Cisco SD-WAN Command Reference Americas Headquarters Cisco Systems, Inc
Total Page:16
File Type:pdf, Size:1020Kb
Cisco SD-WAN Command Reference Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2019–2021 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Read Me First 1 Read Me First 2 CHAPTER 2 What's New for Cisco IOS XE (SD-WAN) and Cisco SD-WAN 3 What's New in Cisco IOS XE (SD-WAN) and Cisco SD-WAN Releases 4 CHAPTER 3 Command-Line Interface 5 CLI Configuration Commands 6 CLI Operational Commands 7 CLI Overview 8 CHAPTER 4 Configuration Commands 19 Configuration Commands 28 Overview of Configuration Commands 29 aaa 30 access-list 34 access-list 36 accounting-interval 38 acct-req-attr 40 action 42 action 57 address-family 59 address-pool 62 admin-auth-order 63 admin-state 65 admin-tech-on-failure 67 Cisco SD-WAN Command Reference iii Contents advertise 68 age-time 70 allow-local-exit 72 allow-same-site-tunnels 73 allow-service 75 api-key 78 app-probe-class 79 app-route-policy 80 app-visibility 82 applications 84 apply-policy 86 archive 90 area 92 arp 94 arp-timeout 96 auth-fail-vlan 97 auth-fallback 99 auth-order 101 auth-order 102 auth-reject-vlan 105 auth-req-attr 107 authentication 109 authentication-type 111 authentication-type 113 auto-cost reference-bandwidth 116 auto-sig-tunnel-probing 118 auto-rp 119 autonegotiate 120 bandwidth-downstream 122 bandwidth-upstream 124 banner login 126 banner motd 128 best-path 130 bfd app-route 132 Cisco SD-WAN Command Reference iv Contents bfd color 134 bfd app-route color 137 bgp 138 bind 140 block-icmp-error 142 block-non-source-ip 144 bridge 145 capability-negotiate 147 carrier 148 cellular 150 cflowd-template 152 channel 154 channel-bandwidth 156 cipher-suite 158 class-map 160 clear-dont-fragment 162 clock 163 cloud-qos 164 cloud-qos-service-side 167 cloudexpress 170 collector 171 color 173 community 176 compatible rfc1583 178 connections-limit 180 console-baud-rate 182 contact 183 container 184 control 185 control-connections 186 control-direction 188 control-policy 190 control-session-pps 191 controller-group-id 192 Cisco SD-WAN Command Reference v Contents controller-group-list 193 controller-mode 195 controller-send-path-limit 196 cost 197 country 198 crypto pki trustpoint 200 crypto pki authenticate 202 crypto pki enroll 204 crypto pki import 206 das 207 data-policy 210 data-security 213 dead-interval 215 dead-peer-detection 217 default-action 219 default-information originate 222 default-vlan 224 description 226 device-groups 227 dhcp-helper 228 dhcp-server 230 dialer down-with-vInterface 232 direction 233 discard-rejected 235 distance 236 distance 238 dns 240 domain-id 241 dot1x 242 duplex 247 ebgp-multihop 249 ecmp-hash-key 251 ecmp-limit 252 eco-friendly-mode 253 Cisco SD-WAN Command Reference vi Contents eigrp 254 encapsulation 256 exclude 259 exclude-controller-group-list 261 flow-active-timeout 263 flow-control 265 flow-inactive-timeout 266 flow-sampling-interval 268 flow-visibility 270 gps-location 271 graceful-restart 272 group 273 group 275 group 276 guard-interval 277 guest-vlan 279 hello-interval 281 hello-interval 283 hello-interval 285 hello-tolerance 287 hold-time 289 host 291 host-mode 293 host-name 295 host-policer-pps 296 icmp-error-pps 297 icmp-redirect-disable 298 idle-timeout 299 igmp 300 ike 302 implicit-acl-logging 304 interface 306 interface 311 interface 314 Cisco SD-WAN Command Reference vii Contents interface 316 interface 318 interface 320 interface gre 322 interface ipsec 324 interface irb 327 interface ppp 329 integrity-type 331 ip address 332 ip address-list 334 ip dhcp-client 336 ip gre-route 338 ip ipsec-route 340 ip route 342 ip secondary-address 344 ipsec 346 ipsec 347 iptables-enable 348 ipv6 address 349 ipv6 dhcp-client 351 ipv6 route 353 join-group 355 join-prune-interval 357 keepalive 359 last-resort-circuit 361 lease-time 363 lists 365 local-interface-list 374 location 375 location 377 log-frequency 378 log-translations 380 logging disk 382 logging host 388 Cisco SD-WAN Command Reference viii Contents logging tls-profile 390 logging server 391 logs 394 low-bandwidth-link 396 mac-accounting 398 mac-address 399 mac-authentication-bypass 400 match 402 match 405 max-clients 416 max-control-connections 418 max-controllers 420 max-leases 421 max-macs 422 max-metric 423 max-omp-sessions 425 mgmt-security 427 mirror 429 mode 431 mtu 432 multicast-buffer-percent 434 multicast-replicator 435 name 437 name 438 nas-identifier 439 nas-ip-address 441 nat 443 nat-refresh-interval 445 natpool 447 neighbor 448 network 450 next-hop-self 452 node-type 453 nssa 455 Cisco SD-WAN Command Reference ix Contents ntp 457 offer-time 460 omp 462 on-demand enable 464 on-demand idle-timeout 465 options 466 organization-name 468 orgid 469 ospf 470 ospfv3 authentication 472 overlay-as 474 overload 475 parameter-map type umbrella global 477 parent 478 passive-interface 480 password 481 peer 483 perfect-forward-secrecy 485 pim 487 pmtu 488 policer 489 policy 493 policy ipv6 500 port-forward 502 port-hop 504 port-offset 506 port-scan 508 ppp 510 pppoe-client 512 priority 514 probe 516 probe-path branch 518 probe-path gateway 519 profile 520 Cisco SD-WAN Command Reference x Contents profile 523 propagate-aspath 525 propagate-community 526 qos-map 527 qos-scheduler 529 radius 532 radius-servers 536 range 540 reauthentication 541 redistribute 543 refresh 546 rekey 548 rekey 550 remote-as 552 replay-window 553 replay-window 555 replicator-selection 556 respond-to-ping 557 retransmit-interval 559 rewrite-rule 561 route-consistency-check 563 route-export 564 route-import 565 route-map 566 route-policy 568 router 570 router-id 572 router-id 573 secret 574 security 575 send-community 576 send-ext-community 577 send-path-limit 578 sense level 579 Cisco SD-WAN Command Reference xi Contents service 581 service-insertion appnav-controller-group appqoe 585 service-insertion service-node-group appqoe 587 set ip next-hop verify-availability 588 set platform software trace 590 shaping-rate 592 shutdown 594 site-id 596 sla-class 597 snmp 599 sp-organization-name 600 speed 601 spt-threshold 603 ssid 604 static 606 static-ingress-qos 609 static-lease 610 stub 612 system 613 system-ip 617 system-tunnel-mtu 619 system patch-confirm 620 table-map 621 tacacs 622 tcp-mss-adjust 625 tcp-optimization 627 tcp-optimization-enabled 628 tcp-syn-flood-limit 629 tcp-timeout 631 technology 633 template-refresh 635 timeout inactivity 637 timer 639 timers 641 Cisco SD-WAN Command Reference xii Contents timers 643 timers 645 tloc-extension 648 tloc-extension-gre-from 650 tloc-extension-gre-to 652 track 654 track-default-gateway 656 track-interface-tag 657 track-list 659 track-transport 661 tracker 662 trap group 665 trap target 668 tunnel-destination 670 tunnel-destination 672