Scribd
Upload
289 views

Cisco SD-WAN: SD-WAN: WAN Solutions SD-Access: LAN & Campus Solutions ACI: Data Center Solutions

Cisco SD-WAN includes components like vManage, vBond, vSmart, and vEdge routers that allow configuration of transport VPNs, management VPNs, and routing VPNs. The lab topology consists of a vManage, vBond, vSmart, and two vEdge routers and two external routers. Basic configurations are completed on all devices including transport VPNs, management VPNs, default routes, and routing VPNs. Certificates are generated, signed by the CA server, and installed on all devices. The routers are added to vManage and their configurations are verified through the dashboard and CLI commands.

Uploaded by

Gladys Quispe Colqui
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
289 views

Cisco SD-WAN: SD-WAN: WAN Solutions SD-Access: LAN & Campus Solutions ACI: Data Center Solutions

Cisco SD-WAN includes components like vManage, vBond, vSmart, and vEdge routers that allow configuration of transport VPNs, management VPNs, and routing VPNs. The lab topology consists of a vManage, vBond, vSmart, and two vEdge routers and two external routers. Basic configurations are completed on all devices including transport VPNs, management VPNs, default routes, and routing VPNs. Certificates are generated, signed by the CA server, and installed on all devices. The routers are added to vManage and their configurations are verified through the dashboard and CLI commands.

Uploaded by

Gladys Quispe Colqui
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Cisco SD-WAN

Cisco SDN:
SD-WAN: WAN Solutions
SD-Access: LAN & Campus Solutions
ACI: Data Center Solutions

Cisco SD-WAN Components:

 vMange
 vBond
 vSmart
 vEdge Router

Lab Topology:
Default Login Credentials:
Username: admin
Password: admin

How to reset SD-WAN components: Lab Topology:


Basic Configuration: vManage:

Basic Configuration:

VPN 0 Configuration: Transport VPN

VPN 512 Configuration: Management VPN

Default Route Configuration:


Root CA Certification Installation on vManage:

Web Access vMange: https://10.1.99.1

Go to: Administration--Setting:

Do the following change setting:

 Organization name: koenig


 vBond: 172.16.10.2 Port : 12346
 Controller certificate Authorization: Edit: Enterprise Root Certificate: Select file
CA certificate file: we need to download from CA Server:
https://10.1.99.1/certsrv

Select Base 64 and Click on Download a CA certificate.

Note: CA certificate we need to install only on vManage.


How to generate CA signed certificate for VManage:

Certificate Request from vManage:


Configuration: Certificates: Controllers: Select vManage: Click on generate CSR

Certificate Request from CA Server:

Request a certificate: Advanced certificate request: Submit a certificate request:


Click on download certificate: CA server signed certificate downloaded.
Install CA signed certificate on vManage:
Select vMange from controllers: click on install certificate: select a file: click on install:
Basic Configuration: vBond
Basic Configuration:

VPN0 Configuration: Transport VPN

VPN512 Configuration: Management VPN

Default Route Configuration:


How to add vBond to vManage:
Configuration: Devices: Controller: Add controller: Select vBond:

 vBond Management IP Address: 172.16.10.2


 Username: admin
 Password: admin

How to generate CA signed certificate for vBond:

Certificate Request from vBond:


Configuration: Certificates: Controllers: Select vBond: Click on generate CSR
Certificate Request from CA Server:
Request a certificate: Advanced certificate request: Submit a certificate request:

Select Base 64 encoded and Click on download certificate: CA server signed certificate
downloaded.

Install CA signed certificate on vBond:

Select vBond from controllers: click on install certificate: select a file: click on install:
Basic Configuration: vSmart
Basic Configuration:

VPN0 Configuration: Transport VPN

VPN512 Configuration: Management VPN

Default Route Configuration:


How to add vSmart to vManage:
Configuration: Devices: Controller: Add controller: Select vSmart:

 vSmart Management IP Address: 172.16.10.3


 Username: admin
 Password: admin

How to generate CA signed certificate for vSmart:

Certificate Request from vSmart:


Configuration: Certificates: Controllers: Select vSmart: Click on generate CSR
CA Singed Certificate Installation Verification:
Configuration: Devices: Controllers: Certificate Status: Installed
Configuration: Certificates: Controllers: Certificate Serial No.:

Main Dashboard Verification:


How to add vEdge Router List to vMange:
Configuration: Devices: WAN Edge List: Upload WAN Edge List:
WAN Edge list Upload Method:

Select .viptela file and select the Check box (validate the uploaded vEdge list and send to controller).
Click on upload button.

Configuration: Certificates: WAN Edge list: Click on Valid to enable Chassis No and token no.:
After Validate the all the devices click on send to controllers:
Basic Configuration: vEdge Router
Basic Configuration:

VPN 0 Configuration: Transport VPN

VPN 512 Configuration: Management VPN

Default Route Configuration: Gold (Internet)

VPN 10 Configuration: Routing VPN


How to download and install CA server certificate form CA Server: (Need TFTP Server):
TFTP Server setting:

After TFTP Server Setting: vEdge CLI: type the below command:

CA Server certificate download Verification:


Take the putty session of vEdge Router to activate vEdge Router:
Chassis Number and token has been taken from below screen:

After Successful activation serial number will be generated like above screen in last row.

Main Dashboard Device Verification:

Command Line Verification: vManage and vSmart:

 show control connections


 show control local-properties
 show interface eth0
 Show running-config VPN 0

Command Line Verification: vBond

 show orchestrator connections


 show orchestrator summary
 show system status
Basic Configuration: R1 Router
Basic Configuration:

VPN 0 Configuration: Transport VPN

Default Route Configuration: Gold (Internet)

VPN 10 Configuration: Routing VPN


Certificate Installation Process: R1

State: Certificate Installed Serial No.:B9C65643 Hostname: R1 IP Address: 1.1.1.1

Now click on send to controllers:

Take the putty session of R1 to download & install CA Server and activate and install certificate on
R1 Router:
Basic Configuration: R2 Router
Basic Configuration:

VPN 0 Configuration: Transport VPN

Default Route Configuration: Gold (Internet)

VPN 10 Configuration: Routing VPN


Take the putty session of R1 to download & install CA Server and activate and install certificate on
R2 Router:

State: Certificate Installed Serial No.:4B170CFA Hostname: R2 IP Address: 1.1.1.2

Now click on send to controllers:


Finally: Main Dashboard, Device & Controller Status:
Additional Configuration

Addtitional Configuration : R1

Addtitional Configuration :R2


Command Line Verification Commands:

 Show ip routes
 Show ip routes summary
 Show ip routes omp

vMange Verification :
OMP : Overlay Mangement protocol
TLOC : Transport Locator : System-ip+Color+Encapsulation:

Monitor: Network

Click on R1 and select Real Time: Device options: IP Routes


Click on R1 and select Real Time: Device options: OMP received routes

Click on R1 and select Real Time: Device options: OMP received TLOC

You might also like