Introduction
This document describes how to configure TLOC Extension using vManage feature template.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Use of vManage Feature Template
- Two (2) vEdge devices must be successfully onboarded on vManage
Components Used
The information in this document is based on these software and hardware versions:
- Cisco vManage version 20.6.3
- vEdge 20.6.3
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Network Diagram
Network Topology
Configurations
This document assumes you already have the rest of the feature templates configured. The same feature template workflow applies for Cisco IOS® XE SD-WAN devices.
Create a total of 4 feature templates to apply to vEdge device template.
VPN Feature Template
This feature template includes VPN 0, VPN Interface Ethernet (Primary WAN connection), VPN Interface Ethernet (Tunnel/NoTlocExt), and VPN Interface Ethernet (TlocExt/NoTunnel):
VPN Feature Templates
Steps to create Feature Templates:
1. VPN 0: Select the specific device value for Transport VPN in basic configuration section and add DNS server address in DNS section:
VPN 0 Feature Template Basic Configuration
Add a prefix with specific device values for 2 next hop address (Primary WAN & TLOC-EXT) in IPv4 route section:
VPN 0 Feature Template IPv4 Route
VPN 0 Feature Template IPv4 Route Next Hop
2. VPN Interface Ethernet (Primary WAN Connection): Ensure interface is in no shutdown state. Select specific device values for interface name, description, and IP address:
Primary WAN Interface Feature Template Basic Configuration
Ensure Tunnel interface is set to ON. Select the specific device value for Primary WAN Color:
VPN 0 Feature Template Tunnel Interface
Ensure NAT is set to ON for public WAN interface:
VPN 0 Interface Template NAT
3. VPN Interface Ethernet (TLOC-EXT/NO Tunnel Interface): Make sure TLOC-Ext interface is in no shutdown state. Select the specific device values for interface, description, and IP address. Ensure Tunnel interface is set to Off:
TLOC-EXT/NO Tunnel Interface Basic configuration
Add TLOC-Ext interface in Advanced Section:
TLOC-Ext interface
4. VPN Interface Ethernet (Tunnel Interface/No Tloc-ext): Ensure interface is in no shutdown state. Select the specific device values for interface, description, and IP address:
Tunnel Interface/No Tloc-ext Basic configuration
Ensure tunnel interface is set to ON. Select the specific device value for Tloc-Ext color:
Tunnel Interface
Device Template
Steps to create the device template:
1. Create the device template from feature template:
Device template from Feature Template
2. Populate all the required feature templates:
Device Template details with feature templates basic configuration
Device Template details with feature templates Transport and Management
3. Attach both devices to the device template:
Attach devices to templates
4. Move both devices from available devices to selected devices tab:
Move devices from available to selected
5. Enter all the required details for both devices:
Site35_vEdge1
Update values 1
Site35_vEdge2
Update values 2
6. Verify the values selected are intended for these devices:
Site35_vEdge1
Configuration preview 1
Site35_vEdge2
Configuration preview 2
6. Finally, push these configuration to the device:
Confim configuration
The next output captures the running configuration for vpn 0 once template is pushed successfully:
Site35_vEdge1
Site35_vEdge1# show run vpn 0
vpn 0
interface ge0/0
ip address 10.201.237.120/24
ipv6 dhcp-client
nat
!
tunnel-interface
encapsulation ipsec
color private1
max-control-connections 1
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
description TunnelInterface_NoTLOCExt
ip address 192.168.30.4/24
tunnel-interface
encapsulation ipsec
color private2
max-control-connections 1
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/2
description TLOC_NoTunnelInterface
ip address 192.168.40.4/24
tloc-extension ge0/0
no shutdown
!
ip route 0.0.0.0/0 10.201.237.1
ip route 0.0.0.0/0 192.168.30.5
!
Site35_vEdge1#
Site35_vEdge2
Site35_vEdge2#
Site35_vEdge2#
Site35_vEdge2#
Site35_vEdge2# sh run vpn 0
vpn 0
interface ge0/0
ip address 10.201.237.66/24
ipv6 dhcp-client
nat
!
tunnel-interface
encapsulation ipsec
color private2
max-control-connections 1
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
description TLOC_NoTunnelInterface
ip address 192.168.30.5/24
tloc-extension ge0/0
no shutdown
!
interface ge0/2
description TunnelInterface_NoTLOCExt
ip address 192.168.40.5/24
tunnel-interface
encapsulation ipsec
color private1
max-control-connections 1
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.201.237.1
ip route 0.0.0.0/0 192.168.40.4
!
Site35_vEdge2#
Verification
1. The template is successfully attached to both devices:
Template push success
2. Control connection is up via Primary WAN and TLOC-Ext Interface:
Control connection verification 1
Control connection verification 2
Use Cases
Depending on local site design, TLOC Extension can also be implemented using L2 or L3 TLOC Extension.
1. L2 TLOC Extension: These extensions are in same broadcast domain or in same subnet.
2. L3 TLOC Extension: These extensions are separated by a L3 device and can run any routing protocol (is only supported on Cisco IOSXE SD-WAN devices)
Limitations
● TLOC and TLOC extension interfaces are supported only on L3 routed interfaces. L2 switchports/SVIs cannot be used as WAN/Tunnel interfaces and can only be used on the service side.
● LTE also is not used as a TLOC extension interface between WAN Edge routers.
● L3 TLOC extension is only supported on Cisco IOSXE SD-WAN routers and they are not supported on vEdge routers.
● TLOC extension does not work on transport interfaces which are bound to loopback tunnel interfaces.
Related Information