Following is the lab used in this post.
As you can see, there are 3 WAN sites. All the devices will be configured in upcoming posts.
vManage version used in this lab is 20.7.1
After bootup, you can console it and it will ask to change the password where the default username and passwords are both "admin". Then it will ask to format the disk.
It will take some time to perform the format operation..
According to the lab diagram, following are the configuration needed.
It is just like the Cisco CLI
According to the lab diagram, following are the configuration needed.
It is just like the Cisco CLI
!
config t
!
system
host-name vManage
system-ip 10.1.1.101
organization-name TEST-ORG1
site-id 100
vbond 10.10.10.20
clock timezone Asia/Colombo
!
vpn 0
ip route 0.0.0.0/0 10.10.10.1
interface eth0
ip address 10.10.10.10/24
no shut
tunnel-interface
allow-service all
commit
!
Key Things to Note:-
system-ip is just an ID, which does not need to be routed. It is there to identify the device and it's just a number like OSPF router-id.
organization-name is very important as all the controllers, edges and the controller profile in smart account also need to match.
Eth0 is the default interface configured for VPN0 (the underlay VPN), you can allow all services or just limit to sshd, https etc only.
After login in to the GUI, two of the things which were configured from the CLI needs to be configured again.
1. Organization name
2. vBond IP
To do that, Go to Administration > Settings and configure the 1st two options.
Now what is remaining is installing the certificates.
Each SD-WAN device must have 2 certificates.
1. Root Cert
2. ID Cert
ID Cert is the certificate which belongs to the device itself.
Root Cert is the CA Cert which is used to generate the CSR of the ID cert to get signed by the CA.
First the CA Root cert must be downloaded to the vManage.
Download the CA Cert as Base 64
Go to Administration > Settings
Edit Controller Certificate Authorization
Change Certificate Sigining by to Enterprise Root Certificate
Paste the Root CA as text
Tick "Set CSR Properties"
Enter the correct Domain Name, Organization, City, State, Email & Country Code
Hit "Import & Save"
Then the CSR should be generated and send to CA to Sign and it becomes the ID Cert of vManage.
Now Go to Configuration > Certificates
Select controllers
Click on the 3 dots at the right side of the controller and select Generate CSR
Download the CSR and send it to CA Server to get it signed..
After you have it signed, you can Go to Configuration > Certificates again and hit "Install Certificate"
and paste the certificate content as text to install the certificate.
After few seconds, the status will turn to green with a Success..
No comments:
Post a Comment