{"id":2028,"date":"2024-02-03T23:56:00","date_gmt":"2024-02-03T23:56:00","guid":{"rendered":"https:\/\/www.balajibandi.com\/?p=2028"},"modified":"2024-04-28T08:45:57","modified_gmt":"2024-04-28T07:45:57","slug":"sd-wan-lab","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=2028","title":{"rendered":"SD-WAN Lab"},"content":{"rendered":"\n<p>Part of old <a href=\"https:\/\/www.balajibandi.com\/?p=1014\"><strong>BLOG<\/strong><\/a> post we learned SD-WAN components and their Roles.<\/p>\n\n\n\n<p>This Blog we going to Configure the SD-WAN Lab from Scratch and Verification.<\/p>\n\n\n\n<p>Note : Some of the Installation of CA on Windows 2019 and CA\/DNS\/DHCP (not part of this scope) &#8211; you may find enough documents online how that can be achieved. <\/p>\n\n\n\n<p>I have used below components to test :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Viptela 20.7.1: vManager, vBond, vSmart, vEdge,<\/li>\n\n\n\n<li>CSRv1000: csr1000vng-ucmk9.16.12.4a-sdwan<\/li>\n\n\n\n<li>ISRv &#8211; isrv-ucmk9.16.12.5-sdwan<\/li>\n\n\n\n<li>ISP and MPLS Router: IOL i86bi_LinuxL3-AdvEnterpriseK9-M_15.4.2-2T.bin<\/li>\n\n\n\n<li>Switches &#8211;  IOL SSA-iron-2019.bin<\/li>\n\n\n\n<li>DNS\/CA\/Management Server, Windows 2019 x64<\/li>\n<\/ul>\n\n\n\n<p>before we start configuring &#8211; SD-WAN planning very important also Certs for device communication each other in secure way.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"581\" height=\"299\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image.png\" alt=\"\" class=\"wp-image-2029\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image.png 581w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-300x154.png 300w\" sizes=\"auto, (max-width: 581px) 100vw, 581px\" \/><\/figure>\n\n\n\n<p>Network planning &#8211; Plan out number of devices per Branches, system IP addresses, and site IDs; plan WAN Edge device configurations, policies, Check any firewall ports that must be open to accommodate WAN Edge communication. <\/p>\n\n\n\n<p>Below Network Planning Information :<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"421\" height=\"252\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-13.png\" alt=\"\" class=\"wp-image-2048\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-13.png 421w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-13-300x180.png 300w\" sizes=\"auto, (max-width: 421px) 100vw, 421px\" \/><\/figure>\n\n\n\n<p>High level network Lab diagram:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"681\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-12-1024x681.png\" alt=\"\" class=\"wp-image-2047\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-12-1024x681.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-12-300x199.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-12-768x510.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-12-705x469.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-12.png 1282w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Below attached config &#8211; WAN-EDGE. MPLS, Internet<\/p>\n\n\n\n<p>Configuring vManage and installing the Certs from CA.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Boot up the vManage<\/li>\n\n\n\n<li>Take time to Install and you get login prompt ( Default admin\/admin works) &#8211; you can change the password initial Setup<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"467\" height=\"326\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-14.png\" alt=\"\" class=\"wp-image-2076\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-14.png 467w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-14-300x209.png 300w\" sizes=\"auto, (max-width: 467px) 100vw, 467px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li>You are prompted to choose a persona for a&nbsp;Cisco SD-WAN Manager&nbsp;server the first time that the server boots up after&nbsp;Cisco SD-WAN Manager&nbsp;is installed. The prompt appears in the command line as follows:\n<ul class=\"wp-block-list\">\n<li>1) COMPUTE_AND_DATA <\/li>\n\n\n\n<li>2) DATA<\/li>\n\n\n\n<li>3) COMPUTE<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select persona for vManage (1, 2 or 3): 1<\/li>\n\n\n\n<li>Then select Available storage (it required 100GB) and type Y to proceed.<\/li>\n\n\n\n<li>Once it boots up and wait for system ready message appears on the screen before you login (if not it  will warn you username and password not correct).<\/li>\n\n\n\n<li>Once system ready &#8211; login using admin\/newpassword.<\/li>\n\n\n\n<li>Basic Configuration vManage as below :<\/li>\n<\/ol>\n\n\n\n<p>Note : organisation-name should match all components to work as expected &#8211; if you have control connection issue check &#8220;<strong>organisation-name<\/strong>&#8220;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>config \n\nsystem \nhost-name vManage \nsystem-ip 10.10.10.11 \nsite-id 11 \nsp-organization-name  bb-lab   # This one you only see in VManage \norganization-name bb-lab\nvbond vbond.bb.local\n!\n\n!\nvpn 0\ninterface eth0\nip address 10.10.9.254\/24\ntunnel-interface\nallow-service all\nallow-service netconf\nallow-service sshd\nno shut\n\nip route 0.0.0.0\/0 10.10.9.1\n\ninterface eth1\nip address 192.168.1.154\/24   # This is My LAN IP to use GUI vManage\nno shut\nip route 192.168.1.0\/24 192.168.1.254  # Route to my Lan\n!\ncommit and-quit\nreboot \n\nOnce the device come online - check eth0 and eth1 able to ping from respected network segement.\n\n\nYou can access Vmanage https:\/\/192.168.1.154:8443\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"296\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-1-1024x296.png\" alt=\"\" class=\"wp-image-2032\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-1-1024x296.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-1-300x87.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-1-768x222.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-1-705x204.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-1.png 1392w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Configure organization name &amp; vBond Address<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Log into the vManage from the Server by browsing to <a href=\"https:\/\/192.168.1.154:8443\">https:\/\/192.168.1.154:8443<\/a>  using a username of admin and a password of admin.<\/li>\n\n\n\n<li> Navigate to Administration -&gt; Settings<\/li>\n\n\n\n<li>Click Edit on the Organization name and set it to bb-lab. Confirm the Organization name. Click OK.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"537\" height=\"141\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-2.png\" alt=\"\" class=\"wp-image-2034\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-2.png 537w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-2-300x79.png 300w\" sizes=\"auto, (max-width: 537px) 100vw, 537px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click Edit on the vBond address and change it to vbond.bb.local(make sure DNS working, if not use IP address 10.10.9.253). Confirm and click OK.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"757\" height=\"252\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-6.png\" alt=\"\" class=\"wp-image-2038\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-6.png 757w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-6-300x100.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-6-705x235.png 705w\" sizes=\"auto, (max-width: 757px) 100vw, 757px\" \/><\/figure>\n\n\n\n<p><strong>Install root Certificate on vManage<\/strong>  (i have used my MS CA Server to generate root certs, you can use your comfortable &#8211; like XCA or OpenSSL).<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"734\" height=\"318\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-8.png\" alt=\"\" class=\"wp-image-2042\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-8.png 734w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-8-300x130.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-8-705x305.png 705w\" sizes=\"auto, (max-width: 734px) 100vw, 734px\" \/><\/figure>\n\n\n\n<p>In vManage, Navigate to Administration -&gt; Settings -&gt; Controller Certificate Authorization<br>Right side click select file, navigate to downloads folder, on the right bottom select all files<br>Choose \u201cRootCert.cer\u201d<br>Click Open<br>Click import and Save<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"801\" height=\"685\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-7.png\" alt=\"\" class=\"wp-image-2039\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-7.png 801w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-7-300x257.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-7-768x657.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-7-705x603.png 705w\" sizes=\"auto, (max-width: 801px) 100vw, 801px\" \/><\/figure>\n\n\n\n<p>Generate CSR for vManage node<br> Navigate to Configuration -&gt; Certificates -&gt; Controllers -&gt; vManage -&gt; Generate CSR. (sign with your CA)<\/p>\n\n\n\n<p><strong>Installing the Identity Certificate for vManage<\/strong><br> In vManage, Navigate to Configuration -&gt; Certificates -&gt; Controllers<br> Select vManage and Click on the \u201cInstall\u201d button at the top right corner<\/p>\n\n\n\n<p>Click on right upper corner select \u201cSelect file\u201d.<br> Navigate to Downloads\/and select Type \u201cAll files\u201d<br> Select vManage.cer certificate<br> Click Open<br> Click Install<br> The Identity certificate should be successfully installed on vManage.<\/p>\n\n\n\n<p><strong>vBond bootstrap and Cert Installation<\/strong><\/p>\n\n\n\n<p>system<br>host-name vBond<br>system-ip 10.10.10.13<br>site-id 11<br>admin-tech-on-failure<br>no route-consistency-check<br>no vrrp-advt-with-phymac<br>organization-name bb-lab<br>vbond 10.10.9.253 local  # Local this is very important since this deviceacting as  vBond<\/p>\n\n\n\n<p>vpn 0<br>interface ge0\/0<br>ip address 10.10.9.253\/24<br>ipv6 dhcp-client<br>tunnel-interface<br>encapsulation ipsec<br>allow-service all <\/p>\n\n\n\n<p>no shut<\/p>\n\n\n\n<p>ip route 0.0.0.0\/0 10.10.9.1<\/p>\n\n\n\n<p>commit  <\/p>\n\n\n\n<p>reload <\/p>\n\n\n\n<p><strong>Add vBond to vManage<\/strong><br> Log into the vManage from the Server by browsing to https:\/\/192.168.1.154:8443 using a username of admin and a password of admin.<br>Navigate to Configuration -&gt; Devices -&gt; Controllers -&gt; Add Controllers -&gt; vBond and specify the following to add the vBond in vManage.<br>IP Address: 10.10.9.253<br>Username: admin<br>Password: MyPassword<br>Check Generate CSR<br>Click OK<br>Confirm and click OK.<br><\/p>\n\n\n\n<p> <strong>Download the generated CSR for vBond<\/strong><br> Navigate to Configuration -&gt; Certificates -&gt; Controllers -&gt; vBond -&gt; View CSR.<br> It will open a window with the CSR. Click Download to Local Drive ( rename that to vBond.csr) &#8211; since with your CA.<\/p>\n\n\n\n<p>Installing the Identity Certificate for vBond<br> In vManager, Navigate to Configuration -&gt; Certificates -&gt; Controllers<br> Select vBond and Click on the \u201cInstall\u201d button at the top right corner<br> Click on right upper corner select \u201cSelect file\u201d.<br> Navigate to Downloads\/and select Type \u201cAll files\u201d<br> Select vBond.cer certificate<\/p>\n\n\n\n<p> Click Open<br> Click Install<br> The Identity certificate should be successfully installed on vBond.<\/p>\n\n\n\n<p><strong>Onboard vSmart and Install Certificate :<\/strong><\/p>\n\n\n\n<p>system<br>host-name vSmart<br>system-ip 10.10.10.12<br>site-id 11<br>organization-name bb-lab<br>vbond 10.10.9.253<br>!<\/p>\n\n\n\n<p>!<br>vpn 0<br>interface eth0<br>ip address 10.10.9.252\/24<br>tunnel-interface<br>allow-service all<br>allow-service netconf<br>allow-service sshd<br>no shut<\/p>\n\n\n\n<p>ip route 0.0.0.0\/0 10.10.9.1<\/p>\n\n\n\n<p>!<br>commit and-quit<br>reboot<\/p>\n\n\n\n<p>Add vSmart to vManage<br>Log into the vManage from the Server by browsing to https:\/\/192.168.1.154:8443 using a username of admin and a password of admin.<br>Navigate to Configuration -&gt; Devices -&gt; Controllers -&gt; Add Controllers -&gt; vSmart and specify the following to add the vSmart in vManage.<br> IP Address: 10.10.9.252<br> Username: admin<br> Password: MyPassword<br> Check Generate CSR<br> Click OK<br>Confirm and click OK.<br><\/p>\n\n\n\n<p>Download the generated CSR for vSmart<br> Navigate to Configuration -&gt; Certificates -&gt; Controllers -&gt; vSmart -&gt; View CSR.<br> It will open a window with the CSR. Click Download to local Copy and rename to vSmart.csr and sign wth Local CA.<\/p>\n\n\n\n<p><strong>Installing the Identity Certificate for vSmart<\/strong><br> In vManager, Navigate to Configuration -&gt; Certificates -&gt; Controllers<br> Select vSmart and Click on the \u201cInstall\u201d button at the top right corner<br> Click on right upper corner select \u201cSelect file\u201d.<br> Navigate to Downloads\/and select Type \u201cAll files\u201d<br> Select vSmart.cer certificate<br> Click Open<br> Click Install<br> The Identity certificate should be successfully installed on vSmart.<\/p>\n\n\n\n<p>You will see as below success &#8211;  if all Synched correctly :<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"261\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10-1024x261.png\" alt=\"\" class=\"wp-image-2045\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10-1024x261.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10-300x76.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10-768x195.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10-1536x391.png 1536w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10-705x179.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/02\/image-10.png 1874w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Resync root certificate with browser :<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1011\" height=\"167\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/03\/image-8.png\" alt=\"This image has an empty alt attribute; its file name is image-11.png\" class=\"wp-image-2123\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/03\/image-8.png 1011w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/03\/image-8-300x50.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/03\/image-8-768x127.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2024\/03\/image-8-705x116.png 705w\" sizes=\"auto, (max-width: 1011px) 100vw, 1011px\" \/><\/figure>\n\n\n\n<p>Now we now completed Controller &#8211; Next Blog we will continue onboarding EDGE device <a href=\"https:\/\/www.balajibandi.com\/?p=2051\" data-type=\"link\" data-id=\"https:\/\/www.balajibandi.com\/?p=2051\">PART2<\/a>&#8230;! <\/p>\n\n\n\n<p>Happy Labbingggggggggggggggg..!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part of old BLOG post we learned SD-WAN components and their Roles. This Blog we going to Configure the SD-WAN Lab from Scratch and Verification. Note : Some of the Installation of CA on Windows 2019 and CA\/DNS\/DHCP (not part of this scope) &#8211; you may find enough documents online how that can be achieved. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,2,32],"tags":[],"class_list":["post-2028","post","type-post","status-publish","format-standard","hentry","category-ccie-rns","category-cisco","category-sd-wan"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/2028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2028"}],"version-history":[{"count":9,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/2028\/revisions"}],"predecessor-version":[{"id":2124,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/2028\/revisions\/2124"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}