Network Topology
Required Configuration
- 172.30.50.0/24 pool routed in SDWAN HUB for OLT Mgmt
- on spoke end configure one port with trunk vlan 100 and Ip addres 172.30.50.1/30 RAY spoke end
- OLT end ip will be 172.30.50.2
- for DHCP on same port.. configure VLan 200 with dhcp for end users 192.168.88.x/24
- Nat ip pool router on SDWAN HUB x.x.148.209
- for Syslog please configure x.x.200.14 and x.x.200.30 as syslog server
Device used in POC
- HUB (Small VM) Hosted on Customer vm server with public ip 182.48.200.x
- Spoke (Atom Lyte)
Hub Basic Configuration
Hub device should be added in this in customer VM Server with public IP.
In this case customer want to do SNAT from HUB end and it will reflect at Spoke connected device.
so along with up link static IP we have attached on wan interface from where SNAT request will pass.
Next we have created SNAT rule for end users, where users which will connected to end device will get ip from 192.168.88.x/24 so below rule will match to it and do SNAT for given IP.
Spoke Configuration
Main but not major configuration has been done on spoke end.
Spoke device can be bring up via any link which do not matter in this scenario.
As required we have created to vlan 100 for MGMT with ip 172.30.0.x/24 and DHCP off and vlan 200 for users with ip 192.168.88.x/24 DHCP enabled.
Tunnel Configuration
After Basic Configuration has been done now will connect HUB and Spoke via tunnel which transfer data to hub end.
now because in SNAT rule we have matched source IP as spoke lan 192.168.88.x/24 will sent traffic without NAT on Tunnel.
Tunnel has been created with hub public static ip so spoke can easily communicate with hub device.
Below you will see hub device is added with public IP.
Next For hub subnet via tunnel we have added 0.0.0.0/0 as we want to add default route for spoke on to tunnel.
Forwarding will use via wan network with NAT off.
Now, For spoke device just select device mac and for spoke public ip is optional.
Spoke Subnet will select user and mgmt as we want to route it on tunnel.
For Forwarding will select same subnets with NAT off.
via Tunnel configuration Spoke local segments and HUB will share to each other so communication will happen.
but in order to achieve SNAT via Tunnel we have to forward whole spoke traffic to tunnel and make it as Tunnel breakout.
so will create SD-WAN Rule in which we will define with source ip 192.168.88.x/24 and with destination 0.0.0.0/0 will go via Tunnel.
in order to match this condition First we have to create SLA which matches rule.
So we have created below Rule with Tunnel HUB IP 172.65.0.1. as long as this ip will be pingable rule will work.
Now we have created rule where we have selected user mgmt (192.168.88.x/24) as source
For destination 0.0.0.0/0 all traffic.
and outgoing interface we have selected Tunnel which we have created. and SLA will use which we have created.
