Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices

Chapter Title

Configuration

Results

Updated:
September 2, 2020

Chapter: Configuration

Configuration

Configuration

Add the vBond Orchestrator to the Overlay Network

After you create a minimal configuration for the vBond orchestrator, you must add it to overlay network by making the vManage NMS aware of the vBond orchestrator. When you add a vBond orchestrator, a signed certificate is generated and is used to validate and authenticate the orchestrator.

Add the vBond Orchestrator and Generate Certificate

To add a vBond orchestrator to the network, automatically generate the CSR, and install the signed certificate:​

  1. In vManage NMS, select the Configuration ► Devices screen.

  2. In the Controllers tab, click Add Controller and select vBond.

  3. In the Add vBond dialog box:

    1. Enter the vBond management IP address.

    2. Enter the username and password to access the vBond orchestrator.

    3. Select the Generate CSR checkbox to allow the certificate-generation process to occur automatically.

    4. Click Add.

vManage NMS generates the CSR, retrieves the generated certificate, and automatically installs it on the vBond orchestrator. The new controller device is listed in the Controller table with the controller type, hostname of the controller, IP address, site ID, and other details.

Verify Certificate Installation

To verify that the certificate is installed on a vBond orchestrator:

  1. In vManage NMS, select the Configuration ► Devices screen.

  2. In the Controller table, select the row listing the new device, and check the Certificate Status column to ensure that the certificate has been installed.

What's Next

See Start the Enterprise ZTP Server.

Add Cisco vManage to a Cluster

To add a new Cisco vManage to the cluster:

  1. In the Administration > Cluster Management > Service Configuration tab, click Add vManage. The Add vManage screen opens.

  2. From the Cisco vManage IP Address drop-down list, select an IP address to assign to the Cisco vManage server.

  3. Specify a username and password for the Cisco vManage server.

  4. Enter the IP address of the Cisco vManage you are adding to the cluster.

  5. Specify the username and password for the new Cisco vManage server.

  6. Select the services to run on the Cisco vManage server. You can select from the services listed below. Note that the Application Server field is not editable. The Cisco vManage Application Server is the local Cisco vManage HTTP web server.

    • Statistics Database—Stores all real-time statistics from all Cisco SD-WAN devices in the network.

    • Configuration Database—Stores all the device and feature templates and configurations for all Cisco SD-WAN devices in the network.

    • Messaging Server—Distributes messages and shares state among all Cisco vManage cluster members.

  7. Click Add. The Cisco vManage that you just added then reboots before joining the cluster.

In a cluster, we recommend that you run at least three instances of each service.

Add the vSmart Controller to the Overlay Network

After you create a minimal configuration for the vSmart controller, you must add it to overlay network by making the vManage NMS aware of the controller. When you add a vSmart controller, a signed certificate is generated and is used to validate and authenticate the controller.

The vManage NMS can support up to 20 vSmart controllers in the network.

Add a vSmart Controller and Generate Certificate

To add a vSmart controller to the network, automatically generate the CSR, and install the signed certificate:​

  1. In vManage NMS, select the Configuration ► Devices screen.

  2. In the Controllers tab, click Add Controller and select vSmart.

  3. In the Add vSmart dialog box:

    1. Enter the system IP address of the vSmart controller.

    2. Enter the username and password to access the vSmart controller.

    3. Select the protocol to use for control-plane connections. The default is DTLS.

    4. If you select TLS, enter the port number to use for TLS connections. The default is 23456.

    5. Select the Generate CSR checkbox to allow the certificate-generation process to occur automatically.

    6. Click Add.

vManage NMS automatically generates the CSR, retrieves the generated certificate, and installs it on the vSmart controller. The new controller is listed in the Controller table with the controller type, hostname of the controller, IP address, site ID, and other details.

Verify Certificate Installation

To verify that the certificate is installed on a vSmart controller:

  1. In vManage NMS, select the Configuration ► Devices screen.

  2. In the Controllers table, select the row listing the new controller, and check the Certificate Status column to ensure that the certificate has been installed.

What's Next

See Deploy the vEdge Routers.

Apply Policy to a Zone Pair

Table 1. Feature History

Feature Name

Release Information

Description

Self Zone Policy for Zone-Based Firewalls

Cisco IOS XE SD-WAN Release 16.12.1b

 This feature allows you to define firewall policies for incoming and outgoing traffic between a self zone of an edge router and another zone. When a self zone is configured with another zone, the traffic in this zone pair is filtered as per the applied firewall policy.

Note

For IPSEC overlay tunnels in Cisco SD-WAN, if a self zone is selected as a zone pair, firewall sessions are created for SD-WAN overlay BFD packets if inspect action is configured for UDP.


Warning

Control connections may be impacted when you configure drop action from self-zone to VPN0 and vice versa. This applies for DTLS/TLS, BFD packets, and IPsec overlay tunnel.


Note

However, for GRE overlay tunnels, if you chose a self zone as a zone pair with the inspect action of protocol 47, firewall sessions are created only for TCP, UDP, ICMP packets; but not BFD packets.

To apply policy to a zone pair:

  1. Create security policy using Cisco vManage. See

    https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/m-firewall-17.html#c-use-the-policy-configuration-wizard-17

  2. At the top of the page, click Apply Zone-Pairs.

  3. In the Source Zone field, choose the zone that is the source of the data packets.

  4. In the Destination Zone field, choose the zone that is the destination of the data packets.


    Note

    You can choose self zone for either a source zone or a destination zone, not both.

  5. Click the plus (+) icon to create a zone pair.

  6. Click Save.

  7. At the bottom of the page, click Save Firewall Policy to save the policy.

  8. To edit or delete a firewall policy, click the More Actions icon in the right pane to the far right of the policy, and select the desired option.

  9. Click Next to configure the next security block in the wizard.

    • Intrusion Prevention

    • URL Filtering

    • DNS Security

Attach and Detach a Device Template

To configure a device on the network, you attach a device template to the device. You can attach only one device template to a device, so the template—whether you created it by consolidating individual feature templates or by entering a CLI text-style configuration—must contain the complete configuration for the device. You cannot mix and match feature templates and CLI-style configurations.

On Cisco Cisco IOS XE SD-WAN devices in the overlay network, you can perform the same operations, in parallel, from one or more vManage servers. You can perform the following template operations in parallel:

  • Attach a device template to devices

  • Detach a device template from a device

  • Change the variable values for a device template that has devices attached to it

For template operations, the following rules apply:

  • When a device template is already attached to a device, you can modify one of its feature templates. Then when you click Update ► Configure Devices, all other template operations—including attach devices, detach devices, and edit device values—are locked on all vManage servers until the update operation completes. This means that a user on another vManage server cannot perform any template operations until the update completes.

  • You can perform the attach and detach device template operations on different devices, from one or more vManage servers, at the same time. However, if any one of these operations is in progress on one vManage server, you cannot edit any feature templates on any of the servers until the attach or detach operation completes.

If the device being configured is present and operational on the network, the configuration is sent to the device immediately and takes effect immediately. If the device has not yet joined the network, the pushing of the configuration to the device is scheduled. When the device joins the network, Cisco vManage pushes the configuration immediately after it learns that the device is present in the network.

Attach a Device Template to Devices

You can attach the same templates to multiple devices, and you can do so simultaneously, in a single operation.

To attach a device template to one or more devices:

  1. In the Device tab, select a template.

  2. Click the More Actions icon to the right of the row and click Attach Devices. The Attach Devices dialog box opens with the Select Devices tab selected

  3. In the Available Devices column on the left, select a group and search for one or more devices, select a device from the list, or click Select All.

  4. Click the arrow pointing right to move the device to the Selected Devices column on the right.

  5. Click Attach.

  6. If the template contains variables, enter the missing variable values for each device you selected in one of the following ways:

  • Enter the values manually for each device either in the table column or by clicking the More Actions icon to the right of the row and clicking Edit Device Template. When you are using optional rows, if you do not want to include the parameter for the specific device, do not specify a value.

  • Click Import File in the upper right corner of the screen to upload a CSV file that lists all the variables and defines each variable's value for each device.

  1. Click Update

  2. Click Next. If any devices have the same system IP address, a pop-up or an error message is displayed when you click Next. Modify the system IP addresses so that there are no duplicates, and click Save. Then click Next again.

  3. In the left pane, select the device, to preview the configuration that is ready to be pushed to the device. The right pane displays the device's configuration and the Config Preview tab in the upper right corner is selected. Click the Config Diff tab to view the differences between this configuration and the configuration currently running on the device, if applicable. Click the Back button to edit the variable values entered in the previous screen.

  4. If you are attaching a Cisco IOS XE SD-WAN device, click Configure Device Rollback Timer located at the bottom of the left pane, to configure the time interval at which the device rolls back to its previous configuration if the router loses its control connection to the overlay network. The Configure Device Rollback Time dialog box is displayed.

    1. From the Devices drop-down, select a device.

    2. To enable the rollback timer, in the Set Rollback slider beneath the Devices drop-down, drag the slider to the left to enable the rollback timer. When you do this, the slider changes in color from gray to green.

    3. To disable the rollback timer, click the Enable Rollback slider. When you disable the timer, the Password field pops up. Enter the password that you used to log in to the vManage NMS.

    4. In the Device Rollback Time slider, drag the slider to the desired value. The default time is 5 minutes. You can configure a time from 6 to 15 minutes.

    5. To exclude a device from the rollback timer setting, click Add Exception and select the devices to exclude.

    6. The table at the bottom of the Configure Device Rollback Time dialog box lists all the devices to which you are attaching the template and their rollback time. To delete a configured rollback time, click the Trash icon to the right of the device name.

    7. Click Save.

  5. Click Configure Devices to push the configuration to the devices. The Status column displays whether the configuration was successfully pushed. Click the right angle bracket to the left of the row to display details of the push operation.

Export a Variables Spreadsheet in CSV Format for a Template

  1. In the Device tab, select a device template.

  2. Click the More Actions icon to the right of the row and click Export CSV.

Change the IP Address of the Current Cisco vManage

We recommend that you configure the IP address of the Cisco vManage server statically, in its configuration file. Configure this IP address on a non-tunnel interface in VPN 0. We recommend that you do not configure DHCP in VPN 512.

When you start Cisco vManage for the first time, the default IP address of the Cisco vManage server is shown as "localhost". Before you can add a new Cisco vManage server to a cluster, you must change localhost to an IP address:

  1. In the Administration > Cluster Management > Service Configuration tab, click Add vManage. The Edit vManage screen opens.

  2. From the vManage IP Address drop-down list, select an IP address to assign to the Cisco vManage server.

  3. Specify a username and password for the Cisco vManage server.

  4. Click Update.

The Cisco vManage server automatically reboots and displays the Cluster Management screen.

Change Configuration Modes

A device can be in either of these configuration modes:

  • vManage mode–A template is attached to the device and you cannot change the configuration on the device by using the CLI.

  • CLI mode – No template is attached to the device and the device can be configured locally by using the CLI.

When you attach a template to a device from vManage, it puts the device in vManage mode. You can change the device back to CLI mode if needed to make local changes to its configuration.

To toggle a router from vManage mode to CLI mode:

  1. In WAN Edge List tab, select a device.

  2. Click the Change Mode drop-down and select CLI mode.

An SSH window opens. To log in to the device, enter a username and password. You can then issue CLI commands to configure or monitor the device.

To toggle a controller device from vManage mode to CLI mode:

  1. In the Controllers tab, select a device.

  2. Click the Change Mode drop-down.

  3. Select CLI mode and then select the device type. The Change Mode CLI window opens.

  4. From the vManage mode pane, select the device and click the right arrow to move the device to the CLI mode pane.

  5. Click Update to CLI Mode.

An SSH window opens. To log in to the device, enter a username and password. You can then issue CLI commands to configure or monitor the device.

Configure Adaptive QoS

Table 2. Feature History

Feature Name

Release Information

Description

Adaptive QoS

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

You can now configure adaptive QoS from the Adaptive QoS tab using the Cisco VPN template for one of the supported interfaces.

To configure adaptive QoS use the Cisco VPN template for one of the following interfaces: Ethernet, Cellular, or DSL.

  1. In Cisco vManage, navigate to Configuration > Templates.

  2. Click the Feature tab and then click Add Template.

  3. Choose a device from the list on the left. Feature templates that are applicable to the device are shown in the right pane.

  4. Choose one of the available Cisco VPN Interface templates. In this example, we've chosen the Cisco VPN Interface Ethernet template.

  5. Enter a name and description for the feature template.

  6. Click the ACL/QoS tab.

  7. Notice that Adaptive QoS is disabled by default. To enable it, from the Adaptive QoS drop-down list, choose Global, and click the On radio button.

  8. (Optional) Enter adaptive QoS parameters. You can leave the additional details at as default or specify your values.

    • Adapt Period: Choose Global from the drop-down list, click the On radio button, and enter the period in minutes.

    • Shaping Rate Upstream: Choose Global from the drop-down list, click the On radio button and enter the minimum, maximum, and default upstream bandwidth in Kbps.

    • Shaping Rate Downstream: Choose Global from the drop-down list, click the On radio button, and enter the minimum, maximum, downstream, and upstream bandwidth in Kbps.

  9. Click Save.

  10. Attach the feature template to a device template.

Configure BFD for Routing Protocols

Table 3. Feature History

Feature Name

Release Information

Description

BFD for Routing Protocols in Cisco SD-WAN

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

You can now use the CLI Add-on feature templates in Cisco vManage to configure BFD for supported routing protocols.

Cisco vManage does not provide an independent template to configure BFD for routing protocols. However, supported protocols can be registered or deregistered to received BFD packets by adding configurations using the CLI add-on template in Cisco vManage. Use the CLI add-on template to configure the following:

  • Add a single-hop BFD template with parameters such as timer, multiplier, session mode, and so on.

  • Enable the BFD template under interfaces. Only one BFD template can be added per interface.

  • Enable or disable BFD for the supported routing protocols. The configuration to enable or disable BFD is different for each of the supported routing protocols: BGP, EIGRP, OSPF, and OSPFv3.

Configure BFD for Service-Side BGP

  1. In Cisco vManage, select Configuration > Templates.

  2. Click the Feature tab.

  3. Click Add Template.

  4. Choose a device from the device list in the left pane.

  5. Choose the CLI Add-on Template under Other Templates.

  6. Enter the CLI configuration to add a single-hop BFD template and to enable BFD for service-BGP as shown in the following example.

    bfd-template single-hop t1
 interval min-tx 500 min-rx 500 multiplier 3
 !
interface GigabitEthernet1
   bfd template t1 
   
router bgp 10005
address-family ipv4 vrf 1
    neighbor 10.20.24.17 fall-over bfd
    !
  address-family ipv6 vrf 1
    neighbor 2001::7 fall-over bfd

    Understanding the CLI Configuration

    In this example, a single hop BFD template is created specifying the minimum and maximum interval and the multiplier. Specifying these parameters is mandatory. In addition, you have the option to also specify other BFD parameters such as echo mode (enabled by default), and BFD dampening (off by default). Once created, the BFD template is enabled under an interface (GigabitEthernet1, in this example).


    Note

    To modify a BFD template enabled on an interface, you need to remove the existing template first, modify it, and then enable it on the interface again.

  7. Click Save.

  8. Attach the CLI Add-on Template with this configuration to the device template.


    Note

    For the configuration to take effect, the device template must have a BGP feature template attached to it.

  9. Attach the device template to the device.

Configure BFD for Transport-Side BGP

  1. In Cisco vManage, select Configuration > Templates.

  2. Click the Feature tab.

  3. Click Add Template.

  4. Choose a device from the device list in the left pane.

  5. Choose the CLI Add-on Template under Other Templates.

  6. Enter the CLI configuration to add a single-hop BFD template and to enable BFD for transport-BGP as shown in the following example. 

    
bfd-template single-hop t1
interval min-tx 500 min-rx 500 multiplier 3
! 
interface GigabitEthernet1
bfd template t1 
!     
router bgp 10005
neighbor 10.1.15.13 fall-over bfd
!
sdwan
interface GigabitEthernet1
tunnel-interface
allow-service bfd
allow-service bgp

    Understanding the CLI Configuration

    In this example, a single hop BFD template is created specifying the minimum and maximum interval and the multiplier. Specifying these parameters is mandatory. In addition, you have the option to also specify other BFD parameters such as echo mode (enabled by default), and BFD dampening (off by default). Once created, the BFD template is enabled under an interface (GigabitEthernet1, in this example). In this example, GigabitEthernet1 is also the source of the SD-WAN tunnel. Allowing service under the tunnel interface of GigabitEthernet1 ensures that BGP and BFD packets pass over the tunnel.


    Note

    To modify a BFD template enabled on an interface, you need to remove the existing template first, modify it, and then enable it on the interface again.

  7. Click Save.

  8. Attach the CLI Add-on Template with this configuration to the device template.


    Note

    For the configuration to take effect, the device template must have a BGP feature template attached to it.

Configure BFD for Service-Side EIGRP

  1. In Cisco vManage, select Configuration > Templates.

  2. Click the Feature tab.

  3. Click Add Template.

  4. Choose a device from the device list in the left pane.

  5. Choose the CLI Add-on Template under Other Templates.

  6. Enter the CLI configuration to add a single-hop BFD template enable BFD for EIGRP as shown in the example below.

    bfd-template single-hop t1
 interval min-tx 500 min-rx 500 multiplier 3
 !
interface GigabitEthernet5
   bfd template t1 
   
router eigrp myeigrp
address-family ipv4 vrf 1 autonomous-system 1
    af-interface GigabitEthernet5
     bfd

    Understanding the CLI Configuration

    In this example, a single hop BFD template is created specifying the minimum and maximum interval and the multiplier. Specifying these is mandatory. In addition, you have the option to also specify other BFD parameters such as echo mode (enabled by default), and BFD dampening (off by default).

    Once created, the BFD template is enabled under an interface (GigabitEthernet5, in this example).


    Note

    To modify a BFD template enabled on an interface, you first need to remove the existing template, modify it, and enable it on the interface again.

  7. Click Save.

  8. Attach the CLI Add-on Template with this configuration to the device template.


    Note

    For the configuration to take effect, the device template must have an EIGRP feature template attached to it.

  9. Attach the device template to the device.

Configure BFD for Service-Side OSPF and OSPFv3

  1. In Cisco vManage, select Configuration > Templates.

  2. Click the Feature tab.

  3. Click Add Template.

  4. Choose a device from the device list in the left pane.

  5. Choose the CLI Add-on Template under Other Templates.

  6. Enter the CLI configuration to add a single-hop BFD template enable BFD for OSPF and OSPFv3 as shown in the examples below.

    OSPF

    bfd-template single-hop t1
interval min-tx 500 min-rx 500 multiplier 3
! 
interface GigabitEthernet5
bfd template t1
!
interface GigabitEthernet1
bfd template t1 
!     
router ospf 1 vrf 1
 bfd all-interfaces
!

    OSPFv3

    bfd-template single-hop t1
 interval min-tx 500 min-rx 500 multiplier 3
 
interface GigabitEthernet5
   bfd template t1
router ospfv3 1
 address-family ipv4 vrf 1
  bfd all-interfaces

    Understanding the CLI Configuration

    In these examples, a single hop BFD template is created specifying the minimum and maximum interval and the multiplier. Specifying these is mandatory. In addition, you have the option to also specify other BFD parameters such as echo mode (enabled by default), and BFD dampening (off by default).

    Once created, the BFD template is enabled under an interface (GigabitEthernet5, in this example).


    Note

    To modify a BFD template enabled on an interface, you first need to remove the existing template, modify it, and enable it on the interface again.

  7. Click Save.

  8. Attach the CLI Add-on Template with this configuration to the device template.


    Note

    For the configuration to take effect, the device template must have an OSPF feature template attached to it.

  9. Attach the device template to the device.

Configure or Cancel vManage Server Maintenance Window

You can set or cancel the start and end times and the duration of the maintenance window for the vManage server.

  1. In vManage NMS, select the Administration > Settings screen.

  2. Click the Edit button to the right of the Maintenance Window bar.

    To cancel the maintenance window, click Cancel.

  3. Click the Start date and time drop-down, and select the date and time when the maintenance window will start.

  4. Click the End date and time drop-down, and select the date and time when the maintenance window will end.

  5. Click Save. The start and end times and the duration of the maintenance window are displayed in the Maintenance Window bar.

Two days before the start of the window, the vManage Dashboard displays a maintenance window alert notification.

Configure Certificate Authorization Settings for WAN Edge Routers

Certificates are used to authenticate routers in the overlay network. Once authentication is complete, the routers can establish secure sessions with other devices in the overlay network.

By default, the WAN Edge Cloud Certificate Authorization is automated. This is the recommended setting.

If you use third-party certificate authorization, configure certificate authorization to be manual:

  1. In Cisco vManage, navigate to Administration > Settings.

  2. Click Edit to the right of the Hardware WAN Edge Certificate Authorization bar.

  3. In the Security field, select Enterprise Certificate (signed by Enterprise CA).

  4. Click Save.

Configure Certificate Settings

New controller devices in the overlay network—Cisco vManage instances, vBond orchestrators, and vSmart controllers—are authenticated using signed certificates. From the Cisco vManage, you can automatically generate the certificate signing requests (CSRs), retrieve the generated certificates, and install them on all controller devices when they are added to the network.


Note

All controller devices must have a certificate installed on them to be able to join the overlay network.

To automate the certification generation and installation process, configure the name of your organization and certificate authorization settings before adding the controller devices to the network.

For more information, see Certificates.

Configure Certificate Settings

New controller devices in the overlay network—Cisco vManage instances, vBond orchestrators, and vSmart controllers—are authenticated using signed certificates. From the Cisco vManage, you can automatically generate the certificate signing requests (CSRs), retrieve the generated certificates, and install them on all controller devices when they are added to the network.


Note

All controller devices must have a certificate installed on them to be able to join the overlay network.

To automate the certification generation and installation process, configure the name of your organization and certificate authorization settings before adding the controller devices to the network.

For more information, see Certificates.

Configure Cloud onRamp for IaaS for Amazon Web Services

Before you begin

A series of considerations are essential to configure Cloud onRamp for IaaS for AWS.

  • Transit VPCs provide the connection between the Cisco overlay network and the cloud-based applications running on host VPCs. Each transit VPC consists of up to four pairs of cloud routers that reside in their own VPC. Multiple routers are used to provide redundancy for the connection between the overlay network and cloud-based applications. On each of these two cloud routers, the transport VPN (VPN 0) connects to a branch router, and the service-side VPNs (any VPN except for VPN 0 and VPN 512) connect to applications and application providers in the public cloud.

  • Cloud onRamp supports auto-scale for AWS. To use auto-scale, ensure that you associate two to four pairs of cloud routers to a transit VPC. Each of the devices that are associated with the transit VPC for auto-scale should have a device template attached to it.

  • Host VPCs are virtual private clouds in which your cloud-based applications reside. When a transit VPC connects to an application or application provider, it is simply connecting to a host VPC.

  • All host VPCs can belong to the same account, or each host VPC can belong to a different account. A host that belongs one account can be mapped to a transit VPC that belongs to a completely different account. You configure cloud instances by using a configuration wizard.

Procedure

Step 1

In Cisco vManage, select Configuration > Cloud onRamp for IaaS.

Step 2

Click Add New Cloud Instance.

Step 3

In the Add Cloud Instance – log in to a Cloud Server popup:

  1. In the Cloud drop-down, select the Amazon Web Services radio button.

  2. Click IAM Role or Key to log in to the cloud server. It is recommended that you use IAM Role.

  3. If you select IAM Role:

    1. In the Role ARN field, enter the role ARN of the IAM role.

    2. In the External ID field, enter external ID created for the role ARN. It is recommended that the external ID include 10 to 20 characters in random order. To authenticate to the vManage NMS using an IAM role, vManage NMS must be hosted by Cisco on AWS and have the following attributes:

      • Trusts the AWS account, 200235630647, that hosts the vManage NMS.

      • Have all permissions for EC2 and VPC resources.

      • A default timeout of at least one hour.

      If Cisco vManage is not hosted by Cisco on AWS, assign an IAM role with permissions to AssumeRole to the vManage server running the Cloud OnRamp process. Refer to the AWS documentation for details.

  4. If you select Key:

    1. In the API Key field, enter your Amazon API key.

    2. In the Secret Key field, enter the password associated with the API key.

Step 4

Click Login to log in to the cloud server.

The cloud instance configuration wizard opens. This wizard consists of three screens that you use to select a region and discover host VPCs, add transit VPC, and map host VPCs to transit VPCs. A graphic on the right side of each wizard screen illustrates the steps in the cloud instance configuration process. The steps that are not yet completed are shown in light gray. The current step is highlighted within a blue box. Completed steps are indicated with a green checkmark and are shown in light orange.

Step 5

Select a region:

  1. In the Choose Region drop-down, choose a geographical region.

  2. Click Save and Finish to create a transit VPC or optionally click Proceed to Discovery and Mapping to continue with the wizard.

Step 6

Add a transit VPC:

  1. In the Transit VPC Name field, type a name for the transit VPC.

    The name can be up to 128 characters and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.

  2. Under Device Information, enter information about the transit VPC:

    1. In the WAN Edge Version drop-down, select the software version of the cloud router to run on the transit VPC.

    2. In the Size of Transit WAN Edge drop-down, choose how much memory and how many CPUs to use for each of the cloud routers that run on the transit VPC.

    3. In the Max. Host VPCs per Device Pair field, select the maximum number of host VPCs that can be mapped to each device pair for the transit VPC. Valid values are 1 through 32.

    4. In the Device Pair 1# fields, select the serial numbers of each device in the pair. To remove a device serial number, click the X that appears in a field.

      The devices that appear in this field have been associated with a configuration template and support the WAN Edge Version that you selected.

    5. To add additional device pairs, click .

      To remove a device pair, click .

      A transit VPC can be associated with one to four device pairs. To enable the Cloud onRamp auto-scale feature for AWS, you must associate at least two device pairs with the transit VPC.

    6. Click Save and Finish to complete the transit VPC configuration or optionally click Proceed to Discovery and Mapping to continue with the wizard.

    7. Click Advanced if you wish to enter more specific configuration options:

      1. In the Transit VPC CIDR field, enter a custom CIDR that has a network mask in the range of 16 to 25. If you choose to leave this field empty, the Transit VPC is created with a default CIDR of 10.0.0.0/16.

      2. In the SSH PEM Key drop-down, select a PEM key pair to log in to an instance. Note that the key pairs are region-specific. Refer to the AWS documentation for instructions on creating key pairs.

    8. Click Save and Finish to complete the transit VPC configuration, or optionally click Proceed to Discovery and Mapping to continue with the wizard.

    9. Select hosts to discover:

      1. In the Select an account to discover field, select a host to map to this transit VPC.

      2. Click Discover Host VPCs.

      3. In the table that displays, choose one or more hosts to map to this transit VPC.

        You can use the search field and options to display only host VPCs that mention specific search criteria.

        You can click the Refresh icon to update the table with current information.

        You can click the Show Table Columns icon to specify which columns display in the table.

      4. Click Next.

    1. In the WAN Edge Version drop-down, select the software version of the cloud router to run on the transit VPC.

    2. In the Size of Transit WAN Edge drop-down, choose how much memory and how many CPUs to use for each of the cloud routers that run on the transit VPC.

    3. In the Max. Host VPCs per Device Pair field, select the maximum number of host VPCs that can be mapped to each device pair for the transit VPC. Valid values are 1 through 32.

    4. In the Device Pair 1# fields, select the serial numbers of each device in the pair. To remove a device serial number, click the X that appears in a field.

      The devices that appear in this field have been associated with a configuration template and support the WAN Edge Version that you selected.

    5. To add additional device pairs, click .

      To remove a device pair, click .

      A transit VPC can be associated with one to four device pairs. To enable the Cloud onRamp auto-scale feature for AWS, you must associate at least two device pairs with the transit VPC.

    6. Click Save and Finish to complete the transit VPC configuration or optionally click Proceed to Discovery and Mapping to continue with the wizard.

    7. Click Advanced if you wish to enter more specific configuration options:

      1. In the Transit VPC CIDR field, enter a custom CIDR that has a network mask in the range of 16 to 25. If you choose to leave this field empty, the Transit VPC is created with a default CIDR of 10.0.0.0/16.

      2. In the SSH PEM Key drop-down, select a PEM key pair to log in to an instance. Note that the key pairs are region-specific. Refer to the AWS documentation for instructions on creating key pairs.

    8. Click Save and Finish to complete the transit VPC configuration, or optionally click Proceed to Discovery and Mapping to continue with the wizard.

    9. Select hosts to discover:

      1. In the Select an account to discover field, select a host to map to this transit VPC.

      2. Click Discover Host VPCs.

      3. In the table that displays, choose one or more hosts to map to this transit VPC.

        You can use the search field and options to display only host VPCs that mention specific search criteria.

        You can click the Refresh icon to update the table with current information.

        You can click the Show Table Columns icon to specify which columns display in the table.

      4. Click Next.

Step 7

Map the host VPCs to transit VPCs:

  1. In the table of host VPCs, select the desired host VPCs.

  2. Click Map VPCs. The Map Host VPCs popup opens.

  3. In the Transit VPC drop-down, select the transit VPC to map to the host VPCs.

  4. In the VPN drop-down, select the VPN in the overlay network in which to place the mapping.

  5. Enable the Route Propagation option if you want Cisco vManage to automatically propagate routes to the host VPC routes table.

  6. Click Map VPCs.

  7. Click Save and Complete.

In the VPN feature configuration template for VPN 0, when configuring the two cloud routers that form the transit VPC, ensure that the color you assign to the tunnel interface is a public color, not a private color. Public colors are 3g, biz-internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, metro-ethernet, mpls, public-internet, red, and silver.

Display Host VPCs

Procedure
Step 1

In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default. In the bar below this, Mapped Host VPCs is selected by default, and the table on the screen lists the mapping between host and transit VPCs, the state of the transit VPC, and the VPN ID.

Step 2

To list unmapped host VPCs, click Unmapped Host VPCs. Then click Discover Host VPCs.

Step 3

To display the transit VPCs, click Transit VPCs.

Map Host VPCs to a Transit VPC

Procedure
Step 1

In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens.
Step 2

Click Un-Mapped Host VPCs.

Step 3

Click Discover Host VPCs.

Step 4

From the list of discovered host VPCs, select the desired host VPCs.
Step 5

Click Map VPCs. The Map Host VPCs popup opens.

Step 6

In the \ drop-down, choose the desired transit VPC.

Step 7

In the VPN drop-down, choose the VPN in the overlay network in which to place the mapping.

Step 8

Click Map VPCs.

Unmap Host VPCs

Procedure
Step 1

In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens.
Step 2

Click Mapped Host VPCs.

Step 3

From the list of VPCs, select the desired host VPCs.
Step 4

Click Unmap VPCs.

Step 5

Click OK to confirm the unmapping.

Unmapping host VPCs deletes all VPN connections to the VPN gateway in the host VPC, and then deletes the VPN gateway. When you make additional VPN connections to a mapped host VPC, they will be terminated as part of the unmapping process.

Display Transit VPCs

Procedure
Step 1

In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default.

Step 2

Click Transit VPCs.

The table at the bottom of the screen lists the transit VPCs

Add Transit VPC

Procedure
Step 1

In the Cloud onRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default.

Step 2

Click Transit VPCs.

Step 3

Click Add Transit VPC.

To add a transit VPC, perform operations from step 6 of Configure Cloud onRamp for IaaS for Amazon Web Services.

Delete Device Pair

Before you begin
The device pair must be offline.
Procedure
Step 1

Go to the Cloud onRamp Dashboard.
Step 2

Click a device pair ID.

Step 3

Verify that the status of the device pair is offline.
Step 4

To descale the device pairs, click the trash can icon in the Action column or click the Trigger Autoscale option.

Delete Transit VPC


Note

To delete the last pair of online device pairs, you must delete a transit VPC.
Before you begin
Delete the device pairs that are associated with the transit VPC.
Procedure
Step 1

In the Cloud onRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default.

Step 2

Click Host VPCs.

Step 3

Select all host VPCs, and click Unmap VPCs.

Ensure that all host mappings with transit VPCs are unmapped.
Step 4

Click OK to confirm the unmapping.

Step 5

Click Transit VPCs.

Step 6

Click the trash icon to the left of the row for the transit VPC.

Note 

The trash icon is not available for the last device pair of transit VPC. Hence, to delete the last device pair, click Delete Transit drop-down list at the right corner. The trash icon is only available from the second device pair onwards.

Step 7

Click OK to confirm.

Add Device Pairs

Procedure
Step 1

Click Add Device Pair.

Note 
Ensure that the devices you are adding are already associated with a device template.
Step 2

In the box, select a device pair.
Step 3

Click the Add icon to add more device pairs.

You can add up to a total of four device pairs to the transit VPC.
Step 4

Click Save.

History of Device Pairs for Transit VPCs

Procedure
Step 1

To display the Transit VPC Connection History page with all the corresponding events, click History for a device pair.

Step 2

View a histogram of events that have occurred in the previous one hour is displayed and a table of all events for the selected transit VPC. The table lists all the events generated in the transit VPC. The events can be one of the following:

  • Device Pair Added

  • Device Pair Spun Up

  • Device Pair Spun Down

  • Device Pair Removed

  • Host Vpc Mapped

  • Host Vpc Unmapped

  • Host Vpc Moved

  • Transit Vpc Created

  • Transit Vpc Removed

Edit Transit VPC

Procedure
Step 1

Click Edit Transit Details. Provide a value for the maximum number of host VPCs per device pair to which the transit VPC can be mapped.

Step 2

Click OK.

This operation can trigger auto-scale.

Configure Cloud onRamp for Multi-Cloud through vManage

Table 4. Feature History

Feature Name

Release Information

Description

Integration of AWS Branch with Cisco IOS XE SD-WAN Devices

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

You can configure Cloud onRamp on Multi-Cloud environment using the Cloud OnRamp for Multi-Cloud option under the Configuration tab.

To create a new account for cloud onRamp for multi-cloud:

  1. In Cisco vManage, navigate to Configuration > Cloud onRamp for Multi-Cloud. The Cloud onRamp for Multi-Cloud dashboard displays.

  2. Click Account Creation in the Setup pane. The Associate Cloud Account page appears.

  3. Enter the account name in the Account Name field.

  4. (Optional) Enter the description in the Description field.

  5. In the Use for Cloud Gateway, choose Yes if you want to create cloud gateway in your account, else select No.

  6. Choose the authentication model you want to use in the field Login in to AWS With.

    • Key

    • IAM Role

    If you choose Key model, then provide API Key and Secret Key in the respective fileds.

    Or

    If you choose IAM Role model, then provide Role ARN and External Id details.

  7. Click Add.

Parameter

Description
Account Name

Specifies the cloud account name.
Description

(Optional) Specifies the cloud account desciption.
Use for Cloud Gateway

Specifies if the account is created to launch Cloud Gateway. The options are: Yes or No
Login in to AWS With

Specifies the authentication model you want to use. The model options are:

  • Key

  • IAM Role
Key API Key - Specifies the Amazon API key.
Secret Key - Specifies the password associated with the API key.
IAM Role Role ARN - Specifies the role ARN of the IAM role.
External Id - Specifies the external ID that is created for the role ARN.

To view or update cloud account details, click ... button on the Cloud Account Management page.

You can also remove the cloud account if there are no associated host VPC tags or cloud gateways.

Configure Cisco TGW Global Settings

To add Cisco TGW global settings, perform the following steps:

  1. On the Cloud onRamp for Multi-Cloud dashboard, click Global Settings in the Setup pane. The Global Settings page appears.

  2. Click the Software Image drop-down list to select the pre-installed or the subscibed CSR image.

  3. Click the Instance Size drop-down list to choose the required size.

  4. Click Cloud Gateway Solution drop-down list to choose the AWS Transit Gateway and CSR in Transit VPC.

  5. Enter the IP Subnet Pool.

  6. Enter the Cloud Gateway BGP ASN Offset.

  7. Choose the Intra Tag Communication. The options are Enabled or Disabled.

  8. Choose the Default Route. The options are Enabled or Disabled.

  9. Click Update.

Parameter

Description
Software Image

Specifies the preinstalled or the subscibed software images for your account.
Instance Size

Specifies the instance size. The options are:

  • c4.large (2 vCPU)

  • c4.xlarge (4 vCPU)

  • c4.2xlarge (8 vCPU)

  • c4.4xlarge (16 vCPU)

  • c4.8xlarge (36 vCPU)

  • c5.large (2 vCPU)

  • c5.xlarge (4 vCPU)

  • c5.2xlarge (8 vCPU)

  • c5.4xlarge (16 vCPU)

  • c5.9xlarge (36 vCPU)

  • t2.medium (2 vCPU)
Cloud Gateway Solution

Specifies the combination of the Cloud Gateway Solution. For example, AWS Transit Gateway and CSR in Transit VPC.
IP Subnet Pool

Specifies the list of IP subnets separated by comma in CIDR format. More than one subnets can be specified.

A single /24 subnet pool is able to support one cloud gateway only.

You cannot modify the pool when a few cloud gateways are already making use of pool.

Overlapping of subnets is not allowed.
Cloud Gateway BGP ASN Offset

Specifies the offset for allocation of TGW BGP ASNs. It is used to block routes learnt from one TGW (eBGP) to another TGW.

A band of 30 ASNs are reserved for TGW ASNs. Starting offset plus 30 will be the organization side BGP ASN. For example, if the offset is 64830, Org BGP ASN will be 64860.

Acceptable start offset range is 64520 to 65500. It must be a multiple of 10.
Intra Tag Communication

Specifies if the communication between host VPCs under the same tag is enabled or disabled. If any tagged VPCs are already present and cloud gateways exist in those regions, then this flag cannot be changed.

Program Default Route in VPCs towards TGW

Specifies if the main route table of the host VPCs is programmed with default route is enabled or disabled.
Table 5. Expected Behavior for Global Settings

Item

Changeable after cloud gateway is created (Yes/No)

Default (Enabled/Disabled)
Software Image

Yes

NA
Instance Size

Yes

NA
IP Subnet Pool

See the description below

NA
Cloud Gateway BGP ASN Offset

No

NA
Intra Tag Communication

Cannot be changed if both cloud gateways and tagged host VPCs exist in any region

Enabled at the API level
Program Default Route in VPCs towards TGW

No

Enabled at the API level

Global IP Subnet Pool – can only be updated if there is no cloud gateway using global subnet pool. A cloud gateway uses global subnet pool whether it has custom setting or not. The subnet pool value is similar to the one in global setting (you can compare after splitting the list of CIDRs by comma; for example, 10.0.0.0/8, 10.255.255.254/8 and 10.255.255.254/8, 10.0.0.0/8 are similar).

If there is no cloud gateway using global subnet pool, the updated subnet pool in the global setting should not overlap with any of the existing custom subnet pools.

Custom IP Subnet Pool – when a custom setting is created, its subnet pool should not overlap with any of the existing custom subnet pools. It cannot partially overlap with the configured global subnet pool.

Discover Host VPCs

You can discover host VPCs in all the accounts across all the respective regions of the account that are available. When the Host VPC Discovery is invoked, the discovery of the VPCs is performed without any cache.

  1. In the Cloud onRamp for Multi-Cloud dashboard, click on Host VPCs in the Discover pane. The Discover Host VPCs screen appears with the list of available VPCs.

    The host VPC table includes the following columns:

    • Cloud Region

    • Account Name

    • Host VPC Name

    • Host VPC Tag

    • Account ID

    • Host VPC ID

    You click any column to sort the VPCs as required.

  2. Click the Region drop-down list to select the VPCs based on particular region.

  3. You can click Tag Actions to perform the following actions:

    • Add Tag - group the selected VPCs and tag them together.

    • Edit Tag - migrate the selected VPCs from one tag to another.

    • Delete Tag - remove the tag for the selected VPCs.

    A number of host VPCs can be grouped under a tag. VPCs under the same tag are considered as a singular unit.

Create Cloud Gateway

Cloud gateway is an instantiation of Transit VPC (TVPC), CSRs within TVPC and TGW in the cloud. To create a cloud gateway, perform the following steps:

  1. In the Cloud onRamp for Multi-Cloud dashboard, click Create Cloud Gateway in the Manage pane. The Manage Cloud Gateway - Create screen appears.

  2. In the Cloud Gateway field, enter the cloud gateway name.

  3. (Optional) In the Description, enter the description.

  4. Choose the account name from the Account Name drop-down list.

  5. Choose the region from the Region drop-down list.

  6. (Optional) Choose the SSH Key from the drop-down list.

  7. Choose the UUID details in the UUID (specify 2) drop-down list.

  8. In the Settings field, select the required option. The options are:

    • Default

    • Customized - you can override the global settings. The selection is applicable only for the newly created cloud gateway.

  9. Click Add to create a new cloud gateway.

Configure Cloud onRamp for SaaS

Table 6. Feature History

Feature Name

Release Information

Description

Support for Specifying Office 365 Traffic Categories for Cloud onRamp for SaaS on Cisco IOS XE SD-WAN Devices

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

Using Cloud onRamp for SaaS, you can select specific SaaS applications and interfaces, and let Cisco SD-WAN determine the best performing path for each SaaS applications. For Cisco IOS XE SD-WAN devices, you can also limit the use of best path selection to some or all Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft.

Enable Cloud OnRamp for SaaS

  1. In Cisco vManage, click Administration > Settings.

  2. Click Edit, to the right of the Cloud onRamp for SaaS bar.

  3. In the Cloud onRamp for SaaS field, click Enabled.

  4. Click Save.

Configure Applications for Cloud onRamp for SaaS Using Cisco vManage

  1. Open Cloud onRamp for SaaS.

    • In Cisco vManage, open Configuration > Cloud onRamp for SaaS.

      or

    • In Cisco vManage, click the cloud icon near the top right and select Cloud onRamp for SaaS.

  2. In the dropdown, select Applications and Policy.

    The Applications and Policy page shows a table of SaaS applications.

  3. Enable applications and configure.

    Column

    Description

    Applications

    Applications that can be used with Cloud onRamp for SaaS

    Monitoring

    Enabled: Enables Cloud OnRamp for SaaS to initiate the Quality of Experience probing to find the best path.

    Disabled: Cloud onRamp for SaaS stops the Quality of Experience probing for this application.

    VPN

    (Cisco vEdge devices) Specify one or more VPNs.

    Policy/Cloud SLA

    (Cisco IOS XE SD-WAN devices) Select Enable to enable Cloud onRamp for SaaS to use the best path for this application.

    Note 

    You can select Enable only if there is a centralized policy that includes an application-aware policy has been activated.

    (Cisco IOS XE SD-WAN devices) For Office 365, select one of the following to specify which types of Office 365 traffic to include:

    • Optimize: Include only Office 365 traffic categorized as “optimize” – the traffic most sensitive to network performance, latency, and availability.

    • Optimize and Allow: Include only Office 365 traffic categorized as “Optimize” or “Allow”. The “Allow” category of traffic is less sensitive to network performance and latency than the “Optimize” category.

    • All: Include all Office 365 traffic.

  4. Click Save Applications and Next.

    If new applications were enabled, a page appears, displaying all of the application-aware policies in the centralized policy.

    • You can select a policy and view the policy details.

    • You can delete one or more new sequences that have been added for the SaaS applications, or change the order of the sequences.

    • You can create a new policy for sites that are not included in existing centralized policies. If you create a new policy, you must add a VPN list for the policy.

    • For an existing policy, you cannot edit the site list or VPN list.

  5. Click Save Policy and Next. This pushes the policy to the Cisco vSmart Controller.

Configure Client Sites

To configure Cloud OnRamp for SaaS on client sites that access the internet through gateways, you must configure Cloud OnRamp for SaaS both on the client sites and on the gateway sites.


Note

You cannot configure Cloud OnRamp for SaaS with Point-to-Point Protocol (PPP) interface on the gateway sites.

Client sites in Cloud onRamp service choose the best gateway site for each application to use for accessing the internet.

  1. In Cisco vManage, select the Configuration > Cloud onRamp for SaaS screen. The Cloud OnRamp for SaaS Dashboard screen opens.

  2. From the Manage Cloud OnRamp for SaaS drop-down, located to the right of the title bar, select Client Sites. The screen changes and displays the following elements:

    • Attach Sites—Add client sites to Cloud onRamp for SaaS service.

    • Detach Sites—Remove client sites from Cloud onRamp for SaaS service.

    • Client sites table—Display client sites configured for Cloud onRamp for SaaS service.

  3. On the Manage Sites screen, click Attach Sites. The Attach Sites screen displays all sites in the overlay network with available sites highlighted. For a site to be available, all devices at that site must be running in vManage mode.

  4. In the Available Sites pane, select a client site to attach and click the right arrow. To remove a site, select it in the Selected Sites pane and click the left arrow.

  5. Click Attach. The Cisco vManage NMS pushes the feature template configuration to the devices. The Task View window displays a Validation Success message.

  6. Select Configuration > Cloud onRamp for SaaS to return to the Cloud OnRamp for SaaS Dashboard screen.

  7. From the Manage Cloud OnRamp for SaaS drop-down, located to the right of the title bar, choose Gateways. The screen changes and displays the following elements:

    • Attach Gateways—Attach gateway sites.

    • Detach Gateways—Remove gateway sites from the Cloud onRamp service.

    • Edit Gateways—Edit interfaces on gateway sites.

    • Gateways table—Display gateway sites configured for Cloud onRamp service.

  8. On the Manage Gateways screen, click Attach Gateways. The Attach Gateways popup window displays all sites in your overlay network with available sites highlighted. For a site to be available, all devices at that site must be running in vManage mode.

  9. In the Device Class field, select one of the following:

    • Cisco OS (cEdge): Cisco IOS XE SD-WAN devices

    • Viptela OS (vEdge): Cisco vEdge devices

  10. In the Available Gateways pane, select a gateway site to attach and click the right arrow. To remove a site, select the site in the Selected Sites pane and click the left arrow.

  11. (Cisco vEdge devices) If you do not specify interfaces for Cloud OnRamp for SaaS to use, the system selects a NAT-enabled physical interface from VPN 0. To specify GRE interfaces for Cloud OnRamp for SaaS to use:

    1. Click the link Add interfaces to selected sites (optional), located in the bottom right corner of the window.

    2. In the Select Interfaces drop-down, select GRE interfaces to add.

    3. Click Save Changes.

  12. (Cisco IOS XE SD-WAN devices) If you do not specify interfaces for Cloud OnRamp for SaaS, an error message indicates that the interfaces are not VPN 0.

    1. Click the link Add interfaces to selected sites, located in the bottom right corner of the window.

    2. In the Select Interfaces drop-down, select Select Interfaces to Add.

    3. Click Save Changes.

  13. Click Attach. The Cisco vManage NMS pushes the feature template configuration to the devices. The Task View window displays a Validation Success message.

  14. To return to the Cloud OnRamp for SaaS Dashboard, select Configuration > Cloud onRamp for SaaS.

To edit Cloud OnRamp for SaaS interfaces on gateway sites:

  1. Select the sites you want to edit and click Edit Gateways.

  2. In the Edit Interfaces of Selected Sites screen, select a site to edit.

    • To add interfaces, click the Interfaces field to select available interfaces.

    • To remove an interface, click the X beside its name.

  3. Click Save Changes to push the template to the device(s).

Configure Direct Internet Access (DIA) Sites

  1. In Cisco vManage, select the Configuration > Cloud onRamp for SaaS screen. The Cloud OnRamp for SaaS Dashboard screen opens.

  2. From the Manage Cloud OnRamp for SaaS drop-down, located to the right of the title bar, choose Direct Internet Access (DIA) Sites.

    The page provides options to attach, detach, or edit DIA sites, and shows a table of sites configured for Cloud onRamp service.

  3. Click Attach DIA Sites. The Attach DIA Sites popup window displays all sites in your overlay network with available sites highlighted. For a site to be available, all devices at that site must be running in vManage mode.

  4. In the Device Class field, select one of the following:

    • Cisco OS (cEdge): Cisco IOS XE SD-WAN devices

    • Viptela OS (vEdge): Cisco vEdge devices

  5. In the Available Sites pane, select a site to attach and click the right arrow. To remove a site, select it in the Selected Sites pane and click the left arrow.

  6. (For Cisco vEdge devices) If you do not specify interfaces for Cloud OnRamp for SaaS to use, the system selects a NAT-enabled physical interface from VPN 0. To specify GRE interfaces for Cloud OnRamp for SaaS to use:

    1. Click the link, Add interfaces to selected sites (optional), located in the bottom right corner of the window.

    2. In the Select Interfaces drop-down, choose GRE interfaces to add.

    3. Click Save Changes.

  7. (For Cisco IOS XE SD-WAN devices, optional) Specify TLOCs for a site.


    Note

    If you do not specify TLOCs, the All DIA TLOC option is used by default.

    1. Click the Add TLOC to selected sites link at the bottom right corner of the popup window.

    2. In the Edit Interfaces of Selected Sites popup window, select All DIA TLOC, or select TLOC List and specify a TLOC list.

    3. Click Save Changes.

  8. Click Attach. The Cisco vManage NMS pushes the feature template configuration to the devices. The Task View window displays a Validation Success message.

  9. To return to the Cloud OnRamp for SaaS Dashboard, choose Configuration > Cloud onRamp for SaaS.

To edit Cloud onRamp interfaces on DIA sites:

  1. Select the sites to edit and click Edit DIA Sites.

  2. (Cisco vEdge devices) On the Edit Interfaces of Selected Sites screen, select a site to edit.

    • To add interfaces, click the Interfaces field to select available interfaces.

    • To remove an interface, click the X beside its name.

  3. (Cisco IOS XE SD-WAN devices) On the Edit TLOCs of Selected Sites screen, select a site to edit, and edit the TLOC list.

  4. Click Save Changes to push the new template to the devices.

To return to the Cloud OnRamp for SaaS Dashboard, select Configuration > Cloud onRamp for SaaS.

View Details of Monitored Applications

  1. Open Cloud onRamp for SaaS.

    • In Cisco vManage, open Configuration > Cloud onRamp for SaaS.

      or

    • In Cisco vManage, click the cloud icon near the top right and select Cloud onRamp for SaaS.

    The page displays each monitored application, the relevant sites, with information about each.

  2. (optional) Select a site to display a chart of the scores for various available paths for the application traffic, and the best path (solid line).

Configure Controller Certificate Authorization Settings

Signed certificates are used to authenticate devices in the overlay network. Once authenticated, devices can establish secure sessions between each other. It is from the Cisco vManage that you generate these certificates and install them on the controller devices—Cisco vBond orchestrators,Cisco vManage, and Cisco vSmart controllers. You can use certificates signed by Symantec, or you can use enterprise root certificates.

The controller certification authorization settings establish how the certification generation for all controller devices will be done. They do not generate the certificates.

You need to select the certificate-generation method only once. The method you select is automatically used each time you add a device to the overlay network.

To have the Symantec signing server automatically generate, sign, and install certificates on each controller device:

  1. Click the Edit button to the right of the Controller Certificate Authorization bar.

  2. Click Symantec Automated (Recommended). This is the recommended method for handling controller signed certificates.

  3. In the Confirm Certificate Authorization Change popup, click Proceed to confirm that you wish to have the Symantec signing server automatically generate, sign, and install certificates on each controller device.

  4. Enter the first and last name of the requestor of the certificate.

  5. Enter the email address of the requestor of the certificate. This address is required because the signed certificate and a confirmation email are sent to the requestor via email; they are also made available though the customer portal.

  6. Specify the validity period for the certificate. It can be 1, 2, or 3 years.

  7. Enter a challenge phrase.The challenge phrase is your certificate password and is required when you renew or revoke a certificate.

  8. Confirm your challenge phrase.

  9. In the Certificate Retrieve Interval field, specify how often the Cisco vManage server checks if the Symantec signing server has sent the certificate.

  10. Click Save.

To manually install certificates that the Symantec signing server has generated and signed:

  1. Click the Edit button to the right of the Controller Certificate Authorization bar.

  2. Click Symantec Manual.

  3. In the Confirm Certificate Authorization Change popup, click Proceed to manually install certificates that the Symantec signing server has generated and signed.

  4. Click Save.

To use enterprise root certificates:

  1. Click the Edit button to the right of the Controller Certificate Authorization bar.

  2. Click Enterprise Root Certificate.

  3. In the Confirm Certificate Authorization Change popup, click Proceed to confirm that you wish to use enterprise root certificates.

  4. In the Certificate box, either paste the certificate, or click Select a file and upload a file that contains the enterprise root certificate.

  5. By default, the enterprise root certificate has the following properties: To view this information, issue the show certificate signing-request decoded command on a controller device, and check the output in the Subject line. For example:

    • Country: United States

    • State: California

    • City: San Jose

    • Organizational unit: ENB

    • Organization: CISCO

    • Domain Name: cisco.com

    • Email: cisco-cloudops-sdwan@cisco.com

    vSmart# show certificate signing-request decoded
    ...
    Subject: C=US, ST=California, L=San Jose, OU=ENB, O=CISCO, CN=vsmart-uuid .cisco.com/emailAddress=cisco-cloudops-sdwan@cisco.com 
    ...
    To change one or more of the default CSR properties:

    1. Click Set CSR Properties.

    2. Enter the domain name to include in the CSR. This domain name is appended to the certificate number (CN).

    3. Enter the organizational unit (OU) to include in the CSR.

    4. Enter the organization (O) to include in the CSR.

    5. Enter the city (L), state (ST), and two-letter country code (C) to include in the CSR.

    6. Enter the email address (emailAddress) of the certificate requestor.

    7. Specify the validity period for the certificate. It can be 1, 2, or 3 years.

  6. Click Import & Save.

Define Custom Applications Using Cisco vManage

Table 7. Feature History

Feature Name

Release Information

Description

Support for Defining Custom Applications

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

You can define custom applications to identify specific network traffic. You can use custom applications in the same way as any other protocol when configuring Cisco SD-WAN policies, or Application Quality of Experience (AppQoE) policies, such as application-aware routing, TCP acceleration, and Quality of Service (QoS).

Prerequisite: Install Cisco SD-AVC as a component of Cisco SD-WAN.

  1. In Cisco vManage, select Configure > Policies.

  2. Select the Centralized Policy tab.

  3. Click Custom Options and select Centralized Policy > Lists.

  4. Select the Custom Applications tab.

  5. Click New Custom Application.

  6. To define the application, provide an application name and enter match criteria. The match criteria can include one or more of the attributes provided: server names, IP addresses, and so on. You do not need to enter match criteria for all fields.

    The match logic follows these rules:

    • Between all L3/L4 attributes, there is a logical AND. Traffic must match all conditions.

    • Between L3/L4 and Server Names, there is a logical OR. Traffic must match either the server name or the L3/L4 attributes.

    Field

    Description

    Application Name

    (mandatory)

    Enter a name for the custom application.

    Maximum length: 32 characters

    Server Names

    One or more server names, separated by commas.

    You can include an asterisk wildcard match character (*) only at the beginning of the server name.

    Examples:

    *cisco.com, *.cisco.com (match www.cisco.com, developer.cisco.com, …)

    See Notes and Limitations.

    L3/L4 Attributes

    IP Address

    Enter one or more IPv4 addresses, separated by commas.

    Example:

    10.0.1.1, 10.0.1.2

    Note 

    The subnet prefix range is 24 to 32.

    Ports

    Enter one or more ports or port ranges, separated by commas.

    Example:

    30, 45-47

    L4 Protocol

    Select one of the following:

    TCP, UDP, TCP-UDP

  7. Click Add. The new custom application appears in the table of custom applications.


Note

To check the progress of creating the new custom application, click Tasks (clipboard icon). A panel opens, showing active and completed processes.

Notes and Limitations

  • Maximum number of custom applications: 1100

  • Maximum number of L3/L4 rules: 20000

  • Maximum number of server names: 50000

  • For server names, maximum instances of wildcard followed by a period (.): 50000

    Example: *.cisco.com matches www.cisco.com, developer.cisco.com

  • For server names, maximum instances of prefix wildcard as part of server name: 256

    Example: *ample.com matches www.example.com

Example Custom Application Criteria

Criteria

How to configure fields

Domain name

Server Names: cisco.com

Set of IP addresses, set of ports, and L4 protocol

IP Address: 10.0.1.1, 10.0.1.2

Ports: 20, 25-37

L4 Protocol: TCP-UDP

Set of ports and L4 protocol

Ports: 30, 45-47

L4 Protocol: TCP

Configure Devices

You can create and store configurations for all devices—the Cisco vManage systems themselves, Cisco vSmart Controllers, Cisco vBond Orchestrators, and routers— by using Cisco vManage. When the devices start up, they contact Cisco vManage, which then downloads the device configuration to the device. (A device that is starting up first contacts the Cisco vBond Orchestrator, which validates the device and then sends it the IP address of Cisco vManage.)

The general procedure for creating configuration for all devices is the same. This section provides a high-level description of the configuration procedure. It also describes the prerequisite steps that must be performed before you can create configurations and configure devices in the overlay network.

Feature Templates

Feature templates are the building blocks of complete configuration for a device. For each feature that you can enable on a device, Cisco vManage provides a template form that you fill out. The form allows you to set the values for all configurable parameters for that feature.

Because device configurations vary for different device types and the different types of routers, feature templates are specific to the type of device.

Some features are mandatory for device operation, so creating templates for these features is required. Also for the same feature, you can can create multiple templates for the same device type.

Device Configuration Workflow

Devices in the overlay network that are managed by Cisco vManage must be configured from Cisco vManage. The basic configuration procedure is straightforward:

  1. Create feature templates.

    Select Configuration > Templates > Feature > Add Templates.

  2. Create device templates.

    Select Configuration > Templates > Device > Create Templates.

  3. Attach device templates to individual devices.

    Select Configuration > Templates > Device, select the template, and then select Attach Device from the More Actions icon to the right of the row.

Template Variables

Within a feature template, some configuration commands and command options are identical across all device types. Others—such as a device system IP address, its geographic latitude and longitude, the timezone, and the overlay network site identifier—are variable, changing from device to device. When you attach the device template to a device, you are prompted to enter actual values for these command variables. You can do this either manually, by typing the values for each variable and for each device, or you can upload an Excel file in CSV format that contains the values for each device.

Configuration Prerequisites

Security Prerequisistes

Before you can configure any device in the network, that device must be validated and authenticated so that Cisco vManage systems, vSmart controllers, and Cisco vSmart Controllers, and Cisco vBond Orchestrators recognize it as being allowed in the overlay network.

To validate and authenticate the controllers in the overlay network—Cisco vManage systems, vSmart controllers, and Cisco vSmart Controllers, and Cisco vBond Orchestrators—a signed certificate must be installed on these devices.

To validate and authenticate the routers, you receive an authorized serial number file from Cisco, which lists the serial and chassis numbers for all the routers allowed in your network. Then, you upload the serial number file to Cisco vManage

.
Variables Spreadsheet

The feature templates that you create most likely contain variables. To have Cisco vManage populate the variables with actual values when you attach a device template to a device, create an Excel file that lists the variable values for each device and save the file in CSV format.

In the spreadsheet, the header row contains the variable name and each row after that corresponds to a device, defining the values of the variables. The first three columns in the spreadsheet must be the following, in this order:

  • csv-deviceId—Serial number of the device (used to uniquely identify the device). For routers, you receive the serial numbers in the authorized serial number file sent to you from Cisco. For other devices, the serial number is included in the signed certificate you receive from Symantec or from your root CA.

    csv-deviceIP—System IP address of the device (used to populate the system ip address command).

  • csv-host-name—Hostname of the device (used to populate the system hostname command).

You can create a single spreadsheet for all devices in the overlay network—Cisco vSmart Controllers, Cisco vBond Orchestrators, and routers. You do not need to specify values for all variables for all devices.

Create a Device Template from Feature Templates

Device templates define a device's complete operational configuration. A device template consists of a number of feature templates. Each feature template defines the configuration for a particular Cisco SD-WAN software feature. Some feature templates are mandatory, indicated with an asterisk (*), and some are optional. Each mandatory feature template, and some of the optional ones, have a factory-default template. For software features that have a factory-default template, you can use either the factory-default template (named Factory_Default_feature-name_Template) or you can create a custom feature template.

Create a Device Template from Feature Templates

To create a device template:

Figure 1. Create a Device Template Using Cisco vManage

1

Menu

2

CloudExpress

3

Tasks

4

Alarms

5

Help

6

User Profile

  1. In the Device tab, click the Create Template drop-down and select From Feature Template.

  2. From the Device Model drop-down, select the type of device for which you are creating the template. vManage NMS displays all the feature templates for that device type. The required feature templates are indicated with an asterisk (*), and the remaining templates are optional. The factory-default template for each feature is selected by default.

  3. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.

  4. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.

  5. To view the factory-default configuration for a feature template, select the desired feature template and click View Template. Click Cancel to return to the Configuration Template screen.

  6. To create a custom template for a feature, select the desired factory-default feature template and click Create Template. The template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining feature parameters.

  7. In the Template Name field, enter a name for the feature template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.

  8. In the Description field, enter a description for the feature template. This field is mandatory, and it can contain any characters and spaces.

  9. For each field, enter the desired value. You may need to click a tab or the plus sign (+) to display additional fields.

  10. When you first open a feature template, for each parameter that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and select one of the following:

Table 8.

Parameter Scope

Scope Description

Device Specific (indicated by a host icon)

Use a device-specific value for the parameter. For device-specific parameters, you cannot enter a value in the feature template. You enter the value when you attach a device to a device template .

When you click Device Specific, the Enter Key box opens. This box displays a key, which is a unique string that identifies the parameter in a CSV file that you create. This file is an Excel spreadsheet that contains one column for each key. The header row contains the key names (one key per column), and each row after that corresponds to a device and defines the values of the keys for that device. You upload the CSV file when you attach a device to a device template. For more information, see Use Variable Values in Configuration Templates.

To change the default key, type a new string and move the cursor out of the Enter Key box.

Examples of device-specific parameters are system IP address, hostname, GPS location, and site ID.

Global (indicated by a globe icon)

Enter a value for the parameter, and apply that value to all devices.

Examples of parameters that you might apply globally to a group of devices are DNS server, syslog server, and interface MTUs.

  1. For some groups of parameters, you can mark the entire group as device-specific. To do this, click the Mark as Optional Row box. These parameters are then grayed out so that you cannot enter a value for them in the feature template. You enter the value or values when you attach a device to a device template.

  2. Click Save.

  3. Repeat Steps 7 through 13 to create a custom template for each additional software feature. For details on creating specific feature templates, see the templates listed in Available Feature Templates.

  4. Click Create. The new configuration template is displayed in the Device Template table. The Feature Templates column shows the number of feature templates that are included in the device template, and the Type column shows "Feature" to indicate that the device template was created from a collection of feature templates.

Another way to create device templates from feature templates is to first create one or more custom feature templates and then create device templates. You can create multiple feature templates for the same feature. For a list of feature templates, see Available Feature Templates .

  1. From the Templates title bar, select Feature.

  2. Click the Add Template button.

  3. In the left pane, from Select Devices, select the type of device for which you are creating a template. You can create a single feature template for features that are available on multiple device types. You must, however, create separate feature templates for software features that are available only on the device type you are configuring.

  4. In the right pane, select the feature template. The template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining required parameters. If the feature has optional parameters, the bottom of the template form shows a plus sign (+) after the required parameters.

  5. In the Template Name field, enter a name for the feature template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.

  6. In the Description field, enter a description for the feature template. This field is mandatory, and it can contain any characters and spaces.

  7. For each required parameter, choose the desired value, and if applicable, select the scope of the parameter. Select the scope from the drop-down menu to the left of each parameter's value box

  8. Click the plus sign (+) below the required parameters to set the values of optional parameters.

  9. Click Save.

  10. Repeat Steps 2 to 9 for each additional feature template you wish to create.

  11. From the Templates title bar, select Device.

  12. Click the Create Template drop-down and select From Feature Template.

  13. From the Device Model drop-down, select the type of device for which you are creating the device template. vManage NMS displays the feature templates for the device type you selected. The required feature templates are indicated with an asterisk (*). The remaining templates are optional.

  14. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.

  15. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.

  16. To view the factory-default configuration for a feature template, select the desired feature template and click View Template. Click Cancel to return to the Configuration Template screen.

  17. To use the factory-default configuration, click Create to create the device template. The new device template is displayed in the Device Template table. The Feature Templates column shows the number of feature templates that are included in the device template, and the Type column shows "Feature" to indicate that the device template was created from a collection of feature templates.

  18. To modify the factory-default configuration, select the feature template for which you do not wish to use the factory-default template. From the drop-down list of available feature templates, select a feature template that you created.

  19. Repeat Step 18 for each factory-default feature template you wish to modify.

  20. Click Create. The new configuration template is displayed in the Device Template table. The Feature Templates column shows the number of feature templates that are included in the device template, and the Type column shows "Feature" to indicate that the device template was created from a collection of feature templates.

Create a Device CLI Template

To create a device template by entering a CLI text-style configuration directly on the Cisco vManage:

  1. In the Device tab, click the Create Template drop-down and select CLI Template.

  2. From the Device Type drop-down, select the type of device for which you are creating the template.

  3. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.

  4. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.

  5. In the CLI Configuration box, enter the configuration either by typing it, cutting and pasting it, or uploading a file.

  6. To convert an actual configuration value to a variable, select the value and click Create Variable. Enter the variable name, and click Create Variable. You can also type the variable name directly, in the format {{variable-name}}; for example, {{hostname}}.

  7. Click Add. The new device template is displayed in the Device Template table. The Feature Templates column shows the number of feature templates that are included in the device template, and the Type column shows "CLI" to indicate that the device template was created from CLI text.

Configure GPS Using Cisco vManage

Use the GPS template for all Cisco cellular routers running Cisco SD-WANsoftware.

For Cisco devices running Cisco SD-WAN software, you can configure the GPS and National Marine Electronics Association (NMEA) streaming. You enable both these features to allow 4G LTE routers to obtain GPS coordinates.

Navigate to the Template Screen and Name the Template

  1. In Cisco vManage NMS, select the Configuration > Templates screen.

  2. In the Device tab, click Create Template.

  3. From the Create Template drop-down, select From Feature Template.

  4. From the Device Model drop-down, select the type of device for which you are creating the template.

  5. Select the Cellular tab.

  6. In Additional Cellular Controller Templates, click GPS.

  7. To create a custom template for GPS, click the GPS drop-down and and then click Create Template. The GPS template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining GPS parameters.

  8. In the Template Name field, enter a name for the template. The name can be up to 128 characters and can contain only alphanumeric characters.

  9. In the Template Description field, enter a description of the template. The description can be up to 2048 characters and can contain only alphanumeric characters.

When you first open a feature template, for each parameter that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and select either Device Specific or Global.

Configure GPS

To configure GPS parameters for the cellular router, configure the following parameters. Parameters marked with an asterisk are required to configure the GPS feature.

Table 9.

Parameter Name

Description

GPS

Click On to enable the GPS feature on the router.

GPS Mode

Select the GPS mode:

  • MS-based—Use mobile station–based assistance, also called assisted GPS mode, when determining position. In this mode, cell tower data is used to enhance the quality and precision in determining location, which is useful when satellite signals are poor.

  • Standalone—Use satellite information when determining position.

NMEA

Click On to enable the use of NMEA streams to help in determining position. NMEA streams data from the router's 4G LTE NIM to any marine device, such as a Windows-based PC, that is running a commercially available GPS-based application.

Source Address

Enter the IP address of the interface that connects to the router's NIM.

Destination Address

Enter the IP address of the marine NMEA server.

Destination Port

Enter the number of the port to use to send NMEA data to the server.

To save the feature template, click Save.

Release Information

Introduced in Cisco vManage Release 18.1.1.

Configure On-Demand Tunnels Using Cisco vManage

Table 10. Feature History

Feature Name

Release Information

Description

Dynamic On-Demand Tunnels

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

You can configure on-demand tunnels between any two Cisco SD-WAN spoke devices. These tunnels are triggered to be set up only when there is traffic between the two devices.


Note

On the spoke devices, enable on-demand at the system level on all VPN-0 transport interfaces. In the case of multi-homed sites, enable on-demand on all systems in the site.

  1. In Cisco vManage, open Configuration > Templates.

  2. Click the Feature tab.

  3. Click Add Template.

  4. Select a platform.

  5. In the Basic Information section, select System.

  6. Click Advanced.

  7. Enable On-demand Tunnel.

  8. (optional) Configure the On-demand Tunnel Idle Timeout time. The default idle timeout value is 10 minutes. Range: 1 to 65535 minutes

  9. Attach the System feature template to the device template for the spoke device.

Configure Port Connectivity for Cloud OnRamp Colocation Cluster

Table 11. Feature History

Feature Name

Release Information

Description

Flexible Topologies

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

Cisco NFVIS Release 4.2.1

You can configure the Stackwise Virtual Switch Link (SVL) and uplink ports of switches, and Cisco CSP data ports using the Port Connectivity configuration settings of Cloud OnRamp for Colocation cluster .

Prerequisites

  • When configuring the SVL and uplink ports, ensure that the port numbers you configure on Cisco vManage match the physically cabled ports.

  • Ensure that you assign serial numbers to both the switches. See Create and Activate Clusters.

For more information about SVL and uplink ports, see wiring requirements in the Cisco SD-WAN Cloud OnRamp for Colocation Solution Guide.

To configure the SVL and uplink ports:


Note

Before configuring the SVL and uplink ports using the Cluster Topology screen, ensure that you create a Cloud OnRamp for Colocation cluster. See Create and Activate Clusters.

In the Cluster Topology screen, click Add next to Port Connectivity. In the Port Connectivity configuration window, both the configured switches appear. Hover over a switch port to view the port number and the port type.

Before you change the default port number and port type, note the following information about Cisco Catalyst 9500-40X and Cisco Catalyst 9500-48Y4C switches:

  • The following are the default SVL and uplink ports of Cisco Catalyst 9500 switches.

    Cisco Catalyst 9500-40X

    • Stackwise Virtual Switch Link (SVL) ports: 1/0/38-1/0/40, and 2/0/38-2/0/40

    • Uplink ports: 1/0/36, 2/0/36 (input VLAN handoff) and 1/0/37, 2/0/37 (output VLAN handoff)

  • Cisco Catalyst 9500-48Y4C

    • SVL ports: 1/0/46-1/0/48, and 2/0/46-2/0/48

    • Uplink ports: 1/0/44, 2/0/44 (input VLAN handoff) and 1/0/45, 2/0/45 (output VLAN handoff) for 10G/25G throughput.

  • I, E, and S represent the ingress, egress, and SVL ports.

  • If the physical cabling is same as the default configuration, click Save.

To change the default ports when the connectivity is different for SVL or uplink ports, perform the following:

  1. If both the switches are using the same ports:

    1. Click a port on a switch that corresponds to a physically connected port.

    2. To add the port configuration to the other switch, check the Apply change check box.

    If both the switches are not using the same ports:

    1. Click a port on Switch1.

    2. Choose a port type from Port Type drop-down list.

    3. Click a port on Switch2 and then choose the port type.

  2. To add another port, repeat step 1.

  3. Click Save

  4. To edit port connectivity information, in the Cluster Topology screen, click Edit next to Port Connectivity.


    Note

    You can modify the SVL and uplink ports of a cluster when the cluster has not been activated.

  5. To reset the ports to default settings, click Reset.

Figure 2. Port Connectivity for Flexible Connections

The remaining ports (SR-IOV and OVS) on the Cisco CSP devices and the connections with switches are automatically discovered using Link Layer Discovery Protocol (LLDP) when you activate a cluster. You don't need to configure those ports.

Cisco Colo Manager (CCM) discovers switch neighbor ports and identifies whether all Niantic and Fortville ports are connected. If any port is not connected, CCM sends notifications to Cisco vManage that you can view in the task view window.

Configure Unified Communications

Table 12. Feature History

Feature Name

Release Information

Description

Integration with Cisco Unified Communications

Cisco IOS XE Release 17.3.1a

Cisco vManage Release 20.3.1

You can configure items for UC voice services from the Feature tab and the Voice Policy page for a supported device.

Add a Voice Card Feature Template

A voice card feature template configures analog and PRI ISDN digital interfaces, which provide configuration settings for ports on voice cards in routers.

When you add a voice card feature template, for an analog interface, you configure the type of voice card you are configuring, port information for the card, and parameters for the service that you receive from your service provider. For a digital interface, you configure the type of voice card, the T1 or E1 controller, and related parameters.

When you add a module for a voice card, Cisco vManage assists you with the placement of the module by displaying available slots and sub-slots for the module. Cisco vManage determines the available slots and sub-slots based on the device model.

The following table describes options for configuring an analog interface.

Table 13. Analog Interface Configuration Options

Option

Description

Cisco IOS CLI Equivalent

Module

Select the type of voice module that is installed in the router.

Module Slot/Sub-slot

Enter the slot and sub-slot of the voice module.

voice-card slot/subslot

Use DSP

Enable this option if you want to use the built-in DSPs on the network interface module for TDM calls.

no local-bypass

Port Type

Select the type of ports on the voice module that you are configuring for this interface (FXS or FXO). You can select All to define the port type for all ports of the selected type, or Port Range to define the port type for a specified range of ports.

Using Port Range, you can create analog interfaces as described later in this procedure to configure different ranges of ports.

Description

Enter a description of the selected port or ports. For example, fax machine or paging system.

description string

Secondary Dialtone

Available if you select FXO from the Port Type drop-down list.

Set to On if you want the selected ports to generate a secondary dial tone when callers access an outside line.

secondary dialtone

Connection PLAR

Enter the Private Line Automatic Ringdown extension to which the selected ports forward inbound calls.

connection plar digits

OPX

Available if you select FXO from the Port Type drop-down list.

Check this option if you want to enable Off-Premises Extension for the PLAR extension.

connection plar opx digits

Signal Type

Select the Signal Type that indicates an on-hook or off-hook condition for calls that the ports receive. Options are Loopstart, Groundstart, or DID. The DID option is available if you select FXS from the Port Type drop-down list.

signal {groundstart | loopstart}

signal did {delay-dial | immediate | wink-start}

Caller-ID Enable

Available if you select a signal type of Loopstart or Groundstart.

Set to ON if you want to enable caller ID information for inbound calls.

caller-id enable

DID Signal Mode

Available if you select a signal type of DID.

Choose the mode for the DID signal type (Delay Dial, Immediate, or Wink Start).

Default: Wink Start.

 signal did {delay-dial | immediate | wink-start}

Shutdown

Set to ON if you want to shut down ports that are not being used.

Default: Off.

shutdown

The following table describes options for configuring a digital interface.

Table 14. Digital Interface Configuration Options

Option

Description

Cisco IOS CLI Equivalent

Digital Interface Tab

Provides options for configuring parameters for a T1/E1 voice module and the clock source for the module ports. Before you configure these options, ensure that you have the appropriate DSP module installed for each T1/E1 voice module.

Module

Select the type of T1/E1 voice module that is installed in the router.

Interface Type

Select the type of interface on the voice module:

  • T1 PRI—Specifies T1 connectivity of 1.544 Mbps through the telephone switching network, using AMI or B8ZS coding

  • E1 PRI—Specifies a wide-area digital transmission scheme used predominantly in Europe that carries data at a rate of 2.048 Mbps

card type {t1 | e1} slot sub-slot

Slot/Sub-slot

Enter the slot and sub-slot of the voice module.

voice-card slot/sub-slot

Use DSP

Enable this option if you want to use the built-in DSPs on the network interface module for TDM calls.

no local-bypass

Interface

Perform these actions to configure the number of T1/E1 ports to be provisioned on the module, and the clock source for each port:

  1. Click Add. The Port and Clock Selector window displays.

  2. Check the check box that corresponds to each port that you want to configure. The number of ports that you can configure depends on the Module type that you select.

  3. For each port, select the clock source:

    • Line—Sets the line clock as the primary clock source. With this option, the port clocks its transmitted data from a clock that is recovered from the line receive data stream.

    • Primary Clock—Sets the port to be a primary clock source.

    • Secondary Clock—Sets the port to be a secondary clock source.

    • Network—Sets the backplane clock or the system oscillator clock as the module clock source.

    We recommend that you set one port to be the primary clock and set another port going to the same network as a secondary clock source to act as a backup.

  4. Click Add.

controller {t1 | e1} slot/sub-slot/number

clock source {network | line | line primary | line secondary}

Network Participation

This check box displays after you add an interface.

Check this check box to configure the T1/E1 module to participate in the backplane clock.

Uncheck this check box to remove the clock synchronization with the backplane clock for the module.

By defult, this check box is checked.

network-clock synchronization participate slot/sub-slot

Shutdown

Perform these actions to disable or enable the controller, serial interface, or voice port that is associated with the interface port.

  1. Click Shutdown Selected. The Shutdown window displays.

  2. For each port, select the item or items that you want to enable (Controller, Serial, or Voice Port. If you do not select an item, it is enabled.

  3. Click Add.

controller e1/t1 slot/sub-slot/port shutdown

interface serial slot/sub-slot/port:{ 15 | 23} shutdown

voice-port slot/sub-slot/port:{ 15 | 23} shutdown

Time Slots

Select the number of time slots of the interface type.

Valid ranges:

  • For T1 PRI—Time slots 1 through 24. The 24th time slot is the D channel.

  • For E1 PRI— Time slots 1 through 31. The 16th time slot is the D channel.

controller e1/t1 slot/sub-slot/port

pri-group timeslots timeslot-range [voice-dsp]

Framing

Select the frame type for the interface type.

For a T1 PRI interface type, options are:

  • esf—Extended super frame (default)

  • sf—Super frame

For an E1 PRI interface type, options are:

  • crc4—CRC4 framing type (default)

  • no-crc4—No CRC4 framing type

controller t1 slot/sub-slot/port framing [esf | sf]

controller e1 slot/sub-slot/port framing [crc4 | no-crc4] [australia]

Australia

This check box displays when you select E1 PRI for the interface type.

Check this check box to use the australia framing type.

controller e1 slot/sub-slot/port framing [crc4 | no-crc4] australia

Line Code

Select the line code type for the interface type.

For a T1 PRI interface type, options are:

  • ami—Use Alternate Mark Inversion as the line code type

  • b8zs—Use binary 8-zero substitution as the line code type (default)

For an E1 PRI interface type, options are:

  • ami—Use Alternate Mark Inversion as the line code type

  • hdb3—Use high-density binary 3 as the line code type (default)

controller t1 slot/sub-slot/port linecode [ami | b8zs]

controller e1 slot/sub-slot/port linecode [ami | hdb3]

Line Termination

This check box appears only for an Interface type of E1 PRI.

Select the line termination type for the E1 controller:

  • 75-ohm—75 ohm unbalanced termination

  • 120-ohm—120 ohm balanced termination (default)

controller e1 slot/sub-slot/port line-termination {75-ohm | 120-ohm}

Cable Length Type

This check box appears only for an Interface type of T1 PRI.

Select the cable length type for the T1 PRI interface type:

  • long—Long cable length

  • short—Short cable length

controller t1 slot/sub-slot/port cablelength {short | long}

Cable Length

This check box appears only for an interface type of T1 PRI.

Select the cable length for the T1 PRI interface type. Use this option to fine-tune the pulse of a signal at the receiver for a T1 cable.

The default value is 0db.

controller t1 slot/sub-slot/port cablelength {[short [110ft | 220ft | 330ft | 440ft | 550ft | 660ft ]] [long [-15db | -22.5db | -7.5db | 0db ]]}

Network Side

Enable this option to have the device use the standard PRI network-side interface.

By default, this option is disabled (set to No).

interface serial slot/sub-slot/port:{15| 23}

isdn protocol-emulate [network| user]

Switch Type

Select the ISDN switch type for this interface:

  • primary-qsig—Supports QSIG signaling according tot the Q.931 protocol. Network side functionality is assigned with the isdn protocol-emulate command.

  • primary-net5—NET5 ISDN PRI switch types for Asia, Australia, and New Zealand. ETSI-compliant switches for Euro-ISDN E-DSS1 signaling system.

  • primary-ntt—Japanese NTT ISDN PRI switches.

  • primary-4ess—Lucent (AT&T) 4ESS switch type for the United States.

  • primary-5ess—Lucent (AT&T) 5ESS switch type for the United States.

  • primary-dms100—Nortel DMS-100 switch type for the United States.

  • primary-ni—National ISDN switch type.

interface serial slot/sub-slot/port:{15| 23}

isdn switch-type [primary-4ess | primary-5ess |primary-dms100 | primary-net5 | primary-ni | primary-ntt | primary-qsig]

ISDN Timer

Perform these actions to configure the ISDN timers for the interface:

  1. Click Add. The ISDN Timer window displays.

  2. Configure the following timers as needed. The values are in milliseconds.

    • T200. Valid range: integers 400 through 400000. Default: 1000.

    • T203. Valid range: integers 400 through 400000. The default value is based on the switch type and network side configurations.

    • T301. Valid range: integers 180000 through 86400000. The default value is based on the switch type and network side configurations.

    • T303. Valid range: integers 400 through 86400000. The default value is based on the switch type and network side configurations.

    • T306. Valid range: integers 400 through 86400000. Default: 30000.

    • T309. Valid range: integers 0 through 86400000. The default value is based on the switch type and network side configurations.

    • T310. Valid range: integers 400 through 400000. The default value is based on the switch type and network side configurations.

    • T321. Valid range: Integers 0 through 86400000. The default value is based on the switch type and network side configurations.

  3. Click Add.

interface serial slot/sub-slot/port:{15| 23}

isdn timer T200 value

isdn timer T203 value

isdn timer T301 value

isdn timer T303 value

isdn timer T306 value

isdn timer T309 value

isdn timer T310 value

isdn timer T321 value

Delay Connect Timer

Select the duration, in milliseconds, to delay connect a PRI ISDN hairpin call.

Valid range: integers 0 through 200. Default: 20.

voice-port slot/sub-slot/port:{15| 23} timing delay-connect value

Clock Tab

Use this tab to configure priority order for the primary and secondary clock sources that you selected for each module.

This tab is vailable after you configure a PRI ISDN digital interface and click Add.

Clock Priority Sorting

Configure the priority of up to six clock sources.

The drop-down list displays the interface ports for which a primary or secondary clock source is defined and that is configured for network participation.

Check a check box to select the port for inclusion in the priority list, and use the Up arrow next to a port to change its priority. The list displays the ports in order of priority, with the port with the highest priority at the top of the list.

After you configure the priority, this field displays the selected ports in priority order.

We recommend that all ports in the priority list be of the same type, either E1-PRI or T1-PRI.

network-clock input-source priority controller [t1| e1] slot/sub-slot/port

Automatically Sync

Select Add to enable network synchronization between all modules and the router.

Default: On.

network-clock synchronization automatic

Wait to restore clock

Enter the amount of time, in milliseconds, that the router waits before including a primary clock source in the clock selection process.

Valid range: 0 through 86400. Default: 300.

network-clock wait-to-restore milliseconds

To add a voice card feature template:

  1. Choose Configuration > Templates.

  2. In the Feature tab, click Add Template.

  3. Select the supported device to which you want to add voice services.

  4. In the right pane, select Voice Card from the Unified Communications templates.

  5. In the Template Name field, enter a name for the template.

    This field may contain uppercase and lowercase letters, digits 0 through 9, hyphens (-), and underscores (_).

  6. In the Description field, enter a description for the template.

    This field can contain any characters and spaces.

  7. To configure an analog interface, click New Analog Interface and configure interface options as described in the "Analog Configuration Options" table.

    Beginning with Cisco IOS XE Release 17.3.1a, click the Analog Interface tab in the Interface area to access the New Analog Interface button.

    You can add as many analog interfaces as needed, based on the number of interfaces that your module supports.

    After you configure each analog interface, click Add.

    If any analog interfaces are already configured, they appear in the interfaces table on this page. To edit an existing interface, click its pencil icon in the Action column, edit the options in the window that pops up as described in the "Analog Configuration Options" table, and click Save Changes. To delete an interface, click its trash can icon in the Action column.

  8. To configure a PRI ISDN digital interface, in the Interface area, click the Digital Interface tab, click New Digital Interface, and configure interface options as described in the "Digital Interface Configuration Options" table.

    Click Add after you configure each PRI ISDN digital interface.

    Based on the number of interfaces that your module supports, you can add as many PRI ISDN digital interfaces as needed.

    If any digital interfaces are already configured, they appear in the interfaces table on this page. To edit an existing interface, click its pencil icon in the Action column, edit the options in the window that pops up as described in the "Digital Interface Configuration Options" table, and click Save Changes. To delete an interface, click its trash can icon in the Action column.

    After you save the interface configuration, you cannot change the module type, interface type, slot or sub-slot, or time slots.

    If you want to change time slots, you must delete the interface and create a new one.

    If you want to change the module type, interface type, and slot or sub-slot, detach the template from the device, unmap the voice policies that are associated with the interfaces, and delete all interfaces that are associated with the module and slot or sub-slot. Next, push the template to the device, reload the device, and create new required interfaces. Finally, push the new template to the device, and reattach the template to the device.

  9. Click Save.

  10. (Optional) If you want to configure more analog or PRI ISDN digital interfaces for this template, select Configuration > Templates, select the Feature tab, select Edit for the template from the More Actions menu, and repeat Step 7 or Step 8 and Step 9.

Add a Call Routing Feature Template

A call routing feature template configures parameters for TDM-SIP trunking, including trusted IP addresses for preventing toll fraud, and a dial plan. A dial plan, made up of dial peers, defines how a router routes traffic to and from voice ports to the PSTN or to another branch.

The following table describes global options for configuring call routing.

Table 15. Global Call Routing Options

Option

Description

Cisco IOS CLI Equivalent

Trusted IPv4 Prefix List

Enter the IPv4 addresses with which the router can communicate through SIP.

Enter each IPv4 address in CIDR format. For example, 10.1.2.3/32. Separate each address with a comma (,).

The router does not communicate with other IPv4 addresses, which prevents fraudulent calls being placed through the router.

A Trusted IPv4 Prefix is required for TDM to IP calls.

voice service voip

ip address trusted list

ipv4 ipv4-address/ipv4-network-mask

Trusted IPv6 Prefix List

Enter the IPv6 addresses with which the router can communicate through SIP.

Separate each IPv6 address with a comma (,).

The router does not communicate with other IPv6 addresses, which prevents fraudulent calls being placed through the router.

A Trusted IPv6 Prefix is required for TDM to IP calls.

voice service voip

ip address trusted list

ipv6 ipv6-prefix//prefix-length

Source Interface

Enter the name of the source interface from which the router initiates SIP control and media traffic.

This information defines how the return/response to this traffic should be sent.

voice service voip

sip

bind control source-interface interface-id

bind media source-interface interface-id

The following table describes options for configuring dial peers.

Table 16. Dial Peer Options

Option

Description

Cisco IOS CLI Equivalent

Voice Dial Peer Tag

Enter a number to be used to reference the dial peer.

dial-peer voice number {pots | voip}

Dial Peer Type

Select the type of dial peer that you are creating (POTS or SIP).

dial-peer voice number {pots | voip}

Direction

Select the direction for traffic on this dial peer (Incoming or Outgoing).

Incoming:

dial-peer voice number {pots | voip}

incoming called-number string

Outgoing:

dial-peer voice number {pots | voip}

destination-pattern string

Description

Enter a description of this dial peer.

description

Numbering Pattern

Enter a string that the router uses to match incoming calls to the dial peer.

Enter the string as an E.164 format regular expression in the form [0-9,A-F#*.?+%()-]*T?.

Incoming:

dial-peer voice number {pots | voip}

incoming called-numberstring

Outgoing:

dial-peer voice number {pots | voip}

destination-pattern string

Forward Digits Type

Available if you select the POTS dial peer type and the Outgoing direction.

Select how the dial peer transmits digits in outgoing numbers:

  • All—The dial peer transmits all digits

  • None—The dial peer does not transmit digits that do not match the destination pattern

  • Some—The dial peer transmits the specified number of right-most digits

Default: None.

All:

dial-peer voice number pots

forward-digits all

None:

dial-peer voice number pots

forward-digits 0

Some:

dial-peer voice number pots

forward-digits number

Forward Digits

Available if you select Some for Forward Digits Type.

Enter the number of right-most digits in the outgoing number to transmit.

For example, if you set this value to 7 and the outgoing number is 1112223333, the dial peer transmits 2223333.

dial-peer voice number pots

forward-digits number

Prefix

Available if you select the POTS dial peer type and the Outgoing direction.

Enter digits to be prepended to the dial string for outgoing calls.

dial-peer voice number pots

prefix string

Transport Protocol

Available if you select SIP for the Dial Peer Type.

Choose the transport protocol (TCP or UDP) for SIP control signaling.

dial-peer voice number voip

session transport {tcp | udp}

Preference

Available if you select POTS or SIP for the Dial Peer Type.

Select an integer from 0 to 10, where the lower the number, the higher the preference.

If dial peers have the same match criteria, the system uses the one with the highest preference value.

Default: 0 (highest preference).

dial-peer voice number voip

preference value

dial-peer voice number pots

preference value

Voice Port

Available if you select the POTS dial peer type.

Enter the voice port that the router uses to match calls to the dial peer. For an analog port, enter the port you want. For a digital T1 PRI ISDN port, enter a port with the suffix:23. For a digital E1 PRI ISDN port, enter a port with the suffix :15.

For an outgoing dial peer, the router sends calls that match the dial peer to this port.

For an incoming dial peer, this port serves as an extra match criterion. The dial peers are matched only if a call comes in on this port.

dial-peer voice number pots

For an analog port:

port slot/subslot/port

For a digital port:

port slot/subslot/port:15

port slot/subslot/port:23

Destination Address

Available if you select the SIP dial peer type and the Outgoing direction.

Enter the network address of the remote voice gateway to which calls are sent after a local outgoing SIP dial peer is matched.

Enter the address in one of these formats:

  • dns:hostname.domain

  • sip-server

    ipv4:destination-addres

    ipv6:destination-address

session target {ipv4:destination-address | ipv6:destination-address| sip-server | dns:hostname.domain }

To add a call routing feature template:

  1. Choose Configuration > Templates.

  2. In the Feature tab, click Add Template.

  3. Select the supported device to which you want to add call routing features.

  4. In the right pane, select Call Routing from the Unified Communications templates.

  5. In the Template Name field, enter a name for the template.

    This field can contain uppercase and lowercase letters, digits 0 through 9, hyphens (-), and underscores (_).

  6. In the Description field, enter a description for the template.

    This field can contain any characters and spaces.

  7. In the Global tab, configure options as described in the "Global Call Routing Options" table.

  8. In the Dial Plan tab, perform one of these actions:

    • To configure a dial peer directly, configure options as described in the "Dial Peer Options" table.

    • To create or edit a dial peer CSV file, click Download Dial Peer List to download the system provided file named Dial-Peers.csv. The first time you download this file, it contains field names but no records. Update this file as needed by using an application such as Microsoft Excel. For detailed information about this file, see Dial Peer CSV File.

    • To import configuration information from a dial peer CSV file that you have created, click Upload Dial Peer List.

    You can add as many dial peers as needed. Click Add after you configure each dial peer.

    If any dial peers already are configured, they appear in the dial peers table on this page. To edit a configured dial peer, click its pencil icon in the Action column, edit the options in the window that pops up as described in the following table, and click Save Changes.To delete a dial peer, click its trash can icon in the Action column.

  9. Click Save.

Add an SRST Feature Template

An SRST feature template configures parameters for Cisco Unified Survivable Remote Site Telephony (SRST) for SIP. With Cisco Unified SRST, if the WAN goes down or is degraded, SIP IP phones in a branch site can register to the local gateway so that they continue to function for emergency services without requiring WAN resources that are no longer available.

The following table describes global options for configuring Cisco Unified SRST.

Table 17. Global Cisco Unified SRST Options

Option

Description

Cisco IOS CLI Equivalent

System Message

 Enter a message that displays on endpoints when Cisco Unified SRST mode is in effect.

voice register global

system message string

Max Phones

Enter the number of phones that the system can register to the local gateway when in Cisco Unified SRST mode.

The available values and the maximum values that you can enter in this field depend on the device that you are configuring. Hover your mouse pointer over the Information icon next to this field to see maximum values for supported devices.

voice register global

max-pool max-voice-register-pools

Max Directory Numbers

Enter the number of DNs that the gateway supports when in Cisco Unified SRST mode.

The available values and the maximum values that you can enter in this field depend on the device that you are configuring. Hover your mouse pointer over the Information icon next to the Max phones to support field to see maximum values for supported devices.

voice register global

max-dn max-directory-numbers

Music on Hold

Select Yes to play music on hold on endpoints when a caller is on hold when in Cisco Unified SRST mode. Otherwise, select No.

Music on Hold file

Enter the path and file name of the audio file for music on hold.

The file must be in the system flash and must be in .au or .wav format. In addition, the file format must contain 8-bit 8-kHz data, for example, CCITT a-law or u-law data format.

call-manager-fallback

moh filename

The following table describes options for configuring Cisco Unified SRST phone profiles.

Table 18. SRST Phone Profile Options

Option

Description

Cisco IOS CLI Equivalent

Voice Register Pool Tag

Enter the unique sequence number of the IP phone to be configured.

The maximum value is defined by the Max phones to support option in the Global tab of the SRST feature template.

voice register pool pool-tag

Device Network IPv6 Prefix

Enter the IPv6 prefix of the network that contains the IP phone to support.

For example, a.b.c.d/24.

voice register pool pool-tag

id [network address mask mask]

Device Network IPv4 Prefix

Enter the IPv4 prefix of the network that contains the IP phone to support.

voice register pool pool-tag

id [network address mask mask]

To add an SRST feature template:

  1. Choose Configuration > Templates.

  2. In the Feature tab, click Add Template.

  3. Select the supported device to which you want to add Cisco Unified SRST features.

  4. In the right pane, select SRST from the Unified Communications templates.

  5. In the Template Name field, enter a name for the template.

    This field can contain uppercase and lowercase letters, digits 0 through 9, hyphens (-), and underscores (_).

  6. In the Description field, enter a description for the template.

    This field can contain any characters and spaces.

  7. In the Global Settings tab, configure options as described in the "Global SRST Options" table.

  8. In the Phone Profile tab, click New Phone Profile to create a phone profile, and configure options as described in the "SRST Phone Profile Options" table.

    A phone profile provides pool tag and device network information for a SIP phone.

    You can add as many phone profiles as needed. Click Add after you configure each phone profile.

    If any phone profiles already are configured, they appear in the phone profiles table on this page. To edit a configured phone profile, click its pencil icon in the Action column, edit the options in the window that pops up as described in the following table, and click Save Changes. To delete a phone profile, click its trash can icon in the Action column.

  9. Click Save.

Add a DSPFarm Feature Template

A DSP farm is a pool of DSP resources on a router. Cisco SD-WAN uses DSP farm resources that are available to Cisco Unified Communications Manager (CUCM) for CUCM controlled transcoding, conferencing (non-secure only), and media termination point (MTP) services. CUCM dynamically invokes these resources as needed in a call path.

A DSPFarm feature template is used to set up and provision a DSP farm. The template supports dedicated DSP modules only. T1/E1 modules are not supported.

When you add a DSPFarm feature template, you configure options for the following items:

  • Media resource modules—DSP modules and their placement on a router. You determine and build DSP farm profiles based on media resource modules.

  • DSP farm profiles—Each profile defines parameters for provisioning a specific DSP farm service type. A profile includes options for provisioning a group of DSP resources that is used for transcoding, conferencing (only non-secure conferencing is supported), or MTP services. A profile is registered to a CUCM so that the CUCM can invoke the resources for a service as needed.

  • SCCP config—Configures a local interface that is used to communicate with up to four CUCM servers, and configures related information that is required to register the DSP farm profiles to CUCM. Also configures one or more CUCM groups, each of which includes up to four CUCM servers that control the DSP farm services that, in turn, are associated with the servers.

When you add a media resource module, Cisco vManage assists you with the placement of the module by displaying available slots and sub-slots for the module. Cisco vManage determines the available slots and sub-slots based on the device model.

The following table describes options for configuring media resources.

Table 19. Media Resource Options

Option

Description

Cisco IOS CLI Equivalent

Module

Select the router resource module to carry DSP resources that are used by DSPFarm profiles.

Slot/sub-slot ID

Select the slot and sub-slot in which the resource module that you selected resides.

voice-card slot/subslot

dsp service dspfarm

The following table describes options for configuring DSP farm services.

Table 20. DSP Farm Service Options

Option

Description

Cisco IOS CLI Equivalent

Profile Type

Select the type of DSP farm service that this profile is for. Options are Transcoder, Conference, and MTP

dspfarm profile profile-identifier { conference | mtp | transcode }

Profile ID

 A system-generated unique identifier for the profile.

Universal

Available if you select Transcoder for the Profile Type

When this check box is unchecked, transcoding is allowed only between the G.711 codec and other codecs.

When this check box is checked, transcoding is allowed between codecs of any type.

dspfarm profile profile-identifier transcode [universal ]

List Codec

Select the codecs that are available for the DSP farm service that this profile defines.

The following codecs are supported. For MTP profile types, you can select one option, or you can select pass-through and one other option. If you want to change a codec, unselect the current codec before selecting a new one.

  • For the Transcoder profile type:

    • g711alaw

    • g711ulaw

    • g729abr8

    • g729ar8

    • g729br8

    • g729r8

    • g722-64

    • ilbc

    • iSAC

    • pass-through

  • For the Conference profile type:

    • g711alaw

    • g711ulaw

    • g722r-64

    • g729abr8

    • g729ar8

    • g729br8

    • g729r8

  • For the MTP profile type for software MTP only:

    • g711ulaw

    • g711alaw

    • g722-64

    • g729abr8

    • g729ar8

    • g729br8

    • g729r8

    • ilbc

    • iSAC

    • pass-through

  • For the MTP profile type for hardware MTP only, or for hardware and software MTP:

    • g711ulaw

    • g711alaw

    • pass-through

codec codec-name

Conference Maximum Participants

Available if you select Conference for the Profile Type.

Select the maximum number of parties that can participate in a conference bridge (8, 16, or 32).

maximum conference-participants number

Maximum Sessions

Available if you select Transcoder or Conference for the Profile Type.

Enter the maximum number of sessions that this profile can support.

This value depends on the maximum number sessions that can be configured with the DSP resources that are available on the router. These resources are based on the type of modules in the router. To determine these resources, you can use a DSP calculator.

maximum sessions number

MTP Type

Available if you select MTP for the Profile Type.

Select the way in which the router performs minor MTP translations such as G.711alaw to G.711ulaw, and DTMF conversions.

Options are:

  • Hardware—MTP translations and conversions are performed by the hardware DSP resources

  • Software—MTP translations and conversions are performed by the router CPU

maximum session {hardware | software }

MTP Maximum Hardware Sessions

Available if you select Hardware for the MTP type.

Select the maximum number of hardware sessions that can be used for MTP translations and conversions.

Maximum value: 4000

maximum session hardware number

MTP Maximum Software Sessions

Available if you select Software for the MTP type.

Select the maximum number of CPU sessions that can be used for MTP translations and conversions.

Maximum value: 6000

maximum session software number

Application

Select the type of application to which the DSP farm services that are provisioned on the device are associated.

associate application sccp

Shutdown

Enable this option to take this profile out of service.

shutdown

The following table describes options for configuring SCCP.

Table 21. SCCP Options

Option

Description

Cisco IOS CLI Equivalent

CUCM Tab

Configure up to 12 CUCM servers to which the profiles that you defined in the Profile tab register.

Local Interface

Enter the local interface that DSP services that are associated with the SCCP application use to register with CUCM.

Enter the interface in this format:

interface-type/interface-number/port

where:

  • interface-type—Type of interface that the services use to register with CUCM. The type can be a GigabitEthernet interface or a port channel interface.

  • interface-number—Interface number that the services use to register with CUCM.

  • port—(Optional) Port on which the interface communicates with CUCM. If you do not specify a port, the default value 2000 is used.

For example: GigabitEthernet0/0/0.

sccp local interface-type interface-number [port port-number]

Server List - x

Designate a CUCM server to which the profiles that you defined in the Profile tab register.

In the first field, enter the IP address or DNS name of the CUCM server.

In the second field, enter a numerical identifier for the CUCM server.

Click the Plus Sign icon (+) to configure up to 11 additional servers. To remove a server, click its corresponding Minus Sign icon. (–).

sccp ccm {ipv4-address | ipv6-address | dns} identifier identifier-number version 7.0+

CUCM Groups Tab

This tab is available when at least one CUCM server is configured in the CUCM tab.

Configure a CUCM group, which includes up to 4 CUCM servers that control the DSP farm services that, in turn, are associated with the servers.

If any CUCM groups are already configured, they appear in the table in this tab. To edit a configured CUCM group, click its pencil icon in the Action column, edit the options in the window that pops up as described in the following rows, and click Save Changes. To delete a CUCM group, click its trash can icon in the Action column.

Add New CUCM Group

Click to add a new CUCM group.

sccp ccm group group-id

Server Groups Priority Order

Select the priority in which the CUCM servers in this CUCM group are used.

To do so:

  1. Click this field to display a list of the CUCM servers that you configured on the CUCM tab.

  2. Select the server that you want to be the primary server. This server has the highest priority.

  3. Click the field again and select the server that you want to be the redundant server with the next highest priority. Repeat this step to select other redundant servers.

The servers appear in this field in priority order.

To remove a server from the group, click its X icon. To change the priority order of servers, remove the servers and add them back in the desired order.

associate ccm cucm-id priority priority

CUCM Media Resource Name

Profile to be Associated

In the CUCM Media Resource Name field, enter a unique name that is used to register a DSP farm profile to the CUCM servers.

The name must contain from 6 to 15 characters. Characters can be letter, numbers, slashes (/), hyphens (-), and underscores (_). Space characters are not allowed.

In the corresponding Profile to be Associated field, select a DSP farm profile to be registered to this CUCM group using the name that you entered.

To select a profile, click this field to display a list of the profile IDs that were configured on the Profile tab, and click the ID of the profile that you want.

To add another CUCM media resource name and profile, click the plus sign (+). You can add up to 4 CUCM media resources and profiles.

To remove a CUCM media resource name and profile, click its corresponding minus sign (–).

associate ccm profile-identifier register device-name

CUCM Switchback

Select the switchback method that the CUCM servers in this CUCM group use to switch back after a failover:

  • graceful—Switchback occurs after all active sessions terminate gracefully.

  • guard—Switchback occurs either when active sessions are terminated gracefully or when the guard timer expires, whichever happens first.

  • immediate—Performs the CUCM switchback to the higher priority CUCM immediately when the timer expires, whether there is an active connection or not.

Default: graceful.

switchback method {graceful | guard [timeout-guard-value] | immediate}

CUCM Switchover

Select the switchover method that CUCM servers in this CUCM use group when failing over:

  • graceful—Switchback occurs after all active sessions terminate gracefully.

  • immediate—Switchover occurs immediately, whether there is an active connection or not.

Default: graceful.

switchover method {graceful | immediate}

To add a DSPFarm feature template:

  1. Choose Configuration > Templates.

  2. In the Feature tab, click Add Template.

  3. Select the supported device to which you want to add a DSP farm.

  4. In the right pane, select DSPFarm from the Unified Communications templates.

  5. In the Template Name field, enter a name for the template.

    This field can contain uppercase and lowercase letters, digits 0 through 9, hyphens (-), and underscores (_).

  6. In the Description field, enter a description for the template.

    This field can contain any characters and spaces.

  7. In the Media Resources Modules tab, click Add Media Resources, and configure options as described in the "Media Resource Options" table.

    A media resource module is a DSP module that is used by DSP Farm profiles.

    You can add as many media resources interfaces as needed.

    Click Add after you configure each media resource. After you configure a media resource, you cannot modify or delete it because other configuration items are based on the module and its placement. If you need to change a media resource configuration, you must remove the DSPFarm feature template and create a new one.

    If any media resources are already configured, they appear in the table in this tab. To edit a configured media resource, click its pencil icon in the Action column, edit the options in the window that pops up as described in the "Media Resource Options" table, and click Save Changes. To delete a media resource, click its trash can icon in the Action column.

  8. In the Profile tab, click Add New Profile to add a profile for a DSP farm service on a router, and configure options for the profile as described in the "DSP Farm Service Options" table.

    Click Add after you configure a profile. You can add up to 10 DSP farm profiles for each feature template.

    Before you create a profile, you must know the maximum number of sessions that can be configured with the DSP resources that are available on the router. These resources are based on the type of modules in the router. To determine these resources, you can use a DSP calculator.

    After you add a profile, you can modify the List Codec, Maximum Sessions, Maximum Conference Participants, and Shutdown options. You cannot change the profile type. If you want to change the profile type, you must delete the profile and create a new one.

    If any profiles are already configured, they appear in the table in this tab. To edit a configured profile, click its pencil icon in the Action column, edit the options in the window that pops up as described in the "DSP Farm Service Options" table, and click Save Changes. To delete a profile, click its trash can icon in the Action column.

  9. In the SCCP Config tab, configure options as described in the "SCCP Options" table.

  10. Click Save.

Add a Voice Policy

A voice policy defines how the system augments and manipulates calls for various endpoint types. Endpoints include voice ports, POTS dial peers, SIP dial peers, and Cisco Unified SRST phone profiles. A voice policy includes subpolicies for each endpoint that you want to configure.

To add a voice policy:

  1. Choose Configuration > Unified Communications.

  2. Click Add Voice Policy.

  3. In the Voice Policy Name field, enter a name for the policy.

  4. Configure options in the following tabs in the left pane as needed:

  5. Click Save Policy.

Configure Voice Ports for a Voice Policy

When you configure voice ports for a voice policy, you configure options that define how the system augments and manipulates calls for the voice port endpoint type.

You can configure the following call functionality policy options, depending on the type of voice card you are using:

  • Trunk Group— Use these options to configure voice ports as a member of a trunk group for the card. You can configure one trunk group for voice card. The following table describes these options.

    Table 22. Trunk Group Options for Voice Ports

    Option

    Description

    Cisco IOS CLI Equivalent

    Add New Trunk Group

    Click to add a trunk group for the selected card.

    You can add one trunk group for a voice port.

    Copy from Existing

    Click to copy an existing trunk group to a new trunk group. In the box that appears, change the name if desired, select a trunk group, and click Copy.

    Name

    Name of the trunk group.

    The name can contain up to 32 characters.

    trunk group name

    Hunt-Scheme

    Select the hunt scheme in the trunk group for outgoing calls:

    • least-idle both—Searches for an idle channel with the shortest idle time

    • least-idle even—Searches for an idle even-numbered channel with the shortest idle time

    • least-idle odd—Searches for an idle odd-numbered channel with the shortest idle time

    • least-used both—Searches for a trunk group member that has the highest number of available channels (applies only to PRI ISDN cards)

    • least-used even—Searches for a trunk group member that has the highest number of available even-numbered channels (applies only to PRI ISDN cards)

    • least-used odd—Searches for a trunk group member that has the highest number of available odd-numbered channels (applies only to PRI ISDN cards)

    • longest-idle both—Searches for an idle odd-numbered channel with the longest idle time

    • longest-idle even—Searches for an idle channel that has the highest number of available even-numbered channels

    • longest-idle odd—Searches for an idle channel that has the highest number of available odd-numbered channels

    • round-robin both—Searches trunk group members in turn for an idle channel, starting with the trunk group member that follows the last used member

    • round-robin even—Searches trunk group member in turn for an idle even-numbered channel, starting with the trunk group member that follows the last used member

    • round-robin odd—Searches trunk group member in turn for an idle odd-numbered channel, starting with the trunk group member that follows the last used member

    • sequential-both—Searches for an idle channel, starting with the trunk group member with the highest preference within the trunk group

    • sequential-even—Searches for an idle even-numbered channel, starting with the trunk group member with the highest preference within the trunk group

    • sequential-odd—Searches for an idle odd-numbered channel, starting with the trunk group member with the highest preference within the trunk group

    • random—Searches for a trunk group member at random and selects a channel from the member at random

    Default: least-used both

    trunk group name

    hunt-scheme least-idle [both | even | odd ]

    hunt-scheme least-used [both | even | odd ]

    hunt-scheme longest-idle [both | even | odd ]

    hunt-scheme round-robin [both | even | odd ]

    hunt-scheme sequential [both | even | odd ]

    hunt-scheme random

    Max Calls

    Enter the maximum number of calls that are allowed for the trunk group. If you do not enter a value, there is no limit on the number of calls.

    If the maximum number of calls is reached, the trunk group becomes unavailable for more calls.

    • In field—Enter the maximum number of incoming calls that are allowed for this trunk group

    • Out field— Enter the maximum number of outgoing calls that are allowed for this trunk group

    Valid range for both fields: integers 0 through 1000.

    trunk group name

    max-calls voice number-of-calls direction [ in | out]

    Max-Retry

    Select the maximum number of outgoing call attempts that the trunk group makes if an outgoing call fails.

    If you do not enter a value and a call fails, the system does not attempt to make the call again.

    Valid range: integers 1 through 5.

    trunk group name

    max-retry attempts

    Save Trunk Group

    Click to save the Trunk Group that you configured.

  • Translation Profile—Use these options to configure translation rules for calling and called numbers. The following table describes these options.

    Table 23. Translation Profile Options for Calling and Called Numbers

    Option

    Description

    Cisco IOS CLI Equivalent

    Add New Translation Profile

    Click to add a translation profile for the selected card.

    You can create up to two translation profiles for this endpoint.

    voice translation-profile name

    Copy from Existing

    Click to copy an existing translation profile to a new translation profile. In the box that appears, change the name if desired, select a called translation rule and a calling translation rule, and click Copy.

    Calling

    Click to configure translation rules for the number that is calling in.

    The Translation Rules pane displays.

    translate calling translation-rule-number

    Called

    Click to configure translation rules for the number that is being called.

    The Translation Rules pane displays.

    translate called translation-rule-number

    Translation Rules pane

    1. Click Add New to create a translation rule.

      Alternatively, you can click Copy From Existing to copy an existing translation rule to a new translation rule. In the box that appears, change the name if desired, select a called translation rule and a calling translation rule, and click Copy.

    2. In the Translation Rule Number field, enter a unique number that designates the precedence for this rule. Valid range: integers 1 through 100.

    3. (Optional) To copy existing translation rules from a CSV file, click Import. Continue to add rules or click Finish. For detailed information about this file, see Translation Rules CSV File.

    4. Click Add Rule.

    5. In the Match field, enter the string that you want the translation rule to affect. Enter the string in regular expression format beginning and ending with a slash (/). For example, /^9/.

    6. From the Action drop-down list, select the action that the system performs for calls that match the string in the Match field. The Reject option causes the system to reject the call. The Replace option causes the system to replace the match number with a value that you specify.

    7. If you select the Replace action, in the Replace field that displays, enter the string to which to translate the matched string. Enter the number in regular expression format beginning and ending with a slash (/). For example, //, which indicates a replacement of no string.

      As an example, if you specify a match string of /^9/ and a replace string of //, the system removes the leading 9 from calls with a number that begins with 9. In this case, the system translates 914085551212 to 14085551212.

    8. Click Save.

    9. Add more translation rules as needed.

    10. (Optional) Click Export to save the translation rules that you created in a CSV file.

    11. Click Finish at the bottom of the pane.

    voice translation-rule number

    Match and Replace Rule:

    rule precedence /match-pattern/ / replace-pattern/

    Reject Rule:

    rule precedence reject /match-pattern/

  • Station ID—Use these options to configure the name and number for caller ID display. The following table describes these options.

    Table 24. Station ID Options

    Option

    Description

    Cisco IOS CLI Equivalent

    Station Name

    Enter the name of the station.

    The station name can contain up to 50 letters, numbers, and spaces, dashes (-), and underscores (_).

    station-id name name

    Station Number

    Enter the phone number of the station in E.164 format.

    The station number can contain up to 15 numeric characters.

    station-id number number

  • Line Params—Use these options to configure line parameters on the card for voice quality. The following table describes these options.

    Table 25. Line Params Options

    Option

    Description

    Cisco IOS CLI Equivalent

    Gain

    Enter the gain, in dB, for voice input.

    Valid range: –6 through 14. Default: 0

    input gain decibels

    Attenuation

    Enter the amount of attenuation, in dB, for transmitted voice output.

    Valid range: –6 through 14. Default: 3.

    output attenuation decibels

    Echo Canceller

    Select Enable to apply echo cancellation to voice traffic.

    By default, this option is enabled.

    echo-cancel enable

    Voice Activity Detection (VAD)

    Select Enable to apply VAD to voice traffic.

    By default, this option is enabled.

    vad

    Compand Type

    Select the companding standard to be used to convert between analog and digital signals in PCM systems (U-law or A-law).

    Default: U-Law.

    compand-type {u-law | a-law}

    Impedance

    This field does not apply to PRI ISDN cards.

    Select the terminating impedance for calls.

    Default: 600r.

    impedance {600c | 600r 900c | 900r | complex1 | complex2 | complex3 | complex4 | complex5 | complex6}

    Call Progress Tone

    Select the locale for call progress tones.

    cptone locale

  • Tuning Params—Use these options to configure parameters for signaling between voice ports and another instrument. The following table describes these options.

    Table 26. Tuning Params Options

    Option

    Description

    Cisco IOS CLI Equivalent
    Tuning Params Options for FXO Cards

    Pre Dial Delay

    Enter the delay, in seconds, of the delay on the FXO interface between the beginning of the off-hook state and the initiation of DTMF signaling.

    Valid range: 0 through 10. Default: 1.

    pre-dial-delay seconds

    Supervisory Disconnect

    Select the type of tone that indicates that a call has been released and that a connection should be disconnected:

    • Anytone—Any tone indicates a supervisory disconnect

    • Signal—A disconnect signal indicates a supervisory disconnect

    • Dualtone—A dual-tone indicates a supervisory disconnect

    Default: Signal.

    Anytone:

    supervisory disconnect anytone

    Signal:

    supervisory disconnect

    Dualtone:

    supervisory disconnect dualtone {mid-call | pre-connect}

    Dial Type

    Select the dialing method for outgoing calls:

    • pulse—Pulse dialer

    • dtmf—Dual-tone multifrequency dialer

    • mf—Multifrequency dialer

    Default: dtmf.

    dial-type {dtmf | pulse | mf}

    Timing Sup-Disconnect

    Enter the minimum time, in milliseconds, that is required to ensure that an on-hook indication is intentional and not an electrical transient on the line before a supervisory disconnect occurs (based on power denial signaled by the PSTN or PBX).

    Valid range: 50 through 1500. Default: 350.

    timing sup-disconnect milliseconds

    Battery Reversal

    Battery reversal reverses the battery polarity on a PBX when a call connects, then changes the battery polarity back to normal when the far-end disconnects.

    Select Answer to configure the port to support answer supervision by detection of battery reversal.

    Select Detection Delay to configure the delay time after which the card acknowledges a battery-reversal signal, then enter the delay time in milliseconds. Valid range: 0 through 800. Default: 0 (no delay).

    If an FXO port or its peer FXS port does not support battery reversal, do not configure battery reversal options to avoid unpredictable behavior.

    battery-reversal [answer]

    battery-reversal-detection-delay milliseconds

    Timing Hookflash out

    Enter the duration, in milliseconds, of hookflash indications that the gateway generates on the FXO interface.

    Valid range: 50 through 1550. Default: 400.

    timing hookflash-out milliseconds

    Timing Guard out

    Enter the number of milliseconds after a call disconnects before another outgoing call is allowed.

    Valid range: 300 through 3000. Default: 2000.

    timing guard-out milliseconds

    Tuning Params Options for FXS Cards

    Timing Hookflash In

    Enter the minimum and maximum duration, in milliseconds, of an on-hook condition to be interpreted as a hookflash by the FXS card.

    Valid range for minimum duration: 0 through 400. Default minimum value: 50.

    Valid range for maximum duration: 50 through 1500. Default maximum value: 1000.

    timing hookflash-in maximum-milliseconds minimum-milliseconds

    Pulse Digit Detection

    To enable pulse digit detection at the beginning of a call, select Yes.

    Default: Yes.

    pulse-digit-detection

    Loop Length

    Select the length for signaling on FXS ports (Long or Short).

    Default: Short.

    loop-length [long | short]

    Ring

    • Frequency—Select the frequency, in Hz, of the alternating current that, when applied, rings a connected device. Default: 25.

    • DC Offset—Applies only if Loop Length is set to Long. Select the voltage threshold below which a ring does not sound on devices. Valid values: 10-volts, 20-volts, 24-volts, 30-volts, and 35-volts.

    ring frequency number

    ring dc-offset number

    Ringer Equivalence Number (REN)

    Select the REN for calls that this card processes. This number specifies the loading effect of a telephone ringer on a line.

    Valid range: 1 through 5. Default: 1.

    ren number

  • Supervisory Disconnect—Use these options to configure parameters for supervisory disconnect events. The following table describes these options.

    Table 27. Supervisory Disconnect Options

    Option

    Description

    Cisco IOS CLI Equivalent

    Add New Supervisory Disconnect

    Click to add a supervisory disconnect event.

    Mode

    Choose the mode for the supervisory disconnect event:

    • Custom CPTone—Provides options for configuring cptone detection parameters for a supervisory disconnect event

    • Dual Tone Detection Params— Provides options for configuring dual-tone detection parameters for a supervisory disconnect event

    voice class custom-cptone cptone-name

    voice class dualtone-detect-params tag

    Supervisory Name

    Applies to Custom CPTone mode. Enter a name for the supervisory disconnect event.

    The name can contain up to 32 characters. Valid characters are letters, numbers, dashes (-), and underscores (_).

    voice class custom-cptone cptone-name

    Dualtone

    Applies to Custom CPTone mode. Select the type of dual-tone that causes a disconnect. Options are:

    • Busy

    • Disconnect

    • Number Unobtainable

    • Out of Service

    • Reorder

    • Ringback

    dualtone {ringback |busy | reorder | out-of-service | number-unobtainable | disconnect}

    Cadence

    Applies to Custom CPTone mode. Enter the cadence interval, in milliseconds, of the dual-tones that cause a disconnect. Enter the cadence as an on/off value pair, separated with a space. You can enter up to 4 on/off value pairs, separated with a space.

    cadence cycle-1-on-time cycle-1-off-time [cycle-2-on-time cycle-2-off-time [cycle-3-on-time cycle-3-off-time [ cycle-4-on-time cycle-4-off-time ]]]

    Dualtone Frequency

    Applies to Custom CPTone mode. Enter the frequency, in Hz, of each tone in the dual-tone.

    Valid range for each tone is 300 through 3600.

    frequency frequency-1 [frequency-2]

    Supervisory Number

    Applies to Custom Dual Tone Detection Params mode.

    Enter a unique number to identify dual-tone detection parameters.

    Valid range: 1 through 10000.

    voice class dualtone-detect-params tag-number

    Cadence-Variation

    Applies to Custom Dual Tone Detection Params mode. Enter the maximum time, in milliseconds, by which the tone onset can vary from the onset time and still be detected. The system multiplies the value that you enter by 10.

    Valid range: 0 through 200 in units of 10. Default: 10.

    cadence-variation time

    Frequency

    Applies to Custom Dual Tone Detection Params mode.

    • Max Delay—Enter the maximum delay, in milliseconds, before a supervisory disconnect is performed after the dual-tone is detected. The system multiplies the value that you enter by 10. Valid range: 0 through 100 in units of 10. Default: 10.

    • Max Deviation—Enter the maximum deviation, in Hz, by which each tone can deviate from configured frequencies and be detected. Valid range: 10 through 125. Default: 10.

    • Max Power—Enter the power of the dual-tone, in dBm0, above which a supervisory disconnect is no detected. Valid range: 0 through 20. Default: 10.

    • Min Power— Enter the power of the dual-tone, in dBm0, below which a supervisory disconnect is not detected. Valid range: 10 through 35. Default: 30.

    • Power Twist—Enter difference, in dBm0, between the minimum power and the maximum power of the dual-tone above which a supervisory disconnect is not detected. Valid range: 0 through 15. Default: 6.

    freq-max-delay time

    freq-max-deviation hertz

    freq-max-power dBm0

    freq-min-power dBm0

    freq-power-twist dBm0

    Save

    Click to save the supervisory disconnect information that you configured.

  • DID Timers—Use these options to configure timers for DID calls. The following table describes these options.

    Table 28. DID Timers Options

    Option

    Description

    Cisco IOS CLI Equivalent

    Wait Before Wink

    Enter the amount of time, in milliseconds, that the card waits after receiving a call before sending a wink signal to notify the remote side that it can send DNIS information.

    Valid range: 100 through 6500. Default: 550.

    timing wait-wink milliseconds

    Wink Duration

    Enter the maximum amount of time, in milliseconds, of the wink signal for the card.

    Valid range: 50 through 3000. Default: 200.

    timing wait-duration milliseconds

    Clear Wait

    Enter the minimum amount of time, in milliseconds, between an inactive seizure signal and the call being cleared for the card.

    Valid range: 200 through 2000. Default: 400.

    timing clear-wait milliseconds

    Dial Pulse Min Delay

    Enter the amount of time, in milliseconds, between wink-like pulses for the card.

    Valid range: 0 or 140 through 5000. Default: 140.

    timing dial-pulse min-delay milliseconds

    Answer Winkwidth

    Enter the minimum delay time, in milliseconds, between the start of an incoming seizure and the wink signal.

    Valid range: 110 through 290. Default: 210.

    timing answer-winkwidth milliseconds

To configure voice ports for a voice policy, follow these steps:

  1. When adding a voice policy from the Configuration > Unified Communications page, select Voice Ports in the left pane.

  2. From the Add Voice Ports Policy Profile drop-down list, select Create New.

    Alternatively, you can select Copy from Existing to copy an existing voice policy to a new voice policy. In the box that appears, select the name of the policy profile to copy, enter a new name for the profile if desired, and click Copy.

  3. Select FXO, FXS, PRI ISDN, or FXS DID to specify the type of voice port that the policy is for.

  4. Select the types of call functionality policy options that you want to configure from the list of options that displays, and click Next. These option types include the following:

    • Trunk Group—Available for FXO, FXS, FXS DID, and PRI ISDN cards.

      Use these options to configure voice ports as a member of a trunk group for the card.

    • Translation Profile—Available for FXO, FXS, PRI ISDN, and FXS DID cards.

      Use these options to configure translation rules for calling and called numbers.

    • Station ID—Available for FXO, FXS, and FXS DID cards.

      Use these options to configure the name and number for caller ID display.

    • Line Params—Available for FXO, FXS, PRI ISDN, and FXS DID cards.

      Use these options to configure line parameters on the card for voice quality.

    • Tuning Params—Available for FXO and FXS cards.

      Use these options to configure parameters for signaling between voice ports and another instrument.

    • Supervisory Disconnect—Available for FXO cards.

      Use these options to configure parameters for supervisory disconnect events. These events provide an indication that a call has disconnected.

    • DID Timers—Available for FXS DID cards.

      Use these options to configure timers for DID calls.

  5. In the page that displays, configure as needed the options on the tabs as needed.

    The tabs that are available depend on the voice port and call functionality policy option types that you selected.

    • Trunk Group options—For a description of these options, see the "Trunk Group Options for Voice Ports" table.

      If any trunk groups are already configured for other voice cards, they appear in the trunk groups table on this page. To edit a configured trunk group, click its pencil icon in the Action column, edit the options in the window that pops up as described in the "Trunk Group Options for Voice Ports" table, and click Save Changes. To delete a trunk group, click its trash can icon in the Action column.

      After you click Save Trunk Group when saving trunk group options, configure the priority for a trunk group by double-click the Priority field for a trunk group in the Trunk Group table, entering a priority number, and pressing Enter or clicking outside of the Priority field. Valid priority numbers are integers 1 through 64. The number you enter is the priority of the POTS dial peer in the trunk group for incoming and outgoing calls.

    • Translation Profile options—For a description of these options, see the "Translation Profile Options for Calling and Called Numbers" table.

      After you click Finish when configuring translation profile options, perform these actions:

      1. Add another translation profile if needed. You can create up to two translation profiles for this endpoint.

      2. Click Save Translation Profile.

      3. For each translation profile that you create, double-click the dash (-) that displays in Direction column in the table of translation rules and select Incoming or Outgoing from the drop-down list that displays. The Incoming selection applies the corresponding translation rule to traffic that is incoming to this endpoint. The Outgoing selection applies the corresponding translation rule to traffic that is outgoing from this endpoint.

    • Station ID options—For a description of these options, see the "Station ID Options" table.

    • Line Params options—For a description of these options, see the "Line Params Options" table.

    • Tuning Params options—For a description of these options, see the "Tuning Params Options" table.

    • Supervisory Disconnect options—For a description of these options, see the "Supervisory Disconnect Options" table.

      You can configure as many supervisory disconnect events as needed.

    • DID Timers options—For a description of these options, see the "DID Timers Options" table

  6. Click Next

  7. In the Policy Profile Name field, enter a name for this child policy.

  8. In the Policy Profile Description field, enter a description for this child policy.

  9. Click Save.

Configure POTS Dial Peers for a Voice Policy

When you configure POTS Dial Peers for a voice policy, you configure options that define how the system augments and manipulates calls for the POTS dial peer endpoint type.

You can configure the following options:

  • Trunk Groups—The following table describes these options.

    Table 29. Trunk Group Options for POTS Dial Peers

    Option

    Description

    Cisco IOS CLI Equivalent

    Add New Trunk Group

    Click to add a trunk group for the selected card.

    You can add one trunk group for a voice port.

    Copy from Existing

    Click to copy an existing trunk group to a new trunk group. In the box that appears, change the name if desired, select a trunk group, and click Copy.

    A trunk group name whose name is preceded with “{Master}” is already associated with this voice policy. When you copy a this type of trunk group, the system reuses the existing trunk group without creating another instance of the trunk group definition. In this case, you cannot change the name.

    Name

    Name of the trunk group.

    The name can contain up to 32 characters.

    trunk group name

    Hunt-Scheme

    Select the hunt scheme in the trunk group for outgoing calls:

    • least-idle both—Searches for an idle channel with the shortest idle time

    • least-idle even—Searches for an idle even-numbered channel with the shortest idle time

    • least-idle odd—Searches for an idle odd-numbered channel with the shortest idle time

    • least-used both—Searches for a trunk group member that has the highest number of available channels (applies to only PRI ISDN cards)

    • least-used even—Searches for a trunk group member that has the highest number of available even-numbered channels (applies only to PRI ISDN cards)

    • least-used odd—Searches for a trunk group member that has the highest number of available odd-numbered channels (applies only to PRI ISDN cards)

    • longest-idle both—Searches for an idle odd-numbered channel with the longest idle time

    • longest-idle even—Searches for an idle channel that has the highest number of available even-numbered channels

    • longest-idle odd—Searches for an idle channel that has the highest number of available odd-numbered channels

    • round-robin both—Searches trunk group members in turn for an idle channel, starting with the trunk group member that follows the last used member

    • round-robin even—Searches trunk group member in turn for an idle even-numbered channel, starting with the trunk group member that follows the last used member

    • round-robin odd—Searches trunk group member in turn for an idle odd-numbered channel, starting with the trunk group member that follows the last used member

    • sequential-both—Searches for an idle channel, starting with the trunk group member with the highest preference within the trunk group

    • sequential-even—Searches for an idle even-numbered channel, starting with the trunk group member with the highest preference within the trunk group

    • sequential-odd—Searches for an idle odd-numbered channel, starting with the trunk group member with the highest preference within the trunk group

    • random—Searches for a trunk group member at random and selects a channel from the member at random

    Default: least-used both

    trunk group name

    hunt-scheme least-idle [both | even | odd ]

    hunt-scheme least-used [both | even | odd ]

    hunt-scheme longest-idle [both | even | odd ]

    hunt-scheme round-robin [both | even | odd ]

    hunt-scheme sequential [both | even | odd ]

    hunt-scheme random

    Max Calls

    Enter the maximum number of calls that are allowed for the trunk group. If you do not enter a value, there is no limit on the number of calls.

    If the maximum number of calls is reached, the trunk group becomes unavailable for more calls.

    • In field—Enter the maximum number of incoming calls that are allowed for this trunk group.

    • Out field— Enter the maximum number of outgoing calls that are allowed for this trunk group.

    Valid range for both fields: integers 0 through 1000.

    trunk group name

    max-calls voice number-of-calls direction [ in | out]

    Max-Retry

    Select the maximum number of outgoing call attempts that the trunk group makes if an outgoing call fails.

    If you do not enter a value and a call fails, the system does not attempt to make the call again.

    Valid range: integers 1 through 5.

    trunk group name

    max-retry attempts

  • Translation Profiles—The following table describes these options.

    Table 30. Translation Profile Options for POTS Dial Peers

    Option

    Description

    Cisco IOS CLI Equivalent

    Add New Translation Profile

    Click to add a translation profile for the selected POTS dial peer.

    You can create up to two translation profiles for this endpoint.

    Copy from Existing

    Click to copy an existing translation profile to a new translation profile. In the box that appears, change the name if desired, select a called translation rule and a calling translation rule, and click Copy.

    Name

    Name of the translation profile.

    The name can contain up to 32 characters.

    voice translation-profile name

    Calling

    Click to configure translation rules for the number that is calling in.

    The Translation Rules pane displays.

    translate calling translation-rule-number

    Called

    Click to configure translation rules for the number that is being called.

    The Translation Rules pane displays.

    translate called translation-rule-number

    Translation Rules pane

    1. Click Add New to create a translation rule.

      Alternatively, you can click Copy From Existing to copy an existing translation rule to a new translation rule. In the box that appears, change the name if desired, select a called translation rule and a calling translation rule, and click Copy.

    2. In the Translation Rule Number field, enter a unique number that designates the precedence for this rule. Valid range: integers 1 through 100.

    3. (Optional) To copy existing translation rules from a CSV file, click Import. Continue to add rules or click Finish. For detailed information about this file, see Translation Rules CSV File.

    4. Click Add Rule.

    5. In the Match field, enter the string that you want the translation rule to affect. Enter the string in regular expression format beginning and ending with a slash (/). For example, /^9/.

    6. From the Action drop-down list, select the action that the system performs for calls that match the string in the Match field. The Reject option causes the system to reject the call. The Replace option causes the system to replace the match number with a value that you specify.

    7. If you select the Replace action, in the Replace field that displays, enter the string to which to translate the matched string. Enter the number in regular expression format beginning and ending with a slash (/). For example, //, which indicates a replacement of no string.

      As an example, if you specify a match string of /^9/ and a replace string of //, the system removes the leading 9 from calls with a number that begins with 9. In this case, the system translates 914085551212 to 14085551212.

    8. Click Save.

    9. Add more translation rules as needed.

    10. (Optional) Click Export to save the translation rules that you created in a CSV file.

    11. Click Finish at the bottom of the pane.

    voice translation-rule number

    Match and Replace Rule:

    rule precedence /match-pattern/ / replace-pattern/

    Reject Rule:

    rule precedence reject /match-pattern/

To configure POTS dial peers for a voice policy:

  1. When adding a voice policy from the Configuration > Unified Communications page, select POTS Dial Peer in the left pane.

  2. From the Add POTS Dial Peer Policy Profile drop-down list, select Create New.

    Alternatively, you can select Copy from Existing to copy an existing POTS dial peer policy to a new one. In the box that appears, select the name of the policy profile to copy, enter a new name for the profile if desired, and click Copy.

  3. Select the types of POTS dial peers that you that you want to configure from the list of options that displays, and click next.

    Options are Trunk Group (beginning with Cisco IOS XE Release 17.3.1a) and Translation Profile.

  4. To configure trunk groups, perform the following actions.

    If any trunk groups are already configured, they appear in the trunk groups table on this page. To edit a configured trunk group, click its pencil icon in the Action column, edit the options in the window that pops up as described in the "Trunk Groups for POTS Dial Peers Options" table, and click Save Changes. To delete a trunk group, click its trash can icon in the Action column.

    1. Configure trunk group options as described in the "Trunk Groups Options for POTS Dial Peers " table.

    2. Add another trunk group if needed.

      You can create up to 64 trunk groups for this endpoint.

    3. Click Save Trunk Group.

    4. Configure the priority for a trunk group by double-click the Priority field for a trunk group in the Trunk Group table, entering a priority number, and pressing Enter or clicking outside of the Priority field. Valid priority numbers are integers 1 through 64. Repeat this process for the other trunk groups in the table. The number you enter is the priority of the POTS dial peer in the trunk group for incoming and outgoing calls.

  5. To configure translation profiles, perform these actions:

    1. Configure translation profile options as described in the "Translation Profile Options for POTS Dial Peers" table.

    2. Add another translation profile if needed.

      You can create up to two translation profiles for this endpoint.

    3. Click Save Translation Profile.

    4. For each translation profile that you create, double-click the dash (-) that displays in Direction column in the table of translation rules and select Incoming or Outgoing from the drop-down list that displays.

      The Incoming selection applies the corresponding translation rule to traffic that is incoming to this endpoint. The Outgoing selection applies the corresponding translation rule to traffic that is outgoing from this endpoint.

  6. Click Next.

  7. In the Policy Profile Name field, enter a name for this child policy.

  8. In the Policy Profile Description field, enter a description for this child policy.

  9. Click Save.

Configure SIP Dial Peers for a Voice Policy

When you configure SIP Dial Peers for a voice policy, you configure options that define how the system augments and manipulates calls for the SIP dial peer endpoint type.

You can configure the following options, depending on the policy type for which you are configuring SIP dial peers:

  • Translation Profiles—Use these options to configure translation rules for called and calling numbers on SIP dial peers. The following table describes these options.

    Table 31. Translation Profile Options for Calling Numbers on SIP Dial Peers