Cisco SDWAN - Add a Catalyst 8000v to your vManaged SEN Fabric

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
catalyst 8000 vs the new virtual router from cisco that is sd-wan compliant if you're curious about how to set these devices up stick around i'm going to show you how all right to pick up where we left off what we have in our environment is our catalyst 8000 v router now what i'm going to do is i'm going to ssh over to that router and i want to make certain that everything is ready for it to be onboarded into the sd-wan fabric so to do that i'm actually going to say ssh to admin at 100.100.101.212. log in using the credentials of admin password admin and we can see i'm sitting on the box now if we take a look at this and i say show ip interface brief exclude assigned addresses what we're going to see here is is that it received its ip address via dhcp i want to check some reachability information can i ping out of the infrastructure i can can i ping say for instance www.google.com i can and when i take a look at the reachability can i reach my v manage so i'm going to ping v manage one in the cluster can i ping v manage two and v manage three i can obviously i wanna know if i can reach the v bond and i need to be able to at least reach one v smart and we can see that we have all the reachability that we need in the infrastructure now what i want to do is i want to execute a show run interface gigabit ethernet 1 and i want to take a look at gigabit ethernet 2. now these are the two main interfaces that we're going to be configuring but what i want to do is i want to use the template that we built in the previous section to actually do this implementation so very quickly let's take a look at what we have in the overall topology right now we're sitting here on this device right here i have the docker container that's connected to it and what i want to do is i just want to verify a few things so first and foremost i'm going to open the docker container and what i'm going to do is i'm going to try to do a browse so i'm going to open up firefox while i'm waiting for that i'm going to go ahead and open up a terminal and from this perspective i want to know can i ping 8.8.8 and we can see that i cannot and can i ping www.google.com let's see if we have dns resolution and we can see that we cannot and if i take a look at the browser window what we see here is i cannot go to something like www.interone.com so what we want to do now is we want to go through the process of onboarding this cat 8000 v now in order to be able to do that there's going to be some things that i'm going to want to do i want to leverage that template that we built so what i'm going to do is i'm going to go in and i'm going to take a look at that cat 8000 v dash r1 template that we implemented and what i want to do is i'm going to attach a device to it now you'll see that the only thing that i can attach based on the type of device template that i've built is going to be one of our cat resources what i'm going to do is i'm going to click on the very first one in the list it will end in 0 6 3 bravo i'm going to go ahead and move this over and i'm just going to go through the motions of doing the attachment now that means i need to provide pieces of information that may be missing so what i'm going to do is i'm going to assign it a system i p address using the one seven two two five five five sequence and this is going to be 179. the next thing that i'm going to do is i'm going to assign it a site id we'll just go ahead and use site id 1003 and what i want to do is i want to give it a name and that name is going to be a c a t 8 k dash r 1. now that's a different name than the device currently has right now so just to drive that point home it is currently called a c8kv-1 so what i'm going to do now is i want to hit update i'm going to go ahead and hit next and i'll just go ahead and configure devices and what we should find is this should go through the motions of trying to actually attach the catalyst 8000 v but it won't be able to succeed because that cat has not been added to our infrastructure yet we can see here it's going to say to check the sync state come back and click and it's going to say configuration template catalyst 8000 vr1 is scheduled to be attached when the device comes online that's going to be what we want to do right now we want to bring the device online and we're going to use the advanced features of the newer operating system by moving it over to managed or controller mode now the way we're going to do that is we want to get configuration on that device but i don't want to necessarily go through the motion of logging into the unit hitting the configuration and entering things in so one thing i want to point out here first of all is if i do a show version pipe include mode we're going to see that this device is an autonomous mode now what that means is it really doesn't know anything about orchestration and management with regard to sd-wan we want it to be part of our sd-wan infrastructure and in order to do that we need to change it from autonomous mode to controller mode now we're going to do that but we're not going to do it just yet the reason that i'm getting at this is that what i want to point out here is is that we need to take some additional steps the first step that i'm going to take is i'm going to go to devices and what we're going to find is one of my cat 8000 vs will actually have a keyword beside it that says it is v managed now obviously we can look over here and we don't see that little green ribbon we don't see the csr designation so that tells me that this has not been added to our infrastructure now what i want to do is i want to remedy that so to do that i'm going to take the path of least resistance i'm going to go over and what i'm going to do is i'm going to tell the system that i want to generate a bootstrap configuration now to keep things simple i'm going to say do not include the default root certificate i'm going to go ahead and hit ok and what this is going to do is it's going to generate a bootstrap file now this bootstrap file i'm actually going to save this locally on my device and it's going to keep the name now you'll notice that this is a cfg file and it actually corresponds to the uuid of the device in question and remember this happens because we don't have physical resources we don't have cryptographic asics in other words we don't have tpms so what i'm going to do is i'm going to go ahead and save this i'm going to close and what i want to do is i want to open up a second terminal session now the first terminal session i have is going to my cat 8000 v next what i'm going to do is i'm going to come over here and i'm going to say file and what i want to do is i want to open another tab now i want that tab to be large so i'm just going to amplify it just a little bit and what i'm going to do is i'm going to come in here and take a look at the directory and there is that file that i just copied over now if i say cat 8 cat 8k v and do a tab complete what you're going to see here is this is going to be the running configuration that i want to be assigned to my device so this is the results of the template that we spent the time earlier creating now what i want to do right now is i'm going to move this information over to my 8000 v so what i want to do is i want to get a copy of this and i'm going to go back to my other terminal and that's going to be the connection to the akv itself now what i'm going to do is i'm going to transfer that file from the jump box to the 8 kv just like what we did with the csr 1000 vs that's going to mean i'm going to type copy scp boot flash and what i want to do next is i'm actually going to enter the ip address of the jump box which is going to be 100.100.100.254. my username is going to be user and i want to look in the directory of home user downloads remember it needs a capital d and i'm going to paste in the name of that file i'm going to hit enter now remember what i what i mentioned previously the cat devices the i the csr devices they need this dot config file if we were bringing up an isr what we'd do is we'd actually put this file on on a thumb drive and we'd insert that thumb drive and then when the system comes up the system would actually boot itself but it can't have this name remember what it's got to be called cisco sd-wan underscore cloud underscore init dot cfg that's what the device in pnp mode is going to be looking for with regard to trying to find its configuration now again we're not using pnp and since this is a catalyst device what's going to end up happening is it's going to be a cisco device it's not going to be geared for ztp like the v edges this is just going to be another way of onboarding a device i want you guys to see as many possible combinations and permutations as possible so the next thing i'm going to do is i'm going to log in using the credentials for my jump box and what should happen is it should actually download this file now the other thing i'm going to go ahead and download just because i want to make certain it's going to be here is going to be my manual certificate the one that we created in the lab remember that sdwan.pim file so here i want to say copy scp boot flash and again it's going to be the jump box same user but this time it's going to be home user downloads and it's going to be sdwan all caps dot pem lower case and we're going to place that file in my boot flash let's just do a directory there is the sd-wan pim there is the cisco sd-wan underscore cloud underscore init.config file now all i need to do at this point is change its mode remember when i did a show version pipe include mode its mode was autonomous well autonomous means it's cli managed i want it to be v managed in order to be able to do that what i'm going to do is i'm going to say controller mode enable and i'm going to hit enter i'm going to go ahead and confirm this and what's going to end up happening is this box is actually going to reload now since this is an ssh session i'm going to lose connectivity to it so what i'm going to do is i'm actually going to open up the console session and what we're going to see is this box is actually going to reload we should see this the splash page here any moment where it's going to come up in the packages.conf mode and this box is going to reboot itself once this is done we should be able to see the results on our screen with regard to what happens now this is going to take a little while so what i'm going to do is i'm going to walk us through this from the perspective of what's going to be transpiring as this device reloads during the reboot process this device is actually going to change from the autonomous mode to the controller enable mode since it's a in controller enable mode it's actually going to activate the pnp boot process the pnp boot process will actually read and look for that file the file that we downloaded now if that file's not there obviously it's going to require manual configuration or we could set the device up to actually communicate directly to the pnp server but since we're in an on-prem deployment i'm just taking this as my deployment method also while this is coming up i want to point out the fact that this is the device that we are bringing on board this is the chassis number and this little symbol with the cloud and the gear just indicates the fact that i created a bootstrap configuration now as this device comes up and begins to communicate first as we described it will communicate with the v bond if it is white listed which is what this process is all about it should receive all of the information it needs to join our sen fabric communicate to the the manage and bring itself online as a result of that that means that our certificate is going to require signature now what we'll see is this is ultimately going to transition from this little symbol to a little green circle with the letter csr in it or certificate signature signature request and then ultimately what's going to end up happening is if everything goes well we're going to extract the contents of that file that we moved the boot flash cloud underscore init config file the system should go through pnp process notice that it's pulling its information we can see now that it is bringing up the tunnels as a result of self-signature we should see that this actually transitions and then here very shortly what we should see is we should see a csr icon appear here let's wait for it now we'll see that it's going to transition to csr that's the certificate signature request as it transitions and as it comes online this csr indication in the graphical user environment is actually going to change to a little green ribbon and the little green ribbon means it has been successfully onboarded into our fabric once that has transpired i'll go ahead and do some command line verification commands just to illustrate the fact that this device has indeed come on board we now see that we have the green ribbon while i'm waiting for the system to stabilize a little bit what i'm going to do is i want to go to the main dashboard and from the perspective of the main dashboard i want to see how this device is being represented right now we can see that it is in the process of coming up ultimately the system is going to synchronize and we're going to see that all of our devices and resources are up and if i take a look at those resources what we should see here is i now have the cat 8k r1 8000v virtual router up and operational in my scn fabric but that's not good enough for me i want to actually see it from the command line so we're going to log in if everything went well it'll be admin admin if i take a look at this and i say config space t remember that's not going to work anymore why because we're in controller mode so the command remember is going to be config dash transaction everything will work here so that shows me that it's actually moved over and also if i do a show version pipe include mode we can see now that the device has transitioned from autonomous mode to controller mode meaning it's going to obviously be the managed now the next part of this is going to be really interesting for me because i'm going to come in and say show sd-wan control connections plural and i want to see if we have the connections that we've discussed thus far i noticed that i have my v-bond connection and i have connections to one two v smarts so as a result of that if i do a show sd-wan omp piers we should see peerings with two v smarts out of the three that we have we notice based on what we see here that this is going to be v smart one and this is v smart three we see that we are learning prefixes information is being placed in our configuration tables and if i come over and say show sd-wan b f d sessions let's see if we have any active ip ipsec sessions and we do and as a result of everything that we've done now do a show run interface gigabit one and what we're going to see here is is that nat has been enabled on this interface which was configured remember using our feature templates we've assigned an ip address to this interface what we're going to see is gigabit ethernet 2 has been placed inside of the service side vrf or vpn vpn one it's been assigned an ip address and another thing that's also important if i come in and say show iprout for the global we see our static default route which is getting us to our gateway but if what if i say show iprout for vrf1 notice we see that nat dia route that we've been talking about this is that route that allows me to be able to leak information from the service side vrf1 into the vpn 0 such that i can actually get information out of one vrf into another and what this is going to do is this is going to change the rules with regard to what's happening on our host so now if i were to hit refresh and see if i can get to enter one.com we should actually be able to achieve reachability next what i'm going to do is while that's happening i'm going to go ahead and come in here and ping google we see that google is working if i take a look obviously at something like 8.8.8.8 everything is functional in this environment and what we've seen is how we can creatively systematically and efficiently use templates in order to be able to expedite configuration maintenance and functionality for endpoints in a very scalable fashion you
Info
Channel: Terry Vinson CCIEx2
Views: 1,286
Rating: undefined out of 5
Keywords: ccie enterprise 2021, ccie enterprise infrastructure sdwan, ccie35347, ccnp enterprise 2021, cedge, cisco 300-415, cisco sd wan, cisco sdwan, cisco sdwan 2021, cisco sdwan controller onboarding, cisco sdwan controllers, cisco sdwan vmanage, cisco vbond, cisco vbond orchestrator, cisco vsmart, cisco vsmart controller, dtls tunnels, ensdwi, eveng, implementing cisco sd-wan solutions, sd wan, sdwan, sdwan redundancy, terry vinson, vbond, vedge, viptela, vmanage, vsmart, cisco systems
Id: SNcNcWdpxq0
Channel Id: undefined
Length: 28min 52sec (1732 seconds)
Published: Sun Feb 07 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.