5. SD-WAN Controllers and Edge Setup | How to Setup an SD-WAN lab in EVE-NG Pro on Google Cloud

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone thank you very much for clicking on this video this should be our last and final video in setting up sd-wan in the eveng on google cloud so on the previous videos we created the vm in google cloud we got even g partly set up we got our smart account set up and now we are actually going to work and set up the sd-wan lab so if you haven't already you want to go ahead and import the lab into your even g instance so to do that you go up here to import and then you would select either from the io folder whether you're using io images for the underlying or the viral folder and then you would click on the zip file right here so once you double click open and then you would upload and then the lab would appear here so now to open it you just click open and now we are ready to begin so the first thing we're going to do is configure some things on the linux socket container in this topology it's the linux server or underscore server double click on it and going to download the rdp connection to you and click on it hit connect and it's going to connect to um the linux software container so you can drag it up here and snap it to the top and hit ok the first thing we are going to do with the linux software container now that our ip addressing is automatically set up is we are going to change some ssh configuration similar to what we did in the google cloud vm but now what we are going to do is also permit root login so we can download the certificate of the server right here to the ch which will be done later on in the video so to do that you have to go to applications system tools meet terminal you can either do it that way or hit control t on the keyboard and you want to type in pluma slash etc ssh slash ssa d underscore config and it's going to bring up a graphical text editor in which we will similarly also take out the pound sign from uh root login so right here so permit root login you want to delete the pound sign hit control s to save and then close this out so right now we are pretty good uh done with a configuration with the docker container and now we are actually going to move on and configure the vmanage vsmart and vbond devices so you can go ahead and either close this or minimize this to move this out to the side and now what you need to do is make sure all your devices are on so select them all and then right click and hit start selected and i'm going to double click on the b manage to begin configuration with the b manage i'm going to hit enter the default password username and password are admin admin all lowercase it wants us to set the initial password and then it wants us to install uh to a virtual hard disk so if you remember earlier in the series we created a virtual hard disk known as hdb i'm going to select that by tapping number one hitting enter y to format the hdb drive and it's going to go ahead and format the drive and then it's going to restart and it's going to make us log back in so i'll resume once we uh get to the login prompt all right so now we are at the login palm so where it said you manage login you want to type in your username in this case it's admin and i set the same password so if you get system is initializing please wait to log in give it a few moments to go ahead and initialize this usually takes anywhere from like 30 seconds to a minute and no say system is ready i'll resume once that pops up alright so it says system ready so now we can go ahead and log in again and then it will go ahead and say welcome to the viptela cli and it says v managed and pound sign and now what we are going to do is paste our skinny configuration so i'm actually going to walk you through and show you what parts uh you need to change and modify and i'll go ahead and move this over to the side of it and i'm going to bring this back up pull this up and what you could see is for the beam manage i'll also make sure to include this in uh file share is to configure it you go to config and then you go to system sub configuration mode we are assigning it the host name of the system ip is analogous to the bgp router id make sure this is unique whenever you configure it you can leave it same here if you import the lab but make sure that this system ip is not the same address of any of the interfaces you are using not seen as spit on an error you have your site id i am in site one and we are configuring the vpn0 the transport uh interface uh or actually transport address of vbond which is one one one three so make sure you use the uh ip address that corresponds to the v bonds vpn 0 address then we are configuring vpn 0 we're using interface e 0 we are assigning it a address of all ones slash 28 no shutdown no tunnel interface later on we will enable the tunnel interface we're pointing a static default route to the border router right here and then similarly with vpn 512 we have a ip address no shutdown and this is optional but i'm just pointing a static route um to the linux server static default route so make sure just again when configuring your organization name that this matches exactly with what you typed in when setting up the vbond and going through the smart account setup so when i said remember this you want to go ahead and replace uh right here vmware networking with your own organization name but once we are ready i'm going to select all of this right here i'm going to clock click copy and move this to the side i'll drag this back in and go ahead and right click and paste the configuration so if everything goes well it should say commit complete and now we are actually ready to move on to configuring the vsmart so i'm going to push this out to the site again once again i'm going to double click on vsmart drag it back in it's going to prompt me with the vsmart login it's both admin admin and lowercase it wants us to set a password just going to use the same password and it doesn't require us to install anything else it's just going to prompt us with the vsmart prompt similarly let me show you the skinny config so i'm configuring the hostname of vsmart same thing with a unique system ip i'm using the same side id so everything in the controllers and orchestrators a unique host name give it the unique system ip organization name remember that your organization name must match on all devices again it would seem v1 vpn 0 address uh of the v bond with vpn0 i assign interface e0 provided this address no tunnel interface very similar config to the vmanage so i'm going to go ahead and select all of this right click and copy and i'm going to paste it all should commit and quit and it says commit complete so now i am going to go ahead and bring up the v bond so the same exact credentials admin admin i'm just going to type in admin again and as i mentioned before in the previous videos this is uh the v edge it's using the vh image so don't get thrown off if it says vh right here what i'm gonna do now is drag in the skinny config so one big difference between you know the actual ip addressing of the interfaces is that when you configure your b-bond you want to type in on the v-bond the address the vpn 0 address of itself and then you want to type in local so the other devices know that this is the v bond and not a b edge so i'm going to go ahead and select all the configuration here i'm going to copy i'm going to right click and it's going to go ahead and configure everything from an equip and the commit is complete so now what i'm going to do is actually drag this out to the side and head back on to the configuration of the the next doctor container or linux server the name so now what i'm going to do is i'm going to generate the keys and insert so what i'm going to type in is to generate the ca key i'm going to copy this and to paste something you type or you hit ctrl shift v and this is the command i'm going to generate the key and hit enter and it should be relatively quick and we are going to generate convert the key and to acer so very important that you hit enter one by one you don't run through the whole thing because here's where we're also going to configure our organization name i'm gonna paste this in hit enter once i'm gonna type in my country code so us enter enter this is my organization name so exactly how it's in the how how i exactly typed it in the v bond and on the other devices i'm going to hit enter and you can go ahead and hit enter for the other ones and we should see here if i type ls to list that i have the case start created right here so now what we're going to do is actually go ahead and copy the ca start using secure copy protocol to the controllers and orchestrator so to do that i'm going to paste this in so scp the file name ca.crt to admin at 192.168.11 which is a vpn 512 address of the vmanage so when copying the search we're going to be using the vpn 512 addresses so the management network i'm going to go ahead and hit enter i do want to accept the key and i'm going to type in the password and we should see a hundred percent copied successfully saying i'm gonna do the same for the second and third device and now we can see that all the starts were successfully copied once again i'm going to drag this out to the site and i'm actually going to go on the controllers and orchestrator and install the certificate the root ca so i'm going to drag this out i'm going to bring this back up and in order to do that i'm going to type this command in request root searching install then the directory is slash home slash admin slash and then this file name is ca.crt you want to go ahead and enter that and you want to see that it successfully installed the root certificate chain all right so i got it successfully installed on all three of the devices and what we need to do now is resync the database of the vmanage so i'm going to bring back up my rdp connection i'm going to open up firefox right here and i am going to type this in and close this tab out and click on advanced and then actually go ahead and acceptors can continue and then type in the default credentials which is again lowercase admin lowercase admin and we can see that once it says sync root searching is done we can go ahead and actually head into the vpn512 address of the vmanage so i'm just going to go ahead and just select this part right here and delete it out so 192 you want to make sure you go to https colon slash 192.1681 and it will bring you to this page so now we are in the main dashboard of the vmanage we need to change some settings before we continue with anything else do that we click on the menu right here we go down to administration settings and what we are going to do is assign it the organization name we're going to configure the vpn0 address of the vbond and we are going to upload the ca cert and change it from cisco to enterprise to that i'm going to edit the organization name i'm going to type the organization name i created and click on save to save it foreign i'm going to click on edit i'm going to type the vpn 0 address of the vbond you could refer to the topology just in case you forgot then i'm going to click on save and then i'm going to click on controller certificate authorization i'm going to click on edit enterprise root certificate proceed select the file go to the root directory change this to all files and select the ca cert double click on it scroll down a bit and then import and save so if you successfully created the search correctly it should change it to enterprise right here now what we're going to do is we are going to generate the certificate signing requests for each of the controllers so in order to do that i'm going to click on the menu right here and then go to configuration then under certificates head to controllers right here on the right actually before i do that i need to head to devices sorry and then to controllers and i'm going to add the v bond and be smart using their vpn0 addresses so i'm going to click on vbond i'm going to type in username of admin and admin and then for the vbond management ip address i'm going to type in 1.1.1.2.3 and then click on add make sure to uncheck the generate csr and same thing with the be smart deselect this and type in 1.1.1.2 to add it so once again remember this is vpn0 address then click on add and if it you enter the correct settings it should show up this page and now what we are ready to do is actually go ahead and create the certificate signing requests so actually before i go ahead and do that i'm going to change the download settings so we can easily rename the csrs i'm going to open up a new tab and click on the menu right here then i'm going to click on preferences i'm going to type in downloads and i'm going to click on add square to save files and then you can go ahead and close out this tab so to download or to generate the csrs you need to go to certificates controllers select the vmanage first and i'm going to click on generate csr certificate signing request and it could download save bio okay and make sure it's called bemanage.csr right here you want to save it under your rib directory remember under capital m right here lowercase v save go ahead and close this out next thing to do is do it with the vsmart as well and then finally do it with the v bond generate csr so now what you want to do is you want to make sure all these files are in a root directory but to do that i'm going to click on places home folder we could see that the csrs are right here certificate signing request and now we are actually going to pull up the terminal and sign the certificate signing requests make them search now now what i'm going to do is go ahead and paste this in you should see that it should give us this output same thing with the second command you should see that our ou should be the one we typed in exactly earlier and then finally the same thing with the v smart one and we can go ahead and minimize this for now we can see that now we have both a csr and a crt for each of the controller devices so i'm going to go ahead and minimize this and what we want to now do is actually upload or install the certificates to the controllers so first i'm going to select the v bond right here make sure it's highlighted install certificate select the file all files vbond.crt don't click on the csr click on the crt click open and install now this should give you this output and you could refresh and it says success so what you want to do is go ahead and hold up back to under configuration right here and then certificates controllers then you want to go and select the vsmart now make sure it's highlighted install start select the file all files vsmart.crt open install you can see that it says success and then finally the same thing with the last device which is will be managed so select the vmanage make sure it's highlighted install certificate all files and then be managed.crt install refresh this a couple times and then we should see that it should be successful so now to verify everything you want to go down to configuration then to devices then to controllers and we should uh we should get this output right here and what you want now want to do is make sure that you set the vpn0 interfaces of the controllers to tunnel interface so i'm just going to move this out to the side and actually bring back the terminal to all the devices so for the b manage i'm going to type in config t i'm going to type in dpn0 interface eth0 and then i'm going to type in tunnel dash interface commit and quit save and same thing with vsmart will come big vpn 0 interface if 0 then tunnel dash interface commit and quit and then very similar with the v on so config the interface is a bit different it's ge zero zero so vpn zero interface g zero slash zero tunnel dash interface and then you wanna type in encapsulation ipsec and then commute and quit and we should see that the commit is complete and we can now move this out to the side once again and actually bring back up the rdp connection and we should see that the device status is in sync now so now we are actually ready to go ahead and onboard the edges so now what i'm going to do is just minimize this window actually move it out to the side and then double click on the v edge to bring it up so open secure crt and bring this back up actually right before i do that i'm actually going to go ahead and restart the linux server so we can restart the ssh configuration which we have to make sure is functioning correctly so then we can later onboard the ch so to do that i'm just going to right click right here click stop it's going to close out the rdp connection give it a few moments and then right click and hit start so we won't have we're not going to open it up right now uh we're actually just going to focus on the v edge for right now so i'm going to drag this in like the other viptela devices uh login is admin admin it wants us to set a initial admin password i'm just going to do the same thing and use admin admin and i'm going to right now drag in the skinny configuration for the device so for the ch actually sorry for the v edge we're going to do config system we're going to give it a hostname of the edge a unique system ip this one is in site id 10 right here the site id doesn't really matter but it's just to follow along with the diagram remember same organization name as all the devices we want to give it the vpn 0 address of the v bond in this case it's 1 1 1 3 and then for the vpn 0 address or vpn 0 interface right here i'm using interface ge00 i'm really not using the internet clouds there for illustration purposes you can go ahead and use it as well but i'm just going to go ahead and unconfigure the pn0 interface using ge00 and the ip address is 10 1 0 1 24 and then i'm going to give it a default route a static default route to 1010.254 which is the ip address of mpls clouds e0 0 so i'm going to select all of this right here i'm going to click copy move this out to the side bring this window back in and then right click to paste it all in i think i'm going to type in commit and quit save we should see that the commit is complete so now what we need to do is actually bring up the link stock container once again and double click on it download the rdp connection connect i'm going to snap this back up to the top and what we're going to do now is we're going to grab the c acer and actually copy it over to the b edge so to do that i'm going to click on applications accessories pluma open and i'm going to type or actually click on the c8.crt so the one we initially created right here double click on that and then i'm going to select all this from the bottom to the top and then right click and hit copy and then i'm going to minimize this window right here and move this once again out to the side i'm going to bring up the v edge and the vh is actually based on linux so i'm going to use vm to actually save the ca serp so to get into the linux show and type in vshow and then i'm going to type in for the device vm ca sorry bim c a dot c r t now in order to type something in vim i need to hit i on the keyboard once so letter i and then i'm going to right click everything or right click on the screen so to say i am going to hit is the escape key on the keyboard then type in colon w to right and q to quit and then i'm going to see if i successfully wrote it so i'm going to type in c app ca.crt we can see that we have our certificate right here so now what i'm going to do is actually exit out of the v shell and i am going to now install the certificate so to do that i am going to type in this command right click and paste it so request root search chain install and then i'm going to point to where i save the file so it's under home admin and then the file name in this case it's ca.crt so to install the root cert it should copy and update and then successfully install so now we are almost ready to completely onboard the vh i am once again going to drag this to the side i'm going to pull up my rdp connection once more and then i am actually going to go now and get the otp and chassis number that i need to activate the device so i'm going to open back up firefox i'm going to if not already i'm going to type in this ip address it's going to land you most likely in this page and now i'm going to go ahead and upload the serial list so to do that i'm going to go to configuration then to devices and then all right sorry the one edge list you click right here i'm going to click validate the uploaded vh list and sent to controllers then i'm going to click on browse and i'm actually going to navigate to my c drive through the google cloud vm so to do that i need to click on thin client drives c then users i'll click on mine then what i'll do is look for the folder i save my file in the serial list double click on it to open then click upload and okay so one thing to actually remember is that i created this uh using a different view vibon ip address some time ago so whenever you configure your bubon ip address you can actually reuse the same file and have a different addressing scheme but just make sure that your organization name is the same one that you created so just in case you wanted to change up the lab topology or create your own you could still use the same serial file anyway so right here it says success for all three boxes now what i'm going to do is go under configuration then devices and we could see that uh our device models that we specified so the vh cloud dna and the csr1kb uh denoted by cs1000bnbhcloud are here in my case i created a room for more devices yours might be a bit shorter but right now all we're going to focus on is a vh cloud so highlighting one of the entries right here i'm going to click on the menu right here and i'm going to click on generate bootstrap configuration i'm going to accept the defaults and then bringing the terminal back up or the console connection i am going to type in on the vh request vh dash cloud activate chassis number move this though to the side i'm going to copy the uuid that is the chassis number right click copy then i'm going to paste then type in token once again move this to the site and copy the one-time password or otp copy and paste that in and hit enter and we should give a few moments and it should actually start to go ahead and register once we have done this we now need to configure the vpn 0 to become a tunnel interface so in case you forgot what interface you used for the vpn 0 i need to just type in show run scroll down a bit and right here where it says vpn 0 type in config vpn 0 interface ge 0 0 and then tunnel dash interface commit and width and actually it prompts us to enter the interface encapsulation so i need to type in a encapsulation or actually ipsec encapsulation ipsec and then run through and hit commit and quit once again this successfully commit and we need to move this out to the side once again and we should refresh this a few times and we see that it might start changing state and now it says that uh certificate is installed so to verify that we are ready to go for configuration of the bh once you actually want to go ahead and configure it i'm going to type in show control local dash properties and we can see that the root cert root ca chain status is installed the cert is installed it's valid it gives us a date range and then we could see that the token number is invalid which means that this has successfully registered with the controllers so now i'm going to go ahead and move on and bring up the ch now so i'm going to drag this out once again to the side same with the rdp connection double click on c edge to bring it up and type in the password of admin and admin wants us to create a new password and it will prompt this up now so i'm going to type in enable to go to enable mode and then type in config-t for config transaction give it a few moments to load up and i should say the admin connected from 127.01 to console on router and now we are ready to go through the skinny configuration for the c edge so for the c edges skinny configuration it's a bit different than the vh1 so first of all we're using config transaction to go into config mode giving it you know same i mean unique side system ip different site id same organization name as all devices pointing to the same view on as all devices under interface g1 i'm assigning this ip address and i'm creating a static default route to the mpls cloud router so i'm going to go ahead and copy this and paste it in it's going to go ahead and commit it says commit complete and i'm going to type in actually yes to save the commands or to actually save the configuration and now we are actually ready to go ahead and register this to the controllers so i'm going to bring back up our rdp connection by the way in the configuration i'll also be sure to uh type in logging synchronous under linecon 0 and noip domain lookup anyway so for csr1000b i'm going to select once again the menu right here one of the entries for it then i'm going to click on generate bootstrap configuration very similar except the defaults i'm going to copy the uuid right here and then on the actually right before we go ahead and finish and do that we need to copy the ca cert from the linux soccer container to the c edge device so i'm going to type in copy scp colon slash root at 1.1.1.4 spaceboot flash of course i also have this inscription source file name is ca.crt destination file name the password is eve no we will see that it successfully copied uh the serp so now i'm going to install the serp very similar to the other devices it's a bit different but very similar i'm going to type in and go to the beginning and request platform software sd-wan root searching install and then where it's located boot ca dot crt go ahead and hit enter it is now up so now i'm actually going to go ahead and register it so i'm going to move this out to the side copy this bring the ch back up and type in request platform software sd-wan vh cloud activate chassis number paste the uuid in space token and then we're gonna paste in the one-time password select all this copy bring this back up enter the token give it a few moments and then we are now going to configure the tunnel interface so this is a bit different than um the vh a little bit similar in a way so whenever you create your tunnel interface you want to do interface tunnel zero no shutdown you wanna have your ip number interface be the same one as your source interface you wanna tell it the tunnel mode is sd-wan and same thing uh with right here so all three of these interfaces much must be the same i'm using tunnel interface encapsulation ipsec color default and what i'm going to do is go back to the ch type in config click config t select all of this right here ctrl c and go ahead and paste it so the complete commit is complete and we should see that the interface tunnel zero it will change state to up and we could see that now it's starting to register to the controllers you'll see a lot of dialogue going back and forth and output i'm going to type in show sd-wan control local dash properties you have a few moments load up and we can we'll give this a few more moments and we'll actually see that it successfully installs the certificate so i ran it once more and gave it a few more moments and it says that the certificate is valid we have a before and after date and now we can see that we have for the token is invalid and now we have successfully brought the v or c edge into the sd-wan network now what i'm going to do is once again move this out to the side you can actually go ahead and close this same with the notepad and close this out you could see that the cert is installed and we can now go ahead and head back to dashboard then main dashboard and we should now be able to see that we have two and edges up one be smart up one b bond up 1b manage up and we have successfully onboarded all the devices before i go uh if you wanted to save some money or save some credits and not keep the sd-wan running 24 7 in order to shut everything down properly i'm going to close this out right here i'm going to select all of the devices right click and stop selected give it a few moments to all of the devices switch from this little icon to dark color i'm going to go ahead and close out this tab i'm going to bring up a ssh connection either through a putty secure crt or the connection right here give it a few moments to load up in the terminal right here or console i'm going to type in go to root privilege mode i'm going to type in shutdown click shut down now to shut down the lab i'm going to go ahead and hit close and i'll wait about 10 seconds or so then click on right here to select the vm and then click on stop so this will stop the vm instance and they shouldn't incur any more charges to your google cloud platform account and just in case you're wondering how much credits you have left you can go to the navigation menu right here go under billing and you can see right here in the right corner how much credits you have left remaining from your 300 credits that is the end of this video i hope you very much enjoyed it i felt i hope you found some uh useful information out of it looking forward to hearing your feedback and any comments questions and concerns in the comment section below feel free to connect with me and thank you very much for watching this video series
Info
Channel: Michael Hilton
Views: 4,169
Rating: undefined out of 5
Keywords: Cisco, SDWAN, CCNA, CCNP, CCIE, GCP, EVE-NG, Labeveryday, CiscoCert
Id: lJRCSLicw7Y
Channel Id: undefined
Length: 41min 35sec (2495 seconds)
Published: Sat Aug 01 2020
Related Videos
The CCIE is Dead? - Really? - That's what I'm told. | Let's talk about it.
Jeremiah Wolfe
1.6K
How to Configure IPsec VPN Remote Access on FortiGate Firewall FortiOS 7
D' IgoroTech
6.1K
Net Talk #3 - IP SLA
Kevin Wallace Training, LLC
9.2K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
How to deploy Palo Alto firewall on AWS cloud using VPC and EC2
ElastiCourse
14K
CCNP SD-WAN 300-415:ENSDWI - Implementing Cisco SDWAN Solutions - Full Course
Giga Networkers CCIE with Me
4.1K
Cisco SDWAN Training- Home Lab setup Part-1
NETWORKERSHOME
18K
#4: FortiGate: Basic Config of the firewall | VLAN, WAN, DHCP, IPv4 Policies | My Home Network
KBTrainings
37K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
How does WAN Optimization work?
Alaska Communications
54K
FortiGate WIFI | Wireless Configuration |Step By Step
Network 360
1.6K
How Devices Connect to the Fabric: Understanding Cisco ACI Domains
Tech Field Day
366K
Part 1 Installation Activation of Veloc Cloud SDWAN on EVE NG
NICHE TECHNOLOGY
1.7K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.