Manuals+

Managing the SD-Routing Device Using Cisco SD-WAN Manager

Information About Using Cisco SD-WAN Manager to Monitor the SD-Routing Devices

This feature enables basic management capabilities for Cisco IOS XE devices operating in non-SD-WAN mode, referred to as SD-Routing devices from Cisco IOS XE 17.12.1a onwards. Cisco SD-WAN Manager serves as a single network management system (NMS) for managing and monitoring all Cisco IOS XE routers, simplifying solution deployments.

Note: The minimum software version required is Cisco IOS XE 17.12.1a and Cisco SD-WAN Release 20.12.1.

Figure 1 illustrates the concept of managing SD-Routing Devices.

Benefits of Managing the SD-Routing Devices Using Cisco SD-WAN Manager

Prerequisites

To onboard SD-Routing devices, the following prerequisites must be met:

Limitations

Onboarding the SD-Routing Devices

This section details the workflows for onboarding SD-Routing devices, including Automated Onboarding, Bootstrap Onboarding, and Manual Onboarding.

Figure 2 shows the Cisco SD-Routing Devices Onboarding Options.

Supported WAN Edge Devices

The following table lists the supported WAN Edge platforms and their available onboarding options:

Platforms Automated Bootstrap Manual
Cisco ASR 1000 Series Aggregation Services Routers
ASR1001-HX Yes Yes Yes
ASR1002-HX Yes Yes Yes
Cisco 4400 Series Integrated Services Routers
Cisco 4431 ISR Yes Yes Yes
Cisco 4451 ISR Yes Yes Yes
Cisco 4461 ISR Yes Yes Yes
Cisco 4300 Series Integrated Services Routers
Cisco 4321 ISR Yes Yes Yes
Cisco 4331 ISR Yes Yes Yes
Cisco 4351 ISR Yes Yes Yes
Cisco 4200 Series Integrated Services Routers
Cisco 4221 ISR Yes Yes Yes
Cisco 100 Series Integrated Services Routers
Cisco 1000 ISR Yes Yes Yes
Cisco Catalyst 8000V Series Edge Platforms
Cisco Catalyst 8000V Not applicable Yes Yes
Note: Automated onboarding is applicable only for hardware devices.
Cisco Catalyst 8200 Series Edge Platforms
C8200-1N-4T Yes Yes Yes
C8200L-1N-4T Yes Yes Yes
Cisco Catalyst 8300 Series Edge Platforms
C8300-1N1S-4T2X|6T Yes Yes Yes
C8300-2N2S-4T2X|6T Yes Yes Yes
Cisco Catalyst 8500 Series Edge Platforms
C8500-12X4QC Yes Yes Yes
C8500-12X Yes Yes Yes
C8500L-8S4X Yes Yes Yes
C8500-20X6C Yes Yes Yes

Onboarding the SD-Routing Devices Using Automated Workflow (Greenfield)

To onboard SD-routing devices using the automated workflow, follow these steps:

Configuring the Plug and Play Connect Portal

To configure the PnP Connect portal:

Before you begin: Ensure an active connection to the PnP Connect portal, an active Smart Account, and Virtual Account. Use a CCO ID associated with the Smart Account or Virtual Account admin.

  1. Go to software.cisco.com > Network Plug and Play > Manage Devices and verify access to Smart Account and Virtual Account.
  2. Create a Controller Profile and upload the root-CA if it is for an Enterprise network. (If the overlay network is Cisco PKI, no certificate upload is needed).
  3. Enter the Controller Profile with controller type as VBond and click Next.
  4. Enter the required parameters in the Add Controller Profile and click Next.
  5. Add the device to PnP Connect. In the Device Mode field, select AUTONOMOUS for devices in SD-Routing mode from the drop-down list.

Note: PnP Connect Sync can only be enabled after entering Smart Account credentials.

Configuring Cisco SD-WAN Manager Using Quick Connect Workflow

To configure Cisco SD-WAN Manager using the Quick Connect workflow:

  1. From the Cisco SD-WAN Manager menu, navigate to Workflows > Quick Connect.
  2. Click Get Started.
  3. Click Next.
  4. If the provisioning file (.csv or .viptela from PnP) has not been uploaded to Cisco SD-WAN Manager, use either .csv upload, .viptela upload, or the Sync Smart Account option to add the device. If the device is already added, select the skip for now option.
  5. Click Sync Smart Account. The device should appear in the table.
  6. Click Next.
  7. In the Add and Review Device Configuration dialog box, enter the Site-ID, System-IP, and Hostname, then click Apply.
  8. Click Next.
  9. Add any optional tags and click Next.
  10. To verify the added device, navigate to Configuration > Devices and click enable Device Model in Table Settings.
  11. A list of routers with detailed information is displayed. To confirm devices are added, select Configuration > Certificates.

Note: The .csv file is applicable only for hardware devices. The .viptela file is applicable for both hardware and software devices.

Bringing Up the SD-Routing Device

To bring up the SD-Routing device:

  1. Bring up the device in Day-0 state. If not in Day-0 state, use controller-mode reset or writer erase with reload to bring it to Day-0 state.
  2. Ensure the device obtains an IP address via DHCP on an interface other than GigabitEthernet0. Verify reachability to devicehelper.cisco.com and the Cisco SD-WAN Validator.
  3. The device control connection will establish with Cisco SD-WAN Manager.
  4. Verify the control connection status on the Edge device using the show sd-routing connections summary command. The output shows peer details, protocol, system IP, site ID, and connection state.
  5. Verify the control connection status on Cisco SD-WAN Manager.

Onboarding the SD-Routing Devices Using Bootstrap (Brownfield)

To onboard an SD-Routing device using bootstrap:

  1. From the Cisco SD-WAN Manager menu, navigate to Workflows > Quick Connect.
  2. Click Get Started.
  3. Click Next.
  4. If the provisioning file (.csv or .viptela from PnP) has not been uploaded to Cisco SD-WAN Manager, use either .csv upload, .viptela upload, or the Sync Smart Account option to add the device. If the device is already added, select the skip for now option.
  5. Select the device to onboard and click Next.
  6. In the Add and Review Configuration dialog box, enter the Site-ID, System-IP, and Hostname, then click Apply.
  7. To verify the added device, navigate to Configuration > Devices or Configuration > Certificates and click enable Device Model in Table Settings.
  8. Ensure the device is in a valid state from the Configuration > Certificate page.
  9. From the Cisco SD-WAN Manager menu, choose Configuration > Devices.
  10. For Cisco SD-Routing software devices (Cisco c8000V), generate the bootstrap configuration and onboard the device:
    • Click ... in the right pane and choose Generate Bootstrap Configuration.
    • Choose the Cloud-init option and enter a name for the VPN0 Interface, then click OK. (Ensure DHCP is enabled on the selected interface and it is reachable to Cisco SD-WAN Validator and Cisco SD-WAN Manager. For software devices, use only GigabitEthernet1 as the VPN0 interface).
    • Click Download to download the image. Sample images: ciscosdwan_cloud_init.cfg, ciscosdwan_cloud_init_with_ent_cert.cfg.
    • For cloud-based controllers, the downloaded bootstrap file can be added as a user data field during device deployment, bringing up the controller in SD-Routing mode and establishing connections.
  11. For hardware devices, generate the bootstrap and onboard the device:
    • Click Export Bootstrap Configuration.
    • Select the SD-Routing checkbox. In the Export Bootstrap Configuration dialog box, enter the WAN Interface name. (The VPN 0 interface name may vary; specify based on the model).
    • Click Generate Generic Configuration to download the generic .cfg bootstrap file applicable for hardware devices and rename it as ciscosdawn.cfg. (Ensure DHCP is enabled on the selected interfaces and they are reachable to Cisco SD-WAN Validator and Cisco SD-WAN Manager). The bootstrap file contains organization name, Cisco SD-WAN validator IP, and root-CA certificates.
    • Copy the bootstrap file to the device bootflash as ciscosdwan.cfg.
    • Execute the command: sd-routing bootstrap load bootflash:ciscosdwan.cfg. The command output confirms extraction and prompts for application.
    • Verify control connection using show sd-routing system status, show sd-routing system status, and show sd-routing local-properties summary commands.

Note: The .csv file is applicable only for hardware devices. The .viptela file is applicable for both hardware and software devices.

Onboarding the Devices Manually (Brownfield)

To onboard SD-Routing devices manually:

  1. From the Cisco SD-WAN Manager menu, navigate to Workflows > Quick Connect.
  2. Click Get Started.
  3. Click Next.
  4. If the provisioning file (.csv or .viptela) from PnP has not been uploaded to Cisco SD-WAN Manager, use either .csv upload, .viptela upload, or the Sync Smart Account option to add the device. If the device is already added, select the skip for now option.
  5. Select the device to onboard and click Next.
  6. In the Add and Review Configuration dialog box, enter the Site-ID, System-IP, and Hostname, then click Apply.
  7. To verify the device, navigate to Configuration > Devices and click enable Device Model in Table Settings.
  8. A list of routers is displayed. To verify devices are added, select Configuration > Certificates.
  9. Perform one of the following based on the device type:
    • For hardware devices, enter initial day-0 configurations using IOS commands after a system boot up.
    • For Cisco SD-Routing software devices, deploy the Cisco c8000v in AWS or Azure without the bootstrap.
  10. Configure minimum parameters to enable the control connection on Cisco SD-WAN Manager. Example configuration includes enabling netconf-yang, sd-routing, setting organization-name, site-id, system-ip, vbond IP and port, and WAN-interface, along with IP routing.
  11. Configure required parameters to enable SD-Routing mode: Ensure the interface is configured with a static IP or DHCP, is in a no-shutdown state, and configure Validator IP or Name, System-IP, Site-ID, Organization-Name, and WAN-Interface.
  12. Verify feature enablement by checking the status of the vdaemon process using commands like show platform software yang-management process state and show platform software process list r0 name vdaemon.
  13. If the overlay network is for an enterprise, install root certificates using request platform software sd-routing root-cert-chain install bootflash:cacert.pem. For Cisco PKI, this step is not needed.
  14. Perform one of the following based on the device:
    • For Cisco 8000v devices, copy the root certificate from the CA to the device.
    • Cisco devices are loaded with PKI and symantec root-certificates by default. For enterprise root-certificates, use request platform software sd-routing root-cert-chain install <path-to-root-cert>.
  15. Install client enterprise certificates (applicable for manually onboarding software devices).
  16. Generate a Certificate Signed Request (CSR) using request platform software sd-routing csr upload <path-to-create-csr>.
  17. Copy the generated CSR file to the Enterprise CA directory, sign the certificate using the root key and root CA certificate, and generate the pem certificate file.
  18. Copy the generated certificate.pem file to the device and install it using request platform software sd-routing certificate install <path-to-certificate-file>.
  19. Verify the installation status of the certificates using show sd-routing local-properties summary. The output shows certificate status, validity, and details like DNS name, site-ID, system-IP, chassis number, and serial number.
  20. Onboard the device on Cisco SD-WAN Manager. When installing the client certificate, ensure the Chassis number and Serial number are obtained (using show sd-routing local-properties summary or show sd-routing certificate serial) and uploaded to Cisco SD-WAN Manager WAN Edge List using vedge add chassis-num <Chassis id> org-name <Org Name> serial-num <Serial number> on all controllers, or by creating and uploading a .viptela file.
  21. Verify the control connection status on Cisco SD-WAN Manager using show sd-routing connections summary.

Note: The .csv file is applicable only for hardware devices. The .viptela file is applicable for both hardware and software devices.

Onboarding the Device to Cisco SD-WAN Manager Using One Touch Provisioning

To perform one-touch provisioning:

Before you begin:

One-touch provisioning eliminates the need to add WAN Edge devices to Cisco SD-WAN Manager via .csv, .viptela, or sync smart account. It also bypasses the manual or bootstrap configuration for SD-routing mode when the device is not added to Cisco SD-WAN Manager.

  1. From the Cisco SD-WAN Manager menu, navigate to Administration > Settings and enable One Touch Provisioning.
  2. Check if One Touch Provisioning is Enabled. If yes, proceed to Step 5.
  3. If One Touch Provisioning is Disabled, click Edit.
  4. Set the Enable Claim WAN Edges setting to Enabled and click Save.
  5. Go to Configuration > Devices > Unclaimed Devices.
    • Select the device(s) to claim and click Claim Device(s).
    • The device is removed from the Unclaimed Devices List and appears in the WAN Edge List.
  6. Verify the device status using show sd-routing system status and show sd-routing local-properties summary commands.

Unprovisioning the Feature

To unprovision the feature:

  1. Remove the SD-Routing feature configuration from the device.
  2. Invalidate the device (refer to step 4 in the "Onboarding the Devices Manually (Brownfield)" section).
  3. Delete the device from Cisco SD-WAN Manager: Navigate to Configuration > Devices, select the device from the WAN Edge List, click Delete WAN Edge, and confirm the deletion.

Note: Disabling the feature deletes all certificates. Backup and reinstall certificates upon re-enabling.

Software Image Management

Cisco SD-WAN Manager supports uploading prepackaged Cisco virtual machine images, tar.gz files, or qcow2 format images. A scaffold file is mandatory for qcow2 images. Cisco SD-WAN Manager communicates with NETCONF, a standard protocol for retrieving operational data and editing configuration data.

The upgrade workflow for SD-Routing devices is similar to Controller mode workflows.

Note: The minimum software version required is Cisco IOS XE 17.12.1a.

Software Upgrade Using CLI

To upgrade the software using CLI:

Before you begin:

  1. Download the Cisco IOS XE Release 17.12 image from software.cisco.com.
  2. Upload the image to the device.
  3. Install the new software using the install add file <bootflash:/file name> activate commit command and activate it.
  4. Verify the upgrade using the install commit command.

Note: This is an interactive command that prompts for review and acceptance. It fails if unsaved configuration exists; use write memory and reinstall software.

Add Software Images to the Repository

To upgrade software on an SD-Routing device or Cisco SD-WAN Manager, add the software image to the Cisco SD-WAN Manager software repository. Refer to the "Manage Software Repository" section of the Cisco SD-WAN Monitor and Maintain Configuration Guide for details.

Software Upgrade Using Cisco SD-WAN Manager

To upgrade the software image on a device:

Before you begin:

  1. From the Cisco SD-WAN Manager menu, navigate to Maintenance > Software Upgrade.
  2. Click WAN Edge, Controller, or vManage based on the device type.
  3. Select the devices to upgrade by checking the box on the far left. (For clusters, select all nodes).
  4. Click Upgrade.
  5. In the Software Upgrade slide-in pane:
    • Choose the server (vManage, Remote Server, or Remote Server - vManage) from which the device should download the image. Ensure the device can reach the remote server if selected. Note valid characters for User ID, Password, and URL Name/Path when using a remote server.
    • For SD-WAN Manager, select the image version from the Version drop-down list.
    • For Remote Server - SD-WAN Manager, choose the vManage OOB VPN and the image version.
    • Check the Activate and Reboot checkbox. (This option is not available for Cisco SD-WAN Manager software upgrades; activation and reboot must be done manually).
    • Click Upgrade.
  6. The device restarts with the new software version, retaining its configuration. The Task View page shows the upgrade progress.
  7. Wait for the upgrade to complete (indicated by "Success" in the Status column).
  8. Verify the upgrade by navigating to Maintenance > Software Upgrade and confirming the Current Version and Reachability columns.

Note: If the control connection does not re-establish within the timeout, the device reverts to the previous software image. Upgrading VEdge software to a version higher than the controller may cause incompatibilities; upgrade controller software first.

Delete a Software Image

To delete a software image from an SD-Routing device:

  1. Navigate to Maintenance > Software Upgrade.
  2. Click WAN Edge, Controller, or Cisco SD-WAN Manager.
  3. Select the device(s) from which to delete a software image.
  4. Click Delete Available Software.
  5. Choose the software version to delete in the dialog box and click Delete.

View Log of Software Upgrade Activities

  1. From the Cisco SD-WAN Manager toolbar, click the Tasks icon.
  2. Click the Arrow icon to view task details, including status and device-specific information.

Monitoring the Device Using Cisco SD-WAN Manager

The Monitor window provides a consolidated, real-time view of monitoring components and services for Cisco SD-Routing devices. Monitoring options include SSH Terminal, Ping, and Traceroute. System status information can be collected into a compressed .tar file.

Controller-managed mode enables this feature by default.

Monitoring the Device Using SSH

To establish an SSH connection for monitoring:

  1. From the Cisco SD-WAN Manager menu, navigate to Monitor > Devices.
  2. Select a device from the list.
  3. For a single device, click ... and choose SSH Terminal. Alternatively, go to Tools > SSH Terminal.
  4. Enter the password twice to establish the connection.
  5. Execute show commands in the terminal to monitor the device.

Pinging the Device

To ping a device:

  1. From the Cisco SD-WAN Manager menu, navigate to Monitor > Devices.
  2. Select a device from the list.
  3. For a single device, click ... and choose Ping.
  4. Enter the destination IP address on the Monitor page.
  5. Click Ping. Results are displayed below.

Tracing the Route

To trace the route to a device:

  1. From the Cisco SD-WAN Manager menu, navigate to Monitor > Devices.
  2. Select a device from the list.
  3. For a single device, click ... and choose Trace Route.
  4. Enter the destination IP address on the Trace Route page.
  5. Click Start to trace the route.

Alarms and Events

Devices report events to Cisco SD-WAN Manager, which filters, correlates, and consolidates them into alarms. The Alarms screen displays detailed information about alarms generated by SD-Routing devices.

Monitoring the Alarms and Events

Alarms can be viewed from the Cisco SD-WAN Manager dashboard (Bell icon) or the Alarms screen (Monitor > Alarms). Alarms are grouped into Active or Cleared and default to the last 24 hours. Click ... for an alarm and then Alarm Details to view probable cause, impacted entities, and other details.

Admin-Tech Files

Admin-tech files, collections of system status information for troubleshooting, can be viewed and managed. You can generate these files and download them to your local device.

Requesting the Admin-tech File Using Cisco SD-WAN Manager

To request an Admin-tech file:

  1. From the Cisco SD-WAN Manager menu, navigate to Tools > Operational Commands.
  2. For a single device, click ... and choose Generate Admin Tech.
  3. In the Generate admin-tech File window, optionally limit contents:
    • Uncheck Include Logs to omit log files.
    • Check Include Cores to include core files (stored in bootflash:/core or harddisk:/core).
    • Check Include Tech to include device process details, memory, and operations.
  4. Click Generate. The file is named hostname-date-time-admin-tech.tar.gz.
  5. To view generated files, navigate to Tools > Operational Commands > Show Admin Tech List.

Requesting the Admin-tech File Using CLI

Use the request tech-support command to generate the admin-tech file. The output shows the collection process and the final bundle file path.

Monitoring the Real Time Data

To view real-time data for a device:

  1. From the Cisco SD-WAN Manager menu, navigate to Monitor > Devices.
  2. Select a device from the list.
  3. For a single device, click ... and choose Real Time.
  4. Select the category of data from the Device Options drop-down list. Results are displayed.

Configuration Examples

This section provides configuration examples.

Example: Enabling Control Connection to Cisco SD-WAN Manager

Configuration commands to enable control connection:

(config)
sd-routing
(config-sd-routing)
system-ip 172.16.255.15
(config-sd-routing)
organization-name viptela
(config-sd-routing)
vbond ip 10.0.12.26
(config-sd-routing)
site-id 500
(config-sd-routing)
wan-interface GigabitEthernet2

Example: Verification of Enable Control Connection

Use the show platform software yang-management process state command to check the connection status. The output indicates the status of various processes like nesd, syncfd, ncsshd, dmiauthd, nginx, ndbmand, and pubd.

Use the show platform software process list r0 name vdaemon command to check the vdaemon status, showing details like Process ID, Parent Process ID, Status, User Time, Kernel Time, etc.

Example: Installing the Root Certificate

Command to install the root certificate:

Device# request platform software sd-routing root-cert-chain install bootflash:root-ca.crt

Example: Verifying the Root Certification Installation

Use the show sd-routing local-properties summary command to check the root certificate installation status. The output includes details like personality, organization-name, root-ca-chain-status, certificate-status, certificate-validity, system-ip, chassis-num/unique-id, and serial-num.

Troubleshooting

This section provides commands for troubleshooting common issues when managing and monitoring SD-Routing devices using Cisco SD-WAN Manager:

Feature Information for Managing SD-Routing Devices Using vManage

The following table provides release information for the feature described in this module. It lists the software release that introduced support for the feature. Subsequent releases of that train also support the feature unless noted otherwise. Use Cisco Feature Navigator for platform and software image support information.

Feature Name Releases Feature Information
Managing SD-Routing Devices Using Cisco SD-WAN Manager Cisco IOS XE Release 17.12.1a This feature allows management operations for SD-Routing devices using Cisco SD-WAN Manager. It simplifies solution deployments by providing a single NMS for monitoring all SD-Routing devices.

File Info : application/pdf, 26 Pages, 1.36MB

PDF preview unavailable. Download the PDF instead.

managing-the-device-using-vmanage

References

DITA Open Toolkit XEP 4.30.961; modified using iText 2.1.7 by 1T3XT

Related Documents

Preview Managing SD-Routing Devices with Cisco SD-WAN Manager Guide
A comprehensive guide detailing how to manage and monitor SD-Routing devices using Cisco SD-WAN Manager, covering onboarding, configuration, and troubleshooting for enterprise networks.
Preview Cisco DNA Software for SD-WAN and Routing Ordering Guide
This guide provides comprehensive instructions for ordering Cisco DNA Software subscriptions for SD-WAN and Routing. It covers platform selection, software types, subscription tiers, bandwidth entitlements, and the ordering process, including smart account and virtual account setup, as well as services and security features.
Preview Cisco Product Catalog Vol. 9 - 2016 Autumn/Winter Edition
Explore the latest Cisco networking products, including the Cisco Catalyst 2960-L series switches, designed to transform wired network edges. This catalog covers switches, wireless access points, routers, security appliances, and Meraki solutions for businesses of all sizes.
Preview Cisco Catalyst SD-WAN Control Components Compatibility Matrix Release 20.12.x
This document provides a compatibility matrix for Cisco Catalyst SD-WAN Control Components, Release 20.12.x, detailing compatible software versions for various Cisco routing platforms and virtual platforms.
Preview Configure NAT66 on Cisco Catalyst SD-WAN: A Comprehensive Guide
This guide details configuring NAT66 Direct Internet Access (DIA) on Cisco Catalyst SD-WAN, covering its benefits, restrictions, and step-by-step configuration using templates and CLI.
Preview Cisco IOS XE Catalyst SD-WAN Release 17.7.x Release Notes
Detailed release notes for Cisco IOS XE Catalyst SD-WAN Release 17.7.x, covering new features, enhancements, behavior changes, and resolved/open bugs for Cisco SD-WAN devices.
Preview Cisco Unified Border Element Configuration Guide Through Cisco IOS XE 17.5
A comprehensive guide to configuring the Cisco Unified Border Element (CUBE) using Cisco IOS XE 17.5, covering SIP, H.323, codecs, call admission control, media path, and other essential features for enterprise voice and video communication.
Preview Cisco TrustSec Integration Guide for SD-WAN
This guide details the integration of Cisco TrustSec with Cisco SD-WAN, focusing on Security Group Tag (SGT) propagation using inline tagging and SXP. It covers configuration, supported hardware, and best practices for network segmentation and security.