Following is the network diagram. Please note that vManage, vBond and vSmart are already initialized here. Also the vEdges and cEdges are added to vManage via serialFile.viptela file. You can find those in previous posts.
vEdge version used in this lab is 20.7.1
After bootup, you can console it and it will ask to change the password where the default username and passwords are both "admin".
According to the lab diagram, following are the configuration needed for vEdge1. It is just like the Cisco CLI.
!
config t
!
system
host-name vEdge1
system-ip 10.1.1.111
organization-name TEST-ORG1
site-id 1
vbond 10.10.10.20
clock timezone Asia/Colombo
!
vpn 0
ip route 0.0.0.0/0 10.10.11.2
ip route 0.0.0.0/0 172.16.1.254
interface ge0/0
ip address 10.10.11.1/30
no shut
tunnel-interface
encapsulation ipsec
allow-service all
allow-service sshd
exit
exit
!
commit
!
Key Things to Note:-
organization-name is very important as all the controllers, edges and the controller profile in smart account also need to match..
ge0/0 is the default interface configured for VPN0 (the underlay VPN)
You can allow all services or just limit to sshd, https etc only.
As you can see, there are 2 default routes because each transport must have reachability to vBond and vSmart in order for OMP (Overlay Management Protocol) to work properly on both transports. More abut this and a workaround to overcome this will be discussed in a later post.
Now let's add the vEdges to vManage
To do that we need to have the Root Cert installed in to the vEdge. We will do it by making CA Server a WinSCP server and upload the CA Root from CA Server to vEdge1 via SFTP (port 22).
To do that we need to have the Root Cert installed in to the vEdge. We will do it by making CA Server a WinSCP server and upload the CA Root from CA Server to vEdge1 via SFTP (port 22).
Default folder in vEdge is /home/admin
Now enter the command "request root-cert-chain install /home/admin/CARoot.cer" in vEdge CLI
Then the activation command "request vedge-cloud activate chassis-number <####> token <####>"
The chassis number and token can be found in Configuration > Devices > WAN Edge List on vManage.
Now what happens at the backend is that the vEdge will communicate the vBond to get it onboarded. You can see the State as "certificate installed" in WAN Edge List on vManage if everything went well.
Certificate Installed means that the vManage is creating and installing the ID Cert of vEdge into vEdge after onboarding automatically.
Note that this is possible because "WAN Edge Cloud Certificate Authorization" is set to "Automated" in Administration > Settings. If it is set to "Manual" you have to copy the CSR and sign it and install like we did to onboard vBond & vSmart.
Additionally you can test by CLI command "show control connections"
No comments:
Post a Comment