Release 26.1.1 Choose the time interval for interface statistics data collection: 1 minute 5 minutes (default)

What to do next

Refer to Deploy a Configuration Group in the Cisco Catalyst SD-WAN Configuration Groups Reference Guide.

Configure global system settings using templates

Configure global system settings using templates.

From Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.2.x, you can use the Global Settings template to configure device global parameters such as:

Services such as HTTP and Telnet
NAT64 time-outs
HTTP authentication mode
TCP keepalive
TCP and UDP small servers
Console logging
IP source routing
VTY line logging
SNMP IFINDEX persistence
BOOTP server

Before you begin

Follow these steps to configure global system settings.

Procedure

From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

Click Feature Templates.

In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

Click Add Template.

Select a device type.

Create a Global Settings template.

Enter a name and description.

Configure these parameters according to your requirements.

Configure services.


Field	Description
HTTP Server	Enable or disable HTTP server.
HTTPS Server	Enable or disable secure HTTPS server.
Passive FTP	Enable or disable passive FTP.
IP Domain-Lookup	Enable or disable domain name server (DNS) lookup.
Arp Proxy	Enable or disable proxy ARP.
RSH/RCP	Enable or disable remote shell (RSH) and remote copy (RCP) on the device.
Telnet (Outbound)	Enable or disable outbound telnet.
CDP	Enable or disable Cisco Discovery Protocol (CDP). From Cisco IOS XE SD-WAN Release 17.3.1, CDP on interfaces is enabled when the cdp run command is executed globally on Cisco ASR 1000 series devices.

Configure NAT64.


Field	Description
UDP Timeout	NAT64 translation timeout for UDP Range: 1 to 65536 (seconds) Default: 300 seconds (5 minutes) Note From Cisco IOS XE Catalyst SD-WAN Release 17.6.1a and Cisco vManage Release 20.6.1, the default UDP Timeout value for NAT64 has changed to 300 seconds (5 minutes).
TCP Timeout	NAT64 translation timeout for TCP Range: 1 to 65536 (seconds) Default: 3600 seconds (1 hour) Note From Cisco IOS XE Catalyst SD-WAN Release 17.6.1a and Cisco vManage Release 20.6.1, the default TCP Timeout value for NAT64 has been changed to 3600 seconds (1 hour).

Configure authentication.


Field	Description
HTTP Authentication	HTTP authentication mode Accepted values: Local, AAA Default: Local

Configure SSH.


Field	Description
SSH version	Specify an SSH version. Default value: Version 2

Configure other settings.


Field	Description
TCP Keepalives (In)	Enable or disable generation of keepalive timers when incoming network connections are idle.
TCP Keepalives (Out)	Enable or disable generation of keepalive timers when outgoing network connections are idle.
TCP Small Servers	Enable or disable small TCP servers (for example, ECHO).
UDP Small Servers	Enable or disable small UDP servers (for example, ECHO).
Console Logging	Enable or disable console logging. By default, the router sends all log messages to its console port.
IP Source Routing	Enable or disable IP source routing. IP source routing is a feature that enables the originator of a packet to specify the path for the packet to use to get to the destination.
VTY Line Logging	Enable or disable the device to display log messages to a VTY session in real time.
SNMP IFINDEX Persist	Enable or disable SNMP IFINDEX persistence, which provides an interface index (ifIndex) value that is retained and used when the device reboots.
Ignore BOOTP	Enable or disable BOOTP server. When enabled, the device listens for the bootp packet that comes in sourced from 0.0.0.0. When disabled, the device ignores these packets.

Configure global system settings using CLI commands

Configure global system settings using CLI commands in a CLI add-on profile or CLI add-on template.

These CLI instructions are not comprehensive.

Before you begin

Perform these steps to configure global system settings using CLI commands.

Procedure

	1.	Create a CLI add-on profile or CLI add-on template.
	2.	Enable or disable services. Enable services: `system ip http server ip http secure-server ip ftp passive ip domain lookup ip arp proxy disable ip rcmd rsh-enable ip rcmd rcp-enable cdp run enable` Note From Cisco IOS XE SD-WAN Release 17.3.1, CDP on interfaces is enabled when the cdp run command is executed globally on Cisco ASR 1000 series devices. Enable outbound Telnet: `system line vty 0 4 transport input telnet ssh` Disable services: `system no ip http server no ip http secure-server no ip ftp passive no ip domain lookup no ip arp proxy disable no ip rcmd rsh-enable no ip rcmd rcp-enable no cdp run enable` Disable outbound Telnet: `system line vty 0 4 transport input ssh`
	3.	Enable or disable other settings. Enable: `system service tcp-keepalives-in service tcp-keepalives-out service tcp-small-servers service udp-small-server logging console ip source-route logging monitor snmp-server ifindex persist ip bootp server` Disable: `system no service tcp-keepalives-in no service tcp-keepalives-out no service tcp-small-servers no service udp-small-server no logging console no ip source-route no logging monitor no snmp-server ifindex persist no ip bootp server`
	4.	Configure NAT64. `system nat64 translation timeout udp timeout nat64 translation timeout tcp timeout`
	5.	Configure authentication. `system ip http authentication {local \| aaa}`

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.