Introduction


Note
To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Configuration Groups and Feature Profiles

Table 1. Feature History

Feature Name

Release Information

Description

Configuration Groups and Feature Profiles

Cisco IOS XE Catalyst SD-WAN Release 17.8.1a

Cisco vManage Release 20.8.1

This feature provides a simple, reusable, and structured approach for the configurations in Cisco Catalyst SD-WAN. You can create a configuration group, that is, a logical grouping of features or configurations that is applied to one or more devices in the network that is managed by Cisco Catalyst SD-WAN. You can also create profiles based on features that are required, recommended, or uniquely used, and then combine the profiles to complete a device configuration.

The configuration group workflow in Cisco SD-WAN Manager provides a guided method to create configuration groups and feature profiles.

Configuration Groups and Feature Profiles (Phase II)

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

Introduces several enhancements to configuration groups, including (but not limited to):

  • Several features in various profiles

  • IPv6 configuration support in the VPN, interface, and BGP features

  • New options in the global settings for the System profile

Create Configuration Group Workflow for a Single-Router Site

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

This feature introduces the Create Configuration Group workflow. This simplified workflow consolidates the various settings pages into a single page so that you can easily review your configuration at once. The workflow also enables you to set up WAN and LAN routing in addition to the basic settings, at the time of creating a configuration group. As a result, a configuration that is created from the workflow is now immediately deployable.

Security Feature Profile in Configuration Groups

Cisco vManage Release 20.10.1

Cisco IOS XE Catalyst SD-WAN Release 17.10.1a

This feature enables you to configure a security profile in configuration groups.

Localized Policy for QoS, ACL, and Routing

Cisco vManage Release 20.10.1

Cisco IOS XE Catalyst SD-WAN Release 17.10.1a

This feature enables you to configure a policy profile, a QoS map policy, a route policy, and an ACL policy through feature profiles.

In addition, it introduces several enhancements to policy profiles, including options for configuring AS path, data prefix, and so on. Also introduces QoS map policy, route policy, and ACL policy options, among other enhancements.

Variables and Type 6 Encryption in CLI Profile

Cisco vManage Release 20.10.1

Cisco IOS XE Catalyst SD-WAN Release 17.10.1a

After you enter or import configuration into a CLI profile, you can convert certain values to device-specific variables or encrypt strings such as passwords, using Type 6 encryption.

Cisco Catalyst SD-WAN Remote Access Configuration

Cisco IOS XE Catalyst SD-WAN Release 17.11.1a

Cisco vManage Release 20.11.1

This feature enables you to configure Cisco Catalyst SD-WAN remote access for a device, using Cisco SD-WAN Manager. Configure remote access in the System feature profile in a configuration group.

Device Variables Option

Cisco IOS XE Catalyst SD-WAN Release 17.11.1a

Cisco vManage Release 20.11.1

You can modify system IP or site ID details of the device from the Associate Devices page while deploying devices.
Configuration Groups and Feature Profiles (Phase III)

Cisco IOS XE Catalyst SD-WAN Release 17.11.1a

Cisco vManage Release 20.11.1

Introduces several new features to the System, Transport, Service, and Other profiles.

Cisco Catalyst SD-WAN Remote Access Configuration in SSL-VPN Mode

Cisco IOS XE Catalyst SD-WAN Release 17.12.1a

Cisco Catalyst SD-WAN Manager Release 20.12.1

Introduces configuration of the following Cisco Catalyst SD-WAN Remote Access features for a device in SSL-VPN mode, using Cisco SD-WAN Manager:

  • Private IP Pool

  • Authentication

  • AAA Policy
Configuration Groups and Feature Profiles (Phase IV)

Cisco IOS XE Catalyst SD-WAN Release 17.12.1a

Cisco Catalyst SD-WAN Control Components Release 20.12.1

Introduces several features and subfeatures to configuration profiles.

Adds the Route leak to Global VPN option to the Route Leak parameter in the service VPN

Support for Dual Device Site Configuration

Cisco IOS XE Catalyst SD-WAN Release 17.12.1a

Cisco Catalyst SD-WAN Manager Release 20.12.1

This feature supports dual devices site configuration in the configuration groups workflow. You can select the dual router type configuration group workflow to deploy two devices in the same site considering the redundancy in the router.

Support for Specifying Default Values for Device-Specific Variables of a Feature

Cisco IOS XE Catalyst SD-WAN Release 17.15.1a

Cisco Catalyst SD-WAN Manager Release 20.15.1

You can provide a default value along with description to feature parameters when you select the Device Specific scope. Cisco SD-WAN Manager applies the default value of the parameter to the device while deploying the configuration group.

Create a Configuration Group Without Using a Workflow

Cisco IOS XE Catalyst SD-WAN Release 17.15.1a

Cisco Catalyst SD-WAN Manager Release 20.15.1

This feature introduces a method for creating configuration groups directly on the Configuration Groups page of Cisco SD-WAN Manager without launching a workflow. After selecting a product solution, you can create a configuration group based on the available profiles for that solution. Cisco SD-WAN Manager creates the configuration group with the required profiles, which you can configure based on your requirement. This feature allows you to reuse previously created profiles. You can create, manage, and deploy the configuration group from one page.

Information About Configuration Groups

The Configuration Group feature enables you to do the following:

  • Create a configuration group using one of the guided workflows—Create Configuration Group, Rapid Site Configuration Group, or Custom Configuration Group


    Note

    The Rapid Site Configuration Group and the Custom Configuration Group workflows are available only in Cisco vManage Release 20.8.x.

  • Deploy devices with a configuration group using the Deploy Configuration Group workflow


    Note

    In Cisco vManage Release 20.8.x, the Deploy Configuration Group workflow is called the Provision WAN Sites and Devices workflow.

Overview of Configuration Groups

The Configuration Group feature provides a simple, reusable, and structured approach for the configurations in Cisco Catalyst SD-WAN.

  • Configuration Group: A configuration group is a logical grouping of features or configurations that can be applied to one or more devices in the network managed by Cisco Catalyst SD-WAN. You can define and customize this grouping based on your business needs.

  • Feature Profile: A feature profile is a flexible building block of configurations that can be reused across different configuration groups. You can create profiles based on features that are required, recommended, or uniquely used, and then put together the profiles to complete a device configuration.

  • Feature: A feature profile consists of features. Features are the individual capabilities you want to share across different configuration groups.

Overview of Configuration Group Workflows

From Cisco vManage Release 20.9.1, the simplified Create Configuration Group workflow guides you in creating a configuration group for a single-router site. The workflow provides you with an improved configuration and troubleshooting experience. The workflow has the following features:

  • You can specify a name and description for a configuration group and configure the basic settings to keep your network running.

  • In addition to the basic settings, you can also configure advanced options at the time of creating a configuration group. For example, you can set up WAN and LAN routing; you can configure a BGP route, multiple static IPv4 routes, or both, for the WAN transport VPN. Similarly, you can configure a BGP route, an OSPF route, multiple static IPv4 routes, or all these routes, for a LAN service VPN. Thus, you can configure all the necessary options at the time of creating the configuration group itself, and do not have to modify the features separately after the group is created. As a result, any configuration created from the workflow is immediately deployable.


    Note

    If you assign a private color to a WAN interface while configuring a site using the configuration group workflow in Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, a static IP address is assigned by default.

    Private colors are metro-ethernet, mpls, private1, private2, private3, private4, private5, or private6.

  • You can review the various configuration settings on a single page within the workflow.

  • When you specify an incorrect setting, it is highlighted in red. As a result, you can easily identify errors, if any, and fix them. In addition, an asterisk adjacent to the field names helps you identify the mandatory settings within the workflow.

You can access the workflow from the Workflow Library in Cisco SD-WAN Manager.


Note

In Cisco vManage Release 20.8.x, the Rapid Site Configuration Group and the Custom Configuration Group workflows enabled you to create a configuration group. However, these workflows are deprecated from Cisco vManage Release 20.9.1.

Overview of the Deploy Configuration Group Workflow

The Deploy Configuration Group workflow enables you to deploy the configuration to the selected devices.


Note

In Cisco vManage Release 20.8.x, the Deploy Configuration Group workflow is called the Provision WAN Sites and Devices workflow.

You can access the workflow from the Workflow Library in Cisco SD-WAN Manager.

Overview of Dual Device Site Configuration

Minimum Supported Releases: Cisco IOS XE Catalyst SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Manager Release 20.12.1

In Cisco IOS XE Catalyst SD-WAN Release 17.11.1a and earlier releases, you could configure dual devices in the same site using a single router type configuration group workflow. Here all the configuration group features are applicable to both the routers. Starting from Cisco IOS XE Catalyst SD-WAN Release 17.12.1a, you can deploy dual device site configuration by selecting dual router type configuration group workflow, and distribute the transport side WAN and service side LAN interface configurations between the two routers based on your requirements.

This feature automates the deployment of two routers in the same site considering the redundancy in the router. One router acts as a primary device and the other as the secondary device. If there is a failure scenario in the primary router, the secondary router takes over ensuring that there’s no connectivity issues.

Depending on your requirement, you can configure the transport side WAN and service side LAN interfaces, enable TLOC or a full mesh topology, and select specific configuration groups features for both the routers.

Benefits of Configuration Groups

  • Simplicity

    The workflow-based configuration guides you with step-by-step instructions. You can clearly identify what is necessary, what is optional, and what is the recommended Cisco networking best practice.

    In addition, the basic and advanced settings of a configuration group are auto-populated, which in turn, simplifies the process of a configuration.

    From Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, you can create, manage, and deploy the configuration group from one single window.

  • End-to-end configuration without using a workflow

    From Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, you can create a configuration group without using workflows. Choose the SD-WAN option from the solution drop-down list to view or create a configuration group with just two mandatory profiles—the System profile and the Transport & Management profile.

    You can create other profiles such as Service, Policy, CLI-Add-on, and so on, based on your requirement.

  • Contextual method of adding features

    From Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, you can add features to profiles on a contextual basis. For example, if you are editing a VPN feature, then only interfaces appear in the contextual menu for you to add, but other VPNs don't.

  • Day-zero Deployment

    The day-zero setup of configuration groups helps you easily create a branch and deploy devices quickly.

  • Reusability

    You can reuse configuration components across an entire device family instead of one device model. This helps in easier management of configuration components.

    From Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, you can share profiles between multiple configuration groups.

  • Structure

    You can group devices based on a shared configuration in Cisco SD-WAN Manager.

  • Visibility

    A site-level topology is generated for Cisco IOS XE Catalyst SD-WAN devices that are attached to a configuration group. For complete information about viewing the topology of a site, see View Network Site Topology.

  • Findability

    The tagging feature helps you easily identify a subset of devices from hundreds of devices in a configuration group. For complete information about adding tags to devices, see Device Tagging.

Supported Devices for Configuration Groups

This feature is supported only on Cisco IOS XE Catalyst SD-WAN devices.

Prerequisites for Configuration Groups

Minimum software version for Cisco IOS XE Catalyst SD-WAN devices: Cisco IOS XE Catalyst SD-WAN Release 17.8.1a


Note

The downward compatibility support is till Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Minimum software version for Cisco SD-WAN Manager: Cisco vManage Release 20.8.1

Restrictions for Configuration Groups

  • You can associate a device to either a configuration group or a device template, but not both.

  • You can add a device to only one configuration group.

  • You can add only one tag rule to a configuration group.

  • (Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.12.1) You can only apply the dual device configuration group to a site with two or less devices. For additional devices in the same site, use a single device configuration group.

Use Cases for Configuration Groups

You can create configuration groups according to your business needs. For example, if your organization operates in North America and has offices and network infrastructure on both the West Coast and the East Coast, you can create two configuration groups—the East Coast Configuration Group and the West Coast Configuration Group.

The following figure shows that both the East Coast Configuration Group and the West Coast Configuration Group use the same system profile and service profile. The transport profile is different for both the groups.

Figure 1. Example of Configuration Groups
Two configuration groups sharing the same system profile and service profile, but using a different transport profile

In this figure,

  • The East Coast Configuration Group and the West Coast Configuration Group are examples of configuration groups. Similarly, a supply chain organization can create configuration groups for different facilities, such as a retail store configuration group and a distribution center configuration group. A multinational company can create configuration groups to cater to its business needs in different regions, such as the Americas Configuration Group and the EMEA Configuration Group.

  • System profile, transport profile, and service profile are examples of feature profiles.

  • Logging; Banner; interfaces, such as MPLS, LTE, and Internet; VPN1; VPN2; and so on are examples of features.

Use Case for Dual Device Site Configurations

To deploy dual device site configuration, you can choose a TLOC extension or a full mesh topology in the dual router type configuration group workflow. Use of TLOC extensions is recommended for failure scenarios and redundancy.

Figure 2. TLOC Extension Topology

When you use a TLOC extension, there's a transport extension between the two devices. One end acts like a tunnel interface and the other end acts like a TLOC interface. By default, there's a single uplink to the public interface for each of the device. One device has an uplink to MPLS and the other device has an uplink to the internet.

Figure 3. Full Mesh Topology

In the full mesh topology, there's no transport extension and there's an assumption that each device has its own public uplink.