Routing Configuration Guide, Cisco Catalyst SD-WAN Releases 17.x

Verify symmetric routing

Updated: February 6, 2026

Overview

Use these verification commands to confirm that your symmetric routing configuration is operating as intended.

Use these commands to verify the configurations required for symmetric routing. For more information see, Cisco IOS XE Catalyst SD-WAN Qualified Command Reference

Verify the next hops for a specific prefix on a router

Use show sdwan omp routes prefix on a router to show the next hops for a specific prefix.

Device# show sdwan omp routes 10.1.1.0/24

Verify the path to a destination router

Use traceroute vrf vrf-number destination-ip-address numeric on any device in the network to show the path from the device to a specified destination device, for a specified VRF.

The output shows a list of each hop in the path to the destination device. The last item in the list is the destination device.

Device# traceroute vrf 1 10.1.1.1 numeric
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 209.165.200.225 3 msec 1 msec 1 msec
  2 209.165.200.226 2 msec 1 msec 1 msec
  3 10.1.1.1 4 msec * 4 msec

Verify the VRF-specific affinity group configuration on a router

Use show platform software sdwan rp active internal "omp daemon" on a transport gateway, or a border router in a Multi-Region Fabric scenario, to show the VRF-specific affinity group configuration on a router. The output shows the affinity group for each configured VRF range.

See the procedures below for configuring VRF-specific affinity groups:

Configure Router Affinity Groups for Specific VRFs Using Cisco SD-WAN ManagerConfigure Router Affinity Groups for Specific VRFs Using Cisco SD-WAN Manager
Configure Router Affinity Groups for Specific VRFs Using a CLI Template Configure Router Affinity Groups for Specific VRFs Using a CLI Template

Device# show platform software sdwan rp active internal "omp daemon" | include Affinity
…
Affinity per VRF:

Affinity Group Number: 1 for VRF Range: 1-1
Affinity Group Number: 5 for VRF Range: 2-8

Verify a control policy for route leaking

Use show running-config policy control-policy on a Cisco SD-WAN Controller to show a control policy that configures route leaking from one VRF to another, if such a policy exists. Exporting routes from one VRF to another is called leaking routes.

For information about configuring a control policy that matches routes of a VRF list and exports the routes to a specific VRF, see Configure Centralized Policies Using the CLI.

Verify control policy application

Use show running-config apply-policy on a Cisco SD-WAN Controller to show the sites to which a control policy is applied.

This example shows a control policy that matches VRF1 routes and exports them to VRF2, and matches VRF2 routes and exports them to VRF1.

sdwanController# show running-config policy control-policy
policy
 control-policy LEAK_1_TO_2
  sequence 1 
   match route 
    vpn-list VRF1
   !
   action accept
    export-to
     vpn 2
    !
   !
  !
  default-action accept
 !
 control-policy LEAK_2_TO_1
  sequence 1
   match route
    vpn-list VRF2
   !
   action accept
    export-to
     vpn 1
    !
   !
  !
  default-action accept
 !
!
Example 2
The following example shows the sites to which the two policies configured in the previous example are applied.

sdwanController#show running-config apply-policy
apply-policy
 site-list SL1100
  control-policy LEAK_1_TO_2 in
 !
 site-list SL1300
  control-policy LEAK_2_TO_1 in
 !
!

Verify the derived affinity group of a route

Use show sdwan omp routesprefixdetail on a transport gateway, or a border router in a Multi-Region Fabric scenario, to show the derived affinity group assigned to a prefix. The derived-affinity-group parameter in the output shows the value.

In this example the derived affinity group is 2.

Device# show sdwan omp routes 192.168.1.0/24 detail
…
  preference       not set
  affinity group  None
  derived-affinity-group  2
  affinity-preference-order  None
  region-id          0
  br-preference      not set

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.