Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Step 2

Create and configure a Transport VPN feature in Transport and Management profile.

Step 3

Create and configure Ethernet Interface feature in Transport VPN.

1. Configure basic VPN parameters.

   Field	Description
   Shutdown	Enable or disable the interface.
   Interface Name*	Enter a name for the interface. Spell out the interface names completely (for example, GigabitEthernet0/0/0). Configure all the interfaces of the router, even if you are not using them, so that they are configured in the shutdown state and so that all default values for them are configured.
   Description	Enter a description for the interface.
   Auto Detect Bandwidth	Enable this option to automatically detect the bandwidth for WAN interfaces. The device detects the bandwidth by contacting an iPerf3 server to perform a speed test.
   IPv4 Settings	Configure an IPv4 VPN interface. Dynamic: Choose Dynamic to set the interface as a Dynamic Host Configuration Protocol (DHCP) client so that the interface receives its IP address from a DHCP server. Static: Choose Static to enter an IP address that doesn't change.
   Dynamic DHCP Distance	Enter an administrative distance value for routes learned from a DHCP server. This option is available when you choose Dynamic. Default: 1
   IP Address	Enter a static IPv4 address. This option is available when you choose Static.
   Subnet Mask	Enter the subnet mask.
   Configure Secondary IP Address	Enter up to four secondary IPv4 addresses for a service-side interface. IP Address: Enter the IP address. Subnet Mask: Enter the subnet mask.
   DHCP Helper	To designate the interface as a DHCP helper on a router, enter up to eight IP addresses, separated by commas, for DHCP servers in the network. A DHCP helper interface forwards BOOTP (broadcast) DHCP requests that it receives from the specified DHCP servers.
   IPv6 Settings	Configure an IPv6 VPN interface. Dynamic: Choose Dynamic to set the interface as a Dynamic Host Configuration Protocol (DHCP) client so that the interface receives its IP address from a DHCP server. Static: Choose Static to enter an IP address that doesn't change. None
   IPv6 Address Primary	Enter a static IPv6 address. This option is available when you choose Static.
   Add Secondary Ipv6
   IP Address	Enter up to two secondary IPv6 addresses for a service-side interface.
   Bandwidth Upstream	Enter upstream bandwidth reference value.
   Bandwidth Downstream	Enter downstream bandwidth reference value.

2. Apply Access Lists and QoS Parameters

   Field	Description
   Adaptive QoS	To enable or disable adaptive QoS on an ethernet interface on the transport side.
   Shaping Rate	Enter the shaping rate to control the maximum rate of traffic sent.
   ACL	To define IPv4 and IPv6 ACL as ingress and egress.

3. Create a tunnel interface.

   Field	Description
   Tunnel Interface	Enable this option to create a tunnel interface.
   Per-tunnel QoS	Enable this option to apply a Quality of Service (QoS) policy on individual tunnels.
   Color	Choose a color for the TLOC.
   Color Description	Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.18.1 Enter a description associated to the TLOC color.
   Restrict	Enable this option to limit the remote TLOCs that the local TLOC can establish BFD sessions with. When a TLOC is marked as restricted, a TLOC on the local router establishes tunnel connections with a remote TLOC only if the remote TLOC has the same color.
   Groups	Enter a group number. Range: 1 through 4294967295
   Border	Enable this option to set the TLOC as a border TLOC.
   Maximum Control Connections	Specify the maximum number of Cisco SD-WAN Controllers that the WAN tunnel interface can connect to. To have the tunnel establish no control connections, set the number to 0. Range: 0 through 100 Default: 2
   Validator As Stun Server	Enable Session Traversal Utilities for NAT (STUN) to allow the tunnel interface to discover its public IP address and port number when the Cisco IOS XE Catalyst SD-WAN device is located behind a NAT.
   Exclude Controller Group List	Set the identifiers of one or more Cisco SD-WAN Controller groups that this tunnel is not allowed to connect to. Range: 1 through 100
   Manager Connection Preference	Set the preference for using a tunnel interface to exchange control traffic with Cisco SD-WAN Manager. Range: 0 through 8 Default: 5
   Full Port Hop	Minimum release: Cisco IOS XE Catalyst SD-WAN Release 17.18.1a Enable full port hopping at the TLOC level to allow devices to establish connections with controllers by switching to the next port if the current port is blocked or non-functional. Default: Disabled
   Port Hop	Enable port hopping. If port hopping is enabled globally, you can disable it on an individual TLOC (tunnel interface). Default: Enabled Starting from Cisco IOS XE Catalyst SD-WAN Release 17.18.1a, this field is deprecated. Instead use the Full Port Hop option. See the Full Port Hop field.
   Low-Bandwidth Link	Enable this option to characterize the tunnel interface as a low-bandwidth link.
   Tunnel TCP MSS	Specify the maximum segment size (MSS) of TPC SYN packets passing through the router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 500 to 1460 bytes Default: None
   Clear-Dont-Fragment	Enable this option to clear the Don't Fragment (DF) bit in the IPv4 packet header for packets being transmitted out the interface. When the DF bit is cleared, packets larger than the MTU of the interface are fragmented before being sent.
   CTS SGT Propagation	Enable CTS SGT propagation on an interface.
   Network Broadcast	Enable this option to accept and respond to network-prefix-directed broadcasts.
   Allow Service	Allow or disallow the following services on the interface: All BGP DHCP NTP SSH DNS ICMP HTTPS OSPF STUN SNMP NETCONF BFD
   Encapsulation
   Encapsulation*	Choose an encapsulation type: gre: Use GRE encapsulation on the tunnel interface. ipsec: Use IPsec encapsulation on the tunnel interface. Note   If you select both IPsec and GRE encapsulations, two TLOCs are created for the tunnel interface that have the same IP addresses and colors, but that differ by their encapsulation. When you choose gre, the following fields appear: GRE Preference: Enter a preference value for directing traffic to the tunnel. A higher value is preferred over a lower value. Range: 0 through 4294967295 Default: 0 GRE Weight: Enter a weight to use to balance traffic across multiple TLOCs. A higher value sends more traffic to the tunnel. Range: 1 through 255 Default: 1 When you choose ipsec, the following fields appear: IPSEC Preference: Enter a preference value for directing traffic to the tunnel. A higher value is preferred over a lower value. Range: 0 through 4294967295 Default: 0 IPSEC Weight: Enter a weight to use to balance traffic across multiple TLOCs. A higher value sends more traffic to the tunnel. Range: 1 through 255 Default: 1
   Multi-Region Fabric Note   These options appear only when Multi-Region Fabric is enabled.
   Connect to Core Region	(Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.13.1) (Applicable to a border router only) In a Multi-Region Fabric scenario, enable this option to specify how to use the Ethernet interface: Share Interface with Access Region: Share the interface between the access region and core region. Keep Exclusive to Core Region: Use the interface only for the core region.
   Connect to Secondary Region	(Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.13.1) (Applicable to an edge router only) In a Multi-Region Fabric scenario, enable this option to specify how to use the Ethernet interface: Share Interface with Access Region: Share the interface between the primary and secondary regions. Keep Exclusive to Secondary Region: Use the interface only for the secondary region.

4. Configure an interface as a NAT device.

   Field	Description
   IPv4 Settings
   NAT	Enable this option to have the interface act as a NAT device.
   NAT Type	Choose the NAT translation type for IPv4: interface pool loopback Default: interface. It is supported for NAT64.
   UDP Timeout	Specify when NAT translations over UDP sessions time out. Range: 1 through 8947 minutes Default: 1 minute
   TCP Timeout	Specify when NAT translations over TCP sessions time out. Range: 1 through 8947 minutes Default: 60 minutes (1 hour)
   Add Multiple NAT	Choose the NAT type: Interface: This is the default value. Pool: Configure the following: Pool ID: Enter a NAT pool number configured in the centralized data policy. The NAT pool name must be unique across VPNs and VRFs. You can configure up to 31 (1–32) NAT pools per router. Range Start: Enter a starting IP address for the NAT pool. Range End: Enter a closing IP address for the NAT pool. Prefix length: Specify the maximum number of source IP addresses that can be NATed in the NAT pool. Overload: Enable this option to configure per-port translation. If this option is disabled, only dynamic NAT is configured on the end device. Per-port NAT is not configured. Default: Disabled Loopback: Provide a value for the NAT inside source loopback interface.
   Configure New Static NAT	Add a static NAT mapping
   Source IP	Enter the source IP address to be translated.
   Translate IP	Enter the translated source IP address.
   Direction	Choose the direction in which to perform network address translation. inside: Translates the IP address of packets that are coming from the service side of the device and that are destined for the transport side of the router. outside: Translates the IP address of packets that are coming to the device from the transport side device and that are destined for a service-side device.
   Source VPN	Enter the source VPN ID.
   IPv6 Settings
   IPv6 NAT	Enable this option to have the interface act as a NAT device.
   Select NAT	Choose NAT64 or NAT66. When you choose NAT66, the following fields appear: Source Prefix: Enter the source IPv6 prefix. Translated Source Prefix: Enter the translated source prefix. Source VPN ID: Enter the source VPN ID. Egress Interface: Enable this option to have the interface act as an egress interface.

5. Add ARP table entries.

   Field	Description
   IP Address	Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name.
   MAC Address	Enter the MAC address in colon-separated hexadecimal notation.

6. Configure advanced properties.

   Field	Description
   Duplex	Specify whether the interface runs in full-duplex or half-duplex mode. Default: full
   MAC Address	Specify a MAC address to associate with the interface, in colon-separated hexadecimal notation.
   IP MTU	Specify the maximum MTU size of packets on the interface. Range: 576 through 9216 Default: 1500 bytes
   Interface MTU	Enter the maximum transmission unit size for frames received and transmitted on the interface. Range: 1500 through 1518 (GigabitEthernet0), 1500 through 9216 (other GigabitEthernet) Default: 1500 bytes
   TCP MSS	Specify the maximum segment size (MSS) of TPC SYN packets passing through the router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 500 to 1460 bytes Default: None
   Speed	Specify the speed of the interface, for use when the remote end of the connection does not support autonegotiation. Values: 10, 100, 1000, 2500, or 10000 Mbps
   ARP Timeout	ARP timeout controls how long we maintain the ARP cache on a router. Specify how long it takes for a dynamically learned ARP entry to time out. Range: 0 through 2147483 seconds Default: 1200 seconds
   Autonegotiate	Enable this option to turn on autonegotiation.
   Media Type	Specify the physical media connection type on the interface. Choose one of the following: auto-select: A connection is automatically selected. rj45: Specifies an RJ-45 physical connection. sfp: Specifies a small-form factor pluggable (SFP) physical connection for fiber media.
   TLOC Extension	Enter the name of a physical interface on the same router that connects to the WAN transport. This configuration then binds this service-side interface to the WAN transport. A second router at the same site that itself has no direct connection to the WAN (generally because the site has only a single WAN connection) and that connects to this service-side interface is then provided with a connection to the WAN. Note   TLOC extension over L3 is supported only for Cisco IOS XE Catalyst SD-WAN devices. If configuring TLOC extension over L3 for a Cisco IOS XE Catalyst SD-WAN device, enter the IP address of the L3 interface.
   GRE tunnel source IP	Enter the IP address of the extended WAN interface.
   XConnect	Enter the name of a physical interface on the same router that connects to the WAN transport.
   Load Interval	Enter an interval value for interface load calculation.
   IP Directed Broadcast	An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet, but which originates from a node that is not itself part of that destination subnet. A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast. If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached are broadcast on that subnet.
   ICMP Redirect Disable	ICMP redirects are sent by a router to the sender of an IP packet when a packet is being routed sub-optimally. The ICMP redirect informs the sending host to forward subsequent packets to that same destination through a different gateway. By default, an interface allows ICMP redirect messages.

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Step 2

Create and configure Prefix List for VRRP in a Policy Object Profile.

1. Choose the Prefix policy object from the Select Policy Object drop-down list.

2. Enter the Prefix List Name.

3. In the Internet Protocol field, click IPv4 or IPv6.

4. Under Add Prefix, enter the prefix for the list. Optionally, click the Choose a file link to import a prefix list.

5. Click Save.

   The following table describe the options for configuring the prefix.

   Table 1. Prefix List

   Field	Description
   Prefix List Name	Enter a name for the prefix list.
   Internet Protocol	Specifies the internet protocol. The options are IPv4 and IPv6.

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

Step 2

Click Device Templates, and click Create Template.

Step 3

From the Create Template drop-down list, choose From Feature Template.

Step 4

From the Device Model drop-down list, choose the type of device for which you are creating the template.

Step 5

To create a template for VPN 0 or VPN 512:

1. Click Transport & Management VPN or scroll to the Transport & Management VPN section.

2. Under Additional VPN 0 Templates, click Cisco VPN Interface Ethernet.

3. From the VPN Interface drop-down list, click Create Template. The Cisco VPN Interface Ethernet template form displays.

   This form contains fields for naming the template, and fields for defining the VPN Interface Ethernet parameters.

4. In Template Name, enter a name for the template. The name can be up to 128 characters and can contain only alphanumeric characters.

5. In Template Description, enter a description of the template. The description can be up to 2048 characters and can contain only alphanumeric characters.

Step 6

Configure the VPN ethernet interface parameters.

1. Configure basic interface functionality in a VPN.

   Parameter Name	IPv4 or IPv6	Options	Description
   Shutdown*	Click No to enable the interface.
   Interface name*	Enter a name for the interface. For Cisco IOS XE Catalyst SD-WAN devices, you must: Spell out the interface names completely (for example, GigabitEthernet0/0/0). Configure all the router's interfaces, even if you are not using them, so that they are configured in the shutdown state and so that all default values for them are configured.
   Description	Enter a description for the interface.
   IPv4 / IPv6	Click IPv4 to configure an IPv4 VPN interface. Click IPv6 to configure an IPv6 interface.
   Dynamic	Click Dynamic to set the interface as a Dynamic Host Configuration Protocol (DHCP) client, so that the interface receives its IP address from a DHCP server.
   	Both	DHCP Distance	Optionally, enter an administrative distance value for routes learned from a DHCP server. Default is 1.
   	IPv6	DHCP Rapid Commit	Optionally, configure the DHCP IPv6 local server to support DHCP Rapid Commit, to enable faster client configuration and confirmation in busy environments. Click On to enable DHCP rapid commit. Click Off to continue using the regular commit process.
   Static	Click Static to enter an IP address that doesn't change.
   	IPv4	IPv4 Address	Enter a static IPv4 address.
   	IPv6	IPv6 Address	Enter a static IPv6 address.
   Secondary IP Address	IPv4	Click Add to enter up to four secondary IPv4 addresses for a service-side interface.
   IPv6 Address	IPv6	Click Add to enter up to two secondary IPv6 addresses for a service-side interface.
   DHCP Helper	Both	To designate the interface as a DHCP helper on a router, enter up to eight IP addresses, separated by commas, for DHCP servers in the network. A DHCP helper interface forwards BootP (broadcast) DHCP requests that it receives from the specified DHCP servers.
   Block Non-Source IP	Yes / No	Click Yes to have the interface forward traffic only if the source IP address of the traffic matches the interface's IP prefix range. Click No to allow other traffic.

2. Configure a tunnel interface.

   Parameter Name	Description
   Tunnel Interface	Click On to create a tunnel interface.
   Color	Select a color for the TLOC.
   Color Description	Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.18.1 Enter a description associated to the TLOC color.
   Full Port Hop	Minimum release: Cisco Catalyst SD-WAN Manager Release 20.18.1 Enable full port hopping at the TLOC level to allow devices to establish connections with controllers by switching to the next port if the current port is blocked or non-functional. Default: Disabled
   Port Hop	Click On to enable port hopping, or click Off to disable it. If port hopping is enabled globally, you can disable it on an individual TLOC (tunnel interface). To control port hopping on a global level, use the System configuration template. Default: Enabled Cisco SD-WAN Manager and Cisco SD-WAN Controller default: Disabled Starting from Cisco Catalyst SD-WAN Manager Release 20.18.1, this field is deprecated. Instead use the Full Port Hop option. See the Full Port Hop field.
   TCP MSS	TCP MSS affects any packet that contains an initial TCP header that flows through the router. When configured, TCP MSS is examined against the MSS exchanged in the three-way handshake. The MSS in the header is lowered if the configured TCP MSS setting is lower than the MSS in the header. If the MSS header value is already lower than the TCP MSS, the packets flow through unmodified. The host at the end of the tunnel uses the lower setting of the two hosts. If the TCP MSS is to be configured, it should be set at 40 bytes lower than the minimum path MTU. Specify the MSS of TPC SYN packets passing through the Cisco IOS XE Catalyst SD-WAN device. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1460 bytes Default: None
   Clear-Dont-Fragment	Configure Clear-Dont-Fragment for packets that arrive at an interface that has Don't Fragment configured. If these packets are larger than what MTU allows, they are dropped. If you clear the Don't Fragment bit, the packets are fragmented and sent. Click On to clear the Dont Fragment bit in the IPv4 packet header for packets being transmitted out of the interface. When the Dont Fragment bit is cleared, packets larger than the MTU of the interface are fragmented before being sent. Note   Clear-Dont-Fragment clears the Dont Fragment bit and the Dont Fragment bit is set. For packets not requiring fragmentation, the Dont Fragment bit is not affected.
   Allow Service	Select On or Off for each service to allow or disallow the service on the interface.

   To configure additional tunnel interface parameters, click Advanced Options:

   Parameter Name	Description
   Carrier	Select the carrier name or private network identifier to associate with the tunnel. Values: carrier1, carrier2, carrier3, carrier4, carrier5, carrier6, carrier7, carrier8, default Default: default
   NAT Refresh Interval	Enter the interval between NAT refresh packets sent on a DTLS or TLS WAN transport connection. Range: 1 through 60 seconds Default: 5 seconds
   Hello Interval	Enter the interval between Hello packets sent on a DTLS or TLS WAN transport connection. Range: 100 through 10000 milliseconds Default: 1000 milliseconds (1 second)
   Hello Tolerance	Enter the time to wait for a Hello packet on a DTLS or TLS WAN transport connection before declaring that transport tunnel to be down. Range: 12 through 60 seconds Default: 12 seconds

3. Configure an interface as a NAT device.

   For information on how to configure NAT, see the Cisco Catalyst SD-WAN NAT Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x.

4. Configure the shaping rate for an interface and apply QoS map, rewrite rules, access lists, and policers to an interface.

   Parameter Name	Description
   Shaping rate	Configure the aggregate traffic transmission rate on the interface to be less than line rate, in kilobits per second (kbps).
   QoS Map	Specify the name of the QoS map to apply to packets being transmitted out the interface.
   Rewrite Rule	Click On, and specify the name of the rewrite rule to apply on the interface.
   Ingress ACL – IPv4	Click On, and specify the name of the access list to apply to IPv4 packets being received on the interface.
   Egress ACL – IPv4	Click On, and specify the name of the access list to apply to IPv4 packets being transmitted on the interface.
   Ingress ACL – IPv6	Click On, and specify the name of the access list to apply to IPv6 packets being received on the interface.
   Egress ACL – IPv6	Click On, and specify the name of the access list to apply to IPv6 packets being transmitted on the interface.
   Ingress Policer	Click On, and specify the name of the policer to apply to packets received on the interface.
   Egress Policer	Click On, and specify the name of the policer to apply to packets being transmitted on the interface.

5. Configure static ARP table entries on the interface.

   Parameter Name	Description
   IP Address	Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name.
   MAC Address	Enter the MAC address in colon-separated hexadecimal notation.

6. Configure VRRP to allow multiple routers to share a common virtual IP address for default gateway redundancy.

   Parameter Name	Description
   Group ID	Enter the virtual router ID, which is a numeric identifier of the virtual router. You can configure a maximum of 24 groups. Range: 1 through 255
   Priority	Enter the priority level of the router. There router with the highest priority is elected as primary VRRP router. If two routers have the same priority, the one with the higher IP address is elected as primary VRRP router. Range: 1 through 254 Default: 100
   Timer (milliseconds)	Specify how often the primary VRRP router sends VRRP advertisement messages. If subordinate routers miss three consecutive VRRP advertisements, they elect a new primary VRRP routers. Range: 100 through 40950 milliseconds Default: 1000 msecs Note   When the timer is 100 ms for the VRRP feature template on Cisco IOS XE Catalyst SD-WAN devices, the VRRP fails if the traffic is high on LAN interface. Use the 100 msec timer only if the Cisco IOS XE Catalyst SD-WAN device platform supports it, and if there are fewer tunnel groups.
   Track OMP​ Track Prefix List	By default, VRRP uses of the state of the service (LAN) interface on which it is running to determine which router is the primary virtual router. if a router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, configure one of the following: Track OMP—Click On for VRRP to track the Overlay Management Protocol (OMP) session running on the WAN connection. If the primary VRRP router loses all its OMP sessions, VRRP elects a new default gateway from those that have at least one active OMP session. Note   From Cisco Catalyst SD-WAN Manager Release 20.18.1, enabling Track OMP changes the device CLI command from vrrp track omp shutdown to vrrp track omp decrement 10 . Track Prefix List—Track both the OMP session and a list of remote prefixes, which is defined in a prefix list configured on the local router. If the primary VRRP router loses all its OMP sessions, VRRP failover occurs as described for the Track OMP option. In addition, if reachability to all of the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the routers determine the primary VRRP router.
   IP Address	Enter the IP address of the virtual router. This address must be different from the configured interface IP addresses of both the local router and the peer running VRRP.

7. Configure other advanced interface properties.

   Parameter Name	Description
   Duplex	Choose full or half to specify whether the interface runs in full-duplex or half-duplex mode. Default: full
   MAC Address	Specify a MAC address to associate with the interface, in colon-separated hexadecimal notation.
   IP MTU	Specify the maximum MTU size of packets on the interface. Range: 576 through 1804 Default: 1500 bytes
   PMTU Discovery	Click On to enable path MTU discovery on the interface. PMTU determines the largest MTU size that the interface supports so that packet fragmentation does not occur.
   Flow Control	Select a setting for bidirectional flow control, which is a mechanism for temporarily stopping the transmission of data on the interface. Values: autonet, both, egress, ingress, none Default: autoneg
   TCP MSS	Specify the maximum segment size (MSS) of TPC SYN packets passing through the router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1460 bytes Default: None
   Speed	Specify the speed of the interface for use when the remote end of the connection does not support autonegotiation. Values: 10, 100, 1000, or 10000 Mbps
   Clear-Dont-Fragment	Click On to clear the Don't Fragment (DF) bit in the IPv4 packet header for packets being transmitted out the interface. When the DF bit is cleared, packets larger than that interface's MTU are fragmented before being sent. Note   Clear-Dont-Fragment clears the DF bit when there is fragmentation needed and the DF bit is set. For packets not requiring fragmentation, the DF bit is not affected.
   Autonegotiation	Note   For releases before Cisco vManage Release 20.6.1, the default value of the field is On. To turn autonegotiation off, click Off. From Cisco vManage Release 20.6.1, the default behavior of the field is as follows: For the Gigabit Ethernet interface type, the Autonegotiation field is blank by default. However, the autonegotiation is set to On when the field is left blank. For other interface types such as Ten Gigabit Ethernet and Hundred Gigabit Ethernet, the Autonegotiation field is blank by default. To turn autonegotiation on or off, click On or Off respectively. From Cisco SD-WAN Manager Release 20.12.4: In the Cisco Catalyst 8300 Series devices, for the TenGigabitEthernet interface type, do not leave the Autonegotiation field blank.
   TLOC Extension	Enter the name of a physical interface on the same router that connects to the WAN transport. This configuration then binds this service-side interface to the WAN transport. A second router at the same site that itself has no direct connection to the WAN (generally because the site has only a single WAN connection) and that connects to this service-side interface is then provided with a connection to the WAN. Note that TLOC extension over L3 is only supported for Cisco IOS XE routers. If configuring TLOC extension over L3 for a Cisco IOS XE router, enter the IP address of the L3 interface.
   GRE Tunnel Source IP	Enter the IP address of the extended WAN interface.
   Xconnect (on IOS XE routers)	Enter the name of a physical interface on the same router that connects to the WAN transport.