Skip to main content

Wider Page

 

Bigger text

 

This chapter begins our deep-dive into the Cisco SD-WAN’s policy framework by exploring the centralized control policies. The chapter quickly goes through the different policy types and the structure of a control policy. Then immediately jumps into the following hands-on examples:

  • Lab#7.1: Controlling the topology - Transforming a full-mesh into a hub-and-spoke topology.
  • Lab#7.2: Traffic Engineering - A primary hub in a dual-homed data center.
  • Lab#7.3: Traffic Engineering - OMP Preference.
  • Lab#7.4: Traffic Engineering - Inbound vs. Outbound Control Policy.
  • Lab#7.5: Security - VPN Membership policy for Guest users
  • Lab#7.6: Security - Service Chaining
  • Lab#7.7: Security - Route Leaking
  • Lab#7.8: Controlling the topology - Per-VPN Topologies
  • Lab#7.9: OMP Routing - End-to-end Path Tracking
  • Lab#7.10: Controlling the topology - Dynamic On-demand Tunnels

Notice that we directly configure and edit centralized policies on the vSmart controller via CLI without using vManage. We want to focus on understanding how the different SD-WAN features and capabilities work and interact. We don’t want to concentrate on the GUI used to configure policies (Policy Groups, Topology, etc.). 

But why do we use the CLI instead of the GUI?

For me, the CLI is the foundational layer for understanding policies. The GUI is the scaling layer built on top of it. You cannot start directly from the GUI and expect to build strong fundamentals, because the GUI hides too much of the actual policy logic. If you first learn the CLI, you understand what the policy really does. After that, the GUI becomes much easier to master.

There is another reason as well. Cisco has changed the naming, layout, and structure of the vManage GUI several times already (UX1.0, UX2.0, etc.). Some policy terms and even the policy structure changed, too. On the other hand, the CLI remains much more stable and consistent.

In real deployments, however, you will most likely work mainly with the vManage GUI. That is why it is very useful, after each lab, to try building the same policy in vManage yourself.

Locked digital content

Digital Book Access

For now, the digital version of this book is available only to active subscribers and readers who own a paperback copy.

The ability to buy the digital copy directly is coming soon.

  • Subscribers can access the full digital version as part of their membership.
  • Paperback owners can access the digital version using the instructions provided in the book.