The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
We recommend the following for the proper working of backup and restore:
Backup and restore works in the following scenarios:
Backup and restore does not work in the following scenarios:
Use this procedure to recover a site when site provisioning fails.
Step 1 From the Cisco IWAN home page, click Manage Branch Sites . The Sites page opens.
Step 2 Click the Site(s) tab. From the Action column in the Site Status page, click the Recovery icon.
After attempting to recover a site, if the site recovery is a success, the site moves to the Success state, otherwise the Recovery icon appears again allowing you to retry recovering the site.
You can attempt to recover a site multiple times. However, if a site cannot be recovered, the only option is to delete a site.
The post provisioning recovery feature allows you to reapply the last change to the hub and spoke devices after the sites have been provisioned.
Recovery can be attempted multiple times. To recover a hub or a branch site, click the Recovery icon in the Action column in the Site Status page.
If recovery fails after multiple attempts, you can choose to delete the site permanently by clicking the delete X icon in the Action column in the Site Status page.
You can delete a primary hub if the primary hub is in a failed state and no branch sites have been provisioned.
If both the primary hub and transit hub are in failed state, you must delete the transit hub first in order to delete the primary hub. If the delete operation succeeds, both the primary hub and transit hub are reset to the brownfield validation state.
When a hub is deleted after hub provisioning fails, the Cisco IWAN application does the following:
If the delete operation succeeds, the hub is removed from Sites page.
Note The hub site is deleted on a best-effort basis. If the devices are unreachable, they are not restored to the original configuration. In this case, you must manually clean up the configuration on the devices. See Manually Cleaning Up Devices.
You can re-provision the hub from the Configure Hub Site page as part of the hub provisioning (see Wizard Step 5—Configuring the IWAN Aggregation Site.
You can delete a transit hub irrespective of the state of the transit hub—whether it is provisioned or failed.
When a transit hub is deleted, IWAN performs the following:
If the delete operation succeeds, the transit hub is removed from the Sites page.
Note The transit-hub site is deleted on a best-effort basis. If the devices are unreachable, they are not restored to the original configuration. In this case, you must manually clean up the configuration on the devices. See Manually Cleaning Up Devices.
You can delete branch sites from IWAN irrespective of the branch state—in progress, provisioned, or failed.
Step 1 From the Cisco IWAN home page, click Manage Branch Sites . The Sites page opens.
Step 2 Click the Site(s) tab. From the Action column in the Site Status page, click the X icon to delete the site.
Note Branch sites are deleted on a best-effort basis. If the devices are unreachable, they are not restored to the bootstrap configuration. In this case, you must manually clean up the configuration on the devices. See Manually Cleaning Up Devices.
When a branch site is deleted, the Cisco IWAN application performs the following:
– Copies the IWAN_RECOVERY.cfg to the startup configuration.
See Backup and Restore.
After the site is deleted, the branch devices are removed from the Devices tab and are displayed in the unclaimed device list, thereby, allowing you to re-provision the branch site.
After a hub site, transit-hub site, or branch site delete operation, the devices in the site are deleted on the best-effort basis. If the devices are unreachable, they are not restored to the original configuration. In this case, you must manually clean up the configuration on the devices.
Use this procedure to manually clean up the configuration on the devices.
Step 1 Remove the IWAN PKI trust point. Use the following command:
no crypto pki trustpoint sdn-network-infra-iwan
Step 2 Remove the IWAN RSA key from NVRAM. Use the following commands:
crypto key zeroize rsa sdn-network-infra-iwan
Step 3 Restore the original configuration. Use the following commands:
config replace bootflash:<original-config-file> force
RPRE-GA-1-HUB-INET# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
PRE-GA-1-HUB-INET(config)# no crypto pki trustpoint sdn-network-infra-iwan
% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.
Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.
PRE-GA-1-HUB-INET(config)# crypto key zeroize rsa sdn-network-infra-iwan
Do you really want to remove these keys? [yes/no]: yes
PRE-GA-1-HUB-INET(config)# end
PRE-GA-1-HUB-INET# write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
PRE-GA-1-HUB-INET# config replace bootflash:clean-config force
%EIGRP: Deleting base topology is not allowed.
% Interface GigabitEthernet0/0/4 IPv4 disabled and address(es) removed due to enabling VRF IWAN-TRANSPORT-2% Profile is applied to Tunnel11-head-0 (head) and possibly other crypto maps
% No such key-chain% Profile is applied to Tunnel11-head-0 (head) and possibly other crypto maps% Profile is applied to Tunnel11-head-0 (head) and possibly other crypto maps% Profile is applied to Tunnel11-head-0 (head) and possibly other crypto maps% Profile is applied to Tunnel11-head-0 (head) and possibly other crypto maps
The rollback configlet from the last pass is listed below:
no crypto ikev2 profile FVRF-IKEv2-IWAN-TRANSPORT-2
You can add or delete site prefixes after hub provisioning.
Note This option is only available for L3 brownfield sites.
Step 1 From the Cisco IWAN home page, click Manage Branch Sites . The Sites page opens.
Step 2 Click the Site(s) tab. From the Action column in the Site Status page, click the Update Site Prefix ( pen) icon. The LAN Site Prefix dialog box opens.
Step 3 To add a site prefix, click the + icon.
Step 4 To delete a site prefix, select the check box next to the prefix that you want to delete, and then click the X icon.
Note You cannot delete all prefixes. You must have at least one prefix per site.