Cisco SDWAN Controller bring up guide_47f101b8-b9cf-4eaa-9fb3-c1b016e0962c.pptx

Resetting Vmanage/Vbond/Vsmart to factory default. Login to the controllers. vmanage# request software reset

+ Onboarding Controllers starts with minimum CLI options + Host-name + System-ip + Does not need to be routable, just a unique Router-ID + Site-id + Devices in the same site don’t form IPsec tunnels with each other + Organization-name + Must match the ORG in serialFile.viptela generated from Cisco Licensing Portal + vBond IP Address + I.e. Who is the Orchestrator? + VPN 0 - The “Transport VPN” + Interface(s), IP address(es), and routing towards the WAN + Unique tunnel “color” for each WAN link + Color can be used in routing decisions later Onboarding Internally Hosted Cisco SD-WAN Controllers – Required CLI Config

vManage Example Initial CLI Config organization-name KSPL vbond 172.16.10.2 ! vpn 0 interface eth ip address 1 72.16.10.1/24 tunnel-interface color biz-internet allow-service all exit no shutdown exit ip route 0.0.0.0/0 1 72.16.10 .254 commit and-quit config t ! ! system host-name vManage-1 system-ip 1 1 .1.1. 1 site-id 1 00 !

vBond Example Initial CLI Config config t ! system host-name vBond-1 system-ip 1 1 .1.1.2 site-id 1 00 organization-name KSPL vbond 172.16.10.2 local ! vpn 0 interface ge0/0 ip address 172.16.10.2 /24 tunnel-interface encapsulation ipsec color biz-internet allow-service all exit no shutdown exit ! ip route 0.0.0.0/0 172.16.10.254 commit and-quit

vSmart Example Initial CLI Config organization-name KSPL vbond 172.16.10.2 ! vpn 0 ! interface eth ip address 1 72.16.10.3/24 tunnel-interface color biz-internet allow-service all exit no shutdown exit ! ip route 0.0.0.0/0 172.16.10.254 config t ! ! system host-name vSmart-1 system-ip 1 1 .1.1.3 site-id 1 00 ! Commit and-quit

Access the GUI of vmanage from CA Server https://172.16.10.1

Configure vBond IP address and Organization name in GUI. Administration->Settings

Adding Vbond and VSmart to vmanage Config>Devices>Controllers

No certificates are installed at this moment. Check by Configuration->Devices and Moniotor->Overview

Installing Certificates Access the CA by https://172.16.10.100/certsrv and download the Root CA Cert.

Point to the Enterprise CA and install its Root Certificate. Administration->Settings->Controller Certificate Authorization

Check the installed Root cert from Administration->Root CA Management

You can check the same using CLI on the controllers. vManage automatically pushes the Root Cert to all other controllers(vbond and vsmart)

Now install device certificate each on vManage, vBond and v Smart Controllers. Configuration->Certificates. Click the three dots (...) and select Generate CSR for vmanage

Copy the CSR.

Access the CA by https://172.16.10.100/certsrv and submit the CSR Select - Request a certificate->advanced certificate request

paste the certificate request and click Submit. Note for the Request ID. Your request id may be different.

You need to Issue the certificate from the Certificate Authority and download it for use. Launch the Certification Authority from the Start Menu and Issue the Certificate by browsing to the Certificate request and right click-All task->Issue

Now download the certificate from https://172.16.10.100/certsrv. Click “ View the status of a pending certificaterequest” . On the next screen click the Saved-Request Certificate... next Click Base 64 Encoded and Download certificate. Rename the certificate as Vmanage/Vsmart or Vbond. Repeat the steps from Slide 21 to 26 for vSmart and Vbond as well and download the certificates.

Once the device certificate is downloaded install it on the all the Controllers one by one from Configuration->Certificates

Repeat the same steps for vBond and vSmart controllers.

vManage# show control local-propertieson Vmanage and Vsmart.

vBond - show orchestrator local-properties

Adding Edge Routers to SDWAN Fabric. Download the device serial file from your organization’s Smart Account. The file is already downloaded on Desktop SDWAN file folder. Steps from slide 37-41 are already done but represented here for learning purpose.

At this moment no controller has the Valid Edge device list.

Lets upload the vEdge list to the vManage. It will automatically distribute the list to other controllers. Configurations->Devices->Wan Edge List->Upload WAN Edge list

Check the device list at Configuration ->Certificates

resetting the 8000v to factory defaults R1# factory-reset all + Cisco IOS XE routers don’t run in SD-WAN Mode by default show version - to see router operating mode Autonomous or Controller mode

After the vEdge gas restarted you can again check the mode by #show version

config -t ransaction line vty 0 4 transport input ssh exit hostname R1 system system-ip 1.1.1.1 site-id 101 organization-name KSPL vbond 172.16.10.2 exit interface GigabitEthernet1 no shutdown ip address 125.10.1.1 255.255.255. exit ip route 0.0.0.0 0.0.0.0 125.10.1.254 Below configs will be done after we have activated the chassis as mentioned in Slide 55 interface Tunnel1 ip unnumbered GigabitEthernet1 tunnel source GigabitEthernet1 tunnel mode sdwan no shutdown exit sdwan interface GigabitEthernet1 tunnel-interface encapsulation ipsec color biz-internet allow-service al l exit exit commit Check if you are able to ping all the controllers and the CA/TFTP Server. ping 172.16.10.1 ping 172.16.10.2 ping 172.16.10.3 ping 172.16.10.100 Now perform initial configs on all vedge R1

config -t ransaction line vty 0 4 transport input ssh exit hostname R 2 system system-ip 2.2.2.2 site-id 102 organization-name KSPL vbond 172.16.10.2 exit interface GigabitEthernet1 no shutdown ip address 125.10.2.2 255.255.255. exit ip route 0.0.0.0 0.0.0.0 125.10.2.254 Below configs will be done after we have activated the chassis as mentioned in Slide 55 interface Tunnel1 ip unnumbered GigabitEthernet1 tunnel source GigabitEthernet1 tunnel mode sdwan no shutdown exit sdwan interface GigabitEthernet1 tunnel-interface encapsulation ipsec color biz-internet allow-service al l exit exit commit Check if you are able to ping all the controllers and the CA/TFTP Server. ping 172.16.10.1 ping 172.16.10.2 ping 172.16.10.3 ping 172.16.10.100 Now perform initial configs on all vedge R1

Installing Certificates on Edge devices. Install the Root Certificate on Edge routers by copying it from the CA Server via tftp and later install it. Run TFTP application on the CA server from the desktop. Locate the directory in TFTP Server where the Root cert is available. Make sure TFTP is running at 172.16.10.100 ip address.

R1# copy tftp://172.16.10.100/rootca.cer boot flash: R 2 # copy tftp://172.16.10.100/rootca.cer boot flash: R1 #request platform software sdwan root-cert-chain install bootflash:rootca.c er R2 #request platform software sdwan root-cert-chain install bootflash:rootca.c er Virtual routers don’t have a serial number. We need to get the serial numbers via vManage. Once the serial number is assigned to the virtual routers, vManage will automatically issue a device certificate to the edge devices. Copy Root CA and install it

+ Once the WAN Edge List is uploaded and synced to vBond, goto vManage > Configuration > Devices + Choose the appropriate Chassis Number from the list and then g enerate Bootstrap Configuration ” from the ellipses on the right + Select “ Cloud-Init” and click OK and c opy the UUID and OTP fields Enter the following command on the R1 and R2 cEdge CLI from exec mode: Activate the chassis one by one on R1 and R2. Open putty from desktop and load saved session of R1 and R2. R1# request platform software sdwan vedge_cloud activate chassis-number UUID token OTP where UUID and OTP are the strings from the Bootstrap Configuration

Use show sdwan control local-properties to check if the certificate is installed. It will take few minutes. Once certificate is installed check the Control, Ipsec, OMP and BFD sessions on the routers. #R1/R2# show sdwan control local-properties #R1/R2# show sdwan bfd sessions You can also check if all controllers and vedge are UP from vmanage GUI. You should see all the controllers and vEdges. The Lab is complete once all the controllers and 2 Vedges are UP. Monitor->Overview

Cisco SDWAN Controller bring up guide_47f101b8-b9cf-4eaa-9fb3-c1b016e0962c.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Cisco SDWAN Controller bring up guide_47f101b8-b9cf-4eaa-9fb3-c1b016e0962c.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx