Following is the network diagram. Please note that vManage, vBond and vSmart and vEdges are already initialized here. Also the vEdges and cEdges are added to vManage via serialFile.viptela file. You can find those in previous posts.
After bootup, you can console it and it will ask to change the password where the default username and passwords are both "admin".
Configuring cEdges is slightly different from configuring vEdges but the functionality is basically the same. According to the lab diagram, following are the configuration needed for vEdge1. It is just like the Cisco CLI.
!
config-transaction
!
hostname cEdge1
!
system
system-ip 10.1.1.112
site-id 2
vbond 10.10.10.20
organization-name TEST-ORG1
exit
clock timezone GST 5 30
!
int GigabitEthernet1
no shut
ip address 10.10.22.1 255.255.255.252
exit
ip route 0.0.0.0 0.0.0.0 10.10.22.2
ip route 0.0.0.0 0.0.0.0 172.16.1.254
!
interface Tunnel1
no shut
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
!
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
allow-service all
allow-service sshd
commit
!
I have added only the cEdge1 config here; For cEdge2, System IP, Site ID, IP addresses will be changed.
Key Things to Note:-
system-ip is just an ID, which does not need to be routed. It is there to identify the device and it's just a number like OSPF router-id.
organization-name is very important as all the controllers, edges and the controller profile in smart account also need to match..
you can allow all services or just limit to sshd, https etc only.
You will not see "interface Tunnel1" command in context sensitive help but it will work after you enter the command. This tunnel number directly mapping the interface number at the backend. Ex:- Tunnel1 is mapping the GigabitEthernet1.
**You can see the VPN 0 is not defined in configuration, as there is no such concept in cEdges. It has VRF concept instead. When the interfaces are not defined with a VRF, they belong to the default which acts as the transport VPN.
As you can see, there are 2 default routes because each transport must have reachability to vBond and vSmart in order for OMP (Overlay Management Protocol) to work properly on both transports. More abut this and a workaround to overcome this will be discussed in a later post.
Now let's add the cEdge to vManage.
To do that we need to have the Root Cert installed in to the cEdge. We will do it by making CA Server a TFTP server and copy the CA Root Cert from CA Server to cEdge1 via TFTP.
!
copy tftp://10.10.10.40/CARoot.cer flash:CARoot.cer
!
request platform software sdwan root-cert-chain install bootflash:CARoot.cer
!
request platform software sdwan vedge_cloud activate chassis-number <> token <>
!
The chassis number and token can be found in Configuration > Devices > WAN Edge List on vManage.
If everything worked well, we can see the State as "certificate installed" in WAN Edge List on vManage.
No comments:
Post a Comment