Skip to content
Catalyst SD-WAN Lab Guide

Feature Profiles - Service

Overview

Section titled “Overview”

In Cisco SD-WAN Manager (vManage) UX 2.0, configuration is modular:

Concept Description
Service Feature Profile A container (envelope) that groups all service/LAN-side settings for a device (LAN VPNs, LAN interfaces, routing protocols, DHCP, switchport, wireless, etc.).
Feature Parcel An individual, typed block of configuration (LAN VPN, Ethernet Interface, OSPF, DHCP Server, etc.) that lives inside a Service Feature Profile.

You must create the profile first, then attach one or more parcels to it. Some parcels are nested — for example, Ethernet Interface parcels live inside a LAN VPN parcel, and a DHCP Server parcel can be associated to a LAN interface.

Workflow Overview

Section titled “Workflow Overview”

STEP 1: Create a Service Feature Profile:

  • POST /v1/feature-profile/sdwan/service
  • Returns a Service Profile Identifier (profileId)

STEP 2: Create top-level parcels (e.g., LAN VPN, Switchport, Wireless LAN, Tracker, Routing) using the returned profileId:

  • POST /v1/feature-profile/sdwan/service/<profileId>/<parcel-type>
  • Returns a Parcel Identifier (parcelId)

STEP 3: For nested parcels (e.g., Ethernet Interface under a LAN VPN), create them using both profileId and the parent parcelId:

  • POST /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/<sub-parcel-type>
  • Returns a Sub-Parcel Identifier

Then the newly created Service Feature Profile can be used in a Configuration Group.

Create Service Feature Profile

Section titled “Create Service Feature Profile”

POST /v1/feature-profile/sdwan/service

Request Body

{
  "name": "TF_SPOKE_SERVICE",
  "description": "Terraform - Service Profile"
}

Response (HTTP 200)

{
  "id": "aaaa-bbbb-cccc-dddd"
}

Save the returned UUID — this is referred to as <profileId> in every subsequent parcel call.

Parcel Hierarchy

Section titled “Parcel Hierarchy”

The Service Feature Profile has a multi-level hierarchy. Some parcels are top-level while others are nested under a parent LAN VPN or LAN interface parcel:

Service Feature Profile (<profileId>)
├── LAN VPN  ────────────────────────────────────  /lan/vpn
│   ├── Interface Ethernet  ────────────────────  /interface/ethernet
│   │   ├── DHCP Server  ──────────────────────  /dhcp-server
│   │   ├── Tracker  ──────────────────────────  /tracker
│   │   └── Tracker Group  ────────────────────  /trackergroup
│   ├── Interface SVI  ────────────────────────  /interface/svi
│   │   └── DHCP Server  ──────────────────────  /dhcp-server
│   ├── Interface GRE  ────────────────────────  /interface/gre
│   ├── Interface IPSec  ──────────────────────  /interface/ipsec
│   │   └── DHCP Server  ──────────────────────  /dhcp-server
│   ├── Raw Socket  ───────────────────────────  /raw-socket
│   ├── Routing BGP  ──────────────────────────  /routing/bgp
│   ├── Routing OSPF  ─────────────────────────  /routing/ospf
│   ├── Routing OSPFv3 IPv4  ──────────────────  /routing/ospfv3/ipv4
│   ├── Routing OSPFv3 IPv6  ──────────────────  /routing/ospfv3/ipv6
│   ├── Routing EIGRP  ────────────────────────  /routing/eigrp
│   └── Routing Multicast  ────────────────────  /routing/multicast
├── AppQoE  ───────────────────────────────────  /appqoe
├── DHCP Server (standalone)  ─────────────────  /dhcp-server
├── Switchport  ───────────────────────────────  /switchport
├── Wireless LAN  ─────────────────────────────  /wirelesslan
├── Tracker  ──────────────────────────────────  /tracker
├── Tracker Group  ────────────────────────────  /trackergroup
├── Routing BGP  ──────────────────────────────  /routing/bgp
├── Routing OSPF  ─────────────────────────────  /routing/ospf
├── Routing OSPFv3 IPv4  ──────────────────────  /routing/ospfv3/ipv4
├── Routing OSPFv3 IPv6  ──────────────────────  /routing/ospfv3/ipv6
├── Routing EIGRP  ────────────────────────────  /routing/eigrp
└── Routing Multicast  ────────────────────────  /routing/multicast

Top-Level Parcels

Section titled “Top-Level Parcels”

With the profileId in hand, create each top-level parcel you need.

Item Value
Method POST
Endpoint pattern /v1/feature-profile/sdwan/service/<profileId>/<parcel-type>
Content-Type application/json

Order does not matter for independent parcels. However, parent parcels (LAN VPN) must exist before nested parcels can be created.

Top-Level Parcel Quick-Reference Table:

# Parcel Type Endpoint Suffix Description / Key Fields
1 LAN VPN /lan/vpn Service-side VPN (VPN 1, 2, …) — VPN ID, name, DNS, advertise lists, OMP route imports
2 AppQoE /appqoe Application Quality of Experience (TCP optimization, DRE)
3 DHCP Server /dhcp-server Standalone DHCP server pool definitions
4 Switchport /switchport Switchport configuration (access/trunk, VLAN, voice VLAN)
5 Wireless LAN /wirelesslan Wireless LAN settings (SSID, security, country code)
6 Tracker /tracker Endpoint tracker for service-side failover
7 Tracker Group /trackergroup Group of trackers with boolean logic
8 Routing BGP /routing/bgp BGP settings at profile scope
9 Routing OSPF /routing/ospf OSPF settings at profile scope
10 Routing OSPFv3 IPv4 /routing/ospfv3/ipv4 OSPFv3 IPv4 address family at profile scope
11 Routing OSPFv3 IPv6 /routing/ospfv3/ipv6 OSPFv3 IPv6 address family at profile scope
12 Routing EIGRP /routing/eigrp EIGRP settings at profile scope
13 Routing Multicast /routing/multicast Multicast settings (PIM, IGMP, MSDP) at profile scope

LAN VPN Sub-Parcels (Nested)

Section titled “LAN VPN Sub-Parcels (Nested)”

These parcels are created inside a LAN VPN parcel and require both the profileId and the parent vpnParcelId.

Item Value
Method POST
Endpoint pattern /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/<sub-parcel-type>
Content-Type application/json

LAN VPN Sub-Parcel Quick-Reference Table:

# Sub-Parcel Type Endpoint Suffix Description / Key Fields
1 Ethernet Interface /interface/ethernet LAN-facing physical/sub-interface — IP address, NAT, ACL
2 SVI Interface /interface/svi Switched Virtual Interface (VLAN interface)
3 GRE Interface /interface/gre GRE tunnel interface configuration
4 IPSec Interface /interface/ipsec IPSec tunnel interface configuration
5 Raw Socket /raw-socket Raw socket configuration
6 Routing BGP /routing/bgp BGP settings scoped to this LAN VPN
7 Routing OSPF /routing/ospf OSPF settings scoped to this LAN VPN
8 Routing OSPFv3 IPv4 /routing/ospfv3/ipv4 OSPFv3 IPv4 settings scoped to this LAN VPN
9 Routing OSPFv3 IPv6 /routing/ospfv3/ipv6 OSPFv3 IPv6 settings scoped to this LAN VPN
10 Routing EIGRP /routing/eigrp EIGRP settings scoped to this LAN VPN
11 Routing Multicast /routing/multicast Multicast settings scoped to this LAN VPN

DHCP Server Associations on LAN Interfaces

Section titled “DHCP Server Associations on LAN Interfaces”

A DHCP Server parcel can be associated directly to a LAN VPN interface (Ethernet, SVI, or IPSec). These are third-level nested parcels:

Endpoint pattern:

/v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/<interfaceType>/<interfaceId>/dhcp-server

# Association Applicable Interface Types Endpoint Suffix (on interface)
1 DHCP Server ethernet, svi, ipsec /dhcp-server

For example, to associate a DHCP server to an Ethernet interface under a LAN VPN:

POST /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/dhcp-server

Tracker Associations on LAN VPN Ethernet Interfaces

Section titled “Tracker Associations on LAN VPN Ethernet Interfaces”

Trackers can be associated directly to LAN VPN Ethernet interfaces:

Endpoint pattern:

/v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/<tracker-type>

# Tracker Association Endpoint Suffix (on interface)
1 Tracker /tracker
2 Tracker Group /trackergroup

Examples

Section titled “Examples”

Example — Create a LAN VPN Parcel

Section titled “Example — Create a LAN VPN Parcel”
POST /dataservice/v1/feature-profile/sdwan/service/<profileId>/lan/vpn
Content-Type: application/json
{
  "name": "lan_vpn_1",
  "description": "Service VPN 1 for branch users",
  "data": {
    "vpnId": {
      "optionType": "global",
      "value": 1
    },
    "name": {
      "optionType": "global",
      "value": "users"
    }
  }
}

Response (HTTP 200)

{
  "parcelId": "1111-2222-3333-4444"
}

Save the returned parcelId — this is the <vpnParcelId> required for creating sub-parcels (interfaces, routes, etc.).

Example — Create an Ethernet Interface Sub-Parcel (under LAN VPN)

Section titled “Example — Create an Ethernet Interface Sub-Parcel (under LAN VPN)”
POST /dataservice/v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet
Content-Type: application/json
{
  "name": "lan_int",
  "description": "LAN-side Ethernet interface",
  "data": {
    "interfaceName": {
      "optionType": "variable",
      "value": "<vpn1_lan_name>"
    },
    "shutdown": {
      "optionType": "global",
      "value": false
    },
    "ipv4": {
      "addressConfig": {
        "optionType": "global",
        "value": "static"
      },
      "address": {
        "optionType": "variable",
        "value": "<vpn1_lan_ipv4_address>"
      },
      "subnetMask": {
        "optionType": "global",
        "value": "255.255.255.0"
      }
    }
  }
}

Response (HTTP 200)

{
  "parcelId": "aaaa-bbbb-1111-2222"
}

The optionType Pattern

Section titled “The optionType Pattern”

Almost every field in a parcel body uses a discriminated value wrapper:

optionType Meaning Example
global Explicitly set by the administrator. { "optionType": "global", "value": 1 }
variable Bound to a template variable; resolved at device attach. { "optionType": "variable", "value": "<vpn1_lan_name>" }
default Use the system-defined default. Value may be present but is informational. { "optionType": "default", "value": 4 }

Manage Top-Level Parcels

Section titled “Manage Top-Level Parcels”
Action Method & Endpoint
Read All Parcels of a Given Type GET /v1/feature-profile/sdwan/service/<profileId>/<parcel-type>
Read a Single Parcel GET /v1/feature-profile/sdwan/service/<profileId>/<parcel-type>/{parcelId}
Update a Parcel (send full payload) PUT /v1/feature-profile/sdwan/service/<profileId>/<parcel-type>/{parcelId}
Delete a Parcel DELETE /v1/feature-profile/sdwan/service/<profileId>/<parcel-type>/{parcelId}

Manage LAN VPN Sub-Parcels

Section titled “Manage LAN VPN Sub-Parcels”
Action Method & Endpoint
Read All Sub-Parcels of a Given Type GET /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/<sub-parcel-type>
Read a Single Sub-Parcel GET /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/<sub-parcel-type>/{subParcelId}
Update a Sub-Parcel PUT /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/<sub-parcel-type>/{subParcelId}
Delete a Sub-Parcel DELETE /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/<sub-parcel-type>/{subParcelId}

Manage DHCP Server Associations on LAN Interfaces

Section titled “Manage DHCP Server Associations on LAN Interfaces”
Action Method & Endpoint
Read All DHCP Server Associations GET /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/<type>/<interfaceId>/dhcp-server
Read a Single Association GET /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/<type>/<interfaceId>/dhcp-server/{dhcpServerId}
Create a DHCP Server Association POST /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/<type>/<interfaceId>/dhcp-server
Update a DHCP Server Association PUT /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/<type>/<interfaceId>/dhcp-server/{dhcpServerId}
Delete a DHCP Server Association DELETE /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/<type>/<interfaceId>/dhcp-server/{dhcpServerId}

Where <type> is the interface type (ethernet, svi, or ipsec).

Manage Tracker Associations on LAN VPN Ethernet Interfaces

Section titled “Manage Tracker Associations on LAN VPN Ethernet Interfaces”
Action Method & Endpoint
Read All Tracker Associations GET /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/<tracker-type>
Read a Single Tracker Association GET /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/<tracker-type>/{trackerId}
Create a Tracker Association POST /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/<tracker-type>
Update a Tracker Association PUT /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/<tracker-type>/{trackerId}
Delete a Tracker Association DELETE /v1/feature-profile/sdwan/service/<profileId>/lan/vpn/<vpnParcelId>/interface/ethernet/<ethernetId>/<tracker-type>/{trackerId}

Where <tracker-type> is one of tracker or trackergroup.

Manage Profile

Section titled “Manage Profile”
Action Method & Endpoint
List all Service Profiles GET /v1/feature-profile/sdwan/service
Get one profile GET /v1/feature-profile/sdwan/service/<profileId>
Update profile metadata PUT /v1/feature-profile/sdwan/service/<profileId>
Delete a profile DELETE /v1/feature-profile/sdwan/service/<profileId>

HTTP Response Codes

Section titled “HTTP Response Codes”
Code Meaning
200 Success — resource created / retrieved / updated / deleted
400 Bad request — invalid or missing fields
401 Unauthorised — missing or expired session
403 Forbidden — insufficient RBAC privileges
404 Not found — invalid {profileId} or {parcelId}
500 Internal server error

Practice with Bruno

Section titled “Practice with Bruno”

Open Bruno and load the collection “Catalyst SD-WAN Sandbox” located in the bruno/sdwan-sandbox folder of this repository. The collection is already structured with all the requests needed for this lab, grouped into subfolders by workflow (e.g. Authentication, Create service profile).

Bruno uses environments to manage sets of variables (base URL, credentials, token values, IDs, etc.) that are shared across all requests in a collection. Each request references variables with the {{variable_name}} syntax — for example, {{vmanage}} for the Manager hostname, or {{serviceProfileId}} for the profile ID returned after the first API call. This means you only need to set a value once in the environment and every request that uses it is automatically updated.

Before running any request, select the sandbox environment from the environment picker (top-right dropdown). This loads all the pre-configured variables for the lab sandbox.

As you work through the steps below, you will occasionally need to copy a value from a response (such as a profileId) and paste it into the environment so that subsequent requests can use it automatically. To edit environment variables: click the environment name → Configure.

Step1: Make sure you are authenticated with SD-WAN Manager:

  • go to Authentication folder
  • use 01 - Get Auth Token request, hit send

Step2: Create Service Profile

  • Go to Create service profile folder
  • use 01 - Create Service Profile and hit send
  • This creates a Service Profile
  • Response payload contains the profile-id
  • The post-response script automatically saves the value to the environment variable serviceProfileId

Step3: Create LAN VPN parcel

  • Go to Create service profile folder
  • use 02 - Create Service Parcel - LAN VPN and hit send
  • This creates a LAN VPN (VPN 1) parcel inside the service profile
  • Response payload contains the parcel-id
  • The post-response script automatically saves the value to the environment variable lanVpnParcelId

Step4 - Create LAN interface parcel

  • Go to Create service profile folder
  • use 03 - Create Service Parcel - LAN VPN Interface Ethernet and hit send
  • This creates a LAN-side Ethernet interface (GigabitEthernet3) inside the LAN VPN
  • Requires the serviceProfileId and lanVpnParcelId from above

Step5 - Create DHCP Server parcel

  • Go to Create service profile folder
  • use 04 - Create Service Parcel - DHCP Server and hit send
  • This creates a standalone DHCP Server parcel under the service profile
  • Requires the serviceProfileId from above

Step6: List existing Service Profiles

  • Go to List profiles folder
  • use List all Service Profiles, hit send
  • read the response payload, it contains all service profiles created on Manager

Step7: Get newly created Service Profile details

  • Go to List profiles folder
  • use Get Service Profile details, hit send
  • read the response payload, it contains all parcels for the newly created service profile.

Notes & Best Practices

Section titled “Notes & Best Practices”
  1. Create the profile before any parcel. Every parcel endpoint requires <profileId> as a path parameter.
  2. Create parent parcels before nested parcels. A LAN VPN must exist before you can create Ethernet/SVI/GRE/IPSec interface sub-parcels under it. An interface must exist before you can attach a DHCP server or tracker to it.
  3. One LAN VPN per service VPN ID. Each LAN VPN parcel represents a distinct service-side VPN (1, 2, 3, …). Create one LAN VPN parcel per service VPN you need.
  4. Use variables for values that differ per device (e.g., interface name, IP address) to keep the profile reusable across sites.
  5. Idempotent updates: Use PUT with the full parcel body; partial patches are not supported.
  6. Schema validation: Use the schema endpoints to validate payloads before sending — GET /v1/feature-profile/sdwan/service/<parcel-type>/schema?schemaType=post returns the JSON schema for the POST body of a given parcel type.
  7. Version compatibility: This specification targets SD-WAN Manager 20.18. Endpoint availability may differ on earlier releases.