Cisco SD WAN Service VPN // Creating VPN1 using Feature Templates // OMP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello welcome back to this video in which i'm gonna finally get ip connectivity between my two v edge devices um my name is roger perkin and i have been building this cisco sd-wan lab in even g over the last two weeks um if you're following along on the playlist then you know where we're at we've got all the devices configured everything's up and running but i've got not got any ip connectivity between the v edge devices and if you're new here then welcome um you can see what's happening um i've got these v edges that all connected up i just don't have ip connectivity between the two so we'll just check the dashboard and i'll show you i've got three one edge devices online um everything's working if you want to see how we've got to this point um there's a link to the entire playlist in the description so you can follow along from the very beginning literally installing each device and i build this completely from the ground up but today we're going to get ip connectivity and we're going to be able to ping from this router over to this router so to do that we need to create two more feature templates in vmanage and i need to create a template for vpn one so which is our service vpn which is the inside network here and i also create need to create another template for the ge01 interfaces so let's do that so to create a new template we go configuration and templates and feature templates so i'm going to add a template the devices i'm using are the vh cloud devices yours may differ um if you're using this in production then probably one of the isr routers or literally a vh1000 2000 device but for me it's this vh cloud and i need to click on vpn what i'm going to do is call this vpnvpn1 now this is referred to as a service vpn so let's just go back up to the top and i need to give this a name so i'm going to call it branch the edge bpn1 and this is going to be my vpn 1 template and the vpn number here is going to be one the name will be called inside i'm not going to do ecmp keying at the moment this is more for load balancing when we're using ospf which we'll look at in a later video i don't want dns and this is what i do want so cisco sd1 uses the omp protocol which is the overlay management protocol and this is how it advertises the routes between all the vh devices so for this lab we're going to tick static and connected and we can use this is where you sort of enable bgp and ospf but we'll go through that in a later video and also any ipv4 routes that you want to add in so i will add a route in so in this example uh in my topology i've got this prefix 172 16 1 0 24 which is going to live on this switch so obviously this v edge won't know about that so we need to tell v edge 1 if you want to get to 1 7 2 16 1 or in fact tell the whole network here um this is the way to go and this is the gateway to get to it so ten one one two so we're just gonna add that one in so the prefix will be vpn zero ipv4 prefix it's not actually zero it's one vpn one now these keys here this device specific key can be anything you want um you just need to create something that means something to you so when you build the template and you add the values in you know what it's about and then we add the next hop in so the same again this is a device specific next hop so this is going to be and these windows are a bit fiddly to click in just like that here we go so vpn one ip next op i'm going to call this one ipv4 next hop ip add that and you must click this ad here uh this box here i'll point out mark is optional um if you didn't want to push a configuration to a certain device um it would say that this field is optional it doesn't have to be filled out so at this minute in time if i don't click that then the template will want me to populate the fields for every device if we only wanted to push it to a few and we could ignore a couple devices and it wouldn't complain so now i've got this branch edge ve vpn 1 template not attached to any devices i'm going to add now the interface template so the interface template same again vh cloud and then vpn interface ethernet and same procedure we'll give this a a description so the template name is branch ve vpn1 and this is ge01 this is going to be vpn 1 ge0 1 template now the global value here i want to make this shutdown no the interface name now this interface name is the interface name that has to match exactly now i know that it's g e 0 1 with a lowercase g i've tried it before with the uppercase g and it failed because it said that interface does not exist so you have to make this exactly what the interface name is and then the description we're going to call it inside like that now the static ip address is going to be device specific so this is vpn one ipv4 ip address and we don't want to add any of this no tunnel no nat no vrrp and nothing else for the moment and that's it so now i've created two templates one for the vpn one and the other one for the interface within vpn one now we need to attach those templates so this one is here and you can see it's not attached to anything this one here not attached to anything so we go back to our device template this is the base template for the v8 router i click the three dots and edit and then i scroll past the transport and management vpn and we go down to service vpn and then i can click on service vpn and now you can see my branch v edge vpn one template i'll select that one i need to go over to here and add a vpn interface here is my g01 interface i can add that update the template now it's going to prompt me to input the values for those interfaces and next hops because at the moment these fields here are empty so i have to i'll show you if you actually click next now to move it will just say required fields are missing and these are the required fields and that box that i showed you earlier the mark is optional if you'd have marked all these fields as optional or one of the fields is optional you could have then passed on and carried going but at the moment all these fields are mandatory i have to fill them out before it will take the template so this is now vh01 and the prefix so the subnet inside is 172.16.1.0 that's the network inside my network and the next hop to get to that one is going to be 10.1.1.2 and then the ipv4 address for the interface is going to be 10.1.1.1 slash 24. so that is for this v-edge device here i've said if you want to go from here to get to 17216 you need to hit this interface and ten one one one is the interface address on that interface there so v edge two we'll do the same again the 172.16.1.0 24. the next top for that one is 10.1.1.6 and the interface ip address was 10.1.1.5 24. and finally v803 which is this one over here and that one is going to be 10 2 1 1. now i don't have another network configured here at the moment but what i'll do is i'll add one here to prepare for it so i'll do one seven two sixteen two dot zero slash twenty four and the next top being uh ten two one two five four and the ip address on that interface is going to be 10 2 1 1 24. so that's all the values filled in we can click next now this says three devices are going to get new configurations we click on one of the devices and you can actually preview the config that's going out so if you click on config diff here and then side by side diff this is my v801 device and we scroll down you can see this is the config that's going to be added so green is added red's taken away and it's going to create vpn1 it's going to call it name inside it's going to create an interface it's going to give that interface an ip address and it's going to add a routine and then under omp it's going to advertise the connected and the statics so if i just show you from v edge three's perspective if we just log into here i'll show you the routes currently it's got only connected routes so vh3 has no knowledge about any of the network so we go back to vmanage and they're going to click configure confirm that i'm configuring three devices that's fine i could have checked the other two routers to validate their uh configurations but i'm pretty sure it's all going to be fine now you see this will go and validate the change and then this will go into in status in progress here this is now working out the changes pushing the changes and we'll bring up the the edge 3 device alongside now the change normally happens pretty quickly and this normally takes a few more seconds to catch up if i show run on v803 you can see that i now have vpn one so this is the exact change that was going to be pushed vpn one name inside description ip address and a root and then advertise connected static now we can see we've got a success here so all the three templates have been pushed now the proof in the pudding if i click sharpie root now let's open this up i've actually got a um omp route in place here so we've got the actual omp route let's go through here what's happening um so i i've got ten one one zero is available and it's available via both of those devices 10 0 120 also via 1021 and it's also telling me that 172 1610 is also available by both these devices now this t-lock ip so this is the ip address that sd1 uses for the sort of entry point into each device it doesn't use the sort of physical interface it uses this t-lock which is the system ip now if i try and ping now from here 10 1 1 2 it's going to fail because it's default by default it will ping into um vpn 0. so i now need to ping specify the vpn 10 1 1 2 and i get a reply so that's working so what i've done is i'm on this device here vh3 and i can ping over the sd1 and i can then ping this address here ten one one two now we could validate that we can get to this so i just need to make sure on vlan 20 that i have that in place let's just have a look show ip interface brief on this switch so if i go interface vlan 20 ip address 172.16.1 dot and also i need to configure a default route on this switch ip root zero zero zero zero in.1.1.1 so we've now i've now configured 172 16 1.254 interface vlan 20 no shot and let's just put a port in there gr0-1 switch for access vlan 20 that should bring up that not yet i'll come up in a minute no okay we'll come back to that but the main thing is that from vh3 i'm getting the roots so i'm actually getting a route advertised so this was the static prefix that i put into omp and i said this is the prefix the gateway is inside but within sd1 it's telling me this is how to get there okay let's just see if that um oh that's better that took a little while to come up but um i've now got 172 16 1.254 available on this switch so here i've now got 172 16 1.254 which i should be able to ping from v edge three so back to vh3 ping remember vpn1 172.16.1.254 and there we go so i've now got full ip reachability um across my sd1 and we go the other way i'll just show on the edge one and the roots work so show ip root and it's the same the other way we've got uh 10 2 1 0 and 172 16 2.0 it's a omp route and it's accessible via this t-lock ip so i hope that that um has shown you how to get ipconnectivity on your cisco sd1 um we've configured the vpn 0 template and also the interface on the inside so that concludes the basic setup of my lab we've got ipconnectivity and in the next video we're going to start looking at ospf and bgp and redundancy and ha using two v edge devices so thanks for watching if you've enjoyed this please hit that subscribe button and give it a thumbs up and i will see you in the next video thank you

Info

Channel: Roger Perkin

Views: 867

Rating: undefined out of 5

Keywords: roger perkin, cisco sd wan tutorial, cisco sd wan lab, cisco sd wan service vpn, omp, advertising static routes in omp, advertising connected routes in omp, viptela sd-wan, viptela eve, cisco sd wan viptela deployment basic lab, how to configure cisco sd wan, how cisco sd wan works, cisco sd-wan in eve-ng, sd-wan, sd-wan cisco, sd-wan explained, sd-wan cisco viptela

Id: EbwhcLSUTeY

Channel Id: undefined

Length: 18min 38sec (1118 seconds)

Published: Tue Oct 20 2020