You are currently viewing SD-WAN Command Cheat Sheet

SD-WAN Command Cheat Sheet

SD-WAN Command Cheat Sheet

In today’s interconnected networks, SD-WAN (Software-Defined Wide Area Network) technology is essential for ensuring optimized and secure connectivity. However, navigating the command line for configuring, monitoring, and troubleshooting SD-WAN can be daunting, especially with a multitude of commands available. Here is a comprehensive SD-WAN command cheat sheet designed to simplify your management tasks.

Introduction to SD-WAN

With SD-WAN, organizations can leverage cloud capabilities, optimized routing, and centralized control across a network. Command-line expertise enables SD-WAN professionals to swiftly deploy, configure, and troubleshoot networks, ensuring efficient operation and minimal downtime.

Getting Started with SD-WAN CLI

Before diving into specific commands, ensure you are connected to your SD-WAN device or controller. Accessing the CLI (Command Line Interface) varies slightly across vendors, but most platforms support SSH for remote management.

ssh admin@sdwan-controller-ip

Once logged in, you’ll be ready to execute the following commands.

SD-WAN Configuration Commands

Configuration commands are essential for setting up your SD-WAN network to meet the performance and security needs of your organization.

Basic Device Configuration:

configure terminal # Enter global configuration mode
interface <name> # Configure specific interface
ip address <ip-address> <mask> # Assign IP address to interface
no shutdown # Enable interface

Routing and VPN Configuration:

sdwan vpn 0 interface <name> # Configure interface in specific VPN
vpn <number> # Enter VPN context
ip route <destination> <mask> <next-hop> # Add static route in VPN

Policy Configuration:

policy lists site-list <name> # Define a site list
policy lists app-list <name> # Define an application list
policy lists data-policy # Define data policies
policy activate # Apply policy changes

SD-WAN Monitoring Commands

Monitoring commands provide a snapshot of your network’s health, traffic statistics, and active connections.

Basic Monitoring:

show sdwan status # Show SD-WAN controller and device status
show sdwan control connections # Display control connections to controllers
show sdwan data connections # Display data plane connections

VPN and Routing Monitoring:

show sdwan vpn <vpn-id> # Display information about a specific VPN
show ip route vpn <vpn-id> # Show routing table for specified VPN

Application and Traffic Monitoring:

show sdwan app-route stats # View application route statistics
show sdwan traffic # Show traffic statistics on SD-WAN

SD-WAN Troubleshooting Commands

When issues arise, troubleshooting commands help pinpoint and resolve them quickly.

Basic Troubleshooting:

ping <destination-ip> # Ping to check connectivity

traceroute <destination-ip> # Trace the route to a destination
show log <specific-log> # View log files for issues

Connection and Path Troubleshooting:

show sdwan bfd sessions # Check BFD sessions for path status
show sdwan control local-properties # View control connection properties

Debugging:

debug sdwan dataplane # Enable data plane debugging
debug sdwan control # Enable control plane debugging

Security Commands in SD-WAN

Security commands are used to configure and monitor firewalls, encryption, and other security-related features in the SD-WAN environment.

Firewall Configuration:

sdwan policy firewall rule <rule-id> # Define firewall rule in SD-WAN
set action <permit|deny> # Set rule action
set src-ip <source-ip> dest-ip <destination-ip> # Set source and destination

Encryption and VPN Security:

sdwan ipsec vpn 0 # Configure IPsec encryption for VPN 0
encryption aes-gcm-256 # Set AES-GCM-256 encryption

User and Role Management:

set user <username> password <password> # Set user password
set user role <role-name> # Assign role to user

Device-Specific Commands

Depending on the SD-WAN solution used (Cisco, Viptela, Silver Peak, etc.), specific commands may vary.

Cisco SD-WAN (Viptela):

show control connections # Show control connections for Cisco SD-WAN
show app-route statistics # View application route stats in Cisco SD-WAN

Fortinet SD-WAN:

diagnose sdwan health-check <name> # Check health of SD-WAN connections in Fortinet
config system sdwan # Configure SD-WAN in Fortinet

Silver Peak SD-WAN:

show flows # View traffic flows in Silver Peak SD-WAN
configure sdwan # Enter SD-WAN configuration mode

SD-WAN Backup and Restore Commands

Backup and restore commands are crucial for maintaining network resilience and managing configurations.

 

Backup Configuration:

backup config # Backup current SD-WAN configuration
copy running-config startup-config # Save configuration to startup

 

Restore Configuration:

restore config <backup-file> # Restore configuration from backup
reload # Reload device to apply changes

 

Show Commands

Interface
show int | tab show ip interface brief
show interface detail statistics interface <interface> show platform hardware qfp active  interface if-name <interface> statistics
Tunnel
show tunnel gre-keepalives show sdwan tunnel gre-keepalives
show tunnel statistics show sdwan tunnel statistics
IPSEC
show ipsec inbound-connections show sdwan ipsec inbound-connections
show ipsec local-sa show sdwan ipsec local-sa
show ipsec outbound-connections show sdwan ipsec outbound-connections
BFD
show bfd history show sdwan bfd history
show bfd sessions show sdwan bfd sessions
show bfd summary show sdwan bfd summary
show bfd tloc-summary-list show sdwan bfd tloc-summary-list
Certificate
show certificate installed show sdwan certificate installed
show certificate root-ca-cert show sdwan certificate root-ca-cert
show certificate serial show sdwan certificate serial
show certificate signing-request show sdwan certificate signing-request
show certificate validity show sdwan certificate validity
Control
show control connections show sdwan control connections
show control connections-history show sdwan control connection-history
show control connections-info show sdwan control connection-info
show control local-properties show sdwan control local-properties
show control statistics show sdwan control statistics
show control summary show sdwan control summary
show control valid-vsmarts show sdwan control valid-vsmarts
show control valid-vmanage-id Show sdwan control valid-vmanage-id
show control affinity config show sdwan control affinity config
show control affinity status show sdwan control affinity status
OMP
show omp cloudexpress show sdwan omp cloudexpress
show omp multicast-auto-discover show sdwan omp multicast-auto-discover
show omp multicast-routes show sdwan omp multicast-routes
show omp peers show sdwan omp peers
show omp routes show sdwan omp routes
show omp services show sdwan omp services
show omp summary show sdwan omp summary
show omp tloc-paths show sdwan omp tloc-paths
show omp tlocs show sdwan omp tlocs
Policy
show policy access-list-associations show sdwan policy access-list-associations
show policy access-list-counters show sdwan policy access-list-counters
show policy access-list-names show sdwan policy access-list-names
show policy access-list-policers
show policy app-route-policy-filter show sdwan policy app-route-policy-filter
show policy data-policy-filter show sdwan policy data-policy-filter
show policy from-vsmart show sdwan policy from-vsmart
Config
show running-config show sdwan running-config
cflowd
show app cflowd collector show sdwan app-fwd cflowd collector
show app cflowd flow-count show sdwan app-fwd cflowd flow-count
show app cflowd flows show sdwan app-fwd cflowd flows
show app cflowd statistics show sdwan app-fwd cflowd statistics
show app cflowd template show sdwan app-fwd cflowd template
DPI
show app dpi flows show sdwan app-fwd dpi flows
show app dpi summary show sdwan app-fwd dpi summary
show app dpi applications
show app dpi supported-applications
App-route
show app-route sla-class show sdwan app-route sla-class
show app-route stats show sdwan app-route stats
Version
show version show sdwan version
show software show sdwan software
System
show reboot history  show sdwan reboot history
show system buffer-pool-status
show system status  show system statistics
show system statistics  show platform hardware qfp active statistics drop
Notification
show notification stream viptela show sdwan notification stream viptela
Security
show security-info show sdwan security-info
ZBFW
show sdwan zbfw drop-statistics
show sdwan zw zonepair-statistics
show sdwan zonebfwdp sessions
NAT
show sdwan nat-fwd ip-nat-translation
show sdwan nat-fwd ip-nat-translation-verbose
Crash
show crash show sdwan crash

Clear Commands

App
clear app cflowd flow-all clear sdwan app-fwd cflowd flow-all
clear app dpi all clear sdwan app-fwd dpi flow-all
clear app log flow-all
clear app tcp-opt expired-flows
Control
clear control connections clear sdwan control connections
clear control connections-history clear sdwan control connection-history
clear sdwan control port-index
clear control reverse-proxy-connections
Notification
clear installed-certificates clear sdwan installed-certificates
Control
clear notification stream viptela clear sdwan notification stream viptela
OMP
clear omp all clear sdwan omp all
clear omp peer clear sdwan omp peer
clear omp routes clear sdwan omp routes
clear omp tlocs clear sdwan omp tlocs
Policy
clear policy access-list clear sdwan policy access-list
clear policy app-route-policy clear sdwan policy app-route-policy
clear policy data-policy clear sdwan policy data-policy
clear policy zbfw filter-statistics
clear policy zbfw global-statistics
clear policy zbfw sessions
Tunnel
clear tunnel gre-keepalive clear sdwan tunnel gre-keepalive
clear tunnel statistics clear sdwan tunnel statistics
DNS
clear dns cache clear sdwan dns cache
clear sdwan dns app-fwd cflowd flow-all
clear sdwan dns app-fwd cflowd statistics
clear sdwan dns app-fwd dpi flow-all
clear sdwan dns app-fwd dpi summary

Request Commands

General
request admin-tech request platform software sdwan admin-tech
request certificate install <path> request platform software sdwan certificate install <path>
request controller delete <org-name/serial-num> request platform software sdwan controller delete <org-name/serial-num>
request controller reset-version-number request platform software sdwan controller reset-version-number
request csr upload <path> request platform software sdwan csr upload <path>
request port-hop color <color> request platform software sdwan port_hop color <color>
request root-cert-chain install <path> request platform software sdwan root-cert-chain install <path>
request security ipsec-rekey request platform software sdwan security ipsec-rekey
Software
request software install <path> request platform software sdwan software install <path>
request software activate <build> request platform software sdwan software activate <build>
request software remove <build> request platform software sdwan software remove <build>
request software reset request platform software sdwan software reset
request software secure-boot <list/set/status> request platform software sdwan software secure-boot <list/set/status>
request software set-default <build> request platform software sdwan software set-default <build>
request software upgrade-confirm request platform software sdwan software upgrade-confirm
request software verify-image <image> request platform software sdwan software verify-image <path>
request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <token-id>

Debug Commands

General
debug confd <developer-log/snmp> debug platform software sdwan confd <developer-log/snmp>
debug config-mgr <events/pppoe/ra> level <high/low> debug platform software sdwan config-mgr <events/pppoe/ra> level <high/low>
debug fpm <command> debug platform software sdwan fpm <command>
debug ftm <command> debug platform software sdwan ftm <command>

Leave a Reply