Link Search Menu Expand Document

VXLAN Template

Use the VXLAN template to to efficiently deploy Virtual Network Identifier (VNI) instances for Virtual Extensible Local Area Network (VXLAN) segments. A VNI maps a routing segment to a firewall zone and a fallback role. Each segment is identified by a 24-bit VNI that can be configured for up to 16 million virtual networks. For additional information, see the VXLAN tab


Before you can assign a VNI to a VXLAN segment, you must configure the following settings:

  • Segmentation must be enabled to support VXLAN. See the Routing Segmentation (VRF) tab

  • The IP routing on the BGP Layer 3 network that connects the EdgeConnect appliance VTEPs must already be configured. This is necessary to enable VXLAN traffic to traverse the network. Therefore, only in-line router mode is supported.

  • Currently, the EdgeConnect EVPN address family is only supported for BGP EVPN peers in the Default segment (VRF ID = 0).

  • One or more loopback interfaces must already be available.

  • VXLAN is only supported on LAN interfaces. Route-Targets must be defined, and BGP enabled for all segments, even if no BGP peers are configured in non-default segments.

Common Settings for all VNIs

Use this section of the VXLAN Tab to configure these common settings for all VNIs:

  • Destination UDP Port: You can configure a custom destination UDP port for VXLAN. If not selected, the appliance uses the default port of 4789.

  • VTEP Source Interface: Select a loopback interface from the list.
    NOTE: Only loopback interfaces are valid. The loopback interface you choose will automatically be configured in the local interface field of the BGP Peer configuration if EVPN Peer is enabled.

VNI Mappings

For this dialog box, use the steps belwo to map a VNI to a routing segment, a firewall zone, and a fallback role.


  1. Click Add to create a new VNI for a segment.

  2. Enter a value for the VNI segment. Valid values are 1-16777215.

  3. Select the Segment, Firewall Zone, and Fallback Role (Don’t Apply, Guest IOT, Untrusted).

  4. Click OK.


  1. Select an existing VNI from the list.

  2. Click the Edit icon to modify an existing VNI.

Note: In the Flows tab, enable the VNI Tx and VNI Rx columns to display the number of the VNI that received or sent the VXLAN traffic. Both values should match for every flow. If not, there might be a misconfiguration downstream from the EdgeConnect.

Role to GPID Mapping

Use the Roles dialog box to map a policy enforcement role to a VXLAN Group Policy Identifier (GPID). Mapping policy enforcement roles to a VXLAN GPID is optional. Policy enforcement role mapping to a GPID propagates globally across the SD-WAN Fabric. Enabling the identity-based policy enforcement capability of the HPE Aruba Networking SD-WAN solution in VXLAN segments provides a highly automated extensible way of enabling a zero-trust security architecture.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America