Information about the Other profile
This section describes the features available in the Other profile.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This section describes the features available in the Other profile.
Cisco SD-WAN Manager supports integration with Cisco Cyber Vision, which is a network security solution. Cisco Cyber Vision provides visibility into the security status of your global network, indicates when devices in the network require attention to maintain a secure posture, helps you to configure security policies, and more. The browser-based manager is called Cisco Cyber Vision Center.
See Create a Configuration Group Profile with a Cyber Vision Feature.
Field |
Description |
---|---|
Name |
Name for the Cisco Cyber Vision Center. |
Description |
Optionally, add a description. |
Field |
Description |
---|---|
Cyber Vision Center |
From the drop-down list, choose a Cisco Cyber Vision Center connection from the list of previously configured connections. See Configure a Connection to a Cisco Cyber Vision Center in the Network Hierarchy. |
Monitoring Source Interface |
Click Add and enter the interface for the device to use for monitoring traffic. Your choice depends on your network and the traffic that you want the device to monitor. Examples: VLAN interface, cellular interface, WAN interface |
The Advanced Configuration area appears only if you are configuring a Cyber Vision feature for the SD-WAN solution option. It does not appear for the SD-Routing solution option.
The fields in this area are preconfigured to use variables that enable you to enter device-specific information for each device when deploying the configuration group. See Deploy a Configuration Group with a Cisco Cyber Vision Feature. But you can configure global device values instead of using the variables.
Field |
Description |
||
---|---|---|---|
Capture Interface IP |
IP address of the interface that captures the traffic for analysis. |
||
Capture Interface Subnet Mask |
Subnet mask for the interface that captures the traffic for analysis. |
||
Collection Interface (Sensor to Center) IP |
Enter an IP address for the collection interface that sends the captured traffic to Cisco Cyber Vision Center. Ensure that the IP address is within the subnet mask defined in the Collection Interface Subnet Mask field.
|
||
Collection Interface Subnet Mask |
Subnet mask for the collection interface that sends the captured traffic to Cisco Cyber Vision Center. The subnet mask defines an address space for the service VPN used for communication between device and Cisco Cyber Vision Center. |
||
VPG5 (Virtual Port Group) IP Address |
IP address within the subnet mask defined in the Collection Interface Subnet Mask field. This is an address with the same network as the collection interface.
|
||
VPG6 (Virtual Port Group) IP Address |
This field is preset and not configurable. |
Cisco Secure Equipment Access (SEA) is a solution that provides remote access to network-connected assets. Assets can include anything reachable by IP address, such as servers, industrial internet of things (IIoT) devices, and so on. Integration with Cisco Catalyst SD-WAN enables you to use Cisco SD-WAN Manager to
install the SEA agent on devices, such as routers, in the Cisco Catalyst SD-WAN overlay network
configure connectivity between the devices in the overlay network and the Cisco Secure Equipment Access cloud portal, and
configure how remote assets connect to the devices.
See Create a Configuration Group Profile with an SEA Feature.
Field |
Description |
---|---|
Name |
Name for the feature. |
Description |
Optionally, add a description. |
Configure the connection between the Cisco SEA agent and the physical interface of the host device, using virtual port group (VPG) 7. This is necessary to enable the Cisco SEA agent to reach the Cisco SEA cloud portal.
Field |
Description |
||
---|---|---|---|
VPG IP Address |
IP address to assign to virtual port group (VPG) 7. This VPG is a virtual link between the Cisco SEA agent and a physical interface of the host device. Example: 10.100.1.1 |
||
Subnet Mask |
Subnet mask for VPG interface 7, which connects to the Cisco SEA cloud portal. Together with VPG IP Address, this defines the address space for the VPG 7 network. Example: 255.255.252.0 |
||
SEA Agent IP Address |
IP address to assign to the Cisco SEA cloud agent to map it to VPG 7. Enter an address within the address space defined by VPG IP Address and Subnet Mask. Example: 10.100.1.2 |
||
Cloud Interface |
This field appears when configuring an SEA feature for use with the SD-Routing solution. Enter the physical interface that the device uses to connect to the Cisco SEA cloud portal. The interface type can include cellular. Example: GigabitEthernet0/0/0 Example: Cellular0/1/0
|
Optionally, configure one or more asset networks for connectivity to assets.
Field |
Description |
||
---|---|---|---|
Add Access Network |
Configure connectivity for up to three asset networks, each of which can include more than one asset. |
||
Service VPN |
(This field appears when configuring an SEA feature for use with the SD-WAN solution.) If your assets are distributed across multiple different service VPNs, you may need to add each of the service VPNs here.
|
||
Asset Interface |
(This field appears when configuring an SEA feature for use with the SD-Routing solution.) Physical interface that the device is using to connect to the asset network. |
||
VPG IP Address |
IP address to assign to the VPG interface on the router. |
||
SEA Agent IP Address |
IP address to assign to the SEA asset agent for mapping to the respective VPG interface on the router. The address must be within the same network as the asset VPG interface. |
||
Subnet Mask |
VPG subnet mask. |
||
Action |
A delete option removes a row of the table, removing an asset network configuration. |
Configure a DNS server within your network, capable of resolving Cisco SEA portal domain names.
Field |
Description |
---|---|
Add Name Server |
Configure a DNS server within your network, capable of resolving Cisco SEA portal domain names. Click Add Name Server to add a name server. For information about the Cisco SEA portal domain names, see Network ports and protocols. This is a mandatory field. If you do not configure a name server, you cannot save the configuration. Maximum number of name servers: 5 |
Name Server |
IP address of a domain name server. |
Action |
A delete option removes a row of the table, removing a name server. |
Cisco ThousandEyes is a SaaS application that provides you an end-to-end view across networks and services that impact your business. It monitors the network traffic paths across internal, external, and carrier networks and the internet in real time to provide network performance data. Cisco ThousandEyes provides intelligent insights into your WAN and the cloud and helps you optimize application delivery and end-user experience.
See Configure Cisco ThousandEyes Enterprise Agent Using a Configuration Group
For each parameter of the feature that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and choose one of the following:
Parameter Scope |
Scope Description |
---|---|
Device Specific (indicated by a host icon) |
Use a device-specific value for the parameter. For device-specific parameters, you cannot enter a value in the feature template. You enter the value when you attach a Cisco Catalyst SD-WAN device to a device template. When you click Device Specific, the Enter Key box opens. This box displays a key, which is a unique string that identifies the parameter in a CSV file that you create. This file is an Excel spreadsheet that contains one column for each key. The header row contains the key names (one key per column), and each row after that corresponds to a device and defines the values of the keys for that device. You upload the CSV file when you attach a Cisco Catalyst SD-WAN device to a device template. To change the default key, type a new string and move the cursor out of the Enter Key box. Examples of device-specific parameters are system IP address, host name, GPS location, and site ID. |
Global (indicated by a globe icon) |
Enter a value for the parameter and apply that value to all devices. Examples of parameters that you might apply globally to a group of devices are DNS server, syslog server, and interface MTUs. |
The following table describes the options for configuring the ThousandEyes feature.
Field |
Description |
||
---|---|---|---|
Type |
Choose a feature from the drop-down list. |
||
Feature Name |
Enter a name for the feature. |
||
Description |
Enter a description of the feature. The description can contain any characters and spaces. |
||
Account Group Token |
Enter the Cisco ThousandEyes Account Group Token. |
||
VPN |
Service VPN. The Global or the Device Specific setting indicates service VPN. When you set the VPN configuration as a Global or a Device Specific setting, enter the ID of the service VPN in which you want to provision the Cisco ThousandEyes Enterprise agent. |
||
Management IP |
Enter an IP address for the Cisco ThousandEyes Enterprise agent. This field is available only when you specify the service VPN. |
||
Management Subnet |
Choose a subnet mask from the drop-down list for the Cisco ThousandEyes Enterprise agent. This field is available only when you specify the service VPN.
|
||
Agent Default Gateway |
Enter a default gateway address. This IP address is assigned to the virtual port group of the router. This field is available only when you specify the service VPN. |
||
Name Server IP |
Enter the IP address of your preferred DNS server. This server can exist within or outside the Cisco Catalyst SD-WAN fabric but must be reachable from the service VPN. |
||
Host Name |
Enter the hostname that the agent must use when registering with the Cisco ThousandEyes portal. By default, the agent uses the hostname of the Cisco IOS XE Catalyst SD-WAN device. |
||
Proxy Type |
If the Cisco ThousandEyes Enterprise agent must use proxy server for external access, choose one of the following as proxy type:
Static proxy settings:
PAC settings:
|
Cisco SD-WAN Manager supports integration with third-party-developed Cisco IOx applications. These are called custom applications, and add functionality to devices that run Cisco Catalyst SD-WAN software.
See Configure third-party custom application integration, high level.
Field |
Description |
---|---|
Name |
Name for the feature. |
Description |
Optionally, add a description. |
The basic settings are mandatory.
Field |
Description |
---|---|
Application Name |
Enter a name for the custom application. You can use upper- or lower-case letters, but not spaces or special characters. This name appears as part of the event details on the page. |
Virtual Image |
Choose a custom application image file from the drop-down list. The list shows custom application images uploaded to the virtual image repository in . |
If the custom application has a requirement for network configuration, click Add Configuration and enter the network connectivity details for up to three connections. This configures communication between the Cisco IOx application and
the device on which the application is operating, and
any external assets, such as a server if the application communicates with a server.
Here are the options for the SD-WAN solution:
Field |
Description |
---|---|
Name |
Name describing the entity for which you are configuring connectivity. |
Service VPN |
Service VPN providing the connectivity between the application and either (a) the device, or (b) an external asset. |
VPG IP Address |
IP address within the subnet mask defined in the Subnet Mask field for communication between the custom application and a device virtual port group (VPG) interface or external asset. |
Application IP Address |
IP address to assign to the custom application, for mapping to a VPG interface on the device. |
Subnet Mask |
Subnet mask for the VPG interface. The subnet mask defines an address space for the service VPN for communication between the custom application and a device VPG interface or external asset. |
Action |
Provides an option to delete a row. |
Here are the options for the SD-Routing solution:
Field |
Description |
---|---|
Network Configuration |
|
Name |
Name describing the entity for which you are configuring connectivity. |
Communication Interface |
Physical or virtual interface providing connectivity between the application and either (a) the device, or (b) an external asset. |
Action |
Provides an option to delete a row. |
Some custom applications require information passed as variables, either global or device-specific. To add variables, click Add Variable and enter the details.
The specifics of the valid key:value pairs depend entirely on the details of the custom application. Consult with the custom application developer for information about configuring variables. Note that these values are case sensitive.
Maximum number of variables: 10
Field |
Description |
---|---|
Key |
Key name for a variable. |
Value |
Value of the variable. Choose Device Specific to provide a specific key value for each device. |
Action |
Provides an option to delete a row. |
Some custom applications use data input provided through a serial interface. This option supports any serial port available on the platform.
To add a data source, click Add Data Source and enter the serial port.
Maximum number of serial ports: 7
Field |
Description |
---|---|
Serial Line |
Enter a serial port available on the device. See the platform documentation for information about serial ports. Example: /dev/ttySerial |
Action |
Provides an option to delete a row. |
Use the UCSE feature to connect a UCS-E interface with a UCS-E server.
See Configure UCSE Using a Configuration Group
Some parameters have a scope drop-down list that enables you to choose Global, Device Specific, or Default for the parameter value. Choose one of the following options, as described in the table below:
Parameter Scope |
Scope Description |
---|---|
Global (Indicated by a globe icon) |
Enter a value for the parameter and apply that value to all devices. Examples of parameters that you might apply globally to a group of devices are DNS server, syslog server, and interface MTUs. |
Device Specific (Indicated by a host icon) |
Use a device-specific value for the parameter. Choose Device Specific to provide a value for the key in the Enter Key field. The key is a unique string that helps identify the parameter. To change the default key, type a new string in the Enter Key field. Examples of device-specific parameters are system IP address, host name, GPS location, and site ID. |
Default (indicated by a check mark) |
The default value is shown for parameters that have a default setting. |
The following tables describe the options for configuring the UCSE feature.
Field |
Description |
---|---|
Type |
Choose a feature from the drop-down list. |
Feature Name* |
Enter a name for the feature. The name can be up to 128 characters and can contain only alphanumeric characters. |
Description |
Enter a description of the feature. The description can be up to 2048 characters and can contain only alphanumeric characters. |
Field |
Description |
---|---|
Bay* |
Specify the number for the SAS drive bays. The input value must be an integer. |
Slot* |
Specify the slot numbers for the mezzanine adapters. The input value must be an integer. |
Field |
Description |
---|---|
Access Port |
Configure the interface as an access port. You can configure only one VLAN on an access port, and the port can carry traffic for only one VLAN. Not all hardware models have a dedicated access port. See the release notes for your Cisco Catalyst SD-WAN release for the supported hardware. Available options:
|
IPv4 Address* |
Provide the UCS-E management port address. |
Default Gateway* |
Gateway tracking determine, for static routes, whether the next hop is reachable before adding that route to the device’s route table. Default: Enabled. |
VLAN ID |
Provide the VLAN number, which can be a value from 1 through 4094. |
Assign Priority |
Assign the priority. |
Field |
Description |
---|---|
Interface Name* |
Specify the name of the interface. |
Layer |
Specify the layer details necessary for traffic exchange between different VLANs. |
UCSE Interface VPN |
Specify the details of the UCS-E interface VPN. |
IPv4 Address |
Provide the UCS-E management port address. |
Use the TrustSec feature to configure Security Group Tag (SGT) inline tagging and SXP for dynamic IP-SGT binding.
Field |
Description |
---|---|
Enable Enforcement |
Enable enforcement at a global level. |
Device SGT |
Enter a value to configure the SGT for packets sent from a device. Range: 2 to 65519. |
Device ID |
Enter a TrustSec ID for the device. This ID must be the same as that in ISE and must not exceed 32 characters. |
Device Password |
Enter a clean text password for the device with length of 24 characters. |
Field |
Description |
---|---|
Enable SXP |
Enable an SXP connection on the device. |
Source IP |
Enter an IPv4 address to set up a source IP address for SXP. |
Preshared Key |
|
Password |
Enter a clean text password for the device with length of 24 characters. |
Key chain name |
Enter a key chain name that you configured in the Fabric Security feature under System profile. |
Click Add SXP Connection to add a new SXP peer connection details.
Field |
Description |
---|---|
(Optional) VPN ID |
Enter a VPN or VRF ID for the SXP connection. Range: 0 to 65527 |
Peer IP |
Configure a peer IPv4 address for SXP. |
Source IP |
Configure a source IPv4 address for SXP. |
Preshared Key |
Choose a preshared key type. |
Mode |
Choose a connection mode. Local refers to the local device, and Peer refers to a peer device. |
Mode type |
Choose a role for the device. |
(Optional) Min. Hold Time |
Enter time (in seconds) to configure the minimum hold time for the SXP connection. |
(Optional)
Max. Hold Time |
Enter time (in seconds) to configure the maximum hold time for the SXP connection. |
Field |
Description |
---|---|
Node ID |
Enter a node ID. A node ID is used to identify the individual devices within the network. |
Reconciliation Period (seconds) |
Enter a time (in seconds) to configure the SXP reconciliation period. After a peer terminates an SXP connection, an internal hold-down timer starts. If the peer reconnects before the internal hold-down timer expires, the SXP reconciliation period timer starts. While the SXP reconciliation period timer is active, the Cisco TrustSec software retains the SGT mapping entries learned from the previous connection and removes the invalid entries. The default value is 120 seconds (2 minutes). Setting the SXP reconciliation period to 0 seconds disables the timer and causes all the entries from the previous connection to be removed. |
Retry Period (seconds) |
Enter a time (in seconds) to configure the retry period for SXP reconnection. |
Speaker Hold Time (Seconds) |
Enter time (in seconds) to configure the global hold-time period for a speaker device. |
Minimum Listener Hold Time (Seconds) |
Enter a time (in seconds) to configure the minimum allowed hold-time period for a listener device. |
Maximum Listener Hold Time (Seconds) |
Enter a time (in seconds) to configure the maximum allowed hold-time period for a listener device. |
Log Binding Changes |
Enable logging for IP-to-SGT binding changes. |