cisco sd-wanrms.koenig-solutions.com/sync_data/trainer/qms/1942-202051749… · vsmart vedge router...

Cisco SD-WAN Cisco SDN:

SD-WAN: WAN Solutions

SD-Access: LAN & Campus Solutions

ACI: Data Center Solutions

Cisco SD-WAN Components:

vMange

vBond

vSmart

vEdge Router

Lab Topology:

Default Login Credentials:

Username: admin

Password: admin

How to reset SD-WAN components: Lab Topology:

Basic Configuration: vManage:

Basic Configuration:

VPN 0 Configuration: Transport VPN

VPN 512 Configuration: Management VPN

Default Route Configuration:

Root CA Certification Installation on vManage:

Web Access vMange: https://10.1.99.1

Go to: Administration--Setting:

Do the following change setting:

Organization name: koenig

vBond: 172.16.10.2 Port : 12346

Controller certificate Authorization: Edit: Enterprise Root Certificate: Select file

CA certificate file: we need to download from CA Server:

https://10.1.99.1/certsrv

Select Base 64 and Click on Download a CA certificate.

Note: CA certificate we need to install only on vManage.

How to generate CA signed certificate for VManage:

Certificate Request from vManage:

Configuration: Certificates: Controllers: Select vManage: Click on generate CSR

Certificate Request from CA Server:

Request a certificate: Advanced certificate request: Submit a certificate request:

Click on download certificate: CA server signed certificate downloaded.

Install CA signed certificate on vManage:

Select vMange from controllers: click on install certificate: select a file: click on install:

Basic Configuration: vBond

Basic Configuration:

VPN0 Configuration: Transport VPN

VPN512 Configuration: Management VPN

Default Route Configuration:

How to add vBond to vManage:

Configuration: Devices: Controller: Add controller: Select vBond:

vBond Management IP Address: 172.16.10.2

Username: admin

Password: admin

How to generate CA signed certificate for vBond:

Certificate Request from vBond:

Configuration: Certificates: Controllers: Select vBond: Click on generate CSR

Certificate Request from CA Server:

Request a certificate: Advanced certificate request: Submit a certificate request:

Select Base 64 encoded and Click on download certificate: CA server signed certificate

downloaded.

Install CA signed certificate on vBond:

Select vBond from controllers: click on install certificate: select a file: click on install:

Basic Configuration: vSmart

Basic Configuration:

VPN0 Configuration: Transport VPN

VPN512 Configuration: Management VPN

Default Route Configuration:

How to add vSmart to vManage:

Configuration: Devices: Controller: Add controller: Select vSmart:

vSmart Management IP Address: 172.16.10.3

Username: admin

Password: admin

How to generate CA signed certificate for vSmart:

Certificate Request from vSmart:

Configuration: Certificates: Controllers: Select vSmart: Click on generate CSR

CA Singed Certificate Installation Verification:

Configuration: Devices: Controllers: Certificate Status: Installed

Configuration: Certificates: Controllers: Certificate Serial No.:

Main Dashboard Verification:

How to add vEdge Router List to vMange:

Configuration: Devices: WAN Edge List: Upload WAN Edge List:

WAN Edge list Upload Method:

Select .viptela file and select the Check box (validate the uploaded vEdge list and send to controller).

Click on upload button.

Configuration: Certificates: WAN Edge list: Click on Valid to enable Chassis No and token no.:

After Validate the all the devices click on send to controllers:

Basic Configuration: vEdge Router

Basic Configuration:

VPN 0 Configuration: Transport VPN

VPN 512 Configuration: Management VPN

Default Route Configuration: Gold (Internet)

VPN 10 Configuration: Routing VPN

How to download and install CA server certificate form CA Server: (Need TFTP Server):

TFTP Server setting:

After TFTP Server Setting: vEdge CLI: type the below command:

CA Server certificate download Verification:

Take the putty session of vEdge Router to activate vEdge Router:

Chassis Number and token has been taken from below screen:

After Successful activation serial number will be generated like above screen in last row.

Main Dashboard Device Verification:

Command Line Verification: vManage and vSmart:

show control connections

show control local-properties

show interface eth0

Show running-config VPN 0

Command Line Verification: vBond

show orchestrator connections

show orchestrator summary

show system status

Basic Configuration: R1 Router

Basic Configuration:

VPN 0 Configuration: Transport VPN

Default Route Configuration: Gold (Internet)

VPN 10 Configuration: Routing VPN

Certificate Installation Process: R1

State: Certificate Installed Serial No.:B9C65643 Hostname: R1 IP Address: 1.1.1.1

Now click on send to controllers:

Take the putty session of R1 to download & install CA Server and activate and install certificate on

R1 Router:

Basic Configuration: R2 Router

Basic Configuration:

VPN 0 Configuration: Transport VPN

Default Route Configuration: Gold (Internet)

VPN 10 Configuration: Routing VPN

Take the putty session of R1 to download & install CA Server and activate and install certificate on

R2 Router:

State: Certificate Installed Serial No.:4B170CFA Hostname: R2 IP Address: 1.1.1.2

Now click on send to controllers:

Finally: Main Dashboard, Device & Controller Status:

Additional Configuration

Addtitional Configuration : R1

Addtitional Configuration :R2

Command Line Verification Commands:

Show ip routes

Show ip routes summary

Show ip routes omp

vMange Verification :

OMP : Overlay Mangement protocol

TLOC : Transport Locator : System-ip+Color+Encapsulation:

Monitor: Network

Click on R1 and select Real Time: Device options: IP Routes

Click on R1 and select Real Time: Device options: OMP received routes

Click on R1 and select Real Time: Device options: OMP received TLOC