Cisco SD-WAN is often discussed from the perspective of routing, transport selection, and centralized management.However, one of its major strengths is the ability to integrate networking and security into a unified WAN architecture. In many enterprise environments, WAN edge routers are not only responsible for transporting traffic, but also for enforcing security policies at branch…

In this lab, I am using the Cisco SD-WAN Sandbox environment to demonstrate how TLOC Preference can be used for traffic engineering. In many enterprise WAN environments, a site has multiple WAN transports, such as: Although Cisco SD-WAN can dynamically build tunnels across all available transports, we may want to prefer one path over another…

In order to Isolate a vpn from other vpn we should use vpn Membership in Topology section of vmanage. VPN membership (Who receives routes, it is route visibility control with filtering for Segmentation).This determines which VPN routes are advertised to which sites. [helps define who can join which VPN and who can learn its routes.] It…

In this lab, I am using the Cisco SD-WAN Sandbox environment to build and test a Hub-and-Spoke topology. By default, Cisco SD-WAN allows sites to exchange routes dynamically and build direct communication paths between branches.However, in many enterprise environments, this is not always the desired design. Here is the topology: In my scenario, I want…

When working with Cisco SD-WAN, one of the first real challenges engineers face is onboarding devices—especially understanding the differences between vEdge (Viptela OS) and cEdge (IOS-XE SD-WAN). At first glance, both follow a similar process. But in practice, there are important differences in behavior, commands, and even mindset. In this post, I’ll walk through the…