You can configure the Interface settings for each Edge model. Each Interface on an Edge can be a Switch Port (LAN) or a Routed (WAN) Interface.
The Interface Settings options vary based on the Edge model. For more information on different Edge models and deployments, see Configure Device Settings.
Procedure
- In the Enterprise portal, click Configure > Profiles.
- Click the Device Icon next to a profile, or click the link to the profile, and then click the Device tab.
- Scroll down to the Device Settings section, which displays the existing Edge models in the Enterprise.
- Click the DOWN arrow next to an Edge model to view the Interface Settings for the Edge.
The Interface Settings section displays the existing interfaces available in the selected Edge model.
- Click the Edit option for an Interface to view and modify the settings.
- The following image shows the Switch Port settings of an Interface.
You can modify the existing settings as follows:
Option Description Interface Enabled This option is enabled by default. If required, you can disable the Interface. When disabled, the Interface is not available for any communication. Capability For a Switch Port, the option Switched is selected by default. You can choose to convert the port to a routed Interface by selecting the option Routed from the drop-down list. Mode Select the mode of the port as Access or Trunk port. VLANs For an Access port, select an existing VLAN from the drop-down list. For a Trunk port, you can select multiple VLANs and select an untagged VLAN.
L2 Settings Autonegotiate This option is enabled by default. When enabled, Auto negotiation allows the port to communicate with the device on the other end of the link to determine the optimal duplex mode and speed for the connection. Speed This option is available only when Autonegotiate is disabled. Select the speed that the port has to communicate with other links. By default, 100 Mbps is selected. Duplex This option is available only when Autonegotiate is disabled. Select the mode of the connection as Full duplex or Half duplex. By default, Full duplex is selected. MTU The default MTU size for frames received and sent on all switch interfaces is 1500 bytes. You can change the MTU size for an Interface. Click Update to save the settings. - The following image shows the Routed Interface settings.
You can modify the existing settings as follows:
Option Description Interface Enabled This option is enabled by default. If required, you can disable the Interface. When disabled, the Interface is not available for any communication. Capability For a Routed Interface, the option Routed is selected by default. You can choose to convert the Interface to a Switch Port by selecting the option Switched from the drop-down list. Segments By default, the configuration settings are applicable to all the segments. Addressing Type By default, DHCP is selected, which assigns an IP address dynamically. If you select Static or PPPoE, you should configure the addressing details for each Edge. WAN Overlay By default, this option is enabled with Auto-Detect Overlay. You can choose the User Defined Overlay and configure the Overlay settings. For more information, see Configure Edge WAN Overlay Settings. OSPF This option is enabled only when you have configured OSPF for the Profile. Select the checkbox and choose an OSPF from the drop-down list. Click toggle advance ospf settings to configure the Interface settings for the selected OSPF. For more information on OSPF settings, see Enable OSPF. VNF Insertion You must disable WAN Overlay and enable Trusted Source to allow VNF insertion. When you insert the VNF into Layer 3 interfaces or sub-interfaces, the system redirects traffic from the Layer 3 interfaces or subinterfaces to the VNF. Multicast This option is enabled only when you have configured multicast settings for the Profile. You can configure the multicast settings for the selected Interface. For more information, see Configure Multicast Settings at the Interface Level. RADIUS Authentication You must disable WAN Overlay to configure RADIUS Authentication. Select the checkbox to enable RADIUS Authentication on the Interface and add the MAC addresses that should not be forwarded to RADIUS for re-authentication. For more information, see Enabling RADIUS on a Routed Interface. Advertise Select the checkbox to advertise the Interface to other branches in the network. ICMP Echo Response Select the checkbox to enable the Interface to respond to ICMP echo messages. You can disable this option for the Interface, for security purposes. NAT Direct Traffic Select the checkbox to apply NAT to the network traffic sent from the Interface. Underlay Accounting This option is enabled by default. If a private WAN overlay is defined on the Interface, all underlay traffic traversing the interface will be counted against the measured rate of the WAN link to prevent over-subscription. If you do not want this behavior (for example, while using one-arm deployments), disable the option. Trusted Source Select the checkbox to set the Interface as a trusted source. Reverse Path Forwarding You can choose an option for Reverse Path Forwarding only when you have enabled Trusted Source. This option allows traffic on the interface only if return traffic can be forwarded on the same interface. This helps to prevent traffic from unknown sources (malicious traffic) on an enterprise network. If the incoming source is unknown, then the packet is dropped at ingress without creating flows. Select one of the following options from the drop-down list: - Disabled – Allows incoming traffic even if there is no matching route in the route table.
- Specific – This option is selected by default. The incoming traffic should match a specific return route on the incoming interface. If a specific match is not found, then the incoming packet is dropped. This is a commonly used mode on interfaces configured with public overlays and NAT.
- Loose – The incoming traffic should match any route(Connected/Static/Routed) in the routing table. This allows asymmetrical routing and is commonly used on interfaces that are configured without next hop.
VLAN Enter a VLAN ID for the Interface to support VLAN tagging over the port. This option is not available if you have chosen the Addressing Type as DHCP. L2 Settings Autonegotiate This option is enabled by default. When enabled, Auto negotiation allows the port to communicate with the device on the other end of the link to determine the optimal duplex mode and speed for the connection. Speed This option is available only when Autonegotiate is disabled. Select the speed that the port has to communicate with other links. By default, 100 Mbps is selected. Duplex This option is available only when Autonegotiate is disabled. Select the mode of the connection as Full duplex or Half duplex. By default, Full duplex is selected. MTU The default MTU size for frames received and sent on all routed interfaces is 1500 bytes. You can change the MTU size for an Interface. - Some of the Edge models support Wireless LAN. The following image shows WLAN Interface settings.
You can modify the settings as follows:
Option Description Interface Enabled This option is enabled by default. If required, you can disable the Interface. When disabled, the Interface is not available for any communication. VLAN Choose the VLAN to be used by the Interface. SSID Enter the wireless network name. Select the Broadcast checkbox to broadcast the SSID name to the surrounding devices.
Security Select the type of security for the Wi-Fi connection, from the drop-down list. The following options are available: - Open – No security is enforced.
- WPA2 / Personal – A password is required for authentication. Enter the password in the Passphrase field.
- WPA2 / Enterprise – A RADIUS server is used for authentication. You should have already configured a RADIUS server and selected it for the Profile and Edge.
To configure a RADIUS server, see Configure Authentication Services.
To select the RADIUS server for a Profile, see Configure Authentication Settings.
What to do next
When you configure the Interface Settings for a Profile, the settings are automatically applied to the Edges that are associated with the profile. If required, you can override the configuration for a specific Edge as follows:
- In the Enterprise portal, click Configure > Edges.
- Click the Device Icon next to an Edge, or click the link to an Edge and then click the Device tab.
- In the Device tab, scroll down to the Interface Settings section, which displays the interfaces available in the selected Edge.
- Click the Edit option for an Interface to view and modify the settings.
- Select the Override Interface checkbox to modify the configuration settings for the selected Interface.