Tunnel Interface
|
Enable this option to create a tunnel interface.
|
Carrier
|
Choose the carrier name or private network identifier to associate with the tunnel.
Values: carrier1, carrier2, carrier3, carrier4, carrier5, carrier6, carrier7, carrier8, default
Default: default
|
Color
|
Choose a color for the TLOC.
|
Color Description
|
Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.18.1
Enter a description associated to the TLOC color.
|
Hello Interval
|
Enter the interval between Hello packets sent on a DTLS or TLS WAN transport connection.
Range: 100 through 600000 milliseconds
Default: 1000 milliseconds (1 second)
|
Hello Tolerance
|
Enter the time to wait for a Hello packet on a DTLS or TLS WAN transport connection before declaring that transport tunnel
to be down.
Range: 12 through 6000 seconds
Default: 12 seconds
|
Last-Resort Circuit
|
Enable this option to use the tunnel interface as the circuit of last resort.
|
Restrict
|
Enable this option to limit the remote TLOCs that the local TLOC can establish BFD sessions with. When a TLOC is marked as
restricted, a TLOC on the local router establishes tunnel connections with a remote TLOC only if the remote TLOC has the same
color.
|
Group
|
Enter a group number.
Range: 1 through 4294967295
|
Border
|
Enable this option to set the TLOC as a border TLOC.
|
Maximum Control Connections
|
Specify the maximum number of Cisco SD-WAN Controllers that the WAN tunnel interface can connect to. To have the tunnel establish no control connections, set the number to 0.
Range: 0 through 100
Default: 2
|
NAT Refresh Interval
|
Enter the interval between NAT refresh packets sent on a DTLS or TLS WAN transport connection.
Range: 1 through 60 seconds
Default: 5 seconds
|
Validator As Stun Server
|
Enable Session Traversal Utilities for NAT (STUN) to allow the tunnel interface to discover its public IP address and port
number when the Cisco IOS XE Catalyst SD-WAN device is located behind a NAT.
|
Exclude Controller Group List
|
Set the identifiers of one or more Cisco SD-WAN Controller groups that this tunnel is not allowed to connect to.
Range: 1 through 100
|
Manager Connection Preference
|
Set the preference for using a tunnel interface to exchange control traffic with Cisco SD-WAN Manager.
Range: 0 through 8
Default: 5
|
Full Port Hop
|
Minimum release: Cisco IOS XE Catalyst SD-WAN Release 17.18.1a
Enable full port hopping at the TLOC level to allow devices to establish connections with controllers by switching to the
next port if the current port is blocked or non-functional.
Default: Disabled
|
Port Hop
|
Enable port hopping. When a router is behind a NAT, port hopping rotates through a pool of preselected OMP port numbers (called
base ports) to establish DTLS connections with other routers when a connection attempt is unsuccessful. The default base ports
are 12346, 12366, 12386, 12406, and 12426. To modify the base ports, set a port offset value.
Default: Enabled
Starting from Cisco IOS XE Catalyst SD-WAN Release 17.18.1a, this field is deprecated. Instead use the Full Port Hop option. See the Full Port Hop field.
|
Low-Bandwidth Link
|
Enable this option to characterize the tunnel interface as a low-bandwidth link.
|
Tunnel TCP MSS
|
Specify the maximum segment size (MSS) of TPC SYN packets passing through the router. By default, the MSS is dynamically adjusted
based on the interface or tunnel MTU such that TCP SYN packets are never fragmented.
Range: 500 to 1460 bytes
Default: None
|
Clear-Dont-Fragment
|
Enable this option to clear the Don't Fragment (DF) bit in the IPv4 packet header for packets being transmitted out the interface.
When the DF bit is cleared, packets larger than the MTU of the interface are fragmented before being sent.
|
Network Broadcast
|
Enable this option to accept and respond to network-prefix-directed broadcasts.
|
Allow Service
|
Allow or disallow the following services on the interface:
-
All
-
BGP
-
DHCP
-
NTP
-
SSH
-
DNS
-
ICMP
-
HTTPS
-
OSPF
-
STUN
-
SNMP
-
NETCONF
-
BFD
|
Encapsulation
|
GRE
|
Use GRE encapsulation on the tunnel interface. By default, GRE is disabled.
If you select both IPsec and GRE encapsulations, two TLOCs are created for the tunnel interface that have the same IP addresses
and colors, but that differ by their encapsulation.
|
GRE Preference
|
Specify a preference value for directing traffic to the tunnel. A higher value is preferred over a lower value.
Range: 0 through 4294967295
Default: 0
|
GRE Weight
|
Enter a weight to use to balance traffic across multiple TLOCs. A higher value sends more traffic to the tunnel.
Range: 1 through 255
Default: 1
|
IPsec
|
Use IPsec encapsulation on the tunnel interface. By default, IPsec is enabled.
If you select both IPsec and GRE encapsulations, two TLOCs are created for the tunnel interface that have the same IP addresses
and colors, but that differ by their encapsulation.
|
IPsec Preference
|
Specify a preference value for directing traffic to the tunnel. A higher value is preferred over a lower value.
Range: 0 through 4294967295
Default: 0
|
IPsec Weight
|
Enter a weight to use to balance traffic across multiple TLOCs. A higher value sends more traffic to the tunnel.
Range: 1 through 255
Default: 1
|